Ubuntu
python-django-openid-auth package

Not compatible with the Django 1.6 default JSON_SESSION_SERIALIZER

Bug #1252826 reported by Tim Abbott
40
This bug affects 7 people
Affects Status Importance Assigned to Milestone
django-openid-auth
Confirmed
Undecided
Unassigned
python-django-openid-auth (Ubuntu)
Triaged
Medium
Unassigned

Bug Description

In Django 1.6, the default session serliazer has been switched to one based on JSON, rather than pickles, to improve security. Django-openid-auth does not support this because it attemps to store content that is not JSON serializable in sessions. See https://docs.djangoproject.com/en/dev/releases/1.6/#default-session-serialization-switched-to-json for details on the Django 1.6 change.

Revision history for this message
Andrew Starr-Bochicchio (andrewsomething) wrote :

I can confirm this. Traceback below:

Environment:

Request Method: GET
Request URL: http://127.0.0.1:8000/openid/login/

Django Version: 1.6
Python Version: 2.7.5
Installed Applications:
('django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django_openid_auth',
 'django.contrib.admin',
 'django.contrib.comments',
 'uploads')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware')

Traceback:
File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py" in get_response
  201. response = middleware_method(request, response)
File "/usr/lib/python2.7/dist-packages/django/contrib/sessions/middleware.py" in process_response
  38. request.session.save()
File "/usr/lib/python2.7/dist-packages/django/contrib/sessions/backends/db.py" in save
  57. session_data=self.encode(self._get_session(no_load=must_create)),
File "/usr/lib/python2.7/dist-packages/django/contrib/sessions/backends/base.py" in encode
  87. serialized = self.serializer().dumps(session_dict)
File "/usr/lib/python2.7/dist-packages/django/core/signing.py" in dumps
  88. return json.dumps(obj, separators=(',', ':')).encode('latin-1')
File "/usr/lib/python2.7/json/__init__.py" in dumps
  250. sort_keys=sort_keys, **kw).encode(obj)
File "/usr/lib/python2.7/json/encoder.py" in encode
  207. chunks = self.iterencode(o, _one_shot=True)
File "/usr/lib/python2.7/json/encoder.py" in iterencode
  270. return _iterencode(o, 0)
File "/usr/lib/python2.7/json/encoder.py" in default
  184. raise TypeError(repr(o) + " is not JSON serializable")

Exception Type: TypeError at /openid/login/
Exception Value: <openid.yadis.manager.YadisServiceManager object at 0x7fa43c0bea50> is not JSON serializable

Changed in django-openid-auth:
status: New → Confirmed
Revision history for this message
Mathieu Comandon (strycore) wrote :

I tried to write a patch for this but couldn't figure out how, I guess it has something to do with python-openid itself, not sure as I don't have a deep knowledge of this codebase.

Anyway, the best I could do was reverting to the old Pickle serializer as a workaround. I updated the test project accordingly on my branch : https://code.launchpad.net/~strycore/django-openid-auth/trunk

Btw, this branch contains other patches necessary to provide Django 1.6 compatibility.

Andrew Starr-Bochicchio (andrewsomething)
Changed in python-django-openid-auth (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Lucy Llewellyn (lucyllewy) wrote :

one potential fix is to follow https://github.com/openid/python-openid/blob/master/openid/consumer/consumer.py#L90 which suggests that it can work in stateless mode by passing `None` to the `Consumer` constructor instead of the django session.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.