4

Im trying to encrypt a django model pk to send it via url from a template using django signer :

signer = Signer()
value = signer.sign(pk)
url = {% myapp:url value %}

But i get in my url the pk plus the signature, like this example (pk=110) :

'110:EkfQJafvGyiofrdGnuthdxImIJw'

What i want it's only to retrieve the signature without the pk (110 or any value i send).

Any idea how ?, or any other way to encrypt the pk without using anothe field in the model ??

Thanks in advance

jsanchezs
  • 1,992
  • 3
  • 25
  • 51
  • Add custom filter, which strips out the part with digits and colon or try to create wrapper function for url.value() and there ignore the digit part. – PatNowak Jun 22 '16 at 21:21
  • Thanks for your answer, i can't exactly ignore the pk digits because when i unsign the signature i need that value...i mean, i need to unsign that pk as well but not that it shows along with the signature in the url – jsanchezs Jun 22 '16 at 21:24
  • 1
    So create this wrapper function for that. You will keep your full value, but you won't display it that way. – PatNowak Jun 22 '16 at 21:25
  • Any sample code ? to be honest i've never used a wrapper – jsanchezs Jun 22 '16 at 21:26
  • In my understanding wrapper function is just a regular function, in which you cover other function. Consider this: `def getMyValue(): print(url.value() + "test")`. All you have to do is declare in your View similar function and use `re` module. – PatNowak Jun 22 '16 at 21:28
  • Gonna try it, thanks a lot ! – jsanchezs Jun 22 '16 at 22:28
  • @jsanchezs I have the same doubt because I want to store the encrypted value so it makes no sense to also store the value itself in plain text . The problem is precisely how to unsign that value without knowing it. – srodriguex Nov 02 '17 at 14:53

2 Answers2

1

try this for signing:

from django.core import signing 

signed_value = signing.dumps('mytest')

and this for unsigning:

from django.core import signing 

unsigned_value = signing.loads(signed_value)

Regards

rampon
  • 11
  • 1
  • but you can't use the signing.dumps() in a url because it has unsafe characters (https://datatracker.ietf.org/doc/html/rfc4648.html#section-5). Maybe if you separate each part between the ":" in a url parameter... – daigorocub Jul 08 '21 at 10:42
1

Try first with a django filter for pk's signature and read the urls documentation for passing the pk and signature to the view

https://docs.djangoproject.com/en/1.11/topics/http/urls/#including-other-urlconfs

svillga
  • 26
  • 4