CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-04 15:04:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

use digest-compare for password-comparison (#360)

Browse Source
This commit is contained in:
Jonas Große Sundrup
2016-12-16 21:22:05 +01:00
committed by Raphael Michel
parent b098c9c16a
commit e5cb26464e
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/pretix/base/views/metrics.py
View File

@@ -1,3 +1,5 @@
import hmac
from django.conf import settings
from django.http import HttpResponse
@@ -26,9 +28,9 @@ def serve_metrics(request):
user, passphrase = credentials.strip().decode("base64").split(":", 1)
if user != settings.METRICS_USER:
if not hmac.compare_digest(user, settings.METRICS_USER):
return unauthed_response()
if passphrase != settings.METRICS_PASSPHRASE:
if not hmac.compare_digest(passphrase, settings.METRICS_PASSPHRASE):
return unauthed_response()
# ok, the request passed the authentication-barrier, let's hand out the metrics: