Opened 4 years ago

Last modified 4 years ago

#18615 new New feature

Allow retrieval of the signature age using the signing API

Reported by: Bruno Renié Owned by: nobody
Component: Core (Other) Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Currently there is no way to retrieve the time a value was dumped when unsigning it. One way to do hack around this limitation is to do:

import datetime

from django.core import signing
from django.utils import timezone

def loads_with_timestamp(value, salt):
        data = signing.loads(value, salt=salt, max_age=-1)
    except signing.SignatureExpired as e:
        age = float(str(e).split('Signature age ')[1].split(' >')[0])
        timestamp = - datetime.timedelta(seconds=age)
    return timestamp, signing.loads(value, salt=salt)

This isn't particularly elegant. It'd be great if the API allowed that kind of thing, although I'm not sure what's the best way to do it:

  • a flag that changes the return value of the loads function? (ugh)
  • a new function, loads_with_timestamp? (name bikeshedding ensues)
  • an API change in Django 1.7 and opt-in in previous versions?

Maybe there are other ways…

Change History (1)

comment:1 Changed 4 years ago by Aymeric Augustin

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset
Triage Stage: UnreviewedAccepted
Note: See TracTickets for help on using tickets.
Back to Top