Opened 13 months ago
Last modified 13 months ago
#34804 closed Cleanup/optimization
legacy_algorithm = 'sha1' removed in django4.0 but new algo algorithm is hardcoded — at Initial Version
| Reported by: | Awais Qureshi | Owned by: | nobody |
|---|---|---|---|
| Component: | Core (Other) | Version: | 4.2 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I am trying to upgrade from django32 to 42 and facing an issue in https://github.com/django/django/blob/3.2/django/core/signing.py#L124
in django32 it is like this
# RemovedInDjango40Warning.
legacy_algorithm = 'sha1'
and in init method it picks the value like this
self.algorithm = algorithm or settings.DEFAULT_HASHING_ALGORITHM
In django42 https://github.com/django/django/blob/4.2.4/django/core/signing.py#L204
algorithm getting value like this
self.algorithm = algorithm or "sha256" ( its a hardcoded value and can be pick via settings)
So here is my code I am using dump method to signing.dumps(data_to_sign, salt=self.key_salt) and it furthers call the TimestampSigner So I am not able to find any way to pass the sha1 which is my current prod setting.
Last option for me is to override the class.
Proposed solution is like previous one in init method it picks the value like this
self.algorithm = algorithm or settings.DEFAULT_HASHING_ALGORITHM