Mercurial > templog
diff web/secure.py @ 492:23c6cf01d237
working kinda
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 11 Feb 2014 23:47:53 +0800 |
| parents | 46e327c00246 |
| children | 59379b2bd056 |
line wrap: on
line diff
--- a/web/secure.py Tue Feb 11 22:11:03 2014 +0800 +++ b/web/secure.py Tue Feb 11 23:47:53 2014 +0800 @@ -54,27 +54,33 @@ def check_csrf_blob(blob): toks = blob.split('-') if len(toks) != 3: + print>>sys.stderr, "wrong toks" return False user, expiry, mac = toks if user != get_user_hash(): + print>>sys.stderr, "wrong user" return False try: exp = int(expiry) except ValueError: + print>>sys.stderr, "failed exp" return False if exp < 1000000000: return False - if exp > time.time(): + if exp < time.time(): + print>>sys.stderr, "expired %d %d" % (exp, time.time()) return False check_content = "%s-%s" % (user, expiry) - check_mac = hmac.new(_csrf_key, content).hexdigest() + check_mac = hmac.new(_csrf_key, check_content).hexdigest() if mac == check_mac: + print>>sys.stderr, "good hmac" return True + print>>sys.stderr, "fail" return False