aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/cryptography/fernet.py6
-rw-r--r--tests/test_fernet.py9
2 files changed, 13 insertions, 2 deletions
diff --git a/src/cryptography/fernet.py b/src/cryptography/fernet.py
index 6fbe9f27..99eb10e5 100644
--- a/src/cryptography/fernet.py
+++ b/src/cryptography/fernet.py
@@ -91,8 +91,10 @@ class Fernet(object):
if ttl is not None:
if timestamp + ttl < current_time:
raise InvalidToken
- if current_time + _MAX_CLOCK_SKEW < timestamp:
- raise InvalidToken
+
+ if current_time + _MAX_CLOCK_SKEW < timestamp:
+ raise InvalidToken
+
h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend)
h.update(data[:-32])
try:
diff --git a/tests/test_fernet.py b/tests/test_fernet.py
index 0b93f017..c272eec0 100644
--- a/tests/test_fernet.py
+++ b/tests/test_fernet.py
@@ -103,6 +103,15 @@ class TestFernet(object):
with pytest.raises(TypeError):
f.decrypt(u"")
+ def test_timestamp_ignored_no_ttl(self, monkeypatch, backend):
+ f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend)
+ pt = b"encrypt me"
+ token = f.encrypt(pt)
+ ts = "1985-10-26T01:20:01-07:00"
+ current_time = calendar.timegm(iso8601.parse_date(ts).utctimetuple())
+ monkeypatch.setattr(time, "time", lambda: current_time)
+ assert f.decrypt(token, ttl=None) == pt
+
@pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"])
def test_roundtrips(self, message, backend):
f = Fernet(Fernet.generate_key(), backend=backend)
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-06 07:08:51 +0000