details: http://www.bx.psu.edu/hg/galaxy/rev/32c76fdcacd2 changeset: 2566:32c76fdcacd2 user: Greg Von Kuster <greg@bx.psu.edu> date: Sat Aug 15 16:26:37 2009 -0400 description: Provide better bi-directional Python version compatibility for encryption. 5 file(s) affected in this change: lib/galaxy/model/__init__.py lib/galaxy/tools/__init__.py lib/galaxy/util/hash_util.py lib/galaxy/web/controllers/async.py lib/galaxy/web/controllers/genetrack.py diffs (189 lines): diff -r 2ae19c12114c -r 32c76fdcacd2 lib/galaxy/model/__init__.py --- a/lib/galaxy/model/__init__.py Fri Aug 14 15:37:31 2009 -0400 +++ b/lib/galaxy/model/__init__.py Sat Aug 15 16:26:37 2009 -0400 @@ -13,11 +13,7 @@ import galaxy.datatypes.registry from galaxy.datatypes.metadata import MetadataCollection from galaxy.security import RBACAgent, get_permitted_actions -using_24 = sys.version_info[:2] < ( 2, 5 ) -if using_24: - import sha -else: - import hashlib +from galaxy.util.hash_util import * import logging log = logging.getLogger( __name__ ) @@ -42,16 +38,10 @@ def set_password_cleartext( self, cleartext ): """Set 'self.password' to the digest of 'cleartext'.""" - if using_24: - self.password = sha.new( cleartext ).hexdigest() - else: - self.password = hashlib.sha1( cleartext ).hexdigest() + self.password = new_secure_hash( text_type=cleartext ) def check_password( self, cleartext ): """Check if 'cleartext' matches 'self.password' when hashed.""" - if using_24: - return self.password == sha.new( cleartext ).hexdigest() - else: - return self.password == hashlib.sha1( cleartext ).hexdigest() + return self.password == new_secure_hash( text_type=cleartext ) def all_roles( self ): roles = [ ura.role for ura in self.roles ] for group in [ uga.group for uga in self.groups ]: diff -r 2ae19c12114c -r 32c76fdcacd2 lib/galaxy/tools/__init__.py --- a/lib/galaxy/tools/__init__.py Fri Aug 14 15:37:31 2009 -0400 +++ b/lib/galaxy/tools/__init__.py Sat Aug 15 16:26:37 2009 -0400 @@ -7,7 +7,7 @@ import logging, os, string, sys, tempfile, glob, shutil import simplejson -import hmac, binascii +import binascii from UserDict import DictMixin from galaxy.util.odict import odict from galaxy.util.bunch import Bunch @@ -24,12 +24,7 @@ from galaxy.util.none_like import NoneDataset from galaxy.datatypes import sniff from cgi import FieldStorage - -using_24 = sys.version_info[:2] < ( 2, 5 ) -if using_24: - import sha -else: - import hashlib +from galaxy.util.hash_util import * log = logging.getLogger( __name__ ) @@ -215,10 +210,7 @@ value["__page__"] = self.page value = simplejson.dumps( value ) # Make it secure - if using_24: - a = hmac.new( app.config.tool_secret, value, sha ).hexdigest() - else: - a = hmac.new( app.config.tool_secret, value, hashlib.sha1 ).hexdigest() + a = hmac_new( app.config.tool_secret, value ) b = binascii.hexlify( value ) return "%s:%s" % ( a, b ) def decode( self, value, tool, app ): @@ -228,10 +220,7 @@ # Extract and verify hash a, b = value.split( ":" ) value = binascii.unhexlify( b ) - if using_24: - test = hmac.new( app.config.tool_secret, value, sha ).hexdigest() - else: - test = hmac.new( app.config.tool_secret, value, hashlib.sha1 ).hexdigest() + test = hmac_new( app.config.tool_secret, value ) assert a == test # Restore from string values = json_fix( simplejson.loads( value ) ) diff -r 2ae19c12114c -r 32c76fdcacd2 lib/galaxy/util/hash_util.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/lib/galaxy/util/hash_util.py Sat Aug 15 16:26:37 2009 -0400 @@ -0,0 +1,28 @@ +import sys, logging +using_24 = sys.version_info[:2] < ( 2, 5 ) +if using_24: + import sha +else: + import hashlib +import hmac + +log = logging.getLogger( __name__ ) + +""" +Utility functions for bi-directional Python version compatibility. Python 2.5 +introduced hashlib which replaced sha in Python 2.4 and previous versions. +""" +def new_secure_hash( text_type=None ): + if using_24: + if text_type: + return sha.new( text_type ).hexdigest() + return sha.new() + else: + if text_type: + return hashlib.sha1( text_type ).hexdigest() + return hashlib.sha1() +def hmac_new( key, value ): + if using_24: + return hmac.new( key, value, sha ).hexdigest() + else: + return hmac.new( key, value, hashlib.sha1 ).hexdigest() diff -r 2ae19c12114c -r 32c76fdcacd2 lib/galaxy/web/controllers/async.py --- a/lib/galaxy/web/controllers/async.py Fri Aug 14 15:37:31 2009 -0400 +++ b/lib/galaxy/web/controllers/async.py Sat Aug 15 16:26:37 2009 -0400 @@ -6,13 +6,8 @@ from galaxy import jobs, util, datatypes, web -import logging, urllib, hmac, sys - -using_24 = sys.version_info[:2] < ( 2, 5 ) -if using_24: - import sha -else: - import hashlib +import logging, urllib, sys +from galaxy.util.hash_util import * log = logging.getLogger( __name__ ) @@ -63,10 +58,7 @@ return "Data %s does not exist or has already been deleted" % data_id if STATUS == 'OK': - if using_24: - key = hmac.new( trans.app.config.tool_secret, "%d:%d" % ( data.id, data.history_id), sha ).hexdigest() - else: - key = hmac.new( trans.app.config.tool_secret, "%d:%d" % ( data.id, data.history_id), hashlib.sha1 ).hexdigest() + key = hmac_new( trans.app.config.tool_secret, "%d:%d" % ( data.id, data.history_id ) ) if key != data_secret: return "You do not have permission to alter data %s." % data_id # push the job into the queue @@ -124,10 +116,7 @@ trans.log_event( "Added dataset %d to history %d" %(data.id, trans.history.id ), tool_id=tool_id ) try: - if using_24: - key = hmac.new( trans.app.config.tool_secret, "%d:%d" % ( data.id, data.history_id), sha ).hexdigest() - else: - key = hmac.new( trans.app.config.tool_secret, "%d:%d" % ( data.id, data.history_id), hashlib.sha1 ).hexdigest() + key = hmac_new( trans.app.config.tool_secret, "%d:%d" % ( data.id, data.history_id ) ) galaxy_url = trans.request.base + '/async/%s/%s/%s' % ( tool_id, data.id, key ) params.update( { 'GALAXY_URL' :galaxy_url } ) params.update( { 'data_id' :data.id } ) diff -r 2ae19c12114c -r 32c76fdcacd2 lib/galaxy/web/controllers/genetrack.py --- a/lib/galaxy/web/controllers/genetrack.py Fri Aug 14 15:37:31 2009 -0400 +++ b/lib/galaxy/web/controllers/genetrack.py Sat Aug 15 16:26:37 2009 -0400 @@ -4,12 +4,7 @@ from mako.template import Template from mako.lookup import TemplateLookup from galaxy.web.base.controller import * - -using_24 = sys.version_info[:2] < ( 2, 5 ) -if using_24: - import sha -else: - import hashlib +from galaxy.util.hash_util import * try: import pkg_resources @@ -269,10 +264,7 @@ tmpl_name, track_maker = conf.PLOT_MAPPER[param.plot] # check against a hash, display an image that already exists if it was previously created. - if using_24: - hash = sha.new() - else: - hash = hashlib.sha1() + hash = new_secure_hash() hash.update(str(dataset_id)) for key in sorted(kwds.keys()): hash.update(str(kwds[key]))