rpms/python-itsdangerous
7
0
Fork 0
Code Issues Pull Requests Releases Activity

new upstream release 0.23 (no code changes, only packaging fixes)

Browse Source
This commit is contained in:
Dan Callaghan 2013-08-15 17:11:20 +10:00
parent ed502edfa6
commit f7996b505a
6 changed files with 7 additions and 397 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
/itsdangerous-git-0.11.tar.xz
/itsdangerous-0.21.tar.gz
/itsdangerous-0.22.tar.gz
/itsdangerous-0.23.tar.gz

79
CHANGES
View File

@ -1,79 +0,0 @@
It's Dangerous Changelog
------------------------
Version 0.21
~~~~~~~~~~~~
- Fixed an issue on Python 3 which caused invalid errors to be
generated.
Version 0.20
~~~~~~~~~~~~
- Fixed an incorrect call into `want_bytes` that broke some
uses of itsdangerous on Python 2.6.
Version 0.19
~~~~~~~~~~~~
- Dropped support for 2.5 and added support for 3.3.
Version 0.18
~~~~~~~~~~~~
- Added support for JSON Web Signatures (JWS).
Version 0.17
~~~~~~~~~~~~
- Fixed a name error when overriding the digest method.
Version 0.16
~~~~~~~~~~~~
- made it possible to pass unicode values to `load_payload` to make it
easier to debug certain things.
Version 0.15
~~~~~~~~~~~~
- made standalone `load_payload` more robust by raising one specific
error if something goes wrong.
- refactored exceptions to catch more cases individually, added more
attributes.
- fixed an issue that caused `load_payload` not work in some situations
with timestamp based serializers
- added an `loads_unsafe` method.
Version 0.14
~~~~~~~~~~~~
- API refactoring to support different key derivations.
- Added attributes to exceptions so that you can inspect the data even
if the signature check failed.
Version 0.13
~~~~~~~~~~~~
- Small API change that enables customization of the digest module.
Version 0.12
~~~~~~~~~~~~
- Fixed a problem with the local timezone being used for the epoch
calculation. This might invalidate some of your signatures if you
were not running in UTC timezone. You can revert to the old behavior
by monkey patching itsdangerous.EPOCH.
Version 0.11
~~~~~~~~~~~~
- Fixed an uncought value error.
Version 0.10
~~~~~~~~~~~~
- Refactored interface that the underlying serializers can be swapped by
passing in a module instead of having to override the payload loaders
and dumpers. This makes the interface more compatible with Django's
recent changes.

31
LICENSE
View File

@ -1,31 +0,0 @@
Copyright (c) 2011 by Armin Ronacher and the Django Software Foundation.
Some rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
* The names of the contributors may not be used to endorse or
promote products derived from this software without specific
prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

13
python-itsdangerous.spec
View File

@ -7,17 +7,12 @@
%endif
Name: python-%{upstream_name}
Version: 0.22
Release: 2%{?dist}
Version: 0.23
Release: 1%{?dist}
Summary: Python library for passing trusted data to untrusted environments
License: BSD
URL: http://pythonhosted.org/itsdangerous/
Source0: http://pypi.python.org/packages/source/i/%{upstream_name}/%{upstream_name}-%{version}.tar.gz
# Tarballs on PyPi lack LICENSE, CHANGES, and tests.
# https://github.com/mitsuhiko/itsdangerous/pull/22
Source1: LICENSE
Source2: CHANGES
Source3: tests.py
BuildArch: noarch
BuildRequires: python2-devel
BuildRequires: python-setuptools
@ -52,7 +47,6 @@ Signatures (JWS).
%prep
%setup -q -n %{upstream_name}-%{version}
rm -r *.egg-info
cp -p %{SOURCE1} %{SOURCE2} %{SOURCE3} .
%if %{with python3}
rm -rf %{py3dir}
@ -100,6 +94,9 @@ popd
%endif
%changelog
* Thu Aug 15 2013 Dan Callaghan <dcallagh@redhat.com> - 0.23-1
- new upstream release 0.23 (no code changes, only packaging fixes)
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
ba715357eadfb045ca06e11869366bfd itsdangerous-0.22.tar.gz
985e726eb76f18aca81e703f0a6c6efc itsdangerous-0.23.tar.gz

278
tests.py
View File

@ -1,278 +0,0 @@
import time
import pickle
import hashlib
import unittest
from datetime import datetime
import itsdangerous as idmod
from itsdangerous import want_bytes, text_type, PY2
# Helper function for some unsafe string manipulation on encoded
# data. This is required for Python 3 but would break on Python 2
if PY2:
def _coerce_string(reference_string, value):
return value
else:
def _coerce_string(reference_string, value):
assert isinstance(value, text_type), 'rhs needs to be a string'
if type(reference_string) != type(value):
value = value.encode('utf-8')
return value
class UtilityTestCase(unittest.TestCase):
def test_want_bytes(self):
self.assertEqual(want_bytes(b"foobar"), b"foobar")
self.assertEqual(want_bytes(u"foobar"), b"foobar")
class SerializerTestCase(unittest.TestCase):
serializer_class = idmod.Serializer
def make_serializer(self, *args, **kwargs):
return self.serializer_class(*args, **kwargs)
def test_dumps_loads(self):
objects = (['a', 'list'], 'a string', u'a unicode string \u2019',
{'a': 'dictionary'}, 42, 42.5)
s = self.make_serializer('Test')
for o in objects:
value = s.dumps(o)
self.assertNotEqual(o, value)
self.assertEqual(o, s.loads(value))
def test_decode_detects_tampering(self):
s = self.make_serializer('Test')
transforms = (
lambda s: s.upper(),
lambda s: s + _coerce_string(s, 'a'),
lambda s: _coerce_string(s, 'a') + s[1:],
lambda s: s.replace(_coerce_string(s, '.'), _coerce_string(s, '')),
)
value = {
'foo': 'bar',
'baz': 1,
}
encoded = s.dumps(value)
self.assertEqual(value, s.loads(encoded))
for transform in transforms:
self.assertRaises(
idmod.BadSignature, s.loads, transform(encoded))
def test_accepts_unicode(self):
objects = (['a', 'list'], 'a string', u'a unicode string \u2019',
{'a': 'dictionary'}, 42, 42.5)
s = self.make_serializer('Test')
for o in objects:
value = s.dumps(o)
self.assertNotEqual(o, value)
self.assertEqual(o, s.loads(value))
def test_exception_attributes(self):
secret_key = 'predictable-key'
value = u'hello'
s = self.make_serializer(secret_key)
ts = s.dumps(value)
try:
s.loads(ts + _coerce_string(ts, 'x'))
except idmod.BadSignature as e:
self.assertEqual(want_bytes(e.payload),
want_bytes(ts).rsplit(b'.', 1)[0])
self.assertEqual(s.load_payload(e.payload), value)
else:
self.fail('Did not get bad signature')
def test_unsafe_load(self):
secret_key = 'predictable-key'
value = u'hello'
s = self.make_serializer(secret_key)
ts = s.dumps(value)
self.assertEqual(s.loads_unsafe(ts), (True, u'hello'))
self.assertEqual(s.loads_unsafe(ts, salt='modified'), (False, u'hello'))
def test_load_unsafe_with_unicode_strings(self):
secret_key = 'predictable-key'
value = u'hello'
s = self.make_serializer(secret_key)
ts = s.dumps(value)
self.assertEqual(s.loads_unsafe(ts), (True, u'hello'))
self.assertEqual(s.loads_unsafe(ts, salt='modified'), (False, u'hello'))
try:
s.loads(ts, salt='modified')
except idmod.BadSignature as e:
self.assertEqual(s.load_payload(e.payload), u'hello')
def test_signer_kwargs(self):
secret_key = 'predictable-key'
value = 'hello'
s = self.make_serializer(secret_key, signer_kwargs=dict(
digest_method=hashlib.md5,
key_derivation='hmac'
))
ts = s.dumps(value)
self.assertEqual(s.loads(ts), u'hello')
class TimedSerializerTestCase(SerializerTestCase):
serializer_class = idmod.TimedSerializer
def setUp(self):
self._time = time.time
time.time = lambda: idmod.EPOCH
def tearDown(self):
time.time = self._time
def test_decode_with_timeout(self):
secret_key = 'predictable-key'
value = u'hello'
s = self.make_serializer(secret_key)
ts = s.dumps(value)
self.assertNotEqual(ts, idmod.Serializer(secret_key).dumps(value))
self.assertEqual(s.loads(ts), value)
time.time = lambda: idmod.EPOCH + 10
self.assertEqual(s.loads(ts, max_age=11), value)
self.assertEqual(s.loads(ts, max_age=10), value)
self.assertRaises(
idmod.SignatureExpired, s.loads, ts, max_age=9)
def test_decode_return_timestamp(self):
secret_key = 'predictable-key'
value = u'hello'
s = self.make_serializer(secret_key)
ts = s.dumps(value)
loaded, timestamp = s.loads(ts, return_timestamp=True)
self.assertEqual(loaded, value)
self.assertEqual(timestamp, datetime.utcfromtimestamp(time.time()))
def test_exception_attributes(self):
secret_key = 'predictable-key'
value = u'hello'
s = self.make_serializer(secret_key)
ts = s.dumps(value)
try:
s.loads(ts, max_age=-1)
except idmod.SignatureExpired as e:
self.assertEqual(e.date_signed,
datetime.utcfromtimestamp(time.time()))
self.assertEqual(want_bytes(e.payload),
want_bytes(ts).rsplit(b'.', 2)[0])
self.assertEqual(s.load_payload(e.payload), value)
else:
self.fail('Did not get expiration')
class JSONWebSignatureSerializerTestCase(SerializerTestCase):
serializer_class = idmod.JSONWebSignatureSerializer
def test_decode_return_header(self):
secret_key = 'predictable-key'
value = u'hello'
header = {"typ": "dummy"}
s = self.make_serializer(secret_key)
full_header = header.copy()
full_header['alg'] = s.algorithm_name
ts = s.dumps(value, header_fields=header)
loaded, loaded_header = s.loads(ts, return_header=True)
self.assertEqual(loaded, value)
self.assertEqual(loaded_header, full_header)
def test_hmac_algorithms(self):
secret_key = 'predictable-key'
value = u'hello'
algorithms = ('HS256', 'HS384', 'HS512')
for algorithm in algorithms:
s = self.make_serializer(secret_key, algorithm_name=algorithm)
ts = s.dumps(value)
self.assertEqual(s.loads(ts), value)
def test_none_algorithm(self):
secret_key = 'predictable-key'
value = u'hello'
s = self.make_serializer(secret_key)
ts = s.dumps(value)
self.assertEqual(s.loads(ts), value)
def test_algorithm_mismatch(self):
secret_key = 'predictable-key'
value = u'hello'
s = self.make_serializer(secret_key, algorithm_name='HS256')
ts = s.dumps(value)
s = self.make_serializer(secret_key, algorithm_name='HS384')
try:
s.loads(ts)
except idmod.BadSignature as e:
self.assertEqual(s.load_payload(e.payload), value)
else:
self.fail('Did not get algorithm mismatch')
class URLSafeSerializerMixin(object):
def test_is_base62(self):
allowed = frozenset(b'0123456789abcdefghijklmnopqrstuvwxyz' +
b'ABCDEFGHIJKLMNOPQRSTUVWXYZ_-.')
objects = (['a', 'list'], 'a string', u'a unicode string \u2019',
{'a': 'dictionary'}, 42, 42.5)
s = self.make_serializer('Test')
for o in objects:
value = want_bytes(s.dumps(o))
self.assertTrue(set(value).issubset(set(allowed)))
self.assertNotEqual(o, value)
self.assertEqual(o, s.loads(value))
def test_invalid_base64_does_not_fail_load_payload(self):
s = idmod.URLSafeSerializer('aha!')
self.assertRaises(idmod.BadPayload, s.load_payload, b'kZ4m3du844lIN')
class PickleSerializerMixin(object):
def make_serializer(self, *args, **kwargs):
kwargs.setdefault('serializer', pickle)
return super(PickleSerializerMixin, self).make_serializer(*args, **kwargs)
class URLSafeSerializerTestCase(URLSafeSerializerMixin, SerializerTestCase):
serializer_class = idmod.URLSafeSerializer
class URLSafeTimedSerializerTestCase(URLSafeSerializerMixin, TimedSerializerTestCase):
serializer_class = idmod.URLSafeTimedSerializer
class PickleSerializerTestCase(PickleSerializerMixin, SerializerTestCase):
pass
class PickleTimedSerializerTestCase(PickleSerializerMixin, TimedSerializerTestCase):
pass
class PickleURLSafeSerializerTestCase(PickleSerializerMixin, URLSafeSerializerTestCase):
pass
class PickleURLSafeTimedSerializerTestCase(PickleSerializerMixin, URLSafeTimedSerializerTestCase):
pass
if __name__ == '__main__':
unittest.main()