1.1 --- a/WebStack/Helpers/Auth.py Sun Feb 03 19:57:25 2008 +0000
1.2 +++ b/WebStack/Helpers/Auth.py Sun Feb 03 19:58:01 2008 +0000
1.3 @@ -3,7 +3,7 @@
1.4 """
1.5 Authentication/authorisation helper classes and functions.
1.6
1.7 -Copyright (C) 2004, 2005 Paul Boddie <paul@boddie.org.uk>
1.8 +Copyright (C) 2004, 2005, 2007, 2008 Paul Boddie <paul@boddie.org.uk>
1.9
1.10 This library is free software; you can redistribute it and/or
1.11 modify it under the terms of the GNU Lesser General Public
1.12 @@ -196,7 +196,9 @@
1.13 'plaintext' and 'secret_key'.
1.14 """
1.15
1.16 - return plaintext + ":" + md5.md5(plaintext + secret_key).hexdigest()
1.17 + # NOTE: Using "safe" encoding to deal with Unicode plaintext.
1.18 +
1.19 + return plaintext + ":" + md5.md5(plaintext.encode("iso-8859-1") + secret_key).hexdigest()
1.20
1.21 # OpenID token verification.
1.22 # NOTE: Add SHA256 usage for associations.
1.23 @@ -211,7 +213,10 @@
1.24 """
1.25
1.26 plaintext = "\n".join([(key + ":" + value) for (key, value) in items]) + "\n"
1.27 - hash = hmac.new(secret_key, plaintext, sha1)
1.28 +
1.29 + # NOTE: Using "safe" encoding to deal with Unicode plaintext.
1.30 +
1.31 + hash = hmac.new(secret_key, plaintext.encode("iso-8859-1"), sha1)
1.32 return base64.standard_b64encode(hash.digest())
1.33
1.34 def check_openid_signature(fields, secret_key):