ticket: remove fallback for SHA1-base64 CSRF prevention tokens

Signed-off-by: Max Carrara <m.carrara@proxmox.com>
2025-04-29 04:18:27 +00:00 · 2024-02-20 16:08:36 +01:00 · 2024-02-20 16:08:36 +01:00 · ff39327769
commit ff39327769
parent 68b234f35e
1 changed files with 1 additions and 7 deletions
--- a/src/PVE/Ticket.pm
+++ b/src/PVE/Ticket.pm
@ -34,13 +34,7 @@ sub verify_csrf_prevention_token {
 	my $timestamp = $1;
 	my $ttime = hex($timestamp);

-	my $digest;
-	if (length($sig) == 27) {
-	    # detected sha1 csrf token from older proxy, fallback. FIXME: remove with 7.0
-	    $digest = Digest::SHA::sha1_base64("$timestamp:$username", $secret);
-	} else {
-	    $digest = Digest::SHA::hmac_sha256_base64("$timestamp:$username", $secret);
-	}
+	my $digest = Digest::SHA::hmac_sha256_base64("$timestamp:$username", $secret);

 	my $age = time() - $ttime;
 	return 1 if ($digest eq $sig) && ($age > $min_age) &&