Merge pull request #9 from CSCfi/devel

blankdots · web-flow · commit 5348968d3f12 · 2020-09-29T08:47:51.000+03:00
Devel
diff --git a/requirements.txt b/requirements.txt
@@ -3,3 +3,4 @@ requests
 python-swiftclient
 keystoneauth1
 git+https://github.com/cscfi/swift-browser-ui.git
+certifi
diff --git a/setup.py b/setup.py
@@ -17,9 +17,10 @@
         'python-swiftclient',
         'keystoneauth1',
         'gunicorn',
+        'certifi',
         'uvloop',
         "swift-browser-ui"
-        "@ git+https://github.com/cscfi/swift-browser-ui.git@v0.7.1"
+        "@ git+https://github.com/cscfi/swift-browser-ui.git"
     ],
     extras_require={
         'test': ['tox', 'pytest', 'pytest-cov', 'coverage',
diff --git a/swift_upload_runner/__init__.py b/swift_upload_runner/__init__.py
@@ -1,6 +1,6 @@
 """Runner for swift-browser-ui upload and replication operations."""
 
 __name__ = 'swift_upload_runner'
-__version__ = '0.1.2'
+__version__ = '0.1.3'
 __author__ = 'CSC Developers'
 __license__ = 'MIT License'
diff --git a/swift_upload_runner/auth.py b/swift_upload_runner/auth.py
@@ -6,6 +6,7 @@
 import typing
 import hmac
 import time
+import secrets
 
 import aiohttp.web
 
@@ -85,7 +86,7 @@ async def test_signature(
             byte_message,
             digestmod="sha256"
         ).hexdigest()
-        if digest == signature:
+        if secrets.compare_digest(digest, signature):
             return True
     raise aiohttp.web.HTTPUnauthorized(
         reason="Missing valid query signature"
diff --git a/swift_upload_runner/download.py b/swift_upload_runner/download.py
@@ -120,7 +120,8 @@ def download_into_queue(
                 "X-Auth-Token": self.auth.get_token(),
                 "Accept-Encoding": "identity"
             },
-            stream=True
+            stream=True,
+            verify=True
         ) as req:
             print(f"""
             Request headers:
@@ -419,7 +420,8 @@ def get_object_listing(
                 ),
                 headers={
                     "X-Auth-Token": self.auth.get_token()
-                }
+                },
+                verify=True
         ) as req:
             self.fs = self._parse_archive_fs([
                 i.split("/") for i in req.text.lstrip().rstrip().split("\n")
