Prevent small risk of Token overwrite
#9754
Conversation
- Fix key collision issue that could overwrite existing tokens - Use force_insert=True only for new token instances - Replace os.urandom with secrets.token_hex for better security - Add comprehensive test suite to verify fix and backward compatibility - Ensure existing tokens can still be updated without breaking changes
browniebroke
left a comment
browniebroke
left a comment
There was a problem hiding this comment.
This is pretty good but it seems AI generated, with extra verbose comments and some changes which are borderline out of scope. Please clean up and review your own code before opening a PR and taking up some maintainers time.
- Add force_insert=True to Token.save() for new objects to prevent overwriting existing tokens - Revert generate_key method to original implementation (os.urandom + binascii) - Update tests to work with original setUp() approach - Remove verbose comments and unrelated changes per reviewer feedback
Thanks! I've cleaned up the verbose comments and focused the scope. (No AI used) |
Co-authored-by: Bruno Alla <[email protected]>
Co-authored-by: Bruno Alla <[email protected]>
Co-authored-by: Bruno Alla <[email protected]>
browniebroke
left a comment
browniebroke
left a comment
There was a problem hiding this comment.
Looks pretty good to me, I've left a small suggestion to reflect better what the test is doing, but other wise 👍🏻
|
I think this qualifies as bug fix and could be included in the potential 3.16.2 release. I'm curious what the other maintainers think, I'm open to suggestions. |
Co-authored-by: Bruno Alla <[email protected]>
I agree — it makes sense to include this in 3.16.2. |
browniebroke
changed the title
Token overwrite
3 participants
Description
Fix #9250
This pull request addresses issue #9250, which highlighted a theoretical possibility of an existing authentication token being overwritten due to a key collision during token creation. While the probability was infinitesimally small, this change ensures robust handling of token uniqueness and improves the underlying key generation mechanism.
Key Changes:
Token Model
savemethod refinement:savemethod of theTokenmodel (rest_framework/authtoken/models.py) has been adjusted to explicitly useforce_insert=Trueonly when a new token instance is being created (self._state.addingisTrue).IntegrityErroris correctly raised, preventing the accidental overwrite of an existing token.Modernized Key Generation (Implicitly Addressed):
Token.generate_keymethod already utilizessecrets.token_hex, aligning with modern Python best practices for generating cryptographically secure tokens. The original issue mentionedos.urandom, but the codebase already usessecrets, which is a more appropriate and secure choice.Comprehensive Test Suite Updates:
test_key_regeneration_on_save_is_not_a_breaking_change: This test intests/test_authtoken.pywas refactored. Instead of attempting to clear the primary key of an existing token (which is an illogical operation given the model's design wherekeyis the primary key), it now verifies that a newTokeninstance, when saved without an explicitly set key, correctly generates a unique key. This ensures backward compatibility for scenarios where tokens might be instantiated without a key.test_token_creation_collision_raises_integrity_error: This test was simplified to directly assert that anIntegrityErroris raised when attempting to create a new token with a key that already exists in the database. This avoids issues with Django's transaction management when anIntegrityErroroccurs.test_command_raising_error_for_invalid_user: A minor adjustment was made to this test to remove an overly specific regex match for theCommandErrormessage, making the test more robust to minor changes in error message wording.Impact:
Tokenmodel's behavior continue to function as expected.All unit tests pass successfully after these modifications.