Add checksum checking when validating VendorChecksum API tokens.

 






 

 


  Review Request #12663
  —
  Created Oct. 3, 2022 and submitted  — Latest diff uploaded 

 


















 

  

   Information

  





 
 

  maubin
 









 
 

  Djblets
 









 
 

  release-3.x
 









 
 

  
 









 
 

  
 









 
 

  12651
 






 




 

  

   Reviewers

  





 
 

  djblets
 









 
 

  
 






 








 





  


 
 

  
This change makes the VendorChecksumTokenGenerator check the token's checksum

when validating tokens. This makes the token validation more precise and is

useful for weeding out any false positives during secret scanning.


This also fixes the character set that we're using for base62-encoding the

token checksums. The previous one had incorrectly swapped the placement of the

capital and lowercase characters in the set. Tokens that were generated using

the old character set are still considered valid.

 








  


 
 

  
Ran unit tests.

 







 









 





  








 




 







   

    
    
Diff Revision 2


This is not the most recent revision of the diff. The latest diff is revision 3. See what's changed.

    

 

 

 

 
orig
1
2
3

 



    


    

      
Commits

      

 

 

  
   First
   Last
  
  Summary
  ID
  Author
 



 
  
   
  
  
   
  
 
 
  
   
    
Add checksum checking when validating VendorChecksum API tokens.

   
  		
  85745ccbe8575b91006d740676c3092c4282c365
  Michelle Aubin
 




    


    
    

   

  

 









 

  

   
    

     
      
      djblets/secrets/tests/test_vendor_checksum_token_generator.py
     
    

   
  

 



 

  

   
    

     
      
      djblets/secrets/token_generators/vendor_checksum.py
     
    

   
  

 










     

    

   

  

  

   
   Loading...