Ticket #12417: ticket12417-v7.diff

django/conf/global_settings.py

@@ -476 +476 @@
 # The number of days a password reset link is valid for
 PASSWORD_RESET_TIMEOUT_DAYS = 3
 
+###########
+# SIGNING #
+###########
+
+SIGNING_BACKEND = 'django.core.signing.TimestampSigner'
+
 ########
 # CSRF #
 ########

new file django/core/signing.py

@@ +1 @@
+"""
+Functions for creating and restoring url-safe signed JSON objects.
+
+The format used looks like this:
+
+>>> signed.dumps("hello")
+'ImhlbGxvIg.RjVSUCt6S64WBilMYxG89-l0OA8'
+
+There are two components here, separatad by a '.'. The first component is a
+URLsafe base64 encoded JSON of the object passed to dumps(). The second
+component is a base64 encoded hmac/SHA1 hash of "$first_component.$secret"
+
+signed.loads(s) checks the signature and returns the deserialised object.
+If the signature fails, a BadSignature exception is raised.
+
+>>> signed.loads("ImhlbGxvIg.RjVSUCt6S64WBilMYxG89-l0OA8")
+u'hello'
+>>> signed.loads("ImhlbGxvIg.RjVSUCt6S64WBilMYxG89-l0OA8-modified")
+...
+BadSignature: Signature failed: RjVSUCt6S64WBilMYxG89-l0OA8-modified
+
+You can optionally compress the JSON prior to base64 encoding it to save
+space, using the compress=True argument. This checks if compression actually
+helps and only applies compression if the result is a shorter string:
+
+>>> signed.dumps(range(1, 20), compress=True)
+'.eJwFwcERACAIwLCF-rCiILN47r-GyZVJsNgkxaFxoDgxcOHGxMKD_T7vhAml.oFq6lAAEbkHXBHfGnVX7Qx6NlZ8'
+
+The fact that the string is compressed is signalled by the prefixed '.' at the
+start of the base64 JSON.
+
+There are 65 url-safe characters: the 64 used by url-safe base64 and the '.'.
+These functions make use of all of them.
+"""
+import base64
+import time
+import zlib
+
+from django.conf import settings
+from django.core.exceptions import ImproperlyConfigured
+from django.utils import baseconv, simplejson
+from django.utils.crypto import constant_time_compare, salted_hmac
+from django.utils.encoding import force_unicode, smart_str
+from django.utils.importlib import import_module
+
+
+class BadSignature(Exception):
+    """
+    Signature does not match
+    """
+    pass
+
+
+class SignatureExpired(BadSignature):
+    """
+    Signature timestamp is older than required max_age
+    """
+    pass
+
+
+def b64_encode(s):
+    return base64.urlsafe_b64encode(s).strip('=')
+
+
+def b64_decode(s):
+    pad = '=' * (-len(s) % 4)
+    return base64.urlsafe_b64decode(s + pad)
+
+
+def base64_hmac(salt, value, key):
+    return b64_encode(salted_hmac(salt, value, key).digest())
+
+
+def get_cookie_signer(salt='django.core.signing.get_cookie_signer'):
+    modpath = settings.SIGNING_BACKEND
+    module, attr = modpath.rsplit('.', 1)
+    try:
+        mod = import_module(module)
+    except ImportError, e:
+        raise ImproperlyConfigured(
+            'Error importing cookie signer %s: "%s"' % (modpath, e))
+    try:
+        Signer = getattr(mod, attr)
+    except AttributeError, e:
+        raise ImproperlyConfigured(
+            'Error importing cookie signer %s: "%s"' % (modpath, e))
+    return Signer('django.http.cookies' + settings.SECRET_KEY, salt=salt)
+
+
+def dumps(obj, key=None, salt='django.core.signing', compress=False):
+    """
+    Returns URL-safe, sha1 signed base64 compressed JSON string. If key is
+    None, settings.SECRET_KEY is used instead.
+
+    If compress is True (not the default) checks if compressing using zlib can
+    save some space. Prepends a '.' to signify compression. This is included
+    in the signature, to protect against zip bombs.
+
+    salt can be used to further salt the hash, in case you're worried
+    that the NSA might try to brute-force your SHA-1 protected secret.
+    """
+    json = simplejson.dumps(obj, separators=(',', ':'))
+
+    # Flag for if it's been compressed or not
+    is_compressed = False
+
+    if compress:
+        # Avoid zlib dependency unless compress is being used
+        compressed = zlib.compress(json)
+        if len(compressed) < (len(json) - 1):
+            json = compressed
+            is_compressed = True
+    base64d = b64_encode(json)
+    if is_compressed:
+        base64d = '.' + base64d
+    return TimestampSigner(key, salt=salt).sign(base64d)
+
+
+def loads(s, key=None, salt='django.core.signing', max_age=None):
+    """
+    Reverse of dumps(), raises BadSignature if signature fails
+    """
+    base64d = smart_str(
+        TimestampSigner(key, salt=salt).unsign(s, max_age=max_age))
+    decompress = False
+    if base64d[0] == '.':
+        # It's compressed; uncompress it first
+        base64d = base64d[1:]
+        decompress = True
+    json = b64_decode(base64d)
+    if decompress:
+        json = zlib.decompress(json)
+    return simplejson.loads(json)
+
+
+class Signer(object):
+    def __init__(self, key=None, sep=':', salt=None):
+        self.sep = sep
+        self.key = key or settings.SECRET_KEY
+        self.salt = salt or ('%s.%s' %
+            (self.__class__.__module__, self.__class__.__name__))
+
+    def signature(self, value):
+        return base64_hmac(self.salt + 'signer', value, self.key)
+
+    def sign(self, value):
+        value = smart_str(value)
+        return '%s%s%s' % (value, self.sep, self.signature(value))
+
+    def unsign(self, signed_value):
+        signed_value = smart_str(signed_value)
+        if not self.sep in signed_value:
+            raise BadSignature('No "%s" found in value' % self.sep)
+        value, sig = signed_value.rsplit(self.sep, 1)
+        if constant_time_compare(sig, self.signature(value)):
+            return force_unicode(value)
+        raise BadSignature('Signature "%s" does not match' % sig)
+
+
+class TimestampSigner(Signer):
+    def timestamp(self):
+        return baseconv.base62.encode(int(time.time()))
+
+    def sign(self, value):
+        value = smart_str('%s%s%s' % (value, self.sep, self.timestamp()))
+        return '%s%s%s' % (value, self.sep, self.signature(value))
+
+    def unsign(self, value, max_age=None):
+        result =  super(TimestampSigner, self).unsign(value)
+        value, timestamp = result.rsplit(self.sep, 1)
+        timestamp = baseconv.base62.decode(timestamp)
+        if max_age is not None:
+            # Check timestamp is not older than max_age
+            age = time.time() - timestamp
+            if age > max_age:
+                raise SignatureExpired(
+                    'Signature age %s > %s seconds' % (age, max_age))
+        return value

django/http/__init__.py

@@ -122 +122 @@
 from django.utils.http import cookie_date
 from django.http.multipartparser import MultiPartParser
 from django.conf import settings
+from django.core import signing
 from django.core.files import uploadhandler
 from utils import *
 
@@ -132 +133 @@
 class Http404(Exception):
     pass
 
+RAISE_ERROR = object()
+
 class HttpRequest(object):
     """A basic HTTP request."""
 
@@ -170 +173 @@
         # Rather than crash if this doesn't happen, we encode defensively.
         return '%s%s' % (self.path, self.META.get('QUERY_STRING', '') and ('?' + iri_to_uri(self.META.get('QUERY_STRING', ''))) or '')
 
+    def get_signed_cookie(self, key, default=RAISE_ERROR, salt='', max_age=None):
+        """
+        Attempts to return a signed cookie. If the signature fails or the
+        cookie has expired, raises an exception... unless you provide the
+        default argument in which case that value will be returned instead.
+        """
+        try:
+            cookie_value = self.COOKIES[key].encode('utf-8')
+        except KeyError:
+            if default is not RAISE_ERROR:
+                return default
+            else:
+                raise
+        try:
+            value = signing.get_cookie_signer(salt=key + salt).unsign(
+                cookie_value, max_age=max_age)
+        except signing.BadSignature:
+            if default is not RAISE_ERROR:
+                return default
+            else:
+                raise
+        return value
+
     def build_absolute_uri(self, location=None):
         """
         Builds an absolute URI from the location and the variables available in
@@ -584 +610 @@
         if httponly:
             self.cookies[key]['httponly'] = True
 
+    def set_signed_cookie(self, key, value, salt='', **kwargs):
+        value = signing.get_cookie_signer(salt=key + salt).sign(value)
+        return self.set_cookie(key, value, **kwargs)
+
     def delete_cookie(self, key, path='/', domain=None):
         self.set_cookie(key, max_age=0, path=path, domain=domain,
                         expires='Thu, 01-Jan-1970 00:00:00 GMT')
@@ -686 +716 @@
         return unicode(s, encoding, 'replace')
     else:
         return s
-

new file django/utils/baseconv.py

@@ +1 @@
+# Copyright (c) 2010 Taurinus Collective. All rights reserved.
+# Copyright (c) 2009 Simon Willison. All rights reserved.
+# Copyright (c) 2002 Drew Perttula. All rights reserved.
+#
+# License:
+#   Python Software Foundation License version 2
+#
+# See the file "LICENSE" for terms & conditions for usage, and a DISCLAIMER OF
+# ALL WARRANTIES.
+#
+# This Baseconv distribution contains no GNU General Public Licensed (GPLed)
+# code so it may be used in proprietary projects just like prior ``baseconv``
+# distributions.
+#
+# All trademarks referenced herein are property of their respective holders.
+#
+
+"""
+Convert numbers from base 10 integers to base X strings and back again.
+
+Sample usage::
+
+  >>> base20 = BaseConverter('0123456789abcdefghij')
+  >>> base20.encode(1234)
+  '31e'
+  >>> base20.decode('31e')
+  1234
+  >>> base20.encode(-1234)
+  '-31e'
+  >>> base20.decode('-31e')
+  -1234
+  >>> base11 = BaseConverter('0123456789-', sign='$')
+  >>> base11.encode('$1234')
+  '$-22'
+  >>> base11.decode('$-22')
+  '$1234'
+
+"""
+
+BASE2_ALPHABET = '01'
+BASE16_ALPHABET = '0123456789ABCDEF'
+BASE56_ALPHABET = '23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnpqrstuvwxyz'
+BASE36_ALPHABET = '0123456789abcdefghijklmnopqrstuvwxyz'
+BASE62_ALPHABET = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+BASE64_ALPHABET = BASE62_ALPHABET + '-_'
+
+class BaseConverter(object):
+    decimal_digits = '0123456789'
+
+    def __init__(self, digits, sign='-'):
+        self.sign = sign
+        self.digits = digits
+        if sign in self.digits:
+            raise ValueError('Sign character found in converter base digits.')
+
+    def __repr__(self):
+        return "<BaseConverter: base%s (%s)>" % (len(self.digits), self.digits)
+
+    def encode(self, i):
+        neg, value = self.convert(i, self.decimal_digits, self.digits, '-')
+        if neg:
+            return self.sign + value
+        return value
+
+    def decode(self, s):
+        neg, value = self.convert(s, self.digits, self.decimal_digits, self.sign)
+        if neg:
+            value = '-' + value
+        return int(value)
+
+    def convert(self, number, from_digits, to_digits, sign):
+        if str(number)[0] == sign:
+            number = str(number)[1:]
+            neg = 1
+        else:
+            neg = 0
+
+        # make an integer out of the number
+        x = 0
+        for digit in str(number):
+            x = x * len(from_digits) + from_digits.index(digit)
+
+        # create the result in base 'len(to_digits)'
+        if x == 0:
+            res = to_digits[0]
+        else:
+            res = ''
+            while x > 0:
+                digit = x % len(to_digits)
+                res = to_digits[digit] + res
+                x = int(x / len(to_digits))
+        return neg, res
+
+base2 = BaseConverter(BASE2_ALPHABET)
+base16 = BaseConverter(BASE16_ALPHABET)
+base36 = BaseConverter(BASE36_ALPHABET)
+base56 = BaseConverter(BASE56_ALPHABET)
+base62 = BaseConverter(BASE62_ALPHABET)
+base64 = BaseConverter(BASE64_ALPHABET, sign='$')

docs/index.txt

@@ -171 +171 @@
     * :doc:`Comments <ref/contrib/comments/index>` | :doc:`Moderation <ref/contrib/comments/moderation>` | :doc:`Custom comments <ref/contrib/comments/custom>`
     * :doc:`Content types <ref/contrib/contenttypes>`
     * :doc:`Cross Site Request Forgery protection <ref/contrib/csrf>`
+    * :doc:`Cryptographic signing <topics/signing>`
     * :doc:`Databrowse <ref/contrib/databrowse>`
     * :doc:`E-mail (sending) <topics/email>`
     * :doc:`Flatpages <ref/contrib/flatpages>`

docs/ref/request-response.txt

@@ -240 +240 @@
 
    Example: ``"http://example.com/music/bands/the_beatles/?print=true"``
 
+.. method:: HttpRequest.get_signed_cookie(key, default=RAISE_ERROR, salt='', max_age=None)
+
+   .. versionadded:: 1.4
+
+   Returns a cookie value for a signed cookie, or raises a
+   :class:`~django.core.signing.BadSignature` exception if the signature is
+   no longer valid. If you provide the ``default`` argument the exception
+   will be suppressed and that default value will be returned instead.
+
+   The optional ``salt`` argument can be used to provide extra protection
+   against brute force attacks on your secret key. If supplied, the
+   ``max_age`` argument will be checked against the signed timestamp
+   attached to the cookie value to ensure the cookie is not older than
+   ``max_age`` seconds.
+
+   For example::
+
+          >>> request.get_signed_cookie('name')
+          'Tony'
+          >>> request.get_signed_cookie('name', salt='name-salt')
+          'Tony' # assuming cookie was set using the same salt
+          >>> request.get_signed_cookie('non-existing-cookie')
+          ...
+          KeyError: 'non-existing-cookie'
+          >>> request.get_signed_cookie('non-existing-cookie', False)
+          False
+          >>> request.get_signed_cookie('cookie-that-was-tampered-with')
+          ...
+          BadSignature: ...
+          >>> request.get_signed_cookie('name', max_age=60)
+          ...
+          SignatureExpired: Signature age 1677.3839159 > 60 seconds
+          >>> request.get_signed_cookie('name', False, max_age=60)
+          False
+
+   See :ref:`cryptographic signing <topics-signing>` for more information.
+
 .. method:: HttpRequest.is_secure()
 
    Returns ``True`` if the request is secure; that is, if it was made with
@@ -618 +655 @@
     .. _`cookie Morsel`: http://docs.python.org/library/cookie.html#Cookie.Morsel
     .. _HTTPOnly: http://www.owasp.org/index.php/HTTPOnly
 
+.. method:: HttpResponse.set_signed_cookie(key, value='', salt='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=False)
+
+    .. versionadded:: 1.4
+
+    Like :meth:`~HttpResponse.set_cookie()`, but
+    :ref:`cryptographically signs <topics-signing>` the cookie before setting
+    it. Use in conjunction with :meth:`HttpRequest.get_signed_cookie`.
+    You can use the optional ``salt`` argument for added key strength, but
+    you will need to remember to pass it to the corresponding
+    :meth:`HttpRequest.get_signed_cookie` call.
+
 .. method:: HttpResponse.delete_cookie(key, path='/', domain=None)
 
     Deletes the cookie with the given key. Fails silently if the key doesn't

docs/ref/settings.txt

@@ -1647 +1647 @@
 
 See also ``DATE_FORMAT`` and ``SHORT_DATETIME_FORMAT``.
 
+.. setting:: SIGNING_BACKEND
+
+SIGNING_BACKEND
+---------------
+
+.. versionadded:: 1.4
+
+Default: 'django.core.signing.TimestampSigner'
+
+The backend used for signing cookies and other data.
+
+See also the :ref:`topics-signing` documentation.
+
 .. setting:: SITE_ID
 
 SITE_ID

docs/topics/http/shortcuts.txt

@@ -89 +89 @@
 ``render_to_response``
 ======================
 
-.. function:: render_to_response(template_name[, dictionary][, context_instance][, mimetype])
+.. function:: render_to_response(template[, dictionary][, context_instance][, mimetype])
 
    Renders a given template with a given context dictionary and returns an
    :class:`~django.http.HttpResponse` object with that rendered text.
@@ -97 +97 @@
 Required arguments
 ------------------
 
-``template_name``
+``template``
     The full name of a template to use or sequence of template names. If a
     sequence is given, the first template that exists will be used. See the
     :ref:`template loader documentation <ref-templates-api-the-python-api>`

docs/topics/http/views.txt

@@ -8 +8 @@
 . . or anything, really. The view itself contains whatever arbitrary logic is
 necessary to return that response. This code can live anywhere you want, as long
 as it's on your Python path. There's no other requirement--no "magic," so to
-speak. For the sake of putting the code *somewhere*, the convention is to
-put views in a file called ``views.py``, placed in your project or
-application directory.
+speak. For the sake of putting the code *somewhere*, let's create a file called
+``views.py`` in the ``mysite`` directory, which you created in the previous
+chapter.
 
 A simple view
 =============
@@ -47 +47 @@
       exceptions, but we'll get to those later.)
 
 .. admonition:: Django's Time Zone
-
+    
     Django includes a ``TIME_ZONE`` setting that defaults to
     ``America/Chicago``. This probably isn't where you live, so you might want
     to change it in your settings file.

docs/topics/index.txt

@@ -18 +18 @@
    auth
    cache
    conditional-view-processing
+   signing
    email
    i18n/index
    logging

new file docs/topics/signing.txt

@@ +1 @@
+.. _topics-signing:
+
+=====================
+Cryptographic signing
+=====================
+
+.. module:: django.core.signing
+   :synopsis: Django's signing framework.
+
+.. versionadded:: 1.4
+
+The golden rule of Web application security is to never trust data from
+untrusted sources. Sometimes it can be useful to pass data through an
+untrusted medium. Cryptographically signed values can be passed through an
+untrusted channel safe in the knowledge that any tampering will be detected.
+
+Django provides both a low-level API for signing values and a high-level API
+for setting and reading signed cookies, one of the most common uses of
+signing in Web applications.
+
+You may also find signing useful for the following:
+
+    * Generating "recover my account" URLs for sending to users who have
+      lost their password.
+
+    * Ensuring data stored in hidden form fields has not been tampered with.
+
+    * Generating one-time secret URLs for allowing temporary access to a
+      protected resource, for example a downloadable file that a user has
+      paid for.
+
+Protecting the SECRET_KEY
+=========================
+
+When you create a new Django project using :djadmin:`startproject`, the
+``settings.py`` file it generates automatically gets a random
+:setting:`SECRET_KEY` value. This value is the key to securing signed
+data -- it is vital you keep this secure, or attackers could use it to
+generate their own signed values.
+
+Using the low-level API
+=======================
+
+.. class:: Signer
+
+Django's signing methods live in the ``django.core.signing`` module.
+To sign a value, first instantiate a ``Signer`` instance::
+
+    >>> from django.core.signing import Signer
+    >>> signer = Signer()
+    >>> value = signer.sign('My string')
+    >>> value
+    'My string:GdMGD6HNQ_qdgxYP8yBZAdAIV1w'
+
+The signature is appended to the end of the string, following the colon.
+You can retrieve the original value using the ``unsign`` method::
+
+    >>> original = signer.unsign(value)
+    >>> original
+    u'My string'
+
+If the signature or value have been altered in any way, a
+``django.core.signing.BadSigature`` exception will be raised::
+
+    >>> value += 'm'
+    >>> try:
+    ...    original = signer.unsign(value)
+    ... except signing.BadSignature:
+    ...    print "Tampering detected!"
+
+By default, the ``Signer`` class uses the :setting:`SECRET_KEY` setting to
+generate signatures. You can use a different secret by passing it to the
+``Signer`` constructor::
+
+    >>> signer = Signer('my-other-secret')
+    >>> value = signer.sign('My string')
+    >>> value
+    'My string:EkfQJafvGyiofrdGnuthdxImIJw'
+
+Using the salt argument
+-----------------------
+
+If you do not wish to use the same key for every signing operation in your
+application, you can use the optional ``salt`` argument to the ``Signer``
+class to further strengthen your :setting:`SECRET_KEY` against brute force
+attacks. Using a salt will cause a new key to be derived from both the salt
+and your :setting:`SECRET_KEY`::
+
+    >>> signer = Signer()
+    >>> signer.sign('My string')
+    'My string:GdMGD6HNQ_qdgxYP8yBZAdAIV1w'
+    >>> signer = Signer(salt='extra')
+    >>> signer.sign('My string')
+    'My string:Ee7vGi-ING6n02gkcJ-QLHg6vFw'
+    >>> signer.unsign('My string:Ee7vGi-ING6n02gkcJ-QLHg6vFw')
+    u'My string'
+
+Unlike your :setting:`SECRET_KEY`, your salt argument does not need to stay
+secret.
+
+Verifying timestamped values
+----------------------------
+
+.. class:: TimestampSigner
+
+``TimestampSigner`` is a subclass of :class:`~Signer` that appends a signed
+timestamp to the value. This allows you to confirm that a signed value was
+created within a specified period of time::
+
+    >>> from django.core.signing import TimestampSigner
+    >>> signer = TimestampSigner()
+    >>> value = signer.sign('hello')
+    >>> value
+    'hello:1NMg5H:oPVuCqlJWmChm1rA2lyTUtelC-c'
+    >>> signer.unsign(value)
+    u'hello'
+    >>> signer.unsign(value, max_age=10)
+    ...
+    SignatureExpired: Signature age 15.5289158821 > 10 seconds
+    >>> signer.unsign(value, max_age=20)
+    u'hello'
+
+Protecting complex data structures
+----------------------------------
+
+If you wish to protect a list, tuple or dictionary you can do so using the
+signing module's dumps and loads functions. These imitate Python's pickle
+module, but uses JSON serialization under the hood. JSON ensures that even
+if your :setting:`SECRET_KEY` is stolen an attacker will not be able to
+execute arbitrary commands by exploiting the pickle format.::
+
+    >>> from django.core import signing
+    >>> value = signing.dumps({"foo": "bar"})
+    >>> value
+    'eyJmb28iOiJiYXIifQ:1NMg1b:zGcDE4-TCkaeGzLeW9UQwZesciI'
+    >>> signing.loads(value)
+    {'foo': 'bar'}

docs/topics/testing.txt

@@ -1385 +1385 @@
             response = self.client.get('/sekrit/')
             self.assertRedirects(response, '/accounts/login/?next=/sekrit/')
 
-            # Then override the LOGIN_URL setting
+            # Then override the LOGING_URL setting
             with self.settings(LOGIN_URL='/other/login/'):
                 response = self.client.get('/sekrit/')
                 self.assertRedirects(response, '/other/login/?next=/sekrit/')
@@ -1438 +1438 @@
 .. note::
 
     When overriding settings make sure to also handle the cases in which
-    Django or your app's code uses a cache or similar feature that retains
+    Django or your app's code use a cache or another feature that retain
     state even if the setting is changed. Django provides the
     :data:`django.test.signals.setting_changed` signal to connect cleanup
-    and other state-resetting callbacks to.
+    and other state resetting callbacks to.
 
 .. _`Python context manager`: http://www.python.org/dev/peps/pep-0343/
 .. _`decorator`: http://www.python.org/dev/peps/pep-0318/

new file tests/regressiontests/signed_cookies_tests/models.py

@@ +1 @@
+# models.py file for tests to run.

new file tests/regressiontests/signed_cookies_tests/tests.py

@@ +1 @@
+import time
+
+from django.core import signing
+from django.http import HttpRequest, HttpResponse
+from django.test import TestCase
+
+class SignedCookieTest(TestCase):
+
+    def test_can_set_and_read_signed_cookies(self):
+        response = HttpResponse()
+        response.set_signed_cookie('c', 'hello')
+        self.assertIn('c', response.cookies)
+        self.assertTrue(response.cookies['c'].value.startswith('hello:'))
+        request = HttpRequest()
+        request.COOKIES['c'] = response.cookies['c'].value
+        value = request.get_signed_cookie('c')
+        self.assertEqual(value, u'hello')
+
+    def test_can_use_salt(self):
+        response = HttpResponse()
+        response.set_signed_cookie('a', 'hello', salt='one')
+        request = HttpRequest()
+        request.COOKIES['a'] = response.cookies['a'].value
+        value = request.get_signed_cookie('a', salt='one')
+        self.assertEqual(value, u'hello')
+        self.assertRaises(signing.BadSignature,
+            request.get_signed_cookie, 'a', salt='two')
+
+    def test_detects_tampering(self):
+        response = HttpResponse()
+        response.set_signed_cookie('c', 'hello')
+        request = HttpRequest()
+        request.COOKIES['c'] = response.cookies['c'].value[:-2] + '$$'
+        self.assertRaises(signing.BadSignature,
+            request.get_signed_cookie, 'c')
+
+    def test_default_argument_supresses_exceptions(self):
+        response = HttpResponse()
+        response.set_signed_cookie('c', 'hello')
+        request = HttpRequest()
+        request.COOKIES['c'] = response.cookies['c'].value[:-2] + '$$'
+        self.assertEqual(request.get_signed_cookie('c', default=None), None)
+
+    def test_max_age_argument(self):
+        value = u'hello'
+        _time = time.time
+        time.time = lambda: 123456789
+        try:
+            response = HttpResponse()
+            response.set_signed_cookie('c', value)
+            request = HttpRequest()
+            request.COOKIES['c'] = response.cookies['c'].value
+            self.assertEqual(request.get_signed_cookie('c'), value)
+
+            time.time = lambda: 123456800
+            self.assertEqual(request.get_signed_cookie('c', max_age=12), value)
+            self.assertEqual(request.get_signed_cookie('c', max_age=11), value)
+            self.assertRaises(signing.SignatureExpired,
+                request.get_signed_cookie, 'c', max_age = 10)
+        finally:
+            time.time = _time

new file tests/regressiontests/signing/models.py

@@ +1 @@
+# models.py file for tests to run.

new file tests/regressiontests/signing/tests.py

@@ +1 @@
+import time
+
+from django.core import signing
+from django.test import TestCase
+from django.utils.encoding import force_unicode
+
+class TestSigner(TestCase):
+
+    def test_signature(self):
+        "signature() method should generate a signature"
+        signer = signing.Signer('predictable-secret')
+        signer2 = signing.Signer('predictable-secret2')
+        for s in (
+            'hello',
+            '3098247:529:087:',
+            u'\u2019'.encode('utf8'),
+        ):
+            self.assertEqual(
+                signer.signature(s),
+                signing.base64_hmac(signer.salt + 'signer', s,
+                    'predictable-secret')
+            )
+            self.assertNotEqual(signer.signature(s), signer2.signature(s))
+
+    def test_signature_with_salt(self):
+        "signature(value, salt=...) should work"
+        signer = signing.Signer('predictable-secret', salt='extra-salt')
+        self.assertEqual(
+            signer.signature('hello'),
+                signing.base64_hmac('extra-salt' + 'signer',
+                'hello', 'predictable-secret'))
+        self.assertNotEqual(
+            signing.Signer('predictable-secret', salt='one').signature('hello'),
+            signing.Signer('predictable-secret', salt='two').signature('hello'))
+
+    def test_sign_unsign(self):
+        "sign/unsign should be reversible"
+        signer = signing.Signer('predictable-secret')
+        examples = (
+            'q;wjmbk;wkmb',
+            '3098247529087',
+            '3098247:529:087:',
+            'jkw osanteuh ,rcuh nthu aou oauh ,ud du',
+            u'\u2019',
+        )
+        for example in examples:
+            self.assertNotEqual(
+                force_unicode(example), force_unicode(signer.sign(example)))
+            self.assertEqual(example, signer.unsign(signer.sign(example)))
+
+    def unsign_detects_tampering(self):
+        "unsign should raise an exception if the value has been tampered with"
+        signer = signing.Signer('predictable-secret')
+        value = 'Another string'
+        signed_value = signer.sign(value)
+        transforms = (
+            lambda s: s.upper(),
+            lambda s: s + 'a',
+            lambda s: 'a' + s[1:],
+            lambda s: s.replace(':', ''),
+        )
+        self.assertEqual(value, signer.unsign(signed_value))
+        for transform in transforms:
+            self.assertRaises(
+                signing.BadSignature, signer.unsign, transform(signed_value))
+
+    def test_dumps_loads(self):
+        "dumps and loads be reversible for any JSON serializable object"
+        objects = (
+            ['a', 'list'],
+            'a string',
+            u'a unicode string \u2019',
+            {'a': 'dictionary'},
+        )
+        for o in objects:
+            self.assertNotEqual(o, signing.dumps(o))
+            self.assertEqual(o, signing.loads(signing.dumps(o)))
+
+    def test_decode_detects_tampering(self):
+        "loads should raise exception for tampered objects"
+        transforms = (
+            lambda s: s.upper(),
+            lambda s: s + 'a',
+            lambda s: 'a' + s[1:],
+            lambda s: s.replace(':', ''),
+        )
+        value = {
+            'foo': 'bar',
+            'baz': 1,
+        }
+        encoded = signing.dumps(value)
+        self.assertEqual(value, signing.loads(encoded))
+        for transform in transforms:
+            self.assertRaises(
+                signing.BadSignature, signing.loads, transform(encoded))
+
+class TestTimestampSigner(TestCase):
+
+    def test_timestamp_signer(self):
+        value = u'hello'
+        _time = time.time
+        time.time = lambda: 123456789
+        try:
+            signer = signing.TimestampSigner('predictable-key')
+            ts = signer.sign(value)
+            self.assertNotEqual(ts,
+                signing.Signer('predictable-key').sign(value))
+
+            self.assertEqual(signer.unsign(ts), value)
+            time.time = lambda: 123456800
+            self.assertEqual(signer.unsign(ts, max_age=12), value)
+            self.assertEqual(signer.unsign(ts, max_age=11), value)
+            self.assertRaises(
+                signing.SignatureExpired, signer.unsign, ts, max_age=10)
+        finally:
+            time.time = _time

new file tests/regressiontests/utils/baseconv.py

@@ +1 @@
+from unittest import TestCase
+from django.utils.baseconv import base2, base16, base36, base56, base62, base64, BaseConverter
+
+class TestBaseConv(TestCase):
+
+    def test_baseconv(self):
+        nums = [-10 ** 10, 10 ** 10] + range(-100, 100)
+        for converter in [base2, base16, base36, base56, base62, base64]:
+            for i in nums:
+                self.assertEqual(i, converter.decode(converter.encode(i)))
+
+    def test_base11(self):
+        base11 = BaseConverter('0123456789-', sign='$')
+        self.assertEqual(base11.encode(1234), '-22')
+        self.assertEqual(base11.decode('-22'), 1234)
+        self.assertEqual(base11.encode(-1234), '$-22')
+        self.assertEqual(base11.decode('$-22'), -1234)
+
+    def test_base20(self):
+        base20 = BaseConverter('0123456789abcdefghij')
+        self.assertEqual(base20.encode(1234), '31e')
+        self.assertEqual(base20.decode('31e'), 1234)
+        self.assertEqual(base20.encode(-1234), '-31e')
+        self.assertEqual(base20.decode('-31e'), -1234)
+
+    def test_base64(self):
+        self.assertEqual(base64.encode(1234), 'JI')
+        self.assertEqual(base64.decode('JI'), 1234)
+        self.assertEqual(base64.encode(-1234), '$JI')
+        self.assertEqual(base64.decode('$JI'), -1234)
+
+    def test_base7(self):
+        base7 = BaseConverter('cjdhel3', sign='g')
+        self.assertEqual(base7.encode(1234), 'hejd')
+        self.assertEqual(base7.decode('hejd'), 1234)
+        self.assertEqual(base7.encode(-1234), 'ghejd')
+        self.assertEqual(base7.decode('ghejd'), -1234)
+
+    def test_exception(self):
+        self.assertRaises(ValueError, BaseConverter, 'abc', sign='a')
+        self.assertTrue(isinstance(BaseConverter('abc', sign='d'), BaseConverter))

tests/regressiontests/utils/tests.py

@@ -17 +17 @@
 from datastructures import *
 from tzinfo import *
 from datetime_safe import *
+from baseconv import *