Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve order secret handling #4139

Merged
merged 7 commits into from
May 23, 2024
Merged

Improve order secret handling #4139

merged 7 commits into from
May 23, 2024

Conversation

luelista
Copy link
Contributor

@luelista luelista commented May 7, 2024

  • use hmac.compare_digest for all secret comparisons
  • use salted_hmac with sha256 instead of plain sha1 for hashed secrets
  • move secret handling into helper functions

after this is merged, our payment provider plugins can be refactored to use tagged_secret / get_with_secret_check instead of hashlib.sha1

@luelista
Improve order secret handling
0ab819f 
- use hmac.compare_digest for all secret comparisons
- use salted_hmac with sha256 instead of plain sha1 for hashed secrets
- move secret handling into helper functions
@cla-bot cla-bot bot added the cla-signed label May 7, 2024
@codecov Codecov
Copy link

codecov bot commented May 7, 2024
edited

Codecov Report

Attention: Patch coverage is 82.75862% with 5 lines in your changes are missing coverage. Please review.

Project coverage is 78.10%. Comparing base (46b2214) to head (b185921).
Report is 32 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff            @@
##           master    #4139    +/-   ##
========================================
  Coverage   78.09%   78.10%            
========================================
  Files         429      430     +1     
  Lines       60312    60503   +191     
========================================
+ Hits        47098    47253   +155     
- Misses      13214    13250    +36
Files Coverage Δ
src/pretix/plugins/paypal2/payment.py 29.95% <ø> (-0.15%) ⬇️
src/pretix/plugins/stripe/payment.py 51.01% <ø> (-0.07%) ⬇️
src/pretix/presale/views/order.py 82.85% <100.00%> (+0.35%) ⬆️
src/pretix/base/models/orders.py 89.18% <94.44%> (+0.08%) ⬆️
src/pretix/plugins/paypal2/views.py 38.05% <0.00%> (+0.27%) ⬆️
src/pretix/plugins/stripe/views.py 32.14% <0.00%> (+0.15%) ⬆️

... and 24 files with indirect coverage changes

raphaelm
raphaelm reviewed May 8, 2024
View reviewed changes
src/pretix/base/models/orders.py Outdated Show resolved Hide resolved
src/pretix/base/models/orders.py Outdated
Comment on lines 1226 to 1227
@staticmethod
def get_with_secret_check(code, received_secret, tag, secret_length=64, qs=None):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Django style question: Would this better be a method on a custom QuerySet class so I can chain it with .filter() or .annotate() etc?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Chaining as in event.orders.get_with_secret_check(...).annotate(...)? I think it wouldn't be possible to implement it that way, as we need the Order object in here for the secret check?

The other way round, would work I think, which would just change the API slightly from Order.get_with_secret_check(..., qs=event.orders.annotate(...)) to event.orders.annotate(...).get_with_secret_check(...) which seems nicer though, yes. I'll have a look into implementing that.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I meant the second mart and you're right it's mostly cosmetic

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you confirm that this is in fact an okay way to specify the Manager for orders:
https://github.com/pretix/pretix/pull/4139/files#diff-a88712c33526e582606fb2e095cea07e0972a201338a955b91cf2dfc675fa3bbR318

in other places it's done in a more verbose way with a separate manager (e.g. ItemQuerySetManager), I think my way is equivalent with less duplicated code but I'm not sure if there is some subtlety I'm missing?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as_manager() is certainly fine, and if it works with scopes, fine with me

@luelista luelista merged commit 05a2f41 into master May 23, 2024
12 checks passed
@raphaelm raphaelm deleted the improve-secret-handling branch May 23, 2024 13:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@raphaelm raphaelm raphaelm approved these changes

Assignees
No one assigned
Labels
cla-signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@luelista @raphaelm