Fernet messages can still be decrypted when garbage is appended

[dolph]

To reproduce, start with the beginning of the example from the docs at https://cryptography.io/en/latest/fernet/

>>> from cryptography.fernet import Fernet
>>> key = Fernet.generate_key()
>>> f = Fernet(key)
>>> token = f.encrypt(b"my deep dark secret")

It appears that you can append the token with whatever you want, and still produce the original secret:

>>> f.decrypt(token + '-GARBAGE')
'my deep dark secret'

Even random UUIDs:

>>> import uuid
>>> f.decrypt(token + uuid.uuid4().bytes)
'my deep dark secret'
>>> f.decrypt(token + uuid.uuid4().bytes)
'my deep dark secret'
>>> f.decrypt(token + uuid.uuid4().bytes)
'my deep dark secret'

I'd expect cryptography.fernet.InvalidToken to be raised in all these cases.

This behavior was originally reported by Matt Fischer against openstack/keystone in:

https://bugs.launchpad.net/keystone/+bug/1459483

[reaperhulk]

Thanks for the report @dolph. We're investigating the fix now.

[reaperhulk]

fernet/spec#11

[reaperhulk]

(This is stuck in fernet spec land. Closing in favor of tracking it over there)