jeena/woodwind
1
0
Fork 0
Code Issues Pull requests Projects Packages Wiki Activity Actions

fix X-Hub-Signature comparison

Browse source
This commit is contained in:
Kyle Mahan 2015-04-02 06:35:56 +00:00
parent 85e53fa4f6
commit 56b1485d21
1 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
woodwind/push.py
View file

@ -69,12 +69,14 @@ def notify(feed_id):
content = None content = None
signature = request.headers.get('X-Hub-Signature') signature = request.headers.get('X-Hub-Signature')
if signature and feed.push_secret and request.data: if signature and feed.push_secret and request.data:
h = hmac.new(feed.push_secret.encode('utf-8'), expected = 'sha1=' + hmac.new(feed.push_secret.encode('utf-8'),
msg=request.data, digestmod='sha1').hexdigest() msg=request.data, digestmod='sha1').hexdigest()
if h != signature: if expected != signature:
current_app.logger.warn( current_app.logger.warn(
'X-Hub-Signature did not match expected key') 'X-Hub-Signature (%s) did not match expected (%s)',
signature, expected)
return make_response('', 204) return make_response('', 204)
current_app.logger.info('Good X-Hub-Signature!')
content = request.data.decode('utf-8') content = request.data.decode('utf-8')
tasks.q_high.enqueue(tasks.update_feed, feed.id, tasks.q_high.enqueue(tasks.update_feed, feed.id,