fix #136, allow high order chars in SignedSerializer secret/saltfix.136

3 files changed, 16 insertions, 2 deletions

diff --git a/docs/news.txt b/docs/news.txt
index 814a430..4dd6950 100644
--- a/docs/news.txt
+++ b/docs/news.txt
@@ -1,6 +1,15 @@
 News
 ====
 
+unreleased
+----------
+
+Bug Fixes
+~~~~~~~~~
+
+- Fix a bug in ``SignedSerializer`` preventing secrets from containing
+  higher-order characters. See https://github.com/Pylons/webob/issues/136
+
 1.3.1 (2013-12-13)
 ------------------
 
diff --git a/tests/test_cookies.py b/tests/test_cookies.py
index aa54ed6..c956477 100644
--- a/tests/test_cookies.py
+++ b/tests/test_cookies.py
@@ -591,7 +591,7 @@ def serialize(secret, salt, data):
     import json
     from hashlib import sha1
     from webob.compat import bytes_
-    salted_secret = bytes_(salt or '') + bytes_(secret)
+    salted_secret = bytes_(salt or '', 'utf-8') + bytes_(secret, 'utf-8')
     cstruct = bytes_(json.dumps(data))
     sig = hmac.new(salted_secret, cstruct, sha1).digest()
     return base64.urlsafe_b64encode(sig + cstruct).rstrip(b'=')
diff --git a/webob/cookies.py b/webob/cookies.py
index 3aeb51f..87b8dde 100644
--- a/webob/cookies.py
+++ b/webob/cookies.py
@@ -489,7 +489,12 @@ class SignedSerializer(object):
         self.secret = secret
         self.hashalg = hashalg
 
-        self.salted_secret = bytes_(salt or '') + bytes_(secret)
+        try:
+            # bwcompat with webob <= 1.3.1, leave latin-1 as the default
+            self.salted_secret = bytes_(salt or '') + bytes_(secret)
+        except UnicodeEncodeError:
+            self.salted_secret = (
+                bytes_(salt or '', 'utf-8') + bytes_(secret, 'utf-8'))
 
         self.digestmod = lambda string=b'': hashlib.new(self.hashalg, string)
         self.digest_size = self.digestmod().digest_size