search

victims / victims-web

The victims web application.
GNU Affero General Public License v3.0
8 stars 5 forks source link

Fix file submission with secret key authentication #140

Open jasinner opened 8 years ago

jasinner commented 8 years ago

While testing file submission locally I found that a DEBUG message appears and auth fails:

DEBUG: 'file' object has no attribute 'get value'

The relevant bit of code is here:

--- a/src/victims_web/handlers/security.py +++ b/src/victims_web/handlers/security.py @@ -146,7 +146,7 @@ def validate_signature():

     if len(request.files) > 0:
         for f in request.files.values():
  •          md5sums.append(md5(f.stream.getvalue()).hexdigest())

expected = generate_signature(
   apikey, request.method, path,
jasinner commented 8 years ago

Submitting the file with basic auth works as expected.