[Checkins] SVN: zope.session/trunk/src/zope/session/http.py call encode() on the input to the hmac.new function for Python 2.6 compatability, since unicode is no longer accepted as input.
Kevin Teague
kevin at bud.ca
Mon Feb 16 19:14:44 EST 2009
Log message for revision 96614:
call encode() on the input to the hmac.new function for Python 2.6 compatability, since unicode is no longer accepted as input.
Changed:
U zope.session/trunk/src/zope/session/http.py
-=-
Modified: zope.session/trunk/src/zope/session/http.py
===================================================================
--- zope.session/trunk/src/zope/session/http.py 2009-02-16 23:09:49 UTC (rev 96613)
+++ zope.session/trunk/src/zope/session/http.py 2009-02-17 00:14:43 UTC (rev 96614)
@@ -280,6 +280,14 @@
>>> bim.getRequestId(request) == bim.getRequestId(request2)
True
+ Test a corner case where Python 2.6 hmac module does not allow
+ unicode as input:
+
+ >>> id_uni = unicode(bim.generateUniqueId())
+ >>> bim.setRequestId(request, id_uni)
+ >>> bim.getRequestId(request) == id_uni
+ True
+
If another server is managing the ClientId cookies (Apache, Nginx)
we're returning their value without checking:
@@ -289,7 +297,7 @@
>>> request3._cookies = {'uid': 'AQAAf0Y4gjgAAAQ3AwMEAg=='}
>>> bim.getRequestId(request3)
'AQAAf0Y4gjgAAAQ3AwMEAg=='
-
+
"""
response_cookie = request.response.getCookie(self.namespace)
if response_cookie:
@@ -309,8 +317,12 @@
if sid is None or len(sid) != 54:
return None
s, mac = sid[:27], sid[27:]
- if (digestEncode(hmac.new(s, self.secret, digestmod=sha).digest())
- != mac):
+
+ # call encode() on value s a workaround a bug where the hmac
+ # module only accepts str() types in Python 2.6
+ if (digestEncode(hmac.new(
+ s.encode(), self.secret, digestmod=sha
+ ).digest()) != mac):
return None
else:
return sid
More information about the Checkins
mailing list