There's a small bug in b64_decode(), the padding should be r = len(s) % 4 pad = '=' * (r and 4 - r or 0)
I'd like some more kwargs to Signer and TimestampSigner. Mostly what's in http://dpaste.com/136418/ (except the `separator` kwarg, which was a bad idea as it depends on encode()): Signer(serializer=...) and TimestampSigner(ttl=...). __ Johannes Am 21.12.2009 um 12:43 schrieb Simon Willison: > I've uploaded the patch for adding signing and signed cookies to > Django: > > http://code.djangoproject.com/attachment/ticket/12417/ticket12417.diff > > You can also read the documentation directly on my GitHub branch: > > http://github.com/simonw/django/blob/signed/docs/topics/signing.txt > http://github.com/simonw/django/blob/signed/docs/ref/request-response.txt#L224 > http://github.com/simonw/django/blob/signed/docs/ref/request-response.txt#L561 > > Most of the code lives in django.utils.signed (the low-level signing > API) but I've also added a get_signed_cookie() method to HttpRequest > and a corresponding set_signed_cookie() method to HttpResponse: > > http://github.com/simonw/django/blob/signed/django/http/ > __init__.py#L84 > http://github.com/simonw/django/blob/signed/django/http/__init__.py#L406 > http://github.com/simonw/django/blob/signed/django/utils/signed.py > > The code has documentation and unit tests. The documentation isn't > 100% complete - I need to improve the explanation of what signing is > and why it is useful and document the new COOKIE_SIGNER_BACKEND > setting which allows users to swap in their own cookie signing > behaviour should they need to. > > Most importantly though, the implementation has not yet been peer > reviewed by real cryptographers. With that in mind, would it be > appropriate to check this in before the 1.2 freeze? We would certainly > get the code reviewed before the final 1.2 release. > > Cheers, > > Simon > > -- > > You received this message because you are subscribed to the Google > Groups "Django developers" group. > To post to this group, send email to django-developers@googlegroups.com > . > To unsubscribe from this group, send email to > django-developers+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en > . > > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.