Django 5.0 warnings: baseconv is deprecated
MrCocoDev opened this issue Β· 31 comments
RemovedInDjango50Warning: The django.utils.baseconv module is deprecated.
from django.utils import baseconv
https://code.djangoproject.com/ticket/32712
# django_cryptography/core/signing.py
- from django.utils import baseconv
+ from django.core.signing import b62_encode, b62_decode
I can't create a PR for this repo but here is the diff:
diff --git a/django_cryptography/core/signing.py b/django_cryptography/core/signing.py
index 73ccc7f..c64f526 100644
--- a/django_cryptography/core/signing.py
+++ b/django_cryptography/core/signing.py
@@ -17,7 +17,7 @@ from django.core.signing import (
b64_encode,
get_cookie_signer,
)
-from django.utils import baseconv
+from django.core.signing import b62_encode, b62_decode
from django.utils.encoding import force_bytes, force_str
from ..utils.crypto import constant_time_compare, salted_hmac
@@ -138,7 +138,7 @@ class Signer:
class TimestampSigner(Signer):
def timestamp(self):
- return baseconv.base62.encode(int(time.time()))
+ return b62_encode(int(time.time()))
def sign(self, value):
value = force_str(value)
@@ -152,7 +152,7 @@ class TimestampSigner(Signer):
"""
result = super().unsign(value)
value, timestamp = result.rsplit(self.sep, 1)
- timestamp = baseconv.base62.decode(timestamp)
+ timestamp = b62_decode(timestamp)
if max_age is not None:
if isinstance(max_age, datetime.timedelta):
max_age = max_age.total_seconds()I am going to sit on this for now, as I have been re-working the code to add type information. Django 5.0 isn't set to be release until December 2023o over a full year from now.
The unfortunate part is Django 3.2 will still be supported until April 2024. So a compatibility shims will be needed, or Django 3.2 support will be dropped once Django 5.0 is released.
Getting close to that December date :-)
@georgemarshall , would this not be as easy as:
try:
from django.core.signing import b62_encode as encode
from django.core.signing import b62_decode as decode
except ImportError:
from django.utils import baseconv
encode = baseconv.base62.encode
decode = baseconv.base62.decode
...
class TimestampSigner(Signer):
def timestamp(self):
- return baseconv.base62.encode(int(time.time()))
+ return encode(int(time.time()))
def sign(self, value):
value = force_str(value)
@@ -152,7 +152,7 @@ class TimestampSigner(Signer):
"""
result = super().unsign(value)
value, timestamp = result.rsplit(self.sep, 1)
- timestamp = baseconv.base62.decode(timestamp)
+ timestamp = decode(timestamp)
if max_age is not None:
if isinstance(max_age, datetime.timedelta):
max_age = max_age.total_seconds()Using try:except: to handle compatibility through imports is pretty powerful, and its easy to cleanup when the compatibility is no longer needed.
Django 5.0 release is around the corner... any plan to fix this?
Django 5 is released and i am having this error -
File "/Users/sauravsharma/Developer/work/TPA/worktree_archipay/django-5-upgrades/env/lib/python3.10/site-packages/django_cryptography/core/signing.py", line 20, in <module>
from django.utils import baseconv
ImportError: cannot import name 'baseconv' from 'django.utils' alright, i fixed the issue.
- first i cloned the repo in my django project.
cd django-cryptographypip install -e .
initially i tried with pip install --upgrade django-cryptography but that didn't update the package so then i tried to install it with git repo but then it doesn't install it correctly. the core folder was missing. finally at the last above method works.
It seems the issue may be related to the package configuration for installation directly from the repository. The setup.py or pyproject.toml may not be including necessary sub-packages or dependencies for a correct install.
i found the issue in setup.cfg. after this change, i can directly install from the repo and the subfolders ( the core folder ) is also included now. idk may be this may not be issue as i am unaware of the third party package code structure but since this change solves the issue, i created a PR here #106
The 1.1 release on PyPi does not include the updated import statements in the core/signing.py which is throwing errors.
@georgemarshall Any chance you can push the new version to PyPi?
As of now for those who are having issues can do -
pip install "git+https://github.com/saurav-codes/django-cryptography"
As of now for those who are having issues can do -
pip install "git+https://github.com/saurav-codes/django-cryptography"
This is for Django 5.0? As opposed to the comment that MrSage made above?
Just as a general note, using an unmaintained cryptography library is probably not a good idea. I found some of the patterns shared here were quite extensible and dodged the problem:
https://www.piiano.com/blog/field-level-encryption-in-python-for-django-applications
As in you used approach 1 or 2 there?
I reverted to django 4.1.3 and this solved the issue. Warning though other dependecies that depend on django 5.0 like crispy forms, django_q would have to be updated accordingly
I'm using Django 5.0, To use the Django_cyptography,
Currently, I'm using this command because the Pypy is not updated yet
pip install "git+https://github.com/saurav-codes/django-cryptography"
The change in #106 is required for installing from pip. Thanks @saurav-codes for the alternative for now and for the PR!
For those looking for the fix but want to be safe if you need to use a requirements file, you can pin to the commit hash:
django-cryptography @ git+https://github.com/saurav-codes/django-cryptography.git@ac210338dd2c84a410452e0b8e18ddee43f1920f
For pip above version 20.1
Any update? Its already been over 3 months since Django 5 got released and we still can't install django-cryptography properly
The issue is that there is no release that has been made -- not that it is not resolved in the code.
The issue is that there is no release that has been made -- not that it is not resolved in the code.
Yes, please can we get a new release with these changes?
Concretely -- if a package depends on django-cryptography and that package wants to release to pypi, it can't happen without a release of this change first. A pinned github hash in the requirements will be rejected from pypi.
I have forked the project, updated some dependencies, and published on pypi here:
https://pypi.org/project/django-cryptography-django5/
You can see the fork (and the code) here:
https://github.com/chrisclark/django-cryptography/
Feel free to pip install that version for anyone who needs it. Hopefully the changes can be brought into the official project soon. I hate to maintain a weird fork like this.
Simply: pip install django-cryptography-django5==2.2
Can we please get a comment from the authors on the pypi release? What is preventing this from happening? Do you need help resolving some issues?
Open source projects are created and abandoned all the time. Forking the repo and petitioning Pypi for the original name doesnβt seem so farfetched to me.
Open source projects are created and abandoned all the time. Forking the repo and petitioning Pypi for the original name doesnβt seem so farfetched to me.
I agree in theory, but in practice I donβt intend on maintaining this indefinitely; if someone wants to pick up the mantle that would be great but it ainβt me, hah! This was easy since I was just updating some dependencies and incorporating changes others had already proposed. But I donβt know the codebase and certainly donβt have the expertise to be touching a bunch of crypto stuff. I promise no one wants me doing that :)
Did anyone here switch to a different cryptology package? I'm having a lot of trouble finding one that is explicitly Django 5.0 compatible and actively maintained.
On a cursory status check, maintainer seems quite unresponsive lately (which is understandable, since he has no obligation, keep in mind) and I'm wondering if he might be swamped by work, lost interest, not getting notifications or anything else. Sometimes it's just a newborn baby, which understandably pushes projects aside π.
I wonder if he might use some help (e.g. appointing co-mainteiners) or want to hand off project maintenance if he's lost interest/not using it anymore, which is perfectly fine.
So, I'm pinging @georgemarshall directly to increasing odds the notification finds its way and letting him know there is people interested who might want to step in to keep the project alive (thumb-up this comment to voice your interest). Just a quick note about reasonable expectations will be enough to make everyone aware and proceed forward.
I'll leave this comment for a while before opening a typical "Project maintenance status" issue (which it might be necessary anyway). I've had some success reviving/keeping projects alive this way in the past, and no doubt this one deserves better than just fade away silently, given the user base (read: potential candidate [co-]maintainers).
@georgemarshall Also, creating a Github organization and transferring the project might be an easy/useful first step for later adding [co-]maintainers you deem trustworthy.
In any case, thanks for considering and also thanks for sharing your work. Hope you're doing well.
Django5 need some general fixes at django_q/core_signing.py, downgrade to latest LTS version:
pip install -U Django==4.2
Any idea when the package for Djnago 5.x will be released?
@akhileshThapliyal use @chrisclark version for now. His fork includes the support for Django 5.x that you need.