Fixed #32643 -- Fixed decoding of messages in the pre-Django 3.2 format.

Thanks Jan Pieter Waagmeester for the report.

Regression in 2d6179c819.
This commit is contained in:
Florian Apolloner 2021-04-14 13:45:24 +02:00 committed by Mariusz Felisiak
parent ca98729055
commit 4511d14598
3 changed files with 11 additions and 3 deletions

View File

@ -1,3 +1,4 @@
import binascii
import json import json
from django.conf import settings from django.conf import settings
@ -166,7 +167,7 @@ class CookieStorage(BaseStorage):
# pass # pass
except signing.BadSignature: except signing.BadSignature:
decoded = None decoded = None
except json.JSONDecodeError: except (binascii.Error, json.JSONDecodeError):
decoded = self.signer.unsign(data) decoded = self.signer.unsign(data)
if decoded: if decoded:

View File

@ -40,3 +40,7 @@ Bugfixes
* Fixed a regression in Django 3.2 that caused a crash of ``QuerySet.update()`` * Fixed a regression in Django 3.2 that caused a crash of ``QuerySet.update()``
on a queryset ordered by inherited or joined fields on MySQL and MariaDB on a queryset ordered by inherited or joined fields on MySQL and MariaDB
(:ticket:`32645`). (:ticket:`32645`).
* Fixed a regression in Django 3.2 that caused a crash when decoding a cookie
value, used by ``django.contrib.messages.storage.cookie.CookieStorage``, in
the pre-Django 3.2 format (:ticket:`32643`).

View File

@ -1,3 +1,4 @@
import binascii
import json import json
import random import random
@ -7,7 +8,7 @@ from django.contrib.messages.storage.base import Message
from django.contrib.messages.storage.cookie import ( from django.contrib.messages.storage.cookie import (
CookieStorage, MessageDecoder, MessageEncoder, CookieStorage, MessageDecoder, MessageEncoder,
) )
from django.core.signing import get_cookie_signer from django.core.signing import b64_decode, get_cookie_signer
from django.test import SimpleTestCase, override_settings from django.test import SimpleTestCase, override_settings
from django.utils.crypto import get_random_string from django.utils.crypto import get_random_string
from django.utils.safestring import SafeData, mark_safe from django.utils.safestring import SafeData, mark_safe
@ -183,10 +184,12 @@ class CookieTests(BaseTests, SimpleTestCase):
# RemovedInDjango41Warning: pre-Django 3.2 encoded messages will be # RemovedInDjango41Warning: pre-Django 3.2 encoded messages will be
# invalid. # invalid.
storage = self.storage_class(self.get_request()) storage = self.storage_class(self.get_request())
messages = ['this', 'that'] messages = ['this', Message(0, 'Successfully signed in as admin@example.org')]
# Encode/decode a message using the pre-Django 3.2 format. # Encode/decode a message using the pre-Django 3.2 format.
encoder = MessageEncoder() encoder = MessageEncoder()
value = encoder.encode(messages) value = encoder.encode(messages)
with self.assertRaises(binascii.Error):
b64_decode(value.encode())
signer = get_cookie_signer(salt=storage.key_salt) signer = get_cookie_signer(salt=storage.key_salt)
encoded_messages = signer.sign(value) encoded_messages = signer.sign(value)
decoded_messages = storage._decode(encoded_messages) decoded_messages = storage._decode(encoded_messages)