diff web/templog.py @ 240:c90190a380c6

sha256 hmac now
author Matt Johnston <matt@ucc.asn.au>
date Tue, 19 May 2015 23:56:56 +0800
parents 509a1be16456
children 2071d939e4ff
line wrap: on
line diff
--- a/web/templog.py	Sun May 10 21:13:49 2015 +0800
+++ b/web/templog.py	Tue May 19 23:56:56 2015 +0800
@@ -11,6 +11,7 @@
 import os
 import traceback
 import fcntl
+import hashlib
 
 import bottle
 from bottle import route, request, response
@@ -38,7 +39,8 @@
     js_enc = request.forms.data
     mac = request.forms.hmac
 
-    if hmac.new(config.HMAC_KEY, js_enc).hexdigest() != mac:
+    h = hmac.new(config.HMAC_KEY, js_enc.strip(), hashlib.sha256).hexdigest()
+    if h != mac:
         raise bottle.HTTPError(code = 403, output = "Bad key")
 
     js = zlib.decompress(binascii.a2b_base64(js_enc))