diff --git a/django/core/signing.py b/django/core/signing.py index 17953af151..ea870d169c 100644 --- a/django/core/signing.py +++ b/django/core/signing.py @@ -76,7 +76,8 @@ def base64_hmac(salt, value, key): def get_cookie_signer(salt='django.core.signing.get_cookie_signer'): Signer = import_string(settings.SIGNING_BACKEND) - return Signer('django.http.cookies' + settings.SECRET_KEY, salt=salt) + key = force_bytes(settings.SECRET_KEY) + return Signer(b'django.http.cookies' + key, salt=salt) class JSONSerializer(object): @@ -148,9 +149,9 @@ class Signer(object): def __init__(self, key=None, sep=':', salt=None): # Use of native strings in all versions of Python - self.sep = str(sep) - self.key = str(key or settings.SECRET_KEY) - self.salt = str(salt or + self.sep = force_str(sep) + self.key = key or settings.SECRET_KEY + self.salt = force_str(salt or '%s.%s' % (self.__class__.__module__, self.__class__.__name__)) def signature(self, value): diff --git a/django/utils/crypto.py b/django/utils/crypto.py index 963f9e01e8..21395fe8a3 100644 --- a/django/utils/crypto.py +++ b/django/utils/crypto.py @@ -36,10 +36,13 @@ def salted_hmac(key_salt, value, secret=None): if secret is None: secret = settings.SECRET_KEY + key_salt = force_bytes(key_salt) + secret = force_bytes(secret) + # We need to generate a derived key from our base key. We can do this by # passing the key_salt and our base key through a pseudo-random function and # SHA1 works nicely. - key = hashlib.sha1((key_salt + secret).encode('utf-8')).digest() + key = hashlib.sha1(key_salt + secret).digest() # If len(key_salt + secret) > sha_constructor().block_size, the above # line is redundant and could be replaced by key = key_salt + secret, since diff --git a/tests/signed_cookies_tests/tests.py b/tests/signed_cookies_tests/tests.py index 6878a3c54f..67f5a2665f 100644 --- a/tests/signed_cookies_tests/tests.py +++ b/tests/signed_cookies_tests/tests.py @@ -2,6 +2,7 @@ from __future__ import unicode_literals import time +from django.conf import settings from django.core import signing from django.http import HttpRequest, HttpResponse from django.test import TestCase @@ -62,3 +63,18 @@ class SignedCookieTest(TestCase): request.get_signed_cookie, 'c', max_age=10) finally: time.time = _time + + def test_signed_cookies_with_binary_key(self): + def restore_secret_key(prev): + settings.SECRET_KEY = prev + + self.addCleanup(restore_secret_key, settings.SECRET_KEY) + + settings.SECRET_KEY = b'\xe7' + + response = HttpResponse() + response.set_signed_cookie('c', 'hello') + + request = HttpRequest() + request.COOKIES['c'] = response.cookies['c'].value + self.assertEqual(request.get_signed_cookie('c'), 'hello') diff --git a/tests/signing/tests.py b/tests/signing/tests.py index fc8390e9e8..6d4a5b0cc3 100644 --- a/tests/signing/tests.py +++ b/tests/signing/tests.py @@ -105,6 +105,12 @@ class TestSigner(TestCase): self.assertRaises( signing.BadSignature, signing.loads, transform(encoded)) + def test_works_with_non_ascii_keys(self): + binary_key = b'\xe7' # Set some binary (non-ASCII key) + + s = signing.Signer(binary_key) + self.assertEquals('foo:6NB0fssLW5RQvZ3Y-MTerq2rX7w', s.sign('foo')) + class TestTimestampSigner(TestCase):