Re: PATCH: To fix salt generation in session.py

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Ashesh Vashi <[email protected]>
To: Murtuza Zabuawala <[email protected]>
Cc: pgadmin-hackers <[email protected]>
Subject: Re: PATCH: To fix salt generation in session.py
Date: Mon, 11 Jul 2016 16:05:15 +0530
Message-ID: <CAG7mmoy2PFR0PNRqa=x99ZBGCtd8c7ari+Lb7YxgzgdTGuZSNw@mail.gmail.com> (raw)
In-Reply-To: <CAKKotZT058JHVyc=Avsz_S4f=QzoTMnQAWNXsXEm3W1BgmnGfw@mail.gmail.com>
References: <CAKKotZTcPrR6uWqPUSCrgObfLVwEp4ECb14tqpNPi9vJcY4+bA@mail.gmail.com>
	<CAKKotZT058JHVyc=Avsz_S4f=QzoTMnQAWNXsXEm3W1BgmnGfw@mail.gmail.com>
List-Unsubscribe:  <mailto:[email protected]?body=unsub%20pgadmin-hackers>

Hi Murtuza,

Can you please test this patch for the same?

--

Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company
<http://www.enterprisedb.com;


*http://www.linkedin.com/in/asheshvashi*
<http://www.linkedin.com/in/asheshvashi;

On Mon, Jul 11, 2016 at 12:44 PM, Murtuza Zabuawala <
[email protected]> wrote:

> Hi,
>
> Please hold on in this patch, Need additional changes.
>
> --
> Regards,
> Murtuza Zabuawala
> EnterpriseDB: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
> On Mon, Jul 11, 2016 at 12:41 PM, Murtuza Zabuawala <
> [email protected]> wrote:
>
>> Hi,
>>
>> With latest pull session.py fails with below error with python3 because
>> in python3 strings 'lowercase' method has been renamed to
>> 'ascii_lowercase', PFA patch to fix the issue.
>>
>> Issue:
>> ----------
>> *  File "../pgadmin4/web/pgadmin/utils/session.py", line 59, in sign*
>> *    self.randval = ''.join(random.sample(string.lowercase+string.digits,
>> 20))*
>> *AttributeError: module 'string' has no attribute 'lowercase'*
>>
>>
>> --
>> Regards,
>> Murtuza Zabuawala
>> EnterpriseDB: http://www.enterprisedb.com
>> The Enterprise PostgreSQL Company
>>
>
>


-- 
Sent via pgadmin-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers


Attachments:

  [application/octet-stream] hmac_python3.patch (2.1K, 3-hmac_python3.patch)
  download | inline diff:
diff --git a/web/pgadmin/utils/session.py b/web/pgadmin/utils/session.py
index 9f740f5..ef65fd1 100644
--- a/web/pgadmin/utils/session.py
+++ b/web/pgadmin/utils/session.py
@@ -39,7 +39,11 @@ from werkzeug.datastructures import CallbackDict
 
 
 def _calc_hmac(body, secret):
-    return base64.b64encode(hmac.new(secret, body, hashlib.sha1).digest())
+    return base64.b64encode(
+        hmac.new(
+            secret.encode(), body.encode(), hashlib.sha1
+        ).digest()
+    ).decode()
 
 
 class ManagedSession(CallbackDict, SessionMixin):
@@ -56,7 +60,14 @@ class ManagedSession(CallbackDict, SessionMixin):
 
     def sign(self, secret):
         if not self.hmac_digest:
-            self.randval = ''.join(random.sample(string.lowercase+string.digits, 20))
+            if hasattr(string, 'lowercase'):
+                population = string.lowercase
+            # If script is running under python3
+            elif hasattr(string, 'ascii_lowercase'):
+                population = string.ascii_lowercase
+            population += string.digits
+
+            self.randval = ''.join(random.sample(population, 20))
             self.hmac_digest = _calc_hmac('%s:%s' % (self.sid, self.randval), secret)
 
 
@@ -163,7 +174,7 @@ class FileBackedSessionManager(SessionManager):
             fname = os.path.join(self.path, sid)
 
         # touch the file
-        with open(fname, 'w'):
+        with open(fname, 'wb'):
             pass
 
         return ManagedSession(sid=sid)
@@ -178,7 +189,7 @@ class FileBackedSessionManager(SessionManager):
 
         if os.path.exists(fname):
             try:
-                with open(fname) as f:
+                with open(fname, 'rb') as f:
                     randval, hmac_digest, data = load(f)
             except:
                 pass
@@ -203,7 +214,7 @@ class FileBackedSessionManager(SessionManager):
             session.sign(self.secret)
 
         fname = os.path.join(self.path, session.sid)
-        with open(fname, 'w') as f:
+        with open(fname, 'wb') as f:
             dump(
                 (session.randval, session.hmac_digest, dict(session)),
                 f

view thread (5+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: PATCH: To fix salt generation in session.py
  In-Reply-To: <CAG7mmoy2PFR0PNRqa=x99ZBGCtd8c7ari+Lb7YxgzgdTGuZSNw@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox