Skip to content

Commit

Permalink
better SHA algorithm
Browse files Browse the repository at this point in the history
  • Loading branch information
Mark Evans committed Aug 22, 2014
1 parent 418f793 commit 00bb029
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion lib/dragonfly/job.rb
View file
Expand Up @@ -155,7 +155,7 @@ def sha
raise CannotGenerateSha, "A secret is required to sign and verify Dragonfly job requests. "\
"Use `secret '...'` or disable `protect_from_dos_attacks` in your config."
end
Digest::SHA1.hexdigest("#{to_unique_s}#{app.secret}")[0...8]
OpenSSL::HMAC.hexdigest('SHA256', app.secret, to_unique_s)[0,16]
end

def validate_sha!(sha)
Expand Down
2 changes: 1 addition & 1 deletion spec/dragonfly/job_spec.rb
View file
Expand Up @@ -405,7 +405,7 @@
end

it "should be of the correct format" do
@job.sha.should =~ /^\w{8}$/
@job.sha.should =~ /^\w{16}$/
end

it "should be the same for the same job steps" do
Expand Down

1 comment on commit 00bb029

@mkhatib
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this mean old SHAs are going to raise incorrect SHA and be invalidated? Any idea how to keep them working?

Please sign in to comment.