self-hosted/oncall
1
0
Fork 0
mirror of https://github.com/linkedin/oncall.git synced 2025-11-25 23:02:31 +02:00
Code Issues Releases Activity

retroactively fix client HMAC for special character enpoints (#397)

Browse Source 
* fix HMAC for names with spaces

* client backwards compatibility

* update version
This commit is contained in:
Diego Cepeda
2023-06-28 15:53:24 -05:00
committed by GitHub
parent 08b94bd6a1
commit aa603ffe6a
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/oncall/__init__.py
View File

@@ -1 +1 @@
__version__ = '2.0.0'
__version__ = '2.0.1'

7
src/oncall/auth/__init__.py
View File

@@ -7,6 +7,7 @@ import hmac
import hashlib
import base64
import importlib
from urllib.parse import quote
from falcon import HTTPUnauthorized, HTTPForbidden, Request
from .. import db
@@ -127,6 +128,12 @@ def check_calendar_auth_by_id(team_id, req):
def is_client_digest_valid(client_digest, api_key, window, method, path, body):
# calulate HMAC hash with quoted and unquoted path for legacy client backwards compatibility
text = '%s %s %s %s' % (window, method, quote(path), body)
HMAC = hmac.new(api_key, text.encode('utf-8'), hashlib.sha512)
digest = base64.urlsafe_b64encode(HMAC.digest())
if hmac.compare_digest(bytes(client_digest, 'utf-8'), digest):
return True
text = '%s %s %s %s' % (window, method, path, body)
HMAC = hmac.new(api_key, text.encode('utf-8'), hashlib.sha512)
digest = base64.urlsafe_b64encode(HMAC.digest())