Switch from pickle to jsonpickle

oauth2client/contrib/django_util/views.py

@@ -22,7 +22,6 @@
 import hashlib
 import json
 import os
-import pickle
 
 from django import http
 from django import shortcuts
@@ -36,6 +35,8 @@
 from oauth2client.contrib.django_util import get_storage
 from oauth2client.contrib.django_util import signals
 
+import jsonpickle
+
 _CSRF_KEY = 'google_oauth2_csrf_token'
 _FLOW_KEY = 'google_oauth2_flow_{0}'
 
@@ -71,7 +72,7 @@ def _make_flow(request, scopes, return_url=None):
             urlresolvers.reverse("google_oauth:callback")))
 
     flow_key = _FLOW_KEY.format(csrf_token)
-    request.session[flow_key] = pickle.dumps(flow)
+    request.session[flow_key] = jsonpickle.encode(flow)
     return flow
 
 
@@ -89,7 +90,7 @@ def _get_flow_for_token(csrf_token, request):
         CSRF token.
     """
     flow_pickle = request.session.get(_FLOW_KEY.format(csrf_token), None)
-    return None if flow_pickle is None else pickle.loads(flow_pickle)
+    return None if flow_pickle is None else jsonpickle.decode(flow_pickle)
 
 
 def oauth2_callback(request):

tests/contrib/django_util/test_views.py

@@ -152,8 +152,8 @@ def setUp(self):
         self.user = User.objects.create_user(
             username='bill', email='bill@example.com', password='hunter2')
 
-    @mock.patch('oauth2client.contrib.django_util.views.pickle')
-    def test_callback_works(self, pickle):
+    @mock.patch('oauth2client.contrib.django_util.views.jsonpickle')
+    def test_callback_works(self, jsonpickle):
         request = self.factory.get('oauth2/oauth2callback', data={
             'state': json.dumps(self.fake_state),
             'code': 123
@@ -169,9 +169,11 @@ def test_callback_works(self, pickle):
             redirect_uri=request.build_absolute_uri("oauth2/oauth2callback"))
 
         name = 'google_oauth2_flow_{0}'.format(self.CSRF_TOKEN)
-        self.session[name] = pickle.dumps(flow)
+        self.session[name] = jsonpickle.encode(flow)
+        self.session['google_oauth2_flow_{0}'.format(self.CSRF_TOKEN)] \
+            = jsonpickle.encode(flow)
         flow.step2_exchange = mock.Mock()
-        pickle.loads.return_value = flow
+        jsonpickle.decode.return_value = flow
 
         request.session = self.session
         request.user = self.user
@@ -181,8 +183,8 @@ def test_callback_works(self, pickle):
             response.status_code, django.http.HttpResponseRedirect.status_code)
         self.assertEqual(response['Location'], self.RETURN_URL)
 
-    @mock.patch('oauth2client.contrib.django_util.views.pickle')
-    def test_callback_handles_bad_flow_exchange(self, pickle):
+    @mock.patch('oauth2client.contrib.django_util.views.jsonpickle')
+    def test_callback_handles_bad_flow_exchange(self, jsonpickle):
         request = self.factory.get('oauth2/oauth2callback', data={
             "state": json.dumps(self.fake_state),
             "code": 123
@@ -197,14 +199,15 @@ def test_callback_handles_bad_flow_exchange(self, pickle):
             state=json.dumps(self.fake_state),
             redirect_uri=request.build_absolute_uri('oauth2/oauth2callback'))
 
-        session_key = 'google_oauth2_flow_{0}'.format(self.CSRF_TOKEN)
-        self.session[session_key] = pickle.dumps(flow)
+
+        session_key ='google_oauth2_flow_{0}'.format(self.CSRF_TOKEN)
+        self.session[session_key] = jsonpickle.encode(flow)
 
         def local_throws(code):
             raise FlowExchangeError('test')
 
         flow.step2_exchange = local_throws
-        pickle.loads.return_value = flow
+        jsonpickle.decode.return_value = flow
 
         request.session = self.session
         response = views.oauth2_callback(request)

tox.ini

@@ -14,6 +14,7 @@ basedeps = mock>=1.3.0
 deps = {[testenv]basedeps}
        django
        keyring
+       jsonpickle
 setenv =
     pypy: with_gmp=no
     DJANGO_SETTINGS_MODULE=tests.contrib.django_util.settings