|
@@ -282,7 +282,7 @@ class Token(models.Model):
|
|
|
digest.
|
|
digest.
|
|
|
"""
|
|
"""
|
|
|
if self.v1:
|
|
if self.v1:
|
|
|
- return token == self.token
|
|
|
|
|
|
|
+ return hmac.compare_digest(token, self.plaintext)
|
|
|
if self.v2:
|
|
if self.v2:
|
|
|
token = token.removeprefix(TOKEN_PREFIX)
|
|
token = token.removeprefix(TOKEN_PREFIX)
|
|
|
try:
|
|
try:
|
|
@@ -291,7 +291,7 @@ class Token(models.Model):
|
|
|
# Invalid pepper ID
|
|
# Invalid pepper ID
|
|
|
return False
|
|
return False
|
|
|
digest = hmac.new(pepper.encode('utf-8'), token.encode('utf-8'), hashlib.sha256).hexdigest()
|
|
digest = hmac.new(pepper.encode('utf-8'), token.encode('utf-8'), hashlib.sha256).hexdigest()
|
|
|
- return digest == self.hmac_digest
|
|
|
|
|
|
|
+ return hmac.compare_digest(digest, self.hmac_digest)
|
|
|
return False
|
|
return False
|
|
|
|
|
|
|
|
def validate_client_ip(self, client_ip):
|
|
def validate_client_ip(self, client_ip):
|