[Django] #34804: legacy_algorithm = 'sha1' removed in django4.0 but new algo algorithm is hardcoded

Wed, 30 Aug 2023 00:59:56 -0700 

#34804: legacy_algorithm = 'sha1' removed in django4.0 but new algo algorithm is
hardcoded
------------------------------------------------+------------------------
               Reporter:  Awais Qureshi         |          Owner:  nobody
                   Type:  Cleanup/optimization  |         Status:  new
              Component:  Core (Other)          |        Version:  4.2
               Severity:  Normal                |       Keywords:
           Triage Stage:  Unreviewed            |      Has patch:  0
    Needs documentation:  0                     |    Needs tests:  0
Patch needs improvement:  0                     |  Easy pickings:  0
                  UI/UX:  0                     |
------------------------------------------------+------------------------
 I am trying to upgrade from django32 to 42 and facing an issue in
 https://github.com/django/django/blob/3.2/django/core/signing.py#L124

 in django32 it is like this

 # RemovedInDjango40Warning.
  legacy_algorithm = 'sha1'

 and in __init__ method it picks the value like this
 `self.algorithm = algorithm or settings.DEFAULT_HASHING_ALGORITHM`

 In django42
 https://github.com/django/django/blob/4.2.4/django/core/signing.py#L204

 algorithm getting value like this

 self.algorithm = algorithm or "sha256" ( its a hardcoded value and can be
 pick via settings)

 So here is my code I am using dump method to `signing.dumps(data_to_sign,
 salt=self.key_salt)` and it furthers call the `TimestampSigner` So I am
 not able to find any way to pass the `sha1` which is my current prod
 setting.

 Last option for me is to override the class.

 Proposed solution is like previous one in __init__ method it picks the
 value like this

 `self.algorithm = algorithm or settings.DEFAULT_HASHING_ALGORITHM`

-- 
Ticket URL: <https://code.djangoproject.com/ticket/34804>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018a4574aaee-d8dbbccd-51da-497e-a948-3f49442a9f33-000000%40eu-central-1.amazonses.com.

Reply via email to