Make timestamped signatures compatible with Python #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The Python implementation initially used an epoch of 2011/01/01, but this was dropped in favour of the standard unix epoch prior to version 1.0.0[1]. This implementation is still using the original epoch, which means it's not compatible with Python. This therefore updates this implementation to use the unix epoch to match the Python implementation. In order to test this change, I've introduced a NowFunc function to allow overriding the function it uses to obtain the local time, so that the tests can mock the current time for repeatability. I considered that this would be also be useful for consumers of this library, so I've made it an exported value. [1]pallets/itsdangerous#46
The Python implementation serialises the timestamp as an 8-byte integer (using pack with '>Q'[1]), and then trims leading zeroes[2]. This implementation was assuming a fixed 4-byte representation, which only works because all current timestamps are 4 bytes once leading zeroes are removed. This updates it to match the Python implementation, which means it won't break when the current timestamp overflows 4 bytes. [1]https://github.com/pallets/itsdangerous/blob/2.2.0/src/itsdangerous/encoding.py#L44 [2]https://github.com/pallets/itsdangerous/blob/2.2.0/src/itsdangerous/encoding.py#L50
Remove the need for buffers and readers by using the binary.BigEndian interface directly to read/write from the byte slice.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes a few issues relating to handling of timestamps to make this compatible with the Python version:
The Python implementation initially used an epoch of 2011/01/01, but this was dropped in favour of the standard unix epoch prior to version 1.0.0. This implementation had not been updated to reflect this change
Fix handling for timestamps > 4 bytes - the Python implementation serialises the timestamp as an 8-byte integer
(using pack with '>Q'), and then trims leading zeroes. For current timestamps, this output is the same as for a 4-byte integer. This implementation was parsing the timestamp assuming a fixed 4-byte integer representation, which means it would break when the current timestamp spills over into more than 4 bytes.