Replace compare_digest with streql

ntrrgc · Apr 13, 2015 · f0c79c0 · f0c79c0
1 parent 52bc5f6
commit f0c79c0
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 2 deletions.
diff --git a/doc/releases/v0.1.0-a3.rst b/doc/releases/v0.1.0-a3.rst
@@ -1,6 +1,10 @@
 What's new in Snorky 0.1.0-a3 (prerelease)
 ==========================================
 
+* ``compare_digest``, a function that provides constant-time string comparison in Python 2.7.7+ and Python 3.3+ has been replaced with `streql <https://pypi.python.org/pypi/streql/3.0.2`_, a third party module that performs the same task, but it is compatible with older Python versions.
+
+  This is required to use Snorky in CentOS 7 with Python 2 without building the interpreter from source.
+
 * Added a ``SNORKY_JSON_ENCODER`` setting in the Django connector, allowing to change the JSON encoder class (as if ``cls`` parameter of ``json.dumps()`` was specified).
 
 * Added debug logging to the Python backend connector. The logging channel is 'snorky'. If the logging level is ``DEBUG`` it will emit a line for each message sent or received between the client and Snorky.

diff --git a/setup.py b/setup.py
@@ -26,6 +26,7 @@ def read(*paths):
         "requests",
         "funcsigs",
         "python-dateutil",
+        "streql",
     ],
     tests_require=["mock"],
     include_package_data=False,

diff --git a/snorky/request_handlers/http.py b/snorky/request_handlers/http.py
@@ -4,7 +4,7 @@
 
 from tornado.web import RequestHandler, HTTPError, asynchronous
 from snorky.client import Client
-from hmac import compare_digest
+from streql import equals # constant time string comparison
 import json
 
 
@@ -73,5 +73,5 @@ def check_api_key(self):
         except KeyError:
             raise HTTPError(401, "Missing X-Backend-Key header")
 
-        if not compare_digest(key, self.api_key):
+        if not equals(key, self.api_key):
             raise HTTPError(401, "Invalid API key")