Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #16182: Increase timestamp precision on TimestampSigner. Thanks…

… to Eric Florenzano.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16356 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 44a2cbad35c9b43569ad3dcf43a3dd74dcd71953 1 parent 66436ad
@andrewgodwin andrewgodwin authored
Showing with 24 additions and 20 deletions.
  1. +7 −3 django/core/signing.py
  2. +17 −17 tests/regressiontests/signing/tests.py
View
10 django/core/signing.py
@@ -158,8 +158,12 @@ def unsign(self, signed_value):
class TimestampSigner(Signer):
+ def __init__(self, *args, **kwargs):
+ self.time_func = kwargs.pop('time', time.time)
+ super(TimestampSigner, self).__init__(*args, **kwargs)
+
def timestamp(self):
- return baseconv.base62.encode(int(time.time()))
+ return baseconv.base62.encode(int(self.time_func() * 10000))
def sign(self, value):
value = smart_str('%s%s%s' % (value, self.sep, self.timestamp()))
@@ -168,10 +172,10 @@ def sign(self, value):
def unsign(self, value, max_age=None):
result = super(TimestampSigner, self).unsign(value)
value, timestamp = result.rsplit(self.sep, 1)
- timestamp = baseconv.base62.decode(timestamp)
+ timestamp = baseconv.base62.decode(timestamp) / 10000.0
if max_age is not None:
# Check timestamp is not older than max_age
- age = time.time() - timestamp
+ age = self.time_func() - timestamp
if age > max_age:
raise SignatureExpired(
'Signature age %s > %s seconds' % (age, max_age))
View
34 tests/regressiontests/signing/tests.py
@@ -1,5 +1,3 @@
-import time
-
from django.core import signing
from django.test import TestCase
from django.utils.encoding import force_unicode
@@ -98,19 +96,21 @@ class TestTimestampSigner(TestCase):
def test_timestamp_signer(self):
value = u'hello'
- _time = time.time
- time.time = lambda: 123456789
- try:
- signer = signing.TimestampSigner('predictable-key')
- ts = signer.sign(value)
- self.assertNotEqual(ts,
- signing.Signer('predictable-key').sign(value))
+ signer = signing.TimestampSigner('predictable-key',
+ time=lambda: 123456789)
+ ts = signer.sign(value)
+ self.assertNotEqual(ts,
+ signing.Signer('predictable-key').sign(value))
- self.assertEqual(signer.unsign(ts), value)
- time.time = lambda: 123456800
- self.assertEqual(signer.unsign(ts, max_age=12), value)
- self.assertEqual(signer.unsign(ts, max_age=11), value)
- self.assertRaises(
- signing.SignatureExpired, signer.unsign, ts, max_age=10)
- finally:
- time.time = _time
+ self.assertEqual(signer.unsign(ts), value)
+ signer = signing.TimestampSigner('predictable-key',
+ time=lambda: 123456800)
+ self.assertEqual(signer.unsign(ts, max_age=12), value)
+ self.assertEqual(signer.unsign(ts, max_age=11), value)
+ self.assertRaises(
+ signing.SignatureExpired, signer.unsign, ts, max_age=10)
+
+ def test_timestamp_precision(self):
+ one = signing.TimestampSigner('key', time=lambda: 123.4567).sign('v')
+ two = signing.TimestampSigner('key', time=lambda: 123.4568).sign('v')
+ self.assertNotEqual(one, two)
Please sign in to comment.
Something went wrong with that request. Please try again.