0

I have the following code:

from itsdangerous import URLSafeTimedSerializer as Serialiser

class User(db.Model, UserMixin):
    def get_reset_token(self, expiration_sec=1800):
        s = Serialiser(app.config['SECRET_KEY'], expiration_sec)
        return s.dumps({'user_id': self.id})

When I try to execute this I get the following stack of errors:

rv = self.make_signer(salt).sign(payload)
     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\itsdangerous\timed.py", line 55, in sign
return value + sep + self.get_signature(value)
                     ^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\itsdangerous\signer.py", line 209, in get_signature
key = self.derive_key()
      ^^^^^^^^^^^^^^^^^
File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\itsdangerous\signer.py", line 195, in derive_key
bytes, self.digest_method(bytes(self.salt) + b"signer" + secret_key).digest()
                          ^^^^^^^^^^^^^^^^^^^^^
TypeError: unsupported operand type(s) for +: 'int' and 'bytes'

I am not really sure what the problem is here as I am quite new to this new module and using in flask applications

Michael
  • 11
  • 1

1 Answers1

0

The second parameter to URLSafeTimedSerializer is the encryption salt, not the expiration time. (You can see that from the traceback.)

I don't see an expiration time parameter to those classes.

Tim Roberts
  • 48,973
  • 4
  • 21
  • 30
  • I made that realisation much later than I should have. Now It works properly by just not passing the expiration_sec argument and passing to the loads function of the serialiser like this: `s.loads(serialised_string, expiration_sec)`. Thank you very much for your input though. – Michael Aug 21 '23 at 18:19