1
0
mirror of https://github.com/django/django.git synced 2025-01-10 18:36:05 +00:00

Fixed constant_time_compare on Python 2.7.7

Python 2.7.7 includes compare_digest in the hmac module, but it requires
both arguments to have the same type. This is usually not a problem on
Python 3 since everything is text, but we have mixed unicode and str on
Python 2 -- hence make sure everything is bytes before feeding it into
compare_digest.
This commit is contained in:
Florian Apolloner 2014-05-26 13:52:37 +02:00
parent 32586b0ba4
commit 7e3cf3cfd2

View File

@ -79,7 +79,8 @@ def get_random_string(length=12,
if hasattr(hmac, "compare_digest"):
# Prefer the stdlib implementation, when available.
constant_time_compare = hmac.compare_digest
def constant_time_compare(val1, val2):
return hmac.compare_digest(force_bytes(val1), force_bytes(val2))
else:
def constant_time_compare(val1, val2):
"""