mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-06-05 11:39:13 +00:00
Code Issues 32 Releases Wiki Activity

Refs #22804 -- Made an unsafe value of 'sep' in Signer an exception.

Browse Source 
Per deprecation timeline.
This commit is contained in:
Tim Graham 2015-09-05 10:31:09 -04:00
parent 9114fe8ada
commit e6cfa08f2d
2 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
django/core/signing.py
View File

@ -40,13 +40,11 @@ import datetime
import json import json
import re import re
import time import time
import warnings
import zlib import zlib
from django.conf import settings from django.conf import settings
from django.utils import baseconv from django.utils import baseconv
from django.utils.crypto import constant_time_compare, salted_hmac from django.utils.crypto import constant_time_compare, salted_hmac
from django.utils.deprecation import RemovedInDjango110Warning
from django.utils.encoding import force_bytes, force_str, force_text from django.utils.encoding import force_bytes, force_str, force_text
from django.utils.module_loading import import_string from django.utils.module_loading import import_string
@ -158,8 +156,10 @@ class Signer(object):
self.key = key or settings.SECRET_KEY self.key = key or settings.SECRET_KEY
self.sep = force_str(sep) self.sep = force_str(sep)
if _SEP_UNSAFE.match(self.sep): if _SEP_UNSAFE.match(self.sep):
warnings.warn('Unsafe Signer separator: %r (cannot be empty or consist of only A-z0-9-_=)' % sep, raise ValueError(
RemovedInDjango110Warning) 'Unsafe Signer separator: %r (cannot be empty or consist of '
'only A-z0-9-_=)' % sep,
)
self.salt = force_str(salt or self.salt = force_str(salt or
'%s.%s' % (self.__class__.__module__, self.__class__.__name__)) '%s.%s' % (self.__class__.__module__, self.__class__.__name__))

8
tests/signing/tests.py
View File

@ -1,7 +1,6 @@
from __future__ import unicode_literals from __future__ import unicode_literals
import datetime import datetime
import warnings
from django.core import signing from django.core import signing
from django.test import SimpleTestCase from django.test import SimpleTestCase
@ -121,14 +120,11 @@ class TestSigner(SimpleTestCase):
def test_invalid_sep(self): def test_invalid_sep(self):
"""should warn on invalid separator""" """should warn on invalid separator"""
msg = 'Unsafe Signer separator: %r (cannot be empty or consist of only A-z0-9-_=)'
separators = ['', '-', 'abc'] separators = ['', '-', 'abc']
for sep in separators: for sep in separators:
with warnings.catch_warnings(record=True) as recorded: with self.assertRaisesMessage(ValueError, msg % sep):
warnings.simplefilter('always')
signing.Signer(sep=sep) signing.Signer(sep=sep)
self.assertEqual(len(recorded), 1)
msg = str(recorded[0].message)
self.assertTrue(msg.startswith('Unsafe Signer separator'))
class TestTimestampSigner(SimpleTestCase): class TestTimestampSigner(SimpleTestCase):