third_party/oauth2client/xsrfutil.py - Issue 1094533003: Revert of Upgrade 3rd packages

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/oauth2client/xsrfutil.py

Issue 1094533003: Revert of Upgrade 3rd packages (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/tools/depot_tools

Patch Set: Created 5 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: third_party/oauth2client/xsrfutil.py

diff --git a/third_party/oauth2client/xsrfutil.py b/third_party/oauth2client/xsrfutil.py

index bea7c875ee653b55f54273c19f59b2f1f804f66d..7e1fe5c813301c5affbed55d40d9a924c2528f6e 100644

--- a/third_party/oauth2client/xsrfutil.py

+++ b/third_party/oauth2client/xsrfutil.py

@@ -1,5 +1,6 @@

+#!/usr/bin/python2.5

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

@@ -16,35 +17,24 @@

"""Helper methods for creating & verifying XSRF tokens."""

__authors__ = [

- '"Doug Coker" <dcoker@google.com>',

- '"Joe Gregorio" <jcgregorio@google.com>',

+ '"Doug Coker" <dcoker@google.com>',

+ '"Joe Gregorio" <jcgregorio@google.com>',

]

import base64

import hmac

+import os # for urandom

import time

-import six

from oauth2client import util

# Delimiter character

-DELIMITER = b':'

+DELIMITER = ':'

# 1 hour in seconds

DEFAULT_TIMEOUT_SECS = 1*60*60

-def _force_bytes(s):

- if isinstance(s, bytes):

- return s

- s = str(s)

- if isinstance(s, six.text_type):

- return s.encode('utf-8')

- return s

@util.positional(2)

def generate_token(key, user_id, action_id="", when=None):

@@ -61,16 +51,18 @@

Returns:

A string XSRF protection token.

"""

- when = _force_bytes(when or int(time.time()))

- digester = hmac.new(_force_bytes(key))

- digester.update(_force_bytes(user_id))

+ when = when or int(time.time())

+ digester = hmac.new(key)

+ digester.update(str(user_id))

digester.update(DELIMITER)

- digester.update(_force_bytes(action_id))

+ digester.update(action_id)

digester.update(DELIMITER)

- digester.update(when)

+ digester.update(str(when))

digest = digester.digest()

- token = base64.urlsafe_b64encode(digest + DELIMITER + when)

+ token = base64.urlsafe_b64encode('%s%s%d' % (digest,

+ DELIMITER,

+ when))

return token

@@ -95,8 +87,8 @@

if not token:

return False

try:

- decoded = base64.urlsafe_b64decode(token)

- token_time = int(decoded.split(DELIMITER)[-1])

+ decoded = base64.urlsafe_b64decode(str(token))

+ token_time = long(decoded.split(DELIMITER)[-1])

except (TypeError, ValueError):

return False

if current_time is None:

@@ -113,6 +105,9 @@

# Perform constant time comparison to avoid timing attacks

different = 0

- for x, y in zip(bytearray(token), bytearray(expected_token)):

- different |= x ^ y

- return not different

+ for x, y in zip(token, expected_token):

+ different |= ord(x) ^ ord(y)

+ if different:

+ return False

+ return True

« no previous file with comments | « third_party/oauth2client/util.py ('k') | no next file » | no next file with comments »