← Back to branch summary

~ubuntuone-pqm-team/canonical-identity-provider/trunk

« back to all changes in this revision

Viewing changes to src/ubuntu_sso_saml/processors.py

  • Committer: Daniel Manrique
  • Date: 2020-03-26 21:49:05 UTC
  • mto: This revision was merged to the branch mainline in revision 1731.
  • Revision ID: roadmr@ubuntu.com-20200326214905-00xmo9zstolhbb7k
sha256 openid identifiers so we don't send them verbatim in the SAML assertion (the hash should be as unique and persistent as the identifier itself)

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/ubuntu_sso_saml/processors.py
3
3
import base64
4
4
import json
5
5
import urlparse
 
6
from hashlib import sha256
6
7
 
7
8
from BeautifulSoup import BeautifulStoneSoup
8
9
from django.conf import settings
393
394
            if (sp_config.honor_authnrequest_nameidpolicy_format and
394
395
                    not sp_config.send_email_as_persistent and
395
396
                    self._subject_format.split(":")[-1] == "persistent"):
396
 
                preferred = account.openid_identifier
 
397
                # openid identifier is unicode (or str in py3 at some point)
 
398
                # sha256 eats strings (or bytes in py3)
 
399
                # so we must ENcode
 
400
                identifier = account.openid_identifier.encode('utf-8')
 
401
                preferred = sha256(identifier).hexdigest()
397
402
 
398
403
        self._subject = preferred
399
404