django-signedcookies - Project Hosting on Google Code

Older Jul 31, 2009 issue 7 (missing setup script and proper packaging) reported by ionel.mc - none none Apr 14, 2009 issue 6 (md5 sha1 alias import doesn't work) commented on by gsong516 - Oh yeah, why not use ``sha`` instead of ``md5``? Oh yeah, why not use ``sha`` instead of ``md5``? Apr 14, 2009 issue 6 (md5 sha1 alias import doesn't work) reported by gsong516 - What steps will reproduce the problem? ====================================== 1. Install app and middleware with Python 2.4 2. Render any Django view What is the expected output? What do you see instead? ===================================================== Expected to see signed cookie, get stacktrace instead. {{{ Traceback (most recent call last): File "E:\lehrhaus\django\django\core\servers\basehttp.py", line 278, in run self.result = application(self.environ, self.start_response) File "E:\lehrhaus\django\django\core\servers\basehttp.py", line 635, in __call__ return self.application(environ, start_response) File "E:\lehrhaus\django\django\core\handlers\wsgi.py", line 245, in __call__ response = middleware_method(request, response) File "E:\lehrhaus\lib\signedcookies\middleware.py", line 43, in process_response response.set_cookie(key, self.sign(key, morsel.value), File "E:\lehrhaus\lib\signedcookies\middleware.py", line 22, in sign return '%s:%s' % (self.get_digest(key, unsigned_value), unsigned_value) File "E:\lehrhaus\lib\signedcookies\middleware.py", line 19, in get_digest return hmac.new(self.secret, ':'.join([key, value]), sha1).hexdigest() File "C:\Python24\lib\hmac.py", line 107, in new return HMAC(key, msg, digestmod) File "C:\Python24\lib\hmac.py", line 42, in __init__ self.outer = digestmod.new() AttributeError: 'builtin_function_or_method' object has no attribute 'new' }}} What version of the product are you using? On what operating system? ==================================================================== Windows XP with Python 2.4. r10 of django-signedcookies trunk. Please provide any additional information below. ================================================ Patch attached. What steps will reproduce the problem? ====================================== 1. Install app and middleware with Python 2.4 2. Render any Django view What is the expected output? What do you see instead? ===================================================== Expected to see signed cookie, get stacktrace instead. {{{ Traceback (most recent call last): File "E:\lehrhaus\django\django\core\servers\basehttp.py", line 278, in run self.result = application(self.environ, self.start_response) File "E:\lehrhaus\django\django\core\servers\basehttp.py", line 635, in __call__ return self.application(environ, start_response) File "E:\lehrhaus\django\django\core\handlers\wsgi.py", line 245, in __call__ response = middleware_method(request, response) File "E:\lehrhaus\lib\signedcookies\middleware.py", line 43, in process_response response.set_cookie(key, self.sign(key, morsel.value), File "E:\lehrhaus\lib\signedcookies\middleware.py", line 22, in sign return '%s:%s' % (self.get_digest(key, unsigned_value), unsigned_value) File "E:\lehrhaus\lib\signedcookies\middleware.py", line 19, in get_digest return hmac.new(self.secret, ':'.join([key, value]), sha1).hexdigest() File "C:\Python24\lib\hmac.py", line 107, in new return HMAC(key, msg, digestmod) File "C:\Python24\lib\hmac.py", line 42, in __init__ self.outer = digestmod.new() AttributeError: 'builtin_function_or_method' object has no attribute 'new' }}} What version of the product are you using? On what operating system? ==================================================================== Windows XP with Python 2.4. r10 of django-signedcookies trunk. Please provide any additional information below. ================================================ Patch attached. Jan 14, 2009 issue 5 (Change digest to use HMAC-SHA1 instead of md5) changed by gulopine - Revision 10 implements this change. Status: Done Owner: gulopine Revision 10 implements this change. Status: Done Owner: gulopine Jan 14, 2009 r10 (Updated to use HMAC w/ SHA1 instead of plain MD5.) committed by gulopine - Updated to use HMAC w/ SHA1 instead of plain MD5. Updated to use HMAC w/ SHA1 instead of plain MD5. Jan 14, 2009 issue 4 (test_delete_cookie fails because of cookie 'expires' check) changed by gulopine - Revision 6 changes this check to only rely on max-age. Status: Fixed Owner: gulopine Revision 6 changes this check to only rely on max-age. Status: Fixed Owner: gulopine Jan 06, 2009 r9 (Removed the utils module, since those utilities are now in t...) committed by gulopine - Removed the utils module, since those utilities are now in the middleware itself. Removed the utils module, since those utilities are now in the middleware itself. Jan 06, 2009 r8 (Added a decorator for use when middleware is overkill.) committed by gulopine - Added a decorator for use when middleware is overkill. Added a decorator for use when middleware is overkill. Jan 06, 2009 r7 (Updated location of the basic utilities) committed by gulopine - Updated location of the basic utilities Updated location of the basic utilities Jan 06, 2009 r6 (Moved utilities into the middleware class itself, since it d...) committed by gulopine - Moved utilities into the middleware class itself, since it doesn't make sense to use them on their own. Moved utilities into the middleware class itself, since it doesn't make sense to use them on their own. Dec 06, 2008 issue 5 (Change digest to use HMAC-SHA1 instead of md5) reported by koziel.arthur - Currently the get_digest method uses a unsalted md5 to sign the data, which is very insecure. The attached patch will use the more secure HMAC-SHA1 algorithm to sign the data. HMAC is available in Python >= 2.2 and the patch passes all supplied tests. Currently the get_digest method uses a unsalted md5 to sign the data, which is very insecure. The attached patch will use the more secure HMAC-SHA1 algorithm to sign the data. HMAC is available in Python >= 2.2 and the patch passes all supplied tests. Dec 06, 2008 issue 4 (test_delete_cookie fails because of cookie 'expires' check) reported by koziel.arthur - What steps will reproduce the problem? 1. Run the signedcookies tests What is the expected output? What do you see instead? process_response should leave deleted cookies alone, instead the key is encrypted. What version of the product are you using? Django 1.0.2 Please provide any additional information below. The check fails because process_response checks if morsel['expires'] == 0. However, the default value of deleted cookies changed to 'Thu, 01-Jan-1970 00:00:00 GMT' some time ago. What steps will reproduce the problem? 1. Run the signedcookies tests What is the expected output? What do you see instead? process_response should leave deleted cookies alone, instead the key is encrypted. What version of the product are you using? Django 1.0.2 Please provide any additional information below. The check fails because process_response checks if morsel['expires'] == 0. However, the default value of deleted cookies changed to 'Thu, 01-Jan-1970 00:00:00 GMT' some time ago.

issue 6 (md5 sha1 alias import doesn't work) reported by gsong516 - What steps will reproduce the problem? ====================================== 1. Install app and middleware with Python 2.4 2. Render any Django view What is the expected output? What do you see instead? ===================================================== Expected to see signed cookie, get stacktrace instead. {{{ Traceback (most recent call last): File "E:\lehrhaus\django\django\core\servers\basehttp.py", line 278, in run self.result = application(self.environ, self.start_response) File "E:\lehrhaus\django\django\core\servers\basehttp.py", line 635, in __call__ return self.application(environ, start_response) File "E:\lehrhaus\django\django\core\handlers\wsgi.py", line 245, in __call__ response = middleware_method(request, response) File "E:\lehrhaus\lib\signedcookies\middleware.py", line 43, in process_response response.set_cookie(key, self.sign(key, morsel.value), File "E:\lehrhaus\lib\signedcookies\middleware.py", line 22, in sign return '%s:%s' % (self.get_digest(key, unsigned_value), unsigned_value) File "E:\lehrhaus\lib\signedcookies\middleware.py", line 19, in get_digest return hmac.new(self.secret, ':'.join([key, value]), sha1).hexdigest() File "C:\Python24\lib\hmac.py", line 107, in new return HMAC(key, msg, digestmod) File "C:\Python24\lib\hmac.py", line 42, in __init__ self.outer = digestmod.new() AttributeError: 'builtin_function_or_method' object has no attribute 'new' }}} What version of the product are you using? On what operating system? ==================================================================== Windows XP with Python 2.4. r10 of django-signedcookies trunk. Please provide any additional information below. ================================================ Patch attached.

What steps will reproduce the problem? ====================================== 1. Install app and middleware with Python 2.4 2. Render any Django view What is the expected output? What do you see instead? ===================================================== Expected to see signed cookie, get stacktrace instead. {{{ Traceback (most recent call last): File "E:\lehrhaus\django\django\core\servers\basehttp.py", line 278, in run self.result = application(self.environ, self.start_response) File "E:\lehrhaus\django\django\core\servers\basehttp.py", line 635, in __call__ return self.application(environ, start_response) File "E:\lehrhaus\django\django\core\handlers\wsgi.py", line 245, in __call__ response = middleware_method(request, response) File "E:\lehrhaus\lib\signedcookies\middleware.py", line 43, in process_response response.set_cookie(key, self.sign(key, morsel.value), File "E:\lehrhaus\lib\signedcookies\middleware.py", line 22, in sign return '%s:%s' % (self.get_digest(key, unsigned_value), unsigned_value) File "E:\lehrhaus\lib\signedcookies\middleware.py", line 19, in get_digest return hmac.new(self.secret, ':'.join([key, value]), sha1).hexdigest() File "C:\Python24\lib\hmac.py", line 107, in new return HMAC(key, msg, digestmod) File "C:\Python24\lib\hmac.py", line 42, in __init__ self.outer = digestmod.new() AttributeError: 'builtin_function_or_method' object has no attribute 'new' }}} What version of the product are you using? On what operating system? ==================================================================== Windows XP with Python 2.4. r10 of django-signedcookies trunk. Please provide any additional information below. ================================================ Patch attached.

Older