YunoHost/moulinette
1
0
Fork 0
mirror of https://github.com/YunoHost/moulinette.git synced 2024-09-03 20:06:31 +02:00
Code Issues Projects Releases Packages Wiki Activity

Use hmac.compare_digest to compare hashes

Browse source 
Co-Authored-By: Timost <Timost@users.noreply.github.com>
This commit is contained in:
Alexandre Aubin 2019-11-19 14:19:35 +01:00 committed by GitHub
parent e77e27730b
commit f1087662a0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
moulinette/authenticators/__init__.py
View file

@ -184,7 +184,7 @@ class BaseAuthenticator(object):
to_hash = "{id}:{token}".format(id=session_id, token=session_token)
hash_ = hashlib.sha256(to_hash).hexdigest()
if hash_ != stored_hash:
if not hmac.compare_digest(hash_, stored_hash):
raise MoulinetteError('invalid_token')
else:
return