From 1c0db5f78473bed04dd9aa972fe53c683a02d8eb Mon Sep 17 00:00:00 2001 From: Bert JW Regeer Date: Sat, 26 Oct 2013 21:06:50 -0600 Subject: digestmod() has to accept a parameter in certain cases Due to line 69 in hmac.py in the Python standard library (2.7) it expects to be able to call the digestmod function with the current key if the key passed in exceeds the block size in length. This fixes the code so that digestmod can accept string as an extra parameter, which is passed through to hashlib.new() [1]: http://hg.python.org/cpython/file/2.7/Lib/hmac.py#l69 --- pyramid/session.py | 2 +- pyramid/tests/test_session.py | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/pyramid/session.py b/pyramid/session.py index 9e0733661..d3a4113b9 100644 --- a/pyramid/session.py +++ b/pyramid/session.py @@ -565,7 +565,7 @@ def SignedCookieSessionFactory( if deserialize is None: deserialize = pickle.loads - digestmod = lambda: hashlib.new(hashalg) + digestmod = lambda string=b'': hashlib.new(hashalg, string) digest_size = digestmod().digest_size salted_secret = bytes_(salt or '') + bytes_(secret) diff --git a/pyramid/tests/test_session.py b/pyramid/tests/test_session.py index c13d3ce5c..048bf2c01 100644 --- a/pyramid/tests/test_session.py +++ b/pyramid/tests/test_session.py @@ -370,6 +370,24 @@ class TestSignedCookieSession(SharedCookieSessionTests, unittest.TestCase): session = self._makeOne(request) self.assertEqual(session, {}) + def test_very_long_key(self): + verylongkey = b'a' * 1024 + import webob + request = testing.DummyRequest() + session = self._makeOne(request, secret=verylongkey) + session['a'] = 1 + callbacks = request.response_callbacks + self.assertEqual(len(callbacks), 1) + response = webob.Response() + + try: + result = callbacks[0](request, response) + except TypeError as e: + self.fail('HMAC failed to initialize due to key length.') + + self.assertEqual(result, None) + self.assertTrue('Set-Cookie' in dict(response.headerlist)) + class TestUnencryptedCookieSession(SharedCookieSessionTests, unittest.TestCase): def setUp(self): super(TestUnencryptedCookieSession, self).setUp() -- cgit v1.2.3 From 5d1f9cbf40309548edb445512f2f950a6d207354 Mon Sep 17 00:00:00 2001 From: Bert JW Regeer Date: Sat, 26 Oct 2013 21:27:04 -0600 Subject: Bring coverage back to 100% --- pyramid/tests/test_session.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyramid/tests/test_session.py b/pyramid/tests/test_session.py index 048bf2c01..a9f70d6a0 100644 --- a/pyramid/tests/test_session.py +++ b/pyramid/tests/test_session.py @@ -382,7 +382,7 @@ class TestSignedCookieSession(SharedCookieSessionTests, unittest.TestCase): try: result = callbacks[0](request, response) - except TypeError as e: + except TypeError as e: # pragma: no cover self.fail('HMAC failed to initialize due to key length.') self.assertEqual(result, None) -- cgit v1.2.3