| Age | Commit message (Collapse) | Author |
|---|
|
In order to use type hint syntax, we need to bump the minimum Python
version to 3.7 and some of the features such as Literal and Protocol are
opted in when a sufficiently recent Python is available.
This does not make all of the code pass type checking with mypy. A
number of typing issues remain, but the output of mypy becomes something
one can read through.
In adding type hints, a lot of epydoc @type annotations are removed as
redundant. This update also adopts black-style line breaking.
|
|
|
|
|
|
Type checkers tend to deal badly with heterogeneous lists and we cannot
use a tuple here, because it needs to be modifiable. The attachment of
names also improves clarity.
|
|
The mypy type checker deals badly when a binding changes its type. To
ease porting to mypy, avoid changing the type of variables. In some
cases, variables can be eliminated. In other cases, they are renamed.
|
|
cgitb.html returns str, but wsgi must return bytes.
|
|
When an iterable is returned and a Content-Length header is already
present, don't add a second one.
|
|
On Python 2.x, any integer sorts below the empty tuple. That was
exploited in the maxstore parameter, but fails on Python 3 with a
TypeError.
Also add a regression test.
Reported-by: Dominik Brodowski <mail@dominikbrodowski.net>
|
|
|
|
There is no reason to use old-style classes beyond laziness.
|
|
* applications returned errors as str instead of bytes
* filters documentation updated with bytes
* various filters expecting str where bytes are passed
* escape_string also needs to use bytes.isalnum instead of str.isalnum
* middlewares injecting str where bytes are expected
|
|
* hashlib.md5 wants bytes now.
* string.decode("base64") is now base64.b64decode and works on bytes
* binascii.unhexlify is now base64.b16decode and also works on bytes
* str.isalnum accepts umlauts, use bytes.isalnum instead
|
|
Convert the request body data from str to bytes. This replaces all
StringIOs with BytesIOs (removing backwards one more backwards
compatibility). Also all character sequences involved in request bodies
get a b"" prefix. The StaticContent application takes bytes instead of
str (no difference for py2x). The GzipWSGIFilter needs a fixed as a
truncate of a BytesIO does not rewind the stream position.
|
|
|
|
|
|
Previously middlewares mostly gave up and acted as pass through when a
second start_response call occurred. Now they try to handle this
situation.
|
|
This was basically a rewrite of the NoWriteCallableMiddleware, because
the wrong assumption of start_response not being called twice was used
in too many places.
|
|
The method no longer receives a start_response and is no longer
responsible for calling self.app. Instead it returns a dictionary with
the result of the authentication.
|
|
The BasicAuthMiddleware and AuthDigestMiddleware now derive from
AuthenticationMiddleware which provides common functionality.
|
|
|
|
|
|
as this is tried by BasicAuthMiddleware first.
|
|
PEP333 says that the headers list passed to start_response may be modified by
servers or middlewares. In fact this happens in DigestAuthMiddleware. The
StaticContent and CachingMiddleware classes did not take this into account and
returned the same headers list multiple times which is wrong and can lead to
denial of service.
|
|
|
|
|
|
|
|
|
|
These changes introduce some compatibility code. They don't make
wsgitools usable with Python 3.0, but they also don't break
compatibility with Python 2.5.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The check_function passed to the BasicAuthMiddleware constructur will now
receive a third parameter environ to check against additional things.
If the function does not take a third parameter the function will be
called in the old manner thus maintaining backwards compatibility.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
