Opened 7 years ago

Closed 7 years ago

#25460 closed Bug (invalid)

Inconsistent behaviour from TimestampSigner with two different separators

Reported by: Alex Barcelo Owned by: nobody
Component: Core (Other) Version: 1.8
Severity: Normal Keywords: signing
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I haven't been able to make exhaustive test, bad I seem to have a consistent failure that I cannot explain.

Break code:

signer = TimestampSigner(sep=":") 
signer.unsign("kapo99:1ZfASc:UeDD0RvkDeC7qHNrI9HettcfRCQ", max_age=9999)
# Should be valid, but:
signer = TimestampSigner(sep="/") 
signer.unsign("kapo99/1ZfASc/UeDD0RvkDeC7qHNrI9HettcfRCQ", max_age=9999)
# Fails with BadSignature

The secret key of my installation is (yes, not very original as a development key):

SECRET_KEY="development_secret_key"

Change History (1)

comment:1 Changed 7 years ago by Tim Graham

Resolution: invalid
Status: newclosed

The signature "UeDD0RvkDeC7qHNrI9HettcfRCQ" is based on the value "kapo99:1ZfASc". Now in the second case, the value as changed to "kapo99/1ZfASc" so the same signature won't work.

Note: See TracTickets for help on using tickets.
Back to Top