Serializer.load_payload overrides in subclasses have incompatible signatures #74
Mypy recently introduced stricter checks for function signature compatibility (python/mypy#2521). Since
class Serializer: def load_payload(self, payload, serializer=None): ...
class JSONWebSignatureSerializer(Serializer): def load_payload(self, payload, return_header=False): ...
class URLSafeSerializerMixin(object): def load_payload(self, payload): ... class URLSafeSerializer(URLSafeSerializerMixin, Serializer): ... class TimedSerializer(Serializer): ... class URLSafeTimedSerializer(URLSafeSerializerMixin, TimedSerializer): ...
Basically, it's invalid to replace
The text was updated successfully, but these errors were encountered:
Starting with python/mypy#2521 mypy is performing stricter function signature checks. This makes the stubs diverge from the actual implementation but makes the stubs internally consistent. Since this is an actual typing issue in the base implementation, we need to defer to the original authors to fix it.
Fixes pallets#74. The `JSONWebSignatureSerializer.load_payload` signature change is potentially breaking if anybody passed `return_header` as a second non-keyword argument to the method in the past. `itsdangerous.py` itself is using kwargs correctly everywhere so this shouldn't be an issue. For the mixin, the change ensures it will pass additional arguments correctly.
Fixes #74. The `JSONWebSignatureSerializer.load_payload` signature change is potentially breaking if anybody passed `return_header` as a second non-keyword argument to the method in the past. `itsdangerous.py` itself is using kwargs correctly everywhere so this shouldn't be an issue. For the mixin, the change ensures it will pass additional arguments correctly.
Version 1.1.0 ------------- Released 2018-10-26 - Change default signing algorithm back to SHA-1. (`#113`_) - Added a default SHA-512 fallback for users who used the yanked 1.0.0 release which defaulted to SHA-512. (`#114`_) - Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing signatures. (`#113`_) - Changed capitalization of packages back to lowercase as the change in capitalization broke some tooling. (`#113`_) .. _#113: pallets/itsdangerous#113 .. _#114: pallets/itsdangerous#114 Version 1.0.0 ------------- Released 2018-10-18 YANKED *Note*: This release was yanked from PyPI because it changed the default algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains at SHA1. - Drop support for Python 2.6 and 3.3. - Refactor code from a single module to a package. Any object in the API docs is still importable from the top-level ``itsdangerous`` name, but other imports will need to be changed. A future release will remove many of these compatibility imports. (`#107`_) - Optimize how timestamps are serialized and deserialized. (`#13`_) - ``base64_decode`` raises ``BadData`` when it is passed invalid data. (`#27`_) - Ensure value is bytes when signing to avoid a ``TypeError`` on Python 3. (`#29`_) - Add a ``serializer_kwargs`` argument to ``Serializer``, which is passed to ``dumps`` during ``dump_payload``. (`#36`_) - More compact JSON dumps for unicode strings. (`#38`_) - Use the full timestamp rather than an offset, allowing dates before 2011. (`#46`_) - Detect a ``sep`` character that may show up in the signature itself and raise a ``ValueError``. (`#62`_) - Use a consistent signature for keyword arguments for ``Serializer.load_payload`` in subclasses. (`#74`_, `#75`_) - Change default intermediate hash from SHA-1 to SHA-512. (`#80`_) - Convert JWS exp header to an int when loading. (`#99`_) .. _#13: pallets/itsdangerous#13 .. _#27: pallets/itsdangerous#27 .. _#29: pallets/itsdangerous#29 .. _#36: pallets/itsdangerous#36 .. _#38: pallets/itsdangerous#38 .. _#46: pallets/itsdangerous#46 .. _#62: pallets/itsdangerous#62 .. _#74: pallets/itsdangerous#74 .. _#75: pallets/itsdangerous#75 .. _#80: pallets/itsdangerous#80 .. _#99: pallets/itsdangerous#99 .. _#107: pallets/itsdangerous#107