1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
diff --git a/oauth2client/contrib/xsrfutil.py b/oauth2client/contrib/xsrfutil.py
index 7c3ec03..20f35c9 100644
--- a/oauth2client/contrib/xsrfutil.py
+++ b/oauth2client/contrib/xsrfutil.py
@@ -44,7 +44,7 @@ def generate_token(key, user_id, action_id='', when=None):
Returns:
A string XSRF protection token.
"""
- digester = hmac.new(_helpers._to_bytes(key, encoding='utf-8'))
+ digester = hmac.new(_helpers._to_bytes(key, encoding='utf-8'), digestmod='MD5')
digester.update(_helpers._to_bytes(str(user_id), encoding='utf-8'))
digester.update(DELIMITER)
digester.update(_helpers._to_bytes(action_id, encoding='utf-8'))
diff --git a/tests/contrib/test_xsrfutil.py b/tests/contrib/test_xsrfutil.py
index 3115827..deae568 100644
--- a/tests/contrib/test_xsrfutil.py
+++ b/tests/contrib/test_xsrfutil.py
@@ -54,7 +54,7 @@ class Test_generate_token(unittest.TestCase):
TEST_USER_ID_1,
action_id=TEST_ACTION_ID_1,
when=TEST_TIME)
- hmac.new.assert_called_once_with(TEST_KEY)
+ hmac.new.assert_called_once_with(TEST_KEY, digestmod='MD5')
digester.digest.assert_called_once_with()
expected_digest_calls = [
@@ -87,7 +87,7 @@ class Test_generate_token(unittest.TestCase):
TEST_USER_ID_1,
action_id=TEST_ACTION_ID_1)
- hmac.new.assert_called_once_with(TEST_KEY)
+ hmac.new.assert_called_once_with(TEST_KEY, digestmod='MD5')
time.time.assert_called_once_with()
digester.digest.assert_called_once_with()
|
GitWeb
