Functions for creating and restoring url-safe signed JSON objects.
The format used looks like this:
>>> signing.dumps("hello") 'ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk'
There are two components here, separated by a ':'. The first component is a URLsafe base64 encoded JSON of the object passed to dumps(). The second component is a base64 encoded hmac/SHA1 hash of "$first_component:$secret"
signing.loads(s) checks the signature and returns the deserialized object. If the signature fails, a BadSignature exception is raised.
>>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk") 'hello' >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk-modified") ... BadSignature: Signature failed: ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk-modified
You can optionally compress the JSON prior to base64 encoding it to save space, using the compress=True argument. This checks if compression actually helps and only applies compression if the result is a shorter string:
>>> signing.dumps(list(range(1, 20)), compress=True) '.eJwFwcERACAIwLCF-rCiILN47r-GyZVJsNgkxaFxoDgxcOHGxMKD_T7vhAml:1QaUaL:BA0thEZrp4FQVXIXuOvYJtLJSrQ'
The fact that the string is compressed is signalled by the prefixed '.' at the start of the base64 JSON.
There are 65 url-safe characters: the 64 used by url-safe base64 and the ':'. These functions make use of all of them.
Class | Signer |
No class docstring; 0/4 instance variable, 1/6 method documented |
Class | TimestampSigner |
No class docstring; 1/3 method documented |
Function | dumps |
Return URL-safe, hmac signed base64 compressed JSON string. If key is None, use settings.SECRET_KEY instead. The hmac algorithm is the default Signer algorithm. |
Function | loads |
Reverse of dumps(), raise BadSignature if signature fails. |
Constant | BASE62_ALPHABET |
Undocumented |
Class | BadSignature |
Signature does not match. |
Class | JSONSerializer |
Simple wrapper around json to be used in signing.dumps and signing.loads. |
Class | SignatureExpired |
Signature timestamp is older than required max_age. |
Function | b62_decode |
Undocumented |
Function | b62_encode |
Undocumented |
Function | b64_decode |
Undocumented |
Function | b64_encode |
Undocumented |
Function | base64_hmac |
Undocumented |
Function | get_cookie_signer |
Undocumented |
Constant | _SEP_UNSAFE |
Undocumented |
Return URL-safe, hmac signed base64 compressed JSON string. If key is None, use settings.SECRET_KEY instead. The hmac algorithm is the default Signer algorithm.
If compress is True (not the default), check if compressing using zlib can save some space. Prepend a '.' to signify compression. This is included in the signature, to protect against zip bombs.
Salt can be used to namespace the hash, so that a signed string is only valid for a given namespace. Leaving this at the default value or re-using a salt value across different parts of your application without good cause is a security risk.
The serializer is expected to return a bytestring.
Reverse of dumps(), raise BadSignature if signature fails.
The serializer is expected to accept a bytestring.