Add checksum checking when validating VendorChecksum API tokens.
Review Request #12663 — Created Oct. 3, 2022 and submitted
Information | |
---|---|
maubin | |
Djblets | |
release-3.x | |
12651 | |
Reviewers | |
djblets | |
This change makes the
VendorChecksumTokenGenerator
check the token's checksum
when validating tokens. This makes the token validation more precise and is
useful for weeding out any false positives during secret scanning.This also fixes the character set that we're using for base62-encoding the
token checksums. The previous one had incorrectly swapped the placement of the
capital and lowercase characters in the set. Tokens that were generated using
the old character set are still considered valid.
Ran unit tests.
Summary |
---|
Description | From | Last Updated |
---|---|---|
We might just want to compare against checksum.swapcase() in the conditional directly, so that we don't perform this operation unless … |
|

Change Summary:
Fixes the base62-encoding character set and still validates tokens that use our previous faulty base62-encoding.
Description: |
|
||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Commits: |
|
||||||||||||||||||||||||
Diff: |
Revision 2 (+142 -44) |
Checks run (2 succeeded)
-
-
djblets/secrets/token_generators/vendor_checksum.py (Diff revisions 1 - 2) We might just want to compare against
checksum.swapcase()
in the conditional directly, so that we don't perform this operation unless it appears to be a valid token but the checksum fails. That'll be the rare case.

Change Summary:
Compares against
checksum.swapcase()
directly in the conditional so that the swapcase operation only happens if it needs to.
Commits: |
|
||||||
---|---|---|---|---|---|---|---|
Diff: |
Revision 3 (+140 -46) |