Skip to content

saving session raises an exception from itsdangerous #2956

Closed
Closed
saving session raises an exception from itsdangerous#2956
@rasteroid

Description

@rasteroid
rasteroid
opened on Oct 19, 2018

Expected Behavior

Login form is rendered correctly

return render_template('login.html', form=LoginForm())

Actual Behavior

We've reviewed this using pdb; it seems that the return value from dumps isn't always bytes, and when serializing the csrf_token on the second pass it comes back as dict.

Traceback (most recent call last):
  File "C:\Users\jburke\AppData\Local\Continuum\anaconda3\lib\site-packages\flask\app.py", line 2308, in __call__
    return self.wsgi_app(environ, start_response)
  File "C:\Users\jburke\AppData\Local\Continuum\anaconda3\lib\site-packages\beaker\middleware.py", line 156, in __call__
    return self.wrap_app(environ, session_start_response)
  File "C:\Users\jburke\AppData\Local\Continuum\anaconda3\lib\site-packages\flask\app.py", line 2294, in wsgi_app
    response = self.handle_exception(e)
  File "C:\Users\jburke\AppData\Local\Continuum\anaconda3\lib\site-packages\flask\app.py", line 1739, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "C:\Users\jburke\AppData\Local\Continuum\anaconda3\lib\site-packages\flask\_compat.py", line 35, in reraise
    raise value
  File "C:\Users\jburke\AppData\Local\Continuum\anaconda3\lib\site-packages\flask\app.py", line 2291, in wsgi_app
    response = self.full_dispatch_request()
  File "C:\Users\jburke\AppData\Local\Continuum\anaconda3\lib\site-packages\flask\app.py", line 1815, in full_dispatch_request
    return self.finalize_request(rv)
  File "C:\Users\jburke\AppData\Local\Continuum\anaconda3\lib\site-packages\flask\app.py", line 1832, in finalize_request
    response = self.process_response(response)
  File "C:\Users\jburke\AppData\Local\Continuum\anaconda3\lib\site-packages\flask\app.py", line 2113, in process_response
    self.session_interface.save_session(self, ctx.session, response)
  File "C:\Users\jburke\AppData\Local\Continuum\anaconda3\lib\site-packages\flask\sessions.py", line 375, in save_session
    val = self.get_signing_serializer(app).dumps(dict(session))
  File "C:\Users\jburke\AppData\Local\Continuum\anaconda3\lib\site-packages\itsdangerous\serializer.py", line 114, in dumps
    payload = want_bytes(self.dump_payload(obj))
  File "C:\Users\jburke\AppData\Local\Continuum\anaconda3\lib\site-packages\itsdangerous\url_safe.py", line 45, in dump_payload
    compressed = zlib.compress(json)
TypeError: a bytes-like object is required, not 'dict'

The problem is the return from:

json = super(URLSafeSerializerMixin, self).dump_payload(obj)

and as mentioned above we see the key serialized with one serializer (TaggedJSONSerializer) which returns bytes, while the value itself appears to be serialized with another(_CompactJSON) which fails.

Environment

  • Python version: 3.6.5
  • Flask version: 1.0.2/1.1dev0
  • Werkzeug version: 0.14.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions