From a418e96e08537e77b86c7eff8975e0c76b251797 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 21 Jan 2016 08:54:59 -0600
Subject: fernet fix: ignore the timestamp entirely when no ttl is set

Previously if the token claimed to have been generated more than 60
seconds in the future we would raise InvalidToken even if ttl was set
to None.
---
 tests/test_fernet.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'tests')

diff --git a/tests/test_fernet.py b/tests/test_fernet.py
index 0b93f017..c272eec0 100644
--- a/tests/test_fernet.py
+++ b/tests/test_fernet.py
@@ -103,6 +103,15 @@ class TestFernet(object):
         with pytest.raises(TypeError):
             f.decrypt(u"")
 
+    def test_timestamp_ignored_no_ttl(self, monkeypatch, backend):
+        f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend)
+        pt = b"encrypt me"
+        token = f.encrypt(pt)
+        ts = "1985-10-26T01:20:01-07:00"
+        current_time = calendar.timegm(iso8601.parse_date(ts).utctimetuple())
+        monkeypatch.setattr(time, "time", lambda: current_time)
+        assert f.decrypt(token, ttl=None) == pt
+
     @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"])
     def test_roundtrips(self, message, backend):
         f = Fernet(Fernet.generate_key(), backend=backend)
-- 
cgit v1.2.3