Opened 16 months ago

Last modified 16 months ago

#34804 closed Cleanup/optimization

legacy_algorithm = 'sha1' removed in django4.0 but new algo algorithm is hardcoded — at Initial Version

Reported by: Awais Qureshi Owned by: nobody
Component: Core (Other) Version: 4.2
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I am trying to upgrade from django32 to 42 and facing an issue in https://github.com/django/django/blob/3.2/django/core/signing.py#L124

in django32 it is like this

# RemovedInDjango40Warning.

legacy_algorithm = 'sha1'

and in init method it picks the value like this
self.algorithm = algorithm or settings.DEFAULT_HASHING_ALGORITHM

In django42 https://github.com/django/django/blob/4.2.4/django/core/signing.py#L204

algorithm getting value like this

self.algorithm = algorithm or "sha256" ( its a hardcoded value and can be pick via settings)

So here is my code I am using dump method to signing.dumps(data_to_sign, salt=self.key_salt) and it furthers call the TimestampSigner So I am not able to find any way to pass the sha1 which is my current prod setting.

Last option for me is to override the class.

Proposed solution is like previous one in init method it picks the value like this

self.algorithm = algorithm or settings.DEFAULT_HASHING_ALGORITHM

Change History (0)

Note: See TracTickets for help on using tickets.
Back to Top