saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Informative error on incompatible Fernet key (#6768)

Browse source 
* Informative error

* tests + prevent key logging on error

* flake8

* black still downloading...
This commit is contained in:
Bar Harel 2021-12-28 02:04:54 +02:00 committed by GitHub
parent 9ca1f2534f
commit d97bfeda9f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/cryptography/fernet.py
View file

@ -30,7 +30,12 @@ class Fernet(object):
key: typing.Union[bytes, str],
backend: typing.Any = None,
):
key = base64.urlsafe_b64decode(key)
try:
key = base64.urlsafe_b64decode(key)
except binascii.Error as exc:
raise ValueError(
"Fernet key must be 32 url-safe base64-encoded bytes."
) from exc
if len(key) != 32:
raise ValueError(
"Fernet key must be 32 url-safe base64-encoded bytes."

5
tests/test_fernet.py
View file

@ -130,9 +130,10 @@ class TestFernet(object):
f = Fernet(Fernet.generate_key(), backend=backend)
assert f.decrypt(f.encrypt(message)) == message
def test_bad_key(self, backend):
@pytest.mark.parametrize("key", [base64.urlsafe_b64encode(b"abc"), b"abc"])
def test_bad_key(self, backend, key):
with pytest.raises(ValueError):
Fernet(base64.urlsafe_b64encode(b"abc"), backend=backend)
Fernet(key, backend=backend)
def test_extract_timestamp(self, monkeypatch, backend):
f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend)