R-2.14.2

fixed sessions for long keys
restored pickles in sessions
2016-03-24 17:44:41 -05:00 · 2016-03-24 16:58:04 -05:00 · 2016-03-24 16:50:02 -05:00 · 2016-03-24 16:46:51 -05:00 · 2016-03-24 12:33:43 -05:00
5 changed files with 8 additions and 6 deletions
--- a/2
+++ b/2
@@ -17,7 +17,7 @@
 - Updated feedparser.py 5.2.1
 - Updated jQuery 1.12.2
 - welcome app now checks for version number
- Redis improvements. The old syntax still works but we recommend moving to new syntax:
+- Redis improvements. New syntax:

    BEFORE:
    from gluon.contrib.redis_cache import RedisCache
--- a/2
+++ b/2
@@ -32,7 +32,7 @@ update:
 	echo "remember that pymysql was tweaked"
 src:
 	### Use semantic versioning
-	echo 'Version 2.14.1-stable+timestamp.'`date +%Y.%m.%d.%H.%M.%S` > VERSION
+	echo 'Version 2.14.2-stable+timestamp.'`date +%Y.%m.%d.%H.%M.%S` > VERSION
 	### rm -f all junk files
 	make clean
 	### clean up baisc apps
--- a/2
+++ b/2
@@ -1 +1 @@
-Version 2.14.1-stable+timestamp.2016.03.24.12.19.17
+Version 2.14.2-stable+timestamp.2016.03.24.17.44.22
--- a/applications/examples/models/session.py
+++ b/applications/examples/models/session.py
@@ -1 +1,3 @@
-session.connect(request,response,cookie_key='yoursecret')
+from gluon.utils import web2py_uuid
+cookie_key = cache.ram('cookie_key',lambda: web2py_uuid(),None)
+session.connect(request,response,cookie_key=cookie_key)
--- a/gluon/utils.py
+++ b/gluon/utils.py
@@ -172,7 +172,7 @@ def secure_dumps(data, encryption_key, hash_key=None, compression_level=None):
    dump = pickle.dumps(data, pickle.HIGHEST_PROTOCOL)
    if compression_level:
        dump = zlib.compress(dump, compression_level)
-    key = pad(encryption_key[:32])
+    key = pad(encryption_key)[:32]
    cipher, IV = AES_new(key)
    encrypted_data = base64.urlsafe_b64encode(IV + cipher.encrypt(pad(dump)))
    signature = hmac.new(hash_key, encrypted_data).hexdigest()
@@ -188,7 +188,7 @@ def secure_loads(data, encryption_key, hash_key=None, compression_level=None):
    actual_signature = hmac.new(hash_key, encrypted_data).hexdigest()
    if not compare(signature, actual_signature):
        return None
-    key = pad(encryption_key[:32])
+    key = pad(encryption_key)[:32]
    encrypted_data = base64.urlsafe_b64decode(encrypted_data)
    IV, encrypted_data = encrypted_data[:16], encrypted_data[16:]
    cipher, _ = AES_new(key, IV=IV)
Author	SHA1	Message	Date
mdipierro	32650f0cbf	R-2.14.2	2016-03-24 17:44:41 -05:00
mdipierro	8f8ef4cca5	fixed sessions for long keys	2016-03-24 16:58:04 -05:00
mdipierro	c9e92fc686	restored pickles in sessions	2016-03-24 16:50:02 -05:00
mdipierro	0820926b50	more secure sessions in cookies using json	2016-03-24 16:46:51 -05:00
mdipierro	1856c9dc7a	fixed changelog	2016-03-24 12:33:43 -05:00