From 8c0c0235b6a23a0d69cd77286d0212de90d4af44 Mon Sep 17 00:00:00 2001 From: Claude Paroz Date: Thu, 30 Jan 2020 10:31:47 +0100 Subject: [PATCH] Added tests for signing non-string values and updated docs. --- docs/topics/signing.txt | 9 +++++++++ tests/signing/tests.py | 15 +++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/docs/topics/signing.txt b/docs/topics/signing.txt index 5c2856fbb7..5fa537c579 100644 --- a/docs/topics/signing.txt +++ b/docs/topics/signing.txt @@ -53,6 +53,15 @@ You can retrieve the original value using the ``unsign`` method:: >>> original 'My string' +If you pass a non-string value to ``sign``, the value will be forced to string +before being signed, and the ``unsign`` result will give you that string +value:: + + >>> signed = signer.sign(2.5) + >>> original = signer.unsign(signed) + >>> original + '2.5' + If the signature or value have been altered in any way, a ``django.core.signing.BadSignature`` exception will be raised:: diff --git a/tests/signing/tests.py b/tests/signing/tests.py index 8e0cb0dc3b..d0767c0703 100644 --- a/tests/signing/tests.py +++ b/tests/signing/tests.py @@ -49,6 +49,21 @@ class TestSigner(SimpleTestCase): self.assertNotEqual(example, signed) self.assertEqual(example, signer.unsign(signed)) + def test_sign_unsign_non_string(self): + signer = signing.Signer('predictable-secret') + values = [ + 123, + 1.23, + True, + datetime.date.today(), + ] + for value in values: + with self.subTest(value): + signed = signer.sign(value) + self.assertIsInstance(signed, str) + self.assertNotEqual(signed, value) + self.assertEqual(signer.unsign(signed), str(value)) + def test_unsign_detects_tampering(self): "unsign should raise an exception if the value has been tampered with" signer = signing.Signer('predictable-secret')