BOM-621 Fix hashing in a bunch of places.

2019-09-19 15:53:39 -04:00
parent 9740e2e077
commit 4eaf875741
6 changed files with 11 additions and 11 deletions
--- a/common/djangoapps/student/tests/test_models.py
+++ b/common/djangoapps/student/tests/test_models.py
@@ -63,7 +63,7 @@ class CourseEnrollmentTests(SharedModuleStoreTestCase):
        self.assertIsNone(CourseEnrollment.generate_enrollment_status_hash(AnonymousUser()))

        # No enrollments
-        expected = hashlib.md5(self.user.username).hexdigest()
+        expected = hashlib.md5(self.user.username.encode('utf-8')).hexdigest()
        self.assertEqual(CourseEnrollment.generate_enrollment_status_hash(self.user), expected)
        self.assert_enrollment_status_hash_cached(self.user, expected)

--- a/common/djangoapps/third_party_auth/pipeline.py
+++ b/common/djangoapps/third_party_auth/pipeline.py
@@ -503,17 +503,17 @@ def redirect_to_custom_form(request, auth_entry, details, kwargs):
    if isinstance(secret_key, six.text_type):
        secret_key = secret_key.encode('utf-8')
    custom_form_url = form_info['url']
-    data_str = json.dumps({
+    data_bytes = json.dumps({
        "auth_entry": auth_entry,
        "backend_name": backend_name,
        "provider_id": provider_id,
        "user_details": details,
-    })
-    digest = hmac.new(secret_key, msg=data_str, digestmod=hashlib.sha256).digest()
+    }).encode('utf-8')
+    digest = hmac.new(secret_key, msg=data_bytes, digestmod=hashlib.sha256).digest()
    # Store the data in the session temporarily, then redirect to a page that will POST it to
    # the custom login/register page.
    request.session['tpa_custom_auth_entry_data'] = {
-        'data': base64.b64encode(data_str),
+        'data': base64.b64encode(data_bytes),
        'hmac': base64.b64encode(digest),
        'post_url': custom_form_url,
    }
--- a/common/djangoapps/third_party_auth/tests/specs/test_google.py
+++ b/common/djangoapps/third_party_auth/tests/specs/test_google.py
@@ -78,8 +78,8 @@ class GoogleOauth2IntegrationTest(base.Oauth2IntegrationTest):

        response = self.client.get(response['Location'])
        self.assertEqual(response.status_code, 200)
-        self.assertIn('action="/misc/my-custom-registration-form" method="post"', response.content)
-        data_decoded = base64.b64decode(response.context['data'])
+        self.assertIn('action="/misc/my-custom-registration-form" method="post"', response.content.decode('utf-8'))
+        data_decoded = base64.b64decode(response.context['data']).decode('utf-8')
        data_parsed = json.loads(data_decoded)
        # The user's details get passed to the custom page as a base64 encoded query parameter:
        self.assertEqual(data_parsed, {
@@ -96,7 +96,7 @@ class GoogleOauth2IntegrationTest(base.Oauth2IntegrationTest):
        })
        # Check the hash that is used to confirm the user's data in the GET parameter is correct
        secret_key = settings.THIRD_PARTY_AUTH_CUSTOM_AUTH_FORMS['custom1']['secret_key']
-        hmac_expected = hmac.new(secret_key, msg=data_decoded, digestmod=hashlib.sha256).digest()
+        hmac_expected = hmac.new(secret_key.encode('utf-8'), msg=data_decoded.encode('utf-8'), digestmod=hashlib.sha256).digest()
        self.assertEqual(base64.b64decode(response.context['hmac']), hmac_expected)

        # Now our custom registration form creates or logs in the user:
--- a/openedx/core/djangoapps/user_api/accounts/tests/test_image_helpers.py
+++ b/openedx/core/djangoapps/user_api/accounts/tests/test_image_helpers.py
@@ -73,7 +73,7 @@ class ProfileImageUrlTestCase(TestCase):
        """
        self.user.profile.profile_image_uploaded_at = TEST_PROFILE_IMAGE_UPLOAD_DT
        self.user.profile.save()
-        expected_name = hashlib.md5('secret' + self.user.username).hexdigest()
+        expected_name = hashlib.md5('secret' + self.user.username.encode('utf-8')).hexdigest()
        actual_urls = get_profile_image_urls_for_user(self.user)
        self.verify_urls(actual_urls, expected_name, is_default=False)

--- a/openedx/core/djangoapps/user_api/accounts/tests/test_views.py
+++ b/openedx/core/djangoapps/user_api/accounts/tests/test_views.py
@@ -126,7 +126,7 @@ class UserAPITestCase(APITestCase):
        template = '{root}/{filename}_{{size}}.{extension}'
        if has_profile_image:
            url_root = 'http://example-storage.com/profile-images'
-            filename = hashlib.md5('secret' + self.user.username).hexdigest()
+            filename = hashlib.md5('secret' + self.user.username.encode('utf-8')).hexdigest()
            file_extension = 'jpg'
            template += '?v={}'.format(TEST_PROFILE_IMAGE_UPLOADED_AT.strftime("%s"))
        else:
--- a/openedx/features/enterprise_support/utils.py
+++ b/openedx/features/enterprise_support/utils.py
@@ -39,7 +39,7 @@ def get_cache_key(**kwargs):
    """
    key = '__'.join(['{}:{}'.format(item, value) for item, value in six.iteritems(kwargs)])

-    return hashlib.md5(key).hexdigest()
+    return hashlib.md5(key.encode('utf-8')).hexdigest()


 def get_data_consent_share_cache_key(user_id, course_id):