diff options
| author | Bert JW Regeer <bert.regeer@absio.com> | 2013-10-26 21:06:50 -0600 |
|---|---|---|
| committer | Bert JW Regeer <bert.regeer@absio.com> | 2013-10-26 21:19:24 -0600 |
| commit | 1c0db5f78473bed04dd9aa972fe53c683a02d8eb (patch) | |
| tree | ce54b53b00ceca5784391bc38637b2a427d03808 | |
| parent | a4492a9bbe0a58aaed68f12657d3ddf979d22921 (diff) | |
| download | pyramid-1c0db5f78473bed04dd9aa972fe53c683a02d8eb.tar.gz pyramid-1c0db5f78473bed04dd9aa972fe53c683a02d8eb.tar.bz2 pyramid-1c0db5f78473bed04dd9aa972fe53c683a02d8eb.zip | |
digestmod() has to accept a parameter in certain cases
Due to line 69 in hmac.py in the Python standard library (2.7) it
expects to be able to call the digestmod function with the current key
if the key passed in exceeds the block size in length.
This fixes the code so that digestmod can accept string as an extra
parameter, which is passed through to hashlib.new()
[1]: http://hg.python.org/cpython/file/2.7/Lib/hmac.py#l69
| -rw-r--r-- | pyramid/session.py | 2 | ||||
| -rw-r--r-- | pyramid/tests/test_session.py | 18 |
2 files changed, 19 insertions, 1 deletions
diff --git a/pyramid/session.py b/pyramid/session.py index 9e0733661..d3a4113b9 100644 --- a/pyramid/session.py +++ b/pyramid/session.py @@ -565,7 +565,7 @@ def SignedCookieSessionFactory( if deserialize is None: deserialize = pickle.loads - digestmod = lambda: hashlib.new(hashalg) + digestmod = lambda string=b'': hashlib.new(hashalg, string) digest_size = digestmod().digest_size salted_secret = bytes_(salt or '') + bytes_(secret) diff --git a/pyramid/tests/test_session.py b/pyramid/tests/test_session.py index c13d3ce5c..048bf2c01 100644 --- a/pyramid/tests/test_session.py +++ b/pyramid/tests/test_session.py @@ -370,6 +370,24 @@ class TestSignedCookieSession(SharedCookieSessionTests, unittest.TestCase): session = self._makeOne(request) self.assertEqual(session, {}) + def test_very_long_key(self): + verylongkey = b'a' * 1024 + import webob + request = testing.DummyRequest() + session = self._makeOne(request, secret=verylongkey) + session['a'] = 1 + callbacks = request.response_callbacks + self.assertEqual(len(callbacks), 1) + response = webob.Response() + + try: + result = callbacks[0](request, response) + except TypeError as e: + self.fail('HMAC failed to initialize due to key length.') + + self.assertEqual(result, None) + self.assertTrue('Set-Cookie' in dict(response.headerlist)) + class TestUnencryptedCookieSession(SharedCookieSessionTests, unittest.TestCase): def setUp(self): super(TestUnencryptedCookieSession, self).setUp() |