python3: define a base64 decoding exception (#31180)

2019-04-02 18:24:03 +02:00 · 2019-04-02 18:24:03 +02:00 · 9c9db933f6
parent a545653a0d
commit 9c9db933f6
4 changed files with 14 additions and 4 deletions
--- a/src/authentic2/compat.py
+++ b/src/authentic2/compat.py
@ -18,6 +18,7 @@ from datetime import datetime

 from django.conf import settings
 from django.contrib.auth.tokens import PasswordResetTokenGenerator
+from django.utils import six

 try:
    from django.contrib.auth import get_user_model
@ -34,3 +35,8 @@ except ImportError:
 user_model_label = getattr(settings, 'AUTH_USER_MODEL', 'auth.User')

 default_token_generator = PasswordResetTokenGenerator()
+
+if six.PY2:
+    Base64Error = TypeError
+else:
+    from binascii import Error as Base64Error
--- a/src/authentic2/crypto.py
+++ b/src/authentic2/crypto.py
@ -29,6 +29,8 @@ from django.utils.crypto import constant_time_compare
 from django.utils.encoding import force_bytes
 from django.utils.six import text_type

+from authentic2.compat import Base64Error
+

 class DecryptionError(Exception):
    pass
@ -73,7 +75,7 @@ def aes_base64_decrypt(key, payload, raise_on_error=True):
    try:
        iv = base64.b64decode(iv)
        crypted = base64.b64decode(crypted)
-    except TypeError:
+    except Base64Error:
        if raise_on_error:
            raise DecryptionError('incorrect base64 encoding')
        return None
--- a/src/authentic2_idp_oidc/views.py
+++ b/src/authentic2_idp_oidc/views.py
@ -36,6 +36,7 @@ from django.utils.translation import ugettext as _
 from ratelimit.utils import is_ratelimited

 from authentic2 import app_settings as a2_app_settings
+from authentic2.compat import Base64Error
 from authentic2.decorators import setting_enabled
 from authentic2.exponential_retry_timeout import ExponentialRetryTimeout
 from authentic2.utils import (login_require, redirect, timestamp_from_datetime,
@ -368,7 +369,7 @@ def authenticate_client(request, client=None):
            return None
        try:
            decoded = base64.b64decode(authorization[1])
-        except TypeError:
+        except Base64Error:
            return None
        parts = decoded.split(':')
        if len(parts) != 2:
--- a/tests/test_idp_saml2.py
+++ b/tests/test_idp_saml2.py
@ -29,6 +29,7 @@ from django.utils import six
 from django.utils.translation import gettext as _
 from django.utils.six.moves.urllib import parse as urlparse

+from authentic2.compat import Base64Error
 from authentic2.saml import models as saml_models
 from authentic2.a2_rbac.models import Role, OrganizationalUnit
 from authentic2.utils import make_url
@ -311,7 +312,7 @@ class SamlSSOTestCase(SamlBaseTestCase):
            saml_response = doc.forms[0].fields['SAMLResponse']
            try:
                decoded_saml_response = base64.b64decode(saml_response)
-            except TypeError:
+            except Base64Error:
                self.fail('SAMLResponse is not base64 encoded: %s'
                          % saml_response)
            assert b'rsa-sha256' in decoded_saml_response
@ -356,7 +357,7 @@ class SamlSSOTestCase(SamlBaseTestCase):
            saml_response = doc.forms[0].fields['SAMLResponse']
            try:
                decoded_saml_response = base64.b64decode(saml_response)
-            except TypeError:
+            except Base64Error:
                self.fail('SAMLResponse is not base64 encoded: %s' % saml_response)
            assert b'rsa-sha256' in decoded_saml_response
            login = self.parse_authn_response(saml_response)