From a94ae4cb11b2b6a6fffb26f5a2dfd0c665e2070d Mon Sep 17 00:00:00 2001 From: Matthias Kestenholz Date: Thu, 17 Feb 2022 10:01:41 +0100 Subject: [PATCH] Refs #27468 -- Updated django.core.signing docstring. Follow up to 71c4fb7beb8e3293243140e4bd74e53989196440. --- django/core/signing.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/django/core/signing.py b/django/core/signing.py index 916885abb3..b402d87b87 100644 --- a/django/core/signing.py +++ b/django/core/signing.py @@ -8,16 +8,16 @@ The format used looks like this: There are two components here, separated by a ':'. The first component is a URLsafe base64 encoded JSON of the object passed to dumps(). The second -component is a base64 encoded hmac/SHA1 hash of "$first_component:$secret" +component is a base64 encoded hmac/SHA-256 hash of "$first_component:$secret" signing.loads(s) checks the signature and returns the deserialized object. If the signature fails, a BadSignature exception is raised. >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk") 'hello' ->>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk-modified") +>>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv42-modified") ... -BadSignature: Signature failed: ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk-modified +BadSignature: Signature "ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv42-modified" does not match You can optionally compress the JSON prior to base64 encoding it to save space, using the compress=True argument. This checks if compression actually