Switch ciphers to output urlsafe base64.

4 files changed, 12 insertions, 12 deletions

diff --git a/okupy/accounts/urls.py b/okupy/accounts/urls.py
index 7b86357..56e56a6 100644
--- a/okupy/accounts/urls.py
+++ b/okupy/accounts/urls.py
@@ -12,7 +12,7 @@ accounts_urlpatterns = patterns('',
     url(r'^former-devlist/$', v.lists, {'acc_list': 'former-devlist'}, name="former_developers"),
     url(r'^foundation-members/$', v.lists, {'acc_list': 'foundation-members'}, name="foundation_members"),
     url(r'^signup/$', v.signup),
-    url(r'^activate/(?P<token>[a-zA-Z0-9]+)/$', v.activate),
+    url(r'^activate/(?P<token>[a-zA-Z0-9-_]+)/$', v.activate),
     url(r'^otp-setup/$', v.otp_setup),
     url(r'^otp-qrcode.png$', v.otp_qrcode),
     url(r'^endpoint/$', v.openid_endpoint),
diff --git a/okupy/crypto/ciphers.py b/okupy/crypto/ciphers.py
index 0414fb3..667d8d1 100644
--- a/okupy/crypto/ciphers.py
+++ b/okupy/crypto/ciphers.py
@@ -10,7 +10,7 @@ import Crypto.Random
 
 import struct
 
-from .codecs import ub32encode, ub32decode, ub64encode, ub64decode
+from .codecs import ub64encode, ub64decode
 
 
 class OkupyCipher(object):
@@ -66,10 +66,10 @@ class IDCipher(object):
     def encrypt(self, id):
         byte_id = struct.pack('!I', id)
         byte_eid = cipher.encrypt(byte_id)
-        return ub32encode(byte_eid).lower()
+        return ub64encode(byte_eid)
 
     def decrypt(self, eid):
-        byte_eid = ub32decode(eid)
+        byte_eid = ub64decode(eid)
         byte_id = cipher.decrypt(byte_eid, 4)
         id = struct.unpack('!I', byte_id)[0]
         return id
@@ -119,8 +119,8 @@ class SessionRefCipher(object):
             data = (cipher.rng.read(self.random_prefix_bytes)
                     + session_id)
             assert(len(data) == self.ciphertext_length)
-            session['encrypted_id'] = ub32encode(
-                cipher.encrypt(data)).lower()
+            session['encrypted_id'] = ub64encode(
+                cipher.encrypt(data))
             session.save()
         return session['encrypted_id']
 
@@ -131,7 +131,7 @@ class SessionRefCipher(object):
         """
 
         try:
-            session_id = cipher.decrypt(ub32decode(eid),
+            session_id = cipher.decrypt(ub64decode(eid),
                                         self.ciphertext_length)
         except (TypeError, ValueError):
             pass
diff --git a/okupy/crypto/codecs.py b/okupy/crypto/codecs.py
index 98c822b..7095e34 100644
--- a/okupy/crypto/codecs.py
+++ b/okupy/crypto/codecs.py
@@ -16,12 +16,12 @@ def ub32decode(text):
 
 
 def ub64encode(text):
-    """ Encode text as unpadded base64. """
-    return base64.b64encode(text).rstrip('=')
+    """ Encode text as unpadded, url-safe base64. """
+    return base64.urlsafe_b64encode(text).rstrip('=')
 
 
 def ub64decode(text):
-    """ decode text from unpadded base64. """
+    """ decode text from unpadded, url-safe base64. """
     # add missing padding if necessary
     text += '=' * (-len(text) % 4)
-    return base64.b64decode(text)
+    return base64.urlsafe_b64decode(bytes(text))
diff --git a/okupy/tests/unit/test_signup.py b/okupy/tests/unit/test_signup.py
index 5dba2cb..e1f4d2b 100644
--- a/okupy/tests/unit/test_signup.py
+++ b/okupy/tests/unit/test_signup.py
@@ -137,7 +137,7 @@ class SignupUnitTests(OkupyTestCase):
         self.assertEqual(vars.QUEUEDUSER.email, vars.SIGNUP_TESTUSER['email'])
         self.assertEqual(vars.QUEUEDUSER.password, vars.SIGNUP_TESTUSER['password_origin'])
         # note: this needs to be kept in line with used cipher
-        self.assertRegexpMatches(vars.QUEUEDUSER.encrypted_id, '^[a-z2-7]{26}$')
+        self.assertRegexpMatches(vars.QUEUEDUSER.encrypted_id, '^[a-zA-Z0-9_-]{22}$')
 
     @no_database()
     def test_no_database_connection_raises_error_in_signup(self):