googleapiclient 1.4 and oauth2client 1.4.7 upgrades

2025-07-08 05:33:34 +00:00 · 2015-04-15 11:47:26 -04:00
parent a2e8d17a69
commit db0dd231b1
24 changed files with 867 additions and 489 deletions
--- a/oauth2client/xsrfutil.py
+++ b/oauth2client/xsrfutil.py
@ -1,4 +1,3 @@
-#!/usr/bin/python2.5
 #
 # Copyright 2014 the Melange authors.
 #
@ -26,15 +25,27 @@ import base64
 import hmac
 import time

+import six
 from oauth2client import util


 # Delimiter character
-DELIMITER = ':'
+DELIMITER = b':'
+

 # 1 hour in seconds
 DEFAULT_TIMEOUT_SECS = 1*60*60

+
+def _force_bytes(s):
+    if isinstance(s, bytes):
+        return s
+    s = str(s)
+    if isinstance(s, six.text_type):
+        return s.encode('utf-8')
+    return s
+
+
@util.positional(2)
 def generate_token(key, user_id, action_id="", when=None):
  """Generates a URL-safe token for the given user, action, time tuple.
@ -50,18 +61,16 @@ def generate_token(key, user_id, action_id="", when=None):
  Returns:
    A string XSRF protection token.
  """
-  when = when or int(time.time())
-  digester = hmac.new(key)
-  digester.update(str(user_id))
+  when = _force_bytes(when or int(time.time()))
+  digester = hmac.new(_force_bytes(key))
+  digester.update(_force_bytes(user_id))
  digester.update(DELIMITER)
-  digester.update(action_id)
+  digester.update(_force_bytes(action_id))
  digester.update(DELIMITER)
-  digester.update(str(when))
+  digester.update(when)
  digest = digester.digest()

-  token = base64.urlsafe_b64encode('%s%s%d' % (digest,
-                                               DELIMITER,
-                                               when))
+  token = base64.urlsafe_b64encode(digest + DELIMITER + when)
  return token


@ -86,8 +95,8 @@ def validate_token(key, token, user_id, action_id="", current_time=None):
  if not token:
    return False
  try:
-    decoded = base64.urlsafe_b64decode(str(token))
-    token_time = long(decoded.split(DELIMITER)[-1])
+    decoded = base64.urlsafe_b64decode(token)
+    token_time = int(decoded.split(DELIMITER)[-1])
  except (TypeError, ValueError):
    return False
  if current_time is None:
@ -104,9 +113,6 @@ def validate_token(key, token, user_id, action_id="", current_time=None):

  # Perform constant time comparison to avoid timing attacks
  different = 0
-  for x, y in zip(token, expected_token):
-    different |= ord(x) ^ ord(y)
-  if different:
-    return False
-
-  return True
+  for x, y in zip(bytearray(token), bytearray(expected_token)):
+    different |= x ^ y
+  return not different