Fixed #22804 -- Added warning for unsafe value of 'sep' in Signer

Thanks Jaap Roes for completing the patch.

1 files changed, 18 insertions, 0 deletions

diff --git a/tests/signing/tests.py b/tests/signing/tests.py
index 80dadee7f4..a8de1b0cbc 100644
--- a/tests/signing/tests.py
+++ b/tests/signing/tests.py
@@ -1,6 +1,7 @@
 from __future__ import unicode_literals
 
 import datetime
+import warnings
 
 from django.core import signing
 from django.test import SimpleTestCase
@@ -112,6 +113,23 @@ class TestSigner(SimpleTestCase):
         s = signing.Signer(binary_key)
         self.assertEqual('foo:6NB0fssLW5RQvZ3Y-MTerq2rX7w', s.sign('foo'))
 
+    def test_valid_sep(self):
+        separators = ['/', '*sep*', ',']
+        for sep in separators:
+            signer = signing.Signer('predictable-secret', sep=sep)
+            self.assertEqual('foo%ssH9B01cZcJ9FoT_jEVkRkNULrl8' % sep, signer.sign('foo'))
+
+    def test_invalid_sep(self):
+        """should warn on invalid separator"""
+        separators = ['', '-', 'abc']
+        for sep in separators:
+            with warnings.catch_warnings(record=True) as recorded:
+                warnings.simplefilter('always')
+                signing.Signer(sep=sep)
+                self.assertEqual(len(recorded), 1)
+                msg = str(recorded[0].message)
+                self.assertTrue(msg.startswith('Unsafe Signer separator'))
+
 
 class TestTimestampSigner(SimpleTestCase):