From ec5226745f8f5161f89636e036e2b8efed216b74 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Thu, 27 Nov 2014 10:49:33 -0600 Subject: fix issue in auth_tkt parsing with the cookie type being unicode In webob the cookies are always unicode but the auth_tkt tests were expecting them to be a native string. This didn't manifest itself until we started using the ``hmac.compare_digest`` which fails if the types are not the same. Fixes #1477 --- pyramid/authentication.py | 2 +- pyramid/tests/test_authentication.py | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/pyramid/authentication.py b/pyramid/authentication.py index 09c8a2d3a..e0e241e52 100644 --- a/pyramid/authentication.py +++ b/pyramid/authentication.py @@ -740,7 +740,7 @@ def parse_ticket(secret, ticket, ip, hashalg='md5'): If the ticket cannot be parsed, a ``BadTicket`` exception will be raised with an explanation. """ - ticket = ticket.strip('"') + ticket = native_(ticket).strip('"') digest_size = hashlib.new(hashalg).digest_size * 2 digest = ticket[:digest_size] try: diff --git a/pyramid/tests/test_authentication.py b/pyramid/tests/test_authentication.py index e25e9faa1..920a7e65d 100644 --- a/pyramid/tests/test_authentication.py +++ b/pyramid/tests/test_authentication.py @@ -1211,26 +1211,26 @@ class Test_parse_ticket(unittest.TestCase): self._assertRaisesBadTicket('secret', ticket, '0.0.0.0') def test_correct_with_user_data(self): - ticket = '66f9cc3e423dc57c91df696cf3d1f0d80000000auserid!a,b!' + ticket = u'66f9cc3e423dc57c91df696cf3d1f0d80000000auserid!a,b!' result = self._callFUT('secret', ticket, '0.0.0.0') self.assertEqual(result, (10, 'userid', ['a', 'b'], '')) def test_correct_with_user_data_sha512(self): - ticket = '7d947cdef99bad55f8e3382a8bd089bb9dd0547f7925b7d189adc1160cab'\ - '0ec0e6888faa41eba641a18522b26f19109f3ffafb769767ba8a26d02aae'\ - 'ae56599a0000000auserid!a,b!' + ticket = u'7d947cdef99bad55f8e3382a8bd089bb9dd0547f7925b7d189adc1160ca'\ + 'b0ec0e6888faa41eba641a18522b26f19109f3ffafb769767ba8a26d02aa'\ + 'eae56599a0000000auserid!a,b!' result = self._callFUT('secret', ticket, '0.0.0.0', 'sha512') self.assertEqual(result, (10, 'userid', ['a', 'b'], '')) def test_ipv4(self): - ticket = 'b3e7156db4f8abde4439c4a6499a0668f9e7ffd7fa27b798400ecdade8d7'\ - '6c530000000auserid!' + ticket = u'b3e7156db4f8abde4439c4a6499a0668f9e7ffd7fa27b798400ecdade8d'\ + '76c530000000auserid!' result = self._callFUT('secret', ticket, '198.51.100.1', 'sha256') self.assertEqual(result, (10, 'userid', [''], '')) def test_ipv6(self): - ticket = 'd025b601a0f12ca6d008aa35ff3a22b7d8f3d1c1456c85becf8760cd7a2f'\ - 'a4910000000auserid!' + ticket = u'd025b601a0f12ca6d008aa35ff3a22b7d8f3d1c1456c85becf8760cd7a2'\ + 'fa4910000000auserid!' result = self._callFUT('secret', ticket, '2001:db8::1', 'sha256') self.assertEqual(result, (10, 'userid', [''], '')) pass -- cgit v1.2.3