import hashlib import pickle from functools import partial from io import BytesIO from io import StringIO import pytest from itsdangerous import Signer from itsdangerous.exc import BadPayload from itsdangerous.exc import BadSignature from itsdangerous.serializer import Serializer def coerce_str(ref, s): if not isinstance(s, type(ref)): return s.encode("utf8") return s class TestSerializer(object): @pytest.fixture(params=(Serializer, partial(Serializer, serializer=pickle))) def serializer_factory(self, request): return partial(request.param, secret_key="secret_key") @pytest.fixture() def serializer(self, serializer_factory): return serializer_factory() @pytest.fixture() def value(self): return {"id": 42} @pytest.mark.parametrize( "value", (None, True, "str", u"text", [1, 2, 3], {"id": 42}) ) def test_serializer(self, serializer, value): assert serializer.loads(serializer.dumps(value)) == value @pytest.mark.parametrize( "transform", ( lambda s: s.upper(), lambda s: s + coerce_str(s, "a"), lambda s: coerce_str(s, "a") + s[1:], lambda s: s.replace(coerce_str(s, "."), coerce_str(s, "")), ), ) def test_changed_value(self, serializer, value, transform): signed = serializer.dumps(value) assert serializer.loads(signed) == value changed = transform(signed) with pytest.raises(BadSignature): serializer.loads(changed) def test_bad_signature_exception(self, serializer, value): bad_signed = serializer.dumps(value)[:-1] with pytest.raises(BadSignature) as exc_info: serializer.loads(bad_signed) assert serializer.load_payload(exc_info.value.payload) == value def test_bad_payload_exception(self, serializer, value): original = serializer.dumps(value) payload = original.rsplit(coerce_str(original, "."), 1)[0] bad = serializer.make_signer().sign(payload[:-1]) with pytest.raises(BadPayload) as exc_info: serializer.loads(bad) assert exc_info.value.original_error is not None def test_loads_unsafe(self, serializer, value): signed = serializer.dumps(value) assert serializer.loads_unsafe(signed) == (True, value) bad_signed = signed[:-1] assert serializer.loads_unsafe(bad_signed) == (False, value) payload = signed.rsplit(coerce_str(signed, "."), 1)[0] bad_payload = serializer.make_signer().sign(payload[:-1])[:-1] assert serializer.loads_unsafe(bad_payload) == (False, None) class BadUnsign(serializer.signer): def unsign(self, signed_value, *args, **kwargs): try: return super(BadUnsign, self).unsign(signed_value, *args, **kwargs) except BadSignature as e: e.payload = None raise serializer.signer = BadUnsign assert serializer.loads_unsafe(bad_signed) == (False, None) def test_file(self, serializer, value): f = BytesIO() if isinstance(serializer.dumps(value), bytes) else StringIO() serializer.dump(value, f) f.seek(0) assert serializer.load(f) == value f.seek(0) assert serializer.load_unsafe(f) == (True, value) def test_alt_salt(self, serializer, value): signed = serializer.dumps(value, salt="other") with pytest.raises(BadSignature): serializer.loads(signed) assert serializer.loads(signed, salt="other") == value def test_signer_cls(self, serializer_factory, serializer, value): class Other(serializer.signer): default_key_derivation = "hmac" other = serializer_factory(signer=Other) assert other.loads(other.dumps(value)) == value assert other.dumps(value) != serializer.dumps(value) def test_signer_kwargs(self, serializer_factory, serializer, value): other = serializer_factory(signer_kwargs={"key_derivation": "hmac"}) assert other.loads(other.dumps(value)) == value assert other.dumps("value") != serializer.dumps("value") def test_serializer_kwargs(self, serializer_factory): serializer = serializer_factory(serializer_kwargs={"skipkeys": True}) try: serializer.serializer.dumps(None, skipkeys=True) except TypeError: return assert serializer.loads(serializer.dumps({(): 1})) == {} def test_fallback_signers(self, serializer_factory, value): serializer = serializer_factory(signer_kwargs={"digest_method": hashlib.sha256}) signed = serializer.dumps(value) fallback_serializer = serializer_factory( signer_kwargs={"digest_method": hashlib.sha1}, fallback_signers=[{"digest_method": hashlib.sha256}], ) assert fallback_serializer.loads(signed) == value def test_iter_unsigners(self, serializer, serializer_factory): class Signer256(serializer.signer): default_digest_method = hashlib.sha256 serializer = serializer_factory( secret_key="secret_key", fallback_signers=[ {"digest_method": hashlib.sha256}, (Signer, {"digest_method": hashlib.sha256}), Signer256, ], ) unsigners = serializer.iter_unsigners() assert next(unsigners).digest_method == hashlib.sha1 for signer in unsigners: assert signer.digest_method == hashlib.sha256 def test_digests(): factory = partial(Serializer, secret_key="dev key", salt="dev salt") default_value = factory(signer_kwargs={}).dumps([42]) sha1_value = factory(signer_kwargs={"digest_method": hashlib.sha1}).dumps([42]) sha512_value = factory(signer_kwargs={"digest_method": hashlib.sha512}).dumps([42]) assert default_value == sha1_value assert sha1_value == "[42].-9cNi0CxsSB3hZPNCe9a2eEs1ZM" assert sha512_value == ( "[42].MKCz_0nXQqv7wKpfHZcRtJRmpT2T5uvs9YQsJEhJimqxc" "9bCLxG31QzS5uC8OVBI1i6jyOLAFNoKaF5ckO9L5Q" )