[Fusionforge-commits] FusionForge branch Branch_5_2 updated. fecdfbd2cfed11dee1cb77ebddf4b201ddce1a8b

Roland Mas lolando at fusionforge.org
Wed Apr 17 14:54:28 CEST 2013


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, Branch_5_2 has been updated
       via  fecdfbd2cfed11dee1cb77ebddf4b201ddce1a8b (commit)
      from  ca48d358c87f043acf3cb9c018dce6da00d884ad (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fecdfbd2cfed11dee1cb77ebddf4b201ddce1a8b
Author: Roland Mas <lolando at debian.org>
Date:   Wed Apr 17 14:54:16 2013 +0200

    Update moinmoin plugin to use new format for session cookies

diff --git a/src/plugins/moinmoin/lib/fusionforge.py b/src/plugins/moinmoin/lib/fusionforge.py
index 75368ff..5c0f960 100644
--- a/src/plugins/moinmoin/lib/fusionforge.py
+++ b/src/plugins/moinmoin/lib/fusionforge.py
@@ -9,6 +9,7 @@
 
 import base64
 import hashlib
+import hmac
 import logging
 import psycopg2
 import re
@@ -208,19 +209,21 @@ class FusionForgeSessionAuth(BaseAuth):
             cookievalue = \
               urllib.unquote(cookies[cookiename]).decode('iso-8859-1')
 
-            m = re.search('(.*)-\*-(.*)', cookievalue)
+            m = re.search('^([A-Za-z0-9+/=]+)!([A-Za-z0-9+/=]+)$', cookievalue)
             if m is None:
                 continue
             (sserial, shash) = m.group(1, 2)
 
             sdata = base64.b64decode(sserial)
-            if hashlib.md5(sdata + self.session_key).hexdigest() != shash:
+            shash = base64.b64decode(shash)
+            H = hmac.new(self.session_key, sdata, hashlib.sha256)
+            if H.digest() != shash:
                 continue
 
-            m = re.search('(.*)-\*-(.*)-\*-(.*)-\*-(.*)', sdata)
+            m = re.search('(.*)<(.*)<(.*)<(.*)', sdata)
             if m is None:
                 continue
-            (user_id, time, ip, user_agent) = m.group(1, 2, 3, 4)
+            (time, user_id, ip, user_agent) = m.group(1, 2, 3, 4)
 
             conn = self.fflink._conn
             cur = conn.cursor()

-----------------------------------------------------------------------

Summary of changes:
 src/plugins/moinmoin/lib/fusionforge.py |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list