Timestamp signatures from 0.x incompatible with 1.1 #120
Comments
|
Looks like your example produced an extra newline due to Regarding the timestamps, see #46. You can override class EpochOffsetSigner(TimestampSigner):
EPOCH = datetime(2011, 1, 1).timestamp()
def get_timestamp(self):
return int(time.time() - self.EPOCH) |
|
Confirmed - the signer works fine on a roundtrip when I strip the newline: Thanks for the update on the timestamps. Yes, I see the issue was reported in #118 also. May I suggest that although the 1.0 bump does indicate some backward-incompatible changes, the changelog should be explicit about which backward-incompatible changes were made and (more importantly) what intervention the users of the library should do to account for the incompatible change? It was not clear to me reading the changelog that updating to 1.0/1.1 would break cross-application compatibility if timestamp signing was employed... and based on the effort in 1.1 to ensure fallback support for 0.24 w.r.t. algorithms, I'm surprised that a similar approach was not considered for timestamp signing. Without fallback support in the library, I struggle with the transition plan for timestamp signing. In order migrate our apps from itsdangerous 0.x to 1.x, we'll still need to perform some sort of synchronized update of all of our apps... unless we configure every instance to use the workaround before upgrading. And even then, our apps would still be stuck on the old technique and would still require a synchronized update to remove the override. Still, I'm grateful for the library and for the support. Please do consider my words above as simply conveying the frustration we've encountered for your edification and not as a criticism. |
|
hmm. This is interesting - even using the timestamp signer, I'm unable to produce an error signing and unsigning across versions: |
|
You'd need to pass For migrating, you should be able to do essentially what we did for the Serializer fallback. Keep two timestamp signers, one with the override, try the first, catch the exception and try the second. I'll leave it to @mitsuhiko whether he thinks that should warrant another release with more fallback code, rather than letting projects implement that themselves. |
|
Confirmed - that replicates the failure: |
jaraco
changed the title
Any opinion, @mitsuhiko? |
|
I would not mind doing another release here. Not sure though if there is a reasonable compatibility path. |
|
I've found this compatibility shim to work around the issue: Don't edit: Don't use this shim; it's broken. import datetime
import time
import itsdangerous
class EpochOffsetSigner(itsdangerous.TimestampSigner):
EPOCH = datetime.datetime(2011, 1, 1).timestamp()
def get_timestamp(self):
return int(time.time() - self.EPOCH)
def unsign(signer, blob, **kwargs):
try:
return signer.unsign(blob, **kwargs)
except itsdangerous.exc.SignatureExpired:
compat_signer = EpochOffsetSigner(signer.secret_key)
return compat_signer.unsign(blob, **kwargs) |
|
As it turns out, the recipe above has a few flaws, which I worked through jaraco.crypto, culminating in this implementation and released as jaraco.crypto 2.1. |
|
And here's an example showing it in action: |
|
Another workaround would be to use PyJWT to decode the token as it works for both 0.24 and 1.1.0 generated tokens. E.g. import jwt
data = jwt.decode(token, key, algorithms=['HS256', 'HS512']) |
Perhaps related to #115, we find that signatures produced on itsdangerous 0.24 are incompatible with 1.1. For example:
Additionally, the engineer reports that
This incompatibility has led our engineers to believe that it's necessary to upgrade all clients and producers simultaneously.
Is this incompatibility by design? Is there an approach that would allow the various signers/verifiers to use different versions of itsdangerous?
The text was updated successfully, but these errors were encountered: