--- a/web/webconfig.py Wed Nov 28 11:44:15 2012 +0100
+++ b/web/webconfig.py Tue Nov 27 14:48:03 2012 +0100
@@ -21,10 +21,12 @@
_ = unicode
import os
+import hmac
+from uuid import uuid4
from os.path import join, exists, split, isdir
from warnings import warn
-from logilab.common.decorators import cached
+from logilab.common.decorators import cached, cachedproperty
from logilab.common.deprecation import deprecated
from cubicweb import ConfigurationError
@@ -272,6 +274,25 @@
raise ConfigurationError("anonymous information should only contains ascii")
return user, passwd
+ @cachedproperty
+ def _instance_salt(self):
+ """This random key/salt is used to sign content to be sent back by
+ browsers, eg. in the error report form.
+ """
+ return str(uuid4())
+
+ def sign_text(self, text):
+ """sign some text for later checking"""
+ # replace \r\n so we do not depend on whether a browser "reencode"
+ # original message using \r\n or not
+ return hmac.new(self._instance_salt,
+ text.strip().replace('\r\n', '\n')).hexdigest()
+
+ def check_text_sign(self, text, signature):
+ """check the text signature is equal to the given signature"""
+ return self.sign_text(text) == signature
+
+
def locate_resource(self, rid):
"""return the (directory, filename) where the given resource
may be found