fix session config (#465)

* fix session config Changes: - fix unneccessarily restricted session config - remove duplicate argument for ruff (it is already specified in pyproject.toml) * Changes: - fix test - don't allow empty keys^ * bump lilya version, fix cookie data type --------- Co-authored-by: Tiago Silva <[email protected]>
dymmond · Dec 27, 2024 · 1b8dae9 · 1b8dae9
1 parent eb3ac9b
commit 1b8dae9
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 22 deletions.
diff --git a/docs/en/docs/release-notes.md b/docs/en/docs/release-notes.md
@@ -5,6 +5,12 @@ hide:
 
 # Release Notes
 
+## 3.6.3
+
+### Fixed
+
+- SessionConfig has a unneccessarily heavily restricted secret_key parameter.
+
 ## 3.6.2
 
 ### Added

diff --git a/esmerald/config/session.py b/esmerald/config/session.py
@@ -12,9 +12,7 @@
         Total seconds in a day.
         """
     ),
-] = (
-    60 * 60 * 24
-)
+] = 60 * 60 * 24
 
 
 class SessionConfig(BaseModel):
@@ -41,7 +39,7 @@ class SessionConfig(BaseModel):
     model_config = ConfigDict(arbitrary_types_allowed=True)
 
     secret_key: Annotated[
-        Union[str, Secret],
+        Union[str, bytes, Secret],
         Doc(
             """
             The string used for the encryption/decryption and used to create an HMAC to sign.
@@ -74,9 +72,7 @@ class SessionConfig(BaseModel):
             The number in seconds until the cookie expires.
             """
         ),
-    ] = (
-        SECONDS_IN_A_DAY * 180
-    )
+    ] = SECONDS_IN_A_DAY * 180
     https_only: Annotated[
         bool,
         Doc(
@@ -108,6 +104,6 @@ def validate_secret(
             ),
         ],
     ) -> Secret:
-        if len(value) not in [16, 24, 32]:
-            raise ValueError("secret length must be 16 (128 bit), 24 (192 bit) or 32 (256 bit)")
+        if not value:
+            raise ValueError("secret_key is empty")
         return value
diff --git a/pyproject.toml b/pyproject.toml
@@ -41,7 +41,7 @@ dependencies = [
     "email-validator >=2.2.0,<3.0.0",
     "itsdangerous>=2.1.2,<3.0.0",
     "jinja2>=3.1.2,<4.0.0",
-    "lilya>=0.11.9",
+    "lilya>=0.11.11",
     "loguru>=0.7.0,<0.8.0",
     "pydantic>=2.10,<3.0.0",
     "pydantic-settings>=2.0.0,<3.0.0",
@@ -147,7 +147,7 @@ clean_pyc = "find . -type f -name \"*.pyc\" -delete"
 clean_pyi = "find . -type f -name \"*.pyi\" -delete"
 clean_pycache = "find . -type d -name \"*__pycache__*\" -delete"
 build_with_check = "hatch build; twine check dist/*"
-lint = "ruff check --fix --line-length 99 esmerald tests docs_src {args}; hatch run test:check_types"
+lint = "ruff check --fix esmerald tests docs_src {args}; hatch run test:check_types"
 
 [tool.hatch.envs.docs]
 features = ["all", "docs"]

diff --git a/tests/handlers/test_to_response_data.py b/tests/handlers/test_to_response_data.py
@@ -200,8 +200,8 @@ def test_function() -> Redirect:
 
         cookies = response.headers.getlist("set-cookie")
         assert len(cookies) == 2
-        assert cookies[0] == b"redirect-cookie=xyz; Path=/; SameSite=lax"
-        assert cookies[1] == b"general-cookie=xxx; Path=/; SameSite=lax"
+        assert cookies[0] == "redirect-cookie=xyz; Path=/; SameSite=lax"
+        assert cookies[1] == "general-cookie=xxx; Path=/; SameSite=lax"
         assert response.background == background_task
 
 
@@ -266,8 +266,8 @@ def test_function() -> File:
 
         cookies = response.headers.getlist("set-cookie")
         assert len(cookies) == 3
-        assert cookies[0] == b"file-cookie=xyz; Path=/; SameSite=lax"
-        assert cookies[1] == b"general-cookie=xxx; Path=/; SameSite=lax"
+        assert cookies[0] == "file-cookie=xyz; Path=/; SameSite=lax"
+        assert cookies[1] == "general-cookie=xxx; Path=/; SameSite=lax"
         assert response.background == background_task
 
 
@@ -317,8 +317,8 @@ def test_function() -> Stream:
 
             cookies = response.headers.getlist("set-cookie")
             assert len(cookies) == 3
-            assert cookies[0] == b"streaming-cookie=xyz; Path=/; SameSite=lax"
-            assert cookies[1] == b"general-cookie=xxx; Path=/; SameSite=lax"
+            assert cookies[0] == "streaming-cookie=xyz; Path=/; SameSite=lax"
+            assert cookies[1] == "general-cookie=xxx; Path=/; SameSite=lax"
             assert response.background == background_task
     else:
         with pytest.raises(ValidationError):
@@ -356,6 +356,6 @@ def test_function() -> Template:
 
         cookies = response.headers.getlist("set-cookie")
         assert len(cookies) == 2
-        assert cookies[0] == b"template-cookie=xyz; Path=/; SameSite=lax"
-        assert cookies[1] == b"general-cookie=xxx; Path=/; SameSite=lax"
+        assert cookies[0] == "template-cookie=xyz; Path=/; SameSite=lax"
+        assert cookies[1] == "general-cookie=xxx; Path=/; SameSite=lax"
         assert response.background == background_task
diff --git a/tests/middleware/test_session_middleware.py b/tests/middleware/test_session_middleware.py
@@ -20,9 +20,6 @@
         [os.urandom(16), False],
         [os.urandom(24), False],
         [os.urandom(32), False],
-        [os.urandom(17), True],
-        [os.urandom(4), True],
-        [os.urandom(100), True],
         [b"", True],
     ],
 )