mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 01:25:32 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #30360 -- Added support for secret key rotation.

Browse Source 
Thanks Florian Apolloner for the implementation idea.

Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
This commit is contained in:
tschilling
2021-12-13 21:47:03 -06:00
committed by Mariusz Felisiak
parent ba4a6880d1
commit 0dcd549bbe
18 changed files with 364 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
tests/signing/tests.py
View File

@@ -1,7 +1,7 @@
import datetime
from django.core import signing
from django.test import SimpleTestCase
from django.test import SimpleTestCase, override_settings
from django.test.utils import freeze_time
from django.utils.crypto import InvalidAlgorithm
@@ -178,6 +178,39 @@ class TestSigner(SimpleTestCase):
with self.assertRaisesMessage(ValueError, msg % sep):
signing.Signer(sep=sep)
def test_verify_with_non_default_key(self):
old_signer = signing.Signer('secret')
new_signer = signing.Signer('newsecret', fallback_keys=['othersecret', 'secret'])
signed = old_signer.sign('abc')
self.assertEqual(new_signer.unsign(signed), 'abc')
def test_sign_unsign_multiple_keys(self):
"""The default key is a valid verification key."""
signer = signing.Signer('secret', fallback_keys=['oldsecret'])
signed = signer.sign('abc')
self.assertEqual(signer.unsign(signed), 'abc')
@override_settings(
SECRET_KEY='secret',
SECRET_KEY_FALLBACKS=['oldsecret'],
)
def test_sign_unsign_ignore_secret_key_fallbacks(self):
old_signer = signing.Signer('oldsecret')
signed = old_signer.sign('abc')
signer = signing.Signer(fallback_keys=[])
with self.assertRaises(signing.BadSignature):
signer.unsign(signed)
@override_settings(
SECRET_KEY='secret',
SECRET_KEY_FALLBACKS=['oldsecret'],
)
def test_default_keys_verification(self):
old_signer = signing.Signer('oldsecret')
signed = old_signer.sign('abc')
signer = signing.Signer()
self.assertEqual(signer.unsign(signed), 'abc')
class TestTimestampSigner(SimpleTestCase):