split pickle from encryption

CHANGES.rst

@@ -4,8 +4,10 @@ Changelog
 0.2 (unreleased)
 ----------------
 
-- TBD
-
+- Split the ``EncryptingPickleSerializer`` into ``EncryptedSerializer``
+  with a default dependency on ``pyramid.session.PickleSerializer`` allowing
+  alternative serializers to be used with the encryption interface.
+  See https://github.com/Pylons/pyramid_nacl_session/pull/4
 
 0.1 (2015-11-23)
 ----------------

CONTRIBUTORS.txt

@@ -104,3 +104,5 @@ Contributors
 ------------
 
 - Tres Seaver, 2015/11/16
+
+- Michael Merickel, 2015/11/23

docs/conf.py

@@ -31,6 +31,11 @@
     'sphinx.ext.intersphinx',
 ]
 
+# Looks for objects in external projects
+intersphinx_mapping = {
+    'pyramid': ('http://docs.pylonsproject.org/projects/pyramid/en/latest/', None),
+}
+
 # Add any paths that contain templates here, relative to this directory.
 templates_path = ['_templates']
 
@@ -124,7 +129,7 @@
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
-html_static_path = ['_static']
+#html_static_path = ['_static']
 
 # If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
 # using the given strftime format.

docs/usage.rst

@@ -20,10 +20,10 @@ Use the generated secret to configure a session factory:
 .. code-block:: python
 
    from pyramid.session import BaseCookieSessionFactory
-   from pyramid_nacl_session import EncryptingPickleSerializer
+   from pyramid_nacl_session import EncryptedSerializer
 
    def includeme(config):
-       serializer = EncryptingPickleSerializer(SECRET)
+       serializer = EncryptedSerializer(SECRET)
        factory = BaseCookieSessionFactory(serializer)  # other config ad lib.
        config.set_session_factory(factory)
 
@@ -53,12 +53,12 @@ construct and register a session factory:
 
    import binascii
    from pyramid.session import BaseCookieSessionFactory
-   from pyramid_nacl_session import EncryptingPickleSerializer
+   from pyramid_nacl_session import EncryptedSerializer
 
    def includeme(config):
        hex_secret = config.settings['yourapp.session_secret'].strip()
        secret = binascii.unhexlify(hex_secret)
-       serializer = EncryptingPickleSerializer(secret)
+       serializer = EncryptedSerializer(secret)
        factory = BaseCookieSessionFactory(serializer)  # other config ad lib.
        config.set_session_factory(factory)
 

pyramid_nacl_session/__init__.py

@@ -4,7 +4,7 @@ def _export(thing):
     Also, shuts pyflakes up about unused import.
     """
 
-from .serializer import EncryptingPickleSerializer
-_export(EncryptingPickleSerializer)
+from .serializer import EncryptedSerializer
+_export(EncryptedSerializer)
 from .scripts import generate_secret
 _export(generate_secret)

pyramid_nacl_session/serializer.py

@@ -3,23 +3,34 @@
 
 from nacl.secret import SecretBox
 from nacl.utils import random
-from pyramid.compat import pickle
+from pyramid.session import PickleSerializer
 
 
-class EncryptingPickleSerializer(object):
-    """Encrypt pickled session state using PyNaCl.
+class EncryptedSerializer(object):
+    """Encrypt session state using PyNaCl.
 
     :type secret: bytes
     :param secret: a 32-byte random secret for encrypting/decrypting the
                    pickled session state.
+    :param serializer:
+        An object with two methods: ``loads`` and ``dumps``. The ``loads``
+        method should accept bytes and return a Python object. The ``dumps``
+        method should accept a Python object and return bytes. A ``ValueError``
+        should be raised for malformed inputs. Default: ``None``, which will
+        use :class:`pyramid.session.PickleSerializer`.
     """
-    def __init__(self, secret):
+    def __init__(self, secret, serializer=None):
         if len(secret) != SecretBox.KEY_SIZE:
             raise ValueError(
-                "Secret should be a random bytes string of length %d"
-                    % SecretBox.KEY_SIZE)
+                "Secret should be a random bytes string of length %d" %
+                SecretBox.KEY_SIZE)
         self.box = SecretBox(secret)
 
+        if serializer is None:
+            serializer = PickleSerializer()
+
+        self.serializer = serializer
+
     def loads(self, encrypted_state):
         """Decrypt session state.
 
@@ -31,7 +42,7 @@ def loads(self, encrypted_state):
                   ``session_state`` to :meth:`dumps`.
         """
         payload = self.box.decrypt(urlsafe_b64decode(encrypted_state))
-        return pickle.loads(payload)
+        return self.serializer.loads(payload)
 
     def dumps(self, session_state):
         """Encrypt session state.
@@ -42,7 +53,6 @@ def dumps(self, session_state):
         :rtype: bytes
         :returns: the encrypted session state
         """
-        pickled = pickle.dumps(session_state)
+        cstruct = self.serializer.dumps(session_state)
         nonce = random(SecretBox.NONCE_SIZE)
-        return urlsafe_b64encode(self.box.encrypt(pickled, nonce))
-
+        return urlsafe_b64encode(self.box.encrypt(cstruct, nonce))

pyramid_nacl_session/tests/test_serializer.py

@@ -1,11 +1,11 @@
 import unittest
 
 
-class EncryptingPickleSerializerTests(unittest.TestCase):
+class EncryptedSerializerTests(unittest.TestCase):
 
     def _getTargetClass(self):
-        from ..serializer import EncryptingPickleSerializer
-        return EncryptingPickleSerializer
+        from ..serializer import EncryptedSerializer
+        return EncryptedSerializer
 
     def _makeOne(self, *args, **kw):
         return self._getTargetClass()(*args, **kw)
@@ -20,7 +20,7 @@ def test_dumps(self):
         SECRET = 'SEEKRIT!' * 4  # 32 bytes
         NONCE = b'\x01' * 24
         APPSTRUCT = {'foo': 'bar'}
-        PICKLED = pickle.dumps(APPSTRUCT)
+        PICKLED = pickle.dumps(APPSTRUCT, pickle.HIGHEST_PROTOCOL)
         _base64_called = []
         def _base64_encode(what):
             _base64_called.append(what)
@@ -42,7 +42,7 @@ def test_loads(self):
         SECRET = 'SEEKRIT!' * 4  # 32 bytes
         NONCE = b'\x01' * 24
         APPSTRUCT = {'foo': 'bar'}
-        PICKLED = pickle.dumps(APPSTRUCT)
+        PICKLED = pickle.dumps(APPSTRUCT, pickle.HIGHEST_PROTOCOL)
         CIPHERTEXT = PICKLED + b':' + NONCE
         _base64_called = []
         def _base64_decode(what):