python - It's Dangerous not recognizing payload -
python - It's Dangerous not recognizing payload -
i'm using heroku scheduler run script outside of app. script in same folder run.py , procfile.
@manager.command def run_purge(): candidates = models.candidate.query.all() print "secret key --------->", os.environ["app_secret_key"] people_purged = [] candidate in candidates: if candidate.status != 0 , candidate.approved == true , over_30_days(candidate.last_status_change): payload = reactivate_account_link(candidate.email, 'reactivate_account') send_email("your business relationship innactive", "talenttracker", [candidate.email], payload) candidate.status = 0 db.session.commit() people_purged.append(candidate.email) else: pass homecoming send_email("purge completed", "talenttracker", email_to_admin, "purge completed --> {0}".format(people_purged)) the script generates payload using flask's it's dangerous , payload received within views file within app itself. works fine locally. however, when run live it's giving me "internal server error". through print statements, figured out it's triggering badsignature exception , i'm sure why. hunch it's secret key beingness outside of app when print secret key it's present!
@app.route('/candidates/reactivate_account/<payload>/') def reactivate_account(payload): s = get_serializer() try: candidate_email = s.loads(payload)[0] except badsignature: print "bad signature", payload, s.loads(payload) raise candidate = candidate.query.filter_by(email=candidate_email).first() candidate.status += 1 candidate.last_status_change = datetime.datetime.now() db.session.commit() commit_to_analytics(candidate.candidate_id, none, 4) homecoming render_template("test.html") this get_serializer looks outside of app.
def get_serializer(secret_key=none): if secret_key none: secret_key = app.secret_key homecoming urlsafeserializer(secret_key) # getting serialized urls def reactivate_account_link(candidate_email, path): s = get_serializer(os.environ["app_secret_key"]) loads = [candidate_email] payload = s.dumps(loads) homecoming url_for(path, payload=payload, _external=true) i'm creating separately outside of app function same within. i've tried version of explicitly phone call secret key didn't work either. instead of creating separately should import it?
----- sec update -----
i got work feeding both get_serialize functions - 1 in app , 1 outside - new `secret_key'.
however, when ran repr , == on os.environ["app_secret_key"] , app.secret_key values same. payloads matched too.
when print secret key in terminal appears without backslashes e.g. abcdefghi (which assumed right behaviour). in reality secret key has backslashes e.g. ab/cd/ef/gh/ij. i'm not sure related thought include.
python heroku flask
Comments
Post a Comment