Refs #27468 -- Removed support for the pre-Django 3.1 signatures in Signer and signing.dumps()/loads().
Per deprecation timeline.
This commit is contained in:
parent
8250145a0c
commit
d32a232fe9
|
@ -120,9 +120,6 @@ def loads(s, key=None, salt='django.core.signing', serializer=JSONSerializer, ma
|
|||
|
||||
|
||||
class Signer:
|
||||
# RemovedInDjango40Warning.
|
||||
legacy_algorithm = 'sha1'
|
||||
|
||||
def __init__(self, key=None, sep=':', salt=None, algorithm=None):
|
||||
self.key = key or settings.SECRET_KEY
|
||||
self.sep = sep
|
||||
|
@ -139,10 +136,6 @@ class Signer:
|
|||
def signature(self, value):
|
||||
return base64_hmac(self.salt + 'signer', value, self.key, algorithm=self.algorithm)
|
||||
|
||||
def _legacy_signature(self, value):
|
||||
# RemovedInDjango40Warning.
|
||||
return base64_hmac(self.salt + 'signer', value, self.key, algorithm=self.legacy_algorithm)
|
||||
|
||||
def sign(self, value):
|
||||
return '%s%s%s' % (value, self.sep, self.signature(value))
|
||||
|
||||
|
@ -150,12 +143,7 @@ class Signer:
|
|||
if self.sep not in signed_value:
|
||||
raise BadSignature('No "%s" found in value' % self.sep)
|
||||
value, sig = signed_value.rsplit(self.sep, 1)
|
||||
if (
|
||||
constant_time_compare(sig, self.signature(value)) or (
|
||||
self.legacy_algorithm and
|
||||
constant_time_compare(sig, self._legacy_signature(value))
|
||||
)
|
||||
):
|
||||
if constant_time_compare(sig, self.signature(value)):
|
||||
return value
|
||||
raise BadSignature('Signature "%s" does not match' % sig)
|
||||
|
||||
|
|
|
@ -285,3 +285,10 @@ to remove usage of these features.
|
|||
use the SHA-1 hashing algorithm) is removed.
|
||||
|
||||
* Support for the pre-Django 3.1 encoding format of sessions is removed.
|
||||
|
||||
* Support for the pre-Django 3.1 ``django.core.signing.Signer`` signatures
|
||||
(encoded with the SHA-1 algorithm) is removed.
|
||||
|
||||
* Support for the pre-Django 3.1 ``django.core.signing.dumps()`` signatures
|
||||
(encoded with the SHA-1 algorithm) in ``django.core.signing.loads()`` is
|
||||
removed.
|
||||
|
|
|
@ -67,14 +67,6 @@ class TestSigner(SimpleTestCase):
|
|||
with self.assertRaisesMessage(InvalidAlgorithm, msg):
|
||||
signer.sign('hello')
|
||||
|
||||
def test_legacy_signature(self):
|
||||
# RemovedInDjango40Warning: pre-Django 3.1 signatures won't be
|
||||
# supported.
|
||||
signer = signing.Signer()
|
||||
sha1_sig = 'foo:l-EMM5FtewpcHMbKFeQodt3X9z8'
|
||||
self.assertNotEqual(signer.sign('foo'), sha1_sig)
|
||||
self.assertEqual(signer.unsign(sha1_sig), 'foo')
|
||||
|
||||
def test_sign_unsign(self):
|
||||
"sign/unsign should be reversible"
|
||||
signer = signing.Signer('predictable-secret')
|
||||
|
@ -151,14 +143,6 @@ class TestSigner(SimpleTestCase):
|
|||
self.assertNotEqual(o, signing.dumps(o, compress=True))
|
||||
self.assertEqual(o, signing.loads(signing.dumps(o, compress=True)))
|
||||
|
||||
def test_dumps_loads_legacy_signature(self):
|
||||
# RemovedInDjango40Warning: pre-Django 3.1 signatures won't be
|
||||
# supported.
|
||||
value = 'a string \u2020'
|
||||
# SHA-1 signed value.
|
||||
signed = 'ImEgc3RyaW5nIFx1MjAyMCI:1k1beT:ZfNhN1kdws7KosUleOvuYroPHEc'
|
||||
self.assertEqual(signing.loads(signed), value)
|
||||
|
||||
@ignore_warnings(category=RemovedInDjango40Warning)
|
||||
def test_dumps_loads_default_hashing_algorithm_sha1(self):
|
||||
value = 'a string \u2020'
|
||||
|
|
Loading…
Reference in New Issue