(
secret: _CookieSecretTypes,
name: str,
value: bytes,
max_age_days: float,
clock: Callable[[], float],
)
| 3755 | |
| 3756 | |
| 3757 | def _decode_signed_value_v2( |
| 3758 | secret: _CookieSecretTypes, |
| 3759 | name: str, |
| 3760 | value: bytes, |
| 3761 | max_age_days: float, |
| 3762 | clock: Callable[[], float], |
| 3763 | ) -> Optional[bytes]: |
| 3764 | try: |
| 3765 | ( |
| 3766 | key_version, |
| 3767 | timestamp_bytes, |
| 3768 | name_field, |
| 3769 | value_field, |
| 3770 | passed_sig, |
| 3771 | ) = _decode_fields_v2(value) |
| 3772 | except ValueError: |
| 3773 | return None |
| 3774 | signed_string = value[: -len(passed_sig)] |
| 3775 | |
| 3776 | if isinstance(secret, dict): |
| 3777 | try: |
| 3778 | secret = secret[key_version] |
| 3779 | except KeyError: |
| 3780 | return None |
| 3781 | |
| 3782 | expected_sig = _create_signature_v2(secret, signed_string) |
| 3783 | if not hmac.compare_digest(passed_sig, expected_sig): |
| 3784 | return None |
| 3785 | if name_field != utf8(name): |
| 3786 | return None |
| 3787 | timestamp = int(timestamp_bytes) |
| 3788 | if timestamp < clock() - max_age_days * 86400: |
| 3789 | # The signature has expired. |
| 3790 | return None |
| 3791 | try: |
| 3792 | return base64.b64decode(value_field) |
| 3793 | except Exception: |
| 3794 | return None |
| 3795 | |
| 3796 | |
| 3797 | def get_signature_key_version(value: Union[str, bytes]) -> Optional[int]: |
no test coverage detected