Don't discriminate against Fireplace when it comes to keys

This commit is contained in:
Matt Basta 2013-04-01 17:16:08 -07:00
Родитель d517c20e42
Коммит ea0785a5e5
5 изменённых файлов: 7 добавлений и 10 удалений

Просмотреть файл

@ -66,10 +66,10 @@ class LoginResource(CORSResource, MarketplaceResource):
unique_id = uuid.uuid4().hex
consumer_id = hashlib.sha1(
email + settings.FIREPLACE_SECRET_KEY).hexdigest()
email + settings.SECRET_KEY).hexdigest()
hm = hmac.new(
unique_id + settings.FIREPLACE_SECRET_KEY,
unique_id + settings.SECRET_KEY,
consumer_id, hashlib.sha512)
return ','.join((email, hm.hexdigest(), unique_id))

Просмотреть файл

@ -98,7 +98,7 @@ class FakeUUID(object):
hex = '000000'
@patch.object(settings, 'FIREPLACE_SECRET_KEY', 'gubbish')
@patch.object(settings, 'SECRET_KEY', 'gubbish')
class TestLoginHandler(TestCase):
def setUp(self):
super(TestLoginHandler, self).setUp()

Просмотреть файл

@ -163,8 +163,8 @@ class SharedSecretAuthentication(Authentication):
try:
email, hm, unique_id = auth.split(',')
consumer_id = hashlib.sha1(
email + settings.FIREPLACE_SECRET_KEY).hexdigest()
return hmac.new(unique_id + settings.FIREPLACE_SECRET_KEY,
email + settings.SECRET_KEY).hexdigest()
return hmac.new(unique_id + settings.SECRET_KEY,
consumer_id, hashlib.sha512).hexdigest() == hm
except:
log.info('Bad shared-secret auth data: %s', auth)

Просмотреть файл

@ -150,7 +150,7 @@ class TestOAuthAuthentication(TestCase):
ok_(self.auth.is_authenticated(self.call()))
@patch.object(settings, 'FIREPLACE_SECRET_KEY', 'gubbish')
@patch.object(settings, 'SECRET_KEY', 'gubbish')
class TestSharedSecretAuthentication(TestCase):
fixtures = fixture('user_2519')
@ -191,7 +191,7 @@ class TestOptionalOAuthAuthentication(TestCase):
ok_(not self.auth.is_authenticated(req))
@patch.object(settings, 'FIREPLACE_SECRET_KEY', 'gubbish')
@patch.object(settings, 'SECRET_KEY', 'gubbish')
class TestMultipleAuthentication(TestCase):
fixtures = fixture('user_2519')

Просмотреть файл

@ -7,9 +7,6 @@ from mkt import asset_bundles
# The origin URL for our Fireplace frontend, from which API requests come.
FIREPLACE_URL = ''
# The key used for generating shared secrets in Fireplace logins.
FIREPLACE_SECRET_KEY = None
ALLOWED_HOSTS += ['.firefox.com']
# We'll soon need a `settings_test_mkt` to override this.
APP_PREVIEW = True