You are viewing a plain text version of this content. The canonical link for it is here.

Posted to mod_python-dev@quetz.apache.org by "Graham Dumpleton (JIRA)" <ji...@apache.org> on 2006/10/29 22:49:16 UTC

[jira] Created: (MODPYTHON-200) Can't use signed and marshalled cookies together.

Can't use signed and marshalled cookies together.
-------------------------------------------------

                 Key: MODPYTHON-200
                 URL: http://issues.apache.org/jira/browse/MODPYTHON-200
             Project: mod_python
          Issue Type: Bug
          Components: core
    Affects Versions: 3.2.10
            Reporter: Graham Dumpleton
         Assigned To: Graham Dumpleton
             Fix For: 3.3


As reported by Clodoaldo Pinto Neto on mailing list:

  http://www.modpython.org/pipermail/mod_python/2006-October/022427.html

one cannot use signed and marshalled cookies together.

For example, with publisher code example:



from mod_python import Cookie

def makecookies(req):
    c = Cookie.MarshalCookie('marshal', 'value', 'secret')
    d = Cookie.SignedCookie('signed', 'value', 'secret')
    Cookie.add_cookie(req, c)
    Cookie.add_cookie(req, d)
    return 'made\n' + str(req.headers_out)

def showcookies(req):
    cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret')
    s = 'There are %s cookies'% len(cookies)
    for c in cookies.values():
        s += '\n%s %s' % (str(c), type(c))
    return 'read\n' + repr(cookies) + '\n' + s + '\n' + str(req.headers_in)



if one access makecookies and then showcookies, you get:



Traceback (most recent call last):

  File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1519, in HandlerDispatch
    default=default_handler, arg=req, silent=hlist.silent)

  File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1224, in _process_target
    result = _execute_target(config, req, object, arg)

  File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1123, in _execute_target
    result = object(arg)

  File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py", line 213, in handler
    published = publish_object(req, object)

  File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py", line 425, in publish_object
    return publish_object(req,util.apply_fs_data(object, req.form, req=req))

  File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/util.py", line 546, in apply_fs_data
    return object(**args)

  File "/Users/grahamd/public_html/cookies/index.py", line 11, in showcookies
    cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret')

  File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 352, in get_cookies
    return Class.parse(cookies, **kw)

  File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 254, in parse
    c.unmarshal(secret)

  File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 282, in unmarshal
    self.value = marshal.loads(base64.decodestring(self.value))

  File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/base64.py", line 44, in decodestring
    return binascii.a2b_base64(s)

Error: Incorrect padding



The problem is that Cookie.get_cookies() makes assumption that all cookies being sent by browser will be of the same derived type, or are a basic cookie. If mixing derived types and they are not compatible as far as unpacking goes, the code will fail.

For starters, there should be a new function called Cookie.get_cookie() where you name the cookie and it only tries to decode that one cookie. This new method should also be used in the Session class instead of using Cookie.get_cookies().

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Work started: (MODPYTHON-200) Can't use signed and marshalled cookies together.

Posted by "Graham Dumpleton (JIRA)" <ji...@apache.org>.

     [ http://issues.apache.org/jira/browse/MODPYTHON-200?page=all ]

Work on MODPYTHON-200 started by Graham Dumpleton.

> Can't use signed and marshalled cookies together.
> -------------------------------------------------
>
>                 Key: MODPYTHON-200
>                 URL: http://issues.apache.org/jira/browse/MODPYTHON-200
>             Project: mod_python
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 3.2.10
>            Reporter: Graham Dumpleton
>         Assigned To: Graham Dumpleton
>             Fix For: 3.3
>
>
> As reported by Clodoaldo Pinto Neto on mailing list:
>   http://www.modpython.org/pipermail/mod_python/2006-October/022427.html
> one cannot use signed and marshalled cookies together.
> For example, with publisher code example:
> from mod_python import Cookie
> def makecookies(req):
>     c = Cookie.MarshalCookie('marshal', 'value', 'secret')
>     d = Cookie.SignedCookie('signed', 'value', 'secret')
>     Cookie.add_cookie(req, c)
>     Cookie.add_cookie(req, d)
>     return 'made\n' + str(req.headers_out)
> def showcookies(req):
>     cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret')
>     s = 'There are %s cookies'% len(cookies)
>     for c in cookies.values():
>         s += '\n%s %s' % (str(c), type(c))
>     return 'read\n' + repr(cookies) + '\n' + s + '\n' + str(req.headers_in)
> if one access makecookies and then showcookies, you get:
> Traceback (most recent call last):
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1519, in HandlerDispatch
>     default=default_handler, arg=req, silent=hlist.silent)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1224, in _process_target
>     result = _execute_target(config, req, object, arg)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1123, in _execute_target
>     result = object(arg)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py", line 213, in handler
>     published = publish_object(req, object)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py", line 425, in publish_object
>     return publish_object(req,util.apply_fs_data(object, req.form, req=req))
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/util.py", line 546, in apply_fs_data
>     return object(**args)
>   File "/Users/grahamd/public_html/cookies/index.py", line 11, in showcookies
>     cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret')
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 352, in get_cookies
>     return Class.parse(cookies, **kw)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 254, in parse
>     c.unmarshal(secret)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 282, in unmarshal
>     self.value = marshal.loads(base64.decodestring(self.value))
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/base64.py", line 44, in decodestring
>     return binascii.a2b_base64(s)
> Error: Incorrect padding
> The problem is that Cookie.get_cookies() makes assumption that all cookies being sent by browser will be of the same derived type, or are a basic cookie. If mixing derived types and they are not compatible as far as unpacking goes, the code will fail.
> For starters, there should be a new function called Cookie.get_cookie() where you name the cookie and it only tries to decode that one cookie. This new method should also be used in the Session class instead of using Cookie.get_cookies().

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Resolved: (MODPYTHON-200) Can't use signed and marshalled cookies together.

Posted by "Graham Dumpleton (JIRA)" <ji...@apache.org>.

     [ http://issues.apache.org/jira/browse/MODPYTHON-200?page=all ]

Graham Dumpleton resolved MODPYTHON-200.
----------------------------------------

    Resolution: Fixed

> Can't use signed and marshalled cookies together.
> -------------------------------------------------
>
>                 Key: MODPYTHON-200
>                 URL: http://issues.apache.org/jira/browse/MODPYTHON-200
>             Project: mod_python
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 3.2.10
>            Reporter: Graham Dumpleton
>         Assigned To: Graham Dumpleton
>             Fix For: 3.3
>
>
> As reported by Clodoaldo Pinto Neto on mailing list:
>   http://www.modpython.org/pipermail/mod_python/2006-October/022427.html
> one cannot use signed and marshalled cookies together.
> For example, with publisher code example:
> from mod_python import Cookie
> def makecookies(req):
>     c = Cookie.MarshalCookie('marshal', 'value', 'secret')
>     d = Cookie.SignedCookie('signed', 'value', 'secret')
>     Cookie.add_cookie(req, c)
>     Cookie.add_cookie(req, d)
>     return 'made\n' + str(req.headers_out)
> def showcookies(req):
>     cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret')
>     s = 'There are %s cookies'% len(cookies)
>     for c in cookies.values():
>         s += '\n%s %s' % (str(c), type(c))
>     return 'read\n' + repr(cookies) + '\n' + s + '\n' + str(req.headers_in)
> if one access makecookies and then showcookies, you get:
> Traceback (most recent call last):
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1519, in HandlerDispatch
>     default=default_handler, arg=req, silent=hlist.silent)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1224, in _process_target
>     result = _execute_target(config, req, object, arg)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1123, in _execute_target
>     result = object(arg)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py", line 213, in handler
>     published = publish_object(req, object)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py", line 425, in publish_object
>     return publish_object(req,util.apply_fs_data(object, req.form, req=req))
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/util.py", line 546, in apply_fs_data
>     return object(**args)
>   File "/Users/grahamd/public_html/cookies/index.py", line 11, in showcookies
>     cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret')
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 352, in get_cookies
>     return Class.parse(cookies, **kw)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 254, in parse
>     c.unmarshal(secret)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 282, in unmarshal
>     self.value = marshal.loads(base64.decodestring(self.value))
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/base64.py", line 44, in decodestring
>     return binascii.a2b_base64(s)
> Error: Incorrect padding
> The problem is that Cookie.get_cookies() makes assumption that all cookies being sent by browser will be of the same derived type, or are a basic cookie. If mixing derived types and they are not compatible as far as unpacking goes, the code will fail.
> For starters, there should be a new function called Cookie.get_cookie() where you name the cookie and it only tries to decode that one cookie. This new method should also be used in the Session class instead of using Cookie.get_cookies().

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Closed: (MODPYTHON-200) Can't use signed and marshalled cookies together.

Posted by "Graham Dumpleton (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/MODPYTHON-200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Graham Dumpleton closed MODPYTHON-200.
--------------------------------------


> Can't use signed and marshalled cookies together.
> -------------------------------------------------
>
>                 Key: MODPYTHON-200
>                 URL: https://issues.apache.org/jira/browse/MODPYTHON-200
>             Project: mod_python
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 3.2.10
>            Reporter: Graham Dumpleton
>         Assigned To: Graham Dumpleton
>             Fix For: 3.3
>
>
> As reported by Clodoaldo Pinto Neto on mailing list:
>   http://www.modpython.org/pipermail/mod_python/2006-October/022427.html
> one cannot use signed and marshalled cookies together.
> For example, with publisher code example:
> from mod_python import Cookie
> def makecookies(req):
>     c = Cookie.MarshalCookie('marshal', 'value', 'secret')
>     d = Cookie.SignedCookie('signed', 'value', 'secret')
>     Cookie.add_cookie(req, c)
>     Cookie.add_cookie(req, d)
>     return 'made\n' + str(req.headers_out)
> def showcookies(req):
>     cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret')
>     s = 'There are %s cookies'% len(cookies)
>     for c in cookies.values():
>         s += '\n%s %s' % (str(c), type(c))
>     return 'read\n' + repr(cookies) + '\n' + s + '\n' + str(req.headers_in)
> if one access makecookies and then showcookies, you get:
> Traceback (most recent call last):
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1519, in HandlerDispatch
>     default=default_handler, arg=req, silent=hlist.silent)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1224, in _process_target
>     result = _execute_target(config, req, object, arg)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/importer.py", line 1123, in _execute_target
>     result = object(arg)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py", line 213, in handler
>     published = publish_object(req, object)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/publisher.py", line 425, in publish_object
>     return publish_object(req,util.apply_fs_data(object, req.form, req=req))
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/util.py", line 546, in apply_fs_data
>     return object(**args)
>   File "/Users/grahamd/public_html/cookies/index.py", line 11, in showcookies
>     cookies = Cookie.get_cookies(req, Cookie.MarshalCookie, secret='secret')
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 352, in get_cookies
>     return Class.parse(cookies, **kw)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 254, in parse
>     c.unmarshal(secret)
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/site-packages/mod_python/Cookie.py", line 282, in unmarshal
>     self.value = marshal.loads(base64.decodestring(self.value))
>   File "/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/base64.py", line 44, in decodestring
>     return binascii.a2b_base64(s)
> Error: Incorrect padding
> The problem is that Cookie.get_cookies() makes assumption that all cookies being sent by browser will be of the same derived type, or are a basic cookie. If mixing derived types and they are not compatible as far as unpacking goes, the code will fail.
> For starters, there should be a new function called Cookie.get_cookie() where you name the cookie and it only tries to decode that one cookie. This new method should also be used in the Session class instead of using Cookie.get_cookies().

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.