| 188 | |
| 189 | |
| 190 | class Signer: |
| 191 | def __init__( |
| 192 | self, *, key=None, sep=":", salt=None, algorithm=None, fallback_keys=None |
| 193 | ): |
| 194 | self.key = key or settings.SECRET_KEY |
| 195 | self.fallback_keys = ( |
| 196 | fallback_keys |
| 197 | if fallback_keys is not None |
| 198 | else settings.SECRET_KEY_FALLBACKS |
| 199 | ) |
| 200 | self.sep = sep |
| 201 | self.salt = salt or "%s.%s" % ( |
| 202 | self.__class__.__module__, |
| 203 | self.__class__.__name__, |
| 204 | ) |
| 205 | self.algorithm = algorithm or "sha256" |
| 206 | if _SEP_UNSAFE.match(self.sep): |
| 207 | raise ValueError( |
| 208 | "Unsafe Signer separator: %r (cannot be empty or consist of " |
| 209 | "only A-z0-9-_=)" % sep, |
| 210 | ) |
| 211 | |
| 212 | def signature(self, value, key=None): |
| 213 | key = key or self.key |
| 214 | return base64_hmac(self.salt + "signer", value, key, algorithm=self.algorithm) |
| 215 | |
| 216 | def sign(self, value): |
| 217 | return "%s%s%s" % (value, self.sep, self.signature(value)) |
| 218 | |
| 219 | def unsign(self, signed_value): |
| 220 | if self.sep not in signed_value: |
| 221 | raise BadSignature('No "%s" found in value' % self.sep) |
| 222 | value, sig = signed_value.rsplit(self.sep, 1) |
| 223 | for key in [self.key, *self.fallback_keys]: |
| 224 | if constant_time_compare(sig, self.signature(value, key)): |
| 225 | return value |
| 226 | raise BadSignature('Signature "%s" does not match' % sig) |
| 227 | |
| 228 | def sign_object(self, obj, serializer=JSONSerializer, compress=False): |
| 229 | """ |
| 230 | Return URL-safe, hmac signed base64 compressed JSON string. |
| 231 | |
| 232 | If compress is True (not the default), check if compressing using zlib |
| 233 | can save some space. Prepend a '.' to signify compression. This is |
| 234 | included in the signature, to protect against zip bombs. |
| 235 | |
| 236 | The serializer is expected to return a bytestring. |
| 237 | """ |
| 238 | data = serializer().dumps(obj) |
| 239 | # Flag for if it's been compressed or not. |
| 240 | is_compressed = False |
| 241 | |
| 242 | if compress: |
| 243 | # Avoid zlib dependency unless compress is being used. |
| 244 | compressed = zlib.compress(data) |
| 245 | if len(compressed) < (len(data) - 1): |
| 246 | data = compressed |
| 247 | is_compressed = True |