From 3974fc05a4fa0d2a253673d18864509c4b67ede4 Mon Sep 17 00:00:00 2001 From: johnyu95 Date: Tue, 13 Jun 2023 16:44:19 -0400 Subject: [PATCH] Update _generate_signature method to use HMAC-SHA256 --- app/auth/utils.py | 10 +++++----- data/agencies.csv | 4 ++-- data/agencies.json | 16 ++++++++-------- data/agencies_test.csv | 4 ++-- data/agencies_test.json | 8 ++++---- data/custom_request_forms.json | 6 +++--- 6 files changed, 24 insertions(+), 24 deletions(-) diff --git a/app/auth/utils.py b/app/auth/utils.py index 33899def9..942e54a1f 100644 --- a/app/auth/utils.py +++ b/app/auth/utils.py @@ -16,7 +16,7 @@ abort, current_app, flash, redirect, request, session, url_for ) from flask_login import current_user, login_user, logout_user -from hashlib import sha1 +from hashlib import sha256 from ldap3 import Connection, Server, Tls from requests.exceptions import SSLError @@ -680,10 +680,10 @@ def _generate_signature(password, string): """ signature = None try: - hmac_sha1 = hmac.new(key=password.encode(), - msg=string.encode(), - digestmod=sha1) - signature = hmac_sha1.hexdigest() + hmac_sha256 = hmac.new(key=password.encode(), + msg=string.encode(), + digestmod=sha256) + signature = hmac_sha256.hexdigest() except Exception as e: sentry.captureException() current_app.logger.error("Failed to generate NYC ID.Web Services " diff --git a/data/agencies.csv b/data/agencies.csv index e4b43babe..0bca40c62 100644 --- a/data/agencies.csv +++ b/data/agencies.csv @@ -19,7 +19,7 @@ "032A","032","Social Services","Commission to Combat Police Corruption","CCPC","00001","foil@ccpc.nyc.gov","appeals@doi.nyc.gov","False" "0054","054","Public Safety","Civilian Complaint Review Board","CCRB","00001","bkrist@ccrb.nyc.gov","bkrist@ccrb.nyc.gov","False" "0312","312","Civic Services","Conflicts of Interest Board","COIB","00001","davic@coib.nyc.gov","davic@coib.nyc.gov","False" -"0866","866","Business","Department of Consumer Affairs","DCA","00001","dcafoil@dca.nyc.gov","dcafoil@dca.nyc.gov","False" +"0866","866","Business","Department of Consumer and Worker Protection","DCWP","00001","FOIL@dcwp.nyc.gov","FOILAPPEALS@dcwp.nyc.gov","False" "0868","868","Civic Services","Department of Citywide Administrative Services","DCAS","00001","foilrequest@dcas.nyc.gov","foilrequest@dcas.nyc.gov","False" "0126","126","Culture & Recreation","Department of Cultural Affairs","DCLA","00001","foil@culture.nyc.gov","appeals@culture.nyc.gov","False" "0030","030","Civic Services","Department of City Planning","DCP","00001","foil@planning.nyc.gov","foil@planning.nyc.gov","False" @@ -33,7 +33,7 @@ "0836","836","Business","Department of Finance","DOF","00001","atikd@finance.nyc.gov","atikd@finance.nyc.gov","False" "0816","816","Health","Department of Health and Mental Hygiene","DOHMH","00001","foil@health.nyc.gov","recordsaccess@health.nyc.gov","False" "0032","032","Public Safety","Department of Investigation","DOI","00001","foil@doi.nyc.gov","foilappeals@doi.nyc.gov","False" -"0858","858","Civic Services","Department of Information Technology and Telecommunications","DOITT","00001","foilrequest@doitt.nyc.gov","foilrequest@doitt.nyc.gov","True" +"0858","858","Civic Services","NYC Office of Technology and Innovation","OTI","00001","foilrequest@oti.nyc.gov","foilappeal@oti.nyc.gov","True" "0781","781","Public Safety","Department of Probation","DOP","00001","scandace@probation.nyc.gov","scandace@probation.nyc.gov","False" "0860","860","Culture & Recreation","Department of Records and Information Services","DORIS","00001","foil@records.nyc.gov","foil@records.nyc.gov","True" "0841","841","Transportation","Department of Transportation","DOT","00001","foil@dot.nyc.gov","foil@dot.nyc.gov","False" diff --git a/data/agencies.json b/data/agencies.json index 48323d34a..3f617d143 100644 --- a/data/agencies.json +++ b/data/agencies.json @@ -163,10 +163,10 @@ "categories": [ "Business" ], - "name": "Department of Consumer Affairs", + "name": "Department of Consumer and Worker Protection", "next_request_number": 1, - "default_email": "dcafoil@dca.nyc.gov", - "appeals_email": "DCAFOILAPPEALS@dca.nyc.gov", + "default_email": "FOIL@dcwp.nyc.gov", + "appeals_email": "FOILAPPEALS@dcwp.nyc.gov", "is_active": true, "agency_features": { "letters": { @@ -186,7 +186,7 @@ "text": "" } }, - "acronym": "DCA" + "acronym": "DCWP" }, { "ein": "0059", @@ -1003,10 +1003,10 @@ "categories": [ "Civic Services" ], - "name": "Department of Information Technology and Telecommunications", + "name": "NYC Office of Technology and Innovation", "next_request_number": 1, - "default_email": "foilrequest@doitt.nyc.gov", - "appeals_email": "foilrequest@doitt.nyc.gov", + "default_email": "foilrequest@oti.nyc.gov", + "appeals_email": "foilappeal@oti.nyc.gov", "is_active": true, "agency_features": { "letters": { @@ -1026,7 +1026,7 @@ "text": "" } }, - "acronym": "DOITT" + "acronym": "OTI" }, { "ein": "0134", diff --git a/data/agencies_test.csv b/data/agencies_test.csv index 90d928f61..eabfe5815 100644 --- a/data/agencies_test.csv +++ b/data/agencies_test.csv @@ -19,7 +19,7 @@ "032A","032","Social Services","Commission to Combat Police Corruption","CCPC","00001","openrecords_agency_default_dev_113@mailinator.com","openrecords_agency_appeals_dev_113@mailinator.com","False" "0054","054","Public Safety","Civilian Complaint Review Board","CCRB","00001","openrecords_agency_default_dev_002@mailinator.com","openrecords_agency_appeals_dev_002@mailinator.com","False" "0312","312","Civic Services","Conflicts of Interest Board","COIB","00001","openrecords_agency_default_dev_103@mailinator.com","openrecords_agency_appeals_dev_103@mailinator.com","False" -"0866","866","Business","Department of Consumer Affairs","DCA","00001","openrecords_agency_default_dev_441@mailinator.com","openrecords_agency_appeals_dev_441@mailinator.com","False" +"0866","866","Business","Department of Consumer and Worker Protection","DCWP","00001","openrecords_agency_default_dev_441@mailinator.com","openrecords_agency_appeals_dev_441@mailinator.com","False" "0868","868","Civic Services","Department of Citywide Administrative Services","DCAS","00001","openrecords_agency_default_dev_740@mailinator.com","openrecords_agency_appeals_dev_740@mailinator.com","False" "0126","126","Culture & Recreation","Department of Cultural Affairs","DCLA","00001","openrecords_agency_default_dev_057@mailinator.com","openrecords_agency_appeals_dev_057@mailinator.com","False" "0030","030","Civic Services","Department of City Planning","DCP","00001","openrecords_agency_default_dev_002@mailinator.com","openrecords_agency_appeals_dev_002@mailinator.com","False" @@ -33,7 +33,7 @@ "0836","836","Business","Department of Finance","DOF","00001","openrecords_agency_default_dev_220@mailinator.com","openrecords_agency_appeals_dev_220@mailinator.com","False" "0816","816","Health","Department of Health and Mental Hygiene","DOHMH","00001","openrecords_agency_default_dev_132@mailinator.com","openrecords_agency_appeals_dev_132@mailinator.com","False" "0032","032","Public Safety","Department of Investigation","DOI","00001","openrecords_agency_default_dev_002@mailinator.com","openrecords_agency_appeals_dev_002@mailinator.com","False" -"0858","858","Civic Services","Department of Information Technology and Telecommunications","DOITT","00001","openrecords_agency_default_dev_312@mailinator.com","openrecords_agency_appeals_dev_312@mailinator.com","True" +"0858","858","Civic Services","NYC Office of Technology and Innovation","OTI","00001","openrecords_agency_default_dev_312@mailinator.com","openrecords_agency_appeals_dev_312@mailinator.com","True" "0781","781","Public Safety","Department of Probation","DOP","00001","openrecords_agency_default_dev_125@mailinator.com","openrecords_agency_appeals_dev_125@mailinator.com","False" "0860","860","Culture & Recreation","Department of Records and Information Services","DORIS","00001","openrecords_agency_default_dev_032@mailinator.com","openrecords_agency_appeals_dev_032@mailinator.com","True" "0841","841","Transportation","Department of Transportation","DOT","00001","openrecords_agency_default_dev_226@mailinator.com","openrecords_agency_appeals_dev_226@mailinator.com","False" diff --git a/data/agencies_test.json b/data/agencies_test.json index b1dfebcf9..1e5a266bb 100644 --- a/data/agencies_test.json +++ b/data/agencies_test.json @@ -646,8 +646,8 @@ "categories": [ "Business" ], - "name": "Department of Consumer Affairs", - "acronym": "DCA", + "name": "Department of Consumer and Worker Protection", + "acronym": "DCWP", "next_request_number": 1, "default_email": "openrecords_agency_default_dev_441@mailinator.com", "appeals_email": "openrecords_agency_appeals_dev_441@mailinator.com", @@ -1094,8 +1094,8 @@ "categories": [ "Civic Services" ], - "name": "Department of Information Technology and Telecommunications", - "acronym": "DOITT", + "name": "NYC Office of Technology and Innovation", + "acronym": "OTI", "next_request_number": 1, "default_email": "openrecords_agency_default_dev_312@mailinator.com", "appeals_email": "openrecords_agency_appeals_dev_312@mailinator.com", diff --git a/data/custom_request_forms.json b/data/custom_request_forms.json index e6b0e2ba7..6257d0220 100644 --- a/data/custom_request_forms.json +++ b/data/custom_request_forms.json @@ -153,11 +153,11 @@ "name": "fdny-form1-field9", "values": [ "Building", - "Transportation", + "Vehicle/Transportation", "Outdoors", "Non-Fire Emergency" ], - "help_text": "If transportation is selected, please provide the model, make, and license plate in the description below. For Building, Outdoors, and Non-Fire Emergency please provide a short description below.", + "help_text": "If Vehicle/Transportation is selected, please provide the model, make, and license plate in the description below. For Building, Outdoors, and Non-Fire Emergency please provide a short description below.", "required": false } }, @@ -169,7 +169,7 @@ "error_message": " Error, Description of Incident is required. Please provide a short description.", "max_length": 5000, "character_counter": true, - "help_text": "Please provide a short description of the incident. If Transportation was selected above, please make sure to provide the Type, Make, and Plate of the vehicle." + "help_text": "Please provide a short description of the incident. If Vehicle/Transportation was selected above, please make sure to provide the Type, Make, and Plate of the vehicle." } } ],