0001-fix-organization-creation-and-deletion-api-secret-re.patch

Serghei Mihai, 29 janvier 2016 16:12

Voir les différences: en ligne côte à côte

Subject: [PATCH] fix organization creation and deletion api secret reading
 (#9801)

 ckanext/ozwillo_organization_api/plugin.py | 50 ++++++++++++++++--------------
 1 file changed, 26 insertions(+), 24 deletions(-)

     log = logging.getLogger(__name__)
     def valid_signature_required(func):
     def valid_signature_required(secret_prefix):
         signature_header_name = config.get(plugin_config_prefix + 'signature_header_name',
                                            'X-Hub-Signature')
         instantiated_secret = config.get(plugin_config_prefix + 'instantiation_secret',
                                          'secret')
         def wrapper(context, data):
             if signature_header_name in request.headers:
                 if request.headers[signature_header_name].startswith('sha1='):
                     algo, received_hmac = request.headers[signature_header_name].rsplit('=')
                     computed_hmac = hmac.new(instantiated_secret, request.body, sha1).hexdigest()
                     # the received hmac is uppercase according to
                     # http://doc.ozwillo.com/#ref-3-2-1
                     if received_hmac != computed_hmac.upper():
                         log.info('Invalid HMAC')
                         raise logic.NotAuthorized(_('Invalid HMAC'))
         api_secret = config.get(plugin_config_prefix + secret_prefix +'_secret', 'secret')
         def decorator(func):
             def wrapper(context, data):
                 if signature_header_name in request.headers:
                     if request.headers[signature_header_name].startswith('sha1='):
                         algo, received_hmac = request.headers[signature_header_name].rsplit('=')
                         computed_hmac = hmac.new(api_secret, request.body, sha1).hexdigest()
                         # the received hmac is uppercase according to
                         # http://doc.ozwillo.com/#ref-3-2-1
                         if received_hmac != computed_hmac.upper():
                             log.info('Invalid HMAC')
                             raise logic.NotAuthorized(_('Invalid HMAC'))
                     else:
                         log.info('Invalid HMAC algo')
                         raise logic.ValidationError(_('Invalid HMAC algo'))
                 else:
                     log.info('Invalid HMAC algo')
                     raise logic.ValidationError(_('Invalid HMAC algo'))
             else:
                 log.info('No HMAC in the header')
                 raise logic.NotAuthorized(_("No HMAC in the header"))
             return func(context, data)
         return wrapper
     @valid_signature_required
                     log.info('No HMAC in the header')
                     raise logic.NotAuthorized(_("No HMAC in the header"))
                 return func(context, data)
             return wrapper
         return decorator
     @valid_signature_required(secret_prefix='instantiation')
     def create_organization(context, data_dict):
         context['ignore_auth'] = True
         model = context['model']
-...
             log.debug('Validation error "%s" occured while creating organization' % e)
             raise
     @valid_signature_required
     @valid_signature_required(secret_prefix='destruction')
     def delete_organization(context, data_dict):
         data_dict['id'] = data_dict.pop('instance_id')
         context['ignore_auth'] = True
+    -

Projet

Général

Profil

Ozwillo

0001-fix-organization-creation-and-deletion-api-secret-re.patch