summaryrefslogtreecommitdiff
path: root/wsgitools
diff options
context:
space:
mode:
Diffstat (limited to 'wsgitools')
-rw-r--r--wsgitools/digest.py6
1 files changed, 4 insertions, 2 deletions
diff --git a/wsgitools/digest.py b/wsgitools/digest.py
index 4f21af0..846257a 100644
--- a/wsgitools/digest.py
+++ b/wsgitools/digest.py
@@ -18,11 +18,13 @@ import hashlib
import time
import os
try:
- from secrets import randbits
+ from secrets import randbits, compare_digest
except ImportError:
import random
sysrand = random.SystemRandom()
randbits = sysrand.getrandbits
+ def compare_digest(a, b):
+ return a == b
from wsgitools.internal import bytes2str, str2bytes, textopen
from wsgitools.authentication import AuthenticationRequired, \
@@ -185,7 +187,7 @@ class AbstractTokenGenerator(object):
assert isinstance(username, str)
assert isinstance(password, str)
token = "%s:%s:%s" % (username, self.realm, password)
- return md5hex(token) == self(username)
+ return compare_digest(md5hex(token), self(username))
__all__.append("AuthTokenGenerator")
class AuthTokenGenerator(AbstractTokenGenerator):