def get_payload_signature(key, payload): """Compute the payload signature given a key. key needs to be a bytes object. """ key = to_bytes(key) payload = to_bytes(payload) mac = hmac.new(key, msg=payload, digestmod=hashlib.sha1) return mac.hexdigest()
def signature_check(key, post_signature, payload): """Check the HTTP POST legitimacy.""" if post_signature.startswith('sha1='): sha_name, signature = post_signature.split('=') else: return False if not signature: return False # HMAC requires its key to be bytes, but data is strings. hexmac = get_payload_signature(key, payload) return hmac.compare_digest(to_bytes(hexmac), to_bytes(signature))
def __init__(self, access_token): """Initialize the user db parameters.""" self.access_token = access_token # We use the user_id in the session cookie to identify auth'd users. # Here we salt and hash the GitHub access token so you can't get # back to the auth token if the session cookie was ever compromised. self.user_id = sha512( to_bytes(access_token + uuid4().hex)).hexdigest()[0:128]
import json import os import unittest from unittest.mock import ANY from unittest.mock import patch import flask import webcompat from webcompat.db import Site from webcompat.helpers import to_bytes from webcompat.webhooks import helpers # The key is being used for testing and computing the signature. # The key needs to be a bytes object key = to_bytes(webcompat.app.config['HOOK_SECRET_KEY']) # Some machinery for opening our test files def event_data(filename): """Return a tuple with the content and its signature.""" current_root = os.path.realpath(os.curdir) events_path = 'tests/fixtures/webhooks' path = os.path.join(current_root, events_path, filename) with open(path, 'r') as f: json_event = json.dumps(json.load(f)) signature = 'sha1={sig}'.format( sig=helpers.get_payload_signature(key, json_event)) return json_event, signature