- sign refactoring

- fixed bug that sign even None values
- http protocol (alpha)

Author: saxix

concurrency/__init__.py

@@ -2,7 +2,7 @@
 import datetime
 import os
 
-VERSION = __version__ = (0, 4, 0, 'beta', 7)
+VERSION = __version__ = (0, 4, 0, 'beta', 8)
 __author__ = 'sax'
 
 

concurrency/core.py

@@ -9,6 +9,8 @@
 class RecordModifiedError(DatabaseError):
     pass
 
+class Http409(Exception):
+    pass
 
 class InconsistencyError(DatabaseError):
     pass

concurrency/forms.py

@@ -1,12 +1,13 @@
 from django import forms
 from django.core import validators
 from django.core.exceptions import NON_FIELD_ERRORS, SuspiciousOperation
+from django.core.signing import Signer, BadSignature
 from django.forms import ModelForm, HiddenInput
 from django.utils import timezone
+from django.utils.encoding import smart_str
 from django.utils.safestring import mark_safe
 from django.utils.translation import ugettext as _
 from concurrency.core import _select_lock, RecordModifiedError
-from concurrency.signing import get_signer, BadSignature
 
 
 class ConcurrentForm(ModelForm):
@@ -42,11 +43,16 @@ def render(self, name, value, attrs=None):
         return mark_safe("%s<div>%s</div>" % (ret, value))
 
 
+class VersionFieldSigner(Signer):
+    pass
+
+
 class VersionField(forms.IntegerField):
     widget = HiddenInput # Default widget to use when rendering this type of Field.
     hidden_widget = HiddenInput# Default widget to use when rendering this as "hidden".
 
     def __init__(self, *args, **kwargs):
+        self._signer = kwargs.pop('signer', VersionFieldSigner())
         kwargs.pop('min_value', None)
         kwargs.pop('max_value', None)
         kwargs['required'] = True
@@ -56,12 +62,16 @@ def __init__(self, *args, **kwargs):
 
     def clean(self, value):
         try:
-            return int(get_signer().unsign(value))
-        except BadSignature:
-            raise SuspiciousOperation(_('Version number seems altered'))
+            if value is not None:
+                return int(self._signer.unsign(value))
+            return 0
+        except (BadSignature, ValueError):
+            raise SuspiciousOperation(_('Version number seems tampered'))
 
     def prepare_value(self, value):
-        return get_signer().sign(value)
+        if value:
+            return self._signer.sign(value)
+        return None
 
     def to_python(self, value):
         if value is None:

concurrency/http.py

@@ -0,0 +1,9 @@
+# -*- coding: utf-8 -*-
+from django.http import HttpResponseRedirectBase, HttpResponse
+
+
+class HttpResponseConflict(HttpResponse):
+    status_code = 409
+
+    def __init__(self):
+        super(HttpResponse, self).__init__()

concurrency/middleware.py

@@ -0,0 +1,9 @@
+# -*- coding: utf-8 -*-
+from concurrency.core import Http409
+from concurrency.http import HttpResponseConflict
+
+
+class Http409Middleware(object):
+    def process_exception(self, request, exception):
+        if isinstance(exception, Http409):
+            return HttpResponseConflict()

concurrency/signing.py

@@ -8,12 +8,12 @@
 import time
 import datetime
 from django.contrib.auth.models import User
-from django.core.signing import Signer
 from django.forms.models import modelform_factory
 from django.test import TestCase
 from concurrency.core import RecordModifiedError
 from concurrency.core import apply_concurrency_check
 from concurrency.fields import IntegerVersionField
+from concurrency.forms import VersionFieldSigner
 from concurrency.tests.models import TestModel0, TestModel1, TestModel2, TestModel3, TestModel0_Proxy, \
     TestAbstractModel0, TestModelGroup, TestModelWithCustomSave, TestIssue3Model, ModelWithCustomSave, \
     TestModelGroupWithCustomSave, AutoIncConcurrentModel, TestCustomUser
@@ -148,7 +148,7 @@ def test_form_save(self):
         original_version = self.TARGET._get_test_revision_number()
         version_field_name = self.TARGET.RevisionMetaInfo.field.name
 
-        form = formClass(self._get_form_data(**{version_field_name: Signer().sign(original_version)}),
+        form = formClass(self._get_form_data(**{version_field_name: VersionFieldSigner().sign(original_version)}),
                          instance=self.TARGET)
 
         self.assertTrue(form.is_valid(), form.errors)
@@ -157,7 +157,7 @@ def test_form_save(self):
         # self.assertGreater(obj._get_test_revision_number(), original_version)
         self.assertNotEqual(obj._get_test_revision_number(), original_version)
 
-        form = formClass(self._get_form_data(**{version_field_name: Signer().sign(obj._get_test_revision_number())}),
+        form = formClass(self._get_form_data(**{version_field_name: VersionFieldSigner().sign(obj._get_test_revision_number())}),
                          instance=obj)
         self.assertTrue(form.is_valid(), form.errors)
         pre_save_version = obj._get_test_revision_number()

concurrency/tests/all.py

@@ -4,13 +4,12 @@
 from django.conf import global_settings
 from django.contrib.auth.models import User
 import django.core.management
-from django.core.signing import Signer
 from django.core.urlresolvers import reverse
 from django.forms.models import modelform_factory
 from django.test import TestCase
 # from concurrency.tests.models import *
 from concurrency import forms
-from concurrency.forms import ConcurrentForm, VersionWidget
+from concurrency.forms import ConcurrentForm, VersionWidget, VersionFieldSigner
 from concurrency.tests import TestModel0, TestModel1
 
 INSTALLED_APPS = (
@@ -73,7 +72,7 @@ def test_creation(self):
         url = reverse('admin:concurrency_testmodel0_add')
         data = {'username': u'new_username',
                 'last_name': None,
-                'version': Signer().sign(0),
+                'version': VersionFieldSigner().sign(0),
                 'char_field': None,
                 '_continue': 1,
                 'date_field': '2010-09-01'}
@@ -86,7 +85,7 @@ def test_creation_with_customform(self):
         url = reverse('admin:concurrency_testmodel1_add')
         data = {'username': u'new_username',
                 'last_name': None,
-                'version': Signer().sign(0),
+                'version': VersionFieldSigner().sign(0),
                 'char_field': None,
                 '_continue': 1,
                 'date_field': '2010-09-01'}
@@ -110,7 +109,7 @@ def test_standard_update(self):
         # data = model_to_dict(target, exclude=['id'])
         data = {'username': u'new_username',
                 'last_name': None,
-                'version': Signer().sign(target.version),
+                'version': VersionFieldSigner().sign(target.version),
                 'char_field': None,
                 '_continue': 1,
                 'date_field': '2010-09-01'}

concurrency/tests/contrib_admin.py

@@ -1,17 +1,51 @@
-from django.core.signing import Signer
+from django.core.exceptions import SuspiciousOperation
 from django.forms.models import modelform_factory
 from django.forms.widgets import HiddenInput, TextInput
+from django.utils.encoding import smart_str
 from django.utils.unittest.case import TestCase
-from concurrency.forms import ConcurrentForm
+from concurrency.forms import ConcurrentForm, VersionField, VersionFieldSigner
 from concurrency.tests import TestModel0, TestIssue3Model
 
 
+class DummySigner():
+    def sign(self, value):
+        return smart_str(value)
+
+    def unsign(self, signed_value):
+        return smart_str(signed_value)
+
 class ConcurrentFormTest(TestCase):
     def test_version(self):
         Form = modelform_factory(TestModel0, ConcurrentForm)
         form = Form()
         self.assertIsInstance(form.fields['version'].widget, HiddenInput)
 
+    def test_signer(self):
+        obj, __ = TestIssue3Model.objects.get_or_create(username='aaa')
+        Form = modelform_factory(TestIssue3Model, type('xxx',(ConcurrentForm,), {'revision': VersionField(signer=DummySigner())}))
+        data = {'id': 1,
+                'revision': obj.revision}
+        form = Form(data, instance=obj)
+        self.assertTrue(form.is_valid(), form.non_field_errors())
+
+    def test_signer(self):
+        Form = modelform_factory(TestIssue3Model, ConcurrentForm)
+        form = Form({})
+        self.assertTrue(form.is_valid(), form.non_field_errors())
+
+    def test_tamperig(self):
+        obj, __ = TestIssue3Model.objects.get_or_create(username='aaa')
+        Form = modelform_factory(TestIssue3Model, ConcurrentForm)
+        data = {'username': 'aaa',
+                'last_name': None,
+                'date_field': None,
+                'char_field': None,
+                'version': u'abc',
+                'id': 1,
+                'revision': obj.revision}
+        form = Form(data, instance=obj)
+        self.assertRaises(SuspiciousOperation, form.is_valid)
+
     def test_custom_name(self):
         Form = modelform_factory(TestIssue3Model, ConcurrentForm)
         form = Form()
@@ -28,7 +62,7 @@ def test_save(self):
                 'char_field': None,
                 'version': u'abc',
                 'id': 1,
-                'revision': Signer().sign(obj.revision)}
+                'revision': VersionFieldSigner().sign(obj.revision)}
         form = Form(data, instance=obj)
         obj_copy.save() # save
         self.assertFalse(form.is_valid())
@@ -43,7 +77,7 @@ def test_is_valid(self):
                 'char_field': None,
                 'version': u'abc',
                 'id': 1,
-                'revision': Signer().sign(obj.revision)}
+                'revision': VersionFieldSigner().sign(obj.revision)}
         form = Form(data, instance=obj)
         obj.save() # save again simulate concurrent editing
         self.assertRaises(ValueError, form.save)