Release release-2021-07-22-18.32: test: Fix safe_sessions comments and add pinning test (#28249) · openedx/openedx-platform

release-2021-07-22-18.32
503e3d1
Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23
Expired

Verified
Learn about vigilant mode
Choose a tag to compare

Filter

View all tags

release-2021-07-22-18.32: test: Fix safe_sessions comments and add pinning test (#28249)

release-2021-07-22-18.32
503e3d1
Choose a tag to compare

Filter

View all tags
Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23
Expired

Verified
Learn about vigilant mode

timmc-edx tagged this 22 Jul 21:09

Add pinning test for SafeCookieData values, and update SafeSessions
middleware comments to match code.

Main comment changes:

- Fix description of cookie structure:
    - Specify hash algorithm (SHA256, not "H")
    - Don't try to describe internals of TimestampSigner; description was
      incorrect in several ways: Did not include string delimiters under
      base64 (there's JSON in there); did not include the actual MAC
      portion. Just describe general effect and shape of output.
    - Add missing trailing pipe delimiter in signed data hash input
- Use phrase "intermediate key" rather than the less familiar term "usage
  key"

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Uh oh!