def get_payload_signature(key, payload):
"""Compute the payload signature given a key.
key needs to be a bytes object.
"""
key = to_bytes(key)
payload = to_bytes(payload)
mac = hmac.new(key, msg=payload, digestmod=hashlib.sha1)
return mac.hexdigest()
def signature_check(key, post_signature, payload):
"""Check the HTTP POST legitimacy."""
if post_signature.startswith('sha1='):
sha_name, signature = post_signature.split('=')
else:
return False
if not signature:
return False
# HMAC requires its key to be bytes, but data is strings.
hexmac = get_payload_signature(key, payload)
return hmac.compare_digest(to_bytes(hexmac), to_bytes(signature))
def __init__(self, access_token):
"""Initialize the user db parameters."""
self.access_token = access_token
# We use the user_id in the session cookie to identify auth'd users.
# Here we salt and hash the GitHub access token so you can't get
# back to the auth token if the session cookie was ever compromised.
self.user_id = sha512(
to_bytes(access_token + uuid4().hex)).hexdigest()[0:128]
import json
import os
import unittest
from unittest.mock import ANY
from unittest.mock import patch
import flask
import webcompat
from webcompat.db import Site
from webcompat.helpers import to_bytes
from webcompat.webhooks import helpers
# The key is being used for testing and computing the signature.
# The key needs to be a bytes object
key = to_bytes(webcompat.app.config['HOOK_SECRET_KEY'])
# Some machinery for opening our test files
def event_data(filename):
"""Return a tuple with the content and its signature."""
current_root = os.path.realpath(os.curdir)
events_path = 'tests/fixtures/webhooks'
path = os.path.join(current_root, events_path, filename)
with open(path, 'r') as f:
json_event = json.dumps(json.load(f))
signature = 'sha1={sig}'.format(
sig=helpers.get_payload_signature(key, json_event))
return json_event, signature
