Mercurial > templog

comparison web/secure.py @ 492:23c6cf01d237

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
working kinda
author Matt Johnston <matt@ucc.asn.au>
date Tue, 11 Feb 2014 23:47:53 +0800
parents 46e327c00246
children 59379b2bd056
comparison
equal deleted inserted replaced
491:f2e990b99637 492:23c6cf01d237
52 return "%s-%s" % (content, mac) 52 return "%s-%s" % (content, mac)
53 53
54 def check_csrf_blob(blob): 54 def check_csrf_blob(blob):
55 toks = blob.split('-') 55 toks = blob.split('-')
56 if len(toks) != 3: 56 if len(toks) != 3:
57 print>>sys.stderr, "wrong toks"
57 return False 58 return False
58 59
59 user, expiry, mac = toks 60 user, expiry, mac = toks
60 if user != get_user_hash(): 61 if user != get_user_hash():
62 print>>sys.stderr, "wrong user"
61 return False 63 return False
62 64
63 try: 65 try:
64 exp = int(expiry) 66 exp = int(expiry)
65 except ValueError: 67 except ValueError:
68 print>>sys.stderr, "failed exp"
66 return False 69 return False
67 70
68 if exp < 1000000000: 71 if exp < 1000000000:
69 return False 72 return False
70 73
71 if exp > time.time(): 74 if exp < time.time():
75 print>>sys.stderr, "expired %d %d" % (exp, time.time())
72 return False 76 return False
73 77
74 check_content = "%s-%s" % (user, expiry) 78 check_content = "%s-%s" % (user, expiry)
75 check_mac = hmac.new(_csrf_key, content).hexdigest() 79 check_mac = hmac.new(_csrf_key, check_content).hexdigest()
76 if mac == check_mac: 80 if mac == check_mac:
81 print>>sys.stderr, "good hmac"
77 return True 82 return True
78 83
84 print>>sys.stderr, "fail"
79 return False 85 return False
80 86