Compress only tokens that start with dot

Author: tomasMizera

mergin/client.py

@@ -66,22 +66,26 @@ def decode_token_data(token):
     if not token.startswith(token_prefix):
         raise TokenError(f"Token doesn't start with 'Bearer ': {token}")
     try:
-        data = token[len(token_prefix) :]
-        
-        if data.startswith('.'):
-            data = data.lstrip(".")
+        token_raw = token[len(token_prefix) :]
+        is_compressed = False
+
+        # compressed tokens start with dot,
+        # see https://github.com/pallets/itsdangerous/blob/main/src/itsdangerous/url_safe.py#L55
+        if token_raw.startswith("."):
+            token_raw = token_raw.lstrip(".")
+            is_compressed = True
+
+        payload_raw = token_raw.split(".")[0]
 
-        data = data.split(".")[0]
         # add proper base64 padding
-        data += "=" * (-len(data) % 4)
-        data = base64.urlsafe_b64decode(data)
+        payload_raw += "=" * (-len(payload_raw) % 4)
+        payload_data = base64.urlsafe_b64decode(payload_raw)
 
-        try:
-            data = zlib.decompress(data)
-        except zlib.error as e:
-            print("There was an issue during decompression, continuing without it, error:", e)
+        if is_compressed:
+            payload_data = zlib.decompress(payload_data)
+
+        return json.loads(payload_data)
 
-        return json.loads(data)
     except (IndexError, TypeError, ValueError, zlib.error):
         raise TokenError(f"Invalid token data: {token}")
 

mergin/test/test_client.py

@@ -165,7 +165,7 @@ def test_login(mc):
 
     with pytest.raises(LoginError, match="Invalid username or password"):
         mc.login("foo", "bar")
-    
+
     valid_token_dot = "Bearer .eJxNi0kKgDAMAL8iubqQRuuSkz-RojkEWi0uIIh_Fz15G2aYC45N1kEnYJN9PLsgwOCijl5l3iEDCU793_VyuhC9FOMS3n5GXd-JkGyObU6UmI6pZoNFZRtbUorIiHA_KFshoA.abc.def"
     decoded_value = decode_token_data(valid_token_dot)