summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJon Dufresne <jon.dufresne@gmail.com>2018-10-02 21:04:12 -0700
committerCarlton Gibson <carlton.gibson@noumenal.es>2018-10-03 11:11:42 +0200
commitbdae19cf6395d6bfee80864d9e87c4aec241eceb (patch)
treea529aca3c029e1e370dfc2dd7839fdafb54b07f6
parentefd8a82e268a82b3ad0be77bd5b4548c30bcb4d7 (diff)
Refs #27795 -- Removed force_bytes() usage in sessions.
SessionBase.decode() is the inverse operation to SessionBase.encode(). As SessionBase.encode() always returns a string, SessionBase.decode() should always be passed a string argument. Fixed the file backend, which was the only backend still passing a bytestring.
-rw-r--r--django/contrib/sessions/backends/base.py3
-rw-r--r--django/contrib/sessions/backends/file.py2
-rw-r--r--tests/sessions_tests/tests.py2
3 files changed, 3 insertions, 4 deletions
diff --git a/django/contrib/sessions/backends/base.py b/django/contrib/sessions/backends/base.py
index 3049d39ac7..5c50f87e34 100644
--- a/django/contrib/sessions/backends/base.py
+++ b/django/contrib/sessions/backends/base.py
@@ -10,7 +10,6 @@ from django.utils import timezone
from django.utils.crypto import (
constant_time_compare, get_random_string, salted_hmac,
)
-from django.utils.encoding import force_bytes
from django.utils.module_loading import import_string
# session_key should not be case sensitive because some backends can store it
@@ -98,7 +97,7 @@ class SessionBase:
return base64.b64encode(hash.encode() + b":" + serialized).decode('ascii')
def decode(self, session_data):
- encoded_data = base64.b64decode(force_bytes(session_data))
+ encoded_data = base64.b64decode(session_data.encode('ascii'))
try:
# could produce ValueError if there is no ':'
hash, serialized = encoded_data.split(b':', 1)
diff --git a/django/contrib/sessions/backends/file.py b/django/contrib/sessions/backends/file.py
index fe34dea56e..25887fcf20 100644
--- a/django/contrib/sessions/backends/file.py
+++ b/django/contrib/sessions/backends/file.py
@@ -75,7 +75,7 @@ class SessionStore(SessionBase):
def load(self):
session_data = {}
try:
- with open(self._key_to_file(), "rb") as session_file:
+ with open(self._key_to_file(), "r", encoding="ascii") as session_file:
file_data = session_file.read()
# Don't fail if there is no data in the session file.
# We may have opened the empty placeholder file.
diff --git a/tests/sessions_tests/tests.py b/tests/sessions_tests/tests.py
index dbbde133c1..c213628dbb 100644
--- a/tests/sessions_tests/tests.py
+++ b/tests/sessions_tests/tests.py
@@ -311,7 +311,7 @@ class SessionTestsMixin:
self.assertEqual(self.session.decode(encoded), data)
def test_decode_failure_logged_to_security(self):
- bad_encode = base64.b64encode(b'flaskdj:alkdjf')
+ bad_encode = base64.b64encode(b'flaskdj:alkdjf').decode('ascii')
with self.assertLogs('django.security.SuspiciousSession', 'WARNING') as cm:
self.assertEqual({}, self.session.decode(bad_encode))
# The failed decode is logged.