# HG changeset patch
# User paulb
# Date 1194995750 0
# Node ID 9dd43535b30bbea766efd351f53e0c0f1a0ee0b0
# Parent  fd071f4c6c32d251327c33d532a2bc243db7f71b
[project @ 2007-11-13 23:15:50 by paulb]
Fixed OpenID tokens to use HMAC-SHA1 - apparently HMAC-MD5 was previously
being used.

diff -r fd071f4c6c32 -r 9dd43535b30b WebStack/Helpers/Auth.py
--- a/WebStack/Helpers/Auth.py	Mon Nov 12 00:51:58 2007 +0000
+++ b/WebStack/Helpers/Auth.py	Tue Nov 13 23:15:50 2007 +0000
@@ -22,10 +22,15 @@
 
 import base64
 import md5
+import hmac
 try:
-    import hmac
+    from hashlib import sha1, sha256
 except ImportError:
-    hmac = None
+    sha256 = None
+    try:
+        from sha import new as sha1
+    except ImportError:
+        sha1 = None
 
 class UserInfo:
 
@@ -193,7 +198,10 @@
 
     return plaintext + ":" + md5.md5(plaintext + secret_key).hexdigest()
 
-if hmac is not None:
+# OpenID token verification.
+# NOTE: Add SHA256 usage for associations.
+
+if sha1 is not None:
 
     def get_openid_token(items, secret_key):
 
@@ -203,7 +211,7 @@
         """
 
         plaintext = "\n".join([(key + ":" + value) for (key, value) in items]) + "\n"
-        hash = hmac.new(secret_key, plaintext)
+        hash = hmac.new(secret_key, plaintext, sha1)
         return base64.standard_b64encode(hash.digest())
 
     def check_openid_signature(fields, secret_key):