* [pve-devel] [PATCH pve-common] ticket: remove fallback for SHA1-base64 CSRF prevention tokens
@ 2024-02-20 15:08 Max Carrara
2024-03-06 11:10 ` [pve-devel] applied: " Wolfgang Bumiller
0 siblings, 1 reply; 2+ messages in thread
From: Max Carrara @ 2024-02-20 15:08 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Max Carrara <m.carrara@proxmox.com>
---
As the old inline comment notes, this should've been removed in
PVE 7.0 already.
src/PVE/Ticket.pm | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/src/PVE/Ticket.pm b/src/PVE/Ticket.pm
index ce8d5c8..c5508ed 100644
--- a/src/PVE/Ticket.pm
+++ b/src/PVE/Ticket.pm
@@ -34,13 +34,7 @@ sub verify_csrf_prevention_token {
my $timestamp = $1;
my $ttime = hex($timestamp);
- my $digest;
- if (length($sig) == 27) {
- # detected sha1 csrf token from older proxy, fallback. FIXME: remove with 7.0
- $digest = Digest::SHA::sha1_base64("$timestamp:$username", $secret);
- } else {
- $digest = Digest::SHA::hmac_sha256_base64("$timestamp:$username", $secret);
- }
+ my $digest = Digest::SHA::hmac_sha256_base64("$timestamp:$username", $secret);
my $age = time() - $ttime;
return 1 if ($digest eq $sig) && ($age > $min_age) &&
--
2.39.2
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-03-06 11:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-20 15:08 [pve-devel] [PATCH pve-common] ticket: remove fallback for SHA1-base64 CSRF prevention tokens Max Carrara
2024-03-06 11:10 ` [pve-devel] applied: " Wolfgang Bumiller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox