Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Serializer.load_payload overrides in subclasses have incompatible signatures #74

Closed
ambv opened this issue Dec 22, 2016 · 2 comments · Fixed by #75
Closed

Serializer.load_payload overrides in subclasses have incompatible signatures #74

ambv opened this issue Dec 22, 2016 · 2 comments · Fixed by #75
Milestone
1.0.0

Comments

@ambv
Copy link
Contributor

ambv commented Dec 22, 2016

Mypy recently introduced stricter checks for function signature compatibility (python/mypy#2521). Since itsdangerous is included in the typeshed library with typing stubs, it found an issue with the signatures of load_payload. Consider:

class Serializer:
  def load_payload(self, payload, serializer=None): ...

vs.

class JSONWebSignatureSerializer(Serializer):
  def load_payload(self, payload, return_header=False): ...

vs.

class URLSafeSerializerMixin(object):
  def load_payload(self, payload): ...

class URLSafeSerializer(URLSafeSerializerMixin, Serializer): ...
class TimedSerializer(Serializer): ...
class URLSafeTimedSerializer(URLSafeSerializerMixin, TimedSerializer): ...

Basically, it's invalid to replace load_payload() accepting an optional kwarg with an implementation that doesn't.
ambv pushed a commit to python/typeshed that referenced this issue Dec 22, 2016
Temporary workaround for pallets/itsdangerous#74
4c6c273 
Starting with python/mypy#2521 mypy is performing stricter function signature
checks.

This makes the stubs diverge from the actual implementation but makes the stubs
internally consistent.  Since this is an actual typing issue in the base
implementation, we need to defer to the original authors to fix it.
@davidism
Copy link
Member

PyCharm has complained about it for a while too. If you have a fix in mind, a patch would be great, otherwise I'll investigate.

ambv added a commit to ambv/itsdangerous that referenced this issue Dec 23, 2016
@ambv
Make load_payload() signature consistent between types
19f68e4 
Fixes pallets#74.

The `JSONWebSignatureSerializer.load_payload` signature change is potentially breaking if anybody passed `return_header` as a second non-keyword argument to the method in the past. `itsdangerous.py` itself is using kwargs correctly everywhere so this shouldn't be an issue.

For the mixin, the change ensures it will pass additional arguments correctly.
@ambv ambv mentioned this issue Dec 23, 2016
Merged
@ambv
Copy link
Contributor Author

ambv commented Dec 23, 2016

Alright, PR ready.

untitaker pushed a commit that referenced this issue Jan 6, 2017
@ambv @untitaker
Make load_payload() signature consistent between types (#75)
b00d8fd 
Fixes #74.

The `JSONWebSignatureSerializer.load_payload` signature change is potentially breaking if anybody passed `return_header` as a second non-keyword argument to the method in the past. `itsdangerous.py` itself is using kwargs correctly everywhere so this shouldn't be an issue.

For the mixin, the change ensures it will pass additional arguments correctly.
@davidism davidism added this to the 1.0.0 milestone Sep 28, 2018
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Nov 10, 2018
@kleink
Update py-itsdangerous to 1.1.0.
8dba0d6 
Version 1.1.0
-------------

Released 2018-10-26

-   Change default signing algorithm back to SHA-1. (`#113`_)
-   Added a default SHA-512 fallback for users who used the yanked 1.0.0
    release which defaulted to SHA-512. (`#114`_)
-   Add support for fallback algorithms during deserialization to
    support changing the default in the future without breaking existing
    signatures. (`#113`_)
-   Changed capitalization of packages back to lowercase as the change
    in capitalization broke some tooling. (`#113`_)

.. _#113: pallets/itsdangerous#113
.. _#114: pallets/itsdangerous#114


Version 1.0.0
-------------

Released 2018-10-18

YANKED

*Note*: This release was yanked from PyPI because it changed the default
algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains
at SHA1.

-   Drop support for Python 2.6 and 3.3.
-   Refactor code from a single module to a package. Any object in the
    API docs is still importable from the top-level ``itsdangerous``
    name, but other imports will need to be changed. A future release
    will remove many of these compatibility imports. (`#107`_)
-   Optimize how timestamps are serialized and deserialized. (`#13`_)
-   ``base64_decode`` raises ``BadData`` when it is passed invalid data.
    (`#27`_)
-   Ensure value is bytes when signing to avoid a ``TypeError`` on
    Python 3. (`#29`_)
-   Add a ``serializer_kwargs`` argument to ``Serializer``, which is
    passed to ``dumps`` during ``dump_payload``. (`#36`_)
-   More compact JSON dumps for unicode strings. (`#38`_)
-   Use the full timestamp rather than an offset, allowing dates before
    2011. (`#46`_)
-   Detect a ``sep`` character that may show up in the signature itself
    and raise a ``ValueError``. (`#62`_)
-   Use a consistent signature for keyword arguments for
    ``Serializer.load_payload`` in subclasses. (`#74`_, `#75`_)
-   Change default intermediate hash from SHA-1 to SHA-512. (`#80`_)
-   Convert JWS exp header to an int when loading. (`#99`_)

.. _#13: pallets/itsdangerous#13
.. _#27: pallets/itsdangerous#27
.. _#29: pallets/itsdangerous#29
.. _#36: pallets/itsdangerous#36
.. _#38: pallets/itsdangerous#38
.. _#46: pallets/itsdangerous#46
.. _#62: pallets/itsdangerous#62
.. _#74: pallets/itsdangerous#74
.. _#75: pallets/itsdangerous#75
.. _#80: pallets/itsdangerous#80
.. _#99: pallets/itsdangerous#99
.. _#107: pallets/itsdangerous#107
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 9, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.0.0
Development

Successfully merging a pull request may close this issue.

Make load_payload() signature consistent between types ambv/itsdangerous
2 participants
@ambv @davidism