Fix signature verificaton for Python 3.6 (#1)

rascalking · fophillips · commit 6cd36d112152 · 2017-02-19T21:36:03.000Z
Signed-Off-By: David Bonner &lt;dbonner@gmail.com&gt;
diff --git a/github_webhook/webhook.py b/github_webhook/webhook.py
@@ -3,6 +3,7 @@
 import hmac
 import logging
 
+import six
 from flask import abort, request
 
 
@@ -21,6 +22,8 @@ def __init__(self, app, endpoint='/postreceive', secret=None):
 
         self._hooks = collections.defaultdict(list)
         self._logger = logging.getLogger('webhook')
+        if secret is not None and not isinstance(secret, six.binary_type):
+            secret = secret.encode('utf-8')
         self._secret = secret
 
     def hook(self, event_type='push'):
@@ -50,9 +53,11 @@ def _postreceive(self):
 
         if digest is not None:
             sig_parts = _get_header('X-Hub-Signature').split('=', 1)
+            if not isinstance(digest, six.text_type):
+                digest = six.text_type(digest)
 
             if (len(sig_parts) < 2 or sig_parts[0] != 'sha1'
-                    or not hmac.compare_digest(sig_parts[1], unicode(digest))):
+                    or not hmac.compare_digest(sig_parts[1], digest)):
                 abort(400, 'Invalid signature')
 
         event_type = _get_header('X-Github-Event')
diff --git a/setup.py b/setup.py
@@ -8,7 +8,8 @@
       author_email="achamberlai9@bloomberg.net, fphillips7@bloomberg.net, dkiss1@bloomberg.net, dbeer1@bloomberg.net",
       license='Apache 2.0',
       packages=["github_webhook"],
-      install_requires=['flask'],
+      install_requires=['flask', 'six'],
+      tests_require=['mock', 'nose'],
 
       classifiers=[
           'Development Status :: 4 - Beta',
