Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
  • 3 commits
  • 2 files changed
  • 0 commit comments
  • 2 contributors
Showing with 23 additions and 10 deletions.
  1. +22 −9 yubico/yubico.py
  2. +1 −1  yubico/yubico_exceptions.py
View
31 yubico/yubico.py
@@ -194,13 +194,12 @@ def verify_response(self, response, otp, nonce, return_response=False):
if signature != generated_signature:
raise SignatureVerificationError(generated_signature,
signature)
-
param_dict = self.get_parameters_as_dictionary(parameters)
- if param_dict.get('otp', otp) != otp:
+ if 'otp' in param_dict and param_dict['dict'] != otp:
raise InvalidValidationResponse('Unexpected OTP in response. Possible attack!',
response, param_dict)
- if param_dict.get('nonce', nonce) != nonce:
+ if 'nonce' in param_dict and param_dict['nonce'] != nonce:
raise InvalidValidationResponse('Unexpected nonce in response. Possible attack!',
response, param_dict)
@@ -264,18 +263,32 @@ def generate_message_signature(self, query_string):
def parse_parameters_from_response(self, response):
"""
Returns a response signature and query string generated from the
- server response.
+ server response. 'h' aka signature argument is stripped from the
+ returned query string.
"""
- splitted = [pair.strip() for pair in response.split('\n')
- if pair.strip() != '']
- signature = splitted[0].replace('h=', '')
- query_string = '&' . join(splitted[1:])
+ split = [pair.strip() for pair in response.split('\n')
+ if pair.strip() != '']
+ query_string = '&' . join(split)
+ split_dict = self.get_parameters_as_dictionary(query_string)
+
+ if 'h' in split_dict:
+ signature = split_dict['h']
+ del split_dict['h']
+ else:
+ signature = None
+
+ query_string = ''
+ for index, (key, value) in enumerate(split_dict.iteritems()):
+ query_string += '%s=%s' % (key, value)
+
+ if index != len(split_dict) -1:
+ query_string += '&'
return (signature, query_string)
def get_parameters_as_dictionary(self, query_string):
""" Returns query string parameters as a dictionary. """
- dictionary = dict([parameter.split('=') for parameter \
+ dictionary = dict([parameter.split('=', 1) for parameter \
in query_string.split('&')])
return dictionary
View
2  yubico/yubico_exceptions.py
@@ -28,7 +28,7 @@ def __str__(self):
return 'The client with ID %s does not exist' % (self.client_id)
class InvalidValidationResponse(YubicoError):
- def __init__(self, reason, response, parameters):
+ def __init__(self, reason, response, parameters = None):
self.reason = reason
self.response = response
self.parameters = parameters

No commit comments for this range

Something went wrong with that request. Please try again.