Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #16182: Increase timestamp precision on TimestampSigner. Thanks…

… to Eric Florenzano.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16356 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 44a2cbad35c9b43569ad3dcf43a3dd74dcd71953 1 parent 66436ad
Andrew Godwin authored June 10, 2011
10  django/core/signing.py
@@ -158,8 +158,12 @@ def unsign(self, signed_value):
158 158
 
159 159
 
160 160
 class TimestampSigner(Signer):
  161
+    def __init__(self, *args, **kwargs):
  162
+        self.time_func = kwargs.pop('time', time.time)
  163
+        super(TimestampSigner, self).__init__(*args, **kwargs)
  164
+    
161 165
     def timestamp(self):
162  
-        return baseconv.base62.encode(int(time.time()))
  166
+        return baseconv.base62.encode(int(self.time_func() * 10000))
163 167
 
164 168
     def sign(self, value):
165 169
         value = smart_str('%s%s%s' % (value, self.sep, self.timestamp()))
@@ -168,10 +172,10 @@ def sign(self, value):
168 172
     def unsign(self, value, max_age=None):
169 173
         result =  super(TimestampSigner, self).unsign(value)
170 174
         value, timestamp = result.rsplit(self.sep, 1)
171  
-        timestamp = baseconv.base62.decode(timestamp)
  175
+        timestamp = baseconv.base62.decode(timestamp) / 10000.0
172 176
         if max_age is not None:
173 177
             # Check timestamp is not older than max_age
174  
-            age = time.time() - timestamp
  178
+            age = self.time_func() - timestamp
175 179
             if age > max_age:
176 180
                 raise SignatureExpired(
177 181
                     'Signature age %s > %s seconds' % (age, max_age))
34  tests/regressiontests/signing/tests.py
... ...
@@ -1,5 +1,3 @@
1  
-import time
2  
-
3 1
 from django.core import signing
4 2
 from django.test import TestCase
5 3
 from django.utils.encoding import force_unicode
@@ -98,19 +96,21 @@ class TestTimestampSigner(TestCase):
98 96
 
99 97
     def test_timestamp_signer(self):
100 98
         value = u'hello'
101  
-        _time = time.time
102  
-        time.time = lambda: 123456789
103  
-        try:
104  
-            signer = signing.TimestampSigner('predictable-key')
105  
-            ts = signer.sign(value)
106  
-            self.assertNotEqual(ts,
107  
-                signing.Signer('predictable-key').sign(value))
  99
+        signer = signing.TimestampSigner('predictable-key',
  100
+            time=lambda: 123456789)
  101
+        ts = signer.sign(value)
  102
+        self.assertNotEqual(ts,
  103
+            signing.Signer('predictable-key').sign(value))
108 104
 
109  
-            self.assertEqual(signer.unsign(ts), value)
110  
-            time.time = lambda: 123456800
111  
-            self.assertEqual(signer.unsign(ts, max_age=12), value)
112  
-            self.assertEqual(signer.unsign(ts, max_age=11), value)
113  
-            self.assertRaises(
114  
-                signing.SignatureExpired, signer.unsign, ts, max_age=10)
115  
-        finally:
116  
-            time.time = _time
  105
+        self.assertEqual(signer.unsign(ts), value)
  106
+        signer = signing.TimestampSigner('predictable-key',
  107
+            time=lambda: 123456800)
  108
+        self.assertEqual(signer.unsign(ts, max_age=12), value)
  109
+        self.assertEqual(signer.unsign(ts, max_age=11), value)
  110
+        self.assertRaises(
  111
+            signing.SignatureExpired, signer.unsign, ts, max_age=10)
  112
+    
  113
+    def test_timestamp_precision(self):
  114
+        one = signing.TimestampSigner('key', time=lambda: 123.4567).sign('v')
  115
+        two = signing.TimestampSigner('key', time=lambda: 123.4568).sign('v')
  116
+        self.assertNotEqual(one, two)

0 notes on commit 44a2cba

Please sign in to comment.
Something went wrong with that request. Please try again.