Ticket #16182: 16182-increased-signing-precision-3.diff
File 16182-increased-signing-precision-3.diff, 3.1 KB (added by , 13 years ago) |
---|
-
django/core/signing.py
158 158 159 159 160 160 class TimestampSigner(Signer): 161 def __init__(self, *args, **kwargs): 162 self.time_func = kwargs.pop('time', time.time) 163 super(TimestampSigner, self).__init__(*args, **kwargs) 164 161 165 def timestamp(self): 162 return baseconv.base62.encode(int( time.time()))166 return baseconv.base62.encode(int(self.time_func() * 10000)) 163 167 164 168 def sign(self, value): 165 169 value = smart_str('%s%s%s' % (value, self.sep, self.timestamp())) … … 168 172 def unsign(self, value, max_age=None): 169 173 result = super(TimestampSigner, self).unsign(value) 170 174 value, timestamp = result.rsplit(self.sep, 1) 171 timestamp = baseconv.base62.decode(timestamp) 175 timestamp = baseconv.base62.decode(timestamp) / 10000.0 172 176 if max_age is not None: 173 177 # Check timestamp is not older than max_age 174 age = time.time() - timestamp178 age = self.time_func() - timestamp 175 179 if age > max_age: 176 180 raise SignatureExpired( 177 181 'Signature age %s > %s seconds' % (age, max_age)) -
tests/regressiontests/signing/tests.py
98 98 99 99 def test_timestamp_signer(self): 100 100 value = u'hello' 101 _time = time.time 102 time.time = lambda: 123456789 103 try: 104 signer = signing.TimestampSigner('predictable-key') 105 ts = signer.sign(value) 106 self.assertNotEqual(ts, 107 signing.Signer('predictable-key').sign(value)) 101 signer = signing.TimestampSigner('predictable-key', 102 time=lambda: 123456789) 103 ts = signer.sign(value) 104 self.assertNotEqual(ts, 105 signing.Signer('predictable-key').sign(value)) 108 106 109 self.assertEqual(signer.unsign(ts), value) 110 time.time = lambda: 123456800 111 self.assertEqual(signer.unsign(ts, max_age=12), value) 112 self.assertEqual(signer.unsign(ts, max_age=11), value) 113 self.assertRaises( 114 signing.SignatureExpired, signer.unsign, ts, max_age=10) 115 finally: 116 time.time = _time 107 self.assertEqual(signer.unsign(ts), value) 108 signer = signing.TimestampSigner('predictable-key', 109 time=lambda: 123456800) 110 self.assertEqual(signer.unsign(ts, max_age=12), value) 111 self.assertEqual(signer.unsign(ts, max_age=11), value) 112 self.assertRaises( 113 signing.SignatureExpired, signer.unsign, ts, max_age=10) 114 115 def test_timestamp_precision(self): 116 one = signing.TimestampSigner('key', time=lambda: 123.4567).sign('v') 117 two = signing.TimestampSigner('key', time=lambda: 123.4568).sign('v') 118 self.assertNotEqual(one, two)