From bc16f4e5c19636572fcb5a38a8a36e93da96e408 Mon Sep 17 00:00:00 2001
From: Mike McLean <mikem@redhat.com>
Date: Jun 19 2019 15:08:28 +0000
Subject: PR#1489: pass bytes to sha1 constructor


Merges #1489
https://pagure.io/koji/pull-request/1489

Fixes: #1486
https://pagure.io/koji/issue/1486
Fix kojiweb's _getUserCookie/_setUserCookie to pass bytes to hash constructors

---

diff --git a/www/kojiweb/index.py b/www/kojiweb/index.py
index 7cf6658..4978535 100644
--- a/www/kojiweb/index.py
+++ b/www/kojiweb/index.py
@@ -55,8 +55,8 @@ def _setUserCookie(environ, user):
     value = user + ':' + str(int(time.time()))
     if not options['Secret'].value:
         raise koji.AuthError('Unable to authenticate, server secret not configured')
-    shasum = sha1_constructor(value)
-    shasum.update(options['Secret'].value)
+    shasum = sha1_constructor(value.encode('utf-8'))
+    shasum.update(options['Secret'].value.encode('utf-8'))
     value = "%s:%s" % (shasum.hexdigest(), value)
     cookies = six.moves.http_cookies.SimpleCookie()
     cookies['user'] = value
@@ -92,8 +92,8 @@ def _getUserCookie(environ):
     sig, value = parts
     if not options['Secret'].value:
         raise koji.AuthError('Unable to authenticate, server secret not configured')
-    shasum = sha1_constructor(value)
-    shasum.update(options['Secret'].value)
+    shasum = sha1_constructor(value.encode('utf-8'))
+    shasum.update(options['Secret'].value.encode('utf-8'))
     if shasum.hexdigest() != sig:
         authlogger.warn('invalid user cookie: %s:%s', sig, value)
         return None