mirror of https://github.com/django/django.git
Refs #27468 -- Removed support for the pre-Django 3.1 signatures in Signer and signing.dumps()/loads().
Per deprecation timeline.
This commit is contained in:
parent
8250145a0c
commit
d32a232fe9
|
@ -120,9 +120,6 @@ def loads(s, key=None, salt='django.core.signing', serializer=JSONSerializer, ma
|
||||||
|
|
||||||
|
|
||||||
class Signer:
|
class Signer:
|
||||||
# RemovedInDjango40Warning.
|
|
||||||
legacy_algorithm = 'sha1'
|
|
||||||
|
|
||||||
def __init__(self, key=None, sep=':', salt=None, algorithm=None):
|
def __init__(self, key=None, sep=':', salt=None, algorithm=None):
|
||||||
self.key = key or settings.SECRET_KEY
|
self.key = key or settings.SECRET_KEY
|
||||||
self.sep = sep
|
self.sep = sep
|
||||||
|
@ -139,10 +136,6 @@ class Signer:
|
||||||
def signature(self, value):
|
def signature(self, value):
|
||||||
return base64_hmac(self.salt + 'signer', value, self.key, algorithm=self.algorithm)
|
return base64_hmac(self.salt + 'signer', value, self.key, algorithm=self.algorithm)
|
||||||
|
|
||||||
def _legacy_signature(self, value):
|
|
||||||
# RemovedInDjango40Warning.
|
|
||||||
return base64_hmac(self.salt + 'signer', value, self.key, algorithm=self.legacy_algorithm)
|
|
||||||
|
|
||||||
def sign(self, value):
|
def sign(self, value):
|
||||||
return '%s%s%s' % (value, self.sep, self.signature(value))
|
return '%s%s%s' % (value, self.sep, self.signature(value))
|
||||||
|
|
||||||
|
@ -150,12 +143,7 @@ class Signer:
|
||||||
if self.sep not in signed_value:
|
if self.sep not in signed_value:
|
||||||
raise BadSignature('No "%s" found in value' % self.sep)
|
raise BadSignature('No "%s" found in value' % self.sep)
|
||||||
value, sig = signed_value.rsplit(self.sep, 1)
|
value, sig = signed_value.rsplit(self.sep, 1)
|
||||||
if (
|
if constant_time_compare(sig, self.signature(value)):
|
||||||
constant_time_compare(sig, self.signature(value)) or (
|
|
||||||
self.legacy_algorithm and
|
|
||||||
constant_time_compare(sig, self._legacy_signature(value))
|
|
||||||
)
|
|
||||||
):
|
|
||||||
return value
|
return value
|
||||||
raise BadSignature('Signature "%s" does not match' % sig)
|
raise BadSignature('Signature "%s" does not match' % sig)
|
||||||
|
|
||||||
|
|
|
@ -285,3 +285,10 @@ to remove usage of these features.
|
||||||
use the SHA-1 hashing algorithm) is removed.
|
use the SHA-1 hashing algorithm) is removed.
|
||||||
|
|
||||||
* Support for the pre-Django 3.1 encoding format of sessions is removed.
|
* Support for the pre-Django 3.1 encoding format of sessions is removed.
|
||||||
|
|
||||||
|
* Support for the pre-Django 3.1 ``django.core.signing.Signer`` signatures
|
||||||
|
(encoded with the SHA-1 algorithm) is removed.
|
||||||
|
|
||||||
|
* Support for the pre-Django 3.1 ``django.core.signing.dumps()`` signatures
|
||||||
|
(encoded with the SHA-1 algorithm) in ``django.core.signing.loads()`` is
|
||||||
|
removed.
|
||||||
|
|
|
@ -67,14 +67,6 @@ class TestSigner(SimpleTestCase):
|
||||||
with self.assertRaisesMessage(InvalidAlgorithm, msg):
|
with self.assertRaisesMessage(InvalidAlgorithm, msg):
|
||||||
signer.sign('hello')
|
signer.sign('hello')
|
||||||
|
|
||||||
def test_legacy_signature(self):
|
|
||||||
# RemovedInDjango40Warning: pre-Django 3.1 signatures won't be
|
|
||||||
# supported.
|
|
||||||
signer = signing.Signer()
|
|
||||||
sha1_sig = 'foo:l-EMM5FtewpcHMbKFeQodt3X9z8'
|
|
||||||
self.assertNotEqual(signer.sign('foo'), sha1_sig)
|
|
||||||
self.assertEqual(signer.unsign(sha1_sig), 'foo')
|
|
||||||
|
|
||||||
def test_sign_unsign(self):
|
def test_sign_unsign(self):
|
||||||
"sign/unsign should be reversible"
|
"sign/unsign should be reversible"
|
||||||
signer = signing.Signer('predictable-secret')
|
signer = signing.Signer('predictable-secret')
|
||||||
|
@ -151,14 +143,6 @@ class TestSigner(SimpleTestCase):
|
||||||
self.assertNotEqual(o, signing.dumps(o, compress=True))
|
self.assertNotEqual(o, signing.dumps(o, compress=True))
|
||||||
self.assertEqual(o, signing.loads(signing.dumps(o, compress=True)))
|
self.assertEqual(o, signing.loads(signing.dumps(o, compress=True)))
|
||||||
|
|
||||||
def test_dumps_loads_legacy_signature(self):
|
|
||||||
# RemovedInDjango40Warning: pre-Django 3.1 signatures won't be
|
|
||||||
# supported.
|
|
||||||
value = 'a string \u2020'
|
|
||||||
# SHA-1 signed value.
|
|
||||||
signed = 'ImEgc3RyaW5nIFx1MjAyMCI:1k1beT:ZfNhN1kdws7KosUleOvuYroPHEc'
|
|
||||||
self.assertEqual(signing.loads(signed), value)
|
|
||||||
|
|
||||||
@ignore_warnings(category=RemovedInDjango40Warning)
|
@ignore_warnings(category=RemovedInDjango40Warning)
|
||||||
def test_dumps_loads_default_hashing_algorithm_sha1(self):
|
def test_dumps_loads_default_hashing_algorithm_sha1(self):
|
||||||
value = 'a string \u2020'
|
value = 'a string \u2020'
|
||||||
|
|
Loading…
Reference in New Issue