arno/isso
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

disable zlib compression in signer

Browse Source
This commit is contained in:
Martin Zimmermann 2014-07-25 10:55:01 +02:00
parent d41ab31b3d
commit 090c01bf8a
3 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
isso/tests/test_utils.py
View File

@ -2,6 +2,8 @@
import unittest import unittest
import itsdangerous
from isso import utils from isso import utils
from isso.utils import parse from isso.utils import parse
@ -19,6 +21,22 @@ class TestUtils(unittest.TestCase):
self.assertEqual(utils.anonymize(addr), anonymized) self.assertEqual(utils.anonymize(addr), anonymized)
class TestURLSafeTimedSerializer(unittest.TestCase):
def test_serializer(self):
signer = utils.URLSafeTimedSerializer("")
payload = [1, "x" * 1024]
self.assertEqual(signer.loads(signer.dumps(payload)), payload)
def test_nocompression(self):
plain = utils.URLSafeTimedSerializer("")
zlib = itsdangerous.URLSafeTimedSerializer("")
payload = "x" * 1024
self.assertTrue(zlib.dumps(payload).startswith("."))
self.assertNotEqual(plain.dumps(payload), zlib.dumps(payload))
class TestParse(unittest.TestCase): class TestParse(unittest.TestCase):
def test_thread(self): def test_thread(self):

21
isso/utils/__init__.py
View File

@ -6,8 +6,11 @@ import pkg_resources
werkzeug = pkg_resources.get_distribution("werkzeug") werkzeug = pkg_resources.get_distribution("werkzeug")
import json import json
import base64
import hashlib import hashlib
from itsdangerous import BadPayload, TimedSerializer, compact_json
from werkzeug.wrappers import Request, Response from werkzeug.wrappers import Request, Response
from werkzeug.exceptions import BadRequest from werkzeug.exceptions import BadRequest
@ -103,3 +106,21 @@ class JSONResponse(Response):
kwargs["content_type"] = "application/json" kwargs["content_type"] = "application/json"
super(JSONResponse, self).__init__( super(JSONResponse, self).__init__(
json.dumps(obj).encode("utf-8"), *args, **kwargs) json.dumps(obj).encode("utf-8"), *args, **kwargs)
class URLSafeTimedSerializer(TimedSerializer):
default_serializer = compact_json
def load_payload(self, payload):
try:
json = base64.b64decode(payload + b"=" * (len(payload) % 4))
except Exception as e:
raise BadPayload('Could not base64 decode the payload because of '
'an exception', original_error=e)
return super(TimedSerializer, self).load_payload(json)
def dump_payload(self, obj):
json = super(TimedSerializer, self).dump_payload(obj)
return base64.b64encode(json)

2
isso/views/api.py
View File

@ -50,6 +50,7 @@ def xhr(func):
return dec return dec
def auth(func): def auth(func):
"""A decorator to check the validity of an auth cookie.""" """A decorator to check the validity of an auth cookie."""
@ -65,6 +66,7 @@ def auth(func):
return dec return dec
class API(object): class API(object):
# comment fields, that can be submitted # comment fields, that can be submitted