Commit 40f14bb

committed

Switch token separate to URL safe character . (dot)

Some email clients replace double slashes with a single slash. The double slash occured for users with no last_login date (newly created users). To bypass this issue, the separator is changed to . (dot) as it is a non-reserved URL safe caracter (RFC3986 2.3) and not port of the base64url alphabet. See also: https://www.ietf.org/rfc/rfc3986.txt https://tools.ietf.org/html/rfc4648

1 parent 68ba00f commit 40f14bbCopy full SHA for 40f14bb

File tree

4 files changed

-4

lines changed

mailauth
- backends.py
- signing.py
tests
- conftest.py
- test_backends.py

4 files changed

-4

lines changed

`‎mailauth/backends.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@`
`12`	`12`
`13`	`13`
`14`	`14`	`class MailAuthBackend(ModelBackend):`
`15`		`- signer = signing.UserSigner(sep='/')`
	`15`	`+ signer = signing.UserSigner()`
`16`	`16`
`17`	`17`	`def authenticate(self, request, token=None):`
`18`	`18`	`max_age = getattr(settings, 'LOGIN_URL_TIMEOUT', 60 * 15)`

`‎mailauth/signing.py‎`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,9 @@ class UserDoesNotExist(signing.BadSignature):`
`14`	`14`	`class UserSigner(signing.TimestampSigner):`
`15`	`15`	`"""Issue and verify URL safe access tokens for users."""`
`16`	`16`
	`17`	`+ def __init__(self, key=None, sep='.', salt=None):`
	`18`	`+ super().__init__(key=key, sep=sep, salt=salt)`
	`19`	`+`
`17`	`20`	`@staticmethod`
`18`	`21`	`def to_timestamp(value):`
`19`	`22`	`"""`

`‎tests/conftest.py‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -36,10 +36,10 @@ def admin_user(db):`
`36`	`36`	`@pytest.fixture()`
`37`	`37`	`def signature():`
`38`	`38`	`"""Return a signature matching the user fixture."""`
`39`		`- return 'LZ/173QUS/1Hjptg/fTLJcaon_7zMDyFTIFtlDqbdSt4'`
	`39`	`+ return 'LZ.173QUS.1Hjptg.lf2hFgOXQtjQsFypS2ItRG2hkpA'`
`40`	`40`
`41`	`41`
`42`	`42`	`@pytest.fixture()`
`43`	`43`	`def signer():`
`44`	`44`	`"""Return a forzen version of the UserSigner."""`
`45`		`- return FrozenUserSigner(sep='/')`
	`45`	`+ return FrozenUserSigner()`

`‎tests/test_backends.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -62,5 +62,5 @@ def test_get_login_url(self, signer, signature):`
`62`	`62`	`backend = MailAuthBackend()`
`63`	`63`	`MailAuthBackend.signer = signer`
`64`	`64`	`assert backend.get_login_url(signature) == (`
`65`		`- "/accounts/login/LZ/173QUS/1Hjptg/fTLJcaon_7zMDyFTIFtlDqbdSt4"`
	`65`	`+ "/accounts/login/LZ.173QUS.1Hjptg.lf2hFgOXQtjQsFypS2ItRG2hkpA"`
`66`	`66`	`)`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit 40f14bb

File tree

4 files changed

4 files changed

`‎mailauth/backends.py‎`

`‎mailauth/signing.py‎`

`‎tests/conftest.py‎`

`‎tests/test_backends.py‎`

0 commit comments