Comments (5)
Here's what I think is going on.
The signature will be urlsafe_b64encode()d .
So part of the signature (and/or part of the timestamp) might contain your separator -
, which would result in either a wrong timestamp or a wrong signature.
A potential fix could be to check if the separator is part of the base64_urlsafe() charset and/or write that in the docs.
How to reproduce.
for i in xrange(100):
s = TimestampSigner('secret-key',sep='-')
mystr = s.sign('foo')
try:
s.unsign(mystr,max_age=200)
except:
raise
time.sleep(1)
Example string foo-CmVi_g-pt8iji6JAw61H0EJm-bFJumhEZw (signature will be bFJumhEZw
instead of pt8iji6JAw61H0EJm-bFJumhEZw
)
from itsdangerous.
I fixed it exactly as @johnlam described. I'm not considering this API breakage because this sort of usage never worked.
from itsdangerous.
I can't reproduce either error with the example given. If you got a signature expired, then you waited longer than 50 seconds before unsigning.
from itsdangerous.
Nope, I am not waiting more than 50 seconds, I am just checking instantly. Here is an video demo where I am just copy pasting repeatedly and you will see both the errors: http://gifyu.com/image/FHN
from itsdangerous.
I used the same code which I had posted earlier. Now I am not sure why its not generating error in your machine.
from itsdangerous.
Related Issues (20)
- pgAdmin4 broken using itsdangerous > 2.0.0a1 HOT 1
- base64encode should be injected as a dependency in Signer class HOT 1
- Outdated pip link HOT 2
- Different lenght of tokens from 0.26 to 2.0.1? HOT 4
- ImportError: cannot import name 'json' from 'itsdangerous' HOT 5
- Incompatibility with Flask 1.1.1 (cannot import name 'json' from 'itsdangerous') HOT 4
- ImportError: cannot import name 'json' from 'itsdangerous' HOT 2
- Migration guide for deprecated JSONWebSignatureSerializer HOT 2
- Document that itsdangerous does not follow semver HOT 2
- ImportError: cannot import name 'TimedJSONWebSignatureSerializer' from 'itsdangerous' HOT 2
- catch overflow error on 32bit platforms
- Support async
- Issue with importing TimedJSONWebSignatureSerializer when updating db with Flask. HOT 1
- TimedJSONWebSignatureSerializer HOT 1
- Consider making `Serializer` generic in `t.AnyStr` for type checking to avoid overly ambiguous return types HOT 6
- Last character of serialized/signed data not robust HOT 1
- deprecate `__version__`
- use of `hashlib.sha1` causes issue in FIPS build
- Support digest_size when using blake2s or blake2b HOT 1
- serializer_kwargs are missing in load_payload function
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from itsdangerous.