chore: defined variable to pick sha1 as algorithm for SafeSessionMi…

…ddleware.
openedx · Oct 2, 2023 · c5a4e72 · c5a4e72
1 parent 64662b7
commit c5a4e72
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/cms/envs/common.py b/cms/envs/common.py
@@ -1087,6 +1087,9 @@
 DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
 DEFAULT_HASHING_ALGORITHM = 'sha1'
 
+# default algorithm for SafeSessionMiddleware
+SAFE_SESSIONS_MAC_ALGO = 'sha1'
+
 #################### Python sandbox ############################################
 
 CODE_JAIL = {

diff --git a/lms/envs/common.py b/lms/envs/common.py
@@ -1736,6 +1736,9 @@ def _make_mako_template_dirs(settings):
 DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
 DEFAULT_HASHING_ALGORITHM = 'sha1'
 
+# default algorithm for SafeSessionMiddleware
+SAFE_SESSIONS_MAC_ALGO = 'sha1'
+
 #################### Python sandbox ############################################
 
 CODE_JAIL = {

diff --git a/openedx/core/djangoapps/safe_sessions/middleware.py b/openedx/core/djangoapps/safe_sessions/middleware.py
@@ -269,7 +269,7 @@ def sign(self, user_id):
         data_to_sign = self._compute_digest(user_id)
 
         self.signature = signing.TimestampSigner(
-            salt=self.key_salt, algorithm=settings.DEFAULT_HASHING_ALGORITHM
+            salt=self.key_salt, algorithm=settings.SAFE_SESSIONS_MAC_ALGO
         ).sign_object(data_to_sign, serializer=signing.JSONSerializer, compress=False)
 
     def verify(self, user_id):
@@ -280,7 +280,7 @@ def verify(self, user_id):
         """
         try:
             unsigned_data = signing.TimestampSigner(
-                salt=self.key_salt, algorithm=settings.DEFAULT_HASHING_ALGORITHM
+                salt=self.key_salt, algorithm=settings.SAFE_SESSIONS_MAC_ALGO
             ).unsign_object(self.signature, serializer=signing.JSONSerializer, max_age=settings.SESSION_COOKIE_AGE)
 
             if unsigned_data == self._compute_digest(user_id):