Merge pull request #473 from liangliangyy/dev

升级依赖 && 修改加密算法
5 years ago · ed85979f05
parent 1ea6ff07e4 10a1465c7d
commit ed85979f05
10 changed files with 25 additions and 27 deletions
--- a/.coveragerc
+++ b/.coveragerc
@ -6,7 +6,6 @@ omit =
    *tests*
    *.html
    *whoosh_cn_backend*
-    *apps*
    *oauth*
-    *travis_test*
    *settings.py*
+    *venv*
--- a/DjangoBlog/tests.py
+++ b/DjangoBlog/tests.py
@ -27,7 +27,7 @@ class DjangoBlogTest(TestCase):
        pass

    def test_utils(self):
-        md5 = get_md5('test')
+        md5 = get_sha256('test')
        self.assertIsNotNone(md5)
        c = CommonMarkdown.get_markdown('''
        # Title1
--- a/DjangoBlog/utils.py
+++ b/DjangoBlog/utils.py
@ -14,7 +14,7 @@
 """
 from django.core.cache import cache
 from django.contrib.sites.models import Site
-from hashlib import md5
+from hashlib import sha256
 import mistune
 from mistune import escape, escape_link
 from pygments import highlight
@ -34,8 +34,8 @@ def get_max_articleid_commentid():
    return (Article.objects.latest().pk, Comment.objects.latest().pk)


-def get_md5(str):
-    m = md5(str.encode('utf-8'))
+def get_sha256(str):
+    m = sha256(str.encode('utf-8'))
    return m.hexdigest()


@ -50,7 +50,7 @@ def cache_decorator(expiration=3 * 60):
            if not key:
                unique_str = repr((func, args, kwargs))

-                m = md5(unique_str.encode('utf-8'))
+                m = sha256(unique_str.encode('utf-8'))
                key = m.hexdigest()
            value = cache.get(key)
            if value is not None:
--- a/accounts/tests.py
+++ b/accounts/tests.py
@ -65,7 +65,7 @@ class AccountTest(TestCase):
                BlogUser.objects.filter(
                    email='user123@user.com')))
        user = BlogUser.objects.filter(email='user123@user.com')[0]
-        sign = get_md5(get_md5(settings.SECRET_KEY + str(user.id)))
+        sign = get_sha256(get_sha256(settings.SECRET_KEY + str(user.id)))
        path = reverse('accounts:result')
        url = '{path}?type=validation&id={id}&sign={sign}'.format(
            path=path, id=user.id, sign=sign)
--- a/accounts/views.py
+++ b/accounts/views.py
@ -17,7 +17,7 @@ from django.shortcuts import redirect
 from django.utils.decorators import method_decorator
 from django.views.decorators.debug import sensitive_post_parameters
 from django.utils.http import is_safe_url
-from DjangoBlog.utils import send_email, get_md5, get_current_site
+from DjangoBlog.utils import send_email, get_sha256, get_current_site
 from django.conf import settings

 logger = logging.getLogger(__name__)
@ -36,7 +36,7 @@ class RegisterView(FormView):
            user.source = 'Register'
            user.save(True)
            site = get_current_site().domain
-            sign = get_md5(get_md5(settings.SECRET_KEY + str(user.id)))
+            sign = get_sha256(get_sha256(settings.SECRET_KEY + str(user.id)))

            if settings.DEBUG:
                site = '127.0.0.1:8000'
@ -147,7 +147,7 @@ def account_result(request):
    '''.format(email=user.email)
            title = '注册成功'
        else:
-            c_sign = get_md5(get_md5(settings.SECRET_KEY + str(user.id)))
+            c_sign = get_sha256(get_sha256(settings.SECRET_KEY + str(user.id)))
            sign = request.GET.get('sign')
            if sign != c_sign:
                return HttpResponseForbidden()
--- a/blog/tests.py
+++ b/blog/tests.py
@ -1,7 +1,7 @@
 from django.test import Client, RequestFactory, TestCase
 from blog.models import Article, Category, Tag, SideBar, Links
 from django.contrib.auth import get_user_model
-from DjangoBlog.utils import get_current_site, get_md5
+from DjangoBlog.utils import get_current_site, get_sha256
 from blog.forms import BlogSearchForm
 from django.core.paginator import Paginator
 from blog.templatetags.blog_tags import load_pagination_info, load_articletags
@ -175,7 +175,7 @@ class ArticleTest(TestCase):
            file.write(rsp.content)
        rsp = self.client.post('/upload')
        self.assertEqual(rsp.status_code, 403)
-        sign = get_md5(get_md5(settings.SECRET_KEY))
+        sign = get_sha256(get_sha256(settings.SECRET_KEY))
        with open(imagepath, 'rb') as file:
            imgfile = SimpleUploadedFile(
                'python.png', file.read(), content_type='image/jpg')
--- a/blog/views.py
+++ b/blog/views.py
@ -12,7 +12,7 @@ from django import forms
 from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden
 from django.views.decorators.csrf import csrf_exempt
 from django.contrib.auth.decorators import login_required
-from DjangoBlog.utils import cache, get_md5, get_blog_setting
+from DjangoBlog.utils import cache, get_sha256, get_blog_setting
 from django.shortcuts import get_object_or_404
 from blog.models import Article, Category, Tag, Links, LinkShowType
 from comments.forms import CommentForm
@ -275,7 +275,7 @@ def fileupload(request):
        sign = request.GET.get('sign', None)
        if not sign:
            return HttpResponseForbidden()
-        if not sign == get_md5(get_md5(settings.SECRET_KEY)):
+        if not sign == get_sha256(get_sha256(settings.SECRET_KEY)):
            return HttpResponseForbidden()
        response = []
        for filename in request.FILES:
--- a/oauth/views.py
+++ b/oauth/views.py
@ -13,7 +13,7 @@ from django.views.generic import FormView, RedirectView
 from oauth.forms import RequireEmailForm
 from django.urls import reverse
 from django.db import transaction
-from DjangoBlog.utils import send_email, get_md5, save_user_avatar
+from DjangoBlog.utils import send_email, get_sha256, save_user_avatar
 from DjangoBlog.utils import get_current_site
 from django.core.exceptions import ObjectDoesNotExist
 from django.http import HttpResponseForbidden
@ -127,10 +127,9 @@ def authorize(request):
 def emailconfirm(request, id, sign):
    if not sign:
        return HttpResponseForbidden()
-    if not get_md5(
-            settings.SECRET_KEY +
-            str(id) +
-            settings.SECRET_KEY).upper() == sign.upper():
+    if not get_sha256(settings.SECRET_KEY +
+                      str(id) +
+                      settings.SECRET_KEY).upper() == sign.upper():
        return HttpResponseForbidden()
    oauthuser = get_object_or_404(OAuthUser, pk=id)
    with transaction.atomic():
@ -204,8 +203,8 @@ class RequireEmailView(FormView):
        oauthuser = get_object_or_404(OAuthUser, pk=oauthid)
        oauthuser.email = email
        oauthuser.save()
-        sign = get_md5(settings.SECRET_KEY +
-                       str(oauthuser.id) + settings.SECRET_KEY)
+        sign = get_sha256(settings.SECRET_KEY +
+                          str(oauthuser.id) + settings.SECRET_KEY)
        site = get_current_site().domain
        if settings.DEBUG:
            site = '127.0.0.1:8000'
--- a/requirements.txt
+++ b/requirements.txt
@ -1,5 +1,5 @@
 coverage==5.5
-Django==3.2.4
+Django==3.2.5
 django-compressor==2.4.1
 django-haystack==3.0
 django-ipware==3.0.2
@ -12,7 +12,7 @@ jieba==0.42.1
 jsonpickle==2.0.0
 mistune==0.8.4
 mysqlclient==2.0.3
-Pillow==8.2.0
+Pillow==8.3.0
 Pygments==2.9.0
 python-logstash==0.4.6
 python-memcached==1.59
@ -22,6 +22,6 @@ raven==6.10.0
 rcssmin==1.0.6
 requests==2.25.1
 rjsmin==1.1.0
-urllib3==1.26.5
+urllib3==1.26.6
 WeRoBot==1.13.1
 Whoosh==2.7.4
--- a/servermanager/robot.py
+++ b/servermanager/robot.py
@ -21,7 +21,7 @@ from servermanager.api.blogapi import BlogApi
 from servermanager.api.commonapi import TuLing
 import os
 import json
-from DjangoBlog.utils import get_md5
+from DjangoBlog.utils import get_sha256
 from django.conf import settings
 import jsonpickle
 from servermanager.models import commands
@ -202,7 +202,7 @@ class MessageHandler():
            passwd = settings.WXADMIN
            if settings.TESTING:
                passwd = '123'
-            if passwd.upper() == get_md5(get_md5(info)).upper():
+            if passwd.upper() == get_sha256(get_sha256(info)).upper():
                self.userinfo.isPasswordSet = True
                self.savesession()
                return "验证通过,请输入命令或者要执行的命令代码:输入helpme获得帮助"