inventree/InvenTree
2
0
Fork 0
mirror of https://github.com/inventree/InvenTree.git synced 2025-05-02 13:28:49 +00:00
Code

fix hmac

Browse Source
This commit is contained in:
Matthias 2021-09-12 19:25:36 +02:00
parent 440311cddb
commit e2bb5e978b
No known key found for this signature in database
GPG Key ID: F50EF5741D33E076
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
InvenTree/common/api.py
View File

@ -66,7 +66,7 @@ class WebhookView(CsrfExemptMixin, APIView):
raise NotAcceptable(error.msg) raise NotAcceptable(error.msg)
# validate # validate
self.validate_token(payload, headers) self.validate_token(payload, headers, request)
# process data # process data
self.save_data(payload, headers, request) self.save_data(payload, headers, request)
self.process_payload(payload, headers, request) self.process_payload(payload, headers, request)
@ -100,7 +100,7 @@ class WebhookView(CsrfExemptMixin, APIView):
# TODO make a object-setting # TODO make a object-setting
return True return True
def validate_token(self, payload, headers): def validate_token(self, payload, headers, request):
token = headers.get(self.TOKEN_NAME, "") token = headers.get(self.TOKEN_NAME, "")
# no token # no token
@ -114,7 +114,7 @@ class WebhookView(CsrfExemptMixin, APIView):
# hmac token # hmac token
elif self.verify == VerificationMethod.HMAC: elif self.verify == VerificationMethod.HMAC:
digest = hmac.new(self.secret, payload.encode('utf-8'), hashlib.sha256).digest() digest = hmac.new(self.secret.encode('utf-8'), request.body, hashlib.sha256).digest()
computed_hmac = base64.b64encode(digest) computed_hmac = base64.b64encode(digest)
if not hmac.compare_digest(computed_hmac, token.encode('utf-8')): if not hmac.compare_digest(computed_hmac, token.encode('utf-8')):
raise PermissionDenied(self.MESSAGE_TOKEN_ERROR) raise PermissionDenied(self.MESSAGE_TOKEN_ERROR)