Permalink
Browse files

- Backport from master: The AuthTktCookieHelper could potentially gen…

…erate

  Unicode headers inappropriately when the ``tokens`` argument to remember
  was used.  See #314.

References issue #314.
  • Loading branch information...
1 parent 28f21cd commit 4791d7b555c6f3fcbc3efaaa566fcf8423105cd3 @mcdonc mcdonc committed Nov 20, 2011
Showing with 17 additions and 6 deletions.
  1. +4 −0 CHANGES.txt
  2. +4 −1 pyramid/authentication.py
  3. +9 −5 pyramid/tests/test_authentication.py
View
@@ -26,6 +26,10 @@ Bug Fixes
- Backport from master: fix ``request.json_body`` to deal with alternate
request charsets.
+- Backport from master: The AuthTktCookieHelper could potentially generate
+ Unicode headers inappropriately when the ``tokens`` argument to remember
+ was used. See https://github.com/Pylons/pyramid/pull/314.
+
Testing
-------
@@ -723,7 +723,8 @@ def remember(self, request, userid, max_age=None, tokens=()):
encoding, encoder = encoding_data
userid = encoder(userid)
user_data = 'userid_type:%s' % encoding
-
+
+ new_tokens = []
for token in tokens:
if isinstance(token, unicode):
try:
@@ -732,6 +733,8 @@ def remember(self, request, userid, max_age=None, tokens=()):
pass
if not (isinstance(token, str) and VALID_TOKEN.match(token)):
raise ValueError("Invalid token %r" % (token,))
+ new_tokens.append(token)
+ tokens = tuple(new_tokens)
if hasattr(request, '_authtkt_reissued'):
request._authtkt_reissue_revoked = True
@@ -699,7 +699,7 @@ def test_identify_cookie_reissue_with_tokens_default(self):
request.callbacks[0](None, response)
self.assertEqual(len(response.headerlist), 3)
self.assertEqual(response.headerlist[0][0], 'Set-Cookie')
- self.assertTrue("'tokens': []" in response.headerlist[0][1])
+ self.assertTrue("'tokens': ()" in response.headerlist[0][1])
def test_remember(self):
helper = self._makeOne('secret')
@@ -900,16 +900,20 @@ def test_remember_tokens(self):
self.assertEqual(result[2][0], 'Set-Cookie')
self.assertTrue("'tokens': ('foo', 'bar')" in result[2][1])
- def test_remember_token_unicode_with_ascii_data(self):
+ def test_remember_unicode_but_ascii_token(self):
helper = self._makeOne('secret')
request = self._makeRequest()
- helper.remember(request, 'other', tokens=(u'foo',))
+ la = unicode('foo', 'utf-8')
+ result = helper.remember(request, 'other', tokens=(la,))
+ # tokens must be str type on both Python 2 and 3
+ self.assertTrue("'tokens': ('foo',)" in result[0][1])
- def test_remember_token_full_on_unicode(self):
+ def test_remember_nonascii_token(self):
helper = self._makeOne('secret')
request = self._makeRequest()
+ la = unicode('La Pe\xc3\xb1a', 'utf-8')
self.assertRaises(ValueError, helper.remember, request, 'other',
- tokens=(u'f\u1234',))
+ tokens=(la,))
def test_remember_invalid_token_format(self):
helper = self._makeOne('secret')

0 comments on commit 4791d7b

Please sign in to comment.