disable zlib compression in signer

2014-07-25 10:55:01 +02:00 · 2014-07-25 10:55:01 +02:00 · 090c01bf8a
commit 090c01bf8a
parent d41ab31b3d
3 changed files with 41 additions and 0 deletions
--- a/isso/tests/test_utils.py
+++ b/isso/tests/test_utils.py
@ -2,6 +2,8 @@

 import unittest

+import itsdangerous
+
 from isso import utils
 from isso.utils import parse

@ -19,6 +21,22 @@ class TestUtils(unittest.TestCase):
            self.assertEqual(utils.anonymize(addr), anonymized)


+class TestURLSafeTimedSerializer(unittest.TestCase):
+
+    def test_serializer(self):
+        signer = utils.URLSafeTimedSerializer("")
+        payload = [1, "x" * 1024]
+        self.assertEqual(signer.loads(signer.dumps(payload)), payload)
+
+    def test_nocompression(self):
+        plain = utils.URLSafeTimedSerializer("")
+        zlib = itsdangerous.URLSafeTimedSerializer("")
+
+        payload = "x" * 1024
+        self.assertTrue(zlib.dumps(payload).startswith("."))
+        self.assertNotEqual(plain.dumps(payload), zlib.dumps(payload))
+
+
 class TestParse(unittest.TestCase):

    def test_thread(self):
--- a/isso/utils/init.py
+++ b/isso/utils/init.py
@ -6,8 +6,11 @@ import pkg_resources
 werkzeug = pkg_resources.get_distribution("werkzeug")

 import json
+import base64
 import hashlib

+from itsdangerous import BadPayload, TimedSerializer, compact_json
+
 from werkzeug.wrappers import Request, Response
 from werkzeug.exceptions import BadRequest

@ -103,3 +106,21 @@ class JSONResponse(Response):
        kwargs["content_type"] = "application/json"
        super(JSONResponse, self).__init__(
            json.dumps(obj).encode("utf-8"), *args, **kwargs)
+
+
+class URLSafeTimedSerializer(TimedSerializer):
+
+    default_serializer = compact_json
+
+    def load_payload(self, payload):
+        try:
+            json = base64.b64decode(payload + b"=" * (len(payload) % 4))
+        except Exception as e:
+            raise BadPayload('Could not base64 decode the payload because of '
+                             'an exception', original_error=e)
+
+        return super(TimedSerializer, self).load_payload(json)
+
+    def dump_payload(self, obj):
+        json = super(TimedSerializer, self).dump_payload(obj)
+        return base64.b64encode(json)
--- a/isso/views/api.py
+++ b/isso/views/api.py
@ -50,6 +50,7 @@ def xhr(func):

    return dec

+
 def auth(func):
    """A decorator to check the validity of an auth cookie."""

@ -65,6 +66,7 @@ def auth(func):

    return dec

+
 class API(object):

    # comment fields, that can be submitted