Commit 119d7768 by Brian Wilson

Also use md5 for constructing key for hmac.

parent 919b4338
......@@ -125,12 +125,12 @@ class TrackMiddleware(object):
return ''
# Follow the model of django.utils.crypto.salted_hmac() and
# django.contrib.sessions.backends.base._hash(), but use MD5
# so that the result has the same length (32) as the original
# session_key.
# django.contrib.sessions.backends.base._hash() but use MD5
# instead of SHA1 so that the result has the same length (32)
# as the original session_key.
key_salt = "common.djangoapps.track" + self.__class__.__name__
key = hashlib.sha1(key_salt + settings.SECRET_KEY).digest()
encrypted_session_key = hmac.new(key, msg=session_key).hexdigest()
key = hashlib.md5(key_salt + settings.SECRET_KEY).digest()
encrypted_session_key = hmac.new(key, msg=session_key, digestmod=hashlib.md5).hexdigest()
return encrypted_session_key
def get_user_primary_key(self, request):
......
......@@ -118,6 +118,7 @@ class TrackMiddlewareTestCase(TestCase):
request.session.save()
session_key = request.session.session_key
expected_session_key = self.track_middleware.encrypt_session_key(session_key)
self.assertEquals(len(session_key), len(expected_session_key))
context = self.get_context_for_request(request)
self.assert_dict_subset(context, {
'session': expected_session_key,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment