pacnpal/django-anymail
1
0
Fork 0
mirror of https://github.com/pacnpal/django-anymail.git synced 2025-12-20 03:41:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compatibility with earlier Python 2.7 versions

Browse Source 
Compatibility with Python 2.7 versions older than 2.7.7

* Use Django's constant_time_compare method
* Include sparkpost in test requirements
* Don't use non-public `EnvironmentVarGuard` in tests

Fixes #41
This commit is contained in:
Seb Bacon
2016-11-01 18:24:51 +00:00
committed by Mike Edmunds
parent d54d7ecff5
commit f0589e3338
4 changed files with 9 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
anymail/webhooks/mandrill.py
View File

@@ -4,6 +4,7 @@ from datetime import datetime
import hashlib
import hmac
from base64 import b64encode
from django.utils.crypto import constant_time_compare
from django.utils.timezone import utc
from .base import AnymailBaseWebhookView
@@ -44,7 +45,7 @@ class MandrillSignatureMixin(object):
expected_signature = b64encode(hmac.new(key=self.webhook_key, msg=signed_data.encode('utf-8'),
digestmod=hashlib.sha1).digest())
if not hmac.compare_digest(signature, expected_signature):
if not constant_time_compare(signature, expected_signature):
raise AnymailWebhookValidationFailure("Mandrill webhook called with incorrect signature")