parent: 47b785 | patch | commitdiff
Bert JW Regeer
2016-07-20 cf428a83b8ee733f8c67b113bcdef33fdff6eeae
refs
author Bert JW Regeer <bertjw@regeer.org>
Wednesday, July 20, 2016 00:35 +0200
committer Bert JW Regeer <bertjw@regeer.org>
Wednesday, July 20, 2016 00:35 +0200
commitcf428a83b8ee733f8c67b113bcdef33fdff6eeae
tree 2dd66ef9679982c045e72e985c8555f8e0d94adf tree | zip | gz
parent 47b7855e0081fcac8b4cc71829b8193181939c2e view | diff 
Fix AuthTktCookieHelper so that it doesn't create bad cookies

The AuthTktCookieHelper when provided a type it didn't knoww what to do
with would simply pass it through unchanged, this would lead to things
like object() being serialised by just having str() called on it, which
may included spaces and other characters that are not allowed in cookie
values.

WebOb would send a RuntimeWarning:

RuntimeWarning: Cookie value contains invalid bytes: (b'   '). Future
versions will raise ValueError upon encountering invalid bytes.

This fix warns the user of the library directly, and makes sure to
call str() on the provided userid, AND then encode it as base64. The
user won't get back the original object after decoding on a
request/response round-trip, but at least no cookies are being generated
that are invalid.
1 files modified
16 ■■■■ changed files
pyramid/authentication.py 16 ●●●● diff | view | raw | blame | history