烧瓶 - 安全坠毁危险

时间:2015-08-08 16:44:25

标签: flask flask-security

我很确定这是我,而不是一个错误 - 但是对于搞清楚会有所帮助

我在危险中遇到了崩溃

    def derive_key(self):
        """This method is called to derive the key.  If you're unhappy with
            the default key derivation choices you can override them here.
            Keep in mind that the key derivation in itsdangerous is not intended
            to be used as a security method to make a complex key out of a short
            password.  Instead you should use large random secret keys.
            """
        salt = want_bytes(self.salt)
        if self.key_derivation == 'concat':
            return self.digest_method(salt + self.secret_key).digest()
        elif self.key_derivation == 'django-concat':
            print salt
            print self.secret_key
            return self.digest_method(salt + b'signer' +
>               self.secret_key).digest()

 TypeError: cannot concatenate 'str' and 'NoneType' objects

.env / lib / python2.7 / site-packages / itsdangerous.py:336:TypeError 以及相关的追溯部分是:

flask_app/mgmt_admin.py:28: in login
    return jsonify(success=True, token=user.get_auth_token())
.env/lib/python2.7/site-packages/flask_security/core.py:313: in get_auth_token
    return _security.remember_token_serializer.dumps(data)
.env/lib/python2.7/site-packages/itsdangerous.py:568: in dumps
    rv = self.make_signer(salt).sign(payload)
.env/lib/python2.7/site-packages/itsdangerous.py:414: in sign
    return value + sep + self.get_signature(value)
.env/lib/python2.7/site-packages/itsdangerous.py:349: in get_signature
    key = self.derive_key()

我非常直接地定义应用程序:

app.config["SECRET_KEY"] = "testing_key"
app.config["TESTING"] = True

从打印我看到的值:

salt: remember-salt
self.secret_key: None

0 个答案:

没有答案