diff --git a/django/core/signing.py b/django/core/signing.py
index bbe53aa..d7f86f5 100644
|
a
|
b
|
class TimestampSigner(Signer):
|
| 183 | 183 | return super(TimestampSigner, self).sign(value) |
| 184 | 184 | |
| 185 | 185 | def unsign(self, value, max_age=None): |
| | 186 | """ |
| | 187 | Retrieve original value and check it wasn't signed longer than |
| | 188 | max_age before (in seconds). |
| | 189 | |
| | 190 | """ |
| 186 | 191 | result = super(TimestampSigner, self).unsign(value) |
| 187 | 192 | value, timestamp = result.rsplit(self.sep, 1) |
| 188 | 193 | timestamp = baseconv.base62.decode(timestamp) |
diff --git a/docs/topics/signing.txt b/docs/topics/signing.txt
index 68afd69..d7bccf4 100644
|
a
|
b
|
generate their own signed values.
|
| 37 | 37 | Using the low-level API |
| 38 | 38 | ======================= |
| 39 | 39 | |
| 40 | | .. class:: Signer |
| 41 | | |
| 42 | 40 | Django's signing methods live in the ``django.core.signing`` module. |
| 43 | 41 | To sign a value, first instantiate a ``Signer`` instance:: |
| 44 | 42 | |
| … |
… |
generate signatures. You can use a different secret by passing it to the
|
| 74 | 72 | >>> value |
| 75 | 73 | 'My string:EkfQJafvGyiofrdGnuthdxImIJw' |
| 76 | 74 | |
| | 75 | .. class:: Signer(key=None, sep=':', salt=None) |
| | 76 | |
| | 77 | Returns signer which uses ``key`` to generate signatures and ``sep`` |
| | 78 | to separate values. |
| | 79 | |
| 77 | 80 | Using the salt argument |
| 78 | 81 | ----------------------- |
| 79 | 82 | |
| … |
… |
secret.
|
| 105 | 108 | Verifying timestamped values |
| 106 | 109 | ---------------------------- |
| 107 | 110 | |
| 108 | | .. class:: TimestampSigner |
| 109 | | |
| 110 | 111 | ``TimestampSigner`` is a subclass of :class:`~Signer` that appends a signed |
| 111 | 112 | timestamp to the value. This allows you to confirm that a signed value was |
| 112 | 113 | created within a specified period of time:: |
| … |
… |
created within a specified period of time::
|
| 124 | 125 | >>> signer.unsign(value, max_age=20) |
| 125 | 126 | u'hello' |
| 126 | 127 | |
| | 128 | .. class:: TimestampSigner(key=None, sep=':', salt=None) |
| | 129 | |
| | 130 | .. function:: TimestampSigner.sign(value) |
| | 131 | |
| | 132 | Sign ``value`` and append current timestamp to it. |
| | 133 | |
| | 134 | .. function:: TimestampSigner.unsing(value, max_age=None) |
| | 135 | |
| | 136 | Checks if ``value`` was signed less than ``max_age`` seconds before, otherwise |
| | 137 | raises ``SignatureExpired`` |
| | 138 | |
| 127 | 139 | Protecting complex data structures |
| 128 | 140 | ---------------------------------- |
| 129 | 141 | |
| … |
… |
to execute arbitrary commands by exploiting the pickle format.::
|
| 142 | 154 | |
| 143 | 155 | .. function:: dumps(obj, key=None, salt='django.core.signing', compress=False) |
| 144 | 156 | |
| 145 | | Returns URL-safe, sha1 signed base64 compressed JSON string. |
| | 157 | Returns URL-safe, sha1 signed base64 compressed JSON string. Serialized |
| | 158 | object is signed using :class:`~TimestampSigner`. |
| 146 | 159 | |
| 147 | 160 | .. function:: loads(string, key=None, salt='django.core.signing', max_age=None) |
| 148 | 161 | |
| 149 | | Reverse of dumps(), raises ``BadSignature`` if signature fails. |
| | 162 | Reverse of ``dumps()``, raises ``BadSignature`` if signature fails. Optionaly |
| | 163 | checks ``max_age`` (in seconds). |