Can't convert 'bytes' object to str implicitly

[vasylnakvasiuk]

Mac OS 10.8.4
Python 3.3.1
itsdangerous 0.23

Trying to reproduce tutorial from http://pythonhosted.org/itsdangerous/:

>>> from itsdangerous import Signer
>>> s = Signer('secret-key')
>>> s.sign('my string')
'my string.wh6tMHxLgJqB6oY1uT73iMlyrOA'

and see:

In [13]: from itsdangerous import Signer

In [14]: s = Signer('secret-key')

In [15]: s.sign('my string')
---------------------------------------------------------------------------
TypeError                                 Traceback (most recent call last)
<ipython-input-15-6ac9e5e97289> in <module>()
----> 1 s.sign('my string')

.../lib/python3.3/site-packages/itsdangerous-0.23-py3.3.egg/itsdangerous.py in sign(self, value)
    326     def sign(self, value):
    327         """Signs the given string."""
--> 328         return value + want_bytes(self.sep) + self.get_signature(value)
    329 
    330     def verify_signature(self, value, sig):

TypeError: Can't convert 'bytes' object to str implicitly

[tobbez]

If I've understood the code correctly, this happens because value isn't converted from string to bytes (where applicable, i.e. on Python 3).

The solution would be to wrap value in a call to want_bytes, which is what TimestampSigner does.

Here's a patch.

[krkd]

This also affect Python 2. In Python 3 this will result in error, but in python 2 it will result in unicode string.
example:

In [1]: from itsdangerous import Signer

In [2]: s = Signer('secret key')

In [3]: s.sign(u'123')
Out[3]: u'123.0WU9QdLQd722PtR_ei0sLh15T7E'

Wrapping value in want_bytes isn't a solution because it encodes string with utf8 behind the scenes.
I think raising TypeError( like in python 3) much preferred here.

[tobbez]

Wrapping value in want_bytes isn't a solution because it encodes string with utf8 behind the scenes.
I think raising TypeError( like in python 3) much preferred here.

This seems to be a matter of opinion, but I'm inclined to agree that forcing the user to provide bytes (in the python3 case) will likely cause less opportunities for confusion.

In either case it should be made sure that Signer.sign and TimestampSigner.sign behaves the same way with regards to this.

[cropr]

At least the comment in the code should be changed. """Signs the given string.""" is not correct. The input parameter is not a string but a byte array.

[untitaker]

@cropr A bytestring is not a byte array in Python.