minifb patch?

2 views
Skip to first unread message

Steven

unread,
Sep 21, 2007, 3:21:31 PM9/21/07
to minifb
I'm using minifb.py with mod_python and it is great, but I ended up
patching it slightly. Please let me know what you think of this
patch:

==========================
[1] MINIFB PATCH

I changed the minifb.validate function to take a dict for arguments:

"""
def validate(secret, arguments):
"""

then later in the function to get the list of pairs simple:

"""
# Convert to list of pairs and check for signature
try:
values = arguments.items()
"""

and to get the signature:

"""
signature = arguments.get("fb_sig", None)
"""

==========================
[2] NORMAL USAGE

When using the minifb library in "normally" with mod_python

"""
def index(req):
validate = minifb.validate(_secret, dict(req.form))
"""

==========================
[3] ADDITIONAL FLEXIBILITY/BENEFIT

Since the minifb is no longer dependent on the format of its second
validate
parameter you can programmatically create the req.form dict if
necessary
(and which I have actually used on occasion during development). It
seems
that not having minifb depend at all on the cgi lib or the format of
the argument
string also makes it more flexible in terms of where it can be used.

==========================
[4] ADDITIONAL SUGGESTION

Here is a suggestion for another change which I have not had a chance
to try out. I've noticed in the validate function that in the event
that the signature
can not be verified in minifb.validate the unsigned values are still
returned:

"""
if md5hash.hexdigest() != signature:
# Hash is incorrect, return unsigned fields
return unsigned
"""

It seems that in the event that there happened to be an unsigned value
with the
same name as a signed value this could be confusing. For example, if
the
arguments dict contained both "fb_sig_added=1" and "added=1".. It
would require
additional code for the calling code to distinguish these cases:

[1] signature was validated and "added" is actually signed (and there
was no unsigned "added" value).

[2] signature was not validated and "added" is just an unsigned value

[3] signature was validated but added was not in the signed values but
simply an unsigned value.

It seems that it might be more straightforward just to have
minifb.validate return ONLY signed values.. and disregard the unsigned
dict.

Steven

Steven

unread,
Sep 21, 2007, 7:32:21 PM9/21/07
to minifb
Just wanted to update this. Actually after seeing a response to my
previous message and checking the original code here:

http://minifb.googlecode.com/svn/trunk/minifb.py

I see that it is originally doing the "values = arguments.items()"

I guess the main line that wasn't working in my version of Python was:

signature = values.pop("fb_sig", None)

which I changed to

signature = arguments.get('fb_sig',None)

peteshinners

unread,
Sep 21, 2007, 11:35:29 PM9/21/07
to minifb
Ok, that makes sense that pop() will not always work for non-
dictionaries. I'll switch it over.

I was also going to change the call function so that the call_id arg
defaults to true. It won't cause problems for calls that don't need
it, and then it's one less argument you need to pass every time you
make a call.

Reply all
Reply to author
Forward
0 new messages