diff options
Diffstat (limited to 'wsgitools')
-rw-r--r-- | wsgitools/digest.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/wsgitools/digest.py b/wsgitools/digest.py index 4f21af0..846257a 100644 --- a/wsgitools/digest.py +++ b/wsgitools/digest.py @@ -18,11 +18,13 @@ import hashlib import time import os try: - from secrets import randbits + from secrets import randbits, compare_digest except ImportError: import random sysrand = random.SystemRandom() randbits = sysrand.getrandbits + def compare_digest(a, b): + return a == b from wsgitools.internal import bytes2str, str2bytes, textopen from wsgitools.authentication import AuthenticationRequired, \ @@ -185,7 +187,7 @@ class AbstractTokenGenerator(object): assert isinstance(username, str) assert isinstance(password, str) token = "%s:%s:%s" % (username, self.realm, password) - return md5hex(token) == self(username) + return compare_digest(md5hex(token), self(username)) __all__.append("AuthTokenGenerator") class AuthTokenGenerator(AbstractTokenGenerator): |