Merge pull request #8 from CSCfi/bugfix/some-fixes

Bugfix/some fixes

Author: blankdots

swift_upload_runner/auth.py

@@ -6,6 +6,7 @@
 import typing
 import hmac
 import time
+import secrets
 
 import aiohttp.web
 
@@ -85,7 +86,7 @@ async def test_signature(
             byte_message,
             digestmod="sha256"
         ).hexdigest()
-        if digest == signature:
+        if secrets.compare_digest(digest, signature):
             return True
     raise aiohttp.web.HTTPUnauthorized(
         reason="Missing valid query signature"

swift_upload_runner/download.py

@@ -120,7 +120,8 @@ def download_into_queue(
                 "X-Auth-Token": self.auth.get_token(),
                 "Accept-Encoding": "identity"
             },
-            stream=True
+            stream=True,
+            verify=True
         ) as req:
             print(f"""
             Request headers:
@@ -419,7 +420,8 @@ def get_object_listing(
                 ),
                 headers={
                     "X-Auth-Token": self.auth.get_token()
-                }
+                },
+                verify=True
         ) as req:
             self.fs = self._parse_archive_fs([
                 i.split("/") for i in req.text.lstrip().rstrip().split("\n")