summaryrefslogtreecommitdiff
path: root/django/core/signing.py
AgeCommit message (Collapse)Author
2025-08-27Fixed #36572 -- Revert "Fixed #36546 -- Deprecated ↵Sarah Boyce
django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest()." This reverts commit 0246f478882c26bc1fe293224653074cd46a90d0.
2025-08-25Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in ↵SaJH
favor of hmac.compare_digest(). Signed-off-by: SaJH <wogur981208@gmail.com>
2025-07-23Refs #36500 -- Rewrapped long docstrings and block comments via a script.django-bot
Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2023-09-18Refs #33199 -- Removed support for passing positional arguments to ↵Mariusz Felisiak
Signer/TimestampSigner. Per deprecation timeline.
2022-12-09Fixed #33199 -- Deprecated passing positional arguments to ↵SirAbhi13
Signer/TimestampSigner. Thanks Jacob Walls for the implementation idea.
2022-02-17Refs #27468 -- Updated django.core.signing docstring.Matthias Kestenholz
Follow up to 71c4fb7beb8e3293243140e4bd74e53989196440.
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-02-01Fixed #30360 -- Added support for secret key rotation.tschilling
Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
2021-05-07Fixed #32712 -- Deprecated django.utils.baseconv module.Hasan Ramezani
2021-01-14Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
Per deprecation timeline.
2021-01-14Refs #27468 -- Removed support for the pre-Django 3.1 signatures in Signer ↵Mariusz Felisiak
and signing.dumps()/loads(). Per deprecation timeline.
2021-01-06Refs #32191 -- Added Signer.sign_object()/unsign_object().Florian Apolloner
Co-authored-by: Craig Smith <hello@craigiansmith.com.au>
2020-08-04Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.Mariusz Felisiak
It's a transitional setting helpful in migrating multiple instance of the same project to Django 3.1+. Thanks Markus Holtermann for the report and review, Florian Apolloner for the implementation idea and review, and Carlton Gibson for the review.
2020-04-15Refs #27468 -- Changed default Signer algorithm to SHA-256.Claude Paroz
2020-01-08Refs #23919 -- Removed obsolete comment in signing.pyClaude Paroz
2019-10-29Fixed #30899 -- Lazily compiled import time regular expressions.Hasan Ramezani
2018-11-09Fixed signing.dumps() example for Python 3.minusf
2018-02-07Refs #27795 -- Replaced force_bytes() usage in django.core.signing.Asif Saifuddin Auvi
2018-01-12Fixed #28996 -- Simplified some boolean constructs and removed trivial ↵Дилян Палаузов
continue statements.
2017-02-28Clarified HMAC usage in signing.dumps() docstring.Blake Griffith
2017-02-21Refs #27656 -- Updated django.core docstring verbs according to PEP 257.Anton Samarchyan
2017-02-07Refs #27795 -- Removed force_text from the template layerClaude Paroz
Thanks Tim Graham for the review.
2017-01-26Refs #23919, #27778 -- Removed obsolete mentions of unicode.Vytis Banaitis
2017-01-25Refs #23919 -- Replaced super(ClassName, self) with super().chillaranand
2017-01-20Removed u'' prefx in django/core/signing.py comment.Srinivas Reddy Thatiparthy
2017-01-20Refs #23919 -- Removed unneeded force_str callsClaude Paroz
2017-01-19Refs #23919 -- Stopped inheriting from object to define new style classes.Simon Charette
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-04-08Fixed E128 flake8 warnings in django/.Tim Graham
2015-09-23Refs #22804 -- Made an unsafe value of 'sep' in Signer an exception.Tim Graham
Per deprecation timeline.
2015-07-07Fixed #22804 -- Added warning for unsafe value of 'sep' in SignerDavid Wolever
Thanks Jaap Roes for completing the patch.
2014-11-15Fixed #21363 -- Added datetime.timedelta support to TimestampSigner.unsign().Berker Peksag
2014-03-30Corrected many style guide violations that the newest version of flake8 catchesAlex Gaynor
2014-03-03Fixed many typos in comments and docstrings.Rodolfo Carvalho
Thanks Piotr Kasprzyk for help with the patch.
2014-02-16Fixed #19980: Signer broken for binary keys (with non-ASCII chars).MattBlack85
With this pull request, request #878 should considered closed. Thanks to nvie for the patch.
2014-02-08Fixed #21674 -- Deprecated the import_by_path() function in favor of ↵Berker Peksag
import_string(). Thanks Aymeric Augustin for the suggestion and review.
2013-10-11Fixed assorted flake8 errors.Tim Graham
2013-07-03Fixed #20687 -- Added documentation for django.core.signing API.Tomáš Ehrlich
Thanks Baptiste Mispelon for the suggestion.
2013-02-04Fixed #17061 -- Factored out importing object from a dotted pathClaude Paroz
Thanks Carl Meyer for the report.
2012-10-28Required serializer to use bytes in loads/dumpsAymeric Augustin
loads has no way to tell if it should provide text or bytes to the serializer; bytes are more reasonnable for a serialized representation, and are the only option for pickled data. dumps can perform conversions on the value it receives from the serializer; but for consistency it seems better to require bytes too. The current code would cause an exception when loading pickled session data. See next commit. Also fixed a bug when checking for compressed data.
2012-08-25Fixed #18852 -- Restored backwards compatibilityAymeric Augustin
in django.core.signing. Specifically, kept the same return types (str/unicode) under Python 2. Related to [92b2dec918].
2012-08-10[py3] Made signing infrastructure pass tests with Python 3Claude Paroz
2012-08-07[py3] Ported django.utils.encoding.Aymeric Augustin
* Renamed smart_unicode to smart_text (but kept the old name under Python 2 for backwards compatibility). * Renamed smart_str to smart_bytes. * Re-introduced smart_str as an alias for smart_text under Python 3 and smart_bytes under Python 2 (which is backwards compatible). Thus smart_str always returns a str objects. * Used the new smart_str in a few places where both Python 2 and 3 want a str.
2012-04-29Fixed #18013 -- Use the new 'as' syntax for exceptions.Claude Paroz
Thanks Clueless for the initial patch. Note that unittest has been purposely left out (external package only used by Python 2.6).
2012-04-29Fixed #18023 -- Removed bundled simplejson.Aymeric Augustin
And started the deprecation path for django.utils.simplejson. Thanks Alex Ogier, Clueless, and other contributors for their work on the patch.
2011-06-27Fixed #16354 -- Fixed typo in signing docstring. Thanks, charettes.Jannis Leidel
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16471 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-26Fixed #16199 -- Added a Cookie based session backend. Many thanks to Eric ↵Jannis Leidel
Florenzano for his initial work and Florian Apollaner for reviewing. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16466 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-26Fixed #16285 -- Removed a misleading comment from the signing code, thanks ↵Jannis Leidel
PaulM. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16458 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-17Backed out [16356] due to later rejection of #16182.Andrew Godwin
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16426 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-06-10Fixed #16182: Increase timestamp precision on TimestampSigner. Thanks to ↵Andrew Godwin
Eric Florenzano. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16356 bcc190cf-cafb-0310-a4f2-bffc1f526a37