U k7g@s\ddlZddlZddlmZmZddlmZmZddZddZ dd Z Gd d d e Z dS) N)sha1sha256)urlparseparse_qscCs<t|t|krdSd}t||D]\}}|||kM}q"|S)zCompare two strings while protecting against timing attacks :param str string1: the first string :param str string2: the second string :returns: True if the strings are equal, False if not :rtype: :obj:`bool` FT)lenzip)Zstring1Zstring2resultZc1c2r szRequestValidator.__init__c Csz|}|rDtt|D].}|||}tt|D]}|||7}q0qt|j|dt}t | }| d}| S)zCompute the signature for a given request :param uri: full URI that Twilio requested on your server :param params: post vars that Twilio sent with the request :returns: The computed signature r) sortedset get_valueshmacnewr!r rbase64 b64encodedigestdecodestrip) r"rparamss param_namevaluesvaluemaccomputedr r r compute_signatureAs  z"RequestValidator.compute_signaturec CsZz ||WStk rTz||WYStk rN||gYYSXYnXdS)N)ZgetallAttributeErrorgetlist)r"Z param_dictr0r r r r&Xs zRequestValidator.get_valuescCst|d}|Sr)rr hexdigestr-)r"bodyr4r r r compute_hashdszRequestValidator.compute_hashc Cs|dkr i}t|}t|}t|}d}t|j}d|kr`t|tr`t|||dd}i}t| |||} t| |||} |o| p| S)a]Validate a request from Twilio :param uri: full URI that Twilio requested on your server :param params: dictionary of POST variables or string of POST body for JSON requests :param signature: expected signature in HTTP X-Twilio-Signature header :returns: True if the request passes validation, False if not NTZ bodySHA256r) rrrrquery isinstancerr r:r5) r"rr. signatureZ parsed_uriZ uri_with_portZuri_without_portZvalid_body_hashr;Zvalid_signatureZvalid_signature_with_portr r r validateis&    zRequestValidator.validateN)__name__ __module__ __qualname__r#r5r&r:r>r r r r r=s  r) r)r'hashlibrr urllib.parserrr rrobjectrr r r r s