24 import hmac |
24 import hmac |
25 from uuid import uuid4 |
25 from uuid import uuid4 |
26 from os.path import join, exists, split, isdir |
26 from os.path import join, exists, split, isdir |
27 from warnings import warn |
27 from warnings import warn |
28 |
28 |
|
29 from six import text_type |
|
30 |
29 from logilab.common.decorators import cached, cachedproperty |
31 from logilab.common.decorators import cached, cachedproperty |
30 from logilab.common.deprecation import deprecated |
32 from logilab.common.deprecation import deprecated |
31 from logilab.common.configuration import merge_options |
33 from logilab.common.configuration import merge_options |
32 |
34 |
33 from cubicweb import ConfigurationError |
35 from cubicweb import ConfigurationError |
291 """ |
293 """ |
292 try: |
294 try: |
293 user = self['anonymous-user'] or None |
295 user = self['anonymous-user'] or None |
294 passwd = self['anonymous-password'] |
296 passwd = self['anonymous-password'] |
295 if user: |
297 if user: |
296 user = unicode(user) |
298 user = text_type(user) |
297 except KeyError: |
299 except KeyError: |
298 user, passwd = None, None |
300 user, passwd = None, None |
299 except UnicodeDecodeError: |
301 except UnicodeDecodeError: |
300 raise ConfigurationError("anonymous information should only contains ascii") |
302 raise ConfigurationError("anonymous information should only contains ascii") |
301 return user, passwd |
303 return user, passwd |
303 @cachedproperty |
305 @cachedproperty |
304 def _instance_salt(self): |
306 def _instance_salt(self): |
305 """This random key/salt is used to sign content to be sent back by |
307 """This random key/salt is used to sign content to be sent back by |
306 browsers, eg. in the error report form. |
308 browsers, eg. in the error report form. |
307 """ |
309 """ |
308 return str(uuid4()) |
310 return str(uuid4()).encode('ascii') |
309 |
311 |
310 def sign_text(self, text): |
312 def sign_text(self, text): |
311 """sign some text for later checking""" |
313 """sign some text for later checking""" |
312 # hmac.new expect bytes |
314 # hmac.new expect bytes |
313 if isinstance(text, unicode): |
315 if isinstance(text, text_type): |
314 text = text.encode('utf-8') |
316 text = text.encode('utf-8') |
315 # replace \r\n so we do not depend on whether a browser "reencode" |
317 # replace \r\n so we do not depend on whether a browser "reencode" |
316 # original message using \r\n or not |
318 # original message using \r\n or not |
317 return hmac.new(self._instance_salt, |
319 return hmac.new(self._instance_salt, |
318 text.strip().replace('\r\n', '\n')).hexdigest() |
320 text.strip().replace(b'\r\n', b'\n')).hexdigest() |
319 |
321 |
320 def check_text_sign(self, text, signature): |
322 def check_text_sign(self, text, signature): |
321 """check the text signature is equal to the given signature""" |
323 """check the text signature is equal to the given signature""" |
322 return self.sign_text(text) == signature |
324 return self.sign_text(text) == signature |
323 |
325 |