Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[web] make sign_text unicode aware, avoid crash with non-ascii chars. Closes #3289774 stable
authorSylvain Thénault <sylvain.thenault@logilab.fr>
Tue, 12 Nov 2013 15:24:57 +0100
branchstable
changeset 9326 9d145b4c4e53
parent 9325 a4fc09836329
child 9327 dbabdc323e7d
[web] make sign_text unicode aware, avoid crash with non-ascii chars. Closes #3289774
uilib.py file | annotate | diff | comparison | revisions
web/test/unittest_webconfig.py file | annotate | diff | comparison | revisions
web/webconfig.py file | annotate | diff | comparison | revisions 
--- a/uilib.py	Thu Nov 07 11:20:59 2013 +0100
+++ b/uilib.py	Tue Nov 12 15:24:57 2013 +0100
@@ -453,7 +453,7 @@
 
 
 def rest_traceback(info, exception):
-    """return a ReST formated traceback"""
+    """return a unicode ReST formated traceback"""
     res = [u'Traceback\n---------\n::\n']
     for stackentry in traceback.extract_tb(info[2]):
         res.append(u'\tFile %s, line %s, function %s' % tuple(stackentry[:3]))
--- a/web/test/unittest_webconfig.py	Thu Nov 07 11:20:59 2013 +0100
+++ b/web/test/unittest_webconfig.py	Tue Nov 12 15:24:57 2013 +0100
@@ -1,4 +1,5 @@
-# copyright 2003-2010 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
+# -*- coding: utf-8 -*-
+# copyright 2003-2013 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
 #
 # This file is part of CubicWeb.
@@ -15,13 +16,11 @@
 #
 # You should have received a copy of the GNU Lesser General Public License along
 # with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.
-"""
+"""cubicweb.web.webconfig unit tests"""
 
-"""
 import os
 
 from logilab.common.testlib import TestCase, unittest_main
-
 from cubicweb.devtools import ApptestConfiguration, fake
 
 class WebconfigTC(TestCase):
@@ -45,6 +44,10 @@
         cubicwebcsspath = self.config.locate_resource('cubicweb.css')[0].split(os.sep)
         self.assertTrue('web' in cubicwebcsspath or 'shared' in cubicwebcsspath) # 'shared' if tests under apycot
 
+    def test_sign_text(self):
+        signature = self.config.sign_text(u'hôp')
+        self.assertTrue(self.config.check_text_sign(u'hôp', signature))
+
 if __name__ == '__main__':
     unittest_main()
 
--- a/web/webconfig.py	Thu Nov 07 11:20:59 2013 +0100
+++ b/web/webconfig.py	Tue Nov 12 15:24:57 2013 +0100
@@ -296,6 +296,9 @@
 
     def sign_text(self, text):
         """sign some text for later checking"""
+        # hmac.new expect bytes
+        if isinstance(text, unicode):
+            text = text.encode('utf-8')
         # replace \r\n so we do not depend on whether a browser "reencode"
         # original message using \r\n or not
         return hmac.new(self._instance_salt,
@@ -305,7 +308,6 @@
         """check the text signature is equal to the given signature"""
         return self.sign_text(text) == signature
 
-
     def locate_resource(self, rid):
         """return the (directory, filename) where the given resource
         may be found
cubicweb