implementation of hash3 for snapshots

2021-06-30 15:05:44 +02:00 · 2021-06-30 15:05:44 +02:00 · 06c5137b32
parent 6d4212f314
commit 06c5137b32
2 changed files with 12 additions and 7 deletions
--- a/ereuse_devicehub/resources/action/views/snapshot.py
+++ b/ereuse_devicehub/resources/action/views/snapshot.py
@ -3,10 +3,12 @@
 import os
 import json
 import shutil
+import hashlib
 from datetime import datetime

 from flask import current_app as app, g
 from sqlalchemy.util import OrderedSet
+from teal.marshmallow import ValidationError

 from ereuse_devicehub.db import db
 from ereuse_devicehub.resources.action.models import RateComputer, Snapshot
@ -59,6 +61,14 @@ def move_json(tmp_snapshots, path_name, user, live=False):
        os.remove(path_name)


+def check_hash_snapshot(snapshot_json):
+    debug = snapshot_json.pop('debug')
+    data = json.dumps(snapshot_json).encode('utf-8')
+    hash3 = hashlib.sha3_256(data).hexdigest()
+    if not hash3 in debug['hwinfo']:
+        txt = "This Snapshot is not valid"
+        raise ValidationError(txt)
+

 class SnapshotView():
    """Performs a Snapshot.
@ -75,7 +85,7 @@ class SnapshotView():
        self.resource_def = resource_def
        self.tmp_snapshots = app.config['TMP_SNAPSHOTS']
        self.path_snapshot = save_json(snapshot_json, self.tmp_snapshots, g.user.email)
-        snapshot_json.pop('debug', None)
+        check_hash_snapshot(snapshot_json)
        self.snapshot_json = resource_def.schema.load(snapshot_json)
        self.response = self.build()
        move_json(self.tmp_snapshots, self.path_snapshot, g.user.email)
--- a/ereuse_devicehub/resources/action/views/views.py
+++ b/ereuse_devicehub/resources/action/views/views.py
@ -4,7 +4,6 @@ from datetime import timedelta
 from distutils.version import StrictVersion
 from uuid import UUID

-import jwt
 from flask import current_app as app, request, g
 from teal.db import ResourceNotFound
 from teal.marshmallow import ValidationError
@ -172,12 +171,8 @@ class ActionView(View):
    def post(self):
        """Posts an action."""
        json = request.get_json(validate=False)
-        if not json:
+        if not json or 'type' not in json:
            raise ValidationError('Post request needs a json.')
-        elif 'type' not in json:
-            # JN TODO Use the user's key instead an empty string
-            key = ''
-            json = jwt.decode(json, key, algorithms="HS256")
        # todo there should be a way to better get subclassess resource
        #   defs
        resource_def = app.resources[json['type']]