Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

warrant should make sure the time data is sent in English #2

Open
alexsavio opened this issue Jul 10, 2018 · 2 comments
Open

warrant should make sure the time data is sent in English #2

alexsavio opened this issue Jul 10, 2018 · 2 comments
Assignees
@jefford-qwigo
Projects
Warrant and Valley Derivatives

Comments

@alexsavio
Copy link
Contributor

In https://github.com/capless/warrant-lite/blob/master/warrant_lite/__init__.py#L193, if the LOCALE is not set to English, this would fail.
@piotrkubisa
Copy link

piotrkubisa commented Sep 21, 2018
edited
Loading

It would be nice to see a patch for this issue. Let's say you are including warrant-lite in GUI application made in PyGTK or PyQT, in such case locale will be get overriden by system-wide locale.

Quick fix would be a class which inherits the WarrantLite, i.e.:

import base64
import datetime
import hashlib
import hmac
import locale
import re

from warrant_lite import WarrantLite, hex_to_long


class WarrantModified(WarrantLite):
    def process_challenge(self, challenge_parameters):
        user_id_for_srp = challenge_parameters['USER_ID_FOR_SRP']
        salt_hex = challenge_parameters['SALT']
        srp_b_hex = challenge_parameters['SRP_B']
        secret_block_b64 = challenge_parameters['SECRET_BLOCK']
        # re strips leading zero from a day number (required by AWS Cognito)
        # NOTE: Specify en_US locale
        locale.setlocale(locale.LC_ALL, ('en_US', 'UTF-8'))
        timestamp = re.sub(r" 0(\d) ", r" \1 ",
                           datetime.datetime.utcnow().strftime("%a %b %d %H:%M:%S UTC %Y"))
        # NOTE: Return to default locale
        locale.setlocale(locale.LC_ALL, locale.getdefaultlocale())
        hkdf = self.get_password_authentication_key(user_id_for_srp,
                                                    self.password, hex_to_long(srp_b_hex), salt_hex)
        secret_block_bytes = base64.standard_b64decode(secret_block_b64)
        msg = bytearray(self.pool_id.split('_')[1], 'utf-8') + bytearray(user_id_for_srp, 'utf-8') + \
            bytearray(secret_block_bytes) + bytearray(timestamp, 'utf-8')
        hmac_obj = hmac.new(hkdf, msg, digestmod=hashlib.sha256)
        signature_string = base64.standard_b64encode(hmac_obj.digest())
        response = {'TIMESTAMP': timestamp,
                    'USERNAME': user_id_for_srp,
                    'PASSWORD_CLAIM_SECRET_BLOCK': secret_block_b64,
                    'PASSWORD_CLAIM_SIGNATURE': signature_string.decode('utf-8')}
        if self.client_secret is not None:
            response.update({
                "SECRET_HASH":
                self.get_secret_hash(self.username, self.client_id, self.client_secret)})
        return response

@alexsavio
Copy link
Contributor Author

I've just created #6 with a possible fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jefford-qwigo jefford-qwigo

Labels
None yet
Projects
Warrant and Valley Derivatives
  
To do
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexsavio @piotrkubisa @jefford-qwigo