diff --git a/schoolyourself/schoolyourself.py b/schoolyourself/schoolyourself.py index 81af69a..2acedd6 100644 --- a/schoolyourself/schoolyourself.py +++ b/schoolyourself/schoolyourself.py @@ -1,6 +1,7 @@ """The base class for School Yourself XBlocks (lessons and reviews).""" from __future__ import absolute_import +import hashlib import hmac import os import pkg_resources @@ -157,8 +158,10 @@ def get_partner_url_params(self, shared_key=None): if user_id: url_params["partner_user_id"] = user_id if shared_key: - url_params["partner_signature"] = hmac.new(str(shared_key), - user_id).hexdigest() + url_params["partner_signature"] = hmac.new( + bytes(shared_key, "utf-8"), + bytes(user_id, "utf-8"), + digestmod=hashlib.md5).hexdigest() return url_params diff --git a/schoolyourself/schoolyourself_review.py b/schoolyourself/schoolyourself_review.py index cb3d3a3..42bd2ca 100644 --- a/schoolyourself/schoolyourself_review.py +++ b/schoolyourself/schoolyourself_review.py @@ -1,6 +1,7 @@ """An XBlock that displays School Yourself reviews and may publish grades.""" from __future__ import absolute_import +import hashlib import hmac import six.moves.urllib.request, six.moves.urllib.parse, six.moves.urllib.error @@ -123,9 +124,11 @@ def handle_grade_json(self, data): return "bad_request" # Verify the signature. - verifier = hmac.new(str(self.shared_key), user_id) + verifier = hmac.new(bytes(self.shared_key, "utf-8"), + bytes(user_id, "utf-8"), + digestmod=hashlib.md5) for key in sorted(mastery): - verifier.update(key) + verifier.update(bytes(key, "utf-8")) # Every entry should be a number. try: @@ -133,7 +136,7 @@ def handle_grade_json(self, data): except ValueError: return "bad_request" - verifier.update("%.2f" % mastery[key]) + verifier.update(bytes("%.2f" % mastery[key], "utf-8")) # If the signature is invalid, do nothing.