From f1087662a0886a0a798b1fee074eb70b7a32f85d Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Tue, 19 Nov 2019 14:19:35 +0100
Subject: [PATCH] Use hmac.compare_digest to compare hashes

Co-Authored-By: Timost <Timost@users.noreply.github.com>
---
 moulinette/authenticators/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/moulinette/authenticators/__init__.py b/moulinette/authenticators/__init__.py
index da3bd363..327babcc 100644
--- a/moulinette/authenticators/__init__.py
+++ b/moulinette/authenticators/__init__.py
@@ -184,7 +184,7 @@ class BaseAuthenticator(object):
             to_hash = "{id}:{token}".format(id=session_id, token=session_token)
             hash_ = hashlib.sha256(to_hash).hexdigest()
 
-            if hash_ != stored_hash:
+            if not hmac.compare_digest(hash_, stored_hash):
                 raise MoulinetteError('invalid_token')
             else:
                 return