Separator check fails #87

baratrion · 2017-07-19T09:23:42Z

I'm able to inadvertently create a signature that contains separator itself.

See:

In [21]: s = Signer('secret-key', sep='_')

In [22]: signed = s.sign('foobar')

In [23]: signed
Out[23]: 'foobar_bM9Ftq9n87nl0Xc_Rs9orkssfJ0'

In [24]: s.unsign(signed)
---------------------------------------------------------------------------
BadSignature                              Traceback (most recent call last)
<ipython-input-24-ea5a1a92fab7> in <module>()
----> 1 s.unsign(signed)

/Users/catalbas/envs/token-test/lib/python2.7/site-packages/itsdangerous.pyc in unsign(self, signed_value)
    372             return value
    373         raise BadSignature('Signature %r does not match' % sig,
--> 374                            payload=value)
    375 
    376     def validate(self, signed_value):

BadSignature: Signature 'Rs9orkssfJ0' does not match

The text was updated successfully, but these errors were encountered:

RyanSquared · 2018-02-22T15:33:12Z

please make sure that you are running a version that at least contains these lines: https://github.com/pallets/itsdangerous/blob/master/itsdangerous.py#L322-L326

davidism · 2018-02-22T16:32:58Z

This will be resolved in the next release.

davidism closed this as completed Feb 22, 2018

pallets locked as resolved and limited conversation to collaborators Feb 22, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Separator check fails #87

Separator check fails #87

baratrion commented Jul 19, 2017

RyanSquared commented Feb 22, 2018

davidism commented Feb 22, 2018

Separator check fails #87

Separator check fails #87

Comments

baratrion commented Jul 19, 2017

RyanSquared commented Feb 22, 2018

davidism commented Feb 22, 2018