From ace55618daa8b4cd7eeb3f6d800d0aca69b13531 Mon Sep 17 00:00:00 2001 From: Serghei Mihai Date: Fri, 29 Jan 2016 16:08:35 +0100 Subject: [PATCH] fix organization creation and deletion api secret reading (#9801) --- ckanext/ozwillo_organization_api/plugin.py | 50 ++++++++++++++++-------------- 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/ckanext/ozwillo_organization_api/plugin.py b/ckanext/ozwillo_organization_api/plugin.py index 4c7d48d..0ba41a8 100644 --- a/ckanext/ozwillo_organization_api/plugin.py +++ b/ckanext/ozwillo_organization_api/plugin.py @@ -22,33 +22,35 @@ plugin_config_prefix = 'ckanext.ozwillo_organization_api.' log = logging.getLogger(__name__) -def valid_signature_required(func): +def valid_signature_required(secret_prefix): signature_header_name = config.get(plugin_config_prefix + 'signature_header_name', 'X-Hub-Signature') - instantiated_secret = config.get(plugin_config_prefix + 'instantiation_secret', - 'secret') - - def wrapper(context, data): - if signature_header_name in request.headers: - if request.headers[signature_header_name].startswith('sha1='): - algo, received_hmac = request.headers[signature_header_name].rsplit('=') - computed_hmac = hmac.new(instantiated_secret, request.body, sha1).hexdigest() - # the received hmac is uppercase according to - # http://doc.ozwillo.com/#ref-3-2-1 - if received_hmac != computed_hmac.upper(): - log.info('Invalid HMAC') - raise logic.NotAuthorized(_('Invalid HMAC')) + api_secret = config.get(plugin_config_prefix + secret_prefix +'_secret', 'secret') + + def decorator(func): + def wrapper(context, data): + if signature_header_name in request.headers: + if request.headers[signature_header_name].startswith('sha1='): + algo, received_hmac = request.headers[signature_header_name].rsplit('=') + computed_hmac = hmac.new(api_secret, request.body, sha1).hexdigest() + # the received hmac is uppercase according to + # http://doc.ozwillo.com/#ref-3-2-1 + if received_hmac != computed_hmac.upper(): + log.info('Invalid HMAC') + raise logic.NotAuthorized(_('Invalid HMAC')) + else: + log.info('Invalid HMAC algo') + raise logic.ValidationError(_('Invalid HMAC algo')) else: - log.info('Invalid HMAC algo') - raise logic.ValidationError(_('Invalid HMAC algo')) - else: - log.info('No HMAC in the header') - raise logic.NotAuthorized(_("No HMAC in the header")) - return func(context, data) - return wrapper - -@valid_signature_required + log.info('No HMAC in the header') + raise logic.NotAuthorized(_("No HMAC in the header")) + return func(context, data) + return wrapper + return decorator + + +@valid_signature_required(secret_prefix='instantiation') def create_organization(context, data_dict): context['ignore_auth'] = True model = context['model'] @@ -149,7 +151,7 @@ def create_organization(context, data_dict): log.debug('Validation error "%s" occured while creating organization' % e) raise -@valid_signature_required +@valid_signature_required(secret_prefix='destruction') def delete_organization(context, data_dict): data_dict['id'] = data_dict.pop('instance_id') context['ignore_auth'] = True -- 2.7.0