Robosats/robosats
1
0
Fork 0
mirror of https://github.com/RoboSats/robosats.git synced 2025-09-13 00:56:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2120 from aftermath2/constant_time_password_comparison

Browse Source 
Constant time password comparison
This commit is contained in:
KoalaSat
2025-07-28 09:53:58 +00:00
committed by GitHub
parent e8f6e0afaf 4a396a8990
commit 1bf5df500f
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api/views.py
View File

@ -1,4 +1,5 @@
from datetime import datetime, timedelta from datetime import datetime, timedelta
from hmac import compare_digest
from decouple import config from decouple import config
from django.conf import settings from django.conf import settings
@ -558,11 +559,12 @@ class OrderView(viewsets.ViewSet):
if not valid: if not valid:
return Response(context, status=status.HTTP_409_CONFLICT) return Response(context, status=status.HTTP_409_CONFLICT)
if order.password is not None and order.password != password: if order.password is not None:
return Response( if password is None or not compare_digest(order.password, password):
{"bad_request": "Wrong password"}, return Response(
status=status.HTTP_403_FORBIDDEN, {"bad_request": "Wrong password"},
) status=status.HTTP_403_FORBIDDEN,
)
# For order with amount range, set the amount now. # For order with amount range, set the amount now.
if order.has_range: if order.has_range:

4
tests/README.md
View File

@ -2,6 +2,6 @@
``` ```
docker compose -f docker-tests.yml --env-file tests/compose.env up -d docker compose -f docker-tests.yml --env-file tests/compose.env up -d
docker exec coordinator coverage run manage.py test docker exec test-coordinator coverage run manage.py test
docker exec coordinator coverage report docker exec test-coordinator coverage report
``` ```