Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-itsdangerous for
openSUSE:Factory checked in at 2022-03-28 16:58:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-itsdangerous (Old)
and /work/SRC/openSUSE:Factory/.python-itsdangerous.new.1900 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-itsdangerous"
Mon Mar 28 16:58:30 2022 rev:9 rq:964646 version:2.1.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-itsdangerous/python-itsdangerous.changes
2021-07-10 22:53:46.760093421 +0200
+++
/work/SRC/openSUSE:Factory/.python-itsdangerous.new.1900/python-itsdangerous.changes
2022-03-28 16:58:59.572841542 +0200
@@ -1,0 +2,17 @@
+Thu Mar 24 11:57:23 UTC 2022 - Dirk M??ller <dmuel...@suse.com>
+
+- add 32bit-handle-overflow.patch
+
+-------------------------------------------------------------------
+Mon Mar 21 08:11:18 UTC 2022 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 2.1.1:
+ * Handle date overflow in timed unsign. :pr:`296`
+ * Drop support for Python 3.6. :pr:`272`
+ * Remove previously deprecated code. :pr:`273`
+ * JWS functionality: Use a dedicated library such as Authlib
+ instead.
+ * ``import itsdangerous.json``: Import ``json`` from the standard
+ library instead.
+
+-------------------------------------------------------------------
Old:
----
itsdangerous-2.0.1.tar.gz
New:
----
32bit-handle-overflow.patch
itsdangerous-2.1.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-itsdangerous.spec ++++++
--- /var/tmp/diff_new_pack.5X2NX0/_old 2022-03-28 16:59:00.104842264 +0200
+++ /var/tmp/diff_new_pack.5X2NX0/_new 2022-03-28 16:59:00.108842270 +0200
@@ -1,7 +1,7 @@
#
# spec file for package python-itsdangerous
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,17 +16,19 @@
#
-%define oldpython python
+%{?!python_module:%define python_module() python3-%{**}}
%define skip_python2 1
-%{?!python_module:%define python_module() python-%{**} python3-%{**}}
+%global skip_python36 1
Name: python-itsdangerous
-Version: 2.0.1
+Version: 2.1.1
Release: 0
Summary: Various helpers to pass trusted data to untrusted environments
and back
License: BSD-3-Clause
Group: Development/Languages/Python
URL: https://itsdangerous.palletsprojects.com
Source:
https://files.pythonhosted.org/packages/source/i/itsdangerous/itsdangerous-%{version}.tar.gz
+# https://github.com/pallets/itsdangerous/pull/299
+Patch1: 32bit-handle-overflow.patch
BuildRequires: %{python_module freezegun}
BuildRequires: %{python_module pytest}
BuildRequires: %{python_module setuptools}
@@ -50,6 +52,7 @@
%prep
%setup -q -n itsdangerous-%{version}
+%patch1 -p1
%build
%python_build
++++++ 32bit-handle-overflow.patch ++++++
--- itsdangerous-2.1.1/src/itsdangerous/timed.py
+++ itsdangerous-2.1.1/src/itsdangerous/timed.py
@@ -126,7 +126,7 @@
if ts_int is not None:
try:
ts_dt = self.timestamp_to_datetime(ts_int)
- except (ValueError, OSError) as exc:
+ except (OverflowError, ValueError, OSError) as exc:
# Windows raises OSError
raise BadTimeSignature(
"Malformed timestamp", payload=value
++++++ itsdangerous-2.0.1.tar.gz -> itsdangerous-2.1.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/CHANGES.rst
new/itsdangerous-2.1.1/CHANGES.rst
--- old/itsdangerous-2.0.1/CHANGES.rst 2021-05-18 17:08:41.000000000 +0200
+++ new/itsdangerous-2.1.1/CHANGES.rst 2022-03-09 17:21:58.000000000 +0100
@@ -1,3 +1,25 @@
+Version 2.1.1
+-------------
+
+Released 2022-03-09
+
+- Handle date overflow in timed unsign. :pr:`296`
+
+
+Version 2.1.0
+-------------
+
+Released 2022-02-17
+
+- Drop support for Python 3.6. :pr:`272`
+- Remove previously deprecated code. :pr:`273`
+
+ - JWS functionality: Use a dedicated library such as Authlib
+ instead.
+ - ``import itsdangerous.json``: Import ``json`` from the standard
+ library instead.
+
+
Version 2.0.1
-------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/PKG-INFO
new/itsdangerous-2.1.1/PKG-INFO
--- old/itsdangerous-2.0.1/PKG-INFO 2021-05-18 17:09:18.491234500 +0200
+++ new/itsdangerous-2.1.1/PKG-INFO 2022-03-09 17:23:31.898426800 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: itsdangerous
-Version: 2.0.1
+Version: 2.1.1
Summary: Safely pass data to untrusted environments and back.
Home-page: https://palletsprojects.com/p/itsdangerous/
Author: Armin Ronacher
@@ -15,80 +15,83 @@
Project-URL: Issue Tracker, https://github.com/pallets/itsdangerous/issues/
Project-URL: Twitter, https://twitter.com/PalletsTeam
Project-URL: Chat, https://discord.gg/pallets
-Description: ItsDangerous
- ============
-
- ... so better sign this
-
- Various helpers to pass data to untrusted environments and to get it
- back safe and sound. Data is cryptographically signed to ensure that a
- token has not been tampered with.
-
- It's possible to customize how data is serialized. Data is compressed
as
- needed. A timestamp can be added and verified automatically while
- loading a token.
-
-
- Installing
- ----------
-
- Install and update using `pip`_:
-
- .. code-block:: text
-
- pip install -U itsdangerous
-
- .. _pip: https://pip.pypa.io/en/stable/quickstart/
-
-
- A Simple Example
- ----------------
-
- Here's how you could generate a token for transmitting a user's id and
- name between web requests.
-
- .. code-block:: python
-
- from itsdangerous import URLSafeSerializer
- auth_s = URLSafeSerializer("secret key", "auth")
- token = auth_s.dumps({"id": 5, "name": "itsdangerous"})
-
- print(token)
- #
eyJpZCI6NSwibmFtZSI6Iml0c2Rhbmdlcm91cyJ9.6YP6T0BaO67XP--9UzTrmurXSmg
-
- data = auth_s.loads(token)
- print(data["name"])
- # itsdangerous
-
-
- Donate
- ------
-
- The Pallets organization develops and supports ItsDangerous and other
- popular packages. In order to grow the community of contributors and
- users, and allow the maintainers to devote more time to the projects,
- `please donate today`_.
-
- .. _please donate today: https://palletsprojects.com/donate
-
-
- Links
- -----
-
- - Documentation: https://itsdangerous.palletsprojects.com/
- - Changes: https://itsdangerous.palletsprojects.com/changes/
- - PyPI Releases: https://pypi.org/project/ItsDangerous/
- - Source Code: https://github.com/pallets/itsdangerous/
- - Issue Tracker: https://github.com/pallets/itsdnagerous/issues/
- - Website: https://palletsprojects.com/p/itsdangerous/
- - Twitter: https://twitter.com/PalletsTeam
- - Chat: https://discord.gg/pallets
-
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: BSD License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
-Requires-Python: >=3.6
+Requires-Python: >=3.7
Description-Content-Type: text/x-rst
+License-File: LICENSE.rst
+
+ItsDangerous
+============
+
+... so better sign this
+
+Various helpers to pass data to untrusted environments and to get it
+back safe and sound. Data is cryptographically signed to ensure that a
+token has not been tampered with.
+
+It's possible to customize how data is serialized. Data is compressed as
+needed. A timestamp can be added and verified automatically while
+loading a token.
+
+
+Installing
+----------
+
+Install and update using `pip`_:
+
+.. code-block:: text
+
+ pip install -U itsdangerous
+
+.. _pip: https://pip.pypa.io/en/stable/getting-started/
+
+
+A Simple Example
+----------------
+
+Here's how you could generate a token for transmitting a user's id and
+name between web requests.
+
+.. code-block:: python
+
+ from itsdangerous import URLSafeSerializer
+ auth_s = URLSafeSerializer("secret key", "auth")
+ token = auth_s.dumps({"id": 5, "name": "itsdangerous"})
+
+ print(token)
+ # eyJpZCI6NSwibmFtZSI6Iml0c2Rhbmdlcm91cyJ9.6YP6T0BaO67XP--9UzTrmurXSmg
+
+ data = auth_s.loads(token)
+ print(data["name"])
+ # itsdangerous
+
+
+Donate
+------
+
+The Pallets organization develops and supports ItsDangerous and other
+popular packages. In order to grow the community of contributors and
+users, and allow the maintainers to devote more time to the projects,
+`please donate today`_.
+
+.. _please donate today: https://palletsprojects.com/donate
+
+
+Links
+-----
+
+- Documentation: https://itsdangerous.palletsprojects.com/
+- Changes: https://itsdangerous.palletsprojects.com/changes/
+- PyPI Releases: https://pypi.org/project/ItsDangerous/
+- Source Code: https://github.com/pallets/itsdangerous/
+- Issue Tracker: https://github.com/pallets/itsdangerous/issues/
+- Website: https://palletsprojects.com/p/itsdangerous/
+- Twitter: https://twitter.com/PalletsTeam
+- Chat: https://discord.gg/pallets
+
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/README.rst
new/itsdangerous-2.1.1/README.rst
--- old/itsdangerous-2.0.1/README.rst 2021-02-24 21:55:00.000000000 +0100
+++ new/itsdangerous-2.1.1/README.rst 2022-02-16 19:56:13.000000000 +0100
@@ -21,7 +21,7 @@
pip install -U itsdangerous
-.. _pip: https://pip.pypa.io/en/stable/quickstart/
+.. _pip: https://pip.pypa.io/en/stable/getting-started/
A Simple Example
@@ -62,7 +62,7 @@
- Changes: https://itsdangerous.palletsprojects.com/changes/
- PyPI Releases: https://pypi.org/project/ItsDangerous/
- Source Code: https://github.com/pallets/itsdangerous/
-- Issue Tracker: https://github.com/pallets/itsdnagerous/issues/
+- Issue Tracker: https://github.com/pallets/itsdangerous/issues/
- Website: https://palletsprojects.com/p/itsdangerous/
- Twitter: https://twitter.com/PalletsTeam
- Chat: https://discord.gg/pallets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/docs/conf.py
new/itsdangerous-2.1.1/docs/conf.py
--- old/itsdangerous-2.0.1/docs/conf.py 2021-02-24 21:55:00.000000000 +0100
+++ new/itsdangerous-2.1.1/docs/conf.py 2021-05-21 05:28:07.000000000 +0200
@@ -39,10 +39,10 @@
]
}
html_sidebars = {
- "index": ["project.html", "localtoc.html", "searchbox.html"],
- "**": ["localtoc.html", "relations.html", "searchbox.html"],
+ "index": ["project.html", "localtoc.html", "searchbox.html",
"ethicalads.html"],
+ "**": ["localtoc.html", "relations.html", "searchbox.html",
"ethicalads.html"],
}
-singlehtml_sidebars = {"index": ["project.html", "localtoc.html"]}
+singlehtml_sidebars = {"index": ["project.html", "localtoc.html",
"ethicalads.html"]}
html_static_path = ["_static"]
html_favicon = "_static/itsdangerous-logo-sidebar.png"
html_logo = "_static/itsdangerous-logo-sidebar.png"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/docs/jws.rst
new/itsdangerous-2.1.1/docs/jws.rst
--- old/itsdangerous-2.0.1/docs/jws.rst 2020-04-17 21:54:52.000000000 +0200
+++ new/itsdangerous-2.1.1/docs/jws.rst 1970-01-01 01:00:00.000000000 +0100
@@ -1,51 +0,0 @@
-:orphan:
-
-.. module:: itsdangerous.jws
-
-JSON Web Signature (JWS)
-========================
-
-.. warning::
- .. deprecated:: 2.0
- ItsDangerous will no longer support JWS in version 2.1. Use a
- dedicated JWS/JWT library such as `authlib`_.
-
-.. _authlib: https://authlib.org/
-
-JSON Web Signatures (JWS) work similarly to the existing URL safe
-serializer but will emit headers according to `draft-ietf-jose-json-web
--signature <http://self-issued.info/docs/draft-ietf-jose-json-web
--signature.html>`_.
-
-.. code-block:: python
-
- from itsdangerous import JSONWebSignatureSerializer
- s = JSONWebSignatureSerializer("secret-key")
- s.dumps({"x": 42})
-
'eyJhbGciOiJIUzI1NiJ9.eyJ4Ijo0Mn0.ZdTn1YyGz9Yx5B5wNpWRL221G1WpVE5fPCPKNuc6UAo'
-
-When loading the value back the header will not be returned by default
-like with the other serializers. However it is possible to also ask for
-the header by passing ``return_header=True``. Custom header fields can
-be provided upon serialization:
-
-.. code-block:: python
-
- s.dumps(0, header_fields={"v": 1})
-
'eyJhbGciOiJIUzI1NiIsInYiOjF9.MA.wT-RZI9YU06R919VBdAfTLn82_iIQD70J_j-3F4z_aM'
- s.loads(
- "eyJhbGciOiJIUzI1NiIsInYiOjF9"
- ".MA.wT-RZI9YU06R919VBdAfTLn82_iIQD70J_j-3F4z_aM"
- )
- (0, {'alg': 'HS256', 'v': 1})
-
-ItsDangerous only provides HMAC SHA derivatives and the none algorithm
-at the moment and does not support the ECC based ones. The algorithm in
-the header is checked against the one of the serializer and on a
-mismatch a :exc:`~itsdangerous.exc.BadSignature` exception is raised.
-
-.. autoclass:: JSONWebSignatureSerializer
- :members:
-
-.. autoclass:: TimedJSONWebSignatureSerializer
- :members:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/requirements/dev.txt
new/itsdangerous-2.1.1/requirements/dev.txt
--- old/itsdangerous-2.0.1/requirements/dev.txt 2021-05-11 22:04:31.000000000
+0200
+++ new/itsdangerous-2.1.1/requirements/dev.txt 2022-02-16 19:57:23.000000000
+0100
@@ -1,138 +1,55 @@
+# SHA1:54b5b77ec8c7a0064ffa93b2fd16cb0130ba177c
#
-# This file is autogenerated by pip-compile
+# This file is autogenerated by pip-compile-multi
# To update, run:
#
-# pip-compile requirements/dev.in
+# pip-compile-multi
#
-alabaster==0.7.12
- # via sphinx
-appdirs==1.4.4
- # via virtualenv
-attrs==21.2.0
- # via pytest
-babel==2.9.1
- # via sphinx
-certifi==2020.12.5
- # via requests
-cfgv==3.2.0
+-r docs.txt
+-r tests.txt
+-r typing.txt
+cfgv==3.3.1
# via pre-commit
-chardet==4.0.0
- # via requests
-click==7.1.2
- # via pip-tools
-distlib==0.3.1
+click==8.0.3
+ # via
+ # pip-compile-multi
+ # pip-tools
+distlib==0.3.4
# via virtualenv
-docutils==0.17.1
- # via sphinx
-filelock==3.0.12
+filelock==3.5.1
# via
# tox
# virtualenv
-freezegun==1.1.0
- # via -r requirements/tests.in
-identify==2.2.4
+identify==2.4.10
# via pre-commit
-idna==2.10
- # via requests
-imagesize==1.2.0
- # via sphinx
-iniconfig==1.1.1
- # via pytest
-jinja2==2.11.3
- # via sphinx
-markupsafe==1.1.1
- # via
- # jinja2
- # sphinx
-mypy-extensions==0.4.3
- # via mypy
-mypy==0.812
- # via -r requirements/typing.in
nodeenv==1.6.0
# via pre-commit
-packaging==20.9
- # via
- # pallets-sphinx-themes
- # pytest
- # sphinx
- # tox
-pallets-sphinx-themes==2.0.0
- # via -r requirements/docs.in
-pep517==0.10.0
+pep517==0.12.0
# via pip-tools
-pip-tools==6.1.0
+pip-compile-multi==2.4.3
# via -r requirements/dev.in
-pluggy==0.13.1
- # via
- # pytest
- # tox
-pre-commit==2.12.1
+pip-tools==6.5.1
+ # via pip-compile-multi
+platformdirs==2.5.0
+ # via virtualenv
+pre-commit==2.17.0
# via -r requirements/dev.in
-py==1.10.0
- # via
- # pytest
- # tox
-pygments==2.9.0
- # via sphinx
-pyparsing==2.4.7
- # via packaging
-pytest==6.2.4
- # via -r requirements/tests.in
-python-dateutil==2.8.1
- # via freezegun
-pytz==2021.1
- # via babel
-pyyaml==5.4.1
+pyyaml==6.0
# via pre-commit
-requests==2.25.1
- # via sphinx
-six==1.16.0
- # via
- # python-dateutil
- # tox
- # virtualenv
-snowballstemmer==2.1.0
- # via sphinx
-sphinx-issues==1.2.0
- # via -r requirements/docs.in
-sphinx==4.0.1
- # via
- # -r requirements/docs.in
- # pallets-sphinx-themes
- # sphinx-issues
- # sphinxcontrib-log-cabinet
-sphinxcontrib-applehelp==1.0.2
- # via sphinx
-sphinxcontrib-devhelp==1.0.2
- # via sphinx
-sphinxcontrib-htmlhelp==1.0.3
- # via sphinx
-sphinxcontrib-jsmath==1.0.1
- # via sphinx
-sphinxcontrib-log-cabinet==1.0.1
- # via -r requirements/docs.in
-sphinxcontrib-qthelp==1.0.3
- # via sphinx
-sphinxcontrib-serializinghtml==1.1.4
- # via sphinx
toml==0.10.2
# via
- # pep517
# pre-commit
- # pytest
# tox
-tox==3.23.1
+toposort==1.7
+ # via pip-compile-multi
+tox==3.24.5
# via -r requirements/dev.in
-typed-ast==1.4.3
- # via mypy
-typing-extensions==3.10.0.0
- # via mypy
-urllib3==1.26.4
- # via requests
-virtualenv==20.4.6
+virtualenv==20.13.1
# via
# pre-commit
# tox
+wheel==0.37.1
+ # via pip-tools
# The following packages are considered to be unsafe in a requirements file:
# pip
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/requirements/docs.txt
new/itsdangerous-2.1.1/requirements/docs.txt
--- old/itsdangerous-2.0.1/requirements/docs.txt 2021-05-11
22:04:31.000000000 +0200
+++ new/itsdangerous-2.1.1/requirements/docs.txt 2022-02-16
19:57:19.000000000 +0100
@@ -1,58 +1,57 @@
+# SHA1:45c590f97fe95b8bdc755eef796e91adf5fbe4ea
#
-# This file is autogenerated by pip-compile
+# This file is autogenerated by pip-compile-multi
# To update, run:
#
-# pip-compile requirements/docs.in
+# pip-compile-multi
#
alabaster==0.7.12
# via sphinx
babel==2.9.1
# via sphinx
-certifi==2020.12.5
+certifi==2021.10.8
# via requests
-chardet==4.0.0
+charset-normalizer==2.0.12
# via requests
docutils==0.17.1
# via sphinx
-idna==2.10
+idna==3.3
# via requests
-imagesize==1.2.0
+imagesize==1.3.0
# via sphinx
-jinja2==2.11.3
+jinja2==3.0.3
# via sphinx
-markupsafe==1.1.1
- # via
- # jinja2
- # sphinx
-packaging==20.9
+markupsafe==2.0.1
+ # via jinja2
+packaging==21.3
# via
# pallets-sphinx-themes
# sphinx
-pallets-sphinx-themes==2.0.0
+pallets-sphinx-themes==2.0.2
# via -r requirements/docs.in
-pygments==2.9.0
+pygments==2.11.2
# via sphinx
-pyparsing==2.4.7
+pyparsing==3.0.7
# via packaging
-pytz==2021.1
+pytz==2021.3
# via babel
-requests==2.25.1
+requests==2.27.1
# via sphinx
-snowballstemmer==2.1.0
+snowballstemmer==2.2.0
# via sphinx
-sphinx-issues==1.2.0
- # via -r requirements/docs.in
-sphinx==4.0.1
+sphinx==4.4.0
# via
# -r requirements/docs.in
# pallets-sphinx-themes
# sphinx-issues
# sphinxcontrib-log-cabinet
+sphinx-issues==3.0.1
+ # via -r requirements/docs.in
sphinxcontrib-applehelp==1.0.2
# via sphinx
sphinxcontrib-devhelp==1.0.2
# via sphinx
-sphinxcontrib-htmlhelp==1.0.3
+sphinxcontrib-htmlhelp==2.0.0
# via sphinx
sphinxcontrib-jsmath==1.0.1
# via sphinx
@@ -60,10 +59,7 @@
# via -r requirements/docs.in
sphinxcontrib-qthelp==1.0.3
# via sphinx
-sphinxcontrib-serializinghtml==1.1.4
+sphinxcontrib-serializinghtml==1.1.5
# via sphinx
-urllib3==1.26.4
+urllib3==1.26.8
# via requests
-
-# The following packages are considered to be unsafe in a requirements file:
-# setuptools
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/requirements/tests.txt
new/itsdangerous-2.1.1/requirements/tests.txt
--- old/itsdangerous-2.0.1/requirements/tests.txt 2021-05-11
22:04:31.000000000 +0200
+++ new/itsdangerous-2.1.1/requirements/tests.txt 2022-02-16
19:57:20.000000000 +0100
@@ -1,28 +1,29 @@
+# SHA1:817ecc8a9cb652b1473408ed241d76d464c7cfaa
#
-# This file is autogenerated by pip-compile
+# This file is autogenerated by pip-compile-multi
# To update, run:
#
-# pip-compile requirements/tests.in
+# pip-compile-multi
#
-attrs==21.2.0
+attrs==21.4.0
# via pytest
freezegun==1.1.0
# via -r requirements/tests.in
iniconfig==1.1.1
# via pytest
-packaging==20.9
+packaging==21.3
# via pytest
-pluggy==0.13.1
+pluggy==1.0.0
# via pytest
-py==1.10.0
+py==1.11.0
# via pytest
-pyparsing==2.4.7
+pyparsing==3.0.7
# via packaging
-pytest==6.2.4
+pytest==7.0.1
# via -r requirements/tests.in
-python-dateutil==2.8.1
+python-dateutil==2.8.2
# via freezegun
six==1.16.0
# via python-dateutil
-toml==0.10.2
+tomli==2.0.1
# via pytest
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/requirements/typing.txt
new/itsdangerous-2.1.1/requirements/typing.txt
--- old/itsdangerous-2.0.1/requirements/typing.txt 2021-05-11
22:04:31.000000000 +0200
+++ new/itsdangerous-2.1.1/requirements/typing.txt 2022-02-16
19:57:20.000000000 +0100
@@ -1,14 +1,15 @@
+# SHA1:7983aaa01d64547827c20395d77e248c41b2572f
#
-# This file is autogenerated by pip-compile
+# This file is autogenerated by pip-compile-multi
# To update, run:
#
-# pip-compile requirements/typing.in
+# pip-compile-multi
#
+mypy==0.931
+ # via -r requirements/typing.in
mypy-extensions==0.4.3
# via mypy
-mypy==0.812
- # via -r requirements/typing.in
-typed-ast==1.4.3
+tomli==2.0.1
# via mypy
-typing-extensions==3.10.0.0
+typing-extensions==4.1.1
# via mypy
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/setup.cfg
new/itsdangerous-2.1.1/setup.cfg
--- old/itsdangerous-2.0.1/setup.cfg 2021-05-18 17:09:18.491234500 +0200
+++ new/itsdangerous-2.1.1/setup.cfg 2022-03-09 17:23:31.898426800 +0100
@@ -29,8 +29,8 @@
[options]
packages = find:
package_dir = = src
-include_package_data = true
-python_requires = >= 3.6
+include_package_data = True
+python_requires = >= 3.7
[options.packages.find]
where = src
@@ -41,7 +41,7 @@
error
[coverage:run]
-branch = true
+branch = True
source =
itsdangerous
tests
@@ -64,7 +64,8 @@
[mypy]
files = src/itsdangerous
-python_version = 3.6
+python_version = 3.7
+show_error_codes = True
disallow_subclassing_any = True
disallow_untyped_calls = True
disallow_untyped_defs = True
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/src/itsdangerous/__init__.py
new/itsdangerous-2.1.1/src/itsdangerous/__init__.py
--- old/itsdangerous-2.0.1/src/itsdangerous/__init__.py 2021-05-18
17:08:41.000000000 +0200
+++ new/itsdangerous-2.1.1/src/itsdangerous/__init__.py 2022-03-09
17:21:58.000000000 +0100
@@ -1,4 +1,3 @@
-from ._json import json
from .encoding import base64_decode as base64_decode
from .encoding import base64_encode as base64_encode
from .encoding import want_bytes as want_bytes
@@ -8,8 +7,6 @@
from .exc import BadSignature as BadSignature
from .exc import BadTimeSignature as BadTimeSignature
from .exc import SignatureExpired as SignatureExpired
-from .jws import JSONWebSignatureSerializer
-from .jws import TimedJSONWebSignatureSerializer
from .serializer import Serializer as Serializer
from .signer import HMACAlgorithm as HMACAlgorithm
from .signer import NoneAlgorithm as NoneAlgorithm
@@ -19,4 +16,4 @@
from .url_safe import URLSafeSerializer as URLSafeSerializer
from .url_safe import URLSafeTimedSerializer as URLSafeTimedSerializer
-__version__ = "2.0.1"
+__version__ = "2.1.1"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/src/itsdangerous/_json.py
new/itsdangerous-2.1.1/src/itsdangerous/_json.py
--- old/itsdangerous-2.0.1/src/itsdangerous/_json.py 2021-05-18
16:59:54.000000000 +0200
+++ new/itsdangerous-2.1.1/src/itsdangerous/_json.py 2022-02-16
19:56:11.000000000 +0100
@@ -1,6 +1,5 @@
import json as _json
import typing as _t
-from types import ModuleType
class _CompactJSON:
@@ -15,20 +14,3 @@
kwargs.setdefault("ensure_ascii", False)
kwargs.setdefault("separators", (",", ":"))
return _json.dumps(obj, **kwargs)
-
-
-class DeprecatedJSON(ModuleType):
- def __getattribute__(self, item: str) -> _t.Any:
- import warnings
-
- warnings.warn(
- "Importing 'itsdangerous.json' is deprecated and will be"
- " removed in ItsDangerous 2.1. Use Python's 'json' module"
- " instead.",
- DeprecationWarning,
- stacklevel=2,
- )
- return getattr(_json, item)
-
-
-json = DeprecatedJSON("json")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/src/itsdangerous/encoding.py
new/itsdangerous-2.1.1/src/itsdangerous/encoding.py
--- old/itsdangerous-2.0.1/src/itsdangerous/encoding.py 2021-05-11
04:32:43.000000000 +0200
+++ new/itsdangerous-2.1.1/src/itsdangerous/encoding.py 2021-10-06
17:02:22.000000000 +0200
@@ -34,8 +34,8 @@
try:
return base64.urlsafe_b64decode(string)
- except (TypeError, ValueError):
- raise BadData("Invalid base64-encoded data")
+ except (TypeError, ValueError) as e:
+ raise BadData("Invalid base64-encoded data") from e
# The alphabet used by base64.urlsafe_*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/src/itsdangerous/jws.py
new/itsdangerous-2.1.1/src/itsdangerous/jws.py
--- old/itsdangerous-2.0.1/src/itsdangerous/jws.py 2021-04-16
00:25:32.000000000 +0200
+++ new/itsdangerous-2.1.1/src/itsdangerous/jws.py 1970-01-01
01:00:00.000000000 +0100
@@ -1,259 +0,0 @@
-import hashlib
-import time
-import warnings
-from datetime import datetime
-from datetime import timezone
-from decimal import Decimal
-from numbers import Real
-
-from ._json import _CompactJSON
-from .encoding import base64_decode
-from .encoding import base64_encode
-from .encoding import want_bytes
-from .exc import BadData
-from .exc import BadHeader
-from .exc import BadPayload
-from .exc import BadSignature
-from .exc import SignatureExpired
-from .serializer import Serializer
-from .signer import HMACAlgorithm
-from .signer import NoneAlgorithm
-
-
-class JSONWebSignatureSerializer(Serializer):
- """This serializer implements JSON Web Signature (JWS) support. Only
- supports the JWS Compact Serialization.
-
- .. deprecated:: 2.0
- Will be removed in ItsDangerous 2.1. Use a dedicated library
- such as authlib.
- """
-
- jws_algorithms = {
- "HS256": HMACAlgorithm(hashlib.sha256),
- "HS384": HMACAlgorithm(hashlib.sha384),
- "HS512": HMACAlgorithm(hashlib.sha512),
- "none": NoneAlgorithm(),
- }
-
- #: The default algorithm to use for signature generation
- default_algorithm = "HS512"
-
- default_serializer = _CompactJSON
-
- def __init__(
- self,
- secret_key,
- salt=None,
- serializer=None,
- serializer_kwargs=None,
- signer=None,
- signer_kwargs=None,
- algorithm_name=None,
- ):
- warnings.warn(
- "JWS support is deprecated and will be removed in"
- " ItsDangerous 2.1. Use a dedicated JWS/JWT library such as"
- " authlib.",
- DeprecationWarning,
- stacklevel=2,
- )
- super().__init__(
- secret_key,
- salt=salt,
- serializer=serializer,
- serializer_kwargs=serializer_kwargs,
- signer=signer,
- signer_kwargs=signer_kwargs,
- )
-
- if algorithm_name is None:
- algorithm_name = self.default_algorithm
-
- self.algorithm_name = algorithm_name
- self.algorithm = self.make_algorithm(algorithm_name)
-
- def load_payload(self, payload, serializer=None, return_header=False):
- payload = want_bytes(payload)
-
- if b"." not in payload:
- raise BadPayload('No "." found in value')
-
- base64d_header, base64d_payload = payload.split(b".", 1)
-
- try:
- json_header = base64_decode(base64d_header)
- except Exception as e:
- raise BadHeader(
- "Could not base64 decode the header because of an exception",
- original_error=e,
- )
-
- try:
- json_payload = base64_decode(base64d_payload)
- except Exception as e:
- raise BadPayload(
- "Could not base64 decode the payload because of an exception",
- original_error=e,
- )
-
- try:
- header = super().load_payload(json_header, serializer=_CompactJSON)
- except BadData as e:
- raise BadHeader(
- "Could not unserialize header because it was malformed",
- original_error=e,
- )
-
- if not isinstance(header, dict):
- raise BadHeader("Header payload is not a JSON object",
header=header)
-
- payload = super().load_payload(json_payload, serializer=serializer)
-
- if return_header:
- return payload, header
-
- return payload
-
- def dump_payload(self, header, obj):
- base64d_header = base64_encode(
- self.serializer.dumps(header, **self.serializer_kwargs)
- )
- base64d_payload = base64_encode(
- self.serializer.dumps(obj, **self.serializer_kwargs)
- )
- return base64d_header + b"." + base64d_payload
-
- def make_algorithm(self, algorithm_name):
- try:
- return self.jws_algorithms[algorithm_name]
- except KeyError:
- raise NotImplementedError("Algorithm not supported")
-
- def make_signer(self, salt=None, algorithm=None):
- if salt is None:
- salt = self.salt
-
- key_derivation = "none" if salt is None else None
-
- if algorithm is None:
- algorithm = self.algorithm
-
- return self.signer(
- self.secret_keys,
- salt=salt,
- sep=".",
- key_derivation=key_derivation,
- algorithm=algorithm,
- )
-
- def make_header(self, header_fields):
- header = header_fields.copy() if header_fields else {}
- header["alg"] = self.algorithm_name
- return header
-
- def dumps(self, obj, salt=None, header_fields=None):
- """Like :meth:`.Serializer.dumps` but creates a JSON Web
- Signature. It also allows for specifying additional fields to be
- included in the JWS header.
- """
- header = self.make_header(header_fields)
- signer = self.make_signer(salt, self.algorithm)
- return signer.sign(self.dump_payload(header, obj))
-
- def loads(self, s, salt=None, return_header=False):
- """Reverse of :meth:`dumps`. If requested via ``return_header``
- it will return a tuple of payload and header.
- """
- payload, header = self.load_payload(
- self.make_signer(salt, self.algorithm).unsign(want_bytes(s)),
- return_header=True,
- )
-
- if header.get("alg") != self.algorithm_name:
- raise BadHeader("Algorithm mismatch", header=header,
payload=payload)
-
- if return_header:
- return payload, header
-
- return payload
-
- def loads_unsafe(self, s, salt=None, return_header=False):
- kwargs = {"return_header": return_header}
- return self._loads_unsafe_impl(s, salt, kwargs, kwargs)
-
-
-class TimedJSONWebSignatureSerializer(JSONWebSignatureSerializer):
- """Works like the regular :class:`JSONWebSignatureSerializer` but
- also records the time of the signing and can be used to expire
- signatures.
-
- JWS currently does not specify this behavior but it mentions a
- possible extension like this in the spec. Expiry date is encoded
- into the header similar to what's specified in `draft-ietf-oauth
- -json-web-token <http://self-issued.info/docs/draft-ietf-oauth-json
- -web-token.html#expDef>`_.
- """
-
- DEFAULT_EXPIRES_IN = 3600
-
- def __init__(self, secret_key, expires_in=None, **kwargs):
- super().__init__(secret_key, **kwargs)
-
- if expires_in is None:
- expires_in = self.DEFAULT_EXPIRES_IN
-
- self.expires_in = expires_in
-
- def make_header(self, header_fields):
- header = super().make_header(header_fields)
- iat = self.now()
- exp = iat + self.expires_in
- header["iat"] = iat
- header["exp"] = exp
- return header
-
- def loads(self, s, salt=None, return_header=False):
- payload, header = super().loads(s, salt, return_header=True)
-
- if "exp" not in header:
- raise BadSignature("Missing expiry date", payload=payload)
-
- int_date_error = BadHeader("Expiry date is not an IntDate",
payload=payload)
-
- try:
- header["exp"] = int(header["exp"])
- except ValueError:
- raise int_date_error
-
- if header["exp"] < 0:
- raise int_date_error
-
- if header["exp"] < self.now():
- raise SignatureExpired(
- "Signature expired",
- payload=payload,
- date_signed=self.get_issue_date(header),
- )
-
- if return_header:
- return payload, header
-
- return payload
-
- def get_issue_date(self, header):
- """If the header contains the ``iat`` field, return the date the
- signature was issued, as a timezone-aware
- :class:`datetime.datetime` in UTC.
-
- .. versionchanged:: 2.0
- The timestamp is returned as a timezone-aware ``datetime``
- in UTC rather than a naive ``datetime`` assumed to be UTC.
- """
- rv = header.get("iat")
-
- if isinstance(rv, (Real, Decimal)):
- return datetime.fromtimestamp(int(rv), tz=timezone.utc)
-
- def now(self):
- return int(time.time())
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/src/itsdangerous/serializer.py
new/itsdangerous-2.1.1/src/itsdangerous/serializer.py
--- old/itsdangerous-2.0.1/src/itsdangerous/serializer.py 2021-05-18
16:59:54.000000000 +0200
+++ new/itsdangerous-2.1.1/src/itsdangerous/serializer.py 2021-10-06
17:02:22.000000000 +0200
@@ -159,7 +159,7 @@
"Could not load the payload because an exception"
" occurred on unserializing the data.",
original_error=e,
- )
+ ) from e
def dump_payload(self, obj: _t.Any) -> bytes:
"""Dumps the encoded object. The return value is always bytes.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/src/itsdangerous/timed.py
new/itsdangerous-2.1.1/src/itsdangerous/timed.py
--- old/itsdangerous-2.0.1/src/itsdangerous/timed.py 2021-02-24
21:55:00.000000000 +0100
+++ new/itsdangerous-2.1.1/src/itsdangerous/timed.py 2022-03-09
17:11:24.000000000 +0100
@@ -124,7 +124,13 @@
# split the value and the timestamp.
if sig_error is not None:
if ts_int is not None:
- ts_dt = self.timestamp_to_datetime(ts_int)
+ try:
+ ts_dt = self.timestamp_to_datetime(ts_int)
+ except (ValueError, OSError) as exc:
+ # Windows raises OSError
+ raise BadTimeSignature(
+ "Malformed timestamp", payload=value
+ ) from exc
raise BadTimeSignature(str(sig_error), payload=value,
date_signed=ts_dt)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/src/itsdangerous/url_safe.py
new/itsdangerous-2.1.1/src/itsdangerous/url_safe.py
--- old/itsdangerous-2.0.1/src/itsdangerous/url_safe.py 2020-08-31
21:21:18.000000000 +0200
+++ new/itsdangerous-2.1.1/src/itsdangerous/url_safe.py 2021-10-06
17:02:22.000000000 +0200
@@ -36,7 +36,7 @@
raise BadPayload(
"Could not base64 decode the payload because of an exception",
original_error=e,
- )
+ ) from e
if decompress:
try:
@@ -45,7 +45,7 @@
raise BadPayload(
"Could not zlib decompress the payload before decoding the
payload",
original_error=e,
- )
+ ) from e
return super().load_payload(json, *args, **kwargs)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/itsdangerous-2.0.1/src/itsdangerous.egg-info/PKG-INFO
new/itsdangerous-2.1.1/src/itsdangerous.egg-info/PKG-INFO
--- old/itsdangerous-2.0.1/src/itsdangerous.egg-info/PKG-INFO 2021-05-18
17:09:18.000000000 +0200
+++ new/itsdangerous-2.1.1/src/itsdangerous.egg-info/PKG-INFO 2022-03-09
17:23:31.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: itsdangerous
-Version: 2.0.1
+Version: 2.1.1
Summary: Safely pass data to untrusted environments and back.
Home-page: https://palletsprojects.com/p/itsdangerous/
Author: Armin Ronacher
@@ -15,80 +15,83 @@
Project-URL: Issue Tracker, https://github.com/pallets/itsdangerous/issues/
Project-URL: Twitter, https://twitter.com/PalletsTeam
Project-URL: Chat, https://discord.gg/pallets
-Description: ItsDangerous
- ============
-
- ... so better sign this
-
- Various helpers to pass data to untrusted environments and to get it
- back safe and sound. Data is cryptographically signed to ensure that a
- token has not been tampered with.
-
- It's possible to customize how data is serialized. Data is compressed
as
- needed. A timestamp can be added and verified automatically while
- loading a token.
-
-
- Installing
- ----------
-
- Install and update using `pip`_:
-
- .. code-block:: text
-
- pip install -U itsdangerous
-
- .. _pip: https://pip.pypa.io/en/stable/quickstart/
-
-
- A Simple Example
- ----------------
-
- Here's how you could generate a token for transmitting a user's id and
- name between web requests.
-
- .. code-block:: python
-
- from itsdangerous import URLSafeSerializer
- auth_s = URLSafeSerializer("secret key", "auth")
- token = auth_s.dumps({"id": 5, "name": "itsdangerous"})
-
- print(token)
- #
eyJpZCI6NSwibmFtZSI6Iml0c2Rhbmdlcm91cyJ9.6YP6T0BaO67XP--9UzTrmurXSmg
-
- data = auth_s.loads(token)
- print(data["name"])
- # itsdangerous
-
-
- Donate
- ------
-
- The Pallets organization develops and supports ItsDangerous and other
- popular packages. In order to grow the community of contributors and
- users, and allow the maintainers to devote more time to the projects,
- `please donate today`_.
-
- .. _please donate today: https://palletsprojects.com/donate
-
-
- Links
- -----
-
- - Documentation: https://itsdangerous.palletsprojects.com/
- - Changes: https://itsdangerous.palletsprojects.com/changes/
- - PyPI Releases: https://pypi.org/project/ItsDangerous/
- - Source Code: https://github.com/pallets/itsdangerous/
- - Issue Tracker: https://github.com/pallets/itsdnagerous/issues/
- - Website: https://palletsprojects.com/p/itsdangerous/
- - Twitter: https://twitter.com/PalletsTeam
- - Chat: https://discord.gg/pallets
-
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: BSD License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
-Requires-Python: >=3.6
+Requires-Python: >=3.7
Description-Content-Type: text/x-rst
+License-File: LICENSE.rst
+
+ItsDangerous
+============
+
+... so better sign this
+
+Various helpers to pass data to untrusted environments and to get it
+back safe and sound. Data is cryptographically signed to ensure that a
+token has not been tampered with.
+
+It's possible to customize how data is serialized. Data is compressed as
+needed. A timestamp can be added and verified automatically while
+loading a token.
+
+
+Installing
+----------
+
+Install and update using `pip`_:
+
+.. code-block:: text
+
+ pip install -U itsdangerous
+
+.. _pip: https://pip.pypa.io/en/stable/getting-started/
+
+
+A Simple Example
+----------------
+
+Here's how you could generate a token for transmitting a user's id and
+name between web requests.
+
+.. code-block:: python
+
+ from itsdangerous import URLSafeSerializer
+ auth_s = URLSafeSerializer("secret key", "auth")
+ token = auth_s.dumps({"id": 5, "name": "itsdangerous"})
+
+ print(token)
+ # eyJpZCI6NSwibmFtZSI6Iml0c2Rhbmdlcm91cyJ9.6YP6T0BaO67XP--9UzTrmurXSmg
+
+ data = auth_s.loads(token)
+ print(data["name"])
+ # itsdangerous
+
+
+Donate
+------
+
+The Pallets organization develops and supports ItsDangerous and other
+popular packages. In order to grow the community of contributors and
+users, and allow the maintainers to devote more time to the projects,
+`please donate today`_.
+
+.. _please donate today: https://palletsprojects.com/donate
+
+
+Links
+-----
+
+- Documentation: https://itsdangerous.palletsprojects.com/
+- Changes: https://itsdangerous.palletsprojects.com/changes/
+- PyPI Releases: https://pypi.org/project/ItsDangerous/
+- Source Code: https://github.com/pallets/itsdangerous/
+- Issue Tracker: https://github.com/pallets/itsdangerous/issues/
+- Website: https://palletsprojects.com/p/itsdangerous/
+- Twitter: https://twitter.com/PalletsTeam
+- Chat: https://discord.gg/pallets
+
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/itsdangerous-2.0.1/src/itsdangerous.egg-info/SOURCES.txt
new/itsdangerous-2.1.1/src/itsdangerous.egg-info/SOURCES.txt
--- old/itsdangerous-2.0.1/src/itsdangerous.egg-info/SOURCES.txt
2021-05-18 17:09:18.000000000 +0200
+++ new/itsdangerous-2.1.1/src/itsdangerous.egg-info/SOURCES.txt
2022-03-09 17:23:31.000000000 +0100
@@ -12,7 +12,6 @@
docs/encoding.rst
docs/exceptions.rst
docs/index.rst
-docs/jws.rst
docs/license.rst
docs/make.bat
docs/serializer.rst
@@ -29,7 +28,6 @@
src/itsdangerous/_json.py
src/itsdangerous/encoding.py
src/itsdangerous/exc.py
-src/itsdangerous/jws.py
src/itsdangerous/py.typed
src/itsdangerous/serializer.py
src/itsdangerous/signer.py
@@ -41,7 +39,6 @@
src/itsdangerous.egg-info/top_level.txt
tests/test_itsdangerous/__init__.py
tests/test_itsdangerous/test_encoding.py
-tests/test_itsdangerous/test_jws.py
tests/test_itsdangerous/test_serializer.py
tests/test_itsdangerous/test_signer.py
tests/test_itsdangerous/test_timed.py
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/itsdangerous-2.0.1/tests/test_itsdangerous/test_jws.py
new/itsdangerous-2.1.1/tests/test_itsdangerous/test_jws.py
--- old/itsdangerous-2.0.1/tests/test_itsdangerous/test_jws.py 2020-08-31
21:21:18.000000000 +0200
+++ new/itsdangerous-2.1.1/tests/test_itsdangerous/test_jws.py 1970-01-01
01:00:00.000000000 +0100
@@ -1,143 +0,0 @@
-from datetime import timedelta
-
-import pytest
-
-from itsdangerous.exc import BadData
-from itsdangerous.exc import BadHeader
-from itsdangerous.exc import BadPayload
-from itsdangerous.exc import BadSignature
-from itsdangerous.exc import SignatureExpired
-from itsdangerous.jws import JSONWebSignatureSerializer
-from itsdangerous.jws import TimedJSONWebSignatureSerializer
-from test_itsdangerous.test_serializer import TestSerializer
-from test_itsdangerous.test_timed import TestTimedSerializer
-
-
-class TestJWSSerializer(TestSerializer):
- @pytest.fixture()
- def serializer_factory(self):
- def factory(secret_key="secret-key", **kwargs):
- with pytest.deprecated_call():
- return JSONWebSignatureSerializer(secret_key=secret_key,
**kwargs)
-
- return factory
-
- test_signer_cls = None # type: ignore
- test_signer_kwargs = None # type: ignore
- test_fallback_signers = None # type: ignore
- test_iter_unsigners = None # type: ignore
-
- @pytest.mark.parametrize("algorithm_name", ("HS256", "HS384", "HS512",
"none"))
- def test_algorithm(self, serializer_factory, algorithm_name):
- serializer = serializer_factory(algorithm_name=algorithm_name)
- assert serializer.loads(serializer.dumps("value")) == "value"
-
- def test_invalid_algorithm(self, serializer_factory):
- with pytest.raises(NotImplementedError) as exc_info:
- serializer_factory(algorithm_name="invalid")
-
- assert "not supported" in str(exc_info.value)
-
- def test_algorithm_mismatch(self, serializer_factory, serializer):
- other = serializer_factory(algorithm_name="HS256")
- other.algorithm = serializer.algorithm
- signed = other.dumps("value")
-
- with pytest.raises(BadHeader) as exc_info:
- serializer.loads(signed)
-
- assert "mismatch" in str(exc_info.value)
-
- @pytest.mark.parametrize(
- ("value", "exc_cls", "match"),
- (
- ("ab", BadPayload, '"."'),
- ("a.b", BadHeader, "base64 decode"),
- ("ew.b", BadPayload, "base64 decode"),
- ("ew.ab", BadData, "malformed"),
- ("W10.ab", BadHeader, "JSON object"),
- ),
- )
- def test_load_payload_exceptions(self, serializer, value, exc_cls, match):
- signer = serializer.make_signer()
- signed = signer.sign(value)
-
- with pytest.raises(exc_cls) as exc_info:
- serializer.loads(signed)
-
- assert match in str(exc_info.value)
-
- def test_secret_keys(self):
- with pytest.deprecated_call():
- serializer = JSONWebSignatureSerializer("a")
-
- dumped = serializer.dumps("value")
-
- with pytest.deprecated_call():
- serializer = JSONWebSignatureSerializer(["a", "b"])
-
- assert serializer.loads(dumped) == "value"
-
-
-class TestTimedJWSSerializer(TestJWSSerializer, TestTimedSerializer):
- @pytest.fixture()
- def serializer_factory(self):
- def factory(secret_key="secret-key", expires_in=10, **kwargs):
- with pytest.deprecated_call():
- return TimedJSONWebSignatureSerializer(
- secret_key=secret_key, expires_in=expires_in, **kwargs
- )
-
- return factory
-
- def test_default_expires_in(self, serializer_factory):
- serializer = serializer_factory(expires_in=None)
- assert serializer.expires_in == serializer.DEFAULT_EXPIRES_IN
-
- test_max_age = None
-
- def test_exp(self, serializer, value, ts, freeze):
- signed = serializer.dumps(value)
- freeze.tick()
- assert serializer.loads(signed) == value
- freeze.tick(timedelta(seconds=10))
-
- with pytest.raises(SignatureExpired) as exc_info:
- serializer.loads(signed)
-
- assert exc_info.value.date_signed == ts
- assert exc_info.value.payload == value
-
- test_return_payload = None
-
- def test_return_header(self, serializer, value, ts):
- signed = serializer.dumps(value)
- payload, header = serializer.loads(signed, return_header=True)
- date_signed = serializer.get_issue_date(header)
- assert (payload, date_signed) == (value, ts)
-
- def test_missing_exp(self, serializer):
- header = serializer.make_header(None)
- del header["exp"]
- signer = serializer.make_signer()
- signed = signer.sign(serializer.dump_payload(header, "value"))
-
- with pytest.raises(BadSignature):
- serializer.loads(signed)
-
- @pytest.mark.parametrize("exp", ("invalid", -1))
- def test_invalid_exp(self, serializer, exp):
- header = serializer.make_header(None)
- header["exp"] = exp
- signer = serializer.make_signer()
- signed = signer.sign(serializer.dump_payload(header, "value"))
-
- with pytest.raises(BadHeader) as exc_info:
- serializer.loads(signed)
-
- assert "IntDate" in str(exc_info.value)
-
- def test_invalid_iat(self, serializer):
- header = serializer.make_header(None)
- header["iat"] = "invalid"
- assert serializer.get_issue_date(header) is None
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/itsdangerous-2.0.1/tests/test_itsdangerous/test_timed.py
new/itsdangerous-2.1.1/tests/test_itsdangerous/test_timed.py
--- old/itsdangerous-2.0.1/tests/test_itsdangerous/test_timed.py
2020-08-31 21:21:18.000000000 +0200
+++ new/itsdangerous-2.1.1/tests/test_itsdangerous/test_timed.py
2022-03-09 17:11:24.000000000 +0100
@@ -66,6 +66,15 @@
assert "Malformed" in str(exc_info.value)
assert exc_info.value.date_signed is None
+ def test_malformed_future_timestamp(self, signer):
+ signed = b"value.TgPVoaGhoQ.AGBfQ6G6cr07byTRt0zAdPljHOY"
+
+ with pytest.raises(BadTimeSignature) as exc_info:
+ signer.unsign(signed)
+
+ assert "Malformed" in str(exc_info.value)
+ assert exc_info.value.date_signed is None
+
def test_future_age(self, signer):
signed = signer.sign("value")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-2.0.1/tox.ini
new/itsdangerous-2.1.1/tox.ini
--- old/itsdangerous-2.0.1/tox.ini 2021-02-08 21:26:28.000000000 +0100
+++ new/itsdangerous-2.1.1/tox.ini 2022-02-16 19:56:11.000000000 +0100
@@ -1,6 +1,6 @@
[tox]
envlist =
- py{39,38,37,36,py3}
+ py3{11,10,9,8,7},pypy3{8,7}
style
typing
docs
