mirrors/bookwyrm
1
0
Fork 1
mirror of https://github.com/bookwyrm-social/bookwyrm.git synced 2024-11-25 11:01:12 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #193 from cthulahoops/wrong_digest_algorithm

Browse source 
Use the correct digest algorithm. (Fixes: #191)
This commit is contained in:
Mouse Reeve 2020-08-19 05:55:53 -07:00 committed by GitHub
commit 8fc67d7b3c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
fedireads/signatures.py
View file

@ -39,7 +39,7 @@ def make_signature(sender, destination, date, digest):
return ','.join('%s="%s"' % (k, v) for (k, v) in signature.items()) return ','.join('%s="%s"' % (k, v) for (k, v) in signature.items())
def make_digest(data): def make_digest(data):
return 'SHA-256=' + b64encode(hashlib.sha512(data).digest()).decode('utf-8') return 'SHA-256=' + b64encode(hashlib.sha256(data).digest()).decode('utf-8')
def verify_digest(request): def verify_digest(request):
algorithm, digest = request.headers['digest'].split('=', 1) algorithm, digest = request.headers['digest'].split('=', 1)
@ -52,7 +52,7 @@ def verify_digest(request):
expected = hash_function(request.body).digest() expected = hash_function(request.body).digest()
if b64decode(digest) != expected: if b64decode(digest) != expected:
return ValueError("Invalid HTTP Digest header") raise ValueError("Invalid HTTP Digest header")
class Signature: class Signature:
def __init__(self, key_id, headers, signature): def __init__(self, key_id, headers, signature):