mirror of
https://github.com/wassname/flask-security.git
synced 2026-07-07 00:06:15 +08:00
Merge pull request #205 from HereLabsInc/catch_decoding_errors
catch possible TypeError and ValueError from serializer
This commit is contained in:
@@ -318,6 +318,10 @@ def get_token_status(token, serializer, max_age=None):
|
||||
expired = True
|
||||
except BadSignature:
|
||||
invalid = True
|
||||
except TypeError:
|
||||
invalid = True
|
||||
except ValueError:
|
||||
invalid = True
|
||||
|
||||
if data:
|
||||
user = _datastore.find_user(id=data[0])
|
||||
|
||||
@@ -425,6 +425,16 @@ class RecoverableTests(SecurityTest):
|
||||
m = self.get_message('INVALID_RESET_PASSWORD_TOKEN')
|
||||
self.assertIn(m.encode('utf-8'), r.data)
|
||||
|
||||
def test_reset_password_with_mangled_token(self):
|
||||
t = "WyIxNjQ2MzYiLCIxMzQ1YzBlZmVhM2VhZjYwODgwMDhhZGU2YzU0MzZjMiJd.BZEw_Q.lQyo3npdPZtcJ_sNHVHP103syjM&url_id=fbb89a8328e58c181ea7d064c2987874bc54a23d"
|
||||
r = self._post('/reset/' + t, data={
|
||||
'password': 'newpassword',
|
||||
'password_confirm': 'newpassword'
|
||||
}, follow_redirects=True)
|
||||
|
||||
m = self.get_message('INVALID_RESET_PASSWORD_TOKEN')
|
||||
self.assertIn(m.encode('utf-8'), r.data)
|
||||
|
||||
|
||||
class ExpiredResetPasswordTest(SecurityTest):
|
||||
|
||||
|
||||
Reference in New Issue
Block a user