Permalink
Browse files

bumped version to 0.6.0

added hopefully timing attack safe signature verification
  • Loading branch information...
1 parent c82f53e commit 83e5abd99f7a0194ebd55c3b8ccad811e339d481 Jonas Obrist committed Nov 17, 2011
Showing with 11 additions and 6 deletions.
  1. +3 −4 README.rst
  2. +1 −1 simple_sso/__init__.py
  3. +7 −1 simple_sso/signatures.py
View
@@ -179,10 +179,9 @@ On the server
=============
* Add ``simple_sso.sso_server`` to ``INSTALLED_APPS``.
-* Include the ``simple_sso.sso_server.urls`` url patterns somewhere.
-* Optionally provide the ``SIMPLE_SSO_USER_CONSTRUCTOR`` setting which points
- to a callable which, given a Django user instance, returns a dictionary
- representation containing the information as described in **The User object**.
+* Create an instance (potentially of a subclass) of
+ ``simple_sso.server.SimpleSSOServer`` and include the return value of the
+ ``get_urls`` method on that instance into your url patterns.
On the client
View
@@ -1 +1 @@
-__version__ = '0.5.1'
+__version__ = '0.6.0'
View
@@ -19,4 +19,10 @@ def verify_signature(parameters, signature, secret):
Parameters is a list of tuples.
"""
- return build_signature(parameters, secret) == signature
+ result = 0
+ built_signature = build_signature(parameters, secret)
+ if len(signature) != len(built_signature):
+ return False
+ for x, y in zip(built_signature, signature):
+ result |= ord(x) ^ ord(y)
+ return result == 0

0 comments on commit 83e5abd

Please sign in to comment.