Ticket #20687: ticket-20687.patch

File ticket-20687.patch, 2.8 KB (added by Elvard, 2 years ago)
  • django/core/signing.py

    diff --git a/django/core/signing.py b/django/core/signing.py
    index bbe53aa..d7f86f5 100644
    a b class TimestampSigner(Signer): 
    183183        return super(TimestampSigner, self).sign(value)
    184184
    185185    def unsign(self, value, max_age=None):
     186        """
     187        Retrieve original value and check it wasn't signed longer than
     188        max_age before (in seconds).
     189
     190        """
    186191        result =  super(TimestampSigner, self).unsign(value)
    187192        value, timestamp = result.rsplit(self.sep, 1)
    188193        timestamp = baseconv.base62.decode(timestamp)
  • docs/topics/signing.txt

    diff --git a/docs/topics/signing.txt b/docs/topics/signing.txt
    index 68afd69..d7bccf4 100644
    a b generate their own signed values. 
    3737Using the low-level API
    3838=======================
    3939
    40 .. class:: Signer
    41 
    4240Django's signing methods live in the ``django.core.signing`` module.
    4341To sign a value, first instantiate a ``Signer`` instance::
    4442
    generate signatures. You can use a different secret by passing it to the 
    7472    >>> value
    7573    'My string:EkfQJafvGyiofrdGnuthdxImIJw'
    7674
     75.. class:: Signer(key=None, sep=':', salt=None)
     76
     77    Returns signer which uses ``key`` to generate signatures and ``sep``
     78    to separate values.
     79
    7780Using the salt argument
    7881-----------------------
    7982
    secret. 
    105108Verifying timestamped values
    106109----------------------------
    107110
    108 .. class:: TimestampSigner
    109 
    110111``TimestampSigner`` is a subclass of :class:`~Signer` that appends a signed
    111112timestamp to the value. This allows you to confirm that a signed value was
    112113created within a specified period of time::
    created within a specified period of time:: 
    124125    >>> signer.unsign(value, max_age=20)
    125126    u'hello'
    126127
     128.. class:: TimestampSigner(key=None, sep=':', salt=None)
     129
     130.. function:: TimestampSigner.sign(value)
     131
     132    Sign ``value`` and append current timestamp to it.
     133
     134.. function:: TimestampSigner.unsing(value, max_age=None)
     135
     136    Checks if ``value`` was signed less than ``max_age`` seconds before, otherwise
     137    raises ``SignatureExpired``
     138
    127139Protecting complex data structures
    128140----------------------------------
    129141
    to execute arbitrary commands by exploiting the pickle format.:: 
    142154
    143155.. function:: dumps(obj, key=None, salt='django.core.signing', compress=False)
    144156
    145     Returns URL-safe, sha1 signed base64 compressed JSON string.
     157    Returns URL-safe, sha1 signed base64 compressed JSON string. Serialized
     158    object is signed using :class:`~TimestampSigner`.
    146159
    147160.. function:: loads(string, key=None, salt='django.core.signing', max_age=None)
    148161
    149     Reverse of dumps(), raises ``BadSignature`` if signature fails.
     162    Reverse of ``dumps()``, raises ``BadSignature`` if signature fails. Optionaly
     163    checks ``max_age`` (in seconds).
Back to Top