-
Notifications
You must be signed in to change notification settings - Fork 2k
/
hash.py
30 lines (25 loc) · 890 Bytes
/
hash.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# encoding: utf-8
import hmac
import hashlib
import six
from ckan.common import config, request
secret = None
def get_message_hash(value):
global secret
if not secret:
# avoid getting config value at module scope since config may
# not be read in yet
secret = six.ensure_binary(config['beaker.session.secret'])
return hmac.new(secret, value.encode('utf8'), hashlib.sha1).hexdigest()
def get_redirect():
'''Checks the return_to value against the hash, and if it
is valid then returns the return_to for redirect. Otherwise
it returns None.'''
return_to = request.params.get('return_to')
hash_given = request.params.get('hash', '')
if not (return_to and hash_given):
return None
hash_expected = get_message_hash(return_to)
if hash_given == hash_expected:
return return_to.encode('utf-8')
return None