Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

itsdangerous throws BadSignatureException when using URLSafeSerializer with '_' separator #55

Closed
tjerkw opened this issue Dec 16, 2015 · 2 comments
Closed

itsdangerous throws BadSignatureException when using URLSafeSerializer with '_' separator #55

tjerkw opened this issue Dec 16, 2015 · 2 comments

Comments

@tjerkw
Copy link

tjerkw commented Dec 16, 2015

This code fails:

def test(count=1030):
    import itsdangerous
    secret = 'test'
    s = itsdangerous.URLSafeSerializer(secret, signer_kwargs={'sep': '_'})
    for i in xrange(count):
        val = gen_random_string(len=3)
        s.loads(s.dumps(val))

Improvment: let itsdangerous throw an exception if an invalid seperator is used.
@tjerkw
Copy link
Author

tjerkw commented Dec 16, 2015

I also thought the string has BASE64 + sep + BASE64, but apparently that's not the case.

@davidism
Copy link
Member

I can't reproduce this issue. _ (and any character not used by base64) is a valid separator. I think it's reasonable to assume the user isn't picking a character that will be used by the encoding.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 9, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tjerkw @davidism