compare digest using secrets library

blankdots · blankdots · commit 442d323deede · 2020-09-28T15:23:05.000+03:00
diff --git a/swift_upload_runner/auth.py b/swift_upload_runner/auth.py
@@ -6,6 +6,7 @@
 import typing
 import hmac
 import time
+import secrets
 
 import aiohttp.web
 
@@ -85,7 +86,7 @@ async def test_signature(
             byte_message,
             digestmod="sha256"
         ).hexdigest()
-        if digest == signature:
+        if secrets.compare_digest(digest, signature):
             return True
     raise aiohttp.web.HTTPUnauthorized(
         reason="Missing valid query signature"
