#1489 pass bytes to sha1 constructor
Merged 4 years ago by mikem. Opened 4 years ago by tkopecek.
tkopecek/koji issue1486  into  master

file modified
+4 -4
@@ -55,8 +55,8 @@ 

      value = user + ':' + str(int(time.time()))

      if not options['Secret'].value:

          raise koji.AuthError('Unable to authenticate, server secret not configured')

-     shasum = sha1_constructor(value)

-     shasum.update(options['Secret'].value)

+     shasum = sha1_constructor(value.encode('utf-8'))

+     shasum.update(options['Secret'].value.encode('utf-8'))

      value = "%s:%s" % (shasum.hexdigest(), value)

      cookies = six.moves.http_cookies.SimpleCookie()

      cookies['user'] = value
@@ -92,8 +92,8 @@ 

      sig, value = parts

      if not options['Secret'].value:

          raise koji.AuthError('Unable to authenticate, server secret not configured')

-     shasum = sha1_constructor(value)

-     shasum.update(options['Secret'].value)

+     shasum = sha1_constructor(value.encode('utf-8'))

+     shasum.update(options['Secret'].value.encode('utf-8'))

      if shasum.hexdigest() != sig:

          authlogger.warn('invalid user cookie: %s:%s', sig, value)

          return None

As preparation to use hashlib's constructors, fix passing correct
datatype to sha1 constructor in web ui.

Fixes: https://pagure.io/koji/issue/1486

pretty please pagure-ci rebuild

4 years ago

rebased onto 485466d

4 years ago

Metadata Update from @tkopecek:
- Pull-request tagged with: testing-ready

4 years ago

Commit bc16f4e fixes this pull-request

Pull-Request has been merged by mikem

4 years ago