Merge pull request #17 from diegojromerolopez/fix-safe_value-issue

Fix save_value issue

Author: diegojromerolopez

CHANGES.md

@@ -1,6 +1,10 @@
 Changes
 =======
 
+Version 0.6.9
+-------------
+* Fix: fix passing simple values (strings or numbers) as parameters.
+
 Version 0.6.8
 -------------
 * Feature: "onload" parameter for the async_include template_tag, allowing calling a callback function.

async_include/crypto.py

@@ -5,17 +5,17 @@
 from Crypto.Cipher import AES
 
 
-def encrypt(key, data):
+def encrypt(key: str, text: str):
     cipher = AES.new(key.encode('utf-8'), AES.MODE_EAX)
-    encrypted_data, tag = cipher.encrypt_and_digest(data.encode('utf-8'))
+    encrypted_data, tag = cipher.encrypt_and_digest(text.encode('utf-8'))
     return cipher.nonce, encrypted_data, tag
 
 
-def decrypt(key, nonce, encrypted_data, tag):
+def decrypt(key: str, nonce: str, encrypted_data: str, tag: str):
     cipher = AES.new(
-        key.encode('utf-8'), AES.MODE_EAX, nonce.encode('latin-1')
+        key.encode('utf-8'), AES.MODE_EAX, nonce.encode('utf-8')
     )
     data = cipher.decrypt_and_verify(
-        encrypted_data.encode('latin-1'), tag.encode('latin-1')
+        encrypted_data.encode('utf-8'), tag.encode('utf-8')
     )
     return data.decode('utf-8')

async_include/templatetags/async_include.py

@@ -126,7 +126,7 @@ def async_include(context, template_path, *args, **kwargs):
             sql_query, params = context_object.query.sql_with_params()
 
             nonce, encrypted_sql, tag = crypto.encrypt(
-                key=settings.SECRET_KEY[:16], data=sql_query
+                key=settings.SECRET_KEY[:16], text=sql_query
             )
 
             replacements['context'][context_object_name] = {
@@ -142,7 +142,10 @@ def async_include(context, template_path, *args, **kwargs):
         # Safe values are sent as is to the view
         # that will render the template
         else:
-            context_object_as_str = '{0}'.format(context_object)
+            if isinstance(context_object, str):
+                context_object_as_str = context_object
+            else:
+                context_object_as_str = '{0}'.format(context_object)
             replacements['context'][context_object_name] = {
                 'type': 'safe_value',
                 'value': context_object,

async_include/views.py

@@ -101,7 +101,7 @@ def get_template(request):
             # Checking if JSON has been tampered
             if (
                 context_object_load_params['__checksum__'] !=
-                    checksum.make(value_as_str)
+                    checksum.make(value)
             ):
                 return HttpResponse(
                     status=403,

setup.py

@@ -20,7 +20,7 @@
 
 setup(
     name="django-async-include",
-    version="0.6.8",
+    version="0.6.9",
     author="Diego J. Romero López",
     author_email="[email protected]",
     description=(