diff --git a/.coveragerc b/.coveragerc index 68f1d0b..7656c5a 100644 --- a/.coveragerc +++ b/.coveragerc @@ -6,7 +6,6 @@ omit = *tests* *.html *whoosh_cn_backend* - *apps* *oauth* - *travis_test* *settings.py* + *venv* diff --git a/DjangoBlog/tests.py b/DjangoBlog/tests.py index 5c673bc..8dff824 100644 --- a/DjangoBlog/tests.py +++ b/DjangoBlog/tests.py @@ -27,7 +27,7 @@ class DjangoBlogTest(TestCase): pass def test_utils(self): - md5 = get_md5('test') + md5 = get_sha256('test') self.assertIsNotNone(md5) c = CommonMarkdown.get_markdown(''' # Title1 diff --git a/DjangoBlog/utils.py b/DjangoBlog/utils.py index 5e97e77..68f2806 100644 --- a/DjangoBlog/utils.py +++ b/DjangoBlog/utils.py @@ -14,7 +14,7 @@ """ from django.core.cache import cache from django.contrib.sites.models import Site -from hashlib import md5 +from hashlib import sha256 import mistune from mistune import escape, escape_link from pygments import highlight @@ -34,8 +34,8 @@ def get_max_articleid_commentid(): return (Article.objects.latest().pk, Comment.objects.latest().pk) -def get_md5(str): - m = md5(str.encode('utf-8')) +def get_sha256(str): + m = sha256(str.encode('utf-8')) return m.hexdigest() @@ -50,7 +50,7 @@ def cache_decorator(expiration=3 * 60): if not key: unique_str = repr((func, args, kwargs)) - m = md5(unique_str.encode('utf-8')) + m = sha256(unique_str.encode('utf-8')) key = m.hexdigest() value = cache.get(key) if value is not None: diff --git a/accounts/tests.py b/accounts/tests.py index 289cc5a..f3613ef 100644 --- a/accounts/tests.py +++ b/accounts/tests.py @@ -65,7 +65,7 @@ class AccountTest(TestCase): BlogUser.objects.filter( email='user123@user.com'))) user = BlogUser.objects.filter(email='user123@user.com')[0] - sign = get_md5(get_md5(settings.SECRET_KEY + str(user.id))) + sign = get_sha256(get_sha256(settings.SECRET_KEY + str(user.id))) path = reverse('accounts:result') url = '{path}?type=validation&id={id}&sign={sign}'.format( path=path, id=user.id, sign=sign) diff --git a/accounts/views.py b/accounts/views.py index 6e5f538..8114d67 100644 --- a/accounts/views.py +++ b/accounts/views.py @@ -17,7 +17,7 @@ from django.shortcuts import redirect from django.utils.decorators import method_decorator from django.views.decorators.debug import sensitive_post_parameters from django.utils.http import is_safe_url -from DjangoBlog.utils import send_email, get_md5, get_current_site +from DjangoBlog.utils import send_email, get_sha256, get_current_site from django.conf import settings logger = logging.getLogger(__name__) @@ -36,7 +36,7 @@ class RegisterView(FormView): user.source = 'Register' user.save(True) site = get_current_site().domain - sign = get_md5(get_md5(settings.SECRET_KEY + str(user.id))) + sign = get_sha256(get_sha256(settings.SECRET_KEY + str(user.id))) if settings.DEBUG: site = '127.0.0.1:8000' @@ -147,7 +147,7 @@ def account_result(request): '''.format(email=user.email) title = '注册成功' else: - c_sign = get_md5(get_md5(settings.SECRET_KEY + str(user.id))) + c_sign = get_sha256(get_sha256(settings.SECRET_KEY + str(user.id))) sign = request.GET.get('sign') if sign != c_sign: return HttpResponseForbidden() diff --git a/blog/tests.py b/blog/tests.py index a34fa78..b334e71 100644 --- a/blog/tests.py +++ b/blog/tests.py @@ -1,7 +1,7 @@ from django.test import Client, RequestFactory, TestCase from blog.models import Article, Category, Tag, SideBar, Links from django.contrib.auth import get_user_model -from DjangoBlog.utils import get_current_site, get_md5 +from DjangoBlog.utils import get_current_site, get_sha256 from blog.forms import BlogSearchForm from django.core.paginator import Paginator from blog.templatetags.blog_tags import load_pagination_info, load_articletags @@ -175,7 +175,7 @@ class ArticleTest(TestCase): file.write(rsp.content) rsp = self.client.post('/upload') self.assertEqual(rsp.status_code, 403) - sign = get_md5(get_md5(settings.SECRET_KEY)) + sign = get_sha256(get_sha256(settings.SECRET_KEY)) with open(imagepath, 'rb') as file: imgfile = SimpleUploadedFile( 'python.png', file.read(), content_type='image/jpg') diff --git a/blog/views.py b/blog/views.py index 98c738d..2406f19 100644 --- a/blog/views.py +++ b/blog/views.py @@ -12,7 +12,7 @@ from django import forms from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden from django.views.decorators.csrf import csrf_exempt from django.contrib.auth.decorators import login_required -from DjangoBlog.utils import cache, get_md5, get_blog_setting +from DjangoBlog.utils import cache, get_sha256, get_blog_setting from django.shortcuts import get_object_or_404 from blog.models import Article, Category, Tag, Links, LinkShowType from comments.forms import CommentForm @@ -275,7 +275,7 @@ def fileupload(request): sign = request.GET.get('sign', None) if not sign: return HttpResponseForbidden() - if not sign == get_md5(get_md5(settings.SECRET_KEY)): + if not sign == get_sha256(get_sha256(settings.SECRET_KEY)): return HttpResponseForbidden() response = [] for filename in request.FILES: diff --git a/oauth/views.py b/oauth/views.py index 097f238..cde1ff4 100644 --- a/oauth/views.py +++ b/oauth/views.py @@ -13,7 +13,7 @@ from django.views.generic import FormView, RedirectView from oauth.forms import RequireEmailForm from django.urls import reverse from django.db import transaction -from DjangoBlog.utils import send_email, get_md5, save_user_avatar +from DjangoBlog.utils import send_email, get_sha256, save_user_avatar from DjangoBlog.utils import get_current_site from django.core.exceptions import ObjectDoesNotExist from django.http import HttpResponseForbidden @@ -127,10 +127,9 @@ def authorize(request): def emailconfirm(request, id, sign): if not sign: return HttpResponseForbidden() - if not get_md5( - settings.SECRET_KEY + - str(id) + - settings.SECRET_KEY).upper() == sign.upper(): + if not get_sha256(settings.SECRET_KEY + + str(id) + + settings.SECRET_KEY).upper() == sign.upper(): return HttpResponseForbidden() oauthuser = get_object_or_404(OAuthUser, pk=id) with transaction.atomic(): @@ -204,8 +203,8 @@ class RequireEmailView(FormView): oauthuser = get_object_or_404(OAuthUser, pk=oauthid) oauthuser.email = email oauthuser.save() - sign = get_md5(settings.SECRET_KEY + - str(oauthuser.id) + settings.SECRET_KEY) + sign = get_sha256(settings.SECRET_KEY + + str(oauthuser.id) + settings.SECRET_KEY) site = get_current_site().domain if settings.DEBUG: site = '127.0.0.1:8000' diff --git a/requirements.txt b/requirements.txt index 1dad67c..5187311 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ coverage==5.5 -Django==3.2.4 +Django==3.2.5 django-compressor==2.4.1 django-haystack==3.0 django-ipware==3.0.2 @@ -12,7 +12,7 @@ jieba==0.42.1 jsonpickle==2.0.0 mistune==0.8.4 mysqlclient==2.0.3 -Pillow==8.2.0 +Pillow==8.3.0 Pygments==2.9.0 python-logstash==0.4.6 python-memcached==1.59 @@ -22,6 +22,6 @@ raven==6.10.0 rcssmin==1.0.6 requests==2.25.1 rjsmin==1.1.0 -urllib3==1.26.5 +urllib3==1.26.6 WeRoBot==1.13.1 Whoosh==2.7.4 \ No newline at end of file diff --git a/servermanager/robot.py b/servermanager/robot.py index c086e29..7eaface 100644 --- a/servermanager/robot.py +++ b/servermanager/robot.py @@ -21,7 +21,7 @@ from servermanager.api.blogapi import BlogApi from servermanager.api.commonapi import TuLing import os import json -from DjangoBlog.utils import get_md5 +from DjangoBlog.utils import get_sha256 from django.conf import settings import jsonpickle from servermanager.models import commands @@ -202,7 +202,7 @@ class MessageHandler(): passwd = settings.WXADMIN if settings.TESTING: passwd = '123' - if passwd.upper() == get_md5(get_md5(info)).upper(): + if passwd.upper() == get_sha256(get_sha256(info)).upper(): self.userinfo.isPasswordSet = True self.savesession() return "验证通过,请输入命令或者要执行的命令代码:输入helpme获得帮助"