alexyun78 / webapp-improved

Automatically exported from code.google.com/p/webapp-improved
0 stars 0 forks source link

Unicode secret_key failure #72

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
The session keys and values are set as unicode text.
Works great as long as the secret_key is str, not unicode.

In converting a webapp2 project to use more unicode, we accidentally made it 
unicode and got the following exception:

  File "/opt/google/google_appengine_1.7.2/lib/webapp2/webapp2_extras/sessions.py", line 420, in save_sessions
    session.save_session(response)
  File "/opt/google/google_appengine_1.7.2/lib/webapp2/webapp2_extras/sessions.py", line 205, in save_session
    response, self.name, dict(self.session), **self.session_args)
  File "/opt/google/google_appengine_1.7.2/lib/webapp2/webapp2_extras/sessions.py", line 425, in save_secure_cookie
    value = self.serializer.serialize(name, value)
  File "/opt/google/google_appengine_1.7.2/lib/webapp2/webapp2_extras/securecookie.py", line 48, in serialize
    signature = self._get_signature(name, value, timestamp)
  File "/opt/google/google_appengine_1.7.2/lib/webapp2/webapp2_extras/securecookie.py", line 102, in _get_signature
    signature = hmac.new(self.secret_key, digestmod=hashlib.sha1)
  File "/usr/local/lib/python2.7/hmac.py", line 133, in new
    return HMAC(key, msg, digestmod)
  File "/usr/local/lib/python2.7/hmac.py", line 72, in __init__
    self.outer.update(key.translate(trans_5C))
TypeError: character mapping must return integer, None or unicode

It would be more friendly to catch a unicode secret_key earlier (or better, 
allow unicode).

Original issue reported on code.google.com by kees...@gmail.com on 28 Nov 2012 at 1:24