Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't convert 'bytes' object to str implicitly #29

Closed
vasylnakvasiuk opened this issue Aug 27, 2013 · 5 comments
Closed

Can't convert 'bytes' object to str implicitly #29

vasylnakvasiuk opened this issue Aug 27, 2013 · 5 comments
Milestone
1.0.0

Comments

@vasylnakvasiuk
Copy link

Mac OS 10.8.4
Python 3.3.1
itsdangerous 0.23

Trying to reproduce tutorial from http://pythonhosted.org/itsdangerous/:

>>> from itsdangerous import Signer
>>> s = Signer('secret-key')
>>> s.sign('my string')
'my string.wh6tMHxLgJqB6oY1uT73iMlyrOA'

and see:

In [13]: from itsdangerous import Signer

In [14]: s = Signer('secret-key')

In [15]: s.sign('my string')
---------------------------------------------------------------------------
TypeError                                 Traceback (most recent call last)
<ipython-input-15-6ac9e5e97289> in <module>()
----> 1 s.sign('my string')

.../lib/python3.3/site-packages/itsdangerous-0.23-py3.3.egg/itsdangerous.py in sign(self, value)
    326     def sign(self, value):
    327         """Signs the given string."""
--> 328         return value + want_bytes(self.sep) + self.get_signature(value)
    329 
    330     def verify_signature(self, value, sig):

TypeError: Can't convert 'bytes' object to str implicitly
@tobbez
Copy link

tobbez commented Oct 16, 2013

If I've understood the code correctly, this happens because value isn't converted from string to bytes (where applicable, i.e. on Python 3).

The solution would be to wrap value in a call to want_bytes, which is what TimestampSigner does.

Here's a patch.

@krkd
Copy link

krkd commented Feb 19, 2015

This also affect Python 2. In Python 3 this will result in error, but in python 2 it will result in unicode string.
example:

In [1]: from itsdangerous import Signer

In [2]: s = Signer('secret key')

In [3]: s.sign(u'123')
Out[3]: u'123.0WU9QdLQd722PtR_ei0sLh15T7E'

Wrapping value in want_bytes isn't a solution because it encodes string with utf8 behind the scenes.
I think raising TypeError( like in python 3) much preferred here.

@tobbez
Copy link

tobbez commented Feb 19, 2015

Wrapping value in want_bytes isn't a solution because it encodes string with utf8 behind the scenes.
I think raising TypeError( like in python 3) much preferred here.

This seems to be a matter of opinion, but I'm inclined to agree that forcing the user to provide bytes (in the python3 case) will likely cause less opportunities for confusion.

In either case it should be made sure that Signer.sign and TimestampSigner.sign behaves the same way with regards to this.

@cropr
Copy link

cropr commented Mar 4, 2016

At least the comment in the code should be changed. """Signs the given string.""" is not correct. The input parameter is not a string but a byte array.

@untitaker
Copy link
Contributor

@cropr A bytestring is not a byte array in Python.

@davidism davidism added this to the 1.0.0 milestone Sep 28, 2018
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Nov 10, 2018
@kleink
Update py-itsdangerous to 1.1.0.
8dba0d6 
Version 1.1.0
-------------

Released 2018-10-26

-   Change default signing algorithm back to SHA-1. (`#113`_)
-   Added a default SHA-512 fallback for users who used the yanked 1.0.0
    release which defaulted to SHA-512. (`#114`_)
-   Add support for fallback algorithms during deserialization to
    support changing the default in the future without breaking existing
    signatures. (`#113`_)
-   Changed capitalization of packages back to lowercase as the change
    in capitalization broke some tooling. (`#113`_)

.. _#113: pallets/itsdangerous#113
.. _#114: pallets/itsdangerous#114


Version 1.0.0
-------------

Released 2018-10-18

YANKED

*Note*: This release was yanked from PyPI because it changed the default
algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains
at SHA1.

-   Drop support for Python 2.6 and 3.3.
-   Refactor code from a single module to a package. Any object in the
    API docs is still importable from the top-level ``itsdangerous``
    name, but other imports will need to be changed. A future release
    will remove many of these compatibility imports. (`#107`_)
-   Optimize how timestamps are serialized and deserialized. (`#13`_)
-   ``base64_decode`` raises ``BadData`` when it is passed invalid data.
    (`#27`_)
-   Ensure value is bytes when signing to avoid a ``TypeError`` on
    Python 3. (`#29`_)
-   Add a ``serializer_kwargs`` argument to ``Serializer``, which is
    passed to ``dumps`` during ``dump_payload``. (`#36`_)
-   More compact JSON dumps for unicode strings. (`#38`_)
-   Use the full timestamp rather than an offset, allowing dates before
    2011. (`#46`_)
-   Detect a ``sep`` character that may show up in the signature itself
    and raise a ``ValueError``. (`#62`_)
-   Use a consistent signature for keyword arguments for
    ``Serializer.load_payload`` in subclasses. (`#74`_, `#75`_)
-   Change default intermediate hash from SHA-1 to SHA-512. (`#80`_)
-   Convert JWS exp header to an int when loading. (`#99`_)

.. _#13: pallets/itsdangerous#13
.. _#27: pallets/itsdangerous#27
.. _#29: pallets/itsdangerous#29
.. _#36: pallets/itsdangerous#36
.. _#38: pallets/itsdangerous#38
.. _#46: pallets/itsdangerous#46
.. _#62: pallets/itsdangerous#62
.. _#74: pallets/itsdangerous#74
.. _#75: pallets/itsdangerous#75
.. _#80: pallets/itsdangerous#80
.. _#99: pallets/itsdangerous#99
.. _#107: pallets/itsdangerous#107
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 9, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.0.0
Development

No branches or pull requests
6 participants
@tobbez @vasylnakvasiuk @untitaker @davidism @krkd @cropr