Am 22.12.2009 um 08:20 schrieb Simon Willison: > On Dec 22, 12:52 am, Johannes Dollinger > <johannes.dollin...@einfallsreich.net> wrote: >> I'd like some more kwargs to Signer and TimestampSigner. Mostly >> what's >> inhttp://dpaste.com/136418/(except the `separator` kwarg, which was >> a bad idea as it depends on encode()): Signer(serializer=...) and >> TimestampSigner(ttl=...). > > The first few versions of the code had a bunch more stuff along the > lines of that dpaste (which expires in 6 days, so here's a gist copy > of it: http://gist.github.com/261572 )
Thanks. > After struggling with it for quite a while, I decided that having a > single class that handled signing, serialization and compression > wasn't the right approach - it was doing far too much. Instead, I > changed the design so the Signer's only responsibility was generating > signatures, appending them to strings and verifying that they were > correct. The encryption/serialization was extracted out and moved > directly in to the signed.dumps() and signed.loads() functions. > > This solved a bunch of problems I was having with the code - too many > subclasses, confusing amounts of multiple inheritance for mixing > together different subclassed behaviours - and generally made > everything feel a lot more cohesive. > > That's also why I added the BACKEND setting for setting a cookie > signing backend - that way, users with specific ideas about how their > signed cookies should work can write their own class that does pretty > much anything they like. > > Is there any functionality in particular that you think should be > resurrected from the more-complex-signing-classes? I'm very keen on > keeping the serialization and compression stuff out of Signer. I wanted to proposed to make dumps() and loads() methods on Signer again. Now they are bound to TimestampSigner. If they were defined as methods, you could reuse the functionality on subclasses. A mixin might be overengineering as you would never use it without Signer and it makes sense to have the feature available for all subclasses. Why do you want to keep it out? Useful additions: * If sign() and unsign() take a `sep` kwarg, Signer.__init__() should also take it. Better yet, only set it in __init__(). * TimestampSigner.__init__() needs a max_age/ttl kwarg. __ Johannes -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
