Refs #27604 -- Removed support for the pre-Django 3.1 encoding format in CookieStorage.

Per deprecation timeline.
2021-01-11 12:49:16 +01:00 · 2021-01-11 12:49:16 +01:00 · 831a05b185
parent d08977a0f0
commit 831a05b185
3 changed files with 4 additions and 37 deletions
--- a/django/contrib/messages/storage/cookie.py
+++ b/django/contrib/messages/storage/cookie.py
@ -4,7 +4,6 @@ from django.conf import settings
 from django.contrib.messages.storage.base import BaseStorage, Message
 from django.core import signing
 from django.http import SimpleCookie
 from django.utils.crypto import constant_time_compare, salted_hmac
 from django.utils.safestring import SafeData, mark_safe
@ -139,18 +138,6 @@ class CookieStorage(BaseStorage):
        self._update_cookie(encoded_data, response)
        return unstored_messages
    def _legacy_hash(self, value):
        """
        # RemovedInDjango40Warning: pre-Django 3.1 hashes will be invalid.
        Create an HMAC/SHA1 hash based on the value and the project setting's
        SECRET_KEY, modified to make it unique for the present purpose.
        """
        # The class wide key salt is not reused here since older Django
        # versions had it fixed and making it dynamic would break old hashes if
        # self.key_salt is changed.
        key_salt = 'django.contrib.messages'
        return salted_hmac(key_salt, value).hexdigest()
    def _encode(self, messages, encode_empty=False):
        """
        Return an encoded version of the messages list which can be stored as
@ -178,10 +165,7 @@ class CookieStorage(BaseStorage):
        # except (signing.BadSignature, json.JSONDecodeError):
        #     pass
        except signing.BadSignature:
-            # RemovedInDjango40Warning: when the deprecation ends, replace
+            decoded = None
            # with:
            #   decoded = None.
            decoded = self._legacy_decode(data)
        except json.JSONDecodeError:
            decoded = self.signer.unsign(data)
@ -195,12 +179,3 @@ class CookieStorage(BaseStorage):
        # with the data.
        self.used = True
        return None
    def _legacy_decode(self, data):
        # RemovedInDjango40Warning: pre-Django 3.1 hashes will be invalid.
        bits = data.split('$', 1)
        if len(bits) == 2:
            hash_, value = bits
            if constant_time_compare(hash_, self._legacy_hash(value)):
                return value
        return None
--- a/docs/releases/4.0.txt
+++ b/docs/releases/4.0.txt
@ -277,3 +277,6 @@ to remove usage of these features.
 * The ``django-admin.py`` entry point is removed.
 * The ``HttpRequest.is_ajax()`` method is removed.
 * Support for the pre-Django 3.1 encoding format of cookies values used by
  ``django.contrib.messages.storage.cookie.CookieStorage`` is removed.
--- a/tests/messages_tests/test_cookie.py
+++ b/tests/messages_tests/test_cookie.py
@ -181,17 +181,6 @@ class CookieTests(BaseTests, SimpleTestCase):
        self.assertIsInstance(encode_decode(mark_safe("<b>Hello Django!</b>")), SafeData)
        self.assertNotIsInstance(encode_decode("<b>Hello Django!</b>"), SafeData)
    def test_legacy_hash_decode(self):
        # RemovedInDjango40Warning: pre-Django 3.1 hashes will be invalid.
        storage = self.storage_class(self.get_request())
        messages = ['this', 'that']
        # Encode/decode a message using the pre-Django 3.1 hash.
        encoder = MessageEncoder()
        value = encoder.encode(messages)
        encoded_messages = '%s$%s' % (storage._legacy_hash(value), value)
        decoded_messages = storage._decode(encoded_messages)
        self.assertEqual(messages, decoded_messages)
    def test_legacy_encode_decode(self):
        # RemovedInDjango41Warning: pre-Django 3.2 encoded messages will be
        # invalid.