[Django] #25460: Inconsistent behaviour from TimestampSigner with two different separators
Django
------------------------------+---------------------
Reporter: alexbarcelo | Owner: nobody
Type: Bug | Status: new
Component: Core (Other) | Version: 1.8
Severity: Normal | Keywords: signing
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+---------------------
I haven't been able to make exhaustive test, bad I seem to have a
consistent failure that I cannot explain.
Break code:
{{{
signer = TimestampSigner(sep=":")
signer.unsign("kapo99:1ZfASc:UeDD0RvkDeC7qHNrI9HettcfRCQ", max_age=9999)
# Should be valid, but:
signer = TimestampSigner(sep="/")
signer.unsign("kapo99/1ZfASc/UeDD0RvkDeC7qHNrI9HettcfRCQ", max_age=9999)
# Fails with BadSignature
}}}
The secret key of my installation is (yes, not very original as a
development key):
{{{
SECRET_KEY="development_secret_key"
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/25460>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: alexbarcelo | Owner: nobody
Type: Bug | Status: closed
Component: Core (Other) | Version: 1.8
Keywords: signing | Triage Stage: Unreviewed
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timgraham):
* status: new => closed
* needs_better_patch: => 0
* resolution: => invalid
* needs_tests: => 0
* needs_docs: => 0
Comment:
The signature "UeDD0RvkDeC7qHNrI9HettcfRCQ" is based on the value
"kapo99:1ZfASc". Now in the second case, the value as changed to
"kapo99/1ZfASc" so the same signature won't work.
--
Ticket URL: <https://code.djangoproject.com/ticket/25460#comment:1>