From d4fff711d4c97356bd6ba1273d2a5e349326eb5f Mon Sep 17 00:00:00 2001 From: Claude Paroz Date: Sat, 15 Feb 2020 12:20:37 +0100 Subject: Fixed #31274 -- Used signing infrastructure in SessionBase.encode()/decode(). Thanks Mariusz Felisiak and Florian Apolloner for the reviews. --- tests/sessions_tests/tests.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'tests/sessions_tests') diff --git a/tests/sessions_tests/tests.py b/tests/sessions_tests/tests.py index fa675fe63d..6c6d7dd3f2 100644 --- a/tests/sessions_tests/tests.py +++ b/tests/sessions_tests/tests.py @@ -311,6 +311,18 @@ class SessionTestsMixin: encoded = self.session.encode(data) self.assertEqual(self.session.decode(encoded), data) + @override_settings(SECRET_KEY='django_tests_secret_key') + def test_decode_legacy(self): + # RemovedInDjango40Warning: pre-Django 3.1 sessions will be invalid. + legacy_encoded = ( + 'OWUzNTNmNWQxNTBjOWExZmM4MmQ3NzNhMDRmMjU4NmYwNDUyNGI2NDp7ImEgdGVzd' + 'CBrZXkiOiJhIHRlc3QgdmFsdWUifQ==' + ) + self.assertEqual( + self.session.decode(legacy_encoded), + {'a test key': 'a test value'}, + ) + def test_decode_failure_logged_to_security(self): bad_encode = base64.b64encode(b'flaskdj:alkdjf').decode('ascii') with self.assertLogs('django.security.SuspiciousSession', 'WARNING') as cm: -- cgit v1.2.1