Forks/quart-csrf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'safe_str_cmp' into 'master'

Browse Source 
replace deprecated safe_str_cmp from werkzeug

See merge request wcorrales/quart-csrf!1
This commit is contained in:
Wagner Corrales 2023-05-02 22:49:00 +00:00
commit aa8d64bbd5
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
quart_csrf/csrf.py
View File

@ -1,12 +1,13 @@
import hashlib import hashlib
import logging import logging
import os import os
import hmac
from urllib.parse import urlparse from urllib.parse import urlparse
from itsdangerous import BadData, SignatureExpired, URLSafeTimedSerializer from itsdangerous import BadData, SignatureExpired, URLSafeTimedSerializer
from quart import Blueprint, current_app, g, request, session from quart import Blueprint, current_app, g, request, session
from werkzeug.exceptions import BadRequest from werkzeug.exceptions import BadRequest
from werkzeug.security import safe_str_cmp # from werkzeug.security import safe_str_cmp
from wtforms import ValidationError from wtforms import ValidationError
@ -287,3 +288,19 @@ def same_origin(current_uri, compare_uri):
and current.hostname == compare.hostname and current.hostname == compare.hostname
and current.port == compare.port and current.port == compare.port
) )
def safe_str_cmp(a: str, b: str) -> bool:
"""This function compares strings in somewhat constant time. This
requires that the length of at least one string is known in advance.
Returns `True` if the two strings are equal, or `False` if they are not.
"""
if isinstance(a, str):
a = a.encode("utf-8") # type: ignore
if isinstance(b, str):
b = b.encode("utf-8") # type: ignore
return hmac.compare_digest(a, b)