django.utils.http.urlsafe_base64_encode() broken in Django 2.0

[Nick]

Suppose we have:

hashed_msg = hmac.new(key, msg=message, digestmod=sha384)
url = urlsafe_base64_encode(hashed.digest())

Now url is a bytes object, say b'asdfwerqwefa'. In django 1.11, bytes-like objects could be placed in urls no problem, creating (say) localhost:8000/asdfwerqwefa

However, in django 2.0, the url becomes (say)

localhost:8000/b'asdfwerqwefa'

which seems less 'urlsafe', as the quotes and the 'b' are added into the url. Shouldn't urlsafe_base64_encode now return a string, if bytes in urls now retain the quotes?

I have created a full project which reproduces the bug here:

​https://github.com/NAThompson/urlsafe_bug

To reproduce the bug, type:

$ ./manage.py shell

import reproduce

This bug is present in commit d90936f41a2d7a3361e51fc49be033ba0f05f458, but much before that the 'django.urls.path' doesn't exist, so bisection doesn't work cleanly.

[Tim Graham]

Could you please edit the description to include a complete code snippet that reproduces the problem?

Ideally, you could also ​bisect to find the commit where the behavior changed.

[Claude Paroz]

I would be all for making urlsafe_base64_encode return a string, but it would be plainly backwards incompatible, as much existing code is already doing a decode() on the result of this function. See usage in django/contrib/auth/forms.py for example.