Don't discriminate against Fireplace when it comes to keys
This commit is contained in:
Родитель
d517c20e42
Коммит
ea0785a5e5
|
@ -66,10 +66,10 @@ class LoginResource(CORSResource, MarketplaceResource):
|
|||
unique_id = uuid.uuid4().hex
|
||||
|
||||
consumer_id = hashlib.sha1(
|
||||
email + settings.FIREPLACE_SECRET_KEY).hexdigest()
|
||||
email + settings.SECRET_KEY).hexdigest()
|
||||
|
||||
hm = hmac.new(
|
||||
unique_id + settings.FIREPLACE_SECRET_KEY,
|
||||
unique_id + settings.SECRET_KEY,
|
||||
consumer_id, hashlib.sha512)
|
||||
return ','.join((email, hm.hexdigest(), unique_id))
|
||||
|
||||
|
|
|
@ -98,7 +98,7 @@ class FakeUUID(object):
|
|||
hex = '000000'
|
||||
|
||||
|
||||
@patch.object(settings, 'FIREPLACE_SECRET_KEY', 'gubbish')
|
||||
@patch.object(settings, 'SECRET_KEY', 'gubbish')
|
||||
class TestLoginHandler(TestCase):
|
||||
def setUp(self):
|
||||
super(TestLoginHandler, self).setUp()
|
||||
|
|
|
@ -163,8 +163,8 @@ class SharedSecretAuthentication(Authentication):
|
|||
try:
|
||||
email, hm, unique_id = auth.split(',')
|
||||
consumer_id = hashlib.sha1(
|
||||
email + settings.FIREPLACE_SECRET_KEY).hexdigest()
|
||||
return hmac.new(unique_id + settings.FIREPLACE_SECRET_KEY,
|
||||
email + settings.SECRET_KEY).hexdigest()
|
||||
return hmac.new(unique_id + settings.SECRET_KEY,
|
||||
consumer_id, hashlib.sha512).hexdigest() == hm
|
||||
except:
|
||||
log.info('Bad shared-secret auth data: %s', auth)
|
||||
|
|
|
@ -150,7 +150,7 @@ class TestOAuthAuthentication(TestCase):
|
|||
ok_(self.auth.is_authenticated(self.call()))
|
||||
|
||||
|
||||
@patch.object(settings, 'FIREPLACE_SECRET_KEY', 'gubbish')
|
||||
@patch.object(settings, 'SECRET_KEY', 'gubbish')
|
||||
class TestSharedSecretAuthentication(TestCase):
|
||||
fixtures = fixture('user_2519')
|
||||
|
||||
|
@ -191,7 +191,7 @@ class TestOptionalOAuthAuthentication(TestCase):
|
|||
ok_(not self.auth.is_authenticated(req))
|
||||
|
||||
|
||||
@patch.object(settings, 'FIREPLACE_SECRET_KEY', 'gubbish')
|
||||
@patch.object(settings, 'SECRET_KEY', 'gubbish')
|
||||
class TestMultipleAuthentication(TestCase):
|
||||
fixtures = fixture('user_2519')
|
||||
|
||||
|
|
|
@ -7,9 +7,6 @@ from mkt import asset_bundles
|
|||
# The origin URL for our Fireplace frontend, from which API requests come.
|
||||
FIREPLACE_URL = ''
|
||||
|
||||
# The key used for generating shared secrets in Fireplace logins.
|
||||
FIREPLACE_SECRET_KEY = None
|
||||
|
||||
ALLOWED_HOSTS += ['.firefox.com']
|
||||
# We'll soon need a `settings_test_mkt` to override this.
|
||||
APP_PREVIEW = True
|
||||
|
|
Загрузка…
Ссылка в новой задаче