Inconsistency in HMAC signature generation in Python 3? -

-

running create_api_signature() method in python terminal return same value, while return different values when run in test.

import hashlib import hmac import json  import unittest   def create_api_signature(_method, _url, _body, _timestamp, _secret_key):     unicode_signature = _method.upper() + _url + json.dumps(_body) + str(_timestamp)      s = hmac.new(_secret_key.encode(), unicode_signature.encode(), hashlib.sha256).hexdigest()      return s   class mytestcase(unittest.testcase):     def test_create_signature(self):         method = 'post'         url = 'https://api.alpha.example.com/v1/tiers'         body = {             "mail": "test@gmail.com",             "mot_de_passe": "mycomplexpassword",         }         timestamp = 1433948791         secret_key = 'secret_key'          signature = create_api_signature(method, url, body, timestamp, secret_key)         expected_signature = '136b629ac9744258cf558c2d541d563cc3ce647d91ead707ae4d42d49ade50c7'          self.assertequal(expected_signature, signature)   if __name__ == '__main__':     unittest.main()

error

failure expected :'136b629ac9744258cf558c2d541d563cc3ce647d91ead707ae4d42d49ade50c7' actual   :'88a138592ea7eae50040655387a878d15fd4ab4ade5d7d769a36bf9300cb3f9e'  <click see difference>  traceback (most recent call last):   file "/home/elopez/projects/portal/tests/test_services.py", line 98, in test_create_signature     self.assertequal(expected_signature, signature) assertionerror: '136b629ac9744258cf558c2d541d563cc3ce647d91ead707ae4d42d49ade50c7' != '88a138592ea7eae50040655387a878d15fd4ab4ade5d7d769a36bf9300cb3f9e' - 136b629ac9744258cf558c2d541d563cc3ce647d91ead707ae4d42d49ade50c7 + 88a138592ea7eae50040655387a878d15fd4ab4ade5d7d769a36bf9300cb3f9e

i went #python's irc , following answer cdunklau

cdunklau: run few times , you'll see why

pythonhashseed=random python3.2 -c "import json; print(json.dumps({'mail': 'value', 'mot_de_passe': 'othervalue'}))"

cdunklau: you're depending on order of dict

mutability

$ in {1..20}; pythonhashseed=random python3.4 -c "import json; print(json.dumps({'mail': 'value', 'mot_de_passe': 'othervalue'}))"; done

give following result (notice json data not in same order):

{"mail": "value", "mot_de_passe": "othervalue"} {"mot_de_passe": "othervalue", "mail": "value"} {"mail": "value", "mot_de_passe": "othervalue"} {"mot_de_passe": "othervalue", "mail": "value"} {"mail": "value", "mot_de_passe": "othervalue"} {"mot_de_passe": "othervalue", "mail": "value"} {"mot_de_passe": "othervalue", "mail": "value"} …

solution

i changed from:

 body = {          "mail": "test@gmail.com",          "mot_de_passe": "mycomplexpassword",  }

to serialized dict binary string: 

 body = b'{"mail": "test@gmail.com", "mot_de_passe": "mycomplexpassword"}'

Comments

Post a Comment

Popular posts from this blog

javascript - gulp-nodemon - nodejs restart after file change - Error: listen EADDRINUSE events.js:85 -

-
i'm running nodejs 0.12.3 - gulp 3.10.8 , gulp-nodemon 2.0.3. gulpfile.js : gulp.task('serve', ['build'], function() { gulp.start('fb-flo'); nodemon({ script: paths.server, env: { 'node_env': 'development' }, // env: { 'node_env': 'production' }, execmap: { 'js': 'node_modules/babel/bin/babel-node --stage 1' //es7 cote server }, delay: '0ms', watch: ['src/shared/', 'src/server/'], ignore: ['src/shared/components'], tasks: function (changedfiles) { var tasks = []; changedfiles.foreach(function (file) { if (path.extname(file) === '.jsx' && !~tasks.indexof('bundlejs')) tasks.push('bundlejs'); if (path.extname(file) === '.less' && !~tasks.indexof('compileless')) tasks.push('compileless'); }); return tasks; } ...
Read more

Fatal Python error: Py_Initialize: unable to load the file system codec. ImportError: No module named 'encodings' -

-
i trying make simple python program opening list of webpages user manually download reports site. don't have previous experience preparing exe files.. , i'm in learning process python coding. of done on windows 7 x64 this python code: #!c:/python34/python.exe -u splinter import * import time import os import csv #---------------------------------- raporty = [] open('../raporty.csv', newline='') csvfile: contents = csv.reader(csvfile, delimiter=' ', quotechar='|') row in contents: r = ', '.join(row) r = r.replace(',','') raporty.append(r) #--not implemented yet zmienne = [] open('../zmienne.csv', newline='') csvfile: contents = csv.reader(csvfile, delimiter=' ', quotechar='|') row in contents: r = ', '.join(row) r = r.replace(',','') zmienne.append(r) print("start") browser = browser(...
Read more

javascript - oscilloscope of speaker input stops rendering after a few seconds -

-
the following script reads audio user's microphone , renders oscilloscope on html canvas. the source taken example of mozilla developer network: visualizations web audio api and here fiddle: http://jsfiddle.net/b7j8pktp/ mozgetusermedia (note: code has no fork mechanism different browsers: works firefox) it works fine few seconds , stops rendering. whereas works totally stable: http://mdn.github.io/voice-change-o-matic/ the problem can reduced following code. microphone activation icon (next the address bar in firefox) disappears after 5 seconds: navigator.mozgetusermedia({audio: true}, function() {}, function() {} ); ( http://jsfiddle.net/b7j8pktp/2/ ) this known bug in firefox. take stream getusermedia call , hook window so: navigator.mozgetusermedia({audio: true}, function(stream) { window.stream = stream; // rest of code }, function err() { // handle error }); hopefully can fixed soon. problem we're f...
Read more