Home Explore Help
Sign In
CityApper
/
django
mirror of https://github.com/django/django
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Refs #27468 -- Added tests and release notes for signing.dumps()/loads() changes.

Follow up to 71c4fb7beb8e3293243140e4bd74e53989196440.
Mariusz Felisiak 4 years ago
parent
f4ac167119
commit
1d6fdca557
4 changed files with 17 additions and 5 deletions
Split View Show Diff Stats
  1. 4 0
      docs/internals/deprecation.txt
  2. 4 3
      docs/releases/3.1.txt
  3. 2 2
      docs/topics/signing.txt
  4. 7 0
      tests/signing/tests.py

+ 4 - 0
docs/internals/deprecation.txt
View File 

@@ -76,6 +76,10 @@ details on these changes.
 
 * Support for the pre-Django 3.1 ``django.core.signing.Signer`` signatures
 
   (encoded with the SHA-1 algorithm) will be removed.
 
 
+* Support for the pre-Django 3.1 ``django.core.signing.dumps()`` signatures
 
+  (encoded with the SHA-1 algorithm) in ``django.core.signing.loads()`` will be
 
+  removed.
 
+
 
 * Support for the pre-Django 3.1 user sessions (that use the SHA-1 algorithm)
 
   will be removed.

+ 4 - 3
docs/releases/3.1.txt
View File 

@@ -418,9 +418,10 @@ Security
 
   origins. If you need the previous behavior, explicitly set
 
   :setting:`SECURE_REFERRER_POLICY` to ``None``.
 
 
-* The default :class:`django.core.signing.Signer` algorithm is changed to the
 
-  SHA-256. Support for signatures made with the old SHA-1 algorithm remains
 
-  until Django 4.0.
 
+* The default algorithm of :class:`django.core.signing.Signer`,
 
+  :meth:`django.core.signing.loads`, and :meth:`django.core.signing.dumps` is
 
+  changed to the SHA-256. Support for signatures made with the old SHA-1
 
+  algorithm remains until Django 4.0.
 
 
   Also, the new ``algorithm`` parameter of the
 
   :class:`~django.core.signing.Signer` allows customizing the hashing

+ 2 - 2
docs/topics/signing.txt
View File 

@@ -187,8 +187,8 @@ and tuples) if you pass in a tuple, you will get a list from
 
 
 .. function:: dumps(obj, key=None, salt='django.core.signing', serializer=JSONSerializer, compress=False)
 
 
-    Returns URL-safe, sha1 signed base64 compressed JSON string. Serialized
 
-    object is signed using :class:`~TimestampSigner`.
 
+    Returns URL-safe, signed base64 compressed JSON string. Serialized object
 
+    is signed using :class:`~TimestampSigner`.
 
 
 .. function:: loads(string, key=None, salt='django.core.signing', serializer=JSONSerializer, max_age=None)

+ 7 - 0
tests/signing/tests.py
View File 

@@ -126,6 +126,13 @@ class TestSigner(SimpleTestCase):
 
             self.assertNotEqual(o, signing.dumps(o, compress=True))
 
             self.assertEqual(o, signing.loads(signing.dumps(o, compress=True)))
 
 
+    def test_dumps_loads_legacy_signature(self):
 
+        # RemovedInDjango40Warning: pre-Django 3.1 signatures won't be
 
+        # supported.
 
+        value = 'a string \u2020'
 
+        signed = signing.dumps(value, algorithm='sha1')
 
+        self.assertEqual(signing.loads(signed), value)
 
+
 
     def test_decode_detects_tampering(self):
 
         "loads should raise exception for tampered objects"
 
         transforms = (