1 new changeset in galaxy-central: http://bitbucket.org/galaxy/galaxy-central/changeset/0cb44cddd40d/ changeset: 0cb44cddd40d user: greg date: 2011-10-18 14:43:30 summary: Make sure the same key is used in encoding and decoding between Galaxy and the tool sheds. affected #: 2 files (-1 bytes) --- a/lib/galaxy/web/controllers/admin.py Mon Oct 17 19:57:54 2011 -0400 +++ b/lib/galaxy/web/controllers/admin.py Tue Oct 18 08:43:30 2011 -0400 @@ -693,13 +693,12 @@ galaxy_url = trans.request.host url = '%s/repository/browse_downloadable_repositories?galaxy_url=%s&webapp=community' % ( tool_shed_url, galaxy_url ) return trans.response.send_redirect( url ) - def _decode( self, trans, value, secure=True ): - if secure: - # Extract and verify hash - a, b = value.split( ":" ) - value = binascii.unhexlify( b ) - test = hmac_new( trans.app.config.tool_secret, value ) - assert a == test + def _decode( self, value ): + # Extract and verify hash + a, b = value.split( ":" ) + value = binascii.unhexlify( b ) + test = hmac_new( 'ToolShedAndGalaxyMustHaveThisSameKey', value ) + assert a == test # Restore from string values = json_fix( simplejson.loads( value ) ) return values @@ -729,7 +728,7 @@ section_key = 'section_%s' % kwd[ 'tool_panel_section' ] tool_section = trans.app.toolbox.tool_panel[ section_key ] # Decode the encoded repo_info_dict param value. - repo_info_dict = self._decode( trans, repo_info_dict ) + repo_info_dict = self._decode( repo_info_dict ) # Clone the repository to the configured location. current_working_dir = os.getcwd() for name, repo_info_tuple in repo_info_dict.items(): --- a/lib/galaxy/webapps/community/controllers/repository.py Mon Oct 17 19:57:54 2011 -0400 +++ b/lib/galaxy/webapps/community/controllers/repository.py Tue Oct 18 08:43:30 2011 -0400 @@ -423,7 +423,7 @@ changeset_revision = repository_metadata.changeset_revision repository_clone_url = generate_clone_url( trans, repository_id ) repo_info_dict[ repository.name ] = ( repository.description, repository_clone_url, changeset_revision ) - encoded_repo_info_dict = self._encode( trans, repo_info_dict, secure=True ) + encoded_repo_info_dict = self._encode( repo_info_dict ) url += '&repo_info_dict=%s' % encoded_repo_info_dict return trans.response.send_redirect( url ) tool_ids = [ tid.lower() for tid in util.listify( kwd.get( 'tool_id', '' ) ) ] @@ -554,15 +554,11 @@ found = ( tool_version == tool_dict_tool_version and tool_name == tool_dict_tool_name ) or \ ( not exact_matches_checked and tool_dict_tool_version.find( tool_version ) >= 0 and tool_dict_tool_name.find( tool_name ) >= 0 ) return found - def _encode( self, trans, repo_info_dict, secure=True ): + def _encode( self, repo_info_dict ): value = simplejson.dumps( repo_info_dict ) - # Make it secure - if secure: - a = hmac_new( trans.app.config.tool_secret, value ) - b = binascii.hexlify( value ) - return "%s:%s" % ( a, b ) - else: - return value + a = hmac_new( 'ToolShedAndGalaxyMustHaveThisSameKey', value ) + b = binascii.hexlify( value ) + return "%s:%s" % ( a, b ) @web.expose def preview_tools_in_changeset( self, trans, repository_id, **kwd ): params = util.Params( kwd ) Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.