From 2093048720cfb36cc05b3143cd6f2585c7c64d85 Mon Sep 17 00:00:00 2001 From: John Lee Date: Fri, 3 Jan 2020 15:54:57 -0800 Subject: [PATCH] Update calls to hmac to use bytes instead of strings so it works on py3. --- schoolyourself/schoolyourself.py | 7 +++++-- schoolyourself/schoolyourself_review.py | 9 ++++++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/schoolyourself/schoolyourself.py b/schoolyourself/schoolyourself.py index 81af69a..2acedd6 100644 --- a/schoolyourself/schoolyourself.py +++ b/schoolyourself/schoolyourself.py @@ -1,6 +1,7 @@ """The base class for School Yourself XBlocks (lessons and reviews).""" from __future__ import absolute_import +import hashlib import hmac import os import pkg_resources @@ -157,8 +158,10 @@ def get_partner_url_params(self, shared_key=None): if user_id: url_params["partner_user_id"] = user_id if shared_key: - url_params["partner_signature"] = hmac.new(str(shared_key), - user_id).hexdigest() + url_params["partner_signature"] = hmac.new( + bytes(shared_key, "utf-8"), + bytes(user_id, "utf-8"), + digestmod=hashlib.md5).hexdigest() return url_params diff --git a/schoolyourself/schoolyourself_review.py b/schoolyourself/schoolyourself_review.py index cb3d3a3..42bd2ca 100644 --- a/schoolyourself/schoolyourself_review.py +++ b/schoolyourself/schoolyourself_review.py @@ -1,6 +1,7 @@ """An XBlock that displays School Yourself reviews and may publish grades.""" from __future__ import absolute_import +import hashlib import hmac import six.moves.urllib.request, six.moves.urllib.parse, six.moves.urllib.error @@ -123,9 +124,11 @@ def handle_grade_json(self, data): return "bad_request" # Verify the signature. - verifier = hmac.new(str(self.shared_key), user_id) + verifier = hmac.new(bytes(self.shared_key, "utf-8"), + bytes(user_id, "utf-8"), + digestmod=hashlib.md5) for key in sorted(mastery): - verifier.update(key) + verifier.update(bytes(key, "utf-8")) # Every entry should be a number. try: @@ -133,7 +136,7 @@ def handle_grade_json(self, data): except ValueError: return "bad_request" - verifier.update("%.2f" % mastery[key]) + verifier.update(bytes("%.2f" % mastery[key], "utf-8")) # If the signature is invalid, do nothing.