diff options
author | David Lord <davidism@gmail.com> | 2019-08-04 21:29:28 -0700 |
---|---|---|
committer | David Lord <davidism@gmail.com> | 2019-08-04 21:29:28 -0700 |
commit | 5a455d5f2ec0228ebe633e7dfa979c4aff19c90f (patch) | |
tree | 3dc253738aef12a16f73f2fb873c6bff7d77f532 | |
parent | c880f85ccdaee29adab8b47ad79eb7bdec507b57 (diff) | |
parent | 7857e870a5bab1b3bdf16abd3a7ecce2646ca1b2 (diff) | |
download | itsdangerous-5a455d5f2ec0228ebe633e7dfa979c4aff19c90f.tar.gz |
Merge branch '1.1.x'
-rw-r--r-- | .azure-pipelines.yaml | 64 | ||||
-rw-r--r-- | .pre-commit-config.yaml | 15 | ||||
-rw-r--r-- | .travis.yml | 38 | ||||
-rw-r--r-- | CHANGES.rst | 48 | ||||
-rw-r--r-- | README.rst | 9 | ||||
-rw-r--r-- | docs/conf.py | 20 | ||||
-rw-r--r-- | docs/index.rst | 18 | ||||
-rw-r--r-- | docs/jws.rst | 2 | ||||
-rw-r--r-- | docs/requirements.txt | 6 | ||||
-rw-r--r-- | docs/serializer.rst | 2 | ||||
-rw-r--r-- | docs/url_safe.rst | 2 | ||||
-rw-r--r-- | setup.cfg | 18 | ||||
-rw-r--r-- | src/itsdangerous/exc.py | 2 | ||||
-rw-r--r-- | tests/test_itsdangerous/test_jws.py | 4 | ||||
-rw-r--r-- | tests/test_itsdangerous/test_timed.py | 4 | ||||
-rw-r--r-- | tests/test_itsdangerous/test_url_safe.py | 4 | ||||
-rw-r--r-- | tox.ini | 31 |
17 files changed, 156 insertions, 131 deletions
diff --git a/.azure-pipelines.yaml b/.azure-pipelines.yaml new file mode 100644 index 0000000..374da2d --- /dev/null +++ b/.azure-pipelines.yaml @@ -0,0 +1,64 @@ +trigger: + - master + - '*.x' + +variables: + vmImage: ubuntu-latest + python.version: 3.7 + TOXENV: py,coverage-ci + hasTestResults: true + +strategy: + matrix: + Python 3.7 Linux: + vmImage: ubuntu-latest + Python 3.7 Windows: + vmImage: windows-latest + Python 3.7 Mac: + vmImage: macos-latest + PyPy 3 Linux: + python.version: pypy3 + Python 3.6 Linux: + python.version: 3.6 + Python 3.5 Linux: + python.version: 3.5 + Python 2.7 Linux: + python.version: 2.7 + Python 2.7 Windows: + python.version: 2.7 + vmImage: windows-latest + Docs: + TOXENV: docs + hasTestResults: false + Style: + TOXENV: style + hasTestResults: false + +pool: + vmImage: $(vmImage) + +steps: + - task: UsePythonVersion@0 + inputs: + versionSpec: $(python.version) + displayName: Use Python $(python.version) + + - script: pip --disable-pip-version-check install -U tox + displayName: Install tox + + - script: tox -s false -- --junit-xml=test-results.xml + displayName: Run tox + + - task: PublishTestResults@2 + inputs: + testResultsFiles: test-results.xml + testRunTitle: $(Agent.JobName) + condition: eq(variables['hasTestResults'], 'true') + displayName: Publish test results + + - task: PublishCodeCoverageResults@1 + inputs: + codeCoverageTool: Cobertura + summaryFileLocation: coverage.xml + condition: eq(variables['hasTestResults'], 'true') + displayName: Publish coverage results diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7be015d..97a6935 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,18 +1,21 @@ repos: - repo: https://github.com/asottile/reorder_python_imports - rev: v1.3.1 + rev: v1.6.1 hooks: - id: reorder-python-imports - args: ["--application-directories", "src"] + args: ["--application-directories", "src:tests"] - repo: https://github.com/ambv/black - rev: 18.9b0 + rev: 19.3b0 hooks: - id: black + - repo: https://gitlab.com/pycqa/flake8 + rev: 3.7.8 + hooks: + - id: flake8 + additional_dependencies: [flake8-bugbear] - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v2.0.0 + rev: v2.2.3 hooks: - id: check-byte-order-marker - id: trailing-whitespace - id: end-of-file-fixer - - id: flake8 - additional_dependencies: [flake8-bugbear] diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index e87eaa0..0000000 --- a/.travis.yml +++ /dev/null @@ -1,38 +0,0 @@ -os: linux -sudo: false -language: python -python: - - "3.6" - - "3.5" - - "3.4" - - "2.7" - - "nightly" - - "pypy3" -env: TOXENV=py,codecov - -matrix: - include: - - env: TOXENV=stylecheck,docs-html - allow_failures: - - python: nightly - - python: pypy3 - fast_finish: true - -install: - - pip install tox - -script: - - tox - -cache: - directories: - - $HOME/.cache/pip - - $HOME/.cache/pre-commit - -branches: - only: - - master - - /^.*\.x$/ - -notifications: - email: false diff --git a/CHANGES.rst b/CHANGES.rst index af027c0..199b2b6 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -3,17 +3,14 @@ Version 1.1.0 Released 2018-10-26 -- Change default signing algorithm back to SHA-1. (`#113`_) +- Change default signing algorithm back to SHA-1. :pr:`113` - Added a default SHA-512 fallback for users who used the yanked 1.0.0 - release which defaulted to SHA-512. (`#114`_) + release which defaulted to SHA-512. :pr:`114` - Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing - signatures. (`#113`_) + signatures. :pr:`113` - Changed capitalization of packages back to lowercase as the change - in capitalization broke some tooling. (`#113`_) - -.. _#113: https://github.com/pallets/itsdangerous/pull/113 -.. _#114: https://github.com/pallets/itsdangerous/pull/114 + in capitalization broke some tooling. :pr:`113` Version 1.0.0 @@ -31,40 +28,27 @@ at SHA1. - Refactor code from a single module to a package. Any object in the API docs is still importable from the top-level ``itsdangerous`` name, but other imports will need to be changed. A future release - will remove many of these compatibility imports. (`#107`_) -- Optimize how timestamps are serialized and deserialized. (`#13`_) + will remove many of these compatibility imports. :pr:`107` +- Optimize how timestamps are serialized and deserialized. :pr:`13` - ``base64_decode`` raises ``BadData`` when it is passed invalid data. - (`#27`_) + :pr:`27` - Ensure value is bytes when signing to avoid a ``TypeError`` on - Python 3. (`#29`_) + Python 3. :issue:`29` - Add a ``serializer_kwargs`` argument to ``Serializer``, which is - passed to ``dumps`` during ``dump_payload``. (`#36`_) -- More compact JSON dumps for unicode strings. (`#38`_) + passed to ``dumps`` during ``dump_payload``. :pr:`36` +- More compact JSON dumps for unicode strings. :issue:`38` - Use the full timestamp rather than an offset, allowing dates before - 2011. (`#46`_) + 2011. :issue:`46` To retain compatibility with signers from previous versions, consider using `this shim <https://github.com/pallets/itsdangerous /issues/120#issuecomment-456913331>`_ when unsigning. - Detect a ``sep`` character that may show up in the signature itself - and raise a ``ValueError``. (`#62`_) + and raise a ``ValueError``. :issue:`62` - Use a consistent signature for keyword arguments for - ``Serializer.load_payload`` in subclasses. (`#74`_, `#75`_) -- Change default intermediate hash from SHA-1 to SHA-512. (`#80`_) -- Convert JWS exp header to an int when loading. (`#99`_) - -.. _#13: https://github.com/pallets/itsdangerous/pull/13 -.. _#27: https://github.com/pallets/itsdangerous/pull/27 -.. _#29: https://github.com/pallets/itsdangerous/issues/29 -.. _#36: https://github.com/pallets/itsdangerous/pull/36 -.. _#38: https://github.com/pallets/itsdangerous/issues/38 -.. _#46: https://github.com/pallets/itsdangerous/issues/46 -.. _#62: https://github.com/pallets/itsdangerous/issues/62 -.. _#74: https://github.com/pallets/itsdangerous/issues/74 -.. _#75: https://github.com/pallets/itsdangerous/pull/75 -.. _#80: https://github.com/pallets/itsdangerous/pull/80 -.. _#99: https://github.com/pallets/itsdangerous/pull/99 -.. _#107: https://github.com/pallets/itsdangerous/pull/107 + ``Serializer.load_payload`` in subclasses. :issue:`74`, :pr:`75` +- Change default intermediate hash from SHA-1 to SHA-512. :pr:`80` +- Convert JWS exp header to an int when loading. :pr:`99` Version 0.24 @@ -111,7 +95,7 @@ Version 0.20 Released 2013-05-23 - Fixed an incorrect call into ``want_bytes`` that broke some uses of - itsdangerous on Python 2.6. + ItsDangerous on Python 2.6. Version 0.19 @@ -1,4 +1,4 @@ -itsdangerous +ItsDangerous ============ ... so better sign this @@ -47,7 +47,7 @@ name between web requests. Donate ------ -The Pallets organization develops and supports itsdangerous and other +The Pallets organization develops and supports ItsDangerous and other popular packages. In order to grow the community of contributors and users, and allow the maintainers to devote more time to the projects, `please donate today`_. @@ -60,9 +60,12 @@ Links * Website: https://palletsprojects.com/p/itsdangerous/ * Documentation: https://itsdangerous.palletsprojects.com/ -* License: `BSD <https://github.com/pallets/itsdangerous/blob/master/LICENSE.rst>`_ +* License: `BSD-3-Clause`_ * Releases: https://pypi.org/project/itsdangerous/ * Code: https://github.com/pallets/itsdangerous * Issue tracker: https://github.com/pallets/itsdangerous/issues * Test status: https://travis-ci.org/pallets/itsdangerous * Test coverage: https://codecov.io/gh/pallets/itsdangerous +* Official chat: https://discord.gg/t6rrQZH + +.. _BSD-3-Clause: https://github.com/pallets/itsdangerous/blob/master/LICENSE.rst diff --git a/docs/conf.py b/docs/conf.py index b2bab8f..25f4425 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -3,16 +3,23 @@ from pallets_sphinx_themes import ProjectLink # Project -------------------------------------------------------------- -project = "itsdangerous" -copyright = "2011 Pallets Team" -author = "Pallets Team" +project = "ItsDangerous" +copyright = "2011 Pallets" +author = "Pallets" release, version = get_version("itsdangerous") # General -------------------------------------------------------------- master_doc = "index" -extensions = ["sphinx.ext.autodoc", "sphinx.ext.intersphinx", "pallets_sphinx_themes"] +extensions = [ + "sphinx.ext.autodoc", + "sphinx.ext.intersphinx", + "pallets_sphinx_themes", + "sphinxcontrib.log_cabinet", + "sphinx_issues", +] intersphinx_mapping = {"python": ("https://docs.python.org/3/", None)} +issues_github_path = "pallets/itsdangerous" # HTML ----------------------------------------------------------------- @@ -33,12 +40,13 @@ html_sidebars = { } singlehtml_sidebars = {"index": ["project.html", "localtoc.html"]} html_static_path = ["_static"] +html_favicon = "_static/itsdangerous-logo-sidebar.png" html_logo = "_static/itsdangerous-logo-sidebar.png" -html_title = "itsdangerous Documentation ({})".format(version) +html_title = "{} Documentation ({})".format(project, version) html_show_sourcelink = False # LaTeX ---------------------------------------------------------------- latex_documents = [ - (master_doc, "itsdangerous-{}.tex".format(version), html_title, author, "manual") + (master_doc, "{}-{}.tex".format(project, version), html_title, author, "manual") ] diff --git a/docs/index.rst b/docs/index.rst index 3a98d0b..c5b16cb 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -1,23 +1,23 @@ .. rst-class:: hide-header -itsdangerous +ItsDangerous ============ .. image:: _static/itsdangerous-logo.png :align: center :target: https://palletsprojects.com/p/itsdangerous/ -Sometimes you just want to send some data to untrusted environments. But -how to do this safely? The trick involves signing. Given a key only you -know, you can cryptographically sign your data and hand it over to someone -else. When you get the data back you can easily ensure that nobody tampered -with it. +Sometimes you just want to send some data to untrusted environments. But +how to do this safely? The trick involves signing. Given a key only you +know, you can cryptographically sign your data and hand it over to +someone else. When you get the data back you can easily ensure that +nobody tampered with it. Granted, the receiver can decode the contents and look into the package, but they can not modify the contents unless they also have your secret -key. So if you keep the key secret and complex, you will be fine. +key. So if you keep the key secret and complex, you will be fine. -Internally itsdangerous uses HMAC and SHA-512 for signing by default. +Internally ItsDangerous uses HMAC and SHA-512 for signing by default. The initial implementation was inspired by `Django's signing module <https://docs.djangoproject.com/en/dev/topics/signing/>`_. It also supports JSON Web Signatures (JWS). The library is BSD licensed. @@ -45,7 +45,7 @@ Example Use Cases - Signed objects can be stored in cookies or other untrusted sources which means you don't need to have sessions stored on the server, which reduces the number of necessary database queries. -- Signed information can safely do a roundtrip between server and +- Signed information can safely do a round trip between server and client in general which makes them useful for passing server-side state to a client and then back. diff --git a/docs/jws.rst b/docs/jws.rst index da12253..06f5bcd 100644 --- a/docs/jws.rst +++ b/docs/jws.rst @@ -30,7 +30,7 @@ be provided upon serialization: ) (0, {'alg': 'HS256', 'v': 1}) -itsdangerous only provides HMAC SHA derivatives and the none algorithm +ItsDangerous only provides HMAC SHA derivatives and the none algorithm at the moment and does not support the ECC based ones. The algorithm in the header is checked against the one of the serializer and on a mismatch a :exc:`~itsdangerous.exc.BadSignature` exception is raised. diff --git a/docs/requirements.txt b/docs/requirements.txt index 295f450..5354400 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,2 +1,4 @@ -Sphinx~=1.8.0 -Pallets-Sphinx-Themes~=1.1.0 +Pallets-Sphinx-Themes~=1.2.2 +Sphinx~=2.1.2 +sphinx-issues~=1.2.0 +sphinxcontrib-log-cabinet~=1.0.1 diff --git a/docs/serializer.rst b/docs/serializer.rst index 1b1da66..2f08e2a 100644 --- a/docs/serializer.rst +++ b/docs/serializer.rst @@ -45,7 +45,7 @@ the salt to be something that is stored alongside the resulting signed string as a way to prevent rainbow table lookups. Such salts are usually public. -In itsdangerous, like in the original Django implementation, the salt +In ItsDangerous, like in the original Django implementation, the salt serves a different purpose. You could describe it as namespacing. It's still not critical if you disclose it because without the secret key it does not help an attacker. diff --git a/docs/url_safe.rst b/docs/url_safe.rst index f3a00ee..bd5e2dc 100644 --- a/docs/url_safe.rst +++ b/docs/url_safe.rst @@ -5,7 +5,7 @@ URL Safe Serialization Often it is helpful if you can pass these trusted strings in places where you only have a limited set of characters available. Because of -this, itsdangerous also provides URL safe serializers: +this, ItsDangerous also provides URL safe serializers: .. code-block:: python @@ -26,11 +26,17 @@ source = # W = pycodestyle warnings # B9 = bugbear opinions select = B, E, F, W, B9 -# E203 = slice notation whitespace, invalid -# E501 = line length, handled by bugbear B950 -# W503 = bin op line break, invalid -ignore = E203, E501, W503 +ignore = + # slice notation whitespace, invalid + E203 + # line length, handled by bugbear B950 + E501 + # bare except, handled by bugbear B001 + E722 + # bin op line break, invalid + W503 # up to 88 allowed by bugbear B950 max-line-length = 80 -# init is used to export public API, ignore import warnings -exclude = src/itsdangerous/__init__.py +per-file-ignores = + # __init__ export names + src/itsdangerous/__init__.py: F401 diff --git a/src/itsdangerous/exc.py b/src/itsdangerous/exc.py index 287d691..3c2fbda 100644 --- a/src/itsdangerous/exc.py +++ b/src/itsdangerous/exc.py @@ -4,7 +4,7 @@ from ._compat import text_type class BadData(Exception): """Raised if bad data of any sort was encountered. This is the base - for all exceptions that itsdangerous defines. + for all exceptions that ItsDangerous defines. .. versionadded:: 0.15 """ diff --git a/tests/test_itsdangerous/test_jws.py b/tests/test_itsdangerous/test_jws.py index 8eaa0c5..e57e5cb 100644 --- a/tests/test_itsdangerous/test_jws.py +++ b/tests/test_itsdangerous/test_jws.py @@ -2,8 +2,6 @@ from datetime import timedelta from functools import partial import pytest -from test_itsdangerous.test_serializer import TestSerializer -from test_itsdangerous.test_timed import TestTimedSerializer from itsdangerous.exc import BadData from itsdangerous.exc import BadHeader @@ -12,6 +10,8 @@ from itsdangerous.exc import BadSignature from itsdangerous.exc import SignatureExpired from itsdangerous.jws import JSONWebSignatureSerializer from itsdangerous.jws import TimedJSONWebSignatureSerializer +from test_itsdangerous.test_serializer import TestSerializer +from test_itsdangerous.test_timed import TestTimedSerializer class TestJWSSerializer(TestSerializer): diff --git a/tests/test_itsdangerous/test_timed.py b/tests/test_itsdangerous/test_timed.py index 71ac8d9..136b377 100644 --- a/tests/test_itsdangerous/test_timed.py +++ b/tests/test_itsdangerous/test_timed.py @@ -4,14 +4,14 @@ from functools import partial import pytest from freezegun import freeze_time -from test_itsdangerous.test_serializer import TestSerializer -from test_itsdangerous.test_signer import TestSigner from itsdangerous import Signer from itsdangerous.exc import BadTimeSignature from itsdangerous.exc import SignatureExpired from itsdangerous.timed import TimedSerializer from itsdangerous.timed import TimestampSigner +from test_itsdangerous.test_serializer import TestSerializer +from test_itsdangerous.test_signer import TestSigner class FreezeMixin(object): diff --git a/tests/test_itsdangerous/test_url_safe.py b/tests/test_itsdangerous/test_url_safe.py index e1d1dcd..09a7e7c 100644 --- a/tests/test_itsdangerous/test_url_safe.py +++ b/tests/test_itsdangerous/test_url_safe.py @@ -1,11 +1,11 @@ from functools import partial import pytest -from test_itsdangerous.test_serializer import TestSerializer -from test_itsdangerous.test_timed import TestTimedSerializer from itsdangerous import URLSafeSerializer from itsdangerous import URLSafeTimedSerializer +from test_itsdangerous.test_serializer import TestSerializer +from test_itsdangerous.test_timed import TestTimedSerializer class TestURLSafeSerializer(TestSerializer): @@ -1,20 +1,19 @@ [tox] envlist = - py{37,36,35,34,27,py3,py} - stylecheck - docs-html - coverage-report + py{37,36,35,27,py3,py} + style + docs + coverage skip_missing_interpreters = true [testenv] -setenv = - COVERAGE_FILE = .coverage.{envname} deps = - pytest-cov + coverage + pytest freezegun -commands = pytest --tb=short --cov --cov-report= {posargs} +commands = coverage run -p -m pytest -Werror --tb=short --basetemp={envtmpdir} {posargs} -[testenv:stylecheck] +[testenv:style] deps = pre-commit skip_install = True commands = pre-commit run --all-files --show-diff-on-failure @@ -23,9 +22,7 @@ commands = pre-commit run --all-files --show-diff-on-failure deps = -r docs/requirements.txt commands = sphinx-build -W -b html -d {envtmpdir}/doctrees docs {envtmpdir}/html -[testenv:coverage-report] -setenv = - COVERAGE_FILE = .coverage +[testenv:coverage] deps = coverage skip_install = true commands = @@ -33,13 +30,9 @@ commands = coverage html coverage report -[testenv:codecov] -passenv = CI TRAVIS TRAVIS_* -setenv = - COVERAGE_FILE = .coverage -deps = codecov +[testenv:coverage-ci] +deps = coverage skip_install = true commands = coverage combine - codecov - coverage report + coverage xml |