Add support for using utf8 compatible keys

- Change: cache key arguments accept utf8 strings
sdelements · Jul 23, 2024 · 455d7ba · 455d7ba
1 parent 1eefb84
commit 455d7ba
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 3 deletions.
diff --git a/security/auth_throttling/__init__.py b/security/auth_throttling/__init__.py
@@ -1,6 +1,7 @@
 import hashlib
 import logging
 import time
+import urllib.parse
 from math import ceil
 
 from django.contrib.auth import REDIRECT_FIELD_NAME
@@ -43,15 +44,22 @@ def delay_message(remainder):
         return _("%d seconds") % ceil(remainder)
 
 
+def _to_ascii_compatible(value: str):
+    if not value.isascii():
+        value = urllib.parse.quote(value)
+
+    return value
+
+
 def _key(counter_type, counter_name):
     """
     We store a hashed version of the key because what we generate can be
     too long, and it's possible the POST data we get could contain characters
     that memcache doesn't like.
     """
     key = "security.authentication_throttling.%s:%s" % (
-        counter_type,
-        counter_name,
+        _to_ascii_compatible(counter_type),
+        _to_ascii_compatible(counter_name),
     )
     return hashlib.sha256(key.encode("ascii")).hexdigest()
 

diff --git a/tests/tests.py b/tests/tests.py
@@ -18,7 +18,7 @@
 from security.auth_throttling import Middleware as AuthThrottlingMiddleware
 from security.auth_throttling import (attempt_count, default_delay_function,
                                       delay_message, increment_counters,
-                                      reset_counters)
+                                      reset_counters, throttling_delay)
 from security.middleware import (BaseMiddleware,
                                  ContentSecurityPolicyMiddleware,
                                  DoNotTrackMiddleware,
@@ -1071,3 +1071,16 @@ def test_improper_configuration_raises(self):
             "REFERRER_POLICY",
             "invalid",
         )
+
+
+class UnicodeDataTests(TestCase):
+    def test_unicode_data_in_cache_key(self):
+        username = "ñoñó1234"
+
+        try:
+            increment_counters(username=username, ip="127.0.0.1")
+            reset_counters(username=username, ip="127.0.0.1")
+            throttling_delay(username=username, ip="127.0.0.1")
+            attempt_count(attempt_type="auth", id=username)
+        except Exception:
+            self.fail("Unicodedata not allowed")