replace deprecated safe_str_cmp from werkzeug
This commit is contained in:
Guillermo Schvartzman
parent
17b3d3a2ce
commit
2b880ef6c0
@ -1,12 +1,13 @@
|
|||||||
import hashlib
|
import hashlib
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
|
import hmac
|
||||||
from urllib.parse import urlparse
|
from urllib.parse import urlparse
|
||||||
|
|
||||||
from itsdangerous import BadData, SignatureExpired, URLSafeTimedSerializer
|
from itsdangerous import BadData, SignatureExpired, URLSafeTimedSerializer
|
||||||
from quart import Blueprint, current_app, g, request, session
|
from quart import Blueprint, current_app, g, request, session
|
||||||
from werkzeug.exceptions import BadRequest
|
from werkzeug.exceptions import BadRequest
|
||||||
from werkzeug.security import safe_str_cmp
|
# from werkzeug.security import safe_str_cmp
|
||||||
from wtforms import ValidationError
|
from wtforms import ValidationError
|
||||||
|
|
||||||
|
|
||||||
@ -287,3 +288,19 @@ def same_origin(current_uri, compare_uri):
|
|||||||
and current.hostname == compare.hostname
|
and current.hostname == compare.hostname
|
||||||
and current.port == compare.port
|
and current.port == compare.port
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def safe_str_cmp(a: str, b: str) -> bool:
|
||||||
|
"""This function compares strings in somewhat constant time. This
|
||||||
|
requires that the length of at least one string is known in advance.
|
||||||
|
|
||||||
|
Returns `True` if the two strings are equal, or `False` if they are not.
|
||||||
|
"""
|
||||||
|
|
||||||
|
if isinstance(a, str):
|
||||||
|
a = a.encode("utf-8") # type: ignore
|
||||||
|
|
||||||
|
if isinstance(b, str):
|
||||||
|
b = b.encode("utf-8") # type: ignore
|
||||||
|
|
||||||
|
return hmac.compare_digest(a, b)
|
||||||
Loading…
x
Reference in New Issue
Block a user