def value_decode(self, val):
val = val.strip('"')
sig = HMAC.new(self.secret, val[40:].encode('UTF-8'), SHA1).hexdigest()
# Avoid timing attacks
invalid_bits = 0
input_sig = val[:40]
if len(sig) != len(input_sig):
return None, val
for a, b in zip(sig, input_sig):
invalid_bits += a != b
if invalid_bits:
return None, val
else:
return val[40:], val
def value_encode(self, val):
sig = HMAC.new(self.secret, val.encode('UTF-8'), SHA1).hexdigest()
return str(val), ("%s%s" % (sig, val))
