diff options
| author |   Michał Górny <mgorny@gentoo.org> | 2013-08-21 00:24:11 +0200 |
|---|---|---|
| committer | Michał Górny <mgorny@gentoo.org> | 2013-08-21 00:24:11 +0200 |
| commit | 877085d6667b3a3d77a489f0e742ebbbcd743b8b (patch) | |
| tree | 4d70e39fa60d257e9d7f9e097df0c9cd07b5eb83 | |
| parent | Move session ID encryption, decryption & validation to SessionRefCipher. (diff) | |
| download | identity.gentoo.org-877085d6667b3a3d77a489f0e742ebbbcd743b8b.tar.gz identity.gentoo.org-877085d6667b3a3d77a489f0e742ebbbcd743b8b.tar.bz2 identity.gentoo.org-877085d6667b3a3d77a489f0e742ebbbcd743b8b.zip | |
SessionRefCipher: do more assertions about cache key format.
| -rw-r--r-- | okupy/common/crypto.py | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/okupy/common/crypto.py b/okupy/common/crypto.py index ec537a7..bb4fc64 100644 --- a/okupy/common/crypto.py +++ b/okupy/common/crypto.py @@ -83,6 +83,9 @@ class SessionRefCipher(object): security. Only previous encryption result may be used in decrypt(). """ + cache_key_prefix = 'django.contrib.sessions.cache' + session_id_length = 32 + def encrypt(self, session): """ Return an encrypted reference to the session. The encrypted @@ -99,9 +102,9 @@ class SessionRefCipher(object): # since it always starts with the backend module name # and __init__() expects pure id, we can strip that - session_mod = 'django.contrib.sessions.cache' - assert(session_id.startswith(session_mod)) - session_id = session_id[len(session_mod):] + assert(session_id.startswith(self.cache_key_prefix)) + session_id = session_id[len(self.cache_key_prefix):] + assert(len(session_id) == self.session_id_length) session['encrypted_id'] = base64.b64encode( cipher.encrypt(session_id)) session.save() @@ -114,7 +117,8 @@ class SessionRefCipher(object): """ try: - session_id = cipher.decrypt(base64.b64decode(eid), 32) + session_id = cipher.decrypt(base64.b64decode(eid), + self.session_id_length) except (TypeError, ValueError): pass else: |