From febfa50a83d2d77cc92ec19b07b513ec24c39e77 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Fri, 22 Mar 2019 16:42:50 -0400 Subject: [PATCH] make sure we get bytes here --- src/allmydata/test/web/test_private.py | 2 +- src/allmydata/web/private.py | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/allmydata/test/web/test_private.py b/src/allmydata/test/web/test_private.py index 5f8f7212a..27ddbcf78 100644 --- a/src/allmydata/test/web/test_private.py +++ b/src/allmydata/test/web/test_private.py @@ -49,7 +49,7 @@ class PrivacyTests(SyncTestCase): Tests for the privacy features of the resources created by ``create_private_tree``. """ def setUp(self): - self.token = u"abcdef" + self.token = b"abcdef" self.resource = create_private_tree(lambda: self.token) self.agent = RequestTraversalAgent(self.resource) self.client = HTTPClient(self.agent) diff --git a/src/allmydata/web/private.py b/src/allmydata/web/private.py index 13fbccdf9..fea058405 100644 --- a/src/allmydata/web/private.py +++ b/src/allmydata/web/private.py @@ -46,6 +46,9 @@ from twisted.web.guard import ( from ..util.hashutil import ( timing_safe_compare, ) +from ..util.assertutil import ( + precondition, +) from .logs import ( create_log_resources, @@ -77,7 +80,9 @@ class TokenChecker(object): credentialInterfaces = [IToken] def requestAvatarId(self, credentials): - if credentials.equals(self.get_auth_token()): + required_token = self.get_auth_token() + precondition(isinstance(required_token, bytes)) + if credentials.equals(required_token): return succeed(ANONYMOUS) return fail(Failure(UnauthorizedLogin()))