def verify_hmac_sha1(request, client_secret=None, resource_owner_secret=None): """Verify a HMAC-SHA1 signature. Per `section 3.4`_ of the spec. .. _`section 3.4`: http://tools.ietf.org/html/rfc5849#section-3.4 To satisfy `RFC2616 section 5.2`_ item 1, the request argument's uri attribute MUST be an absolute URI whose netloc part identifies the origin server or gateway on which the resource resides. Any Host item of the request argument's headers dict attribute will be ignored. .. _`RFC2616 section 5.2`: http://tools.ietf.org/html/rfc2616#section-5.2 """ norm_params = normalize_parameters(request.params) uri = normalize_base_string_uri(request.uri) base_string = construct_base_string(request.http_method, uri, norm_params) signature = sign_hmac_sha1(base_string, client_secret, resource_owner_secret) match = safe_string_equals(signature, request.signature) if not match: log.debug('Verify HMAC-SHA1 failed: sig base string: %s', base_string) return match
def validate_verifier(self, client_key, request_token, verifier, request): # This method must take the same amount of time/db lookups for # success and failure to prevent timing attacks. try: t = Token.objects.get(key=request_token, token_type=REQUEST_TOKEN) candidate = t.verifier except Token.DoesNotExist: candidate = '' return safe_string_equals(candidate, verifier)
def verify_plaintext(request, client_secret=None, resource_owner_secret=None): """Verify a PLAINTEXT signature. Per `section 3.4`_ of the spec. .. _`section 3.4`: http://tools.ietf.org/html/rfc5849#section-3.4 """ signature = sign_plaintext(client_secret, resource_owner_secret) return safe_string_equals(signature, request.signature)
def verify_hmac_sha1(request, client_secret=None, resource_owner_secret=None): """Verify a HMAC-SHA1 signature. Per `section 3.4`_ of the spec. .. _`section 3.4`: http://tools.ietf.org/html/rfc5849#section-3.4 """ norm_params = normalize_parameters(request.params) uri = normalize_base_string_uri(request.uri) base_string = construct_base_string(request.http_method, uri, norm_params) signature = sign_hmac_sha1(base_string, client_secret, resource_owner_secret) return safe_string_equals(signature, request.signature)
def verify_plaintext(request, client_secret=None, resource_owner_secret=None): """Verify a PLAINTEXT signature. Per `section 3.4`_ of the spec. .. _`section 3.4`: https://tools.ietf.org/html/rfc5849#section-3.4 """ signature = sign_plaintext(client_secret, resource_owner_secret) match = safe_string_equals(signature, request.signature) if not match: log.debug('Verify PLAINTEXT failed') return match
def validate_verifier(self, client_key, request_token, verifier, request): return ((client_key, request_token) in self.verifiers and safe_string_equals( verifier, self.verifiers.get((client_key, request_token))))
def validate_verifier(self, client_key, request_token, verifier, request): return ((client_key, request_token) in self.verifiers and safe_string_equals(verifier, self.verifiers.get( (client_key, request_token))))