aerostitch
commented
6 years ago Hold on like 5mins on this I'm moving it to inside the Decode function so I don't have to call it everywhere.
Closed aerostitch closed 6 years ago
aerostitch
commented
6 years ago Hold on like 5mins on this I'm moving it to inside the Decode function so I don't have to call it everywhere.
aerostitch
commented
6 years ago Ok, done. You can review @wolfeidau
Thanks! :)
wolfeidau
commented
6 years ago @aerostitch Can you link to the issue or commit from credstash related to this? I would love to add that to the README.md just for reference in a similar way to https://github.com/Versent/unicreds#auto-versioning.
Cheers!
aerostitch
commented
6 years ago @wolfeidau I'm not 100% which commit caused that upstream but I'm guessing it's when they switched from pycrypto to cryptograaphy: https://github.com/fugue/credstash/commit/3667653384b07045a99b8632296538b58608eced
I can see that later they even had to switch the way they were comparing hmac: https://github.com/fugue/credstash/commit/f4397e86383477b371922204ce9575954ca1b873
But I was running a very old version of credstash, so not 100% sure. I only can confirm when looking at the records of before/after.
aerostitch
commented
6 years ago Note that outside of calling the Credential.Hmac attribute directly or the ComputeHmac256 method or looking inside the dynamodb record itself you shouldn't be able to see it from an end user standpoint.
wolfeidau
commented
6 years ago I have done a release with this and some other recent PRs, would love it if you could test it and raise issues if there are any.
Cheers
aerostitch
commented
6 years ago Will do, thanks a lot! :)
With more recent versions of credstash the hmac is stored in a binary format, which makes the unmarshaling fail. This fixes the issue by forcing the entry retrieved to always be
[]byteCloses: #75