diff options
author | Jonathan Huot <JonathanHuot@users.noreply.github.com> | 2019-08-01 19:10:17 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-08-01 19:10:17 +0200 |
commit | f74922bace5a6d28b8020d1688c40d03c6bceafc (patch) | |
tree | c2a60453c842e6085a52538c1ec5e0ca3ae69dee /oauthlib/oauth1/rfc5849/signature.py | |
parent | 3de7007c6885f0ac23ff2c56d6a65d8f258600a2 (diff) | |
parent | f516c1660e2608375bd6f65c1829caaf7301c426 (diff) | |
download | oauthlib-docs-flows-hooks.tar.gz |
Merge branch 'master' into docs-flows-hooksdocs-flows-hooks
Diffstat (limited to 'oauthlib/oauth1/rfc5849/signature.py')
-rw-r--r-- | oauthlib/oauth1/rfc5849/signature.py | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/oauthlib/oauth1/rfc5849/signature.py b/oauthlib/oauth1/rfc5849/signature.py index f899aca..a60bee2 100644 --- a/oauthlib/oauth1/rfc5849/signature.py +++ b/oauthlib/oauth1/rfc5849/signature.py @@ -661,6 +661,36 @@ def verify_hmac_sha1(request, client_secret=None, return match +def verify_hmac_sha256(request, client_secret=None, + resource_owner_secret=None): + """Verify a HMAC-SHA256 signature. + + Per `section 3.4`_ of the spec. + + .. _`section 3.4`: https://tools.ietf.org/html/rfc5849#section-3.4 + + To satisfy `RFC2616 section 5.2`_ item 1, the request argument's uri + attribute MUST be an absolute URI whose netloc part identifies the + origin server or gateway on which the resource resides. Any Host + item of the request argument's headers dict attribute will be + ignored. + + .. _`RFC2616 section 5.2`: https://tools.ietf.org/html/rfc2616#section-5.2 + + """ + norm_params = normalize_parameters(request.params) + bs_uri = base_string_uri(request.uri) + sig_base_str = signature_base_string(request.http_method, bs_uri, + norm_params) + signature = sign_hmac_sha256(sig_base_str, client_secret, + resource_owner_secret) + match = safe_string_equals(signature, request.signature) + if not match: + log.debug('Verify HMAC-SHA256 failed: signature base string: %s', + sig_base_str) + return match + + def _prepare_key_plus(alg, keystr): if isinstance(keystr, bytes): keystr = keystr.decode('utf-8') |