use urlsafe_b64 instead of b32 for even shorter key but still url safe.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@43863 20353a03-c40f-0410-a6d1-a30d3c3de9de

use urlsafe_b64 instead of b32 for even shorter key but still url safe.
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@43863 20353a03-c40f-0410-a6d1-a30d3c3de9de
6007482d · Kazuhiko Shiozaki · c6ca20a1 · 6007482d
Commit 6007482d authored Mar 01, 2011 by Kazuhiko Shiozaki
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

product/ERP5Security/ERP5KeyAuthPlugin.py product/ERP5Security/ERP5KeyAuthPlugin.py +3 -3

No files found.
--- a/product/ERP5Security/ERP5KeyAuthPlugin.py
+++ b/product/ERP5Security/ERP5KeyAuthPlugin.py
@@ -56,7 +56,7 @@ from Products.ERP5Security.ERP5UserManager import ERP5UserManager,\
                                                  _AuthenticationFailure

 from Crypto.Cipher import AES
-from base64 import b32decode, b32encode
+from base64 import urlsafe_b64decode, urlsafe_b64encode

 class AESCipher:
  mode = AES.MODE_CFB
@@ -67,11 +67,11 @@ class AESCipher:

  def encrypt(self, login):
    encryptor = AES.new(self.encryption_key, self.mode)
-    return b32encode(encryptor.encrypt(login.ljust(((len(login)-1)/16+1)*16)))
+    return urlsafe_b64encode(encryptor.encrypt(login.ljust(((len(login)-1)/16+1)*16)))

  def decrypt(self, crypted_login):
    decryptor = AES.new(self.encryption_key, self.mode)
-    return decryptor.decrypt(b32decode(crypted_login)).rstrip()
+    return decryptor.decrypt(urlsafe_b64decode(crypted_login)).rstrip()

 # This cipher is weak. Do not use.
 class CesarCipher: