I tried to link djangoCMS to discourse, it’s not really easy for me, I’m not really a developer, so I’d rather not do code.
So i don’t understand why it’s not possible to use simple tools like django-oauth-toolkit and it’s every time specific code.
Hi, there is a method on the hmac library you can use:
When comparing the output of
hexdigest()to an externally-supplied digest during a verification routine, it is recommended to use the
compare_digest()function instead of the
==operator to reduce the vulnerability to timing attacks.
Updated — thanks for the heads up.
Thanks for this!
As a note, I got a TypeError (unicode does not have the buffer interface) using this code in Python 2.7–looks like
signature was being returned as unicode. Fixed like this:
if not hmac.compare_digest(this_signature, str(signature)):
Thanks for this fix.
Hey James. Thanks for this. I am however stuck at the URL’s, running Django 2.0.
Could the url() be replaced with the new path?
Thanks in advance.
I am not getting ‘sso’ and ‘sig’ in the GET request parameter. What i need to do?
This worked well, thanks!
Few modifications I made:
I used the following logic for ‘require_activatoin’ (I use allauth):
require_activation = 'false' if EmailAddress.objects.filter(user=request.user, verified=True).exists() else 'true'
encodestring. The IDE I am using said they were deprecated since Python 3.1.
I’ve made an implementation based on first example with tests and its working on Django 2:
Would you please consider publishing this Discourse django SSO app on PyPi?
I don’t have time right now unfortunately, but I have a project coming up in a few weeks that needs this and I can revisit it then.