# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1432051016 -28800
# Node ID c90190a380c6790a348c0bf0d09a786e561b22af
# Parent  509a1be16456000c505c840a1ffac7062495af94
sha256 hmac now

diff -r 509a1be16456 -r c90190a380c6 web/templog.py
--- a/web/templog.py	Sun May 10 21:13:49 2015 +0800
+++ b/web/templog.py	Tue May 19 23:56:56 2015 +0800
@@ -11,6 +11,7 @@
 import os
 import traceback
 import fcntl
+import hashlib
 
 import bottle
 from bottle import route, request, response
@@ -38,7 +39,8 @@
     js_enc = request.forms.data
     mac = request.forms.hmac
 
-    if hmac.new(config.HMAC_KEY, js_enc).hexdigest() != mac:
+    h = hmac.new(config.HMAC_KEY, js_enc.strip(), hashlib.sha256).hexdigest()
+    if h != mac:
         raise bottle.HTTPError(code = 403, output = "Bad key")
 
     js = zlib.decompress(binascii.a2b_base64(js_enc))