Skip to content

Commit

Permalink
added safe hmac comparison (#170)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jillingk
jillingk authored Jul 13, 2022
1 parent 81839c0 commit 3292133
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions Adyen/util.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ def is_valid_hmac(dict_object, hmac_key):
del dict_object['additionalData']
merchant_sign = generate_hpp_sig(dict_object, hmac_key)
merchant_sign_str = merchant_sign.decode("utf-8")
return merchant_sign_str == expected_sign
return hmac.compare_digest(merchant_sign_str, expected_sign)


def generate_notification_sig(dict_object, hmac_key):
Expand Down Expand Up @@ -97,4 +97,4 @@ def is_valid_hmac_notification(dict_object, hmac_key):
del dict_object['additionalData']
merchant_sign = generate_notification_sig(dict_object, hmac_key)
merchant_sign_str = merchant_sign.decode("utf-8")
return merchant_sign_str == expected_sign
return hmac.compare_digest(merchant_sign_str, expected_sign)

0 comments on commit 3292133

Please sign in to comment.