Mirrored_Repos/InvenTree
1
0
Fork 0
mirror of https://github.com/inventree/InvenTree synced 2024-08-30 18:33:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix hmac

Browse Source
This commit is contained in:
Matthias 2021-09-12 19:25:36 +02:00
parent 440311cddb
commit e2bb5e978b
No known key found for this signature in database
GPG Key ID: F50EF5741D33E076
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
InvenTree/common/api.py
View File

@ -66,7 +66,7 @@ class WebhookView(CsrfExemptMixin, APIView):
raise NotAcceptable(error.msg)
# validate
self.validate_token(payload, headers)
self.validate_token(payload, headers, request)
# process data
self.save_data(payload, headers, request)
self.process_payload(payload, headers, request)
@ -100,7 +100,7 @@ class WebhookView(CsrfExemptMixin, APIView):
# TODO make a object-setting
return True
def validate_token(self, payload, headers):
def validate_token(self, payload, headers, request):
token = headers.get(self.TOKEN_NAME, "")
# no token
@ -114,7 +114,7 @@ class WebhookView(CsrfExemptMixin, APIView):
# hmac token
elif self.verify == VerificationMethod.HMAC:
digest = hmac.new(self.secret, payload.encode('utf-8'), hashlib.sha256).digest()
digest = hmac.new(self.secret.encode('utf-8'), request.body, hashlib.sha256).digest()
computed_hmac = base64.b64encode(digest)
if not hmac.compare_digest(computed_hmac, token.encode('utf-8')):
raise PermissionDenied(self.MESSAGE_TOKEN_ERROR)