self-hosted/oncall
1
0
Fork 0
mirror of https://github.com/linkedin/oncall.git synced 2025-11-25 23:02:31 +02:00
Code Issues Releases Activity

retroactively fix client HMAC for special character enpoints (#397)

Browse Source 
* fix HMAC for names with spaces

* client backwards compatibility

* update version
This commit is contained in:
Diego Cepeda
2023-06-28 15:53:24 -05:00
committed by GitHub
parent 08b94bd6a1
commit aa603ffe6a
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/oncall/__init__.py
View File

@@ -1 +1 @@
__version__ = '2.0.0' __version__ = '2.0.1'

7
src/oncall/auth/__init__.py
View File

@@ -7,6 +7,7 @@ import hmac
import hashlib import hashlib
import base64 import base64
import importlib import importlib
from urllib.parse import quote
from falcon import HTTPUnauthorized, HTTPForbidden, Request from falcon import HTTPUnauthorized, HTTPForbidden, Request
from .. import db from .. import db
@@ -127,6 +128,12 @@ def check_calendar_auth_by_id(team_id, req):
def is_client_digest_valid(client_digest, api_key, window, method, path, body): def is_client_digest_valid(client_digest, api_key, window, method, path, body):
# calulate HMAC hash with quoted and unquoted path for legacy client backwards compatibility
text = '%s %s %s %s' % (window, method, quote(path), body)
HMAC = hmac.new(api_key, text.encode('utf-8'), hashlib.sha512)
digest = base64.urlsafe_b64encode(HMAC.digest())
if hmac.compare_digest(bytes(client_digest, 'utf-8'), digest):
return True
text = '%s %s %s %s' % (window, method, path, body) text = '%s %s %s %s' % (window, method, path, body)
HMAC = hmac.new(api_key, text.encode('utf-8'), hashlib.sha512) HMAC = hmac.new(api_key, text.encode('utf-8'), hashlib.sha512)
digest = base64.urlsafe_b64encode(HMAC.digest()) digest = base64.urlsafe_b64encode(HMAC.digest())