Fixed #32643 -- Fixed decoding of messages in the pre-Django 3.2 format.

Thanks Jan Pieter Waagmeester for the report. Regression in 2d6179c.
jugurtha114 · Apr 14, 2021 · 4511d14 · 4511d14
1 parent ca98729
commit 4511d14
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/django/contrib/messages/storage/cookie.py b/django/contrib/messages/storage/cookie.py
@@ -1,3 +1,4 @@
+import binascii
 import json
 
 from django.conf import settings
@@ -166,7 +167,7 @@ def _decode(self, data):
         #     pass
         except signing.BadSignature:
             decoded = None
-        except json.JSONDecodeError:
+        except (binascii.Error, json.JSONDecodeError):
             decoded = self.signer.unsign(data)
 
         if decoded:

diff --git a/docs/releases/3.2.1.txt b/docs/releases/3.2.1.txt
@@ -40,3 +40,7 @@ Bugfixes
 * Fixed a regression in Django 3.2 that caused a crash of ``QuerySet.update()``
   on a queryset ordered by inherited or joined fields on MySQL and MariaDB
   (:ticket:`32645`).
+
+* Fixed a regression in Django 3.2 that caused a crash when decoding a cookie
+  value, used by ``django.contrib.messages.storage.cookie.CookieStorage``, in
+  the pre-Django 3.2 format (:ticket:`32643`).
diff --git a/tests/messages_tests/test_cookie.py b/tests/messages_tests/test_cookie.py
@@ -1,3 +1,4 @@
+import binascii
 import json
 import random
 
@@ -7,7 +8,7 @@
 from django.contrib.messages.storage.cookie import (
     CookieStorage, MessageDecoder, MessageEncoder,
 )
-from django.core.signing import get_cookie_signer
+from django.core.signing import b64_decode, get_cookie_signer
 from django.test import SimpleTestCase, override_settings
 from django.utils.crypto import get_random_string
 from django.utils.safestring import SafeData, mark_safe
@@ -183,10 +184,12 @@ def test_legacy_encode_decode(self):
         # RemovedInDjango41Warning: pre-Django 3.2 encoded messages will be
         # invalid.
         storage = self.storage_class(self.get_request())
-        messages = ['this', 'that']
+        messages = ['this', Message(0, 'Successfully signed in as admin@example.org')]
         # Encode/decode a message using the pre-Django 3.2 format.
         encoder = MessageEncoder()
         value = encoder.encode(messages)
+        with self.assertRaises(binascii.Error):
+            b64_decode(value.encode())
         signer = get_cookie_signer(salt=storage.key_salt)
         encoded_messages = signer.sign(value)
         decoded_messages = storage._decode(encoded_messages)