Commit 28ea4d4b authored by Aymeric Augustin's avatar Aymeric Augustin
Browse files

Fixed #18852 -- Restored backwards compatibility 

in django.core.signing. Specifically, kept the same return types
(str/unicode) under Python 2. Related to [92b2dec9].
parent 62e1c5a4

django/core/signing.py

+29 −19
Original line number Diff line number Diff line
@@ -32,6 +32,7 @@ start of the base64 JSON. 
There are 65 url-safe characters: the 64 used by url-safe base64 and the ':'.

These functions make use of all of them.

"""



from __future__ import unicode_literals



import base64
@@ -43,7 +44,7 @@ from django.conf import settings 
from django.core.exceptions import ImproperlyConfigured

from django.utils import baseconv

from django.utils.crypto import constant_time_compare, salted_hmac

from django.utils.encoding import smart_bytes

from django.utils.encoding import force_bytes, force_str, force_text

from django.utils.importlib import import_module
@@ -62,12 +63,12 @@ class SignatureExpired(BadSignature): 




def b64_encode(s):

    return base64.urlsafe_b64encode(smart_bytes(s)).decode('ascii').strip('=')

    return base64.urlsafe_b64encode(s).strip(b'=')





def b64_decode(s):

    pad = '=' * (-len(s) % 4)

    return base64.urlsafe_b64decode(smart_bytes(s + pad)).decode('ascii')

    pad = b'=' * (-len(s) % 4)

    return base64.urlsafe_b64decode(s + pad)





def base64_hmac(salt, value, key):
@@ -116,20 +117,20 @@ def dumps(obj, key=None, salt='django.core.signing', serializer=JSONSerializer, 
    value or re-using a salt value across different parts of your

    application without good cause is a security risk.

    """

    data = serializer().dumps(obj)

    data = force_bytes(serializer().dumps(obj))



    # Flag for if it's been compressed or not

    is_compressed = False



    if compress:

        # Avoid zlib dependency unless compress is being used

        compressed = zlib.compress(smart_bytes(data))

        compressed = zlib.compress(data)

        if len(compressed) < (len(data) - 1):

            data = compressed

            is_compressed = True

    base64d = b64_encode(data)

    if is_compressed:

        base64d = '.' + base64d

        base64d = b'.' + base64d

    return TimestampSigner(key, salt=salt).sign(base64d)
@@ -137,37 +138,45 @@ def loads(s, key=None, salt='django.core.signing', serializer=JSONSerializer, ma 
    """

    Reverse of dumps(), raises BadSignature if signature fails

    """

    base64d = TimestampSigner(key, salt=salt).unsign(s, max_age=max_age)

    # TimestampSigner.unsign always returns unicode but base64 and zlib

    # compression operate on bytes.

    base64d = force_bytes(TimestampSigner(key, salt=salt).unsign(s, max_age=max_age))

    decompress = False

    if base64d[0] == '.':

    if base64d[0] == b'.':

        # It's compressed; uncompress it first

        base64d = base64d[1:]

        decompress = True

    data = b64_decode(base64d)

    if decompress:

        data = zlib.decompress(data)

    return serializer().loads(data)

    return serializer().loads(force_str(data))





class Signer(object):



    def __init__(self, key=None, sep=':', salt=None):

        self.sep = sep

        self.key = key or settings.SECRET_KEY

        self.salt = salt or ('%s.%s' %

            (self.__class__.__module__, self.__class__.__name__))

        # Use of native strings in all versions of Python

        self.sep = str(sep)

        self.key = str(key or settings.SECRET_KEY)

        self.salt = str(salt or

            '%s.%s' % (self.__class__.__module__, self.__class__.__name__))



    def signature(self, value):

        return base64_hmac(self.salt + 'signer', value, self.key)

        signature = base64_hmac(self.salt + 'signer', value, self.key)

        # Convert the signature from bytes to str only on Python 3

        return force_str(signature)



    def sign(self, value):

        return '%s%s%s' % (value, self.sep, self.signature(value))

        value = force_str(value)

        return str('%s%s%s') % (value, self.sep, self.signature(value))



    def unsign(self, signed_value):

        signed_value = force_str(signed_value)

        if not self.sep in signed_value:

            raise BadSignature('No "%s" found in value' % self.sep)

        value, sig = signed_value.rsplit(self.sep, 1)

        if constant_time_compare(sig, self.signature(value)):

            return value

            return force_text(value)

        raise BadSignature('Signature "%s" does not match' % sig)
@@ -177,8 +186,9 @@ class TimestampSigner(Signer): 
        return baseconv.base62.encode(int(time.time()))



    def sign(self, value):

        value = '%s%s%s' % (value, self.sep, self.timestamp())

        return '%s%s%s' % (value, self.sep, self.signature(value))

        value = force_str(value)

        value = str('%s%s%s') % (value, self.sep, self.timestamp())

        return super(TimestampSigner, self).sign(value)



    def unsign(self, value, max_age=None):

        result =  super(TimestampSigner, self).unsign(value)

tests/regressiontests/signing/tests.py

+12 −8
Original line number Diff line number Diff line
@@ -4,8 +4,8 @@ import time 


from django.core import signing

from django.test import TestCase

from django.utils.encoding import force_str

from django.utils import six

from django.utils.encoding import force_text





class TestSigner(TestCase):
@@ -22,7 +22,7 @@ class TestSigner(TestCase): 
            self.assertEqual(

                signer.signature(s),

                signing.base64_hmac(signer.salt + 'signer', s,

                    'predictable-secret')

                    'predictable-secret').decode()

            )

            self.assertNotEqual(signer.signature(s), signer2.signature(s))
@@ -32,7 +32,8 @@ class TestSigner(TestCase): 
        self.assertEqual(

            signer.signature('hello'),

                signing.base64_hmac('extra-salt' + 'signer',

                'hello', 'predictable-secret'))

                'hello', 'predictable-secret').decode()

            )

        self.assertNotEqual(

            signing.Signer('predictable-secret', salt='one').signature('hello'),

            signing.Signer('predictable-secret', salt='two').signature('hello'))
@@ -40,17 +41,20 @@ class TestSigner(TestCase): 
    def test_sign_unsign(self):

        "sign/unsign should be reversible"

        signer = signing.Signer('predictable-secret')

        examples = (

        examples = [

            'q;wjmbk;wkmb',

            '3098247529087',

            '3098247:529:087:',

            'jkw osanteuh ,rcuh nthu aou oauh ,ud du',

            '\u2019',

        )

        ]

        if not six.PY3:

            examples.append(b'a byte string')

        for example in examples:

            self.assertNotEqual(

                force_text(example), force_text(signer.sign(example)))

            self.assertEqual(example, signer.unsign(signer.sign(example)))

            signed = signer.sign(example)

            self.assertIsInstance(signed, str)

            self.assertNotEqual(force_str(example), signed)

            self.assertEqual(example, signer.unsign(signed))



    def unsign_detects_tampering(self):

        "unsign should raise an exception if the value has been tampered with"