From 0c487f76985574012d63b3ebae2d6a0ef6d41f60 Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 19 Mar 2019 12:20:30 -0700 Subject: [PATCH 001/733] begin version 1.0.0 --- CHANGES.rst | 6 ++++++ src/werkzeug/__init__.py | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index 448110166..4a1a0ecc7 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,5 +1,11 @@ .. currentmodule:: werkzeug +Version 1.0.0 +------------- + +Unreleased + + Version 0.15.0 -------------- diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index 5e0652482..952cd7518 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -17,7 +17,7 @@ import sys from types import ModuleType -__version__ = "0.15.0" +__version__ = "1.0.0.dev0" # This import magic raises concerns quite often which is why the implementation # and motivation is explained here in detail now. From 81e10efbf3a83daf09c55cd7cc13ac6c6464d405 Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 19 Mar 2019 11:59:19 -0700 Subject: [PATCH 002/733] remove deprecated code --- CHANGES.rst | 20 +- docs/contrib/atom.rst | 15 - docs/contrib/cache.rst | 41 -- docs/contrib/fixers.rst | 1 - docs/contrib/index.rst | 24 - docs/contrib/iterio.rst | 11 - docs/contrib/lint.rst | 7 - docs/contrib/profiler.rst | 9 - docs/contrib/securecookie.rst | 60 -- docs/contrib/sessions.rst | 52 -- docs/contrib/wrappers.rst | 28 - docs/index.rst | 9 - docs/middlewares.rst | 6 - docs/transition.rst | 31 - examples/contrib/README | 1 - examples/contrib/securecookie.py | 51 -- examples/contrib/sessions.py | 44 -- examples/cookieauth.py | 113 ---- src/werkzeug/contrib/__init__.py | 16 - src/werkzeug/contrib/atom.py | 362 ---------- src/werkzeug/contrib/cache.py | 933 -------------------------- src/werkzeug/contrib/fixers.py | 262 -------- src/werkzeug/contrib/iterio.py | 358 ---------- src/werkzeug/contrib/lint.py | 11 - src/werkzeug/contrib/profiler.py | 42 -- src/werkzeug/contrib/securecookie.py | 362 ---------- src/werkzeug/contrib/sessions.py | 389 ----------- src/werkzeug/contrib/wrappers.py | 385 ----------- src/werkzeug/datastructures.py | 15 - src/werkzeug/debug/__init__.py | 29 - src/werkzeug/http.py | 54 -- src/werkzeug/middleware/proxy_fix.py | 79 +-- src/werkzeug/test.py | 33 - src/werkzeug/useragents.py | 18 - src/werkzeug/utils.py | 98 +-- src/werkzeug/wrappers/base_request.py | 25 - src/werkzeug/wsgi.py | 67 -- tests/contrib/__init__.py | 0 tests/contrib/cache/conftest.py | 25 - tests/contrib/cache/test_cache.py | 342 ---------- tests/contrib/test_atom.py | 120 ---- tests/contrib/test_fixers.py | 134 ---- tests/contrib/test_iterio.py | 186 ----- tests/contrib/test_securecookie.py | 88 --- tests/contrib/test_sessions.py | 76 --- tests/contrib/test_wrappers.py | 88 --- tests/hypothesis/__init__.py | 0 tests/hypothesis/test_urls.py | 37 - tests/middleware/test_proxy_fix.py | 11 - tests/test_compat.py | 40 -- tests/test_wrappers.py | 7 - 51 files changed, 26 insertions(+), 5189 deletions(-) delete mode 100644 docs/contrib/atom.rst delete mode 100644 docs/contrib/cache.rst delete mode 100644 docs/contrib/fixers.rst delete mode 100644 docs/contrib/index.rst delete mode 100644 docs/contrib/iterio.rst delete mode 100644 docs/contrib/lint.rst delete mode 100644 docs/contrib/profiler.rst delete mode 100644 docs/contrib/securecookie.rst delete mode 100644 docs/contrib/sessions.rst delete mode 100644 docs/contrib/wrappers.rst delete mode 100644 docs/middlewares.rst delete mode 100644 examples/contrib/README delete mode 100644 examples/contrib/securecookie.py delete mode 100644 examples/contrib/sessions.py delete mode 100644 examples/cookieauth.py delete mode 100644 src/werkzeug/contrib/__init__.py delete mode 100644 src/werkzeug/contrib/atom.py delete mode 100644 src/werkzeug/contrib/cache.py delete mode 100644 src/werkzeug/contrib/fixers.py delete mode 100644 src/werkzeug/contrib/iterio.py delete mode 100644 src/werkzeug/contrib/lint.py delete mode 100644 src/werkzeug/contrib/profiler.py delete mode 100644 src/werkzeug/contrib/securecookie.py delete mode 100644 src/werkzeug/contrib/sessions.py delete mode 100644 src/werkzeug/contrib/wrappers.py delete mode 100644 tests/contrib/__init__.py delete mode 100644 tests/contrib/cache/conftest.py delete mode 100644 tests/contrib/cache/test_cache.py delete mode 100644 tests/contrib/test_atom.py delete mode 100644 tests/contrib/test_fixers.py delete mode 100644 tests/contrib/test_iterio.py delete mode 100644 tests/contrib/test_securecookie.py delete mode 100644 tests/contrib/test_sessions.py delete mode 100644 tests/contrib/test_wrappers.py delete mode 100644 tests/hypothesis/__init__.py delete mode 100644 tests/hypothesis/test_urls.py delete mode 100644 tests/test_compat.py diff --git a/CHANGES.rst b/CHANGES.rst index 4a1a0ecc7..fe4d67011 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -5,6 +5,9 @@ Version 1.0.0 Unreleased +- Remove code that issued deprecation warnings in version 0.15. + (:issue:`1477`) + Version 0.15.0 -------------- @@ -167,11 +170,10 @@ Released 2019-03-19 ``_empty_stream`` instance. This improves test isolation by preventing cases where closing the stream in one request would affect other usages. (:pr:`1340`) -- The default :attr:`SecureCookie.serialization_method - ` will - change from :mod:`pickle` to :mod:`json` in 1.0. To upgrade existing - tokens, override :meth:`~contrib.securecookie.SecureCookie.unquote` - to try ``pickle`` if ``json`` fails. (:pr:`1413`) +- The default ``SecureCookie.serialization_method`` will change from + :mod:`pickle` to :mod:`json` in 1.0. To upgrade existing tokens, + override :meth:`~contrib.securecookie.SecureCookie.unquote` to try + ``pickle`` if ``json`` fails. (:pr:`1413`) - ``CGIRootFix`` no longer modifies ``PATH_INFO`` for very old versions of Lighttpd. ``LighttpdCGIRootFix`` was renamed to ``CGIRootFix`` in 0.9. Both are deprecated and will be removed in @@ -179,10 +181,10 @@ Released 2019-03-19 - :class:`werkzeug.wrappers.json.JSONMixin` has been replaced with Flask's implementation. Check the docs for the full API. (:pr:`1445`) -- The :doc:`contrib modules ` are deprecated and will - either be moved into ``werkzeug`` core or removed completely in - version 1.0. Some modules that already issued deprecation warnings - have been removed. Be sure to run or test your code with +- The contrib modules are deprecated and will either be moved into + ``werkzeug`` core or removed completely in version 1.0. Some modules + that already issued deprecation warnings have been removed. Be sure + to run or test your code with ``python -W default::DeprecationWarning`` to catch any deprecated code you're using. (:issue:`4`) diff --git a/docs/contrib/atom.rst b/docs/contrib/atom.rst deleted file mode 100644 index 5eda789e5..000000000 --- a/docs/contrib/atom.rst +++ /dev/null @@ -1,15 +0,0 @@ -================ -Atom Syndication -================ - -.. warning:: - .. deprecated:: 0.15 - This will be removed in version 1.0. Use a dedicated feed - library instead. - -.. automodule:: werkzeug.contrib.atom - -.. autoclass:: AtomFeed - :members: - -.. autoclass:: FeedEntry diff --git a/docs/contrib/cache.rst b/docs/contrib/cache.rst deleted file mode 100644 index f12a489b9..000000000 --- a/docs/contrib/cache.rst +++ /dev/null @@ -1,41 +0,0 @@ -===== -Cache -===== - -.. warning:: - .. deprecated:: 0.15 - This will be removed in version 1.0. It has been extracted to - `cachelib `_. - -.. automodule:: werkzeug.contrib.cache - - -Cache System API -================ - -.. autoclass:: BaseCache - :members: - - -Cache Systems -============= - -.. autoclass:: NullCache - -.. autoclass:: SimpleCache - -.. autoclass:: MemcachedCache - -.. class:: GAEMemcachedCache - - This class is deprecated in favour of :class:`MemcachedCache` which - now supports Google Appengine as well. - - .. versionchanged:: 0.8 - Deprecated in favour of :class:`MemcachedCache`. - -.. autoclass:: RedisCache - -.. autoclass:: FileSystemCache - -.. autoclass:: UWSGICache diff --git a/docs/contrib/fixers.rst b/docs/contrib/fixers.rst deleted file mode 100644 index 8bf8d13e7..000000000 --- a/docs/contrib/fixers.rst +++ /dev/null @@ -1 +0,0 @@ -.. automodule:: werkzeug.contrib.fixers diff --git a/docs/contrib/index.rst b/docs/contrib/index.rst deleted file mode 100644 index cd959f01c..000000000 --- a/docs/contrib/index.rst +++ /dev/null @@ -1,24 +0,0 @@ -=================== -Contributed Modules -=================== - -Some useful code contributed by the community is shipped with Werkzeug -as part of the ``contrib`` module. - -.. warning:: - The code in this module is being deprecated, to be moved or removed - in version 1.0. Be sure to pay attention to any deprecation warnings - and update your code appropriately. - -.. toctree:: - :maxdepth: 2 - - atom - sessions - securecookie - cache - wrappers - iterio - fixers - profiler - lint diff --git a/docs/contrib/iterio.rst b/docs/contrib/iterio.rst deleted file mode 100644 index 23de71c66..000000000 --- a/docs/contrib/iterio.rst +++ /dev/null @@ -1,11 +0,0 @@ -Iter IO -======= - -.. warning:: - .. deprecated:: 0.15 - This will be removed in version 1.0. - -.. automodule:: werkzeug.contrib.iterio - -.. autoclass:: IterIO - :members: diff --git a/docs/contrib/lint.rst b/docs/contrib/lint.rst deleted file mode 100644 index be249bbe4..000000000 --- a/docs/contrib/lint.rst +++ /dev/null @@ -1,7 +0,0 @@ -Lint Validation Middleware -========================== - -.. warning:: - ``werkzeug.contrib.lint`` has moved to - :mod:`werkzeug.middleware.lint`. The old import is deprecated as of - version 0.15 and will be removed in version 1.0. diff --git a/docs/contrib/profiler.rst b/docs/contrib/profiler.rst deleted file mode 100644 index dc6b25ac7..000000000 --- a/docs/contrib/profiler.rst +++ /dev/null @@ -1,9 +0,0 @@ -WSGI Application Profiler -========================= - -.. warning:: - ``werkzeug.contrib.profiler`` has moved to - :mod:`werkzeug.middleware.profile`. The old import is deprecated as - of version 0.15 and will be removed in version 1.0. - -.. autoclass:: werkzeug.contrib.profiler.MergeStream diff --git a/docs/contrib/securecookie.rst b/docs/contrib/securecookie.rst deleted file mode 100644 index 95be7db96..000000000 --- a/docs/contrib/securecookie.rst +++ /dev/null @@ -1,60 +0,0 @@ -============= -Secure Cookie -============= - -.. warning:: - .. deprecated:: 0.15 - This will be removed in version 1.0. It has moved to - https://github.com/pallets/secure-cookie. - -.. automodule:: werkzeug.contrib.securecookie - -Security -======== - -The default implementation uses Pickle as this is the only module that -used to be available in the standard library when this module was created. -If you have simplejson available it's strongly recommended to create a -subclass and replace the serialization method:: - - import json - from werkzeug.contrib.securecookie import SecureCookie - - class JSONSecureCookie(SecureCookie): - serialization_method = json - -The weakness of Pickle is that if someone gains access to the secret key -the attacker can not only modify the session but also execute arbitrary -code on the server. - - -Reference -========= - -.. autoclass:: SecureCookie - :members: - - .. attribute:: new - - `True` if the cookie was newly created, otherwise `False` - - .. attribute:: modified - - Whenever an item on the cookie is set, this attribute is set to `True`. - However this does not track modifications inside mutable objects - in the cookie: - - >>> c = SecureCookie() - >>> c["foo"] = [1, 2, 3] - >>> c.modified - True - >>> c.modified = False - >>> c["foo"].append(4) - >>> c.modified - False - - In that situation it has to be set to `modified` by hand so that - :attr:`should_save` can pick it up. - - -.. autoexception:: UnquoteError diff --git a/docs/contrib/sessions.rst b/docs/contrib/sessions.rst deleted file mode 100644 index 7ec4601d4..000000000 --- a/docs/contrib/sessions.rst +++ /dev/null @@ -1,52 +0,0 @@ -======== -Sessions -======== - -.. warning:: - .. deprecated:: 0.15 - This will be removed in version 1.0. It has moved to - https://github.com/pallets/secure-cookie. - -.. automodule:: werkzeug.contrib.sessions - - -Reference -========= - -.. autoclass:: Session - - .. attribute:: sid - - The session ID as string. - - .. attribute:: new - - `True` is the cookie was newly created, otherwise `False` - - .. attribute:: modified - - Whenever an item on the cookie is set, this attribute is set to `True`. - However this does not track modifications inside mutable objects - in the session: - - >>> c = Session({}, sid='deadbeefbabe2c00ffee') - >>> c["foo"] = [1, 2, 3] - >>> c.modified - True - >>> c.modified = False - >>> c["foo"].append(4) - >>> c.modified - False - - In that situation it has to be set to `modified` by hand so that - :attr:`should_save` can pick it up. - - .. autoattribute:: should_save - -.. autoclass:: SessionStore - :members: - -.. autoclass:: FilesystemSessionStore - :members: list - -.. autoclass:: SessionMiddleware diff --git a/docs/contrib/wrappers.rst b/docs/contrib/wrappers.rst deleted file mode 100644 index 3ed617e23..000000000 --- a/docs/contrib/wrappers.rst +++ /dev/null @@ -1,28 +0,0 @@ -============== -Extra Wrappers -============== - -.. warning:: - .. deprecated:: 0.15 - All classes in this module have been moved or deprecated and - will be removed in version 1.0. Check the docs for the status - of each class. - -.. automodule:: werkzeug.contrib.wrappers - -.. autoclass:: JSONRequestMixin - -.. autoclass:: ProtobufRequestMixin - :members: - -.. autoclass:: RoutingArgsRequestMixin - :members: - -.. autoclass:: ReverseSlashBehaviorRequestMixin - :members: - -.. autoclass:: DynamicCharsetRequestMixin - :members: - -.. autoclass:: DynamicCharsetResponseMixin - :members: diff --git a/docs/index.rst b/docs/index.rst index 3be4882ea..cb16d6670 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -67,15 +67,6 @@ Deployment deployment/index -Contributed Modules -------------------- - -.. toctree:: - :maxdepth: 3 - - contrib/index - - Additional Information ---------------------- diff --git a/docs/middlewares.rst b/docs/middlewares.rst deleted file mode 100644 index c2569b555..000000000 --- a/docs/middlewares.rst +++ /dev/null @@ -1,6 +0,0 @@ -:orphan: - -Middleware -========== - -Moved to :doc:`/middleware/index`. diff --git a/docs/transition.rst b/docs/transition.rst index b4e69a3e1..25a23e9af 100644 --- a/docs/transition.rst +++ b/docs/transition.rst @@ -53,34 +53,3 @@ patch: :: patch -p1 < new-imports.udiff - - -Deprecated and Removed Code ---------------------------- - -Some things that were relevant to Werkzeug's core (working with WSGI and -HTTP) have been removed. These were not commonly used, or are better -served by dedicated libraries. - -- ``werkzeug.script``, replace with `Click`_ or another dedicated - command line library. -- ``werkzeug.template``, replace with `Jinja`_ or another dedicated - template library. -- ``werkzeug.contrib.jsrouting``, this type of URL generation in - JavaScript did not scale well. Instead, generate URLs when - rendering templates, or add a URL field to a JSON response. -- ``werkzeug.contrib.kickstart``, replace with custom code if needed, - the Werkzeug API has improved in general. `Flask`_ is a higher-level - version of this. -- ``werkzeug.contrib.testtools``, was not significantly useful over - the default behavior. -- ``werkzeug.contrib.cache``, has been extracted to `cachelib`_. -- ``werkzeug.contrib.atom``, was outside the core focus of Werkzeug, - replace with a dedicated feed generation library. -- ``werkzeug.contrib.limiter``, stream limiting is better handled by - the WSGI server library instead of middleware. - -.. _Click: https://click.palletsprojects.com/ -.. _Jinja: http://jinja.pocoo.org/docs/ -.. _Flask: http://flask.pocoo.org/docs/ -.. _cachelib: https://github.com/pallets/cachelib diff --git a/examples/contrib/README b/examples/contrib/README deleted file mode 100644 index 387df5bd1..000000000 --- a/examples/contrib/README +++ /dev/null @@ -1 +0,0 @@ -This folder includes example applications for werkzeug.contrib diff --git a/examples/contrib/securecookie.py b/examples/contrib/securecookie.py deleted file mode 100644 index 2f6544d32..000000000 --- a/examples/contrib/securecookie.py +++ /dev/null @@ -1,51 +0,0 @@ -# -*- coding: utf-8 -*- -""" - Secure Cookie Example - ~~~~~~~~~~~~~~~~~~~~~ - - Stores session on the client. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -from time import asctime - -from werkzeug.contrib.securecookie import SecureCookie -from werkzeug.serving import run_simple -from werkzeug.wrappers import BaseRequest -from werkzeug.wrappers import BaseResponse - -SECRET_KEY = "V\x8a$m\xda\xe9\xc3\x0f|f\x88\xbccj>\x8bI^3+" - - -class Request(BaseRequest): - def __init__(self, environ): - BaseRequest.__init__(self, environ) - self.session = SecureCookie.load_cookie(self, secret_key=SECRET_KEY) - - -def index(request): - return 'Set the Time or Get the time' - - -def get_time(request): - return "Time: %s" % request.session.get("time", "not set") - - -def set_time(request): - request.session["time"] = time = asctime() - return "Time set to %s" % time - - -def application(environ, start_response): - request = Request(environ) - response = BaseResponse( - {"get": get_time, "set": set_time}.get(request.path.strip("/"), index)(request), - mimetype="text/html", - ) - request.session.save_cookie(response) - return response(environ, start_response) - - -if __name__ == "__main__": - run_simple("localhost", 5000, application) diff --git a/examples/contrib/sessions.py b/examples/contrib/sessions.py deleted file mode 100644 index c5eef576a..000000000 --- a/examples/contrib/sessions.py +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- -from werkzeug.contrib.sessions import SessionMiddleware -from werkzeug.contrib.sessions import SessionStore -from werkzeug.serving import run_simple - - -class MemorySessionStore(SessionStore): - def __init__(self, session_class=None): - SessionStore.__init__(self, session_class=None) - self.sessions = {} - - def save(self, session): - self.sessions[session.sid] = session - - def delete(self, session): - self.sessions.pop(session.id, None) - - def get(self, sid): - if not self.is_valid_key(sid) or sid not in self.sessions: - return self.new() - return self.session_class(self.sessions[sid], sid, False) - - -def application(environ, start_response): - session = environ["werkzeug.session"] - session["visit_count"] = session.get("visit_count", 0) + 1 - - start_response("200 OK", [("Content-Type", "text/html")]) - return [ - """ - Session Example -

Session Example

-

You visited this page %d times.

""" - % session["visit_count"] - ] - - -def make_app(): - return SessionMiddleware(application, MemorySessionStore()) - - -if __name__ == "__main__": - run_simple("localhost", 5000, make_app()) diff --git a/examples/cookieauth.py b/examples/cookieauth.py deleted file mode 100644 index ba23bda47..000000000 --- a/examples/cookieauth.py +++ /dev/null @@ -1,113 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- -""" - Cookie Based Auth - ~~~~~~~~~~~~~~~~~ - - This is a very simple application that uses a secure cookie to do the - user authentification. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -from werkzeug.contrib.securecookie import SecureCookie -from werkzeug.serving import run_simple -from werkzeug.utils import cached_property -from werkzeug.utils import escape -from werkzeug.utils import redirect -from werkzeug.wrappers import Request -from werkzeug.wrappers import Response - - -# don't use this key but a different one; you could just use -# os.unrandom(20) to get something random. Changing this key -# invalidates all sessions at once. -SECRET_KEY = "\xfa\xdd\xb8z\xae\xe0}4\x8b\xea" - -# the cookie name for the session -COOKIE_NAME = "session" - -# the users that may access -USERS = {"admin": "default", "user1": "default"} - - -class AppRequest(Request): - """A request with a secure cookie session.""" - - def logout(self): - """Log the user out.""" - self.session.pop("username", None) - - def login(self, username): - """Log the user in.""" - self.session["username"] = username - - @property - def logged_in(self): - """Is the user logged in?""" - return self.user is not None - - @property - def user(self): - """The user that is logged in.""" - return self.session.get("username") - - @cached_property - def session(self): - data = self.cookies.get(COOKIE_NAME) - if not data: - return SecureCookie(secret_key=SECRET_KEY) - return SecureCookie.unserialize(data, SECRET_KEY) - - -def login_form(request): - error = "" - if request.method == "POST": - username = request.form.get("username") - password = request.form.get("password") - if password and USERS.get(username) == password: - request.login(username) - return redirect("") - error = "

Invalid credentials" - return Response( - """Login

Login

-

Not logged in. - %s -

-

- - - - -

""" - % error, - mimetype="text/html", - ) - - -def index(request): - return Response( - """Logged in -

Logged in

-

Logged in as %s -

Logout""" - % escape(request.user), - mimetype="text/html", - ) - - -@AppRequest.application -def application(request): - if request.args.get("do") == "logout": - request.logout() - response = redirect(".") - elif request.logged_in: - response = index(request) - else: - response = login_form(request) - request.session.save_cookie(response) - return response - - -if __name__ == "__main__": - run_simple("localhost", 4000, application) diff --git a/src/werkzeug/contrib/__init__.py b/src/werkzeug/contrib/__init__.py deleted file mode 100644 index 0e741f07f..000000000 --- a/src/werkzeug/contrib/__init__.py +++ /dev/null @@ -1,16 +0,0 @@ -# -*- coding: utf-8 -*- -""" - werkzeug.contrib - ~~~~~~~~~~~~~~~~ - - Contains user-submitted code that other users may find useful, but which - is not part of the Werkzeug core. Anyone can write code for inclusion in - the `contrib` package. All modules in this package are distributed as an - add-on library and thus are not part of Werkzeug itself. - - This file itself is mostly for informational purposes and to tell the - Python interpreter that `contrib` is a package. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" diff --git a/src/werkzeug/contrib/atom.py b/src/werkzeug/contrib/atom.py deleted file mode 100644 index d079d2bf2..000000000 --- a/src/werkzeug/contrib/atom.py +++ /dev/null @@ -1,362 +0,0 @@ -# -*- coding: utf-8 -*- -""" - werkzeug.contrib.atom - ~~~~~~~~~~~~~~~~~~~~~ - - This module provides a class called :class:`AtomFeed` which can be - used to generate feeds in the Atom syndication format (see :rfc:`4287`). - - Example:: - - def atom_feed(request): - feed = AtomFeed("My Blog", feed_url=request.url, - url=request.host_url, - subtitle="My example blog for a feed test.") - for post in Post.query.limit(10).all(): - feed.add(post.title, post.body, content_type='html', - author=post.author, url=post.url, id=post.uid, - updated=post.last_update, published=post.pub_date) - return feed.get_response() - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -import warnings -from datetime import datetime - -from .._compat import implements_to_string -from .._compat import string_types -from ..utils import escape -from ..wrappers import BaseResponse - -warnings.warn( - "'werkzeug.contrib.atom' is deprecated as of version 0.15 and will" - " be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, -) - -XHTML_NAMESPACE = "http://www.w3.org/1999/xhtml" - - -def _make_text_block(name, content, content_type=None): - """Helper function for the builder that creates an XML text block.""" - if content_type == "xhtml": - return u'<%s type="xhtml">

%s
\n' % ( - name, - XHTML_NAMESPACE, - content, - name, - ) - if not content_type: - return u"<%s>%s\n" % (name, escape(content), name) - return u'<%s type="%s">%s\n' % (name, content_type, escape(content), name) - - -def format_iso8601(obj): - """Format a datetime object for iso8601""" - iso8601 = obj.isoformat() - if obj.tzinfo: - return iso8601 - return iso8601 + "Z" - - -@implements_to_string -class AtomFeed(object): - - """A helper class that creates Atom feeds. - - :param title: the title of the feed. Required. - :param title_type: the type attribute for the title element. One of - ``'html'``, ``'text'`` or ``'xhtml'``. - :param url: the url for the feed (not the url *of* the feed) - :param id: a globally unique id for the feed. Must be an URI. If - not present the `feed_url` is used, but one of both is - required. - :param updated: the time the feed was modified the last time. Must - be a :class:`datetime.datetime` object. If not - present the latest entry's `updated` is used. - Treated as UTC if naive datetime. - :param feed_url: the URL to the feed. Should be the URL that was - requested. - :param author: the author of the feed. Must be either a string (the - name) or a dict with name (required) and uri or - email (both optional). Can be a list of (may be - mixed, too) strings and dicts, too, if there are - multiple authors. Required if not every entry has an - author element. - :param icon: an icon for the feed. - :param logo: a logo for the feed. - :param rights: copyright information for the feed. - :param rights_type: the type attribute for the rights element. One of - ``'html'``, ``'text'`` or ``'xhtml'``. Default is - ``'text'``. - :param subtitle: a short description of the feed. - :param subtitle_type: the type attribute for the subtitle element. - One of ``'text'``, ``'html'``, ``'text'`` - or ``'xhtml'``. Default is ``'text'``. - :param links: additional links. Must be a list of dictionaries with - href (required) and rel, type, hreflang, title, length - (all optional) - :param generator: the software that generated this feed. This must be - a tuple in the form ``(name, url, version)``. If - you don't want to specify one of them, set the item - to `None`. - :param entries: a list with the entries for the feed. Entries can also - be added later with :meth:`add`. - - For more information on the elements see - http://www.atomenabled.org/developers/syndication/ - - Everywhere where a list is demanded, any iterable can be used. - """ - - default_generator = ("Werkzeug", None, None) - - def __init__(self, title=None, entries=None, **kwargs): - self.title = title - self.title_type = kwargs.get("title_type", "text") - self.url = kwargs.get("url") - self.feed_url = kwargs.get("feed_url", self.url) - self.id = kwargs.get("id", self.feed_url) - self.updated = kwargs.get("updated") - self.author = kwargs.get("author", ()) - self.icon = kwargs.get("icon") - self.logo = kwargs.get("logo") - self.rights = kwargs.get("rights") - self.rights_type = kwargs.get("rights_type") - self.subtitle = kwargs.get("subtitle") - self.subtitle_type = kwargs.get("subtitle_type", "text") - self.generator = kwargs.get("generator") - if self.generator is None: - self.generator = self.default_generator - self.links = kwargs.get("links", []) - self.entries = list(entries) if entries else [] - - if not hasattr(self.author, "__iter__") or isinstance( - self.author, string_types + (dict,) - ): - self.author = [self.author] - for i, author in enumerate(self.author): - if not isinstance(author, dict): - self.author[i] = {"name": author} - - if not self.title: - raise ValueError("title is required") - if not self.id: - raise ValueError("id is required") - for author in self.author: - if "name" not in author: - raise TypeError("author must contain at least a name") - - def add(self, *args, **kwargs): - """Add a new entry to the feed. This function can either be called - with a :class:`FeedEntry` or some keyword and positional arguments - that are forwarded to the :class:`FeedEntry` constructor. - """ - if len(args) == 1 and not kwargs and isinstance(args[0], FeedEntry): - self.entries.append(args[0]) - else: - kwargs["feed_url"] = self.feed_url - self.entries.append(FeedEntry(*args, **kwargs)) - - def __repr__(self): - return "<%s %r (%d entries)>" % ( - self.__class__.__name__, - self.title, - len(self.entries), - ) - - def generate(self): - """Return a generator that yields pieces of XML.""" - # atom demands either an author element in every entry or a global one - if not self.author: - if any(not e.author for e in self.entries): - self.author = ({"name": "Unknown author"},) - - if not self.updated: - dates = sorted([entry.updated for entry in self.entries]) - self.updated = dates[-1] if dates else datetime.utcnow() - - yield u'\n' - yield u'\n' - yield " " + _make_text_block("title", self.title, self.title_type) - yield u" %s\n" % escape(self.id) - yield u" %s\n" % format_iso8601(self.updated) - if self.url: - yield u' \n' % escape(self.url) - if self.feed_url: - yield u' \n' % escape(self.feed_url) - for link in self.links: - yield u" \n" % "".join( - '%s="%s" ' % (k, escape(link[k])) for k in link - ) - for author in self.author: - yield u" \n" - yield u" %s\n" % escape(author["name"]) - if "uri" in author: - yield u" %s\n" % escape(author["uri"]) - if "email" in author: - yield " %s\n" % escape(author["email"]) - yield " \n" - if self.subtitle: - yield " " + _make_text_block("subtitle", self.subtitle, self.subtitle_type) - if self.icon: - yield u" %s\n" % escape(self.icon) - if self.logo: - yield u" %s\n" % escape(self.logo) - if self.rights: - yield " " + _make_text_block("rights", self.rights, self.rights_type) - generator_name, generator_url, generator_version = self.generator - if generator_name or generator_url or generator_version: - tmp = [u" %s\n" % escape(generator_name)) - yield u"".join(tmp) - for entry in self.entries: - for line in entry.generate(): - yield u" " + line - yield u"\n" - - def to_string(self): - """Convert the feed into a string.""" - return u"".join(self.generate()) - - def get_response(self): - """Return a response object for the feed.""" - return BaseResponse(self.to_string(), mimetype="application/atom+xml") - - def __call__(self, environ, start_response): - """Use the class as WSGI response object.""" - return self.get_response()(environ, start_response) - - def __str__(self): - return self.to_string() - - -@implements_to_string -class FeedEntry(object): - - """Represents a single entry in a feed. - - :param title: the title of the entry. Required. - :param title_type: the type attribute for the title element. One of - ``'html'``, ``'text'`` or ``'xhtml'``. - :param content: the content of the entry. - :param content_type: the type attribute for the content element. One - of ``'html'``, ``'text'`` or ``'xhtml'``. - :param summary: a summary of the entry's content. - :param summary_type: the type attribute for the summary element. One - of ``'html'``, ``'text'`` or ``'xhtml'``. - :param url: the url for the entry. - :param id: a globally unique id for the entry. Must be an URI. If - not present the URL is used, but one of both is required. - :param updated: the time the entry was modified the last time. Must - be a :class:`datetime.datetime` object. Treated as - UTC if naive datetime. Required. - :param author: the author of the entry. Must be either a string (the - name) or a dict with name (required) and uri or - email (both optional). Can be a list of (may be - mixed, too) strings and dicts, too, if there are - multiple authors. Required if the feed does not have an - author element. - :param published: the time the entry was initially published. Must - be a :class:`datetime.datetime` object. Treated as - UTC if naive datetime. - :param rights: copyright information for the entry. - :param rights_type: the type attribute for the rights element. One of - ``'html'``, ``'text'`` or ``'xhtml'``. Default is - ``'text'``. - :param links: additional links. Must be a list of dictionaries with - href (required) and rel, type, hreflang, title, length - (all optional) - :param categories: categories for the entry. Must be a list of dictionaries - with term (required), scheme and label (all optional) - :param xml_base: The xml base (url) for this feed item. If not provided - it will default to the item url. - - For more information on the elements see - http://www.atomenabled.org/developers/syndication/ - - Everywhere where a list is demanded, any iterable can be used. - """ - - def __init__(self, title=None, content=None, feed_url=None, **kwargs): - self.title = title - self.title_type = kwargs.get("title_type", "text") - self.content = content - self.content_type = kwargs.get("content_type", "html") - self.url = kwargs.get("url") - self.id = kwargs.get("id", self.url) - self.updated = kwargs.get("updated") - self.summary = kwargs.get("summary") - self.summary_type = kwargs.get("summary_type", "html") - self.author = kwargs.get("author", ()) - self.published = kwargs.get("published") - self.rights = kwargs.get("rights") - self.links = kwargs.get("links", []) - self.categories = kwargs.get("categories", []) - self.xml_base = kwargs.get("xml_base", feed_url) - - if not hasattr(self.author, "__iter__") or isinstance( - self.author, string_types + (dict,) - ): - self.author = [self.author] - for i, author in enumerate(self.author): - if not isinstance(author, dict): - self.author[i] = {"name": author} - - if not self.title: - raise ValueError("title is required") - if not self.id: - raise ValueError("id is required") - if not self.updated: - raise ValueError("updated is required") - - def __repr__(self): - return "<%s %r>" % (self.__class__.__name__, self.title) - - def generate(self): - """Yields pieces of ATOM XML.""" - base = "" - if self.xml_base: - base = ' xml:base="%s"' % escape(self.xml_base) - yield u"\n" % base - yield u" " + _make_text_block("title", self.title, self.title_type) - yield u" %s\n" % escape(self.id) - yield u" %s\n" % format_iso8601(self.updated) - if self.published: - yield u" %s\n" % format_iso8601(self.published) - if self.url: - yield u' \n' % escape(self.url) - for author in self.author: - yield u" \n" - yield u" %s\n" % escape(author["name"]) - if "uri" in author: - yield u" %s\n" % escape(author["uri"]) - if "email" in author: - yield u" %s\n" % escape(author["email"]) - yield u" \n" - for link in self.links: - yield u" \n" % "".join( - '%s="%s" ' % (k, escape(link[k])) for k in link - ) - for category in self.categories: - yield u" \n" % "".join( - '%s="%s" ' % (k, escape(category[k])) for k in category - ) - if self.summary: - yield u" " + _make_text_block("summary", self.summary, self.summary_type) - if self.content: - yield u" " + _make_text_block("content", self.content, self.content_type) - yield u"\n" - - def to_string(self): - """Convert the feed item into a unicode object.""" - return u"".join(self.generate()) - - def __str__(self): - return self.to_string() diff --git a/src/werkzeug/contrib/cache.py b/src/werkzeug/contrib/cache.py deleted file mode 100644 index 79c749b5e..000000000 --- a/src/werkzeug/contrib/cache.py +++ /dev/null @@ -1,933 +0,0 @@ -# -*- coding: utf-8 -*- -""" - werkzeug.contrib.cache - ~~~~~~~~~~~~~~~~~~~~~~ - - The main problem with dynamic Web sites is, well, they're dynamic. Each - time a user requests a page, the webserver executes a lot of code, queries - the database, renders templates until the visitor gets the page he sees. - - This is a lot more expensive than just loading a file from the file system - and sending it to the visitor. - - For most Web applications, this overhead isn't a big deal but once it - becomes, you will be glad to have a cache system in place. - - How Caching Works - ================= - - Caching is pretty simple. Basically you have a cache object lurking around - somewhere that is connected to a remote cache or the file system or - something else. When the request comes in you check if the current page - is already in the cache and if so, you're returning it from the cache. - Otherwise you generate the page and put it into the cache. (Or a fragment - of the page, you don't have to cache the full thing) - - Here is a simple example of how to cache a sidebar for 5 minutes:: - - def get_sidebar(user): - identifier = 'sidebar_for/user%d' % user.id - value = cache.get(identifier) - if value is not None: - return value - value = generate_sidebar_for(user=user) - cache.set(identifier, value, timeout=60 * 5) - return value - - Creating a Cache Object - ======================= - - To create a cache object you just import the cache system of your choice - from the cache module and instantiate it. Then you can start working - with that object: - - >>> from werkzeug.contrib.cache import SimpleCache - >>> c = SimpleCache() - >>> c.set("foo", "value") - >>> c.get("foo") - 'value' - >>> c.get("missing") is None - True - - Please keep in mind that you have to create the cache and put it somewhere - you have access to it (either as a module global you can import or you just - put it into your WSGI application). - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -import errno -import os -import platform -import re -import tempfile -import warnings -from hashlib import md5 -from time import time - -from .._compat import integer_types -from .._compat import iteritems -from .._compat import string_types -from .._compat import text_type -from .._compat import to_native -from ..posixemulation import rename - -try: - import cPickle as pickle -except ImportError: # pragma: no cover - import pickle - -warnings.warn( - "'werkzeug.contrib.cache' is deprecated as of version 0.15 and will" - " be removed in version 1.0. It has moved to https://github.com" - "/pallets/cachelib.", - DeprecationWarning, - stacklevel=2, -) - - -def _items(mappingorseq): - """Wrapper for efficient iteration over mappings represented by dicts - or sequences:: - - >>> for k, v in _items((i, i*i) for i in xrange(5)): - ... assert k*k == v - - >>> for k, v in _items(dict((i, i*i) for i in xrange(5))): - ... assert k*k == v - - """ - if hasattr(mappingorseq, "items"): - return iteritems(mappingorseq) - return mappingorseq - - -class BaseCache(object): - """Baseclass for the cache systems. All the cache systems implement this - API or a superset of it. - - :param default_timeout: the default timeout (in seconds) that is used if - no timeout is specified on :meth:`set`. A timeout - of 0 indicates that the cache never expires. - """ - - def __init__(self, default_timeout=300): - self.default_timeout = default_timeout - - def _normalize_timeout(self, timeout): - if timeout is None: - timeout = self.default_timeout - return timeout - - def get(self, key): - """Look up key in the cache and return the value for it. - - :param key: the key to be looked up. - :returns: The value if it exists and is readable, else ``None``. - """ - return None - - def delete(self, key): - """Delete `key` from the cache. - - :param key: the key to delete. - :returns: Whether the key existed and has been deleted. - :rtype: boolean - """ - return True - - def get_many(self, *keys): - """Returns a list of values for the given keys. - For each key an item in the list is created:: - - foo, bar = cache.get_many("foo", "bar") - - Has the same error handling as :meth:`get`. - - :param keys: The function accepts multiple keys as positional - arguments. - """ - return [self.get(k) for k in keys] - - def get_dict(self, *keys): - """Like :meth:`get_many` but return a dict:: - - d = cache.get_dict("foo", "bar") - foo = d["foo"] - bar = d["bar"] - - :param keys: The function accepts multiple keys as positional - arguments. - """ - return dict(zip(keys, self.get_many(*keys))) - - def set(self, key, value, timeout=None): - """Add a new key/value to the cache (overwrites value, if key already - exists in the cache). - - :param key: the key to set - :param value: the value for the key - :param timeout: the cache timeout for the key in seconds (if not - specified, it uses the default timeout). A timeout of - 0 idicates that the cache never expires. - :returns: ``True`` if key has been updated, ``False`` for backend - errors. Pickling errors, however, will raise a subclass of - ``pickle.PickleError``. - :rtype: boolean - """ - return True - - def add(self, key, value, timeout=None): - """Works like :meth:`set` but does not overwrite the values of already - existing keys. - - :param key: the key to set - :param value: the value for the key - :param timeout: the cache timeout for the key in seconds (if not - specified, it uses the default timeout). A timeout of - 0 idicates that the cache never expires. - :returns: Same as :meth:`set`, but also ``False`` for already - existing keys. - :rtype: boolean - """ - return True - - def set_many(self, mapping, timeout=None): - """Sets multiple keys and values from a mapping. - - :param mapping: a mapping with the keys/values to set. - :param timeout: the cache timeout for the key in seconds (if not - specified, it uses the default timeout). A timeout of - 0 idicates that the cache never expires. - :returns: Whether all given keys have been set. - :rtype: boolean - """ - rv = True - for key, value in _items(mapping): - if not self.set(key, value, timeout): - rv = False - return rv - - def delete_many(self, *keys): - """Deletes multiple keys at once. - - :param keys: The function accepts multiple keys as positional - arguments. - :returns: Whether all given keys have been deleted. - :rtype: boolean - """ - return all(self.delete(key) for key in keys) - - def has(self, key): - """Checks if a key exists in the cache without returning it. This is a - cheap operation that bypasses loading the actual data on the backend. - - This method is optional and may not be implemented on all caches. - - :param key: the key to check - """ - raise NotImplementedError( - "%s doesn't have an efficient implementation of `has`. That " - "means it is impossible to check whether a key exists without " - "fully loading the key's data. Consider using `self.get` " - "explicitly if you don't care about performance." - ) - - def clear(self): - """Clears the cache. Keep in mind that not all caches support - completely clearing the cache. - - :returns: Whether the cache has been cleared. - :rtype: boolean - """ - return True - - def inc(self, key, delta=1): - """Increments the value of a key by `delta`. If the key does - not yet exist it is initialized with `delta`. - - For supporting caches this is an atomic operation. - - :param key: the key to increment. - :param delta: the delta to add. - :returns: The new value or ``None`` for backend errors. - """ - value = (self.get(key) or 0) + delta - return value if self.set(key, value) else None - - def dec(self, key, delta=1): - """Decrements the value of a key by `delta`. If the key does - not yet exist it is initialized with `-delta`. - - For supporting caches this is an atomic operation. - - :param key: the key to increment. - :param delta: the delta to subtract. - :returns: The new value or `None` for backend errors. - """ - value = (self.get(key) or 0) - delta - return value if self.set(key, value) else None - - -class NullCache(BaseCache): - """A cache that doesn't cache. This can be useful for unit testing. - - :param default_timeout: a dummy parameter that is ignored but exists - for API compatibility with other caches. - """ - - def has(self, key): - return False - - -class SimpleCache(BaseCache): - """Simple memory cache for single process environments. This class exists - mainly for the development server and is not 100% thread safe. It tries - to use as many atomic operations as possible and no locks for simplicity - but it could happen under heavy load that keys are added multiple times. - - :param threshold: the maximum number of items the cache stores before - it starts deleting some. - :param default_timeout: the default timeout that is used if no timeout is - specified on :meth:`~BaseCache.set`. A timeout of - 0 indicates that the cache never expires. - """ - - def __init__(self, threshold=500, default_timeout=300): - BaseCache.__init__(self, default_timeout) - self._cache = {} - self.clear = self._cache.clear - self._threshold = threshold - - def _prune(self): - if len(self._cache) > self._threshold: - now = time() - toremove = [] - for idx, (key, (expires, _)) in enumerate(self._cache.items()): - if (expires != 0 and expires <= now) or idx % 3 == 0: - toremove.append(key) - for key in toremove: - self._cache.pop(key, None) - - def _normalize_timeout(self, timeout): - timeout = BaseCache._normalize_timeout(self, timeout) - if timeout > 0: - timeout = time() + timeout - return timeout - - def get(self, key): - try: - expires, value = self._cache[key] - if expires == 0 or expires > time(): - return pickle.loads(value) - except (KeyError, pickle.PickleError): - return None - - def set(self, key, value, timeout=None): - expires = self._normalize_timeout(timeout) - self._prune() - self._cache[key] = (expires, pickle.dumps(value, pickle.HIGHEST_PROTOCOL)) - return True - - def add(self, key, value, timeout=None): - expires = self._normalize_timeout(timeout) - self._prune() - item = (expires, pickle.dumps(value, pickle.HIGHEST_PROTOCOL)) - if key in self._cache: - return False - self._cache.setdefault(key, item) - return True - - def delete(self, key): - return self._cache.pop(key, None) is not None - - def has(self, key): - try: - expires, value = self._cache[key] - return expires == 0 or expires > time() - except KeyError: - return False - - -_test_memcached_key = re.compile(r"[^\x00-\x21\xff]{1,250}$").match - - -class MemcachedCache(BaseCache): - """A cache that uses memcached as backend. - - The first argument can either be an object that resembles the API of a - :class:`memcache.Client` or a tuple/list of server addresses. In the - event that a tuple/list is passed, Werkzeug tries to import the best - available memcache library. - - This cache looks into the following packages/modules to find bindings for - memcached: - - - ``pylibmc`` - - ``google.appengine.api.memcached`` - - ``memcached`` - - ``libmc`` - - Implementation notes: This cache backend works around some limitations in - memcached to simplify the interface. For example unicode keys are encoded - to utf-8 on the fly. Methods such as :meth:`~BaseCache.get_dict` return - the keys in the same format as passed. Furthermore all get methods - silently ignore key errors to not cause problems when untrusted user data - is passed to the get methods which is often the case in web applications. - - :param servers: a list or tuple of server addresses or alternatively - a :class:`memcache.Client` or a compatible client. - :param default_timeout: the default timeout that is used if no timeout is - specified on :meth:`~BaseCache.set`. A timeout of - 0 indicates that the cache never expires. - :param key_prefix: a prefix that is added before all keys. This makes it - possible to use the same memcached server for different - applications. Keep in mind that - :meth:`~BaseCache.clear` will also clear keys with a - different prefix. - """ - - def __init__(self, servers=None, default_timeout=300, key_prefix=None): - BaseCache.__init__(self, default_timeout) - if servers is None or isinstance(servers, (list, tuple)): - if servers is None: - servers = ["127.0.0.1:11211"] - self._client = self.import_preferred_memcache_lib(servers) - if self._client is None: - raise RuntimeError("no memcache module found") - else: - # NOTE: servers is actually an already initialized memcache - # client. - self._client = servers - - self.key_prefix = to_native(key_prefix) - - def _normalize_key(self, key): - key = to_native(key, "utf-8") - if self.key_prefix: - key = self.key_prefix + key - return key - - def _normalize_timeout(self, timeout): - timeout = BaseCache._normalize_timeout(self, timeout) - if timeout > 0: - timeout = int(time()) + timeout - return timeout - - def get(self, key): - key = self._normalize_key(key) - # memcached doesn't support keys longer than that. Because often - # checks for so long keys can occur because it's tested from user - # submitted data etc we fail silently for getting. - if _test_memcached_key(key): - return self._client.get(key) - - def get_dict(self, *keys): - key_mapping = {} - have_encoded_keys = False - for key in keys: - encoded_key = self._normalize_key(key) - if not isinstance(key, str): - have_encoded_keys = True - if _test_memcached_key(key): - key_mapping[encoded_key] = key - _keys = list(key_mapping) - d = rv = self._client.get_multi(_keys) - if have_encoded_keys or self.key_prefix: - rv = {} - for key, value in iteritems(d): - rv[key_mapping[key]] = value - if len(rv) < len(keys): - for key in keys: - if key not in rv: - rv[key] = None - return rv - - def add(self, key, value, timeout=None): - key = self._normalize_key(key) - timeout = self._normalize_timeout(timeout) - return self._client.add(key, value, timeout) - - def set(self, key, value, timeout=None): - key = self._normalize_key(key) - timeout = self._normalize_timeout(timeout) - return self._client.set(key, value, timeout) - - def get_many(self, *keys): - d = self.get_dict(*keys) - return [d[key] for key in keys] - - def set_many(self, mapping, timeout=None): - new_mapping = {} - for key, value in _items(mapping): - key = self._normalize_key(key) - new_mapping[key] = value - - timeout = self._normalize_timeout(timeout) - failed_keys = self._client.set_multi(new_mapping, timeout) - return not failed_keys - - def delete(self, key): - key = self._normalize_key(key) - if _test_memcached_key(key): - return self._client.delete(key) - - def delete_many(self, *keys): - new_keys = [] - for key in keys: - key = self._normalize_key(key) - if _test_memcached_key(key): - new_keys.append(key) - return self._client.delete_multi(new_keys) - - def has(self, key): - key = self._normalize_key(key) - if _test_memcached_key(key): - return self._client.append(key, "") - return False - - def clear(self): - return self._client.flush_all() - - def inc(self, key, delta=1): - key = self._normalize_key(key) - return self._client.incr(key, delta) - - def dec(self, key, delta=1): - key = self._normalize_key(key) - return self._client.decr(key, delta) - - def import_preferred_memcache_lib(self, servers): - """Returns an initialized memcache client. Used by the constructor.""" - try: - import pylibmc - except ImportError: - pass - else: - return pylibmc.Client(servers) - - try: - from google.appengine.api import memcache - except ImportError: - pass - else: - return memcache.Client() - - try: - import memcache - except ImportError: - pass - else: - return memcache.Client(servers) - - try: - import libmc - except ImportError: - pass - else: - return libmc.Client(servers) - - -# backwards compatibility -GAEMemcachedCache = MemcachedCache - - -class RedisCache(BaseCache): - """Uses the Redis key-value store as a cache backend. - - The first argument can be either a string denoting address of the Redis - server or an object resembling an instance of a redis.Redis class. - - Note: Python Redis API already takes care of encoding unicode strings on - the fly. - - .. versionadded:: 0.7 - - .. versionadded:: 0.8 - `key_prefix` was added. - - .. versionchanged:: 0.8 - This cache backend now properly serializes objects. - - .. versionchanged:: 0.8.3 - This cache backend now supports password authentication. - - .. versionchanged:: 0.10 - ``**kwargs`` is now passed to the redis object. - - :param host: address of the Redis server or an object which API is - compatible with the official Python Redis client (redis-py). - :param port: port number on which Redis server listens for connections. - :param password: password authentication for the Redis server. - :param db: db (zero-based numeric index) on Redis Server to connect. - :param default_timeout: the default timeout that is used if no timeout is - specified on :meth:`~BaseCache.set`. A timeout of - 0 indicates that the cache never expires. - :param key_prefix: A prefix that should be added to all keys. - - Any additional keyword arguments will be passed to ``redis.Redis``. - """ - - def __init__( - self, - host="localhost", - port=6379, - password=None, - db=0, - default_timeout=300, - key_prefix=None, - **kwargs - ): - BaseCache.__init__(self, default_timeout) - if host is None: - raise ValueError("RedisCache host parameter may not be None") - if isinstance(host, string_types): - try: - import redis - except ImportError: - raise RuntimeError("no redis module found") - if kwargs.get("decode_responses", None): - raise ValueError("decode_responses is not supported by RedisCache.") - self._client = redis.Redis( - host=host, port=port, password=password, db=db, **kwargs - ) - else: - self._client = host - self.key_prefix = key_prefix or "" - - def _normalize_timeout(self, timeout): - timeout = BaseCache._normalize_timeout(self, timeout) - if timeout == 0: - timeout = -1 - return timeout - - def dump_object(self, value): - """Dumps an object into a string for redis. By default it serializes - integers as regular string and pickle dumps everything else. - """ - t = type(value) - if t in integer_types: - return str(value).encode("ascii") - return b"!" + pickle.dumps(value) - - def load_object(self, value): - """The reversal of :meth:`dump_object`. This might be called with - None. - """ - if value is None: - return None - if value.startswith(b"!"): - try: - return pickle.loads(value[1:]) - except pickle.PickleError: - return None - try: - return int(value) - except ValueError: - # before 0.8 we did not have serialization. Still support that. - return value - - def get(self, key): - return self.load_object(self._client.get(self.key_prefix + key)) - - def get_many(self, *keys): - if self.key_prefix: - keys = [self.key_prefix + key for key in keys] - return [self.load_object(x) for x in self._client.mget(keys)] - - def set(self, key, value, timeout=None): - timeout = self._normalize_timeout(timeout) - dump = self.dump_object(value) - if timeout == -1: - result = self._client.set(name=self.key_prefix + key, value=dump) - else: - result = self._client.setex( - name=self.key_prefix + key, value=dump, time=timeout - ) - return result - - def add(self, key, value, timeout=None): - timeout = self._normalize_timeout(timeout) - dump = self.dump_object(value) - return self._client.setnx( - name=self.key_prefix + key, value=dump - ) and self._client.expire(name=self.key_prefix + key, time=timeout) - - def set_many(self, mapping, timeout=None): - timeout = self._normalize_timeout(timeout) - # Use transaction=False to batch without calling redis MULTI - # which is not supported by twemproxy - pipe = self._client.pipeline(transaction=False) - - for key, value in _items(mapping): - dump = self.dump_object(value) - if timeout == -1: - pipe.set(name=self.key_prefix + key, value=dump) - else: - pipe.setex(name=self.key_prefix + key, value=dump, time=timeout) - return pipe.execute() - - def delete(self, key): - return self._client.delete(self.key_prefix + key) - - def delete_many(self, *keys): - if not keys: - return - if self.key_prefix: - keys = [self.key_prefix + key for key in keys] - return self._client.delete(*keys) - - def has(self, key): - return self._client.exists(self.key_prefix + key) - - def clear(self): - status = False - if self.key_prefix: - keys = self._client.keys(self.key_prefix + "*") - if keys: - status = self._client.delete(*keys) - else: - status = self._client.flushdb() - return status - - def inc(self, key, delta=1): - return self._client.incr(name=self.key_prefix + key, amount=delta) - - def dec(self, key, delta=1): - return self._client.decr(name=self.key_prefix + key, amount=delta) - - -class FileSystemCache(BaseCache): - """A cache that stores the items on the file system. This cache depends - on being the only user of the `cache_dir`. Make absolutely sure that - nobody but this cache stores files there or otherwise the cache will - randomly delete files therein. - - :param cache_dir: the directory where cache files are stored. - :param threshold: the maximum number of items the cache stores before - it starts deleting some. A threshold value of 0 - indicates no threshold. - :param default_timeout: the default timeout that is used if no timeout is - specified on :meth:`~BaseCache.set`. A timeout of - 0 indicates that the cache never expires. - :param mode: the file mode wanted for the cache files, default 0600 - """ - - #: used for temporary files by the FileSystemCache - _fs_transaction_suffix = ".__wz_cache" - #: keep amount of files in a cache element - _fs_count_file = "__wz_cache_count" - - def __init__(self, cache_dir, threshold=500, default_timeout=300, mode=0o600): - BaseCache.__init__(self, default_timeout) - self._path = cache_dir - self._threshold = threshold - self._mode = mode - - try: - os.makedirs(self._path) - except OSError as ex: - if ex.errno != errno.EEXIST: - raise - - self._update_count(value=len(self._list_dir())) - - @property - def _file_count(self): - return self.get(self._fs_count_file) or 0 - - def _update_count(self, delta=None, value=None): - # If we have no threshold, don't count files - if self._threshold == 0: - return - - if delta: - new_count = self._file_count + delta - else: - new_count = value or 0 - self.set(self._fs_count_file, new_count, mgmt_element=True) - - def _normalize_timeout(self, timeout): - timeout = BaseCache._normalize_timeout(self, timeout) - if timeout != 0: - timeout = time() + timeout - return int(timeout) - - def _list_dir(self): - """return a list of (fully qualified) cache filenames - """ - mgmt_files = [ - self._get_filename(name).split("/")[-1] for name in (self._fs_count_file,) - ] - return [ - os.path.join(self._path, fn) - for fn in os.listdir(self._path) - if not fn.endswith(self._fs_transaction_suffix) and fn not in mgmt_files - ] - - def _prune(self): - if self._threshold == 0 or not self._file_count > self._threshold: - return - - entries = self._list_dir() - now = time() - for idx, fname in enumerate(entries): - try: - remove = False - with open(fname, "rb") as f: - expires = pickle.load(f) - remove = (expires != 0 and expires <= now) or idx % 3 == 0 - - if remove: - os.remove(fname) - except (IOError, OSError): - pass - self._update_count(value=len(self._list_dir())) - - def clear(self): - for fname in self._list_dir(): - try: - os.remove(fname) - except (IOError, OSError): - self._update_count(value=len(self._list_dir())) - return False - self._update_count(value=0) - return True - - def _get_filename(self, key): - if isinstance(key, text_type): - key = key.encode("utf-8") # XXX unicode review - hash = md5(key).hexdigest() - return os.path.join(self._path, hash) - - def get(self, key): - filename = self._get_filename(key) - try: - with open(filename, "rb") as f: - pickle_time = pickle.load(f) - if pickle_time == 0 or pickle_time >= time(): - return pickle.load(f) - else: - os.remove(filename) - return None - except (IOError, OSError, pickle.PickleError): - return None - - def add(self, key, value, timeout=None): - filename = self._get_filename(key) - if not os.path.exists(filename): - return self.set(key, value, timeout) - return False - - def set(self, key, value, timeout=None, mgmt_element=False): - # Management elements have no timeout - if mgmt_element: - timeout = 0 - - # Don't prune on management element update, to avoid loop - else: - self._prune() - - timeout = self._normalize_timeout(timeout) - filename = self._get_filename(key) - try: - fd, tmp = tempfile.mkstemp( - suffix=self._fs_transaction_suffix, dir=self._path - ) - with os.fdopen(fd, "wb") as f: - pickle.dump(timeout, f, 1) - pickle.dump(value, f, pickle.HIGHEST_PROTOCOL) - rename(tmp, filename) - os.chmod(filename, self._mode) - except (IOError, OSError): - return False - else: - # Management elements should not count towards threshold - if not mgmt_element: - self._update_count(delta=1) - return True - - def delete(self, key, mgmt_element=False): - try: - os.remove(self._get_filename(key)) - except (IOError, OSError): - return False - else: - # Management elements should not count towards threshold - if not mgmt_element: - self._update_count(delta=-1) - return True - - def has(self, key): - filename = self._get_filename(key) - try: - with open(filename, "rb") as f: - pickle_time = pickle.load(f) - if pickle_time == 0 or pickle_time >= time(): - return True - else: - os.remove(filename) - return False - except (IOError, OSError, pickle.PickleError): - return False - - -class UWSGICache(BaseCache): - """Implements the cache using uWSGI's caching framework. - - .. note:: - This class cannot be used when running under PyPy, because the uWSGI - API implementation for PyPy is lacking the needed functionality. - - :param default_timeout: The default timeout in seconds. - :param cache: The name of the caching instance to connect to, for - example: mycache@localhost:3031, defaults to an empty string, which - means uWSGI will cache in the local instance. If the cache is in the - same instance as the werkzeug app, you only have to provide the name of - the cache. - """ - - def __init__(self, default_timeout=300, cache=""): - BaseCache.__init__(self, default_timeout) - - if platform.python_implementation() == "PyPy": - raise RuntimeError( - "uWSGI caching does not work under PyPy, see " - "the docs for more details." - ) - - try: - import uwsgi - - self._uwsgi = uwsgi - except ImportError: - raise RuntimeError( - "uWSGI could not be imported, are you running under uWSGI?" - ) - - self.cache = cache - - def get(self, key): - rv = self._uwsgi.cache_get(key, self.cache) - if rv is None: - return - return pickle.loads(rv) - - def delete(self, key): - return self._uwsgi.cache_del(key, self.cache) - - def set(self, key, value, timeout=None): - return self._uwsgi.cache_update( - key, pickle.dumps(value), self._normalize_timeout(timeout), self.cache - ) - - def add(self, key, value, timeout=None): - return self._uwsgi.cache_set( - key, pickle.dumps(value), self._normalize_timeout(timeout), self.cache - ) - - def clear(self): - return self._uwsgi.cache_clear(self.cache) - - def has(self, key): - return self._uwsgi.cache_exists(key, self.cache) is not None diff --git a/src/werkzeug/contrib/fixers.py b/src/werkzeug/contrib/fixers.py deleted file mode 100644 index 8df0afdab..000000000 --- a/src/werkzeug/contrib/fixers.py +++ /dev/null @@ -1,262 +0,0 @@ -""" -Fixers -====== - -.. warning:: - .. deprecated:: 0.15 - ``ProxyFix`` has moved to :mod:`werkzeug.middleware.proxy_fix`. - All other code in this module is deprecated and will be removed - in version 1.0. - -.. versionadded:: 0.5 - -This module includes various helpers that fix web server behavior. - -.. autoclass:: ProxyFix - :members: - -.. autoclass:: CGIRootFix - -.. autoclass:: PathInfoFromRequestUriFix - -.. autoclass:: HeaderRewriterFix - -.. autoclass:: InternetExplorerFix - -:copyright: 2007 Pallets -:license: BSD-3-Clause -""" -import warnings - -from ..datastructures import Headers -from ..datastructures import ResponseCacheControl -from ..http import parse_cache_control_header -from ..http import parse_options_header -from ..http import parse_set_header -from ..middleware.proxy_fix import ProxyFix as _ProxyFix -from ..useragents import UserAgent - -try: - from urllib.parse import unquote -except ImportError: - from urllib import unquote - - -class CGIRootFix(object): - """Wrap the application in this middleware if you are using FastCGI - or CGI and you have problems with your app root being set to the CGI - script's path instead of the path users are going to visit. - - :param app: the WSGI application - :param app_root: Defaulting to ``'/'``, you can set this to - something else if your app is mounted somewhere else. - - .. deprecated:: 0.15 - This middleware will be removed in version 1.0. - - .. versionchanged:: 0.9 - Added `app_root` parameter and renamed from - ``LighttpdCGIRootFix``. - """ - - def __init__(self, app, app_root="/"): - warnings.warn( - "'CGIRootFix' is deprecated as of version 0.15 and will be" - " removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - self.app = app - self.app_root = app_root.strip("/") - - def __call__(self, environ, start_response): - environ["SCRIPT_NAME"] = self.app_root - return self.app(environ, start_response) - - -class LighttpdCGIRootFix(CGIRootFix): - def __init__(self, *args, **kwargs): - warnings.warn( - "'LighttpdCGIRootFix' is renamed 'CGIRootFix'. Both will be" - " removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(LighttpdCGIRootFix, self).__init__(*args, **kwargs) - - -class PathInfoFromRequestUriFix(object): - """On windows environment variables are limited to the system charset - which makes it impossible to store the `PATH_INFO` variable in the - environment without loss of information on some systems. - - This is for example a problem for CGI scripts on a Windows Apache. - - This fixer works by recreating the `PATH_INFO` from `REQUEST_URI`, - `REQUEST_URL`, or `UNENCODED_URL` (whatever is available). Thus the - fix can only be applied if the webserver supports either of these - variables. - - :param app: the WSGI application - - .. deprecated:: 0.15 - This middleware will be removed in version 1.0. - """ - - def __init__(self, app): - warnings.warn( - "'PathInfoFromRequestUriFix' is deprecated as of version" - " 0.15 and will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - self.app = app - - def __call__(self, environ, start_response): - for key in "REQUEST_URL", "REQUEST_URI", "UNENCODED_URL": - if key not in environ: - continue - request_uri = unquote(environ[key]) - script_name = unquote(environ.get("SCRIPT_NAME", "")) - if request_uri.startswith(script_name): - environ["PATH_INFO"] = request_uri[len(script_name) :].split("?", 1)[0] - break - return self.app(environ, start_response) - - -class ProxyFix(_ProxyFix): - """ - .. deprecated:: 0.15 - ``werkzeug.contrib.fixers.ProxyFix`` has moved to - :mod:`werkzeug.middleware.proxy_fix`. This import will be - removed in 1.0. - """ - - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.contrib.fixers.ProxyFix' has moved to 'werkzeug" - ".middleware.proxy_fix.ProxyFix'. This import is deprecated" - " as of version 0.15 and will be removed in 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(ProxyFix, self).__init__(*args, **kwargs) - - -class HeaderRewriterFix(object): - """This middleware can remove response headers and add others. This - is for example useful to remove the `Date` header from responses if you - are using a server that adds that header, no matter if it's present or - not or to add `X-Powered-By` headers:: - - app = HeaderRewriterFix(app, remove_headers=['Date'], - add_headers=[('X-Powered-By', 'WSGI')]) - - :param app: the WSGI application - :param remove_headers: a sequence of header keys that should be - removed. - :param add_headers: a sequence of ``(key, value)`` tuples that should - be added. - - .. deprecated:: 0.15 - This middleware will be removed in 1.0. - """ - - def __init__(self, app, remove_headers=None, add_headers=None): - warnings.warn( - "'HeaderRewriterFix' is deprecated as of version 0.15 and" - " will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - self.app = app - self.remove_headers = set(x.lower() for x in (remove_headers or ())) - self.add_headers = list(add_headers or ()) - - def __call__(self, environ, start_response): - def rewriting_start_response(status, headers, exc_info=None): - new_headers = [] - for key, value in headers: - if key.lower() not in self.remove_headers: - new_headers.append((key, value)) - new_headers += self.add_headers - return start_response(status, new_headers, exc_info) - - return self.app(environ, rewriting_start_response) - - -class InternetExplorerFix(object): - """This middleware fixes a couple of bugs with Microsoft Internet - Explorer. Currently the following fixes are applied: - - - removing of `Vary` headers for unsupported mimetypes which - causes troubles with caching. Can be disabled by passing - ``fix_vary=False`` to the constructor. - see: https://support.microsoft.com/en-us/help/824847 - - - removes offending headers to work around caching bugs in - Internet Explorer if `Content-Disposition` is set. Can be - disabled by passing ``fix_attach=False`` to the constructor. - - If it does not detect affected Internet Explorer versions it won't touch - the request / response. - - .. deprecated:: 0.15 - This middleware will be removed in 1.0. - """ - - # This code was inspired by Django fixers for the same bugs. The - # fix_vary and fix_attach fixers were originally implemented in Django - # by Michael Axiak and is available as part of the Django project: - # https://code.djangoproject.com/ticket/4148 - - def __init__(self, app, fix_vary=True, fix_attach=True): - warnings.warn( - "'InternetExplorerFix' is deprecated as of version 0.15 and" - " will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - self.app = app - self.fix_vary = fix_vary - self.fix_attach = fix_attach - - def fix_headers(self, environ, headers, status=None): - if self.fix_vary: - header = headers.get("content-type", "") - mimetype, options = parse_options_header(header) - if mimetype not in ("text/html", "text/plain", "text/sgml"): - headers.pop("vary", None) - - if self.fix_attach and "content-disposition" in headers: - pragma = parse_set_header(headers.get("pragma", "")) - pragma.discard("no-cache") - header = pragma.to_header() - if not header: - headers.pop("pragma", "") - else: - headers["Pragma"] = header - header = headers.get("cache-control", "") - if header: - cc = parse_cache_control_header(header, cls=ResponseCacheControl) - cc.no_cache = None - cc.no_store = False - header = cc.to_header() - if not header: - headers.pop("cache-control", "") - else: - headers["Cache-Control"] = header - - def run_fixed(self, environ, start_response): - def fixing_start_response(status, headers, exc_info=None): - headers = Headers(headers) - self.fix_headers(environ, headers, status) - return start_response(status, headers.to_wsgi_list(), exc_info) - - return self.app(environ, fixing_start_response) - - def __call__(self, environ, start_response): - ua = UserAgent(environ) - if ua.browser != "msie": - return self.app(environ, start_response) - return self.run_fixed(environ, start_response) diff --git a/src/werkzeug/contrib/iterio.py b/src/werkzeug/contrib/iterio.py deleted file mode 100644 index b67245409..000000000 --- a/src/werkzeug/contrib/iterio.py +++ /dev/null @@ -1,358 +0,0 @@ -# -*- coding: utf-8 -*- -r""" - werkzeug.contrib.iterio - ~~~~~~~~~~~~~~~~~~~~~~~ - - This module implements a :class:`IterIO` that converts an iterator into - a stream object and the other way round. Converting streams into - iterators requires the `greenlet`_ module. - - To convert an iterator into a stream all you have to do is to pass it - directly to the :class:`IterIO` constructor. In this example we pass it - a newly created generator:: - - def foo(): - yield "something\n" - yield "otherthings" - stream = IterIO(foo()) - print stream.read() # read the whole iterator - - The other way round works a bit different because we have to ensure that - the code execution doesn't take place yet. An :class:`IterIO` call with a - callable as first argument does two things. The function itself is passed - an :class:`IterIO` stream it can feed. The object returned by the - :class:`IterIO` constructor on the other hand is not an stream object but - an iterator:: - - def foo(stream): - stream.write("some") - stream.write("thing") - stream.flush() - stream.write("otherthing") - iterator = IterIO(foo) - print iterator.next() # prints something - print iterator.next() # prints otherthing - iterator.next() # raises StopIteration - - .. _greenlet: https://github.com/python-greenlet/greenlet - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -import warnings - -from .._compat import implements_iterator - -try: - import greenlet -except ImportError: - greenlet = None - -warnings.warn( - "'werkzeug.contrib.iterio' is deprecated as of version 0.15 and" - " will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, -) - - -def _mixed_join(iterable, sentinel): - """concatenate any string type in an intelligent way.""" - iterator = iter(iterable) - first_item = next(iterator, sentinel) - if isinstance(first_item, bytes): - return first_item + b"".join(iterator) - return first_item + u"".join(iterator) - - -def _newline(reference_string): - if isinstance(reference_string, bytes): - return b"\n" - return u"\n" - - -@implements_iterator -class IterIO(object): - """Instances of this object implement an interface compatible with the - standard Python :class:`file` object. Streams are either read-only or - write-only depending on how the object is created. - - If the first argument is an iterable a file like object is returned that - returns the contents of the iterable. In case the iterable is empty - read operations will return the sentinel value. - - If the first argument is a callable then the stream object will be - created and passed to that function. The caller itself however will - not receive a stream but an iterable. The function will be executed - step by step as something iterates over the returned iterable. Each - call to :meth:`flush` will create an item for the iterable. If - :meth:`flush` is called without any writes in-between the sentinel - value will be yielded. - - Note for Python 3: due to the incompatible interface of bytes and - streams you should set the sentinel value explicitly to an empty - bytestring (``b''``) if you are expecting to deal with bytes as - otherwise the end of the stream is marked with the wrong sentinel - value. - - .. versionadded:: 0.9 - `sentinel` parameter was added. - """ - - def __new__(cls, obj, sentinel=""): - try: - iterator = iter(obj) - except TypeError: - return IterI(obj, sentinel) - return IterO(iterator, sentinel) - - def __iter__(self): - return self - - def tell(self): - if self.closed: - raise ValueError("I/O operation on closed file") - return self.pos - - def isatty(self): - if self.closed: - raise ValueError("I/O operation on closed file") - return False - - def seek(self, pos, mode=0): - if self.closed: - raise ValueError("I/O operation on closed file") - raise IOError(9, "Bad file descriptor") - - def truncate(self, size=None): - if self.closed: - raise ValueError("I/O operation on closed file") - raise IOError(9, "Bad file descriptor") - - def write(self, s): - if self.closed: - raise ValueError("I/O operation on closed file") - raise IOError(9, "Bad file descriptor") - - def writelines(self, list): - if self.closed: - raise ValueError("I/O operation on closed file") - raise IOError(9, "Bad file descriptor") - - def read(self, n=-1): - if self.closed: - raise ValueError("I/O operation on closed file") - raise IOError(9, "Bad file descriptor") - - def readlines(self, sizehint=0): - if self.closed: - raise ValueError("I/O operation on closed file") - raise IOError(9, "Bad file descriptor") - - def readline(self, length=None): - if self.closed: - raise ValueError("I/O operation on closed file") - raise IOError(9, "Bad file descriptor") - - def flush(self): - if self.closed: - raise ValueError("I/O operation on closed file") - raise IOError(9, "Bad file descriptor") - - def __next__(self): - if self.closed: - raise StopIteration() - line = self.readline() - if not line: - raise StopIteration() - return line - - -class IterI(IterIO): - """Convert an stream into an iterator.""" - - def __new__(cls, func, sentinel=""): - if greenlet is None: - raise RuntimeError("IterI requires greenlet support") - stream = object.__new__(cls) - stream._parent = greenlet.getcurrent() - stream._buffer = [] - stream.closed = False - stream.sentinel = sentinel - stream.pos = 0 - - def run(): - func(stream) - stream.close() - - g = greenlet.greenlet(run, stream._parent) - while 1: - rv = g.switch() - if not rv: - return - yield rv[0] - - def close(self): - if not self.closed: - self.closed = True - self._flush_impl() - - def write(self, s): - if self.closed: - raise ValueError("I/O operation on closed file") - if s: - self.pos += len(s) - self._buffer.append(s) - - def writelines(self, list): - for item in list: - self.write(item) - - def flush(self): - if self.closed: - raise ValueError("I/O operation on closed file") - self._flush_impl() - - def _flush_impl(self): - data = _mixed_join(self._buffer, self.sentinel) - self._buffer = [] - if not data and self.closed: - self._parent.switch() - else: - self._parent.switch((data,)) - - -class IterO(IterIO): - """Iter output. Wrap an iterator and give it a stream like interface.""" - - def __new__(cls, gen, sentinel=""): - self = object.__new__(cls) - self._gen = gen - self._buf = None - self.sentinel = sentinel - self.closed = False - self.pos = 0 - return self - - def __iter__(self): - return self - - def _buf_append(self, string): - """Replace string directly without appending to an empty string, - avoiding type issues.""" - if not self._buf: - self._buf = string - else: - self._buf += string - - def close(self): - if not self.closed: - self.closed = True - if hasattr(self._gen, "close"): - self._gen.close() - - def seek(self, pos, mode=0): - if self.closed: - raise ValueError("I/O operation on closed file") - if mode == 1: - pos += self.pos - elif mode == 2: - self.read() - self.pos = min(self.pos, self.pos + pos) - return - elif mode != 0: - raise IOError("Invalid argument") - buf = [] - try: - tmp_end_pos = len(self._buf or "") - while pos > tmp_end_pos: - item = next(self._gen) - tmp_end_pos += len(item) - buf.append(item) - except StopIteration: - pass - if buf: - self._buf_append(_mixed_join(buf, self.sentinel)) - self.pos = max(0, pos) - - def read(self, n=-1): - if self.closed: - raise ValueError("I/O operation on closed file") - if n < 0: - self._buf_append(_mixed_join(self._gen, self.sentinel)) - result = self._buf[self.pos :] - self.pos += len(result) - return result - new_pos = self.pos + n - buf = [] - try: - tmp_end_pos = 0 if self._buf is None else len(self._buf) - while new_pos > tmp_end_pos or (self._buf is None and not buf): - item = next(self._gen) - tmp_end_pos += len(item) - buf.append(item) - except StopIteration: - pass - if buf: - self._buf_append(_mixed_join(buf, self.sentinel)) - - if self._buf is None: - return self.sentinel - - new_pos = max(0, new_pos) - try: - return self._buf[self.pos : new_pos] - finally: - self.pos = min(new_pos, len(self._buf)) - - def readline(self, length=None): - if self.closed: - raise ValueError("I/O operation on closed file") - - nl_pos = -1 - if self._buf: - nl_pos = self._buf.find(_newline(self._buf), self.pos) - buf = [] - try: - if self._buf is None: - pos = self.pos - else: - pos = len(self._buf) - while nl_pos < 0: - item = next(self._gen) - local_pos = item.find(_newline(item)) - buf.append(item) - if local_pos >= 0: - nl_pos = pos + local_pos - break - pos += len(item) - except StopIteration: - pass - if buf: - self._buf_append(_mixed_join(buf, self.sentinel)) - - if self._buf is None: - return self.sentinel - - if nl_pos < 0: - new_pos = len(self._buf) - else: - new_pos = nl_pos + 1 - if length is not None and self.pos + length < new_pos: - new_pos = self.pos + length - try: - return self._buf[self.pos : new_pos] - finally: - self.pos = min(new_pos, len(self._buf)) - - def readlines(self, sizehint=0): - total = 0 - lines = [] - line = self.readline() - while line: - lines.append(line) - total += len(line) - if 0 < sizehint <= total: - break - line = self.readline() - return lines diff --git a/src/werkzeug/contrib/lint.py b/src/werkzeug/contrib/lint.py deleted file mode 100644 index 8bd8b8ab2..000000000 --- a/src/werkzeug/contrib/lint.py +++ /dev/null @@ -1,11 +0,0 @@ -import warnings - -from ..middleware.lint import * # noqa: F401, F403 - -warnings.warn( - "'werkzeug.contrib.lint' has moved to 'werkzeug.middleware.lint'." - " This import is deprecated as of version 0.15 and will be removed" - " in version 1.0.", - DeprecationWarning, - stacklevel=2, -) diff --git a/src/werkzeug/contrib/profiler.py b/src/werkzeug/contrib/profiler.py deleted file mode 100644 index b79fe567f..000000000 --- a/src/werkzeug/contrib/profiler.py +++ /dev/null @@ -1,42 +0,0 @@ -import warnings - -from ..middleware.profiler import * # noqa: F401, F403 - -warnings.warn( - "'werkzeug.contrib.profiler' has moved to" - "'werkzeug.middleware.profiler'. This import is deprecated as of" - "version 0.15 and will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, -) - - -class MergeStream(object): - """An object that redirects ``write`` calls to multiple streams. - Use this to log to both ``sys.stdout`` and a file:: - - f = open('profiler.log', 'w') - stream = MergeStream(sys.stdout, f) - profiler = ProfilerMiddleware(app, stream) - - .. deprecated:: 0.15 - Use the ``tee`` command in your terminal instead. This class - will be removed in 1.0. - """ - - def __init__(self, *streams): - warnings.warn( - "'MergeStream' is deprecated as of version 0.15 and will be removed in" - " version 1.0. Use your terminal's 'tee' command instead.", - DeprecationWarning, - stacklevel=2, - ) - - if not streams: - raise TypeError("At least one stream must be given.") - - self.streams = streams - - def write(self, data): - for stream in self.streams: - stream.write(data) diff --git a/src/werkzeug/contrib/securecookie.py b/src/werkzeug/contrib/securecookie.py deleted file mode 100644 index c4c9eee25..000000000 --- a/src/werkzeug/contrib/securecookie.py +++ /dev/null @@ -1,362 +0,0 @@ -# -*- coding: utf-8 -*- -r""" - werkzeug.contrib.securecookie - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - - This module implements a cookie that is not alterable from the client - because it adds a checksum the server checks for. You can use it as - session replacement if all you have is a user id or something to mark - a logged in user. - - Keep in mind that the data is still readable from the client as a - normal cookie is. However you don't have to store and flush the - sessions you have at the server. - - Example usage: - - >>> from werkzeug.contrib.securecookie import SecureCookie - >>> x = SecureCookie({"foo": 42, "baz": (1, 2, 3)}, "deadbeef") - - Dumping into a string so that one can store it in a cookie: - - >>> value = x.serialize() - - Loading from that string again: - - >>> x = SecureCookie.unserialize(value, "deadbeef") - >>> x["baz"] - (1, 2, 3) - - If someone modifies the cookie and the checksum is wrong the unserialize - method will fail silently and return a new empty `SecureCookie` object. - - Keep in mind that the values will be visible in the cookie so do not - store data in a cookie you don't want the user to see. - - Application Integration - ======================= - - If you are using the werkzeug request objects you could integrate the - secure cookie into your application like this:: - - from werkzeug.utils import cached_property - from werkzeug.wrappers import BaseRequest - from werkzeug.contrib.securecookie import SecureCookie - - # don't use this key but a different one; you could just use - # os.urandom(20) to get something random - SECRET_KEY = '\xfa\xdd\xb8z\xae\xe0}4\x8b\xea' - - class Request(BaseRequest): - - @cached_property - def client_session(self): - data = self.cookies.get('session_data') - if not data: - return SecureCookie(secret_key=SECRET_KEY) - return SecureCookie.unserialize(data, SECRET_KEY) - - def application(environ, start_response): - request = Request(environ) - - # get a response object here - response = ... - - if request.client_session.should_save: - session_data = request.client_session.serialize() - response.set_cookie('session_data', session_data, - httponly=True) - return response(environ, start_response) - - A less verbose integration can be achieved by using shorthand methods:: - - class Request(BaseRequest): - - @cached_property - def client_session(self): - return SecureCookie.load_cookie(self, secret_key=COOKIE_SECRET) - - def application(environ, start_response): - request = Request(environ) - - # get a response object here - response = ... - - request.client_session.save_cookie(response) - return response(environ, start_response) - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -import base64 -import pickle -import warnings -from hashlib import sha1 as _default_hash -from hmac import new as hmac -from time import time - -from .._compat import iteritems -from .._compat import text_type -from .._compat import to_bytes -from .._compat import to_native -from .._internal import _date_to_unix -from ..contrib.sessions import ModificationTrackingDict -from ..security import safe_str_cmp -from ..urls import url_quote_plus -from ..urls import url_unquote_plus - -warnings.warn( - "'werkzeug.contrib.securecookie' is deprecated as of version 0.15" - " and will be removed in version 1.0. It has moved to" - " https://github.com/pallets/secure-cookie.", - DeprecationWarning, - stacklevel=2, -) - - -class UnquoteError(Exception): - """Internal exception used to signal failures on quoting.""" - - -class SecureCookie(ModificationTrackingDict): - """Represents a secure cookie. You can subclass this class and provide - an alternative mac method. The import thing is that the mac method - is a function with a similar interface to the hashlib. Required - methods are update() and digest(). - - Example usage: - - >>> x = SecureCookie({"foo": 42, "baz": (1, 2, 3)}, "deadbeef") - >>> x["foo"] - 42 - >>> x["baz"] - (1, 2, 3) - >>> x["blafasel"] = 23 - >>> x.should_save - True - - :param data: the initial data. Either a dict, list of tuples or `None`. - :param secret_key: the secret key. If not set `None` or not specified - it has to be set before :meth:`serialize` is called. - :param new: The initial value of the `new` flag. - """ - - #: The hash method to use. This has to be a module with a new function - #: or a function that creates a hashlib object. Such as `hashlib.md5` - #: Subclasses can override this attribute. The default hash is sha1. - #: Make sure to wrap this in staticmethod() if you store an arbitrary - #: function there such as hashlib.sha1 which might be implemented - #: as a function. - hash_method = staticmethod(_default_hash) - - #: The module used for serialization. Should have a ``dumps`` and a - #: ``loads`` method that takes bytes. The default is :mod:`pickle`. - #: - #: .. versionchanged:: 0.15 - #: The default of ``pickle`` will change to :mod:`json` in 1.0. - serialization_method = pickle - - #: if the contents should be base64 quoted. This can be disabled if the - #: serialization process returns cookie safe strings only. - quote_base64 = True - - def __init__(self, data=None, secret_key=None, new=True): - ModificationTrackingDict.__init__(self, data or ()) - # explicitly convert it into a bytestring because python 2.6 - # no longer performs an implicit string conversion on hmac - if secret_key is not None: - secret_key = to_bytes(secret_key, "utf-8") - self.secret_key = secret_key - self.new = new - - if self.serialization_method is pickle: - warnings.warn( - "The default 'SecureCookie.serialization_method' will" - " change from pickle to json in version 1.0. To upgrade" - " existing tokens, override 'unquote' to try pickle if" - " json fails.", - stacklevel=2, - ) - - def __repr__(self): - return "<%s %s%s>" % ( - self.__class__.__name__, - dict.__repr__(self), - "*" if self.should_save else "", - ) - - @property - def should_save(self): - """True if the session should be saved. By default this is only true - for :attr:`modified` cookies, not :attr:`new`. - """ - return self.modified - - @classmethod - def quote(cls, value): - """Quote the value for the cookie. This can be any object supported - by :attr:`serialization_method`. - - :param value: the value to quote. - """ - if cls.serialization_method is not None: - value = cls.serialization_method.dumps(value) - if cls.quote_base64: - value = b"".join( - base64.b64encode(to_bytes(value, "utf8")).splitlines() - ).strip() - return value - - @classmethod - def unquote(cls, value): - """Unquote the value for the cookie. If unquoting does not work a - :exc:`UnquoteError` is raised. - - :param value: the value to unquote. - """ - try: - if cls.quote_base64: - value = base64.b64decode(value) - if cls.serialization_method is not None: - value = cls.serialization_method.loads(value) - return value - except Exception: - # unfortunately pickle and other serialization modules can - # cause pretty every error here. if we get one we catch it - # and convert it into an UnquoteError - raise UnquoteError() - - def serialize(self, expires=None): - """Serialize the secure cookie into a string. - - If expires is provided, the session will be automatically invalidated - after expiration when you unseralize it. This provides better - protection against session cookie theft. - - :param expires: an optional expiration date for the cookie (a - :class:`datetime.datetime` object) - """ - if self.secret_key is None: - raise RuntimeError("no secret key defined") - if expires: - self["_expires"] = _date_to_unix(expires) - result = [] - mac = hmac(self.secret_key, None, self.hash_method) - for key, value in sorted(self.items()): - result.append( - ( - "%s=%s" % (url_quote_plus(key), self.quote(value).decode("ascii")) - ).encode("ascii") - ) - mac.update(b"|" + result[-1]) - return b"?".join([base64.b64encode(mac.digest()).strip(), b"&".join(result)]) - - @classmethod - def unserialize(cls, string, secret_key): - """Load the secure cookie from a serialized string. - - :param string: the cookie value to unserialize. - :param secret_key: the secret key used to serialize the cookie. - :return: a new :class:`SecureCookie`. - """ - if isinstance(string, text_type): - string = string.encode("utf-8", "replace") - if isinstance(secret_key, text_type): - secret_key = secret_key.encode("utf-8", "replace") - try: - base64_hash, data = string.split(b"?", 1) - except (ValueError, IndexError): - items = () - else: - items = {} - mac = hmac(secret_key, None, cls.hash_method) - for item in data.split(b"&"): - mac.update(b"|" + item) - if b"=" not in item: - items = None - break - key, value = item.split(b"=", 1) - # try to make the key a string - key = url_unquote_plus(key.decode("ascii")) - try: - key = to_native(key) - except UnicodeError: - pass - items[key] = value - - # no parsing error and the mac looks okay, we can now - # sercurely unpickle our cookie. - try: - client_hash = base64.b64decode(base64_hash) - except TypeError: - items = client_hash = None - if items is not None and safe_str_cmp(client_hash, mac.digest()): - try: - for key, value in iteritems(items): - items[key] = cls.unquote(value) - except UnquoteError: - items = () - else: - if "_expires" in items: - if time() > items["_expires"]: - items = () - else: - del items["_expires"] - else: - items = () - return cls(items, secret_key, False) - - @classmethod - def load_cookie(cls, request, key="session", secret_key=None): - """Loads a :class:`SecureCookie` from a cookie in request. If the - cookie is not set, a new :class:`SecureCookie` instanced is - returned. - - :param request: a request object that has a `cookies` attribute - which is a dict of all cookie values. - :param key: the name of the cookie. - :param secret_key: the secret key used to unquote the cookie. - Always provide the value even though it has - no default! - """ - data = request.cookies.get(key) - if not data: - return cls(secret_key=secret_key) - return cls.unserialize(data, secret_key) - - def save_cookie( - self, - response, - key="session", - expires=None, - session_expires=None, - max_age=None, - path="/", - domain=None, - secure=None, - httponly=False, - force=False, - ): - """Saves the SecureCookie in a cookie on response object. All - parameters that are not described here are forwarded directly - to :meth:`~BaseResponse.set_cookie`. - - :param response: a response object that has a - :meth:`~BaseResponse.set_cookie` method. - :param key: the name of the cookie. - :param session_expires: the expiration date of the secure cookie - stored information. If this is not provided - the cookie `expires` date is used instead. - """ - if force or self.should_save: - data = self.serialize(session_expires or expires) - response.set_cookie( - key, - data, - expires=expires, - max_age=max_age, - path=path, - domain=domain, - secure=secure, - httponly=httponly, - ) diff --git a/src/werkzeug/contrib/sessions.py b/src/werkzeug/contrib/sessions.py deleted file mode 100644 index 866e827c1..000000000 --- a/src/werkzeug/contrib/sessions.py +++ /dev/null @@ -1,389 +0,0 @@ -# -*- coding: utf-8 -*- -r""" - werkzeug.contrib.sessions - ~~~~~~~~~~~~~~~~~~~~~~~~~ - - This module contains some helper classes that help one to add session - support to a python WSGI application. For full client-side session - storage see :mod:`~werkzeug.contrib.securecookie` which implements a - secure, client-side session storage. - - - Application Integration - ======================= - - :: - - from werkzeug.contrib.sessions import SessionMiddleware, \ - FilesystemSessionStore - - app = SessionMiddleware(app, FilesystemSessionStore()) - - The current session will then appear in the WSGI environment as - `werkzeug.session`. However it's recommended to not use the middleware - but the stores directly in the application. However for very simple - scripts a middleware for sessions could be sufficient. - - This module does not implement methods or ways to check if a session is - expired. That should be done by a cronjob and storage specific. For - example to prune unused filesystem sessions one could check the modified - time of the files. If sessions are stored in the database the new() - method should add an expiration timestamp for the session. - - For better flexibility it's recommended to not use the middleware but the - store and session object directly in the application dispatching:: - - session_store = FilesystemSessionStore() - - def application(environ, start_response): - request = Request(environ) - sid = request.cookies.get('cookie_name') - if sid is None: - request.session = session_store.new() - else: - request.session = session_store.get(sid) - response = get_the_response_object(request) - if request.session.should_save: - session_store.save(request.session) - response.set_cookie('cookie_name', request.session.sid) - return response(environ, start_response) - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -import os -import re -import tempfile -import warnings -from hashlib import sha1 -from os import path -from pickle import dump -from pickle import HIGHEST_PROTOCOL -from pickle import load -from random import random -from time import time - -from .._compat import PY2 -from .._compat import text_type -from ..datastructures import CallbackDict -from ..filesystem import get_filesystem_encoding -from ..posixemulation import rename -from ..utils import dump_cookie -from ..utils import parse_cookie -from ..wsgi import ClosingIterator - -warnings.warn( - "'werkzeug.contrib.sessions' is deprecated as of version 0.15 and" - " will be removed in version 1.0. It has moved to" - " https://github.com/pallets/secure-cookie.", - DeprecationWarning, - stacklevel=2, -) - -_sha1_re = re.compile(r"^[a-f0-9]{40}$") - - -def _urandom(): - if hasattr(os, "urandom"): - return os.urandom(30) - return text_type(random()).encode("ascii") - - -def generate_key(salt=None): - if salt is None: - salt = repr(salt).encode("ascii") - return sha1(b"".join([salt, str(time()).encode("ascii"), _urandom()])).hexdigest() - - -class ModificationTrackingDict(CallbackDict): - __slots__ = ("modified",) - - def __init__(self, *args, **kwargs): - def on_update(self): - self.modified = True - - self.modified = False - CallbackDict.__init__(self, on_update=on_update) - dict.update(self, *args, **kwargs) - - def copy(self): - """Create a flat copy of the dict.""" - missing = object() - result = object.__new__(self.__class__) - for name in self.__slots__: - val = getattr(self, name, missing) - if val is not missing: - setattr(result, name, val) - return result - - def __copy__(self): - return self.copy() - - -class Session(ModificationTrackingDict): - """Subclass of a dict that keeps track of direct object changes. Changes - in mutable structures are not tracked, for those you have to set - `modified` to `True` by hand. - """ - - __slots__ = ModificationTrackingDict.__slots__ + ("sid", "new") - - def __init__(self, data, sid, new=False): - ModificationTrackingDict.__init__(self, data) - self.sid = sid - self.new = new - - def __repr__(self): - return "<%s %s%s>" % ( - self.__class__.__name__, - dict.__repr__(self), - "*" if self.should_save else "", - ) - - @property - def should_save(self): - """True if the session should be saved. - - .. versionchanged:: 0.6 - By default the session is now only saved if the session is - modified, not if it is new like it was before. - """ - return self.modified - - -class SessionStore(object): - """Baseclass for all session stores. The Werkzeug contrib module does not - implement any useful stores besides the filesystem store, application - developers are encouraged to create their own stores. - - :param session_class: The session class to use. Defaults to - :class:`Session`. - """ - - def __init__(self, session_class=None): - if session_class is None: - session_class = Session - self.session_class = session_class - - def is_valid_key(self, key): - """Check if a key has the correct format.""" - return _sha1_re.match(key) is not None - - def generate_key(self, salt=None): - """Simple function that generates a new session key.""" - return generate_key(salt) - - def new(self): - """Generate a new session.""" - return self.session_class({}, self.generate_key(), True) - - def save(self, session): - """Save a session.""" - - def save_if_modified(self, session): - """Save if a session class wants an update.""" - if session.should_save: - self.save(session) - - def delete(self, session): - """Delete a session.""" - - def get(self, sid): - """Get a session for this sid or a new session object. This method - has to check if the session key is valid and create a new session if - that wasn't the case. - """ - return self.session_class({}, sid, True) - - -#: used for temporary files by the filesystem session store -_fs_transaction_suffix = ".__wz_sess" - - -class FilesystemSessionStore(SessionStore): - """Simple example session store that saves sessions on the filesystem. - This store works best on POSIX systems and Windows Vista / Windows - Server 2008 and newer. - - .. versionchanged:: 0.6 - `renew_missing` was added. Previously this was considered `True`, - now the default changed to `False` and it can be explicitly - deactivated. - - :param path: the path to the folder used for storing the sessions. - If not provided the default temporary directory is used. - :param filename_template: a string template used to give the session - a filename. ``%s`` is replaced with the - session id. - :param session_class: The session class to use. Defaults to - :class:`Session`. - :param renew_missing: set to `True` if you want the store to - give the user a new sid if the session was - not yet saved. - """ - - def __init__( - self, - path=None, - filename_template="werkzeug_%s.sess", - session_class=None, - renew_missing=False, - mode=0o644, - ): - SessionStore.__init__(self, session_class) - if path is None: - path = tempfile.gettempdir() - self.path = path - if isinstance(filename_template, text_type) and PY2: - filename_template = filename_template.encode(get_filesystem_encoding()) - assert not filename_template.endswith(_fs_transaction_suffix), ( - "filename templates may not end with %s" % _fs_transaction_suffix - ) - self.filename_template = filename_template - self.renew_missing = renew_missing - self.mode = mode - - def get_session_filename(self, sid): - # out of the box, this should be a strict ASCII subset but - # you might reconfigure the session object to have a more - # arbitrary string. - if isinstance(sid, text_type) and PY2: - sid = sid.encode(get_filesystem_encoding()) - return path.join(self.path, self.filename_template % sid) - - def save(self, session): - fn = self.get_session_filename(session.sid) - fd, tmp = tempfile.mkstemp(suffix=_fs_transaction_suffix, dir=self.path) - f = os.fdopen(fd, "wb") - try: - dump(dict(session), f, HIGHEST_PROTOCOL) - finally: - f.close() - try: - rename(tmp, fn) - os.chmod(fn, self.mode) - except (IOError, OSError): - pass - - def delete(self, session): - fn = self.get_session_filename(session.sid) - try: - os.unlink(fn) - except OSError: - pass - - def get(self, sid): - if not self.is_valid_key(sid): - return self.new() - try: - f = open(self.get_session_filename(sid), "rb") - except IOError: - if self.renew_missing: - return self.new() - data = {} - else: - try: - try: - data = load(f) - except Exception: - data = {} - finally: - f.close() - return self.session_class(data, sid, False) - - def list(self): - """Lists all sessions in the store. - - .. versionadded:: 0.6 - """ - before, after = self.filename_template.split("%s", 1) - filename_re = re.compile( - r"%s(.{5,})%s$" % (re.escape(before), re.escape(after)) - ) - result = [] - for filename in os.listdir(self.path): - #: this is a session that is still being saved. - if filename.endswith(_fs_transaction_suffix): - continue - match = filename_re.match(filename) - if match is not None: - result.append(match.group(1)) - return result - - -class SessionMiddleware(object): - """A simple middleware that puts the session object of a store provided - into the WSGI environ. It automatically sets cookies and restores - sessions. - - However a middleware is not the preferred solution because it won't be as - fast as sessions managed by the application itself and will put a key into - the WSGI environment only relevant for the application which is against - the concept of WSGI. - - The cookie parameters are the same as for the :func:`~dump_cookie` - function just prefixed with ``cookie_``. Additionally `max_age` is - called `cookie_age` and not `cookie_max_age` because of backwards - compatibility. - """ - - def __init__( - self, - app, - store, - cookie_name="session_id", - cookie_age=None, - cookie_expires=None, - cookie_path="/", - cookie_domain=None, - cookie_secure=None, - cookie_httponly=False, - cookie_samesite="Lax", - environ_key="werkzeug.session", - ): - self.app = app - self.store = store - self.cookie_name = cookie_name - self.cookie_age = cookie_age - self.cookie_expires = cookie_expires - self.cookie_path = cookie_path - self.cookie_domain = cookie_domain - self.cookie_secure = cookie_secure - self.cookie_httponly = cookie_httponly - self.cookie_samesite = cookie_samesite - self.environ_key = environ_key - - def __call__(self, environ, start_response): - cookie = parse_cookie(environ.get("HTTP_COOKIE", "")) - sid = cookie.get(self.cookie_name, None) - if sid is None: - session = self.store.new() - else: - session = self.store.get(sid) - environ[self.environ_key] = session - - def injecting_start_response(status, headers, exc_info=None): - if session.should_save: - self.store.save(session) - headers.append( - ( - "Set-Cookie", - dump_cookie( - self.cookie_name, - session.sid, - self.cookie_age, - self.cookie_expires, - self.cookie_path, - self.cookie_domain, - self.cookie_secure, - self.cookie_httponly, - samesite=self.cookie_samesite, - ), - ) - ) - return start_response(status, headers, exc_info) - - return ClosingIterator( - self.app(environ, injecting_start_response), - lambda: self.store.save_if_modified(session), - ) diff --git a/src/werkzeug/contrib/wrappers.py b/src/werkzeug/contrib/wrappers.py deleted file mode 100644 index 49b82a71e..000000000 --- a/src/werkzeug/contrib/wrappers.py +++ /dev/null @@ -1,385 +0,0 @@ -# -*- coding: utf-8 -*- -""" - werkzeug.contrib.wrappers - ~~~~~~~~~~~~~~~~~~~~~~~~~ - - Extra wrappers or mixins contributed by the community. These wrappers can - be mixed in into request objects to add extra functionality. - - Example:: - - from werkzeug.wrappers import Request as RequestBase - from werkzeug.contrib.wrappers import JSONRequestMixin - - class Request(RequestBase, JSONRequestMixin): - pass - - Afterwards this request object provides the extra functionality of the - :class:`JSONRequestMixin`. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -import codecs -import warnings - -from .._compat import wsgi_decoding_dance -from ..exceptions import BadRequest -from ..http import dump_options_header -from ..http import parse_options_header -from ..utils import cached_property -from ..wrappers.json import JSONMixin as _JSONMixin - - -def is_known_charset(charset): - """Checks if the given charset is known to Python.""" - try: - codecs.lookup(charset) - except LookupError: - return False - return True - - -class JSONRequestMixin(_JSONMixin): - """ - .. deprecated:: 0.15 - Moved to :class:`werkzeug.wrappers.json.JSONMixin`. This old - import will be removed in version 1.0. - """ - - @property - def json(self): - warnings.warn( - "'werkzeug.contrib.wrappers.JSONRequestMixin' has moved to" - " 'werkzeug.wrappers.json.JSONMixin'. This old import will" - " be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - return super(JSONRequestMixin, self).json - - -class ProtobufRequestMixin(object): - - """Add protobuf parsing method to a request object. This will parse the - input data through `protobuf`_ if possible. - - :exc:`~werkzeug.exceptions.BadRequest` will be raised if the content-type - is not protobuf or if the data itself cannot be parsed property. - - .. _protobuf: https://github.com/protocolbuffers/protobuf - - .. deprecated:: 0.15 - This mixin will be removed in version 1.0. - """ - - #: by default the :class:`ProtobufRequestMixin` will raise a - #: :exc:`~werkzeug.exceptions.BadRequest` if the object is not - #: initialized. You can bypass that check by setting this - #: attribute to `False`. - protobuf_check_initialization = True - - def parse_protobuf(self, proto_type): - """Parse the data into an instance of proto_type.""" - warnings.warn( - "'werkzeug.contrib.wrappers.ProtobufRequestMixin' is" - " deprecated as of version 0.15 and will be removed in" - " version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - if "protobuf" not in self.environ.get("CONTENT_TYPE", ""): - raise BadRequest("Not a Protobuf request") - - obj = proto_type() - try: - obj.ParseFromString(self.data) - except Exception: - raise BadRequest("Unable to parse Protobuf request") - - # Fail if not all required fields are set - if self.protobuf_check_initialization and not obj.IsInitialized(): - raise BadRequest("Partial Protobuf request") - - return obj - - -class RoutingArgsRequestMixin(object): - - """This request mixin adds support for the wsgiorg routing args - `specification`_. - - .. _specification: https://wsgi.readthedocs.io/en/latest/ - specifications/routing_args.html - - .. deprecated:: 0.15 - This mixin will be removed in version 1.0. - """ - - def _get_routing_args(self): - warnings.warn( - "'werkzeug.contrib.wrappers.RoutingArgsRequestMixin' is" - " deprecated as of version 0.15 and will be removed in" - " version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - return self.environ.get("wsgiorg.routing_args", (()))[0] - - def _set_routing_args(self, value): - warnings.warn( - "'werkzeug.contrib.wrappers.RoutingArgsRequestMixin' is" - " deprecated as of version 0.15 and will be removed in" - " version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - if self.shallow: - raise RuntimeError( - "A shallow request tried to modify the WSGI " - "environment. If you really want to do that, " - "set `shallow` to False." - ) - self.environ["wsgiorg.routing_args"] = (value, self.routing_vars) - - routing_args = property( - _get_routing_args, - _set_routing_args, - doc=""" - The positional URL arguments as `tuple`.""", - ) - del _get_routing_args, _set_routing_args - - def _get_routing_vars(self): - warnings.warn( - "'werkzeug.contrib.wrappers.RoutingArgsRequestMixin' is" - " deprecated as of version 0.15 and will be removed in" - " version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - rv = self.environ.get("wsgiorg.routing_args") - if rv is not None: - return rv[1] - rv = {} - if not self.shallow: - self.routing_vars = rv - return rv - - def _set_routing_vars(self, value): - warnings.warn( - "'werkzeug.contrib.wrappers.RoutingArgsRequestMixin' is" - " deprecated as of version 0.15 and will be removed in" - " version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - if self.shallow: - raise RuntimeError( - "A shallow request tried to modify the WSGI " - "environment. If you really want to do that, " - "set `shallow` to False." - ) - self.environ["wsgiorg.routing_args"] = (self.routing_args, value) - - routing_vars = property( - _get_routing_vars, - _set_routing_vars, - doc=""" - The keyword URL arguments as `dict`.""", - ) - del _get_routing_vars, _set_routing_vars - - -class ReverseSlashBehaviorRequestMixin(object): - - """This mixin reverses the trailing slash behavior of :attr:`script_root` - and :attr:`path`. This makes it possible to use :func:`~urlparse.urljoin` - directly on the paths. - - Because it changes the behavior or :class:`Request` this class has to be - mixed in *before* the actual request class:: - - class MyRequest(ReverseSlashBehaviorRequestMixin, Request): - pass - - This example shows the differences (for an application mounted on - `/application` and the request going to `/application/foo/bar`): - - +---------------+-------------------+---------------------+ - | | normal behavior | reverse behavior | - +===============+===================+=====================+ - | `script_root` | ``/application`` | ``/application/`` | - +---------------+-------------------+---------------------+ - | `path` | ``/foo/bar`` | ``foo/bar`` | - +---------------+-------------------+---------------------+ - - .. deprecated:: 0.15 - This mixin will be removed in version 1.0. - """ - - @cached_property - def path(self): - """Requested path as unicode. This works a bit like the regular path - info in the WSGI environment but will not include a leading slash. - """ - warnings.warn( - "'werkzeug.contrib.wrappers.ReverseSlashBehaviorRequestMixin'" - " is deprecated as of version 0.15 and will be removed in" - " version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - path = wsgi_decoding_dance( - self.environ.get("PATH_INFO") or "", self.charset, self.encoding_errors - ) - return path.lstrip("/") - - @cached_property - def script_root(self): - """The root path of the script includling a trailing slash.""" - warnings.warn( - "'werkzeug.contrib.wrappers.ReverseSlashBehaviorRequestMixin'" - " is deprecated as of version 0.15 and will be removed in" - " version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - path = wsgi_decoding_dance( - self.environ.get("SCRIPT_NAME") or "", self.charset, self.encoding_errors - ) - return path.rstrip("/") + "/" - - -class DynamicCharsetRequestMixin(object): - - """"If this mixin is mixed into a request class it will provide - a dynamic `charset` attribute. This means that if the charset is - transmitted in the content type headers it's used from there. - - Because it changes the behavior or :class:`Request` this class has - to be mixed in *before* the actual request class:: - - class MyRequest(DynamicCharsetRequestMixin, Request): - pass - - By default the request object assumes that the URL charset is the - same as the data charset. If the charset varies on each request - based on the transmitted data it's not a good idea to let the URLs - change based on that. Most browsers assume either utf-8 or latin1 - for the URLs if they have troubles figuring out. It's strongly - recommended to set the URL charset to utf-8:: - - class MyRequest(DynamicCharsetRequestMixin, Request): - url_charset = 'utf-8' - - .. deprecated:: 0.15 - This mixin will be removed in version 1.0. - - .. versionadded:: 0.6 - """ - - #: the default charset that is assumed if the content type header - #: is missing or does not contain a charset parameter. The default - #: is latin1 which is what HTTP specifies as default charset. - #: You may however want to set this to utf-8 to better support - #: browsers that do not transmit a charset for incoming data. - default_charset = "latin1" - - def unknown_charset(self, charset): - """Called if a charset was provided but is not supported by - the Python codecs module. By default latin1 is assumed then - to not lose any information, you may override this method to - change the behavior. - - :param charset: the charset that was not found. - :return: the replacement charset. - """ - return "latin1" - - @cached_property - def charset(self): - """The charset from the content type.""" - warnings.warn( - "'werkzeug.contrib.wrappers.DynamicCharsetRequestMixin'" - " is deprecated as of version 0.15 and will be removed in" - " version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - header = self.environ.get("CONTENT_TYPE") - if header: - ct, options = parse_options_header(header) - charset = options.get("charset") - if charset: - if is_known_charset(charset): - return charset - return self.unknown_charset(charset) - return self.default_charset - - -class DynamicCharsetResponseMixin(object): - - """If this mixin is mixed into a response class it will provide - a dynamic `charset` attribute. This means that if the charset is - looked up and stored in the `Content-Type` header and updates - itself automatically. This also means a small performance hit but - can be useful if you're working with different charsets on - responses. - - Because the charset attribute is no a property at class-level, the - default value is stored in `default_charset`. - - Because it changes the behavior or :class:`Response` this class has - to be mixed in *before* the actual response class:: - - class MyResponse(DynamicCharsetResponseMixin, Response): - pass - - .. deprecated:: 0.15 - This mixin will be removed in version 1.0. - - .. versionadded:: 0.6 - """ - - #: the default charset. - default_charset = "utf-8" - - def _get_charset(self): - warnings.warn( - "'werkzeug.contrib.wrappers.DynamicCharsetResponseMixin'" - " is deprecated as of version 0.15 and will be removed in" - " version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - header = self.headers.get("content-type") - if header: - charset = parse_options_header(header)[1].get("charset") - if charset: - return charset - return self.default_charset - - def _set_charset(self, charset): - warnings.warn( - "'werkzeug.contrib.wrappers.DynamicCharsetResponseMixin'" - " is deprecated as of version 0.15 and will be removed in" - " version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - header = self.headers.get("content-type") - ct, options = parse_options_header(header) - if not ct: - raise TypeError("Cannot set charset if Content-Type header is missing.") - options["charset"] = charset - self.headers["Content-Type"] = dump_options_header(ct, options) - - charset = property( - _get_charset, - _set_charset, - doc=""" - The charset for the response. It's stored inside the - Content-Type header as a parameter.""", - ) - del _get_charset, _set_charset diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 9643db96c..c2b4c021b 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -1260,21 +1260,6 @@ def __setitem__(self, key, value): else: self.set(key, value) - def to_list(self, charset="iso-8859-1"): - """Convert the headers into a list suitable for WSGI. - - .. deprecated:: 0.9 - """ - from warnings import warn - - warn( - "'to_list' deprecated as of version 0.9 and will be removed" - " in version 1.0. Use 'to_wsgi_list' instead.", - DeprecationWarning, - stacklevel=2, - ) - return self.to_wsgi_list() - def to_wsgi_list(self): """Convert the headers into a list suitable for WSGI. diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py index 1bb374eaf..e6034b52b 100644 --- a/src/werkzeug/debug/__init__.py +++ b/src/werkzeug/debug/__init__.py @@ -29,24 +29,9 @@ from ..wrappers import BaseRequest as Request from ..wrappers import BaseResponse as Response from .console import Console -from .repr import debug_repr as _debug_repr from .tbtools import get_current_traceback from .tbtools import render_console_html - -def debug_repr(*args, **kwargs): - import warnings - - warnings.warn( - "'debug_repr' has moved to 'werkzeug.debug.repr.debug_repr'" - " as of version 0.7. This old import will be removed in version" - " 1.0.", - DeprecationWarning, - stacklevel=2, - ) - return _debug_repr(*args, **kwargs) - - # A week PIN_TIME = 60 * 60 * 24 * 7 @@ -225,9 +210,6 @@ class DebuggedApplication(object): The `evalex` keyword argument allows evaluating expressions in a traceback's frame context. - .. versionadded:: 0.9 - The `lodgeit_url` parameter was deprecated. - :param app: the WSGI application to run debugged. :param evalex: enable exception evaluation feature (interactive debugging). This requires a non-forking server. @@ -253,20 +235,9 @@ def __init__( console_path="/console", console_init_func=None, show_hidden_frames=False, - lodgeit_url=None, pin_security=True, pin_logging=True, ): - if lodgeit_url is not None: - from warnings import warn - - warn( - "'lodgeit_url' is no longer used as of version 0.9 and" - " will be removed in version 1.0. Werkzeug uses" - " https://gist.github.com/ instead.", - DeprecationWarning, - stacklevel=2, - ) if not console_init_func: console_init_func = None self.app = app diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index af3200750..3f40b3080 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -1247,57 +1247,3 @@ def is_byte_range_valid(start, stop, length): from .datastructures import TypeConversionDict from .datastructures import WWWAuthenticate from .urls import iri_to_uri - -# DEPRECATED -from .datastructures import CharsetAccept as _CharsetAccept -from .datastructures import Headers as _Headers -from .datastructures import LanguageAccept as _LanguageAccept -from .datastructures import MIMEAccept as _MIMEAccept - - -class MIMEAccept(_MIMEAccept): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.http.MIMEAccept' has moved to 'werkzeug" - ".datastructures.MIMEAccept' as of version 0.5. This old" - " import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(MIMEAccept, self).__init__(*args, **kwargs) - - -class CharsetAccept(_CharsetAccept): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.http.CharsetAccept' has moved to 'werkzeug" - ".datastructures.CharsetAccept' as of version 0.5. This old" - " import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(CharsetAccept, self).__init__(*args, **kwargs) - - -class LanguageAccept(_LanguageAccept): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.http.LanguageAccept' has moved to 'werkzeug" - ".datastructures.LanguageAccept' as of version 0.5. This" - " old import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(LanguageAccept, self).__init__(*args, **kwargs) - - -class Headers(_Headers): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.http.Headers' has moved to 'werkzeug" - ".datastructures.Headers' as of version 0.5. This old" - " import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(Headers, self).__init__(*args, **kwargs) diff --git a/src/werkzeug/middleware/proxy_fix.py b/src/werkzeug/middleware/proxy_fix.py index dc1dacc8c..0046799c8 100644 --- a/src/werkzeug/middleware/proxy_fix.py +++ b/src/werkzeug/middleware/proxy_fix.py @@ -21,7 +21,6 @@ :copyright: 2007 Pallets :license: BSD-3-Clause """ -import warnings class ProxyFix(object): @@ -49,7 +48,6 @@ class ProxyFix(object): :param x_port: Number of values to trust for ``X-Forwarded-Port``. :param x_prefix: Number of values to trust for ``X-Forwarded-Prefix``. - :param num_proxies: Deprecated, use ``x_for`` instead. .. code-block:: python @@ -57,6 +55,14 @@ class ProxyFix(object): # App is behind one proxy that sets the -For and -Host headers. app = ProxyFix(app, x_for=1, x_host=1) + .. versionchanged:: 1.0 + Deprecated code has been removed: + + * The ``num_proxies`` argument and attribute. + * The ``get_remote_addr`` method. + * The environ keys ``orig_remote_addr``, + ``orig_wsgi_url_scheme``, and ``orig_http_host``. + .. versionchanged:: 0.15 All headers support multiple values. The ``num_proxies`` argument is deprecated. Each header is configured with a @@ -76,74 +82,13 @@ class ProxyFix(object): ``SERVER_NAME`` and ``SERVER_PORT``. """ - def __init__( - self, app, num_proxies=None, x_for=1, x_proto=0, x_host=0, x_port=0, x_prefix=0 - ): + def __init__(self, app, x_for=1, x_proto=0, x_host=0, x_port=0, x_prefix=0): self.app = app self.x_for = x_for self.x_proto = x_proto self.x_host = x_host self.x_port = x_port self.x_prefix = x_prefix - self.num_proxies = num_proxies - - @property - def num_proxies(self): - """The number of proxies setting ``X-Forwarded-For`` in front - of the application. - - .. deprecated:: 0.15 - A separate number of trusted proxies is configured for each - header. ``num_proxies`` maps to ``x_for``. This method will - be removed in 1.0. - - :internal: - """ - warnings.warn( - "'num_proxies' is deprecated as of version 0.15 and will be" - " removed in version 1.0. Use 'x_for' instead.", - DeprecationWarning, - stacklevel=2, - ) - return self.x_for - - @num_proxies.setter - def num_proxies(self, value): - if value is not None: - warnings.warn( - "'num_proxies' is deprecated as of version 0.15 and" - " will be removed in version 1.0. Use 'x_for' instead.", - DeprecationWarning, - stacklevel=2, - ) - self.x_for = value - - def get_remote_addr(self, forwarded_for): - """Get the real ``remote_addr`` by looking backwards ``x_for`` - number of values in the ``X-Forwarded-For`` header. - - :param forwarded_for: List of values parsed from the - ``X-Forwarded-For`` header. - :return: The real ``remote_addr``, or ``None`` if there were not - at least ``x_for`` values. - - .. deprecated:: 0.15 - This is handled internally for each header. This method will - be removed in 1.0. - - .. versionchanged:: 0.9 - Use ``num_proxies`` instead of always picking the first - value. - - .. versionadded:: 0.8 - """ - warnings.warn( - "'get_remote_addr' is deprecated as of version 0.15 and" - " will be removed in version 1.0. It is now handled" - " internally for each header.", - DeprecationWarning, - ) - return self._get_trusted_comma(self.x_for, ",".join(forwarded_for)) def _get_trusted_comma(self, trusted, value): """Get the real value from a comma-separated header based on the @@ -180,11 +125,7 @@ def __call__(self, environ, start_response): "SERVER_NAME": environ_get("SERVER_NAME"), "SERVER_PORT": environ_get("SERVER_PORT"), "SCRIPT_NAME": environ_get("SCRIPT_NAME"), - }, - # todo: remove deprecated keys - "werkzeug.proxy_fix.orig_remote_addr": orig_remote_addr, - "werkzeug.proxy_fix.orig_wsgi_url_scheme": orig_wsgi_url_scheme, - "werkzeug.proxy_fix.orig_http_host": orig_http_host, + } } ) diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index 9aeb4127c..26fa95877 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -30,7 +30,6 @@ from .datastructures import CombinedMultiDict from .datastructures import EnvironHeaders from .datastructures import FileMultiDict -from .datastructures import FileStorage from .datastructures import Headers from .datastructures import MultiDict from .http import dump_cookie @@ -144,23 +143,6 @@ def encode_multipart(values, boundary=None, charset="utf-8"): return boundary, stream.read() -def File(fd, filename=None, mimetype=None): - """Backwards compat. - - .. deprecated:: 0.5 - """ - from warnings import warn - - warn( - "'werkzeug.test.File' is deprecated as of version 0.5 and will" - " be removed in version 1.0. Use 'EnvironBuilder' or" - " 'FileStorage' instead.", - DeprecationWarning, - stacklevel=2, - ) - return FileStorage(fd, filename=filename, content_type=mimetype) - - class _TestCookieHeaders(object): """A headers adapter for cookielib @@ -456,21 +438,6 @@ def _add_file_from_data(self, key, value): """Called in the EnvironBuilder to add files from the data dict.""" if isinstance(value, tuple): self.files.add_file(key, *value) - elif isinstance(value, dict): - from warnings import warn - - warn( - "Passing a dict as file data is deprecated as of" - " version 0.5 and will be removed in version 1.0. Use" - " a tuple or 'FileStorage' object instead.", - DeprecationWarning, - stacklevel=2, - ) - value = dict(value) - mimetype = value.pop("mimetype", None) - if mimetype is not None: - value["content_type"] = mimetype - self.files.add_file(key, **value) else: self.files.add_file(key, value) diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py index e265e0939..9416b0d7a 100644 --- a/src/werkzeug/useragents.py +++ b/src/werkzeug/useragents.py @@ -12,7 +12,6 @@ :license: BSD-3-Clause """ import re -import warnings class UserAgentParser(object): @@ -201,20 +200,3 @@ def __nonzero__(self): def __repr__(self): return "<%s %r/%s>" % (self.__class__.__name__, self.browser, self.version) - - -# DEPRECATED -from .wrappers import UserAgentMixin as _UserAgentMixin - - -class UserAgentMixin(_UserAgentMixin): - @property - def user_agent(self, *args, **kwargs): - warnings.warn( - "'werkzeug.useragents.UserAgentMixin' should be imported" - " from 'werkzeug.wrappers.UserAgentMixin'. This old import" - " will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - return super(_UserAgentMixin, self).user_agent diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index 20620572c..2504380e9 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -15,7 +15,6 @@ import pkgutil import re import sys -import warnings from ._compat import iteritems from ._compat import PY2 @@ -408,7 +407,7 @@ def secure_filename(filename): return filename -def escape(s, quote=None): +def escape(s): """Replace special characters "&", "<", ">" and (") to HTML-safe sequences. There is a special handling for `None` which escapes to an empty string. @@ -423,24 +422,16 @@ def escape(s, quote=None): return "" elif hasattr(s, "__html__"): return text_type(s.__html__()) - elif not isinstance(s, string_types): + + if not isinstance(s, string_types): s = text_type(s) - if quote is not None: - from warnings import warn - - warn( - "The 'quote' parameter is no longer used as of version 0.9" - " and will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - s = ( + + return ( s.replace("&", "&") .replace("<", "<") .replace(">", ">") .replace('"', """) ) - return s def unescape(s): @@ -755,82 +746,3 @@ def __repr__(self): self.import_name, self.exception, ) - - -# DEPRECATED -from .datastructures import CombinedMultiDict as _CombinedMultiDict -from .datastructures import EnvironHeaders as _EnvironHeaders -from .datastructures import Headers as _Headers -from .datastructures import MultiDict as _MultiDict -from .http import dump_cookie as _dump_cookie -from .http import parse_cookie as _parse_cookie - - -class MultiDict(_MultiDict): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.utils.MultiDict' has moved to 'werkzeug" - ".datastructures.MultiDict' as of version 0.5. This old" - " import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(MultiDict, self).__init__(*args, **kwargs) - - -class CombinedMultiDict(_CombinedMultiDict): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.utils.CombinedMultiDict' has moved to 'werkzeug" - ".datastructures.CombinedMultiDict' as of version 0.5. This" - " old import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(CombinedMultiDict, self).__init__(*args, **kwargs) - - -class Headers(_Headers): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.utils.Headers' has moved to 'werkzeug" - ".datastructures.Headers' as of version 0.5. This old" - " import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(Headers, self).__init__(*args, **kwargs) - - -class EnvironHeaders(_EnvironHeaders): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.utils.EnvironHeaders' has moved to 'werkzeug" - ".datastructures.EnvironHeaders' as of version 0.5. This" - " old import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(EnvironHeaders, self).__init__(*args, **kwargs) - - -def parse_cookie(*args, **kwargs): - warnings.warn( - "'werkzeug.utils.parse_cookie' as moved to 'werkzeug.http" - ".parse_cookie' as of version 0.5. This old import will be" - " removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - return _parse_cookie(*args, **kwargs) - - -def dump_cookie(*args, **kwargs): - warnings.warn( - "'werkzeug.utils.dump_cookie' as moved to 'werkzeug.http" - ".dump_cookie' as of version 0.5. This old import will be" - " removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - return _dump_cookie(*args, **kwargs) diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py index 41e8aadb3..01c476316 100644 --- a/src/werkzeug/wrappers/base_request.py +++ b/src/werkzeug/wrappers/base_request.py @@ -1,4 +1,3 @@ -import warnings from functools import update_wrapper from io import BytesIO @@ -631,7 +630,6 @@ def remote_addr(self): script is protected, this attribute contains the username the user has authenticated as.""", ) - scheme = environ_property( "wsgi.url_scheme", doc=""" @@ -639,29 +637,6 @@ def remote_addr(self): .. versionadded:: 0.7""", ) - - @property - def is_xhr(self): - """True if the request was triggered via a JavaScript XMLHttpRequest. - This only works with libraries that support the ``X-Requested-With`` - header and set it to "XMLHttpRequest". Libraries that do that are - prototype, jQuery and Mochikit and probably some more. - - .. deprecated:: 0.13 - ``X-Requested-With`` is not standard and is unreliable. You - may be able to use :attr:`AcceptMixin.accept_mimetypes` - instead. - """ - warnings.warn( - "'Request.is_xhr' is deprecated as of version 0.13 and will" - " be removed in version 1.0. The 'X-Requested-With' header" - " is not standard and is unreliable. You may be able to use" - " 'accept_mimetypes' instead.", - DeprecationWarning, - stacklevel=2, - ) - return self.environ.get("HTTP_X_REQUESTED_WITH", "").lower() == "xmlhttprequest" - is_secure = property( lambda self: self.environ["wsgi.url_scheme"] == "https", doc="`True` if the request is secure.", diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py index f069f2d86..807b462ad 100644 --- a/src/werkzeug/wsgi.py +++ b/src/werkzeug/wsgi.py @@ -10,7 +10,6 @@ """ import io import re -import warnings from functools import partial from functools import update_wrapper from itertools import chain @@ -999,69 +998,3 @@ def __next__(self): def readable(self): return True - - -# DEPRECATED -from .middleware.dispatcher import DispatcherMiddleware as _DispatcherMiddleware -from .middleware.http_proxy import ProxyMiddleware as _ProxyMiddleware -from .middleware.shared_data import SharedDataMiddleware as _SharedDataMiddleware - - -class ProxyMiddleware(_ProxyMiddleware): - """ - .. deprecated:: 0.15 - ``werkzeug.wsgi.ProxyMiddleware`` has moved to - :mod:`werkzeug.middleware.http_proxy`. This import will be - removed in 1.0. - """ - - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.wsgi.ProxyMiddleware' has moved to 'werkzeug" - ".middleware.http_proxy.ProxyMiddleware'. This import is" - " deprecated as of version 0.15 and will be removed in" - " version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(ProxyMiddleware, self).__init__(*args, **kwargs) - - -class SharedDataMiddleware(_SharedDataMiddleware): - """ - .. deprecated:: 0.15 - ``werkzeug.wsgi.SharedDataMiddleware`` has moved to - :mod:`werkzeug.middleware.shared_data`. This import will be - removed in 1.0. - """ - - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.wsgi.SharedDataMiddleware' has moved to" - " 'werkzeug.middleware.shared_data.SharedDataMiddleware'." - " This import is deprecated as of version 0.15 and will be" - " removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(SharedDataMiddleware, self).__init__(*args, **kwargs) - - -class DispatcherMiddleware(_DispatcherMiddleware): - """ - .. deprecated:: 0.15 - ``werkzeug.wsgi.DispatcherMiddleware`` has moved to - :mod:`werkzeug.middleware.dispatcher`. This import will be - removed in 1.0. - """ - - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.wsgi.DispatcherMiddleware' has moved to" - " 'werkzeug.middleware.dispatcher.DispatcherMiddleware'." - " This import is deprecated as of version 0.15 and will be" - " removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(DispatcherMiddleware, self).__init__(*args, **kwargs) diff --git a/tests/contrib/__init__.py b/tests/contrib/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/tests/contrib/cache/conftest.py b/tests/contrib/cache/conftest.py deleted file mode 100644 index 655f0fa63..000000000 --- a/tests/contrib/cache/conftest.py +++ /dev/null @@ -1,25 +0,0 @@ -import os - -import pytest - -# build the path to the uwsgi marker file -# when running in tox, this will be relative to the tox env -filename = os.path.join(os.environ.get("TOX_ENVTMPDIR", ""), "test_uwsgi_failed") - - -@pytest.hookimpl(tryfirst=True, hookwrapper=True) -def pytest_runtest_makereport(item, call): - """``uwsgi --pyrun`` doesn't pass on the exit code when ``pytest`` fails, - so Tox thinks the tests passed. For UWSGI tests, create a file to mark what - tests fail. The uwsgi Tox env has a command to read this file and exit - appropriately. - """ - outcome = yield - report = outcome.get_result() - - if item.cls.__name__ != "TestUWSGICache": - return - - if report.failed: - with open(filename, "a") as f: - f.write(item.name + "\n") diff --git a/tests/contrib/cache/test_cache.py b/tests/contrib/cache/test_cache.py deleted file mode 100644 index c13227e3a..000000000 --- a/tests/contrib/cache/test_cache.py +++ /dev/null @@ -1,342 +0,0 @@ -# -*- coding: utf-8 -*- -""" - tests.cache - ~~~~~~~~~~~ - - Tests the cache system - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -import errno - -import pytest - -from werkzeug._compat import text_type -from werkzeug.contrib import cache - -try: - import redis -except ImportError: - redis = None - -try: - import pylibmc as memcache -except ImportError: - try: - from google.appengine.api import memcache - except ImportError: - try: - import memcache - except ImportError: - memcache = None - -pytestmark = pytest.mark.skip("werkzeug.contrib.cache moved to cachelib") - - -class CacheTestsBase(object): - _can_use_fast_sleep = True - _guaranteed_deletes = True - - @pytest.fixture - def fast_sleep(self, monkeypatch): - if self._can_use_fast_sleep: - - def sleep(delta): - orig_time = cache.time - monkeypatch.setattr(cache, "time", lambda: orig_time() + delta) - - return sleep - else: - import time - - return time.sleep - - @pytest.fixture - def make_cache(self): - """Return a cache class or factory.""" - raise NotImplementedError() - - @pytest.fixture - def c(self, make_cache): - """Return a cache instance.""" - return make_cache() - - -class GenericCacheTests(CacheTestsBase): - def test_generic_get_dict(self, c): - assert c.set("a", "a") - assert c.set("b", "b") - d = c.get_dict("a", "b") - assert "a" in d - assert "a" == d["a"] - assert "b" in d - assert "b" == d["b"] - - def test_generic_set_get(self, c): - for i in range(3): - assert c.set(str(i), i * i) - - for i in range(3): - result = c.get(str(i)) - assert result == i * i, result - - def test_generic_get_set(self, c): - assert c.set("foo", ["bar"]) - assert c.get("foo") == ["bar"] - - def test_generic_get_many(self, c): - assert c.set("foo", ["bar"]) - assert c.set("spam", "eggs") - assert c.get_many("foo", "spam") == [["bar"], "eggs"] - - def test_generic_set_many(self, c): - assert c.set_many({"foo": "bar", "spam": ["eggs"]}) - assert c.get("foo") == "bar" - assert c.get("spam") == ["eggs"] - - def test_generic_add(self, c): - # sanity check that add() works like set() - assert c.add("foo", "bar") - assert c.get("foo") == "bar" - assert not c.add("foo", "qux") - assert c.get("foo") == "bar" - - def test_generic_delete(self, c): - assert c.add("foo", "bar") - assert c.get("foo") == "bar" - assert c.delete("foo") - assert c.get("foo") is None - - def test_generic_delete_many(self, c): - assert c.add("foo", "bar") - assert c.add("spam", "eggs") - assert c.delete_many("foo", "spam") - assert c.get("foo") is None - assert c.get("spam") is None - - def test_generic_inc_dec(self, c): - assert c.set("foo", 1) - assert c.inc("foo") == c.get("foo") == 2 - assert c.dec("foo") == c.get("foo") == 1 - assert c.delete("foo") - - def test_generic_true_false(self, c): - assert c.set("foo", True) - assert c.get("foo") in (True, 1) - assert c.set("bar", False) - assert c.get("bar") in (False, 0) - - def test_generic_timeout(self, c, fast_sleep): - c.set("foo", "bar", 0) - assert c.get("foo") == "bar" - c.set("baz", "qux", 1) - assert c.get("baz") == "qux" - fast_sleep(3) - # timeout of zero means no timeout - assert c.get("foo") == "bar" - if self._guaranteed_deletes: - assert c.get("baz") is None - - def test_generic_has(self, c): - assert c.has("foo") in (False, 0) - assert c.has("spam") in (False, 0) - assert c.set("foo", "bar") - assert c.has("foo") in (True, 1) - assert c.has("spam") in (False, 0) - c.delete("foo") - assert c.has("foo") in (False, 0) - assert c.has("spam") in (False, 0) - - -class TestSimpleCache(GenericCacheTests): - @pytest.fixture - def make_cache(self): - return cache.SimpleCache - - def test_purge(self): - c = cache.SimpleCache(threshold=2) - c.set("a", "a") - c.set("b", "b") - c.set("c", "c") - c.set("d", "d") - # Cache purges old items *before* it sets new ones. - assert len(c._cache) == 3 - - -class TestFileSystemCache(GenericCacheTests): - @pytest.fixture - def make_cache(self, tmpdir): - return lambda **kw: cache.FileSystemCache(cache_dir=str(tmpdir), **kw) - - def test_filesystemcache_prune(self, make_cache): - THRESHOLD = 13 - c = make_cache(threshold=THRESHOLD) - - for i in range(2 * THRESHOLD): - assert c.set(str(i), i) - - nof_cache_files = c.get(c._fs_count_file) - assert nof_cache_files <= THRESHOLD - - def test_filesystemcache_clear(self, c): - assert c.set("foo", "bar") - nof_cache_files = c.get(c._fs_count_file) - assert nof_cache_files == 1 - assert c.clear() - nof_cache_files = c.get(c._fs_count_file) - assert nof_cache_files == 0 - cache_files = c._list_dir() - assert len(cache_files) == 0 - - def test_no_threshold(self, make_cache): - THRESHOLD = 0 - c = make_cache(threshold=THRESHOLD) - - for i in range(10): - assert c.set(str(i), i) - - cache_files = c._list_dir() - assert len(cache_files) == 10 - - # File count is not maintained with threshold = 0 - nof_cache_files = c.get(c._fs_count_file) - assert nof_cache_files is None - - def test_count_file_accuracy(self, c): - assert c.set("foo", "bar") - assert c.set("moo", "car") - c.add("moo", "tar") - assert c.get(c._fs_count_file) == 2 - assert c.add("too", "far") - assert c.get(c._fs_count_file) == 3 - assert c.delete("moo") - assert c.get(c._fs_count_file) == 2 - assert c.clear() - assert c.get(c._fs_count_file) == 0 - - -# don't use pytest.mark.skipif on subclasses -# https://bitbucket.org/hpk42/pytest/issue/568 -# skip happens in requirements fixture instead -class TestRedisCache(GenericCacheTests): - _can_use_fast_sleep = False - - @pytest.fixture(scope="class", autouse=True) - def requirements(self, xprocess): - if redis is None: - pytest.skip('Python package "redis" is not installed.') - - def prepare(cwd): - return "[Rr]eady to accept connections", ["redis-server"] - - try: - xprocess.ensure("redis_server", prepare) - except IOError as e: - # xprocess raises FileNotFoundError - if e.errno == errno.ENOENT: - pytest.skip("Redis is not installed.") - else: - raise - - yield - xprocess.getinfo("redis_server").terminate() - - @pytest.fixture(params=(None, False, True)) - def make_cache(self, request): - if request.param is None: - host = "localhost" - elif request.param: - host = redis.StrictRedis() - else: - host = redis.Redis() - - c = cache.RedisCache(host=host, key_prefix="werkzeug-test-case:") - yield lambda: c - c.clear() - - def test_compat(self, c): - assert c._client.set(c.key_prefix + "foo", "Awesome") - assert c.get("foo") == b"Awesome" - assert c._client.set(c.key_prefix + "foo", "42") - assert c.get("foo") == 42 - - def test_empty_host(self): - with pytest.raises(ValueError) as exc_info: - cache.RedisCache(host=None) - assert text_type(exc_info.value) == "RedisCache host parameter may not be None" - - -class TestMemcachedCache(GenericCacheTests): - _can_use_fast_sleep = False - _guaranteed_deletes = False - - @pytest.fixture(scope="class", autouse=True) - def requirements(self, xprocess): - if memcache is None: - pytest.skip( - "Python package for memcache is not installed. Need one of " - '"pylibmc", "google.appengine", or "memcache".' - ) - - def prepare(cwd): - return "", ["memcached"] - - try: - xprocess.ensure("memcached", prepare) - except IOError as e: - # xprocess raises FileNotFoundError - if e.errno == errno.ENOENT: - pytest.skip("Memcached is not installed.") - else: - raise - - yield - xprocess.getinfo("memcached").terminate() - - @pytest.fixture - def make_cache(self): - c = cache.MemcachedCache(key_prefix="werkzeug-test-case:") - yield lambda: c - c.clear() - - def test_compat(self, c): - assert c._client.set(c.key_prefix + "foo", "bar") - assert c.get("foo") == "bar" - - def test_huge_timeouts(self, c): - # Timeouts greater than epoch are interpreted as POSIX timestamps - # (i.e. not relative to now, but relative to epoch) - epoch = 2592000 - c.set("foo", "bar", epoch + 100) - assert c.get("foo") == "bar" - - -class TestUWSGICache(GenericCacheTests): - _can_use_fast_sleep = False - _guaranteed_deletes = False - - @pytest.fixture(scope="class", autouse=True) - def requirements(self): - try: - import uwsgi # NOQA - except ImportError: - pytest.skip( - 'Python "uwsgi" package is only avaialable when running ' - "inside uWSGI." - ) - - @pytest.fixture - def make_cache(self): - c = cache.UWSGICache(cache="werkzeugtest") - yield lambda: c - c.clear() - - -class TestNullCache(CacheTestsBase): - @pytest.fixture(scope="class", autouse=True) - def make_cache(self): - return cache.NullCache - - def test_has(self, c): - assert not c.has("foo") diff --git a/tests/contrib/test_atom.py b/tests/contrib/test_atom.py deleted file mode 100644 index 5a10556ec..000000000 --- a/tests/contrib/test_atom.py +++ /dev/null @@ -1,120 +0,0 @@ -# -*- coding: utf-8 -*- -""" - tests.atom - ~~~~~~~~~~ - - Tests the cache system - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -import datetime - -import pytest - -from werkzeug.contrib.atom import AtomFeed -from werkzeug.contrib.atom import FeedEntry -from werkzeug.contrib.atom import format_iso8601 - - -class TestAtomFeed(object): - """ - Testcase for the `AtomFeed` class - """ - - def test_atom_no_args(self): - with pytest.raises(ValueError): - AtomFeed() - - def test_atom_title_no_id(self): - with pytest.raises(ValueError): - AtomFeed(title="test_title") - - def test_atom_add_one(self): - a = AtomFeed(title="test_title", id=1) - f = FeedEntry(title="test_title", id=1, updated=datetime.datetime.now()) - assert len(a.entries) == 0 - a.add(f) - assert len(a.entries) == 1 - - def test_atom_add_one_kwargs(self): - a = AtomFeed(title="test_title", id=1) - assert len(a.entries) == 0 - a.add(title="test_title", id=1, updated=datetime.datetime.now()) - assert len(a.entries) == 1 - assert isinstance(a.entries[0], FeedEntry) - - def test_atom_to_str(self): - updated_time = datetime.datetime.now() - expected_repr = """ - - - test_title - 1 - %s - Werkzeug - - """ % format_iso8601( - updated_time - ) - a = AtomFeed(title="test_title", id=1, updated=updated_time) - assert str(a).strip().replace(" ", "") == expected_repr.strip().replace(" ", "") - - -class TestFeedEntry(object): - """ - Test case for the `FeedEntry` object - """ - - def test_feed_entry_no_args(self): - with pytest.raises(ValueError): - FeedEntry() - - def test_feed_entry_no_id(self): - with pytest.raises(ValueError): - FeedEntry(title="test_title") - - def test_feed_entry_no_updated(self): - with pytest.raises(ValueError): - FeedEntry(title="test_title", id=1) - - def test_feed_entry_to_str(self): - updated_time = datetime.datetime.now() - expected_feed_entry_str = """ - - test_title - 1 - %s - - """ % format_iso8601( - updated_time - ) - - f = FeedEntry(title="test_title", id=1, updated=updated_time) - assert str(f).strip().replace( - " ", "" - ) == expected_feed_entry_str.strip().replace(" ", "") - - -def test_format_iso8601(): - # naive datetime should be treated as utc - dt = datetime.datetime(2014, 8, 31, 2, 5, 6) - assert format_iso8601(dt) == "2014-08-31T02:05:06Z" - - # tz-aware datetime - dt = datetime.datetime(2014, 8, 31, 11, 5, 6, tzinfo=KST()) - assert format_iso8601(dt) == "2014-08-31T11:05:06+09:00" - - -class KST(datetime.tzinfo): - - """KST implementation for test_format_iso8601().""" - - def utcoffset(self, dt): - return datetime.timedelta(hours=9) - - def tzname(self, dt): - return "KST" - - def dst(self, dt): - return datetime.timedelta(0) diff --git a/tests/contrib/test_fixers.py b/tests/contrib/test_fixers.py deleted file mode 100644 index 2777f6117..000000000 --- a/tests/contrib/test_fixers.py +++ /dev/null @@ -1,134 +0,0 @@ -from werkzeug.contrib import fixers -from werkzeug.datastructures import ResponseCacheControl -from werkzeug.http import parse_cache_control_header -from werkzeug.test import Client -from werkzeug.test import create_environ -from werkzeug.wrappers import Request -from werkzeug.wrappers import Response - - -@Request.application -def path_check_app(request): - return Response( - "PATH_INFO: %s\nSCRIPT_NAME: %s" - % (request.environ.get("PATH_INFO", ""), request.environ.get("SCRIPT_NAME", "")) - ) - - -class TestServerFixer(object): - def test_cgi_root_fix(self): - app = fixers.CGIRootFix(path_check_app) - response = Response.from_app( - app, dict(create_environ(), SCRIPT_NAME="/foo", PATH_INFO="/bar") - ) - assert response.get_data() == b"PATH_INFO: /bar\nSCRIPT_NAME: " - - def test_cgi_root_fix_custom_app_root(self): - app = fixers.CGIRootFix(path_check_app, app_root="/baz/") - response = Response.from_app( - app, dict(create_environ(), SCRIPT_NAME="/foo", PATH_INFO="/bar") - ) - assert response.get_data() == b"PATH_INFO: /bar\nSCRIPT_NAME: baz" - - def test_path_info_from_request_uri_fix(self): - app = fixers.PathInfoFromRequestUriFix(path_check_app) - for key in "REQUEST_URI", "REQUEST_URL", "UNENCODED_URL": - env = dict(create_environ(), SCRIPT_NAME="/test", PATH_INFO="/?????") - env[key] = "/test/foo%25bar?drop=this" - response = Response.from_app(app, env) - assert response.get_data() == b"PATH_INFO: /foo%bar\nSCRIPT_NAME: /test" - - def test_header_rewriter_fix(self): - @Request.application - def application(request): - return Response("", headers=[("X-Foo", "bar")]) - - application = fixers.HeaderRewriterFix( - application, ("X-Foo",), (("X-Bar", "42"),) - ) - response = Response.from_app(application, create_environ()) - assert response.headers["Content-Type"] == "text/plain; charset=utf-8" - assert "X-Foo" not in response.headers - assert response.headers["X-Bar"] == "42" - - -class TestBrowserFixer(object): - def test_ie_fixes(self): - @fixers.InternetExplorerFix - @Request.application - def application(request): - response = Response("binary data here", mimetype="application/vnd.ms-excel") - response.headers["Vary"] = "Cookie" - response.headers["Content-Disposition"] = "attachment; filename=foo.xls" - return response - - c = Client(application, Response) - response = c.get( - "/", - headers=[ - ("User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)") - ], - ) - - # IE gets no vary - assert response.get_data() == b"binary data here" - assert "vary" not in response.headers - assert response.headers["content-disposition"] == "attachment; filename=foo.xls" - assert response.headers["content-type"] == "application/vnd.ms-excel" - - # other browsers do - c = Client(application, Response) - response = c.get("/") - assert response.get_data() == b"binary data here" - assert "vary" in response.headers - - cc = ResponseCacheControl() - cc.no_cache = True - - @fixers.InternetExplorerFix - @Request.application - def application(request): - response = Response("binary data here", mimetype="application/vnd.ms-excel") - response.headers["Pragma"] = ", ".join(pragma) - response.headers["Cache-Control"] = cc.to_header() - response.headers["Content-Disposition"] = "attachment; filename=foo.xls" - return response - - # IE has no pragma or cache control - pragma = ("no-cache",) - c = Client(application, Response) - response = c.get( - "/", - headers=[ - ("User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)") - ], - ) - assert response.get_data() == b"binary data here" - assert "pragma" not in response.headers - assert "cache-control" not in response.headers - assert response.headers["content-disposition"] == "attachment; filename=foo.xls" - - # IE has simplified pragma - pragma = ("no-cache", "x-foo") - cc.proxy_revalidate = True - response = c.get( - "/", - headers=[ - ("User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)") - ], - ) - assert response.get_data() == b"binary data here" - assert response.headers["pragma"] == "x-foo" - assert response.headers["cache-control"] == "proxy-revalidate" - assert response.headers["content-disposition"] == "attachment; filename=foo.xls" - - # regular browsers get everything - response = c.get("/") - assert response.get_data() == b"binary data here" - assert response.headers["pragma"] == "no-cache, x-foo" - cc = parse_cache_control_header( - response.headers["cache-control"], cls=ResponseCacheControl - ) - assert cc.no_cache - assert cc.proxy_revalidate - assert response.headers["content-disposition"] == "attachment; filename=foo.xls" diff --git a/tests/contrib/test_iterio.py b/tests/contrib/test_iterio.py deleted file mode 100644 index e2c481309..000000000 --- a/tests/contrib/test_iterio.py +++ /dev/null @@ -1,186 +0,0 @@ -# -*- coding: utf-8 -*- -""" - tests.iterio - ~~~~~~~~~~~~ - - Tests the iterio object. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -import pytest - -from .. import strict_eq -from werkzeug.contrib.iterio import greenlet -from werkzeug.contrib.iterio import IterIO - - -class TestIterO(object): - def test_basic_native(self): - io = IterIO(["Hello", "World", "1", "2", "3"]) - io.seek(0) - assert io.tell() == 0 - assert io.read(2) == "He" - assert io.tell() == 2 - assert io.read(3) == "llo" - assert io.tell() == 5 - io.seek(0) - assert io.read(5) == "Hello" - assert io.tell() == 5 - assert io._buf == "Hello" - assert io.read() == "World123" - assert io.tell() == 13 - io.close() - assert io.closed - - io = IterIO(["Hello\n", "World!"]) - assert io.readline() == "Hello\n" - assert io._buf == "Hello\n" - assert io.read() == "World!" - assert io._buf == "Hello\nWorld!" - assert io.tell() == 12 - io.seek(0) - assert io.readlines() == ["Hello\n", "World!"] - - io = IterIO(["Line one\nLine ", "two\nLine three"]) - assert list(io) == ["Line one\n", "Line two\n", "Line three"] - io = IterIO(iter("Line one\nLine two\nLine three")) - assert list(io) == ["Line one\n", "Line two\n", "Line three"] - io = IterIO(["Line one\nL", "ine", " two", "\nLine three"]) - assert list(io) == ["Line one\n", "Line two\n", "Line three"] - - io = IterIO(["foo\n", "bar"]) - io.seek(-4, 2) - assert io.read(4) == "\nbar" - - pytest.raises(IOError, io.seek, 2, 100) - io.close() - pytest.raises(ValueError, io.read) - - def test_basic_bytes(self): - io = IterIO([b"Hello", b"World", b"1", b"2", b"3"]) - assert io.tell() == 0 - assert io.read(2) == b"He" - assert io.tell() == 2 - assert io.read(3) == b"llo" - assert io.tell() == 5 - io.seek(0) - assert io.read(5) == b"Hello" - assert io.tell() == 5 - assert io._buf == b"Hello" - assert io.read() == b"World123" - assert io.tell() == 13 - io.close() - assert io.closed - - io = IterIO([b"Hello\n", b"World!"]) - assert io.readline() == b"Hello\n" - assert io._buf == b"Hello\n" - assert io.read() == b"World!" - assert io._buf == b"Hello\nWorld!" - assert io.tell() == 12 - io.seek(0) - assert io.readlines() == [b"Hello\n", b"World!"] - - io = IterIO([b"foo\n", b"bar"]) - io.seek(-4, 2) - assert io.read(4) == b"\nbar" - - pytest.raises(IOError, io.seek, 2, 100) - io.close() - pytest.raises(ValueError, io.read) - - def test_basic_unicode(self): - io = IterIO([u"Hello", u"World", u"1", u"2", u"3"]) - assert io.tell() == 0 - assert io.read(2) == u"He" - assert io.tell() == 2 - assert io.read(3) == u"llo" - assert io.tell() == 5 - io.seek(0) - assert io.read(5) == u"Hello" - assert io.tell() == 5 - assert io._buf == u"Hello" - assert io.read() == u"World123" - assert io.tell() == 13 - io.close() - assert io.closed - - io = IterIO([u"Hello\n", u"World!"]) - assert io.readline() == u"Hello\n" - assert io._buf == u"Hello\n" - assert io.read() == u"World!" - assert io._buf == u"Hello\nWorld!" - assert io.tell() == 12 - io.seek(0) - assert io.readlines() == [u"Hello\n", u"World!"] - - io = IterIO([u"foo\n", u"bar"]) - io.seek(-4, 2) - assert io.read(4) == u"\nbar" - - pytest.raises(IOError, io.seek, 2, 100) - io.close() - pytest.raises(ValueError, io.read) - - def test_sentinel_cases(self): - io = IterIO([]) - strict_eq(io.read(), "") - io = IterIO([], b"") - strict_eq(io.read(), b"") - io = IterIO([], u"") - strict_eq(io.read(), u"") - - io = IterIO([]) - strict_eq(io.read(), "") - io = IterIO([b""]) - strict_eq(io.read(), b"") - io = IterIO([u""]) - strict_eq(io.read(), u"") - - io = IterIO([]) - strict_eq(io.readline(), "") - io = IterIO([], b"") - strict_eq(io.readline(), b"") - io = IterIO([], u"") - strict_eq(io.readline(), u"") - - io = IterIO([]) - strict_eq(io.readline(), "") - io = IterIO([b""]) - strict_eq(io.readline(), b"") - io = IterIO([u""]) - strict_eq(io.readline(), u"") - - -@pytest.mark.skipif(greenlet is None, reason="Greenlet is not installed.") -class TestIterI(object): - def test_basic(self): - def producer(out): - out.write("1\n") - out.write("2\n") - out.flush() - out.write("3\n") - - iterable = IterIO(producer) - assert next(iterable) == "1\n2\n" - assert next(iterable) == "3\n" - pytest.raises(StopIteration, next, iterable) - - def test_sentinel_cases(self): - def producer_dummy_flush(out): - out.flush() - - iterable = IterIO(producer_dummy_flush) - strict_eq(next(iterable), "") - - def producer_empty(out): - pass - - iterable = IterIO(producer_empty) - pytest.raises(StopIteration, next, iterable) - - iterable = IterIO(producer_dummy_flush, b"") - strict_eq(next(iterable), b"") - iterable = IterIO(producer_dummy_flush, u"") - strict_eq(next(iterable), u"") diff --git a/tests/contrib/test_securecookie.py b/tests/contrib/test_securecookie.py deleted file mode 100644 index 7231ac889..000000000 --- a/tests/contrib/test_securecookie.py +++ /dev/null @@ -1,88 +0,0 @@ -# -*- coding: utf-8 -*- -""" - tests.securecookie - ~~~~~~~~~~~~~~~~~~ - - Tests the secure cookie. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -import json - -import pytest - -from werkzeug._compat import to_native -from werkzeug.contrib.securecookie import SecureCookie -from werkzeug.utils import parse_cookie -from werkzeug.wrappers import Request -from werkzeug.wrappers import Response - - -def test_basic_support(): - c = SecureCookie(secret_key=b"foo") - assert c.new - assert not c.modified - assert not c.should_save - c["x"] = 42 - assert c.modified - assert c.should_save - s = c.serialize() - - c2 = SecureCookie.unserialize(s, b"foo") - assert c is not c2 - assert not c2.new - assert not c2.modified - assert not c2.should_save - assert c2 == c - - c3 = SecureCookie.unserialize(s, b"wrong foo") - assert not c3.modified - assert not c3.new - assert c3 == {} - - c4 = SecureCookie({"x": 42}, "foo") - c4_serialized = c4.serialize() - assert SecureCookie.unserialize(c4_serialized, "foo") == c4 - - -def test_wrapper_support(): - req = Request.from_values() - resp = Response() - c = SecureCookie.load_cookie(req, secret_key=b"foo") - assert c.new - c["foo"] = 42 - assert c.secret_key == b"foo" - c.save_cookie(resp) - - req = Request.from_values( - headers={ - "Cookie": 'session="%s"' - % parse_cookie(resp.headers["set-cookie"])["session"] - } - ) - c2 = SecureCookie.load_cookie(req, secret_key=b"foo") - assert not c2.new - assert c2 == c - - -def test_pickle_deprecated(): - with pytest.warns(UserWarning): - SecureCookie({"foo": "bar"}, "secret").serialize() - - -def test_json(): - class JSONCompat(object): - dumps = staticmethod(json.dumps) - - @staticmethod - def loads(s): - # json on Python < 3.6 fails on bytes - return json.loads(to_native(s, "utf8")) - - class JSONSecureCookie(SecureCookie): - serialization_method = JSONCompat - - secure = JSONSecureCookie({"foo": "bar"}, "secret").serialize() - data = JSONSecureCookie.unserialize(secure, "secret") - assert data == {"foo": "bar"} diff --git a/tests/contrib/test_sessions.py b/tests/contrib/test_sessions.py deleted file mode 100644 index cab0ae567..000000000 --- a/tests/contrib/test_sessions.py +++ /dev/null @@ -1,76 +0,0 @@ -# -*- coding: utf-8 -*- -""" - tests.sessions - ~~~~~~~~~~~~~~ - - Added tests for the sessions. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -import os -from tempfile import gettempdir - -from werkzeug.contrib.sessions import FilesystemSessionStore - - -def test_default_tempdir(): - store = FilesystemSessionStore() - assert store.path == gettempdir() - - -def test_basic_fs_sessions(tmpdir): - store = FilesystemSessionStore(str(tmpdir)) - x = store.new() - assert x.new - assert not x.modified - x["foo"] = [1, 2, 3] - assert x.modified - store.save(x) - - x2 = store.get(x.sid) - assert not x2.new - assert not x2.modified - assert x2 is not x - assert x2 == x - x2["test"] = 3 - assert x2.modified - assert not x2.new - store.save(x2) - - x = store.get(x.sid) - store.delete(x) - x2 = store.get(x.sid) - # the session is not new when it was used previously. - assert not x2.new - - -def test_non_urandom(tmpdir): - urandom = os.urandom - del os.urandom - try: - store = FilesystemSessionStore(str(tmpdir)) - store.new() - finally: - os.urandom = urandom - - -def test_renewing_fs_session(tmpdir): - store = FilesystemSessionStore(str(tmpdir), renew_missing=True) - x = store.new() - store.save(x) - store.delete(x) - x2 = store.get(x.sid) - assert x2.new - - -def test_fs_session_lising(tmpdir): - store = FilesystemSessionStore(str(tmpdir), renew_missing=True) - sessions = set() - for _ in range(10): - sess = store.new() - store.save(sess) - sessions.add(sess.sid) - - listed_sessions = set(store.list()) - assert sessions == listed_sessions diff --git a/tests/contrib/test_wrappers.py b/tests/contrib/test_wrappers.py deleted file mode 100644 index fb49337f7..000000000 --- a/tests/contrib/test_wrappers.py +++ /dev/null @@ -1,88 +0,0 @@ -# -*- coding: utf-8 -*- -""" - tests.contrib.wrappers - ~~~~~~~~~~~~~~~~~~~~~~ - - Added tests for the sessions. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -from werkzeug import routing -from werkzeug.contrib import wrappers -from werkzeug.wrappers import Request -from werkzeug.wrappers import Response - - -def test_reverse_slash_behavior(): - class MyRequest(wrappers.ReverseSlashBehaviorRequestMixin, Request): - pass - - req = MyRequest.from_values("/foo/bar", "http://example.com/test") - assert req.url == "http://example.com/test/foo/bar" - assert req.path == "foo/bar" - assert req.script_root == "/test/" - - # make sure the routing system works with the slashes in - # reverse order as well. - map = routing.Map([routing.Rule("/foo/bar", endpoint="foo")]) - adapter = map.bind_to_environ(req.environ) - assert adapter.match() == ("foo", {}) - adapter = map.bind(req.host, req.script_root) - assert adapter.match(req.path) == ("foo", {}) - - -def test_dynamic_charset_request_mixin(): - class MyRequest(wrappers.DynamicCharsetRequestMixin, Request): - pass - - env = {"CONTENT_TYPE": "text/html"} - req = MyRequest(env) - assert req.charset == "latin1" - - env = {"CONTENT_TYPE": "text/html; charset=utf-8"} - req = MyRequest(env) - assert req.charset == "utf-8" - - env = {"CONTENT_TYPE": "application/octet-stream"} - req = MyRequest(env) - assert req.charset == "latin1" - assert req.url_charset == "latin1" - - MyRequest.url_charset = "utf-8" - env = {"CONTENT_TYPE": "application/octet-stream"} - req = MyRequest(env) - assert req.charset == "latin1" - assert req.url_charset == "utf-8" - - def return_ascii(x): - return "ascii" - - env = {"CONTENT_TYPE": "text/plain; charset=x-weird-charset"} - req = MyRequest(env) - req.unknown_charset = return_ascii - assert req.charset == "ascii" - assert req.url_charset == "utf-8" - - -def test_dynamic_charset_response_mixin(): - class MyResponse(wrappers.DynamicCharsetResponseMixin, Response): - default_charset = "utf-7" - - resp = MyResponse(mimetype="text/html") - assert resp.charset == "utf-7" - resp.charset = "utf-8" - assert resp.charset == "utf-8" - assert resp.mimetype == "text/html" - assert resp.mimetype_params == {"charset": "utf-8"} - resp.mimetype_params["charset"] = "iso-8859-15" - assert resp.charset == "iso-8859-15" - resp.set_data(u"Hällo Wörld") - assert b"".join(resp.iter_encoded()) == u"Hällo Wörld".encode("iso-8859-15") - del resp.headers["content-type"] - try: - resp.charset = "utf-8" - except TypeError: - pass - else: - assert False, "expected type error on charset setting without ct" diff --git a/tests/hypothesis/__init__.py b/tests/hypothesis/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/tests/hypothesis/test_urls.py b/tests/hypothesis/test_urls.py deleted file mode 100644 index 61829b3c3..000000000 --- a/tests/hypothesis/test_urls.py +++ /dev/null @@ -1,37 +0,0 @@ -import hypothesis -from hypothesis.strategies import dictionaries -from hypothesis.strategies import integers -from hypothesis.strategies import lists -from hypothesis.strategies import text - -from werkzeug import urls -from werkzeug.datastructures import OrderedMultiDict - - -@hypothesis.given(text()) -def test_quote_unquote_text(t): - assert t == urls.url_unquote(urls.url_quote(t)) - - -@hypothesis.given(dictionaries(text(), text())) -def test_url_encoding_dict_str_str(d): - assert OrderedMultiDict(d) == urls.url_decode(urls.url_encode(d)) - - -@hypothesis.given(dictionaries(text(), lists(elements=text()))) -def test_url_encoding_dict_str_list(d): - assert OrderedMultiDict(d) == urls.url_decode(urls.url_encode(d)) - - -@hypothesis.given(dictionaries(text(), integers())) -def test_url_encoding_dict_str_int(d): - assert OrderedMultiDict({k: str(v) for k, v in d.items()}) == urls.url_decode( - urls.url_encode(d) - ) - - -@hypothesis.given(text(), text()) -def test_multidict_encode_decode_text(t1, t2): - d = OrderedMultiDict() - d.add(t1, t2) - assert d == urls.url_decode(urls.url_encode(d)) diff --git a/tests/middleware/test_proxy_fix.py b/tests/middleware/test_proxy_fix.py index f13d10f4b..1dd39971c 100644 --- a/tests/middleware/test_proxy_fix.py +++ b/tests/middleware/test_proxy_fix.py @@ -173,14 +173,3 @@ def app(request): response = Response.from_app(redirect_app, environ) location = response.headers["Location"] assert location == url_root + "parrot" - - -def test_proxy_fix_deprecations(): - app = pytest.deprecated_call(ProxyFix, None, 2) - assert app.x_for == 2 - - with pytest.deprecated_call(): - assert app.num_proxies == 2 - - with pytest.deprecated_call(): - assert app.get_remote_addr(["spam", "eggs"]) == "spam" diff --git a/tests/test_compat.py b/tests/test_compat.py deleted file mode 100644 index 98851ba28..000000000 --- a/tests/test_compat.py +++ /dev/null @@ -1,40 +0,0 @@ -# -*- coding: utf-8 -*- -# flake8: noqa -""" - tests.compat - ~~~~~~~~~~~~ - - Ensure that old stuff does not break on update. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -from werkzeug.test import create_environ -from werkzeug.wrappers import Response - - -def test_old_imports(): - from werkzeug.utils import ( - Headers, - MultiDict, - CombinedMultiDict, - Headers, - EnvironHeaders, - ) - from werkzeug.http import ( - Accept, - MIMEAccept, - CharsetAccept, - LanguageAccept, - ETags, - HeaderSet, - WWWAuthenticate, - Authorization, - ) - - -def test_exposed_werkzeug_mod(): - import werkzeug - - for key in werkzeug.__all__: - getattr(werkzeug, key) diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py index 511d66de6..b4a865677 100644 --- a/tests/test_wrappers.py +++ b/tests/test_wrappers.py @@ -1374,13 +1374,6 @@ def test_request_method_case_sensitivity(): assert req.method == "GET" -def test_is_xhr_warning(): - req = wrappers.Request.from_values() - - with pytest.warns(DeprecationWarning): - req.is_xhr - - def test_write_length(): response = wrappers.Response() length = response.stream.write(b"bar") From c6dfc4880328fe9c4558d2b2e2325761f4e17f58 Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 19 Mar 2019 12:38:06 -0700 Subject: [PATCH 003/733] drop support for Python 3.4 --- .travis.yml | 1 - CHANGES.rst | 1 + CONTRIBUTING.rst | 5 ++--- docs/installation.rst | 2 +- setup.py | 1 - tox.ini | 2 +- 6 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index a62f11da6..5677b16f5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,6 @@ python: - "3.7" - "3.6" - "3.5" - - "3.4" - "2.7" - "nightly" - "pypy3.5-6.0" diff --git a/CHANGES.rst b/CHANGES.rst index fe4d67011..e79d34bb1 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -5,6 +5,7 @@ Version 1.0.0 Unreleased +- Drop support for Python 3.4. (:issue:`1478`) - Remove code that issued deprecation warnings in version 0.15. (:issue:`1477`) diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index cf88893b7..1d89ae60b 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -98,9 +98,8 @@ relevant depends on which part of Werkzeug you're working on. Travis-CI will run the full suite when you submit your pull request. The full test suite takes a long time to run because it tests multiple -combinations of Python and dependencies. You need to have Python 2.7, -3.4, 3.5, 3.6, and PyPy 2.7, as well as Redis and memcached installed to -run all of the environments. Then run:: +combinations of Python and dependencies. You need to have all supported +CPython and PyPy versions installed to run all of the environments. :: tox diff --git a/docs/installation.rst b/docs/installation.rst index 583accf77..2d4acbabd 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -8,7 +8,7 @@ Python Version -------------- We recommend using the latest version of Python 3. Werkzeug supports -Python 3.4 and newer and Python 2.7. +Python 3.5 and newer and Python 2.7. Dependencies diff --git a/setup.py b/setup.py index 47a655bd5..02b460301 100644 --- a/setup.py +++ b/setup.py @@ -36,7 +36,6 @@ "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", diff --git a/tox.ini b/tox.ini index 64a6ec57d..e03afad69 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{37,36,35,34,27,py3,py} + py{37,36,35,27,py3,py} stylecheck docs-html coverage-report From 3dfd29269e408db5d9a7361112599c835e0c1d84 Mon Sep 17 00:00:00 2001 From: David Baumgold Date: Fri, 15 Mar 2019 10:32:24 +0100 Subject: [PATCH 004/733] Add utils.invalidate_cached_property() --- CHANGES.rst | 2 ++ docs/utils.rst | 2 ++ src/werkzeug/utils.py | 25 +++++++++++++++++++++++++ tests/test_utils.py | 26 ++++++++++++++++++++++++++ 4 files changed, 55 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index e79d34bb1..ad52ffcde 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -8,6 +8,8 @@ Unreleased - Drop support for Python 3.4. (:issue:`1478`) - Remove code that issued deprecation warnings in version 0.15. (:issue:`1477`) +- Added ``utils.invalidate_cached_property()`` to invalidate cached + properties. (:pr:`1474`) Version 0.15.0 diff --git a/docs/utils.rst b/docs/utils.rst index 689c48821..65072fb49 100644 --- a/docs/utils.rst +++ b/docs/utils.rst @@ -23,6 +23,8 @@ General Helpers .. autoclass:: cached_property :members: +.. autofunction:: invalidate_cached_property + .. autoclass:: environ_property .. autoclass:: header_property diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index 2504380e9..9a002c6fe 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -92,6 +92,31 @@ def __get__(self, obj, type=None): return value +def invalidate_cached_property(obj, name): + """Invalidates the cache for a :class:`cached_property`: + + >>> class Test(object): + ... @cached_property + ... def magic_number(self): + ... print("recalculating...") + ... return 42 + ... + >>> var = Test() + >>> var.magic_number + recalculating... + 42 + >>> var.magic_number + 42 + >>> invalidate_cached_property(var, "magic_number") + >>> var.magic_number + recalculating... + 42 + + You must pass the name of the cached property as the second argument. + """ + obj.__dict__[name] = _missing + + class environ_property(_DictAccessorProperty): """Maps request attributes to environment variables. This works not only for the Werzeug request object, but also any other class with an diff --git a/tests/test_utils.py b/tests/test_utils.py index f288edead..a1c3f874e 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -105,6 +105,32 @@ def _prop(self): assert a._prop == "value" +def test_can_invalidate_cached_property(): + foo = [] + + class A(object): + def prop(self): + foo.append(42) + return 42 + + prop = utils.cached_property(prop) + + a = A() + p = a.prop + q = a.prop + assert p == q == 42 + assert foo == [42] + + utils.invalidate_cached_property(a, "prop") + r = a.prop + assert r == 42 + assert foo == [42, 42] + + s = a.prop + assert s == 42 + assert foo == [42, 42] + + def test_inspect_treats_cached_property_as_property(): class A(object): @utils.cached_property From 056d879c86c8062766d9deeeb2d29c1945c71e09 Mon Sep 17 00:00:00 2001 From: Jiayuan Date: Fri, 29 Mar 2019 23:54:09 +0800 Subject: [PATCH 005/733] don't ignore set-cookie keys in cookie header --- CHANGES.rst | 3 +++ src/werkzeug/_internal.py | 13 +------------ tests/test_http.py | 7 +++++-- 3 files changed, 9 insertions(+), 14 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index d885a344b..fd80c3d4a 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -10,6 +10,9 @@ Unreleased (:issue:`1477`) - Added ``utils.invalidate_cached_property()`` to invalidate cached properties. (:pr:`1474`) +- Directive keys for the ``Set-Cookie`` response header are not + ignored when parsing the ``Cookie`` request header. This allows + cookies with names such as "expires" and "version". (:issue:`1495`) Version 0.15.1 diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py index d8b833639..fc3770793 100644 --- a/src/werkzeug/_internal.py +++ b/src/werkzeug/_internal.py @@ -26,15 +26,6 @@ _logger = None _signature_cache = WeakKeyDictionary() _epoch_ord = date(1970, 1, 1).toordinal() -_cookie_params = { - b"expires", - b"path", - b"comment", - b"max-age", - b"secure", - b"httponly", - b"version", -} _legal_cookie_chars = ( string.ascii_letters + string.digits + u"/=!#$%&'*+-.^_`|~:" ).encode("ascii") @@ -310,9 +301,7 @@ def _cookie_parse_impl(b): value = match.group("val") or b"" i = match.end(0) - # Ignore parameters. We have no interest in them. - if key.lower() not in _cookie_params: - yield _cookie_unquote(key), _cookie_unquote(value) + yield _cookie_unquote(key), _cookie_unquote(value) def _encode_idna(domain): diff --git a/tests/test_http.py b/tests/test_http.py index c6e8309a9..52275c654 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -483,10 +483,13 @@ def test_empty_keys_are_ignored(self): def test_cookie_quoting(self): val = http.dump_cookie("foo", "?foo") strict_eq(val, 'foo="?foo"; Path=/') - strict_eq(dict(http.parse_cookie(val)), {"foo": u"?foo"}) - + strict_eq(dict(http.parse_cookie(val)), {"foo": u"?foo", "Path": u"/"}) strict_eq(dict(http.parse_cookie(r'foo="foo\054bar"')), {"foo": u"foo,bar"}) + def test_parse_set_cookie_directive(self): + val = 'foo="?foo"; version="0.1";' + strict_eq(dict(http.parse_cookie(val)), {"foo": u"?foo", "version": u"0.1"}) + def test_cookie_domain_resolving(self): val = http.dump_cookie("foo", "bar", domain=u"\N{SNOWMAN}.com") strict_eq(val, "foo=bar; Domain=xn--n3h.com; Path=/") From 2af1b368de3ffaff34ed89168df51698578350f6 Mon Sep 17 00:00:00 2001 From: Lindsay Young Date: Mon, 6 May 2019 14:03:23 -0400 Subject: [PATCH 006/733] Create CODE_OF_CONDUCT.md Ticket is referenced in [#Issue 1](https://github.com/pallets/meta/issues/1) in the Meta repo. I spoke with @davidism and the decision was to use Contributor Covenant. It has easy GitHub integration and quality content. --- CODE_OF_CONDUCT.md | 76 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 000000000..f4ba197de --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,76 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at report@palletsprojects.com. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see +https://www.contributor-covenant.org/faq From a68c1dfbbaed9c16a5d68e8eeeea9d17f1058b51 Mon Sep 17 00:00:00 2001 From: Yang Wang Date: Fri, 3 May 2019 12:33:25 -0400 Subject: [PATCH 007/733] Added charset to HTTPException header content-type --- CHANGES.rst | 2 ++ src/werkzeug/exceptions.py | 2 +- tests/test_exceptions.py | 6 ++++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index 9b09e19aa..024c98da1 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -13,6 +13,8 @@ Unreleased - Directive keys for the ``Set-Cookie`` response header are not ignored when parsing the ``Cookie`` request header. This allows cookies with names such as "expires" and "version". (:issue:`1495`) +- Add ``charset=utf-8`` to an HTTP exception response's + ``CONTENT_TYPE`` header. (:pr:`1526`) Version 0.15.2 diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index 5642b99d2..227b41b8f 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -153,7 +153,7 @@ def get_body(self, environ=None): def get_headers(self, environ=None): """Get a list of headers.""" - return [("Content-Type", "text/html")] + return [("Content-Type", "text/html; charset=utf-8")] def get_response(self, environ=None): """Get a response object. If one was passed to the exception diff --git a/tests/test_exceptions.py b/tests/test_exceptions.py index 616b39c8e..969f7c7cd 100644 --- a/tests/test_exceptions.py +++ b/tests/test_exceptions.py @@ -110,3 +110,9 @@ def test_unauthorized_www_authenticate(): exc = exceptions.Unauthorized(www_authenticate=[digest, basic]) h = dict(exc.get_headers({})) assert h["WWW-Authenticate"] == ", ".join((str(digest), str(basic))) + + +def test_response_header_content_type_should_contain_charset(): + exc = exceptions.HTTPException("An error message") + h = exc.get_response({}) + assert h.headers["Content-Type"] == "text/html; charset=utf-8" From 2ceab5849ee32016a4cdffb959be5c0e829d8db3 Mon Sep 17 00:00:00 2001 From: Anthony Sottile Date: Mon, 6 May 2019 10:53:48 -0700 Subject: [PATCH 008/733] Fix interactive debugger while accessing cell vars --- src/werkzeug/debug/console.py | 11 ++++++----- src/werkzeug/debug/tbtools.py | 4 ++-- tests/test_debug.py | 12 ++++++++++++ 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/src/werkzeug/debug/console.py b/src/werkzeug/debug/console.py index adbd170b7..5b2f1e608 100644 --- a/src/werkzeug/debug/console.py +++ b/src/werkzeug/debug/console.py @@ -148,11 +148,12 @@ def func(source, filename, symbol): class _InteractiveConsole(code.InteractiveInterpreter): def __init__(self, globals, locals): + locals = dict(globals) + locals.update(locals) + locals["dump"] = dump + locals["help"] = helper + locals["__loader__"] = self.loader = _ConsoleLoader() code.InteractiveInterpreter.__init__(self, locals) - self.globals = dict(globals) - self.globals["dump"] = dump - self.globals["help"] = helper - self.globals["__loader__"] = self.loader = _ConsoleLoader() self.more = False self.buffer = [] _wrap_compiler(self) @@ -177,7 +178,7 @@ def runsource(self, source): def runcode(self, code): try: - eval(code, self.globals, self.locals) + exec(code, self.locals) except Exception: self.showtraceback() diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py index c8358882d..70a5bef47 100644 --- a/src/werkzeug/debug/tbtools.py +++ b/src/werkzeug/debug/tbtools.py @@ -464,8 +464,8 @@ def __init__(self, exc_type, exc_value, tb): if os.path.isfile(fn): fn = os.path.realpath(fn) self.filename = to_unicode(fn, get_filesystem_encoding()) - self.module = self.globals.get("__name__") - self.loader = self.globals.get("__loader__") + self.module = self.globals.get("__name__", self.locals.get("__name__")) + self.loader = self.globals.get("__loader__", self.locals.get("__loader__")) self.code = tb.tb_frame.f_code # support for paste's traceback extensions diff --git a/tests/test_debug.py b/tests/test_debug.py index 84720d666..ac795c785 100644 --- a/tests/test_debug.py +++ b/tests/test_debug.py @@ -16,6 +16,7 @@ import requests from werkzeug._compat import PY2 +from werkzeug.debug import console from werkzeug.debug import DebuggedApplication from werkzeug.debug import get_machine_id from werkzeug.debug.console import HTMLStringO @@ -356,6 +357,17 @@ def app(environ, start_response): assert r.text == "hello" +def test_console_closure_variables(monkeypatch): + # restore the original display hook + monkeypatch.setattr(sys, "displayhook", console._displayhook) + c = console.Console() + c.eval("y = 5") + c.eval("x = lambda: y") + ret = c.eval("x()") + expected = ">>> x()\n5" if PY2 else ">>> x()\n5\n" + assert ret == expected + + @pytest.mark.skipif(PY2, reason="Python 2 doesn't have chained exceptions.") @pytest.mark.timeout(2) def test_chained_exception_cycle(): From 9c4d5e0fd7e5a5659636b1ed544f8ca875826172 Mon Sep 17 00:00:00 2001 From: David Lord Date: Mon, 20 May 2019 07:15:39 -0700 Subject: [PATCH 009/733] update changelog --- CHANGES.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 5e11d7e4a..2633fc832 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -15,6 +15,9 @@ Unreleased cookies with names such as "expires" and "version". (:issue:`1495`) - Add ``charset=utf-8`` to an HTTP exception response's ``CONTENT_TYPE`` header. (:pr:`1526`) +- The interactive debugger handles outer variables in nested scopes + such as lambdas and comprehensions. :issue:`913`, :issue:`1037`, + :pr:`1532` Version 0.15.5 From 8cd2d9078e79fc06a4a3f1eb661ced2e85f64435 Mon Sep 17 00:00:00 2001 From: Brian Cristante <33549821+brcrista@users.noreply.github.com> Date: Mon, 6 May 2019 13:52:10 -0400 Subject: [PATCH 010/733] prototype AzP configuration [skip ci] --- azure-pipelines.yml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 azure-pipelines.yml diff --git a/azure-pipelines.yml b/azure-pipelines.yml new file mode 100644 index 000000000..331f7134e --- /dev/null +++ b/azure-pipelines.yml @@ -0,0 +1,43 @@ +trigger: +- master + +strategy: + matrix: + Python37Linux: + python.version: '3.7' + vmImage: 'ubuntu-latest' + Python37Windows: + python.version: '3.7' + vmImage: 'windows-latest' + Python37Mac: + python.version: '3.7' + vmImage: 'macos-latest' + # Pypy3Linux: + # python.version: 'pypy3' + # vmImage: 'ubuntu-latest' + # Python36Linux: + # python.version: '3.6' + # vmImage: 'ubuntu-latest' + # Python35Linux: + # python.version: '3.5' + # vmImage: 'ubuntu-latest' + # Python27Linux: + # python.version: '2.7' + # vmImage: 'ubuntu-latest' + # Python27Windows: + # python.version: '2.7' + # vmImage: 'windows-latest' + +pool: + vmImage: $[ variables.vmImage ] + +steps: +- task: UsePythonVersion@0 + inputs: + versionSpec: $(python.version) + +- script: pip install tox + displayName: 'Install tox' + +- script: tox -e py + displayName: 'Run tox' \ No newline at end of file From 6a7fd2b4018d4cf52f6f401ce66f5f7c5ed43566 Mon Sep 17 00:00:00 2001 From: Brian Cristante <33549821+brcrista@users.noreply.github.com> Date: Mon, 6 May 2019 13:57:50 -0400 Subject: [PATCH 011/733] Upload test results --- azure-pipelines.yml | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 331f7134e..5f75f24b5 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -5,28 +5,28 @@ strategy: matrix: Python37Linux: python.version: '3.7' - vmImage: 'ubuntu-latest' + vmImage: ubuntu-latest Python37Windows: python.version: '3.7' - vmImage: 'windows-latest' + vmImage: windows-latest Python37Mac: python.version: '3.7' - vmImage: 'macos-latest' + vmImage: macos-latest # Pypy3Linux: # python.version: 'pypy3' - # vmImage: 'ubuntu-latest' + # vmImage: ubuntu-latest # Python36Linux: # python.version: '3.6' - # vmImage: 'ubuntu-latest' + # vmImage: ubuntu-latest # Python35Linux: # python.version: '3.5' - # vmImage: 'ubuntu-latest' + # vmImage: ubuntu-latest # Python27Linux: # python.version: '2.7' - # vmImage: 'ubuntu-latest' + # vmImage: ubuntu-latest # Python27Windows: # python.version: '2.7' - # vmImage: 'windows-latest' + # vmImage: windows-latest pool: vmImage: $[ variables.vmImage ] @@ -35,9 +35,20 @@ steps: - task: UsePythonVersion@0 inputs: versionSpec: $(python.version) + displayName: Use Python $(python.version) + +- script: python -m pip install --upgrade pip + displayName: Use latest Pip - script: pip install tox - displayName: 'Install tox' + displayName: Install tox + +- script: tox -e py -- --junit-xml=junit/tox-run-$(python.version).xml + displayName: Run tox -- script: tox -e py - displayName: 'Run tox' \ No newline at end of file +- task: PublishTestResults@2 + displayName: Publish Test Results + inputs: + testResultsFiles: junit/*.xml + testRunTitle: 'Python $(python.version)' + condition: succeededOrFailed() \ No newline at end of file From e5d31287a208ca1534b1a130689d48d5dc5da537 Mon Sep 17 00:00:00 2001 From: Brian Cristante <33549821+brcrista@users.noreply.github.com> Date: Mon, 6 May 2019 14:33:55 -0400 Subject: [PATCH 012/733] Normalize CRLF for text files in .gitattributes --- .gitattributes | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.gitattributes b/.gitattributes index 5946e8238..fb7705c58 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,7 @@ +# Normalize CRLF to LF for all text files +* text=auto + +# Declare binary file types so they won't be normalized +*.png binary +*.jpg binary tests/**/*.http binary From 36c678b8c39acc3fbceefabae602b96f73fb271c Mon Sep 17 00:00:00 2001 From: Brian Cristante <33549821+brcrista@users.noreply.github.com> Date: Mon, 6 May 2019 14:39:46 -0400 Subject: [PATCH 013/733] tests/res/test.txt binary --- .gitattributes | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitattributes b/.gitattributes index fb7705c58..764a4428d 100644 --- a/.gitattributes +++ b/.gitattributes @@ -5,3 +5,4 @@ *.png binary *.jpg binary tests/**/*.http binary +tests/res/test.txt binary From 15169e6d31ac31a8ceac485413a5804fb1c00045 Mon Sep 17 00:00:00 2001 From: Brian Cristante <33549821+brcrista@users.noreply.github.com> Date: Mon, 6 May 2019 14:49:30 -0400 Subject: [PATCH 014/733] build full matrix --- azure-pipelines.yml | 39 +++++++++++++++++++++------------------ 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 5f75f24b5..1958b39c0 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -3,30 +3,33 @@ trigger: strategy: matrix: - Python37Linux: + Python37-Linux: python.version: '3.7' vmImage: ubuntu-latest - Python37Windows: + Python37-Windows: python.version: '3.7' vmImage: windows-latest - Python37Mac: + Python37-Mac: python.version: '3.7' vmImage: macos-latest - # Pypy3Linux: - # python.version: 'pypy3' - # vmImage: ubuntu-latest - # Python36Linux: - # python.version: '3.6' - # vmImage: ubuntu-latest - # Python35Linux: - # python.version: '3.5' - # vmImage: ubuntu-latest - # Python27Linux: - # python.version: '2.7' - # vmImage: ubuntu-latest - # Python27Windows: - # python.version: '2.7' - # vmImage: windows-latest + Python36-Linux: + python.version: '3.6' + vmImage: ubuntu-latest + Python35-Linux: + python.version: '3.5' + vmImage: ubuntu-latest + Python27-Linux: + python.version: '2.7' + vmImage: ubuntu-latest + Python27-Windows: + python.version: '2.7' + vmImage: windows-latest + Pypy3-Linux: + python.version: 'pypy3' + vmImage: ubuntu-latest + Pypy2-Linux: + python.version: 'pypy2' + vmImage: ubuntu-latest pool: vmImage: $[ variables.vmImage ] From c40a9a764a0c747112ddf9e60c0817680c6f2182 Mon Sep 17 00:00:00 2001 From: Brian Cristante Date: Mon, 6 May 2019 15:16:19 -0400 Subject: [PATCH 015/733] xfail tests with Python 2 on Windows --- tests/middleware/test_shared_data.py | 4 ++++ tests/test_serving.py | 2 ++ 2 files changed, 6 insertions(+) diff --git a/tests/middleware/test_shared_data.py b/tests/middleware/test_shared_data.py index 8a1eee0c8..937712a6f 100644 --- a/tests/middleware/test_shared_data.py +++ b/tests/middleware/test_shared_data.py @@ -1,7 +1,10 @@ # -*- coding: utf-8 -*- import os +import sys from contextlib import closing +import pytest + from werkzeug._compat import to_native from werkzeug.middleware.shared_data import SharedDataMiddleware from werkzeug.test import create_environ @@ -13,6 +16,7 @@ def test_get_file_loader(): assert callable(app.get_file_loader("foo")) +@pytest.mark.xfail(sys.version_info.major == 2 and sys.platform == "win32", reason="TODO fix test for Python 2 on Windows") def test_shared_data_middleware(tmpdir): def null_application(environ, start_response): start_response("404 NOT FOUND", [("Content-Type", "text/plain")]) diff --git a/tests/test_serving.py b/tests/test_serving.py index 9e3f4b49b..ac6dab9cb 100644 --- a/tests/test_serving.py +++ b/tests/test_serving.py @@ -147,6 +147,7 @@ def test_make_ssl_devcert(tmpdir): @pytest.mark.skipif(watchdog is None, reason="Watchdog not installed.") +@pytest.mark.xfail(sys.version_info.major == 2 and sys.platform == "win32", reason="TODO fix test for Python 2 on Windows") def test_reloader_broken_imports(tmpdir, dev_server): # We explicitly assert that the server reloads on change, even though in # this case the import could've just been retried. This is to assert @@ -237,6 +238,7 @@ def real_app(environ, start_response): @pytest.mark.skipif(watchdog is None, reason="Watchdog not installed.") +@pytest.mark.xfail(sys.version_info.major == 2 and sys.platform == "win32", reason="TODO fix test for Python 2 on Windows") def test_reloader_reports_correct_file(tmpdir, dev_server): real_app = tmpdir.join("real_app.py") real_app.write( From c1ec0d62a24ee3bacc8d2d0c41944e717cbc1d70 Mon Sep 17 00:00:00 2001 From: Brian Cristante Date: Mon, 6 May 2019 15:35:30 -0400 Subject: [PATCH 016/733] azure-pipelines.yml formatting --- azure-pipelines.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 1958b39c0..239e18207 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -50,8 +50,8 @@ steps: displayName: Run tox - task: PublishTestResults@2 - displayName: Publish Test Results inputs: testResultsFiles: junit/*.xml testRunTitle: 'Python $(python.version)' - condition: succeededOrFailed() \ No newline at end of file + condition: succeededOrFailed() + displayName: Publish test results \ No newline at end of file From d7a2f2ed1e6e20f61c175e8338177a68ad213bfc Mon Sep 17 00:00:00 2001 From: David Lord Date: Mon, 20 May 2019 13:04:52 -0700 Subject: [PATCH 017/733] azure pipelines configuration --- .appveyor.yml | 26 ----------- .azure-pipelines.yml | 64 ++++++++++++++++++++++++++++ .travis.yml | 46 -------------------- azure-pipelines.yml | 57 ------------------------- tests/middleware/test_shared_data.py | 5 ++- tests/test_serving.py | 10 ++++- tox.ini | 15 +++---- 7 files changed, 83 insertions(+), 140 deletions(-) delete mode 100644 .appveyor.yml create mode 100644 .azure-pipelines.yml delete mode 100644 .travis.yml delete mode 100644 azure-pipelines.yml diff --git a/.appveyor.yml b/.appveyor.yml deleted file mode 100644 index bdd3d40c6..000000000 --- a/.appveyor.yml +++ /dev/null @@ -1,26 +0,0 @@ -environment: - global: - TOXENV: py,codecov - - matrix: - - PYTHON: C:\Python37-x64 - - PYTHON: C:\Python27-x64 - -init: - - SET PATH=%PYTHON%;%PATH% - -install: - - python -m pip install -U tox - -build: false - -test_script: - - python -m tox --skip-missing-interpreters false - -branches: - only: - - master - - /^\d+(\.\d+)*(\.x)?$/ - -cache: - - '%LOCALAPPDATA%\pip\Cache' diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml new file mode 100644 index 000000000..c85fe0539 --- /dev/null +++ b/.azure-pipelines.yml @@ -0,0 +1,64 @@ +trigger: + - master + - '*.x' + +variables: + vmImage: ubuntu-latest + python.version: 3.7 + TOXENV: py,coverage-ci + hasTestResults: true + +strategy: + matrix: + Python 3.7 Linux: + vmImage: ubuntu-latest + Python 3.7 Windows: + vmImage: windows-latest + Python 3.7 Mac: + vmImage: macos-latest + PyPy 3 Linux: + python.version: pypy3 + Python 3.6 Linux: + python.version: 3.6 + Python 3.5 Linux: + python.version: 3.5 + Python 2.7 Linux: + python.version: 2.7 + Python 2.7 Windows: + python.version: 2.7 + vmImage: windows-latest + Docs: + TOXENV: docs-html + hasTestResults: false + Style: + TOXENV: style + hasTestResults: false + +pool: + vmImage: $[ variables.vmImage ] + +steps: + - task: UsePythonVersion@0 + inputs: + versionSpec: $(python.version) + displayName: Use Python $(python.version) + + - script: pip --disable-pip-version-check install -U tox + displayName: Install tox + + - script: tox -s false -- --junit-xml=test-results.xml + displayName: Run tox + + - task: PublishTestResults@2 + inputs: + testResultsFiles: test-results.xml + testRunTitle: $(Agent.JobName) + condition: eq(variables['hasTestResults'], 'true') + displayName: Publish test results + + - task: PublishCodeCoverageResults@1 + inputs: + codeCoverageTool: Cobertura + summaryFileLocation: coverage.xml + condition: eq(variables['hasTestResults'], 'true') + displayName: Publish coverage results diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 5677b16f5..000000000 --- a/.travis.yml +++ /dev/null @@ -1,46 +0,0 @@ -os: linux -dist: xenial -language: python -python: - - "3.7" - - "3.6" - - "3.5" - - "2.7" - - "nightly" - - "pypy3.5-6.0" -env: TOXENV=py,codecov - -matrix: - include: - - env: TOXENV=stylecheck,docs-html - - os: osx - language: generic - env: TOXENV=py3,codecov - cache: - directories: - - $HOME/Library/Caches/Homebrew - - $HOME/Library/Caches/pip - allow_failures: - - python: nightly - - python: pypy3.5-6.0 - - os: osx - fast_finish: true - -install: - - pip install -U tox - -script: - - tox --skip-missing-interpreters false - -cache: - directories: - - $HOME/.cache/pip - - $HOME/.cache/pre-commit - -branches: - only: - - master - - /^\d+(\.\d+)*(\.x)?$/ - -notifications: - email: false diff --git a/azure-pipelines.yml b/azure-pipelines.yml deleted file mode 100644 index 239e18207..000000000 --- a/azure-pipelines.yml +++ /dev/null @@ -1,57 +0,0 @@ -trigger: -- master - -strategy: - matrix: - Python37-Linux: - python.version: '3.7' - vmImage: ubuntu-latest - Python37-Windows: - python.version: '3.7' - vmImage: windows-latest - Python37-Mac: - python.version: '3.7' - vmImage: macos-latest - Python36-Linux: - python.version: '3.6' - vmImage: ubuntu-latest - Python35-Linux: - python.version: '3.5' - vmImage: ubuntu-latest - Python27-Linux: - python.version: '2.7' - vmImage: ubuntu-latest - Python27-Windows: - python.version: '2.7' - vmImage: windows-latest - Pypy3-Linux: - python.version: 'pypy3' - vmImage: ubuntu-latest - Pypy2-Linux: - python.version: 'pypy2' - vmImage: ubuntu-latest - -pool: - vmImage: $[ variables.vmImage ] - -steps: -- task: UsePythonVersion@0 - inputs: - versionSpec: $(python.version) - displayName: Use Python $(python.version) - -- script: python -m pip install --upgrade pip - displayName: Use latest Pip - -- script: pip install tox - displayName: Install tox - -- script: tox -e py -- --junit-xml=junit/tox-run-$(python.version).xml - displayName: Run tox - -- task: PublishTestResults@2 - inputs: - testResultsFiles: junit/*.xml - testRunTitle: 'Python $(python.version)' - condition: succeededOrFailed() - displayName: Publish test results \ No newline at end of file diff --git a/tests/middleware/test_shared_data.py b/tests/middleware/test_shared_data.py index 937712a6f..20bd88cb5 100644 --- a/tests/middleware/test_shared_data.py +++ b/tests/middleware/test_shared_data.py @@ -16,7 +16,10 @@ def test_get_file_loader(): assert callable(app.get_file_loader("foo")) -@pytest.mark.xfail(sys.version_info.major == 2 and sys.platform == "win32", reason="TODO fix test for Python 2 on Windows") +@pytest.mark.xfail( + sys.version_info.major == 2 and sys.platform == "win32", + reason="TODO fix test for Python 2 on Windows", +) def test_shared_data_middleware(tmpdir): def null_application(environ, start_response): start_response("404 NOT FOUND", [("Content-Type", "text/plain")]) diff --git a/tests/test_serving.py b/tests/test_serving.py index ac6dab9cb..cf31bd2e6 100644 --- a/tests/test_serving.py +++ b/tests/test_serving.py @@ -147,7 +147,10 @@ def test_make_ssl_devcert(tmpdir): @pytest.mark.skipif(watchdog is None, reason="Watchdog not installed.") -@pytest.mark.xfail(sys.version_info.major == 2 and sys.platform == "win32", reason="TODO fix test for Python 2 on Windows") +@pytest.mark.xfail( + sys.version_info.major == 2 and sys.platform == "win32", + reason="TODO fix test for Python 2 on Windows", +) def test_reloader_broken_imports(tmpdir, dev_server): # We explicitly assert that the server reloads on change, even though in # this case the import could've just been retried. This is to assert @@ -238,7 +241,10 @@ def real_app(environ, start_response): @pytest.mark.skipif(watchdog is None, reason="Watchdog not installed.") -@pytest.mark.xfail(sys.version_info.major == 2 and sys.platform == "win32", reason="TODO fix test for Python 2 on Windows") +@pytest.mark.xfail( + sys.version_info.major == 2 and sys.platform == "win32", + reason="TODO fix test for Python 2 on Windows", +) def test_reloader_reports_correct_file(tmpdir, dev_server): real_app = tmpdir.join("real_app.py") real_app.write( diff --git a/tox.ini b/tox.ini index f36a069df..abda16f0e 100644 --- a/tox.ini +++ b/tox.ini @@ -1,9 +1,9 @@ [tox] envlist = py{37,36,35,27,py3,py} - stylecheck + style docs-html - coverage-report + coverage skip_missing_interpreters = true [testenv] @@ -19,7 +19,7 @@ deps = watchdog commands = coverage run -p -m pytest --tb=short --basetemp={envtmpdir} {posargs} -[testenv:stylecheck] +[testenv:style] deps = pre-commit skip_install = true commands = pre-commit run --all-files --show-diff-on-failure @@ -31,7 +31,7 @@ deps = sphinx-issues commands = sphinx-build -W -b html -d {envtmpdir}/doctrees docs {envtmpdir}/html -[testenv:coverage-report] +[testenv:coverage] deps = coverage skip_install = true commands = @@ -39,11 +39,10 @@ commands = coverage html coverage report -[testenv:codecov] -passenv = CI TRAVIS TRAVIS_* APPVEYOR APPVEYOR_* -deps = codecov +[testenv:coverage-ci] +deps = coverage skip_install = true commands = coverage combine - codecov + coverage xml coverage report From d86887b31c95034278156f38b6e0b32bb15c1f33 Mon Sep 17 00:00:00 2001 From: "michal.cyprian" Date: Thu, 16 May 2019 12:17:32 +0200 Subject: [PATCH 018/733] Prevent utils.invalidate_cached_property from deleting attributes Fixes: https://github.com/pallets/werkzeug/issues/1547 --- src/werkzeug/utils.py | 5 +++++ tests/test_utils.py | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index 9a002c6fe..196bff560 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -114,6 +114,11 @@ def invalidate_cached_property(obj, name): You must pass the name of the cached property as the second argument. """ + if not isinstance(getattr(obj.__class__, name, None), cached_property): + raise TypeError( + "Attribute {} of object {} is not a cached_property, " + "cannot be invalidated".format(name, obj) + ) obj.__dict__[name] = _missing diff --git a/tests/test_utils.py b/tests/test_utils.py index a1c3f874e..403823036 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -131,6 +131,16 @@ def prop(self): assert foo == [42, 42] +def test_invalidate_cached_property_on_non_property(): + class A(object): + def __init__(self): + self.prop = 42 + + a = A() + with pytest.raises(TypeError): + utils.invalidate_cached_property(a, "prop") + + def test_inspect_treats_cached_property_as_property(): class A(object): @utils.cached_property From 29ffda85b44c3df7cdbd840d1c0a6d9ec3b4f920 Mon Sep 17 00:00:00 2001 From: John Zeringue Date: Fri, 31 May 2019 09:27:43 -0400 Subject: [PATCH 019/733] Detect opera as browser in user_agent Now, we'll recognize `OPR` as "Opera" in a user agent string. Fixes #1556 --- src/werkzeug/useragents.py | 2 +- tests/test_wrappers.py | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py index 9416b0d7a..720a952ae 100644 --- a/src/werkzeug/useragents.py +++ b/src/werkzeug/useragents.py @@ -46,7 +46,7 @@ class UserAgentParser(object): ("yahoo", "yahoo"), ("ask jeeves", "ask"), (r"aol|america\s+online\s+browser", "aol"), - ("opera", "opera"), + (r"opera|opr", "opera"), ("edge", "edge"), ("chrome|crios", "chrome"), ("seamonkey", "seamonkey"), diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py index b4a865677..64327c0e2 100644 --- a/tests/test_wrappers.py +++ b/tests/test_wrappers.py @@ -616,6 +616,14 @@ def test_user_agent_mixin(): "3.5.1", "de", ), + ( + "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36" + "(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 OPR/60.0.3255.95", + "opera", + "macos", + "60.0.3255.95", + None, + ), ] for ua, browser, platform, version, lang in user_agents: request = wrappers.Request({"HTTP_USER_AGENT": ua}) From 6e7c8bea0f307633e70d979fe0a89e046accc598 Mon Sep 17 00:00:00 2001 From: David Lord Date: Fri, 31 May 2019 09:47:20 -0400 Subject: [PATCH 020/733] add changelog for #1564 --- CHANGES.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 2633fc832..2ea163421 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -18,6 +18,8 @@ Unreleased - The interactive debugger handles outer variables in nested scopes such as lambdas and comprehensions. :issue:`913`, :issue:`1037`, :pr:`1532` +- The user agent for Opera 60 on Mac is correctly reported as + "opera" instead of "chrome". :issue:`1556` Version 0.15.5 From 359276baae27acca69cfc51fb31a5318924afc1b Mon Sep 17 00:00:00 2001 From: Joshua Bronson Date: Fri, 31 May 2019 10:49:39 -0400 Subject: [PATCH 021/733] rm spurious use_memcache=False param --- examples/coolmagic/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/coolmagic/utils.py b/examples/coolmagic/utils.py index f4cf20d5b..a1bc1ea31 100644 --- a/examples/coolmagic/utils.py +++ b/examples/coolmagic/utils.py @@ -25,7 +25,7 @@ local = Local() local_manager = LocalManager([local]) template_env = Environment( - loader=FileSystemLoader(join(dirname(__file__), "templates"), use_memcache=False) + loader=FileSystemLoader(join(dirname(__file__), "templates")) ) exported_views = {} From f2211e6663f0fd8a97563b32c19c1ad459a8b364 Mon Sep 17 00:00:00 2001 From: Joshua Bronson Date: Fri, 31 May 2019 11:37:08 -0400 Subject: [PATCH 022/733] Fix __delitem__ signature (does not accept value) --- examples/cupoftee/db.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/cupoftee/db.py b/examples/cupoftee/db.py index 7f0412207..e86c071f7 100644 --- a/examples/cupoftee/db.py +++ b/examples/cupoftee/db.py @@ -40,7 +40,7 @@ def _load_key(self, key): def __setitem__(self, key, value): self._local[key] = value - def __delitem__(self, key, value): + def __delitem__(self, key): with self._lock: self._local.pop(key, None) if key in self._fs: From c2231cd288dde0f8e780fe76e58a783e9110bf0d Mon Sep 17 00:00:00 2001 From: John Zeringue Date: Fri, 31 May 2019 12:33:42 -0400 Subject: [PATCH 023/733] Suggest venv named "env" instead of "venv" "env" is already in our `.gitignore` and is the name suggested in Flask's `CONTRIBUTING.rst` --- CONTRIBUTING.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index 1d89ae60b..33a2e3129 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -64,7 +64,7 @@ First time setup - Create a virtualenv:: - python3 -m venv venv + python3 -m venv env . venv/bin/activate # or "venv\Scripts\activate" on Windows From 37c640f2800e8e83de0b6cceb1a076bf8f42d984 Mon Sep 17 00:00:00 2001 From: Joshua Bronson Date: Fri, 31 May 2019 13:25:24 -0400 Subject: [PATCH 024/733] rm superfluous return None BaseHTTPRequestHandler.handle() returns None, so there is no need to capture and return its return value. --- src/werkzeug/serving.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index ff9f8805f..dd6224c07 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -321,9 +321,8 @@ def execute(app): def handle(self): """Handles a request ignoring dropped connections.""" - rv = None try: - rv = BaseHTTPRequestHandler.handle(self) + BaseHTTPRequestHandler.handle(self) except (_ConnectionError, socket.timeout) as e: self.connection_dropped(e) except Exception as e: @@ -331,7 +330,6 @@ def handle(self): raise if self.server.shutdown_signal: self.initiate_shutdown() - return rv def initiate_shutdown(self): """A horrible, horrible way to kill the server for Python 2.6 and From cff0b4303947211fe610bd9f35b155e39c65f3a2 Mon Sep 17 00:00:00 2001 From: Lewis Headden Date: Fri, 31 May 2019 13:30:43 -0400 Subject: [PATCH 025/733] fix: Parse Crosswalk UA as Android not ChromeOS (#1024) --- src/werkzeug/useragents.py | 2 +- tests/test_wrappers.py | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py index 720a952ae..74f2fa4fd 100644 --- a/src/werkzeug/useragents.py +++ b/src/werkzeug/useragents.py @@ -18,7 +18,7 @@ class UserAgentParser(object): """A simple user agent parser. Used by the `UserAgent`.""" platforms = ( - ("cros", "chromeos"), + (" cros ", "chromeos"), ("iphone|ios", "iphone"), ("ipad", "ipad"), (r"darwin|mac|os\s*x", "macos"), diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py index 64327c0e2..4a60278d9 100644 --- a/tests/test_wrappers.py +++ b/tests/test_wrappers.py @@ -624,6 +624,15 @@ def test_user_agent_mixin(): "60.0.3255.95", None, ), + ( + "Mozilla/5.0 (Linux; Android 4.4.4; Google Nexus 7 2013 - 4.4.4 - " + "API 19 - 1200x1920 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) " + "Chrome/51.0.2704.106 Crosswalk/21.51.546.7 Safari/537.36", + "chrome", + "android", + "51.0.2704.106", + None, + ), ] for ua, browser, platform, version, lang in user_agents: request = wrappers.Request({"HTTP_USER_AGENT": ua}) From bdef20634c5c28a911c0b22eec562ab68c366bdf Mon Sep 17 00:00:00 2001 From: Joshua Bronson Date: Fri, 31 May 2019 13:39:36 -0400 Subject: [PATCH 026/733] avoid shadowing (for value in value) --- src/werkzeug/datastructures.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index c2b4c021b..91d1b8343 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -46,8 +46,8 @@ def iter_multi_items(mapping): elif isinstance(mapping, dict): for key, value in iteritems(mapping): if isinstance(value, (tuple, list)): - for value in value: - yield key, value + for v in value: + yield key, v else: yield key, value else: From 2b581c005309902c4d01029615d5418c0d617c32 Mon Sep 17 00:00:00 2001 From: Joshua Bronson Date: Fri, 31 May 2019 14:13:00 -0400 Subject: [PATCH 027/733] rm superfluous ` = None` last line ...of (nested) function. This statement has no effect. --- src/werkzeug/serving.py | 1 - 1 file changed, 1 deletion(-) diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index ff9f8805f..6127761c3 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -297,7 +297,6 @@ def execute(app): finally: if hasattr(application_iter, "close"): application_iter.close() - application_iter = None try: execute(self.server.app) From 0a672d311de069b84b36456b1ecc5296c26bad48 Mon Sep 17 00:00:00 2001 From: Lewis Headden Date: Fri, 31 May 2019 14:46:05 -0400 Subject: [PATCH 028/733] Add CHANGES entry --- CHANGES.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 2ea163421..ab23dadfe 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -20,6 +20,8 @@ Unreleased :pr:`1532` - The user agent for Opera 60 on Mac is correctly reported as "opera" instead of "chrome". :issue:`1556` +- The platform for Crosswalk on Android is correctly reported as + "android" instead of "chromeos". (:pr:`1572`) Version 0.15.5 From d6b54e3731c92059083ac6f1ffec69b1cbf8e31b Mon Sep 17 00:00:00 2001 From: Joshua Bronson Date: Fri, 31 May 2019 19:57:00 +0000 Subject: [PATCH 029/733] have you heard the good news about with statements --- src/werkzeug/debug/tbtools.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py index 70a5bef47..b34403dce 100644 --- a/src/werkzeug/debug/tbtools.py +++ b/src/werkzeug/debug/tbtools.py @@ -573,13 +573,12 @@ def sourcelines(self): if source is None: try: - f = open(to_native(self.filename, get_filesystem_encoding()), mode="rb") + with open( + to_native(self.filename, get_filesystem_encoding()), mode="rb" + ) as f: + source = f.read() except IOError: return [] - try: - source = f.read() - finally: - f.close() # already unicode? return right away if isinstance(source, text_type): From b82ef621773ca88c13ccbf24ab3e2688f0b43a8c Mon Sep 17 00:00:00 2001 From: Mark Roth Date: Fri, 31 May 2019 14:11:04 -0400 Subject: [PATCH 030/733] warn when current server name doesn't match configured server name --- CHANGES.rst | 2 ++ src/werkzeug/routing.py | 8 +++++++- tests/test_routing.py | 10 ++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index 5177b3e74..c25dbbdd3 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -22,6 +22,8 @@ Unreleased "opera" instead of "chrome". :issue:`1556` - The platform for Crosswalk on Android is correctly reported as "android" instead of "chromeos". (:pr:`1572`) +- Issue warning when current server name does not match configured + server name. :issue:`760` Version 0.15.5 diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index 8ff7df180..c37f73d7e 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -100,6 +100,7 @@ import posixpath import re import uuid +import warnings from pprint import pformat from threading import Lock @@ -1512,10 +1513,15 @@ def bind_to_environ(self, environ, server_name=None, subdomain=None): offset = -len(real_server_name) if cur_server_name[offset:] != real_server_name: # This can happen even with valid configs if the server was - # accesssed directly by IP address under some situations. + # accessed directly by IP address under some situations. # Instead of raising an exception like in Werkzeug 0.7 or # earlier we go by an invalid subdomain which will result # in a 404 error on matching. + warnings.warn( + "Current server name '{}' doesn't match configured " + "server name '{}'".format(wsgi_server_name, real_server_name), + stacklevel=2, + ) subdomain = "" else: subdomain = ".".join(filter(None, cur_server_name[:offset])) diff --git a/tests/test_routing.py b/tests/test_routing.py index 537883dbd..56a6be6a5 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -358,6 +358,16 @@ def test_http_host_before_server_name(): assert adapter.build("index") == "http://wiki.example.com/" +def test_invalid_subdomain_warning(): + env = create_environ("/foo") + env["SERVER_NAME"] = env["HTTP_HOST"] = "foo.example.com" + m = r.Map([r.Rule("/foo", endpoint="foo")]) + with pytest.warns(UserWarning) as record: + a = m.bind_to_environ(env, server_name="bar.example.com") + assert a.subdomain == "" + assert len(record) == 1 + + def test_adapter_url_parameter_sorting(): map = r.Map( [r.Rule("/", endpoint="index")], sort_parameters=True, sort_key=lambda x: x[1] From da92dc7dc43e39a83ca064cf6b536e1bbe482bec Mon Sep 17 00:00:00 2001 From: David Lord Date: Mon, 10 Jun 2019 13:59:50 -0700 Subject: [PATCH 031/733] match server names with default scheme and port --- CHANGES.rst | 7 +++++-- src/werkzeug/routing.py | 31 +++++++++++++++++++++++-------- tests/test_routing.py | 11 +++++++++++ 3 files changed, 39 insertions(+), 10 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index c25dbbdd3..8d33e32f9 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -22,8 +22,11 @@ Unreleased "opera" instead of "chrome". :issue:`1556` - The platform for Crosswalk on Android is correctly reported as "android" instead of "chromeos". (:pr:`1572`) -- Issue warning when current server name does not match configured - server name. :issue:`760` +- Issue a warning when the current server name does not match the + configured server name. :issue:`760` +- A configured server name with the default port for a scheme will + match the current server name without the port if the current scheme + matches. :pr:`1584` Version 0.15.5 diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index c37f73d7e..b7b5a066e 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -1485,32 +1485,47 @@ def bind_to_environ(self, environ, server_name=None, subdomain=None): :class:`MapAdapter` so that you don't have to pass the path info to the match method. - .. versionchanged:: 0.5 - previously this method accepted a bogus `calculate_subdomain` - parameter that did not have any effect. It was removed because - of that. + .. versionchanged:: 1.0.0 + If the passed server name specifies port 443, it will match + if the incoming scheme is ``https`` without a port. + + .. versionchanged:: 1.0.0 + A warning is shown when the passed server name does not + match the incoming WSGI server name. .. versionchanged:: 0.8 This will no longer raise a ValueError when an unexpected server name was passed. + .. versionchanged:: 0.5 + previously this method accepted a bogus `calculate_subdomain` + parameter that did not have any effect. It was removed because + of that. + :param environ: a WSGI environment. :param server_name: an optional server name hint (see above). :param subdomain: optionally the current subdomain (see above). """ environ = _get_environ(environ) - wsgi_server_name = get_host(environ).lower() + scheme = environ["wsgi.url_scheme"] if server_name is None: server_name = wsgi_server_name else: server_name = server_name.lower() + # strip standard port to match get_host() + if scheme == "http" and server_name.endswith(":80"): + server_name = server_name[:-3] + elif scheme == "https" and server_name.endswith(":443"): + server_name = server_name[:-4] + if subdomain is None and not self.host_matching: cur_server_name = wsgi_server_name.split(".") real_server_name = server_name.split(".") offset = -len(real_server_name) + if cur_server_name[offset:] != real_server_name: # This can happen even with valid configs if the server was # accessed directly by IP address under some situations. @@ -1518,8 +1533,8 @@ def bind_to_environ(self, environ, server_name=None, subdomain=None): # earlier we go by an invalid subdomain which will result # in a 404 error on matching. warnings.warn( - "Current server name '{}' doesn't match configured " - "server name '{}'".format(wsgi_server_name, real_server_name), + "Current server name '{}' doesn't match configured" + " server name '{}'".format(wsgi_server_name, server_name), stacklevel=2, ) subdomain = "" @@ -1539,7 +1554,7 @@ def _get_wsgi_string(name): server_name, script_name, subdomain, - environ["wsgi.url_scheme"], + scheme, environ["REQUEST_METHOD"], path_info, query_args=query_args, diff --git a/tests/test_routing.py b/tests/test_routing.py index 56a6be6a5..07127e8a5 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -368,6 +368,17 @@ def test_invalid_subdomain_warning(): assert len(record) == 1 +@pytest.mark.parametrize( + ("base", "name"), + (("http://localhost", "localhost:80"), ("https://localhost", "localhost:443")), +) +def test_server_name_match_default_port(base, name): + environ = create_environ("/foo", base_url=base) + map = r.Map([r.Rule("/foo", endpoint="foo")]) + adapter = map.bind_to_environ(environ, server_name=name) + assert adapter.match() == ("foo", {}) + + def test_adapter_url_parameter_sorting(): map = r.Map( [r.Rule("/", endpoint="index")], sort_parameters=True, sort_key=lambda x: x[1] From bc1b2e2593dea48b631b2410563dd9df9510456f Mon Sep 17 00:00:00 2001 From: David Lord Date: Thu, 20 Jun 2019 10:35:45 -0700 Subject: [PATCH 032/733] add InternalServerError.original_exception attribute --- CHANGES.rst | 3 +++ docs/exceptions.rst | 1 + src/werkzeug/exceptions.py | 12 ++++++++++++ 3 files changed, 16 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 8d33e32f9..3f6041cb2 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -27,6 +27,9 @@ Unreleased - A configured server name with the default port for a scheme will match the current server name without the port if the current scheme matches. :pr:`1584` +- :exc:`~exceptions.InternalServerError` has a ``original_exception`` + attribute that frameworks can use to track the original cause of the + error. :pr:`1590` Version 0.15.5 diff --git a/docs/exceptions.rst b/docs/exceptions.rst index f491def57..6c82e64a7 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -53,6 +53,7 @@ The following error classes exist in Werkzeug: .. autoexception:: RequestHeaderFieldsTooLarge .. autoexception:: InternalServerError + :members: .. autoexception:: NotImplemented diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index 9343cef38..fba808e9d 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -624,6 +624,9 @@ class InternalServerError(HTTPException): Raise if an internal server error occurred. This is a good fallback if an unknown error occurred in the dispatcher. + + .. versionchanged:: 1.0.0 + Added the :attr:`original_exception` attribute. """ code = 500 @@ -633,6 +636,15 @@ class InternalServerError(HTTPException): " there is an error in the application." ) + def __init__(self, description=None, response=None, original_exception=None): + #: The original exception that caused this 500 error. Can be + #: used by frameworks to provide context when handling + #: unexpected errors. + self.original_exception = original_exception + super(InternalServerError, self).__init__( + description=description, response=response + ) + class NotImplemented(HTTPException): """*501* `Not Implemented` From f753a326343cf5d163720f0d954d62aba3c5618c Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 25 Jun 2019 14:13:17 -0700 Subject: [PATCH 033/733] fix server name warnings in tests --- tests/test_routing.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/tests/test_routing.py b/tests/test_routing.py index 07127e8a5..fe147df01 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -444,8 +444,10 @@ def test_server_name_interpolation(): assert adapter.match() == ("alt", {}) env = create_environ("/", "http://%s/" % server_name) - adapter = map.bind_to_environ(env, server_name="foo") - assert adapter.subdomain == "" + + with pytest.warns(UserWarning): + adapter = map.bind_to_environ(env, server_name="foo") + assert adapter.subdomain == "" def test_rule_emptying(): @@ -764,8 +766,10 @@ def test_external_building_with_port_bind_to_environ(): def test_external_building_with_port_bind_to_environ_wrong_servername(): map = r.Map([r.Rule("/", endpoint="index")]) environ = create_environ("/", "http://example.org:5000/") - adapter = map.bind_to_environ(environ, server_name="example.org") - assert adapter.subdomain == "" + + with pytest.warns(UserWarning): + adapter = map.bind_to_environ(environ, server_name="example.org") + assert adapter.subdomain == "" def test_converter_parser(): @@ -916,7 +920,10 @@ def test_server_name_casing(): env["SERVER_NAME"] = "127.0.0.1" env["SERVER_PORT"] = "5000" del env["HTTP_HOST"] - a = m.bind_to_environ(env, server_name="example.com") + + with pytest.warns(UserWarning): + a = m.bind_to_environ(env, server_name="example.com") + with pytest.raises(r.NotFound): a.match() From 701531ea26a36009e197b2c8bda1a6b47f09938c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E1=B4=87s=E1=B4=9B?= Date: Wed, 3 Jul 2019 17:16:11 +0800 Subject: [PATCH 034/733] fix large cookie warn comment I thing the word is wrong here --- src/werkzeug/http.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index 3f40b3080..f32032789 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -1195,9 +1195,9 @@ def dump_cookie( if not PY2: rv = rv.decode("latin1") - # Warn if the final value of the cookie is less than the limit. If the - # cookie is too large, then it may be silently ignored, which can be quite - # hard to debug. + # Warn if the final value of the cookie is larger than the limit. If the + # cookie is too large, then it may be silently ignored by the browser, + # which can be quite hard to debug. cookie_size = len(rv) if max_size and cookie_size > max_size: From 9844e0447e63366273c8b9f9f2400e19b45532d1 Mon Sep 17 00:00:00 2001 From: Min ho Kim Date: Mon, 8 Jul 2019 01:23:43 +1000 Subject: [PATCH 035/733] Fix typos (#1602) --- examples/README.rst | 2 +- examples/coolmagic/utils.py | 2 +- examples/cupoftee/application.py | 2 +- examples/cupoftee/network.py | 2 +- examples/cupoftee/templates/serverlist.html | 2 +- examples/simplewiki/database.py | 2 +- src/werkzeug/datastructures.py | 2 +- src/werkzeug/middleware/proxy_fix.py | 2 +- src/werkzeug/urls.py | 2 +- src/werkzeug/utils.py | 2 +- src/werkzeug/wrappers/request.py | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/examples/README.rst b/examples/README.rst index 2b9df866a..31b50ef5e 100644 --- a/examples/README.rst +++ b/examples/README.rst @@ -6,7 +6,7 @@ This directory contains various example applications and example code of Werkzeug powered applications. Beside the proof of concept applications and code snippets in the partial -folder they all have external depencencies for template engines or database +folder they all have external dependencies for template engines or database adapters (SQLAlchemy only so far). Also, every application has click as external dependency, used to create the command line interface. diff --git a/examples/coolmagic/utils.py b/examples/coolmagic/utils.py index a1bc1ea31..4140eb537 100644 --- a/examples/coolmagic/utils.py +++ b/examples/coolmagic/utils.py @@ -5,7 +5,7 @@ This module contains the subclasses of the base request and response objects provided by werkzeug. The subclasses know about their charset - and implement some additional functionallity like the ability to link + and implement some additional functionality like the ability to link to view functions. :copyright: 2007 Pallets diff --git a/examples/cupoftee/application.py b/examples/cupoftee/application.py index 540e3f59f..0e4b00235 100644 --- a/examples/cupoftee/application.py +++ b/examples/cupoftee/application.py @@ -3,7 +3,7 @@ cupoftee.application ~~~~~~~~~~~~~~~~~~~~ - The WSGI appliction for the cup of tee browser. + The WSGI application for the cup of tee browser. :copyright: 2007 Pallets :license: BSD-3-Clause diff --git a/examples/cupoftee/network.py b/examples/cupoftee/network.py index 74c775aa1..c083efd4a 100644 --- a/examples/cupoftee/network.py +++ b/examples/cupoftee/network.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- """ - cupyoftee.network + cupoftee.network ~~~~~~~~~~~~~~~~~ Query the servers for information. diff --git a/examples/cupoftee/templates/serverlist.html b/examples/cupoftee/templates/serverlist.html index 05d15f194..308564af1 100644 --- a/examples/cupoftee/templates/serverlist.html +++ b/examples/cupoftee/templates/serverlist.html @@ -8,7 +8,7 @@

Server List

This list was last synced on {{ cup.master.last_sync.strftime('%d %B %Y at %H:%M UTC') }}. {% else %} - Syncronization with master server in progress. Reload the page in a minute + Synchronization with master server in progress. Reload the page in a minute or two, to see the server list. {% endif %}

diff --git a/examples/simplewiki/database.py b/examples/simplewiki/database.py index f0cec34e2..b808aae0e 100644 --- a/examples/simplewiki/database.py +++ b/examples/simplewiki/database.py @@ -115,7 +115,7 @@ def __repr__(self): class RevisionedPage(Page, Revision): """ - Represents a wiki page with a revision. Thanks to multiple inhertiance + Represents a wiki page with a revision. Thanks to multiple inheritance and the ability of SQLAlchemy to map to joins we can combine `Page` and `Revision` into one class here. """ diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 91d1b8343..1d5887118 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -1222,7 +1222,7 @@ def set(self, _key, _value, **kw): ikey = _key.lower() for idx, (old_key, _old_value) in enumerate(listiter): if old_key.lower() == ikey: - # replace first ocurrence + # replace first occurrence self._list[idx] = (_key, _value) break else: diff --git a/src/werkzeug/middleware/proxy_fix.py b/src/werkzeug/middleware/proxy_fix.py index 0046799c8..11f9a6916 100644 --- a/src/werkzeug/middleware/proxy_fix.py +++ b/src/werkzeug/middleware/proxy_fix.py @@ -78,7 +78,7 @@ class ProxyFix(object): Support ``X-Forwarded-Port`` and ``X-Forwarded-Prefix``. .. versionchanged:: 0.15 - ``X-Fowarded-Host`` and ``X-Forwarded-Port`` modify + ``X-Forwarded-Host`` and ``X-Forwarded-Port`` modify ``SERVER_NAME`` and ``SERVER_PORT``. """ diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py index 38e9e5adf..4a1146fb1 100644 --- a/src/werkzeug/urls.py +++ b/src/werkzeug/urls.py @@ -578,7 +578,7 @@ def url_unparse(components): # We generally treat file:///x and file:/x the same which is also # what browsers seem to do. This also allows us to ignore a schema - # register for netloc utilization or having to differenciate between + # register for netloc utilization or having to differentiate between # empty and missing netloc. if netloc or (scheme and path.startswith(s("/"))): if path and path[:1] != s("/"): diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index 196bff560..59c6f2708 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -303,7 +303,7 @@ def get_content_type(mimetype, charset): :param charset: The charset to be appended for text mimetypes. :return: The content type. - .. verionchanged:: 0.15 + .. versionchanged:: 0.15 Any type that ends with ``+xml`` gets a charset, not just those that start with ``application/``. Known text types such as ``application/javascript`` are also given charsets. diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py index d1c71b647..4aafa6fd8 100644 --- a/src/werkzeug/wrappers/request.py +++ b/src/werkzeug/wrappers/request.py @@ -25,7 +25,7 @@ class Request( class StreamOnlyMixin(object): - """If mixed in before the request object this will change the bahavior + """If mixed in before the request object this will change the behavior of it to disable handling of form parsing. This disables the :attr:`files`, :attr:`form` attributes and will just provide a :attr:`stream` attribute that however is always available. From c13eba6b51c023eae0e405a6c47b3927cfd7f2c1 Mon Sep 17 00:00:00 2001 From: Mark McDonald Date: Wed, 10 Jul 2019 14:29:09 +0800 Subject: [PATCH 036/733] Implements case-insensitive header equality --- src/werkzeug/datastructures.py | 7 ++++++- tests/test_datastructures.py | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 1d5887118..a109dda38 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -977,7 +977,12 @@ def __getitem__(self, key, _get_mode=False): raise exceptions.BadRequestKeyError(key) def __eq__(self, other): - return other.__class__ is self.__class__ and set(other._list) == set(self._list) + def lowered(item): + return (item[0].lower(),) + item[1:] + + return other.__class__ is self.__class__ and set( + map(lowered, other._list) + ) == set(map(lowered, self._list)) __hash__ = None diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index 97b4b205a..bf6b3f7cc 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -800,6 +800,20 @@ def test_to_wsgi_list_bytes(self): strict_eq(key, u"Key") strict_eq(value, u"Value") + def test_equality(self): + # test equality, given keys are case insensitive + h1 = self.storage_class() + h1.add("X-Foo", "foo") + h1.add("X-Bar", "bah") + h1.add("X-Bar", "humbug") + + h2 = self.storage_class() + h2.add("x-foo", "foo") + h2.add("x-bar", "bah") + h2.add("x-bar", "humbug") + + assert h1 == h2 + class TestEnvironHeaders(object): storage_class = datastructures.EnvironHeaders From dc670d9b4f68b0509339f565d9cc142631226b7b Mon Sep 17 00:00:00 2001 From: Mark McDonald Date: Thu, 11 Jul 2019 10:22:09 +0800 Subject: [PATCH 037/733] Add changelog for header eq --- CHANGES.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index e4a08b698..0f771e93e 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -30,6 +30,8 @@ Unreleased - :exc:`~exceptions.InternalServerError` has a ``original_exception`` attribute that frameworks can use to track the original cause of the error. :pr:`1590` +- Headers are tested for equality independent of the header key case, + such that ``X-Foo`` is the same as ``x-foo``. :pr:`1605` Version 0.15.5 From dbd43f90add3d52cc05efc4e893a99814c2c6af3 Mon Sep 17 00:00:00 2001 From: Joey Surls Date: Sat, 18 May 2019 08:25:05 -0500 Subject: [PATCH 038/733] Add 'None' as a legal value for samesite --- CHANGES.rst | 2 ++ src/werkzeug/http.py | 15 ++++++++++----- tests/test_http.py | 17 +++++++++++------ 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 0f771e93e..3453eec50 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -32,6 +32,8 @@ Unreleased error. :pr:`1590` - Headers are tested for equality independent of the header key case, such that ``X-Foo`` is the same as ``x-foo``. :pr:`1605` +- :meth:`http.dump_cookie` accepts ``'None'`` as a value for + ``samesite``. :issue:`1549` Version 0.15.5 diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index f32032789..8b16351ed 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -1135,10 +1135,13 @@ def dump_cookie( :param max_size: Warn if the final header value exceeds this size. The default, 4093, should be safely `supported by most browsers `_. Set to 0 to disable this check. - :param samesite: Limits the scope of the cookie such that it will only - be attached to requests if those requests are "same-site". + :param samesite: Limits the scope of the cookie such that it will + only be attached to requests if those requests are same-site. .. _`cookie`: http://browsercookielimits.squawky.net/ + + .. versionchanged:: 1.0.0 + The string ``'None'`` is accepted for ``samesite``. """ key = to_bytes(key, charset) value = to_bytes(value, charset) @@ -1154,9 +1157,11 @@ def dump_cookie( elif max_age is not None and sync_expires: expires = to_bytes(cookie_date(time() + max_age)) - samesite = samesite.title() if samesite else None - if samesite not in ("Strict", "Lax", None): - raise ValueError("invalid SameSite value; must be 'Strict', 'Lax' or None") + if samesite is not None: + samesite = samesite.title() + + if samesite not in {"Strict", "Lax", "None"}: + raise ValueError("SameSite must be 'Strict', 'Lax', or 'None'.") buf = [key + b"=" + _cookie_quote(value)] diff --git a/tests/test_http.py b/tests/test_http.py index 52275c654..400fc9d78 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -543,16 +543,21 @@ def test_cookie_maxsize(self, recwarn): assert "the limit is 512 bytes" in str(w.message) @pytest.mark.parametrize( - "input, expected", - [ + ("samesite", "expected"), + ( ("strict", "foo=bar; Path=/; SameSite=Strict"), ("lax", "foo=bar; Path=/; SameSite=Lax"), + ("none", "foo=bar; Path=/; SameSite=None"), (None, "foo=bar; Path=/"), - ], + ), ) - def test_cookie_samesite_attribute(self, input, expected): - val = http.dump_cookie("foo", "bar", samesite=input) - strict_eq(val, expected) + def test_cookie_samesite_attribute(self, samesite, expected): + value = http.dump_cookie("foo", "bar", samesite=samesite) + assert value == expected + + def test_cookie_samesite_invalid(self): + with pytest.raises(ValueError): + http.dump_cookie("foo", "bar", samesite="invalid") class TestRange(object): From af739bb2a295204ebc0f0fcca136f011652f9b15 Mon Sep 17 00:00:00 2001 From: gokcegrbl Date: Fri, 31 May 2019 16:18:09 +0000 Subject: [PATCH 039/733] Use @property decorator for properties --- examples/couchy/utils.py | 29 +++- examples/cupoftee/application.py | 4 +- examples/plnt/utils.py | 29 +++- examples/shorty/utils.py | 29 +++- src/werkzeug/datastructures.py | 127 +++++++++-------- src/werkzeug/debug/__init__.py | 9 +- src/werkzeug/local.py | 9 +- src/werkzeug/test.py | 185 ++++++++++++------------- src/werkzeug/wrappers/base_response.py | 24 ++-- src/werkzeug/wrappers/etag.py | 26 ++-- 10 files changed, 258 insertions(+), 213 deletions(-) diff --git a/examples/couchy/utils.py b/examples/couchy/utils.py index 571a7ed98..7a06e690f 100644 --- a/examples/couchy/utils.py +++ b/examples/couchy/utils.py @@ -75,8 +75,27 @@ def entries(self): ) ] - has_previous = property(lambda self: self.page > 1) - has_next = property(lambda self: self.page < self.pages) - previous = property(lambda self: url_for(self.endpoint, page=self.page - 1)) - next = property(lambda self: url_for(self.endpoint, page=self.page + 1)) - pages = property(lambda self: max(0, self.count - 1) // self.per_page + 1) + @property + def has_previous(self): + """Return True if there are pages before the current one.""" + return self.page > 1 + + @property + def has_next(self): + """Return True if there are pages after the current one.""" + return self.page < self.pages + + @property + def previous(self): + """Return the URL for the previous page.""" + return url_for(self.endpoint, page=self.page - 1) + + @property + def next(self): + """Return the URL for the next page.""" + return url_for(self.endpoint, page=self.page + 1) + + @property + def pages(self): + """Return the number of pages.""" + return max(0, self.count - 1) // self.per_page + 1 diff --git a/examples/cupoftee/application.py b/examples/cupoftee/application.py index 0e4b00235..17c8e53a9 100644 --- a/examples/cupoftee/application.py +++ b/examples/cupoftee/application.py @@ -47,7 +47,9 @@ def __init__(cls, name, bases, d): Rule(cls.url_rule, endpoint=cls.identifier, **cls.url_arguments) ) - identifier = property(lambda self: self.__name__.lower()) + @property + def identifier(cls): + return cls.__name__.lower() def _with_metaclass(meta, *bases): diff --git a/examples/plnt/utils.py b/examples/plnt/utils.py index 5c6f0d0bb..936d22efd 100644 --- a/examples/plnt/utils.py +++ b/examples/plnt/utils.py @@ -135,8 +135,27 @@ def entries(self): def count(self): return self.query.count() - has_previous = property(lambda self: self.page > 1) - has_next = property(lambda self: self.page < self.pages) - previous = property(lambda self: url_for(self.endpoint, page=self.page - 1)) - next = property(lambda self: url_for(self.endpoint, page=self.page + 1)) - pages = property(lambda self: max(0, self.count - 1) // self.per_page + 1) + @property + def has_previous(self): + """Return True if there are pages before the current one.""" + return self.page > 1 + + @property + def has_next(self): + """Return True if there are pages after the current one.""" + return self.page < self.pages + + @property + def previous(self): + """Return the URL for the previous page.""" + return url_for(self.endpoint, page=self.page - 1) + + @property + def next(self): + """Return the URL for the next page.""" + return url_for(self.endpoint, page=self.page + 1) + + @property + def pages(self): + """Return the number of pages.""" + return max(0, self.count - 1) // self.per_page + 1 diff --git a/examples/shorty/utils.py b/examples/shorty/utils.py index f61f9ef98..2a2a766c5 100644 --- a/examples/shorty/utils.py +++ b/examples/shorty/utils.py @@ -85,8 +85,27 @@ def entries(self): .all() ) - has_previous = property(lambda self: self.page > 1) - has_next = property(lambda self: self.page < self.pages) - previous = property(lambda self: url_for(self.endpoint, page=self.page - 1)) - next = property(lambda self: url_for(self.endpoint, page=self.page + 1)) - pages = property(lambda self: max(0, self.count - 1) // self.per_page + 1) + @property + def has_previous(self): + """Return True if there are pages before the current one.""" + return self.page > 1 + + @property + def has_next(self): + """Return True if there are pages after the current one.""" + return self.page < self.pages + + @property + def previous(self): + """Return the URL for the previous page.""" + return url_for(self.endpoint, page=self.page - 1) + + @property + def next(self): + """Return the URL for the next page.""" + return url_for(self.endpoint, page=self.page + 1) + + @property + def pages(self): + """Return the number of pages.""" + return max(0, self.count - 1) // self.per_page + 1 diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index a109dda38..9cfa1eb13 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -2455,70 +2455,77 @@ def __init__(self, auth_type, data=None): dict.__init__(self, data or {}) self.type = auth_type - username = property( - lambda self: self.get("username"), - doc=""" - The username transmitted. This is set for both basic and digest - auth all the time.""", - ) - password = property( - lambda self: self.get("password"), - doc=""" - When the authentication type is basic this is the password - transmitted by the client, else `None`.""", - ) - realm = property( - lambda self: self.get("realm"), - doc=""" - This is the server realm sent back for HTTP digest auth.""", - ) - nonce = property( - lambda self: self.get("nonce"), - doc=""" - The nonce the server sent for digest auth, sent back by the client. - A nonce should be unique for every 401 response for HTTP digest - auth.""", - ) - uri = property( - lambda self: self.get("uri"), - doc=""" - The URI from Request-URI of the Request-Line; duplicated because + @property + def username(self): + """The username transmitted. This is set for both basic and digest + auth all the time. + """ + return self.get("username") + + @property + def password(self): + """When the authentication type is basic this is the password + transmitted by the client, else `None`. + """ + return self.get("password") + + @property + def realm(self): + """This is the server realm sent back for HTTP digest auth.""" + return self.get("realm") + + @property + def nonce(self): + """The nonce the server sent for digest auth, sent back by the client. + A nonce should be unique for every 401 response for HTTP digest auth. + """ + return self.get("nonce") + + @property + def uri(self): + """The URI from Request-URI of the Request-Line; duplicated because proxies are allowed to change the Request-Line in transit. HTTP - digest auth only.""", - ) - nc = property( - lambda self: self.get("nc"), - doc=""" - The nonce count value transmitted by clients if a qop-header is - also transmitted. HTTP digest auth only.""", - ) - cnonce = property( - lambda self: self.get("cnonce"), - doc=""" - If the server sent a qop-header in the ``WWW-Authenticate`` + digest auth only. + """ + return self.get("uri") + + @property + def nc(self): + """The nonce count value transmitted by clients if a qop-header is + also transmitted. HTTP digest auth only. + """ + return self.get("nc") + + @property + def cnonce(self): + """If the server sent a qop-header in the ``WWW-Authenticate`` header, the client has to provide this value for HTTP digest auth. - See the RFC for more details.""", - ) - response = property( - lambda self: self.get("response"), - doc=""" - A string of 32 hex digits computed as defined in RFC 2617, which - proves that the user knows a password. Digest auth only.""", - ) - opaque = property( - lambda self: self.get("opaque"), - doc=""" - The opaque header from the server returned unchanged by the client. + See the RFC for more details. + """ + return self.get("cnonce") + + @property + def response(self): + """A string of 32 hex digits computed as defined in RFC 2617, which + proves that the user knows a password. Digest auth only. + """ + return self.get("response") + + @property + def opaque(self): + """The opaque header from the server returned unchanged by the client. It is recommended that this string be base64 or hexadecimal data. - Digest auth only.""", - ) - qop = property( - lambda self: self.get("qop"), - doc=""" - Indicates what "quality of protection" the client has applied to + Digest auth only. + """ + return self.get("opaque") + + @property + def qop(self): + """Indicates what "quality of protection" the client has applied to the message for HTTP digest auth. Note that this is a single token, - not a quoted list of alternatives as in WWW-Authenticate.""", - ) + not a quoted list of alternatives as in WWW-Authenticate. + """ + return self.get("qop") class WWWAuthenticate(UpdateDictMixin, dict): diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py index 381d60f24..bb188017a 100644 --- a/src/werkzeug/debug/__init__.py +++ b/src/werkzeug/debug/__init__.py @@ -276,17 +276,16 @@ def __init__( else: self.pin = None - def _get_pin(self): + @property + def pin(self): if not hasattr(self, "_pin"): self._pin, self._pin_cookie = get_pin_and_cookie_name(self.app) return self._pin - def _set_pin(self, value): + @pin.setter + def pin(self, value): self._pin = value - pin = property(_get_pin, _set_pin) - del _get_pin, _set_pin - @property def pin_cookie_name(self): """The name of the pin cookie.""" diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py index 9a6088ccf..626b87b0f 100644 --- a/src/werkzeug/local.py +++ b/src/werkzeug/local.py @@ -121,15 +121,14 @@ def __init__(self): def __release_local__(self): self._local.__release_local__() - def _get__ident_func__(self): + @property + def __ident_func__(self): return self._local.__ident_func__ - def _set__ident_func__(self, value): + @__ident_func__.setter + def __ident_func__(self, value): object.__setattr__(self._local, "__ident_func__", value) - __ident_func__ = property(_get__ident_func__, _set__ident_func__) - del _get__ident_func__, _set__ident_func__ - def __call__(self): def _lookup(): rv = self.top diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index 5476006a1..672e61c24 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -467,162 +467,147 @@ def base_url(self, value): self.host = netloc self.url_scheme = scheme - def _get_content_type(self): + @property + def content_type(self): + """The content type for the request. Reflected from and to + the :attr:`headers`. Do not set if you set :attr:`files` or + :attr:`form` for auto detection. + """ ct = self.headers.get("Content-Type") if ct is None and not self._input_stream: if self._files: return "multipart/form-data" - elif self._form: + if self._form: return "application/x-www-form-urlencoded" return None return ct - def _set_content_type(self, value): + @content_type.setter + def content_type(self, value): if value is None: self.headers.pop("Content-Type", None) else: self.headers["Content-Type"] = value - content_type = property( - _get_content_type, - _set_content_type, - doc="""The content type for the request. Reflected from and to - the :attr:`headers`. Do not set if you set :attr:`files` or - :attr:`form` for auto detection.""", - ) - del _get_content_type, _set_content_type - - def _get_content_length(self): - return self.headers.get("Content-Length", type=int) + @property + def mimetype(self): + """The mimetype (content type without charset etc.) - def _get_mimetype(self): + .. versionadded:: 0.14 + """ ct = self.content_type if ct: return ct.split(";")[0].strip() + return None - def _set_mimetype(self, value): + @mimetype.setter + def mimetype(self, value): self.content_type = get_content_type(value, self.charset) - def _get_mimetype_params(self): + @property + def mimetype_params(self): + """ The mimetype parameters as dict. For example if the + content type is ``text/html; charset=utf-8`` the params would be + ``{'charset': 'utf-8'}``. + + .. versionadded:: 0.14 + """ + def on_update(d): self.headers["Content-Type"] = dump_options_header(self.mimetype, d) d = parse_options_header(self.headers.get("content-type", ""))[1] return CallbackDict(d, on_update) - mimetype = property( - _get_mimetype, - _set_mimetype, - doc="""The mimetype (content type without charset etc.) - - .. versionadded:: 0.14 - """, - ) - mimetype_params = property( - _get_mimetype_params, - doc=""" The mimetype parameters as dict. For example if the - content type is ``text/html; charset=utf-8`` the params would be - ``{'charset': 'utf-8'}``. - - .. versionadded:: 0.14 - """, - ) - del _get_mimetype, _set_mimetype, _get_mimetype_params + @property + def content_length(self): + """The content length as integer. Reflected from and to the + :attr:`headers`. Do not set if you set :attr:`files` or + :attr:`form` for auto detection. + """ + return self.headers.get("Content-Length", type=int) - def _set_content_length(self, value): + @content_length.setter + def content_length(self, value): if value is None: self.headers.pop("Content-Length", None) else: self.headers["Content-Length"] = str(value) - content_length = property( - _get_content_length, - _set_content_length, - doc="""The content length as integer. Reflected from and to the - :attr:`headers`. Do not set if you set :attr:`files` or - :attr:`form` for auto detection.""", - ) - del _get_content_length, _set_content_length - - def form_property(name, storage, doc): # noqa: B902 - key = "_" + name - - def getter(self): - if self._input_stream is not None: - raise AttributeError("an input stream is defined") - rv = getattr(self, key) - if rv is None: - rv = storage() - setattr(self, key, rv) - - return rv - - def setter(self, value): - self._input_stream = None - setattr(self, key, value) - - return property(getter, setter, doc=doc) + @property + def form(self): + """A :class:`MultiDict` of form values.""" + if self.input_stream is not None: + raise AttributeError("an input stream is defined") + if self._form is None: + self._form = MultiDict() + return self._form + + @form.setter + def form(self, value): + self._input_stream = None + self._form = value - form = form_property("form", MultiDict, doc="A :class:`MultiDict` of form values.") - files = form_property( - "files", - FileMultiDict, - doc="""A :class:`FileMultiDict` of uploaded files. You can use + @property + def files(self): + """A :class:`FileMultiDict` of uploaded files. You can use the :meth:`~FileMultiDict.add_file` method to add new files to - the dict.""", - ) - del form_property + the dict. + """ + if self.input_stream is not None: + raise AttributeError("an input stream is defined") + if self._files is None: + self._files = FileMultiDict() + return self._files + + @files.setter + def files(self, value): + self._input_stream = None + self._files = value - def _get_input_stream(self): + @property + def input_stream(self): + """An optional input stream. If you set this it will clear + :attr:`form` and :attr:`files`. + """ return self._input_stream - def _set_input_stream(self, value): + @input_stream.setter + def input_stream(self, value): self._input_stream = value - self._form = self._files = None + self._form = None + self._files = None - input_stream = property( - _get_input_stream, - _set_input_stream, - doc="""An optional input stream. If you set this it will clear - :attr:`form` and :attr:`files`.""", - ) - del _get_input_stream, _set_input_stream - - def _get_query_string(self): + @property + def query_string(self): + """The query string. If you set this to a string + :attr:`args` will no longer be available. + """ if self._query_string is None: if self._args is not None: return url_encode(self._args, charset=self.charset) return "" return self._query_string - def _set_query_string(self, value): + @query_string.setter + def query_string(self, value): self._query_string = value self._args = None - query_string = property( - _get_query_string, - _set_query_string, - doc="""The query string. If you set this to a string - :attr:`args` will no longer be available.""", - ) - del _get_query_string, _set_query_string - - def _get_args(self): + @property + def args(self): + """The URL arguments as :class:`MultiDict`.""" if self._query_string is not None: raise AttributeError("a query string is defined") if self._args is None: self._args = MultiDict() return self._args - def _set_args(self, value): + @args.setter + def args(self, value): self._query_string = None self._args = value - args = property( - _get_args, _set_args, doc="The URL arguments as :class:`MultiDict`." - ) - del _get_args, _set_args - @property def server_name(self): """The server name (read-only, use :attr:`host` to set)""" @@ -634,7 +619,7 @@ def server_port(self): pieces = self.host.split(":", 1) if len(pieces) == 2 and pieces[1].isdigit(): return int(pieces[1]) - elif self.url_scheme == "https": + if self.url_scheme == "https": return 443 return 80 diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py index d944a7d22..f473d5b1c 100644 --- a/src/werkzeug/wrappers/base_response.py +++ b/src/werkzeug/wrappers/base_response.py @@ -286,25 +286,26 @@ def from_app(cls, app, environ, buffered=False): """ return cls(*_run_wsgi_app(app, environ, buffered)) - def _get_status_code(self): + @property + def status_code(self): + """The HTTP Status code as number.""" return self._status_code - def _set_status_code(self, code): + @status_code.setter + def status_code(self, code): self._status_code = code try: self._status = "%d %s" % (code, HTTP_STATUS_CODES[code].upper()) except KeyError: self._status = "%d UNKNOWN" % code - status_code = property( - _get_status_code, _set_status_code, doc="The HTTP Status code as number" - ) - del _get_status_code, _set_status_code - - def _get_status(self): + @property + def status(self): + """The HTTP Status code.""" return self._status - def _set_status(self, value): + @status.setter + def status(self, value): try: self._status = to_native(value) except AttributeError: @@ -318,9 +319,6 @@ def _set_status(self, value): except IndexError: raise ValueError("Empty status argument") - status = property(_get_status, _set_status, doc="The HTTP Status code") - del _get_status, _set_status - def get_data(self, as_text=False): """The string representation of the request body. Whenever you call this property the request iterable is encoded and flattened. This @@ -341,7 +339,7 @@ def get_data(self, as_text=False): return rv def set_data(self, value): - """Sets a new string as response. The value set must either by a + """Sets a new string as response. The value set must be either a unicode or bytestring. If a unicode string is set it's encoded automatically to the charset of the response (utf-8 by default). diff --git a/src/werkzeug/wrappers/etag.py b/src/werkzeug/wrappers/etag.py index 0733506f1..03f5a4f68 100644 --- a/src/werkzeug/wrappers/etag.py +++ b/src/werkzeug/wrappers/etag.py @@ -268,7 +268,16 @@ def freeze(self, no_etag=False): .. versionadded:: 0.7""", ) - def _get_content_range(self): + @property + def content_range(self): + """The ``Content-Range`` header as + :class:`~werkzeug.datastructures.ContentRange` object. Even if + the header is not set it will provide such an object for easier + manipulation. + + .. versionadded:: 0.7 + """ + def on_update(rng): if not rng: del self.headers["content-range"] @@ -283,22 +292,11 @@ def on_update(rng): rv = ContentRange(None, None, None, on_update=on_update) return rv - def _set_content_range(self, value): + @content_range.setter + def content_range(self, value): if not value: del self.headers["content-range"] elif isinstance(value, string_types): self.headers["Content-Range"] = value else: self.headers["Content-Range"] = value.to_header() - - content_range = property( - _get_content_range, - _set_content_range, - doc="""The ``Content-Range`` header as - :class:`~werkzeug.datastructures.ContentRange` object. Even if - the header is not set it wil provide such an object for easier - manipulation. - - .. versionadded:: 0.7""", - ) - del _get_content_range, _set_content_range From aecf542d5d426ea94f238d8511b9cf888d124db4 Mon Sep 17 00:00:00 2001 From: David Lord Date: Fri, 12 Jul 2019 09:55:21 -0700 Subject: [PATCH 040/733] extract common test form and files properties behavior --- src/werkzeug/test.py | 55 ++++++++++++++++---------- src/werkzeug/wrappers/base_response.py | 4 +- src/werkzeug/wrappers/etag.py | 7 ++-- 3 files changed, 40 insertions(+), 26 deletions(-) diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index 672e61c24..6746c500f 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -496,9 +496,7 @@ def mimetype(self): .. versionadded:: 0.14 """ ct = self.content_type - if ct: - return ct.split(";")[0].strip() - return None + return ct.split(";")[0].strip() if ct else None @mimetype.setter def mimetype(self, value): @@ -534,36 +532,53 @@ def content_length(self, value): else: self.headers["Content-Length"] = str(value) + def _get_form(self, name, storage): + """Common behavior for getting the :attr:`form` and + :attr:`files` properties. + + :param name: Name of the internal cached attribute. + :param storage: Storage class used for the data. + """ + if self.input_stream is not None: + raise AttributeError("an input stream is defined") + + rv = getattr(self, name) + + if rv is None: + rv = storage() + setattr(self, name, rv) + + return rv + + def _set_form(self, name, value): + """Common behavior for setting the :attr:`form` and + :attr:`files` properties. + + :param name: Name of the internal cached attribute. + :param value: Value to assign to the attribute. + """ + self._input_stream = None + setattr(self, name, value) + @property def form(self): """A :class:`MultiDict` of form values.""" - if self.input_stream is not None: - raise AttributeError("an input stream is defined") - if self._form is None: - self._form = MultiDict() - return self._form + return self._get_form("_form", MultiDict) @form.setter def form(self, value): - self._input_stream = None - self._form = value + self._set_form("_form", value) @property def files(self): - """A :class:`FileMultiDict` of uploaded files. You can use - the :meth:`~FileMultiDict.add_file` method to add new files to - the dict. + """A :class:`FileMultiDict` of uploaded files. Use + :meth:`~FileMultiDict.add_file` to add new files. """ - if self.input_stream is not None: - raise AttributeError("an input stream is defined") - if self._files is None: - self._files = FileMultiDict() - return self._files + return self._get_form("_files", FileMultiDict) @files.setter def files(self, value): - self._input_stream = None - self._files = value + self._set_form("_files", value) @property def input_stream(self): diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py index f473d5b1c..00b9640c5 100644 --- a/src/werkzeug/wrappers/base_response.py +++ b/src/werkzeug/wrappers/base_response.py @@ -288,7 +288,7 @@ def from_app(cls, app, environ, buffered=False): @property def status_code(self): - """The HTTP Status code as number.""" + """The HTTP status code as a number.""" return self._status_code @status_code.setter @@ -301,7 +301,7 @@ def status_code(self, code): @property def status(self): - """The HTTP Status code.""" + """The HTTP status code as a string.""" return self._status @status.setter diff --git a/src/werkzeug/wrappers/etag.py b/src/werkzeug/wrappers/etag.py index 03f5a4f68..ac2860a05 100644 --- a/src/werkzeug/wrappers/etag.py +++ b/src/werkzeug/wrappers/etag.py @@ -270,10 +270,9 @@ def freeze(self, no_etag=False): @property def content_range(self): - """The ``Content-Range`` header as - :class:`~werkzeug.datastructures.ContentRange` object. Even if - the header is not set it will provide such an object for easier - manipulation. + """The ``Content-Range`` header as a + :class:`~werkzeug.datastructures.ContentRange` object. Available + even if the header is not set. .. versionadded:: 0.7 """ From e4c07a6ef24a398e63e81a30b2e6a451c8e7619a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Batuhan=20Ta=C5=9Fkaya?= Date: Sat, 11 May 2019 06:51:57 +0300 Subject: [PATCH 041/733] highlight server log with Click instead of termcolor --- CHANGES.rst | 2 ++ docs/installation.rst | 4 ++-- docs/serving.rst | 11 ++++++++--- setup.py | 1 - src/werkzeug/serving.py | 22 +++++++++++----------- 5 files changed, 23 insertions(+), 17 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 3453eec50..88b0de9a1 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -34,6 +34,8 @@ Unreleased such that ``X-Foo`` is the same as ``x-foo``. :pr:`1605` - :meth:`http.dump_cookie` accepts ``'None'`` as a value for ``samesite``. :issue:`1549` +- Optional request log highlighting with the development server is + handled by Click instead of termcolor. :issue:`1235` Version 0.15.5 diff --git a/docs/installation.rst b/docs/installation.rst index 2d4acbabd..913171edb 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -26,13 +26,13 @@ detect and use them if you install them. * `SimpleJSON`_ is a fast JSON implementation that is compatible with Python's ``json`` module. It is preferred for JSON operations if it is installed. -* `termcolor`_ provides request log highlighting when using the +* `Click`_ provides request log highlighting when using the development server. * `Watchdog`_ provides a faster, more efficient reloader for the development server. .. _SimpleJSON: https://simplejson.readthedocs.io/en/latest/ -.. _termcolor: https://pypi.org/project/termcolor/ +.. _Click: https://pypi.org/project/click/ .. _Watchdog: https://pypi.org/project/watchdog/ diff --git a/docs/serving.rst b/docs/serving.rst index defb33480..e35975dc9 100644 --- a/docs/serving.rst +++ b/docs/serving.rst @@ -72,11 +72,16 @@ polling and ``'watchdog'`` forces it to the watchdog backend. handled by the stat reloader for performance reasons. The watchdog reloader monitors such files too. + Colored Logging --------------- -Werkzeug is able to color the output of request logs when ran from a terminal, just install the `termcolor -`_ package. Windows users need to install `colorama -`_ in addition to termcolor for this to work. + +The development server can optionally highlight the request logs in +different colors based on the status code. Install `Click`_ to enable +this feature. + +.. _Click: https://pypi.org/project/click/ + Virtual Hosts ------------- diff --git a/setup.py b/setup.py index 02b460301..d12c3b6ee 100644 --- a/setup.py +++ b/setup.py @@ -54,7 +54,6 @@ python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*", extras_require={ "watchdog": ["watchdog"], - "termcolor": ["termcolor"], "dev": [ "pytest", "coverage", diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index 8863d4bdf..88ba1cc37 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -72,9 +72,9 @@ def __getattr__(self, name): ssl = _SslDummy() try: - import termcolor + import click except ImportError: - termcolor = None + click = None def _get_openssl_crypto_module(): @@ -392,23 +392,23 @@ def log_request(self, code="-", size="-"): code = str(code) - if termcolor: - color = termcolor.colored + if click: + color = click.style if code[0] == "1": # 1xx - Informational - msg = color(msg, attrs=["bold"]) + msg = color(msg, bold=True) elif code[0] == "2": # 2xx - Success - msg = color(msg, color="white") + msg = color(msg, fg="white") elif code == "304": # 304 - Resource Not Modified - msg = color(msg, color="cyan") + msg = color(msg, fg="cyan") elif code[0] == "3": # 3xx - Redirection - msg = color(msg, color="green") + msg = color(msg, fg="green") elif code == "404": # 404 - Resource Not Found - msg = color(msg, color="yellow") + msg = color(msg, fg="yellow") elif code[0] == "4": # 4xx - Client Error - msg = color(msg, color="red", attrs=["bold"]) + msg = color(msg, fg="red", bold=True) else: # 5xx, or any other response - msg = color(msg, color="magenta", attrs=["bold"]) + msg = color(msg, fg="magenta", bold=True) self.log("info", '"%s" %s %s', msg, code, size) From 84c98f2d57406495f9c577dd5ddbf34e54bb55f6 Mon Sep 17 00:00:00 2001 From: alex Date: Wed, 22 May 2019 08:42:49 +0200 Subject: [PATCH 042/733] use cryptography instead of pyOpenSSL pyOpenSSL is only a wrapper around cryptography now. It recommends using cryptography directly for our use case. --- CHANGES.rst | 2 + docs/serving.rst | 2 +- src/werkzeug/serving.py | 101 ++++++++++++++++++++++------------------ tests/test_serving.py | 12 +++-- tox.ini | 2 +- 5 files changed, 66 insertions(+), 53 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 88b0de9a1..1ca865da7 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -36,6 +36,8 @@ Unreleased ``samesite``. :issue:`1549` - Optional request log highlighting with the development server is handled by Click instead of termcolor. :issue:`1235` +- Optional ad-hoc TLS support for the development server is handled + by cryptography instead of pyOpenSSL. :pr:`1555` Version 0.15.5 diff --git a/docs/serving.rst b/docs/serving.rst index e35975dc9..7016ec9b3 100644 --- a/docs/serving.rst +++ b/docs/serving.rst @@ -229,7 +229,7 @@ certificate each time the server is reloaded. Adhoc certificates are discouraged because modern browsers do a bad job at supporting them for security reasons. -This feature requires the pyOpenSSL library to be installed. +This feature requires the cryptography library to be installed. Unix Sockets diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index 88ba1cc37..9ebd125f9 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -40,6 +40,8 @@ import signal import socket import sys +from datetime import datetime as dt +from datetime import timedelta import werkzeug from ._compat import PY2 @@ -77,15 +79,6 @@ def __getattr__(self, name): click = None -def _get_openssl_crypto_module(): - try: - from OpenSSL import crypto - except ImportError: - raise TypeError("Using ad-hoc certificates requires the pyOpenSSL library.") - else: - return crypto - - ThreadingMixIn = socketserver.ThreadingMixIn can_fork = hasattr(os, "fork") @@ -481,32 +474,39 @@ def get_header_items(self): def generate_adhoc_ssl_pair(cn=None): - from random import random - - crypto = _get_openssl_crypto_module() + try: + from cryptography import x509 + from cryptography.x509.oid import NameOID + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives import hashes + from cryptography.hazmat.primitives.asymmetric import rsa + except ImportError: + raise TypeError("Using ad-hoc certificates requires the cryptography library.") + pkey = rsa.generate_private_key( + public_exponent=65537, key_size=2048, backend=default_backend() + ) # pretty damn sure that this is not actually accepted by anyone if cn is None: - cn = "*" - - cert = crypto.X509() - cert.set_serial_number(int(random() * sys.maxsize)) - cert.gmtime_adj_notBefore(0) - cert.gmtime_adj_notAfter(60 * 60 * 24 * 365) + cn = u"*" - subject = cert.get_subject() - subject.CN = cn - subject.O = "Dummy Certificate" # noqa: E741 - - issuer = cert.get_issuer() - issuer.CN = subject.CN - issuer.O = subject.O # noqa: E741 - - pkey = crypto.PKey() - pkey.generate_key(crypto.TYPE_RSA, 2048) - cert.set_pubkey(pkey) - cert.sign(pkey, "sha256") + subject = x509.Name( + [ + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Dummy Certificate"), + x509.NameAttribute(NameOID.COMMON_NAME, cn), + ] + ) + cert = ( + x509.CertificateBuilder() + .subject_name(subject) + .issuer_name(subject) + .public_key(pkey.public_key()) + .serial_number(x509.random_serial_number()) + .not_valid_before(dt.utcnow()) + .not_valid_after(dt.utcnow() + timedelta(days=365)) + .sign(pkey, hashes.SHA256(), default_backend()) + ) return cert, pkey @@ -528,37 +528,54 @@ def make_ssl_devcert(base_path, host=None, cn=None): for the `cn`. :param cn: the `CN` to use. """ - from OpenSSL import crypto if host is not None: - cn = "*.%s/CN=%s" % (host, host) + cn = u"*.%s/CN=%s" % (host, host) cert, pkey = generate_adhoc_ssl_pair(cn=cn) + from cryptography.hazmat.primitives import serialization + cert_file = base_path + ".crt" pkey_file = base_path + ".key" with open(cert_file, "wb") as f: - f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) + f.write(cert.public_bytes(serialization.Encoding.PEM)) with open(pkey_file, "wb") as f: - f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) + f.write( + pkey.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption(), + ) + ) return cert_file, pkey_file def generate_adhoc_ssl_context(): """Generates an adhoc SSL context for the development server.""" - crypto = _get_openssl_crypto_module() import tempfile import atexit cert, pkey = generate_adhoc_ssl_pair() + + from cryptography.hazmat.primitives import serialization + cert_handle, cert_file = tempfile.mkstemp() pkey_handle, pkey_file = tempfile.mkstemp() atexit.register(os.remove, pkey_file) atexit.register(os.remove, cert_file) - os.write(cert_handle, crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) - os.write(pkey_handle, crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) + os.write(cert_handle, cert.public_bytes(serialization.Encoding.PEM)) + os.write( + pkey_handle, + pkey.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption(), + ), + ) + os.close(cert_handle) os.close(pkey_handle) ctx = load_ssl_context(cert_file, pkey_file) @@ -611,17 +628,9 @@ def wrap_socket(self, sock, **kwargs): def is_ssl_error(error=None): """Checks if the given error (or the current one) is an SSL error.""" - exc_types = (ssl.SSLError,) - try: - from OpenSSL.SSL import Error - - exc_types += (Error,) - except ImportError: - pass - if error is None: error = sys.exc_info()[1] - return isinstance(error, exc_types) + return isinstance(error, ssl.SSLError) def select_address_family(host, port): diff --git a/tests/test_serving.py b/tests/test_serving.py index cf31bd2e6..59ee43aba 100644 --- a/tests/test_serving.py +++ b/tests/test_serving.py @@ -24,9 +24,9 @@ from werkzeug import serving try: - import OpenSSL + import cryptography except ImportError: - OpenSSL = None + cryptography = None try: import watchdog @@ -101,7 +101,9 @@ def app(environ, start_response): not hasattr(ssl, "SSLContext"), reason="Missing PEP 466 (Python 2.7.9+) or Python 3.", ) -@pytest.mark.skipif(OpenSSL is None, reason="OpenSSL is required for cert generation.") +@pytest.mark.skipif( + cryptography is None, reason="cryptography is required for cert generation." +) def test_stdlib_ssl_contexts(dev_server, tmpdir): certificate, private_key = serving.make_ssl_devcert(str(tmpdir.mkdir("certs"))) @@ -124,7 +126,7 @@ def app(environ, start_response): assert r.content == b"hello" -@pytest.mark.skipif(OpenSSL is None, reason="OpenSSL is not installed.") +@pytest.mark.skipif(cryptography is None, reason="cryptography is not installed.") def test_ssl_context_adhoc(dev_server): server = dev_server( """ @@ -139,7 +141,7 @@ def app(environ, start_response): assert r.content == b"hello" -@pytest.mark.skipif(OpenSSL is None, reason="OpenSSL is not installed.") +@pytest.mark.skipif(cryptography is None, reason="cryptography is not installed.") def test_make_ssl_devcert(tmpdir): certificate, private_key = serving.make_ssl_devcert(str(tmpdir)) assert os.path.isfile(certificate) diff --git a/tox.ini b/tox.ini index abda16f0e..bdcb6b0c2 100644 --- a/tox.ini +++ b/tox.ini @@ -14,7 +14,7 @@ deps = pytest-xprocess requests requests_unixsocket - pyopenssl + cryptography greenlet watchdog commands = coverage run -p -m pytest --tb=short --basetemp={envtmpdir} {posargs} From 679ec2b53da4f4b620acfd5cabb73291fb1ac872 Mon Sep 17 00:00:00 2001 From: linchiwei123 <40888469+linchiwei123@users.noreply.github.com> Date: Sun, 14 Jul 2019 14:46:29 +0800 Subject: [PATCH 043/733] update docstring of class ResponseStreamMixin --- src/werkzeug/wrappers/response.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py index cd86cacdb..58707a6ae 100644 --- a/src/werkzeug/wrappers/response.py +++ b/src/werkzeug/wrappers/response.py @@ -51,7 +51,7 @@ def encoding(self): class ResponseStreamMixin(object): - """Mixin for :class:`BaseRequest` subclasses. Classes that inherit from + """Mixin for :class:`BaseResponse` subclasses. Classes that inherit from this mixin will automatically get a :attr:`stream` property that provides a write-only interface to the response iterable. """ From a00ece1bae2c06167a2a42051e56e73a3e1aa0d4 Mon Sep 17 00:00:00 2001 From: Philip Jones Date: Tue, 23 Jul 2019 10:09:29 +0100 Subject: [PATCH 044/733] Minor bugfix to CacheControl datastructure This ensures that CacheControl directives can be set to None (removed) multiple times without erroring i.e., cc = CacheControl() cc.no_cache = None cc.no_cache = None # Previously this would raise a KeyError --- src/werkzeug/datastructures.py | 2 +- tests/test_datastructures.py | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 9cfa1eb13..d43517e95 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -1940,7 +1940,7 @@ def _set_cache_value(self, key, value, type): self.pop(key, None) else: if value is None: - self.pop(key) + self.pop(key, None) elif value is True: self[key] = None else: diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index bf6b3f7cc..c930a67e5 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -978,6 +978,12 @@ def test_repr(self): cc = datastructures.RequestCacheControl([("max-age", "0"), ("private", "True")]) assert repr(cc) == "" + def test_set_none(self): + cc = datastructures.ResponseCacheControl([("max-age", "0")]) + assert cc.no_cache is None + cc.no_cache = None + assert cc.no_cache is None + class TestAccept(object): storage_class = datastructures.Accept From 1e88b5baafa5326b66bc83ee9451da7975380cfa Mon Sep 17 00:00:00 2001 From: David Lord Date: Wed, 24 Jul 2019 07:36:42 -0700 Subject: [PATCH 045/733] fix deprecated top-level imports --- src/werkzeug/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index 952cd7518..7b8e14e5c 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -66,8 +66,6 @@ "redirect", "cached_property", "import_string", - "dump_cookie", - "parse_cookie", "unescape", "format_string", "find_modules", @@ -146,6 +144,8 @@ "unquote_header_value", "quote_header_value", "HTTP_STATUS_CODES", + "dump_cookie", + "parse_cookie", ], "werkzeug.wrappers": [ "BaseResponse", From 3ad8635342eef81397a65bf224325aa2b4792a31 Mon Sep 17 00:00:00 2001 From: Kyle Date: Fri, 30 Aug 2019 18:27:04 +0900 Subject: [PATCH 046/733] Fix mispelled `rooute` var in test --- tests/test_routing.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_routing.py b/tests/test_routing.py index fe147df01..ef2605867 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -607,7 +607,7 @@ class MyMap(r.Map): def test_uuid_converter(): m = r.Map([r.Rule("/a/", endpoint="a")]) a = m.bind("example.org", "/") - rooute, kwargs = a.match("/a/a8098c1a-f86e-11da-bd1a-00112444be1e") + route, kwargs = a.match("/a/a8098c1a-f86e-11da-bd1a-00112444be1e") assert type(kwargs["a_uuid"]) == uuid.UUID From 6c3f85118646d64f67d995d802cac14db0fb40ee Mon Sep 17 00:00:00 2001 From: frostming Date: Fri, 16 Aug 2019 09:37:36 +0800 Subject: [PATCH 047/733] Fix the bug of reloader with windows path --- CHANGES.rst | 2 ++ src/werkzeug/_reloader.py | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index b3faa0e03..02317cc79 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,5 +1,7 @@ .. currentmodule:: werkzeug +- Fix a bug that the reloader doesn't populate the path correctly on + Windows. :issue:`1614` Version 0.15.5 -------------- diff --git a/src/werkzeug/_reloader.py b/src/werkzeug/_reloader.py index b04432012..9b8c11f27 100644 --- a/src/werkzeug/_reloader.py +++ b/src/werkzeug/_reloader.py @@ -72,7 +72,7 @@ def _get_args_for_reloading(): # The value of __package__ indicates how Python was called. It may # not exist if a setuptools script is installed as an egg. - if getattr(__main__, "__package__", None) is None: + if not getattr(__main__, "__package__", None): # Executed a file, like "python app.py". py_script = os.path.abspath(py_script) From 87da8da23a162f978e552b724006dc3a39246f8b Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 31 Aug 2019 12:49:38 -0700 Subject: [PATCH 048/733] make reloader workaround more specific --- CHANGES.rst | 13 +++++++++++-- src/werkzeug/_reloader.py | 12 +++++++++--- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 02317cc79..c6007d68a 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,7 +1,16 @@ .. currentmodule:: werkzeug -- Fix a bug that the reloader doesn't populate the path correctly on - Windows. :issue:`1614` +Version 0.15.6 +-------------- + +Unreleased + +- Work around a bug in pip that caused the reloader to fail on + Windows when the script was an entry point. This fixes the issue + with Flask's `flask run` command failing with "No module named + Scripts\flask". :issue:`1614` + + Version 0.15.5 -------------- diff --git a/src/werkzeug/_reloader.py b/src/werkzeug/_reloader.py index 9b8c11f27..c2a9c8e05 100644 --- a/src/werkzeug/_reloader.py +++ b/src/werkzeug/_reloader.py @@ -71,8 +71,14 @@ def _get_args_for_reloading(): __main__ = sys.modules["__main__"] # The value of __package__ indicates how Python was called. It may - # not exist if a setuptools script is installed as an egg. - if not getattr(__main__, "__package__", None): + # not exist if a setuptools script is installed as an egg. It may be + # set incorrectly for entry points created with pip on Windows. + if getattr(__main__, "__package__", None) is None or ( + os.name == "nt" + and __main__.__package__ == "" + and not os.path.exists(py_script) + and os.path.exists(py_script + ".exe") + ): # Executed a file, like "python app.py". py_script = os.path.abspath(py_script) @@ -83,7 +89,7 @@ def _get_args_for_reloading(): py_script += ".exe" if ( - os.path.splitext(rv[0])[1] == ".exe" + os.path.splitext(sys.executable)[1] == ".exe" and os.path.splitext(py_script)[1] == ".exe" ): rv.pop(0) From c78b97998f4a6a27c3a9bf2b419573c620b3a64d Mon Sep 17 00:00:00 2001 From: Pieter van Beek Date: Mon, 2 Sep 2019 20:37:42 +0200 Subject: [PATCH 049/733] Added missing HTTPException subclasses to docs. --- docs/exceptions.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/exceptions.rst b/docs/exceptions.rst index 6c82e64a7..8f4ab3725 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -44,6 +44,10 @@ The following error classes exist in Werkzeug: .. autoexception:: ImATeapot +.. autoexception:: UnprocessableEntity + +.. autoexception:: Locked + .. autoexception:: FailedDependency .. autoexception:: PreconditionRequired @@ -52,6 +56,8 @@ The following error classes exist in Werkzeug: .. autoexception:: RequestHeaderFieldsTooLarge +.. autoexception:: UnavailableForLegalReasons + .. autoexception:: InternalServerError :members: @@ -61,6 +67,10 @@ The following error classes exist in Werkzeug: .. autoexception:: ServiceUnavailable +.. autoexception:: GatewayTimeout + +.. autoexception:: HTTPVersionNotSupported + .. exception:: HTTPUnicodeError This exception is used to signal unicode decode errors of request From 92d5f5f0c03f201577291e613fafb1687cbca744 Mon Sep 17 00:00:00 2001 From: Tim Gates Date: Tue, 3 Sep 2019 17:02:38 +1000 Subject: [PATCH 050/733] Fix simple typo: underlaying -> underlying --- src/werkzeug/wsgi.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py index 807b462ad..aa4e7139b 100644 --- a/src/werkzeug/wsgi.py +++ b/src/werkzeug/wsgi.py @@ -964,7 +964,7 @@ def readline(self, size=None): def readlines(self, size=None): """Reads a file into a list of strings. It calls :meth:`readline` until the file is read to the end. It does support the optional - `size` argument if the underlaying stream supports it for + `size` argument if the underlying stream supports it for `readline`. """ last_pos = self._pos From 04ff06241c010025d01ed5a7a601aeb4eaa8dc6d Mon Sep 17 00:00:00 2001 From: David Lord Date: Wed, 24 Jul 2019 07:36:42 -0700 Subject: [PATCH 051/733] fix deprecated top-level imports --- src/werkzeug/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index 0a518acb3..e5990c19d 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -66,8 +66,6 @@ "redirect", "cached_property", "import_string", - "dump_cookie", - "parse_cookie", "unescape", "format_string", "find_modules", @@ -146,6 +144,8 @@ "unquote_header_value", "quote_header_value", "HTTP_STATUS_CODES", + "dump_cookie", + "parse_cookie", ], "werkzeug.wrappers": [ "BaseResponse", From 8da65dd9e9ba0f8800c3fbb44ac1fa245424fa5b Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 3 Sep 2019 08:42:45 -0700 Subject: [PATCH 052/733] ProxyFix.x_proto defaults to 1 num_proxies sets x_proto and x_host as well --- CHANGES.rst | 6 ++++++ src/werkzeug/middleware/proxy_fix.py | 8 ++++++-- tests/middleware/test_proxy_fix.py | 5 ++++- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index c6007d68a..fe7e7393d 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -9,6 +9,12 @@ Unreleased Windows when the script was an entry point. This fixes the issue with Flask's `flask run` command failing with "No module named Scripts\flask". :issue:`1614` +- ``ProxyFix`` trusts the ``X-Forwarded-Proto`` header by default. + :issue:`1630` +- The deprecated ``num_proxies`` argument to ``ProxyFix`` sets + ``x_for``, ``x_proto``, and ``x_host`` to match 0.14 behavior. This + is intended to make intermediate upgrades less disruptive, but the + argument will still be removed in 1.0. :issue:`1630` Version 0.15.5 diff --git a/src/werkzeug/middleware/proxy_fix.py b/src/werkzeug/middleware/proxy_fix.py index dc1dacc8c..bbe181401 100644 --- a/src/werkzeug/middleware/proxy_fix.py +++ b/src/werkzeug/middleware/proxy_fix.py @@ -77,7 +77,7 @@ class ProxyFix(object): """ def __init__( - self, app, num_proxies=None, x_for=1, x_proto=0, x_host=0, x_port=0, x_prefix=0 + self, app, num_proxies=None, x_for=1, x_proto=1, x_host=0, x_port=0, x_prefix=0 ): self.app = app self.x_for = x_for @@ -112,11 +112,15 @@ def num_proxies(self, value): if value is not None: warnings.warn( "'num_proxies' is deprecated as of version 0.15 and" - " will be removed in version 1.0. Use 'x_for' instead.", + " will be removed in version 1.0. Use" + " 'x_for={value}, x_proto={value}, x_host={value}'" + " instead.".format(value=value), DeprecationWarning, stacklevel=2, ) self.x_for = value + self.x_proto = value + self.x_host = value def get_remote_addr(self, forwarded_for): """Get the real ``remote_addr`` by looking backwards ``x_for`` diff --git a/tests/middleware/test_proxy_fix.py b/tests/middleware/test_proxy_fix.py index f13d10f4b..bcd64ba9e 100644 --- a/tests/middleware/test_proxy_fix.py +++ b/tests/middleware/test_proxy_fix.py @@ -18,8 +18,9 @@ "REMOTE_ADDR": "192.168.0.2", "HTTP_HOST": "spam", "HTTP_X_FORWARDED_FOR": "192.168.0.1", + "HTTP_X_FORWARDED_PROTO": "https", }, - "http://spam/", + "https://spam/", id="for", ), pytest.param( @@ -178,6 +179,8 @@ def app(request): def test_proxy_fix_deprecations(): app = pytest.deprecated_call(ProxyFix, None, 2) assert app.x_for == 2 + assert app.x_proto == 2 + assert app.x_host == 2 with pytest.deprecated_call(): assert app.num_proxies == 2 From 71eab19be2c83fb476de51275e2f9bdf69d5cc10 Mon Sep 17 00:00:00 2001 From: David Lord Date: Wed, 4 Sep 2019 13:09:26 -0700 Subject: [PATCH 053/733] release version 0.15.6 --- CHANGES.rst | 2 +- src/werkzeug/__init__.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index fe7e7393d..7c2c9076b 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -3,7 +3,7 @@ Version 0.15.6 -------------- -Unreleased +Released 2019-09-04 - Work around a bug in pip that caused the reloader to fail on Windows when the script was an entry point. This fixes the issue diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index e5990c19d..2ce1a3cb0 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -17,7 +17,7 @@ import sys from types import ModuleType -__version__ = "0.15.5" +__version__ = "0.15.6" # This import magic raises concerns quite often which is why the implementation # and motivation is explained here in detail now. From 5336ebd104aa13a4d31428262092eee9af129f95 Mon Sep 17 00:00:00 2001 From: Philip Jones Date: Mon, 22 Jul 2019 14:09:24 +0100 Subject: [PATCH 054/733] Add a ContentSecurityPolicy datastructure This should help make CSP headers easier to construct and read, by adding structure for the directives. It is based on today's version of https://w3c.github.io/webappsec-csp/ . --- src/werkzeug/datastructures.py | 92 +++++++++++++++++++++ src/werkzeug/http.py | 40 +++++++++ src/werkzeug/wrappers/common_descriptors.py | 10 +++ tests/test_datastructures.py | 20 +++++ tests/test_http.py | 8 ++ 5 files changed, 170 insertions(+) diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index d43517e95..70a961fa3 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -2012,6 +2012,97 @@ class ResponseCacheControl(_CacheControl): _CacheControl.cache_property = staticmethod(cache_property) +def csp_property(key): + """Return a new property object for a content security policy header. + Useful if you want to add support for a csp extension in a + subclass. + """ + return property( + lambda x: x._get_value(key), + lambda x, v: x._set_value(key, v), + lambda x: x._del_value(key), + "accessor for %r" % key, + ) + + +class ContentSecurityPolicy(UpdateDictMixin, dict): + """Subclass of a dict that stores values for a Content Security Policy + header. It has accessors for all the level 3 policies. + + Because the csp directives in the HTTP header use dashes the + python descriptors use underscores for that. + + To get a header of the :class:`ContentSecuirtyPolicy` object again + you can convert the object into a string or call the + :meth:`to_header` method. If you plan to subclass it and add your + own items have a look at the sourcecode for that class. + + .. versionadded:: 1.0.0 + Support for Content Security Policy headers was added. + + """ + + base_uri = csp_property("base-uri") + child_src = csp_property("child-src") + connect_src = csp_property("connect-src") + default_src = csp_property("default-src") + font_src = csp_property("font-src") + form_action = csp_property("form-action") + frame_ancestors = csp_property("frame-ancestors") + frame_src = csp_property("frame-src") + img_src = csp_property("img-src") + manifest_src = csp_property("manifest-src") + media_src = csp_property("media-src") + navigate_to = csp_property("navigate-to") + object_src = csp_property("object-src") + prefetch_src = csp_property("prefetch-src") + plugin_types = csp_property("plugin-types") + report_to = csp_property("report-to") + report_uri = csp_property("report-uri") + sandbox = csp_property("sandbox") + script_src = csp_property("script-src") + script_src_attr = csp_property("script-src-attr") + script_src_elem = csp_property("script-src-elem") + style_src = csp_property("style-src") + style_src_attr = csp_property("style-src-attr") + style_src_elem = csp_property("style-src-elem") + worker_src = csp_property("worker-src") + + def __init__(self, values=(), on_update=None): + dict.__init__(self, values or ()) + self.on_update = on_update + self.provided = values is not None + + def _get_value(self, key): + """Used internally by the accessor properties.""" + return self.get(key) + + def _set_value(self, key, value): + """Used internally by the accessor properties.""" + if value is None: + self.pop(key, None) + else: + self[key] = value + + def _del_value(self, key): + """Used internally by the accessor properties.""" + if key in self: + del self[key] + + def to_header(self): + """Convert the stored values into a cache control header.""" + return dump_csp_header(self) + + def __str__(self): + return self.to_header() + + def __repr__(self): + return "<%s %s>" % ( + self.__class__.__name__, + " ".join("%s=%r" % (k, v) for k, v in sorted(self.items())), + ) + + class CallbackDict(UpdateDictMixin, dict): """A dict that calls a function passed every time something is changed. The function is passed the dict instance. @@ -2837,6 +2928,7 @@ def __repr__(self): # circular dependencies from . import exceptions +from .http import dump_csp_header from .http import dump_header from .http import dump_options_header from .http import generate_etag diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index 8b16351ed..6d85ffb20 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -304,6 +304,19 @@ def dump_header(iterable, allow_token=True): return ", ".join(items) +def dump_csp_header(header): + """Dump a Content Security Policy header. + + These are structured into policies such as "default-src 'self'; + script-src 'self'". + + .. versionadded:: 1.0.0 + Support for Content Security Policy headers was added. + + """ + return "; ".join("%s %s" % (key, value) for key, value in iteritems(header)) + + def parse_list_header(value): """Parse lists as described by RFC 2068 Section 2. @@ -504,6 +517,32 @@ def parse_cache_control_header(value, on_update=None, cls=None): return cls(parse_dict_header(value), on_update) +def parse_csp_header(value, on_update=None, cls=None): + """Parse a Content Security Policy header. + + .. versionadded:: 1.0.0 + Support for Content Security Policy headers was added. + + :param value: a csp header to be parsed. + :param on_update: an optional callable that is called every time a value + on the object is changed. + :param cls: the class for the returned object. By default + :class:`~werkzeug.datastructures.ContentSecurityPolicy` is used. + :return: a `cls` object. + """ + + if cls is None: + cls = ContentSecurityPolicy + items = [] + for policy in value.split(";"): + policy = policy.strip() + # Ignore badly formatted policies (no space) + if " " in policy: + directive, value = policy.strip().split(" ", 1) + items.append((directive.strip(), value.strip())) + return cls(items, on_update) + + def parse_set_header(value, on_update=None): """Parse a set-like header and return a :class:`~werkzeug.datastructures.HeaderSet` object: @@ -1244,6 +1283,7 @@ def is_byte_range_valid(start, stop, length): from .datastructures import Accept from .datastructures import Authorization from .datastructures import ContentRange +from .datastructures import ContentSecurityPolicy from .datastructures import ETags from .datastructures import HeaderSet from .datastructures import IfRange diff --git a/src/werkzeug/wrappers/common_descriptors.py b/src/werkzeug/wrappers/common_descriptors.py index e4107ee01..1479248d8 100644 --- a/src/werkzeug/wrappers/common_descriptors.py +++ b/src/werkzeug/wrappers/common_descriptors.py @@ -4,10 +4,12 @@ from .._compat import string_types from ..datastructures import CallbackDict from ..http import dump_age +from ..http import dump_csp_header from ..http import dump_header from ..http import dump_options_header from ..http import http_date from ..http import parse_age +from ..http import parse_csp_header from ..http import parse_date from ..http import parse_options_header from ..http import parse_set_header @@ -220,6 +222,14 @@ def on_update(d): modification of the entity-body in transit, but is not proof against malicious attacks.)""", ) + content_security_policy = header_property( + "Content-Security-Policy", + None, + parse_csp_header, + dump_csp_header, + doc="""The Content-Security-Policy header adds an additional layer of + security to help detect and mitigate certain types of attacks.""", + ) date = header_property( "Date", None, diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index c930a67e5..c55903480 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -985,6 +985,26 @@ def test_set_none(self): assert cc.no_cache is None +class TestContentSecurityPolicy(object): + def test_construct(self): + csp = datastructures.ContentSecurityPolicy( + [("font-src", "'self'"), ("media-src", "*")] + ) + assert csp.font_src == "'self'" + assert csp.media_src == "*" + policies = [policy.strip() for policy in csp.to_header().split(";")] + assert "font-src 'self'" in policies + assert "media-src *" in policies + + def test_properties(self): + csp = datastructures.ContentSecurityPolicy() + csp.default_src = "* 'self' quart.com" + csp.img_src = "'none'" + policies = [policy.strip() for policy in csp.to_header().split(";")] + assert "default-src * 'self' quart.com" in policies + assert "img-src 'none'" in policies + + class TestAccept(object): storage_class = datastructures.Accept diff --git a/tests/test_http.py b/tests/test_http.py index 400fc9d78..3709daf08 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -118,6 +118,14 @@ def test_cache_control_header(self): assert c.private is None assert c.to_header() == "no-cache" + def test_csp_header(self): + csp = http.parse_csp_header( + "default-src 'self'; script-src 'unsafe-inline' *; img-src" + ) + assert csp.default_src == "'self'" + assert csp.script_src == "'unsafe-inline' *" + assert csp.img_src is None + def test_authorization_header(self): a = http.parse_authorization_header("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==") assert a.type == "basic" From e513bcd5f7101adde935f2f4f62ff321e15a01a8 Mon Sep 17 00:00:00 2001 From: pgjones Date: Thu, 8 Aug 2019 23:58:00 +0100 Subject: [PATCH 055/733] Add a CSP Report Only header property to responses This follows the CSP header and allows for monitoring rather than enforcement of content security policies. --- src/werkzeug/wrappers/common_descriptors.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/werkzeug/wrappers/common_descriptors.py b/src/werkzeug/wrappers/common_descriptors.py index 1479248d8..f169959bb 100644 --- a/src/werkzeug/wrappers/common_descriptors.py +++ b/src/werkzeug/wrappers/common_descriptors.py @@ -230,6 +230,15 @@ def on_update(d): doc="""The Content-Security-Policy header adds an additional layer of security to help detect and mitigate certain types of attacks.""", ) + content_security_policy_report_only = header_property( + "Content-Security-Policy-Report-Only", + None, + parse_csp_header, + dump_csp_header, + doc="""The Content-Security-Policy-Report-Only header adds a csp policy + that is not enforced but is reported thereby helping detect + certain types of attacks.""", + ) date = header_property( "Date", None, From 6f462cad6c3313f3901442060658995d0a0640c7 Mon Sep 17 00:00:00 2001 From: David Lord Date: Thu, 5 Sep 2019 06:19:28 -0700 Subject: [PATCH 056/733] add changelog for content security policy --- CHANGES.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index e08883f0a..1edbccf97 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -34,6 +34,8 @@ Unreleased such that ``X-Foo`` is the same as ``x-foo``. :pr:`1605` - :meth:`http.dump_cookie` accepts ``'None'`` as a value for ``samesite``. :issue:`1549` +- Support the Content Security Policy header through the + `Response.content_security_policy` data structure. :pr:`1617` - Optional request log highlighting with the development server is handled by Click instead of termcolor. :issue:`1235` - Optional ad-hoc TLS support for the development server is handled From 9fc4f95ff0613f707b8def9d7e2d10f4d24b14f9 Mon Sep 17 00:00:00 2001 From: Charles Ross Date: Sat, 6 Apr 2019 08:45:43 -0700 Subject: [PATCH 057/733] Add venv to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 9b312a490..d2d81e7f2 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ htmlcov test_uwsgi_failed .idea .pytest_cache/ +venv/ From 6f699b8229b0d36cc3b0bfdfb70b0c46865b22b6 Mon Sep 17 00:00:00 2001 From: Charles Ross Date: Sat, 6 Apr 2019 08:46:57 -0700 Subject: [PATCH 058/733] LanguageAccept falls back to language only --- src/werkzeug/datastructures.py | 13 +++++++++++++ tests/test_datastructures.py | 29 +++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 70a961fa3..61b26ee01 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -1849,6 +1849,19 @@ def _normalize(language): return item == "*" or _normalize(value) == _normalize(item) + def best_match(self, matches, default=None): + """Calls the super version of `best_match` and if it returns none, + attempts to fall back to language only matches. + + :param matches: a list of matches to check for + :param default: the value that is returned if none match + """ + result = super(LanguageAccept, self).best_match(matches) + if result is not None: + return result + fallback = Accept([(item[0][0:2], item[1]) for item in self]) + return fallback.best_match(matches, default=default) + class CharsetAccept(Accept): """Like :class:`Accept` but with normalization for charsets.""" diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index c55903480..304ed5def 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -1100,6 +1100,35 @@ def test_accept_wildcard_specificity(self): assert accept.best_match(["text/plain", "image/png"]) == "image/png" +class TestLanguageAccept(object): + storage_class = datastructures.LanguageAccept + + def test_best_match_fallback(self): + accept = self.storage_class([("en-us", 1)]) + assert accept.best_match(["en"]) == "en" + + accept = self.storage_class([("de_AT", 1), ("de", 0.9)]) + assert accept.best_match(["en"]) is None + + accept = self.storage_class([("de_AT", 1), ("de", 0.9), ("en-US", 0.8)]) + assert accept.best_match(["de", "en"]) == "de" + + accept = self.storage_class([("de_AT", 0.9), ("en-US", 1)]) + assert accept.best_match(["en"]) == "en" + + accept = self.storage_class([("en-us", 1)]) + assert accept.best_match(["en-us"]) == "en-us" + + accept = self.storage_class([("en-us", 1)]) + assert accept.best_match(["en-us", "en"]) == "en-us" + + accept = self.storage_class([("en-GB", 1)]) + assert accept.best_match(["en-US", "en"], default="en-US") == "en" + + accept = self.storage_class([("de-AT", 1)]) + assert accept.best_match(["en-US", "en"], default="en-US") == "en-US" + + class TestFileStorage(object): storage_class = datastructures.FileStorage From 9bfca43636ef87b6e1d58c4918d8e4be601fefab Mon Sep 17 00:00:00 2001 From: David Lord Date: Thu, 5 Sep 2019 08:26:54 -0700 Subject: [PATCH 059/733] extend LanguageAccept fallback If no exact match is found, first tries modifying the accepted values to use primary tags only, then tries modifying the matched values to use primary tags only. If the client only accepts "en-US", "en" will match. If the client only accepts "en", "en-US" will match. 2 and 3 lettter codes are supported. Fallback matching is not performed with other subtags. --- CHANGES.rst | 3 ++ src/werkzeug/datastructures.py | 58 +++++++++++++++++++++++++++------- tests/test_datastructures.py | 58 ++++++++++++++++------------------ 3 files changed, 77 insertions(+), 42 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 1edbccf97..63fda5361 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -36,6 +36,9 @@ Unreleased ``samesite``. :issue:`1549` - Support the Content Security Policy header through the `Response.content_security_policy` data structure. :pr:`1617` +- ``AcceptLanguage`` will fall back to matching "en" for "en-US" or + "en-US" for "en" to better support clients or translations that + only match at the primary language tag. :issue:`450`, :pr:`1507` - Optional request log highlighting with the development server is handled by Click instead of termcolor. :issue:`1235` - Optional ad-hoc TLS support for the development server is handled diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 61b26ee01..aa371cd76 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -1840,27 +1840,63 @@ def accept_json(self): return "application/json" in self +def _normalize_lang(value): + """Process a language tag for matching.""" + return _locale_delim_re.split(value.lower()) + + class LanguageAccept(Accept): - """Like :class:`Accept` but with normalization for languages.""" + """Like :class:`Accept` but with normalization for language tags.""" def _value_matches(self, value, item): - def _normalize(language): - return _locale_delim_re.split(language.lower()) - - return item == "*" or _normalize(value) == _normalize(item) + return item == "*" or _normalize_lang(value) == _normalize_lang(item) def best_match(self, matches, default=None): - """Calls the super version of `best_match` and if it returns none, - attempts to fall back to language only matches. + """Given a list of supported values, finds the best match from + the list of accepted values. - :param matches: a list of matches to check for - :param default: the value that is returned if none match + Language tags are normalized for the purpose of matching, but + are returned unchanged. + + If no exact match is found, this will fall back to matching + the first subtag (primary language only), first with the + accepted values then with the match values. This partial is not + applied to any other language subtags. + + The default is returned if no exact or fallback match is found. + + :param matches: A list of supported languages to find a match. + :param default: The value that is returned if none match. """ + # Look for an exact match first. If a client accepts "en-US", + # "en-US" is a valid match at this point. result = super(LanguageAccept, self).best_match(matches) + if result is not None: return result - fallback = Accept([(item[0][0:2], item[1]) for item in self]) - return fallback.best_match(matches, default=default) + + # Fall back to accepting primary tags. If a client accepts + # "en-US", "en" is a valid match at this point. Need to use + # re.split to account for 2 or 3 letter codes. + fallback = Accept( + [(_locale_delim_re.split(item[0], 1)[0], item[1]) for item in self] + ) + result = fallback.best_match(matches) + + if result is not None: + return result + + # Fall back to matching primary tags. If the client accepts + # "en", "en-US" is a valid match at this point. + fallback_matches = [_locale_delim_re.split(item, 1)[0] for item in matches] + result = super(LanguageAccept, self).best_match(fallback_matches) + + # Return a value from the original match list. Find the first + # original value that starts with the matched primary tag. + if result is not None: + return next(item for item in matches if item.startswith(result)) + + return default class CharsetAccept(Accept): diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index 304ed5def..6ae16b137 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -37,6 +37,7 @@ from werkzeug._compat import itervalues from werkzeug._compat import PY2 from werkzeug._compat import text_type +from werkzeug.datastructures import LanguageAccept from werkzeug.datastructures import Range from werkzeug.exceptions import BadRequestKeyError @@ -911,12 +912,12 @@ def make_call_asserter(func=None): :param func: Additional callback for each function call. - >>> assert_calls, func = make_call_asserter() - >>> with assert_calls(2): - ... func() - ... func() + .. code-block:: python + assert_calls, func = make_call_asserter() + with assert_calls(2): + func() + func() """ - calls = [0] @contextmanager @@ -1101,32 +1102,27 @@ def test_accept_wildcard_specificity(self): class TestLanguageAccept(object): - storage_class = datastructures.LanguageAccept - - def test_best_match_fallback(self): - accept = self.storage_class([("en-us", 1)]) - assert accept.best_match(["en"]) == "en" - - accept = self.storage_class([("de_AT", 1), ("de", 0.9)]) - assert accept.best_match(["en"]) is None - - accept = self.storage_class([("de_AT", 1), ("de", 0.9), ("en-US", 0.8)]) - assert accept.best_match(["de", "en"]) == "de" - - accept = self.storage_class([("de_AT", 0.9), ("en-US", 1)]) - assert accept.best_match(["en"]) == "en" - - accept = self.storage_class([("en-us", 1)]) - assert accept.best_match(["en-us"]) == "en-us" - - accept = self.storage_class([("en-us", 1)]) - assert accept.best_match(["en-us", "en"]) == "en-us" - - accept = self.storage_class([("en-GB", 1)]) - assert accept.best_match(["en-US", "en"], default="en-US") == "en" - - accept = self.storage_class([("de-AT", 1)]) - assert accept.best_match(["en-US", "en"], default="en-US") == "en-US" + @pytest.mark.parametrize( + ("values", "matches", "default", "expect"), + ( + ([("en-us", 1)], ["en"], None, "en"), + ([("en", 1)], ["en_US"], None, "en_US"), + ([("en-GB", 1)], ["en-US"], None, None), + ([("de_AT", 1), ("de", 0.9)], ["en"], None, None), + ([("de_AT", 1), ("de", 0.9), ("en-US", 0.8)], ["de", "en"], None, "de"), + ([("de_AT", 0.9), ("en-US", 1)], ["en"], None, "en"), + ([("en-us", 1)], ["en-us"], None, "en-us"), + ([("en-us", 1)], ["en-us", "en"], None, "en-us"), + ([("en-GB", 1)], ["en-US", "en"], "en-US", "en"), + ([("de_AT", 1)], ["en-US", "en"], "en-US", "en-US"), + ([("aus-EN", 1)], ["aus"], None, "aus"), + ([("aus", 1)], ["aus-EN"], None, "aus-EN"), + ), + ) + def test_best_match_fallback(self, values, matches, default, expect): + accept = LanguageAccept(values) + best = accept.best_match(matches, default=default) + assert best == expect class TestFileStorage(object): From f8442efa50369bc65427c7cfaee00c65ac906edd Mon Sep 17 00:00:00 2001 From: John Zeringue Date: Fri, 31 May 2019 14:05:31 -0400 Subject: [PATCH 060/733] Use MIME parameters to match Accept header Previously, we didn't parse MIME parameters or use them to match or prioritize content types. Now, we'll normalize and compare MIME parameters and consider a MIME type with parameters higher priority than one without them. Fixes #458 --- CHANGES.rst | 1 + src/werkzeug/datastructures.py | 17 ++++++++++++----- tests/test_datastructures.py | 4 ++++ tests/test_http.py | 7 +++++++ 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 63fda5361..1a4f5f3f8 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -20,6 +20,7 @@ Unreleased :pr:`1532` - The user agent for Opera 60 on Mac is correctly reported as "opera" instead of "chrome". :issue:`1556` +- Use MIME parameters to better match Accept header. :issue:`458` - The platform for Crosswalk on Android is correctly reported as "android" instead of "chromeos". (:pr:`1572`) - Issue a warning when the current server name does not match the diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index aa371cd76..383f370a4 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -1785,30 +1785,37 @@ def best(self): return self[0][0] +_mime_re = re.compile(r"/|(?:\s*;\s*)") + + class MIMEAccept(Accept): """Like :class:`Accept` but with special methods and behavior for mimetypes. """ def _specificity(self, value): - return tuple(x != "*" for x in value.split("/", 1)) + return tuple(x != "*" for x in _mime_re.split(value)) def _value_matches(self, value, item): def _normalize(x): x = x.lower() - return ("*", "*") if x == "*" else x.split("/", 1) + return _mime_re.split(x) # this is from the application which is trusted. to avoid developer # frustration we actually check these for valid values if "/" not in value: raise ValueError("invalid mimetype %r" % value) - value_type, value_subtype = _normalize(value) + normalized_value = _normalize(value) + value_type, value_subtype = normalized_value[:2] + value_params = sorted(normalized_value[2:]) if value_type == "*" and value_subtype != "*": raise ValueError("invalid mimetype %r" % value) if "/" not in item: return False - item_type, item_subtype = _normalize(item) + normalized_item = _normalize(item) + item_type, item_subtype = normalized_item[:2] + item_params = sorted(normalized_item[2:]) if item_type == "*" and item_subtype != "*": return False return ( @@ -1818,7 +1825,7 @@ def _normalize(x): and ( item_subtype == "*" or value_subtype == "*" - or item_subtype == value_subtype + or (item_subtype == value_subtype and item_params == value_params) ) ) diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index 6ae16b137..e7a05826c 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -1099,6 +1099,10 @@ def test_accept_wildcard_specificity(self): accept = self.storage_class([("*/*", 1), ("text/html", 1), ("image/*", 1)]) assert accept.best_match(["image/png", "text/html"]) == "text/html" assert accept.best_match(["text/plain", "image/png"]) == "image/png" + accept = self.storage_class([("text/html", 1), ("text/html; level=1", 1)]) + assert ( + accept.best_match(["text/html", "text/html;level=1"]) == "text/html;level=1" + ) class TestLanguageAccept(object): diff --git a/tests/test_http.py b/tests/test_http.py index 3709daf08..7fbef44f7 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -61,6 +61,13 @@ def test_accept_matches(self): assert a.best_match(["foo/bar", "bar/foo"], default="foo/bar") == "foo/bar" assert a.best_match(["application/xml", "text/xml"]) == "application/xml" + def test_accept_mime_specificity(self): + a = http.parse_accept_header( + "text/*, text/html, text/html;level=1, */*", datastructures.MIMEAccept + ) + assert a.best_match(["text/html; version=1", "text/html"]) == "text/html" + assert a.best_match(["text/html", "text/html; level=1"]) == "text/html; level=1" + def test_charset_accept(self): a = http.parse_accept_header( "ISO-8859-1,utf-8;q=0.7,*;q=0.7", datastructures.CharsetAccept From 37b3c48f6b6c384e9a1fabe6342c3708f227ed20 Mon Sep 17 00:00:00 2001 From: David Lord Date: Thu, 5 Sep 2019 10:35:52 -0700 Subject: [PATCH 061/733] add changelog, parametrize test --- CHANGES.rst | 5 +-- src/werkzeug/datastructures.py | 40 ++++++++++++++-------- tests/test_datastructures.py | 62 +++++++++++++++++++++++----------- 3 files changed, 72 insertions(+), 35 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 1a4f5f3f8..01f386f90 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -20,7 +20,6 @@ Unreleased :pr:`1532` - The user agent for Opera 60 on Mac is correctly reported as "opera" instead of "chrome". :issue:`1556` -- Use MIME parameters to better match Accept header. :issue:`458` - The platform for Crosswalk on Android is correctly reported as "android" instead of "chromeos". (:pr:`1572`) - Issue a warning when the current server name does not match the @@ -37,9 +36,11 @@ Unreleased ``samesite``. :issue:`1549` - Support the Content Security Policy header through the `Response.content_security_policy` data structure. :pr:`1617` -- ``AcceptLanguage`` will fall back to matching "en" for "en-US" or +- ``LanguageAccept`` will fall back to matching "en" for "en-US" or "en-US" for "en" to better support clients or translations that only match at the primary language tag. :issue:`450`, :pr:`1507` +- ``MIMEAccept`` uses MIME parameters for specificity when matching. + :issue:`458`, :pr:`1574` - Optional request log highlighting with the development server is handled by Click instead of termcolor. :issue:`1235` - Optional ad-hoc TLS support for the development server is handled diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 383f370a4..f22d38de4 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -29,8 +29,6 @@ from ._internal import _missing from .filesystem import get_filesystem_encoding -_locale_delim_re = re.compile(r"[_-]") - def is_immutable(self): raise TypeError("%r objects are immutable" % self.__class__.__name__) @@ -1785,7 +1783,11 @@ def best(self): return self[0][0] -_mime_re = re.compile(r"/|(?:\s*;\s*)") +_mime_split_re = re.compile(r"/|(?:\s*;\s*)") + + +def _normalize_mime(value): + return _mime_split_re.split(value.lower()) class MIMEAccept(Accept): @@ -1794,32 +1796,39 @@ class MIMEAccept(Accept): """ def _specificity(self, value): - return tuple(x != "*" for x in _mime_re.split(value)) + return tuple(x != "*" for x in _mime_split_re.split(value)) def _value_matches(self, value, item): - def _normalize(x): - x = x.lower() - return _mime_re.split(x) + # item comes from the client, can't match if it's invalid. + if "/" not in item: + return False - # this is from the application which is trusted. to avoid developer - # frustration we actually check these for valid values + # value comes from the application, tell the developer when it + # doesn't look valid. if "/" not in value: raise ValueError("invalid mimetype %r" % value) - normalized_value = _normalize(value) + + # Split the match value into type, subtype, and a sorted list of parameters. + normalized_value = _normalize_mime(value) value_type, value_subtype = normalized_value[:2] value_params = sorted(normalized_value[2:]) + + # "*/*" is the only valid value that can start with "*". if value_type == "*" and value_subtype != "*": raise ValueError("invalid mimetype %r" % value) - if "/" not in item: - return False - normalized_item = _normalize(item) + # Split the accept item into type, subtype, and parameters. + normalized_item = _normalize_mime(item) item_type, item_subtype = normalized_item[:2] item_params = sorted(normalized_item[2:]) + + # "*/not-*" from the client is invalid, can't match. if item_type == "*" and item_subtype != "*": return False + return ( - item_type == item_subtype == "*" or value_type == value_subtype == "*" + (item_type == "*" and item_subtype == "*") + or (value_type == "*" and value_subtype == "*") ) or ( item_type == value_type and ( @@ -1847,6 +1856,9 @@ def accept_json(self): return "application/json" in self +_locale_delim_re = re.compile(r"[_-]") + + def _normalize_lang(value): """Process a language tag for matching.""" return _locale_delim_re.split(value.lower()) diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index e7a05826c..800da86b0 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -38,6 +38,7 @@ from werkzeug._compat import PY2 from werkzeug._compat import text_type from werkzeug.datastructures import LanguageAccept +from werkzeug.datastructures import MIMEAccept from werkzeug.datastructures import Range from werkzeug.exceptions import BadRequestKeyError @@ -1084,25 +1085,48 @@ def test_accept_wildcard_specificity(self): class TestMIMEAccept(object): - storage_class = datastructures.MIMEAccept - - def test_accept_wildcard_subtype(self): - accept = self.storage_class([("text/*", 1)]) - assert accept.best_match(["text/html"], default=None) == "text/html" - assert accept.best_match(["image/png", "text/plain"]) == "text/plain" - assert accept.best_match(["image/png"], default=None) is None - - def test_accept_wildcard_specificity(self): - accept = self.storage_class([("*/*", 1), ("text/html", 1)]) - assert accept.best_match(["image/png", "text/html"]) == "text/html" - assert accept.best_match(["image/png", "text/plain"]) == "image/png" - accept = self.storage_class([("*/*", 1), ("text/html", 1), ("image/*", 1)]) - assert accept.best_match(["image/png", "text/html"]) == "text/html" - assert accept.best_match(["text/plain", "image/png"]) == "image/png" - accept = self.storage_class([("text/html", 1), ("text/html; level=1", 1)]) - assert ( - accept.best_match(["text/html", "text/html;level=1"]) == "text/html;level=1" - ) + @pytest.mark.parametrize( + ("values", "matches", "default", "expect"), + [ + ([("text/*", 1)], ["text/html"], None, "text/html"), + ([("text/*", 1)], ["image/png"], "text/plain", "text/plain"), + ([("text/*", 1)], ["image/png"], None, None), + ( + [("*/*", 1), ("text/html", 1)], + ["image/png", "text/html"], + None, + "text/html", + ), + ( + [("*/*", 1), ("text/html", 1)], + ["image/png", "text/plain"], + None, + "image/png", + ), + ( + [("*/*", 1), ("text/html", 1), ("image/*", 1)], + ["image/png", "text/html"], + None, + "text/html", + ), + ( + [("*/*", 1), ("text/html", 1), ("image/*", 1)], + ["text/plain", "image/png"], + None, + "image/png", + ), + ( + [("text/html", 1), ("text/html; level=1", 1)], + ["text/html;level=1"], + None, + "text/html;level=1", + ), + ], + ) + def test_mime_accept(self, values, matches, default, expect): + accept = MIMEAccept(values) + match = accept.best_match(matches, default=default) + assert match == expect class TestLanguageAccept(object): From 4fb73773e95f708278ea9507c1c14a9628ebaa65 Mon Sep 17 00:00:00 2001 From: Steve Genoud Date: Thu, 14 Feb 2019 14:44:06 +0100 Subject: [PATCH 062/733] Multiple cookies can have the same name --- src/werkzeug/wrappers/base_request.py | 5 ++--- tests/test_wrappers.py | 11 +++++++---- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py index d4655a4fa..24ed43f55 100644 --- a/src/werkzeug/wrappers/base_request.py +++ b/src/werkzeug/wrappers/base_request.py @@ -9,7 +9,6 @@ from ..datastructures import EnvironHeaders from ..datastructures import ImmutableList from ..datastructures import ImmutableMultiDict -from ..datastructures import ImmutableTypeConversionDict from ..datastructures import iter_multi_items from ..datastructures import MultiDict from ..formparser import default_stream_factory @@ -118,11 +117,11 @@ class Request(BaseRequest, ETagRequestMixin): #: the type to be used for dict values from the incoming WSGI environment. #: By default an - #: :class:`~werkzeug.datastructures.ImmutableTypeConversionDict` is used + #: :class:`~werkzeug.datastructures.ImmutableMultiDict` is used #: (for example for :attr:`cookies`). #: #: .. versionadded:: 0.6 - dict_storage_class = ImmutableTypeConversionDict + dict_storage_class = ImmutableMultiDict #: The form data parser that shoud be used. Can be replaced to customize #: the form date parsing. diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py index 030053257..b0ade1032 100644 --- a/tests/test_wrappers.py +++ b/tests/test_wrappers.py @@ -28,8 +28,8 @@ from werkzeug.datastructures import CombinedMultiDict from werkzeug.datastructures import Headers from werkzeug.datastructures import ImmutableList +from werkzeug.datastructures import ImmutableMultiDict from werkzeug.datastructures import ImmutableOrderedMultiDict -from werkzeug.datastructures import ImmutableTypeConversionDict from werkzeug.datastructures import LanguageAccept from werkzeug.datastructures import MIMEAccept from werkzeug.datastructures import MultiDict @@ -1247,9 +1247,12 @@ class MyRequest(wrappers.Request): assert type(req.values) is CombinedMultiDict assert req.values["foo"] == u"baz" - req = wrappers.Request.from_values(headers={"Cookie": "foo=bar"}) - assert type(req.cookies) is ImmutableTypeConversionDict - assert req.cookies == {"foo": "bar"} + req = wrappers.Request.from_values(headers={"Cookie": "foo=bar;foo=baz"}) + assert type(req.cookies) is ImmutableMultiDict + assert req.cookies.to_dict() == {"foo": "bar"} + + # it is possible to have multiple cookies with the same name + assert req.cookies.getlist("foo") == ["bar", "baz"] assert type(req.access_route) is ImmutableList MyRequest.list_storage_class = tuple From 0ccb76a6422f82bd0eb064caeafecbabfabf3cad Mon Sep 17 00:00:00 2001 From: David Lord Date: Fri, 6 Sep 2019 07:31:20 -0700 Subject: [PATCH 063/733] add changelog for multiple cookies --- CHANGES.rst | 4 ++++ src/werkzeug/wrappers/base_request.py | 10 ++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 01f386f90..c312d6bb5 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -13,6 +13,10 @@ Unreleased - Directive keys for the ``Set-Cookie`` response header are not ignored when parsing the ``Cookie`` request header. This allows cookies with names such as "expires" and "version". (:issue:`1495`) +- Cookies are parsed into a ``MultiDict`` to capture all values for + cookies with the same key. ``cookies[key]`` returns the first value + received, rather than the last. Use ``cookies.getlist(key)`` to get + all values. :issue:`1562`, :pr:`1458` - Add ``charset=utf-8`` to an HTTP exception response's ``CONTENT_TYPE`` header. (:pr:`1526`) - The interactive debugger handles outer variables in nested scopes diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py index 24ed43f55..e18949b33 100644 --- a/src/werkzeug/wrappers/base_request.py +++ b/src/werkzeug/wrappers/base_request.py @@ -115,10 +115,12 @@ class Request(BaseRequest, ETagRequestMixin): #: .. versionadded:: 0.6 list_storage_class = ImmutableList - #: the type to be used for dict values from the incoming WSGI environment. - #: By default an - #: :class:`~werkzeug.datastructures.ImmutableMultiDict` is used - #: (for example for :attr:`cookies`). + #: The type to be used for dict values from the incoming WSGI + #: environment. (For example for :attr:`cookies`.) By default an + #: :class:`~werkzeug.datastructures.ImmutableMultiDict` is used. + #: + #: .. versionchanged:: 1.0.0 + #: Changed to ``ImmutableMultiDict`` to support multiple values. #: #: .. versionadded:: 0.6 dict_storage_class = ImmutableMultiDict From 386fdae96b63f0f8b44cc0de0adaa73b456308c7 Mon Sep 17 00:00:00 2001 From: David Lord Date: Fri, 6 Sep 2019 08:03:56 -0700 Subject: [PATCH 064/733] parse_cookie uses MultiDict --- CHANGES.rst | 9 ++--- src/werkzeug/http.py | 42 ++++++++++++----------- tests/test_http.py | 79 +++++++++++++++++++++----------------------- 3 files changed, 64 insertions(+), 66 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index c312d6bb5..12da41a96 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -13,10 +13,11 @@ Unreleased - Directive keys for the ``Set-Cookie`` response header are not ignored when parsing the ``Cookie`` request header. This allows cookies with names such as "expires" and "version". (:issue:`1495`) -- Cookies are parsed into a ``MultiDict`` to capture all values for - cookies with the same key. ``cookies[key]`` returns the first value - received, rather than the last. Use ``cookies.getlist(key)`` to get - all values. :issue:`1562`, :pr:`1458` +- Request cookies are parsed into a ``MultiDict`` to capture all + values for cookies with the same key. ``cookies[key]`` returns the + first value rather than the last. Use ``cookies.getlist(key)`` to + get all values. ``parse_cookie`` also defaults to a ``MultiDict``. + :issue:`1562`, :pr:`1458` - Add ``charset=utf-8`` to an HTTP exception response's ``CONTENT_TYPE`` header. (:pr:`1526`) - The interactive debugger handles outer variables in nested scopes diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index 6d85ffb20..d5490bccf 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -1078,38 +1078,40 @@ def is_hop_by_hop_header(header): def parse_cookie(header, charset="utf-8", errors="replace", cls=None): - """Parse a cookie. Either from a string or WSGI environ. + """Parse a cookie from a string or WSGI environ. - Per default encoding errors are ignored. If you want a different behavior - you can set `errors` to ``'replace'`` or ``'strict'``. In strict mode a - :exc:`HTTPUnicodeError` is raised. + The same key can be provided multiple times, the values are stored + in-order. The default :class:`MultiDict` will have the first value + first, and all values can be retrieved with + :meth:`MultiDict.getlist`. + + :param header: The cookie header as a string, or a WSGI environ dict + with a ``HTTP_COOKIE`` key. + :param charset: The charset for the cookie values. + :param errors: The error behavior for the charset decoding. + :param cls: A dict-like class to store the parsed cookies in. + Defaults to :class:`MultiDict`. + + .. versionchanged:: 1.0.0 + Returns a :class:`MultiDict` instead of a + ``TypeConversionDict``. .. versionchanged:: 0.5 - This function now returns a :class:`TypeConversionDict` instead of a - regular dict. The `cls` parameter was added. - - :param header: the header to be used to parse the cookie. Alternatively - this can be a WSGI environment. - :param charset: the charset for the cookie values. - :param errors: the error behavior for the charset decoding. - :param cls: an optional dict class to use. If this is not specified - or `None` the default :class:`TypeConversionDict` is - used. + Returns a :class:`TypeConversionDict` instead of a regular dict. + The ``cls`` parameter was added. """ if isinstance(header, dict): header = header.get("HTTP_COOKIE", "") elif header is None: header = "" - # If the value is an unicode string it's mangled through latin1. This - # is done because on PEP 3333 on Python 3 all headers are assumed latin1 - # which however is incorrect for cookies, which are sent in page encoding. - # As a result we + # On Python 3, PEP 3333 sends headers through the environ as latin1 + # decoded strings. Encode strings back to bytes for parsing. if isinstance(header, text_type): header = header.encode("latin1", "replace") if cls is None: - cls = TypeConversionDict + cls = MultiDict def _parse_pairs(): for key, val in _cookie_parse_impl(header): @@ -1287,8 +1289,8 @@ def is_byte_range_valid(start, stop, length): from .datastructures import ETags from .datastructures import HeaderSet from .datastructures import IfRange +from .datastructures import MultiDict from .datastructures import Range from .datastructures import RequestCacheControl -from .datastructures import TypeConversionDict from .datastructures import WWWAuthenticate from .urls import iri_to_uri diff --git a/tests/test_http.py b/tests/test_http.py index 7fbef44f7..61386b34c 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -442,22 +442,22 @@ def test_date_formatting(self): assert http.http_date(0) == "Thu, 01 Jan 1970 00:00:00 GMT" assert http.http_date(datetime(1970, 1, 1)) == "Thu, 01 Jan 1970 00:00:00 GMT" - def test_cookies(self): - strict_eq( - dict( - http.parse_cookie( - "dismiss-top=6; CP=null*; PHPSESSID=0a539d42abc001cd" - 'c762809248d4beed; a=42; b="\\";"' - ) - ), - { - "CP": u"null*", - "PHPSESSID": u"0a539d42abc001cdc762809248d4beed", - "a": u"42", - "dismiss-top": u"6", - "b": u'";', - }, - ) + def test_parse_cookie(self): + cookies = http.parse_cookie( + "dismiss-top=6; CP=null*; PHPSESSID=0a539d42abc001cdc762809248d4beed;" + ' a=42; b="\\";"; ; fo234{=bar;blub=Blah;' + ) + assert cookies.to_dict() == { + "CP": u"null*", + "PHPSESSID": u"0a539d42abc001cdc762809248d4beed", + "a": u"42", + "dismiss-top": u"6", + "b": u'";', + "fo234{": u"bar", + "blub": u"Blah", + } + + def test_dump_cookie(self): rv = http.dump_cookie( "foo", "bar baz blub", 360, httponly=True, sync_expires=False ) @@ -468,42 +468,37 @@ def test_cookies(self): "Path=/", 'foo="bar baz blub"', } - - strict_eq( - dict(http.parse_cookie("fo234{=bar; blub=Blah")), - {"fo234{": u"bar", "blub": u"Blah"}, - ) - - strict_eq(http.dump_cookie("key", "xxx/"), "key=xxx/; Path=/") - strict_eq(http.dump_cookie("key", "xxx="), "key=xxx=; Path=/") + assert http.dump_cookie("key", "xxx/") == "key=xxx/; Path=/" + assert http.dump_cookie("key", "xxx=") == "key=xxx=; Path=/" def test_bad_cookies(self): - strict_eq( - dict( - http.parse_cookie( - "first=IamTheFirst ; a=1; oops ; a=2 ;second = andMeTwo;" - ) - ), - {"first": u"IamTheFirst", "a": u"2", "oops": u"", "second": u"andMeTwo"}, - ) + cookies = http.parse_cookie( + "first=IamTheFirst ; a=1; oops ; a=2 ;second = andMeTwo;" + ) + expect = { + "first": [u"IamTheFirst"], + "a": [u"1", u"2"], + "oops": [u""], + "second": [u"andMeTwo"], + } + assert cookies.to_dict(flat=False) == expect + assert cookies["a"] == u"1" + assert cookies.getlist("a") == [u"1", u"2"] def test_empty_keys_are_ignored(self): - strict_eq( - dict( - http.parse_cookie("first=IamTheFirst ; a=1; a=2 ;second=andMeTwo; ; ") - ), - {"first": u"IamTheFirst", "a": u"2", "second": u"andMeTwo"}, - ) + cookies = http.parse_cookie("spam=ham; duck=mallard; ; ") + expect = {"spam": u"ham", "duck": u"mallard"} + assert cookies.to_dict() == expect def test_cookie_quoting(self): val = http.dump_cookie("foo", "?foo") - strict_eq(val, 'foo="?foo"; Path=/') - strict_eq(dict(http.parse_cookie(val)), {"foo": u"?foo", "Path": u"/"}) - strict_eq(dict(http.parse_cookie(r'foo="foo\054bar"')), {"foo": u"foo,bar"}) + assert val == 'foo="?foo"; Path=/' + assert http.parse_cookie(val).to_dict() == {"foo": u"?foo", "Path": u"/"} + assert http.parse_cookie(r'foo="foo\054bar"').to_dict(), {"foo": u"foo,bar"} def test_parse_set_cookie_directive(self): val = 'foo="?foo"; version="0.1";' - strict_eq(dict(http.parse_cookie(val)), {"foo": u"?foo", "version": u"0.1"}) + assert http.parse_cookie(val).to_dict() == {"foo": u"?foo", "version": u"0.1"} def test_cookie_domain_resolving(self): val = http.dump_cookie("foo", "bar", domain=u"\N{SNOWMAN}.com") From 9896e6c1e2146c058423962dc627e87001c86bbd Mon Sep 17 00:00:00 2001 From: Lucas Barsand Date: Fri, 27 Oct 2017 13:02:27 -0200 Subject: [PATCH 065/733] implement TLS peer authentication --- src/werkzeug/serving.py | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index 9ebd125f9..137060480 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -225,6 +225,17 @@ def shutdown_server(): if request_url.scheme and request_url.netloc: environ["HTTP_HOST"] = request_url.netloc + try: + peer_cert = self.connection.getpeercert() + if peer_cert is not None: + environ["SSL_CLIENT_CERT"] = peer_cert + except ValueError: + self.server.log("error", "Cannot fetch SSL peer certificate info") + except AttributeError: + # This error indicates that no TLS setup was made, and it is + # raised because socket will not have such function getpeercert() + pass + return environ def run_wsgi(self): @@ -716,17 +727,25 @@ def __init__( self.server_address = self.socket.getsockname() if ssl_context is not None: + ssl_kwargs = {"server_side": True} if isinstance(ssl_context, tuple): ssl_context = load_ssl_context(*ssl_context) + if isinstance(ssl_context, dict): + cert_file = ssl_context.pop("cert_file") + pkey_file = ssl_context.pop("pkey_file") + for key in ssl_context: + ssl_kwargs[key] = ssl_context[key] + ssl_context = load_ssl_context(cert_file, pkey_file) if ssl_context == "adhoc": ssl_context = generate_adhoc_ssl_context() + # If we are on Python 2 the return value from socket.fromfd # is an internal socket object but what we need for ssl wrap # is the wrapper around it :( sock = self.socket if PY2 and not isinstance(sock, socket.socket): sock = socket.socket(sock.family, sock.type, sock.proto, sock) - self.socket = ssl_context.wrap_socket(sock, server_side=True) + self.socket = ssl_context.wrap_socket(sock, **ssl_kwargs) self.ssl_context = ssl_context else: self.ssl_context = None From 320abb6faed3139abd235e1a7746277cdc6c44b8 Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 7 Sep 2019 11:20:45 -0700 Subject: [PATCH 066/733] remove passing ssl_context a dict --- CHANGES.rst | 4 ++++ src/werkzeug/serving.py | 26 +++++++++++++------------- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 12da41a96..89fb3d084 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -46,6 +46,10 @@ Unreleased only match at the primary language tag. :issue:`450`, :pr:`1507` - ``MIMEAccept`` uses MIME parameters for specificity when matching. :issue:`458`, :pr:`1574` +- If the development server is started with an ``SSLContext`` + configured to verify client certificates, the certificate in PEM + format will be available as ``environ["SSL_CLIENT_CERT"]``. + :pr:`1469` - Optional request log highlighting with the development server is handled by Click instead of termcolor. :issue:`1235` - Optional ad-hoc TLS support for the development server is handled diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index 137060480..436fd3a9f 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -226,14 +226,17 @@ def shutdown_server(): environ["HTTP_HOST"] = request_url.netloc try: - peer_cert = self.connection.getpeercert() + # binary_form=False gives nicer information, but wouldn't be compatible with + # what Nginx or Apache could return. + peer_cert = self.connection.getpeercert(binary_form=True) if peer_cert is not None: - environ["SSL_CLIENT_CERT"] = peer_cert + # Nginx and Apache use PEM format. + environ["SSL_CLIENT_CERT"] = ssl.DER_cert_to_PEM_cert(peer_cert) except ValueError: + # SSL handshake hasn't finished. self.server.log("error", "Cannot fetch SSL peer certificate info") except AttributeError: - # This error indicates that no TLS setup was made, and it is - # raised because socket will not have such function getpeercert() + # Not using TLS, the socket will not have getpeercert(). pass return environ @@ -605,7 +608,11 @@ def load_ssl_context(cert_file, pkey_file=None, protocol=None): module. Defaults to ``PROTOCOL_SSLv23``. """ if protocol is None: - protocol = ssl.PROTOCOL_SSLv23 + try: + protocol = ssl.PROTOCOL_TLS_SERVER + except AttributeError: + # Python <= 3.5 compat + protocol = ssl.PROTOCOL_SSLv23 ctx = _SSLContext(protocol) ctx.load_cert_chain(cert_file, pkey_file) return ctx @@ -727,15 +734,8 @@ def __init__( self.server_address = self.socket.getsockname() if ssl_context is not None: - ssl_kwargs = {"server_side": True} if isinstance(ssl_context, tuple): ssl_context = load_ssl_context(*ssl_context) - if isinstance(ssl_context, dict): - cert_file = ssl_context.pop("cert_file") - pkey_file = ssl_context.pop("pkey_file") - for key in ssl_context: - ssl_kwargs[key] = ssl_context[key] - ssl_context = load_ssl_context(cert_file, pkey_file) if ssl_context == "adhoc": ssl_context = generate_adhoc_ssl_context() @@ -745,7 +745,7 @@ def __init__( sock = self.socket if PY2 and not isinstance(sock, socket.socket): sock = socket.socket(sock.family, sock.type, sock.proto, sock) - self.socket = ssl_context.wrap_socket(sock, **ssl_kwargs) + self.socket = ssl_context.wrap_socket(sock, server_side=True) self.ssl_context = ssl_context else: self.ssl_context = None From aa022fb1e7df5d0727b2f4099f776997b61f16ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Lafr=C3=A9choux?= Date: Fri, 6 Sep 2019 21:51:58 +0200 Subject: [PATCH 067/733] Update "Test Utilities" doc to Python 3 --- docs/test.rst | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/docs/test.rst b/docs/test.rst index c7e213f85..bbeadcdcc 100644 --- a/docs/test.rst +++ b/docs/test.rst @@ -32,9 +32,9 @@ in test functionality. >>> resp.status_code 200 >>> resp.headers -Headers([('Content-Type', 'text/html; charset=utf-8'), ('Content-Length', '8339')]) +Headers([('Content-Type', 'text/html; charset=utf-8'), ('Content-Length', '6658')]) >>> resp.data.splitlines()[0] -'>> status '200 OK' >>> headers -[('Content-Type', 'text/html; charset=utf-8'), ('Content-Length', '8339')] ->>> ''.join(app_iter).splitlines()[0] +[('Content-Type', 'text/html; charset=utf-8'), ('Content-Length', '6658')] +>>> ''.join(i.decode() for i in app_iter).splitlines()[0] '>> from werkzeug.test import EnvironBuilder ->>> from StringIO import StringIO +>>> from io import BytesIO >>> builder = EnvironBuilder(method='POST', data={'foo': 'this is some text', -... 'file': (StringIO('my file contents'), 'test.txt')}) +... 'file': (BytesIO('my file contents'.encode()), 'test.txt')}) >>> env = builder.get_environ() The resulting environment is a regular WSGI environment that can be used for @@ -72,11 +72,11 @@ further processing: >>> from werkzeug.wrappers import Request >>> req = Request(env) >>> req.form['foo'] -u'this is some text' +'this is some text' >>> req.files['file'] >>> req.files['file'].read() -'my file contents' +b'my file contents' The :class:`EnvironBuilder` figures out the content type automatically if you pass a dict to the constructor as `data`. If you provide a string or an @@ -85,6 +85,7 @@ input stream you have to do that yourself. By default it will try to use ``application/x-www-form-urlencoded`` and only use ``multipart/form-data`` if files are uploaded: +>>> from io import StringIO >>> builder = EnvironBuilder(method='POST', data={'foo': 'bar'}) >>> builder.content_type 'application/x-www-form-urlencoded' From 9c0d934bdd59d3653c5b37e235ac4fba251f4148 Mon Sep 17 00:00:00 2001 From: David Lord Date: Mon, 9 Sep 2019 07:38:49 -0700 Subject: [PATCH 068/733] more test.rst py3 compat --- docs/test.rst | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/docs/test.rst b/docs/test.rst index bbeadcdcc..d726123f3 100644 --- a/docs/test.rst +++ b/docs/test.rst @@ -43,9 +43,9 @@ Or without a wrapper defined: >>> status '200 OK' >>> headers -[('Content-Type', 'text/html; charset=utf-8'), ('Content-Length', '6658')] ->>> ''.join(i.decode() for i in app_iter).splitlines()[0] -'>> b''.join(app_iter).splitlines()[0] +b'>> from werkzeug.test import EnvironBuilder >>> from io import BytesIO >>> builder = EnvironBuilder(method='POST', data={'foo': 'this is some text', -... 'file': (BytesIO('my file contents'.encode()), 'test.txt')}) +... 'file': (BytesIO('my file contents'.encode("utf8")), 'test.txt')}) >>> env = builder.get_environ() The resulting environment is a regular WSGI environment that can be used for @@ -85,11 +85,10 @@ input stream you have to do that yourself. By default it will try to use ``application/x-www-form-urlencoded`` and only use ``multipart/form-data`` if files are uploaded: ->>> from io import StringIO >>> builder = EnvironBuilder(method='POST', data={'foo': 'bar'}) >>> builder.content_type 'application/x-www-form-urlencoded' ->>> builder.files['foo'] = StringIO('contents') +>>> builder.files['foo'] = BytesIO('contents'.encode("utf8")) >>> builder.content_type 'multipart/form-data' From c43bb51106d0f3d21c5860c830fa34afe11b5dec Mon Sep 17 00:00:00 2001 From: David Lord Date: Mon, 9 Sep 2019 08:03:31 -0700 Subject: [PATCH 069/733] is_resource_modified works for all methods --- CHANGES.rst | 2 ++ src/werkzeug/http.py | 5 +++-- tests/test_http.py | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 89fb3d084..2d37eaa20 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -50,6 +50,8 @@ Unreleased configured to verify client certificates, the certificate in PEM format will be available as ``environ["SSL_CLIENT_CERT"]``. :pr:`1469` +- ``is_resource_modified`` will run for methods other than ``GET`` and + ``HEAD``, rather than always returning ``False``. :issue:`409` - Optional request log highlighting with the development server is handled by Click instead of termcolor. :issue:`1235` - Optional ad-hoc TLS support for the development server is handled diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index d5490bccf..7fc6bd75d 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -967,13 +967,14 @@ def is_resource_modified( :param ignore_if_range: If `False`, `If-Range` header will be taken into account. :return: `True` if the resource was modified, otherwise `False`. + + .. versionchanged:: 1.0.0 + The check is run for methods other than ``GET`` and ``HEAD``. """ if etag is None and data is not None: etag = generate_etag(data) elif data is not None: raise TypeError("both data and etag given") - if environ["REQUEST_METHOD"] not in ("GET", "HEAD"): - return False unmodified = False if isinstance(last_modified, string_types): diff --git a/tests/test_http.py b/tests/test_http.py index 61386b34c..86359609b 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -386,9 +386,9 @@ def test_dump_header(self): def test_is_resource_modified(self): env = create_environ() - # ignore POST + # any method is allowed env["REQUEST_METHOD"] = "POST" - assert not http.is_resource_modified(env, etag="testing") + assert http.is_resource_modified(env, etag="testing") env["REQUEST_METHOD"] = "GET" # etagify from data From 487ab5846932cf15d688451a3d61014981cd6e1e Mon Sep 17 00:00:00 2001 From: David Lord Date: Thu, 12 Sep 2019 10:32:56 -0700 Subject: [PATCH 070/733] remove lazy importer, fix circular imports --- src/werkzeug/__init__.py | 360 ++++++++++++--------------------- src/werkzeug/datastructures.py | 2 +- src/werkzeug/exceptions.py | 16 +- src/werkzeug/formparser.py | 4 +- src/werkzeug/http.py | 5 +- src/werkzeug/urls.py | 8 +- 6 files changed, 150 insertions(+), 245 deletions(-) diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index 7b8e14e5c..e16fbdcc9 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -1,233 +1,141 @@ -# -*- coding: utf-8 -*- """ - werkzeug - ~~~~~~~~ +werkzeug +~~~~~~~~ - Werkzeug is the Swiss Army knife of Python web development. +Werkzeug is the Swiss Army knife of Python web development. - It provides useful classes and functions for any WSGI application to make - the life of a python web developer much easier. All of the provided - classes are independent from each other so you can mix it with any other - library. +It provides useful classes and functions for any WSGI application to +make the life of a python web developer much easier. All of the provided +classes are independent from each other so you can mix it with any other +library. - - :copyright: 2007 Pallets - :license: BSD-3-Clause +:copyright: 2007 Pallets +:license: BSD-3-Clause """ -import sys -from types import ModuleType +from . import exceptions +from . import routing +from ._internal import _easteregg +from .datastructures import Accept +from .datastructures import Authorization +from .datastructures import CallbackDict +from .datastructures import CharsetAccept +from .datastructures import CombinedMultiDict +from .datastructures import EnvironHeaders +from .datastructures import ETags +from .datastructures import FileMultiDict +from .datastructures import FileStorage +from .datastructures import Headers +from .datastructures import HeaderSet +from .datastructures import ImmutableDict +from .datastructures import ImmutableList +from .datastructures import ImmutableMultiDict +from .datastructures import ImmutableOrderedMultiDict +from .datastructures import ImmutableTypeConversionDict +from .datastructures import LanguageAccept +from .datastructures import MIMEAccept +from .datastructures import MultiDict +from .datastructures import OrderedMultiDict +from .datastructures import RequestCacheControl +from .datastructures import ResponseCacheControl +from .datastructures import TypeConversionDict +from .datastructures import WWWAuthenticate +from .debug import DebuggedApplication +from .exceptions import abort +from .exceptions import Aborter +from .formparser import parse_form_data +from .http import cookie_date +from .http import dump_cookie +from .http import dump_header +from .http import dump_options_header +from .http import generate_etag +from .http import http_date +from .http import HTTP_STATUS_CODES +from .http import is_entity_header +from .http import is_hop_by_hop_header +from .http import is_resource_modified +from .http import parse_accept_header +from .http import parse_authorization_header +from .http import parse_cache_control_header +from .http import parse_cookie +from .http import parse_date +from .http import parse_dict_header +from .http import parse_etags +from .http import parse_list_header +from .http import parse_options_header +from .http import parse_set_header +from .http import parse_www_authenticate_header +from .http import quote_etag +from .http import quote_header_value +from .http import remove_entity_headers +from .http import remove_hop_by_hop_headers +from .http import unquote_etag +from .http import unquote_header_value +from .local import Local +from .local import LocalManager +from .local import LocalProxy +from .local import LocalStack +from .local import release_local +from .middleware.dispatcher import DispatcherMiddleware +from .middleware.shared_data import SharedDataMiddleware +from .security import check_password_hash +from .security import generate_password_hash +from .serving import run_simple +from .test import Client +from .test import create_environ +from .test import EnvironBuilder +from .test import run_wsgi_app +from .testapp import test_app +from .urls import Href +from .urls import iri_to_uri +from .urls import uri_to_iri +from .urls import url_decode +from .urls import url_encode +from .urls import url_fix +from .urls import url_quote +from .urls import url_quote_plus +from .urls import url_unquote +from .urls import url_unquote_plus +from .useragents import UserAgent +from .utils import append_slash_redirect +from .utils import ArgumentValidationError +from .utils import bind_arguments +from .utils import cached_property +from .utils import environ_property +from .utils import escape +from .utils import find_modules +from .utils import format_string +from .utils import header_property +from .utils import html +from .utils import HTMLBuilder +from .utils import import_string +from .utils import redirect +from .utils import secure_filename +from .utils import unescape +from .utils import validate_arguments +from .utils import xhtml +from .wrappers import AcceptMixin +from .wrappers import AuthorizationMixin +from .wrappers import BaseRequest +from .wrappers import BaseResponse +from .wrappers import CommonRequestDescriptorsMixin +from .wrappers import CommonResponseDescriptorsMixin +from .wrappers import ETagRequestMixin +from .wrappers import ETagResponseMixin +from .wrappers import Request +from .wrappers import Response +from .wrappers import ResponseStreamMixin +from .wrappers import UserAgentMixin +from .wrappers import WWWAuthenticateMixin +from .wsgi import ClosingIterator +from .wsgi import extract_path_info +from .wsgi import FileWrapper +from .wsgi import get_current_url +from .wsgi import get_host +from .wsgi import LimitedStream +from .wsgi import make_line_iter +from .wsgi import peek_path_info +from .wsgi import pop_path_info +from .wsgi import responder +from .wsgi import wrap_file __version__ = "1.0.0.dev0" - -# This import magic raises concerns quite often which is why the implementation -# and motivation is explained here in detail now. -# -# The majority of the functions and classes provided by Werkzeug work on the -# HTTP and WSGI layer. There is no useful grouping for those which is why -# they are all importable from "werkzeug" instead of the modules where they are -# implemented. The downside of that is, that now everything would be loaded at -# once, even if unused. -# -# The implementation of a lazy-loading module in this file replaces the -# werkzeug package when imported from within. Attribute access to the werkzeug -# module will then lazily import from the modules that implement the objects. - -# import mapping to objects in other modules -all_by_module = { - "werkzeug.debug": ["DebuggedApplication"], - "werkzeug.local": [ - "Local", - "LocalManager", - "LocalProxy", - "LocalStack", - "release_local", - ], - "werkzeug.serving": ["run_simple"], - "werkzeug.test": ["Client", "EnvironBuilder", "create_environ", "run_wsgi_app"], - "werkzeug.testapp": ["test_app"], - "werkzeug.exceptions": ["abort", "Aborter"], - "werkzeug.urls": [ - "url_decode", - "url_encode", - "url_quote", - "url_quote_plus", - "url_unquote", - "url_unquote_plus", - "url_fix", - "Href", - "iri_to_uri", - "uri_to_iri", - ], - "werkzeug.formparser": ["parse_form_data"], - "werkzeug.utils": [ - "escape", - "environ_property", - "append_slash_redirect", - "redirect", - "cached_property", - "import_string", - "unescape", - "format_string", - "find_modules", - "header_property", - "html", - "xhtml", - "HTMLBuilder", - "validate_arguments", - "ArgumentValidationError", - "bind_arguments", - "secure_filename", - ], - "werkzeug.wsgi": [ - "get_current_url", - "get_host", - "pop_path_info", - "peek_path_info", - "ClosingIterator", - "FileWrapper", - "make_line_iter", - "LimitedStream", - "responder", - "wrap_file", - "extract_path_info", - ], - "werkzeug.datastructures": [ - "MultiDict", - "CombinedMultiDict", - "Headers", - "EnvironHeaders", - "ImmutableList", - "ImmutableDict", - "ImmutableMultiDict", - "TypeConversionDict", - "ImmutableTypeConversionDict", - "Accept", - "MIMEAccept", - "CharsetAccept", - "LanguageAccept", - "RequestCacheControl", - "ResponseCacheControl", - "ETags", - "HeaderSet", - "WWWAuthenticate", - "Authorization", - "FileMultiDict", - "CallbackDict", - "FileStorage", - "OrderedMultiDict", - "ImmutableOrderedMultiDict", - ], - "werkzeug.useragents": ["UserAgent"], - "werkzeug.http": [ - "parse_etags", - "parse_date", - "http_date", - "cookie_date", - "parse_cache_control_header", - "is_resource_modified", - "parse_accept_header", - "parse_set_header", - "quote_etag", - "unquote_etag", - "generate_etag", - "dump_header", - "parse_list_header", - "parse_dict_header", - "parse_authorization_header", - "parse_www_authenticate_header", - "remove_entity_headers", - "is_entity_header", - "remove_hop_by_hop_headers", - "parse_options_header", - "dump_options_header", - "is_hop_by_hop_header", - "unquote_header_value", - "quote_header_value", - "HTTP_STATUS_CODES", - "dump_cookie", - "parse_cookie", - ], - "werkzeug.wrappers": [ - "BaseResponse", - "BaseRequest", - "Request", - "Response", - "AcceptMixin", - "ETagRequestMixin", - "ETagResponseMixin", - "ResponseStreamMixin", - "CommonResponseDescriptorsMixin", - "UserAgentMixin", - "AuthorizationMixin", - "WWWAuthenticateMixin", - "CommonRequestDescriptorsMixin", - ], - "werkzeug.middleware.dispatcher": ["DispatcherMiddleware"], - "werkzeug.middleware.shared_data": ["SharedDataMiddleware"], - "werkzeug.security": ["generate_password_hash", "check_password_hash"], - # the undocumented easteregg ;-) - "werkzeug._internal": ["_easteregg"], -} - -# modules that should be imported when accessed as attributes of werkzeug -attribute_modules = frozenset(["exceptions", "routing"]) - -object_origins = {} -for module, items in all_by_module.items(): - for item in items: - object_origins[item] = module - - -class module(ModuleType): - """Automatically import objects from the modules.""" - - def __getattr__(self, name): - if name in object_origins: - module = __import__(object_origins[name], None, None, [name]) - for extra_name in all_by_module[module.__name__]: - setattr(self, extra_name, getattr(module, extra_name)) - return getattr(module, name) - elif name in attribute_modules: - __import__("werkzeug." + name) - return ModuleType.__getattribute__(self, name) - - def __dir__(self): - """Just show what we want to show.""" - result = list(new_module.__all__) - result.extend( - ( - "__file__", - "__doc__", - "__all__", - "__docformat__", - "__name__", - "__path__", - "__package__", - "__version__", - ) - ) - return result - - -# keep a reference to this module so that it's not garbage collected -old_module = sys.modules["werkzeug"] - - -# setup the new module and patch it into the dict of loaded modules -new_module = sys.modules["werkzeug"] = module("werkzeug") -new_module.__dict__.update( - { - "__file__": __file__, - "__package__": "werkzeug", - "__path__": __path__, - "__doc__": __doc__, - "__version__": __version__, - "__all__": tuple(object_origins) + tuple(attribute_modules), - "__docformat__": "restructuredtext en", - } -) - - -# Due to bootstrapping issues we need to import exceptions here. -# Don't ask :-( -__import__("werkzeug.exceptions") diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index f22d38de4..2286f8dd4 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -14,6 +14,7 @@ from copy import deepcopy from itertools import repeat +from . import exceptions from ._compat import BytesIO from ._compat import collections_abc from ._compat import integer_types @@ -2995,7 +2996,6 @@ def __repr__(self): # circular dependencies -from . import exceptions from .http import dump_csp_header from .http import dump_header from .http import dump_options_header diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index 26d03c6ae..c337830d4 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -59,18 +59,12 @@ def application(environ, start_response): """ import sys -import werkzeug - -# Because of bootstrapping reasons we need to manually patch ourselves -# onto our parent module. -werkzeug.exceptions = sys.modules[__name__] - from ._compat import implements_to_string from ._compat import integer_types from ._compat import iteritems from ._compat import text_type from ._internal import _get_environ -from .wrappers import Response +from .utils import escape @implements_to_string @@ -141,6 +135,8 @@ def description(self, value): @property def name(self): """The status name.""" + from .http import HTTP_STATUS_CODES + return HTTP_STATUS_CODES.get(self.code, "Unknown Error") def get_description(self, environ=None): @@ -176,6 +172,8 @@ def get_response(self, environ=None): on how the request looked like. :return: a :class:`Response` object or a subclass thereof. """ + from .wrappers.response import Response + if self.response is not None: return self.response if environ is not None: @@ -792,7 +790,3 @@ def abort(status, *args, **kwargs): #: An exception that is used to signal both a :exc:`KeyError` and a #: :exc:`BadRequest`. Used by many of the datastructures. BadRequestKeyError = BadRequest.wrap(KeyError) - -# imported here because of circular dependencies of werkzeug.utils -from .http import HTTP_STATUS_CODES -from .utils import escape diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py index 0ddc5c8ff..ffdb9b0f1 100644 --- a/src/werkzeug/formparser.py +++ b/src/werkzeug/formparser.py @@ -16,6 +16,7 @@ from itertools import repeat from itertools import tee +from . import exceptions from ._compat import BytesIO from ._compat import text_type from ._compat import to_native @@ -581,6 +582,3 @@ def parse(self, file, boundary, content_length): form = (p[1] for p in formstream if p[0] == "form") files = (p[1] for p in filestream if p[0] == "file") return self.cls(form), self.cls(files) - - -from . import exceptions diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index 7fc6bd75d..56dbb0fe5 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -1189,6 +1189,8 @@ def dump_cookie( value = to_bytes(value, charset) if path is not None: + from .urls import iri_to_uri + path = iri_to_uri(path, charset) domain = _make_cookie_domain(domain) if isinstance(max_age, timedelta): @@ -1282,7 +1284,7 @@ def is_byte_range_valid(start, stop, length): return 0 <= start < length -# circular dependency fun +# circular dependencies from .datastructures import Accept from .datastructures import Authorization from .datastructures import ContentRange @@ -1294,4 +1296,3 @@ def is_byte_range_valid(start, stop, length): from .datastructures import Range from .datastructures import RequestCacheControl from .datastructures import WWWAuthenticate -from .urls import iri_to_uri diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py index 4a1146fb1..d5e487b3a 100644 --- a/src/werkzeug/urls.py +++ b/src/werkzeug/urls.py @@ -31,8 +31,6 @@ from ._compat import try_coerce_native from ._internal import _decode_idna from ._internal import _encode_idna -from .datastructures import iter_multi_items -from .datastructures import MultiDict # A regular expression for what a valid schema looks like _scheme_re = re.compile(r"^[a-zA-Z0-9+-.]+$") @@ -415,6 +413,8 @@ def _unquote_to_bytes(string, unsafe=""): def _url_encode_impl(obj, charset, encode_keys, sort, key): + from .datastructures import iter_multi_items + iterable = iter_multi_items(obj) if sort: iterable = sorted(iterable, key=key) @@ -825,6 +825,8 @@ def url_decode( or `None` the default :class:`MultiDict` is used. """ if cls is None: + from .datastructures import MultiDict + cls = MultiDict if isinstance(s, text_type) and not isinstance(separator, text_type): separator = separator.decode(charset or "ascii") @@ -884,6 +886,8 @@ def url_decode_stream( return decoder if cls is None: + from .datastructures import MultiDict + cls = MultiDict return cls(decoder) From 08536c457c7125c05e0947e62487fbc4bcf51717 Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 14 Sep 2019 10:08:54 -0700 Subject: [PATCH 071/733] deprecate top-level imports --- CHANGES.rst | 8 + src/werkzeug/__init__.py | 320 ++++++++++++++++++++++++--------------- 2 files changed, 206 insertions(+), 122 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 2d37eaa20..b71c28790 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -8,6 +8,14 @@ Unreleased - Drop support for Python 3.4. (:issue:`1478`) - Remove code that issued deprecation warnings in version 0.15. (:issue:`1477`) +- Deprecate most top-level attributes provided by the ``werkzeug`` + module in favor of direct imports. For example, instead of + ``import werkzeug; werkzeug.url_quote``, do + ``from werkzeug.urls import url_quote. A deprecation warning will + show the correct import to use. ``werkzeug.exceptions`` and + ``werkzeug.routing`` should also be imported instead of accessed, + but for technical reasons can't show a warning. + :issue:`2`, :pr:`1640` - Added ``utils.invalidate_cached_property()`` to invalidate cached properties. (:pr:`1474`) - Directive keys for the ``Set-Cookie`` response header are not diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index e16fbdcc9..b67e90f16 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -5,137 +5,213 @@ Werkzeug is the Swiss Army knife of Python web development. It provides useful classes and functions for any WSGI application to -make the life of a python web developer much easier. All of the provided +make the life of a Python web developer much easier. All of the provided classes are independent from each other so you can mix it with any other library. :copyright: 2007 Pallets :license: BSD-3-Clause """ -from . import exceptions -from . import routing -from ._internal import _easteregg -from .datastructures import Accept -from .datastructures import Authorization -from .datastructures import CallbackDict -from .datastructures import CharsetAccept -from .datastructures import CombinedMultiDict -from .datastructures import EnvironHeaders -from .datastructures import ETags -from .datastructures import FileMultiDict -from .datastructures import FileStorage -from .datastructures import Headers -from .datastructures import HeaderSet -from .datastructures import ImmutableDict -from .datastructures import ImmutableList -from .datastructures import ImmutableMultiDict -from .datastructures import ImmutableOrderedMultiDict -from .datastructures import ImmutableTypeConversionDict -from .datastructures import LanguageAccept -from .datastructures import MIMEAccept -from .datastructures import MultiDict -from .datastructures import OrderedMultiDict -from .datastructures import RequestCacheControl -from .datastructures import ResponseCacheControl -from .datastructures import TypeConversionDict -from .datastructures import WWWAuthenticate -from .debug import DebuggedApplication -from .exceptions import abort -from .exceptions import Aborter -from .formparser import parse_form_data -from .http import cookie_date -from .http import dump_cookie -from .http import dump_header -from .http import dump_options_header -from .http import generate_etag -from .http import http_date -from .http import HTTP_STATUS_CODES -from .http import is_entity_header -from .http import is_hop_by_hop_header -from .http import is_resource_modified -from .http import parse_accept_header -from .http import parse_authorization_header -from .http import parse_cache_control_header -from .http import parse_cookie -from .http import parse_date -from .http import parse_dict_header -from .http import parse_etags -from .http import parse_list_header -from .http import parse_options_header -from .http import parse_set_header -from .http import parse_www_authenticate_header -from .http import quote_etag -from .http import quote_header_value -from .http import remove_entity_headers -from .http import remove_hop_by_hop_headers -from .http import unquote_etag -from .http import unquote_header_value -from .local import Local -from .local import LocalManager -from .local import LocalProxy -from .local import LocalStack -from .local import release_local -from .middleware.dispatcher import DispatcherMiddleware -from .middleware.shared_data import SharedDataMiddleware -from .security import check_password_hash -from .security import generate_password_hash +import sys +from types import ModuleType + from .serving import run_simple from .test import Client -from .test import create_environ -from .test import EnvironBuilder -from .test import run_wsgi_app -from .testapp import test_app -from .urls import Href -from .urls import iri_to_uri -from .urls import uri_to_iri -from .urls import url_decode -from .urls import url_encode -from .urls import url_fix -from .urls import url_quote -from .urls import url_quote_plus -from .urls import url_unquote -from .urls import url_unquote_plus -from .useragents import UserAgent -from .utils import append_slash_redirect -from .utils import ArgumentValidationError -from .utils import bind_arguments -from .utils import cached_property -from .utils import environ_property -from .utils import escape -from .utils import find_modules -from .utils import format_string -from .utils import header_property -from .utils import html -from .utils import HTMLBuilder -from .utils import import_string -from .utils import redirect -from .utils import secure_filename -from .utils import unescape -from .utils import validate_arguments -from .utils import xhtml -from .wrappers import AcceptMixin -from .wrappers import AuthorizationMixin -from .wrappers import BaseRequest -from .wrappers import BaseResponse -from .wrappers import CommonRequestDescriptorsMixin -from .wrappers import CommonResponseDescriptorsMixin -from .wrappers import ETagRequestMixin -from .wrappers import ETagResponseMixin from .wrappers import Request from .wrappers import Response -from .wrappers import ResponseStreamMixin -from .wrappers import UserAgentMixin -from .wrappers import WWWAuthenticateMixin -from .wsgi import ClosingIterator -from .wsgi import extract_path_info -from .wsgi import FileWrapper -from .wsgi import get_current_url -from .wsgi import get_host -from .wsgi import LimitedStream -from .wsgi import make_line_iter -from .wsgi import peek_path_info -from .wsgi import pop_path_info -from .wsgi import responder -from .wsgi import wrap_file __version__ = "1.0.0.dev0" + +__all__ = ["run_simple", "Client", "Request", "Response", "__version__"] + + +class DeprecatedImportModule(ModuleType): + """Wrap a module in order to raise """ + + def __init__(self, name, available, removed_in): + super(DeprecatedImportModule, self).__init__(name) # noqa F821 + self._real_module = sys.modules[name] # noqa F821 + self._removed_in = removed_in + self._origin = {item: mod for mod, items in available.items() for item in items} + self.__all__ = sorted(self._real_module.__all__ + list(self._origin)) + + def __getattr__(self, item): + # Don't export internal variables. + if item in {"_real_module", "_origin", "_removed_in"}: + raise AttributeError(item) + + if item in self._origin: + from importlib import import_module + + origin = self._origin[item] + + if origin == ".": + # No warning for the "submodule as attribute" case, it's way too messy + # and unreliable to try to distinguish 'from werkzueug import + # exceptions' and 'import werkzeug; werkzeug.exceptions'. + value = import_module(origin + item, self.__name__) + else: + from warnings import warn + + # Import the module, get the attribute, and show a warning about where + # to correctly import it from. + mod = import_module(origin, self.__name__) + value = getattr(mod, item) + warn( + "The top-level '{name}.{item}' is deprecated and will be removed in" + " {removed_in}. Use 'from {name}{origin} import {item}'" + " instead.".format( + name=self.__name__, + item=item, + removed_in=self._removed_in, + origin=origin, + ), + DeprecationWarning, + stacklevel=2, + ) + else: + value = getattr(self._real_module, item) + + # Cache the value so it won't go through this process on subsequent accesses. + setattr(self, item, value) + return value + + def __dir__(self): + return sorted(dir(self._real_module) + list(self._origin)) + + +sys.modules["werkzeug"] = DeprecatedImportModule( + "werkzeug", + { + ".": ["exceptions", "routing"], + "._internal": ["_easteregg"], + ".datastructures": [ + "Accept", + "Authorization", + "CallbackDict", + "CharsetAccept", + "CombinedMultiDict", + "EnvironHeaders", + "ETags", + "FileMultiDict", + "FileStorage", + "Headers", + "HeaderSet", + "ImmutableDict", + "ImmutableList", + "ImmutableMultiDict", + "ImmutableOrderedMultiDict", + "ImmutableTypeConversionDict", + "LanguageAccept", + "MIMEAccept", + "MultiDict", + "OrderedMultiDict", + "RequestCacheControl", + "ResponseCacheControl", + "TypeConversionDict", + "WWWAuthenticate", + ], + ".debug": ["DebuggedApplication"], + ".exceptions": ["abort", "Aborter"], + ".formparser": ["parse_form_data"], + ".http": [ + "cookie_date", + "dump_cookie", + "dump_header", + "dump_options_header", + "generate_etag", + "http_date", + "HTTP_STATUS_CODES", + "is_entity_header", + "is_hop_by_hop_header", + "is_resource_modified", + "parse_accept_header", + "parse_authorization_header", + "parse_cache_control_header", + "parse_cookie", + "parse_date", + "parse_dict_header", + "parse_etags", + "parse_list_header", + "parse_options_header", + "parse_set_header", + "parse_www_authenticate_header", + "quote_etag", + "quote_header_value", + "remove_entity_headers", + "remove_hop_by_hop_headers", + "unquote_etag", + "unquote_header_value", + ], + ".local": [ + "Local", + "LocalManager", + "LocalProxy", + "LocalStack", + "release_local", + ], + ".middleware.dispatcher": ["DispatcherMiddleware"], + ".middleware.shared_data": ["SharedDataMiddleware"], + ".security": ["check_password_hash", "generate_password_hash"], + ".test": ["create_environ", "EnvironBuilder", "run_wsgi_app"], + ".testapp": ["test_app"], + ".urls": [ + "Href", + "iri_to_uri", + "uri_to_iri", + "url_decode", + "url_encode", + "url_fix", + "url_quote", + "url_quote_plus", + "url_unquote", + "url_unquote_plus", + ], + ".useragents": ["UserAgent"], + ".utils": [ + "append_slash_redirect", + "ArgumentValidationError", + "bind_arguments", + "cached_property", + "environ_property", + "escape", + "find_modules", + "format_string", + "header_property", + "html", + "HTMLBuilder", + "import_string", + "redirect", + "secure_filename", + "unescape", + "validate_arguments", + "xhtml", + ], + ".wrappers.accept": ["AcceptMixin"], + ".wrappers.auth": ["AuthorizationMixin", "WWWAuthenticateMixin"], + ".wrappers.base_request": ["BaseRequest"], + ".wrappers.base_response": ["BaseResponse"], + ".wrappers.common_descriptors": [ + "CommonRequestDescriptorsMixin", + "CommonResponseDescriptorsMixin", + ], + ".wrappers.etag": ["ETagRequestMixin", "ETagResponseMixin"], + ".wrappers.response": ["ResponseStreamMixin"], + ".wrappers.user_agent": ["UserAgentMixin"], + ".wsgi": [ + "ClosingIterator", + "extract_path_info", + "FileWrapper", + "get_current_url", + "get_host", + "LimitedStream", + "make_line_iter", + "peek_path_info", + "pop_path_info", + "responder", + "wrap_file", + ], + }, + "Werkzeug 2.0", +) +del sys, ModuleType, DeprecatedImportModule From 54939182e9f207b420fe5f676ac58456e2cad2c8 Mon Sep 17 00:00:00 2001 From: David Lord Date: Thu, 12 Sep 2019 10:32:56 -0700 Subject: [PATCH 072/733] remove lazy importer, fix circular imports (cherry picked from commit 487ab5846932cf15d688451a3d61014981cd6e1e) deprecate top-level imports (cherry picked from commit 08536c457c7125c05e0947e62487fbc4bcf51717) --- CHANGES.rst | 18 ++ src/werkzeug/__init__.py | 430 ++++++++++++++-------------- src/werkzeug/contrib/sessions.py | 4 +- src/werkzeug/datastructures.py | 2 +- src/werkzeug/exceptions.py | 17 +- src/werkzeug/formparser.py | 4 +- src/werkzeug/http.py | 64 +---- src/werkzeug/serving.py | 5 +- src/werkzeug/testapp.py | 4 +- src/werkzeug/urls.py | 8 +- src/werkzeug/useragents.py | 20 +- src/werkzeug/utils.py | 94 ++---- src/werkzeug/wrappers/user_agent.py | 3 +- src/werkzeug/wsgi.py | 74 +---- tests/contrib/test_securecookie.py | 2 +- tests/test_compat.py | 40 --- 16 files changed, 290 insertions(+), 499 deletions(-) delete mode 100644 tests/test_compat.py diff --git a/CHANGES.rst b/CHANGES.rst index 7c2c9076b..f0ad588af 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,5 +1,23 @@ .. currentmodule:: werkzeug +Version 0.16.0 +-------------- + +Unreleased + +- Deprecate most top-level attributes provided by the ``werkzeug`` + module in favor of direct imports. The deprecated imports will be + removed in version 1.0. + + For example, instead of ``import werkzeug; werkzeug.url_quote``, do + ``from werkzeug.urls import url_quote. A deprecation warning will + show the correct import to use. ``werkzeug.exceptions`` and + ``werkzeug.routing`` should also be imported instead of accessed, + but for technical reasons can't show a warning. + + :issue:`2`, :pr:`1640` + + Version 0.15.6 -------------- diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index 2ce1a3cb0..49907e93c 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -1,233 +1,221 @@ -# -*- coding: utf-8 -*- """ - werkzeug - ~~~~~~~~ +werkzeug +~~~~~~~~ - Werkzeug is the Swiss Army knife of Python web development. +Werkzeug is the Swiss Army knife of Python web development. - It provides useful classes and functions for any WSGI application to make - the life of a python web developer much easier. All of the provided - classes are independent from each other so you can mix it with any other - library. +It provides useful classes and functions for any WSGI application to +make the life of a Python web developer much easier. All of the provided +classes are independent from each other so you can mix it with any other +library. - - :copyright: 2007 Pallets - :license: BSD-3-Clause +:copyright: 2007 Pallets +:license: BSD-3-Clause """ -import sys from types import ModuleType -__version__ = "0.15.6" - -# This import magic raises concerns quite often which is why the implementation -# and motivation is explained here in detail now. -# -# The majority of the functions and classes provided by Werkzeug work on the -# HTTP and WSGI layer. There is no useful grouping for those which is why -# they are all importable from "werkzeug" instead of the modules where they are -# implemented. The downside of that is, that now everything would be loaded at -# once, even if unused. -# -# The implementation of a lazy-loading module in this file replaces the -# werkzeug package when imported from within. Attribute access to the werkzeug -# module will then lazily import from the modules that implement the objects. - -# import mapping to objects in other modules -all_by_module = { - "werkzeug.debug": ["DebuggedApplication"], - "werkzeug.local": [ - "Local", - "LocalManager", - "LocalProxy", - "LocalStack", - "release_local", - ], - "werkzeug.serving": ["run_simple"], - "werkzeug.test": ["Client", "EnvironBuilder", "create_environ", "run_wsgi_app"], - "werkzeug.testapp": ["test_app"], - "werkzeug.exceptions": ["abort", "Aborter"], - "werkzeug.urls": [ - "url_decode", - "url_encode", - "url_quote", - "url_quote_plus", - "url_unquote", - "url_unquote_plus", - "url_fix", - "Href", - "iri_to_uri", - "uri_to_iri", - ], - "werkzeug.formparser": ["parse_form_data"], - "werkzeug.utils": [ - "escape", - "environ_property", - "append_slash_redirect", - "redirect", - "cached_property", - "import_string", - "unescape", - "format_string", - "find_modules", - "header_property", - "html", - "xhtml", - "HTMLBuilder", - "validate_arguments", - "ArgumentValidationError", - "bind_arguments", - "secure_filename", - ], - "werkzeug.wsgi": [ - "get_current_url", - "get_host", - "pop_path_info", - "peek_path_info", - "ClosingIterator", - "FileWrapper", - "make_line_iter", - "LimitedStream", - "responder", - "wrap_file", - "extract_path_info", - ], - "werkzeug.datastructures": [ - "MultiDict", - "CombinedMultiDict", - "Headers", - "EnvironHeaders", - "ImmutableList", - "ImmutableDict", - "ImmutableMultiDict", - "TypeConversionDict", - "ImmutableTypeConversionDict", - "Accept", - "MIMEAccept", - "CharsetAccept", - "LanguageAccept", - "RequestCacheControl", - "ResponseCacheControl", - "ETags", - "HeaderSet", - "WWWAuthenticate", - "Authorization", - "FileMultiDict", - "CallbackDict", - "FileStorage", - "OrderedMultiDict", - "ImmutableOrderedMultiDict", - ], - "werkzeug.useragents": ["UserAgent"], - "werkzeug.http": [ - "parse_etags", - "parse_date", - "http_date", - "cookie_date", - "parse_cache_control_header", - "is_resource_modified", - "parse_accept_header", - "parse_set_header", - "quote_etag", - "unquote_etag", - "generate_etag", - "dump_header", - "parse_list_header", - "parse_dict_header", - "parse_authorization_header", - "parse_www_authenticate_header", - "remove_entity_headers", - "is_entity_header", - "remove_hop_by_hop_headers", - "parse_options_header", - "dump_options_header", - "is_hop_by_hop_header", - "unquote_header_value", - "quote_header_value", - "HTTP_STATUS_CODES", - "dump_cookie", - "parse_cookie", - ], - "werkzeug.wrappers": [ - "BaseResponse", - "BaseRequest", - "Request", - "Response", - "AcceptMixin", - "ETagRequestMixin", - "ETagResponseMixin", - "ResponseStreamMixin", - "CommonResponseDescriptorsMixin", - "UserAgentMixin", - "AuthorizationMixin", - "WWWAuthenticateMixin", - "CommonRequestDescriptorsMixin", - ], - "werkzeug.middleware.dispatcher": ["DispatcherMiddleware"], - "werkzeug.middleware.shared_data": ["SharedDataMiddleware"], - "werkzeug.security": ["generate_password_hash", "check_password_hash"], - # the undocumented easteregg ;-) - "werkzeug._internal": ["_easteregg"], -} - -# modules that should be imported when accessed as attributes of werkzeug -attribute_modules = frozenset(["exceptions", "routing"]) - -object_origins = {} -for module, items in all_by_module.items(): - for item in items: - object_origins[item] = module - - -class module(ModuleType): - """Automatically import objects from the modules.""" - - def __getattr__(self, name): - if name in object_origins: - module = __import__(object_origins[name], None, None, [name]) - for extra_name in all_by_module[module.__name__]: - setattr(self, extra_name, getattr(module, extra_name)) - return getattr(module, name) - elif name in attribute_modules: - __import__("werkzeug." + name) - return ModuleType.__getattribute__(self, name) +__version__ = "0.16.0.dev0" + +__all__ = ["run_simple", "Client", "Request", "Response", "__version__"] + + +class _DeprecatedImportModule(ModuleType): + """Wrap a module in order to raise """ + + def __init__(self, name, available, removed_in): + import sys + + super(_DeprecatedImportModule, self).__init__(name) # noqa F821 + self._real_module = sys.modules[name] # noqa F821 + sys.modules[name] = self + self._removed_in = removed_in + self._origin = {item: mod for mod, items in available.items() for item in items} + mod_all = getattr(self._real_module, "__all__", dir(self._real_module)) + self.__all__ = sorted(mod_all + list(self._origin)) + + def __getattr__(self, item): + # Don't export internal variables. + if item in {"_real_module", "_origin", "_removed_in"}: + raise AttributeError(item) + + if item in self._origin: + from importlib import import_module + + origin = self._origin[item] + + if origin == ".": + # No warning for the "submodule as attribute" case, it's way too messy + # and unreliable to try to distinguish 'from werkzueug import + # exceptions' and 'import werkzeug; werkzeug.exceptions'. + value = import_module(origin + item, self.__name__) + else: + from warnings import warn + + # Import the module, get the attribute, and show a warning about where + # to correctly import it from. + mod = import_module(origin, self.__name__.rsplit(".")[0]) + value = getattr(mod, item) + warn( + "The import '{name}.{item}' is deprecated and will be removed in" + " {removed_in}. Use 'from {name}{origin} import {item}'" + " instead.".format( + name=self.__name__, + item=item, + removed_in=self._removed_in, + origin=origin, + ), + DeprecationWarning, + stacklevel=2, + ) + else: + value = getattr(self._real_module, item) + + # Cache the value so it won't go through this process on subsequent accesses. + setattr(self, item, value) + return value def __dir__(self): - """Just show what we want to show.""" - result = list(new_module.__all__) - result.extend( - ( - "__file__", - "__doc__", - "__all__", - "__docformat__", - "__name__", - "__path__", - "__package__", - "__version__", - ) - ) - return result - - -# keep a reference to this module so that it's not garbage collected -old_module = sys.modules["werkzeug"] - - -# setup the new module and patch it into the dict of loaded modules -new_module = sys.modules["werkzeug"] = module("werkzeug") -new_module.__dict__.update( + return sorted(dir(self._real_module) + list(self._origin)) + + +del ModuleType + +_DeprecatedImportModule( + __name__, { - "__file__": __file__, - "__package__": "werkzeug", - "__path__": __path__, - "__doc__": __doc__, - "__version__": __version__, - "__all__": tuple(object_origins) + tuple(attribute_modules), - "__docformat__": "restructuredtext en", - } + ".": ["exceptions", "routing"], + "._internal": ["_easteregg"], + ".datastructures": [ + "Accept", + "Authorization", + "CallbackDict", + "CharsetAccept", + "CombinedMultiDict", + "EnvironHeaders", + "ETags", + "FileMultiDict", + "FileStorage", + "Headers", + "HeaderSet", + "ImmutableDict", + "ImmutableList", + "ImmutableMultiDict", + "ImmutableOrderedMultiDict", + "ImmutableTypeConversionDict", + "LanguageAccept", + "MIMEAccept", + "MultiDict", + "OrderedMultiDict", + "RequestCacheControl", + "ResponseCacheControl", + "TypeConversionDict", + "WWWAuthenticate", + ], + ".debug": ["DebuggedApplication"], + ".exceptions": ["abort", "Aborter"], + ".formparser": ["parse_form_data"], + ".http": [ + "cookie_date", + "dump_cookie", + "dump_header", + "dump_options_header", + "generate_etag", + "http_date", + "HTTP_STATUS_CODES", + "is_entity_header", + "is_hop_by_hop_header", + "is_resource_modified", + "parse_accept_header", + "parse_authorization_header", + "parse_cache_control_header", + "parse_cookie", + "parse_date", + "parse_dict_header", + "parse_etags", + "parse_list_header", + "parse_options_header", + "parse_set_header", + "parse_www_authenticate_header", + "quote_etag", + "quote_header_value", + "remove_entity_headers", + "remove_hop_by_hop_headers", + "unquote_etag", + "unquote_header_value", + ], + ".local": [ + "Local", + "LocalManager", + "LocalProxy", + "LocalStack", + "release_local", + ], + ".middleware.dispatcher": ["DispatcherMiddleware"], + ".middleware.shared_data": ["SharedDataMiddleware"], + ".security": ["check_password_hash", "generate_password_hash"], + ".test": ["create_environ", "EnvironBuilder", "run_wsgi_app"], + ".testapp": ["test_app"], + ".urls": [ + "Href", + "iri_to_uri", + "uri_to_iri", + "url_decode", + "url_encode", + "url_fix", + "url_quote", + "url_quote_plus", + "url_unquote", + "url_unquote_plus", + ], + ".useragents": ["UserAgent"], + ".utils": [ + "append_slash_redirect", + "ArgumentValidationError", + "bind_arguments", + "cached_property", + "environ_property", + "escape", + "find_modules", + "format_string", + "header_property", + "html", + "HTMLBuilder", + "import_string", + "redirect", + "secure_filename", + "unescape", + "validate_arguments", + "xhtml", + ], + ".wrappers.accept": ["AcceptMixin"], + ".wrappers.auth": ["AuthorizationMixin", "WWWAuthenticateMixin"], + ".wrappers.base_request": ["BaseRequest"], + ".wrappers.base_response": ["BaseResponse"], + ".wrappers.common_descriptors": [ + "CommonRequestDescriptorsMixin", + "CommonResponseDescriptorsMixin", + ], + ".wrappers.etag": ["ETagRequestMixin", "ETagResponseMixin"], + ".wrappers.response": ["ResponseStreamMixin"], + ".wrappers.user_agent": ["UserAgentMixin"], + ".wsgi": [ + "ClosingIterator", + "extract_path_info", + "FileWrapper", + "get_current_url", + "get_host", + "LimitedStream", + "make_line_iter", + "peek_path_info", + "pop_path_info", + "responder", + "wrap_file", + ], + }, + "Werkzeug 1.0", ) - -# Due to bootstrapping issues we need to import exceptions here. -# Don't ask :-( -__import__("werkzeug.exceptions") +from .serving import run_simple +from .test import Client +from .wrappers import Request +from .wrappers import Response diff --git a/src/werkzeug/contrib/sessions.py b/src/werkzeug/contrib/sessions.py index 866e827c1..53567a1cc 100644 --- a/src/werkzeug/contrib/sessions.py +++ b/src/werkzeug/contrib/sessions.py @@ -67,9 +67,9 @@ def application(environ, start_response): from .._compat import text_type from ..datastructures import CallbackDict from ..filesystem import get_filesystem_encoding +from ..http import dump_cookie +from ..http import parse_cookie from ..posixemulation import rename -from ..utils import dump_cookie -from ..utils import parse_cookie from ..wsgi import ClosingIterator warnings.warn( diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 9643db96c..0b8097def 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -14,6 +14,7 @@ from copy import deepcopy from itertools import repeat +from . import exceptions from ._compat import BytesIO from ._compat import collections_abc from ._compat import integer_types @@ -2839,7 +2840,6 @@ def __repr__(self): # circular dependencies -from . import exceptions from .http import dump_header from .http import dump_options_header from .http import generate_etag diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index bfd20dc1d..a7295ca7c 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -59,18 +59,12 @@ def application(environ, start_response): """ import sys -import werkzeug - -# Because of bootstrapping reasons we need to manually patch ourselves -# onto our parent module. -werkzeug.exceptions = sys.modules[__name__] - from ._compat import implements_to_string from ._compat import integer_types from ._compat import iteritems from ._compat import text_type from ._internal import _get_environ -from .wrappers import Response +from .utils import escape @implements_to_string @@ -141,6 +135,8 @@ def description(self, value): @property def name(self): """The status name.""" + from .http import HTTP_STATUS_CODES + return HTTP_STATUS_CODES.get(self.code, "Unknown Error") def get_description(self, environ=None): @@ -176,6 +172,8 @@ def get_response(self, environ=None): on how the request looked like. :return: a :class:`Response` object or a subclass thereof. """ + from .wrappers.response import Response + if self.response is not None: return self.response if environ is not None: @@ -776,11 +774,6 @@ def abort(status, *args, **kwargs): _aborter = Aborter() - #: An exception that is used to signal both a :exc:`KeyError` and a #: :exc:`BadRequest`. Used by many of the datastructures. BadRequestKeyError = BadRequest.wrap(KeyError) - -# imported here because of circular dependencies of werkzeug.utils -from .http import HTTP_STATUS_CODES -from .utils import escape diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py index 0ddc5c8ff..ffdb9b0f1 100644 --- a/src/werkzeug/formparser.py +++ b/src/werkzeug/formparser.py @@ -16,6 +16,7 @@ from itertools import repeat from itertools import tee +from . import exceptions from ._compat import BytesIO from ._compat import text_type from ._compat import to_native @@ -581,6 +582,3 @@ def parse(self, file, boundary, content_length): form = (p[1] for p in formstream if p[0] == "form") files = (p[1] for p in filestream if p[0] == "file") return self.cls(form), self.cls(files) - - -from . import exceptions diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index af3200750..686824c12 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -1144,6 +1144,8 @@ def dump_cookie( value = to_bytes(value, charset) if path is not None: + from .urls import iri_to_uri + path = iri_to_uri(path, charset) domain = _make_cookie_domain(domain) if isinstance(max_age, timedelta): @@ -1235,7 +1237,7 @@ def is_byte_range_valid(start, stop, length): return 0 <= start < length -# circular dependency fun +# circular dependencies from .datastructures import Accept from .datastructures import Authorization from .datastructures import ContentRange @@ -1246,58 +1248,12 @@ def is_byte_range_valid(start, stop, length): from .datastructures import RequestCacheControl from .datastructures import TypeConversionDict from .datastructures import WWWAuthenticate -from .urls import iri_to_uri - -# DEPRECATED -from .datastructures import CharsetAccept as _CharsetAccept -from .datastructures import Headers as _Headers -from .datastructures import LanguageAccept as _LanguageAccept -from .datastructures import MIMEAccept as _MIMEAccept - -class MIMEAccept(_MIMEAccept): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.http.MIMEAccept' has moved to 'werkzeug" - ".datastructures.MIMEAccept' as of version 0.5. This old" - " import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(MIMEAccept, self).__init__(*args, **kwargs) - - -class CharsetAccept(_CharsetAccept): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.http.CharsetAccept' has moved to 'werkzeug" - ".datastructures.CharsetAccept' as of version 0.5. This old" - " import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(CharsetAccept, self).__init__(*args, **kwargs) +from werkzeug import _DeprecatedImportModule - -class LanguageAccept(_LanguageAccept): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.http.LanguageAccept' has moved to 'werkzeug" - ".datastructures.LanguageAccept' as of version 0.5. This" - " old import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(LanguageAccept, self).__init__(*args, **kwargs) - - -class Headers(_Headers): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.http.Headers' has moved to 'werkzeug" - ".datastructures.Headers' as of version 0.5. This old" - " import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(Headers, self).__init__(*args, **kwargs) +_DeprecatedImportModule( + __name__, + {".datastructures": ["CharsetAccept", "Headers", "LanguageAccept", "MIMEAccept"]}, + "Werkzeug 1.0", +) +del _DeprecatedImportModule diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index ff9f8805f..d817120f2 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -41,7 +41,6 @@ import socket import sys -import werkzeug from ._compat import PY2 from ._compat import reraise from ._compat import WIN @@ -174,7 +173,9 @@ class WSGIRequestHandler(BaseHTTPRequestHandler, object): @property def server_version(self): - return "Werkzeug/" + werkzeug.__version__ + from . import __version__ + + return "Werkzeug/" + __version__ def make_environ(self): request_url = url_parse(self.path) diff --git a/src/werkzeug/testapp.py b/src/werkzeug/testapp.py index 8ea23bee1..5ea854904 100644 --- a/src/werkzeug/testapp.py +++ b/src/werkzeug/testapp.py @@ -14,7 +14,7 @@ import sys from textwrap import wrap -import werkzeug +from . import __version__ as _werkzeug_version from .utils import escape from .wrappers import BaseRequest as Request from .wrappers import BaseResponse as Response @@ -205,7 +205,7 @@ def render_testapp(req): "os": escape(os.name), "api_version": sys.api_version, "byteorder": sys.byteorder, - "werkzeug_version": werkzeug.__version__, + "werkzeug_version": _werkzeug_version, "python_eggs": "\n".join(python_eggs), "wsgi_env": "\n".join(wsgi_env), "sys_path": "\n".join(sys_path), diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py index 38e9e5adf..566017d7f 100644 --- a/src/werkzeug/urls.py +++ b/src/werkzeug/urls.py @@ -31,8 +31,6 @@ from ._compat import try_coerce_native from ._internal import _decode_idna from ._internal import _encode_idna -from .datastructures import iter_multi_items -from .datastructures import MultiDict # A regular expression for what a valid schema looks like _scheme_re = re.compile(r"^[a-zA-Z0-9+-.]+$") @@ -415,6 +413,8 @@ def _unquote_to_bytes(string, unsafe=""): def _url_encode_impl(obj, charset, encode_keys, sort, key): + from .datastructures import iter_multi_items + iterable = iter_multi_items(obj) if sort: iterable = sorted(iterable, key=key) @@ -825,6 +825,8 @@ def url_decode( or `None` the default :class:`MultiDict` is used. """ if cls is None: + from .datastructures import MultiDict + cls = MultiDict if isinstance(s, text_type) and not isinstance(separator, text_type): separator = separator.decode(charset or "ascii") @@ -884,6 +886,8 @@ def url_decode_stream( return decoder if cls is None: + from .datastructures import MultiDict + cls = MultiDict return cls(decoder) diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py index e265e0939..8fce41538 100644 --- a/src/werkzeug/useragents.py +++ b/src/werkzeug/useragents.py @@ -12,7 +12,6 @@ :license: BSD-3-Clause """ import re -import warnings class UserAgentParser(object): @@ -203,18 +202,9 @@ def __repr__(self): return "<%s %r/%s>" % (self.__class__.__name__, self.browser, self.version) -# DEPRECATED -from .wrappers import UserAgentMixin as _UserAgentMixin +from werkzeug import _DeprecatedImportModule - -class UserAgentMixin(_UserAgentMixin): - @property - def user_agent(self, *args, **kwargs): - warnings.warn( - "'werkzeug.useragents.UserAgentMixin' should be imported" - " from 'werkzeug.wrappers.UserAgentMixin'. This old import" - " will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - return super(_UserAgentMixin, self).user_agent +_DeprecatedImportModule( + __name__, {".wrappers.user_agent": ["UserAgentMixin"]}, "Werkzeug 1.0" +) +del _DeprecatedImportModule diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index 20620572c..477164e30 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -15,7 +15,6 @@ import pkgutil import re import sys -import warnings from ._compat import iteritems from ._compat import PY2 @@ -757,80 +756,19 @@ def __repr__(self): ) -# DEPRECATED -from .datastructures import CombinedMultiDict as _CombinedMultiDict -from .datastructures import EnvironHeaders as _EnvironHeaders -from .datastructures import Headers as _Headers -from .datastructures import MultiDict as _MultiDict -from .http import dump_cookie as _dump_cookie -from .http import parse_cookie as _parse_cookie - - -class MultiDict(_MultiDict): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.utils.MultiDict' has moved to 'werkzeug" - ".datastructures.MultiDict' as of version 0.5. This old" - " import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(MultiDict, self).__init__(*args, **kwargs) - - -class CombinedMultiDict(_CombinedMultiDict): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.utils.CombinedMultiDict' has moved to 'werkzeug" - ".datastructures.CombinedMultiDict' as of version 0.5. This" - " old import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(CombinedMultiDict, self).__init__(*args, **kwargs) - - -class Headers(_Headers): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.utils.Headers' has moved to 'werkzeug" - ".datastructures.Headers' as of version 0.5. This old" - " import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(Headers, self).__init__(*args, **kwargs) - - -class EnvironHeaders(_EnvironHeaders): - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.utils.EnvironHeaders' has moved to 'werkzeug" - ".datastructures.EnvironHeaders' as of version 0.5. This" - " old import will be removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(EnvironHeaders, self).__init__(*args, **kwargs) - - -def parse_cookie(*args, **kwargs): - warnings.warn( - "'werkzeug.utils.parse_cookie' as moved to 'werkzeug.http" - ".parse_cookie' as of version 0.5. This old import will be" - " removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - return _parse_cookie(*args, **kwargs) - - -def dump_cookie(*args, **kwargs): - warnings.warn( - "'werkzeug.utils.dump_cookie' as moved to 'werkzeug.http" - ".dump_cookie' as of version 0.5. This old import will be" - " removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - return _dump_cookie(*args, **kwargs) +from werkzeug import _DeprecatedImportModule + +_DeprecatedImportModule( + __name__, + { + ".datastructures": [ + "CombinedMultiDict", + "EnvironHeaders", + "Headers", + "MultiDict", + ], + ".http": ["dump_cookie", "parse_cookie"], + }, + "Werkzeug 1.0", +) +del _DeprecatedImportModule diff --git a/src/werkzeug/wrappers/user_agent.py b/src/werkzeug/wrappers/user_agent.py index 72588dd94..a32d8acd2 100644 --- a/src/werkzeug/wrappers/user_agent.py +++ b/src/werkzeug/wrappers/user_agent.py @@ -1,3 +1,4 @@ +from ..useragents import UserAgent from ..utils import cached_property @@ -10,6 +11,4 @@ class UserAgentMixin(object): @cached_property def user_agent(self): """The current user agent.""" - from ..useragents import UserAgent - return UserAgent(self.environ) diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py index f069f2d86..741195547 100644 --- a/src/werkzeug/wsgi.py +++ b/src/werkzeug/wsgi.py @@ -10,7 +10,6 @@ """ import io import re -import warnings from functools import partial from functools import update_wrapper from itertools import chain @@ -1001,67 +1000,14 @@ def readable(self): return True -# DEPRECATED -from .middleware.dispatcher import DispatcherMiddleware as _DispatcherMiddleware -from .middleware.http_proxy import ProxyMiddleware as _ProxyMiddleware -from .middleware.shared_data import SharedDataMiddleware as _SharedDataMiddleware +from werkzeug import _DeprecatedImportModule - -class ProxyMiddleware(_ProxyMiddleware): - """ - .. deprecated:: 0.15 - ``werkzeug.wsgi.ProxyMiddleware`` has moved to - :mod:`werkzeug.middleware.http_proxy`. This import will be - removed in 1.0. - """ - - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.wsgi.ProxyMiddleware' has moved to 'werkzeug" - ".middleware.http_proxy.ProxyMiddleware'. This import is" - " deprecated as of version 0.15 and will be removed in" - " version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(ProxyMiddleware, self).__init__(*args, **kwargs) - - -class SharedDataMiddleware(_SharedDataMiddleware): - """ - .. deprecated:: 0.15 - ``werkzeug.wsgi.SharedDataMiddleware`` has moved to - :mod:`werkzeug.middleware.shared_data`. This import will be - removed in 1.0. - """ - - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.wsgi.SharedDataMiddleware' has moved to" - " 'werkzeug.middleware.shared_data.SharedDataMiddleware'." - " This import is deprecated as of version 0.15 and will be" - " removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(SharedDataMiddleware, self).__init__(*args, **kwargs) - - -class DispatcherMiddleware(_DispatcherMiddleware): - """ - .. deprecated:: 0.15 - ``werkzeug.wsgi.DispatcherMiddleware`` has moved to - :mod:`werkzeug.middleware.dispatcher`. This import will be - removed in 1.0. - """ - - def __init__(self, *args, **kwargs): - warnings.warn( - "'werkzeug.wsgi.DispatcherMiddleware' has moved to" - " 'werkzeug.middleware.dispatcher.DispatcherMiddleware'." - " This import is deprecated as of version 0.15 and will be" - " removed in version 1.0.", - DeprecationWarning, - stacklevel=2, - ) - super(DispatcherMiddleware, self).__init__(*args, **kwargs) +_DeprecatedImportModule( + __name__, + { + ".middleware.dispatcher": ["DispatcherMiddleware"], + ".middleware.http_proxy": ["ProxyMiddleware"], + ".middleware.shared_data": ["SharedDataMiddleware"], + }, + "Werkzeug 1.0", +) diff --git a/tests/contrib/test_securecookie.py b/tests/contrib/test_securecookie.py index 7231ac889..cea072c2e 100644 --- a/tests/contrib/test_securecookie.py +++ b/tests/contrib/test_securecookie.py @@ -14,7 +14,7 @@ from werkzeug._compat import to_native from werkzeug.contrib.securecookie import SecureCookie -from werkzeug.utils import parse_cookie +from werkzeug.http import parse_cookie from werkzeug.wrappers import Request from werkzeug.wrappers import Response diff --git a/tests/test_compat.py b/tests/test_compat.py deleted file mode 100644 index 98851ba28..000000000 --- a/tests/test_compat.py +++ /dev/null @@ -1,40 +0,0 @@ -# -*- coding: utf-8 -*- -# flake8: noqa -""" - tests.compat - ~~~~~~~~~~~~ - - Ensure that old stuff does not break on update. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -from werkzeug.test import create_environ -from werkzeug.wrappers import Response - - -def test_old_imports(): - from werkzeug.utils import ( - Headers, - MultiDict, - CombinedMultiDict, - Headers, - EnvironHeaders, - ) - from werkzeug.http import ( - Accept, - MIMEAccept, - CharsetAccept, - LanguageAccept, - ETags, - HeaderSet, - WWWAuthenticate, - Authorization, - ) - - -def test_exposed_werkzeug_mod(): - import werkzeug - - for key in werkzeug.__all__: - getattr(werkzeug, key) From 73590e813b2312c50949e8baa50ee6e040945eb1 Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 17 Sep 2019 11:07:13 -0700 Subject: [PATCH 073/733] fix changelog formatting --- CHANGES.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index f0ad588af..b3b177f50 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -10,7 +10,7 @@ Unreleased removed in version 1.0. For example, instead of ``import werkzeug; werkzeug.url_quote``, do - ``from werkzeug.urls import url_quote. A deprecation warning will + ``from werkzeug.urls import url_quote``. A deprecation warning will show the correct import to use. ``werkzeug.exceptions`` and ``werkzeug.routing`` should also be imported instead of accessed, but for technical reasons can't show a warning. From d50618e3651ad5d4d3118e903a040b733c4d0233 Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 17 Sep 2019 12:16:57 -0700 Subject: [PATCH 074/733] remove deprecated top-level imports --- CHANGES.rst | 4 +- docs/index.rst | 1 - docs/transition.rst | 55 ------- src/werkzeug/__init__.py | 205 +----------------------- werkzeug-import-rewrite.py | 310 ------------------------------------- 5 files changed, 4 insertions(+), 571 deletions(-) delete mode 100644 docs/transition.rst delete mode 100644 werkzeug-import-rewrite.py diff --git a/CHANGES.rst b/CHANGES.rst index 92260f3f5..a58fd226b 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -11,8 +11,8 @@ Unreleased - Remove most top-level attributes provided by the ``werkzeug`` module in favor of direct imports. For example, instead of ``import werkzeug; werkzeug.url_quote``, do - ``from werkzeug.urls import url_quote. Install version 0.16 first to - see deprecation warnings while upgrading. :issue:`2`, :pr:`1640` + ``from werkzeug.urls import url_quote``. Install version 0.16 first + to see deprecation warnings while upgrading. :issue:`2`, :pr:`1640` - Added ``utils.invalidate_cached_property()`` to invalidate cached properties. (:pr:`1474`) - Directive keys for the ``Set-Cookie`` response header are not diff --git a/docs/index.rst b/docs/index.rst index cb16d6670..f1ad4613d 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -22,7 +22,6 @@ Getting Started :maxdepth: 2 installation - transition tutorial levels quickstart diff --git a/docs/transition.rst b/docs/transition.rst deleted file mode 100644 index 25a23e9af..000000000 --- a/docs/transition.rst +++ /dev/null @@ -1,55 +0,0 @@ -Transition to Werkzeug 1.0 -========================== - -Werkzeug originally had a magical import system hook that enabled -everything to be imported from one module and still loading the actual -implementations lazily as necessary. Unfortunately this turned out to be -slow and also unreliable on alternative Python implementations and -Google's App Engine. - -Starting with 0.7 we recommend against the short imports and strongly -encourage starting importing from the actual implementation module. -Werkzeug 1.0 will disable the magical import hook completely. - -Because finding out where the actual functions are imported and rewriting -them by hand is a painful and boring process we wrote a tool that aids in -making this transition. - -Automatically Rewriting Imports -------------------------------- - -For instance, with Werkzeug < 0.7 the recommended way to use the escape function -was this:: - - from werkzeug import escape - -With Werkzeug 0.7, the recommended way to import this function is -directly from the utils module (and with 1.0 this will become mandatory). -To automatically rewrite all imports one can use the -`werkzeug-import-rewrite `_ script. - -You can use it by executing it with Python and with a list of folders with -Werkzeug based code. It will then spit out a hg/git compatible patch -file. Example patch file creation:: - - $ python werkzeug-import-rewrite.py . > new-imports.udiff - -To apply the patch one of the following methods work: - -hg: - - :: - - hg import new-imports.udiff - -git: - - :: - - git apply new-imports.udiff - -patch: - - :: - - patch -p1 < new-imports.udiff diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index 49907e93c..6a7f50fbc 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -12,210 +12,9 @@ :copyright: 2007 Pallets :license: BSD-3-Clause """ -from types import ModuleType - -__version__ = "0.16.0.dev0" - -__all__ = ["run_simple", "Client", "Request", "Response", "__version__"] - - -class _DeprecatedImportModule(ModuleType): - """Wrap a module in order to raise """ - - def __init__(self, name, available, removed_in): - import sys - - super(_DeprecatedImportModule, self).__init__(name) # noqa F821 - self._real_module = sys.modules[name] # noqa F821 - sys.modules[name] = self - self._removed_in = removed_in - self._origin = {item: mod for mod, items in available.items() for item in items} - mod_all = getattr(self._real_module, "__all__", dir(self._real_module)) - self.__all__ = sorted(mod_all + list(self._origin)) - - def __getattr__(self, item): - # Don't export internal variables. - if item in {"_real_module", "_origin", "_removed_in"}: - raise AttributeError(item) - - if item in self._origin: - from importlib import import_module - - origin = self._origin[item] - - if origin == ".": - # No warning for the "submodule as attribute" case, it's way too messy - # and unreliable to try to distinguish 'from werkzueug import - # exceptions' and 'import werkzeug; werkzeug.exceptions'. - value = import_module(origin + item, self.__name__) - else: - from warnings import warn - - # Import the module, get the attribute, and show a warning about where - # to correctly import it from. - mod = import_module(origin, self.__name__.rsplit(".")[0]) - value = getattr(mod, item) - warn( - "The import '{name}.{item}' is deprecated and will be removed in" - " {removed_in}. Use 'from {name}{origin} import {item}'" - " instead.".format( - name=self.__name__, - item=item, - removed_in=self._removed_in, - origin=origin, - ), - DeprecationWarning, - stacklevel=2, - ) - else: - value = getattr(self._real_module, item) - - # Cache the value so it won't go through this process on subsequent accesses. - setattr(self, item, value) - return value - - def __dir__(self): - return sorted(dir(self._real_module) + list(self._origin)) - - -del ModuleType - -_DeprecatedImportModule( - __name__, - { - ".": ["exceptions", "routing"], - "._internal": ["_easteregg"], - ".datastructures": [ - "Accept", - "Authorization", - "CallbackDict", - "CharsetAccept", - "CombinedMultiDict", - "EnvironHeaders", - "ETags", - "FileMultiDict", - "FileStorage", - "Headers", - "HeaderSet", - "ImmutableDict", - "ImmutableList", - "ImmutableMultiDict", - "ImmutableOrderedMultiDict", - "ImmutableTypeConversionDict", - "LanguageAccept", - "MIMEAccept", - "MultiDict", - "OrderedMultiDict", - "RequestCacheControl", - "ResponseCacheControl", - "TypeConversionDict", - "WWWAuthenticate", - ], - ".debug": ["DebuggedApplication"], - ".exceptions": ["abort", "Aborter"], - ".formparser": ["parse_form_data"], - ".http": [ - "cookie_date", - "dump_cookie", - "dump_header", - "dump_options_header", - "generate_etag", - "http_date", - "HTTP_STATUS_CODES", - "is_entity_header", - "is_hop_by_hop_header", - "is_resource_modified", - "parse_accept_header", - "parse_authorization_header", - "parse_cache_control_header", - "parse_cookie", - "parse_date", - "parse_dict_header", - "parse_etags", - "parse_list_header", - "parse_options_header", - "parse_set_header", - "parse_www_authenticate_header", - "quote_etag", - "quote_header_value", - "remove_entity_headers", - "remove_hop_by_hop_headers", - "unquote_etag", - "unquote_header_value", - ], - ".local": [ - "Local", - "LocalManager", - "LocalProxy", - "LocalStack", - "release_local", - ], - ".middleware.dispatcher": ["DispatcherMiddleware"], - ".middleware.shared_data": ["SharedDataMiddleware"], - ".security": ["check_password_hash", "generate_password_hash"], - ".test": ["create_environ", "EnvironBuilder", "run_wsgi_app"], - ".testapp": ["test_app"], - ".urls": [ - "Href", - "iri_to_uri", - "uri_to_iri", - "url_decode", - "url_encode", - "url_fix", - "url_quote", - "url_quote_plus", - "url_unquote", - "url_unquote_plus", - ], - ".useragents": ["UserAgent"], - ".utils": [ - "append_slash_redirect", - "ArgumentValidationError", - "bind_arguments", - "cached_property", - "environ_property", - "escape", - "find_modules", - "format_string", - "header_property", - "html", - "HTMLBuilder", - "import_string", - "redirect", - "secure_filename", - "unescape", - "validate_arguments", - "xhtml", - ], - ".wrappers.accept": ["AcceptMixin"], - ".wrappers.auth": ["AuthorizationMixin", "WWWAuthenticateMixin"], - ".wrappers.base_request": ["BaseRequest"], - ".wrappers.base_response": ["BaseResponse"], - ".wrappers.common_descriptors": [ - "CommonRequestDescriptorsMixin", - "CommonResponseDescriptorsMixin", - ], - ".wrappers.etag": ["ETagRequestMixin", "ETagResponseMixin"], - ".wrappers.response": ["ResponseStreamMixin"], - ".wrappers.user_agent": ["UserAgentMixin"], - ".wsgi": [ - "ClosingIterator", - "extract_path_info", - "FileWrapper", - "get_current_url", - "get_host", - "LimitedStream", - "make_line_iter", - "peek_path_info", - "pop_path_info", - "responder", - "wrap_file", - ], - }, - "Werkzeug 1.0", -) - from .serving import run_simple from .test import Client from .wrappers import Request from .wrappers import Response + +__version__ = "1.0.0.dev0" diff --git a/werkzeug-import-rewrite.py b/werkzeug-import-rewrite.py deleted file mode 100644 index 81af6a55a..000000000 --- a/werkzeug-import-rewrite.py +++ /dev/null @@ -1,310 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- -""" - Werkzeug Import Rewriter - ~~~~~~~~~~~~~~~~~~~~~~~~ - - Changes the deprecated werkzeug imports to the full canonical imports. - This is a terrible hack, don't trust the diff untested. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -import difflib -import os -import posixpath -import re -import sys - - -_from_import_re = re.compile(r"(\s*(>>>|\.\.\.)?\s*)from werkzeug import\s+") -_direct_usage = re.compile(r"(? 79: - yield prefix + ", ".join(item_buffer[:-1]) + ", \\" - item_buffer = [item_buffer[-1]] - # doctest continuations - indentation = indentation.replace(">", ".") - prefix = indentation + " " - yield prefix + ", ".join(item_buffer) - - -def inject_imports(lines, imports): - pos = 0 - for idx, line in enumerate(lines): - if re.match(r"(from|import)\s+werkzeug", line): - pos = idx - break - lines[pos:pos] = [ - "from %s import %s" % (mod, ", ".join(sorted(attrs))) - for mod, attrs in sorted(imports.items()) - ] - - -def rewrite_file(filename): - with open(filename) as f: - old_file = f.read().splitlines() - - new_file = [] - deferred_imports = {} - lineiter = iter(old_file) - for line in lineiter: - # rewrite from imports - match = _from_import_re.search(line) - if match is not None: - fromlist = line[match.end() :] - new_file.extend(rewrite_from_imports(fromlist, match.group(1), lineiter)) - continue - - def _handle_match(match): - # rewrite attribute access to 'werkzeug' - attr = match.group(2) - mod = find_module(attr) - if mod == "werkzeug": - return match.group(0) - deferred_imports.setdefault(mod, []).append(attr) - return attr - - new_file.append(_direct_usage.sub(_handle_match, line)) - if deferred_imports: - inject_imports(new_file, deferred_imports) - - for line in difflib.unified_diff( - old_file, - new_file, - posixpath.normpath(posixpath.join("a", filename)), - posixpath.normpath(posixpath.join("b", filename)), - lineterm="", - ): - print(line) - - -def rewrite_in_folders(folders): - for folder in folders: - for dirpath, _dirnames, filenames in os.walk(folder): - for filename in filenames: - filename = os.path.join(dirpath, filename) - if filename.endswith((".rst", ".py")): - rewrite_file(filename) - - -def main(): - if len(sys.argv) == 1: - print("usage: werkzeug-import-rewrite.py [folders]") - sys.exit(1) - rewrite_in_folders(sys.argv[1:]) - - -if __name__ == "__main__": - main() From 1aba7408bbb1118ba86013f3e16585dbd3e56ede Mon Sep 17 00:00:00 2001 From: David Lord Date: Thu, 19 Sep 2019 07:49:17 -0700 Subject: [PATCH 075/733] release version 0.16.0 --- CHANGES.rst | 2 +- src/werkzeug/__init__.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index b3b177f50..5586909d5 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -3,7 +3,7 @@ Version 0.16.0 -------------- -Unreleased +Released 2019-09-19 - Deprecate most top-level attributes provided by the ``werkzeug`` module in favor of direct imports. The deprecated imports will be diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index 49907e93c..d53bb3910 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -14,7 +14,7 @@ """ from types import ModuleType -__version__ = "0.16.0.dev0" +__version__ = "0.16.0" __all__ = ["run_simple", "Client", "Request", "Response", "__version__"] From 38ec32dfb1fd44e6b51b778e619b67106dbdec93 Mon Sep 17 00:00:00 2001 From: David Lord Date: Fri, 20 Sep 2019 10:08:37 -0700 Subject: [PATCH 076/733] package directory access returns 404 --- CHANGES.rst | 4 ++ src/werkzeug/middleware/shared_data.py | 66 +++++++++++++++++++------- tests/middleware/test_shared_data.py | 7 +-- 3 files changed, 58 insertions(+), 19 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index b7cead45f..0f9742801 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -57,6 +57,10 @@ Unreleased :pr:`1469` - ``is_resource_modified`` will run for methods other than ``GET`` and ``HEAD``, rather than always returning ``False``. :issue:`409` +- ``SharedDataMiddleware`` returns 404 rather than 500 when trying to + access a directory instead of a file with the package loader. The + dependency on setuptools and pkg_resources is removed. + :issue:`1599`, :pr:`1647` - Optional request log highlighting with the development server is handled by Click instead of termcolor. :issue:`1235` - Optional ad-hoc TLS support for the development server is handled diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py index 088504a92..5c000c978 100644 --- a/src/werkzeug/middleware/shared_data.py +++ b/src/werkzeug/middleware/shared_data.py @@ -10,6 +10,7 @@ """ import mimetypes import os +import pkgutil import posixpath from datetime import datetime from io import BytesIO @@ -139,32 +140,65 @@ def get_file_loader(self, filename): return lambda x: (os.path.basename(filename), self._opener(filename)) def get_package_loader(self, package, package_path): - from pkg_resources import DefaultProvider, ResourceManager, get_provider - loadtime = datetime.utcnow() - provider = get_provider(package) - manager = ResourceManager() - filesystem_bound = isinstance(provider, DefaultProvider) + provider = pkgutil.get_loader(package) - def loader(path): - if path is None: - return None, None + if hasattr(provider, "get_resource_reader"): + # Python 3 + reader = provider.get_resource_reader(package) + + def loader(path): + if path is None: + return None, None - path = safe_join(package_path, path) + path = safe_join(package_path, path) + basename = posixpath.basename(path) - if not provider.has_resource(path): - return None, None + try: + resource = reader.open_resource(path) + except IOError: + return None, None - basename = posixpath.basename(path) + if isinstance(resource, BytesIO): + return ( + basename, + lambda: (resource, loadtime, len(resource.getvalue())), + ) - if filesystem_bound: return ( basename, - self._opener(provider.get_resource_filename(manager, path)), + lambda: ( + resource, + datetime.utcfromtimestamp(os.path.getmtime(resource.name)), + os.path.getsize(resource.name), + ), ) - s = provider.get_resource_string(manager, path) - return basename, lambda: (BytesIO(s), loadtime, len(s)) + else: + # Python 2 + package_filename = provider.get_filename(package) + is_filesystem = os.path.exists(package_filename) + root = os.path.join(os.path.dirname(package_filename), package_path) + + def loader(path): + if path is None: + return None, None + + path = safe_join(root, path) + basename = posixpath.basename(path) + + if is_filesystem: + if not os.path.isfile(path): + return None, None + + return basename, self._opener(path) + + try: + data = provider.get_data(path) + except IOError: + return None, None + + return basename, lambda: (BytesIO(data), loadtime, len(data)) return loader diff --git a/tests/middleware/test_shared_data.py b/tests/middleware/test_shared_data.py index 20bd88cb5..fb685f77c 100644 --- a/tests/middleware/test_shared_data.py +++ b/tests/middleware/test_shared_data.py @@ -61,6 +61,7 @@ def null_application(environ, start_response): assert b"$(function() {" in contents - app_iter, status, headers = run_wsgi_app(app, create_environ("/missing")) - assert status == "404 NOT FOUND" - assert b"".join(app_iter).strip() == b"NOT FOUND" + for path in ("/missing", "/pkg", "/pkg/", "/pkg/missing.txt"): + app_iter, status, headers = run_wsgi_app(app, create_environ(path)) + assert status == "404 NOT FOUND" + assert b"".join(app_iter).strip() == b"NOT FOUND" From 3f035da76555d0fa54ec320bb4ad9087011ef764 Mon Sep 17 00:00:00 2001 From: David Lord Date: Fri, 20 Sep 2019 11:49:43 -0700 Subject: [PATCH 077/733] support Cache-Control: immutable --- CHANGES.rst | 5 ++++- src/werkzeug/datastructures.py | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 0f9742801..2f79596ea 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -60,7 +60,10 @@ Unreleased - ``SharedDataMiddleware`` returns 404 rather than 500 when trying to access a directory instead of a file with the package loader. The dependency on setuptools and pkg_resources is removed. - :issue:`1599`, :pr:`1647` + :issue:`1599` +- Add a ``response.cache_control.immutable`` flag. Keep in mind that + browser support for this ``Cache-Control`` header option is still + experimental and may not be implemented. :issue:`1185` - Optional request log highlighting with the development server is handled by Click instead of termcolor. :issue:`1235` - Optional ad-hoc TLS support for the development server is handled diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 2286f8dd4..e3231b081 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -2050,7 +2050,6 @@ class RequestCacheControl(ImmutableDictMixin, _CacheControl): max_stale = cache_property("max-stale", "*", int) min_fresh = cache_property("min-fresh", "*", int) - no_transform = cache_property("no-transform", None, None) only_if_cached = cache_property("only-if-cached", None, bool) @@ -2074,6 +2073,7 @@ class ResponseCacheControl(_CacheControl): must_revalidate = cache_property("must-revalidate", None, bool) proxy_revalidate = cache_property("proxy-revalidate", None, bool) s_maxage = cache_property("s-maxage", None, None) + immutable = cache_property("immutable", None, bool) # attach cache_property to the _CacheControl as staticmethod From b403bbb9a296a4057d72c560b58ae9774b5f4106 Mon Sep 17 00:00:00 2001 From: syndrowm Date: Fri, 15 Nov 2019 22:57:50 -0700 Subject: [PATCH 078/733] adhoc cert support macos 10.15 requirements --- src/werkzeug/serving.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index eac541b60..8b6093672 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -520,6 +520,10 @@ def generate_adhoc_ssl_pair(cn=None): .serial_number(x509.random_serial_number()) .not_valid_before(dt.utcnow()) .not_valid_after(dt.utcnow() + timedelta(days=365)) + .add_extension( + x509.ExtendedKeyUsage([x509.OID_SERVER_AUTH]), critical=False) + .add_extension( + x509.SubjectAlternativeName([x509.DNSName(u'*')]), critical=False) .sign(pkey, hashes.SHA256(), default_backend()) ) return cert, pkey From eddf90148802ed1b357f18d5b9201108f32f60e5 Mon Sep 17 00:00:00 2001 From: syndrowm Date: Fri, 15 Nov 2019 23:11:58 -0700 Subject: [PATCH 079/733] sytle --- src/werkzeug/serving.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index 8b6093672..acb71d461 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -520,10 +520,10 @@ def generate_adhoc_ssl_pair(cn=None): .serial_number(x509.random_serial_number()) .not_valid_before(dt.utcnow()) .not_valid_after(dt.utcnow() + timedelta(days=365)) + .add_extension(x509.ExtendedKeyUsage([x509.OID_SERVER_AUTH]), critical=False) .add_extension( - x509.ExtendedKeyUsage([x509.OID_SERVER_AUTH]), critical=False) - .add_extension( - x509.SubjectAlternativeName([x509.DNSName(u'*')]), critical=False) + x509.SubjectAlternativeName([x509.DNSName(u'*')]), critical=False + ) .sign(pkey, hashes.SHA256(), default_backend()) ) return cert, pkey From 5ff85a816ba94927ce768c0802c9e6e408cf8cf3 Mon Sep 17 00:00:00 2001 From: syndrowm Date: Fri, 15 Nov 2019 23:17:27 -0700 Subject: [PATCH 080/733] sytle --- src/werkzeug/serving.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index acb71d461..8494c5efd 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -522,7 +522,7 @@ def generate_adhoc_ssl_pair(cn=None): .not_valid_after(dt.utcnow() + timedelta(days=365)) .add_extension(x509.ExtendedKeyUsage([x509.OID_SERVER_AUTH]), critical=False) .add_extension( - x509.SubjectAlternativeName([x509.DNSName(u'*')]), critical=False + x509.SubjectAlternativeName([x509.DNSName(u"*")]), critical=False ) .sign(pkey, hashes.SHA256(), default_backend()) ) From 7dcd28e1d96264dfee6439ce07f2c5cb013d720c Mon Sep 17 00:00:00 2001 From: syndrowm Date: Sat, 16 Nov 2019 12:12:01 -0700 Subject: [PATCH 081/733] test ci --- src/werkzeug/serving.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index 8494c5efd..eac541b60 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -520,10 +520,6 @@ def generate_adhoc_ssl_pair(cn=None): .serial_number(x509.random_serial_number()) .not_valid_before(dt.utcnow()) .not_valid_after(dt.utcnow() + timedelta(days=365)) - .add_extension(x509.ExtendedKeyUsage([x509.OID_SERVER_AUTH]), critical=False) - .add_extension( - x509.SubjectAlternativeName([x509.DNSName(u"*")]), critical=False - ) .sign(pkey, hashes.SHA256(), default_backend()) ) return cert, pkey From 6d961dfb81ff9d655ca38f7b8385b509014f95b4 Mon Sep 17 00:00:00 2001 From: syndrowm Date: Sat, 16 Nov 2019 12:16:18 -0700 Subject: [PATCH 082/733] restore change --- src/werkzeug/serving.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index eac541b60..8494c5efd 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -520,6 +520,10 @@ def generate_adhoc_ssl_pair(cn=None): .serial_number(x509.random_serial_number()) .not_valid_before(dt.utcnow()) .not_valid_after(dt.utcnow() + timedelta(days=365)) + .add_extension(x509.ExtendedKeyUsage([x509.OID_SERVER_AUTH]), critical=False) + .add_extension( + x509.SubjectAlternativeName([x509.DNSName(u"*")]), critical=False + ) .sign(pkey, hashes.SHA256(), default_backend()) ) return cert, pkey From 99e1b14bce666ffb67a699d6492af4e6c7bea696 Mon Sep 17 00:00:00 2001 From: Chris Nickel Date: Sun, 15 Dec 2019 10:46:58 -0500 Subject: [PATCH 083/733] Docs: Remove redundant abort code example and update description --- src/werkzeug/exceptions.py | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index ee06110f4..edc6454ab 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -767,17 +767,13 @@ def __call__(self, code, *args, **kwargs): def abort(status, *args, **kwargs): """Raises an :py:exc:`HTTPException` for the given status code or WSGI - application:: + application. - abort(404) # 404 Not Found - abort(Response('Hello World')) + If a status code is given, it will be looked up in the list of + exceptions and will raise that exception. If passed a WSGI application, + it will wrap it in a proxy WSGI exception and raise that:: - Can be passed a WSGI application or a status code. If a status code is - given it's looked up in the list of exceptions and will raise that - exception, if passed a WSGI application it will wrap it in a proxy WSGI - exception and raise that:: - - abort(404) + abort(404) # 404 Not Found abort(Response('Hello World')) """ From c0f7efe3e4acbe7253677266e2b77b1a127096c6 Mon Sep 17 00:00:00 2001 From: Adam Englander Date: Sun, 1 Dec 2019 16:41:55 -0800 Subject: [PATCH 084/733] Update Tox and Azure Pipelines with Python 3.8 --- .azure-pipelines.yml | 10 ++++++---- tox.ini | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index c85fe0539..afdb617f0 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -4,20 +4,22 @@ trigger: variables: vmImage: ubuntu-latest - python.version: 3.7 + python.version: 3.8 TOXENV: py,coverage-ci hasTestResults: true strategy: matrix: - Python 3.7 Linux: + Python 3.8 Linux: vmImage: ubuntu-latest - Python 3.7 Windows: + Python 3.8 Windows: vmImage: windows-latest - Python 3.7 Mac: + Python 3.8 Mac: vmImage: macos-latest PyPy 3 Linux: python.version: pypy3 + Python 3.7 Linux: + python.version: 3.7 Python 3.6 Linux: python.version: 3.6 Python 3.5 Linux: diff --git a/tox.ini b/tox.ini index abda16f0e..46800a905 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{37,36,35,27,py3,py} + py{38,37,36,35,27,py3,py} style docs-html coverage From 121d4f1c11ed453da51316de82a68920f1ce4438 Mon Sep 17 00:00:00 2001 From: David Lord Date: Fri, 3 Jan 2020 14:54:41 -0800 Subject: [PATCH 085/733] fix tests and update ci config --- .azure-pipelines.yml | 20 ++++++++++---------- .pre-commit-config.yaml | 8 ++++---- setup.cfg | 1 + src/werkzeug/formparser.py | 2 +- tests/test_serving.py | 14 +++++++------- tox.ini | 10 +++------- 6 files changed, 26 insertions(+), 29 deletions(-) diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index afdb617f0..eabcaf768 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -4,9 +4,9 @@ trigger: variables: vmImage: ubuntu-latest - python.version: 3.8 + python.version: '3.8' TOXENV: py,coverage-ci - hasTestResults: true + hasTestResults: 'true' strategy: matrix: @@ -19,22 +19,22 @@ strategy: PyPy 3 Linux: python.version: pypy3 Python 3.7 Linux: - python.version: 3.7 + python.version: '3.7' Python 3.6 Linux: - python.version: 3.6 + python.version: '3.6' Python 3.5 Linux: - python.version: 3.5 + python.version: '3.5' Python 2.7 Linux: - python.version: 2.7 + python.version: '2.7' Python 2.7 Windows: - python.version: 2.7 + python.version: '2.7' vmImage: windows-latest Docs: - TOXENV: docs-html - hasTestResults: false + TOXENV: docs + hasTestResults: 'false' Style: TOXENV: style - hasTestResults: false + hasTestResults: 'false' pool: vmImage: $[ variables.vmImage ] diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2fb466196..a92c42137 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/asottile/reorder_python_imports - rev: v1.4.0 + rev: v1.8.0 hooks: - id: reorder-python-imports name: Reorder Python imports (src, tests) @@ -11,16 +11,16 @@ repos: files: "^examples/" args: ["--application-directories", "examples"] - repo: https://github.com/ambv/black - rev: 18.9b0 + rev: 19.10b0 hooks: - id: black - repo: https://gitlab.com/pycqa/flake8 - rev: 3.7.7 + rev: 3.7.9 hooks: - id: flake8 additional_dependencies: [flake8-bugbear] - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v2.1.0 + rev: v2.4.0 hooks: - id: check-byte-order-marker - id: trailing-whitespace diff --git a/setup.cfg b/setup.cfg index 1def1f7ba..02e0db220 100644 --- a/setup.cfg +++ b/setup.cfg @@ -8,6 +8,7 @@ universal = true testpaths = tests norecursedirs = tests/hypothesis filterwarnings = + error ignore::requests.packages.urllib3.exceptions.InsecureRequestWarning ; warning about collections.abc fixed in watchdog master ignore::DeprecationWarning:watchdog.utils.bricks:175 diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py index ffdb9b0f1..02ae2ce5e 100644 --- a/src/werkzeug/formparser.py +++ b/src/werkzeug/formparser.py @@ -137,7 +137,7 @@ def wrapper(self, stream, *args, **kwargs): while 1: chunk = stream.read(1024 * 64) if not chunk: - break + break # noqa: B012 return update_wrapper(wrapper, f) diff --git a/tests/test_serving.py b/tests/test_serving.py index cf31bd2e6..b60c39fcd 100644 --- a/tests/test_serving.py +++ b/tests/test_serving.py @@ -295,14 +295,14 @@ def app(environ, start_response): raise RuntimeError("Change event not detected.") -def test_windows_get_args_for_reloading(monkeypatch, tmpdir): - test_py_exe = r"C:\Users\test\AppData\Local\Programs\Python\Python36\python.exe" - monkeypatch.setattr(os, "name", "nt") - monkeypatch.setattr(sys, "executable", test_py_exe) - test_exe = tmpdir.mkdir("test").join("test.exe") - monkeypatch.setattr(sys, "argv", [test_exe.strpath, "run"]) +def test_windows_get_args_for_reloading(monkeypatch, tmp_path): + argv = [str(tmp_path / "test.exe"), "run"] + monkeypatch.setattr("sys.executable", str(tmp_path / "python.exe")) + monkeypatch.setattr("sys.argv", argv) + monkeypatch.setattr("__main__.__package__", None) + monkeypatch.setattr("os.name", "nt") rv = _reloader._get_args_for_reloading() - assert rv == [test_exe.strpath, "run"] + assert rv == argv def test_monkeypatched_sleep(tmpdir): diff --git a/tox.ini b/tox.ini index 46800a905..fdab3b3a5 100644 --- a/tox.ini +++ b/tox.ini @@ -2,7 +2,7 @@ envlist = py{38,37,36,35,27,py3,py} style - docs-html + docs coverage skip_missing_interpreters = true @@ -24,11 +24,8 @@ deps = pre-commit skip_install = true commands = pre-commit run --all-files --show-diff-on-failure -[testenv:docs-html] -deps = - Sphinx - Pallets-Sphinx-Themes - sphinx-issues +[testenv:docs] +deps = -r docs/requirements.txt commands = sphinx-build -W -b html -d {envtmpdir}/doctrees docs {envtmpdir}/html [testenv:coverage] @@ -45,4 +42,3 @@ skip_install = true commands = coverage combine coverage xml - coverage report From 6d5c6e203d82552eb272e021fa7347000473b7e5 Mon Sep 17 00:00:00 2001 From: manlix Date: Thu, 17 Oct 2019 20:21:13 +0300 Subject: [PATCH 086/733] Add support for pathlib to save uploaded file --- CHANGES.rst | 1 + src/werkzeug/datastructures.py | 7 +++++++ tests/test_datastructures.py | 25 +++++++++++++++++++++++++ 3 files changed, 33 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 2f79596ea..b19aeb3ee 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -68,6 +68,7 @@ Unreleased handled by Click instead of termcolor. :issue:`1235` - Optional ad-hoc TLS support for the development server is handled by cryptography instead of pyOpenSSL. :pr:`1555` +- Add support for pathlib to save uploaded file. :issue:`1653` Version 0.16.0 diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index e3231b081..4667b847a 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -30,6 +30,11 @@ from ._internal import _missing from .filesystem import get_filesystem_encoding +try: + import pathlib +except ImportError: + pathlib = None + def is_immutable(self): raise TypeError("%r objects are immutable" % self.__class__.__name__) @@ -2952,6 +2957,8 @@ def save(self, dst, buffer_size=16384): from shutil import copyfileobj close_dst = False + if pathlib is not None and isinstance(dst, pathlib.PurePath): + dst = str(dst) if isinstance(dst, string_types): dst = open(dst, "wb") close_dst = True diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index 800da86b0..e4b35c02f 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -1188,6 +1188,31 @@ def test_proxy_can_access_stream_attrs(self, stream): for name in ("fileno", "writable", "readable", "seekable"): assert hasattr(file_storage, name) + @pytest.mark.skipif(PY2, reason="Test only needed in PY3") + def test_save_to_pathlib_dst(self, tmp_path): + import pathlib + + tmp = str(tmp_path) + + dst = pathlib.Path(tmp, "dst.txt") + assert isinstance(dst, pathlib.PurePath) + + test_text = "test text" + + src = pathlib.Path(tmp, "src.txt") + src.write_text(test_text) + file_storage = self.storage_class(src.open("rb")) + file_storage.save(dst) + + result = pathlib.Path(dst).read_text() + assert result == "test text" + + def test_string_instead_valid_stream(self): + file_storage = self.storage_class("string_instead_valid_stream") + + with pytest.raises(AttributeError): + file_storage.read() + @pytest.mark.parametrize("ranges", ([(0, 1), (-5, None)], [(5, None)])) def test_range_to_header(ranges): From ad0ef8c51aebf4062ffb47a3da28bc1ce0fb88f4 Mon Sep 17 00:00:00 2001 From: David Lord Date: Thu, 2 Jan 2020 18:23:54 -0800 Subject: [PATCH 087/733] use fspath for general compatibility --- CHANGES.rst | 3 ++- src/werkzeug/_compat.py | 9 +++++++++ src/werkzeug/datastructures.py | 23 +++++++++++------------ tests/test_datastructures.py | 29 ++++++----------------------- 4 files changed, 28 insertions(+), 36 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index b19aeb3ee..f62a395d4 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -68,7 +68,8 @@ Unreleased handled by Click instead of termcolor. :issue:`1235` - Optional ad-hoc TLS support for the development server is handled by cryptography instead of pyOpenSSL. :pr:`1555` -- Add support for pathlib to save uploaded file. :issue:`1653` +- ``FileStorage.save()`` supports ``pathlib`` and :pep:`519` + ``PathLike`` objects. :issue:`1653` Version 0.16.0 diff --git a/src/werkzeug/_compat.py b/src/werkzeug/_compat.py index 1097983e0..1d8c81040 100644 --- a/src/werkzeug/_compat.py +++ b/src/werkzeug/_compat.py @@ -217,3 +217,12 @@ def to_unicode( if charset is None and allow_none_charset: return x return x.decode(charset, errors) + + +try: + from os import fspath +except ImportError: + # Python < 3.6 + # https://www.python.org/dev/peps/pep-0519/#backwards-compatibility + def fspath(path): + return path.__fspath__() if hasattr(path, "__fspath__") else path diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 4667b847a..e194dd732 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -17,6 +17,7 @@ from . import exceptions from ._compat import BytesIO from ._compat import collections_abc +from ._compat import fspath from ._compat import integer_types from ._compat import iteritems from ._compat import iterkeys @@ -30,11 +31,6 @@ from ._internal import _missing from .filesystem import get_filesystem_encoding -try: - import pathlib -except ImportError: - pathlib = None - def is_immutable(self): raise TypeError("%r objects are immutable" % self.__class__.__name__) @@ -2948,20 +2944,23 @@ def save(self, dst, buffer_size=16384): For secure file saving also have a look at :func:`secure_filename`. - :param dst: a filename or open file object the uploaded file - is saved to. - :param buffer_size: the size of the buffer. This works the same as - the `length` parameter of - :func:`shutil.copyfileobj`. + :param dst: a filename, :class:`os.PathLike`, or open file + object to write to. + :param buffer_size: Passed as the ``length`` parameter of + :func:`shutil.copyfileobj`. + + .. versionchanged:: 1.0 + Supports :mod:`pathlib`. """ from shutil import copyfileobj close_dst = False - if pathlib is not None and isinstance(dst, pathlib.PurePath): - dst = str(dst) + dst = fspath(dst) + if isinstance(dst, string_types): dst = open(dst, "wb") close_dst = True + try: copyfileobj(self.stream, dst, buffer_size) finally: diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index e4b35c02f..8ff556a58 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -1188,30 +1188,13 @@ def test_proxy_can_access_stream_attrs(self, stream): for name in ("fileno", "writable", "readable", "seekable"): assert hasattr(file_storage, name) - @pytest.mark.skipif(PY2, reason="Test only needed in PY3") def test_save_to_pathlib_dst(self, tmp_path): - import pathlib - - tmp = str(tmp_path) - - dst = pathlib.Path(tmp, "dst.txt") - assert isinstance(dst, pathlib.PurePath) - - test_text = "test text" - - src = pathlib.Path(tmp, "src.txt") - src.write_text(test_text) - file_storage = self.storage_class(src.open("rb")) - file_storage.save(dst) - - result = pathlib.Path(dst).read_text() - assert result == "test text" - - def test_string_instead_valid_stream(self): - file_storage = self.storage_class("string_instead_valid_stream") - - with pytest.raises(AttributeError): - file_storage.read() + src = tmp_path / "src.txt" + src.write_text(u"test") + storage = self.storage_class(src.open("rb")) + dst = tmp_path / "dst.txt" + storage.save(dst) + assert dst.read_text() == "test" @pytest.mark.parametrize("ranges", ([(0, 1), (-5, None)], [(5, None)])) From 617309a7c317ae1ade428de48f5bc4a906c2950f Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 4 Jan 2020 12:08:47 -0800 Subject: [PATCH 088/733] get_machine_id unique for podman --- CHANGES.rst | 2 + src/werkzeug/debug/__init__.py | 70 ++++++++++++++++++---------------- 2 files changed, 39 insertions(+), 33 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index f62a395d4..712b01346 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -70,6 +70,8 @@ Unreleased by cryptography instead of pyOpenSSL. :pr:`1555` - ``FileStorage.save()`` supports ``pathlib`` and :pep:`519` ``PathLike`` objects. :issue:`1653` +- The debugger security pin is unique in containers managed by Podman. + :issue:`1661` Version 0.16.0 diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py index bb188017a..f9f6e8531 100644 --- a/src/werkzeug/debug/__init__.py +++ b/src/werkzeug/debug/__init__.py @@ -47,59 +47,62 @@ def hash_pin(pin): def get_machine_id(): global _machine_id - rv = _machine_id - if rv is not None: - return rv - def _generate(): - # docker containers share the same machine id, get the - # container id instead - try: - with open("/proc/self/cgroup") as f: - value = f.readline() - except IOError: - pass - else: - value = value.strip().partition("/docker/")[2] + if _machine_id is not None: + return _machine_id - if value: - return value + def _generate(): + linux = b"" - # Potential sources of secret information on linux. The machine-id - # is stable across boots, the boot id is not + # machine-id is stable across boots, boot_id is not. for filename in "/etc/machine-id", "/proc/sys/kernel/random/boot_id": try: with open(filename, "rb") as f: - return f.readline().strip() + value = f.readline().strip() except IOError: continue - # On OS X we can use the computer's serial number assuming that - # ioreg exists and can spit out that information. + if value: + linux += value + break + + # Containers share the same machine id, add some cgroup + # information. This is used outside containers too but should be + # relatively stable across boots. try: - # Also catch import errors: subprocess may not be available, e.g. - # Google App Engine - # See https://github.com/pallets/werkzeug/issues/925 + with open("/proc/self/cgroup", "rb") as f: + linux += f.readline().strip().rpartition(b"/")[2] + except IOError: + pass + + if linux: + return linux + + # On OS X, use ioreg to get the computer's serial number. + try: + # subprocess may not be available, e.g. Google App Engine + # https://github.com/pallets/werkzeug/issues/925 from subprocess import Popen, PIPE dump = Popen( ["ioreg", "-c", "IOPlatformExpertDevice", "-d", "2"], stdout=PIPE ).communicate()[0] match = re.search(b'"serial-number" = <([^>]+)', dump) + if match is not None: return match.group(1) except (OSError, ImportError): pass - # On Windows we can use winreg to get the machine guid - wr = None + # On Windows, use winreg to get the machine guid. try: import winreg as wr except ImportError: try: import _winreg as wr except ImportError: - pass + wr = None + if wr is not None: try: with wr.OpenKey( @@ -108,16 +111,17 @@ def _generate(): 0, wr.KEY_READ | wr.KEY_WOW64_64KEY, ) as rk: - machineGuid, wrType = wr.QueryValueEx(rk, "MachineGuid") - if wrType == wr.REG_SZ: - return machineGuid.encode("utf-8") - else: - return machineGuid + guid, guid_type = wr.QueryValueEx(rk, "MachineGuid") + + if guid_type == wr.REG_SZ: + return guid.encode("utf-8") + + return guid except WindowsError: pass - _machine_id = rv = _generate() - return rv + _machine_id = _generate() + return _machine_id class _ConsoleFrame(object): From e3a880bf1dc06231ce756a4fbf31896101d190fc Mon Sep 17 00:00:00 2001 From: junnplus Date: Sat, 16 Nov 2019 00:11:39 +0800 Subject: [PATCH 089/733] fix rename DeprecationWarning message for subpackages --- CHANGES.rst | 7 +++++++ src/werkzeug/__init__.py | 6 ++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 5586909d5..50b85678c 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,5 +1,12 @@ .. currentmodule:: werkzeug +Version 0.16.1 +-------------- + +- Fix import location in deprecation messages for subpackages. + :issue:`1663` + + Version 0.16.0 -------------- diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index d53bb3910..4be464264 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -53,15 +53,17 @@ def __getattr__(self, item): # Import the module, get the attribute, and show a warning about where # to correctly import it from. - mod = import_module(origin, self.__name__.rsplit(".")[0]) + package = self.__name__.rsplit(".")[0] + mod = import_module(origin, package) value = getattr(mod, item) warn( "The import '{name}.{item}' is deprecated and will be removed in" - " {removed_in}. Use 'from {name}{origin} import {item}'" + " {removed_in}. Use 'from {package}{origin} import {item}'" " instead.".format( name=self.__name__, item=item, removed_in=self._removed_in, + package=package, origin=origin, ), DeprecationWarning, From 0978789dcb6ce7d3d8811ee46cae3f447d072bbd Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 4 Jan 2020 12:54:47 -0800 Subject: [PATCH 090/733] fix newline issue in test on pypy 2.7 --- tests/test_debug.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/test_debug.py b/tests/test_debug.py index ac795c785..15e5b942d 100644 --- a/tests/test_debug.py +++ b/tests/test_debug.py @@ -363,9 +363,9 @@ def test_console_closure_variables(monkeypatch): c = console.Console() c.eval("y = 5") c.eval("x = lambda: y") - ret = c.eval("x()") - expected = ">>> x()\n5" if PY2 else ">>> x()\n5\n" - assert ret == expected + # strip() is only needed for Python 2 compat + ret = c.eval("x()").strip() + assert ret == ">>> x()\n5" @pytest.mark.skipif(PY2, reason="Python 2 doesn't have chained exceptions.") From 1d8cd3c73c93ce2cd5bb6f433c1ec503b64f529f Mon Sep 17 00:00:00 2001 From: Adam Englander Date: Sun, 1 Dec 2019 16:33:30 -0800 Subject: [PATCH 091/733] Only write body when there is a body to write. Solves a serving bug that only exists in Python 3.5. There was no good way to write a reliable test to reproduce the issue. As such, not tests were added at this time. --- CHANGES.rst | 4 ++++ src/werkzeug/serving.py | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index 50b85678c..580146876 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -3,8 +3,12 @@ Version 0.16.1 -------------- +Unreleased + - Fix import location in deprecation messages for subpackages. :issue:`1663` +- Fix an SSL error on Python 3.5 when the dev server responds with no + content. :issue:`1659` Version 0.16.0 diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index d817120f2..19ac92fc8 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -273,7 +273,9 @@ def write(data): self.end_headers() assert isinstance(data, bytes), "applications must write bytes" - self.wfile.write(data) + if data: + # Only write data if there is any to avoid Python 3.5 SSL bug + self.wfile.write(data) self.wfile.flush() def start_response(status, response_headers, exc_info=None): From d0bc2470b0026fbf2357956d2945a8fb22bb5f2f Mon Sep 17 00:00:00 2001 From: pgjones Date: Sat, 4 Jan 2020 21:52:58 +0000 Subject: [PATCH 092/733] add Python 3.8 trove classifier --- setup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.py b/setup.py index c53454c4d..54fda2ffc 100644 --- a/setup.py +++ b/setup.py @@ -40,6 +40,7 @@ "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: Internet :: WWW/HTTP :: Dynamic Content", From b7f0413399b0f164ac616b87cfe5aa120e542b8b Mon Sep 17 00:00:00 2001 From: Adam Englander Date: Sun, 1 Dec 2019 16:46:21 -0800 Subject: [PATCH 093/733] Include host matching if possible when building URLs --- CHANGES.rst | 3 +++ src/werkzeug/routing.py | 15 ++++++++++++--- tests/test_routing.py | 25 +++++++++++++++++++++++++ 3 files changed, 40 insertions(+), 3 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 712b01346..afc558097 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -72,6 +72,9 @@ Unreleased ``PathLike`` objects. :issue:`1653` - The debugger security pin is unique in containers managed by Podman. :issue:`1661` +- Building a URL when ``host_matching`` is enabled takes into account + the current host when there are duplicate endpoints with different + hosts. :issue:`488` Version 0.16.0 diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index b7b5a066e..0b42c97fd 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -1932,13 +1932,22 @@ def _partial_build(self, endpoint, values, method, append_unknown): if rv is not None: return rv - # default method did not match or a specific method is passed, - # check all and go with first result. + # Default method did not match or a specific method is passed. + # Check all for first match with matching host. If no matching + # host is found, go with first result. + first_match = None + for rule in self.map._rules_by_endpoint.get(endpoint, ()): if rule.suitable_for(values, method): rv = rule.build(values, append_unknown) + if rv is not None: - return rv + if rv[0] == self.server_name: + return rv + elif first_match is None: + first_match = rv + + return first_match def build( self, diff --git a/tests/test_routing.py b/tests/test_routing.py index ef2605867..a7172e4a9 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -1131,3 +1131,28 @@ def test_build_url_with_arg_keyword(): ret = adapter.build("foo", {"class": "bar"}) assert ret == "http://example.org/foo/bar" + + +def test_build_url_same_endpoint_multiple_hosts(): + m = r.Map( + [ + r.Rule("/", endpoint="index", host="alpha.example.com"), + r.Rule("/", endpoint="index", host="beta.example.com"), + r.Rule("/", endpoint="gamma", host="gamma.example.com"), + ], + host_matching=True, + ) + + alpha = m.bind("alpha.example.com") + assert alpha.build("index") == "/" + assert alpha.build("gamma") == "http://gamma.example.com/" + + alpha_case = m.bind("AlPhA.ExAmPlE.CoM") + assert alpha_case.build("index") == "/" + assert alpha_case.build("gamma") == "http://gamma.example.com/" + + beta = m.bind("beta.example.com") + assert beta.build("index") == "/" + + beta_case = m.bind("BeTa.ExAmPlE.CoM") + assert beta_case.build("index") == "/" From a9c46f1c4f6c2de51b603359c7dfddefb2887758 Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 4 Jan 2020 15:34:34 -0800 Subject: [PATCH 094/733] avoid building all rules when not host matching --- src/werkzeug/routing.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index 0b42c97fd..952423f3e 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -1942,10 +1942,13 @@ def _partial_build(self, endpoint, values, method, append_unknown): rv = rule.build(values, append_unknown) if rv is not None: - if rv[0] == self.server_name: + if self.map.host_matching: + if rv[0] == self.server_name: + return rv + elif first_match is None: + first_match = rv + else: return rv - elif first_match is None: - first_match = rv return first_match From ccfd0750ae69c874594de1d8dd439c6318761b6b Mon Sep 17 00:00:00 2001 From: Adam Englander Date: Sun, 1 Dec 2019 18:52:15 -0800 Subject: [PATCH 095/733] Add ability to set Retry-After header to 429 Too Many Requests response. Added optional retry_after_secs to TooManyRequests exception init. This brings the output in line with the HTTP spec. --- src/werkzeug/exceptions.py | 18 ++++++++++++++++++ tests/test_exceptions.py | 10 ++++++++++ 2 files changed, 28 insertions(+) diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index edc6454ab..7b64048f9 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -600,11 +600,29 @@ class TooManyRequests(HTTPException): to identify users and their request rates). The server may include a "Retry-After" header to indicate how long the user should wait before retrying. + + .. versionchanged:: 0.16.1 + ``retry_after_secs`` was added as the first argument, ahead of + ``description``. """ code = 429 description = "This user has exceeded an allotted request count. Try again later." + def __init__(self, description=None, retry_after_secs=None): + """ + Use the optional value of retry_after_secs to specify the number of seconds + to wait for a retry attempt. + """ + HTTPException.__init__(self, description) + self.retry_after_secs = retry_after_secs + + def get_headers(self, environ=None): + headers = HTTPException.get_headers(self, environ) + if self.retry_after_secs: + headers.append(("Retry-After", str(self.retry_after_secs))) + return headers + class RequestHeaderFieldsTooLarge(HTTPException): """*431* `Request Header Fields Too Large` diff --git a/tests/test_exceptions.py b/tests/test_exceptions.py index 809667eaa..6ccfad0f5 100644 --- a/tests/test_exceptions.py +++ b/tests/test_exceptions.py @@ -120,3 +120,13 @@ def test_response_header_content_type_should_contain_charset(): exc = exceptions.HTTPException("An error message") h = exc.get_response({}) assert h.headers["Content-Type"] == "text/html; charset=utf-8" + + +def test_too_many_requests_retry_after(): + exc = exceptions.TooManyRequests(retry_after_secs=20) + h = dict(exc.get_headers({})) + assert h["Retry-After"] == "20" + assert ( + "This user has exceeded an allotted request count. Try again later." + in exc.get_description() + ) From 88ee0a580252f94f8224f5b94c3b808c302e03fd Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 4 Jan 2020 19:15:05 -0800 Subject: [PATCH 096/733] extract retry_after to base class --- CHANGES.rst | 3 ++ src/werkzeug/exceptions.py | 74 +++++++++++++++++++++++++------------- tests/test_exceptions.py | 25 ++++++++----- 3 files changed, 69 insertions(+), 33 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index afc558097..31404332c 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -75,6 +75,9 @@ Unreleased - Building a URL when ``host_matching`` is enabled takes into account the current host when there are duplicate endpoints with different hosts. :issue:`488` +- The ``429 TooManyRequests`` and ``503 ServiceUnavailable`` HTTP + exceptions takes a ``retry_after`` parameter to set the + ``Retry-After`` header. :issue:`1657` Version 0.16.0 diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index 7b64048f9..82e99c2e5 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -58,6 +58,7 @@ def application(environ, start_response): :license: BSD-3-Clause """ import sys +from datetime import datetime from ._compat import implements_to_string from ._compat import integer_types @@ -592,37 +593,52 @@ class PreconditionRequired(HTTPException): ) -class TooManyRequests(HTTPException): +class _RetryAfter(HTTPException): + """Adds an optional ``retry_after`` parameter which will set the + ``Retry-After`` header. May be an :class:`int` number of seconds or + a :class:`~datetime.datetime`. + """ + + def __init__(self, description=None, response=None, retry_after=None): + super(_RetryAfter, self).__init__(description, response) + self.retry_after = retry_after + + def get_headers(self, environ=None): + headers = super(_RetryAfter, self).get_headers(environ) + + if self.retry_after: + if isinstance(self.retry_after, datetime): + from .http import http_date + + value = http_date(self.retry_after) + else: + value = str(self.retry_after) + + headers.append(("Retry-After", value)) + + return headers + + +class TooManyRequests(_RetryAfter): """*429* `Too Many Requests` - The server is limiting the rate at which this user receives responses, and - this request exceeds that rate. (The server may use any convenient method - to identify users and their request rates). The server may include a - "Retry-After" header to indicate how long the user should wait before - retrying. + The server is limiting the rate at which this user receives + responses, and this request exceeds that rate. (The server may use + any convenient method to identify users and their request rates). + The server may include a "Retry-After" header to indicate how long + the user should wait before retrying. - .. versionchanged:: 0.16.1 - ``retry_after_secs`` was added as the first argument, ahead of - ``description``. + :param retry_after: If given, set the ``Retry-After`` header to this + value. May be an :class:`int` number of seconds or a + :class:`~datetime.datetime`. + + .. versionchanged:: 1.0 + Added ``retry_after`` parameter. """ code = 429 description = "This user has exceeded an allotted request count. Try again later." - def __init__(self, description=None, retry_after_secs=None): - """ - Use the optional value of retry_after_secs to specify the number of seconds - to wait for a retry attempt. - """ - HTTPException.__init__(self, description) - self.retry_after_secs = retry_after_secs - - def get_headers(self, environ=None): - headers = HTTPException.get_headers(self, environ) - if self.retry_after_secs: - headers.append(("Retry-After", str(self.retry_after_secs))) - return headers - class RequestHeaderFieldsTooLarge(HTTPException): """*431* `Request Header Fields Too Large` @@ -699,10 +715,18 @@ class BadGateway(HTTPException): ) -class ServiceUnavailable(HTTPException): +class ServiceUnavailable(_RetryAfter): """*503* `Service Unavailable` - Status code you should return if a service is temporarily unavailable. + Status code you should return if a service is temporarily + unavailable. + + :param retry_after: If given, set the ``Retry-After`` header to this + value. May be an :class:`int` number of seconds or a + :class:`~datetime.datetime`. + + .. versionchanged:: 1.0 + Added ``retry_after`` parameter. """ code = 503 diff --git a/tests/test_exceptions.py b/tests/test_exceptions.py index 6ccfad0f5..5b2ed1a4a 100644 --- a/tests/test_exceptions.py +++ b/tests/test_exceptions.py @@ -12,6 +12,8 @@ :copyright: 2007 Pallets :license: BSD-3-Clause """ +from datetime import datetime + import pytest from werkzeug import exceptions @@ -122,11 +124,18 @@ def test_response_header_content_type_should_contain_charset(): assert h.headers["Content-Type"] == "text/html; charset=utf-8" -def test_too_many_requests_retry_after(): - exc = exceptions.TooManyRequests(retry_after_secs=20) - h = dict(exc.get_headers({})) - assert h["Retry-After"] == "20" - assert ( - "This user has exceeded an allotted request count. Try again later." - in exc.get_description() - ) +@pytest.mark.parametrize( + ("cls", "value", "expect"), + [ + (exceptions.TooManyRequests, 20, "20"), + ( + exceptions.ServiceUnavailable, + datetime(2020, 1, 4, 18, 52, 16), + "Sat, 04 Jan 2020 18:52:16 GMT", + ), + ], +) +def test_retry_after_mixin(cls, value, expect): + e = cls(retry_after=value) + h = dict(e.get_headers({})) + assert h["Retry-After"] == expect From 82dd5fdb68fc993a17f1ea91b3f79c73252f5cf6 Mon Sep 17 00:00:00 2001 From: Ed Kellett Date: Mon, 23 Apr 2018 00:15:08 +0100 Subject: [PATCH 097/733] merge slashes and redirect when matching --- src/werkzeug/routing.py | 60 +++++++++++++++++++++++++++++++++++++---- tests/test_routing.py | 30 +++++++++++++++++++++ 2 files changed, 85 insertions(+), 5 deletions(-) diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index 952423f3e..82decb144 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -161,6 +161,10 @@ ) +class InvalidURLWarning(Warning): + pass + + _PYTHON_CONSTANTS = {"None": None, "True": True, "False": False} @@ -253,9 +257,14 @@ def get_response(self, environ): return redirect(self.new_url, self.code) -class RequestSlash(RoutingException): +class RequestPath(RoutingException): """Internal exception.""" + __slots__ = ("path_info",) + + def __init__(self, path_info): + self.path_info = path_info + class RequestAliasRedirect(RoutingException): # noqa: B903 """This rule is an alias and wants to redirect to the canonical URL.""" @@ -582,6 +591,11 @@ class Rule(RuleFactory): Override the `Map` setting for `strict_slashes` only for this rule. If not specified the `Map` setting is used. + `merge_slashes` + Override the `Map` setting for `merge_slashes` for this rule. + + .. versionadded:: 0.15 + `build_only` Set this to True and the rule will never match but will create a URL that can be build. This is useful if you have resources on a subdomain @@ -634,17 +648,25 @@ def __init__( build_only=False, endpoint=None, strict_slashes=None, + merge_slashes=None, redirect_to=None, alias=False, host=None, ): if not string.startswith("/"): raise ValueError("urls must start with a leading slash") - self.rule = string + self.rule = re.sub(r"//+", "/", string) + if self.rule != string: + warnings.warn( + "Consecutive '/' separators will be stripped from URL: %r" % string, + InvalidURLWarning, + stacklevel=2, + ) self.is_leaf = not string.endswith("/") self.map = None self.strict_slashes = strict_slashes + self.merge_slashes = merge_slashes self.subdomain = subdomain self.host = host self.defaults = defaults @@ -726,6 +748,8 @@ def bind(self, map, rebind=False): self.map = map if self.strict_slashes is None: self.strict_slashes = map.strict_slashes + if self.merge_slashes is None: + self.merge_slashes = map.merge_slashes if self.subdomain is None: self.subdomain = map.default_subdomain self.compile() @@ -817,6 +841,12 @@ def match(self, path, method=None): :internal: """ if not self.build_only: + require_redirect = False + + if self.merge_slashes and "//" in path: + path = re.sub(r"//+", "/", path) + require_redirect = True + m = self._regex.search(path) if m is not None: groups = m.groupdict() @@ -832,7 +862,8 @@ def match(self, path, method=None): method is None or self.methods is None or method in self.methods ) ): - raise RequestSlash() + path += "/" + require_redirect = True # if we are not in strict slashes mode we have to remove # a __suffix__ elif not self.strict_slashes: @@ -848,6 +879,10 @@ def match(self, path, method=None): if self.defaults: result.update(self.defaults) + if require_redirect: + path = path.split("|", 1)[1] + raise RequestPath(path) + if self.alias and self.map.redirect_defaults: raise RequestAliasRedirect(result) @@ -1300,6 +1335,7 @@ class Map(object): subdomain defined. :param charset: charset of the url. defaults to ``"utf-8"`` :param strict_slashes: Take care of trailing slashes. + :param merge_slashes: Take care of repeated slashes. :param redirect_defaults: This will redirect to the default rule if it wasn't visited that way. This helps creating unique URLs. @@ -1320,6 +1356,9 @@ class Map(object): .. versionadded:: 0.7 `encoding_errors` and `host_matching` was added. + + .. versionadded:: 1.0.0 + Added ``merge_slashes``. """ #: A dict of default converters to be used. @@ -1331,6 +1370,7 @@ def __init__( default_subdomain="", charset="utf-8", strict_slashes=True, + merge_slashes=True, redirect_defaults=True, converters=None, sort_parameters=False, @@ -1347,6 +1387,7 @@ def __init__( self.charset = charset self.encoding_errors = encoding_errors self.strict_slashes = strict_slashes + self.merge_slashes = merge_slashes self.redirect_defaults = redirect_defaults self.host_matching = host_matching @@ -1752,6 +1793,8 @@ def match(self, path_info=None, method=None, return_rule=False, query_args=None) query_args = self.query_args method = (method or self.default_method).upper() + require_redirect = False + path = u"%s|%s" % ( self.map.host_matching and self.server_name or self.subdomain, path_info and "/%s" % path_info.lstrip("/"), @@ -1761,10 +1804,10 @@ def match(self, path_info=None, method=None, return_rule=False, query_args=None) for rule in self.map._rules: try: rv = rule.match(path, method) - except RequestSlash: + except RequestPath as e: raise RequestRedirect( self.make_redirect_url( - url_quote(path_info, self.map.charset, safe="/:|+") + "/", + url_quote(e.path_info, self.map.charset, safe="/:|+"), query_args, ) ) @@ -1810,6 +1853,13 @@ def _handle_match(match): ) ) + if require_redirect: + raise RequestRedirect( + self.make_redirect_url( + url_quote(path_info, self.map.charset, safe="/:|+"), query_args + ) + ) + if return_rule: return rule, rv else: diff --git a/tests/test_routing.py b/tests/test_routing.py index a7172e4a9..047422119 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -62,6 +62,36 @@ def test_basic_routing(): assert excinfo.value.new_url == "http://example.org/bar/?foo=bar" +def test_multi_slash(): + map = r.Map( + [ + r.Rule("/frob/zarf", endpoint="blorwoop"), + r.Rule("/bleeg/bloog/", endpoint="bluff"), + r.Rule("/quux/", endpoint="zoop"), + ] + ) + adapter = map.bind("localhost", "/") + with pytest.raises(r.RequestRedirect) as excinfo: + adapter.match("/frob//zarf") + assert excinfo.value.new_url.endswith("/frob/zarf") + + with pytest.raises(r.RequestRedirect) as excinfo: + adapter.match("/bleeg//bloog") + assert excinfo.value.new_url.endswith("/bleeg/bloog/") + + # test some negatives too + adapter.match("/frob/zarf") + adapter.match("/bleeg/bloog/") + + ep, rv = adapter.match("/quux/http://splud/") + assert rv["slub"] == "http://splud/" + + with pytest.warns(r.InvalidURLWarning): + map = r.Map([r.Rule("/frob//zarf", endpoint="blorwoop")]) + adapter = map.bind("localhost", "/") + assert adapter.build("blorwoop") == "/frob/zarf" + + def test_strict_slashes_redirect(): map = r.Map( [ From 0d193937c814032bbdee193fc6e80e08faf253ec Mon Sep 17 00:00:00 2001 From: Ed Kellett Date: Tue, 24 Apr 2018 12:44:29 +0100 Subject: [PATCH 098/733] be more selective about merging slashes * don't merge slashes immediately after ':' * don't merge slashes on construction We don't know whether the Map wants us to yet, so there's no ideal place to do it at all. The associated warning and its corresponding test are removed. merge_slashes is now enforced at `Rule.compile` time for building as well as parsing. * merge slashes only in static parts --- CHANGES.rst | 3 +++ src/werkzeug/routing.py | 39 +++++++++++++++++++++------------------ tests/test_routing.py | 5 +++-- 3 files changed, 27 insertions(+), 20 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 31404332c..c5bd221d5 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -78,6 +78,9 @@ Unreleased - The ``429 TooManyRequests`` and ``503 ServiceUnavailable`` HTTP exceptions takes a ``retry_after`` parameter to set the ``Retry-After`` header. :issue:`1657` +- ``Map`` and ``Rule`` have a ``merge_slashes`` option to collapse + multiple slashes into one, similar to how many HTTP servers behave. + :pr:`1286` Version 0.16.0 diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index 82decb144..e31c47def 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -161,10 +161,6 @@ ) -class InvalidURLWarning(Warning): - pass - - _PYTHON_CONSTANTS = {"None": None, "True": True, "False": False} @@ -655,13 +651,7 @@ def __init__( ): if not string.startswith("/"): raise ValueError("urls must start with a leading slash") - self.rule = re.sub(r"//+", "/", string) - if self.rule != string: - warnings.warn( - "Consecutive '/' separators will be stripped from URL: %r" % string, - InvalidURLWarning, - stacklevel=2, - ) + self.rule = string self.is_leaf = not string.endswith("/") self.map = None @@ -790,9 +780,18 @@ def _build_regex(rule): index = 0 for converter, arguments, variable in parse_rule(rule): if converter is None: - regex_parts.append(re.escape(variable)) - self._trace.append((False, variable)) - for part in variable.split("/"): + for match in re.finditer(r"/+|[^/]+", variable): + part = match.group(0) + if part.startswith("/"): + if self.merge_slashes: + regex_parts.append(r"/+?") + self._trace.append((False, "/")) + else: + regex.parts.append(part) + self._trace.append((False, part)) + continue + self._trace.append((False, part)) + regex_parts.append(re.escape(part)) if part: self._static_weights.append((index, -len(part))) else: @@ -843,10 +842,6 @@ def match(self, path, method=None): if not self.build_only: require_redirect = False - if self.merge_slashes and "//" in path: - path = re.sub(r"//+", "/", path) - require_redirect = True - m = self._regex.search(path) if m is not None: groups = m.groupdict() @@ -879,6 +874,14 @@ def match(self, path, method=None): if self.defaults: result.update(self.defaults) + if self.merge_slashes: + new_path = "|".join(self.build(result, False)) + if path.endswith("/") and not new_path.endswith("/"): + new_path += "/" + if new_path.count("/") < path.count("/"): + path = new_path + require_redirect = True + if require_redirect: path = path.split("|", 1)[1] raise RequestPath(path) diff --git a/tests/test_routing.py b/tests/test_routing.py index 047422119..38ea83123 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -85,9 +85,10 @@ def test_multi_slash(): ep, rv = adapter.match("/quux/http://splud/") assert rv["slub"] == "http://splud/" + ep, rv = adapter.match("/quux/x//splud/") + assert rv["slub"] == "x//splud/" - with pytest.warns(r.InvalidURLWarning): - map = r.Map([r.Rule("/frob//zarf", endpoint="blorwoop")]) + map = r.Map([r.Rule("/frob//zarf", endpoint="blorwoop")]) adapter = map.bind("localhost", "/") assert adapter.build("blorwoop") == "/frob/zarf" From c7041890c969eb1c959b24af5ac292c626cf7d3b Mon Sep 17 00:00:00 2001 From: David Lord Date: Sun, 5 Jan 2020 09:15:22 -0800 Subject: [PATCH 099/733] add tests for merge_slashes=False fix error in merge_slashes=False code rename paths in test for clarity --- src/werkzeug/routing.py | 2 +- tests/test_routing.py | 53 +++++++++++++++++++++++++---------------- 2 files changed, 34 insertions(+), 21 deletions(-) diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index e31c47def..230e01010 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -787,7 +787,7 @@ def _build_regex(rule): regex_parts.append(r"/+?") self._trace.append((False, "/")) else: - regex.parts.append(part) + regex_parts.append(part) self._trace.append((False, part)) continue self._trace.append((False, part)) diff --git a/tests/test_routing.py b/tests/test_routing.py index 38ea83123..77952778a 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -62,35 +62,48 @@ def test_basic_routing(): assert excinfo.value.new_url == "http://example.org/bar/?foo=bar" -def test_multi_slash(): - map = r.Map( +def test_merge_slashes_match(): + url_map = r.Map( [ - r.Rule("/frob/zarf", endpoint="blorwoop"), - r.Rule("/bleeg/bloog/", endpoint="bluff"), - r.Rule("/quux/", endpoint="zoop"), + r.Rule("/no/tail", endpoint="no_tail"), + r.Rule("/yes/tail/", endpoint="yes_tail"), + r.Rule("/with/", endpoint="with_path"), + r.Rule("/no//merge", endpoint="no_merge", merge_slashes=False), ] ) - adapter = map.bind("localhost", "/") + adapter = url_map.bind("localhost", "/") + with pytest.raises(r.RequestRedirect) as excinfo: - adapter.match("/frob//zarf") - assert excinfo.value.new_url.endswith("/frob/zarf") + adapter.match("/no//tail") + + assert excinfo.value.new_url.endswith("/no/tail") with pytest.raises(r.RequestRedirect) as excinfo: - adapter.match("/bleeg//bloog") - assert excinfo.value.new_url.endswith("/bleeg/bloog/") + adapter.match("/yes//tail") - # test some negatives too - adapter.match("/frob/zarf") - adapter.match("/bleeg/bloog/") + assert excinfo.value.new_url.endswith("/yes/tail/") - ep, rv = adapter.match("/quux/http://splud/") - assert rv["slub"] == "http://splud/" - ep, rv = adapter.match("/quux/x//splud/") - assert rv["slub"] == "x//splud/" + assert adapter.match("/no/tail")[0] == "no_tail" + assert adapter.match("/yes/tail/")[0] == "yes_tail" - map = r.Map([r.Rule("/frob//zarf", endpoint="blorwoop")]) - adapter = map.bind("localhost", "/") - assert adapter.build("blorwoop") == "/frob/zarf" + _, rv = adapter.match("/with/http://example.com/") + assert rv["path"] == "http://example.com/" + _, rv = adapter.match("/with/x//y") + assert rv["path"] == "x//y" + + assert adapter.match("/no//merge")[0] == "no_merge" + + +def test_merge_slashes_build(): + url_map = r.Map( + [ + r.Rule("/yes//merge", endpoint="yes_merge"), + r.Rule("/no//merge", endpoint="no_merge", merge_slashes=False), + ] + ) + adapter = url_map.bind("localhost", "/") + assert adapter.build("yes_merge") == "/yes/merge" + assert adapter.build("no_merge") == "/no//merge" def test_strict_slashes_redirect(): From 64b194259bc52fc4ddbacfe5a45a9a168a2e47b8 Mon Sep 17 00:00:00 2001 From: David Lord Date: Sun, 5 Jan 2020 09:40:04 -0800 Subject: [PATCH 100/733] docs for merge_slashes --- CHANGES.rst | 2 +- docs/conf.py | 1 + docs/requirements.txt | 1 + docs/routing.rst | 42 +++++++++++++++++++++++------------------ src/werkzeug/routing.py | 23 ++++++++++++---------- 5 files changed, 40 insertions(+), 29 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index c5bd221d5..a71ce7632 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -80,7 +80,7 @@ Unreleased ``Retry-After`` header. :issue:`1657` - ``Map`` and ``Rule`` have a ``merge_slashes`` option to collapse multiple slashes into one, similar to how many HTTP servers behave. - :pr:`1286` + This is enabled by default. :pr:`1286` Version 0.16.0 diff --git a/docs/conf.py b/docs/conf.py index a053617f8..53e6a1ef5 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -16,6 +16,7 @@ "sphinx.ext.intersphinx", "pallets_sphinx_themes", "sphinx_issues", + "sphinxcontrib.log_cabinet", ] intersphinx_mapping = {"python": ("https://docs.python.org/3/", None)} issues_github_path = "pallets/werkzeug" diff --git a/docs/requirements.txt b/docs/requirements.txt index 5d106d6c9..cd135e3d5 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,3 +1,4 @@ Sphinx~=1.8.3 Pallets-Sphinx-Themes~=1.1.2 sphinx-issues~=1.2.0 +sphinxcontrib-log-cabinet~=1.0.1 diff --git a/docs/routing.rst b/docs/routing.rst index f5a768cc1..68f74cc1c 100644 --- a/docs/routing.rst +++ b/docs/routing.rst @@ -70,24 +70,30 @@ exceptions have a look at the documentation of the :meth:`MapAdapter.match` meth Rule Format =========== -Rule strings basically are just normal URL paths with placeholders in the -format ````, where converter and the arguments -are optional. If no converter is defined, the `default` converter is used -(which means `string` in the normal configuration). - -URL rules that end with a slash are branch URLs, others are leaves. If you -have `strict_slashes` enabled (which is the default), all branch URLs that are -visited without a trailing slash will trigger a redirect to the same URL with -that slash appended. - -The list of converters can be extended, the default converters are explained -below. - - -Builtin Converters -================== - -Here a list of converters that come with Werkzeug: +Rule strings are URL paths with placeholders for variable parts in the +format ````. ``converter`` and ``arguments`` +(with parentheses) are optional. If no converter is given, the +``default`` converter is used (``string`` by default). The available +converters are discussed below. + +Rules that end with a slash are "branches", others are "leaves". If +``strict_slashes`` is enabled (the default), visiting a branch URL +without a trailing slash will redirect to the URL with a slash appended. + +Many HTTP servers merge consecutive slashes into one when receiving +requests. If ``merge_slashes`` is enabled (the default), rules will +merge slashes in non-variable parts when matching and building. Visiting +a URL with consecutive slashes will redirect to the URL with slashes +merged. If you want to disable ``merge_slashes`` for a :class:`Rule` or +:class:`Map`, you'll also need to configure your web server +appropriately. + + +Built-in Converters +=================== + +Converters for common types of URL variables are built-in. The available +converters can be overridden or extended through :attr:`Map.converters`. .. autoclass:: UnicodeConverter diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index 230e01010..5b5cbfbbb 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -588,9 +588,9 @@ class Rule(RuleFactory): not specified the `Map` setting is used. `merge_slashes` - Override the `Map` setting for `merge_slashes` for this rule. + Override the ``Map`` setting for ``merge_slashes`` for this rule. - .. versionadded:: 0.15 + .. versionadded:: 1.0 `build_only` Set this to True and the rule will never match but will create a URL @@ -1337,8 +1337,11 @@ class Map(object): :param default_subdomain: The default subdomain for rules without a subdomain defined. :param charset: charset of the url. defaults to ``"utf-8"`` - :param strict_slashes: Take care of trailing slashes. - :param merge_slashes: Take care of repeated slashes. + :param strict_slashes: If a rule ends with a slash but the matched + URL does not, redirect to the URL with a trailing slash. + :param merge_slashes: Merge consecutive slashes when matching or + building URLs. Matches will redirect to the normalized URL. + Slashes in variable parts are not merged. :param redirect_defaults: This will redirect to the default rule if it wasn't visited that way. This helps creating unique URLs. @@ -1354,14 +1357,14 @@ class Map(object): enabled the `host` parameter to rules is used instead of the `subdomain` one. - .. versionadded:: 0.5 - `sort_parameters` and `sort_key` was added. + .. versionchanged:: 1.0 + Added ``merge_slashes``. - .. versionadded:: 0.7 - `encoding_errors` and `host_matching` was added. + .. versionchanged:: 0.7 + Added ``encoding_errors`` and ``host_matching``. - .. versionadded:: 1.0.0 - Added ``merge_slashes``. + .. versionchanged:: 0.5 + Added ``sort_parameters`` and ``sort_key``. """ #: A dict of default converters to be used. From 2d4c4c703d989fdc4024943cf2b5507bf5031b85 Mon Sep 17 00:00:00 2001 From: Alejandro de Haro Date: Tue, 3 Dec 2019 11:44:44 +0100 Subject: [PATCH 101/733] add some RFC HTTP status codes --- CHANGES.rst | 2 ++ src/werkzeug/http.py | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 1adf52877..1063744b1 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -81,6 +81,8 @@ Unreleased - ``Map`` and ``Rule`` have a ``merge_slashes`` option to collapse multiple slashes into one, similar to how many HTTP servers behave. This is enabled by default. :pr:`1286` +- Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status + codes. :pr:`1678` Version 0.16.1 diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index 56dbb0fe5..b428ceeb2 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -140,6 +140,7 @@ 100: "Continue", 101: "Switching Protocols", 102: "Processing", + 103: "Early Hints", # see RFC 8297 200: "OK", 201: "Created", 202: "Accepted", @@ -148,6 +149,7 @@ 205: "Reset Content", 206: "Partial Content", 207: "Multi Status", + 208: "Already Reported", # see RFC 5842 226: "IM Used", # see RFC 3229 300: "Multiple Choices", 301: "Moved Permanently", @@ -155,6 +157,7 @@ 303: "See Other", 304: "Not Modified", 305: "Use Proxy", + 306: "Switch Proxy", # unused 307: "Temporary Redirect", 308: "Permanent Redirect", 400: "Bad Request", @@ -180,6 +183,7 @@ 422: "Unprocessable Entity", 423: "Locked", 424: "Failed Dependency", + 425: "Too Early", # see RFC 8470 426: "Upgrade Required", 428: "Precondition Required", # see RFC 6585 429: "Too Many Requests", @@ -192,8 +196,11 @@ 503: "Service Unavailable", 504: "Gateway Timeout", 505: "HTTP Version Not Supported", + 506: "Variant Also Negotiates", # see RFC 2295 507: "Insufficient Storage", + 508: "Loop Detected", # see RFC 5842 510: "Not Extended", + 511: "Network Authentication Failed", # see RFC 6585 } From baa7bdc19bdbf2db66d0f01ffdf98c4ab5a178ab Mon Sep 17 00:00:00 2001 From: pgjones Date: Sun, 29 Dec 2019 11:17:54 +0000 Subject: [PATCH 102/733] add an update method to the Headers data structure This allows a typical dict action (namely a.update(b)) to be possible with Headers instances. Notably I think the update action should emulate that of standard python dictionaries and overwrite rather than extend (the multi keys). This is the opposite to how the Werkzeug MultiDict works. --- CHANGES.rst | 2 ++ src/werkzeug/datastructures.py | 20 ++++++++++++++++++++ tests/test_datastructures.py | 11 +++++++++++ 3 files changed, 33 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 1063744b1..3ca861ce0 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -83,6 +83,8 @@ Unreleased This is enabled by default. :pr:`1286` - Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status codes. :pr:`1678` +- Add an ``update`` method to the ``Headers`` data structure. + :pr:`1687` Version 0.16.1 diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index e194dd732..9695c7716 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -1265,6 +1265,26 @@ def __setitem__(self, key, value): else: self.set(key, value) + def update(self, *args, **kwargs): + """Update the headers with the key/value pairs from another + headers object and keyword arguments. + + If provided, the first argument can be another :class:`Headers` + object, a :class:`MultiDict`, :class:`dict`, or iterable of + pairs. + + .. versionadded:: 1.0 + """ + if len(args) > 1: + raise TypeError("update expected at most 1 arguments, got %d" % len(args)) + + if args: + for key, value in iter_multi_items(args[0]): + self[key] = value + + for key, value in iter_multi_items(kwargs): + self[key] = value + def to_wsgi_list(self): """Convert the headers into a list suitable for WSGI. diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index 8ff556a58..33ea5301c 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -780,6 +780,17 @@ def test_bytes_operations(self): assert h.get("x-whoops", as_bytes=True) == b"\xff" assert h.get("x-bytes") == "something" + def test_update(self): + h = self.storage_class() + h["x"] = "1" + h.update({"x": "2", "y": "1"}) + assert h.getlist("x") == ["2"] + assert h.getlist("y") == ["1"] + h.update(z="2") + assert h.getlist("z") == ["2"] + h.update(self.storage_class([("a", "b")])) + assert h["a"] == "b" + def test_to_wsgi_list(self): h = self.storage_class() h.set(u"Key", u"Value") From f4f183dfb339e2d8d0cbf55a208d64e89c6b9570 Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 7 Jan 2020 08:51:56 -0800 Subject: [PATCH 103/733] merge slashes at the end of a URL --- CHANGES.rst | 2 +- src/werkzeug/routing.py | 14 ++++++++------ tests/test_routing.py | 5 +++++ 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 3ca861ce0..c0e252fe7 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -80,7 +80,7 @@ Unreleased ``Retry-After`` header. :issue:`1657` - ``Map`` and ``Rule`` have a ``merge_slashes`` option to collapse multiple slashes into one, similar to how many HTTP servers behave. - This is enabled by default. :pr:`1286` + This is enabled by default. :pr:`1286, 1694` - Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status codes. :pr:`1678` - Add an ``update`` method to the ``Headers`` data structure. diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index 5b5cbfbbb..aa07892cb 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -820,12 +820,14 @@ def _build_regex(rule): if self.build_only: return - regex = r"^%s%s$" % ( - u"".join(regex_parts), - (not self.is_leaf or not self.strict_slashes) - and "(?/?)" - or "", - ) + + if not (self.is_leaf and self.strict_slashes): + reps = u"*" if self.merge_slashes else u"?" + tail = u"(?/%s)" % reps + else: + tail = u"" + + regex = u"^%s%s$" % (u"".join(regex_parts), tail) self._regex = re.compile(regex, re.UNICODE) def match(self, path, method=None): diff --git a/tests/test_routing.py b/tests/test_routing.py index 77952778a..65d3ae8b0 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -83,6 +83,11 @@ def test_merge_slashes_match(): assert excinfo.value.new_url.endswith("/yes/tail/") + with pytest.raises(r.RequestRedirect) as excinfo: + adapter.match("/yes/tail//") + + assert excinfo.value.new_url.endswith("/yes/tail/") + assert adapter.match("/no/tail")[0] == "no_tail" assert adapter.match("/yes/tail/")[0] == "yes_tail" From ba0ec96554c69d9afd8414b25524fbb0a26c5f85 Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 7 Jan 2020 12:42:44 -0800 Subject: [PATCH 104/733] dev server accepts two slashes at start of path --- CHANGES.rst | 2 ++ src/werkzeug/serving.py | 13 ++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index c0e252fe7..7e87dad1f 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -85,6 +85,8 @@ Unreleased codes. :pr:`1678` - Add an ``update`` method to the ``Headers`` data structure. :pr:`1687` +- The development server accepts paths that start with two slashes, + rather than stripping off the first path segment. :issue:`491` Version 0.16.1 diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index 4979c3ef8..f2a0dc95e 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -183,7 +183,16 @@ def shutdown_server(): self.client_address = (self.client_address, 0) else: pass - path_info = url_unquote(request_url.path) + + # If there was no scheme but the path started with two slashes, + # the first segment may have been incorrectly parsed as the + # netloc, prepend it to the path again. + if not request_url.scheme and request_url.netloc: + path_info = "/%s%s" % (request_url.netloc, request_url.path) + else: + path_info = request_url.path + + path_info = url_unquote(path_info) environ = { "wsgi.version": (1, 0), @@ -223,6 +232,8 @@ def shutdown_server(): environ["wsgi.input_terminated"] = True environ["wsgi.input"] = DechunkedInput(environ["wsgi.input"]) + # Per RFC 2616, if the URL is absolute, use that as the host. + # We're using "has a scheme" to indicate an absolute URL. if request_url.scheme and request_url.netloc: environ["HTTP_HOST"] = request_url.netloc From 6eb110acf3616af20fcad2d2871e43f443c51426 Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 11 Jan 2020 09:32:53 -0800 Subject: [PATCH 105/733] update flake8 noqa --- setup.cfg | 1 + src/werkzeug/formparser.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/setup.cfg b/setup.cfg index 02e0db220..9381383dc 100644 --- a/setup.cfg +++ b/setup.cfg @@ -53,3 +53,4 @@ per-file-ignores = **/__init__.py: F401 # LocalProxy assigns lambdas src/werkzeug/local.py: E731 + src/werkzeug/contrib/*.py: B014 diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py index 02ae2ce5e..ffdb9b0f1 100644 --- a/src/werkzeug/formparser.py +++ b/src/werkzeug/formparser.py @@ -137,7 +137,7 @@ def wrapper(self, stream, *args, **kwargs): while 1: chunk = stream.read(1024 * 64) if not chunk: - break # noqa: B012 + break return update_wrapper(wrapper, f) From 3c4783bb833818956f9d1558af6c177f0d2f3236 Mon Sep 17 00:00:00 2001 From: pgjones Date: Wed, 8 Jan 2020 14:33:22 +0000 Subject: [PATCH 106/733] Add a setlist method to the Headers datastructure The update method added in baa7bdc19bdbf2db66d0f01ffdf98c4ab5a178ab is meant to replace headers with the mapping passed in. If a MultDict or Headers object is passed in it would replace headers with the final iterated value, rather than all the values iterated over. This could lead to unexpected results, therefore this corrects the functionality to what I think is expected. Consider, h1 = Headers() h1.add("X-Multi", "value") h2 = Headers() h2.add("X-Multi", "newValue") h2.add("X-Multi", "alternativeValue") h1.update(h2) previously `h1.getlist("X-Multi")` would likely equal `["alternativeValue"]` whereas now it equals `["newValue", "alternativeValue"]` which is as you'd expect. --- src/werkzeug/datastructures.py | 32 ++++++++++++++++++++++++++++---- tests/test_datastructures.py | 7 +++++-- 2 files changed, 33 insertions(+), 6 deletions(-) diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 9695c7716..398eeb736 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -1235,6 +1235,19 @@ def set(self, _key, _value, **kw): return self._list[idx + 1 :] = [t for t in listiter if t[0].lower() != ikey] + def setlist(self, key, values): + """Set multiple header values at once. + + The `values` argument should be iterable. This will replace + any existing values for the key with the values passed. It is + the inverse of the getlist method. + + .. versionadded:: 1.0 + """ + self.set(key, values[0]) + for value in values[1:]: + self.add(key, value) + def setdefault(self, key, default): """Returns the value for the key if it is in the dict, otherwise it returns `default` and sets that value for `key`. @@ -1279,10 +1292,21 @@ def update(self, *args, **kwargs): raise TypeError("update expected at most 1 arguments, got %d" % len(args)) if args: - for key, value in iter_multi_items(args[0]): - self[key] = value - - for key, value in iter_multi_items(kwargs): + mapping = args[0] + + if isinstance(mapping, (Headers, MultiDict)): + for key in iterkeys(mapping): + self.setlist(key, mapping.getlist(key)) + elif isinstance(mapping, dict): + for key, value in iteritems(mapping): + if isinstance(value, (tuple, list)): + self.setlist(key, value) + else: + self[key] = value + else: + for item in mapping: + self[key] = item + for key, value in iteritems(kwargs): self[key] = value def to_wsgi_list(self): diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index 33ea5301c..1209607d8 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -788,8 +788,11 @@ def test_update(self): assert h.getlist("y") == ["1"] h.update(z="2") assert h.getlist("z") == ["2"] - h.update(self.storage_class([("a", "b")])) - assert h["a"] == "b" + h2 = self.storage_class([("a", "b")]) + h2.add("a", "c") + h.update(h2, d="e") + assert h.getlist("a") == ["b", "c"] + assert h["d"] == "e" def test_to_wsgi_list(self): h = self.storage_class() From 7d8b779fc3fffe60532934642d8fc7c36257dfc8 Mon Sep 17 00:00:00 2001 From: David Lord Date: Sun, 12 Jan 2020 13:33:56 -0800 Subject: [PATCH 107/733] improve Headers setlist, update, and related setlist removes key if values is empty setlist doesn't copy the values for iteration update uses set instead of `__setitem__` update passes list values in kwargs to setlist add setlistdefault method extend takes kwargs, supports MultiDict add methods to ImmutableHeadersMixin add tests --- CHANGES.rst | 5 +- src/werkzeug/datastructures.py | 123 ++++++++++++++++++++++++--------- tests/test_datastructures.py | 53 ++++++++++---- 3 files changed, 133 insertions(+), 48 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 7e87dad1f..e66354b60 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -83,8 +83,9 @@ Unreleased This is enabled by default. :pr:`1286, 1694` - Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status codes. :pr:`1678` -- Add an ``update`` method to the ``Headers`` data structure. - :pr:`1687` +- Add ``update``, ``setlist``, and ``setlistdefault`` methods to the + ``Headers`` data structure. ``extend`` method can take ``MultiDict`` + and kwargs. :pr:`1687, 1697` - The development server accepts paths that start with two slashes, rather than stripping off the first path segment. :issue:`491` diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 398eeb736..fdff4c2d4 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -1080,21 +1080,30 @@ def values(self): for _, value in iteritems(self): yield value - def extend(self, iterable): - """Extend the headers with a dict or an iterable yielding keys and - values. + def extend(self, *args, **kwargs): + """Extend headers in this object with items from another object + containing header items as well as keyword arguments. + + To replace existing keys instead of extending, use + :meth:`update` instead. + + If provided, the first argument can be another :class:`Headers` + object, a :class:`MultiDict`, :class:`dict`, or iterable of + pairs. + + .. versionchanged:: 1.0 + Support :class:`MultiDict`. Allow passing ``kwargs``. """ - if isinstance(iterable, dict): - for key, value in iteritems(iterable): - if isinstance(value, (tuple, list)): - for v in value: - self.add(key, v) - else: - self.add(key, value) - else: - for key, value in iterable: + if len(args) > 1: + raise TypeError("update expected at most 1 arguments, got %d" % len(args)) + + if args: + for key, value in iter_multi_items(args[0]): self.add(key, value) + for key, value in iter_multi_items(kwargs): + self.add(key, value) + def __delitem__(self, key, _index_operation=True): if _index_operation and isinstance(key, (integer_types, slice)): del self._list[key] @@ -1236,31 +1245,56 @@ def set(self, _key, _value, **kw): self._list[idx + 1 :] = [t for t in listiter if t[0].lower() != ikey] def setlist(self, key, values): - """Set multiple header values at once. + """Remove any existing values for a header and add new ones. - The `values` argument should be iterable. This will replace - any existing values for the key with the values passed. It is - the inverse of the getlist method. + :param key: The header key to set. + :param values: An iterable of values to set for the key. .. versionadded:: 1.0 """ - self.set(key, values[0]) - for value in values[1:]: - self.add(key, value) + if values: + values_iter = iter(values) + self.set(key, next(values_iter)) + + for value in values_iter: + self.add(key, value) + else: + self.remove(key) def setdefault(self, key, default): - """Returns the value for the key if it is in the dict, otherwise it - returns `default` and sets that value for `key`. + """Return the first value for the key if it is in the headers, + otherwise set the header to the value given by ``default`` and + return that. - :param key: The key to be looked up. - :param default: The default value to be returned if the key is not - in the dict. If not further specified it's `None`. + :param key: The header key to get. + :param default: The value to set for the key if it is not in the + headers. """ if key in self: return self[key] + self.set(key, default) return default + def setlistdefault(self, key, default): + """Return the list of values for the key if it is in the + headers, otherwise set the header to the list of values given + by ``default`` and return that. + + Unlike :meth:`MultiDict.setlistdefault`, modifying the returned + list will not affect the headers. + + :param key: The header key to get. + :param default: An iterable of values to set for the key if it + is not in the headers. + + .. versionadded:: 1.0 + """ + if key not in self: + self.setlist(key, default) + + return self.getlist(key) + def __setitem__(self, key, value): """Like :meth:`set` but also supports index/slice based setting.""" if isinstance(key, (slice, integer_types)): @@ -1279,9 +1313,12 @@ def __setitem__(self, key, value): self.set(key, value) def update(self, *args, **kwargs): - """Update the headers with the key/value pairs from another + """Replace headers in this object with items from another headers object and keyword arguments. + To extend existing keys instead of replacing, use :meth:`extend` + instead. + If provided, the first argument can be another :class:`Headers` object, a :class:`MultiDict`, :class:`dict`, or iterable of pairs. @@ -1295,19 +1332,23 @@ def update(self, *args, **kwargs): mapping = args[0] if isinstance(mapping, (Headers, MultiDict)): - for key in iterkeys(mapping): + for key in mapping.keys(): self.setlist(key, mapping.getlist(key)) elif isinstance(mapping, dict): for key, value in iteritems(mapping): - if isinstance(value, (tuple, list)): + if isinstance(value, (list, tuple)): self.setlist(key, value) else: - self[key] = value + self.set(key, value) else: - for item in mapping: - self[key] = item + for key, value in mapping: + self.set(key, value) + for key, value in iteritems(kwargs): - self[key] = value + if isinstance(value, (list, tuple)): + self.setlist(key, value) + else: + self.set(key, value) def to_wsgi_list(self): """Convert the headers into a list suitable for WSGI. @@ -1355,14 +1396,25 @@ def __delitem__(self, key, **kwargs): def __setitem__(self, key, value): is_immutable(self) - set = __setitem__ + def set(self, key, value): + is_immutable(self) + + def setlist(self, key, value): + is_immutable(self) def add(self, item): is_immutable(self) - remove = add_header = add + def add_header(self, item): + is_immutable(self) - def extend(self, iterable): + def remove(self, item): + is_immutable(self) + + def extend(self, *args, **kwargs): + is_immutable(self) + + def update(self, *args, **kwargs): is_immutable(self) def insert(self, pos, value): @@ -1377,6 +1429,9 @@ def popitem(self): def setdefault(self, key, default): is_immutable(self) + def setlistdefault(self, key, default): + is_immutable(self) + class EnvironHeaders(ImmutableHeadersMixin, Headers): """Read only version of the headers from a WSGI environment. This diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index 1209607d8..97ac1e287 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -780,19 +780,48 @@ def test_bytes_operations(self): assert h.get("x-whoops", as_bytes=True) == b"\xff" assert h.get("x-bytes") == "something" + def test_extend(self): + h = self.storage_class([("a", "0"), ("b", "1"), ("c", "2")]) + h.extend(datastructures.Headers([("a", "3"), ("a", "4")])) + assert h.getlist("a") == ["0", "3", "4"] + h.extend(b=["5", "6"]) + assert h.getlist("b") == ["1", "5", "6"] + h.extend({"c": "7", "d": ["8", "9"]}, c="10") + assert h.getlist("c") == ["2", "7", "10"] + assert h.getlist("d") == ["8", "9"] + + with pytest.raises(TypeError): + h.extend({"x": "x"}, {"x": "x"}) + def test_update(self): - h = self.storage_class() - h["x"] = "1" - h.update({"x": "2", "y": "1"}) - assert h.getlist("x") == ["2"] - assert h.getlist("y") == ["1"] - h.update(z="2") - assert h.getlist("z") == ["2"] - h2 = self.storage_class([("a", "b")]) - h2.add("a", "c") - h.update(h2, d="e") - assert h.getlist("a") == ["b", "c"] - assert h["d"] == "e" + h = self.storage_class([("a", "0"), ("b", "1"), ("c", "2")]) + h.update(datastructures.Headers([("a", "3"), ("a", "4")])) + assert h.getlist("a") == ["3", "4"] + h.update(b=["5", "6"]) + assert h.getlist("b") == ["5", "6"] + h.update({"c": "7", "d": ["8", "9"]}) + assert h.getlist("c") == ["7"] + assert h.getlist("d") == ["8", "9"] + h.update({"c": "10"}, c="11") + assert h.getlist("c") == ["11"] + + with pytest.raises(TypeError): + h.extend({"x": "x"}, {"x": "x"}) + + def test_setlist(self): + h = self.storage_class([("a", "0"), ("b", "1"), ("c", "2")]) + h.setlist("b", ["3", "4"]) + assert h[1] == ("b", "3") + assert h[-1] == ("b", "4") + h.setlist("b", []) + assert "b" not in h + h.setlist("d", ["5"]) + assert h["d"] == "5" + + def test_setlistdefault(self): + h = self.storage_class([("a", "0"), ("b", "1"), ("c", "2")]) + assert h.setlistdefault("a", ["3"]) == ["0"] + assert h.setlistdefault("d", ["4", "5"]) == ["4", "5"] def test_to_wsgi_list(self): h = self.storage_class() From bb64132db67553a73bbdd3327a0da28edacb5b98 Mon Sep 17 00:00:00 2001 From: pgjones Date: Tue, 14 Jan 2020 21:43:23 +0000 Subject: [PATCH 108/733] Use parse_list_header to parse X-Forwarded-For headers This is a minor change to use the standardised and more robust parser rather than splitting on `,`. In practice it may not matter as quotes aren't meant to be present in the X-Forwarded-For header, and I can't find reference to a bug. However there is no RFC and this seems the more consistent way to parse this header. --- src/werkzeug/wrappers/base_request.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py index e18949b33..1f21db2e3 100644 --- a/src/werkzeug/wrappers/base_request.py +++ b/src/werkzeug/wrappers/base_request.py @@ -14,6 +14,7 @@ from ..formparser import default_stream_factory from ..formparser import FormDataParser from ..http import parse_cookie +from ..http import parse_list_header from ..http import parse_options_header from ..urls import url_decode from ..utils import cached_property @@ -616,8 +617,9 @@ def access_route(self): from the client ip to the last proxy server. """ if "HTTP_X_FORWARDED_FOR" in self.environ: - addr = self.environ["HTTP_X_FORWARDED_FOR"].split(",") - return self.list_storage_class([x.strip() for x in addr]) + return self.list_storage_class( + parse_list_header(self.environ["HTTP_X_FORWARDED_FOR"]) + ) elif "REMOTE_ADDR" in self.environ: return self.list_storage_class([self.environ["REMOTE_ADDR"]]) return self.list_storage_class() From 73358a809a4227960100c61e1286bae9123d877d Mon Sep 17 00:00:00 2001 From: pgjones Date: Sat, 11 Jan 2020 21:02:18 +0000 Subject: [PATCH 109/733] Add Access Control, CORS (Cross Origin Request Sharing) header methods This should make it a little easier to get and set access control headers as it ensures the types and naming is correct. It is also intentionally very minimal like the other header accessors. --- CHANGES.rst | 2 + src/werkzeug/wrappers/cors.py | 102 ++++++++++++++++++++++++++++++ src/werkzeug/wrappers/request.py | 5 ++ src/werkzeug/wrappers/response.py | 8 ++- tests/test_wrappers.py | 25 ++++++++ 5 files changed, 140 insertions(+), 2 deletions(-) create mode 100644 src/werkzeug/wrappers/cors.py diff --git a/CHANGES.rst b/CHANGES.rst index e66354b60..6c1ec0975 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -88,6 +88,8 @@ Unreleased and kwargs. :pr:`1687, 1697` - The development server accepts paths that start with two slashes, rather than stripping off the first path segment. :issue:`491` +- Add access control (Cross Origin Request Sharing, CORS) header + methods to the Request and Response wrappers. :pr:`1699` Version 0.16.1 diff --git a/src/werkzeug/wrappers/cors.py b/src/werkzeug/wrappers/cors.py new file mode 100644 index 000000000..0ea442e26 --- /dev/null +++ b/src/werkzeug/wrappers/cors.py @@ -0,0 +1,102 @@ +from ..http import dump_header +from ..http import parse_set_header +from ..utils import environ_property +from ..utils import header_property + + +class CORSRequestMixin(object): + """A mixin for :class:`BaseRequest` subclasses. ``Request`` classes + that subclass this will get descriptors for Cross Origin Resource + Sharing (CORS) headers. + + .. versionadded:: 1.0 + """ + + origin = environ_property( + "HTTP_ORIGIN", + doc=( + "The host that the request originated from. Set" + " :attr:`~CORSResponseMixin.access_control_allow_origin` on" + " the response to indicate which origins are allowed." + ), + ) + + access_control_request_headers = environ_property( + "HTTP_ACCESS_CONTROL_REQUEST_HEADERS", + load_func=parse_set_header, + doc=( + "Sent with a preflight request to indicate which headers" + " will be sent with the cross origin request. Set" + " :attr:`~CORSResponseMixin.access_control_allow_headers`" + " on the response to indicate which headers are allowed." + ), + ) + + access_control_request_method = environ_property( + "HTTP_ACCESS_CONTROL_REQUEST_METHOD", + doc=( + "Sent with a preflight request to indicate which method" + " will be used for the cross origin request. Set" + " :attr:`~CORSResponseMixin.access_control_allow_methods`" + " on the response to indicate which methods are allowed." + ), + ) + + +class CORSResponseMixin(object): + """A mixin for :class:`BaseResponse` subclasses. ``Response`` + classes that subclass this will get descriptors for Cross Origin + Resource Sharing (CORS) headers. + + .. versionadded:: 1.0 + """ + + @property + def access_control_allow_credentials(self): + """Whether credentials can be shared by the browser to + JavaScript code. As part of the preflight request it indicates + whether credentials can be used on the cross origin request. + """ + return "Access-Control-Allow-Credentials" in self.headers + + @access_control_allow_credentials.setter + def access_control_allow_credentials(self, value): + if value is True: + self.headers["Access-Control-Allow-Credentials"] = "true" + else: + self.headers.pop("Access-Control-Allow-Credentials", None) + + access_control_allow_headers = header_property( + "Access-Control-Allow-Headers", + load_func=parse_set_header, + dump_func=dump_header, + doc="Which headers can be sent with the cross origin request.", + ) + + access_control_allow_methods = header_property( + "Access-Control-Allow-Methods", + load_func=parse_set_header, + dump_func=dump_header, + doc="Which methods can be used for the cross origin request.", + ) + + access_control_allow_origin = header_property( + "Access-Control-Allow-Origin", + load_func=parse_set_header, + dump_func=dump_header, + doc="The origins that may make cross origin requests.", + ) + + access_control_expose_headers = header_property( + "Access-Control-Expose-Headers", + load_func=parse_set_header, + dump_func=dump_header, + doc="Which headers can be shared by the browser to JavaScript code.", + ) + + access_control_max_age = header_property( + "Access-Control-Max-Age", + load_func=int, + dump_func=str, + doc="The maximum age in seconds the access control settings can be cached for.", + ) diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py index 4aafa6fd8..3b469a1fa 100644 --- a/src/werkzeug/wrappers/request.py +++ b/src/werkzeug/wrappers/request.py @@ -2,6 +2,7 @@ from .auth import AuthorizationMixin from .base_request import BaseRequest from .common_descriptors import CommonRequestDescriptorsMixin +from .cors import CORSRequestMixin from .etag import ETagRequestMixin from .user_agent import UserAgentMixin @@ -12,6 +13,7 @@ class Request( ETagRequestMixin, UserAgentMixin, AuthorizationMixin, + CORSRequestMixin, CommonRequestDescriptorsMixin, ): """Full featured request object implementing the following mixins: @@ -20,7 +22,10 @@ class Request( - :class:`ETagRequestMixin` for etag and cache control handling - :class:`UserAgentMixin` for user agent introspection - :class:`AuthorizationMixin` for http auth handling + - :class:`RequestCORSMixin` for Cross Origin Resource Sharing + headers - :class:`CommonRequestDescriptorsMixin` for common headers + """ diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py index 58707a6ae..fad9f82f2 100644 --- a/src/werkzeug/wrappers/response.py +++ b/src/werkzeug/wrappers/response.py @@ -2,6 +2,7 @@ from .auth import WWWAuthenticateMixin from .base_response import BaseResponse from .common_descriptors import CommonResponseDescriptorsMixin +from .cors import CORSResponseMixin from .etag import ETagResponseMixin @@ -65,14 +66,17 @@ def stream(self): class Response( BaseResponse, ETagResponseMixin, + WWWAuthenticateMixin, + CORSResponseMixin, ResponseStreamMixin, CommonResponseDescriptorsMixin, - WWWAuthenticateMixin, ): """Full featured response object implementing the following mixins: - :class:`ETagResponseMixin` for etag and cache control handling + - :class:`WWWAuthenticateMixin` for HTTP authentication support + - :class:`ResponseCORSMixin` for Cross Origin Resource Sharing + headers - :class:`ResponseStreamMixin` to add support for the `stream` property - :class:`CommonResponseDescriptorsMixin` for various HTTP descriptors - - :class:`WWWAuthenticateMixin` for HTTP authentication support """ diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py index b0ade1032..25a41c86a 100644 --- a/tests/test_wrappers.py +++ b/tests/test_wrappers.py @@ -270,6 +270,31 @@ def failing_application(request): assert resp.status_code == 400 +def test_request_access_control(): + request = wrappers.Request.from_values( + headers={ + "Origin": "https://palletsprojects.com", + "Access-Control-Request-Headers": "X-A, X-B", + "Access-Control-Request-Method": "PUT", + }, + ) + assert request.origin == "https://palletsprojects.com" + assert request.access_control_request_headers == {"X-A", "X-B"} + assert request.access_control_request_method == "PUT" + + +def test_response_access_control(): + response = wrappers.Response("Hello World") + assert response.access_control_allow_credentials is False + response.access_control_allow_credentials = True + response.access_control_allow_headers = ["X-A", "X-B"] + assert response.headers["Access-Control-Allow-Credentials"] == "true" + assert set(response.headers["Access-Control-Allow-Headers"].split(", ")) == { + "X-A", + "X-B", + } + + def test_base_response(): # unicode response = wrappers.BaseResponse(u"öäü") From 0a5f8929a31c1732093563ff5f33fdf02f4eac3d Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 14 Jan 2020 15:04:48 -0800 Subject: [PATCH 110/733] use parse_list_header in ProxyFix --- src/werkzeug/middleware/proxy_fix.py | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/src/werkzeug/middleware/proxy_fix.py b/src/werkzeug/middleware/proxy_fix.py index a562cfa2e..f393f61d3 100644 --- a/src/werkzeug/middleware/proxy_fix.py +++ b/src/werkzeug/middleware/proxy_fix.py @@ -21,6 +21,7 @@ :copyright: 2007 Pallets :license: BSD-3-Clause """ +from werkzeug.http import parse_list_header class ProxyFix(object): @@ -90,20 +91,23 @@ def __init__(self, app, x_for=1, x_proto=1, x_host=0, x_port=0, x_prefix=0): self.x_port = x_port self.x_prefix = x_prefix - def _get_trusted_comma(self, trusted, value): - """Get the real value from a comma-separated header based on the - configured number of trusted proxies. + def _get_real_value(self, trusted, value): + """Get the real value from a list header based on the configured + number of trusted proxies. :param trusted: Number of values to trust in the header. - :param value: Header value to parse. + :param value: Comma separated list header value to parse. :return: The real value, or ``None`` if there are fewer values than the number of trusted proxies. + .. versionchanged:: 1.0 + Renamed from ``_get_trusted_comma``. + .. versionadded:: 0.15 """ if not (trusted and value): return - values = [x.strip() for x in value.split(",")] + values = parse_list_header(value) if len(values) >= trusted: return values[-trusted] @@ -129,19 +133,17 @@ def __call__(self, environ, start_response): } ) - x_for = self._get_trusted_comma(self.x_for, environ_get("HTTP_X_FORWARDED_FOR")) + x_for = self._get_real_value(self.x_for, environ_get("HTTP_X_FORWARDED_FOR")) if x_for: environ["REMOTE_ADDR"] = x_for - x_proto = self._get_trusted_comma( + x_proto = self._get_real_value( self.x_proto, environ_get("HTTP_X_FORWARDED_PROTO") ) if x_proto: environ["wsgi.url_scheme"] = x_proto - x_host = self._get_trusted_comma( - self.x_host, environ_get("HTTP_X_FORWARDED_HOST") - ) + x_host = self._get_real_value(self.x_host, environ_get("HTTP_X_FORWARDED_HOST")) if x_host: environ["HTTP_HOST"] = x_host parts = x_host.split(":", 1) @@ -149,9 +151,7 @@ def __call__(self, environ, start_response): if len(parts) == 2: environ["SERVER_PORT"] = parts[1] - x_port = self._get_trusted_comma( - self.x_port, environ_get("HTTP_X_FORWARDED_PORT") - ) + x_port = self._get_real_value(self.x_port, environ_get("HTTP_X_FORWARDED_PORT")) if x_port: host = environ.get("HTTP_HOST") if host: @@ -160,7 +160,7 @@ def __call__(self, environ, start_response): environ["HTTP_HOST"] = "%s:%s" % (host, x_port) environ["SERVER_PORT"] = x_port - x_prefix = self._get_trusted_comma( + x_prefix = self._get_real_value( self.x_prefix, environ_get("HTTP_X_FORWARDED_PREFIX") ) if x_prefix: From a4836ed10b9331bdf1a8af76f8468af281c7db97 Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 14 Jan 2020 15:30:40 -0800 Subject: [PATCH 111/733] update wrapper mixin docs --- CHANGES.rst | 2 +- docs/wrappers.rst | 54 ++++++++++++++++++++++++------- src/werkzeug/wrappers/cors.py | 12 +++---- src/werkzeug/wrappers/request.py | 14 ++++---- src/werkzeug/wrappers/response.py | 14 ++++---- 5 files changed, 65 insertions(+), 31 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 6c1ec0975..951fc1117 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -89,7 +89,7 @@ Unreleased - The development server accepts paths that start with two slashes, rather than stripping off the first path segment. :issue:`491` - Add access control (Cross Origin Request Sharing, CORS) header - methods to the Request and Response wrappers. :pr:`1699` + properties to the ``Request`` and ``Response`` wrappers. :pr:`1699` Version 0.16.1 diff --git a/docs/wrappers.rst b/docs/wrappers.rst index 2a8c406f3..9d3de82a9 100644 --- a/docs/wrappers.rst +++ b/docs/wrappers.rst @@ -150,30 +150,64 @@ and :class:`BaseResponse` classes and implement all the mixins Werkzeug provides .. autoclass:: Response -.. autoclass:: AcceptMixin - :members: -.. autoclass:: AuthorizationMixin - :members: +Common Descriptors +------------------ -.. autoclass:: ETagRequestMixin +.. autoclass:: CommonRequestDescriptorsMixin :members: -.. autoclass:: ETagResponseMixin +.. autoclass:: CommonResponseDescriptorsMixin :members: + +Response Stream +--------------- + .. autoclass:: ResponseStreamMixin :members: -.. autoclass:: CommonRequestDescriptorsMixin + +Accept +------ + +.. autoclass:: AcceptMixin :members: -.. autoclass:: CommonResponseDescriptorsMixin + +Authentication +-------------- + +.. autoclass:: AuthorizationMixin :members: .. autoclass:: WWWAuthenticateMixin :members: + +CORS +---- + +.. autoclass:: werkzeug.wrappers.cors.CORSRequestMixin + :members: + +.. autoclass:: werkzeug.wrappers.cors.CORSResponseMixin + :members: + + +ETag +---- + +.. autoclass:: ETagRequestMixin + :members: + +.. autoclass:: ETagResponseMixin + :members: + + +User Agent +---------- + .. autoclass:: UserAgentMixin :members: @@ -189,10 +223,8 @@ opted into by creating your own subclasses:: pass -.. module:: werkzeug.wrappers.json - JSON ---- -.. autoclass:: JSONMixin +.. autoclass:: werkzeug.wrappers.json.JSONMixin :members: diff --git a/src/werkzeug/wrappers/cors.py b/src/werkzeug/wrappers/cors.py index 0ea442e26..790e50e9f 100644 --- a/src/werkzeug/wrappers/cors.py +++ b/src/werkzeug/wrappers/cors.py @@ -5,9 +5,9 @@ class CORSRequestMixin(object): - """A mixin for :class:`BaseRequest` subclasses. ``Request`` classes - that subclass this will get descriptors for Cross Origin Resource - Sharing (CORS) headers. + """A mixin for :class:`~werkzeug.wrappers.BaseRequest` subclasses + that adds descriptors for Cross Origin Resource Sharing (CORS) + headers. .. versionadded:: 1.0 """ @@ -44,9 +44,9 @@ class CORSRequestMixin(object): class CORSResponseMixin(object): - """A mixin for :class:`BaseResponse` subclasses. ``Response`` - classes that subclass this will get descriptors for Cross Origin - Resource Sharing (CORS) headers. + """A mixin for :class:`~werkzeug.wrappers.BaseResponse` subclasses + that adds descriptors for Cross Origin Resource Sharing (CORS) + headers. .. versionadded:: 1.0 """ diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py index 3b469a1fa..5c2fe1029 100644 --- a/src/werkzeug/wrappers/request.py +++ b/src/werkzeug/wrappers/request.py @@ -18,13 +18,13 @@ class Request( ): """Full featured request object implementing the following mixins: - - :class:`AcceptMixin` for accept header parsing - - :class:`ETagRequestMixin` for etag and cache control handling - - :class:`UserAgentMixin` for user agent introspection - - :class:`AuthorizationMixin` for http auth handling - - :class:`RequestCORSMixin` for Cross Origin Resource Sharing - headers - - :class:`CommonRequestDescriptorsMixin` for common headers + - :class:`AcceptMixin` for accept header parsing + - :class:`ETagRequestMixin` for etag and cache control handling + - :class:`UserAgentMixin` for user agent introspection + - :class:`AuthorizationMixin` for http auth handling + - :class:`~werkzeug.wrappers.cors.CORSRequestMixin` for Cross + Origin Resource Sharing headers + - :class:`CommonRequestDescriptorsMixin` for common headers """ diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py index fad9f82f2..8f190f75b 100644 --- a/src/werkzeug/wrappers/response.py +++ b/src/werkzeug/wrappers/response.py @@ -73,10 +73,12 @@ class Response( ): """Full featured response object implementing the following mixins: - - :class:`ETagResponseMixin` for etag and cache control handling - - :class:`WWWAuthenticateMixin` for HTTP authentication support - - :class:`ResponseCORSMixin` for Cross Origin Resource Sharing - headers - - :class:`ResponseStreamMixin` to add support for the `stream` property - - :class:`CommonResponseDescriptorsMixin` for various HTTP descriptors + - :class:`ETagResponseMixin` for etag and cache control handling + - :class:`WWWAuthenticateMixin` for HTTP authentication support + - :class:`~werkzeug.wrappers.cors.CORSResponseMixin` for Cross + Origin Resource Sharing headers + - :class:`ResponseStreamMixin` to add support for the ``stream`` + property + - :class:`CommonResponseDescriptorsMixin` for various HTTP + descriptors """ From 89995fb1148a19714573db9173606a65f88f8aca Mon Sep 17 00:00:00 2001 From: pgjones Date: Thu, 16 Jan 2020 13:44:48 +0000 Subject: [PATCH 112/733] Conserve order for equal quality in accept datastructures Both RFC4647-2.3 and RFC7231 imply that user agents may put equal quality tags (especially language tags) in order of their prefered priority. This means that this would ideally be the case, a = parse_accept_header("en-US,fr-FR", LanguageAccept) assert a.best == "en-US" which it previously wasn't as `f` is after `e`. I've looked back through the commits and found the previous behaviour (sorting by tag name) was added with Accept in 802a12c0850439088de46ae188c64ab259b16695. I can find no reason for the previous behaviour to be requirement. --- CHANGES.rst | 2 ++ src/werkzeug/datastructures.py | 10 +++++++--- tests/test_datastructures.py | 4 ++++ tests/test_wrappers.py | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 951fc1117..22baeae09 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -90,6 +90,8 @@ Unreleased rather than stripping off the first path segment. :issue:`491` - Add access control (Cross Origin Request Sharing, CORS) header properties to the ``Request`` and ``Response`` wrappers. :pr:`1699` +- ``Accept`` values are no longer ordered alphabetically for equal + quality tags. Instead the initial order is preserved. :issue:`1686` Version 0.16.1 diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index fdff4c2d4..1cda034fc 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -1743,6 +1743,12 @@ class Accept(ImmutableList): .. versionchanged:: 0.5 :class:`Accept` objects are forced immutable now. + + .. versionchanged:: 1.0.0 + :class:`Accept` internal values are no longer ordered + alphabetically for equal quality tags. Instead the initial + order is preserved. + """ def __init__(self, values=()): @@ -1755,9 +1761,7 @@ def __init__(self, values=()): else: self.provided = True values = sorted( - values, - key=lambda x: (self._specificity(x[0]), x[1], x[0]), - reverse=True, + values, key=lambda x: (self._specificity(x[0]), x[1]), reverse=True, ) list.__init__(self, values) diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index 97ac1e287..a64fa9e1b 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -1126,6 +1126,10 @@ def test_accept_wildcard_specificity(self): assert accept.best_match(["asterisk", "times"], default=None) == "times" assert accept.best_match(["asterisk"], default=None) is None + def test_accept_equal_quality(self): + accept = self.storage_class([("a", 1), ("b", 1)]) + assert accept.best == "a" + class TestMIMEAccept(object): @pytest.mark.parametrize( diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py index 25a41c86a..6973a1c57 100644 --- a/tests/test_wrappers.py +++ b/tests/test_wrappers.py @@ -438,9 +438,9 @@ def test_accept_mixin(): assert request.accept_mimetypes == MIMEAccept( [ ("text/xml", 1), - ("image/png", 1), ("application/xml", 1), ("application/xhtml+xml", 1), + ("image/png", 1), ("text/html", 0.9), ("text/plain", 0.8), ("*/*", 0.5), From a578c8f7842df3b2c2fc0ccfe6ac16aa0bc7b0de Mon Sep 17 00:00:00 2001 From: David Lord Date: Sun, 26 Jan 2020 15:28:19 -0800 Subject: [PATCH 113/733] remove old docs about decoding errors --- docs/unicode.rst | 47 +++++++---------------------------------------- 1 file changed, 7 insertions(+), 40 deletions(-) diff --git a/docs/unicode.rst b/docs/unicode.rst index 446febf9d..a993ca5eb 100644 --- a/docs/unicode.rst +++ b/docs/unicode.rst @@ -68,49 +68,16 @@ a text file from the file system looks like this:: There is also the codecs module which provides an open function that decodes automatically from the given encoding. + Error Handling ============== -With Werkzeug 0.3 onwards you can further control the way Werkzeug works with -unicode. In the past Werkzeug ignored encoding errors silently on incoming -data. This decision was made to avoid internal server errors if the user -tampered with the submitted data. However there are situations where you -want to abort with a `400 BAD REQUEST` instead of silently ignoring the error. - -All the functions that do internal decoding now accept an `errors` keyword -argument that behaves like the `errors` parameter of the builtin string method -`decode`. The following values are possible: - -`ignore` - This is the default behavior and tells the codec to ignore characters that - it doesn't understand silently. - -`replace` - The codec will replace unknown characters with a replacement character - (`U+FFFD` ``REPLACEMENT CHARACTER``) - -`strict` - Raise an exception if decoding fails. - -Unlike the regular python decoding Werkzeug does not raise an -:exc:`UnicodeDecodeError` if the decoding failed but an -:exc:`~exceptions.HTTPUnicodeError` which -is a direct subclass of `UnicodeError` and the `BadRequest` HTTP exception. -The reason is that if this exception is not caught by the application but -a catch-all for HTTP exceptions exists a default `400 BAD REQUEST` error -page is displayed. - -There is additional error handling available which is a Werkzeug extension -to the regular codec error handling which is called `fallback`. Often you -want to use utf-8 but support latin1 as legacy encoding too if decoding -failed. For this case you can use the `fallback` error handling. For -example you can specify ``'fallback:iso-8859-15'`` to tell Werkzeug it should -try with `iso-8859-15` if `utf-8` failed. If this decoding fails too (which -should not happen for most legacy charsets such as `iso-8859-15`) the error -is silently ignored as if the error handling was `ignore`. - -Further details are available as part of the API documentation of the concrete -implementations of the functions or classes working with unicode. +Functions that do internal encoding or decoding accept an ``errors`` +keyword argument that is passed to :meth:`str.decode` and +:meth:`str.encode`. The default is ``'replace'`` so that errors are easy +to spot. It might be useful to set it to ``'strict'`` in order to catch +the error and report the bad data to the client. + Request and Response Objects ============================ From 2b2c4c3dd3cf7389e9f4aa06371b7332257c6289 Mon Sep 17 00:00:00 2001 From: David Lord Date: Sun, 26 Jan 2020 19:51:37 -0800 Subject: [PATCH 114/733] release version 0.16.1 --- CHANGES.rst | 2 +- setup.cfg | 1 + src/werkzeug/__init__.py | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 580146876..69f54795a 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -3,7 +3,7 @@ Version 0.16.1 -------------- -Unreleased +Released 2020-01-27 - Fix import location in deprecation messages for subpackages. :issue:`1663` diff --git a/setup.cfg b/setup.cfg index 9381383dc..260a2f926 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,5 +1,6 @@ [metadata] license_file = LICENSE.rst +long_description_content_type = text/x-rst [bdist_wheel] universal = true diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index 4be464264..c3395e0bb 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -14,7 +14,7 @@ """ from types import ModuleType -__version__ = "0.16.0" +__version__ = "0.16.1" __all__ = ["run_simple", "Client", "Request", "Response", "__version__"] From 5ee2ffeca0447b8fe78dad6a168c5252a115a767 Mon Sep 17 00:00:00 2001 From: pgjones Date: Sun, 19 Jan 2020 17:34:12 +0000 Subject: [PATCH 115/733] Allow routing Map lock type to be customized This will allow a subclass to specify a different type of lock, specifically an asyncio or trio lock in order for the routing to be used with these event loops. Note that gevent/eventlet monkey patch Lock so nothing has been or is required for their usage. --- CHANGES.rst | 2 ++ src/werkzeug/routing.py | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index 004ea10d7..f931152f1 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -92,6 +92,8 @@ Unreleased properties to the ``Request`` and ``Response`` wrappers. :pr:`1699` - ``Accept`` values are no longer ordered alphabetically for equal quality tags. Instead the initial order is preserved. :issue:`1686` +- Added ``Map.lock_class`` attribute for alternative + implementations. :pr:`1702` Version 0.16.1 diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index aa07892cb..6ca232136 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -1372,6 +1372,11 @@ class Map(object): #: A dict of default converters to be used. default_converters = ImmutableDict(DEFAULT_CONVERTERS) + #: The type of lock to use when updating. + #: + #: .. versionadded:: 1.0 + lock_class = Lock + def __init__( self, rules=None, @@ -1389,7 +1394,7 @@ def __init__( self._rules = [] self._rules_by_endpoint = {} self._remap = True - self._remap_lock = Lock() + self._remap_lock = self.lock_class() self.default_subdomain = default_subdomain self.charset = charset From 852c4e66aa59b66b82cfd13e6c2845db1060902a Mon Sep 17 00:00:00 2001 From: pgjones Date: Sat, 25 Jan 2020 14:06:57 +0000 Subject: [PATCH 116/733] add samesite cookie support to test client --- CHANGES.rst | 2 ++ src/werkzeug/test.py | 12 +++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index f931152f1..af67d1e43 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -44,6 +44,8 @@ Unreleased such that ``X-Foo`` is the same as ``x-foo``. :pr:`1605` - :meth:`http.dump_cookie` accepts ``'None'`` as a value for ``samesite``. :issue:`1549` +- :meth:`~test.Client.set_cookie` accepts a ``samesite`` argument. + :pr:`1705` - Support the Content Security Policy header through the `Response.content_security_policy` data structure. :pr:`1617` - ``LanguageAccept`` will fall back to matching "en" for "en-US" or diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index 6746c500f..c5ce50a06 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -824,6 +824,7 @@ def set_cookie( domain=None, secure=None, httponly=False, + samesite=None, charset="utf-8", ): """Sets a cookie in the client's cookie jar. The server name @@ -832,7 +833,16 @@ def set_cookie( """ assert self.cookie_jar is not None, "cookies disabled" header = dump_cookie( - key, value, max_age, expires, path, domain, secure, httponly, charset + key, + value, + max_age, + expires, + path, + domain, + secure, + httponly, + charset, + samesite=samesite, ) environ = create_environ(path, base_url="http://" + server_name) headers = [("Set-Cookie", header)] From e751e31bab28a80e83c5b4b6520979e553a61a10 Mon Sep 17 00:00:00 2001 From: pgjones Date: Fri, 31 Jan 2020 16:37:18 +0000 Subject: [PATCH 117/733] Support for Python 3.4 has been dropped (This was missed previously) --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 32eb48698..157d884ab 100644 --- a/setup.py +++ b/setup.py @@ -52,7 +52,7 @@ packages=find_packages("src"), package_dir={"": "src"}, include_package_data=True, - python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*", + python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*", extras_require={ "watchdog": ["watchdog"], "dev": [ From 49cf35b05142d05f9a3c4db80606a7d4722c9db9 Mon Sep 17 00:00:00 2001 From: pgjones Date: Fri, 31 Jan 2020 18:48:33 +0000 Subject: [PATCH 118/733] Upgrade version to 1.0.0rc1 This follows the release of this release candidate version. Note e751e31bab28a80e83c5b4b6520979e553a61a10 is the commit that corresponds to 1.0.0rc1 --- src/werkzeug/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index 6a7f50fbc..ae4efeb75 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -17,4 +17,4 @@ from .wrappers import Request from .wrappers import Response -__version__ = "1.0.0.dev0" +__version__ = "1.0.0rc1" From e932a1f18f5d79c535aea1588ea5545c1870fde6 Mon Sep 17 00:00:00 2001 From: pgjones Date: Wed, 29 Jan 2020 21:02:13 +0000 Subject: [PATCH 119/733] Add support for WebSocket rules in the routing This allows for Rules to be marked as a WebSocket route and only matched if the binding is websocket. It also ensures that when a websocket rule is built with a scheme it defaults to the `ws` or `wss` scheme. --- CHANGES.rst | 2 + docs/routing.rst | 29 ++++++++++++++ src/werkzeug/routing.py | 83 +++++++++++++++++++++++++++++++++++++---- tests/test_routing.py | 31 +++++++++++++++ 4 files changed, 137 insertions(+), 8 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index af67d1e43..276e866ab 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -96,6 +96,8 @@ Unreleased quality tags. Instead the initial order is preserved. :issue:`1686` - Added ``Map.lock_class`` attribute for alternative implementations. :pr:`1702` +- Support WebSocket rules (binding to WebSocket requests) in the + routing systems. :pr:`1709` Version 0.16.1 diff --git a/docs/routing.rst b/docs/routing.rst index 68f74cc1c..d3accb114 100644 --- a/docs/routing.rst +++ b/docs/routing.rst @@ -227,3 +227,32 @@ Variable parts are of course also possible in the host section:: Rule('/', endpoint='www_index', host='www.example.com'), Rule('/', endpoint='user_index', host='.example.com') ], host_matching=True) + + +WebSockets +========== + +.. versionadded:: 1.0 + +With Werkzeug 1.0 onwards it is possible to mark a Rule as a websocket +and only match it if the MapAdapter is created with a websocket +bind. This functionality can be used as so:: + + url_map = Map([ + Rule("/", endpoint="index", websocket=True), + ]) + adapter = map.bind("example.org", "/", url_scheme="ws") + assert adapter.match("/") == ("index", {}) + +If the only match is a WebSocket rule and the bind is http (or the +only match is http and the bind is websocket) a +:class:`WebsocketMismatch` (derives from :class:`BadRequest`) +exception is raised. + +As WebSocket urls have a different scheme, WebSocket Rules are always +built with a scheme and host i.e. as if ``force_external = True``. + +.. note:: + + Werkzeug has no further WebSocket support (beyond routing). This + functionality is mostly of use to ASGI projects. diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index 6ca232136..8422b0c2f 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -118,6 +118,7 @@ from .datastructures import ImmutableDict from .datastructures import MultiDict from .exceptions import BadHost +from .exceptions import BadRequest from .exceptions import HTTPException from .exceptions import MethodNotAllowed from .exceptions import NotFound @@ -329,7 +330,15 @@ def __str__(self): return u"".join(message) +class WebsocketMismatch(BadRequest): + """The only matched rule is either a websocket and the request is http + or the rule is http and the request is a websocket.""" + + pass + + class ValidationError(ValueError): + """Validation error. If a rule converter raises this exception the rule does not match the current URL and the next URL is tried. """ @@ -631,8 +640,15 @@ def foo_with_slug(adapter, id): used to provide a match rule for the whole host. This also means that the subdomain feature is disabled. + `websocket` + If True (defaults to False) this represents a WebSocket, rather than + a http route. + .. versionadded:: 0.7 The `alias` and `host` parameters were added. + + .. versionadded:: 1.0 + The `websocket` parameter was added. """ def __init__( @@ -648,6 +664,7 @@ def __init__( redirect_to=None, alias=False, host=None, + websocket=False, ): if not string.startswith("/"): raise ValueError("urls must start with a leading slash") @@ -662,14 +679,27 @@ def __init__( self.defaults = defaults self.build_only = build_only self.alias = alias + self.websocket = websocket + if methods is not None: + if isinstance(methods, str): + raise TypeError("param `methods` should be `Iterable[str]`, not `str`") + methods = set([x.upper() for x in methods]) + if "HEAD" not in methods and "GET" in methods: + methods.add("HEAD") + + if ( + websocket + and methods is not None + and len(methods - {"GET", "HEAD", "OPTIONS"}) > 0 + ): + raise ValueError( + "WebSocket Rules can only use 'GET', 'HEAD', or 'OPTIONS' methods" + ) + if methods is None: self.methods = None else: - if isinstance(methods, str): - raise TypeError("param `methods` should be `Iterable[str]`, not `str`") - self.methods = set([x.upper() for x in methods]) - if "HEAD" not in self.methods and "GET" in self.methods: - self.methods.add("HEAD") + self.methods = methods self.endpoint = endpoint self.redirect_to = redirect_to @@ -1490,8 +1520,12 @@ def bind( .. versionadded:: 0.8 `query_args` can now also be a string. + .. versionadded:: 1.0 + `websocket` added + .. versionchanged:: 0.15 ``path_info`` defaults to ``'/'`` if ``None``. + """ server_name = server_name.lower() if self.host_matching: @@ -1663,6 +1697,7 @@ def __init__( self.path_info = to_unicode(path_info) self.default_method = to_unicode(default_method) self.query_args = query_args + self.websocket = self.url_scheme in {"ws", "wss"} def dispatch( self, view_func, path_info=None, method=None, catch_http_exceptions=False @@ -1720,7 +1755,14 @@ def application(environ, start_response): return e raise - def match(self, path_info=None, method=None, return_rule=False, query_args=None): + def match( + self, + path_info=None, + method=None, + return_rule=False, + query_args=None, + websocket=None, + ): """The usage is simple: you just pass the match method the current path info as well as the method (which defaults to `GET`). The following things can then happen: @@ -1741,6 +1783,10 @@ def match(self, path_info=None, method=None, return_rule=False, query_args=None) You can use the `RequestRedirect` instance as response-like object similar to all other subclasses of `HTTPException`. + - you receive a ``WebsocketMismatch`` exception if the only match is + a websocket rule and the bind is to a http request, or if the match + is a http rule and the bind is to a websocket request. + - you get a tuple in the form ``(endpoint, arguments)`` if there is a match (unless `return_rule` is True, in which case you get a tuple in the form ``(rule, arguments)``) @@ -1805,6 +1851,8 @@ def match(self, path_info=None, method=None, return_rule=False, query_args=None) if query_args is None: query_args = self.query_args method = (method or self.default_method).upper() + if websocket is None: + websocket = self.websocket require_redirect = False @@ -1814,6 +1862,7 @@ def match(self, path_info=None, method=None, return_rule=False, query_args=None) ) have_match_for = set() + websocket_mismatch = False for rule in self.map._rules: try: rv = rule.match(path, method) @@ -1835,6 +1884,9 @@ def match(self, path_info=None, method=None, return_rule=False, query_args=None) if rule.methods is not None and method not in rule.methods: have_match_for.update(rule.methods) continue + if rule.websocket != websocket: + websocket_mismatch = True + continue if self.map.redirect_defaults: redirect_url = self.get_default_redirect(rule, method, rv, query_args) @@ -1880,6 +1932,8 @@ def _handle_match(match): if have_match_for: raise MethodNotAllowed(valid_methods=list(have_match_for)) + if websocket_mismatch: + raise WebsocketMismatch() raise NotFound() def test(self, path_info=None, method=None): @@ -2005,6 +2059,7 @@ def _partial_build(self, endpoint, values, method, append_unknown): rv = rule.build(values, append_unknown) if rv is not None: + rv = (rv[0], rv[1], rule.websocket) if self.map.host_matching: if rv[0] == self.server_name: return rv @@ -2114,10 +2169,22 @@ def build( rv = self._partial_build(endpoint, values, method, append_unknown) if rv is None: raise BuildError(endpoint, values, method, self) - domain_part, path = rv + domain_part, path, websocket = rv host = self.get_host(domain_part) + # Only build WebSocket routes with the scheme (as relative + # WebSocket paths aren't useful and are misleading). In + # addition if bound to a WebSocket ensure that http routes are + # built with a http scheme (if required). + url_scheme = self.url_scheme + secure = url_scheme in {"https", "wss"} + if websocket: + force_external = True + url_scheme = "wss" if secure else "ws" + elif url_scheme: + url_scheme = "https" if secure else "http" + # shortcut this. if not force_external and ( (self.map.host_matching and host == self.server_name) @@ -2127,7 +2194,7 @@ def build( return str( "%s//%s%s/%s" % ( - self.url_scheme + ":" if self.url_scheme else "", + url_scheme + ":" if url_scheme else "", host, self.script_name[:-1], path.lstrip("/"), diff --git a/tests/test_routing.py b/tests/test_routing.py index 65d3ae8b0..0ba9bcf26 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -27,6 +27,8 @@ def test_basic_routing(): r.Rule("/", endpoint="index"), r.Rule("/foo", endpoint="foo"), r.Rule("/bar/", endpoint="bar"), + r.Rule("/ws", endpoint="ws", websocket=True), + r.Rule("/", endpoint="indexws", websocket=True), ] ) adapter = map.bind("example.org", "/") @@ -36,6 +38,9 @@ def test_basic_routing(): pytest.raises(r.RequestRedirect, lambda: adapter.match("/bar")) pytest.raises(r.NotFound, lambda: adapter.match("/blub")) + adapter = map.bind("example.org", "/", url_scheme="ws") + assert adapter.match("/") == ("indexws", {}) + adapter = map.bind("example.org", "/test") with pytest.raises(r.RequestRedirect) as excinfo: adapter.match("/bar") @@ -61,6 +66,13 @@ def test_basic_routing(): adapter.match() assert excinfo.value.new_url == "http://example.org/bar/?foo=bar" + adapter = map.bind("example.org", "/ws", url_scheme="wss") + assert adapter.match("/ws", websocket=True) == ("ws", {}) + with pytest.raises(r.WebsocketMismatch): + adapter.match("/ws", websocket=False) + with pytest.raises(r.WebsocketMismatch): + adapter.match("/foo", websocket=True) + def test_merge_slashes_match(): url_map = r.Map( @@ -192,6 +204,7 @@ def test_basic_building(): r.Rule("/bar/", endpoint="barf"), r.Rule("/bar/", endpoint="barp"), r.Rule("/hehe", endpoint="blah", subdomain="blah"), + r.Rule("/ws", endpoint="ws", websocket=True), ] ) adapter = map.bind("example.org", "/", subdomain="blah") @@ -223,6 +236,11 @@ def test_basic_building(): assert adapter.build("foo", {}) == "/foo" assert adapter.build("foo", {}, force_external=True) == "//example.org/foo" + adapter = map.bind("example.org", url_scheme="ws") + assert adapter.build("ws", {}) == "ws://example.org/ws" + assert adapter.build("foo", {}, force_external=True) == "http://example.org/foo" + assert adapter.build("foo", {}) == "/foo" + def test_long_build(): long_args = dict(("v%d" % x, x) for x in range(10000)) @@ -1205,3 +1223,16 @@ def test_build_url_same_endpoint_multiple_hosts(): beta_case = m.bind("BeTa.ExAmPlE.CoM") assert beta_case.build("index") == "/" + + +def test_rule_websocket_methods(): + with pytest.raises(ValueError): + r.Rule("/ws", endpoint="ws", websocket=True, methods=["post"]) + with pytest.raises(ValueError): + r.Rule( + "/ws", + endpoint="ws", + websocket=True, + methods=["get", "head", "options", "post"], + ) + r.Rule("/ws", endpoint="ws", websocket=True, methods=["get", "head", "options"]) From ecd0d755b67449d30b07a8f878adc9181d053101 Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 4 Feb 2020 14:34:17 -0800 Subject: [PATCH 120/733] docs cleanup --- CHANGES.rst | 4 +- docs/routing.rst | 37 ++++++++----- src/werkzeug/routing.py | 118 +++++++++++++++++++++------------------- 3 files changed, 87 insertions(+), 72 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 276e866ab..54ac12db3 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -96,8 +96,8 @@ Unreleased quality tags. Instead the initial order is preserved. :issue:`1686` - Added ``Map.lock_class`` attribute for alternative implementations. :pr:`1702` -- Support WebSocket rules (binding to WebSocket requests) in the - routing systems. :pr:`1709` +- Support matching and building WebSocket rules in the routing system, + for use by async frameworks. :pr:`1709` Version 0.16.1 diff --git a/docs/routing.rst b/docs/routing.rst index d3accb114..b2564e42a 100644 --- a/docs/routing.rst +++ b/docs/routing.rst @@ -234,25 +234,32 @@ WebSockets .. versionadded:: 1.0 -With Werkzeug 1.0 onwards it is possible to mark a Rule as a websocket -and only match it if the MapAdapter is created with a websocket -bind. This functionality can be used as so:: +If a :class:`Rule` is created with ``websocket=True``, it will only +match if the :class:`Map` is bound to a request with a ``url_scheme`` of +``ws`` or ``wss``. + +.. note:: + + Werkzeug has no further WebSocket support beyond routing. This + functionality is mostly of use to ASGI projects. + +.. code-block:: python url_map = Map([ - Rule("/", endpoint="index", websocket=True), + Rule("/ws", endpoint="comm", websocket=True), ]) - adapter = map.bind("example.org", "/", url_scheme="ws") - assert adapter.match("/") == ("index", {}) + adapter = map.bind("example.org", "/ws", url_scheme="ws") + assert adapter.match() == ("comm", {}) -If the only match is a WebSocket rule and the bind is http (or the -only match is http and the bind is websocket) a -:class:`WebsocketMismatch` (derives from :class:`BadRequest`) -exception is raised. +If the only match is a WebSocket rule and the bind is HTTP (or the +only match is HTTP and the bind is WebSocket) a +:exc:`WebsocketMismatch` (derives from +:exc:`~werkzeug.exceptions.BadRequest`) exception is raised. -As WebSocket urls have a different scheme, WebSocket Rules are always -built with a scheme and host i.e. as if ``force_external = True``. +As WebSocket URLs have a different scheme, rules are always built with a +scheme and host, ``force_external=True`` is implied. -.. note:: +.. code-block:: python - Werkzeug has no further WebSocket support (beyond routing). This - functionality is mostly of use to ASGI projects. + url = adapter.build("comm") + assert url == "ws://example.org/ws" diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index 8422b0c2f..8fa3c60a3 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -331,14 +331,12 @@ def __str__(self): class WebsocketMismatch(BadRequest): - """The only matched rule is either a websocket and the request is http - or the rule is http and the request is a websocket.""" - - pass + """The only matched rule is either a WebSocket and the request is + HTTP, or the rule is HTTP and the request is a WebSocket. + """ class ValidationError(ValueError): - """Validation error. If a rule converter raises this exception the rule does not match the current URL and the next URL is tried. """ @@ -585,21 +583,12 @@ class Rule(RuleFactory): `MethodNotAllowed` rather than `NotFound`. If `GET` is present in the list of methods and `HEAD` is not, `HEAD` is added automatically. - .. versionchanged:: 0.6.1 - `HEAD` is now automatically added to the methods if `GET` is - present. The reason for this is that existing code often did not - work properly in servers not rewriting `HEAD` to `GET` - automatically and it was not documented how `HEAD` should be - treated. This was considered a bug in Werkzeug because of that. - `strict_slashes` Override the `Map` setting for `strict_slashes` only for this rule. If not specified the `Map` setting is used. `merge_slashes` - Override the ``Map`` setting for ``merge_slashes`` for this rule. - - .. versionadded:: 1.0 + Override :attr:`Map.merge_slashes` for this rule. `build_only` Set this to True and the rule will never match but will create a URL @@ -641,14 +630,21 @@ def foo_with_slug(adapter, id): that the subdomain feature is disabled. `websocket` - If True (defaults to False) this represents a WebSocket, rather than - a http route. + If ``True``, this rule is only matches for WebSocket (``ws://``, + ``wss://``) requests. By default, rules will only match for HTTP + requests. - .. versionadded:: 0.7 - The `alias` and `host` parameters were added. + .. versionadded:: 1.0 + Added ``websocket``. .. versionadded:: 1.0 - The `websocket` parameter was added. + Added ``merge_slashes``. + + .. versionadded:: 0.7 + Added ``alias`` and ``host``. + + .. versionchanged:: 0.6.1 + ``HEAD`` is added to ``methods`` if ``GET`` is present. """ def __init__( @@ -680,26 +676,22 @@ def __init__( self.build_only = build_only self.alias = alias self.websocket = websocket + if methods is not None: if isinstance(methods, str): - raise TypeError("param `methods` should be `Iterable[str]`, not `str`") - methods = set([x.upper() for x in methods]) + raise TypeError("'methods' should be a list of strings.") + + methods = {x.upper() for x in methods} + if "HEAD" not in methods and "GET" in methods: methods.add("HEAD") - if ( - websocket - and methods is not None - and len(methods - {"GET", "HEAD", "OPTIONS"}) > 0 - ): - raise ValueError( - "WebSocket Rules can only use 'GET', 'HEAD', or 'OPTIONS' methods" - ) + if websocket and methods - {"GET", "HEAD", "OPTIONS"}: + raise ValueError( + "WebSocket rules can only use 'GET', 'HEAD', and 'OPTIONS' methods." + ) - if methods is None: - self.methods = None - else: - self.methods = methods + self.methods = methods self.endpoint = endpoint self.redirect_to = redirect_to @@ -1389,6 +1381,10 @@ class Map(object): enabled the `host` parameter to rules is used instead of the `subdomain` one. + .. versionchanged:: 1.0 + If ``url_scheme`` is ``ws`` or ``wss``, only WebSocket rules + will match. + .. versionchanged:: 1.0 Added ``merge_slashes``. @@ -1514,18 +1510,18 @@ def bind( no defined. If there is no `default_subdomain` you cannot use the subdomain feature. - .. versionadded:: 0.7 - `query_args` added - - .. versionadded:: 0.8 - `query_args` can now also be a string. - - .. versionadded:: 1.0 - `websocket` added + .. versionchanged:: 1.0 + If ``url_scheme`` is ``ws`` or ``wss``, only WebSocket rules + will match. .. versionchanged:: 0.15 ``path_info`` defaults to ``'/'`` if ``None``. + .. versionchanged:: 0.8 + ``query_args`` can be a string. + + .. versionchanged:: 0.7 + Added ``query_args``. """ server_name = server_name.lower() if self.host_matching: @@ -1783,9 +1779,10 @@ def match( You can use the `RequestRedirect` instance as response-like object similar to all other subclasses of `HTTPException`. - - you receive a ``WebsocketMismatch`` exception if the only match is - a websocket rule and the bind is to a http request, or if the match - is a http rule and the bind is to a websocket request. + - you receive a ``WebsocketMismatch`` exception if the only + match is a WebSocket rule but the bind is an HTTP request, or + if the match is an HTTP rule but the bind is a WebSocket + request. - you get a tuple in the form ``(endpoint, arguments)`` if there is a match (unless `return_rule` is True, in which case you get a tuple @@ -1833,15 +1830,21 @@ def match( automatic redirects as string or dictionary. It's currently not possible to use the query arguments for URL matching. + :param websocket: Match WebSocket instead of HTTP requests. A + websocket request has a ``ws`` or ``wss`` + :attr:`url_scheme`. This overrides that detection. - .. versionadded:: 0.6 - `return_rule` was added. + .. versionadded:: 1.0 + Added ``websocket``. + + .. versionchanged:: 0.8 + ``query_args`` can be a string. .. versionadded:: 0.7 - `query_args` was added. + Added ``query_args``. - .. versionchanged:: 0.8 - `query_args` can now also be a string. + .. versionadded:: 0.6 + Added ``return_rule``. """ self.map.update() if path_info is None: @@ -1851,6 +1854,7 @@ def match( if query_args is None: query_args = self.query_args method = (method or self.default_method).upper() + if websocket is None: websocket = self.websocket @@ -1863,6 +1867,7 @@ def match( have_match_for = set() websocket_mismatch = False + for rule in self.map._rules: try: rv = rule.match(path, method) @@ -1884,6 +1889,7 @@ def match( if rule.methods is not None and method not in rule.methods: have_match_for.update(rule.methods) continue + if rule.websocket != websocket: websocket_mismatch = True continue @@ -1932,8 +1938,10 @@ def _handle_match(match): if have_match_for: raise MethodNotAllowed(valid_methods=list(have_match_for)) + if websocket_mismatch: raise WebsocketMismatch() + raise NotFound() def test(self, path_info=None, method=None): @@ -2169,16 +2177,16 @@ def build( rv = self._partial_build(endpoint, values, method, append_unknown) if rv is None: raise BuildError(endpoint, values, method, self) - domain_part, path, websocket = rv + domain_part, path, websocket = rv host = self.get_host(domain_part) - # Only build WebSocket routes with the scheme (as relative - # WebSocket paths aren't useful and are misleading). In - # addition if bound to a WebSocket ensure that http routes are - # built with a http scheme (if required). + # Always build WebSocket routes with the scheme (browsers + # require full URLs). If bound to a WebSocket, ensure that HTTP + # routes are built with an HTTP scheme. url_scheme = self.url_scheme secure = url_scheme in {"https", "wss"} + if websocket: force_external = True url_scheme = "wss" if secure else "ws" From 4249e01aed532774d6160eb7efbc4a71d94804d5 Mon Sep 17 00:00:00 2001 From: Brad Solomon Date: Mon, 27 Jan 2020 10:12:34 -0500 Subject: [PATCH 121/733] document werkzeug logger --- docs/utils.rst | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/utils.rst b/docs/utils.rst index 65072fb49..bcc1af124 100644 --- a/docs/utils.rst +++ b/docs/utils.rst @@ -76,3 +76,19 @@ Security Helpers .. autofunction:: pbkdf2_hex .. autofunction:: pbkdf2_bin + + +Logging +======= + +Werkzeug uses standard Python :mod:`logging`. The logger is named +``"werkzeug"``. + +.. code-block:: python + + import logging + logger = logging.getLogger("werkzeug") + +If the logger level is not set, it will be set to :data:`~logging.INFO` +on first use. If there is no handler for that level, a +:class:`~logging.StreamHandler` is added. From 85eaee9b41dc16283d3a2a619ac4cc7cbdb8e6e0 Mon Sep 17 00:00:00 2001 From: David Lord Date: Wed, 5 Feb 2020 18:10:38 -0800 Subject: [PATCH 122/733] range request always returns 206 status --- CHANGES.rst | 3 +++ src/werkzeug/wrappers/etag.py | 29 ++++++++++++++++------------- tests/test_wrappers.py | 4 ++-- 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 54ac12db3..ae5fba0aa 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -98,6 +98,9 @@ Unreleased implementations. :pr:`1702` - Support matching and building WebSocket rules in the routing system, for use by async frameworks. :pr:`1709` +- Range requests that span an entire file respond with 206 instead of + 200, to be more compliant with :rfc:`7233`. This may help serving + media to older browsers. :issue:`410, 1704` Version 0.16.1 diff --git a/src/werkzeug/wrappers/etag.py b/src/werkzeug/wrappers/etag.py index ac2860a05..460629bdb 100644 --- a/src/werkzeug/wrappers/etag.py +++ b/src/werkzeug/wrappers/etag.py @@ -142,28 +142,31 @@ def _process_range_request(self, environ, complete_length=None, accept_ranges=No """ from ..exceptions import RequestedRangeNotSatisfiable - if accept_ranges is None: - return False - self.headers["Accept-Ranges"] = accept_ranges - if not self._is_range_request_processable(environ) or complete_length is None: + if ( + accept_ranges is None + or complete_length is None + or not self._is_range_request_processable(environ) + ): return False + parsed_range = parse_range_header(environ.get("HTTP_RANGE")) + if parsed_range is None: raise RequestedRangeNotSatisfiable(complete_length) + range_tuple = parsed_range.range_for_length(complete_length) content_range_header = parsed_range.to_content_range_header(complete_length) + if range_tuple is None or content_range_header is None: raise RequestedRangeNotSatisfiable(complete_length) + content_length = range_tuple[1] - range_tuple[0] - # Be sure not to send 206 response - # if requested range is the full content. - if content_length != complete_length: - self.headers["Content-Length"] = content_length - self.content_range = content_range_header - self.status_code = 206 - self._wrap_response(range_tuple[0], content_length) - return True - return False + self.headers["Content-Length"] = content_length + self.headers["Accept-Ranges"] = accept_ranges + self.content_range = content_range_header + self.status_code = 206 + self._wrap_response(range_tuple[0], content_length) + return True def make_conditional( self, request_or_environ, accept_ranges=False, complete_length=None diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py index 6973a1c57..7e21eda75 100644 --- a/tests/test_wrappers.py +++ b/tests/test_wrappers.py @@ -878,9 +878,9 @@ def test_range_request_with_complete_file(): response = wrappers.Response(wrap_file(env, f)) env["HTTP_RANGE"] = "bytes=0-%d" % (fsize - 1) response.make_conditional(env, accept_ranges=True, complete_length=fsize) - assert response.status_code == 200 + assert response.status_code == 206 assert response.headers["Accept-Ranges"] == "bytes" - assert "Content-Range" not in response.headers + assert response.headers["Content-Range"] == "bytes 0-%d/%d" % (fsize - 1, fsize) assert response.headers["Content-Length"] == str(fsize) assert response.data == fcontent From a8b2df202d81b45f7aeef442a844603e50db9b0c Mon Sep 17 00:00:00 2001 From: David Lord Date: Wed, 5 Feb 2020 21:24:01 -0800 Subject: [PATCH 123/733] SharedDataMiddleware adds utf-8 charset --- CHANGES.rst | 5 +++++ src/werkzeug/middleware/shared_data.py | 24 +++++++++++++++--------- tests/middleware/test_shared_data.py | 4 ++++ 3 files changed, 24 insertions(+), 9 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index ae5fba0aa..90d07e8f1 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -101,6 +101,11 @@ Unreleased - Range requests that span an entire file respond with 206 instead of 200, to be more compliant with :rfc:`7233`. This may help serving media to older browsers. :issue:`410, 1704` +- The :class:`~middleware.shared_data.SharedDataMiddleware` default + ``fallback_mimetype`` is ``application/octet-stream``. If a filename + looks like a text mimetype, the ``utf-8`` charset is added to it. + This matches the behavior of :class:`~wrappers.BaseResponse` and + Flask's ``send_file()``. :issue:`1689` Version 0.16.1 diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py index 5c000c978..ab4ff0ffc 100644 --- a/src/werkzeug/middleware/shared_data.py +++ b/src/werkzeug/middleware/shared_data.py @@ -24,6 +24,7 @@ from ..http import http_date from ..http import is_resource_modified from ..security import safe_join +from ..utils import get_content_type from ..wsgi import get_path_info from ..wsgi import wrap_file @@ -70,19 +71,24 @@ class SharedDataMiddleware(object): module. If it's unable to figure out the charset it will fall back to `fallback_mimetype`. - .. versionchanged:: 0.5 - The cache timeout is configurable now. - - .. versionadded:: 0.6 - The `fallback_mimetype` parameter was added. - :param app: the application to wrap. If you don't want to wrap an application you can pass it :exc:`NotFound`. :param exports: a list or dict of exported files and folders. :param disallow: a list of :func:`~fnmatch.fnmatch` rules. - :param fallback_mimetype: the fallback mimetype for unknown files. :param cache: enable or disable caching headers. :param cache_timeout: the cache timeout in seconds for the headers. + :param fallback_mimetype: The fallback mimetype for unknown files. + + .. versionchanged:: 1.0 + The default ``fallback_mimetype`` is + ``application/octet-stream``. If a filename looks like a text + mimetype, the ``utf-8`` charset is added to it. + + .. versionadded:: 0.6 + Added ``fallback_mimetype``. + + .. versionchanged:: 0.5 + Added ``cache_timeout``. """ def __init__( @@ -92,7 +98,7 @@ def __init__( disallow=None, cache=True, cache_timeout=60 * 60 * 12, - fallback_mimetype="text/plain", + fallback_mimetype="application/octet-stream", ): self.app = app self.exports = [] @@ -254,7 +260,7 @@ def __call__(self, environ, start_response): return self.app(environ, start_response) guessed_type = mimetypes.guess_type(real_filename) - mime_type = guessed_type[0] or self.fallback_mimetype + mime_type = get_content_type(guessed_type[0] or self.fallback_mimetype, "utf-8") f, mtime, file_size = file_loader() headers = [("Date", http_date())] diff --git a/tests/middleware/test_shared_data.py b/tests/middleware/test_shared_data.py index fb685f77c..175cbd674 100644 --- a/tests/middleware/test_shared_data.py +++ b/tests/middleware/test_shared_data.py @@ -47,6 +47,10 @@ def null_application(environ, start_response): app_iter, status, headers = run_wsgi_app(app, create_environ(p)) assert status == "200 OK" + if p.endswith(".txt"): + content_type = next(v for k, v in headers if k == "Content-Type") + assert content_type == "text/plain; charset=utf-8" + with closing(app_iter) as app_iter: data = b"".join(app_iter).strip() From dfde671ef969e27c7b14bd464688c009b34a7d2b Mon Sep 17 00:00:00 2001 From: David Lord Date: Thu, 6 Feb 2020 12:18:19 -0800 Subject: [PATCH 124/733] release version 1.0.0 --- CHANGES.rst | 2 +- src/werkzeug/__init__.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 90d07e8f1..425dea85d 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -3,7 +3,7 @@ Version 1.0.0 ------------- -Unreleased +Released 2020-02-06 - Drop support for Python 3.4. (:issue:`1478`) - Remove code that issued deprecation warnings in version 0.15. diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index ae4efeb75..202fcea91 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -17,4 +17,4 @@ from .wrappers import Request from .wrappers import Response -__version__ = "1.0.0rc1" +__version__ = "1.0.0" From d715fd2b7e7a4f522885609ef63f8af69b05098f Mon Sep 17 00:00:00 2001 From: pgjones Date: Fri, 7 Feb 2020 12:58:10 +0000 Subject: [PATCH 125/733] Add a default argument (None) the the RequestRedirect get_response The base class supplies the default and is documented to do so, this matches that API. It also helps as the environ argument isn't used. --- CHANGES.rst | 9 +++++++++ src/werkzeug/routing.py | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index 425dea85d..4768cd0ce 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,5 +1,14 @@ .. currentmodule:: werkzeug +Version 1.0.1 +------------- + +Unreleased + +- Make the argument to ``RequestRedirect.get_response`` optional. + :issue:`1718` + + Version 1.0.0 ------------- diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index 8fa3c60a3..e090c6680 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -250,7 +250,7 @@ def __init__(self, new_url): RoutingException.__init__(self, new_url) self.new_url = new_url - def get_response(self, environ): + def get_response(self, environ=None): return redirect(self.new_url, self.code) From b400adb330dd1f4295baaf5c1ece08935645ce81 Mon Sep 17 00:00:00 2001 From: pgjones Date: Sat, 8 Feb 2020 11:04:08 +0000 Subject: [PATCH 126/733] Allow the scheme to be overridden when building This is useful to both Flask and Quart as they currently override the `url_scheme` attribute then call build before restoring it. --- CHANGES.rst | 9 +++++++++ src/werkzeug/routing.py | 16 ++++++++++++---- tests/test_routing.py | 5 +++++ 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 425dea85d..d49a1fa49 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,5 +1,14 @@ .. currentmodule:: werkzeug +Version 2.0.0 +------------- + +Unreleased + +- Add a ``url_scheme`` argument to :meth:`~routing.MapAdapter.build` + to override the bound scheme. :pr:`1721` + + Version 1.0.0 ------------- diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index 8fa3c60a3..f94382081 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -2085,6 +2085,7 @@ def build( method=None, force_external=False, append_unknown=True, + url_scheme=None, ): """Building URLs works pretty much the other way round. Instead of `match` you call `build` and pass it the endpoint and a dict of @@ -2137,9 +2138,6 @@ def build( to specify the method you want to have an URL built for if you have different methods for the same endpoint specified. - .. versionadded:: 0.6 - the `append_unknown` parameter was added. - :param endpoint: the endpoint of the URL to build. :param values: the values for the URL to build. Unhandled values are appended to the URL as query parameters. @@ -2151,6 +2149,14 @@ def build( :param append_unknown: unknown parameters are appended to the generated URL as query string argument. Disable this if you want the builder to ignore those. + :param url_scheme: Scheme to use in place of the bound + :attr:`url_scheme`. + + .. versionadded:: 2.0 + Added the ``url_scheme`` parameter. + + .. versionadded:: 0.6 + Added the ``append_unknown`` parameter. """ self.map.update() @@ -2181,10 +2187,12 @@ def build( domain_part, path, websocket = rv host = self.get_host(domain_part) + if url_scheme is None: + url_scheme = self.url_scheme + # Always build WebSocket routes with the scheme (browsers # require full URLs). If bound to a WebSocket, ensure that HTTP # routes are built with an HTTP scheme. - url_scheme = self.url_scheme secure = url_scheme in {"https", "wss"} if websocket: diff --git a/tests/test_routing.py b/tests/test_routing.py index 0ba9bcf26..34f171c43 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -235,11 +235,16 @@ def test_basic_building(): adapter = map.bind("example.org", url_scheme="") assert adapter.build("foo", {}) == "/foo" assert adapter.build("foo", {}, force_external=True) == "//example.org/foo" + assert ( + adapter.build("foo", {}, url_scheme="https", force_external=True) + == "https://example.org/foo" + ) adapter = map.bind("example.org", url_scheme="ws") assert adapter.build("ws", {}) == "ws://example.org/ws" assert adapter.build("foo", {}, force_external=True) == "http://example.org/foo" assert adapter.build("foo", {}) == "/foo" + assert adapter.build("ws", {}, url_scheme="https") == "wss://example.org/ws" def test_long_build(): From b5c5416a50f11d80ded7d0c2aec795b1c3533f3b Mon Sep 17 00:00:00 2001 From: pgjones Date: Sat, 8 Feb 2020 21:17:04 +0000 Subject: [PATCH 127/733] Only allow a single Allow Origin (Access Control) value The relevant specification text is, Rather than allowing a space-separated list of origins, it is either a single origin or the string "null".[0] and Note: null should not be used[1] it is clear that the previous HeaderSet usage was wrong. (Also note that the value is case sensitive)[0]. [0]: https://www.w3.org/TR/cors/ [1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin --- CHANGES.rst | 1 + src/werkzeug/wrappers/cors.py | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 4768cd0ce..68757de52 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -7,6 +7,7 @@ Unreleased - Make the argument to ``RequestRedirect.get_response`` optional. :issue:`1718` +- Only allow a single access control allow origin value. :pr:`1723` Version 1.0.0 diff --git a/src/werkzeug/wrappers/cors.py b/src/werkzeug/wrappers/cors.py index 790e50e9f..502fcf17f 100644 --- a/src/werkzeug/wrappers/cors.py +++ b/src/werkzeug/wrappers/cors.py @@ -82,9 +82,7 @@ def access_control_allow_credentials(self, value): access_control_allow_origin = header_property( "Access-Control-Allow-Origin", - load_func=parse_set_header, - dump_func=dump_header, - doc="The origins that may make cross origin requests.", + doc="The origin or '*' for any origin that may make cross origin requests.", ) access_control_expose_headers = header_property( From 88aa39239f4a03605cfbd57029cc87a5139788a4 Mon Sep 17 00:00:00 2001 From: lathamfell Date: Mon, 10 Feb 2020 11:27:38 -0800 Subject: [PATCH 128/733] Add VSCode local settings dir to .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index d2d81e7f2..23c42f03c 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ test_uwsgi_failed .idea .pytest_cache/ venv/ +.vscode From b885fd9513156d428e8caf8b4b4c7b89d266edf4 Mon Sep 17 00:00:00 2001 From: lathamfell Date: Mon, 10 Feb 2020 11:40:26 -0800 Subject: [PATCH 129/733] Include pytest-timeout in setup.py --- setup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.py b/setup.py index 157d884ab..de09ac3c7 100644 --- a/setup.py +++ b/setup.py @@ -57,6 +57,7 @@ "watchdog": ["watchdog"], "dev": [ "pytest", + "pytest-timeout", "coverage", "tox", "sphinx", From d14c209a39f42c8626e4e60c75dbba6e73f5f4ec Mon Sep 17 00:00:00 2001 From: David Lord Date: Mon, 10 Feb 2020 15:08:55 -0800 Subject: [PATCH 130/733] test client accepts multiple values for a header Co-authored-by: Aaron Schuman --- CHANGES.rst | 4 ++++ src/werkzeug/test.py | 8 +++++++- tests/test_test.py | 10 ++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index 3f363c025..3880345ba 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -7,6 +7,10 @@ Unreleased - Add a ``url_scheme`` argument to :meth:`~routing.MapAdapter.build` to override the bound scheme. :pr:`1721` +- When passing a ``Headers`` object to a test client method or + ``EnvironBuilder``, multiple values for a key are joined into one + comma separated value. This matches the HTTP spec on multi-value + headers. :issue:`1655` Version 1.0.1 diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index c5ce50a06..dc2220754 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -10,6 +10,7 @@ """ import mimetypes import sys +from collections import defaultdict from io import BytesIO from itertools import chain from random import random @@ -740,8 +741,13 @@ def _path_encode(x): result["CONTENT_LENGTH"] = str(content_length) headers.set("Content-Length", content_length) + combined_headers = defaultdict(list) + for key, value in headers.to_wsgi_list(): - result["HTTP_%s" % key.upper().replace("-", "_")] = value + combined_headers["HTTP_%s" % key.upper().replace("-", "_")].append(value) + + for key, values in combined_headers.items(): + result[key] = ", ".join(values) if self.environ_overrides: result.update(self.environ_overrides) diff --git a/tests/test_test.py b/tests/test_test.py index 26a9b47df..445a0bbc6 100644 --- a/tests/test_test.py +++ b/tests/test_test.py @@ -20,6 +20,7 @@ from werkzeug._compat import iteritems from werkzeug._compat import to_bytes from werkzeug.datastructures import FileStorage +from werkzeug.datastructures import Headers from werkzeug.datastructures import MultiDict from werkzeug.formparser import parse_form_data from werkzeug.test import Client @@ -224,6 +225,15 @@ def test_environ_builder_headers_content_type(): assert "CONTENT_TYPE" not in env +def test_envrion_builder_multiple_headers(): + h = Headers() + h.add("FOO", "bar") + h.add("FOO", "baz") + b = EnvironBuilder(headers=h) + env = b.get_environ() + assert env["HTTP_FOO"] == "bar, baz" + + def test_environ_builder_paths(): b = EnvironBuilder(path="/foo", base_url="http://example.com/") strict_eq(b.base_url, "http://example.com/") From 84b2418ff1d7a5a4c5ef48fe59df7c5aa1898e7c Mon Sep 17 00:00:00 2001 From: pgjones Date: Tue, 11 Feb 2020 21:43:23 +0000 Subject: [PATCH 131/733] Fix csp parsing There may not be a content security policy header to parse, in which case the value by default is None. Therefore rather than erroring this change returns an empty ContentSecurityPolicy datastructure. (This is the same logic as for Cache Control headers). --- CHANGES.rst | 2 ++ src/werkzeug/http.py | 2 ++ 2 files changed, 4 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 68757de52..6c77093cc 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -8,6 +8,8 @@ Unreleased - Make the argument to ``RequestRedirect.get_response`` optional. :issue:`1718` - Only allow a single access control allow origin value. :pr:`1723` +- Fix crash when trying to parse a non-existent Content Security + Policy header. :pr:`1731` Version 1.0.0 diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index b428ceeb2..954b1f0ec 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -540,6 +540,8 @@ def parse_csp_header(value, on_update=None, cls=None): if cls is None: cls = ContentSecurityPolicy + if value is None: + return cls(None, on_update) items = [] for policy in value.split(";"): policy = policy.strip() From 492b666266c9b67a695476ead616a06e1f92c0d0 Mon Sep 17 00:00:00 2001 From: Manuel Gundlach Date: Thu, 20 Feb 2020 19:42:06 +0100 Subject: [PATCH 132/733] Update documentation of SharedDataMiddleware Let the doc of SharedDataMiddleware reflect its move to middleware.shared_data --- src/werkzeug/middleware/shared_data.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py index ab4ff0ffc..b6e37641e 100644 --- a/src/werkzeug/middleware/shared_data.py +++ b/src/werkzeug/middleware/shared_data.py @@ -35,7 +35,7 @@ class SharedDataMiddleware(object): environments or simple server setups. Usage is quite simple:: import os - from werkzeug.wsgi import SharedDataMiddleware + from werkzeug.middleware.shared_data import SharedDataMiddleware app = SharedDataMiddleware(app, { '/static': os.path.join(os.path.dirname(__file__), 'static') From e97a7363dab9b150bfdfcc00111e78bf5bd8d41c Mon Sep 17 00:00:00 2001 From: Manuel Gundlach Date: Thu, 20 Feb 2020 19:45:47 +0100 Subject: [PATCH 133/733] Update tutorial Let the tutorial reflect the move of SharedDataMiddleware to middleware.shared_data --- docs/tutorial.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorial.rst b/docs/tutorial.rst index d90f986ad..9dfce24c2 100644 --- a/docs/tutorial.rst +++ b/docs/tutorial.rst @@ -127,7 +127,7 @@ if they are not used right away, to keep it from being confusing:: from werkzeug.wrappers import Request, Response from werkzeug.routing import Map, Rule from werkzeug.exceptions import HTTPException, NotFound - from werkzeug.wsgi import SharedDataMiddleware + from werkzeug.middleware.shared_data import SharedDataMiddleware from werkzeug.utils import redirect from jinja2 import Environment, FileSystemLoader From fd22f73dbf48c8f3f2b38b44ff6c7c40d2ca560c Mon Sep 17 00:00:00 2001 From: Io Mintz Date: Mon, 24 Feb 2020 17:43:29 -0600 Subject: [PATCH 134/733] setup.py: docs requires sphinxcontrib-log-cabinet --- setup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.py b/setup.py index 157d884ab..a01bfbbd9 100644 --- a/setup.py +++ b/setup.py @@ -61,6 +61,7 @@ "tox", "sphinx", "pallets-sphinx-themes", + "sphinxcontrib-log-cabinet", "sphinx-issues", ], }, From c62f2bd4937ece43eeb00874d4ce8541999b50e0 Mon Sep 17 00:00:00 2001 From: northernSage Date: Sun, 8 Mar 2020 16:08:49 -0300 Subject: [PATCH 135/733] change old urlparse (renamed in python 3) call to werkzeug's url_parse --- docs/tutorial.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorial.rst b/docs/tutorial.rst index d90f986ad..946b5fc81 100644 --- a/docs/tutorial.rst +++ b/docs/tutorial.rst @@ -123,7 +123,7 @@ if they are not used right away, to keep it from being confusing:: import os import redis - import urlparse + from werkzeug.urls import url_parse from werkzeug.wrappers import Request, Response from werkzeug.routing import Map, Rule from werkzeug.exceptions import HTTPException, NotFound From f248ed9b112e16286592eec16d3271aa1d5c67c4 Mon Sep 17 00:00:00 2001 From: northernSage Date: Sun, 8 Mar 2020 16:11:46 -0300 Subject: [PATCH 136/733] change old comma-separated raise syntax to new ('as') one --- docs/tutorial.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorial.rst b/docs/tutorial.rst index 946b5fc81..12dc904f1 100644 --- a/docs/tutorial.rst +++ b/docs/tutorial.rst @@ -259,7 +259,7 @@ The way we will do it in this tutorial is by calling the method ``on_`` try: endpoint, values = adapter.match() return getattr(self, 'on_' + endpoint)(request, **values) - except HTTPException, e: + except HTTPException as e: return e We bind the URL map to the current environment and get back a From 37f2dbff7d973165ee085bd8a219182b23fe8d61 Mon Sep 17 00:00:00 2001 From: northernSage Date: Sun, 8 Mar 2020 16:15:05 -0300 Subject: [PATCH 137/733] change urlparse call to werkzeug's url_parse --- docs/tutorial.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorial.rst b/docs/tutorial.rst index 12dc904f1..60d2f729f 100644 --- a/docs/tutorial.rst +++ b/docs/tutorial.rst @@ -306,7 +306,7 @@ we need to write a function and a helper method. For URL validation this is good enough:: def is_valid_url(url): - parts = urlparse.urlparse(url) + parts = url_parse(url) return parts.scheme in ('http', 'https') For inserting the URL, all we need is this little method on our class:: From 89c43a73b1730c8634a8ea48f06ceccb534fb01c Mon Sep 17 00:00:00 2001 From: northernSage Date: Tue, 10 Mar 2020 19:47:19 -0300 Subject: [PATCH 138/733] update reference code to import StringIO function from io module --- docs/quickstart.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/quickstart.rst b/docs/quickstart.rst index 125787669..84cb17094 100644 --- a/docs/quickstart.rst +++ b/docs/quickstart.rst @@ -77,7 +77,7 @@ was transmitted in a POST/PUT request. For testing purposes we can create a request object from supplied data using the :meth:`~BaseRequest.from_values` method: ->>> from cStringIO import StringIO +>>> from io import StringIO >>> data = "name=this+is+encoded+form+data&another_key=another+one" >>> request = Request.from_values(query_string='foo=bar&blah=blafasel', ... content_length=len(data), input_stream=StringIO(data), From c5cce98338d736971eafa2c673ee912d347a623b Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 17 Mar 2020 07:57:37 -0700 Subject: [PATCH 139/733] skip watchdog tests on windows --- tests/test_serving.py | 40 +++++++++++++++++++--------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/tests/test_serving.py b/tests/test_serving.py index f605f7676..cd4283039 100644 --- a/tests/test_serving.py +++ b/tests/test_serving.py @@ -9,8 +9,8 @@ :license: BSD-3-Clause """ import os +import platform import socket -import ssl import subprocess import sys import textwrap @@ -39,6 +39,15 @@ import httplib +require_cryptography = pytest.mark.skipif( + cryptography is None, reason="cryptography not installed" +) +require_watchdog = pytest.mark.skipif(watchdog is None, reason="watchdog not installed") +skip_windows = pytest.mark.skipif( + platform.system() == "Windows", reason="unreliable on Windows" +) + + def test_serving(dev_server): server = dev_server("from werkzeug.testapp import test_app as app") rv = requests.get("http://%s/?foo=bar&baz=blah" % server.addr).content @@ -97,13 +106,7 @@ def app(environ, start_response): assert "Internal Server Error" in r.text -@pytest.mark.skipif( - not hasattr(ssl, "SSLContext"), - reason="Missing PEP 466 (Python 2.7.9+) or Python 3.", -) -@pytest.mark.skipif( - cryptography is None, reason="cryptography is required for cert generation." -) +@require_cryptography def test_stdlib_ssl_contexts(dev_server, tmpdir): certificate, private_key = serving.make_ssl_devcert(str(tmpdir.mkdir("certs"))) @@ -126,7 +129,7 @@ def app(environ, start_response): assert r.content == b"hello" -@pytest.mark.skipif(cryptography is None, reason="cryptography is not installed.") +@require_cryptography def test_ssl_context_adhoc(dev_server): server = dev_server( """ @@ -141,18 +144,15 @@ def app(environ, start_response): assert r.content == b"hello" -@pytest.mark.skipif(cryptography is None, reason="cryptography is not installed.") +@require_cryptography def test_make_ssl_devcert(tmpdir): certificate, private_key = serving.make_ssl_devcert(str(tmpdir)) assert os.path.isfile(certificate) assert os.path.isfile(private_key) -@pytest.mark.skipif(watchdog is None, reason="Watchdog not installed.") -@pytest.mark.xfail( - sys.version_info.major == 2 and sys.platform == "win32", - reason="TODO fix test for Python 2 on Windows", -) +@require_watchdog +@skip_windows def test_reloader_broken_imports(tmpdir, dev_server): # We explicitly assert that the server reloads on change, even though in # this case the import could've just been retried. This is to assert @@ -200,7 +200,8 @@ def real_app(environ, start_response): assert r.content == b"hello" -@pytest.mark.skipif(watchdog is None, reason="Watchdog not installed.") +@require_watchdog +@skip_windows def test_reloader_nested_broken_imports(tmpdir, dev_server): real_app = tmpdir.mkdir("real_app") real_app.join("__init__.py").write("from real_app.sub import real_app") @@ -242,11 +243,8 @@ def real_app(environ, start_response): assert r.content == b"hello" -@pytest.mark.skipif(watchdog is None, reason="Watchdog not installed.") -@pytest.mark.xfail( - sys.version_info.major == 2 and sys.platform == "win32", - reason="TODO fix test for Python 2 on Windows", -) +@require_watchdog +@skip_windows def test_reloader_reports_correct_file(tmpdir, dev_server): real_app = tmpdir.join("real_app.py") real_app.write( From 88ec24d54318b9454841e99c833108e6a2d22824 Mon Sep 17 00:00:00 2001 From: pgjones Date: Sat, 4 Jan 2020 21:59:00 +0000 Subject: [PATCH 140/733] Drop support for Python 2.7 This removes the official support for 2.7 without making any code changes. It allows for code changes to be made. --- .azure-pipelines.yml | 7 ------- CHANGES.rst | 1 + setup.cfg | 3 --- setup.py | 5 +---- tox.ini | 2 +- 5 files changed, 3 insertions(+), 15 deletions(-) diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index eabcaf768..2c3465e55 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -22,13 +22,6 @@ strategy: python.version: '3.7' Python 3.6 Linux: python.version: '3.6' - Python 3.5 Linux: - python.version: '3.5' - Python 2.7 Linux: - python.version: '2.7' - Python 2.7 Windows: - python.version: '2.7' - vmImage: windows-latest Docs: TOXENV: docs hasTestResults: 'false' diff --git a/CHANGES.rst b/CHANGES.rst index 3880345ba..b4f5a2c96 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -5,6 +5,7 @@ Version 2.0.0 Unreleased +- Drop support for Python 2 and 3.5. :pr:`1693` - Add a ``url_scheme`` argument to :meth:`~routing.MapAdapter.build` to override the bound scheme. :pr:`1721` - When passing a ``Headers`` object to a test client method or diff --git a/setup.cfg b/setup.cfg index 79d060d6f..3348dc305 100644 --- a/setup.cfg +++ b/setup.cfg @@ -2,9 +2,6 @@ license_file = LICENSE.rst long_description_content_type = text/x-rst -[bdist_wheel] -universal = true - [tool:pytest] testpaths = tests norecursedirs = tests/hypothesis diff --git a/setup.py b/setup.py index a01bfbbd9..e96707dac 100644 --- a/setup.py +++ b/setup.py @@ -33,10 +33,7 @@ "License :: OSI Approved :: BSD License", "Operating System :: OS Independent", "Programming Language :: Python", - "Programming Language :: Python :: 2", - "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", @@ -52,7 +49,7 @@ packages=find_packages("src"), package_dir={"": "src"}, include_package_data=True, - python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*", + python_requires=">=3.6", extras_require={ "watchdog": ["watchdog"], "dev": [ diff --git a/tox.ini b/tox.ini index f98cbb7c8..d3ff05216 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{38,37,36,35,27,py3,py} + py{38,37,36,py3} style docs coverage From 9777c0821eb1a5a645185e35f7523a8725897634 Mon Sep 17 00:00:00 2001 From: pgjones Date: Sun, 5 Jan 2020 18:47:03 +0000 Subject: [PATCH 141/733] Drop _compat for Python 2 This is possible now that Python 2 is not supported. The code that is still required has been moved to the _internal module and renamed with a leading `_` as per the other functions. As this change is targeting Werkzeug 2.0 the compatibility with 3.5 is dropped, 2.0 will be Python 3.6+. --- examples/plnt/utils.py | 7 +- src/werkzeug/_compat.py | 228 -------------------- src/werkzeug/_internal.py | 88 ++++++-- src/werkzeug/_reloader.py | 20 +- src/werkzeug/datastructures.py | 172 ++++++--------- src/werkzeug/debug/__init__.py | 5 +- src/werkzeug/debug/repr.py | 26 +-- src/werkzeug/debug/tbtools.py | 55 ++--- src/werkzeug/exceptions.py | 32 ++- src/werkzeug/formparser.py | 9 +- src/werkzeug/http.py | 47 ++-- src/werkzeug/local.py | 17 +- src/werkzeug/middleware/lint.py | 11 +- src/werkzeug/middleware/shared_data.py | 7 +- src/werkzeug/posixemulation.py | 6 +- src/werkzeug/routing.py | 63 +++--- src/werkzeug/security.py | 32 ++- src/werkzeug/serving.py | 72 ++----- src/werkzeug/test.py | 41 ++-- src/werkzeug/urls.py | 109 ++++------ src/werkzeug/utils.py | 37 ++-- src/werkzeug/wrappers/base_request.py | 19 +- src/werkzeug/wrappers/base_response.py | 31 ++- src/werkzeug/wrappers/common_descriptors.py | 3 +- src/werkzeug/wrappers/etag.py | 3 +- src/werkzeug/wrappers/json.py | 3 +- src/werkzeug/wsgi.py | 56 ++--- tests/conftest.py | 4 +- tests/middleware/test_dispatcher.py | 6 +- tests/middleware/test_shared_data.py | 4 +- tests/test_datastructures.py | 113 +++------- tests/test_debug.py | 20 +- tests/test_exceptions.py | 7 +- tests/test_formparser.py | 51 ++--- tests/test_http.py | 7 +- tests/test_test.py | 10 +- tests/test_urls.py | 17 +- tests/test_utils.py | 3 +- tests/test_wrappers.py | 8 +- tests/test_wsgi.py | 85 ++++---- 40 files changed, 518 insertions(+), 1016 deletions(-) delete mode 100644 src/werkzeug/_compat.py diff --git a/examples/plnt/utils.py b/examples/plnt/utils.py index 936d22efd..0bf4cc708 100644 --- a/examples/plnt/utils.py +++ b/examples/plnt/utils.py @@ -13,7 +13,6 @@ from jinja2 import Environment from jinja2 import FileSystemLoader -from werkzeug._compat import unichr from werkzeug.local import Local from werkzeug.local import LocalManager from werkzeug.routing import Map @@ -96,15 +95,15 @@ def strip_tags(s): def handle_match(m): name = m.group(1) if name in html_entities: - return unichr(html_entities[name]) + return chr(html_entities[name]) if name[:2] in ("#x", "#X"): try: - return unichr(int(name[2:], 16)) + return chr(int(name[2:], 16)) except ValueError: return u"" elif name.startswith("#"): try: - return unichr(int(name[1:])) + return chr(int(name[1:])) except ValueError: return u"" return u"" diff --git a/src/werkzeug/_compat.py b/src/werkzeug/_compat.py deleted file mode 100644 index 1d8c81040..000000000 --- a/src/werkzeug/_compat.py +++ /dev/null @@ -1,228 +0,0 @@ -# flake8: noqa -# This whole file is full of lint errors -import functools -import operator -import sys - -try: - import builtins -except ImportError: - import __builtin__ as builtins - - -PY2 = sys.version_info[0] == 2 -WIN = sys.platform.startswith("win") - -_identity = lambda x: x - -if PY2: - unichr = unichr - text_type = unicode - string_types = (str, unicode) - integer_types = (int, long) - - iterkeys = lambda d, *args, **kwargs: d.iterkeys(*args, **kwargs) - itervalues = lambda d, *args, **kwargs: d.itervalues(*args, **kwargs) - iteritems = lambda d, *args, **kwargs: d.iteritems(*args, **kwargs) - - iterlists = lambda d, *args, **kwargs: d.iterlists(*args, **kwargs) - iterlistvalues = lambda d, *args, **kwargs: d.iterlistvalues(*args, **kwargs) - - int_to_byte = chr - iter_bytes = iter - - import collections as collections_abc - - exec("def reraise(tp, value, tb=None):\n raise tp, value, tb") - - def fix_tuple_repr(obj): - def __repr__(self): - cls = self.__class__ - return "%s(%s)" % ( - cls.__name__, - ", ".join( - "%s=%r" % (field, self[index]) - for index, field in enumerate(cls._fields) - ), - ) - - obj.__repr__ = __repr__ - return obj - - def implements_iterator(cls): - cls.next = cls.__next__ - del cls.__next__ - return cls - - def implements_to_string(cls): - cls.__unicode__ = cls.__str__ - cls.__str__ = lambda x: x.__unicode__().encode("utf-8") - return cls - - def native_string_result(func): - def wrapper(*args, **kwargs): - return func(*args, **kwargs).encode("utf-8") - - return functools.update_wrapper(wrapper, func) - - def implements_bool(cls): - cls.__nonzero__ = cls.__bool__ - del cls.__bool__ - return cls - - from itertools import imap, izip, ifilter - - range_type = xrange - - from StringIO import StringIO - from cStringIO import StringIO as BytesIO - - NativeStringIO = BytesIO - - def make_literal_wrapper(reference): - return _identity - - def normalize_string_tuple(tup): - """Normalizes a string tuple to a common type. Following Python 2 - rules, upgrades to unicode are implicit. - """ - if any(isinstance(x, text_type) for x in tup): - return tuple(to_unicode(x) for x in tup) - return tup - - def try_coerce_native(s): - """Try to coerce a unicode string to native if possible. Otherwise, - leave it as unicode. - """ - try: - return to_native(s) - except UnicodeError: - return s - - wsgi_get_bytes = _identity - - def wsgi_decoding_dance(s, charset="utf-8", errors="replace"): - return s.decode(charset, errors) - - def wsgi_encoding_dance(s, charset="utf-8", errors="replace"): - if isinstance(s, bytes): - return s - return s.encode(charset, errors) - - def to_bytes(x, charset=sys.getdefaultencoding(), errors="strict"): - if x is None: - return None - if isinstance(x, (bytes, bytearray, buffer)): - return bytes(x) - if isinstance(x, unicode): - return x.encode(charset, errors) - raise TypeError("Expected bytes") - - def to_native(x, charset=sys.getdefaultencoding(), errors="strict"): - if x is None or isinstance(x, str): - return x - return x.encode(charset, errors) - - -else: - unichr = chr - text_type = str - string_types = (str,) - integer_types = (int,) - - iterkeys = lambda d, *args, **kwargs: iter(d.keys(*args, **kwargs)) - itervalues = lambda d, *args, **kwargs: iter(d.values(*args, **kwargs)) - iteritems = lambda d, *args, **kwargs: iter(d.items(*args, **kwargs)) - - iterlists = lambda d, *args, **kwargs: iter(d.lists(*args, **kwargs)) - iterlistvalues = lambda d, *args, **kwargs: iter(d.listvalues(*args, **kwargs)) - - int_to_byte = operator.methodcaller("to_bytes", 1, "big") - iter_bytes = functools.partial(map, int_to_byte) - - import collections.abc as collections_abc - - def reraise(tp, value, tb=None): - if value.__traceback__ is not tb: - raise value.with_traceback(tb) - raise value - - fix_tuple_repr = _identity - implements_iterator = _identity - implements_to_string = _identity - implements_bool = _identity - native_string_result = _identity - imap = map - izip = zip - ifilter = filter - range_type = range - - from io import StringIO, BytesIO - - NativeStringIO = StringIO - - _latin1_encode = operator.methodcaller("encode", "latin1") - - def make_literal_wrapper(reference): - if isinstance(reference, text_type): - return _identity - return _latin1_encode - - def normalize_string_tuple(tup): - """Ensures that all types in the tuple are either strings - or bytes. - """ - tupiter = iter(tup) - is_text = isinstance(next(tupiter, None), text_type) - for arg in tupiter: - if isinstance(arg, text_type) != is_text: - raise TypeError( - "Cannot mix str and bytes arguments (got %s)" % repr(tup) - ) - return tup - - try_coerce_native = _identity - wsgi_get_bytes = _latin1_encode - - def wsgi_decoding_dance(s, charset="utf-8", errors="replace"): - return s.encode("latin1").decode(charset, errors) - - def wsgi_encoding_dance(s, charset="utf-8", errors="replace"): - if isinstance(s, text_type): - s = s.encode(charset) - return s.decode("latin1", errors) - - def to_bytes(x, charset=sys.getdefaultencoding(), errors="strict"): - if x is None: - return None - if isinstance(x, (bytes, bytearray, memoryview)): # noqa - return bytes(x) - if isinstance(x, str): - return x.encode(charset, errors) - raise TypeError("Expected bytes") - - def to_native(x, charset=sys.getdefaultencoding(), errors="strict"): - if x is None or isinstance(x, str): - return x - return x.decode(charset, errors) - - -def to_unicode( - x, charset=sys.getdefaultencoding(), errors="strict", allow_none_charset=False -): - if x is None: - return None - if not isinstance(x, bytes): - return text_type(x) - if charset is None and allow_none_charset: - return x - return x.decode(charset, errors) - - -try: - from os import fspath -except ImportError: - # Python < 3.6 - # https://www.python.org/dev/peps/pep-0519/#backwards-compatibility - def fspath(path): - return path.__fspath__() if hasattr(path, "__fspath__") else path diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py index 1d2eaf5b1..b57fb79ff 100644 --- a/src/werkzeug/_internal.py +++ b/src/werkzeug/_internal.py @@ -10,19 +10,15 @@ """ import inspect import logging +import operator import re import string +import sys from datetime import date from datetime import datetime from itertools import chain from weakref import WeakKeyDictionary -from ._compat import int_to_byte -from ._compat import integer_types -from ._compat import iter_bytes -from ._compat import range_type -from ._compat import text_type - _logger = None _signature_cache = WeakKeyDictionary() @@ -32,8 +28,10 @@ ).encode("ascii") _cookie_quoting_map = {b",": b"\\054", b";": b"\\073", b'"': b'\\"', b"\\": b"\\\\"} -for _i in chain(range_type(32), range_type(127, 256)): - _cookie_quoting_map[int_to_byte(_i)] = ("\\%03o" % _i).encode("latin1") +for _i in chain(range(32), range(127, 256)): + _cookie_quoting_map[_i.to_bytes(1, sys.byteorder)] = ("\\%03o" % _i).encode( + "latin1" + ) _octal_re = re.compile(br"\\[0-3][0-7][0-7]") _quote_re = re.compile(br"[\\].") @@ -52,6 +50,8 @@ flags=re.VERBOSE, ) +_WIN = sys.platform.startswith("win") + class _Missing(object): def __repr__(self): @@ -64,6 +64,69 @@ def __reduce__(self): _missing = _Missing() +def _make_literal_wrapper(reference): + if isinstance(reference, str): + return lambda x: x + return operator.methodcaller("encode", "latin1") + + +def _normalize_string_tuple(tup): + """Ensures that all types in the tuple are either strings or bytes.""" + tupiter = iter(tup) + is_text = isinstance(next(tupiter, None), str) + for arg in tupiter: + if isinstance(arg, str) != is_text: + raise TypeError("Cannot mix str and bytes arguments (got %s)" % repr(tup)) + return tup + + +def _to_bytes(x, charset=sys.getdefaultencoding(), errors="strict"): # noqa + if x is None: + return None + if isinstance(x, (bytes, bytearray, memoryview)): # noqa + return bytes(x) + if isinstance(x, str): + return x.encode(charset, errors) + raise TypeError("Expected bytes") + + +def _to_native(x, charset=sys.getdefaultencoding(), errors="strict"): # noqa + if x is None or isinstance(x, str): + return x + return x.decode(charset, errors) + + +def _to_unicode( + x, + charset=sys.getdefaultencoding(), # noqa + errors="strict", + allow_none_charset=False, +): + if x is None: + return None + if not isinstance(x, bytes): + return str(x) + if charset is None and allow_none_charset: + return x + return x.decode(charset, errors) + + +def _reraise(tp, value, tb=None): + if value.__traceback__ is not tb: + raise value.with_traceback(tb) + raise value + + +def _wsgi_decoding_dance(s, charset="utf-8", errors="replace"): + return s.encode("latin1").decode(charset, errors) + + +def _wsgi_encoding_dance(s, charset="utf-8", errors="replace"): + if isinstance(s, str): + s = s.encode(charset) + return s.decode("latin1", errors) + + def _get_environ(obj): env = getattr(obj, "environ", obj) assert isinstance(env, dict), ( @@ -197,7 +260,7 @@ def _date_to_unix(arg): """ if isinstance(arg, datetime): arg = arg.utctimetuple() - elif isinstance(arg, integer_types + (float,)): + elif isinstance(arg, (int, float)): return int(arg) year, month, day, hour, minute, second = arg[:6] days = date(year, month, 1).toordinal() - _epoch_ord + day - 1 @@ -265,7 +328,8 @@ def _cookie_quote(b): _lookup = _cookie_quoting_map.get _push = buf.extend - for char in iter_bytes(b): + for char_int in b: + char = char_int.to_bytes(1, sys.byteorder) if char not in _legal_cookie_chars: all_legal = False char = _lookup(char, char) @@ -331,7 +395,7 @@ def _cookie_parse_impl(b): def _encode_idna(domain): # If we're given bytes, make sure they fit into ASCII - if not isinstance(domain, text_type): + if not isinstance(domain, str): domain.decode("ascii") return domain @@ -352,7 +416,7 @@ def _decode_idna(domain): # If the input is a string try to encode it to ascii to # do the idna decoding. if that fails because of an # unicode error, then we already have a decoded idna domain - if isinstance(domain, text_type): + if isinstance(domain, str): try: domain = domain.encode("ascii") except UnicodeError: diff --git a/src/werkzeug/_reloader.py b/src/werkzeug/_reloader.py index c2a9c8e05..05ab6f688 100644 --- a/src/werkzeug/_reloader.py +++ b/src/werkzeug/_reloader.py @@ -5,9 +5,6 @@ import time from itertools import chain -from ._compat import iteritems -from ._compat import PY2 -from ._compat import text_type from ._internal import _log @@ -133,7 +130,7 @@ def _find_common_roots(paths): rv = set() def _walk(node, path): - for prefix, child in iteritems(node): + for prefix, child in iter(node.items()): _walk(child, path + (prefix,)) if not node: rv.add("/".join(path)) @@ -165,20 +162,7 @@ def restart_with_reloader(self): _log("info", " * Restarting with %s" % self.name) args = _get_args_for_reloading() - # a weird bug on windows. sometimes unicode strings end up in the - # environment and subprocess.call does not like this, encode them - # to latin1 and continue. - if os.name == "nt" and PY2: - new_environ = {} - for key, value in iteritems(os.environ): - if isinstance(key, text_type): - key = key.encode("iso-8859-1") - if isinstance(value, text_type): - value = value.encode("iso-8859-1") - new_environ[key] = value - else: - new_environ = os.environ.copy() - + new_environ = os.environ.copy() new_environ["WERKZEUG_RUN_MAIN"] = "true" exit_code = subprocess.call(args, env=new_environ, close_fds=False) if exit_code != 3: diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 1cda034fc..98e112f25 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -11,23 +11,16 @@ import codecs import mimetypes import re +from collections.abc import Container +from collections.abc import Iterable +from collections.abc import MutableSet from copy import deepcopy +from io import BytesIO from itertools import repeat +from os import fspath from . import exceptions -from ._compat import BytesIO -from ._compat import collections_abc -from ._compat import fspath -from ._compat import integer_types -from ._compat import iteritems -from ._compat import iterkeys -from ._compat import iterlists -from ._compat import itervalues -from ._compat import make_literal_wrapper -from ._compat import PY2 -from ._compat import string_types -from ._compat import text_type -from ._compat import to_native +from ._internal import _make_literal_wrapper from ._internal import _missing from .filesystem import get_filesystem_encoding @@ -41,10 +34,10 @@ def iter_multi_items(mapping): without dropping any from more complex structures. """ if isinstance(mapping, MultiDict): - for item in iteritems(mapping, multi=True): + for item in iter(mapping.items(multi=True)): yield item elif isinstance(mapping, dict): - for key, value in iteritems(mapping): + for key, value in iter(mapping.items()): if isinstance(value, (tuple, list)): for v in value: yield key, v @@ -55,44 +48,6 @@ def iter_multi_items(mapping): yield item -def native_itermethods(names): - if not PY2: - return lambda x: x - - def setviewmethod(cls, name): - viewmethod_name = "view%s" % name - repr_name = "view_%s" % name - - def viewmethod(self, *a, **kw): - return ViewItems(self, name, repr_name, *a, **kw) - - viewmethod.__name__ = viewmethod_name - viewmethod.__doc__ = "`%s()` object providing a view on %s" % ( - viewmethod_name, - name, - ) - setattr(cls, viewmethod_name, viewmethod) - - def setitermethod(cls, name): - itermethod = getattr(cls, name) - setattr(cls, "iter%s" % name, itermethod) - - def listmethod(self, *a, **kw): - return list(itermethod(self, *a, **kw)) - - listmethod.__name__ = name - listmethod.__doc__ = "Like :py:meth:`iter%s`, but returns a list." % name - setattr(cls, name, listmethod) - - def wrap(cls): - for name in names: - setitermethod(cls, name) - setviewmethod(cls, name) - return cls - - return wrap - - class ImmutableListMixin(object): """Makes a :class:`list` immutable. @@ -176,7 +131,7 @@ def __reduce_ex__(self, protocol): return type(self), (dict(self),) def _iter_hashitems(self): - return iteritems(self) + return iter(self.items()) def __hash__(self): if self._hash_cache is not None: @@ -215,10 +170,10 @@ class ImmutableMultiDictMixin(ImmutableDictMixin): """ def __reduce_ex__(self, protocol): - return type(self), (list(iteritems(self, multi=True)),) + return type(self), (list(iter(self.items(multi=True))),) def _iter_hashitems(self): - return iteritems(self, multi=True) + return iter(self.items(multi=True)) def add(self, key, value): is_immutable(self) @@ -358,7 +313,6 @@ def __iter__(self): return iter(self.__get_items()) -@native_itermethods(["keys", "values", "items", "lists", "listvalues"]) class MultiDict(TypeConversionDict): """A :class:`MultiDict` is a dictionary subclass customized to deal with multiple values for the same key which is for example used by the parsing @@ -402,10 +356,10 @@ class MultiDict(TypeConversionDict): def __init__(self, mapping=None): if isinstance(mapping, MultiDict): - dict.__init__(self, ((k, l[:]) for k, l in iterlists(mapping))) + dict.__init__(self, ((k, l[:]) for k, l in iter(mapping.lists()))) elif isinstance(mapping, dict): tmp = {} - for key, value in iteritems(mapping): + for key, value in iter(mapping.items()): if isinstance(value, (tuple, list)): if len(value) == 0: continue @@ -549,7 +503,7 @@ def items(self, multi=False): contain pairs for the first value of each key. """ - for key, values in iteritems(dict, self): + for key, values in iter(dict.items(self)): if multi: for value in values: yield key, value @@ -560,17 +514,17 @@ def lists(self): """Return a iterator of ``(key, values)`` pairs, where values is the list of all values associated with the key.""" - for key, values in iteritems(dict, self): + for key, values in iter(dict.items(self)): yield key, list(values) def keys(self): - return iterkeys(dict, self) + return iter(dict.keys(self)) __iter__ = keys def values(self): """Returns an iterator of the first value on every key's value list.""" - for values in itervalues(dict, self): + for values in iter(dict.values(self)): yield values[0] def listvalues(self): @@ -582,7 +536,7 @@ def listvalues(self): True """ - return itervalues(dict, self) + return iter(dict.values(self)) def copy(self): """Return a shallow copy of this object.""" @@ -603,7 +557,7 @@ def to_dict(self, flat=True): :return: a :class:`dict` """ if flat: - return dict(iteritems(self)) + return dict(iter(self.items())) return dict(self.lists()) def update(self, other_dict): @@ -689,7 +643,7 @@ def __deepcopy__(self, memo): return self.deepcopy(memo=memo) def __repr__(self): - return "%s(%r)" % (self.__class__.__name__, list(iteritems(self, multi=True))) + return "%s(%r)" % (self.__class__.__name__, list(iter(self.items(multi=True)))) class _omd_bucket(object): @@ -724,7 +678,6 @@ def unlink(self, omd): omd._last_bucket = self.prev -@native_itermethods(["keys", "values", "items", "lists", "listvalues"]) class OrderedMultiDict(MultiDict): """Works like a regular :class:`MultiDict` but preserves the order of the fields. To convert the ordered multi dict into a @@ -751,8 +704,8 @@ def __eq__(self, other): if not isinstance(other, MultiDict): return NotImplemented if isinstance(other, OrderedMultiDict): - iter1 = iteritems(self, multi=True) - iter2 = iteritems(other, multi=True) + iter1 = iter(self.items(multi=True)) + iter2 = iter(other.items(multi=True)) try: for k1, v1 in iter1: k2, v2 = next(iter2) @@ -767,7 +720,7 @@ def __eq__(self, other): return False if len(self) != len(other): return False - for key, values in iterlists(self): + for key, values in iter(self.lists()): if other.getlist(key) != values: return False return True @@ -778,10 +731,10 @@ def __ne__(self, other): return not self.__eq__(other) def __reduce_ex__(self, protocol): - return type(self), (list(iteritems(self, multi=True)),) + return type(self), (list(iter(self.items(multi=True))),) def __getstate__(self): - return list(iteritems(self, multi=True)) + return list(iter(self.items(multi=True))) def __setstate__(self, values): dict.clear(self) @@ -801,12 +754,12 @@ def __delitem__(self, key): self.pop(key) def keys(self): - return (key for key, value in iteritems(self)) + return (key for key, value in iter(self.items())) __iter__ = keys def values(self): - return (value for key, value in iteritems(self)) + return (value for key, value in iter(self.items())) def items(self, multi=False): ptr = self._first_bucket @@ -832,7 +785,7 @@ def lists(self): ptr = ptr.next def listvalues(self): - for _key, values in iterlists(self): + for _key, values in iter(self.lists()): yield values def add(self, key, value): @@ -910,12 +863,11 @@ def _options_header_vkw(value, kw): def _unicodify_header_value(value): if isinstance(value, bytes): value = value.decode("latin-1") - if not isinstance(value, text_type): - value = text_type(value) + if not isinstance(value, str): + value = str(value) return value -@native_itermethods(["keys", "values", "items"]) class Headers(object): """An object that stores some headers. It has a dict-like interface but is ordered and can store the same keys multiple times. @@ -959,11 +911,11 @@ def __init__(self, defaults=None): def __getitem__(self, key, _get_mode=False): if not _get_mode: - if isinstance(key, integer_types): + if isinstance(key, int): return self._list[key] elif isinstance(key, slice): return self.__class__(self._list[key]) - if not isinstance(key, string_types): + if not isinstance(key, str): raise exceptions.BadRequestKeyError(key) ikey = key.lower() for k, v in self._list: @@ -1073,11 +1025,11 @@ def items(self, lower=False): yield key, value def keys(self, lower=False): - for key, _ in iteritems(self, lower): + for key, _ in iter(self.items(lower)): yield key def values(self): - for _, value in iteritems(self): + for _, value in iter(self.items()): yield value def extend(self, *args, **kwargs): @@ -1105,7 +1057,7 @@ def extend(self, *args, **kwargs): self.add(key, value) def __delitem__(self, key, _index_operation=True): - if _index_operation and isinstance(key, (integer_types, slice)): + if _index_operation and isinstance(key, (int, slice)): del self._list[key] return key = key.lower() @@ -1133,7 +1085,7 @@ def pop(self, key=None, default=_missing): """ if key is None: return self._list.pop() - if isinstance(key, integer_types): + if isinstance(key, int): return self._list.pop(key) try: rv = self[key] @@ -1189,7 +1141,7 @@ def add(self, _key, _value, **kw): self._list.append((_key, _value)) def _validate_value(self, value): - if not isinstance(value, text_type): + if not isinstance(value, str): raise TypeError("Value should be unicode.") if u"\n" in value or u"\r" in value: raise ValueError( @@ -1297,15 +1249,15 @@ def setlistdefault(self, key, default): def __setitem__(self, key, value): """Like :meth:`set` but also supports index/slice based setting.""" - if isinstance(key, (slice, integer_types)): - if isinstance(key, integer_types): + if isinstance(key, (slice, int)): + if isinstance(key, int): value = [value] value = [ (_unicodify_header_value(k), _unicodify_header_value(v)) for (k, v) in value ] [self._validate_value(v) for (k, v) in value] - if isinstance(key, integer_types): + if isinstance(key, int): self._list[key] = value[0] else: self._list[key] = value @@ -1335,7 +1287,7 @@ def update(self, *args, **kwargs): for key in mapping.keys(): self.setlist(key, mapping.getlist(key)) elif isinstance(mapping, dict): - for key, value in iteritems(mapping): + for key, value in mapping.items(): if isinstance(value, (list, tuple)): self.setlist(key, value) else: @@ -1344,7 +1296,7 @@ def update(self, *args, **kwargs): for key, value in mapping: self.set(key, value) - for key, value in iteritems(kwargs): + for key, value in kwargs.items(): if isinstance(value, (list, tuple)): self.setlist(key, value) else: @@ -1358,8 +1310,6 @@ def to_wsgi_list(self): :return: list """ - if PY2: - return [(to_native(k), v.encode("latin1")) for k, v in self] return list(self) def copy(self): @@ -1455,7 +1405,7 @@ def __eq__(self, other): def __getitem__(self, key, _get_mode=False): # _get_mode is a no-op for this class as there is no index but # used because get() calls it. - if not isinstance(key, string_types): + if not isinstance(key, str): raise KeyError(key) key = key.upper().replace("-", "_") if key in ("CONTENT_TYPE", "CONTENT_LENGTH"): @@ -1468,7 +1418,7 @@ def __len__(self): return len(list(iter(self))) def __iter__(self): - for key, value in iteritems(self.environ): + for key, value in iter(self.environ.items()): if key.startswith("HTTP_") and key not in ( "HTTP_CONTENT_TYPE", "HTTP_CONTENT_LENGTH", @@ -1484,7 +1434,6 @@ def copy(self): raise TypeError("cannot create %r copies" % self.__class__.__name__) -@native_itermethods(["keys", "values", "items", "lists", "listvalues"]) class CombinedMultiDict(ImmutableMultiDictMixin, MultiDict): """A read only :class:`MultiDict` that you can pass multiple :class:`MultiDict` instances as sequence and it will combine the return values of all wrapped @@ -1550,7 +1499,7 @@ def _keys_impl(self): """ rv = set() for d in self.dicts: - rv.update(iterkeys(d)) + rv.update(iter(d.keys())) return rv def keys(self): @@ -1561,7 +1510,7 @@ def keys(self): def items(self, multi=False): found = set() for d in self.dicts: - for key, value in iteritems(d, multi): + for key, value in iter(d.items(multi)): if multi: yield key, value elif key not in found: @@ -1569,15 +1518,15 @@ def items(self, multi=False): yield key, value def values(self): - for _key, value in iteritems(self): + for _key, value in iter(self.items()): yield value def lists(self): rv = {} for d in self.dicts: - for key, values in iterlists(d): + for key, values in iter(d.lists()): rv.setdefault(key, []).extend(values) - return iteritems(rv) + return iter(rv.items()) def listvalues(self): return (x[1] for x in self.lists()) @@ -1644,7 +1593,7 @@ def add_file(self, name, file, filename=None, content_type=None): if isinstance(file, FileStorage): value = file else: - if isinstance(file, string_types): + if isinstance(file, str): if filename is None: filename = file file = open(file, "rb") @@ -1701,7 +1650,7 @@ class ImmutableOrderedMultiDict(ImmutableMultiDictMixin, OrderedMultiDict): """ def _iter_hashitems(self): - return enumerate(iteritems(self, multi=True)) + return enumerate(iter(self.items(multi=True))) def copy(self): """Return a shallow mutable copy of this object. Keep in mind that @@ -1714,7 +1663,6 @@ def __copy__(self): return self -@native_itermethods(["values"]) class Accept(ImmutableList): """An :class:`Accept` object is just a list subclass for lists of ``(value, quality)`` tuples. It is automatically sorted by specificity @@ -1778,7 +1726,7 @@ def __getitem__(self, key): to get the quality for the item. If the item is not in the list, the returned quality is ``0``. """ - if isinstance(key, string_types): + if isinstance(key, str): return self.quality(key) return list.__getitem__(self, key) @@ -1815,7 +1763,7 @@ def index(self, key): This used to raise :exc:`IndexError`, which was inconsistent with the list API. """ - if isinstance(key, string_types): + if isinstance(key, str): for idx, (item, _quality) in enumerate(self): if self._value_matches(key, item): return idx @@ -2289,7 +2237,7 @@ def __repr__(self): return "<%s %s>" % (self.__class__.__name__, dict.__repr__(self)) -class HeaderSet(collections_abc.MutableSet): +class HeaderSet(MutableSet): """Similar to the :class:`ETags` class this implements a set-like structure. Unlike :class:`ETags` this is case insensitive and used for vary, allow, and content-language headers. @@ -2439,7 +2387,7 @@ def __repr__(self): return "%s(%r)" % (self.__class__.__name__, self._headers) -class ETags(collections_abc.Container, collections_abc.Iterable): +class ETags(Container, Iterable): """A set that can be used to check if one etag is present in a collection of etags. """ @@ -2847,7 +2795,7 @@ def to_header(self): value, allow_token=key not in self._require_quoting ), ) - for key, value in iteritems(d) + for key, value in iter(d.items()) ] ), ) @@ -2983,14 +2931,14 @@ def __init__( # special filenames with angular brackets. if filename is None: filename = getattr(stream, "name", None) - s = make_literal_wrapper(filename) + s = _make_literal_wrapper(filename) if filename and filename[0] == s("<") and filename[-1] == s(">"): filename = None - # On Python 3 we want to make sure the filename is always unicode. + # We want to make sure the filename is always unicode. # This might not be if the name attribute is bytes due to the # file being opened from the bytes API. - if not PY2 and isinstance(filename, bytes): + if isinstance(filename, bytes): filename = filename.decode(get_filesystem_encoding(), "replace") self.filename = filename @@ -3060,7 +3008,7 @@ def save(self, dst, buffer_size=16384): close_dst = False dst = fspath(dst) - if isinstance(dst, string_types): + if isinstance(dst, str): dst = open(dst, "wb") close_dst = True diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py index f9f6e8531..575fa5b00 100644 --- a/src/werkzeug/debug/__init__.py +++ b/src/werkzeug/debug/__init__.py @@ -22,7 +22,6 @@ from os.path import basename from os.path import join -from .._compat import text_type from .._internal import _log from ..http import parse_cookie from ..security import gen_salt @@ -37,7 +36,7 @@ def hash_pin(pin): - if isinstance(pin, text_type): + if isinstance(pin, str): pin = pin.encode("utf-8", "replace") return hashlib.md5(pin + b"shittysalt").hexdigest()[:12] @@ -188,7 +187,7 @@ def get_pin_and_cookie_name(app): for bit in chain(probably_public_bits, private_bits): if not bit: continue - if isinstance(bit, text_type): + if isinstance(bit, str): bit = bit.encode("utf-8") h.update(bit) h.update(b"cookiesalt") diff --git a/src/werkzeug/debug/repr.py b/src/werkzeug/debug/repr.py index d7a7285ca..cb245ceca 100644 --- a/src/werkzeug/debug/repr.py +++ b/src/werkzeug/debug/repr.py @@ -19,11 +19,6 @@ from collections import deque from traceback import format_exception_only -from .._compat import integer_types -from .._compat import iteritems -from .._compat import PY2 -from .._compat import string_types -from .._compat import text_type from ..utils import escape @@ -143,10 +138,7 @@ def proxy(self, obj, recursive): def regex_repr(self, obj): pattern = repr(obj.pattern) - if PY2: - pattern = pattern.decode("string-escape", "ignore") - else: - pattern = codecs.decode(pattern, "unicode-escape", "ignore") + pattern = codecs.decode(pattern, "unicode-escape", "ignore") if pattern[:1] == "u": pattern = "ur" + pattern[1:] else: @@ -175,7 +167,7 @@ def string_repr(self, obj, limit=70): # if the repr looks like a standard string, add subclass info if needed if r[0] in "'\"" or (r[0] in "ub" and r[1] in "'\""): - return _add_subclass_info(out, obj, (bytes, text_type)) + return _add_subclass_info(out, obj, (bytes, str)) # otherwise, assume the repr distinguishes the subclass already return out @@ -185,7 +177,7 @@ def dict_repr(self, d, recursive, limit=5): return _add_subclass_info(u"{...}", d, dict) buf = ["{"] have_extended_section = False - for idx, (key, value) in enumerate(iteritems(d)): + for idx, (key, value) in enumerate(iter(d.items())): if idx: buf.append(", ") if idx == limit - 1: @@ -203,16 +195,14 @@ def dict_repr(self, d, recursive, limit=5): def object_repr(self, obj): r = repr(obj) - if PY2: - r = r.decode("utf-8", "replace") return u'%s' % escape(r) def dispatch_repr(self, obj, recursive): if obj is helper: return u'%r' % helper - if isinstance(obj, (integer_types, float, complex)): + if isinstance(obj, (int, float, complex)): return u'%r' % obj - if isinstance(obj, string_types) or isinstance(obj, bytes): + if isinstance(obj, str) or isinstance(obj, bytes): return self.string_repr(obj) if isinstance(obj, RegexType): return self.regex_repr(obj) @@ -235,8 +225,6 @@ def fallback_repr(self): info = "".join(format_exception_only(*sys.exc_info()[:2])) except Exception: # pragma: no cover info = "?" - if PY2: - info = info.decode("utf-8", "ignore") return u'<broken repr (%s)>' u"" % escape( info.strip() ) @@ -261,8 +249,8 @@ def dump_object(self, obj): if isinstance(obj, dict): title = "Contents of" items = [] - for key, value in iteritems(obj): - if not isinstance(key, string_types): + for key, value in obj.items(): + if not isinstance(key, str): items = None break items.append((key, self.repr(value))) diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py index b34403dce..da4f68c15 100644 --- a/src/werkzeug/debug/tbtools.py +++ b/src/werkzeug/debug/tbtools.py @@ -18,13 +18,9 @@ import traceback from tokenize import TokenError -from .._compat import PY2 -from .._compat import range_type -from .._compat import reraise -from .._compat import string_types -from .._compat import text_type -from .._compat import to_native -from .._compat import to_unicode +from .._internal import _reraise +from .._internal import _to_native +from .._internal import _to_unicode from ..filesystem import get_filesystem_encoding from ..utils import cached_property from ..utils import escape @@ -192,8 +188,8 @@ def get_current_traceback( """ exc_type, exc_value, tb = sys.exc_info() if ignore_system_exceptions and exc_type in system_exceptions: - reraise(exc_type, exc_value, tb) - for _ in range_type(skip): + _reraise(exc_type, exc_value, tb) + for _ in range(skip): if tb.tb_next is None: break tb = tb.tb_next @@ -249,8 +245,6 @@ def __init__(self, exc_type, exc_value, tb): while True: self.groups.append(Group(exc_type, exc_value, tb)) memo.add(id(exc_value)) - if PY2: - break exc_value = exc_value.__cause__ or exc_value.__context__ if exc_value is None or id(exc_value) in memo: break @@ -281,7 +275,7 @@ def log(self, logfile=None): if logfile is None: logfile = sys.stderr tb = self.plaintext.rstrip() + u"\n" - logfile.write(to_native(tb, "utf-8", "replace")) + logfile.write(_to_native(tb, "utf-8", "replace")) def paste(self): """Create a paste and return the paste id.""" @@ -367,17 +361,16 @@ def __init__(self, exc_type, exc_value, tb): self.exc_type = exc_type self.exc_value = exc_value self.info = None - if not PY2: - if exc_value.__cause__ is not None: - self.info = ( - u"The above exception was the direct cause of the" - u" following exception" - ) - elif exc_value.__context__ is not None: - self.info = ( - u"During handling of the above exception, another" - u" exception occurred" - ) + if exc_value.__cause__ is not None: + self.info = ( + u"The above exception was the direct cause of the" + u" following exception" + ) + elif exc_value.__context__ is not None: + self.info = ( + u"During handling of the above exception, another" + u" exception occurred" + ) self.frames = [] while tb is not None: @@ -421,7 +414,7 @@ def exception(self): """String representation of the exception.""" buf = traceback.format_exception_only(self.exc_type, self.exc_value) rv = "".join(buf).strip() - return to_unicode(rv, "utf-8", "replace") + return _to_unicode(rv, "utf-8", "replace") def render(self, mark_lib=True): out = [] @@ -463,7 +456,7 @@ def __init__(self, exc_type, exc_value, tb): # if it's a file on the file system resolve the real filename. if os.path.isfile(fn): fn = os.path.realpath(fn) - self.filename = to_unicode(fn, get_filesystem_encoding()) + self.filename = _to_unicode(fn, get_filesystem_encoding()) self.module = self.globals.get("__name__", self.locals.get("__name__")) self.loader = self.globals.get("__loader__", self.locals.get("__loader__")) self.code = tb.tb_frame.f_code @@ -472,7 +465,7 @@ def __init__(self, exc_type, exc_value, tb): self.hide = self.locals.get("__traceback_hide__", False) info = self.locals.get("__traceback_info__") if info is not None: - info = to_unicode(info, "utf-8", "replace") + info = _to_unicode(info, "utf-8", "replace") self.info = info def render(self, mark_lib=True): @@ -549,9 +542,7 @@ def get_annotated_lines(self): def eval(self, code, mode="single"): """Evaluate code in the context of the frame.""" - if isinstance(code, string_types): - if PY2 and isinstance(code, text_type): # noqa - code = UTF8_COOKIE + code.encode("utf-8") + if isinstance(code, str): code = compile(code, "", mode) return eval(code, self.globals, self.locals) @@ -574,14 +565,14 @@ def sourcelines(self): if source is None: try: with open( - to_native(self.filename, get_filesystem_encoding()), mode="rb" + _to_native(self.filename, get_filesystem_encoding()), mode="rb" ) as f: source = f.read() except IOError: return [] # already unicode? return right away - if isinstance(source, text_type): + if isinstance(source, str): return source.splitlines() # yes. it should be ascii, but we don't want to reject too many @@ -599,7 +590,7 @@ def sourcelines(self): break # on broken cookies we fall back to utf-8 too - charset = to_native(charset) + charset = _to_native(charset) try: codecs.lookup(charset) except LookupError: diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index 82e99c2e5..2215e07c9 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -60,15 +60,10 @@ def application(environ, start_response): import sys from datetime import datetime -from ._compat import implements_to_string -from ._compat import integer_types -from ._compat import iteritems -from ._compat import text_type from ._internal import _get_environ from .utils import escape -@implements_to_string class HTTPException(Exception): """Baseclass for all HTTP exceptions. This exception can be called as WSGI application to render a default error page or you can catch the subclasses @@ -146,19 +141,16 @@ def get_description(self, environ=None): def get_body(self, environ=None): """Get the HTML body.""" - return text_type( - ( - u'\n' - u"%(code)s %(name)s\n" - u"

%(name)s

\n" - u"%(description)s\n" - ) - % { - "code": self.code, - "name": escape(self.name), - "description": self.get_description(environ), - } - ) + return ( + '\n' + "%(code)s %(name)s\n" + "

%(name)s

\n" + "%(description)s\n" + ) % { + "code": self.code, + "name": escape(self.name), + "description": self.get_description(environ), + } def get_headers(self, environ=None): """Get a list of headers.""" @@ -765,7 +757,7 @@ class HTTPVersionNotSupported(HTTPException): def _find_exceptions(): - for _name, obj in iteritems(globals()): + for obj in globals().values(): try: is_http_exception = issubclass(obj, HTTPException) except TypeError: @@ -800,7 +792,7 @@ def __init__(self, mapping=None, extra=None): self.mapping.update(extra) def __call__(self, code, *args, **kwargs): - if not args and not kwargs and not isinstance(code, integer_types): + if not args and not kwargs and not isinstance(code, int): raise HTTPException(response=code) if code not in self.mapping: raise LookupError("no exception for %r" % code) diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py index ffdb9b0f1..78e205f4d 100644 --- a/src/werkzeug/formparser.py +++ b/src/werkzeug/formparser.py @@ -12,14 +12,13 @@ import codecs import re from functools import update_wrapper +from io import BytesIO from itertools import chain from itertools import repeat from itertools import tee from . import exceptions -from ._compat import BytesIO -from ._compat import text_type -from ._compat import to_native +from ._internal import _to_native from .datastructures import FileStorage from .datastructures import Headers from .datastructures import MultiDict @@ -248,7 +247,7 @@ def _parse_multipart(self, stream, mimetype, content_length, options): boundary = options.get("boundary") if boundary is None: raise ValueError("Missing boundary") - if isinstance(boundary, text_type): + if isinstance(boundary, str): boundary = boundary.encode("ascii") form, files = parser.parse(stream, boundary, content_length) return stream, form, files @@ -299,7 +298,7 @@ def parse_multipart_headers(iterable): """ result = [] for line in iterable: - line = to_native(line) + line = _to_native(line) line, line_terminated = _line_parse(line) if not line_terminated: raise ValueError("unexpected end of line in multipart header") diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index b428ceeb2..877051316 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -25,17 +25,11 @@ from time import gmtime from time import time -from ._compat import integer_types -from ._compat import iteritems -from ._compat import PY2 -from ._compat import string_types -from ._compat import text_type -from ._compat import to_bytes -from ._compat import to_unicode -from ._compat import try_coerce_native from ._internal import _cookie_parse_impl from ._internal import _cookie_quote from ._internal import _make_cookie_domain +from ._internal import _to_bytes +from ._internal import _to_unicode try: from email.utils import parsedate_tz @@ -274,7 +268,7 @@ def dump_options_header(header, options): segments = [] if header is not None: segments.append(header) - for key, value in iteritems(options): + for key, value in iter(options.items()): if value is None: segments.append(key) else: @@ -299,7 +293,7 @@ def dump_header(iterable, allow_token=True): """ if isinstance(iterable, dict): items = [] - for key, value in iteritems(iterable): + for key, value in iter(iterable.items()): if value is None: items.append(key) else: @@ -321,7 +315,7 @@ def dump_csp_header(header): Support for Content Security Policy headers was added. """ - return "; ".join("%s %s" % (key, value) for key, value in iteritems(header)) + return "; ".join("%s %s" % (key, value) for key, value in iter(header.items())) def parse_list_header(value): @@ -381,7 +375,7 @@ def parse_dict_header(value, cls=dict): :return: an instance of `cls` """ result = cls() - if not isinstance(value, text_type): + if not isinstance(value, str): # XXX: validate value = bytes_to_wsgi(value) for item in _parse_list_header(value): @@ -605,8 +599,8 @@ def parse_authorization_header(value): return Authorization( "basic", { - "username": to_unicode(username, _basic_auth_charset), - "password": to_unicode(password, _basic_auth_charset), + "username": _to_unicode(username, _basic_auth_charset), + "password": _to_unicode(password, _basic_auth_charset), }, ) elif auth_type == b"digest": @@ -861,7 +855,7 @@ def _dump_date(d, delim): d = gmtime() elif isinstance(d, datetime): d = d.utctimetuple() - elif isinstance(d, (integer_types, float)): + elif isinstance(d, (int, float)): d = gmtime(d) return "%s, %02d%s%s%s%s %02d:%02d:%02d GMT" % ( ("Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun")[d.tm_wday], @@ -984,7 +978,7 @@ def is_resource_modified( raise TypeError("both data and etag given") unmodified = False - if isinstance(last_modified, string_types): + if isinstance(last_modified, str): last_modified = parse_date(last_modified) # ensure that microsecond is zero because the HTTP spec does not transmit @@ -1115,7 +1109,7 @@ def parse_cookie(header, charset="utf-8", errors="replace", cls=None): # On Python 3, PEP 3333 sends headers through the environ as latin1 # decoded strings. Encode strings back to bytes for parsing. - if isinstance(header, text_type): + if isinstance(header, str): header = header.encode("latin1", "replace") if cls is None: @@ -1123,11 +1117,11 @@ def parse_cookie(header, charset="utf-8", errors="replace", cls=None): def _parse_pairs(): for key, val in _cookie_parse_impl(header): - key = to_unicode(key, charset, errors, allow_none_charset=True) + key = _to_unicode(key, charset, errors, allow_none_charset=True) if not key: continue - val = to_unicode(val, charset, errors, allow_none_charset=True) - yield try_coerce_native(key), val + val = _to_unicode(val, charset, errors, allow_none_charset=True) + yield key, val return cls(_parse_pairs()) @@ -1192,8 +1186,8 @@ def dump_cookie( .. versionchanged:: 1.0.0 The string ``'None'`` is accepted for ``samesite``. """ - key = to_bytes(key, charset) - value = to_bytes(value, charset) + key = _to_bytes(key, charset) + value = _to_bytes(value, charset) if path is not None: from .urls import iri_to_uri @@ -1203,10 +1197,10 @@ def dump_cookie( if isinstance(max_age, timedelta): max_age = (max_age.days * 60 * 60 * 24) + max_age.seconds if expires is not None: - if not isinstance(expires, string_types): + if not isinstance(expires, str): expires = cookie_date(expires) elif max_age is not None and sync_expires: - expires = to_bytes(cookie_date(time() + max_age)) + expires = _to_bytes(cookie_date(time() + max_age)) if samesite is not None: samesite = samesite.title() @@ -1238,7 +1232,7 @@ def dump_cookie( tmp = bytearray(k) if not isinstance(v, (bytes, bytearray)): - v = to_bytes(text_type(v), charset) + v = _to_bytes(str(v), charset) if q: v = _cookie_quote(v) tmp += b"=" + v @@ -1248,8 +1242,7 @@ def dump_cookie( # Python 3 for consistency with the headers object and a bytestring # on Python 2 because that's how the API makes more sense. rv = b"; ".join(buf) - if not PY2: - rv = rv.decode("latin1") + rv = rv.decode("latin1") # Warn if the final value of the cookie is larger than the limit. If the # cookie is too large, then it may be silently ignored by the browser, diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py index 626b87b0f..7b5dc5a81 100644 --- a/src/werkzeug/local.py +++ b/src/werkzeug/local.py @@ -11,8 +11,6 @@ import copy from functools import update_wrapper -from ._compat import implements_bool -from ._compat import PY2 from .wsgi import ClosingIterator # since each thread has its own greenlet we can just use those as identifiers @@ -250,7 +248,6 @@ def __repr__(self): return "<%s storages: %d>" % (self.__class__.__name__, len(self.locals)) -@implements_bool class LocalProxy(object): """Acts as a proxy for a werkzeug local. Forwards all operations to a proxied object. The only operations not supported for forwarding @@ -352,15 +349,6 @@ def __setitem__(self, key, value): def __delitem__(self, key): del self._get_current_object()[key] - if PY2: - __getslice__ = lambda x, i, j: x._get_current_object()[i:j] - - def __setslice__(self, i, j, seq): - self._get_current_object()[i:j] = seq - - def __delslice__(self, i, j): - del self._get_current_object()[i:j] - __setattr__ = lambda x, n, v: setattr(x._get_current_object(), n, v) __delattr__ = lambda x, n: delattr(x._get_current_object(), n) __str__ = lambda x: str(x._get_current_object()) @@ -409,10 +397,7 @@ def __delslice__(self, i, j): __rsub__ = lambda x, o: o - x._get_current_object() __rmul__ = lambda x, o: o * x._get_current_object() __rdiv__ = lambda x, o: o / x._get_current_object() - if PY2: - __rtruediv__ = lambda x, o: x._get_current_object().__rtruediv__(o) - else: - __rtruediv__ = __rdiv__ + __rtruediv__ = __rdiv__ __rfloordiv__ = lambda x, o: o // x._get_current_object() __rmod__ = lambda x, o: o % x._get_current_object() __rdivmod__ = lambda x, o: x._get_current_object().__rdivmod__(o) diff --git a/src/werkzeug/middleware/lint.py b/src/werkzeug/middleware/lint.py index 98f958177..048ceed28 100644 --- a/src/werkzeug/middleware/lint.py +++ b/src/werkzeug/middleware/lint.py @@ -14,9 +14,6 @@ """ from warnings import warn -from .._compat import implements_iterator -from .._compat import PY2 -from .._compat import string_types from ..datastructures import Headers from ..http import is_entity_header from ..wsgi import FileWrapper @@ -126,14 +123,10 @@ def __call__(self, s): self._chunks.append(len(s)) -@implements_iterator class GuardedIterator(object): def __init__(self, iterator, headers_set, chunks): self._iterator = iterator - if PY2: - self._next = iter(iterator).next - else: - self._next = iter(iterator).__next__ + self._next = iter(iterator).__next__ self.closed = False self.headers_set = headers_set self.chunks = chunks @@ -351,7 +344,7 @@ def check_headers(self, headers): ) def check_iterator(self, app_iter): - if isinstance(app_iter, string_types): + if isinstance(app_iter, str): warn( "The application returned astring. The response will send one character" " at a time to the client, which will kill performance. Return a list" diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py index ab4ff0ffc..99a23fcce 100644 --- a/src/werkzeug/middleware/shared_data.py +++ b/src/werkzeug/middleware/shared_data.py @@ -18,8 +18,6 @@ from time import time from zlib import adler32 -from .._compat import PY2 -from .._compat import string_types from ..filesystem import get_filesystem_encoding from ..http import http_date from ..http import is_resource_modified @@ -111,7 +109,7 @@ def __init__( for key, value in exports: if isinstance(value, tuple): loader = self.get_package_loader(*value) - elif isinstance(value, string_types): + elif isinstance(value, str): if os.path.isfile(value): loader = self.get_file_loader(value) else: @@ -235,9 +233,6 @@ def generate_etag(self, mtime, file_size, real_filename): def __call__(self, environ, start_response): path = get_path_info(environ) - if PY2: - path = path.encode(get_filesystem_encoding()) - file_loader = None for search_path, loader in self.exports: diff --git a/src/werkzeug/posixemulation.py b/src/werkzeug/posixemulation.py index 696b45622..ed4457176 100644 --- a/src/werkzeug/posixemulation.py +++ b/src/werkzeug/posixemulation.py @@ -23,7 +23,7 @@ import sys import time -from ._compat import to_unicode +from ._internal import _to_unicode from .filesystem import get_filesystem_encoding can_rename_open_file = False @@ -37,8 +37,8 @@ _MoveFileEx = ctypes.windll.kernel32.MoveFileExW def _rename(src, dst): - src = to_unicode(src, get_filesystem_encoding()) - dst = to_unicode(dst, get_filesystem_encoding()) + src = _to_unicode(src, get_filesystem_encoding()) + dst = _to_unicode(dst, get_filesystem_encoding()) if _rename_atomic(src, dst): return True retry = 0 diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index a90390ba0..3fa87dbcc 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -104,17 +104,11 @@ from pprint import pformat from threading import Lock -from ._compat import implements_to_string -from ._compat import iteritems -from ._compat import itervalues -from ._compat import native_string_result -from ._compat import string_types -from ._compat import text_type -from ._compat import to_bytes -from ._compat import to_unicode -from ._compat import wsgi_decoding_dance from ._internal import _encode_idna from ._internal import _get_environ +from ._internal import _to_bytes +from ._internal import _to_unicode +from ._internal import _wsgi_decoding_dance from .datastructures import ImmutableDict from .datastructures import MultiDict from .exceptions import BadHost @@ -175,7 +169,7 @@ def _pythonize(value): pass if value[:1] == value[-1:] and value[0] in "\"'": value = value[1:-1] - return text_type(value) + return str(value) def parse_converter_args(argstr): @@ -270,7 +264,6 @@ def __init__(self, matched_values): self.matched_values = matched_values -@implements_to_string class BuildError(RoutingException, LookupError): """Raised if the build system cannot find a URL for an endpoint with the values provided. @@ -479,14 +472,14 @@ def get_rules(self, map): new_defaults = subdomain = None if rule.defaults: new_defaults = {} - for key, value in iteritems(rule.defaults): - if isinstance(value, string_types): + for key, value in iter(rule.defaults.items()): + if isinstance(value, str): value = format_string(value, self.context) new_defaults[key] = value if rule.subdomain is not None: subdomain = format_string(rule.subdomain, self.context) new_endpoint = rule.endpoint - if isinstance(new_endpoint, string_types): + if isinstance(new_endpoint, str): new_endpoint = format_string(new_endpoint, self.context) yield Rule( format_string(rule.rule, self.context), @@ -522,7 +515,6 @@ def _prefix_names(src): _URL_ENCODE_AST_NAMES = (_prefix_names("q"), _prefix_names("params")) -@implements_to_string class Rule(RuleFactory): """A Rule represents one URL pattern. There are some options for `Rule` that change the way it behaves and are passed to the `Rule` constructor. @@ -889,7 +881,7 @@ def match(self, path, method=None): del groups["__suffix__"] result = {} - for name, value in iteritems(groups): + for name, value in iter(groups.items()): try: value = self._converters[name].to_python(value) except ValidationError: @@ -939,7 +931,7 @@ def _compile_builder(self, append_unknown=True): opl.append((False, data)) elif not is_dynamic: opl.append( - (False, url_quote(to_bytes(data, self.map.charset), safe="/:|+")) + (False, url_quote(_to_bytes(data, self.map.charset), safe="/:|+")) ) else: opl.append((True, data)) @@ -1079,7 +1071,7 @@ def suitable_for(self, values, method=None): # in case defaults are given we ensure that either the value was # skipped or the value is the same as the default value. if defaults: - for key, value in iteritems(defaults): + for key, value in iter(defaults.items()): if key in values and value != values[key]: return False @@ -1129,7 +1121,6 @@ def __ne__(self, other): def __str__(self): return self.rule - @native_string_result def __repr__(self): if self.map is None: return u"<%s (unbound)>" % self.__class__.__name__ @@ -1162,7 +1153,7 @@ def to_python(self, value): def to_url(self, value): if isinstance(value, (bytes, bytearray)): return _fast_url_quote(value) - return _fast_url_quote(text_type(value).encode(self.map.charset)) + return _fast_url_quote(str(value).encode(self.map.charset)) class UnicodeConverter(BaseConverter): @@ -1628,7 +1619,7 @@ def bind_to_environ(self, environ, server_name=None, subdomain=None): def _get_wsgi_string(name): val = environ.get(name) if val is not None: - return wsgi_decoding_dance(val, self.charset) + return _wsgi_decoding_dance(val, self.charset) script_name = _get_wsgi_string("SCRIPT_NAME") path_info = _get_wsgi_string("PATH_INFO") @@ -1656,7 +1647,7 @@ def update(self): return self._rules.sort(key=lambda x: x.match_compare_key()) - for rules in itervalues(self._rules_by_endpoint): + for rules in iter(self._rules_by_endpoint.values()): rules.sort(key=lambda x: x.build_compare_key()) self._remap = False @@ -1683,15 +1674,15 @@ def __init__( query_args=None, ): self.map = map - self.server_name = to_unicode(server_name) - script_name = to_unicode(script_name) + self.server_name = _to_unicode(server_name) + script_name = _to_unicode(script_name) if not script_name.endswith(u"/"): script_name += u"/" self.script_name = script_name - self.subdomain = to_unicode(subdomain) - self.url_scheme = to_unicode(url_scheme) - self.path_info = to_unicode(path_info) - self.default_method = to_unicode(default_method) + self.subdomain = _to_unicode(subdomain) + self.url_scheme = _to_unicode(url_scheme) + self.path_info = _to_unicode(path_info) + self.default_method = _to_unicode(default_method) self.query_args = query_args self.websocket = self.url_scheme in {"ws", "wss"} @@ -1850,7 +1841,7 @@ def match( if path_info is None: path_info = self.path_info else: - path_info = to_unicode(path_info, self.map.charset) + path_info = _to_unicode(path_info, self.map.charset) if query_args is None: query_args = self.query_args method = (method or self.default_method).upper() @@ -1900,7 +1891,7 @@ def match( raise RequestRedirect(redirect_url) if rule.redirect_to is not None: - if isinstance(rule.redirect_to, string_types): + if isinstance(rule.redirect_to, str): def _handle_match(match): value = rv[match.group(1)] @@ -1982,12 +1973,12 @@ def get_host(self, domain_part): if self.map.host_matching: if domain_part is None: return self.server_name - return to_unicode(domain_part, "ascii") + return _to_unicode(domain_part, "ascii") subdomain = domain_part if subdomain is None: subdomain = self.subdomain else: - subdomain = to_unicode(subdomain, "ascii") + subdomain = _to_unicode(subdomain, "ascii") return (subdomain + u"." if subdomain else u"") + self.server_name def get_default_redirect(self, rule, method, values, query_args): @@ -2009,7 +2000,7 @@ def get_default_redirect(self, rule, method, values, query_args): return self.make_redirect_url(path, query_args, domain_part=domain_part) def encode_query_args(self, query_args): - if not isinstance(query_args, string_types): + if not isinstance(query_args, str): query_args = url_encode(query_args, self.map.charset) return query_args @@ -2163,9 +2154,9 @@ def build( if values: if isinstance(values, MultiDict): temp_values = {} - # iteritems(dict, values) is like `values.lists()` + # iter(dict.items(values)) is like `values.lists()` # without the call or `list()` coercion overhead. - for key, value in iteritems(dict, values): + for key, value in iter(dict.items(values)): if not value: continue if len(value) == 1: # flatten single item lists @@ -2176,7 +2167,7 @@ def build( values = temp_values else: # drop None - values = dict(i for i in iteritems(values) if i[1] is not None) + values = dict(i for i in iter(values.items()) if i[1] is not None) else: values = {} diff --git a/src/werkzeug/security.py b/src/werkzeug/security.py index 2308040d8..2abdff3aa 100644 --- a/src/werkzeug/security.py +++ b/src/werkzeug/security.py @@ -16,12 +16,8 @@ from random import SystemRandom from struct import Struct -from ._compat import izip -from ._compat import PY2 -from ._compat import range_type -from ._compat import text_type -from ._compat import to_bytes -from ._compat import to_native +from ._internal import _to_bytes +from ._internal import _to_native SALT_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" DEFAULT_PBKDF2_ITERATIONS = 150000 @@ -51,7 +47,7 @@ def pbkdf2_hex( from the hashlib module. Defaults to sha256. """ rv = pbkdf2_bin(data, salt, iterations, keylen, hashfunc) - return to_native(codecs.encode(rv, "hex_codec")) + return _to_native(codecs.encode(rv, "hex_codec")) def pbkdf2_bin( @@ -76,8 +72,8 @@ def pbkdf2_bin( if not hashfunc: hashfunc = "sha256" - data = to_bytes(data) - salt = to_bytes(salt) + data = _to_bytes(data) + salt = _to_bytes(salt) if callable(hashfunc): _test_hash = hashfunc() @@ -95,9 +91,9 @@ def safe_str_cmp(a, b): .. versionadded:: 0.7 """ - if isinstance(a, text_type): + if isinstance(a, str): a = a.encode("utf-8") - if isinstance(b, text_type): + if isinstance(b, str): b = b.encode("utf-8") if _builtin_safe_str_cmp is not None: @@ -107,12 +103,8 @@ def safe_str_cmp(a, b): return False rv = 0 - if PY2: - for x, y in izip(a, b): - rv |= ord(x) ^ ord(y) - else: - for x, y in izip(a, b): - rv |= x ^ y + for x, y in zip(a, b): + rv |= x ^ y return rv == 0 @@ -121,7 +113,7 @@ def gen_salt(length): """Generate a random string of SALT_CHARS with specified ``length``.""" if length <= 0: raise ValueError("Salt length must be positive") - return "".join(_sys_rng.choice(SALT_CHARS) for _ in range_type(length)) + return "".join(_sys_rng.choice(SALT_CHARS) for _ in range(length)) def _hash_internal(method, salt, password): @@ -132,7 +124,7 @@ def _hash_internal(method, salt, password): if method == "plain": return password, method - if isinstance(password, text_type): + if isinstance(password, str): password = password.encode("utf-8") if method.startswith("pbkdf2:"): @@ -152,7 +144,7 @@ def _hash_internal(method, salt, password): raise ValueError("Salt is required for PBKDF2") rv = pbkdf2_hex(password, salt, iterations, hashfunc=method) elif salt: - if isinstance(salt, text_type): + if isinstance(salt, str): salt = salt.encode("utf-8") mac = _create_mac(salt, password, method) rv = mac.hexdigest() diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index f2a0dc95e..5454d8b75 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -43,11 +43,10 @@ from datetime import datetime as dt from datetime import timedelta -from ._compat import PY2 -from ._compat import reraise -from ._compat import WIN -from ._compat import wsgi_encoding_dance from ._internal import _log +from ._internal import _reraise +from ._internal import _WIN +from ._internal import _wsgi_encoding_dance from .exceptions import InternalServerError from .urls import uri_to_iri from .urls import url_parse @@ -96,15 +95,8 @@ class ForkingMixIn(object): LISTEN_QUEUE = 128 -can_open_by_fd = not WIN and hasattr(socket, "fromfd") - -# On Python 3, ConnectionError represents the same errnos as -# socket.error from Python 2, while socket.error is an alias for the -# more generic OSError. -if PY2: - _ConnectionError = socket.error -else: - _ConnectionError = ConnectionError +can_open_by_fd = not _WIN and hasattr(socket, "fromfd") +_ConnectionError = ConnectionError class DechunkedInput(io.RawIOBase): @@ -206,12 +198,12 @@ def shutdown_server(): "SERVER_SOFTWARE": self.server_version, "REQUEST_METHOD": self.command, "SCRIPT_NAME": "", - "PATH_INFO": wsgi_encoding_dance(path_info), - "QUERY_STRING": wsgi_encoding_dance(request_url.query), + "PATH_INFO": _wsgi_encoding_dance(path_info), + "QUERY_STRING": _wsgi_encoding_dance(request_url.query), # Non-standard, added by mod_wsgi, uWSGI - "REQUEST_URI": wsgi_encoding_dance(self.path), + "REQUEST_URI": _wsgi_encoding_dance(self.path), # Non-standard, added by gunicorn - "RAW_URI": wsgi_encoding_dance(self.path), + "RAW_URI": _wsgi_encoding_dance(self.path), "REMOTE_ADDR": self.address_string(), "REMOTE_PORT": self.port_integer(), "SERVER_NAME": self.server.server_address[0], @@ -300,7 +292,7 @@ def start_response(status, response_headers, exc_info=None): if exc_info: try: if headers_sent: - reraise(*exc_info) + _reraise(*exc_info) finally: exc_info = None elif headers_set: @@ -460,41 +452,7 @@ def get_header_items(self): :return: List of tuples containing header hey/value pairs """ - if PY2: - # For Python 2, process the headers manually according to - # W3C RFC 2616 Section 4.2. - items = [] - for header in self.headers.headers: - # Remove "\r\n" from the header and split on ":" to get - # the field name and value. - try: - key, value = header[0:-2].split(":", 1) - except ValueError: - # If header could not be slit with : but starts with white - # space and it follows an existing header, it's a folded - # header. - if header[0] in ("\t", " ") and items: - # Pop off the last header - key, value = items.pop() - # Append the current header to the value of the last - # header which will be placed back on the end of the - # list - value = value + header - # Otherwise it's just a bad header and should error - else: - # Re-raise the value error - raise - - # Add the key and the value once stripped of leading - # white space. The specification allows for stripping - # trailing white space but the Python 3 code does not - # strip trailing white space. Therefore, trailing space - # will be left as is to match the Python 3 behavior. - items.append((key, value.lstrip())) - else: - items = self.headers.items() - - return items + return self.headers.items() #: backwards compatible name if someone is subclassing it @@ -757,13 +715,7 @@ def __init__( if ssl_context == "adhoc": ssl_context = generate_adhoc_ssl_context() - # If we are on Python 2 the return value from socket.fromfd - # is an internal socket object but what we need for ssl wrap - # is the wrapper around it :( - sock = self.socket - if PY2 and not isinstance(sock, socket.socket): - sock = socket.socket(sock.family, sock.type, sock.proto, sock) - self.socket = ssl_context.wrap_socket(sock, server_side=True) + self.socket = ssl_context.wrap_socket(self.socket, server_side=True) self.ssl_context = ssl_context else: self.ssl_context = None diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index dc2220754..931dc3f7f 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -17,16 +17,11 @@ from tempfile import TemporaryFile from time import time -from ._compat import iteritems -from ._compat import iterlists -from ._compat import itervalues -from ._compat import make_literal_wrapper -from ._compat import reraise -from ._compat import string_types -from ._compat import text_type -from ._compat import to_bytes -from ._compat import wsgi_encoding_dance from ._internal import _get_environ +from ._internal import _make_literal_wrapper +from ._internal import _reraise +from ._internal import _to_bytes +from ._internal import _wsgi_encoding_dance from .datastructures import CallbackDict from .datastructures import CombinedMultiDict from .datastructures import EnvironHeaders @@ -96,7 +91,7 @@ def write(string): if not isinstance(values, MultiDict): values = MultiDict(values) - for key, values in iterlists(values): + for key, values in iter(values.lists()): for value in values: write('--%s\r\nContent-Disposition: form-data; name="%s"' % (boundary, key)) reader = getattr(value, "read", None) @@ -120,10 +115,10 @@ def write(string): break write_binary(chunk) else: - if not isinstance(value, string_types): + if not isinstance(value, str): value = str(value) - value = to_bytes(value, charset) + value = _to_bytes(value, charset) write("\r\n\r\n") write_binary(value) write("\r\n") @@ -214,11 +209,11 @@ def _iter_data(data): :class:`EnvironBuilder`. """ if isinstance(data, MultiDict): - for key, values in iterlists(data): + for key, values in iter(data.lists()): for value in values: yield key, value else: - for key, values in iteritems(data): + for key, values in iter(data.items()): if isinstance(values, list): for value in values: yield key, value @@ -341,7 +336,7 @@ def __init__( mimetype=None, json=None, ): - path_s = make_literal_wrapper(path) + path_s = _make_literal_wrapper(path) if query_string is not None and path_s("?") in path: raise ValueError("Query string is defined in the path and as an argument") if query_string is None and path_s("?") in path: @@ -351,7 +346,7 @@ def __init__( if base_url is not None: base_url = url_fix(iri_to_uri(base_url, charset), charset) self.base_url = base_url - if isinstance(query_string, (bytes, text_type)): + if isinstance(query_string, (bytes, str)): self.query_string = query_string else: if query_string is None: @@ -393,7 +388,7 @@ def __init__( raise TypeError("can't provide input stream and data") if hasattr(data, "read"): data = data.read() - if isinstance(data, text_type): + if isinstance(data, str): data = data.encode(self.charset) if isinstance(data, bytes): self.input_stream = BytesIO(data) @@ -653,7 +648,7 @@ def close(self): if self.closed: return try: - files = itervalues(self.files) + files = iter(self.files.values()) except AttributeError: files = () for f in files: @@ -703,9 +698,9 @@ def get_environ(self): result.update(self.environ_base) def _path_encode(x): - return wsgi_encoding_dance(url_unquote(x, self.charset), self.charset) + return _wsgi_encoding_dance(url_unquote(x, self.charset), self.charset) - qs = wsgi_encoding_dance(self.query_string) + qs = _wsgi_encoding_dance(self.query_string) result.update( { @@ -714,9 +709,9 @@ def _path_encode(x): "PATH_INFO": _path_encode(self.path), "QUERY_STRING": qs, # Non-standard, added by mod_wsgi, uWSGI - "REQUEST_URI": wsgi_encoding_dance(self.path), + "REQUEST_URI": _wsgi_encoding_dance(self.path), # Non-standard, added by gunicorn - "RAW_URI": wsgi_encoding_dance(self.path), + "RAW_URI": _wsgi_encoding_dance(self.path), "SERVER_NAME": self.server_name, "SERVER_PORT": str(self.server_port), "HTTP_HOST": self.host, @@ -1095,7 +1090,7 @@ def run_wsgi_app(app, environ, buffered=False): def start_response(status, headers, exc_info=None): if exc_info is not None: - reraise(*exc_info) + _reraise(*exc_info) response[:] = [status, headers] return buffer.append diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py index d5e487b3a..d6d9740c8 100644 --- a/src/werkzeug/urls.py +++ b/src/werkzeug/urls.py @@ -20,17 +20,12 @@ import re from collections import namedtuple -from ._compat import fix_tuple_repr -from ._compat import implements_to_string -from ._compat import make_literal_wrapper -from ._compat import normalize_string_tuple -from ._compat import PY2 -from ._compat import text_type -from ._compat import to_native -from ._compat import to_unicode -from ._compat import try_coerce_native from ._internal import _decode_idna from ._internal import _encode_idna +from ._internal import _make_literal_wrapper +from ._internal import _normalize_string_tuple +from ._internal import _to_native +from ._internal import _to_unicode # A regular expression for what a valid schema looks like _scheme_re = re.compile(r"^[a-zA-Z0-9+-.]+$") @@ -52,9 +47,7 @@ _bytetohex = [("%%%02X" % char).encode("ascii") for char in range(256)] -_URLTuple = fix_tuple_repr( - namedtuple("_URLTuple", ["scheme", "netloc", "path", "query", "fragment"]) -) +_URLTuple = namedtuple("_URLTuple", ["scheme", "netloc", "path", "query", "fragment"]) class BaseURL(_URLTuple): @@ -83,12 +76,12 @@ def ascii_host(self): operations when the URL might include internationalized characters. """ rv = self.host - if rv is not None and isinstance(rv, text_type): + if rv is not None and isinstance(rv, str): try: rv = _encode_idna(rv) except UnicodeError: rv = rv.encode("ascii", "ignore") - return to_native(rv, "ascii", "ignore") + return _to_native(rv, "ascii", "ignore") @property def port(self): @@ -96,7 +89,7 @@ def port(self): otherwise. This does not fill in default ports. """ try: - rv = int(to_native(self._split_host()[1])) + rv = int(_to_native(self._split_host()[1])) if 0 <= rv <= 65535: return rv except (ValueError, TypeError): @@ -299,7 +292,6 @@ def _split_host(self): return host, None -@implements_to_string class URL(BaseURL): """Represents a parsed URL. This behaves like a regular tuple but also has some extra attributes that give further insight into the @@ -334,7 +326,7 @@ def encode_netloc(self): ) if auth: rv = "%s@%s" % (auth, rv) - return to_native(rv) + return _to_native(rv) def encode(self, charset="utf-8", errors="replace"): """Encodes the URL to a tuple made out of bytes. The charset is @@ -382,10 +374,10 @@ def decode(self, charset="utf-8", errors="replace"): def _unquote_to_bytes(string, unsafe=""): - if isinstance(string, text_type): + if isinstance(string, str): string = string.encode("utf-8") - if isinstance(unsafe, text_type): + if isinstance(unsafe, str): unsafe = unsafe.encode("utf-8") unsafe = frozenset(bytearray(unsafe)) @@ -422,9 +414,9 @@ def _url_encode_impl(obj, charset, encode_keys, sort, key): if value is None: continue if not isinstance(key, bytes): - key = text_type(key).encode(charset) + key = str(key).encode(charset) if not isinstance(value, bytes): - value = text_type(value).encode(charset) + value = str(value).encode(charset) yield _fast_url_quote_plus(key) + "=" + _fast_url_quote_plus(value) @@ -448,14 +440,14 @@ def url_parse(url, scheme=None, allow_fragments=True): :param allow_fragments: if set to `False` a fragment will be removed from the URL. """ - s = make_literal_wrapper(url) - is_text_based = isinstance(url, text_type) + s = _make_literal_wrapper(url) + is_text_based = isinstance(url, str) if scheme is None: scheme = s("") netloc = query = fragment = s("") i = url.find(s(":")) - if i > 0 and _scheme_re.match(to_native(url[:i], errors="replace")): + if i > 0 and _scheme_re.match(_to_native(url[:i], errors="replace")): # make sure "iri" is not actually a port number (in which case # "scheme" is really part of the path) rest = url[i + 1 :] @@ -495,24 +487,17 @@ def _make_fast_url_quote(charset="utf-8", errors="strict", safe="/:", unsafe="") :param safe: An optional sequence of safe characters to never encode. :param unsafe: An optional sequence of unsafe characters to always encode. """ - if isinstance(safe, text_type): + if isinstance(safe, str): safe = safe.encode(charset, errors) - if isinstance(unsafe, text_type): + if isinstance(unsafe, str): unsafe = unsafe.encode(charset, errors) safe = (frozenset(bytearray(safe)) | _always_safe) - frozenset(bytearray(unsafe)) table = [chr(c) if c in safe else "%%%02X" % c for c in range(256)] - if not PY2: - - def quote(string): - return "".join([table[c] for c in string]) - - else: - - def quote(string): - return "".join([table[c] for c in bytearray(string)]) + def quote(string): + return "".join([table[c] for c in string]) return quote @@ -536,13 +521,13 @@ def url_quote(string, charset="utf-8", errors="strict", safe="/:", unsafe=""): .. versionadded:: 0.9.2 The `unsafe` parameter was added. """ - if not isinstance(string, (text_type, bytes, bytearray)): - string = text_type(string) - if isinstance(string, text_type): + if not isinstance(string, (str, bytes, bytearray)): + string = str(string) + if isinstance(string, str): string = string.encode(charset, errors) - if isinstance(safe, text_type): + if isinstance(safe, str): safe = safe.encode(charset, errors) - if isinstance(unsafe, text_type): + if isinstance(unsafe, str): unsafe = unsafe.encode(charset, errors) safe = (frozenset(bytearray(safe)) | _always_safe) - frozenset(bytearray(unsafe)) rv = bytearray() @@ -551,7 +536,7 @@ def url_quote(string, charset="utf-8", errors="strict", safe="/:", unsafe=""): rv.append(char) else: rv.extend(_bytetohex[char]) - return to_native(bytes(rv)) + return _to_native(bytes(rv)) def url_quote_plus(string, charset="utf-8", errors="strict", safe=""): @@ -572,8 +557,8 @@ def url_unparse(components): :param components: the parsed URL as tuple which should be converted into a URL string. """ - scheme, netloc, path, query, fragment = normalize_string_tuple(components) - s = make_literal_wrapper(scheme) + scheme, netloc, path, query, fragment = _normalize_string_tuple(components) + s = _make_literal_wrapper(scheme) url = s("") # We generally treat file:///x and file:/x the same which is also @@ -624,7 +609,7 @@ def url_unquote_plus(s, charset="utf-8", errors="replace"): no unicode decoding will take place. :param errors: The error handling for the `charset` decoding. """ - if isinstance(s, text_type): + if isinstance(s, str): s = s.replace(u"+", u" ") else: s = s.replace(b"+", b" ") @@ -647,7 +632,7 @@ def url_fix(s, charset="utf-8"): # First step is to switch to unicode processing and to convert # backslashes (which are invalid in URLs anyways) to slashes. This is # consistent with what Chrome does. - s = to_unicode(s, charset, "replace").replace("\\", "/") + s = _to_unicode(s, charset, "replace").replace("\\", "/") # For the specific case that we look like a malformed windows URL # we want to fix this up manually: @@ -658,7 +643,7 @@ def url_fix(s, charset="utf-8"): path = url_quote(url.path, charset, safe="/%+$!*'(),") qs = url_quote_plus(url.query, charset, safe=":&%=+$!*'(),") anchor = url_quote_plus(url.fragment, charset, safe=":&%=+$!*'(),") - return to_native(url_unparse((url.scheme, url.encode_netloc(), path, qs, anchor))) + return _to_native(url_unparse((url.scheme, url.encode_netloc(), path, qs, anchor))) # not-unreserved characters remain quoted when unquoting to IRI @@ -670,10 +655,6 @@ def _codec_error_url_quote(e): invalid bytes. """ out = _fast_url_quote(e.object[e.start : e.end]) - - if PY2: - out = out.decode("utf-8") - return out, e.end @@ -703,7 +684,7 @@ def uri_to_iri(uri, charset="utf-8", errors="werkzeug.url_quote"): if isinstance(uri, tuple): uri = url_unparse(uri) - uri = url_parse(to_unicode(uri, charset)) + uri = url_parse(_to_unicode(uri, charset)) path = url_unquote(uri.path, charset, errors, _to_iri_unsafe) query = url_unquote(uri.query, charset, errors, _to_iri_unsafe) fragment = url_unquote(uri.fragment, charset, errors, _to_iri_unsafe) @@ -759,7 +740,7 @@ def iri_to_uri(iri, charset="utf-8", errors="strict", safe_conversion=False): # If we're not sure if it's safe to convert the URL, and it only # contains ASCII characters, return it unconverted. try: - native_iri = to_native(iri) + native_iri = _to_native(iri) ascii_iri = native_iri.encode("ascii") # Only return if it doesn't have whitespace. (Why?) @@ -768,11 +749,11 @@ def iri_to_uri(iri, charset="utf-8", errors="strict", safe_conversion=False): except UnicodeError: pass - iri = url_parse(to_unicode(iri, charset, errors)) + iri = url_parse(_to_unicode(iri, charset, errors)) path = url_quote(iri.path, charset, errors, _to_uri_safe) query = url_quote(iri.query, charset, errors, _to_uri_safe) fragment = url_quote(iri.fragment, charset, errors, _to_uri_safe) - return to_native( + return _to_native( url_unparse((iri.scheme, iri.encode_netloc(), path, query, fragment)) ) @@ -828,7 +809,7 @@ def url_decode( from .datastructures import MultiDict cls = MultiDict - if isinstance(s, text_type) and not isinstance(separator, text_type): + if isinstance(s, str) and not isinstance(separator, str): separator = separator.decode(charset or "ascii") elif isinstance(s, bytes) and not isinstance(separator, bytes): separator = separator.encode(charset or "ascii") @@ -897,7 +878,7 @@ def _url_decode_impl(pair_iter, charset, decode_keys, include_empty, errors): for pair in pair_iter: if not pair: continue - s = make_literal_wrapper(pair) + s = _make_literal_wrapper(pair) equal = s("=") if equal in pair: key, value = pair.split(equal, 1) @@ -907,8 +888,6 @@ def _url_decode_impl(pair_iter, charset, decode_keys, include_empty, errors): key = pair value = s("") key = url_unquote_plus(key, charset, errors) - if charset is not None and PY2 and not decode_keys: - key = try_coerce_native(key) yield key, url_unquote_plus(value, charset, errors) @@ -935,7 +914,7 @@ def url_encode( :param key: an optional function to be used for sorting. For more details check out the :func:`sorted` documentation. """ - separator = to_native(separator, "ascii") + separator = _to_native(separator, "ascii") return separator.join(_url_encode_impl(obj, charset, encode_keys, sort, key)) @@ -966,7 +945,7 @@ def url_encode_stream( :param key: an optional function to be used for sorting. For more details check out the :func:`sorted` documentation. """ - separator = to_native(separator, "ascii") + separator = _to_native(separator, "ascii") gen = _url_encode_impl(obj, charset, encode_keys, sort, key) if stream is None: return gen @@ -989,8 +968,8 @@ def url_join(base, url, allow_fragments=True): if isinstance(url, tuple): url = url_unparse(url) - base, url = normalize_string_tuple((base, url)) - s = make_literal_wrapper(base) + base, url = _normalize_string_tuple((base, url)) + s = _make_literal_wrapper(base) if not base: return url @@ -1121,7 +1100,7 @@ def __call__(self, *path, **query): ) path = "/".join( [ - to_unicode(url_quote(x, self.charset), "ascii") + _to_unicode(url_quote(x, self.charset), "ascii") for x in path if x is not None ] @@ -1132,7 +1111,7 @@ def __call__(self, *path, **query): rv += "/" rv = url_join(rv, "./" + path) if query: - rv += "?" + to_unicode( + rv += "?" + _to_unicode( url_encode(query, self.charset, sort=self.sort, key=self.key), "ascii" ) - return to_native(rv) + return _to_native(rv) diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index 59c6f2708..04fa8bac4 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -16,15 +16,10 @@ import re import sys -from ._compat import iteritems -from ._compat import PY2 -from ._compat import reraise -from ._compat import string_types -from ._compat import text_type -from ._compat import unichr from ._internal import _DictAccessorProperty from ._internal import _missing from ._internal import _parse_signature +from ._internal import _reraise try: from html.entities import name2codepoint @@ -234,7 +229,7 @@ def __getattr__(self, tag): def proxy(*children, **arguments): buffer = "<" + tag - for key, value in iteritems(arguments): + for key, value in arguments.items(): if value is None: continue if key[-1] == "_": @@ -257,9 +252,7 @@ def proxy(*children, **arguments): return buffer buffer += ">" - children_as_string = "".join( - [text_type(x) for x in children if x is not None] - ) + children_as_string = "".join([str(x) for x in children if x is not None]) if children_as_string: if tag in self._plaintext_elements: @@ -380,7 +373,7 @@ def format_string(string, context): def lookup_arg(match): x = context[match.group(1) or match.group(2)] - if not isinstance(x, string_types): + if not isinstance(x, str): x = type(string)(x) return x @@ -411,12 +404,10 @@ def secure_filename(filename): :param filename: the filename to secure """ - if isinstance(filename, text_type): + if isinstance(filename, str): from unicodedata import normalize - filename = normalize("NFKD", filename).encode("ascii", "ignore") - if not PY2: - filename = filename.decode("ascii") + filename = normalize("NFKD", filename).encode("ascii", "ignore").decode("ascii") for sep in os.path.sep, os.path.altsep: if sep: filename = filename.replace(sep, " ") @@ -451,10 +442,10 @@ def escape(s): if s is None: return "" elif hasattr(s, "__html__"): - return text_type(s.__html__()) + return s.__html__() - if not isinstance(s, string_types): - s = text_type(s) + if not isinstance(s, str): + s = str(s) return ( s.replace("&", "&") @@ -474,12 +465,12 @@ def unescape(s): def handle_match(m): name = m.group(1) if name in HTMLBuilder._entities: - return unichr(HTMLBuilder._entities[name]) + return chr(HTMLBuilder._entities[name]) try: if name[:2] in ("#x", "#X"): - return unichr(int(name[2:], 16)) + return chr(int(name[2:], 16)) elif name.startswith("#"): - return unichr(int(name[1:])) + return chr(int(name[1:])) except ValueError: pass return u"" @@ -511,7 +502,7 @@ def redirect(location, code=302, Response=None): from .wrappers import Response display_location = escape(location) - if isinstance(location, text_type): + if isinstance(location, str): # Safe conversion is necessary here as we might redirect # to a broken URI scheme (for instance itms-services). from .urls import iri_to_uri @@ -581,7 +572,7 @@ def import_string(import_name, silent=False): except ImportError as e: if not silent: - reraise( + _reraise( ImportStringError, ImportStringError(import_name, e), sys.exc_info()[2] ) diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py index 1f21db2e3..9197d8af9 100644 --- a/src/werkzeug/wrappers/base_request.py +++ b/src/werkzeug/wrappers/base_request.py @@ -1,10 +1,9 @@ from functools import update_wrapper from io import BytesIO -from .._compat import to_native -from .._compat import to_unicode -from .._compat import wsgi_decoding_dance -from .._compat import wsgi_get_bytes +from .._internal import _to_native +from .._internal import _to_unicode +from .._internal import _wsgi_decoding_dance from ..datastructures import CombinedMultiDict from ..datastructures import EnvironHeaders from ..datastructures import ImmutableList @@ -160,7 +159,7 @@ def __repr__(self): # in a debug session we don't want the repr to blow up. args = [] try: - args.append("'%s'" % to_native(self.url, self.url_charset)) + args.append("'%s'" % _to_native(self.url, self.url_charset)) args.append("[%s]" % self.method) except Exception: args.append("(invalid WSGI environ)") @@ -401,7 +400,7 @@ def args(self): be necessary if the order of the form data is important. """ return url_decode( - wsgi_get_bytes(self.environ.get("QUERY_STRING", "")), + self.environ.get("QUERY_STRING", "").encode("latin1"), self.url_charset, errors=self.encoding_errors, cls=self.parameter_storage_class, @@ -538,7 +537,7 @@ def path(self): info in the WSGI environment but will always include a leading slash, even if the URL root is accessed. """ - raw_path = wsgi_decoding_dance( + raw_path = _wsgi_decoding_dance( self.environ.get("PATH_INFO") or "", self.charset, self.encoding_errors ) return "/" + raw_path.lstrip("/") @@ -546,12 +545,12 @@ def path(self): @cached_property def full_path(self): """Requested path as unicode, including the query string.""" - return self.path + u"?" + to_unicode(self.query_string, self.url_charset) + return self.path + u"?" + _to_unicode(self.query_string, self.url_charset) @cached_property def script_root(self): """The root path of the script without the trailing slash.""" - raw_path = wsgi_decoding_dance( + raw_path = _wsgi_decoding_dance( self.environ.get("SCRIPT_NAME") or "", self.charset, self.encoding_errors ) return raw_path.rstrip("/") @@ -600,7 +599,7 @@ def host(self): "QUERY_STRING", "", read_only=True, - load_func=wsgi_get_bytes, + load_func=lambda x: x.encode("latin1"), doc="The URL parameters as raw bytestring.", ) method = environ_property( diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py index 00b9640c5..0a67aa351 100644 --- a/src/werkzeug/wrappers/base_response.py +++ b/src/werkzeug/wrappers/base_response.py @@ -1,10 +1,7 @@ import warnings -from .._compat import integer_types -from .._compat import string_types -from .._compat import text_type -from .._compat import to_bytes -from .._compat import to_native +from .._internal import _to_bytes +from .._internal import _to_native from ..datastructures import Headers from ..http import dump_cookie from ..http import HTTP_STATUS_CODES @@ -30,7 +27,7 @@ def _warn_if_string(iterable): """Helper for the response objects to check if the iterable returned to the WSGI server is not a string. """ - if isinstance(iterable, string_types): + if isinstance(iterable, str): warnings.warn( "Response iterable was set to a string. This will appear to" " work but means that the server will send the data to the" @@ -43,7 +40,7 @@ def _warn_if_string(iterable): def _iter_encoded(iterable, charset): for item in iterable: - if isinstance(item, text_type): + if isinstance(item, str): yield item.encode(charset) else: yield item @@ -54,8 +51,8 @@ def _clean_accept_ranges(accept_ranges): return "bytes" elif accept_ranges is False: return "none" - elif isinstance(accept_ranges, text_type): - return to_native(accept_ranges) + elif isinstance(accept_ranges, str): + return _to_native(accept_ranges) raise ValueError("Invalid accept_ranges value") @@ -196,7 +193,7 @@ def __init__( self.headers["Content-Type"] = content_type if status is None: status = self.default_status - if isinstance(status, integer_types): + if isinstance(status, int): self.status_code = status else: self.status = status @@ -208,7 +205,7 @@ def __init__( # the charset attribute, the data is set in the correct charset. if response is None: self.response = [] - elif isinstance(response, (text_type, bytes, bytearray)): + elif isinstance(response, (str, bytes, bytearray)): self.set_data(response) else: self.response = response @@ -307,7 +304,7 @@ def status(self): @status.setter def status(self, value): try: - self._status = to_native(value) + self._status = _to_native(value) except AttributeError: raise TypeError("Invalid status argument") @@ -347,7 +344,7 @@ def set_data(self, value): """ # if an unicode string is set, it's encoded directly so that we # can set the content length - if isinstance(value, text_type): + if isinstance(value, str): value = value.encode(self.charset) else: value = bytes(value) @@ -593,21 +590,21 @@ def get_wsgi_headers(self, environ): # make sure the location header is an absolute URL if location is not None: old_location = location - if isinstance(location, text_type): + if isinstance(location, str): # Safe conversion is necessary here as we might redirect # to a broken URI scheme (for instance itms-services). location = iri_to_uri(location, safe_conversion=True) if self.autocorrect_location_header: current_url = get_current_url(environ, strip_querystring=True) - if isinstance(current_url, text_type): + if isinstance(current_url, str): current_url = iri_to_uri(current_url) location = url_join(current_url, location) if location != old_location: headers["Location"] = location # make sure the content location is a URL - if content_location is not None and isinstance(content_location, text_type): + if content_location is not None and isinstance(content_location, str): headers["Content-Location"] = iri_to_uri(content_location) if 100 <= status < 200 or status == 204: @@ -631,7 +628,7 @@ def get_wsgi_headers(self, environ): and not (100 <= status < 200) ): try: - content_length = sum(len(to_bytes(x, "ascii")) for x in self.response) + content_length = sum(len(_to_bytes(x, "ascii")) for x in self.response) except UnicodeError: # aha, something non-bytestringy in there, too bad, we # can't safely figure out the length of the response. diff --git a/src/werkzeug/wrappers/common_descriptors.py b/src/werkzeug/wrappers/common_descriptors.py index f169959bb..4afc457e8 100644 --- a/src/werkzeug/wrappers/common_descriptors.py +++ b/src/werkzeug/wrappers/common_descriptors.py @@ -1,7 +1,6 @@ from datetime import datetime from datetime import timedelta -from .._compat import string_types from ..datastructures import CallbackDict from ..http import dump_age from ..http import dump_csp_header @@ -307,7 +306,7 @@ def on_update(header_set): def fset(self, value): if not value: del self.headers[name] - elif isinstance(value, string_types): + elif isinstance(value, str): self.headers[name] = value else: self.headers[name] = dump_header(value) diff --git a/src/werkzeug/wrappers/etag.py b/src/werkzeug/wrappers/etag.py index 460629bdb..482fa83e0 100644 --- a/src/werkzeug/wrappers/etag.py +++ b/src/werkzeug/wrappers/etag.py @@ -1,4 +1,3 @@ -from .._compat import string_types from .._internal import _get_environ from ..datastructures import ContentRange from ..datastructures import RequestCacheControl @@ -298,7 +297,7 @@ def on_update(rng): def content_range(self, value): if not value: del self.headers["content-range"] - elif isinstance(value, string_types): + elif isinstance(value, str): self.headers["Content-Range"] = value else: self.headers["Content-Range"] = value.to_header() diff --git a/src/werkzeug/wrappers/json.py b/src/werkzeug/wrappers/json.py index 6d5dc33d4..41ddc719b 100644 --- a/src/werkzeug/wrappers/json.py +++ b/src/werkzeug/wrappers/json.py @@ -3,7 +3,6 @@ import datetime import uuid -from .._compat import text_type from ..exceptions import BadRequest from ..utils import detect_utf_encoding @@ -23,7 +22,7 @@ def _default(o): return str(o) if hasattr(o, "__html__"): - return text_type(o.__html__()) + return str(o.__html__()) raise TypeError() diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py index aa4e7139b..eef95523e 100644 --- a/src/werkzeug/wsgi.py +++ b/src/werkzeug/wsgi.py @@ -14,16 +14,10 @@ from functools import update_wrapper from itertools import chain -from ._compat import BytesIO -from ._compat import implements_iterator -from ._compat import make_literal_wrapper -from ._compat import string_types -from ._compat import text_type -from ._compat import to_bytes -from ._compat import to_unicode -from ._compat import try_coerce_native -from ._compat import wsgi_get_bytes from ._internal import _encode_idna +from ._internal import _make_literal_wrapper +from ._internal import _to_bytes +from ._internal import _to_unicode from .urls import uri_to_iri from .urls import url_join from .urls import url_parse @@ -88,10 +82,10 @@ def get_current_url( cat = tmp.append if host_only: return uri_to_iri("".join(tmp) + "/") - cat(url_quote(wsgi_get_bytes(environ.get("SCRIPT_NAME", ""))).rstrip("/")) + cat(url_quote(environ.get("SCRIPT_NAME", "").encode("latin1")).rstrip("/")) cat("/") if not root_only: - cat(url_quote(wsgi_get_bytes(environ.get("PATH_INFO", "")).lstrip(b"/"))) + cat(url_quote(environ.get("PATH_INFO", "").encode("latin1").lstrip(b"/"))) if not strip_querystring: qs = get_query_string(environ) if qs: @@ -113,7 +107,7 @@ def host_is_trusted(hostname, trusted_list): if not hostname: return False - if isinstance(trusted_list, string_types): + if isinstance(trusted_list, str): trusted_list = [trusted_list] def _normalize(hostname): @@ -229,7 +223,7 @@ def get_input_stream(environ, safe_fallback=True): # potentially dangerous because it could be infinite, malicious or not. If # safe_fallback is true, return an empty stream instead for safety. if content_length is None: - return BytesIO() if safe_fallback else stream + return io.BytesIO() if safe_fallback else stream # Otherwise limit the stream to the content length return LimitedStream(stream, content_length) @@ -245,11 +239,11 @@ def get_query_string(environ): :param environ: the WSGI environment object to get the query string from. """ - qs = wsgi_get_bytes(environ.get("QUERY_STRING", "")) + qs = environ.get("QUERY_STRING", "").encode("latin1") # QUERY_STRING really should be ascii safe but some browsers # will send us some unicode stuff (I am looking at you IE). # In that case we want to urllib quote it badly. - return try_coerce_native(url_quote(qs, safe=":&%=+$!*'(),")) + return url_quote(qs, safe=":&%=+$!*'(),") def get_path_info(environ, charset="utf-8", errors="replace"): @@ -265,8 +259,8 @@ def get_path_info(environ, charset="utf-8", errors="replace"): decoding should be performed. :param errors: the decoding error handling. """ - path = wsgi_get_bytes(environ.get("PATH_INFO", "")) - return to_unicode(path, charset, errors, allow_none_charset=True) + path = environ.get("PATH_INFO", "").encode("latin1") + return _to_unicode(path, charset, errors, allow_none_charset=True) def get_script_name(environ, charset="utf-8", errors="replace"): @@ -282,8 +276,8 @@ def get_script_name(environ, charset="utf-8", errors="replace"): decoding should be performed. :param errors: the decoding error handling. """ - path = wsgi_get_bytes(environ.get("SCRIPT_NAME", "")) - return to_unicode(path, charset, errors, allow_none_charset=True) + path = environ.get("SCRIPT_NAME", "").encode("latin1") + return _to_unicode(path, charset, errors, allow_none_charset=True) def pop_path_info(environ, charset="utf-8", errors="replace"): @@ -328,14 +322,14 @@ def pop_path_info(environ, charset="utf-8", errors="replace"): if "/" not in path: environ["PATH_INFO"] = "" environ["SCRIPT_NAME"] = script_name + path - rv = wsgi_get_bytes(path) + rv = path.encode("latin1") else: segment, path = path.split("/", 1) environ["PATH_INFO"] = "/" + path environ["SCRIPT_NAME"] = script_name + segment - rv = wsgi_get_bytes(segment) + rv = segment.encode("latin1") - return to_unicode(rv, charset, errors, allow_none_charset=True) + return _to_unicode(rv, charset, errors, allow_none_charset=True) def peek_path_info(environ, charset="utf-8", errors="replace"): @@ -361,8 +355,8 @@ def peek_path_info(environ, charset="utf-8", errors="replace"): """ segments = environ.get("PATH_INFO", "").lstrip("/").split("/", 1) if segments: - return to_unicode( - wsgi_get_bytes(segments[0]), charset, errors, allow_none_charset=True + return _to_unicode( + segments[0].encode("latin1"), charset, errors, allow_none_charset=True ) @@ -462,7 +456,6 @@ def _normalize_netloc(scheme, netloc): return u"/" + cur_path[len(base_path) :].lstrip(u"/") -@implements_iterator class ClosingIterator(object): """The WSGI specification requires that all middlewares and gateways respect the `close` callback of the iterable returned by the application. @@ -529,7 +522,6 @@ def wrap_file(environ, file, buffer_size=8192): return environ.get("wsgi.file_wrapper", FileWrapper)(file, buffer_size) -@implements_iterator class FileWrapper(object): """This class can be used to convert a :class:`file`-like object into an iterable. It yields `buffer_size` blocks until the file is fully @@ -582,7 +574,6 @@ def __next__(self): raise StopIteration() -@implements_iterator class _RangeWrapper(object): # private for now, but should we make it public in the future ? @@ -665,7 +656,7 @@ def close(self): def _make_chunk_iter(stream, limit, buffer_size): """Helper for the line and chunk iter functions.""" - if isinstance(stream, (bytes, bytearray, text_type)): + if isinstance(stream, (bytes, bytearray, str)): raise TypeError( "Passed a string or byte object instead of true iterator or stream." ) @@ -722,7 +713,7 @@ def make_line_iter(stream, limit=None, buffer_size=10 * 1024, cap_at_buffer=Fals if not first_item: return - s = make_literal_wrapper(first_item) + s = _make_literal_wrapper(first_item) empty = s("") cr = s("\r") lf = s("\n") @@ -803,12 +794,12 @@ def make_chunk_iter( return _iter = chain((first_item,), _iter) - if isinstance(first_item, text_type): - separator = to_unicode(separator) + if isinstance(first_item, str): + separator = _to_unicode(separator) _split = re.compile(r"(%s)" % re.escape(separator)).split _join = u"".join else: - separator = to_bytes(separator) + separator = _to_bytes(separator) _split = re.compile(b"(" + re.escape(separator) + b")").split _join = b"".join @@ -842,7 +833,6 @@ def make_chunk_iter( yield _join(buffer) -@implements_iterator class LimitedStream(io.IOBase): """Wraps a stream so that it doesn't read more than n bytes. If the stream is exhausted and the caller tries to get more bytes from it diff --git a/tests/conftest.py b/tests/conftest.py index 1ce4fd530..bcd42846e 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -21,7 +21,7 @@ import pytest from werkzeug import serving -from werkzeug._compat import to_bytes +from werkzeug._internal import _to_bytes from werkzeug.urls import url_quote from werkzeug.utils import cached_property @@ -62,7 +62,7 @@ def inner(environ, start_response): if environ["PATH_INFO"] == "/_getpid": start_response("200 OK", [("Content-Type", "text/plain")]) pid_logger.info("pid=%s", os.getpid()) - return [to_bytes(str(os.getpid()))] + return [_to_bytes(str(os.getpid()))] return f(environ, start_response) return inner diff --git a/tests/middleware/test_dispatcher.py b/tests/middleware/test_dispatcher.py index 2906553a0..5a25a6cfd 100644 --- a/tests/middleware/test_dispatcher.py +++ b/tests/middleware/test_dispatcher.py @@ -1,4 +1,4 @@ -from werkzeug._compat import to_bytes +from werkzeug._internal import _to_bytes from werkzeug.middleware.dispatcher import DispatcherMiddleware from werkzeug.test import create_environ from werkzeug.test import run_wsgi_app @@ -11,7 +11,7 @@ def null_application(environ, start_response): def dummy_application(environ, start_response): start_response("200 OK", [("Content-Type", "text/plain")]) - yield to_bytes(environ["SCRIPT_NAME"]) + yield _to_bytes(environ["SCRIPT_NAME"]) app = DispatcherMiddleware( null_application, @@ -27,7 +27,7 @@ def dummy_application(environ, start_response): environ = create_environ(p) app_iter, status, headers = run_wsgi_app(app, environ) assert status == "200 OK" - assert b"".join(app_iter).strip() == to_bytes(name) + assert b"".join(app_iter).strip() == _to_bytes(name) app_iter, status, headers = run_wsgi_app(app, create_environ("/missing")) assert status == "404 NOT FOUND" diff --git a/tests/middleware/test_shared_data.py b/tests/middleware/test_shared_data.py index 175cbd674..38aea83b3 100644 --- a/tests/middleware/test_shared_data.py +++ b/tests/middleware/test_shared_data.py @@ -5,7 +5,7 @@ import pytest -from werkzeug._compat import to_native +from werkzeug._internal import _to_native from werkzeug.middleware.shared_data import SharedDataMiddleware from werkzeug.test import create_environ from werkzeug.test import run_wsgi_app @@ -27,7 +27,7 @@ def null_application(environ, start_response): test_dir = str(tmpdir) - with open(os.path.join(test_dir, to_native(u"äöü", "utf-8")), "w") as test_file: + with open(os.path.join(test_dir, _to_native(u"äöü", "utf-8")), "w") as test_file: test_file.write(u"FOUND") for t in [list, dict]: diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index a64fa9e1b..299d06899 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -30,13 +30,6 @@ from . import strict_eq from werkzeug import datastructures from werkzeug import http -from werkzeug._compat import iteritems -from werkzeug._compat import iterkeys -from werkzeug._compat import iterlists -from werkzeug._compat import iterlistvalues -from werkzeug._compat import itervalues -from werkzeug._compat import PY2 -from werkzeug._compat import text_type from werkzeug.datastructures import LanguageAccept from werkzeug.datastructures import MIMEAccept from werkzeug.datastructures import Range @@ -45,7 +38,6 @@ class TestNativeItermethods(object): def test_basic(self): - @datastructures.native_itermethods(["keys", "values", "items"]) class StupidDict(object): def keys(self, multi=1): return iter(["a", "b", "c"] * multi) @@ -55,7 +47,7 @@ def values(self, multi=1): def items(self, multi=1): return iter( - zip(iterkeys(self, multi=multi), itervalues(self, multi=multi)) + zip(iter(self.keys(multi=multi)), iter(self.values(multi=multi))) ) d = StupidDict() @@ -63,13 +55,13 @@ def items(self, multi=1): expected_values = [1, 2, 3] expected_items = list(zip(expected_keys, expected_values)) - assert list(iterkeys(d)) == expected_keys - assert list(itervalues(d)) == expected_values - assert list(iteritems(d)) == expected_items + assert list(d.keys()) == expected_keys + assert list(d.values()) == expected_values + assert list(d.items()) == expected_items - assert list(iterkeys(d, 2)) == expected_keys * 2 - assert list(itervalues(d, 2)) == expected_values * 2 - assert list(iteritems(d, 2)) == expected_items * 2 + assert list(d.keys(2)) == expected_keys * 2 + assert list(d.values(2)) == expected_values * 2 + assert list(d.items(2)) == expected_items * 2 class _MutableMultiDictTests(object): @@ -161,10 +153,10 @@ def test_basic_interface(self): # keys, values, items, lists assert list(sorted(md.keys())) == ["a", "b", "c"] - assert list(sorted(iterkeys(md))) == ["a", "b", "c"] + assert list(sorted(md.keys())) == ["a", "b", "c"] - assert list(sorted(itervalues(md))) == [1, 2, 3] - assert list(sorted(itervalues(md))) == [1, 2, 3] + assert list(sorted(md.values())) == [1, 2, 3] + assert list(sorted(md.values())) == [1, 2, 3] assert list(sorted(md.items())) == [("a", 1), ("b", 2), ("c", 3)] assert list(sorted(md.items(multi=True))) == [ @@ -174,8 +166,8 @@ def test_basic_interface(self): ("b", 2), ("c", 3), ] - assert list(sorted(iteritems(md))) == [("a", 1), ("b", 2), ("c", 3)] - assert list(sorted(iteritems(md, multi=True))) == [ + assert list(sorted(md.items())) == [("a", 1), ("b", 2), ("c", 3)] + assert list(sorted(md.items(multi=True))) == [ ("a", 1), ("a", 2), ("a", 3), @@ -184,7 +176,7 @@ def test_basic_interface(self): ] assert list(sorted(md.lists())) == [("a", [1, 2, 3]), ("b", [2]), ("c", [3])] - assert list(sorted(iterlists(md))) == [("a", [1, 2, 3]), ("b", [2]), ("c", [3])] + assert list(sorted(md.lists())) == [("a", [1, 2, 3]), ("b", [2]), ("c", [3])] # copy method c = md.copy() @@ -424,40 +416,8 @@ def test_iter_interfaces(self): ] md = self.storage_class(mapping) assert list(zip(md.keys(), md.listvalues())) == list(md.lists()) - assert list(zip(md, iterlistvalues(md))) == list(iterlists(md)) - assert list(zip(iterkeys(md), iterlistvalues(md))) == list(iterlists(md)) - - @pytest.mark.skipif(not PY2, reason="viewmethods work only for the 2-nd version.") - def test_view_methods(self): - mapping = [("a", "b"), ("a", "c")] - md = self.storage_class(mapping) - - vi = md.viewitems() # noqa: B302 - vk = md.viewkeys() # noqa: B302 - vv = md.viewvalues() # noqa: B302 - - assert list(vi) == list(md.items()) - assert list(vk) == list(md.keys()) - assert list(vv) == list(md.values()) - - md["k"] = "n" - - assert list(vi) == list(md.items()) - assert list(vk) == list(md.keys()) - assert list(vv) == list(md.values()) - - @pytest.mark.skipif(not PY2, reason="viewmethods work only for the 2-nd version.") - def test_viewitems_with_multi(self): - mapping = [("a", "b"), ("a", "c")] - md = self.storage_class(mapping) - - vi = md.viewitems(multi=True) # noqa: B302 - - assert list(vi) == list(md.items(multi=True)) - - md["k"] = "n" - - assert list(vi) == list(md.items(multi=True)) + assert list(zip(md, md.listvalues())) == list(md.lists()) + assert list(zip(md.keys(), md.listvalues())) == list(md.lists()) def test_getitem_raise_badrequestkeyerror_for_empty_list_value(self): mapping = [("a", "b"), ("a", "c")] @@ -481,9 +441,9 @@ def test_ordered_interface(self): assert len(d) == 1 d.add("foo", "baz") assert len(d) == 1 - assert list(iteritems(d)) == [("foo", "bar")] + assert list(d.items()) == [("foo", "bar")] assert list(d) == ["foo"] - assert list(iteritems(d, multi=True)) == [("foo", "bar"), ("foo", "baz")] + assert list(d.items(multi=True)) == [("foo", "bar"), ("foo", "baz")] del d["foo"] assert not d assert len(d) == 0 @@ -493,15 +453,15 @@ def test_ordered_interface(self): d.add("foo", 3) assert d.getlist("foo") == [1, 2, 3] assert d.getlist("bar") == [42] - assert list(iteritems(d)) == [("foo", 1), ("bar", 42)] + assert list(d.items()) == [("foo", 1), ("bar", 42)] expected = ["foo", "bar"] assert list(d.keys()) == expected assert list(d) == expected - assert list(iterkeys(d)) == expected + assert list(d.keys()) == expected - assert list(iteritems(d, multi=True)) == [ + assert list(d.items(multi=True)) == [ ("foo", 1), ("foo", 2), ("bar", 42), @@ -575,9 +535,9 @@ def test_iterables(self): assert sorted(ab.listvalues()) == [["value_a"], ["value_b"]] assert sorted(ab.keys()) == ["key_a", "key_b"] - assert sorted(iterlists(ab)) == [("key_a", ["value_a"]), ("key_b", ["value_b"])] - assert sorted(iterlistvalues(ab)) == [["value_a"], ["value_b"]] - assert sorted(iterkeys(ab)) == ["key_a", "key_b"] + assert sorted(ab.lists()) == [("key_a", ["value_a"]), ("key_b", ["value_b"])] + assert sorted(ab.listvalues()) == [["value_a"], ["value_b"]] + assert sorted(ab.keys()) == ["key_a", "key_b"] def test_get_description(self): data = datastructures.OrderedMultiDict() @@ -654,7 +614,7 @@ def test_basic_interface(self): md1 = datastructures.MultiDict((("foo", "bar"),)) md2 = datastructures.MultiDict((("foo", "blafasel"),)) x = self.storage_class((md1, md2)) - assert list(iterlists(x)) == [("foo", ["bar", "blafasel"])] + assert list(x.lists()) == [("foo", ["bar", "blafasel"])] def test_length(self): d1 = datastructures.MultiDict([("foo", "1")]) @@ -827,23 +787,15 @@ def test_to_wsgi_list(self): h = self.storage_class() h.set(u"Key", u"Value") for key, value in h.to_wsgi_list(): - if PY2: - strict_eq(key, b"Key") - strict_eq(value, b"Value") - else: - strict_eq(key, u"Key") - strict_eq(value, u"Value") + strict_eq(key, u"Key") + strict_eq(value, u"Value") def test_to_wsgi_list_bytes(self): h = self.storage_class() h.set(b"Key", b"Value") for key, value in h.to_wsgi_list(): - if PY2: - strict_eq(key, b"Key") - strict_eq(value, b"Value") - else: - strict_eq(key, u"Key") - strict_eq(value, u"Value") + strict_eq(key, u"Key") + strict_eq(value, u"Value") def test_equality(self): # test equality, given keys are case insensitive @@ -901,12 +853,12 @@ def test_return_type_is_unicode(self): {"HTTP_FOO": "\xe2\x9c\x93", "CONTENT_TYPE": "text/plain"} ) assert headers["Foo"] == u"\xe2\x9c\x93" - assert isinstance(headers["Foo"], text_type) - assert isinstance(headers["Content-Type"], text_type) + assert isinstance(headers["Foo"], str) + assert isinstance(headers["Content-Type"], str) iter_output = dict(iter(headers)) assert iter_output["Foo"] == u"\xe2\x9c\x93" - assert isinstance(iter_output["Foo"], text_type) - assert isinstance(iter_output["Content-Type"], text_type) + assert isinstance(iter_output["Foo"], str) + assert isinstance(iter_output["Content-Type"], str) def test_bytes_operations(self): foo_val = "\xff" @@ -1220,7 +1172,6 @@ def test_bytes_proper_sentinel(self): assert idx < 2 assert idx == 1 - @pytest.mark.skipif(PY2, reason="io.IOBase is only needed in PY3.") @pytest.mark.parametrize("stream", (tempfile.SpooledTemporaryFile, io.BytesIO)) def test_proxy_can_access_stream_attrs(self, stream): """``SpooledTemporaryFile`` doesn't implement some of diff --git a/tests/test_debug.py b/tests/test_debug.py index 15e5b942d..471a1627d 100644 --- a/tests/test_debug.py +++ b/tests/test_debug.py @@ -15,7 +15,6 @@ import pytest import requests -from werkzeug._compat import PY2 from werkzeug.debug import console from werkzeug.debug import DebuggedApplication from werkzeug.debug import get_machine_id @@ -72,14 +71,6 @@ class Test(str): u"Test('foo')" ) - @pytest.mark.skipif(not PY2, reason="u prefix on py2 only") - def test_unicode_repr(self): - assert debug_repr(u"foo") == u"u'foo'" - - @pytest.mark.skipif(PY2, reason="b prefix on py3 only") - def test_bytes_repr(self): - assert debug_repr(b"foo") == u"b'foo'" - def test_sequence_repr(self): assert debug_repr(list(range(20))) == ( u'[0, 1, ' @@ -137,8 +128,8 @@ def test_mapping_repr(self): ) assert debug_repr((1, "zwei", u"drei")) == ( u'(1, \'' - u"zwei', %s'drei')" - ) % ("u" if PY2 else "") + u"zwei', 'drei')" + ) def test_custom_repr(self): class Foo(object): @@ -164,8 +155,7 @@ def test_regex_repr(self): # No ur'' in Py3 # https://bugs.python.org/issue15096 assert debug_repr(re.compile(u"foo\\d")) == ( - u"re.compile(%sr'foo\\d')" - % ("u" if PY2 else "") + u"re.compile(r'foo\\d')" ) def test_set_repr(self): @@ -250,7 +240,6 @@ def test_debug_help(self): assert "Help on list object" in x assert "__delitem__" in x - @pytest.mark.skipif(PY2, reason="Python 2 doesn't have chained exceptions.") def test_exc_divider_found_on_chained_exception(self): @Request.application def app(request): @@ -278,7 +267,7 @@ def test_log(self): except ZeroDivisionError: traceback = Traceback(*sys.exc_info()) - buffer_ = io.BytesIO() if PY2 else io.StringIO() + buffer_ = io.StringIO() traceback.log(buffer_) assert buffer_.getvalue().strip() == traceback.plaintext.strip() @@ -368,7 +357,6 @@ def test_console_closure_variables(monkeypatch): assert ret == ">>> x()\n5" -@pytest.mark.skipif(PY2, reason="Python 2 doesn't have chained exceptions.") @pytest.mark.timeout(2) def test_chained_exception_cycle(): try: diff --git a/tests/test_exceptions.py b/tests/test_exceptions.py index 5b2ed1a4a..d3eb554e9 100644 --- a/tests/test_exceptions.py +++ b/tests/test_exceptions.py @@ -17,7 +17,6 @@ import pytest from werkzeug import exceptions -from werkzeug._compat import text_type from werkzeug.datastructures import WWWAuthenticate from werkzeug.wrappers import Response @@ -76,7 +75,7 @@ def test_aborter_custom(): def test_exception_repr(): exc = exceptions.NotFound() - assert text_type(exc) == ( + assert str(exc) == ( "404 Not Found: The requested URL was not found on the server." " If you entered the URL manually please check your spelling" " and try again." @@ -84,11 +83,11 @@ def test_exception_repr(): assert repr(exc) == "" exc = exceptions.NotFound("Not There") - assert text_type(exc) == "404 Not Found: Not There" + assert str(exc) == "404 Not Found: Not There" assert repr(exc) == "" exc = exceptions.HTTPException("An error message") - assert text_type(exc) == "??? Unknown Error: An error message" + assert str(exc) == "??? Unknown Error: An error message" assert repr(exc) == "" diff --git a/tests/test_formparser.py b/tests/test_formparser.py index 6d8583863..5270fdbe0 100644 --- a/tests/test_formparser.py +++ b/tests/test_formparser.py @@ -17,8 +17,6 @@ from . import strict_eq from werkzeug import formparser -from werkzeug._compat import BytesIO -from werkzeug._compat import PY2 from werkzeug.datastructures import MultiDict from werkzeug.exceptions import RequestEntityTooLarge from werkzeug.formparser import FormDataParser @@ -56,7 +54,7 @@ class TestFormParser(object): def test_limiting(self): data = b"foo=Hello+World&bar=baz" req = Request.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="application/x-www-form-urlencoded", method="POST", @@ -65,7 +63,7 @@ def test_limiting(self): strict_eq(req.form["foo"], u"Hello World") req = Request.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="application/x-www-form-urlencoded", method="POST", @@ -74,7 +72,7 @@ def test_limiting(self): pytest.raises(RequestEntityTooLarge, lambda: req.form["foo"]) req = Request.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="application/x-www-form-urlencoded", method="POST", @@ -89,7 +87,7 @@ def test_limiting(self): b"bar=baz\r\n--foo--" ) req = Request.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="multipart/form-data; boundary=foo", method="POST", @@ -98,7 +96,7 @@ def test_limiting(self): pytest.raises(RequestEntityTooLarge, lambda: req.form["foo"]) req = Request.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="multipart/form-data; boundary=foo", method="POST", @@ -107,7 +105,7 @@ def test_limiting(self): strict_eq(req.form["foo"], u"Hello World") req = Request.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="multipart/form-data; boundary=foo", method="POST", @@ -116,7 +114,7 @@ def test_limiting(self): pytest.raises(RequestEntityTooLarge, lambda: req.form["foo"]) req = Request.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="multipart/form-data; boundary=foo", method="POST", @@ -132,7 +130,7 @@ def test_missing_multipart_boundary(self): b"bar=baz\r\n--foo--" ) req = Request.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="multipart/form-data", method="POST", @@ -170,15 +168,12 @@ def test_default_stream_factory(self, no_spooled, size, monkeypatch): data = b"a,b,c\n" * size req = Request.from_values( - data={"foo": (BytesIO(data), "test.txt")}, method="POST" + data={"foo": (io.BytesIO(data), "test.txt")}, method="POST" ) file_storage = req.files["foo"] try: - if PY2: - reader = csv.reader(file_storage) - else: - reader = csv.reader(io.TextIOWrapper(file_storage)) + reader = csv.reader(io.TextIOWrapper(file_storage)) # This fails if file_storage doesn't implement IOBase. # https://github.com/pallets/werkzeug/issues/1344 # https://github.com/python/cpython/pull/3249 @@ -219,7 +214,7 @@ class StreamReq(Request): form_data_parser_class = StreamFDP req = StreamReq.from_values( - data={"foo": (BytesIO(data), "test.txt")}, method="POST" + data={"foo": (io.BytesIO(data), "test.txt")}, method="POST" ) strict_eq("begin_file", req.files["one"][0]) strict_eq(("foo", "test.txt"), req.files["one"][1][1:]) @@ -343,7 +338,7 @@ def test_end_of_file(self): b"file contents and no end" ) data = Request.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="multipart/form-data; boundary=foo", method="POST", @@ -388,7 +383,7 @@ def test_file_no_content_type(self): b"file contents\r\n--foo--" ) data = Request.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="multipart/form-data; boundary=foo", method="POST", @@ -406,7 +401,7 @@ def test_extra_newline(self): b"--foo--" ) data = Request.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="multipart/form-data; boundary=foo", method="POST", @@ -424,7 +419,7 @@ def test_headers(self): b"--foo--" ) req = Request.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="multipart/form-data; boundary=foo", method="POST", @@ -452,7 +447,7 @@ def test_nonstandard_line_endings(self): ) ) req = Request.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="multipart/form-data; boundary=foo", method="POST", @@ -465,21 +460,21 @@ def parse_multipart(stream, boundary, content_length): parser = formparser.MultiPartParser(content_length) return parser.parse(stream, boundary, content_length) - pytest.raises(ValueError, parse_multipart, BytesIO(), b"broken ", 0) + pytest.raises(ValueError, parse_multipart, io.BytesIO(), b"broken ", 0) data = b"--foo\r\n\r\nHello World\r\n--foo--" - pytest.raises(ValueError, parse_multipart, BytesIO(data), b"foo", len(data)) + pytest.raises(ValueError, parse_multipart, io.BytesIO(data), b"foo", len(data)) data = ( b"--foo\r\nContent-Disposition: form-field; name=foo\r\n" b"Content-Transfer-Encoding: base64\r\n\r\nHello World\r\n--foo--" ) - pytest.raises(ValueError, parse_multipart, BytesIO(data), b"foo", len(data)) + pytest.raises(ValueError, parse_multipart, io.BytesIO(data), b"foo", len(data)) data = ( b"--foo\r\nContent-Disposition: form-field; name=foo\r\n\r\nHello World\r\n" ) - pytest.raises(ValueError, parse_multipart, BytesIO(data), b"foo", len(data)) + pytest.raises(ValueError, parse_multipart, io.BytesIO(data), b"foo", len(data)) x = formparser.parse_multipart_headers(["foo: bar\r\n", " x test\r\n"]) strict_eq(x["foo"], "bar\n x test") @@ -497,7 +492,7 @@ class ISORequest(Request): b"Content-Transfer-Encoding: base64\r\n\r\n" + contents + b"\r\n--foo--" ) req = ISORequest.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="multipart/form-data; boundary=foo", method="POST", @@ -510,7 +505,7 @@ def test_empty_multipart(self): environ["REQUEST_METHOD"] = "POST" environ["CONTENT_TYPE"] = "multipart/form-data; boundary=boundary" environ["CONTENT_LENGTH"] = str(len(data)) - environ["wsgi.input"] = BytesIO(data) + environ["wsgi.input"] = io.BytesIO(data) stream, form, files = parse_form_data(environ, silent=False) rv = stream.read() assert rv == b"" @@ -545,7 +540,7 @@ def test_file_rfc2231_filename_continuations(self): b"file contents\r\n--foo--" ) request = Request.from_values( - input_stream=BytesIO(data), + input_stream=io.BytesIO(data), content_length=len(data), content_type="multipart/form-data; boundary=foo", method="POST", diff --git a/tests/test_http.py b/tests/test_http.py index 86359609b..ba10bca64 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -15,15 +15,14 @@ from . import strict_eq from werkzeug import datastructures from werkzeug import http -from werkzeug._compat import itervalues -from werkzeug._compat import wsgi_encoding_dance +from werkzeug._internal import _wsgi_encoding_dance from werkzeug.test import create_environ class TestHTTPUtility(object): def test_accept(self): a = http.parse_accept_header("en-us,ru;q=0.5") - assert list(itervalues(a)) == ["en-us", "ru"] + assert list(a.values()) == ["en-us", "ru"] assert a.best == "en-us" assert a.find("ru") == 1 pytest.raises(ValueError, a.index, "de") @@ -516,7 +515,7 @@ def test_cookie_unicode_dumping(self): def test_cookie_unicode_keys(self): # Yes, this is technically against the spec but happens val = http.dump_cookie(u"fö", u"fö") - assert val == wsgi_encoding_dance(u'fö="f\\303\\266"; Path=/', "utf-8") + assert val == _wsgi_encoding_dance(u'fö="f\\303\\266"; Path=/', "utf-8") cookies = http.parse_cookie(val) assert cookies[u"fö"] == u"fö" diff --git a/tests/test_test.py b/tests/test_test.py index 445a0bbc6..32d4928e1 100644 --- a/tests/test_test.py +++ b/tests/test_test.py @@ -16,9 +16,7 @@ import pytest from . import strict_eq -from werkzeug._compat import implements_iterator -from werkzeug._compat import iteritems -from werkzeug._compat import to_bytes +from werkzeug._internal import _to_bytes from werkzeug.datastructures import FileStorage from werkzeug.datastructures import Headers from werkzeug.datastructures import MultiDict @@ -349,7 +347,7 @@ def test_create_environ(): "SERVER_PROTOCOL": "HTTP/1.1", "QUERY_STRING": "bar=baz", } - for key, value in iteritems(expected): + for key, value in iter(expected.items()): assert env[key] == value strict_eq(env["wsgi.input"].read(0), b"") strict_eq(create_environ("/foo", "http://example.com/")["SCRIPT_NAME"], "") @@ -655,7 +653,6 @@ def close(self): @pytest.mark.parametrize("buffered", (True, False)) @pytest.mark.parametrize("iterable", (True, False)) def test_lazy_start_response_empty_response_app(buffered, iterable): - @implements_iterator class app: def __init__(self, environ, start_response): self.start_response = start_response @@ -678,7 +675,6 @@ def __next__(self): def test_run_wsgi_app_closing_iterator(): got_close = [] - @implements_iterator class CloseIter(object): def __init__(self): self.iterated = False @@ -744,7 +740,7 @@ def test_app(request): strict_eq(resp.data, b"[]") resp = client.get("/") strict_eq( - resp.data, to_bytes(repr([("test1", u"foo"), ("test2", u"bar")]), "ascii") + resp.data, _to_bytes(repr([("test1", u"foo"), ("test2", u"bar")]), "ascii") ) diff --git a/tests/test_urls.py b/tests/test_urls.py index 71b80c330..0bbe967ef 100644 --- a/tests/test_urls.py +++ b/tests/test_urls.py @@ -8,13 +8,12 @@ :copyright: 2007 Pallets :license: BSD-3-Clause """ +import io + import pytest from . import strict_eq from werkzeug import urls -from werkzeug._compat import BytesIO -from werkzeug._compat import NativeStringIO -from werkzeug._compat import text_type from werkzeug.datastructures import OrderedMultiDict @@ -123,7 +122,7 @@ def test_streamed_url_decoding(): item2 = u"b" * 400 string = ("a=%s&b=%s&c=%s" % (item1, item2, item2)).encode("ascii") gen = urls.url_decode_stream( - BytesIO(string), limit=len(string), return_iterator=True + io.BytesIO(string), limit=len(string), return_iterator=True ) strict_eq(next(gen), ("a", item1)) strict_eq(next(gen), ("b", item2)) @@ -147,7 +146,7 @@ def test_url_encoding(): def test_sorted_url_encode(): strict_eq( urls.url_encode( - {u"a": 42, u"b": 23, 1: 1, 2: 2}, sort=True, key=lambda i: text_type(i[0]) + {u"a": 42, u"b": 23, 1: 1, 2: 2}, sort=True, key=lambda i: str(i[0]) ), "1=1&2=2&a=42&b=23", ) @@ -162,15 +161,15 @@ def test_sorted_url_encode(): def test_streamed_url_encoding(): - out = NativeStringIO() + out = io.StringIO() urls.url_encode_stream({"foo": "bar 45"}, out) strict_eq(out.getvalue(), "foo=bar+45") d = {"foo": 1, "bar": 23, "blah": u"Hänsel"} - out = NativeStringIO() + out = io.StringIO() urls.url_encode_stream(d, out, sort=True) strict_eq(out.getvalue(), "bar=23&blah=H%C3%A4nsel&foo=1") - out = NativeStringIO() + out = io.StringIO() urls.url_encode_stream(d, out, sort=True, separator=u";") strict_eq(out.getvalue(), "bar=23;blah=H%C3%A4nsel;foo=1") @@ -326,7 +325,7 @@ def test_href_past_root(): def test_url_unquote_plus_unicode(): # was broken in 0.6 strict_eq(urls.url_unquote_plus(u"\x6d"), u"\x6d") - assert type(urls.url_unquote_plus(u"\x6d")) is text_type + assert type(urls.url_unquote_plus(u"\x6d")) is str def test_quoting_of_local_urls(): diff --git a/tests/test_utils.py b/tests/test_utils.py index 10726068f..37bb4385e 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -14,7 +14,6 @@ import pytest from werkzeug import utils -from werkzeug._compat import text_type from werkzeug.datastructures import Headers from werkzeug.http import http_date from werkzeug.http import parse_date @@ -186,7 +185,7 @@ def test_assign(): def test_escape(): class Foo(str): def __html__(self): - return text_type(self) + return str(self) assert utils.escape(None) == "" assert utils.escape(42) == "42" diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py index 7e21eda75..4ccc0308f 100644 --- a/tests/test_wrappers.py +++ b/tests/test_wrappers.py @@ -20,9 +20,6 @@ from . import strict_eq from werkzeug import wrappers -from werkzeug._compat import implements_iterator -from werkzeug._compat import iteritems -from werkzeug._compat import text_type from werkzeug.datastructures import Accept from werkzeug.datastructures import CharsetAccept from werkzeug.datastructures import CombinedMultiDict @@ -79,7 +76,7 @@ def request_demo_app(environ, start_response): def prepare_environ_pickle(environ): result = {} - for key, value in iteritems(environ): + for key, value in iter(environ.items()): try: pickle.dumps((key, value)) except Exception: @@ -346,7 +343,6 @@ def test_base_response(): # close call forwarding closed = [] - @implements_iterator class Iterable(object): def __next__(self): raise StopIteration() @@ -911,7 +907,7 @@ class WithoutFreeze(wrappers.BaseResponse, wrappers.ETagResponseMixin): response = WithFreeze("Hello World") response.freeze() - strict_eq(response.get_etag(), (text_type(generate_etag(b"Hello World")), False)) + strict_eq(response.get_etag(), (str(generate_etag(b"Hello World")), False)) response = WithoutFreeze("Hello World") response.freeze() assert response.get_etag() == (None, None) diff --git a/tests/test_wsgi.py b/tests/test_wsgi.py index f99aa32c2..9d299481b 100644 --- a/tests/test_wsgi.py +++ b/tests/test_wsgi.py @@ -16,9 +16,6 @@ from . import strict_eq from werkzeug import wsgi -from werkzeug._compat import BytesIO -from werkzeug._compat import NativeStringIO -from werkzeug._compat import StringIO from werkzeug.exceptions import BadRequest from werkzeug.exceptions import ClientDisconnected from werkzeug.test import Client @@ -146,13 +143,13 @@ class RaisingLimitedStream(wsgi.LimitedStream): def on_exhausted(self): raise BadRequest("input stream exhausted") - io = BytesIO(b"123456") - stream = RaisingLimitedStream(io, 3) + io_ = io.BytesIO(b"123456") + stream = RaisingLimitedStream(io_, 3) strict_eq(stream.read(), b"123") pytest.raises(BadRequest, stream.read) - io = BytesIO(b"123456") - stream = RaisingLimitedStream(io, 3) + io_ = io.BytesIO(b"123456") + stream = RaisingLimitedStream(io_, 3) strict_eq(stream.tell(), 0) strict_eq(stream.read(1), b"1") strict_eq(stream.tell(), 1) @@ -162,55 +159,55 @@ def on_exhausted(self): strict_eq(stream.tell(), 3) pytest.raises(BadRequest, stream.read) - io = BytesIO(b"123456\nabcdefg") - stream = wsgi.LimitedStream(io, 9) + io_ = io.BytesIO(b"123456\nabcdefg") + stream = wsgi.LimitedStream(io_, 9) strict_eq(stream.readline(), b"123456\n") strict_eq(stream.readline(), b"ab") - io = BytesIO(b"123456\nabcdefg") - stream = wsgi.LimitedStream(io, 9) + io_ = io.BytesIO(b"123456\nabcdefg") + stream = wsgi.LimitedStream(io_, 9) strict_eq(stream.readlines(), [b"123456\n", b"ab"]) - io = BytesIO(b"123456\nabcdefg") - stream = wsgi.LimitedStream(io, 9) + io_ = io.BytesIO(b"123456\nabcdefg") + stream = wsgi.LimitedStream(io_, 9) strict_eq(stream.readlines(2), [b"12"]) strict_eq(stream.readlines(2), [b"34"]) strict_eq(stream.readlines(), [b"56\n", b"ab"]) - io = BytesIO(b"123456\nabcdefg") - stream = wsgi.LimitedStream(io, 9) + io_ = io.BytesIO(b"123456\nabcdefg") + stream = wsgi.LimitedStream(io_, 9) strict_eq(stream.readline(100), b"123456\n") - io = BytesIO(b"123456\nabcdefg") - stream = wsgi.LimitedStream(io, 9) + io_ = io.BytesIO(b"123456\nabcdefg") + stream = wsgi.LimitedStream(io_, 9) strict_eq(stream.readlines(100), [b"123456\n", b"ab"]) - io = BytesIO(b"123456") - stream = wsgi.LimitedStream(io, 3) + io_ = io.BytesIO(b"123456") + stream = wsgi.LimitedStream(io_, 3) strict_eq(stream.read(1), b"1") strict_eq(stream.read(1), b"2") strict_eq(stream.read(), b"3") strict_eq(stream.read(), b"") - io = BytesIO(b"123456") - stream = wsgi.LimitedStream(io, 3) + io_ = io.BytesIO(b"123456") + stream = wsgi.LimitedStream(io_, 3) strict_eq(stream.read(-1), b"123") - io = BytesIO(b"123456") - stream = wsgi.LimitedStream(io, 0) + io_ = io.BytesIO(b"123456") + stream = wsgi.LimitedStream(io_, 0) strict_eq(stream.read(-1), b"") - io = StringIO(u"123456") - stream = wsgi.LimitedStream(io, 0) + io_ = io.StringIO(u"123456") + stream = wsgi.LimitedStream(io_, 0) strict_eq(stream.read(-1), u"") - io = StringIO(u"123\n456\n") - stream = wsgi.LimitedStream(io, 8) + io_ = io.StringIO(u"123\n456\n") + stream = wsgi.LimitedStream(io_, 8) strict_eq(list(stream), [u"123\n", u"456\n"]) def test_limited_stream_json_load(): - stream = wsgi.LimitedStream(BytesIO(b'{"hello": "test"}'), 17) + stream = wsgi.LimitedStream(io.BytesIO(b'{"hello": "test"}'), 17) # flask.json adapts bytes to text with TextIOWrapper # this expects stream.readable() to exist and return true stream = io.TextIOWrapper(io.BufferedReader(stream), "UTF-8") @@ -219,17 +216,17 @@ def test_limited_stream_json_load(): def test_limited_stream_disconnection(): - io = BytesIO(b"A bit of content") + io_ = io.BytesIO(b"A bit of content") # disconnect detection on out of bytes - stream = wsgi.LimitedStream(io, 255) + stream = wsgi.LimitedStream(io_, 255) with pytest.raises(ClientDisconnected): stream.read() # disconnect detection because file close - io = BytesIO(b"x" * 255) - io.close() - stream = wsgi.LimitedStream(io, 255) + io_ = io.BytesIO(b"x" * 255) + io_.close() + stream = wsgi.LimitedStream(io_, 255) with pytest.raises(ClientDisconnected): stream.read() @@ -306,12 +303,12 @@ def test_get_current_url_invalid_utf8(): def test_multi_part_line_breaks(): data = "abcdef\r\nghijkl\r\nmnopqrstuvwxyz\r\nABCDEFGHIJK" - test_stream = NativeStringIO(data) + test_stream = io.StringIO(data) lines = list(wsgi.make_line_iter(test_stream, limit=len(data), buffer_size=16)) assert lines == ["abcdef\r\n", "ghijkl\r\n", "mnopqrstuvwxyz\r\n", "ABCDEFGHIJK"] data = "abc\r\nThis line is broken by the buffer length.\r\nFoo bar baz" - test_stream = NativeStringIO(data) + test_stream = io.StringIO(data) lines = list(wsgi.make_line_iter(test_stream, limit=len(data), buffer_size=24)) assert lines == [ "abc\r\n", @@ -322,7 +319,7 @@ def test_multi_part_line_breaks(): def test_multi_part_line_breaks_bytes(): data = b"abcdef\r\nghijkl\r\nmnopqrstuvwxyz\r\nABCDEFGHIJK" - test_stream = BytesIO(data) + test_stream = io.BytesIO(data) lines = list(wsgi.make_line_iter(test_stream, limit=len(data), buffer_size=16)) assert lines == [ b"abcdef\r\n", @@ -332,7 +329,7 @@ def test_multi_part_line_breaks_bytes(): ] data = b"abc\r\nThis line is broken by the buffer length." b"\r\nFoo bar baz" - test_stream = BytesIO(data) + test_stream = io.BytesIO(data) lines = list(wsgi.make_line_iter(test_stream, limit=len(data), buffer_size=24)) assert lines == [ b"abc\r\n", @@ -344,7 +341,7 @@ def test_multi_part_line_breaks_bytes(): def test_multi_part_line_breaks_problematic(): data = "abc\rdef\r\nghi" for _ in range(1, 10): - test_stream = NativeStringIO(data) + test_stream = io.StringIO(data) lines = list(wsgi.make_line_iter(test_stream, limit=len(data), buffer_size=4)) assert lines == ["abc\r", "def\r\n", "ghi"] @@ -361,7 +358,7 @@ def test_make_chunk_iter(): assert rv == [u"abcdef", u"ghijkl", u"mnopqrstuvwxyz", u"ABCDEFGHIJK"] data = u"abcdefXghijklXmnopqrstuvwxyzXABCDEFGHIJK" - test_stream = StringIO(data) + test_stream = io.StringIO(data) rv = list(wsgi.make_chunk_iter(test_stream, "X", limit=len(data), buffer_size=4)) assert rv == [u"abcdef", u"ghijkl", u"mnopqrstuvwxyz", u"ABCDEFGHIJK"] @@ -372,12 +369,12 @@ def test_make_chunk_iter_bytes(): assert rv == [b"abcdef", b"ghijkl", b"mnopqrstuvwxyz", b"ABCDEFGHIJK"] data = b"abcdefXghijklXmnopqrstuvwxyzXABCDEFGHIJK" - test_stream = BytesIO(data) + test_stream = io.BytesIO(data) rv = list(wsgi.make_chunk_iter(test_stream, "X", limit=len(data), buffer_size=4)) assert rv == [b"abcdef", b"ghijkl", b"mnopqrstuvwxyz", b"ABCDEFGHIJK"] data = b"abcdefXghijklXmnopqrstuvwxyzXABCDEFGHIJK" - test_stream = BytesIO(data) + test_stream = io.BytesIO(data) rv = list( wsgi.make_chunk_iter( test_stream, "X", limit=len(data), buffer_size=4, cap_at_buffer=True @@ -402,9 +399,7 @@ def test_lines_longer_buffer_size(): data = "1234567890\n1234567890\n" for bufsize in range(1, 15): lines = list( - wsgi.make_line_iter( - NativeStringIO(data), limit=len(data), buffer_size=bufsize - ) + wsgi.make_line_iter(io.StringIO(data), limit=len(data), buffer_size=bufsize) ) assert lines == ["1234567890\n", "1234567890\n"] @@ -414,7 +409,7 @@ def test_lines_longer_buffer_size_cap(): for bufsize in range(1, 15): lines = list( wsgi.make_line_iter( - NativeStringIO(data), + io.StringIO(data), limit=len(data), buffer_size=bufsize, cap_at_buffer=True, From 6669a4a6584612d4c3d4b68df5012d15bcc7fd72 Mon Sep 17 00:00:00 2001 From: pgjones Date: Wed, 8 Jan 2020 14:50:41 +0000 Subject: [PATCH 142/733] Rename _to_unicode to _to_str The latter is clearer in a Python3 context. --- src/werkzeug/_internal.py | 2 +- src/werkzeug/debug/tbtools.py | 8 ++++---- src/werkzeug/http.py | 10 +++++----- src/werkzeug/posixemulation.py | 6 +++--- src/werkzeug/routing.py | 20 ++++++++++---------- src/werkzeug/urls.py | 12 ++++++------ src/werkzeug/wrappers/base_request.py | 4 ++-- src/werkzeug/wsgi.py | 12 ++++++------ 8 files changed, 37 insertions(+), 37 deletions(-) diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py index b57fb79ff..beda10697 100644 --- a/src/werkzeug/_internal.py +++ b/src/werkzeug/_internal.py @@ -96,7 +96,7 @@ def _to_native(x, charset=sys.getdefaultencoding(), errors="strict"): # noqa return x.decode(charset, errors) -def _to_unicode( +def _to_str( x, charset=sys.getdefaultencoding(), # noqa errors="strict", diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py index da4f68c15..f52d3b9f9 100644 --- a/src/werkzeug/debug/tbtools.py +++ b/src/werkzeug/debug/tbtools.py @@ -20,7 +20,7 @@ from .._internal import _reraise from .._internal import _to_native -from .._internal import _to_unicode +from .._internal import _to_str from ..filesystem import get_filesystem_encoding from ..utils import cached_property from ..utils import escape @@ -414,7 +414,7 @@ def exception(self): """String representation of the exception.""" buf = traceback.format_exception_only(self.exc_type, self.exc_value) rv = "".join(buf).strip() - return _to_unicode(rv, "utf-8", "replace") + return _to_str(rv, "utf-8", "replace") def render(self, mark_lib=True): out = [] @@ -456,7 +456,7 @@ def __init__(self, exc_type, exc_value, tb): # if it's a file on the file system resolve the real filename. if os.path.isfile(fn): fn = os.path.realpath(fn) - self.filename = _to_unicode(fn, get_filesystem_encoding()) + self.filename = _to_str(fn, get_filesystem_encoding()) self.module = self.globals.get("__name__", self.locals.get("__name__")) self.loader = self.globals.get("__loader__", self.locals.get("__loader__")) self.code = tb.tb_frame.f_code @@ -465,7 +465,7 @@ def __init__(self, exc_type, exc_value, tb): self.hide = self.locals.get("__traceback_hide__", False) info = self.locals.get("__traceback_info__") if info is not None: - info = _to_unicode(info, "utf-8", "replace") + info = _to_str(info, "utf-8", "replace") self.info = info def render(self, mark_lib=True): diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index 877051316..d0fd8bb42 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -29,7 +29,7 @@ from ._internal import _cookie_quote from ._internal import _make_cookie_domain from ._internal import _to_bytes -from ._internal import _to_unicode +from ._internal import _to_str try: from email.utils import parsedate_tz @@ -599,8 +599,8 @@ def parse_authorization_header(value): return Authorization( "basic", { - "username": _to_unicode(username, _basic_auth_charset), - "password": _to_unicode(password, _basic_auth_charset), + "username": _to_str(username, _basic_auth_charset), + "password": _to_str(password, _basic_auth_charset), }, ) elif auth_type == b"digest": @@ -1117,10 +1117,10 @@ def parse_cookie(header, charset="utf-8", errors="replace", cls=None): def _parse_pairs(): for key, val in _cookie_parse_impl(header): - key = _to_unicode(key, charset, errors, allow_none_charset=True) + key = _to_str(key, charset, errors, allow_none_charset=True) if not key: continue - val = _to_unicode(val, charset, errors, allow_none_charset=True) + val = _to_str(val, charset, errors, allow_none_charset=True) yield key, val return cls(_parse_pairs()) diff --git a/src/werkzeug/posixemulation.py b/src/werkzeug/posixemulation.py index ed4457176..d5f507b96 100644 --- a/src/werkzeug/posixemulation.py +++ b/src/werkzeug/posixemulation.py @@ -23,7 +23,7 @@ import sys import time -from ._internal import _to_unicode +from ._internal import _to_str from .filesystem import get_filesystem_encoding can_rename_open_file = False @@ -37,8 +37,8 @@ _MoveFileEx = ctypes.windll.kernel32.MoveFileExW def _rename(src, dst): - src = _to_unicode(src, get_filesystem_encoding()) - dst = _to_unicode(dst, get_filesystem_encoding()) + src = _to_str(src, get_filesystem_encoding()) + dst = _to_str(dst, get_filesystem_encoding()) if _rename_atomic(src, dst): return True retry = 0 diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index 3fa87dbcc..eea61f138 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -107,7 +107,7 @@ from ._internal import _encode_idna from ._internal import _get_environ from ._internal import _to_bytes -from ._internal import _to_unicode +from ._internal import _to_str from ._internal import _wsgi_decoding_dance from .datastructures import ImmutableDict from .datastructures import MultiDict @@ -1674,15 +1674,15 @@ def __init__( query_args=None, ): self.map = map - self.server_name = _to_unicode(server_name) - script_name = _to_unicode(script_name) + self.server_name = _to_str(server_name) + script_name = _to_str(script_name) if not script_name.endswith(u"/"): script_name += u"/" self.script_name = script_name - self.subdomain = _to_unicode(subdomain) - self.url_scheme = _to_unicode(url_scheme) - self.path_info = _to_unicode(path_info) - self.default_method = _to_unicode(default_method) + self.subdomain = _to_str(subdomain) + self.url_scheme = _to_str(url_scheme) + self.path_info = _to_str(path_info) + self.default_method = _to_str(default_method) self.query_args = query_args self.websocket = self.url_scheme in {"ws", "wss"} @@ -1841,7 +1841,7 @@ def match( if path_info is None: path_info = self.path_info else: - path_info = _to_unicode(path_info, self.map.charset) + path_info = _to_str(path_info, self.map.charset) if query_args is None: query_args = self.query_args method = (method or self.default_method).upper() @@ -1973,12 +1973,12 @@ def get_host(self, domain_part): if self.map.host_matching: if domain_part is None: return self.server_name - return _to_unicode(domain_part, "ascii") + return _to_str(domain_part, "ascii") subdomain = domain_part if subdomain is None: subdomain = self.subdomain else: - subdomain = _to_unicode(subdomain, "ascii") + subdomain = _to_str(subdomain, "ascii") return (subdomain + u"." if subdomain else u"") + self.server_name def get_default_redirect(self, rule, method, values, query_args): diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py index d6d9740c8..d80811677 100644 --- a/src/werkzeug/urls.py +++ b/src/werkzeug/urls.py @@ -25,7 +25,7 @@ from ._internal import _make_literal_wrapper from ._internal import _normalize_string_tuple from ._internal import _to_native -from ._internal import _to_unicode +from ._internal import _to_str # A regular expression for what a valid schema looks like _scheme_re = re.compile(r"^[a-zA-Z0-9+-.]+$") @@ -632,7 +632,7 @@ def url_fix(s, charset="utf-8"): # First step is to switch to unicode processing and to convert # backslashes (which are invalid in URLs anyways) to slashes. This is # consistent with what Chrome does. - s = _to_unicode(s, charset, "replace").replace("\\", "/") + s = _to_str(s, charset, "replace").replace("\\", "/") # For the specific case that we look like a malformed windows URL # we want to fix this up manually: @@ -684,7 +684,7 @@ def uri_to_iri(uri, charset="utf-8", errors="werkzeug.url_quote"): if isinstance(uri, tuple): uri = url_unparse(uri) - uri = url_parse(_to_unicode(uri, charset)) + uri = url_parse(_to_str(uri, charset)) path = url_unquote(uri.path, charset, errors, _to_iri_unsafe) query = url_unquote(uri.query, charset, errors, _to_iri_unsafe) fragment = url_unquote(uri.fragment, charset, errors, _to_iri_unsafe) @@ -749,7 +749,7 @@ def iri_to_uri(iri, charset="utf-8", errors="strict", safe_conversion=False): except UnicodeError: pass - iri = url_parse(_to_unicode(iri, charset, errors)) + iri = url_parse(_to_str(iri, charset, errors)) path = url_quote(iri.path, charset, errors, _to_uri_safe) query = url_quote(iri.query, charset, errors, _to_uri_safe) fragment = url_quote(iri.fragment, charset, errors, _to_uri_safe) @@ -1100,7 +1100,7 @@ def __call__(self, *path, **query): ) path = "/".join( [ - _to_unicode(url_quote(x, self.charset), "ascii") + _to_str(url_quote(x, self.charset), "ascii") for x in path if x is not None ] @@ -1111,7 +1111,7 @@ def __call__(self, *path, **query): rv += "/" rv = url_join(rv, "./" + path) if query: - rv += "?" + _to_unicode( + rv += "?" + _to_str( url_encode(query, self.charset, sort=self.sort, key=self.key), "ascii" ) return _to_native(rv) diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py index 9197d8af9..88ff201c7 100644 --- a/src/werkzeug/wrappers/base_request.py +++ b/src/werkzeug/wrappers/base_request.py @@ -2,7 +2,7 @@ from io import BytesIO from .._internal import _to_native -from .._internal import _to_unicode +from .._internal import _to_str from .._internal import _wsgi_decoding_dance from ..datastructures import CombinedMultiDict from ..datastructures import EnvironHeaders @@ -545,7 +545,7 @@ def path(self): @cached_property def full_path(self): """Requested path as unicode, including the query string.""" - return self.path + u"?" + _to_unicode(self.query_string, self.url_charset) + return self.path + u"?" + _to_str(self.query_string, self.url_charset) @cached_property def script_root(self): diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py index eef95523e..2b863cea2 100644 --- a/src/werkzeug/wsgi.py +++ b/src/werkzeug/wsgi.py @@ -17,7 +17,7 @@ from ._internal import _encode_idna from ._internal import _make_literal_wrapper from ._internal import _to_bytes -from ._internal import _to_unicode +from ._internal import _to_str from .urls import uri_to_iri from .urls import url_join from .urls import url_parse @@ -260,7 +260,7 @@ def get_path_info(environ, charset="utf-8", errors="replace"): :param errors: the decoding error handling. """ path = environ.get("PATH_INFO", "").encode("latin1") - return _to_unicode(path, charset, errors, allow_none_charset=True) + return _to_str(path, charset, errors, allow_none_charset=True) def get_script_name(environ, charset="utf-8", errors="replace"): @@ -277,7 +277,7 @@ def get_script_name(environ, charset="utf-8", errors="replace"): :param errors: the decoding error handling. """ path = environ.get("SCRIPT_NAME", "").encode("latin1") - return _to_unicode(path, charset, errors, allow_none_charset=True) + return _to_str(path, charset, errors, allow_none_charset=True) def pop_path_info(environ, charset="utf-8", errors="replace"): @@ -329,7 +329,7 @@ def pop_path_info(environ, charset="utf-8", errors="replace"): environ["SCRIPT_NAME"] = script_name + segment rv = segment.encode("latin1") - return _to_unicode(rv, charset, errors, allow_none_charset=True) + return _to_str(rv, charset, errors, allow_none_charset=True) def peek_path_info(environ, charset="utf-8", errors="replace"): @@ -355,7 +355,7 @@ def peek_path_info(environ, charset="utf-8", errors="replace"): """ segments = environ.get("PATH_INFO", "").lstrip("/").split("/", 1) if segments: - return _to_unicode( + return _to_str( segments[0].encode("latin1"), charset, errors, allow_none_charset=True ) @@ -795,7 +795,7 @@ def make_chunk_iter( _iter = chain((first_item,), _iter) if isinstance(first_item, str): - separator = _to_unicode(separator) + separator = _to_str(separator) _split = re.compile(r"(%s)" % re.escape(separator)).split _join = u"".join else: From 9d783cdefe875db26ae94a5f262435f601cd2b9c Mon Sep 17 00:00:00 2001 From: pgjones Date: Wed, 8 Jan 2020 14:58:33 +0000 Subject: [PATCH 143/733] Run `pyupgrade --py36-plus` on the codebase This has replaced a lot of Python2 idioms with Python3.6 idioms (see https://github.com/asottile/pyupgrade). --- src/werkzeug/_internal.py | 15 +- src/werkzeug/_reloader.py | 8 +- src/werkzeug/datastructures.py | 108 ++++++------ src/werkzeug/debug/__init__.py | 16 +- src/werkzeug/debug/console.py | 9 +- src/werkzeug/debug/repr.py | 27 ++- src/werkzeug/debug/tbtools.py | 74 ++++----- src/werkzeug/exceptions.py | 19 +-- src/werkzeug/filesystem.py | 3 +- src/werkzeug/formparser.py | 5 +- src/werkzeug/http.py | 11 +- src/werkzeug/local.py | 9 +- src/werkzeug/middleware/dispatcher.py | 4 +- src/werkzeug/middleware/http_proxy.py | 19 +-- src/werkzeug/middleware/lint.py | 12 +- src/werkzeug/middleware/profiler.py | 4 +- src/werkzeug/middleware/proxy_fix.py | 4 +- src/werkzeug/middleware/shared_data.py | 6 +- src/werkzeug/posixemulation.py | 3 +- src/werkzeug/routing.py | 51 +++--- src/werkzeug/security.py | 3 +- src/werkzeug/serving.py | 33 ++-- src/werkzeug/test.py | 17 +- src/werkzeug/testapp.py | 7 +- src/werkzeug/urls.py | 17 +- src/werkzeug/useragents.py | 7 +- src/werkzeug/utils.py | 20 +-- src/werkzeug/wrappers/accept.py | 2 +- src/werkzeug/wrappers/auth.py | 4 +- src/werkzeug/wrappers/base_request.py | 6 +- src/werkzeug/wrappers/base_response.py | 10 +- src/werkzeug/wrappers/common_descriptors.py | 4 +- src/werkzeug/wrappers/etag.py | 6 +- src/werkzeug/wrappers/json.py | 8 +- src/werkzeug/wrappers/request.py | 2 +- src/werkzeug/wrappers/response.py | 4 +- src/werkzeug/wrappers/user_agent.py | 2 +- src/werkzeug/wsgi.py | 29 ++-- tests/conftest.py | 11 +- tests/middleware/test_lint.py | 1 - tests/middleware/test_shared_data.py | 5 +- tests/test_datastructures.py | 61 ++++--- tests/test_debug.py | 173 ++++++++++---------- tests/test_exceptions.py | 1 - tests/test_formparser.py | 57 ++++--- tests/test_http.py | 83 +++++----- tests/test_internal.py | 9 +- tests/test_local.py | 5 +- tests/test_routing.py | 77 +++++---- tests/test_security.py | 13 +- tests/test_serving.py | 7 +- tests/test_test.py | 50 +++--- tests/test_urls.py | 135 ++++++++------- tests/test_utils.py | 30 ++-- tests/test_wrappers.py | 125 +++++++------- tests/test_wsgi.py | 67 ++++---- 56 files changed, 714 insertions(+), 784 deletions(-) diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py index beda10697..e389bb115 100644 --- a/src/werkzeug/_internal.py +++ b/src/werkzeug/_internal.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug._internal ~~~~~~~~~~~~~~~~~~ @@ -24,7 +23,7 @@ _signature_cache = WeakKeyDictionary() _epoch_ord = date(1970, 1, 1).toordinal() _legal_cookie_chars = ( - string.ascii_letters + string.digits + u"/=!#$%&'*+-.^_`|~:" + string.ascii_letters + string.digits + "/=!#$%&'*+-.^_`|~:" ).encode("ascii") _cookie_quoting_map = {b",": b"\\054", b";": b"\\073", b'"': b'\\"', b"\\": b"\\\\"} @@ -53,7 +52,7 @@ _WIN = sys.platform.startswith("win") -class _Missing(object): +class _Missing: def __repr__(self): return "no value" @@ -270,7 +269,7 @@ def _date_to_unix(arg): return seconds -class _DictAccessorProperty(object): +class _DictAccessorProperty: """Baseclass for `environ_property` and `header_property`.""" read_only = False @@ -319,7 +318,7 @@ def __delete__(self, obj): self.lookup(obj).pop(self.name, None) def __repr__(self): - return "<%s %s>" % (self.__class__.__name__, self.name) + return f"<{self.__class__.__name__} {self.name}>" def _cookie_quote(b): @@ -461,9 +460,9 @@ def bzzzzzzz(gyver): return zlib.decompress(base64.b64decode(gyver)).decode("ascii") - gyver = u"\n".join( + gyver = "\n".join( [ - x + (77 - len(x)) * u" " + x + (77 - len(x)) * " " for x in bzzzzzzz( b""" eJyFlzuOJDkMRP06xRjymKgDJCDQStBYT8BCgK4gTwfQ2fcFs2a2FzvZk+hvlcRvRJD148efHt9m @@ -511,7 +510,7 @@ def injecting_start_response(status, headers, exc_info=None): injecting_start_response("200 OK", [("Content-Type", "text/html")]) return [ ( - u""" + """ diff --git a/src/werkzeug/_reloader.py b/src/werkzeug/_reloader.py index 05ab6f688..3617e8cf0 100644 --- a/src/werkzeug/_reloader.py +++ b/src/werkzeug/_reloader.py @@ -39,10 +39,10 @@ def _iter_module_files(): def _find_observable_paths(extra_files=None): """Finds all paths that should be observed.""" - rv = set( + rv = { os.path.dirname(os.path.abspath(x)) if os.path.isfile(x) else os.path.abspath(x) for x in sys.path - ) + } for filename in extra_files or (): rv.add(os.path.dirname(os.path.abspath(filename))) @@ -139,7 +139,7 @@ def _walk(node, path): return rv -class ReloaderLoop(object): +class ReloaderLoop: name = None # monkeypatched by testsuite. wrapping with `staticmethod` is required in @@ -148,7 +148,7 @@ class ReloaderLoop(object): _sleep = staticmethod(time.sleep) def __init__(self, extra_files=None, interval=1): - self.extra_files = set(os.path.abspath(x) for x in extra_files or ()) + self.extra_files = {os.path.abspath(x) for x in extra_files or ()} self.interval = interval def run(self): diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 98e112f25..3b1b42603 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.datastructures ~~~~~~~~~~~~~~~~~~~~~~~ @@ -34,8 +33,7 @@ def iter_multi_items(mapping): without dropping any from more complex structures. """ if isinstance(mapping, MultiDict): - for item in iter(mapping.items(multi=True)): - yield item + yield from iter(mapping.items(multi=True)) elif isinstance(mapping, dict): for key, value in iter(mapping.items()): if isinstance(value, (tuple, list)): @@ -44,11 +42,10 @@ def iter_multi_items(mapping): else: yield key, value else: - for item in mapping: - yield item + yield from mapping -class ImmutableListMixin(object): +class ImmutableListMixin: """Makes a :class:`list` immutable. .. versionadded:: 0.5 @@ -108,10 +105,10 @@ class ImmutableList(ImmutableListMixin, list): """ def __repr__(self): - return "%s(%s)" % (self.__class__.__name__, list.__repr__(self)) + return "{}({})".format(self.__class__.__name__, list.__repr__(self)) -class ImmutableDictMixin(object): +class ImmutableDictMixin: """Makes a :class:`dict` immutable. .. versionadded:: 0.5 @@ -191,7 +188,7 @@ def setlistdefault(self, key, default_list=None): is_immutable(self) -class UpdateDictMixin(object): +class UpdateDictMixin: """Makes dicts call `self.on_update` on modifications. .. versionadded:: 0.5 @@ -213,7 +210,7 @@ def oncall(self, *args, **kw): def setdefault(self, key, default=None): modified = key not in self - rv = super(UpdateDictMixin, self).setdefault(key, default) + rv = super().setdefault(key, default) if modified and self.on_update is not None: self.on_update(self) return rv @@ -221,9 +218,9 @@ def setdefault(self, key, default=None): def pop(self, key, default=_missing): modified = key in self if default is _missing: - rv = super(UpdateDictMixin, self).pop(key) + rv = super().pop(key) else: - rv = super(UpdateDictMixin, self).pop(key, default) + rv = super().pop(key, default) if modified and self.on_update is not None: self.on_update(self) return rv @@ -295,7 +292,7 @@ def __copy__(self): return self -class ViewItems(object): +class ViewItems: def __init__(self, multi_dict, method, repr_name, *a, **kw): self.__multi_dict = multi_dict self.__method = method @@ -307,7 +304,7 @@ def __get_items(self): return getattr(self.__multi_dict, self.__method)(*self.__a, **self.__kw) def __repr__(self): - return "%s(%r)" % (self.__repr_name, list(self.__get_items())) + return "{}({!r})".format(self.__repr_name, list(self.__get_items())) def __iter__(self): return iter(self.__get_items()) @@ -643,10 +640,12 @@ def __deepcopy__(self, memo): return self.deepcopy(memo=memo) def __repr__(self): - return "%s(%r)" % (self.__class__.__name__, list(iter(self.items(multi=True)))) + return "{}({!r})".format( + self.__class__.__name__, list(iter(self.items(multi=True))) + ) -class _omd_bucket(object): +class _omd_bucket: """Wraps values in the :class:`OrderedMultiDict`. This makes it possible to keep an order over multiple different keys. It requires a lot of extra memory and slows down access a lot, but makes it @@ -855,9 +854,7 @@ def popitemlist(self): def _options_header_vkw(value, kw): - return dump_options_header( - value, dict((k.replace("_", "-"), v) for k, v in kw.items()) - ) + return dump_options_header(value, {k.replace("_", "-"): v for k, v in kw.items()}) def _unicodify_header_value(value): @@ -868,7 +865,7 @@ def _unicodify_header_value(value): return value -class Headers(object): +class Headers: """An object that stores some headers. It has a dict-like interface but is ordered and can store the same keys multiple times. @@ -1143,7 +1140,7 @@ def add(self, _key, _value, **kw): def _validate_value(self, value): if not isinstance(value, str): raise TypeError("Value should be unicode.") - if u"\n" in value or u"\r" in value: + if "\n" in value or "\r" in value: raise ValueError( "Detected newline in header value. This is " "a potential security problem" @@ -1322,15 +1319,15 @@ def __str__(self): """Returns formatted headers suitable for HTTP transmission.""" strs = [] for key, value in self.to_wsgi_list(): - strs.append("%s: %s" % (key, value)) + strs.append(f"{key}: {value}") strs.append("\r\n") return "\r\n".join(strs) def __repr__(self): - return "%s(%r)" % (self.__class__.__name__, list(self)) + return "{}({!r})".format(self.__class__.__name__, list(self)) -class ImmutableHeadersMixin(object): +class ImmutableHeadersMixin: """Makes a :class:`Headers` immutable. We do not mark them as hashable though since the only usecase for this datastructure in Werkzeug is a view on a mutable structure. @@ -1570,7 +1567,7 @@ def __contains__(self, key): has_key = __contains__ def __repr__(self): - return "%s(%r)" % (self.__class__.__name__, self.dicts) + return f"{self.__class__.__name__}({self.dicts!r})" class FileMultiDict(MultiDict): @@ -1613,7 +1610,7 @@ class ImmutableDict(ImmutableDictMixin, dict): """ def __repr__(self): - return "%s(%s)" % (self.__class__.__name__, dict.__repr__(self)) + return "{}({})".format(self.__class__.__name__, dict.__repr__(self)) def copy(self): """Return a shallow mutable copy of this object. Keep in mind that @@ -1749,9 +1746,8 @@ def __contains__(self, value): return False def __repr__(self): - return "%s([%s])" % ( - self.__class__.__name__, - ", ".join("(%r, %s)" % (x, y) for x, y in self), + return "{}([{}])".format( + self.__class__.__name__, ", ".join(f"({x!r}, {y})" for x, y in self), ) def index(self, key): @@ -1790,7 +1786,7 @@ def to_header(self): result = [] for value, quality in self: if quality != 1: - value = "%s;q=%s" % (value, quality) + value = f"{value};q={quality}" result.append(value) return ",".join(result) @@ -1942,7 +1938,7 @@ def best_match(self, matches, default=None): """ # Look for an exact match first. If a client accepts "en-US", # "en-US" is a valid match at this point. - result = super(LanguageAccept, self).best_match(matches) + result = super().best_match(matches) if result is not None: return result @@ -1961,7 +1957,7 @@ def best_match(self, matches, default=None): # Fall back to matching primary tags. If the client accepts # "en", "en-US" is a valid match at this point. fallback_matches = [_locale_delim_re.split(item, 1)[0] for item in matches] - result = super(LanguageAccept, self).best_match(fallback_matches) + result = super().best_match(fallback_matches) # Return a value from the original match list. Find the first # original value that starts with the matched primary tag. @@ -2080,9 +2076,9 @@ def __str__(self): return self.to_header() def __repr__(self): - return "<%s %s>" % ( + return "<{} {}>".format( self.__class__.__name__, - " ".join("%s=%r" % (k, v) for k, v in sorted(self.items())), + " ".join(f"{k}={v!r}" for k, v in sorted(self.items())), ) @@ -2218,9 +2214,9 @@ def __str__(self): return self.to_header() def __repr__(self): - return "<%s %s>" % ( + return "<{} {}>".format( self.__class__.__name__, - " ".join("%s=%r" % (k, v) for k, v in sorted(self.items())), + " ".join(f"{k}={v!r}" for k, v in sorted(self.items())), ) @@ -2234,7 +2230,7 @@ def __init__(self, initial=None, on_update=None): self.on_update = on_update def __repr__(self): - return "<%s %s>" % (self.__class__.__name__, dict.__repr__(self)) + return "<{} {}>".format(self.__class__.__name__, dict.__repr__(self)) class HeaderSet(MutableSet): @@ -2252,7 +2248,7 @@ class HeaderSet(MutableSet): def __init__(self, headers=None, on_update=None): self._headers = list(headers or ()) - self._set = set([x.lower() for x in self._headers]) + self._set = {x.lower() for x in self._headers} self.on_update = on_update def add(self, header): @@ -2384,7 +2380,7 @@ def __str__(self): return self.to_header() def __repr__(self): - return "%s(%r)" % (self.__class__.__name__, self._headers) + return f"{self.__class__.__name__}({self._headers!r})" class ETags(Container, Iterable): @@ -2467,10 +2463,10 @@ def __contains__(self, etag): return self.contains(etag) def __repr__(self): - return "<%s %r>" % (self.__class__.__name__, str(self)) + return "<{} {!r}>".format(self.__class__.__name__, str(self)) -class IfRange(object): +class IfRange: """Very simple object that represents the `If-Range` header in parsed form. It will either have neither a etag or date or one of either but never both. @@ -2497,10 +2493,10 @@ def __str__(self): return self.to_header() def __repr__(self): - return "<%s %r>" % (self.__class__.__name__, str(self)) + return "<{} {!r}>".format(self.__class__.__name__, str(self)) -class Range(object): +class Range: """Represents a ``Range`` header. All methods only support only bytes as the unit. Stores a list of ranges if given, but the methods only work if only one range is provided. @@ -2554,8 +2550,8 @@ def to_header(self): if end is None: ranges.append("%s-" % begin if begin >= 0 else str(begin)) else: - ranges.append("%s-%s" % (begin, end - 1)) - return "%s=%s" % (self.units, ",".join(ranges)) + ranges.append("{}-{}".format(begin, end - 1)) + return "{}={}".format(self.units, ",".join(ranges)) def to_content_range_header(self, length): """Converts the object into `Content-Range` HTTP header, @@ -2575,10 +2571,10 @@ def __str__(self): return self.to_header() def __repr__(self): - return "<%s %r>" % (self.__class__.__name__, str(self)) + return "<{} {!r}>".format(self.__class__.__name__, str(self)) -class ContentRange(object): +class ContentRange: """Represents the content range header. .. versionadded:: 0.7 @@ -2635,8 +2631,8 @@ def to_header(self): else: length = self.length if self.start is None: - return "%s */%s" % (self.units, length) - return "%s %s-%s/%s" % (self.units, self.start, self.stop - 1, length) + return f"{self.units} */{length}" + return "{} {}-{}/{}".format(self.units, self.start, self.stop - 1, length) def __nonzero__(self): return self.units is not None @@ -2647,7 +2643,7 @@ def __str__(self): return self.to_header() def __repr__(self): - return "<%s %r>" % (self.__class__.__name__, str(self)) + return "<{} {!r}>".format(self.__class__.__name__, str(self)) class Authorization(ImmutableDictMixin, dict): @@ -2784,7 +2780,7 @@ def to_header(self): """Convert the stored values into a WWW-Authenticate header.""" d = dict(self) auth_type = d.pop("__auth_type__", None) or "basic" - return "%s %s" % ( + return "{} {}".format( auth_type.title(), ", ".join( [ @@ -2804,7 +2800,7 @@ def __str__(self): return self.to_header() def __repr__(self): - return "<%s %r>" % (self.__class__.__name__, self.to_header()) + return "<{} {!r}>".format(self.__class__.__name__, self.to_header()) def auth_property(name, doc=None): # noqa: B902 """A static helper function for subclasses to add extra authentication @@ -2905,7 +2901,7 @@ def stale(self, value): del _set_property -class FileStorage(object): +class FileStorage: """The :class:`FileStorage` class is a thin wrapper over incoming files. It is used by the request object to represent uploaded files. All the attributes of the wrapper stream are proxied by the file storage so @@ -3045,10 +3041,8 @@ def __iter__(self): return iter(self.stream) def __repr__(self): - return "<%s: %r (%r)>" % ( - self.__class__.__name__, - self.filename, - self.content_type, + return "<{}: {!r} ({!r})>".format( + self.__class__.__name__, self.filename, self.content_type, ) diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py index 575fa5b00..d92fc4d90 100644 --- a/src/werkzeug/debug/__init__.py +++ b/src/werkzeug/debug/__init__.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.debug ~~~~~~~~~~~~~~ @@ -58,7 +57,7 @@ def _generate(): try: with open(filename, "rb") as f: value = f.readline().strip() - except IOError: + except OSError: continue if value: @@ -71,7 +70,7 @@ def _generate(): try: with open("/proc/self/cgroup", "rb") as f: linux += f.readline().strip().rpartition(b"/")[2] - except IOError: + except OSError: pass if linux: @@ -116,14 +115,14 @@ def _generate(): return guid.encode("utf-8") return guid - except WindowsError: + except OSError: pass _machine_id = _generate() return _machine_id -class _ConsoleFrame(object): +class _ConsoleFrame: """Helper class so that we can reuse the frame console code for the standalone console. """ @@ -216,7 +215,7 @@ def get_pin_and_cookie_name(app): return rv, cookie_name -class DebuggedApplication(object): +class DebuggedApplication: """Enables debugging support for a given application:: from werkzeug.debug import DebuggedApplication @@ -301,8 +300,7 @@ def debug_application(self, environ, start_response): app_iter = None try: app_iter = self.app(environ, start_response) - for item in app_iter: - yield item + yield from app_iter if hasattr(app_iter, "close"): app_iter.close() except Exception: @@ -443,7 +441,7 @@ def pin_auth(self, request): if auth: rv.set_cookie( self.pin_cookie_name, - "%s|%s" % (int(time.time()), hash_pin(self.pin)), + "{}|{}".format(int(time.time()), hash_pin(self.pin)), httponly=True, ) elif bad_cookie: diff --git a/src/werkzeug/debug/console.py b/src/werkzeug/debug/console.py index 5b2f1e608..8fdb40fab 100644 --- a/src/werkzeug/debug/console.py +++ b/src/werkzeug/debug/console.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.debug.console ~~~~~~~~~~~~~~~~~~~~~~ @@ -22,7 +21,7 @@ _local = Local() -class HTMLStringO(object): +class HTMLStringO: """A StringO version that HTML escapes on write.""" def __init__(self): @@ -64,7 +63,7 @@ def writelines(self, x): self._write(escape("".join(x))) -class ThreadedStream(object): +class ThreadedStream: """Thread-local wrapper for sys.stdout for the interactive console.""" @staticmethod @@ -117,7 +116,7 @@ def __repr__(self): sys.displayhook = ThreadedStream.displayhook -class _ConsoleLoader(object): +class _ConsoleLoader: def __init__(self): self._storage = {} @@ -198,7 +197,7 @@ def write(self, data): sys.stdout.write(data) -class Console(object): +class Console: """An interactive console.""" def __init__(self, globals=None, locals=None): diff --git a/src/werkzeug/debug/repr.py b/src/werkzeug/debug/repr.py index cb245ceca..e578ca657 100644 --- a/src/werkzeug/debug/repr.py +++ b/src/werkzeug/debug/repr.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.debug.repr ~~~~~~~~~~~~~~~~~~~ @@ -59,7 +58,7 @@ def dump(obj=missing): sys.stdout._write(rv) -class _Helper(object): +class _Helper: """Displays an HTML version of the normal help, for the interactive debugger only because it requires a patched sys.stdout. """ @@ -100,10 +99,10 @@ def _add_subclass_info(inner, obj, base): module = "" if obj.__class__.__module__ not in ("__builtin__", "exceptions"): module = '%s.' % obj.__class__.__module__ - return "%s%s(%s)" % (module, obj.__class__.__name__, inner) + return f"{module}{obj.__class__.__name__}({inner})" -class DebugReprGenerator(object): +class DebugReprGenerator: def __init__(self): self._stack = [] @@ -123,7 +122,7 @@ def proxy(self, obj, recursive): if have_extended_section: buf.append("") buf.append(right) - return _add_subclass_info(u"".join(buf), obj, base) + return _add_subclass_info("".join(buf), obj, base) return proxy @@ -143,7 +142,7 @@ def regex_repr(self, obj): pattern = "ur" + pattern[1:] else: pattern = "r" + pattern - return u're.compile(%s)' % pattern + return 're.compile(%s)' % pattern def string_repr(self, obj, limit=70): buf = [''] @@ -163,7 +162,7 @@ def string_repr(self, obj, limit=70): buf.append(escape(r)) buf.append("") - out = u"".join(buf) + out = "".join(buf) # if the repr looks like a standard string, add subclass info if needed if r[0] in "'\"" or (r[0] in "ub" and r[1] in "'\""): @@ -174,7 +173,7 @@ def string_repr(self, obj, limit=70): def dict_repr(self, d, recursive, limit=5): if recursive: - return _add_subclass_info(u"{...}", d, dict) + return _add_subclass_info("{...}", d, dict) buf = ["{"] have_extended_section = False for idx, (key, value) in enumerate(iter(d.items())): @@ -191,17 +190,17 @@ def dict_repr(self, d, recursive, limit=5): if have_extended_section: buf.append("") buf.append("}") - return _add_subclass_info(u"".join(buf), d, dict) + return _add_subclass_info("".join(buf), d, dict) def object_repr(self, obj): r = repr(obj) - return u'%s' % escape(r) + return '%s' % escape(r) def dispatch_repr(self, obj, recursive): if obj is helper: - return u'%r' % helper + return '%r' % helper if isinstance(obj, (int, float, complex)): - return u'%r' % obj + return '%r' % obj if isinstance(obj, str) or isinstance(obj, bytes): return self.string_repr(obj) if isinstance(obj, RegexType): @@ -225,7 +224,7 @@ def fallback_repr(self): info = "".join(format_exception_only(*sys.exc_info()[:2])) except Exception: # pragma: no cover info = "?" - return u'<broken repr (%s)>' u"" % escape( + return '<broken repr (%s)>' "" % escape( info.strip() ) @@ -274,7 +273,7 @@ def render_object_dump(self, items, title, repr=None): html_items = [] for key, value in items: html_items.append( - "%s
%s
" % (escape(key), value) + "{}
{}
".format(escape(key), value) ) if not html_items: html_items.append("Nothing") diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py index f52d3b9f9..5ffa08f42 100644 --- a/src/werkzeug/debug/tbtools.py +++ b/src/werkzeug/debug/tbtools.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.debug.tbtools ~~~~~~~~~~~~~~~~~~~~~~ @@ -39,7 +38,7 @@ pass -HEADER = u"""\ +HEADER = """\ @@ -65,7 +64,7 @@
""" -FOOTER = u"""\ +FOOTER = """\
Brought to you by DON'T PANIC, your friendly Werkzeug powered traceback interpreter. @@ -92,7 +91,7 @@ PAGE_HTML = ( HEADER - + u"""\ + + """\

%(exception_type)s

%(exception)s

@@ -131,7 +130,7 @@ CONSOLE_HTML = ( HEADER - + u"""\ + + """\

Interactive Console

In this console you can execute Python expressions in the context of the @@ -142,7 +141,7 @@ + FOOTER ) -SUMMARY_HTML = u"""\ +SUMMARY_HTML = """\
%(title)s
    %(frames)s
@@ -150,7 +149,7 @@
""" -FRAME_HTML = u"""\ +FRAME_HTML = """\

File "%(filename)s", line %(lineno)s, @@ -159,7 +158,7 @@

""" -SOURCE_LINE_HTML = u"""\ +SOURCE_LINE_HTML = """\ %(lineno)s %(code)s @@ -199,7 +198,7 @@ def get_current_traceback( return tb -class Line(object): +class Line: """Helper for the source renderer.""" __slots__ = ("lineno", "code", "in_frame", "current") @@ -221,13 +220,13 @@ def classes(self): def render(self): return SOURCE_LINE_HTML % { - "classes": u" ".join(self.classes), + "classes": " ".join(self.classes), "lineno": self.lineno, "code": escape(self.code), } -class Traceback(object): +class Traceback: """Wraps a traceback.""" def __init__(self, exc_type, exc_value, tb): @@ -274,7 +273,7 @@ def log(self, logfile=None): """Log the ASCII traceback into a file object.""" if logfile is None: logfile = sys.stderr - tb = self.plaintext.rstrip() + u"\n" + tb = self.plaintext.rstrip() + "\n" logfile.write(_to_native(tb, "utf-8", "replace")) def paste(self): @@ -309,19 +308,19 @@ def render_summary(self, include_title=True): if include_title: if self.is_syntax_error: - title = u"Syntax Error" + title = "Syntax Error" else: - title = u"Traceback (most recent call last):" + title = "Traceback (most recent call last):" if self.is_syntax_error: - description_wrapper = u"
%s
" + description_wrapper = "
%s
" else: - description_wrapper = u"
%s
" + description_wrapper = "
%s
" return SUMMARY_HTML % { - "classes": u" ".join(classes), - "title": u"

%s

" % title if title else u"", - "frames": u"\n".join(frames), + "classes": " ".join(classes), + "title": "

%s

" % title if title else "", + "frames": "\n".join(frames), "description": description_wrapper % escape(self.exception), } @@ -344,14 +343,14 @@ def render_full(self, evalex=False, secret=None, evalex_trusted=True): @cached_property def plaintext(self): - return u"\n".join([group.render_text() for group in self.groups]) + return "\n".join([group.render_text() for group in self.groups]) @property def id(self): return id(self) -class Group(object): +class Group: """A group of frames for an exception in a traceback. On Python 3, if the exception has a ``__cause__`` or ``__context__``, there are multiple exception groups. @@ -363,13 +362,11 @@ def __init__(self, exc_type, exc_value, tb): self.info = None if exc_value.__cause__ is not None: self.info = ( - u"The above exception was the direct cause of the" - u" following exception" + "The above exception was the direct cause of the" " following exception" ) elif exc_value.__context__ is not None: self.info = ( - u"During handling of the above exception, another" - u" exception occurred" + "During handling of the above exception, another" " exception occurred" ) self.frames = [] @@ -419,29 +416,29 @@ def exception(self): def render(self, mark_lib=True): out = [] if self.info is not None: - out.append(u'
  • %s:
    ' % self.info) + out.append('
  • %s:
    ' % self.info) for frame in self.frames: out.append( - u"%s" + "%s" % ( - u' title="%s"' % escape(frame.info) if frame.info else u"", + ' title="%s"' % escape(frame.info) if frame.info else "", frame.render(mark_lib=mark_lib), ) ) - return u"\n".join(out) + return "\n".join(out) def render_text(self): out = [] if self.info is not None: - out.append(u"\n%s:\n" % self.info) - out.append(u"Traceback (most recent call last):") + out.append("\n%s:\n" % self.info) + out.append("Traceback (most recent call last):") for frame in self.frames: out.append(frame.render_text()) out.append(self.exception) - return u"\n".join(out) + return "\n".join(out) -class Frame(object): +class Frame: """A single frame in a traceback.""" def __init__(self, exc_type, exc_value, tb): @@ -486,11 +483,8 @@ def is_library(self): ) def render_text(self): - return u' File "%s", line %s, in %s\n %s' % ( - self.filename, - self.lineno, - self.function_name, - self.current_line.strip(), + return ' File "{}", line {}, in {}\n {}'.format( + self.filename, self.lineno, self.function_name, self.current_line.strip(), ) def render_line_context(self): @@ -568,7 +562,7 @@ def sourcelines(self): _to_native(self.filename, get_filesystem_encoding()), mode="rb" ) as f: source = f.read() - except IOError: + except OSError: return [] # already unicode? return right away @@ -608,7 +602,7 @@ def current_line(self): try: return self.sourcelines[self.lineno - 1] except IndexError: - return u"" + return "" @cached_property def console(self): diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index 2215e07c9..00ae07ac4 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.exceptions ~~~~~~~~~~~~~~~~~~~ @@ -74,7 +73,7 @@ class HTTPException(Exception): description = None def __init__(self, description=None, response=None): - super(HTTPException, self).__init__() + super().__init__() if description is not None: self.description = description self.response = response @@ -137,7 +136,7 @@ def name(self): def get_description(self, environ=None): """Get the description.""" - return u"

    %s

    " % escape(self.description).replace("\n", "
    ") + return "

    %s

    " % escape(self.description).replace("\n", "
    ") def get_body(self, environ=None): """Get the HTML body.""" @@ -186,11 +185,11 @@ def __call__(self, environ, start_response): def __str__(self): code = self.code if self.code is not None else "???" - return "%s %s: %s" % (code, self.name, self.description) + return f"{code} {self.name}: {self.description}" def __repr__(self): code = self.code if self.code is not None else "???" - return "<%s '%s: %s'>" % (self.__class__.__name__, code, self.name) + return f"<{self.__class__.__name__} '{code}: {self.name}'>" class BadRequest(HTTPException): @@ -592,11 +591,11 @@ class _RetryAfter(HTTPException): """ def __init__(self, description=None, response=None, retry_after=None): - super(_RetryAfter, self).__init__(description, response) + super().__init__(description, response) self.retry_after = retry_after def get_headers(self, environ=None): - headers = super(_RetryAfter, self).get_headers(environ) + headers = super().get_headers(environ) if self.retry_after: if isinstance(self.retry_after, datetime): @@ -677,9 +676,7 @@ def __init__(self, description=None, response=None, original_exception=None): #: used by frameworks to provide context when handling #: unexpected errors. self.original_exception = original_exception - super(InternalServerError, self).__init__( - description=description, response=response - ) + super().__init__(description=description, response=response) class NotImplemented(HTTPException): @@ -775,7 +772,7 @@ def _find_exceptions(): del _find_exceptions -class Aborter(object): +class Aborter: """When passed a dict of code -> exception items it can be used as callable that raises exceptions. If the first argument to the callable is an integer it will be looked up in the mapping, if it's diff --git a/src/werkzeug/filesystem.py b/src/werkzeug/filesystem.py index d016caea6..fcb14a4ea 100644 --- a/src/werkzeug/filesystem.py +++ b/src/werkzeug/filesystem.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.filesystem ~~~~~~~~~~~~~~~~~~~ @@ -56,7 +55,7 @@ def get_filesystem_encoding(): if not _warned_about_filesystem_encoding: warnings.warn( "Detected a misconfigured UNIX filesystem: Will use" - " UTF-8 as filesystem encoding instead of {0!r}".format(rv), + " UTF-8 as filesystem encoding instead of {!r}".format(rv), BrokenFilesystemWarning, ) _warned_about_filesystem_encoding = True diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py index 78e205f4d..4dea8d9de 100644 --- a/src/werkzeug/formparser.py +++ b/src/werkzeug/formparser.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.formparser ~~~~~~~~~~~~~~~~~~~ @@ -141,7 +140,7 @@ def wrapper(self, stream, *args, **kwargs): return update_wrapper(wrapper, f) -class FormDataParser(object): +class FormDataParser: """This class implements parsing of form data for Werkzeug. By itself it can parse multipart and url encoded form data. It can be subclassed and extended but for most mimetypes it is a better idea to use the @@ -323,7 +322,7 @@ def parse_multipart_headers(iterable): _end = "end" -class MultiPartParser(object): +class MultiPartParser: def __init__( self, stream_factory=None, diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index d0fd8bb42..965a37cbc 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.http ~~~~~~~~~~~~~ @@ -272,7 +271,7 @@ def dump_options_header(header, options): if value is None: segments.append(key) else: - segments.append("%s=%s" % (key, quote_header_value(value))) + segments.append("{}={}".format(key, quote_header_value(value))) return "; ".join(segments) @@ -298,7 +297,9 @@ def dump_header(iterable, allow_token=True): items.append(key) else: items.append( - "%s=%s" % (key, quote_header_value(value, allow_token=allow_token)) + "{}={}".format( + key, quote_header_value(value, allow_token=allow_token) + ) ) else: items = [quote_header_value(x, allow_token=allow_token) for x in iterable] @@ -315,7 +316,7 @@ def dump_csp_header(header): Support for Content Security Policy headers was added. """ - return "; ".join("%s %s" % (key, value) for key, value in iter(header.items())) + return "; ".join(f"{key} {value}" for key, value in iter(header.items())) def parse_list_header(value): @@ -1036,7 +1037,7 @@ def remove_entity_headers(headers, allowed=("expires", "content-location")): :param allowed: a list of headers that should still be allowed even though they are entity headers. """ - allowed = set(x.lower() for x in allowed) + allowed = {x.lower() for x in allowed} headers[:] = [ (key, value) for key, value in headers diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py index 7b5dc5a81..c82652db8 100644 --- a/src/werkzeug/local.py +++ b/src/werkzeug/local.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.local ~~~~~~~~~~~~~~ @@ -48,7 +47,7 @@ def release_local(local): local.__release_local__() -class Local(object): +class Local: __slots__ = ("__storage__", "__ident_func__") def __init__(self): @@ -86,7 +85,7 @@ def __delattr__(self, name): raise AttributeError(name) -class LocalStack(object): +class LocalStack: """This class works similar to a :class:`Local` but keeps a stack of objects instead. This is best explained with an example:: @@ -168,7 +167,7 @@ def top(self): return None -class LocalManager(object): +class LocalManager: """Local objects cannot manage themselves. For that you need a local manager. You can pass a local manager multiple locals or add them later by appending them to `manager.locals`. Every time the manager cleans up, @@ -248,7 +247,7 @@ def __repr__(self): return "<%s storages: %d>" % (self.__class__.__name__, len(self.locals)) -class LocalProxy(object): +class LocalProxy: """Acts as a proxy for a werkzeug local. Forwards all operations to a proxied object. The only operations not supported for forwarding are right handed operands and any kind of assignment. diff --git a/src/werkzeug/middleware/dispatcher.py b/src/werkzeug/middleware/dispatcher.py index 2eb173e0c..5866325ee 100644 --- a/src/werkzeug/middleware/dispatcher.py +++ b/src/werkzeug/middleware/dispatcher.py @@ -32,7 +32,7 @@ """ -class DispatcherMiddleware(object): +class DispatcherMiddleware: """Combine multiple applications as a single WSGI application. Requests are dispatched to an application based on the path it is mounted under. @@ -56,7 +56,7 @@ def __call__(self, environ, start_response): break script, last_item = script.rsplit("/", 1) - path_info = "/%s%s" % (last_item, path_info) + path_info = f"/{last_item}{path_info}" else: app = self.mounts.get(script, self.app) diff --git a/src/werkzeug/middleware/http_proxy.py b/src/werkzeug/middleware/http_proxy.py index bfdc07120..641e564d0 100644 --- a/src/werkzeug/middleware/http_proxy.py +++ b/src/werkzeug/middleware/http_proxy.py @@ -7,8 +7,6 @@ :copyright: 2007 Pallets :license: BSD-3-Clause """ -import socket - from ..datastructures import EnvironHeaders from ..http import is_hop_by_hop_header from ..urls import url_parse @@ -21,7 +19,7 @@ import httplib as client -class ProxyMiddleware(object): +class ProxyMiddleware: """Proxy requests under a path to an external server, routing other requests to the app. @@ -84,9 +82,9 @@ def _set_defaults(opts): return opts self.app = app - self.targets = dict( - ("/%s/" % k.strip("/"), _set_defaults(v)) for k, v in targets.items() - ) + self.targets = { + "/%s/" % k.strip("/"): _set_defaults(v) for k, v in targets.items() + } self.chunk_size = chunk_size self.timeout = timeout @@ -114,9 +112,8 @@ def application(environ, start_response): remote_path = path if opts["remove_prefix"]: - remote_path = "%s/%s" % ( - target.path.rstrip("/"), - remote_path[len(prefix) :].lstrip("/"), + remote_path = "{}/{}".format( + target.path.rstrip("/"), remote_path[len(prefix) :].lstrip("/"), ) content_length = environ.get("CONTENT_LENGTH") @@ -177,7 +174,7 @@ def application(environ, start_response): con.send(data) resp = con.getresponse() - except socket.error: + except OSError: from ..exceptions import BadGateway return BadGateway()(environ, start_response) @@ -195,7 +192,7 @@ def read(): while 1: try: data = resp.read(self.chunk_size) - except socket.error: + except OSError: break if not data: diff --git a/src/werkzeug/middleware/lint.py b/src/werkzeug/middleware/lint.py index 048ceed28..382f7fcde 100644 --- a/src/werkzeug/middleware/lint.py +++ b/src/werkzeug/middleware/lint.py @@ -35,12 +35,12 @@ class HTTPWarning(Warning): def check_string(context, obj, stacklevel=3): if type(obj) is not str: warn( - "'%s' requires strings, got '%s'" % (context, type(obj).__name__), + "'{}' requires strings, got '{}'".format(context, type(obj).__name__), WSGIWarning, ) -class InputStream(object): +class InputStream: def __init__(self, stream): self._stream = stream @@ -92,7 +92,7 @@ def close(self): self._stream.close() -class ErrorStream(object): +class ErrorStream: def __init__(self, stream): self._stream = stream @@ -112,7 +112,7 @@ def close(self): self._stream.close() -class GuardedWrite(object): +class GuardedWrite: def __init__(self, write, chunks): self._write = write self._chunks = chunks @@ -123,7 +123,7 @@ def __call__(self, s): self._chunks.append(len(s)) -class GuardedIterator(object): +class GuardedIterator: def __init__(self, iterator, headers_set, chunks): self._iterator = iterator self._next = iter(iterator).__next__ @@ -200,7 +200,7 @@ def __del__(self): pass -class LintMiddleware(object): +class LintMiddleware: """Warns about common errors in the WSGI and HTTP behavior of the server and wrapped application. Some of the issues it check are: diff --git a/src/werkzeug/middleware/profiler.py b/src/werkzeug/middleware/profiler.py index 32a14d9fd..7999fa4b6 100644 --- a/src/werkzeug/middleware/profiler.py +++ b/src/werkzeug/middleware/profiler.py @@ -11,8 +11,6 @@ :copyright: 2007 Pallets :license: BSD-3-Clause """ -from __future__ import print_function - import os.path import sys import time @@ -24,7 +22,7 @@ from profile import Profile -class ProfilerMiddleware(object): +class ProfilerMiddleware: """Wrap a WSGI application and profile the execution of each request. Responses are buffered so that timings are more exact. diff --git a/src/werkzeug/middleware/proxy_fix.py b/src/werkzeug/middleware/proxy_fix.py index f393f61d3..890640aae 100644 --- a/src/werkzeug/middleware/proxy_fix.py +++ b/src/werkzeug/middleware/proxy_fix.py @@ -24,7 +24,7 @@ from werkzeug.http import parse_list_header -class ProxyFix(object): +class ProxyFix: """Adjust the WSGI environ based on ``X-Forwarded-`` that proxies in front of the application may set. @@ -157,7 +157,7 @@ def __call__(self, environ, start_response): if host: parts = host.split(":", 1) host = parts[0] if len(parts) == 2 else host - environ["HTTP_HOST"] = "%s:%s" % (host, x_port) + environ["HTTP_HOST"] = f"{host}:{x_port}" environ["SERVER_PORT"] = x_port x_prefix = self._get_real_value( diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py index 99a23fcce..2dca41134 100644 --- a/src/werkzeug/middleware/shared_data.py +++ b/src/werkzeug/middleware/shared_data.py @@ -27,7 +27,7 @@ from ..wsgi import wrap_file -class SharedDataMiddleware(object): +class SharedDataMiddleware: """A WSGI middleware that provides static content for development environments or simple server setups. Usage is quite simple:: @@ -160,7 +160,7 @@ def loader(path): try: resource = reader.open_resource(path) - except IOError: + except OSError: return None, None if isinstance(resource, BytesIO): @@ -199,7 +199,7 @@ def loader(path): try: data = provider.get_data(path) - except IOError: + except OSError: return None, None return basename, lambda: (BytesIO(data), loadtime, len(data)) diff --git a/src/werkzeug/posixemulation.py b/src/werkzeug/posixemulation.py index d5f507b96..7bce09eb5 100644 --- a/src/werkzeug/posixemulation.py +++ b/src/werkzeug/posixemulation.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- r""" werkzeug.posixemulation ~~~~~~~~~~~~~~~~~~~~~~~ @@ -103,7 +102,7 @@ def rename(src, dst): except OSError as e: if e.errno != errno.EEXIST: raise - old = "%s-%08x" % (dst, random.randint(0, sys.maxsize)) + old = "{}-{:08x}".format(dst, random.randint(0, sys.maxsize)) os.rename(dst, old) os.rename(src, dst) try: diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index eea61f138..3d3db6e5a 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.routing ~~~~~~~~~~~~~~~~ @@ -320,7 +319,7 @@ def __str__(self): ) else: message.append(" Did you mean %r instead?" % self.suggested.endpoint) - return u"".join(message) + return "".join(message) class WebsocketMismatch(BadRequest): @@ -335,7 +334,7 @@ class ValidationError(ValueError): """ -class RuleFactory(object): +class RuleFactory: """As soon as you have more complex URL setups it's a good idea to use rule factories to avoid repetitive tasks. Some of them are builtin, others can be added by subclassing `RuleFactory` and overriding `get_rules`. @@ -429,7 +428,7 @@ def get_rules(self, map): yield rule -class RuleTemplate(object): +class RuleTemplate: """Returns copies of the rules wrapped and expands string templates in the endpoint, rule, defaults or subdomain sections. @@ -748,7 +747,7 @@ def bind(self, map, rebind=False): :internal: """ if self.map is not None and not rebind: - raise RuntimeError("url rule %r already bound to map %r" % (self, self.map)) + raise RuntimeError(f"url rule {self!r} already bound to map {self.map!r}") self.map = map if self.strict_slashes is None: self.strict_slashes = map.strict_slashes @@ -815,7 +814,7 @@ def _build_regex(rule): c_args = () c_kwargs = {} convobj = self.get_converter(variable, converter, c_args, c_kwargs) - regex_parts.append("(?P<%s>%s)" % (variable, convobj.regex)) + regex_parts.append(f"(?P<{variable}>{convobj.regex})") self._converters[variable] = convobj self._trace.append((True, variable)) self._argument_weights.append(convobj.weight) @@ -836,12 +835,12 @@ def _build_regex(rule): return if not (self.is_leaf and self.strict_slashes): - reps = u"*" if self.merge_slashes else u"?" - tail = u"(?/%s)" % reps + reps = "*" if self.merge_slashes else "?" + tail = "(?/%s)" % reps else: - tail = u"" + tail = "" - regex = u"^%s%s$" % (u"".join(regex_parts), tail) + regex = "^{}{}$".format("".join(regex_parts), tail) self._regex = re.compile(regex, re.UNICODE) def match(self, path, method=None): @@ -987,7 +986,7 @@ def _join(parts): kargs = [str(k) for k in defaults] func_ast = _prefix_names("def _(): pass") - func_ast.name = "".format(self.rule) + func_ast.name = f"" if hasattr(ast, "arg"): # py3 func_ast.args.args.append(ast.arg(".self", None)) for arg in pargs + kargs: @@ -1123,22 +1122,22 @@ def __str__(self): def __repr__(self): if self.map is None: - return u"<%s (unbound)>" % self.__class__.__name__ + return "<%s (unbound)>" % self.__class__.__name__ tmp = [] for is_dynamic, data in self._trace: if is_dynamic: - tmp.append(u"<%s>" % data) + tmp.append("<%s>" % data) else: tmp.append(data) - return u"<%s %s%s -> %s>" % ( + return "<{} {}{} -> {}>".format( self.__class__.__name__, - repr((u"".join(tmp)).lstrip(u"|")).lstrip(u"u"), - self.methods is not None and u" (%s)" % u", ".join(self.methods) or u"", + repr(("".join(tmp)).lstrip("|")).lstrip("u"), + self.methods is not None and " (%s)" % ", ".join(self.methods) or "", self.endpoint, ) -class BaseConverter(object): +class BaseConverter: """Base class for all converters.""" regex = "[^/]+" @@ -1183,7 +1182,7 @@ def __init__(self, map, minlength=1, maxlength=None, length=None): maxlength = "" else: maxlength = int(maxlength) - length = "{%s,%s}" % (int(minlength), maxlength) + length = "{{{},{}}}".format(int(minlength), maxlength) self.regex = "[^/]" + length @@ -1341,7 +1340,7 @@ def to_url(self, value): } -class Map(object): +class Map: """The map class stores all the URL rules and some configuration parameters. Some of the configuration values are only stored on the `Map` instance since those affect all rules, others are just defaults @@ -1653,10 +1652,10 @@ def update(self): def __repr__(self): rules = self.iter_rules() - return "%s(%s)" % (self.__class__.__name__, pformat(list(rules))) + return "{}({})".format(self.__class__.__name__, pformat(list(rules))) -class MapAdapter(object): +class MapAdapter: """Returned by :meth:`Map.bind` or :meth:`Map.bind_to_environ` and does the URL matching and building based on runtime information. @@ -1676,8 +1675,8 @@ def __init__( self.map = map self.server_name = _to_str(server_name) script_name = _to_str(script_name) - if not script_name.endswith(u"/"): - script_name += u"/" + if not script_name.endswith("/"): + script_name += "/" self.script_name = script_name self.subdomain = _to_str(subdomain) self.url_scheme = _to_str(url_scheme) @@ -1851,7 +1850,7 @@ def match( require_redirect = False - path = u"%s|%s" % ( + path = "{}|{}".format( self.map.host_matching and self.server_name or self.subdomain, path_info and "/%s" % path_info.lstrip("/"), ) @@ -1979,7 +1978,7 @@ def get_host(self, domain_part): subdomain = self.subdomain else: subdomain = _to_str(subdomain, "ascii") - return (subdomain + u"." if subdomain else u"") + self.server_name + return (subdomain + "." if subdomain else "") + self.server_name def get_default_redirect(self, rule, method, values, query_args): """A helper that returns the URL to redirect to if it finds one. @@ -2197,7 +2196,7 @@ def build( (self.map.host_matching and host == self.server_name) or (not self.map.host_matching and domain_part == self.subdomain) ): - return "%s/%s" % (self.script_name.rstrip("/"), path.lstrip("/")) + return "{}/{}".format(self.script_name.rstrip("/"), path.lstrip("/")) return str( "%s//%s%s/%s" % ( diff --git a/src/werkzeug/security.py b/src/werkzeug/security.py index 2abdff3aa..6019dfb3f 100644 --- a/src/werkzeug/security.py +++ b/src/werkzeug/security.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.security ~~~~~~~~~~~~~~~~~ @@ -193,7 +192,7 @@ def generate_password_hash(password, method="pbkdf2:sha256", salt_length=8): """ salt = gen_salt(salt_length) if method != "plain" else "" h, actual_method = _hash_internal(method, salt, password) - return "%s$%s$%s" % (actual_method, salt, h) + return f"{actual_method}${salt}${h}" def check_password_hash(pwhash, password): diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index 5454d8b75..c09337d48 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.serving ~~~~~~~~~~~~~~~~ @@ -65,7 +64,7 @@ import ssl except ImportError: - class _SslDummy(object): + class _SslDummy: def __getattr__(self, name): raise RuntimeError("SSL support unavailable") @@ -84,7 +83,7 @@ def __getattr__(self, name): ForkingMixIn = socketserver.ForkingMixIn else: - class ForkingMixIn(object): + class ForkingMixIn: pass @@ -115,9 +114,9 @@ def read_chunk_len(self): line = self._rfile.readline().decode("latin1") _len = int(line.strip(), 16) except ValueError: - raise IOError("Invalid chunk header") + raise OSError("Invalid chunk header") if _len < 0: - raise IOError("Negative chunk length not allowed") + raise OSError("Negative chunk length not allowed") return _len def readinto(self, buf): @@ -147,12 +146,12 @@ def readinto(self, buf): # consumed. This also applies to the 0-sized final chunk terminator = self._rfile.readline() if terminator not in (b"\n", b"\r\n", b"\r"): - raise IOError("Missing chunk terminating newline") + raise OSError("Missing chunk terminating newline") return read -class WSGIRequestHandler(BaseHTTPRequestHandler, object): +class WSGIRequestHandler(BaseHTTPRequestHandler): """A request handler that implements WSGI dispatching.""" @@ -180,7 +179,7 @@ def shutdown_server(): # the first segment may have been incorrectly parsed as the # netloc, prepend it to the path again. if not request_url.scheme and request_url.netloc: - path_info = "/%s%s" % (request_url.netloc, request_url.path) + path_info = f"/{request_url.netloc}{request_url.path}" else: path_info = request_url.path @@ -398,7 +397,7 @@ def port_integer(self): def log_request(self, code="-", size="-"): try: path = uri_to_iri(self.path) - msg = "%s %s %s" % (self.command, path, self.request_version) + msg = f"{self.command} {path} {self.request_version}" except AttributeError: # path isn't set if the requestline was bad msg = self.requestline @@ -474,11 +473,11 @@ def generate_adhoc_ssl_pair(cn=None): # pretty damn sure that this is not actually accepted by anyone if cn is None: - cn = u"*" + cn = "*" subject = x509.Name( [ - x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Dummy Certificate"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "Dummy Certificate"), x509.NameAttribute(NameOID.COMMON_NAME, cn), ] ) @@ -492,9 +491,7 @@ def generate_adhoc_ssl_pair(cn=None): .not_valid_before(dt.utcnow()) .not_valid_after(dt.utcnow() + timedelta(days=365)) .add_extension(x509.ExtendedKeyUsage([x509.OID_SERVER_AUTH]), critical=False) - .add_extension( - x509.SubjectAlternativeName([x509.DNSName(u"*")]), critical=False - ) + .add_extension(x509.SubjectAlternativeName([x509.DNSName("*")]), critical=False) .sign(pkey, hashes.SHA256(), default_backend()) ) return cert, pkey @@ -520,7 +517,7 @@ def make_ssl_devcert(base_path, host=None, cn=None): """ if host is not None: - cn = u"*.%s/CN=%s" % (host, host) + cn = f"*.{host}/CN={host}" cert, pkey = generate_adhoc_ssl_pair(cn=cn) from cryptography.hazmat.primitives import serialization @@ -594,7 +591,7 @@ def load_ssl_context(cert_file, pkey_file=None, protocol=None): return ctx -class _SSLContext(object): +class _SSLContext: """A dummy class with a small subset of Python3's ``ssl.SSLContext``, only intended to be used with and by Werkzeug.""" @@ -616,7 +613,7 @@ def wrap_socket(self, sock, **kwargs): keyfile=self._keyfile, certfile=self._certfile, ssl_version=self._protocol, - **kwargs + **kwargs, ) @@ -663,7 +660,7 @@ def get_sockaddr(host, port, family): return res[0][4] -class BaseWSGIServer(HTTPServer, object): +class BaseWSGIServer(HTTPServer): """Simple single-threaded, single-process WSGI server.""" diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index 931dc3f7f..6df07174b 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.test ~~~~~~~~~~~~~ @@ -61,7 +60,7 @@ def stream_encode_multipart( in a file descriptor. """ if boundary is None: - boundary = "---------------WerkzeugFormPart_%s%s" % (time(), random()) + boundary = "---------------WerkzeugFormPart_{}{}".format(time(), random()) _closure = [BytesIO(), 0, False] if use_tempfile: @@ -93,7 +92,7 @@ def write(string): for key, values in iter(values.lists()): for value in values: - write('--%s\r\nContent-Disposition: form-data; name="%s"' % (boundary, key)) + write(f'--{boundary}\r\nContent-Disposition: form-data; name="{key}"') reader = getattr(value, "read", None) if reader is not None: filename = getattr(value, "filename", getattr(value, "name", None)) @@ -139,7 +138,7 @@ def encode_multipart(values, boundary=None, charset="utf-8"): return boundary, stream.read() -class _TestCookieHeaders(object): +class _TestCookieHeaders: """A headers adapter for cookielib """ @@ -163,7 +162,7 @@ def get_all(self, name, default=None): return rv or default or [] -class _TestCookieResponse(object): +class _TestCookieResponse: """Something that looks like a httplib.HTTPResponse, but is actually just an adapter for our test responses to make them available for cookielib. @@ -186,7 +185,7 @@ def inject_wsgi(self, environ): """Inject the cookies as client headers into the server's wsgi environment. """ - cvals = ["%s=%s" % (c.name, c.value) for c in self] + cvals = [f"{c.name}={c.value}" for c in self] if cvals: environ["HTTP_COOKIE"] = "; ".join(cvals) @@ -221,7 +220,7 @@ def _iter_data(data): yield key, values -class EnvironBuilder(object): +class EnvironBuilder: """This class can be used to conveniently create a WSGI environment for testing purposes. It can be used to quickly create WSGI environments or request objects from arbitrary data. @@ -766,7 +765,7 @@ class ClientRedirectError(Exception): """ -class Client(object): +class Client: """This class allows you to send requests to a wrapped application. The response wrapper can be a class or factory function that takes @@ -1042,7 +1041,7 @@ def trace(self, *args, **kw): return self.open(*args, **kw) def __repr__(self): - return "<%s %r>" % (self.__class__.__name__, self.application) + return f"<{self.__class__.__name__} {self.application!r}>" def create_environ(*args, **kwargs): diff --git a/src/werkzeug/testapp.py b/src/werkzeug/testapp.py index 5ea854904..d193f6ce7 100644 --- a/src/werkzeug/testapp.py +++ b/src/werkzeug/testapp.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.testapp ~~~~~~~~~~~~~~~~ @@ -61,7 +60,7 @@ ) -TEMPLATE = u"""\ +TEMPLATE = """\ WSGI Information @@ -174,7 +173,9 @@ def render_testapp(req): except (ValueError, AttributeError): version = "unknown" python_eggs.append( - "
  • %s [%s]" % (escape(egg.project_name), escape(version)) + "
  • {} [{}]".format( + escape(egg.project_name), escape(version) + ) ) wsgi_env = [] diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py index d80811677..6885b316c 100644 --- a/src/werkzeug/urls.py +++ b/src/werkzeug/urls.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.urls ~~~~~~~~~~~~~ @@ -41,9 +40,7 @@ ) _hexdigits = "0123456789ABCDEFabcdef" -_hextobyte = dict( - ((a + b).encode(), int(a + b, 16)) for a in _hexdigits for b in _hexdigits -) +_hextobyte = {(a + b).encode(): int(a + b, 16) for a in _hexdigits for b in _hexdigits} _bytetohex = [("%%%02X" % char).encode("ascii") for char in range(256)] @@ -174,7 +171,7 @@ def decode_netloc(self): ) ) if auth: - rv = "%s@%s" % (auth, rv) + rv = f"{auth}@{rv}" return rv def to_uri_tuple(self): @@ -325,7 +322,7 @@ def encode_netloc(self): ) ) if auth: - rv = "%s@%s" % (auth, rv) + rv = f"{auth}@{rv}" return _to_native(rv) def encode(self, charset="utf-8", errors="replace"): @@ -610,7 +607,7 @@ def url_unquote_plus(s, charset="utf-8", errors="replace"): :param errors: The error handling for the `charset` decoding. """ if isinstance(s, str): - s = s.replace(u"+", u" ") + s = s.replace("+", " ") else: s = s.replace(b"+", b" ") return url_unquote(s, charset, errors) @@ -1022,7 +1019,7 @@ def url_join(base, url, allow_fragments=True): return url_unparse((scheme, netloc, path, query, fragment)) -class Href(object): +class Href: """Implements a callable that constructs URLs with the given base. The function can be called with any number of positional and keyword arguments which than are used to assemble the URL. Works with URLs @@ -1095,9 +1092,7 @@ def __call__(self, *path, **query): raise TypeError("keyword arguments and query-dicts can't be combined") query, path = path[-1], path[:-1] elif query: - query = dict( - [(k.endswith("_") and k[:-1] or k, v) for k, v in query.items()] - ) + query = {k.endswith("_") and k[:-1] or k: v for k, v in query.items()} path = "/".join( [ _to_str(url_quote(x, self.charset), "ascii") diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py index 74f2fa4fd..437978235 100644 --- a/src/werkzeug/useragents.py +++ b/src/werkzeug/useragents.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.useragents ~~~~~~~~~~~~~~~~~~~ @@ -14,7 +13,7 @@ import re -class UserAgentParser(object): +class UserAgentParser: """A simple user agent parser. Used by the `UserAgent`.""" platforms = ( @@ -101,7 +100,7 @@ def __call__(self, user_agent): return platform, browser, version, language -class UserAgent(object): +class UserAgent: """Represents a user agent. Pass it a WSGI environment or a user agent string and you can inspect some of the details from the user agent string via the attributes. The following attributes exist: @@ -199,4 +198,4 @@ def __nonzero__(self): __bool__ = __nonzero__ def __repr__(self): - return "<%s %r/%s>" % (self.__class__.__name__, self.browser, self.version) + return f"<{self.__class__.__name__} {self.browser!r}/{self.version}>" diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index 04fa8bac4..e20e85907 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.utils ~~~~~~~~~~~~~~ @@ -151,7 +150,7 @@ def lookup(self, obj): return obj.headers -class HTMLBuilder(object): +class HTMLBuilder: """Helper object for HTML generation. Per default there are two instances of that class. The `html` one, and @@ -267,7 +266,7 @@ def proxy(*children, **arguments): return proxy def __repr__(self): - return "<%s for %r>" % (self.__class__.__name__, self._dialect) + return f"<{self.__class__.__name__} for {self._dialect!r}>" html = HTMLBuilder("html") @@ -473,7 +472,7 @@ def handle_match(m): return chr(int(name[1:])) except ValueError: pass - return u"" + return "" return _entity_re.sub(handle_match, s) @@ -603,8 +602,7 @@ def find_modules(import_path, include_packages=False, recursive=False): if include_packages: yield modname if recursive: - for item in find_modules(modname, include_packages, True): - yield item + yield from find_modules(modname, include_packages, True) else: yield modname @@ -692,7 +690,7 @@ def bind_arguments(func, args, kwargs): elif extra_positional: raise TypeError("too many positional arguments") if kwarg_var is not None: - multikw = set(extra) & set([x[0] for x in arg_spec]) + multikw = set(extra) & {x[0] for x in arg_spec} if multikw: raise TypeError( "got multiple values for keyword argument " + repr(next(iter(multikw))) @@ -749,7 +747,7 @@ def __init__(self, import_name, exception): if imported: tracked.append((name, getattr(imported, "__file__", None))) else: - track = ["- %r found in %r." % (n, i) for n, i in tracked] + track = [f"- {n!r} found in {i!r}." for n, i in tracked] track.append("- %r not found." % name) msg = msg % ( import_name, @@ -762,8 +760,6 @@ def __init__(self, import_name, exception): ImportError.__init__(self, msg) def __repr__(self): - return "<%s(%r, %r)>" % ( - self.__class__.__name__, - self.import_name, - self.exception, + return "<{}({!r}, {!r})>".format( + self.__class__.__name__, self.import_name, self.exception, ) diff --git a/src/werkzeug/wrappers/accept.py b/src/werkzeug/wrappers/accept.py index d0620a0a5..1f4a8c321 100644 --- a/src/werkzeug/wrappers/accept.py +++ b/src/werkzeug/wrappers/accept.py @@ -5,7 +5,7 @@ from ..utils import cached_property -class AcceptMixin(object): +class AcceptMixin: """A mixin for classes with an :attr:`~BaseResponse.environ` attribute to get all the HTTP accept headers as :class:`~werkzeug.datastructures.Accept` objects (or subclasses diff --git a/src/werkzeug/wrappers/auth.py b/src/werkzeug/wrappers/auth.py index 714f75546..40a340682 100644 --- a/src/werkzeug/wrappers/auth.py +++ b/src/werkzeug/wrappers/auth.py @@ -3,7 +3,7 @@ from ..utils import cached_property -class AuthorizationMixin(object): +class AuthorizationMixin: """Adds an :attr:`authorization` property that represents the parsed value of the `Authorization` header as :class:`~werkzeug.datastructures.Authorization` object. @@ -16,7 +16,7 @@ def authorization(self): return parse_authorization_header(header) -class WWWAuthenticateMixin(object): +class WWWAuthenticateMixin: """Adds a :attr:`www_authenticate` property to a response object.""" @property diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py index 88ff201c7..140d6ec75 100644 --- a/src/werkzeug/wrappers/base_request.py +++ b/src/werkzeug/wrappers/base_request.py @@ -24,7 +24,7 @@ from ..wsgi import get_input_stream -class BaseRequest(object): +class BaseRequest: """Very basic request object. This does not implement advanced stuff like entity tag parsing or cache controls. The request object is created with the WSGI environment as first argument and will add itself to the WSGI @@ -164,7 +164,7 @@ def __repr__(self): except Exception: args.append("(invalid WSGI environ)") - return "<%s %s>" % (self.__class__.__name__, " ".join(args)) + return "<{} {}>".format(self.__class__.__name__, " ".join(args)) @property def url_charset(self): @@ -545,7 +545,7 @@ def path(self): @cached_property def full_path(self): """Requested path as unicode, including the query string.""" - return self.path + u"?" + _to_str(self.query_string, self.url_charset) + return self.path + "?" + _to_str(self.query_string, self.url_charset) @cached_property def script_root(self): diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py index 0a67aa351..d94e193e7 100644 --- a/src/werkzeug/wrappers/base_response.py +++ b/src/werkzeug/wrappers/base_response.py @@ -56,7 +56,7 @@ def _clean_accept_ranges(accept_ranges): raise ValueError("Invalid accept_ranges value") -class BaseResponse(object): +class BaseResponse: """Base response class. The most important fact about a response object is that it's a regular WSGI application. It's initialized with a couple of response parameters (headers, body, status code etc.) and will start a @@ -226,7 +226,7 @@ def __repr__(self): body_info = "%d bytes" % sum(map(len, self.iter_encoded())) else: body_info = "streamed" if self.is_streamed else "likely-streamed" - return "<%s %s [%s]>" % (self.__class__.__name__, body_info, self.status) + return f"<{self.__class__.__name__} {body_info} [{self.status}]>" @classmethod def force_type(cls, response, environ=None): @@ -580,11 +580,11 @@ def get_wsgi_headers(self, environ): # speedup. for key, value in headers: ikey = key.lower() - if ikey == u"location": + if ikey == "location": location = value - elif ikey == u"content-location": + elif ikey == "content-location": content_location = value - elif ikey == u"content-length": + elif ikey == "content-length": content_length = value # make sure the location header is an absolute URL diff --git a/src/werkzeug/wrappers/common_descriptors.py b/src/werkzeug/wrappers/common_descriptors.py index 4afc457e8..0dd67e082 100644 --- a/src/werkzeug/wrappers/common_descriptors.py +++ b/src/werkzeug/wrappers/common_descriptors.py @@ -19,7 +19,7 @@ from ..wsgi import get_content_length -class CommonRequestDescriptorsMixin(object): +class CommonRequestDescriptorsMixin: """A mixin for :class:`BaseRequest` subclasses. Request objects that mix this class in will automatically get descriptors for a couple of HTTP headers with automatic type conversion. @@ -127,7 +127,7 @@ def pragma(self): return parse_set_header(self.environ.get("HTTP_PRAGMA", "")) -class CommonResponseDescriptorsMixin(object): +class CommonResponseDescriptorsMixin: """A mixin for :class:`BaseResponse` subclasses. Response objects that mix this class in will automatically get descriptors for a couple of HTTP headers with automatic type conversion. diff --git a/src/werkzeug/wrappers/etag.py b/src/werkzeug/wrappers/etag.py index 482fa83e0..219b6e52b 100644 --- a/src/werkzeug/wrappers/etag.py +++ b/src/werkzeug/wrappers/etag.py @@ -19,7 +19,7 @@ from ..wsgi import _RangeWrapper -class ETagRequestMixin(object): +class ETagRequestMixin: """Add entity tag and cache descriptors to a request object or object with a WSGI environment available as :attr:`~BaseRequest.environ`. This not only provides access to etags but also to the cache control header. @@ -80,7 +80,7 @@ def range(self): return parse_range_header(self.environ.get("HTTP_RANGE")) -class ETagResponseMixin(object): +class ETagResponseMixin: """Adds extra functionality to a response object for etag and cache handling. This mixin requires an object with at least a `headers` object that implements a dict like interface similar to @@ -257,7 +257,7 @@ def freeze(self, no_etag=False): """ if not no_etag: self.add_etag() - super(ETagResponseMixin, self).freeze() + super().freeze() accept_ranges = header_property( "Accept-Ranges", diff --git a/src/werkzeug/wrappers/json.py b/src/werkzeug/wrappers/json.py index 41ddc719b..8ec1e4ea3 100644 --- a/src/werkzeug/wrappers/json.py +++ b/src/werkzeug/wrappers/json.py @@ -1,5 +1,3 @@ -from __future__ import absolute_import - import datetime import uuid @@ -12,7 +10,7 @@ import json as _json -class _JSONModule(object): +class _JSONModule: @staticmethod def _default(o): if isinstance(o, datetime.date): @@ -43,7 +41,7 @@ def loads(s, **kw): return _json.loads(s, **kw) -class JSONMixin(object): +class JSONMixin: """Mixin to parse :attr:`data` as JSON. Can be mixed in for both :class:`~werkzeug.wrappers.Request` and :class:`~werkzeug.wrappers.Response` classes. @@ -141,4 +139,4 @@ def on_json_loading_failed(self, e): for :meth:`get_json`. The default implementation raises :exc:`~werkzeug.exceptions.BadRequest`. """ - raise BadRequest("Failed to decode JSON object: {0}".format(e)) + raise BadRequest(f"Failed to decode JSON object: {e}") diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py index 5c2fe1029..95502980d 100644 --- a/src/werkzeug/wrappers/request.py +++ b/src/werkzeug/wrappers/request.py @@ -29,7 +29,7 @@ class Request( """ -class StreamOnlyMixin(object): +class StreamOnlyMixin: """If mixed in before the request object this will change the behavior of it to disable handling of form parsing. This disables the :attr:`files`, :attr:`form` attributes and will just provide a diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py index 8f190f75b..212c0eaaf 100644 --- a/src/werkzeug/wrappers/response.py +++ b/src/werkzeug/wrappers/response.py @@ -6,7 +6,7 @@ from .etag import ETagResponseMixin -class ResponseStream(object): +class ResponseStream: """A file descriptor like object used by the :class:`ResponseStreamMixin` to represent the body of the stream. It directly pushes into the response iterable of the response object. @@ -51,7 +51,7 @@ def encoding(self): return self.response.charset -class ResponseStreamMixin(object): +class ResponseStreamMixin: """Mixin for :class:`BaseResponse` subclasses. Classes that inherit from this mixin will automatically get a :attr:`stream` property that provides a write-only interface to the response iterable. diff --git a/src/werkzeug/wrappers/user_agent.py b/src/werkzeug/wrappers/user_agent.py index a32d8acd2..77ef1b6b4 100644 --- a/src/werkzeug/wrappers/user_agent.py +++ b/src/werkzeug/wrappers/user_agent.py @@ -2,7 +2,7 @@ from ..utils import cached_property -class UserAgentMixin(object): +class UserAgentMixin: """Adds a `user_agent` attribute to the request object which contains the parsed user agent of the browser that triggered the request as a :class:`~werkzeug.useragents.UserAgent` object. diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py index 2b863cea2..5ad217129 100644 --- a/src/werkzeug/wsgi.py +++ b/src/werkzeug/wsgi.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ werkzeug.wsgi ~~~~~~~~~~~~~ @@ -409,18 +408,18 @@ def extract_path_info( """ def _normalize_netloc(scheme, netloc): - parts = netloc.split(u"@", 1)[-1].split(u":", 1) + parts = netloc.split("@", 1)[-1].split(":", 1) if len(parts) == 2: netloc, port = parts - if (scheme == u"http" and port == u"80") or ( - scheme == u"https" and port == u"443" + if (scheme == "http" and port == "80") or ( + scheme == "https" and port == "443" ): port = None else: netloc = parts[0] port = None if port is not None: - netloc += u":" + port + netloc += ":" + port return netloc # make sure whatever we are working on is a IRI and parse it @@ -438,10 +437,10 @@ def _normalize_netloc(scheme, netloc): # is that IRI even on a known HTTP scheme? if collapse_http_schemes: for scheme in base_scheme, cur_scheme: - if scheme not in (u"http", u"https"): + if scheme not in ("http", "https"): return None else: - if not (base_scheme in (u"http", u"https") and base_scheme == cur_scheme): + if not (base_scheme in ("http", "https") and base_scheme == cur_scheme): return None # are the netlocs compatible? @@ -449,14 +448,14 @@ def _normalize_netloc(scheme, netloc): return None # are we below the application path? - base_path = base_path.rstrip(u"/") + base_path = base_path.rstrip("/") if not cur_path.startswith(base_path): return None - return u"/" + cur_path[len(base_path) :].lstrip(u"/") + return "/" + cur_path[len(base_path) :].lstrip("/") -class ClosingIterator(object): +class ClosingIterator: """The WSGI specification requires that all middlewares and gateways respect the `close` callback of the iterable returned by the application. Because it is useful to add another close action to a returned iterable @@ -522,7 +521,7 @@ def wrap_file(environ, file, buffer_size=8192): return environ.get("wsgi.file_wrapper", FileWrapper)(file, buffer_size) -class FileWrapper(object): +class FileWrapper: """This class can be used to convert a :class:`file`-like object into an iterable. It yields `buffer_size` blocks until the file is fully read. @@ -574,7 +573,7 @@ def __next__(self): raise StopIteration() -class _RangeWrapper(object): +class _RangeWrapper: # private for now, but should we make it public in the future ? """This class can be used to convert an iterable object into @@ -797,7 +796,7 @@ def make_chunk_iter( if isinstance(first_item, str): separator = _to_str(separator) _split = re.compile(r"(%s)" % re.escape(separator)).split - _join = u"".join + _join = "".join else: separator = _to_bytes(separator) _split = re.compile(b"(" + re.escape(separator) + b")").split @@ -927,7 +926,7 @@ def read(self, size=None): to_read = min(self.limit - self._pos, size) try: read = self._read(to_read) - except (IOError, ValueError): + except (OSError, ValueError): return self.on_disconnect() if to_read and len(read) != to_read: return self.on_disconnect() @@ -944,7 +943,7 @@ def readline(self, size=None): size = min(size, self.limit - self._pos) try: line = self._readline(size) - except (ValueError, IOError): + except (ValueError, OSError): return self.on_disconnect() if size and not line: return self.on_disconnect() diff --git a/tests/conftest.py b/tests/conftest.py index bcd42846e..0fbeaaf60 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.conftest ~~~~~~~~~~~~~~ @@ -6,8 +5,6 @@ :copyright: 2007 Pallets :license: BSD-3-Clause """ -from __future__ import print_function - import logging import os import platform @@ -77,7 +74,7 @@ def _dev_server(): serving.run_simple(application=app, **testsuite_app.kwargs) -class _ServerInfo(object): +class _ServerInfo: xprocess = None addr = None url = None @@ -159,15 +156,15 @@ def run_dev_server(application): hostname = testsuite_app.kwargs["hostname"] port = testsuite_app.kwargs["port"] - addr = "{}:{}".format(hostname, port) + addr = f"{hostname}:{port}" if hostname.startswith("unix://"): addr = hostname.split("unix://", 1)[1] requests_url = "http+unix://" + url_quote(addr, safe="") elif testsuite_app.kwargs.get("ssl_context", None): - requests_url = "https://localhost:{0}".format(port) + requests_url = f"https://localhost:{port}" else: - requests_url = "http://localhost:{0}".format(port) + requests_url = f"http://localhost:{port}" info = _ServerInfo(xprocess, addr, requests_url, port) diff --git a/tests/middleware/test_lint.py b/tests/middleware/test_lint.py index 748a53a38..fc321ac1f 100644 --- a/tests/middleware/test_lint.py +++ b/tests/middleware/test_lint.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- import pytest from werkzeug.middleware.lint import HTTPWarning diff --git a/tests/middleware/test_shared_data.py b/tests/middleware/test_shared_data.py index 38aea83b3..a367db7f7 100644 --- a/tests/middleware/test_shared_data.py +++ b/tests/middleware/test_shared_data.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- import os import sys from contextlib import closing @@ -27,8 +26,8 @@ def null_application(environ, start_response): test_dir = str(tmpdir) - with open(os.path.join(test_dir, _to_native(u"äöü", "utf-8")), "w") as test_file: - test_file.write(u"FOUND") + with open(os.path.join(test_dir, _to_native("äöü", "utf-8")), "w") as test_file: + test_file.write("FOUND") for t in [list, dict]: app = SharedDataMiddleware( diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index 299d06899..34650cf0a 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.datastructures ~~~~~~~~~~~~~~~~~~~~ @@ -36,9 +35,9 @@ from werkzeug.exceptions import BadRequestKeyError -class TestNativeItermethods(object): +class TestNativeItermethods: def test_basic(self): - class StupidDict(object): + class StupidDict: def keys(self, multi=1): return iter(["a", "b", "c"] * multi) @@ -64,7 +63,7 @@ def items(self, multi=1): assert list(d.items(2)) == expected_items * 2 -class _MutableMultiDictTests(object): +class _MutableMultiDictTests: storage_class = None def test_pickle(self): @@ -274,7 +273,7 @@ def test_basic_interface(self): assert md.getlist("foo") == [1, 2] -class _ImmutableDictTests(object): +class _ImmutableDictTests: storage_class = None def test_follows_dict_interface(self): @@ -307,7 +306,7 @@ def test_dict_is_hashable(self): cls = self.storage_class immutable = cls({"a": 1, "b": 2}) immutable2 = cls({"a": 2, "b": 2}) - x = set([immutable]) + x = {immutable} assert immutable in x assert immutable2 not in x x.discard(immutable) @@ -332,7 +331,7 @@ def test_multidict_is_hashable(self): cls = self.storage_class immutable = cls({"a": [1, 2], "b": 2}) immutable2 = cls({"a": [1], "b": 2}) - x = set([immutable]) + x = {immutable} assert immutable in x assert immutable2 not in x x.discard(immutable) @@ -558,7 +557,7 @@ def test_get_description(self): assert "baz" not in exc_info.value.get_description() -class TestTypeConversionDict(object): +class TestTypeConversionDict: storage_class = datastructures.TypeConversionDict def test_value_conversion(self): @@ -576,7 +575,7 @@ def test_propagate_exceptions_in_conversion(self): d.get("foo", type=lambda x: switch[x]) -class TestCombinedMultiDict(object): +class TestCombinedMultiDict: storage_class = datastructures.CombinedMultiDict def test_basic_interface(self): @@ -627,7 +626,7 @@ def test_length(self): assert len(d) == 1 -class TestHeaders(object): +class TestHeaders: storage_class = datastructures.Headers def test_basic_interface(self): @@ -727,7 +726,7 @@ def test_slicing(self): h.set("X-Foo-Poo", "bleh") h.set("Content-Type", "application/whocares") h.set("X-Forwarded-For", "192.168.0.123") - h[:] = [(k, v) for k, v in h if k.startswith(u"X-")] + h[:] = [(k, v) for k, v in h if k.startswith("X-")] assert list(h) == [("X-Foo-Poo", "bleh"), ("X-Forwarded-For", "192.168.0.123")] def test_bytes_operations(self): @@ -785,17 +784,17 @@ def test_setlistdefault(self): def test_to_wsgi_list(self): h = self.storage_class() - h.set(u"Key", u"Value") + h.set("Key", "Value") for key, value in h.to_wsgi_list(): - strict_eq(key, u"Key") - strict_eq(value, u"Value") + strict_eq(key, "Key") + strict_eq(value, "Value") def test_to_wsgi_list_bytes(self): h = self.storage_class() h.set(b"Key", b"Value") for key, value in h.to_wsgi_list(): - strict_eq(key, u"Key") - strict_eq(value, u"Value") + strict_eq(key, "Key") + strict_eq(value, "Value") def test_equality(self): # test equality, given keys are case insensitive @@ -812,7 +811,7 @@ def test_equality(self): assert h1 == h2 -class TestEnvironHeaders(object): +class TestEnvironHeaders: storage_class = datastructures.EnvironHeaders def test_basic_interface(self): @@ -852,11 +851,11 @@ def test_return_type_is_unicode(self): headers = self.storage_class( {"HTTP_FOO": "\xe2\x9c\x93", "CONTENT_TYPE": "text/plain"} ) - assert headers["Foo"] == u"\xe2\x9c\x93" + assert headers["Foo"] == "\xe2\x9c\x93" assert isinstance(headers["Foo"], str) assert isinstance(headers["Content-Type"], str) iter_output = dict(iter(headers)) - assert iter_output["Foo"] == u"\xe2\x9c\x93" + assert iter_output["Foo"] == "\xe2\x9c\x93" assert isinstance(iter_output["Foo"], str) assert isinstance(iter_output["Content-Type"], str) @@ -865,10 +864,10 @@ def test_bytes_operations(self): h = self.storage_class({"HTTP_X_FOO": foo_val}) assert h.get("x-foo", as_bytes=True) == b"\xff" - assert h.get("x-foo") == u"\xff" + assert h.get("x-foo") == "\xff" -class TestHeaderSet(object): +class TestHeaderSet: storage_class = datastructures.HeaderSet def test_basic_interface(self): @@ -893,7 +892,7 @@ def test_basic_interface(self): assert not hs -class TestImmutableList(object): +class TestImmutableList: storage_class = datastructures.ImmutableList def test_list_hashable(self): @@ -930,7 +929,7 @@ def wrapped(*args, **kwargs): return asserter, wrapped -class TestCallbackDict(object): +class TestCallbackDict: storage_class = datastructures.CallbackDict def test_callback_dict_reads(self): @@ -970,7 +969,7 @@ def test_callback_dict_writes(self): pytest.raises(KeyError, lambda: dct.pop("x")) -class TestCacheControl(object): +class TestCacheControl: def test_repr(self): cc = datastructures.RequestCacheControl([("max-age", "0"), ("private", "True")]) assert repr(cc) == "" @@ -982,7 +981,7 @@ def test_set_none(self): assert cc.no_cache is None -class TestContentSecurityPolicy(object): +class TestContentSecurityPolicy: def test_construct(self): csp = datastructures.ContentSecurityPolicy( [("font-src", "'self'"), ("media-src", "*")] @@ -1002,7 +1001,7 @@ def test_properties(self): assert "img-src 'none'" in policies -class TestAccept(object): +class TestAccept: storage_class = datastructures.Accept def test_accept_basic(self): @@ -1083,7 +1082,7 @@ def test_accept_equal_quality(self): assert accept.best == "a" -class TestMIMEAccept(object): +class TestMIMEAccept: @pytest.mark.parametrize( ("values", "matches", "default", "expect"), [ @@ -1128,7 +1127,7 @@ def test_mime_accept(self, values, matches, default, expect): assert match == expect -class TestLanguageAccept(object): +class TestLanguageAccept: @pytest.mark.parametrize( ("values", "matches", "default", "expect"), ( @@ -1152,7 +1151,7 @@ def test_best_match_fallback(self, values, matches, default, expect): assert best == expect -class TestFileStorage(object): +class TestFileStorage: storage_class = datastructures.FileStorage def test_mimetype_always_lowercase(self): @@ -1163,7 +1162,7 @@ def test_bytes_proper_sentinel(self): # ensure we iterate over new lines and don't enter into an infinite loop import io - unicode_storage = self.storage_class(io.StringIO(u"one\ntwo")) + unicode_storage = self.storage_class(io.StringIO("one\ntwo")) for idx, _line in enumerate(unicode_storage): assert idx < 2 assert idx == 1 @@ -1188,7 +1187,7 @@ def test_proxy_can_access_stream_attrs(self, stream): def test_save_to_pathlib_dst(self, tmp_path): src = tmp_path / "src.txt" - src.write_text(u"test") + src.write_text("test") storage = self.storage_class(src.open("rb")) dst = tmp_path / "dst.txt" storage.save(dst) diff --git a/tests/test_debug.py b/tests/test_debug.py index 471a1627d..f5d19d8fe 100644 --- a/tests/test_debug.py +++ b/tests/test_debug.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.debug ~~~~~~~~~~~ @@ -29,25 +28,25 @@ from werkzeug.wrappers import Response -class TestDebugRepr(object): +class TestDebugRepr: def test_basic_repr(self): - assert debug_repr([]) == u"[]" + assert debug_repr([]) == "[]" assert ( debug_repr([1, 2]) - == u'[1, 2]' + == '[1, 2]' ) assert ( debug_repr([1, "test"]) - == u'[1, \'test\']' + == '[1, \'test\']' ) - assert debug_repr([None]) == u'[None]' + assert debug_repr([None]) == '[None]' def test_string_repr(self): - assert debug_repr("") == u"''" - assert debug_repr("foo") == u"'foo'" + assert debug_repr("") == "''" + assert debug_repr("foo") == "'foo'" assert ( debug_repr("s" * 80) - == u'\'' + == '\'' + "s" * 69 + '' + "s" * 11 @@ -55,7 +54,7 @@ def test_string_repr(self): ) assert ( debug_repr("<" * 80) - == u'\'' + == '\'' + "<" * 69 + '' + "<" * 11 @@ -67,72 +66,72 @@ class Test(str): pass assert debug_repr(Test("foo")) == ( - u'tests.test_debug.' - u"Test('foo')" + 'tests.test_debug.' + "Test('foo')" ) def test_sequence_repr(self): assert debug_repr(list(range(20))) == ( - u'[0, 1, ' - u'2, 3, ' - u'4, 5, ' - u'6, 7, ' - u'8, ' - u'9, 10, ' - u'11, 12, ' - u'13, 14, ' - u'15, 16, ' - u'17, 18, ' - u'19]' + '[0, 1, ' + '2, 3, ' + '4, 5, ' + '6, 7, ' + '8, ' + '9, 10, ' + '11, 12, ' + '13, 14, ' + '15, 16, ' + '17, 18, ' + '19]' ) def test_mapping_repr(self): - assert debug_repr({}) == u"{}" + assert debug_repr({}) == "{}" assert debug_repr({"foo": 42}) == ( - u'{\'foo\'' - u': 42' - u"}" + '{\'foo\'' + ': 42' + "}" ) assert debug_repr(dict(zip(range(10), [None] * 10))) == ( - u'{0' - u': None' - u", " - u'1' - u': None' - u", " - u'2' - u': None' - u", " - u'3' - u': None' - u", " - u'' - u'4' - u': None' - u", " - u'5' - u': None' - u", " - u'6' - u': None' - u", " - u'7' - u': None' - u", " - u'8' - u': None' - u", " - u'9' - u': None' - u"}" + '{0' + ': None' + ", " + '1' + ': None' + ", " + '2' + ': None' + ", " + '3' + ': None' + ", " + '' + '4' + ': None' + ", " + '5' + ': None' + ", " + '6' + ': None' + ", " + '7' + ': None' + ", " + '8' + ': None' + ", " + '9' + ': None' + "}" ) - assert debug_repr((1, "zwei", u"drei")) == ( - u'(1, \'' - u"zwei', 'drei')" + assert debug_repr((1, "zwei", "drei")) == ( + '(1, \'' + "zwei', 'drei')" ) def test_custom_repr(self): - class Foo(object): + class Foo: def __repr__(self): return "" @@ -143,45 +142,45 @@ class MyList(list): pass assert debug_repr(MyList([1, 2])) == ( - u'tests.test_debug.MyList([' - u'1, 2])' + 'tests.test_debug.MyList([' + '1, 2])' ) def test_regex_repr(self): assert ( debug_repr(re.compile(r"foo\d")) - == u"re.compile(r'foo\\d')" + == "re.compile(r'foo\\d')" ) # No ur'' in Py3 # https://bugs.python.org/issue15096 - assert debug_repr(re.compile(u"foo\\d")) == ( - u"re.compile(r'foo\\d')" + assert debug_repr(re.compile("foo\\d")) == ( + "re.compile(r'foo\\d')" ) def test_set_repr(self): assert ( debug_repr(frozenset("x")) - == u"frozenset(['x'])" + == "frozenset(['x'])" ) - assert debug_repr(set("x")) == u"set(['x'])" + assert debug_repr(set("x")) == "set(['x'])" def test_recursive_repr(self): a = [1] a.append(a) - assert debug_repr(a) == u'[1, [...]]' + assert debug_repr(a) == '[1, [...]]' def test_broken_repr(self): - class Foo(object): + class Foo: def __repr__(self): raise Exception("broken!") assert debug_repr(Foo()) == ( - u'<broken repr (Exception: ' - u"broken!)>" + '<broken repr (Exception: ' + "broken!)>" ) -class Foo(object): +class Foo: x = 42 y = 23 @@ -189,7 +188,7 @@ def __init__(self): self.z = 15 -class TestDebugHelpers(object): +class TestDebugHelpers: def test_object_dumping(self): drg = DebugReprGenerator() out = drg.dump_object(Foo()) @@ -255,12 +254,12 @@ def do_something(): client = Client(debugged, Response) response = client.get("/") data = response.get_data(as_text=True) - assert u'raise ValueError("inner")' in data - assert u'
    ' in data - assert u'raise KeyError("outer")' in data + assert 'raise ValueError("inner")' in data + assert '
    ' in data + assert 'raise KeyError("outer")' in data -class TestTraceback(object): +class TestTraceback: def test_log(self): try: 1 / 0 @@ -273,11 +272,11 @@ def test_log(self): def test_sourcelines_encoding(self): source = ( - u"# -*- coding: latin1 -*-\n\n" - u"def foo():\n" - u' """höhö"""\n' - u" 1 / 0\n" - u"foo()" + "# -*- coding: latin1 -*-\n\n" + "def foo():\n" + ' """höhö"""\n' + " 1 / 0\n" + "foo()" ).encode("latin1") code = compile(source, filename="lol.py", mode="exec") try: @@ -290,7 +289,7 @@ def test_sourcelines_encoding(self): assert frames[1].filename == "lol.py" assert frames[2].filename == "lol.py" - class Loader(object): + class Loader: def get_source(self, module): return source @@ -299,7 +298,7 @@ def get_source(self, module): assert [line.code for line in frames[1].get_annotated_lines()] == [ line.code for line in frames[2].get_annotated_lines() ] - assert u"höhö" in frames[1].sourcelines[3] + assert "höhö" in frames[1].sourcelines[3] def test_filename_encoding(self, tmpdir, monkeypatch): moduledir = tmpdir.mkdir("föö") @@ -313,7 +312,7 @@ def test_filename_encoding(self, tmpdir, monkeypatch): except ZeroDivisionError: traceback = Traceback(*sys.exc_info()) - assert u"föö" in u"\n".join(frame.render() for frame in traceback.frames) + assert "föö" in "\n".join(frame.render() for frame in traceback.frames) def test_get_machine_id(): diff --git a/tests/test_exceptions.py b/tests/test_exceptions.py index d3eb554e9..d8b5d0905 100644 --- a/tests/test_exceptions.py +++ b/tests/test_exceptions.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.exceptions ~~~~~~~~~~~~~~~~ diff --git a/tests/test_formparser.py b/tests/test_formparser.py index 5270fdbe0..8d21e484c 100644 --- a/tests/test_formparser.py +++ b/tests/test_formparser.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.formparser ~~~~~~~~~~~~~~~~ @@ -50,7 +49,7 @@ def get_contents(filename): return f.read() -class TestFormParser(object): +class TestFormParser: def test_limiting(self): data = b"foo=Hello+World&bar=baz" req = Request.from_values( @@ -60,7 +59,7 @@ def test_limiting(self): method="POST", ) req.max_content_length = 400 - strict_eq(req.form["foo"], u"Hello World") + strict_eq(req.form["foo"], "Hello World") req = Request.from_values( input_stream=io.BytesIO(data), @@ -78,7 +77,7 @@ def test_limiting(self): method="POST", ) req.max_form_memory_size = 400 - strict_eq(req.form["foo"], u"Hello World") + strict_eq(req.form["foo"], "Hello World") data = ( b"--foo\r\nContent-Disposition: form-field; name=foo\r\n\r\n" @@ -102,7 +101,7 @@ def test_limiting(self): method="POST", ) req.max_content_length = 400 - strict_eq(req.form["foo"], u"Hello World") + strict_eq(req.form["foo"], "Hello World") req = Request.from_values( input_stream=io.BytesIO(data), @@ -120,7 +119,7 @@ def test_limiting(self): method="POST", ) req.max_form_memory_size = 400 - strict_eq(req.form["foo"], u"Hello World") + strict_eq(req.form["foo"], "Hello World") def test_missing_multipart_boundary(self): data = ( @@ -235,7 +234,7 @@ def test_parse_from_environ(self): assert stream is not None -class TestMultiPart(object): +class TestMultiPart: def test_basic(self): resources = join(dirname(__file__), "multipart") client = Client(form_data_consumer, Response) @@ -245,46 +244,46 @@ def test_basic(self): "firefox3-2png1txt", "---------------------------186454651713519341951581030105", [ - (u"anchor.png", "file1", "image/png", "file1.png"), - (u"application_edit.png", "file2", "image/png", "file2.png"), + ("anchor.png", "file1", "image/png", "file1.png"), + ("application_edit.png", "file2", "image/png", "file2.png"), ], - u"example text", + "example text", ), ( "firefox3-2pnglongtext", "---------------------------14904044739787191031754711748", [ - (u"accept.png", "file1", "image/png", "file1.png"), - (u"add.png", "file2", "image/png", "file2.png"), + ("accept.png", "file1", "image/png", "file1.png"), + ("add.png", "file2", "image/png", "file2.png"), ], - u"--long text\r\n--with boundary\r\n--lookalikes--", + "--long text\r\n--with boundary\r\n--lookalikes--", ), ( "opera8-2png1txt", "----------zEO9jQKmLc2Cq88c23Dx19", [ - (u"arrow_branch.png", "file1", "image/png", "file1.png"), - (u"award_star_bronze_1.png", "file2", "image/png", "file2.png"), + ("arrow_branch.png", "file1", "image/png", "file1.png"), + ("award_star_bronze_1.png", "file2", "image/png", "file2.png"), ], - u"blafasel öäü", + "blafasel öäü", ), ( "webkit3-2png1txt", "----WebKitFormBoundaryjdSFhcARk8fyGNy6", [ - (u"gtk-apply.png", "file1", "image/png", "file1.png"), - (u"gtk-no.png", "file2", "image/png", "file2.png"), + ("gtk-apply.png", "file1", "image/png", "file1.png"), + ("gtk-no.png", "file2", "image/png", "file2.png"), ], - u"this is another text with ümläüts", + "this is another text with ümläüts", ), ( "ie6-2png1txt", "---------------------------7d91b03a20128", [ - (u"file1.png", "file1", "image/x-png", "file1.png"), - (u"file2.png", "file2", "image/x-png", "file2.png"), + ("file1.png", "file1", "image/x-png", "file1.png"), + ("file2.png", "file2", "image/x-png", "file2.png"), ], - u"ie6 sucks :-/", + "ie6 sucks :-/", ), ] @@ -325,7 +324,7 @@ def test_ie7_unc_path(self): lines = response.get_data().split(b"\n", 3) strict_eq( lines[0], - repr(u"Sellersburg Town Council Meeting 02-22-2010doc.doc").encode("ascii"), + repr("Sellersburg Town Council Meeting 02-22-2010doc.doc").encode("ascii"), ) def test_end_of_file(self): @@ -407,7 +406,7 @@ def test_extra_newline(self): method="POST", ) assert not data.files - strict_eq(data.form["foo"], u"a string") + strict_eq(data.form["foo"], "a string") def test_headers(self): data = ( @@ -452,8 +451,8 @@ def test_nonstandard_line_endings(self): content_type="multipart/form-data; boundary=foo", method="POST", ) - strict_eq(req.form["foo"], u"this is just bar") - strict_eq(req.form["bar"], u"blafasel") + strict_eq(req.form["foo"], "this is just bar") + strict_eq(req.form["bar"], "blafasel") def test_failures(self): def parse_multipart(stream, boundary, content_length): @@ -497,7 +496,7 @@ class ISORequest(Request): content_type="multipart/form-data; boundary=foo", method="POST", ) - strict_eq(req.form["test"], u"Sk\xe5ne l\xe4n") + strict_eq(req.form["test"], "Sk\xe5ne l\xe4n") def test_empty_multipart(self): environ = {} @@ -513,7 +512,7 @@ def test_empty_multipart(self): assert files == MultiDict() -class TestMultiPartParser(object): +class TestMultiPartParser: def test_constructor_not_pass_stream_factory_and_cls(self): parser = formparser.MultiPartParser() @@ -549,7 +548,7 @@ def test_file_rfc2231_filename_continuations(self): assert request.files["rfc2231"].read() == b"file contents" -class TestInternalFunctions(object): +class TestInternalFunctions: def test_line_parser(self): assert formparser._line_parse("foo") == ("foo", False) assert formparser._line_parse("foo\r\n") == ("foo", True) diff --git a/tests/test_http.py b/tests/test_http.py index ba10bca64..8bb7ab0cc 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.http ~~~~~~~~~~ @@ -19,7 +18,7 @@ from werkzeug.test import create_environ -class TestHTTPUtility(object): +class TestHTTPUtility: def test_accept(self): a = http.parse_accept_header("en-us,ru;q=0.5") assert list(a.values()) == ["en-us", "ru"] @@ -135,20 +134,20 @@ def test_csp_header(self): def test_authorization_header(self): a = http.parse_authorization_header("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==") assert a.type == "basic" - assert a.username == u"Aladdin" - assert a.password == u"open sesame" + assert a.username == "Aladdin" + assert a.password == "open sesame" a = http.parse_authorization_header( "Basic 0YDRg9GB0YHQutC40IE60JHRg9C60LLRiw==" ) assert a.type == "basic" - assert a.username == u"русскиЁ" - assert a.password == u"Буквы" + assert a.username == "русскиЁ" + assert a.password == "Буквы" a = http.parse_authorization_header("Basic 5pmu6YCa6K+dOuS4reaWhw==") assert a.type == "basic" - assert a.username == u"普通话" - assert a.password == u"中文" + assert a.username == "普通话" + assert a.password == "中文" a = http.parse_authorization_header( '''Digest username="Mufasa", @@ -278,7 +277,7 @@ def test_remove_entity_headers(self): assert headers1 == [("Date", now)] http.remove_entity_headers(headers2) - assert headers2 == datastructures.Headers([(u"Date", now)]) + assert headers2 == datastructures.Headers([("Date", now)]) def test_remove_hop_by_hop_headers(self): headers1 = [("Connection", "closed"), ("Foo", "bar"), ("Keep-Alive", "wtf")] @@ -343,13 +342,13 @@ def test_parse_options_header(self): assert http.parse_options_header( "form-data; name=\"a_file\"; filename*=UTF-8''" '"%c2%a3%20and%20%e2%82%ac%20rates"' - ) == ("form-data", {"name": "a_file", "filename": u"\xa3 and \u20ac rates"}) + ) == ("form-data", {"name": "a_file", "filename": "\xa3 and \u20ac rates"}) assert http.parse_options_header( "form-data; name*=UTF-8''\"%C5%AAn%C4%ADc%C5%8Dde%CC%BD\"; " 'filename="some_file.txt"' ) == ( "form-data", - {"name": u"\u016an\u012dc\u014dde\u033d", "filename": "some_file.txt"}, + {"name": "\u016an\u012dc\u014dde\u033d", "filename": "some_file.txt"}, ) def test_parse_options_header_value_with_quotes(self): @@ -358,7 +357,7 @@ def test_parse_options_header_value_with_quotes(self): ) == ("form-data", {"name": "file", "filename": "t'es't.txt"}) assert http.parse_options_header( "form-data; name=\"file\"; filename*=UTF-8''\"'🐍'.txt\"" - ) == ("form-data", {"name": "file", "filename": u"'🐍'.txt"}) + ) == ("form-data", {"name": "file", "filename": "'🐍'.txt"}) def test_parse_options_header_broken_values(self): # Issue #995 @@ -447,13 +446,13 @@ def test_parse_cookie(self): ' a=42; b="\\";"; ; fo234{=bar;blub=Blah;' ) assert cookies.to_dict() == { - "CP": u"null*", - "PHPSESSID": u"0a539d42abc001cdc762809248d4beed", - "a": u"42", - "dismiss-top": u"6", - "b": u'";', - "fo234{": u"bar", - "blub": u"Blah", + "CP": "null*", + "PHPSESSID": "0a539d42abc001cdc762809248d4beed", + "a": "42", + "dismiss-top": "6", + "b": '";', + "fo234{": "bar", + "blub": "Blah", } def test_dump_cookie(self): @@ -475,65 +474,65 @@ def test_bad_cookies(self): "first=IamTheFirst ; a=1; oops ; a=2 ;second = andMeTwo;" ) expect = { - "first": [u"IamTheFirst"], - "a": [u"1", u"2"], - "oops": [u""], - "second": [u"andMeTwo"], + "first": ["IamTheFirst"], + "a": ["1", "2"], + "oops": [""], + "second": ["andMeTwo"], } assert cookies.to_dict(flat=False) == expect - assert cookies["a"] == u"1" - assert cookies.getlist("a") == [u"1", u"2"] + assert cookies["a"] == "1" + assert cookies.getlist("a") == ["1", "2"] def test_empty_keys_are_ignored(self): cookies = http.parse_cookie("spam=ham; duck=mallard; ; ") - expect = {"spam": u"ham", "duck": u"mallard"} + expect = {"spam": "ham", "duck": "mallard"} assert cookies.to_dict() == expect def test_cookie_quoting(self): val = http.dump_cookie("foo", "?foo") assert val == 'foo="?foo"; Path=/' - assert http.parse_cookie(val).to_dict() == {"foo": u"?foo", "Path": u"/"} - assert http.parse_cookie(r'foo="foo\054bar"').to_dict(), {"foo": u"foo,bar"} + assert http.parse_cookie(val).to_dict() == {"foo": "?foo", "Path": "/"} + assert http.parse_cookie(r'foo="foo\054bar"').to_dict(), {"foo": "foo,bar"} def test_parse_set_cookie_directive(self): val = 'foo="?foo"; version="0.1";' - assert http.parse_cookie(val).to_dict() == {"foo": u"?foo", "version": u"0.1"} + assert http.parse_cookie(val).to_dict() == {"foo": "?foo", "version": "0.1"} def test_cookie_domain_resolving(self): - val = http.dump_cookie("foo", "bar", domain=u"\N{SNOWMAN}.com") + val = http.dump_cookie("foo", "bar", domain="\N{SNOWMAN}.com") strict_eq(val, "foo=bar; Domain=xn--n3h.com; Path=/") def test_cookie_unicode_dumping(self): - val = http.dump_cookie("foo", u"\N{SNOWMAN}") + val = http.dump_cookie("foo", "\N{SNOWMAN}") h = datastructures.Headers() h.add("Set-Cookie", val) assert h["Set-Cookie"] == 'foo="\\342\\230\\203"; Path=/' cookies = http.parse_cookie(h["Set-Cookie"]) - assert cookies["foo"] == u"\N{SNOWMAN}" + assert cookies["foo"] == "\N{SNOWMAN}" def test_cookie_unicode_keys(self): # Yes, this is technically against the spec but happens - val = http.dump_cookie(u"fö", u"fö") - assert val == _wsgi_encoding_dance(u'fö="f\\303\\266"; Path=/', "utf-8") + val = http.dump_cookie("fö", "fö") + assert val == _wsgi_encoding_dance('fö="f\\303\\266"; Path=/', "utf-8") cookies = http.parse_cookie(val) - assert cookies[u"fö"] == u"fö" + assert cookies["fö"] == "fö" def test_cookie_unicode_parsing(self): # This is actually a correct test. This is what is being submitted # by firefox if you set an unicode cookie and we get the cookie sent # in on Python 3 under PEP 3333. - cookies = http.parse_cookie(u"fö=fö") - assert cookies[u"fö"] == u"fö" + cookies = http.parse_cookie("fö=fö") + assert cookies["fö"] == "fö" def test_cookie_domain_encoding(self): - val = http.dump_cookie("foo", "bar", domain=u"\N{SNOWMAN}.com") + val = http.dump_cookie("foo", "bar", domain="\N{SNOWMAN}.com") strict_eq(val, "foo=bar; Domain=xn--n3h.com; Path=/") - val = http.dump_cookie("foo", "bar", domain=u".\N{SNOWMAN}.com") + val = http.dump_cookie("foo", "bar", domain=".\N{SNOWMAN}.com") strict_eq(val, "foo=bar; Domain=.xn--n3h.com; Path=/") - val = http.dump_cookie("foo", "bar", domain=u".foo.com") + val = http.dump_cookie("foo", "bar", domain=".foo.com") strict_eq(val, "foo=bar; Domain=.foo.com; Path=/") def test_cookie_maxsize(self, recwarn): @@ -569,7 +568,7 @@ def test_cookie_samesite_invalid(self): http.dump_cookie("foo", "bar", samesite="invalid") -class TestRange(object): +class TestRange: def test_if_range_parsing(self): rv = http.parse_if_range_header('"Test"') assert rv.etag == "Test" @@ -668,7 +667,7 @@ def test_content_range_parsing(self): assert rv.units == "bytes" -class TestRegression(object): +class TestRegression: def test_best_match_works(self): # was a bug in 0.6 rv = http.parse_accept_header( diff --git a/tests/test_internal.py b/tests/test_internal.py index ca2f92cbf..6bde4f602 100644 --- a/tests/test_internal.py +++ b/tests/test_internal.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.internal ~~~~~~~~~~~~~~ @@ -54,13 +53,13 @@ def test_wrapper_internals(): assert repr(resp) == "" # unicode data does not set content length - response = Response([u"Hällo Wörld"]) + response = Response(["Hällo Wörld"]) headers = response.get_wsgi_headers(create_environ()) - assert u"Content-Length" not in headers + assert "Content-Length" not in headers - response = Response([u"Hällo Wörld".encode("utf-8")]) + response = Response(["Hällo Wörld".encode()]) headers = response.get_wsgi_headers(create_environ()) - assert u"Content-Length" in headers + assert "Content-Length" in headers # check for internal warnings filterwarnings("error", category=Warning) diff --git a/tests/test_local.py b/tests/test_local.py index 9bbd0fe8d..9a89d5c9d 100644 --- a/tests/test_local.py +++ b/tests/test_local.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.local ~~~~~~~~~~~~~~~~~~~~~~~~ @@ -162,7 +161,7 @@ def test_custom_idents(): def test_deepcopy_on_proxy(): - class Foo(object): + class Foo: attr = 42 def __copy__(self): @@ -187,7 +186,7 @@ def __deepcopy__(self, memo): def test_local_proxy_wrapped_attribute(): - class SomeClassWithWrapped(object): + class SomeClassWithWrapped: __wrapped__ = "wrapped" def lookup_func(): diff --git a/tests/test_routing.py b/tests/test_routing.py index 34f171c43..02854acde 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.routing ~~~~~~~~~~~~~ @@ -186,12 +185,12 @@ def test_environ_defaults(): def test_environ_nonascii_pathinfo(): - environ = create_environ(u"/лошадь") - m = r.Map([r.Rule(u"/", endpoint="index"), r.Rule(u"/лошадь", endpoint="horse")]) + environ = create_environ("/лошадь") + m = r.Map([r.Rule("/", endpoint="index"), r.Rule("/лошадь", endpoint="horse")]) a = m.bind_to_environ(environ) - strict_eq(a.match(u"/"), ("index", {})) - strict_eq(a.match(u"/лошадь"), ("horse", {})) - pytest.raises(r.NotFound, a.match, u"/барсук") + strict_eq(a.match("/"), ("index", {})) + strict_eq(a.match("/лошадь"), ("horse", {})) + pytest.raises(r.NotFound, a.match, "/барсук") def test_basic_building(): @@ -248,7 +247,7 @@ def test_basic_building(): def test_long_build(): - long_args = dict(("v%d" % x, x) for x in range(10000)) + long_args = {"v%d" % x: x for x in range(10000)} map = r.Map( [ r.Rule( @@ -463,34 +462,34 @@ def test_adapter_url_parameter_sorting(): def test_request_direct_charset_bug(): - map = r.Map([r.Rule(u"/öäü/")]) + map = r.Map([r.Rule("/öäü/")]) adapter = map.bind("localhost", "/") with pytest.raises(r.RequestRedirect) as excinfo: - adapter.match(u"/öäü") + adapter.match("/öäü") assert excinfo.value.new_url == "http://localhost/%C3%B6%C3%A4%C3%BC/" def test_request_redirect_default(): - map = r.Map([r.Rule(u"/foo", defaults={"bar": 42}), r.Rule(u"/foo/")]) + map = r.Map([r.Rule("/foo", defaults={"bar": 42}), r.Rule("/foo/")]) adapter = map.bind("localhost", "/") with pytest.raises(r.RequestRedirect) as excinfo: - adapter.match(u"/foo/42") + adapter.match("/foo/42") assert excinfo.value.new_url == "http://localhost/foo" def test_request_redirect_default_subdomain(): map = r.Map( [ - r.Rule(u"/foo", defaults={"bar": 42}, subdomain="test"), - r.Rule(u"/foo/", subdomain="other"), + r.Rule("/foo", defaults={"bar": 42}, subdomain="test"), + r.Rule("/foo/", subdomain="other"), ] ) adapter = map.bind("localhost", "/", subdomain="other") with pytest.raises(r.RequestRedirect) as excinfo: - adapter.match(u"/foo/42") + adapter.match("/foo/42") assert excinfo.value.new_url == "http://test.localhost/foo" @@ -690,7 +689,7 @@ def test_converter_with_tuples(): class TwoValueConverter(r.BaseConverter): def __init__(self, *args, **kwargs): - super(TwoValueConverter, self).__init__(*args, **kwargs) + super().__init__(*args, **kwargs) self.regex = r"(\w\w+)/(\w\w+)" def to_python(self, two_values): @@ -698,7 +697,7 @@ def to_python(self, two_values): return one, two def to_url(self, values): - return "%s/%s" % (values[0], values[1]) + return "{}/{}".format(values[0], values[1]) map = r.Map( [r.Rule("//", endpoint="handler")], @@ -845,7 +844,7 @@ def test_external_building_with_port_bind_to_environ_wrong_servername(): def test_converter_parser(): - args, kwargs = r.parse_converter_args(u"test, a=1, b=3.0") + args, kwargs = r.parse_converter_args("test, a=1, b=3.0") assert args == ("test",) assert kwargs == {"a": 1, "b": 3.0} @@ -1019,30 +1018,30 @@ def test_redirect_path_quoting(): with pytest.raises(r.RequestRedirect) as excinfo: adapter.match("/foo bar/page/1") response = excinfo.value.get_response({}) - strict_eq(response.headers["location"], u"http://example.com/foo%20bar") + strict_eq(response.headers["location"], "http://example.com/foo%20bar") def test_unicode_rules(): m = r.Map( - [r.Rule(u"/войти/", endpoint="enter"), r.Rule(u"/foo+bar/", endpoint="foobar")] + [r.Rule("/войти/", endpoint="enter"), r.Rule("/foo+bar/", endpoint="foobar")] ) - a = m.bind(u"☃.example.com") + a = m.bind("☃.example.com") with pytest.raises(r.RequestRedirect) as excinfo: - a.match(u"/войти") + a.match("/войти") strict_eq( excinfo.value.new_url, "http://xn--n3h.example.com/%D0%B2%D0%BE%D0%B9%D1%82%D0%B8/", ) - endpoint, values = a.match(u"/войти/") + endpoint, values = a.match("/войти/") strict_eq(endpoint, "enter") strict_eq(values, {}) with pytest.raises(r.RequestRedirect) as excinfo: - a.match(u"/foo+bar") + a.match("/foo+bar") strict_eq(excinfo.value.new_url, "http://xn--n3h.example.com/foo+bar/") - endpoint, values = a.match(u"/foo+bar/") + endpoint, values = a.match("/foo+bar/") strict_eq(endpoint, "foobar") strict_eq(values, {}) @@ -1068,13 +1067,13 @@ def test_empty_path_info(): def test_both_bind_and_match_path_info_are_none(): - m = r.Map([r.Rule(u"/", endpoint="index")]) + m = r.Map([r.Rule("/", endpoint="index")]) ma = m.bind("example.org") strict_eq(ma.match(), ("index", {})) def test_map_repr(): - m = r.Map([r.Rule(u"/wat", endpoint="enter"), r.Rule(u"/woop", endpoint="foobar")]) + m = r.Map([r.Rule("/wat", endpoint="enter"), r.Rule("/woop", endpoint="foobar")]) rv = repr(m) strict_eq(rv, "Map([ foobar>, enter>])") @@ -1083,9 +1082,9 @@ def test_empty_subclass_rules_with_custom_kwargs(): class CustomRule(r.Rule): def __init__(self, string=None, custom=None, *args, **kwargs): self.custom = custom - super(CustomRule, self).__init__(string, *args, **kwargs) + super().__init__(string, *args, **kwargs) - rule1 = CustomRule(u"/foo", endpoint="bar") + rule1 = CustomRule("/foo", endpoint="bar") try: rule2 = rule1.empty() assert rule1.rule == rule2.rule @@ -1096,9 +1095,9 @@ def __init__(self, string=None, custom=None, *args, **kwargs): def test_finding_closest_match_by_endpoint(): m = r.Map( [ - r.Rule(u"/foo/", endpoint="users.here"), - r.Rule(u"/wat/", endpoint="admin.users"), - r.Rule(u"/woop", endpoint="foo.users"), + r.Rule("/foo/", endpoint="users.here"), + r.Rule("/wat/", endpoint="admin.users"), + r.Rule("/woop", endpoint="foo.users"), ] ) adapter = m.bind("example.com") @@ -1109,18 +1108,18 @@ def test_finding_closest_match_by_endpoint(): def test_finding_closest_match_by_values(): - rule_id = r.Rule(u"/user/id//", endpoint="users") - rule_slug = r.Rule(u"/user//", endpoint="users") - rule_random = r.Rule(u"/user/emails//", endpoint="users") + rule_id = r.Rule("/user/id//", endpoint="users") + rule_slug = r.Rule("/user//", endpoint="users") + rule_random = r.Rule("/user/emails//", endpoint="users") m = r.Map([rule_id, rule_slug, rule_random]) adapter = m.bind("example.com") assert r.BuildError("x", {"slug": ""}, None, adapter).suggested == rule_slug def test_finding_closest_match_by_method(): - post = r.Rule(u"/post/", endpoint="foobar", methods=["POST"]) - get = r.Rule(u"/get/", endpoint="foobar", methods=["GET"]) - put = r.Rule(u"/put/", endpoint="foobar", methods=["PUT"]) + post = r.Rule("/post/", endpoint="foobar", methods=["POST"]) + get = r.Rule("/get/", endpoint="foobar", methods=["GET"]) + put = r.Rule("/put/", endpoint="foobar", methods=["PUT"]) m = r.Map([post, get, put]) adapter = m.bind("example.com") assert r.BuildError("invalid", {}, "POST", adapter).suggested == post @@ -1134,7 +1133,7 @@ def test_finding_closest_match_when_none_exist(): def test_error_message_without_suggested_rule(): - m = r.Map([r.Rule(u"/foo/", endpoint="world", methods=["GET"])]) + m = r.Map([r.Rule("/foo/", endpoint="world", methods=["GET"])]) adapter = m.bind("example.com") with pytest.raises(r.BuildError) as excinfo: @@ -1155,7 +1154,7 @@ def test_error_message_without_suggested_rule(): def test_error_message_suggestion(): - m = r.Map([r.Rule(u"/foo//", endpoint="world", methods=["GET"])]) + m = r.Map([r.Rule("/foo//", endpoint="world", methods=["GET"])]) adapter = m.bind("example.com") with pytest.raises(r.BuildError) as excinfo: diff --git a/tests/test_security.py b/tests/test_security.py index 540bba922..834c0a0fd 100644 --- a/tests/test_security.py +++ b/tests/test_security.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.security ~~~~~~~~~~~~~~ @@ -22,12 +21,12 @@ def test_safe_str_cmp(): assert safe_str_cmp("a", "a") is True - assert safe_str_cmp(b"a", u"a") is True + assert safe_str_cmp(b"a", "a") is True assert safe_str_cmp("a", "b") is False assert safe_str_cmp(b"aaa", "aa") is False assert safe_str_cmp(b"aaa", "bbb") is False - assert safe_str_cmp(b"aaa", u"aaa") is True - assert safe_str_cmp(u"aaa", u"aaa") is True + assert safe_str_cmp(b"aaa", "aaa") is True + assert safe_str_cmp("aaa", "aaa") is True def test_safe_str_cmp_no_builtin(): @@ -48,7 +47,7 @@ def test_password_hashing(): assert hash0.startswith("pbkdf2:sha256:150000$") hash1 = generate_password_hash("default", "sha1") - hash2 = generate_password_hash(u"default", method="sha1") + hash2 = generate_password_hash("default", method="sha1") assert hash1 != hash2 assert check_password_hash(hash1, "default") assert check_password_hash(hash2, "default") @@ -65,14 +64,14 @@ def test_password_hashing(): assert fakehash == "plain$$default" assert check_password_hash(fakehash, "default") - mhash = generate_password_hash(u"default", method="md5") + mhash = generate_password_hash("default", method="md5") assert mhash.startswith("md5$") assert check_password_hash(mhash, "default") legacy = "md5$$c21f969b5f03d33d43e04f8f136e7682" assert check_password_hash(legacy, "default") - legacy = u"md5$$c21f969b5f03d33d43e04f8f136e7682" + legacy = "md5$$c21f969b5f03d33d43e04f8f136e7682" assert check_password_hash(legacy, "default") diff --git a/tests/test_serving.py b/tests/test_serving.py index cd4283039..0f4cafb79 100644 --- a/tests/test_serving.py +++ b/tests/test_serving.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.serving ~~~~~~~~~~~~~ @@ -281,10 +280,10 @@ def app(environ, start_response): real_app_binary.write("anything is fine here") server.wait_for_reloader() - change_event = " * Detected change in '%(path)s', reloading" % { + change_event = " * Detected change in '{path}', reloading".format( # need to double escape Windows paths - "path": str(real_app_binary).replace("\\", "\\\\") - } + path=str(real_app_binary).replace("\\", "\\\\") + ) server.logfile.seek(0) for i in range(20): time.sleep(0.1 * i) diff --git a/tests/test_test.py b/tests/test_test.py index 32d4928e1..224551e09 100644 --- a/tests/test_test.py +++ b/tests/test_test.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.test ~~~~~~~~~~ @@ -145,11 +144,11 @@ def test_environ_builder_basics(): req = b.get_request() b.close() - strict_eq(req.url, u"http://localhost/") + strict_eq(req.url, "http://localhost/") strict_eq(req.method, "POST") - strict_eq(req.form["test"], u"normal value") + strict_eq(req.form["test"], "normal value") assert req.files["test"].content_type == "text/plain" - strict_eq(req.files["test"].filename, u"test.txt") + strict_eq(req.files["test"].filename, "test.txt") strict_eq(req.files["test"].read(), b"test contents") @@ -283,12 +282,12 @@ def test_environ_builder_content_type(): builder.files.add_file("blafasel", BytesIO(b"foo"), "test.txt") assert builder.content_type == "multipart/form-data" req = builder.get_request() - strict_eq(req.form["foo"], u"bar") + strict_eq(req.form["foo"], "bar") strict_eq(req.files["blafasel"].read(), b"foo") def test_environ_builder_stream_switch(): - d = MultiDict(dict(foo=u"bar", blub=u"blah", hu=u"hum")) + d = MultiDict(dict(foo="bar", blub="blah", hu="hum")) for use_tempfile in False, True: stream, length, boundary = stream_encode_multipart( d, use_tempfile, threshold=150 @@ -308,8 +307,8 @@ def test_environ_builder_stream_switch(): def test_environ_builder_unicode_file_mix(): for use_tempfile in False, True: - f = FileStorage(BytesIO(u"\N{SNOWMAN}".encode("utf-8")), "snowman.txt") - d = MultiDict(dict(f=f, s=u"\N{SNOWMAN}")) + f = FileStorage(BytesIO(br"\N{SNOWMAN}"), "snowman.txt") + d = MultiDict(dict(f=f, s="\N{SNOWMAN}")) stream, length, boundary = stream_encode_multipart( d, use_tempfile, threshold=150 ) @@ -322,10 +321,10 @@ def test_environ_builder_unicode_file_mix(): "CONTENT_TYPE": 'multipart/form-data; boundary="%s"' % boundary, } ) - strict_eq(form["s"], u"\N{SNOWMAN}") + strict_eq(form["s"], "\N{SNOWMAN}") strict_eq(files["f"].name, "f") - strict_eq(files["f"].filename, u"snowman.txt") - strict_eq(files["f"].read(), u"\N{SNOWMAN}".encode("utf-8")) + strict_eq(files["f"].filename, "snowman.txt") + strict_eq(files["f"].read(), br"\N{SNOWMAN}") stream.close() @@ -377,7 +376,7 @@ def test_builder_from_environ(): def test_file_closing(): closed = [] - class SpecialInput(object): + class SpecialInput: def read(self, size): return "" @@ -505,7 +504,7 @@ def app(request): def test_follow_redirect_exhaust_intermediate(): - class Middleware(object): + class Middleware: def __init__(self, app): self.app = app self.active = 0 @@ -517,8 +516,7 @@ def __call__(self, environ, start_response): assert not self.active self.active += 1 try: - for chunk in self.app(environ, start_response): - yield chunk + yield from self.app(environ, start_response) finally: self.active -= 1 @@ -597,7 +595,7 @@ def test_multi_value_submit(): def test_iri_support(): - b = EnvironBuilder(u"/föö-bar", base_url=u"http://☃.net/") + b = EnvironBuilder("/föö-bar", base_url="http://☃.net/") strict_eq(b.path, "/f%C3%B6%C3%B6-bar") strict_eq(b.base_url, "http://xn--n3h.net/") @@ -626,7 +624,7 @@ def depends_on_close(environ, start_response): leaked_data.append("harhar") start_response("200 OK", [("Content-Type", "text/html")]) - class Rv(object): + class Rv: def __iter__(self): yield "Hello " yield "World" @@ -675,7 +673,7 @@ def __next__(self): def test_run_wsgi_app_closing_iterator(): got_close = [] - class CloseIter(object): + class CloseIter: def __init__(self): self.iterated = False @@ -713,7 +711,7 @@ def iterable_middleware(app): def inner(environ, start_response): rv = app(environ, start_response) - class Iterable(object): + class Iterable: def __iter__(self): return iter(rv) @@ -731,17 +729,15 @@ def test_multiple_cookies(): @Request.application def test_app(request): response = Response(repr(sorted(request.cookies.items()))) - response.set_cookie(u"test1", b"foo") - response.set_cookie(u"test2", b"bar") + response.set_cookie("test1", b"foo") + response.set_cookie("test2", b"bar") return response client = Client(test_app, Response) resp = client.get("/") strict_eq(resp.data, b"[]") resp = client.get("/") - strict_eq( - resp.data, _to_bytes(repr([("test1", u"foo"), ("test2", u"bar")]), "ascii") - ) + strict_eq(resp.data, _to_bytes(repr([("test1", "foo"), ("test2", "bar")]), "ascii")) def test_correct_open_invocation_on_redirect(): @@ -765,9 +761,9 @@ def test_app(request): def test_correct_encoding(): - req = Request.from_values(u"/\N{SNOWMAN}", u"http://example.com/foo") - strict_eq(req.script_root, u"/foo") - strict_eq(req.path, u"/\N{SNOWMAN}") + req = Request.from_values("/\N{SNOWMAN}", "http://example.com/foo") + strict_eq(req.script_root, "/foo") + strict_eq(req.path, "/\N{SNOWMAN}") def test_full_url_requests_with_args(): diff --git a/tests/test_urls.py b/tests/test_urls.py index 0bbe967ef..4da902082 100644 --- a/tests/test_urls.py +++ b/tests/test_urls.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.urls ~~~~~~~~~~ @@ -72,16 +71,16 @@ def test_replace(): def test_quoting(): - strict_eq(urls.url_quote(u"\xf6\xe4\xfc"), "%C3%B6%C3%A4%C3%BC") - strict_eq(urls.url_unquote(urls.url_quote(u'#%="\xf6')), u'#%="\xf6') + strict_eq(urls.url_quote("\xf6\xe4\xfc"), "%C3%B6%C3%A4%C3%BC") + strict_eq(urls.url_unquote(urls.url_quote('#%="\xf6')), '#%="\xf6') strict_eq(urls.url_quote_plus("foo bar"), "foo+bar") - strict_eq(urls.url_unquote_plus("foo+bar"), u"foo bar") + strict_eq(urls.url_unquote_plus("foo+bar"), "foo bar") strict_eq(urls.url_quote_plus("foo+bar"), "foo%2Bbar") - strict_eq(urls.url_unquote_plus("foo%2Bbar"), u"foo+bar") + strict_eq(urls.url_unquote_plus("foo%2Bbar"), "foo+bar") strict_eq(urls.url_encode({b"a": None, b"b": b"foo bar"}), "b=foo+bar") - strict_eq(urls.url_encode({u"a": None, u"b": u"foo bar"}), "b=foo+bar") + strict_eq(urls.url_encode({"a": None, "b": "foo bar"}), "b=foo+bar") strict_eq( - urls.url_fix(u"http://de.wikipedia.org/wiki/Elf (Begriffsklärung)"), + urls.url_fix("http://de.wikipedia.org/wiki/Elf (Begriffsklärung)"), "http://de.wikipedia.org/wiki/Elf%20(Begriffskl%C3%A4rung)", ) strict_eq(urls.url_quote_plus(42), "42") @@ -90,37 +89,37 @@ def test_quoting(): def test_bytes_unquoting(): strict_eq( - urls.url_unquote(urls.url_quote(u'#%="\xf6', charset="latin1"), charset=None), + urls.url_unquote(urls.url_quote('#%="\xf6', charset="latin1"), charset=None), b'#%="\xf6', ) def test_url_decoding(): x = urls.url_decode(b"foo=42&bar=23&uni=H%C3%A4nsel") - strict_eq(x["foo"], u"42") - strict_eq(x["bar"], u"23") - strict_eq(x["uni"], u"Hänsel") + strict_eq(x["foo"], "42") + strict_eq(x["bar"], "23") + strict_eq(x["uni"], "Hänsel") x = urls.url_decode(b"foo=42;bar=23;uni=H%C3%A4nsel", separator=b";") - strict_eq(x["foo"], u"42") - strict_eq(x["bar"], u"23") - strict_eq(x["uni"], u"Hänsel") + strict_eq(x["foo"], "42") + strict_eq(x["bar"], "23") + strict_eq(x["uni"], "Hänsel") x = urls.url_decode(b"%C3%9Ch=H%C3%A4nsel", decode_keys=True) - strict_eq(x[u"Üh"], u"Hänsel") + strict_eq(x["Üh"], "Hänsel") def test_url_bytes_decoding(): x = urls.url_decode(b"foo=42&bar=23&uni=H%C3%A4nsel", charset=None) strict_eq(x[b"foo"], b"42") strict_eq(x[b"bar"], b"23") - strict_eq(x[b"uni"], u"Hänsel".encode("utf-8")) + strict_eq(x[b"uni"], "Hänsel".encode()) def test_streamed_url_decoding(): - item1 = u"a" * 100000 - item2 = u"b" * 400 - string = ("a=%s&b=%s&c=%s" % (item1, item2, item2)).encode("ascii") + item1 = "a" * 100000 + item2 = "b" * 400 + string = (f"a={item1}&b={item2}&c={item2}").encode("ascii") gen = urls.url_decode_stream( io.BytesIO(string), limit=len(string), return_iterator=True ) @@ -136,23 +135,23 @@ def test_stream_decoding_string_fails(): def test_url_encoding(): strict_eq(urls.url_encode({"foo": "bar 45"}), "foo=bar+45") - d = {"foo": 1, "bar": 23, "blah": u"Hänsel"} + d = {"foo": 1, "bar": 23, "blah": "Hänsel"} strict_eq(urls.url_encode(d, sort=True), "bar=23&blah=H%C3%A4nsel&foo=1") strict_eq( - urls.url_encode(d, sort=True, separator=u";"), "bar=23;blah=H%C3%A4nsel;foo=1" + urls.url_encode(d, sort=True, separator=";"), "bar=23;blah=H%C3%A4nsel;foo=1" ) def test_sorted_url_encode(): strict_eq( urls.url_encode( - {u"a": 42, u"b": 23, 1: 1, 2: 2}, sort=True, key=lambda i: str(i[0]) + {"a": 42, "b": 23, 1: 1, 2: 2}, sort=True, key=lambda i: str(i[0]) ), "1=1&2=2&a=42&b=23", ) strict_eq( urls.url_encode( - {u"A": 1, u"a": 2, u"B": 3, "b": 4}, + {"A": 1, "a": 2, "B": 3, "b": 4}, sort=True, key=lambda x: x[0].lower() + x[0], ), @@ -165,12 +164,12 @@ def test_streamed_url_encoding(): urls.url_encode_stream({"foo": "bar 45"}, out) strict_eq(out.getvalue(), "foo=bar+45") - d = {"foo": 1, "bar": 23, "blah": u"Hänsel"} + d = {"foo": 1, "bar": 23, "blah": "Hänsel"} out = io.StringIO() urls.url_encode_stream(d, out, sort=True) strict_eq(out.getvalue(), "bar=23&blah=H%C3%A4nsel&foo=1") out = io.StringIO() - urls.url_encode_stream(d, out, sort=True, separator=u";") + urls.url_encode_stream(d, out, sort=True, separator=";") strict_eq(out.getvalue(), "bar=23;blah=H%C3%A4nsel;foo=1") gen = urls.url_encode_stream(d, sort=True) @@ -181,7 +180,7 @@ def test_streamed_url_encoding(): def test_url_fixing(): - x = urls.url_fix(u"http://de.wikipedia.org/wiki/Elf (Begriffskl\xe4rung)") + x = urls.url_fix("http://de.wikipedia.org/wiki/Elf (Begriffskl\xe4rung)") assert x == "http://de.wikipedia.org/wiki/Elf%20(Begriffskl%C3%A4rung)" x = urls.url_fix("http://just.a.test/$-_.+!*'(),") @@ -225,45 +224,45 @@ def test_url_fixing_qs(): def test_iri_support(): - strict_eq(urls.uri_to_iri("http://xn--n3h.net/"), u"http://\u2603.net/") + strict_eq(urls.uri_to_iri("http://xn--n3h.net/"), "http://\u2603.net/") strict_eq( urls.uri_to_iri(b"http://%C3%BCser:p%C3%A4ssword@xn--n3h.net/p%C3%A5th"), - u"http://\xfcser:p\xe4ssword@\u2603.net/p\xe5th", + "http://\xfcser:p\xe4ssword@\u2603.net/p\xe5th", ) - strict_eq(urls.iri_to_uri(u"http://☃.net/"), "http://xn--n3h.net/") + strict_eq(urls.iri_to_uri("http://☃.net/"), "http://xn--n3h.net/") strict_eq( - urls.iri_to_uri(u"http://üser:pässword@☃.net/påth"), + urls.iri_to_uri("http://üser:pässword@☃.net/påth"), "http://%C3%BCser:p%C3%A4ssword@xn--n3h.net/p%C3%A5th", ) strict_eq( urls.uri_to_iri("http://test.com/%3Fmeh?foo=%26%2F"), - u"http://test.com/%3Fmeh?foo=%26%2F", + "http://test.com/%3Fmeh?foo=%26%2F", ) # this should work as well, might break on 2.4 because of a broken # idna codec - strict_eq(urls.uri_to_iri(b"/foo"), u"/foo") - strict_eq(urls.iri_to_uri(u"/foo"), "/foo") + strict_eq(urls.uri_to_iri(b"/foo"), "/foo") + strict_eq(urls.iri_to_uri("/foo"), "/foo") strict_eq( - urls.iri_to_uri(u"http://föö.com:8080/bam/baz"), + urls.iri_to_uri("http://föö.com:8080/bam/baz"), "http://xn--f-1gaa.com:8080/bam/baz", ) def test_iri_safe_conversion(): - strict_eq(urls.iri_to_uri(u"magnet:?foo=bar"), "magnet:?foo=bar") - strict_eq(urls.iri_to_uri(u"itms-service://?foo=bar"), "itms-service:?foo=bar") + strict_eq(urls.iri_to_uri("magnet:?foo=bar"), "magnet:?foo=bar") + strict_eq(urls.iri_to_uri("itms-service://?foo=bar"), "itms-service:?foo=bar") strict_eq( - urls.iri_to_uri(u"itms-service://?foo=bar", safe_conversion=True), + urls.iri_to_uri("itms-service://?foo=bar", safe_conversion=True), "itms-service://?foo=bar", ) def test_iri_safe_quoting(): uri = "http://xn--f-1gaa.com/%2F%25?q=%C3%B6&x=%3D%25#%25" - iri = u"http://föö.com/%2F%25?q=ö&x=%3D%25#%25" + iri = "http://föö.com/%2F%25?q=ö&x=%3D%25#%25" strict_eq(urls.uri_to_iri(uri), iri) strict_eq(urls.iri_to_uri(urls.uri_to_iri(uri)), uri) @@ -289,27 +288,27 @@ def test_multidict_encoding(): def test_href(): x = urls.Href("http://www.example.com/") - strict_eq(x(u"foo"), "http://www.example.com/foo") - strict_eq(x.foo(u"bar"), "http://www.example.com/foo/bar") - strict_eq(x.foo(u"bar", x=42), "http://www.example.com/foo/bar?x=42") - strict_eq(x.foo(u"bar", class_=42), "http://www.example.com/foo/bar?class=42") - strict_eq(x.foo(u"bar", {u"class": 42}), "http://www.example.com/foo/bar?class=42") + strict_eq(x("foo"), "http://www.example.com/foo") + strict_eq(x.foo("bar"), "http://www.example.com/foo/bar") + strict_eq(x.foo("bar", x=42), "http://www.example.com/foo/bar?x=42") + strict_eq(x.foo("bar", class_=42), "http://www.example.com/foo/bar?class=42") + strict_eq(x.foo("bar", {"class": 42}), "http://www.example.com/foo/bar?class=42") pytest.raises(AttributeError, lambda: x.__blah__) x = urls.Href("blah") - strict_eq(x.foo(u"bar"), "blah/foo/bar") + strict_eq(x.foo("bar"), "blah/foo/bar") - pytest.raises(TypeError, x.foo, {u"foo": 23}, x=42) + pytest.raises(TypeError, x.foo, {"foo": 23}, x=42) x = urls.Href("") strict_eq(x("foo"), "foo") def test_href_url_join(): - x = urls.Href(u"test") - assert x(u"foo:bar") == u"test/foo:bar" - assert x(u"http://example.com/") == u"test/http://example.com/" - assert x.a() == u"test/a" + x = urls.Href("test") + assert x("foo:bar") == "test/foo:bar" + assert x("http://example.com/") == "test/http://example.com/" + assert x.a() == "test/a" def test_href_past_root(): @@ -324,12 +323,12 @@ def test_href_past_root(): def test_url_unquote_plus_unicode(): # was broken in 0.6 - strict_eq(urls.url_unquote_plus(u"\x6d"), u"\x6d") - assert type(urls.url_unquote_plus(u"\x6d")) is str + strict_eq(urls.url_unquote_plus("\x6d"), "\x6d") + assert type(urls.url_unquote_plus("\x6d")) is str def test_quoting_of_local_urls(): - rv = urls.iri_to_uri(u"/foo\x8f") + rv = urls.iri_to_uri("/foo\x8f") strict_eq(rv, "/foo%C2%8F") assert type(rv) is str @@ -338,8 +337,8 @@ def test_url_attributes(): rv = urls.url_parse("http://foo%3a:bar%3a@[::1]:80/123?x=y#frag") strict_eq(rv.scheme, "http") strict_eq(rv.auth, "foo%3a:bar%3a") - strict_eq(rv.username, u"foo:") - strict_eq(rv.password, u"bar:") + strict_eq(rv.username, "foo:") + strict_eq(rv.password, "bar:") strict_eq(rv.raw_username, "foo%3a") strict_eq(rv.raw_password, "bar%3a") strict_eq(rv.host, "::1") @@ -348,8 +347,8 @@ def test_url_attributes(): strict_eq(rv.query, "x=y") strict_eq(rv.fragment, "frag") - rv = urls.url_parse(u"http://\N{SNOWMAN}.com/") - strict_eq(rv.host, u"\N{SNOWMAN}.com") + rv = urls.url_parse("http://\N{SNOWMAN}.com/") + strict_eq(rv.host, "\N{SNOWMAN}.com") strict_eq(rv.ascii_host, "xn--n3h.com") @@ -357,8 +356,8 @@ def test_url_attributes_bytes(): rv = urls.url_parse(b"http://foo%3a:bar%3a@[::1]:80/123?x=y#frag") strict_eq(rv.scheme, b"http") strict_eq(rv.auth, b"foo%3a:bar%3a") - strict_eq(rv.username, u"foo:") - strict_eq(rv.password, u"bar:") + strict_eq(rv.username, "foo:") + strict_eq(rv.password, "bar:") strict_eq(rv.raw_username, b"foo%3a") strict_eq(rv.raw_password, b"bar%3a") strict_eq(rv.host, b"::1") @@ -377,19 +376,19 @@ def test_url_joining(): def test_partial_unencoded_decode(): - ref = u"foo=정상처리".encode("euc-kr") + ref = "foo=정상처리".encode("euc-kr") x = urls.url_decode(ref, charset="euc-kr") - strict_eq(x["foo"], u"정상처리") + strict_eq(x["foo"], "정상처리") def test_iri_to_uri_idempotence_ascii_only(): - uri = u"http://www.idempoten.ce" + uri = "http://www.idempoten.ce" uri = urls.iri_to_uri(uri) assert urls.iri_to_uri(uri) == uri def test_iri_to_uri_idempotence_non_ascii(): - uri = u"http://\N{SNOWMAN}/\N{SNOWMAN}" + uri = "http://\N{SNOWMAN}/\N{SNOWMAN}" uri = urls.iri_to_uri(uri) assert urls.iri_to_uri(uri) == uri @@ -407,7 +406,7 @@ def test_uri_to_iri_idempotence_non_ascii(): def test_iri_to_uri_to_iri(): - iri = u"http://föö.com/" + iri = "http://föö.com/" uri = urls.iri_to_uri(iri) assert urls.uri_to_iri(uri) == iri @@ -420,14 +419,14 @@ def test_uri_to_iri_to_uri(): def test_uri_iri_normalization(): uri = "http://xn--f-rgao.com/%E2%98%90/fred?utf8=%E2%9C%93" - iri = u"http://föñ.com/\N{BALLOT BOX}/fred?utf8=\u2713" + iri = "http://föñ.com/\N{BALLOT BOX}/fred?utf8=\u2713" tests = [ - u"http://föñ.com/\N{BALLOT BOX}/fred?utf8=\u2713", - u"http://xn--f-rgao.com/\u2610/fred?utf8=\N{CHECK MARK}", + "http://föñ.com/\N{BALLOT BOX}/fred?utf8=\u2713", + "http://xn--f-rgao.com/\u2610/fred?utf8=\N{CHECK MARK}", b"http://xn--f-rgao.com/%E2%98%90/fred?utf8=%E2%9C%93", - u"http://xn--f-rgao.com/%E2%98%90/fred?utf8=%E2%9C%93", - u"http://föñ.com/\u2610/fred?utf8=%E2%9C%93", + "http://xn--f-rgao.com/%E2%98%90/fred?utf8=%E2%9C%93", + "http://föñ.com/\u2610/fred?utf8=%E2%9C%93", b"http://xn--f-rgao.com/\xe2\x98\x90/fred?utf8=\xe2\x9c\x93", ] diff --git a/tests/test_utils.py b/tests/test_utils.py index 37bb4385e..a45c9e7c2 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.utils ~~~~~~~~~~~ @@ -22,12 +21,12 @@ def test_redirect(): - resp = utils.redirect(u"/füübär") + resp = utils.redirect("/füübär") assert b"/f%C3%BC%C3%BCb%C3%A4r" in resp.get_data() assert resp.headers["Location"] == "/f%C3%BC%C3%BCb%C3%A4r" assert resp.status_code == 302 - resp = utils.redirect(u"http://☃.net/", 307) + resp = utils.redirect("http://☃.net/", 307) assert b"http://xn--n3h.net/" in resp.get_data() assert resp.headers["Location"] == "http://xn--n3h.net/" assert resp.status_code == 307 @@ -63,7 +62,7 @@ class MyResponse(BaseResponse): def test_cached_property(): foo = [] - class A(object): + class A: def prop(self): foo.append(42) return 42 @@ -78,7 +77,7 @@ def prop(self): foo = [] - class A(object): + class A: def _prop(self): foo.append(42) return 42 @@ -94,7 +93,7 @@ def _prop(self): def test_can_set_cached_property(): - class A(object): + class A: @utils.cached_property def _prop(self): return "cached_property return value" @@ -107,7 +106,7 @@ def _prop(self): def test_can_invalidate_cached_property(): foo = [] - class A(object): + class A: def prop(self): foo.append(42) return 42 @@ -131,7 +130,7 @@ def prop(self): def test_invalidate_cached_property_on_non_property(): - class A(object): + class A: def __init__(self): self.prop = 42 @@ -141,7 +140,7 @@ def __init__(self): def test_inspect_treats_cached_property_as_property(): - class A(object): + class A: @utils.cached_property def _prop(self): return "cached_property return value" @@ -154,7 +153,7 @@ def _prop(self): def test_environ_property(): - class A(object): + class A: environ = {"string": "abc", "number": "42"} string = utils.environ_property("string") @@ -195,7 +194,7 @@ def __html__(self): def test_unescape(): - assert utils.unescape("<ä>") == u"<ä>" + assert utils.unescape("<ä>") == "<ä>" def test_import_string(): @@ -203,13 +202,12 @@ def test_import_string(): from werkzeug.debug import DebuggedApplication assert utils.import_string("datetime.date") is date - assert utils.import_string(u"datetime.date") is date + assert utils.import_string("datetime.date") is date assert utils.import_string("datetime:date") is date assert utils.import_string("XXXXXXXXXXXX", True) is None assert utils.import_string("datetime.XXXXXXXXXXXX", True) is None assert ( - utils.import_string(u"werkzeug.debug.DebuggedApplication") - is DebuggedApplication + utils.import_string("werkzeug.debug.DebuggedApplication") is DebuggedApplication ) pytest.raises(ImportError, utils.import_string, "XXXXXXXXXXXXXXXX") pytest.raises(ImportError, utils.import_string, "datetime.XXXXXXXXXX") @@ -230,7 +228,7 @@ def test_import_string_provides_traceback(tmpdir, monkeypatch): # Do we get all the useful information in the traceback? with pytest.raises(ImportError) as baz_exc: utils.import_string("a.aa") - traceback = "".join((str(line) for line in baz_exc.traceback)) + traceback = "".join(str(line) for line in baz_exc.traceback) assert "bb.py':1" in traceback # a bit different than typical python tb assert "from os import a_typo" in traceback @@ -367,7 +365,7 @@ def test_secure_filename(): assert utils.secure_filename("My cool movie.mov") == "My_cool_movie.mov" assert utils.secure_filename("../../../etc/passwd") == "etc_passwd" assert ( - utils.secure_filename(u"i contain cool \xfcml\xe4uts.txt") + utils.secure_filename("i contain cool \xfcml\xe4uts.txt") == "i_contain_cool_umlauts.txt" ) assert utils.secure_filename("__filename__") == "filename" diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py index 4ccc0308f..6f35b947a 100644 --- a/tests/test_wrappers.py +++ b/tests/test_wrappers.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.wrappers ~~~~~~~~~~~~~~ @@ -99,8 +98,8 @@ def test_base_request(): # get requests response = client.get("/?foo=bar&foo=hehe") - strict_eq(response["args"], MultiDict([("foo", u"bar"), ("foo", u"hehe")])) - strict_eq(response["args_as_list"], [("foo", [u"bar", u"hehe"])]) + strict_eq(response["args"], MultiDict([("foo", "bar"), ("foo", "hehe")])) + strict_eq(response["args_as_list"], [("foo", ["bar", "hehe"])]) strict_eq(response["form"], MultiDict()) strict_eq(response["form_as_list"], []) strict_eq(response["data"], b"") @@ -112,9 +111,9 @@ def test_base_request(): data="foo=blub+hehe&blah=42", content_type="application/x-www-form-urlencoded", ) - strict_eq(response["args"], MultiDict([("blub", u"blah")])) - strict_eq(response["args_as_list"], [("blub", [u"blah"])]) - strict_eq(response["form"], MultiDict([("foo", u"blub hehe"), ("blah", u"42")])) + strict_eq(response["args"], MultiDict([("blub", "blah")])) + strict_eq(response["args_as_list"], [("blub", ["blah"])]) + strict_eq(response["form"], MultiDict([("foo", "blub hehe"), ("blah", "42")])) strict_eq(response["data"], b"") # currently we do not guarantee that the values are ordered correctly # for post data. @@ -127,9 +126,9 @@ def test_base_request(): data="foo=blub+hehe&blah=42", content_type="application/x-www-form-urlencoded", ) - strict_eq(response["args"], MultiDict([("blub", u"blah")])) - strict_eq(response["args_as_list"], [("blub", [u"blah"])]) - strict_eq(response["form"], MultiDict([("foo", u"blub hehe"), ("blah", u"42")])) + strict_eq(response["args"], MultiDict([("blub", "blah")])) + strict_eq(response["args_as_list"], [("blub", ["blah"])]) + strict_eq(response["form"], MultiDict([("foo", "blub hehe"), ("blah", "42")])) strict_eq(response["data"], b"") assert_environ(response["environ"], "PATCH") @@ -137,12 +136,12 @@ def test_base_request(): json = b'{"foo": "bar", "blub": "blah"}' response = client.post("/?a=b", data=json, content_type="application/json") strict_eq(response["data"], json) - strict_eq(response["args"], MultiDict([("a", u"b")])) + strict_eq(response["args"], MultiDict([("a", "b")])) strict_eq(response["form"], MultiDict()) def test_query_string_is_bytes(): - req = wrappers.Request.from_values(u"/?foo=%2f") + req = wrappers.Request.from_values("/?foo=%2f") strict_eq(req.query_string, b"foo=%2f") @@ -153,7 +152,7 @@ def test_request_repr(): req = wrappers.Request.from_values("/привет") assert "" == repr(req) # test with unicode type for python 2 - req = wrappers.Request.from_values(u"/привет") + req = wrappers.Request.from_values("/привет") assert "" == repr(req) @@ -172,13 +171,13 @@ def test_access_route(): def test_url_request_descriptors(): req = wrappers.Request.from_values("/bar?foo=baz", "http://example.com/test") - strict_eq(req.path, u"/bar") - strict_eq(req.full_path, u"/bar?foo=baz") - strict_eq(req.script_root, u"/test") - strict_eq(req.url, u"http://example.com/test/bar?foo=baz") - strict_eq(req.base_url, u"http://example.com/test/bar") - strict_eq(req.url_root, u"http://example.com/test/") - strict_eq(req.host_url, u"http://example.com/") + strict_eq(req.path, "/bar") + strict_eq(req.full_path, "/bar?foo=baz") + strict_eq(req.script_root, "/test") + strict_eq(req.url, "http://example.com/test/bar?foo=baz") + strict_eq(req.base_url, "http://example.com/test/bar") + strict_eq(req.url_root, "http://example.com/test/") + strict_eq(req.host_url, "http://example.com/") strict_eq(req.host, "example.com") strict_eq(req.scheme, "http") @@ -189,21 +188,21 @@ def test_url_request_descriptors(): def test_url_request_descriptors_query_quoting(): next = "http%3A%2F%2Fwww.example.com%2F%3Fnext%3D%2Fbaz%23my%3Dhash" req = wrappers.Request.from_values("/bar?next=" + next, "http://example.com/") - assert req.path == u"/bar" - strict_eq(req.full_path, u"/bar?next=" + next) - strict_eq(req.url, u"http://example.com/bar?next=" + next) + assert req.path == "/bar" + strict_eq(req.full_path, "/bar?next=" + next) + strict_eq(req.url, "http://example.com/bar?next=" + next) def test_url_request_descriptors_hosts(): req = wrappers.Request.from_values("/bar?foo=baz", "http://example.com/test") req.trusted_hosts = ["example.com"] - strict_eq(req.path, u"/bar") - strict_eq(req.full_path, u"/bar?foo=baz") - strict_eq(req.script_root, u"/test") - strict_eq(req.url, u"http://example.com/test/bar?foo=baz") - strict_eq(req.base_url, u"http://example.com/test/bar") - strict_eq(req.url_root, u"http://example.com/test/") - strict_eq(req.host_url, u"http://example.com/") + strict_eq(req.path, "/bar") + strict_eq(req.full_path, "/bar?foo=baz") + strict_eq(req.script_root, "/test") + strict_eq(req.url, "http://example.com/test/bar?foo=baz") + strict_eq(req.base_url, "http://example.com/test/bar") + strict_eq(req.url_root, "http://example.com/test/") + strict_eq(req.host_url, "http://example.com/") strict_eq(req.host, "example.com") strict_eq(req.scheme, "http") @@ -225,8 +224,8 @@ def test_authorization_mixin(): ) a = request.authorization strict_eq(a.type, "basic") - strict_eq(a.username, u"Aladdin") - strict_eq(a.password, u"open sesame") + strict_eq(a.username, "Aladdin") + strict_eq(a.password, "open sesame") def test_authorization_with_unicode(): @@ -235,8 +234,8 @@ def test_authorization_with_unicode(): ) a = request.authorization strict_eq(a.type, "basic") - strict_eq(a.username, u"русскиЁ") - strict_eq(a.password, u"Буквы") + strict_eq(a.username, "русскиЁ") + strict_eq(a.password, "Буквы") def test_stream_only_mixing(): @@ -294,8 +293,8 @@ def test_response_access_control(): def test_base_response(): # unicode - response = wrappers.BaseResponse(u"öäü") - strict_eq(response.get_data(), u"öäü".encode("utf-8")) + response = wrappers.BaseResponse("öäü") + strict_eq(response.get_data(), "öäü".encode()) # writing response = wrappers.Response("foo") @@ -343,7 +342,7 @@ def test_base_response(): # close call forwarding closed = [] - class Iterable(object): + class Iterable: def __next__(self): raise StopIteration() @@ -672,7 +671,7 @@ def test_user_agent_mixin(): def test_stream_wrapping(): - class LowercasingStream(object): + class LowercasingStream: def __init__(self, stream): self._stream = stream @@ -697,7 +696,7 @@ def test_data_descriptor_triggers_parsing(): ) assert req.data == b"" - assert req.form["foo"] == u"Hello World" + assert req.form["foo"] == "Hello World" def test_get_data_method_parsing_caching_behavior(): @@ -708,14 +707,14 @@ def test_get_data_method_parsing_caching_behavior(): # get_data() caches, so form stays available assert req.get_data() == data - assert req.form["foo"] == u"Hello World" + assert req.form["foo"] == "Hello World" assert req.get_data() == data # here we access the form data first, caching is bypassed req = wrappers.Request.from_values( "/", method="POST", data=data, content_type="application/x-www-form-urlencoded" ) - assert req.form["foo"] == u"Hello World" + assert req.form["foo"] == "Hello World" assert req.get_data() == b"" # Another case is uncached get data which trashes everything @@ -732,7 +731,7 @@ def test_get_data_method_parsing_caching_behavior(): "/", method="POST", data=data, content_type="application/x-www-form-urlencoded" ) assert req.get_data(parse_form_data=True) == b"" - assert req.form["foo"] == u"Hello World" + assert req.form["foo"] == "Hello World" def test_etag_response_mixin(): @@ -920,7 +919,7 @@ def test_authenticate_mixin(): resp = wrappers.Response() resp.www_authenticate.type = "basic" resp.www_authenticate.realm = "Testing" - strict_eq(resp.headers["WWW-Authenticate"], u'Basic realm="Testing"') + strict_eq(resp.headers["WWW-Authenticate"], 'Basic realm="Testing"') resp.www_authenticate.realm = None resp.www_authenticate.type = None assert "WWW-Authenticate" not in resp.headers @@ -1153,7 +1152,7 @@ def generate(): def test_response_content_length_uses_encode(): - r = wrappers.Response(u"你好") + r = wrappers.Response("你好") assert r.calculate_content_length() == 6 @@ -1171,8 +1170,8 @@ def test_other_method_payload(): def test_urlfication(): resp = wrappers.Response() - resp.headers["Location"] = u"http://üser:pässword@☃.net/påth" - resp.headers["Content-Location"] = u"http://☃.net/" + resp.headers["Location"] = "http://üser:pässword@☃.net/påth" + resp.headers["Content-Location"] = "http://☃.net/" headers = resp.get_wsgi_headers(create_environ()) assert headers["location"] == "http://%C3%BCser:p%C3%A4ssword@xn--n3h.net/p%C3%A5th" assert headers["content-location"] == "http://xn--n3h.net/" @@ -1180,7 +1179,7 @@ def test_urlfication(): def test_new_response_iterator_behavior(): req = wrappers.Request.from_values() - resp = wrappers.Response(u"Hello Wörld!") + resp = wrappers.Response("Hello Wörld!") def get_content_length(resp): headers = resp.get_wsgi_headers(req.environ) @@ -1188,20 +1187,20 @@ def get_content_length(resp): def generate_items(): yield "Hello " - yield u"Wörld!" + yield "Wörld!" # werkzeug encodes when set to `data` now, which happens # if a string is passed to the response object. - assert resp.response == [u"Hello Wörld!".encode("utf-8")] - assert resp.get_data() == u"Hello Wörld!".encode("utf-8") + assert resp.response == ["Hello Wörld!".encode()] + assert resp.get_data() == "Hello Wörld!".encode() assert get_content_length(resp) == 13 assert not resp.is_streamed assert resp.is_sequence # try the same for manual assignment - resp.set_data(u"Wörd") - assert resp.response == [u"Wörd".encode("utf-8")] - assert resp.get_data() == u"Wörd".encode("utf-8") + resp.set_data("Wörd") + assert resp.response == ["Wörd".encode()] + assert resp.get_data() == "Wörd".encode() assert get_content_length(resp) == 5 assert not resp.is_streamed assert resp.is_sequence @@ -1210,8 +1209,8 @@ def generate_items(): resp.response = generate_items() assert resp.is_streamed assert not resp.is_sequence - assert resp.get_data() == u"Hello Wörld!".encode("utf-8") - assert resp.response == [b"Hello ", u"Wörld!".encode("utf-8")] + assert resp.get_data() == "Hello Wörld!".encode() + assert resp.response == [b"Hello ", "Wörld!".encode()] assert not resp.is_streamed assert resp.is_sequence @@ -1222,8 +1221,8 @@ def generate_items(): assert not resp.is_sequence pytest.raises(RuntimeError, lambda: resp.get_data()) resp.make_sequence() - assert resp.get_data() == u"Hello Wörld!".encode("utf-8") - assert resp.response == [b"Hello ", u"Wörld!".encode("utf-8")] + assert resp.get_data() == "Hello Wörld!".encode() + assert resp.response == [b"Hello ", "Wörld!".encode()] assert not resp.is_streamed assert resp.is_sequence @@ -1266,7 +1265,7 @@ class MyRequest(wrappers.Request): assert type(req.args) is dict assert type(req.values) is CombinedMultiDict - assert req.values["foo"] == u"baz" + assert req.values["foo"] == "baz" req = wrappers.Request.from_values(headers={"Cookie": "foo=bar;foo=baz"}) assert type(req.cookies) is ImmutableMultiDict @@ -1408,8 +1407,8 @@ def test_modified_url_encoding(): class ModifiedRequest(wrappers.Request): url_charset = "euc-kr" - req = ModifiedRequest.from_values(u"/?foo=정상처리".encode("euc-kr")) - strict_eq(req.args["foo"], u"정상처리") + req = ModifiedRequest.from_values("/?foo=정상처리".encode("euc-kr")) + strict_eq(req.args["foo"], "정상처리") def test_request_method_case_sensitivity(): @@ -1436,7 +1435,7 @@ def test_stream_zip(): assert z.read("foo") == b"bar" -class TestSetCookie(object): +class TestSetCookie: """Tests for :meth:`werkzeug.wrappers.BaseResponse.set_cookie`.""" def test_secure(self): @@ -1540,7 +1539,7 @@ def test_samesite(self): ) -class TestJSONMixin(object): +class TestJSONMixin: class Request(JSONMixin, wrappers.Request): pass @@ -1548,13 +1547,13 @@ class Response(JSONMixin, wrappers.Response): pass def test_request(self): - value = {u"ä": "b"} + value = {"ä": "b"} request = self.Request.from_values(json=value) assert request.json == value assert request.get_data() def test_response(self): - value = {u"ä": "b"} + value = {"ä": "b"} response = self.Response( response=json.dumps(value), content_type="application/json" ) diff --git a/tests/test_wsgi.py b/tests/test_wsgi.py index 9d299481b..5dcde5d7d 100644 --- a/tests/test_wsgi.py +++ b/tests/test_wsgi.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.wsgi ~~~~~~~~~~ @@ -125,15 +124,15 @@ def test_peek_path_info(): def test_path_info_and_script_name_fetching(): - env = create_environ(u"/\N{SNOWMAN}", u"http://example.com/\N{COMET}/") - assert wsgi.get_path_info(env) == u"/\N{SNOWMAN}" - assert wsgi.get_path_info(env, charset=None) == u"/\N{SNOWMAN}".encode("utf-8") - assert wsgi.get_script_name(env) == u"/\N{COMET}" - assert wsgi.get_script_name(env, charset=None) == u"/\N{COMET}".encode("utf-8") + env = create_environ("/\N{SNOWMAN}", "http://example.com/\N{COMET}/") + assert wsgi.get_path_info(env) == "/\N{SNOWMAN}" + assert wsgi.get_path_info(env, charset=None) == "/\N{SNOWMAN}".encode() + assert wsgi.get_script_name(env) == "/\N{COMET}" + assert wsgi.get_script_name(env, charset=None) == "/\N{COMET}".encode() def test_query_string_fetching(): - env = create_environ(u"/?\N{SNOWMAN}=\N{COMET}") + env = create_environ("/?\N{SNOWMAN}=\N{COMET}") qs = wsgi.get_query_string(env) strict_eq(qs, "%E2%98%83=%E2%98%84") @@ -197,13 +196,13 @@ def on_exhausted(self): stream = wsgi.LimitedStream(io_, 0) strict_eq(stream.read(-1), b"") - io_ = io.StringIO(u"123456") + io_ = io.StringIO("123456") stream = wsgi.LimitedStream(io_, 0) - strict_eq(stream.read(-1), u"") + strict_eq(stream.read(-1), "") - io_ = io.StringIO(u"123\n456\n") + io_ = io.StringIO("123\n456\n") stream = wsgi.LimitedStream(io_, 8) - strict_eq(list(stream), [u"123\n", u"456\n"]) + strict_eq(list(stream), ["123\n", "456\n"]) def test_limited_stream_json_load(): @@ -233,25 +232,25 @@ def test_limited_stream_disconnection(): def test_path_info_extraction(): x = wsgi.extract_path_info("http://example.com/app", "/app/hello") - assert x == u"/hello" + assert x == "/hello" x = wsgi.extract_path_info( "http://example.com/app", "https://example.com/app/hello" ) - assert x == u"/hello" + assert x == "/hello" x = wsgi.extract_path_info( "http://example.com/app/", "https://example.com/app/hello" ) - assert x == u"/hello" + assert x == "/hello" x = wsgi.extract_path_info("http://example.com/app/", "https://example.com/app") - assert x == u"/" - x = wsgi.extract_path_info(u"http://☃.net/", u"/fööbär") - assert x == u"/fööbär" - x = wsgi.extract_path_info(u"http://☃.net/x", u"http://☃.net/x/fööbär") - assert x == u"/fööbär" + assert x == "/" + x = wsgi.extract_path_info("http://☃.net/", "/fööbär") + assert x == "/fööbär" + x = wsgi.extract_path_info("http://☃.net/x", "http://☃.net/x/fööbär") + assert x == "/fööbär" - env = create_environ(u"/fööbär", u"http://☃.net/x/") - x = wsgi.extract_path_info(env, u"http://☃.net/x/fööbär") - assert x == u"/fööbär" + env = create_environ("/fööbär", "http://☃.net/x/") + x = wsgi.extract_path_info(env, "http://☃.net/x/fööbär") + assert x == "/fööbär" x = wsgi.extract_path_info("http://example.com/app/", "https://example.com/a/hello") assert x is None @@ -287,9 +286,9 @@ def test_get_host_fallback(): def test_get_current_url_unicode(): - env = create_environ(query_string=u"foo=bar&baz=blah&meh=\xcf") + env = create_environ(query_string="foo=bar&baz=blah&meh=\xcf") rv = wsgi.get_current_url(env) - strict_eq(rv, u"http://localhost/?foo=bar&baz=blah&meh=\xcf") + strict_eq(rv, "http://localhost/?foo=bar&baz=blah&meh=\xcf") def test_get_current_url_invalid_utf8(): @@ -298,7 +297,7 @@ def test_get_current_url_invalid_utf8(): env["QUERY_STRING"] = "foo=bar&baz=blah&meh=\xcf" rv = wsgi.get_current_url(env) # it remains percent-encoded - strict_eq(rv, u"http://localhost/?foo=bar&baz=blah&meh=%CF") + strict_eq(rv, "http://localhost/?foo=bar&baz=blah&meh=%CF") def test_multi_part_line_breaks(): @@ -353,14 +352,14 @@ def test_iter_functions_support_iterators(): def test_make_chunk_iter(): - data = [u"abcdefXghi", u"jklXmnopqrstuvwxyzX", u"ABCDEFGHIJK"] + data = ["abcdefXghi", "jklXmnopqrstuvwxyzX", "ABCDEFGHIJK"] rv = list(wsgi.make_chunk_iter(data, "X")) - assert rv == [u"abcdef", u"ghijkl", u"mnopqrstuvwxyz", u"ABCDEFGHIJK"] + assert rv == ["abcdef", "ghijkl", "mnopqrstuvwxyz", "ABCDEFGHIJK"] - data = u"abcdefXghijklXmnopqrstuvwxyzXABCDEFGHIJK" + data = "abcdefXghijklXmnopqrstuvwxyzXABCDEFGHIJK" test_stream = io.StringIO(data) rv = list(wsgi.make_chunk_iter(test_stream, "X", limit=len(data), buffer_size=4)) - assert rv == [u"abcdef", u"ghijkl", u"mnopqrstuvwxyz", u"ABCDEFGHIJK"] + assert rv == ["abcdef", "ghijkl", "mnopqrstuvwxyz", "ABCDEFGHIJK"] def test_make_chunk_iter_bytes(): @@ -432,13 +431,13 @@ def test_range_wrapper(): range_wrapper = _RangeWrapper(response.response, 6, 100) assert next(range_wrapper) == b"World" - response = BaseResponse((x for x in (b"He", b"ll", b"o ", b"Wo", b"rl", b"d"))) + response = BaseResponse(x for x in (b"He", b"ll", b"o ", b"Wo", b"rl", b"d")) range_wrapper = _RangeWrapper(response.response, 6, 4) assert not range_wrapper.seekable assert next(range_wrapper) == b"Wo" assert next(range_wrapper) == b"rl" - response = BaseResponse((x for x in (b"He", b"ll", b"o W", b"o", b"rld"))) + response = BaseResponse(x for x in (b"He", b"ll", b"o W", b"o", b"rld")) range_wrapper = _RangeWrapper(response.response, 6, 4) assert next(range_wrapper) == b"W" assert next(range_wrapper) == b"o" @@ -446,7 +445,7 @@ def test_range_wrapper(): with pytest.raises(StopIteration): next(range_wrapper) - response = BaseResponse((x for x in (b"Hello", b" World"))) + response = BaseResponse(x for x in (b"Hello", b" World")) range_wrapper = _RangeWrapper(response.response, 1, 1) assert next(range_wrapper) == b"e" with pytest.raises(StopIteration): @@ -471,11 +470,11 @@ def test_range_wrapper(): def test_closing_iterator(): - class Namespace(object): + class Namespace: got_close = False got_additional = False - class Response(object): + class Response: def __init__(self, environ, start_response): self.start = start_response From 3ed73015106f61ca979ae30eb9d76edee7f2055d Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 14 Mar 2020 14:39:57 -0700 Subject: [PATCH 144/733] remove more compat code serving._SSLContext wrapper SharedDataMiddleware loader compat deprecate http decode/encode_keys argument use of detect_utf_encoding for json code paths with Python < 3.6 comments except ImportError fallbacks sys.version_info checks use platform.system() mentions of Python 2 compat in some docs and comments --- bench/wzbench.py | 34 ++---- examples/cupoftee/db.py | 6 +- examples/plnt/utils.py | 5 +- src/werkzeug/_internal.py | 2 - src/werkzeug/_reloader.py | 5 +- src/werkzeug/datastructures.py | 95 +++++---------- src/werkzeug/debug/__init__.py | 20 ++-- src/werkzeug/debug/repr.py | 2 +- src/werkzeug/debug/tbtools.py | 16 ++- src/werkzeug/exceptions.py | 5 +- src/werkzeug/http.py | 48 +++----- src/werkzeug/local.py | 1 + src/werkzeug/middleware/http_proxy.py | 7 +- src/werkzeug/middleware/lint.py | 6 +- src/werkzeug/middleware/shared_data.py | 8 +- src/werkzeug/routing.py | 33 ++--- src/werkzeug/security.py | 3 - src/werkzeug/serving.py | 128 ++++---------------- src/werkzeug/test.py | 22 ++-- src/werkzeug/urls.py | 159 ++++++++++++------------- src/werkzeug/utils.py | 7 +- src/werkzeug/wrappers/base_response.py | 3 +- src/werkzeug/wrappers/json.py | 6 - src/werkzeug/wsgi.py | 43 +++---- tests/middleware/test_shared_data.py | 7 -- tests/test_serving.py | 17 ++- tests/test_urls.py | 2 +- 27 files changed, 231 insertions(+), 459 deletions(-) diff --git a/bench/wzbench.py b/bench/wzbench.py index 6270b6208..d2671a09d 100755 --- a/bench/wzbench.py +++ b/bench/wzbench.py @@ -1,5 +1,4 @@ #!/usr/bin/env python -# -*- coding: utf-8 -*- """ wzbench ~~~~~~~ @@ -11,27 +10,14 @@ :copyright: 2007 Pallets :license: BSD-3-Clause """ -from __future__ import division -from __future__ import print_function - import gc import os import subprocess import sys +from io import StringIO from timeit import default_timer as timer from types import FunctionType -try: - from cStringIO import StringIO -except ImportError: - from io import StringIO - -PY2 = sys.version_info[0] == 2 - -if not PY2: - xrange = range - - # create a new module where we later store all the werkzeug attributes. wz = type(sys)("werkzeug_nonlazy") sys.path.insert(0, "") @@ -132,10 +118,10 @@ def bench(func): # figure out how many times we have to run the function to # get reliable timings. - for i in xrange(3, 10): + for i in range(3, 10): rounds = 1 << i t = timer() - for _ in xrange(rounds): + for _ in range(rounds): func() if timer() - t >= 0.2: break @@ -147,13 +133,13 @@ def _run(): gc.disable() try: t = timer() - for _ in xrange(rounds): + for _ in range(rounds): func() return (timer() - t) / rounds * 1000 finally: gc.enable() - delta = median(_run() for x in xrange(TEST_RUNS)) + delta = median(_run() for x in range(TEST_RUNS)) sys.stdout.write("%.4f\n" % delta) sys.stdout.flush() @@ -292,7 +278,7 @@ def run(path, no_header=False): return result -URL_DECODED_DATA = dict((str(x), str(x)) for x in xrange(100)) +URL_DECODED_DATA = dict((str(x), str(x)) for x in range(100)) URL_ENCODED_DATA = "&".join("%s=%s" % x for x in URL_DECODED_DATA.items()) MULTIPART_ENCODED_DATA = "\n".join( ( @@ -379,7 +365,7 @@ def x(self): return 42 f = Foo() - for _ in xrange(60): + for _ in range(60): f.x @@ -401,7 +387,7 @@ def before_request_form_access(): def time_request_form_access(): - for _ in xrange(30): + for _ in range(30): REQUEST.path REQUEST.script_root REQUEST.args["foo"] @@ -457,9 +443,9 @@ def before_local_manager_dispatch(): def time_local_manager_dispatch(): - for _ in xrange(10): + for _ in range(10): LOCAL.x = 42 - for _ in xrange(10): + for _ in range(10): LOCAL.x diff --git a/examples/cupoftee/db.py b/examples/cupoftee/db.py index e86c071f7..043ab7e91 100644 --- a/examples/cupoftee/db.py +++ b/examples/cupoftee/db.py @@ -9,15 +9,11 @@ :copyright: 2007 Pallets :license: BSD-3-Clause """ +import dbm from pickle import dumps from pickle import loads from threading import Lock -try: - import dbm -except ImportError: - import anydbm as dbm - class Database(object): def __init__(self, filename): diff --git a/examples/plnt/utils.py b/examples/plnt/utils.py index 0bf4cc708..9d3ff74a7 100644 --- a/examples/plnt/utils.py +++ b/examples/plnt/utils.py @@ -50,10 +50,7 @@ _entity_re = re.compile(r"&([^;]+);") _striptags_re = re.compile(r"(|<[^>]*>)") -try: - from html.entities import name2codepoint -except ImportError: - from htmlentitydefs import name2codepoint +from html.entities import name2codepoint html_entities = name2codepoint.copy() html_entities["apos"] = 39 diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py index e389bb115..498cd36d5 100644 --- a/src/werkzeug/_internal.py +++ b/src/werkzeug/_internal.py @@ -49,8 +49,6 @@ flags=re.VERBOSE, ) -_WIN = sys.platform.startswith("win") - class _Missing: def __repr__(self): diff --git a/src/werkzeug/_reloader.py b/src/werkzeug/_reloader.py index 3617e8cf0..503a20d57 100644 --- a/src/werkzeug/_reloader.py +++ b/src/werkzeug/_reloader.py @@ -13,8 +13,7 @@ def _iter_module_files(): loaded files from modules, all files in folders of already loaded modules as well as all files reachable through a package. """ - # The list call is necessary on Python 3 in case the module - # dictionary modifies during iteration. + # The list is in case sys.modules is modified during iteration. for module in list(sys.modules.values()): if module is None: continue @@ -130,7 +129,7 @@ def _find_common_roots(paths): rv = set() def _walk(node, path): - for prefix, child in iter(node.items()): + for prefix, child in node.items(): _walk(child, path + (prefix,)) if not node: rv.add("/".join(path)) diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 3b1b42603..401a20036 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -33,9 +33,9 @@ def iter_multi_items(mapping): without dropping any from more complex structures. """ if isinstance(mapping, MultiDict): - yield from iter(mapping.items(multi=True)) + yield from mapping.items(multi=True) elif isinstance(mapping, dict): - for key, value in iter(mapping.items()): + for key, value in mapping.items(): if isinstance(value, (tuple, list)): for v in value: yield key, v @@ -128,7 +128,7 @@ def __reduce_ex__(self, protocol): return type(self), (dict(self),) def _iter_hashitems(self): - return iter(self.items()) + return self.items() def __hash__(self): if self._hash_cache is not None: @@ -167,10 +167,10 @@ class ImmutableMultiDictMixin(ImmutableDictMixin): """ def __reduce_ex__(self, protocol): - return type(self), (list(iter(self.items(multi=True))),) + return type(self), (list(self.items(multi=True)),) def _iter_hashitems(self): - return iter(self.items(multi=True)) + return self.items(multi=True) def add(self, key, value): is_immutable(self) @@ -292,24 +292,6 @@ def __copy__(self): return self -class ViewItems: - def __init__(self, multi_dict, method, repr_name, *a, **kw): - self.__multi_dict = multi_dict - self.__method = method - self.__repr_name = repr_name - self.__a = a - self.__kw = kw - - def __get_items(self): - return getattr(self.__multi_dict, self.__method)(*self.__a, **self.__kw) - - def __repr__(self): - return "{}({!r})".format(self.__repr_name, list(self.__get_items())) - - def __iter__(self): - return iter(self.__get_items()) - - class MultiDict(TypeConversionDict): """A :class:`MultiDict` is a dictionary subclass customized to deal with multiple values for the same key which is for example used by the parsing @@ -353,10 +335,10 @@ class MultiDict(TypeConversionDict): def __init__(self, mapping=None): if isinstance(mapping, MultiDict): - dict.__init__(self, ((k, l[:]) for k, l in iter(mapping.lists()))) + dict.__init__(self, ((k, l[:]) for k, l in mapping.lists())) elif isinstance(mapping, dict): tmp = {} - for key, value in iter(mapping.items()): + for key, value in mapping.items(): if isinstance(value, (tuple, list)): if len(value) == 0: continue @@ -499,8 +481,7 @@ def items(self, multi=False): for each value of each key. Otherwise it will only contain pairs for the first value of each key. """ - - for key, values in iter(dict.items(self)): + for key, values in dict.items(self): if multi: for value in values: yield key, value @@ -510,18 +491,12 @@ def items(self, multi=False): def lists(self): """Return a iterator of ``(key, values)`` pairs, where values is the list of all values associated with the key.""" - - for key, values in iter(dict.items(self)): + for key, values in dict.items(self): yield key, list(values) - def keys(self): - return iter(dict.keys(self)) - - __iter__ = keys - def values(self): """Returns an iterator of the first value on every key's value list.""" - for values in iter(dict.values(self)): + for values in dict.values(self): yield values[0] def listvalues(self): @@ -532,8 +507,7 @@ def listvalues(self): >>> zip(d.keys(), d.listvalues()) == d.lists() True """ - - return iter(dict.values(self)) + return dict.values(self) def copy(self): """Return a shallow copy of this object.""" @@ -554,7 +528,7 @@ def to_dict(self, flat=True): :return: a :class:`dict` """ if flat: - return dict(iter(self.items())) + return dict(self.items()) return dict(self.lists()) def update(self, other_dict): @@ -640,9 +614,7 @@ def __deepcopy__(self, memo): return self.deepcopy(memo=memo) def __repr__(self): - return "{}({!r})".format( - self.__class__.__name__, list(iter(self.items(multi=True))) - ) + return "{}({!r})".format(self.__class__.__name__, list(self.items(multi=True))) class _omd_bucket: @@ -719,7 +691,7 @@ def __eq__(self, other): return False if len(self) != len(other): return False - for key, values in iter(self.lists()): + for key, values in self.lists(): if other.getlist(key) != values: return False return True @@ -730,10 +702,10 @@ def __ne__(self, other): return not self.__eq__(other) def __reduce_ex__(self, protocol): - return type(self), (list(iter(self.items(multi=True))),) + return type(self), (list(self.items(multi=True)),) def __getstate__(self): - return list(iter(self.items(multi=True))) + return list(self.items(multi=True)) def __setstate__(self, values): dict.clear(self) @@ -753,12 +725,12 @@ def __delitem__(self, key): self.pop(key) def keys(self): - return (key for key, value in iter(self.items())) + return (key for key, value in self.items()) __iter__ = keys def values(self): - return (value for key, value in iter(self.items())) + return (value for key, value in self.items()) def items(self, multi=False): ptr = self._first_bucket @@ -784,7 +756,7 @@ def lists(self): ptr = ptr.next def listvalues(self): - for _key, values in iter(self.lists()): + for _key, values in self.lists(): yield values def add(self, key, value): @@ -1022,11 +994,11 @@ def items(self, lower=False): yield key, value def keys(self, lower=False): - for key, _ in iter(self.items(lower)): + for key, _ in self.items(lower): yield key def values(self): - for _, value in iter(self.items()): + for _, value in self.items(): yield value def extend(self, *args, **kwargs): @@ -1302,9 +1274,6 @@ def update(self, *args, **kwargs): def to_wsgi_list(self): """Convert the headers into a list suitable for WSGI. - The values are byte strings in Python 2 converted to latin1 and unicode - strings in Python 3 for the WSGI server to encode. - :return: list """ return list(self) @@ -1415,7 +1384,7 @@ def __len__(self): return len(list(iter(self))) def __iter__(self): - for key, value in iter(self.environ.items()): + for key, value in self.environ.items(): if key.startswith("HTTP_") and key not in ( "HTTP_CONTENT_TYPE", "HTTP_CONTENT_LENGTH", @@ -1490,24 +1459,20 @@ def getlist(self, key, type=None): def _keys_impl(self): """This function exists so __len__ can be implemented more efficiently, saving one list creation from an iterator. - - Using this for Python 2's ``dict.keys`` behavior would be useless since - `dict.keys` in Python 2 returns a list, while we have a set here. """ rv = set() - for d in self.dicts: - rv.update(iter(d.keys())) + rv.update(*self.dicts) return rv def keys(self): - return iter(self._keys_impl()) + return self._keys_impl() __iter__ = keys def items(self, multi=False): found = set() for d in self.dicts: - for key, value in iter(d.items(multi)): + for key, value in d.items(multi): if multi: yield key, value elif key not in found: @@ -1515,15 +1480,15 @@ def items(self, multi=False): yield key, value def values(self): - for _key, value in iter(self.items()): + for _key, value in self.items(): yield value def lists(self): rv = {} for d in self.dicts: - for key, values in iter(d.lists()): + for key, values in d.lists(): rv.setdefault(key, []).extend(values) - return iter(rv.items()) + return rv.items() def listvalues(self): return (x[1] for x in self.lists()) @@ -1647,7 +1612,7 @@ class ImmutableOrderedMultiDict(ImmutableMultiDictMixin, OrderedMultiDict): """ def _iter_hashitems(self): - return enumerate(iter(self.items(multi=True))) + return enumerate(self.items(multi=True)) def copy(self): """Return a shallow mutable copy of this object. Keep in mind that @@ -2791,7 +2756,7 @@ def to_header(self): value, allow_token=key not in self._require_quoting ), ) - for key, value in iter(d.items()) + for key, value in d.items() ] ), ) diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py index d92fc4d90..9712a625a 100644 --- a/src/werkzeug/debug/__init__.py +++ b/src/werkzeug/debug/__init__.py @@ -94,24 +94,20 @@ def _generate(): # On Windows, use winreg to get the machine guid. try: - import winreg as wr + import winreg except ImportError: + pass + else: try: - import _winreg as wr - except ImportError: - wr = None - - if wr is not None: - try: - with wr.OpenKey( - wr.HKEY_LOCAL_MACHINE, + with winreg.OpenKey( + winreg.HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Cryptography", 0, - wr.KEY_READ | wr.KEY_WOW64_64KEY, + winreg.KEY_READ | winreg.KEY_WOW64_64KEY, ) as rk: - guid, guid_type = wr.QueryValueEx(rk, "MachineGuid") + guid, guid_type = winreg.QueryValueEx(rk, "MachineGuid") - if guid_type == wr.REG_SZ: + if guid_type == winreg.REG_SZ: return guid.encode("utf-8") return guid diff --git a/src/werkzeug/debug/repr.py b/src/werkzeug/debug/repr.py index e578ca657..d80866dc8 100644 --- a/src/werkzeug/debug/repr.py +++ b/src/werkzeug/debug/repr.py @@ -176,7 +176,7 @@ def dict_repr(self, d, recursive, limit=5): return _add_subclass_info("{...}", d, dict) buf = ["{"] have_extended_section = False - for idx, (key, value) in enumerate(iter(d.items())): + for idx, (key, value) in enumerate(d.items()): if idx: buf.append(", ") if idx == limit - 1: diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py index 5ffa08f42..bc13d7fbe 100644 --- a/src/werkzeug/debug/tbtools.py +++ b/src/werkzeug/debug/tbtools.py @@ -285,10 +285,8 @@ def paste(self): "files": {"traceback.txt": {"content": self.plaintext}}, } ).encode("utf-8") - try: - from urllib2 import urlopen - except ImportError: - from urllib.request import urlopen + from urllib.request import urlopen + rv = urlopen("https://api.github.com/gists", data=data) resp = json.loads(rv.read().decode("utf-8")) rv.close() @@ -351,9 +349,9 @@ def id(self): class Group: - """A group of frames for an exception in a traceback. On Python 3, - if the exception has a ``__cause__`` or ``__context__``, there are - multiple exception groups. + """A group of frames for an exception in a traceback. If the + exception has a ``__cause__`` or ``__context__``, there are multiple + exception groups. """ def __init__(self, exc_type, exc_value, tb): @@ -362,11 +360,11 @@ def __init__(self, exc_type, exc_value, tb): self.info = None if exc_value.__cause__ is not None: self.info = ( - "The above exception was the direct cause of the" " following exception" + "The above exception was the direct cause of the following exception" ) elif exc_value.__context__ is not None: self.info = ( - "During handling of the above exception, another" " exception occurred" + "During handling of the above exception, another exception occurred" ) self.frames = [] diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index 00ae07ac4..b8432bdf8 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -28,10 +28,7 @@ def application(environ, start_response): As you can see from this example those exceptions are callable WSGI - applications. Because of Python 2.4 compatibility those do not extend - from the response objects but only from the python exception class. - - As a matter of fact they are not Werkzeug response objects. However you + applications. However, they are not Werkzeug response objects. You can get a response object by calling ``get_response()`` on a HTTP exception. diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index 965a37cbc..54c51a593 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -20,9 +20,12 @@ import warnings from datetime import datetime from datetime import timedelta +from email.utils import parsedate_tz from hashlib import md5 from time import gmtime from time import time +from urllib.parse import unquote_to_bytes as _unquote +from urllib.request import parse_http_list as _parse_list_header from ._internal import _cookie_parse_impl from ._internal import _cookie_quote @@ -30,18 +33,6 @@ from ._internal import _to_bytes from ._internal import _to_str -try: - from email.utils import parsedate_tz -except ImportError: - from email.Utils import parsedate_tz - -try: - from urllib.request import parse_http_list as _parse_list_header - from urllib.parse import unquote_to_bytes as _unquote -except ImportError: - from urllib2 import parse_http_list as _parse_list_header - from urllib2 import unquote as _unquote - _cookie_charset = "latin1" _basic_auth_charset = "utf-8" # for explanation of "media-range", etc. see Sections 5.3.{1,2} of RFC 7231 @@ -267,7 +258,7 @@ def dump_options_header(header, options): segments = [] if header is not None: segments.append(header) - for key, value in iter(options.items()): + for key, value in options.items(): if value is None: segments.append(key) else: @@ -292,7 +283,7 @@ def dump_header(iterable, allow_token=True): """ if isinstance(iterable, dict): items = [] - for key, value in iter(iterable.items()): + for key, value in iterable.items(): if value is None: items.append(key) else: @@ -316,7 +307,7 @@ def dump_csp_header(header): Support for Content Security Policy headers was added. """ - return "; ".join(f"{key} {value}" for key, value in iter(header.items())) + return "; ".join(f"{key} {value}" for key, value in header.items()) def parse_list_header(value): @@ -945,10 +936,7 @@ def dump_age(age=None): if age is None: return if isinstance(age, timedelta): - # do the equivalent of Python 2.7's timedelta.total_seconds(), - # but disregarding fractional seconds - age = age.seconds + (age.days * 24 * 3600) - + age = age.total_seconds() age = int(age) if age < 0: raise ValueError("age cannot be negative") @@ -1108,8 +1096,8 @@ def parse_cookie(header, charset="utf-8", errors="replace", cls=None): elif header is None: header = "" - # On Python 3, PEP 3333 sends headers through the environ as latin1 - # decoded strings. Encode strings back to bytes for parsing. + # PEP 3333 sends headers through the environ as latin1 decoded + # strings. Encode strings back to bytes for parsing. if isinstance(header, str): header = header.encode("latin1", "replace") @@ -1141,16 +1129,11 @@ def dump_cookie( max_size=4093, samesite=None, ): - """Creates a new Set-Cookie header without the ``Set-Cookie`` prefix - The parameters are the same as in the cookie Morsel object in the - Python standard library but it accepts unicode data, too. + """Create a Set-Cookie header without the ``Set-Cookie`` prefix. - On Python 3 the return value of this function will be a unicode - string, on Python 2 it will be a native string. In both cases the - return value is usually restricted to ascii as the vast majority of - values are properly escaped, but that is no guarantee. If a unicode - string is returned it's tunneled through latin1 as required by - PEP 3333. + The return value is usually restricted to ascii as the vast majority + of values are properly escaped, but that is no guarantee. It's + tunneled through latin1 as required by :pep:`3333`. The return value is not ASCII safe if the key contains unicode characters. This is technically against the specification but @@ -1239,9 +1222,8 @@ def dump_cookie( tmp += b"=" + v buf.append(bytes(tmp)) - # The return value will be an incorrectly encoded latin1 header on - # Python 3 for consistency with the headers object and a bytestring - # on Python 2 because that's how the API makes more sense. + # The return value will be an incorrectly encoded latin1 header for + # consistency with the headers object. rv = b"; ".join(buf) rv = rv.decode("latin1") diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py index c82652db8..f876f8ba7 100644 --- a/src/werkzeug/local.py +++ b/src/werkzeug/local.py @@ -21,6 +21,7 @@ try: from thread import get_ident except ImportError: + # Python < 3.7 from _thread import get_ident diff --git a/src/werkzeug/middleware/http_proxy.py b/src/werkzeug/middleware/http_proxy.py index 641e564d0..27110910d 100644 --- a/src/werkzeug/middleware/http_proxy.py +++ b/src/werkzeug/middleware/http_proxy.py @@ -7,17 +7,14 @@ :copyright: 2007 Pallets :license: BSD-3-Clause """ +from http import client + from ..datastructures import EnvironHeaders from ..http import is_hop_by_hop_header from ..urls import url_parse from ..urls import url_quote from ..wsgi import get_input_stream -try: - from http import client -except ImportError: - import httplib as client - class ProxyMiddleware: """Proxy requests under a path to an external server, routing other diff --git a/src/werkzeug/middleware/lint.py b/src/werkzeug/middleware/lint.py index 382f7fcde..0bc784d4d 100644 --- a/src/werkzeug/middleware/lint.py +++ b/src/werkzeug/middleware/lint.py @@ -12,17 +12,13 @@ :copyright: 2007 Pallets :license: BSD-3-Clause """ +from urllib.parse import urlparse from warnings import warn from ..datastructures import Headers from ..http import is_entity_header from ..wsgi import FileWrapper -try: - from urllib.parse import urlparse -except ImportError: - from urlparse import urlparse - class WSGIWarning(Warning): """Warning class for WSGI warnings.""" diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py index 2dca41134..22415474a 100644 --- a/src/werkzeug/middleware/shared_data.py +++ b/src/werkzeug/middleware/shared_data.py @@ -144,7 +144,7 @@ def get_file_loader(self, filename): return lambda x: (os.path.basename(filename), self._opener(filename)) def get_package_loader(self, package, package_path): - loadtime = datetime.utcnow() + load_time = datetime.utcnow() provider = pkgutil.get_loader(package) if hasattr(provider, "get_resource_reader"): @@ -166,7 +166,7 @@ def loader(path): if isinstance(resource, BytesIO): return ( basename, - lambda: (resource, loadtime, len(resource.getvalue())), + lambda: (resource, load_time, len(resource.getvalue())), ) return ( @@ -179,7 +179,7 @@ def loader(path): ) else: - # Python 2 + # Python 3.6 package_filename = provider.get_filename(package) is_filesystem = os.path.exists(package_filename) root = os.path.join(os.path.dirname(package_filename), package_path) @@ -202,7 +202,7 @@ def loader(path): except OSError: return None, None - return basename, lambda: (BytesIO(data), loadtime, len(data)) + return basename, lambda: (BytesIO(data), load_time, len(data)) return loader diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index 3d3db6e5a..e3eeacd9e 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -471,7 +471,7 @@ def get_rules(self, map): new_defaults = subdomain = None if rule.defaults: new_defaults = {} - for key, value in iter(rule.defaults.items()): + for key, value in rule.defaults.items(): if isinstance(value, str): value = format_string(value, self.context) new_defaults[key] = value @@ -880,7 +880,7 @@ def match(self, path, method=None): del groups["__suffix__"] result = {} - for name, value in iter(groups.items()): + for name, value in groups.items(): try: value = self._converters[name].to_python(value) except ValidationError: @@ -977,9 +977,8 @@ def _join(parts): ast.Return(ast.Tuple([_join(dom_parts), _join(url_parts)], ast.Load())) ) - # str is necessary for python2 pargs = [ - str(elem) + elem for is_dynamic, elem in dom_ops + url_ops if is_dynamic and elem not in defaults ] @@ -987,22 +986,16 @@ def _join(parts): func_ast = _prefix_names("def _(): pass") func_ast.name = f"" - if hasattr(ast, "arg"): # py3 - func_ast.args.args.append(ast.arg(".self", None)) - for arg in pargs + kargs: - func_ast.args.args.append(ast.arg(arg, None)) - func_ast.args.kwarg = ast.arg(".kwargs", None) - else: - func_ast.args.args.append(ast.Name(".self", ast.Param())) - for arg in pargs + kargs: - func_ast.args.args.append(ast.Name(arg, ast.Param())) - func_ast.args.kwarg = ".kwargs" + func_ast.args.args.append(ast.arg(".self", None)) + for arg in pargs + kargs: + func_ast.args.args.append(ast.arg(arg, None)) + func_ast.args.kwarg = ast.arg(".kwargs", None) for _ in kargs: func_ast.args.defaults.append(ast.Str("")) func_ast.body = body # use `ast.parse` instead of `ast.Module` for better portability - # python3.8 changes the signature of `ast.Module` + # Python 3.8 changes the signature of `ast.Module` module = ast.parse("") module.body = [func_ast] @@ -1070,7 +1063,7 @@ def suitable_for(self, values, method=None): # in case defaults are given we ensure that either the value was # skipped or the value is the same as the default value. if defaults: - for key, value in iter(defaults.items()): + for key, value in defaults.items(): if key in values and value != values[key]: return False @@ -1646,7 +1639,7 @@ def update(self): return self._rules.sort(key=lambda x: x.match_compare_key()) - for rules in iter(self._rules_by_endpoint.values()): + for rules in self._rules_by_endpoint.values(): rules.sort(key=lambda x: x.build_compare_key()) self._remap = False @@ -2153,9 +2146,9 @@ def build( if values: if isinstance(values, MultiDict): temp_values = {} - # iter(dict.items(values)) is like `values.lists()` + # dict.items(values) is like `values.lists()` # without the call or `list()` coercion overhead. - for key, value in iter(dict.items(values)): + for key, value in dict.items(values): if not value: continue if len(value) == 1: # flatten single item lists @@ -2166,7 +2159,7 @@ def build( values = temp_values else: # drop None - values = dict(i for i in iter(values.items()) if i[1] is not None) + values = dict(i for i in values.items() if i[1] is not None) else: values = {} diff --git a/src/werkzeug/security.py b/src/werkzeug/security.py index 6019dfb3f..571738493 100644 --- a/src/werkzeug/security.py +++ b/src/werkzeug/security.py @@ -159,9 +159,6 @@ def _create_mac(key, msg, method): def hashfunc(d=b""): return hashlib.new(method, d) - # Python 2.7 used ``hasattr(digestmod, '__call__')`` - # to detect if hashfunc is callable - hashfunc.__call__ = hashfunc return hmac.HMAC(key, msg, hashfunc) diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index c09337d48..485016703 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -4,9 +4,7 @@ There are many ways to serve a WSGI application. While you're developing it you usually don't want a full blown webserver like Apache but a simple - standalone one. From Python 2.5 onwards there is the `wsgiref`_ server in - the standard library. If you're using older versions of Python you can - download the package from the cheeseshop. + standalone one. There is the `wsgiref`_ server in the standard library. However there are some caveats. Sourcecode won't reload itself when changed and each time you kill the server using ``^C`` you get an @@ -16,13 +14,11 @@ The easiest way is creating a small ``start-myproject.py`` that runs the application:: - #!/usr/bin/env python - # -*- coding: utf-8 -*- from myproject import make_app from werkzeug.serving import run_simple app = make_app(...) - run_simple('localhost', 8080, app, use_reloader=True) + run_simple("localhost", 8080, app, use_reloader=True) You can also pass it a `extra_files` keyword argument with a list of additional files (like configuration files) you want to observe. @@ -36,30 +32,24 @@ """ import io import os +import platform import signal import socket +import socketserver import sys from datetime import datetime as dt from datetime import timedelta +from http.server import BaseHTTPRequestHandler +from http.server import HTTPServer from ._internal import _log from ._internal import _reraise -from ._internal import _WIN from ._internal import _wsgi_encoding_dance from .exceptions import InternalServerError from .urls import uri_to_iri from .urls import url_parse from .urls import url_unquote -try: - import socketserver - from http.server import BaseHTTPRequestHandler - from http.server import HTTPServer -except ImportError: - import SocketServer as socketserver - from BaseHTTPServer import HTTPServer - from BaseHTTPServer import BaseHTTPRequestHandler - try: import ssl except ImportError: @@ -75,8 +65,6 @@ def __getattr__(self, name): except ImportError: click = None - -ThreadingMixIn = socketserver.ThreadingMixIn can_fork = hasattr(os, "fork") if can_fork: @@ -92,10 +80,8 @@ class ForkingMixIn: except AttributeError: af_unix = None - LISTEN_QUEUE = 128 -can_open_by_fd = not _WIN and hasattr(socket, "fromfd") -_ConnectionError = ConnectionError +can_open_by_fd = not platform.system() == "Windows" and hasattr(socket, "fromfd") class DechunkedInput(io.RawIOBase): @@ -210,7 +196,7 @@ def shutdown_server(): "SERVER_PROTOCOL": self.request_version, } - for key, value in self.get_header_items(): + for key, value in self.headers.items(): key = key.upper().replace("-", "_") value = value.replace("\r\n", "") if key not in ("CONTENT_TYPE", "CONTENT_LENGTH"): @@ -282,9 +268,7 @@ def write(data): self.end_headers() assert isinstance(data, bytes), "applications must write bytes" - if data: - # Only write data if there is any to avoid Python 3.5 SSL bug - self.wfile.write(data) + self.wfile.write(data) self.wfile.flush() def start_response(status, response_headers, exc_info=None): @@ -312,7 +296,7 @@ def execute(app): try: execute(self.server.app) - except (_ConnectionError, socket.timeout) as e: + except (ConnectionError, socket.timeout) as e: self.connection_dropped(e, environ) except Exception: if self.server.passthrough_errors: @@ -334,7 +318,7 @@ def handle(self): """Handles a request ignoring dropped connections.""" try: BaseHTTPRequestHandler.handle(self) - except (_ConnectionError, socket.timeout) as e: + except (ConnectionError, socket.timeout) as e: self.connection_dropped(e) except Exception as e: if self.server.ssl_context is None or not is_ssl_error(e): @@ -343,18 +327,12 @@ def handle(self): self.initiate_shutdown() def initiate_shutdown(self): - """A horrible, horrible way to kill the server for Python 2.6 and - later. It's the best we can do. - """ - # Windows does not provide SIGKILL, go with SIGTERM then. - sig = getattr(signal, "SIGKILL", signal.SIGTERM) - # reloader active if is_running_from_reloader(): + # Windows does not provide SIGKILL, go with SIGTERM then. + sig = getattr(signal, "SIGKILL", signal.SIGTERM) os.kill(os.getpid(), sig) - # python 2.7 + self.server._BaseServer__shutdown_request = True - # python 2.6 - self.server._BaseServer__serving = False def connection_dropped(self, error, environ=None): """Called if the connection was closed by the client. By default @@ -437,22 +415,6 @@ def log(self, type, message, *args): % (self.address_string(), self.log_date_time_string(), message % args), ) - def get_header_items(self): - """ - Get an iterable list of key/value pairs representing headers. - - This function provides Python 2/3 compatibility as related to the - parsing of request headers. Python 2.7 is not compliant with - RFC 3875 Section 4.1.18 which requires multiple values for headers - to be provided or RFC 2616 which allows for folding of multi-line - headers. This function will return a matching list regardless - of Python version. It can be removed once Python 2.7 support - is dropped. - - :return: List of tuples containing header hey/value pairs - """ - return self.headers.items() - #: backwards compatible name if someone is subclassing it BaseRequestHandler = WSGIRequestHandler @@ -577,46 +539,17 @@ def load_ssl_context(cert_file, pkey_file=None, protocol=None): :param cert_file: Path of the certificate to use. :param pkey_file: Path of the private key to use. If not given, the key will be obtained from the certificate file. - :param protocol: One of the ``PROTOCOL_*`` constants in the stdlib ``ssl`` - module. Defaults to ``PROTOCOL_SSLv23``. + :param protocol: A ``PROTOCOL`` constant from the :mod:`ssl` module. + Defaults to :data:`ssl.PROTOCOL_TLS_SERVER`. """ if protocol is None: - try: - protocol = ssl.PROTOCOL_TLS_SERVER - except AttributeError: - # Python <= 3.5 compat - protocol = ssl.PROTOCOL_SSLv23 - ctx = _SSLContext(protocol) + protocol = ssl.PROTOCOL_TLS_SERVER + + ctx = ssl.SSLContext(protocol) ctx.load_cert_chain(cert_file, pkey_file) return ctx -class _SSLContext: - - """A dummy class with a small subset of Python3's ``ssl.SSLContext``, only - intended to be used with and by Werkzeug.""" - - def __init__(self, protocol): - self._protocol = protocol - self._certfile = None - self._keyfile = None - self._password = None - - def load_cert_chain(self, certfile, keyfile=None, password=None): - self._certfile = certfile - self._keyfile = keyfile or certfile - self._password = password - - def wrap_socket(self, sock, **kwargs): - return ssl.wrap_socket( - sock, - keyfile=self._keyfile, - certfile=self._certfile, - ssl_version=self._protocol, - **kwargs, - ) - - def is_ssl_error(error=None): """Checks if the given error (or the current one) is an SSL error.""" if error is None: @@ -627,18 +560,6 @@ def is_ssl_error(error=None): def select_address_family(host, port): """Return ``AF_INET4``, ``AF_INET6``, or ``AF_UNIX`` depending on the host and port.""" - # disabled due to problems with current ipv6 implementations - # and various operating systems. Probably this code also is - # not supposed to work, but I can't come up with any other - # ways to implement this. - # try: - # info = socket.getaddrinfo(host, port, socket.AF_UNSPEC, - # socket.SOCK_STREAM, 0, - # socket.AI_PASSIVE) - # if info: - # return info[0][0] - # except socket.gaierror: - # pass if host.startswith("unix://"): return socket.AF_UNIX elif ":" in host and hasattr(socket, "AF_INET6"): @@ -732,10 +653,7 @@ def serve_forever(self): def handle_error(self, request, client_address): if self.passthrough_errors: raise - # Python 2 still causes a socket.error after the earlier - # handling, so silence it here. - if isinstance(sys.exc_info()[1], _ConnectionError): - return + return HTTPServer.handle_error(self, request, client_address) def get_request(self): @@ -743,7 +661,7 @@ def get_request(self): return con, info -class ThreadedWSGIServer(ThreadingMixIn, BaseWSGIServer): +class ThreadedWSGIServer(socketserver.ThreadingMixIn, BaseWSGIServer): """A WSGI server that does threading.""" @@ -992,8 +910,6 @@ def inner(): _log("info", "Unlinking %s" % server_address) os.unlink(server_address) - # Do not use relative imports, otherwise "python -m werkzeug.serving" - # breaks. from ._reloader import run_with_reloader run_with_reloader(inner, extra_files, reloader_interval, reloader_type) @@ -1011,8 +927,6 @@ def run_with_reloader(*args, **kwargs): def main(): """A simple command-line interface for :py:func:`run_simple`.""" - - # in contrast to argparse, this works at least under Python < 2.7 import optparse from .utils import import_string diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index 6df07174b..186af8959 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -10,11 +10,13 @@ import mimetypes import sys from collections import defaultdict +from http.cookiejar import CookieJar from io import BytesIO from itertools import chain from random import random from tempfile import TemporaryFile from time import time +from urllib.request import Request as _UrllibRequest from ._internal import _get_environ from ._internal import _make_literal_wrapper @@ -41,16 +43,6 @@ from .wsgi import ClosingIterator from .wsgi import get_current_url -try: - from urllib.request import Request as U2Request -except ImportError: - from urllib2 import Request as U2Request - -try: - from http.cookiejar import CookieJar -except ImportError: - from cookielib import CookieJar - def stream_encode_multipart( values, use_tempfile=True, threshold=1024 * 500, boundary=None, charset="utf-8" @@ -90,7 +82,7 @@ def write(string): if not isinstance(values, MultiDict): values = MultiDict(values) - for key, values in iter(values.lists()): + for key, values in values.lists(): for value in values: write(f'--{boundary}\r\nContent-Disposition: form-data; name="{key}"') reader = getattr(value, "read", None) @@ -197,7 +189,7 @@ def extract_wsgi(self, environ, headers): cookie jar. """ self.extract_cookies( - _TestCookieResponse(headers), U2Request(get_current_url(environ)) + _TestCookieResponse(headers), _UrllibRequest(get_current_url(environ)) ) @@ -208,11 +200,11 @@ def _iter_data(data): :class:`EnvironBuilder`. """ if isinstance(data, MultiDict): - for key, values in iter(data.lists()): + for key, values in data.lists(): for value in values: yield key, value else: - for key, values in iter(data.items()): + for key, values in data.items(): if isinstance(values, list): for value in values: yield key, value @@ -647,7 +639,7 @@ def close(self): if self.closed: return try: - files = iter(self.files.values()) + files = self.files.values() except AttributeError: files = () for f in files: diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py index 6885b316c..acf4aca1b 100644 --- a/src/werkzeug/urls.py +++ b/src/werkzeug/urls.py @@ -1,22 +1,12 @@ -""" - werkzeug.urls - ~~~~~~~~~~~~~ - - ``werkzeug.urls`` used to provide several wrapper functions for Python 2 - urlparse, whose main purpose were to work around the behavior of the Py2 - stdlib and its lack of unicode support. While this was already a somewhat - inconvenient situation, it got even more complicated because Python 3's - ``urllib.parse`` actually does handle unicode properly. In other words, - this module would wrap two libraries with completely different behavior. So - now this module contains a 2-and-3-compatible backport of Python 3's - ``urllib.parse``, which is mostly API-compatible. - - :copyright: 2007 Pallets - :license: BSD-3-Clause +"""Functions for working with URLs. + +Contains implementations of functions from :mod:`urllib.parse` that +handle bytes and strings. """ import codecs import os import re +import warnings from collections import namedtuple from ._internal import _decode_idna @@ -43,7 +33,6 @@ _hextobyte = {(a + b).encode(): int(a + b, 16) for a in _hexdigits for b in _hexdigits} _bytetohex = [("%%%02X" % char).encode("ascii") for char in range(256)] - _URLTuple = namedtuple("_URLTuple", ["scheme", "netloc", "path", "query", "fragment"]) @@ -401,7 +390,7 @@ def _unquote_to_bytes(string, unsafe=""): return bytes(result) -def _url_encode_impl(obj, charset, encode_keys, sort, key): +def _url_encode_impl(obj, charset, sort, key): from .datastructures import iter_multi_items iterable = iter_multi_items(obj) @@ -598,8 +587,7 @@ def url_unquote_plus(s, charset="utf-8", errors="replace"): whitespace. Per default encoding errors are ignored. If you want a different behavior - you can set `errors` to ``'replace'`` or ``'strict'``. In strict mode a - :exc:`HTTPUnicodeError` is raised. + you can set `errors` to ``'replace'`` or ``'strict'``. :param s: The string to unquote. :param charset: the charset of the query string. If set to `None` @@ -758,50 +746,40 @@ def iri_to_uri(iri, charset="utf-8", errors="strict", safe_conversion=False): def url_decode( s, charset="utf-8", - decode_keys=False, + decode_keys=None, include_empty=True, errors="replace", separator="&", cls=None, ): - """ - Parse a querystring and return it as :class:`MultiDict`. There is a - difference in key decoding on different Python versions. On Python 3 - keys will always be fully decoded whereas on Python 2, keys will - remain bytestrings if they fit into ASCII. On 2.x keys can be forced - to be unicode by setting `decode_keys` to `True`. - - If the charset is set to `None` no unicode decoding will happen and - raw bytes will be returned. + """Parse a query string and return it as a :class:`MultiDict`. - Per default a missing value for a key will default to an empty key. If - you don't want that behavior you can set `include_empty` to `False`. + :param s: The query string to parse. + :param charset: Decode bytes to string with this charset. If not + given, bytes are returned as-is. + :param include_empty: Include keys with empty values in the dict. + :param errors: Error handling behavior when decoding bytes. + :param separator: Separator character between pairs. + :param cls: Container to hold result instead of :class:`MultiDict`. - Per default encoding errors are ignored. If you want a different behavior - you can set `errors` to ``'replace'`` or ``'strict'``. In strict mode a - `HTTPUnicodeError` is raised. + .. versionchanged:: 2.0 + The ``decode_keys`` argument is deprecated and will be removed + in 2.1. .. versionchanged:: 0.5 - In previous versions ";" and "&" could be used for url decoding. - This changed in 0.5 where only "&" is supported. If you want to - use ";" instead a different `separator` can be provided. - - The `cls` parameter was added. + In previous versions ";" and "&" could be used for url decoding. + Now only "&" is supported. If you want to use ";", a different + ``separator`` can be provided. - :param s: a string with the query string to decode. - :param charset: the charset of the query string. If set to `None` - no unicode decoding will take place. - :param decode_keys: Used on Python 2.x to control whether keys should - be forced to be unicode objects. If set to `True` - then keys will be unicode in all cases. Otherwise, - they remain `str` if they fit into ASCII. - :param include_empty: Set to `False` if you don't want empty values to - appear in the dict. - :param errors: the decoding error behavior. - :param separator: the pair separator to be used, defaults to ``&`` - :param cls: an optional dict class to use. If this is not specified - or `None` the default :class:`MultiDict` is used. + .. versionchanged:: 0.5 + The ``cls`` parameter was added. """ + if decode_keys is not None: + warnings.warn( + "'decode_keys' is deprecated and will be removed in 2.1.", + DeprecationWarning, + stacklevel=2, + ) if cls is None: from .datastructures import MultiDict @@ -810,17 +788,13 @@ def url_decode( separator = separator.decode(charset or "ascii") elif isinstance(s, bytes) and not isinstance(separator, bytes): separator = separator.encode(charset or "ascii") - return cls( - _url_decode_impl( - s.split(separator), charset, decode_keys, include_empty, errors - ) - ) + return cls(_url_decode_impl(s.split(separator), charset, include_empty, errors)) def url_decode_stream( stream, charset="utf-8", - decode_keys=False, + decode_keys=None, include_empty=True, errors="replace", separator="&", @@ -839,10 +813,6 @@ def url_decode_stream( :param stream: a stream with the encoded querystring :param charset: the charset of the query string. If set to `None` no unicode decoding will take place. - :param decode_keys: Used on Python 2.x to control whether keys should - be forced to be unicode objects. If set to `True`, - keys will be unicode in all cases. Otherwise, they - remain `str` if they fit into ASCII. :param include_empty: Set to `False` if you don't want empty values to appear in the dict. :param errors: the decoding error behavior. @@ -854,11 +824,24 @@ def url_decode_stream( :param return_iterator: if set to `True` the `cls` argument is ignored and an iterator over all decoded pairs is returned + + .. versionchanged:: 2.0 + The ``decode_keys`` argument is deprecated and will be removed + in 2.1. + + .. versionadded:: 0.8 """ from .wsgi import make_chunk_iter + if decode_keys is not None: + warnings.warn( + "'decode_keys' is deprecated and will be removed in 2.1.", + DeprecationWarning, + stacklevel=2, + ) + pair_iter = make_chunk_iter(stream, separator, limit) - decoder = _url_decode_impl(pair_iter, charset, decode_keys, include_empty, errors) + decoder = _url_decode_impl(pair_iter, charset, include_empty, errors) if return_iterator: return decoder @@ -871,7 +854,7 @@ def url_decode_stream( return cls(decoder) -def _url_decode_impl(pair_iter, charset, decode_keys, include_empty, errors): +def _url_decode_impl(pair_iter, charset, include_empty, errors): for pair in pair_iter: if not pair: continue @@ -889,37 +872,41 @@ def _url_decode_impl(pair_iter, charset, decode_keys, include_empty, errors): def url_encode( - obj, charset="utf-8", encode_keys=False, sort=False, key=None, separator=b"&" + obj, charset="utf-8", encode_keys=None, sort=False, key=None, separator=b"&" ): """URL encode a dict/`MultiDict`. If a value is `None` it will not appear in the result string. Per default only values are encoded into the target - charset strings. If `encode_keys` is set to ``True`` unicode keys are - supported too. - - If `sort` is set to `True` the items are sorted by `key` or the default - sorting algorithm. - - .. versionadded:: 0.5 - `sort`, `key`, and `separator` were added. + charset strings. :param obj: the object to encode into a query string. :param charset: the charset of the query string. - :param encode_keys: set to `True` if you have unicode keys. (Ignored on - Python 3.x) :param sort: set to `True` if you want parameters to be sorted by `key`. :param separator: the separator to be used for the pairs. :param key: an optional function to be used for sorting. For more details check out the :func:`sorted` documentation. + + .. versionchanged:: 2.0 + The ``encode_keys`` argument is deprecated and will be removed + in 2.1. + + .. versionchanged:: 0.5 + Added the ``sort``, ``key``, and ``separator`` parameters. """ + if encode_keys is not None: + warnings.warn( + "'encode_keys' is deprecated and will be removed in 2.1.", + DeprecationWarning, + stacklevel=2, + ) separator = _to_native(separator, "ascii") - return separator.join(_url_encode_impl(obj, charset, encode_keys, sort, key)) + return separator.join(_url_encode_impl(obj, charset, sort, key)) def url_encode_stream( obj, stream=None, charset="utf-8", - encode_keys=False, + encode_keys=None, sort=False, key=None, separator=b"&", @@ -928,22 +915,30 @@ def url_encode_stream( object. If the stream is `None` a generator over all encoded pairs is returned. - .. versionadded:: 0.8 - :param obj: the object to encode into a query string. :param stream: a stream to write the encoded object into or `None` if an iterator over the encoded pairs should be returned. In that case the separator argument is ignored. :param charset: the charset of the query string. - :param encode_keys: set to `True` if you have unicode keys. (Ignored on - Python 3.x) :param sort: set to `True` if you want parameters to be sorted by `key`. :param separator: the separator to be used for the pairs. :param key: an optional function to be used for sorting. For more details check out the :func:`sorted` documentation. + + .. versionchanged:: 2.0 + The ``encode_keys`` argument is deprecated and will be removed + in 2.1. + + .. versionadded:: 0.8 """ + if encode_keys is not None: + warnings.warn( + "'encode_keys' is deprecated and will be removed in 2.1.", + DeprecationWarning, + stacklevel=2, + ) separator = _to_native(separator, "ascii") - gen = _url_encode_impl(obj, charset, encode_keys, sort, key) + gen = _url_encode_impl(obj, charset, sort, key) if stream is None: return gen for idx, chunk in enumerate(gen): diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index e20e85907..65816761b 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -14,18 +14,13 @@ import pkgutil import re import sys +from html.entities import name2codepoint from ._internal import _DictAccessorProperty from ._internal import _missing from ._internal import _parse_signature from ._internal import _reraise -try: - from html.entities import name2codepoint -except ImportError: - from htmlentitydefs import name2codepoint - - _format_re = re.compile(r"\$(?:(%s)|\{(%s)\})" % (("[a-zA-Z_][a-zA-Z0-9_]*",) * 2)) _entity_re = re.compile(r"&([^;]+);") _filename_ascii_strip_re = re.compile(r"[^A-Za-z0-9_.-]") diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py index d94e193e7..bb1c3e899 100644 --- a/src/werkzeug/wrappers/base_response.py +++ b/src/werkzeug/wrappers/base_response.py @@ -433,8 +433,7 @@ def set_cookie( httponly=False, samesite=None, ): - """Sets a cookie. The parameters are the same as in the cookie `Morsel` - object in the Python standard library but it accepts unicode data, too. + """Sets a cookie. A warning is raised if the size of the cookie header exceeds :attr:`max_cookie_size`, but the header will still be set. diff --git a/src/werkzeug/wrappers/json.py b/src/werkzeug/wrappers/json.py index 8ec1e4ea3..c8fbb3488 100644 --- a/src/werkzeug/wrappers/json.py +++ b/src/werkzeug/wrappers/json.py @@ -2,7 +2,6 @@ import uuid from ..exceptions import BadRequest -from ..utils import detect_utf_encoding try: import simplejson as _json @@ -33,11 +32,6 @@ def dumps(cls, obj, **kw): @staticmethod def loads(s, **kw): - if isinstance(s, bytes): - # Needed for Python < 3.6 - encoding = detect_utf_encoding(s) - s = s.decode(encoding) - return _json.loads(s, **kw) diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py index 5ad217129..9b3b917c0 100644 --- a/src/werkzeug/wsgi.py +++ b/src/werkzeug/wsgi.py @@ -229,14 +229,13 @@ def get_input_stream(environ, safe_fallback=True): def get_query_string(environ): - """Returns the `QUERY_STRING` from the WSGI environment. This also takes - care about the WSGI decoding dance on Python 3 environments as a - native string. The string returned will be restricted to ASCII - characters. + """Returns the ``QUERY_STRING`` from the WSGI environment. This also + takes care of the WSGI decoding dance. The string returned will be + restricted to ASCII characters. - .. versionadded:: 0.9 + :param environ: WSGI environment to get the query string from. - :param environ: the WSGI environment object to get the query string from. + .. versionadded:: 0.9 """ qs = environ.get("QUERY_STRING", "").encode("latin1") # QUERY_STRING really should be ascii safe but some browsers @@ -246,34 +245,30 @@ def get_query_string(environ): def get_path_info(environ, charset="utf-8", errors="replace"): - """Returns the `PATH_INFO` from the WSGI environment and properly - decodes it. This also takes care about the WSGI decoding dance - on Python 3 environments. if the `charset` is set to `None` a - bytestring is returned. + """Return the ``PATH_INFO`` from the WSGI environment and decode it + unless ``charset`` is ``None``. - .. versionadded:: 0.9 + :param environ: WSGI environment to get the path from. + :param charset: The charset for the path info, or ``None`` if no + decoding should be performed. + :param errors: The decoding error handling. - :param environ: the WSGI environment object to get the path from. - :param charset: the charset for the path info, or `None` if no - decoding should be performed. - :param errors: the decoding error handling. + .. versionadded:: 0.9 """ path = environ.get("PATH_INFO", "").encode("latin1") return _to_str(path, charset, errors, allow_none_charset=True) def get_script_name(environ, charset="utf-8", errors="replace"): - """Returns the `SCRIPT_NAME` from the WSGI environment and properly - decodes it. This also takes care about the WSGI decoding dance - on Python 3 environments. if the `charset` is set to `None` a - bytestring is returned. + """Return the ``SCRIPT_NAME`` from the WSGI environment and decode + it unless `charset` is set to ``None``. - .. versionadded:: 0.9 + :param environ: WSGI environment to get the path from. + :param charset: The charset for the path, or ``None`` if no decoding + should be performed. + :param errors: The decoding error handling. - :param environ: the WSGI environment object to get the path from. - :param charset: the charset for the path, or `None` if no - decoding should be performed. - :param errors: the decoding error handling. + .. versionadded:: 0.9 """ path = environ.get("SCRIPT_NAME", "").encode("latin1") return _to_str(path, charset, errors, allow_none_charset=True) diff --git a/tests/middleware/test_shared_data.py b/tests/middleware/test_shared_data.py index a367db7f7..2836dba8e 100644 --- a/tests/middleware/test_shared_data.py +++ b/tests/middleware/test_shared_data.py @@ -1,9 +1,6 @@ import os -import sys from contextlib import closing -import pytest - from werkzeug._internal import _to_native from werkzeug.middleware.shared_data import SharedDataMiddleware from werkzeug.test import create_environ @@ -15,10 +12,6 @@ def test_get_file_loader(): assert callable(app.get_file_loader("foo")) -@pytest.mark.xfail( - sys.version_info.major == 2 and sys.platform == "win32", - reason="TODO fix test for Python 2 on Windows", -) def test_shared_data_middleware(tmpdir): def null_application(environ, start_response): start_response("404 NOT FOUND", [("Content-Type", "text/plain")]) diff --git a/tests/test_serving.py b/tests/test_serving.py index 0f4cafb79..f4f9175b6 100644 --- a/tests/test_serving.py +++ b/tests/test_serving.py @@ -14,6 +14,7 @@ import sys import textwrap import time +from http import client as http_client import pytest import requests.exceptions @@ -22,6 +23,7 @@ from werkzeug import _reloader from werkzeug import serving + try: import cryptography except ImportError: @@ -32,11 +34,6 @@ except ImportError: watchdog = None -try: - from http import client as httplib -except ImportError: - import httplib - require_cryptography = pytest.mark.skipif( cryptography is None, reason="cryptography not installed" @@ -68,7 +65,7 @@ def app(environ, start_response): """ ) - conn = httplib.HTTPConnection(server.addr) + conn = http_client.HTTPConnection(server.addr) conn.request( "GET", "http://surelynotexisting.example.com:1337/index.htm#ignorethis", @@ -422,7 +419,7 @@ def app(environ, start_response): testfile = os.path.join(os.path.dirname(__file__), "res", "chunked.http") - conn = httplib.HTTPConnection("127.0.0.1", server.port) + conn = http_client.HTTPConnection("127.0.0.1", server.port) conn.connect() conn.putrequest("POST", "/", skip_host=1, skip_accept_encoding=1) conn.putheader("Accept", "text/plain") @@ -462,7 +459,7 @@ def app(environ, start_response): testfile = os.path.join(os.path.dirname(__file__), "res", "chunked.http") - conn = httplib.HTTPConnection("127.0.0.1", server.port) + conn = http_client.HTTPConnection("127.0.0.1", server.port) conn.connect() conn.putrequest("POST", "/", skip_host=1, skip_accept_encoding=1) conn.putheader("Accept", "text/plain") @@ -496,7 +493,7 @@ def app(environ, start_response): """ ) - conn = httplib.HTTPConnection("127.0.0.1", server.port) + conn = http_client.HTTPConnection("127.0.0.1", server.port) conn.connect() conn.putrequest("GET", "/") conn.putheader("Accept", "text/plain") @@ -532,7 +529,7 @@ def app(environ, start_response): """ ) - conn = httplib.HTTPConnection("127.0.0.1", server.port) + conn = http_client.HTTPConnection("127.0.0.1", server.port) conn.connect() conn.putrequest("GET", "/") conn.putheader("Accept", "text/plain") diff --git a/tests/test_urls.py b/tests/test_urls.py index 4da902082..861235e57 100644 --- a/tests/test_urls.py +++ b/tests/test_urls.py @@ -105,7 +105,7 @@ def test_url_decoding(): strict_eq(x["bar"], "23") strict_eq(x["uni"], "Hänsel") - x = urls.url_decode(b"%C3%9Ch=H%C3%A4nsel", decode_keys=True) + x = urls.url_decode(b"%C3%9Ch=H%C3%A4nsel") strict_eq(x["Üh"], "Hänsel") From e5d33c0e7a4709b4a6ebfbdd35197f657cf7fc7b Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 14 Mar 2020 16:03:01 -0700 Subject: [PATCH 145/733] add pyupgrade pre-commit hook --- .pre-commit-config.yaml | 13 ++++++++++--- setup.cfg | 12 ++++-------- setup.py | 5 ++--- src/werkzeug/datastructures.py | 2 +- src/werkzeug/debug/repr.py | 15 ++++++--------- src/werkzeug/formparser.py | 4 ++-- src/werkzeug/test.py | 2 +- src/werkzeug/wrappers/cors.py | 4 ++-- tests/test_http.py | 2 +- tests/test_wsgi.py | 4 ++-- 10 files changed, 31 insertions(+), 32 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a92c42137..7297d8adc 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,11 @@ repos: + - repo: https://github.com/asottile/pyupgrade + rev: v2.1.0 + hooks: + - id: pyupgrade + args: ["--py36-plus"] - repo: https://github.com/asottile/reorder_python_imports - rev: v1.8.0 + rev: v2.1.0 hooks: - id: reorder-python-imports name: Reorder Python imports (src, tests) @@ -18,9 +23,11 @@ repos: rev: 3.7.9 hooks: - id: flake8 - additional_dependencies: [flake8-bugbear] + additional_dependencies: + - flake8-bugbear + - flake8-implicit-str-concat - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v2.4.0 + rev: v2.5.0 hooks: - id: check-byte-order-marker - id: trailing-whitespace diff --git a/setup.cfg b/setup.cfg index 3348dc305..145b701de 100644 --- a/setup.cfg +++ b/setup.cfg @@ -4,15 +4,11 @@ long_description_content_type = text/x-rst [tool:pytest] testpaths = tests -norecursedirs = tests/hypothesis filterwarnings = error ignore::requests.packages.urllib3.exceptions.InsecureRequestWarning ; warning about collections.abc fixed in watchdog master ignore::DeprecationWarning:watchdog.utils.bricks:175 - ; DeprecationWarnings from Werkzeug - ignore:.* version 1\.0:DeprecationWarning - ignore:The default 'Secure:UserWarning [coverage:run] branch = True @@ -22,9 +18,8 @@ source = [coverage:paths] source = - src/werkzeug - .tox/*/lib/python*/site-packages/werkzeug - .tox/*/site-packages/werkzeug + src + */site-packages [flake8] # B = bugbear @@ -32,7 +27,8 @@ source = # F = flake8 pyflakes # W = pycodestyle warnings # B9 = bugbear opinions -select = B, E, F, W, B9 +# ISC = implicit-str-concat +select = B, E, F, W, B9, ISC ignore = # slice notation whitespace, invalid E203 diff --git a/setup.py b/setup.py index e96707dac..cf16e904d 100644 --- a/setup.py +++ b/setup.py @@ -1,13 +1,12 @@ -import io import re from setuptools import find_packages from setuptools import setup -with io.open("README.rst", "rt", encoding="utf8") as f: +with open("README.rst", encoding="utf8") as f: readme = f.read() -with io.open("src/werkzeug/__init__.py", "rt", encoding="utf8") as f: +with open("src/werkzeug/__init__.py", encoding="utf8") as f: version = re.search(r'__version__ = "(.*?)"', f.read(), re.M).group(1) setup( diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 401a20036..7df1fd3f5 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -2765,7 +2765,7 @@ def __str__(self): return self.to_header() def __repr__(self): - return "<{} {!r}>".format(self.__class__.__name__, self.to_header()) + return f"<{self.__class__.__name__} {self.to_header()!r}>" def auth_property(name, doc=None): # noqa: B902 """A static helper function for subclasses to add extra authentication diff --git a/src/werkzeug/debug/repr.py b/src/werkzeug/debug/repr.py index d80866dc8..81bb40567 100644 --- a/src/werkzeug/debug/repr.py +++ b/src/werkzeug/debug/repr.py @@ -80,7 +80,7 @@ def __call__(self, topic=None): if len(paragraphs) > 1: title = paragraphs[0] text = "\n\n".join(paragraphs[1:]) - else: # pragma: no cover + else: title = "Help" text = paragraphs[0] sys.stdout._write(HELP_HTML % {"title": title, "text": text}) @@ -131,17 +131,14 @@ def proxy(self, obj, recursive): set_repr = _sequence_repr_maker("set([", "])", set) frozenset_repr = _sequence_repr_maker("frozenset([", "])", frozenset) deque_repr = _sequence_repr_maker( - 'collections.' "deque([", "])", deque + 'collections.deque([', "])", deque ) del _sequence_repr_maker def regex_repr(self, obj): pattern = repr(obj.pattern) pattern = codecs.decode(pattern, "unicode-escape", "ignore") - if pattern[:1] == "u": - pattern = "ur" + pattern[1:] - else: - pattern = "r" + pattern + pattern = "r" + pattern return 're.compile(%s)' % pattern def string_repr(self, obj, limit=70): @@ -165,7 +162,7 @@ def string_repr(self, obj, limit=70): out = "".join(buf) # if the repr looks like a standard string, add subclass info if needed - if r[0] in "'\"" or (r[0] in "ub" and r[1] in "'\""): + if r[0] in "'\"" or (r[0] == "b" and r[1] in "'\""): return _add_subclass_info(out, obj, (bytes, str)) # otherwise, assume the repr distinguishes the subclass already @@ -222,9 +219,9 @@ def dispatch_repr(self, obj, recursive): def fallback_repr(self): try: info = "".join(format_exception_only(*sys.exc_info()[:2])) - except Exception: # pragma: no cover + except Exception: info = "?" - return '<broken repr (%s)>' "" % escape( + return '<broken repr (%s)>' % escape( info.strip() ) diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py index 4dea8d9de..6510ff0a3 100644 --- a/src/werkzeug/formparser.py +++ b/src/werkzeug/formparser.py @@ -415,7 +415,7 @@ def validate_boundary(self, boundary): self.fail("Missing boundary") if not is_valid_multipart_boundary(boundary): self.fail("Invalid boundary: %s" % boundary) - if len(boundary) > self.buffer_size: # pragma: no cover + if len(boundary) > self.buffer_size: # this should never happen because we check for a minimum size # of 1024 and boundaries may not be longer than 200. The only # situation when this happens is for non debug builds where @@ -515,7 +515,7 @@ def parse_lines(self, file, boundary, content_length, cap_at_buffer=True): cutoff = -1 yield _cont, line[:cutoff] - else: # pragma: no cover + else: raise ValueError("unexpected end of part") # if we have a leftover in the buffer that is not a newline diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index 186af8959..c5e487696 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -52,7 +52,7 @@ def stream_encode_multipart( in a file descriptor. """ if boundary is None: - boundary = "---------------WerkzeugFormPart_{}{}".format(time(), random()) + boundary = f"---------------WerkzeugFormPart_{time()}{random()}" _closure = [BytesIO(), 0, False] if use_tempfile: diff --git a/src/werkzeug/wrappers/cors.py b/src/werkzeug/wrappers/cors.py index 502fcf17f..6b8283d69 100644 --- a/src/werkzeug/wrappers/cors.py +++ b/src/werkzeug/wrappers/cors.py @@ -4,7 +4,7 @@ from ..utils import header_property -class CORSRequestMixin(object): +class CORSRequestMixin: """A mixin for :class:`~werkzeug.wrappers.BaseRequest` subclasses that adds descriptors for Cross Origin Resource Sharing (CORS) headers. @@ -43,7 +43,7 @@ class CORSRequestMixin(object): ) -class CORSResponseMixin(object): +class CORSResponseMixin: """A mixin for :class:`~werkzeug.wrappers.BaseResponse` subclasses that adds descriptors for Cross Origin Resource Sharing (CORS) headers. diff --git a/tests/test_http.py b/tests/test_http.py index 8bb7ab0cc..045543195 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -312,7 +312,7 @@ def test_parse_options_header(self): ) # Issue #404 assert http.parse_options_header( - 'multipart/form-data; name="foo bar"; ' 'filename="bar foo"' + 'multipart/form-data; name="foo bar"; filename="bar foo"' ) == ("multipart/form-data", {"name": "foo bar", "filename": "bar foo"}) # Examples from RFC assert http.parse_options_header("audio/*; q=0.2, audio/basic") == ( diff --git a/tests/test_wsgi.py b/tests/test_wsgi.py index 5dcde5d7d..36eda104e 100644 --- a/tests/test_wsgi.py +++ b/tests/test_wsgi.py @@ -327,12 +327,12 @@ def test_multi_part_line_breaks_bytes(): b"ABCDEFGHIJK", ] - data = b"abc\r\nThis line is broken by the buffer length." b"\r\nFoo bar baz" + data = b"abc\r\nThis line is broken by the buffer length.\r\nFoo bar baz" test_stream = io.BytesIO(data) lines = list(wsgi.make_line_iter(test_stream, limit=len(data), buffer_size=24)) assert lines == [ b"abc\r\n", - b"This line is broken by the buffer " b"length.\r\n", + b"This line is broken by the buffer length.\r\n", b"Foo bar baz", ] From a7a8c4f3a5c4ae3eb164dd41d9f3bb91623c80e0 Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 14 Mar 2020 16:03:30 -0700 Subject: [PATCH 146/733] run pyupgrade on examples --- bench/wzbench.py | 16 ++++++++++------ docs/conf.py | 4 ++-- examples/coolmagic/__init__.py | 1 - examples/coolmagic/application.py | 3 +-- examples/coolmagic/helpers.py | 1 - examples/coolmagic/utils.py | 3 +-- examples/coolmagic/views/__init__.py | 1 - examples/coolmagic/views/static.py | 1 - examples/couchy/application.py | 2 +- examples/couchy/models.py | 4 ++-- examples/couchy/utils.py | 2 +- examples/cupoftee/__init__.py | 1 - examples/cupoftee/application.py | 3 +-- examples/cupoftee/db.py | 3 +-- examples/cupoftee/network.py | 13 ++++++------- examples/cupoftee/pages.py | 5 ++--- examples/cupoftee/utils.py | 1 - examples/httpbasicauth.py | 3 +-- examples/i18nurls/application.py | 6 +++--- examples/manage-coolmagic.py | 1 - examples/manage-i18nurls.py | 1 - examples/manage-plnt.py | 1 - examples/manage-shorty.py | 2 +- examples/manage-simplewiki.py | 1 - examples/manage-webpylike.py | 1 - examples/plnt/__init__.py | 1 - examples/plnt/database.py | 11 +++++------ examples/plnt/sync.py | 1 - examples/plnt/utils.py | 11 +++++------ examples/plnt/views.py | 1 - examples/plnt/webapp.py | 3 +-- examples/shortly/shortly.py | 3 +-- examples/shorty/application.py | 2 +- examples/shorty/models.py | 2 +- examples/shorty/utils.py | 2 +- examples/simplewiki/__init__.py | 1 - examples/simplewiki/actions.py | 7 +++---- examples/simplewiki/application.py | 5 ++--- examples/simplewiki/database.py | 11 +++++------ examples/simplewiki/specialpages.py | 1 - examples/simplewiki/utils.py | 3 +-- examples/webpylike/example.py | 1 - examples/webpylike/webpylike.py | 5 ++--- 43 files changed, 61 insertions(+), 90 deletions(-) diff --git a/bench/wzbench.py b/bench/wzbench.py index d2671a09d..0331d19a5 100755 --- a/bench/wzbench.py +++ b/bench/wzbench.py @@ -80,7 +80,7 @@ def load_werkzeug(path): # get the real version from the setup file try: f = open(os.path.join(path, "setup.py")) - except IOError: + except OSError: pass else: try: @@ -248,7 +248,11 @@ def hg(*x): delta = "==" else: delta = "%+.4f (%+d%%)" % (delta, round(d2[key] / d1[key] * 100 - 100)) - print("%36s %.4f %.4f %s" % (format_func(key), d1[key], d2[key], delta)) + print( + "{:>36} {:.4f} {:.4f} {}".format( + format_func(key), d1[key], d2[key], delta + ) + ) print("-" * 80) @@ -278,7 +282,7 @@ def run(path, no_header=False): return result -URL_DECODED_DATA = dict((str(x), str(x)) for x in range(100)) +URL_DECODED_DATA = {str(x): str(x) for x in range(100)} URL_ENCODED_DATA = "&".join("%s=%s" % x for x in URL_DECODED_DATA.items()) MULTIPART_ENCODED_DATA = "\n".join( ( @@ -359,7 +363,7 @@ def after_multidict_lookup_miss(): def time_cached_property(): - class Foo(object): + class Foo: @wz.cached_property def x(self): return 42 @@ -425,13 +429,13 @@ def after_request_shallow_init(): def time_response_iter_performance(): - resp = wz.Response(u"Hällo Wörld " * 1000, mimetype="text/html") + resp = wz.Response("Hällo Wörld " * 1000, mimetype="text/html") for _ in resp({"REQUEST_METHOD": "GET"}, lambda *s: None): pass def time_response_iter_head_performance(): - resp = wz.Response(u"Hällo Wörld " * 1000, mimetype="text/html") + resp = wz.Response("Hällo Wörld " * 1000, mimetype="text/html") for _ in resp({"REQUEST_METHOD": "HEAD"}, lambda *s: None): pass diff --git a/docs/conf.py b/docs/conf.py index 53e6a1ef5..11cd39681 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -41,11 +41,11 @@ html_static_path = ["_static"] html_favicon = "_static/favicon.ico" html_logo = "_static/werkzeug.png" -html_title = "Werkzeug Documentation ({})".format(version) +html_title = f"Werkzeug Documentation ({version})" html_show_sourcelink = False # LaTeX ---------------------------------------------------------------- latex_documents = [ - (master_doc, "Werkzeug-{}.tex".format(version), html_title, author, "manual") + (master_doc, f"Werkzeug-{version}.tex", html_title, author, "manual") ] diff --git a/examples/coolmagic/__init__.py b/examples/coolmagic/__init__.py index 0526f1d69..77a0324c1 100644 --- a/examples/coolmagic/__init__.py +++ b/examples/coolmagic/__init__.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ coolmagic ~~~~~~~~~ diff --git a/examples/coolmagic/application.py b/examples/coolmagic/application.py index 730f4d83e..f6ee8a0b2 100644 --- a/examples/coolmagic/application.py +++ b/examples/coolmagic/application.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ coolmagic.application ~~~~~~~~~~~~~~~~~~~~~ @@ -26,7 +25,7 @@ from .utils import Request -class CoolMagicApplication(object): +class CoolMagicApplication: """ The application class. It's passed a directory with configuration values. """ diff --git a/examples/coolmagic/helpers.py b/examples/coolmagic/helpers.py index 4cd4ac45a..61cf14bda 100644 --- a/examples/coolmagic/helpers.py +++ b/examples/coolmagic/helpers.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ coolmagic.helpers ~~~~~~~~~~~~~~~~~ diff --git a/examples/coolmagic/utils.py b/examples/coolmagic/utils.py index 4140eb537..da301b263 100644 --- a/examples/coolmagic/utils.py +++ b/examples/coolmagic/utils.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ coolmagic.utils ~~~~~~~~~~~~~~~ @@ -76,7 +75,7 @@ def __init__(self, environ, url_adapter): local.request = self -class ThreadedRequest(object): +class ThreadedRequest: """ A pseudo request object that always poins to the current context active request. diff --git a/examples/coolmagic/views/__init__.py b/examples/coolmagic/views/__init__.py index 1dba83e69..9052b42d3 100644 --- a/examples/coolmagic/views/__init__.py +++ b/examples/coolmagic/views/__init__.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ coolmagic.views ~~~~~~~~~~~~~~~ diff --git a/examples/coolmagic/views/static.py b/examples/coolmagic/views/static.py index f4f954092..12ef930c4 100644 --- a/examples/coolmagic/views/static.py +++ b/examples/coolmagic/views/static.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ coolmagic.views.static ~~~~~~~~~~~~~~~~~~~~~~ diff --git a/examples/couchy/application.py b/examples/couchy/application.py index b958dcbc3..04ef6232c 100644 --- a/examples/couchy/application.py +++ b/examples/couchy/application.py @@ -13,7 +13,7 @@ from .utils import url_map -class Couchy(object): +class Couchy: def __init__(self, db_uri): local.application = self diff --git a/examples/couchy/models.py b/examples/couchy/models.py index a0b50ca17..252141f4f 100644 --- a/examples/couchy/models.py +++ b/examples/couchy/models.py @@ -18,7 +18,7 @@ class URL(Document): @classmethod def load(cls, id): - return super(URL, cls).load(URL.db, id) + return super().load(URL.db, id) @classmethod def query(cls, code): @@ -39,7 +39,7 @@ def store(self): break self._data = URL.db.get(docid) else: - super(URL, self).store(URL.db) + super().store(URL.db) return self @property diff --git a/examples/couchy/utils.py b/examples/couchy/utils.py index 7a06e690f..03d168139 100644 --- a/examples/couchy/utils.py +++ b/examples/couchy/utils.py @@ -56,7 +56,7 @@ def get_random_uid(): return "".join(sample(URL_CHARS, randrange(3, 9))) -class Pagination(object): +class Pagination: def __init__(self, results, per_page, page, endpoint): self.results = results self.per_page = per_page diff --git a/examples/cupoftee/__init__.py b/examples/cupoftee/__init__.py index 184c5d0d9..8f9c9cb83 100644 --- a/examples/cupoftee/__init__.py +++ b/examples/cupoftee/__init__.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ cupoftee ~~~~~~~~ diff --git a/examples/cupoftee/application.py b/examples/cupoftee/application.py index 17c8e53a9..2b0b5f2b4 100644 --- a/examples/cupoftee/application.py +++ b/examples/cupoftee/application.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ cupoftee.application ~~~~~~~~~~~~~~~~~~~~ @@ -87,7 +86,7 @@ def get_response(self): return Response(self.render_template(), mimetype="text/html") -class Cup(object): +class Cup: def __init__(self, database, interval=120): self.jinja_env = Environment(loader=PackageLoader("cupoftee"), autoescape=True) self.interval = interval diff --git a/examples/cupoftee/db.py b/examples/cupoftee/db.py index 043ab7e91..1e833a173 100644 --- a/examples/cupoftee/db.py +++ b/examples/cupoftee/db.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ cupoftee.db ~~~~~~~~~~~ @@ -15,7 +14,7 @@ from threading import Lock -class Database(object): +class Database: def __init__(self, filename): self.filename = filename self._fs = dbm.open(filename, "cf") diff --git a/examples/cupoftee/network.py b/examples/cupoftee/network.py index c083efd4a..c288002dc 100644 --- a/examples/cupoftee/network.py +++ b/examples/cupoftee/network.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ cupoftee.network ~~~~~~~~~~~~~~~~~ @@ -19,13 +18,13 @@ class ServerError(Exception): pass -class Syncable(object): +class Syncable: last_sync = None def sync(self): try: self._sync() - except (socket.error, socket.timeout, IOError): + except (OSError, socket.timeout): return False self.last_sync = datetime.utcnow() return True @@ -43,12 +42,12 @@ def _sync(self): print(addr) try: self._sync_master(addr, to_delete) - except (socket.error, socket.timeout, IOError): + except (OSError, socket.timeout): continue for server_id in to_delete: self.servers.pop(server_id, None) if not self.servers: - raise IOError("no servers found") + raise OSError("no servers found") self.cup.db.sync() def _sync_master(self, addr, to_delete): @@ -98,7 +97,7 @@ def _sync(self): ) # sync the player stats - players = dict((p.name, p) for p in self.players) + players = {p.name: p for p in self.players} for i in range(player_count): name = bits[8 + i * 2].decode("latin1") score = int(bits[9 + i * 2]) @@ -125,7 +124,7 @@ def __cmp__(self, other): return unicodecmp(self.name, other.name) -class Player(object): +class Player: def __init__(self, server, name, score): self.server = server self.name = name diff --git a/examples/cupoftee/pages.py b/examples/cupoftee/pages.py index c1a823b72..bb36a38bf 100644 --- a/examples/cupoftee/pages.py +++ b/examples/cupoftee/pages.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ cupoftee.pages ~~~~~~~~~~~~~~ @@ -29,7 +28,7 @@ def order_link(self, name, title): cls = ' class="%s"' % ("down" if desc else "up") if desc: link += "&dir=desc" - return '%s' % (link, cls, title) + return f'{title}' def process(self): self.order_by = self.request.args.get("order_by") or "name" @@ -80,6 +79,6 @@ def process(self): class MissingPage(Page): def get_response(self): - response = super(MissingPage, self).get_response() + response = super().get_response() response.status_code = 404 return response diff --git a/examples/cupoftee/utils.py b/examples/cupoftee/utils.py index 91717e857..15c95102a 100644 --- a/examples/cupoftee/utils.py +++ b/examples/cupoftee/utils.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ cupoftee.utils ~~~~~~~~~~~~~~ diff --git a/examples/httpbasicauth.py b/examples/httpbasicauth.py index 21d39300e..af6d8c69a 100644 --- a/examples/httpbasicauth.py +++ b/examples/httpbasicauth.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ HTTP Basic Auth Example ~~~~~~~~~~~~~~~~~~~~~~~ @@ -14,7 +13,7 @@ from werkzeug.wrappers import Response -class Application(object): +class Application: def __init__(self, users, realm="login required"): self.users = users self.realm = realm diff --git a/examples/i18nurls/application.py b/examples/i18nurls/application.py index 103f60013..47d7db9b4 100644 --- a/examples/i18nurls/application.py +++ b/examples/i18nurls/application.py @@ -26,7 +26,7 @@ def wrapped(f): class Request(_Request): def __init__(self, environ, urls): - super(Request, self).__init__(environ) + super().__init__(environ) self.urls = urls self.matched_url = None @@ -58,14 +58,14 @@ def __call__(self, environ, start_response): values = self.template_values.copy() values["req"] = req self.data = self.render_template(self.template_name, values) - return super(TemplateResponse, self).__call__(environ, start_response) + return super().__call__(environ, start_response) def render_template(self, name, values): template = self.jinja_env.get_template(name) return template.render(values) -class Application(object): +class Application: def __init__(self): from i18nurls import views diff --git a/examples/manage-coolmagic.py b/examples/manage-coolmagic.py index f6abe80e4..f5817d38e 100755 --- a/examples/manage-coolmagic.py +++ b/examples/manage-coolmagic.py @@ -1,5 +1,4 @@ #!/usr/bin/env python -# -*- coding: utf-8 -*- """ Manage Coolmagic ~~~~~~~~~~~~~~~~ diff --git a/examples/manage-i18nurls.py b/examples/manage-i18nurls.py index a2b746a2c..2a1330e84 100755 --- a/examples/manage-i18nurls.py +++ b/examples/manage-i18nurls.py @@ -1,5 +1,4 @@ #!/usr/bin/env python -# -*- coding: utf-8 -*- """ Manage i18nurls ~~~~~~~~~~~~~~~ diff --git a/examples/manage-plnt.py b/examples/manage-plnt.py index 80a03f78e..0afca374c 100755 --- a/examples/manage-plnt.py +++ b/examples/manage-plnt.py @@ -1,5 +1,4 @@ #!/usr/bin/env python -# -*- coding: utf-8 -*- """ Manage plnt ~~~~~~~~~~~ diff --git a/examples/manage-shorty.py b/examples/manage-shorty.py index 80fb3731b..f70fffdd0 100755 --- a/examples/manage-shorty.py +++ b/examples/manage-shorty.py @@ -10,7 +10,7 @@ def make_app(): from shorty.application import Shorty filename = os.path.join(tempfile.gettempdir(), "shorty.db") - return Shorty("sqlite:///{0}".format(filename)) + return Shorty(f"sqlite:///{filename}") def make_shell(): diff --git a/examples/manage-simplewiki.py b/examples/manage-simplewiki.py index 5fd66b853..097883924 100755 --- a/examples/manage-simplewiki.py +++ b/examples/manage-simplewiki.py @@ -1,5 +1,4 @@ #!/usr/bin/env python -# -*- coding: utf-8 -*- """ Manage SimpleWiki ~~~~~~~~~~~~~~~~~ diff --git a/examples/manage-webpylike.py b/examples/manage-webpylike.py index 010bdcee5..974cf3562 100755 --- a/examples/manage-webpylike.py +++ b/examples/manage-webpylike.py @@ -1,5 +1,4 @@ #!/usr/bin/env python -# -*- coding: utf-8 -*- """ Manage web.py like application ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/examples/plnt/__init__.py b/examples/plnt/__init__.py index 7ade4b726..5a6a0c39c 100644 --- a/examples/plnt/__init__.py +++ b/examples/plnt/__init__.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ plnt ~~~~ diff --git a/examples/plnt/database.py b/examples/plnt/database.py index 78e4ab6a9..4334dced4 100644 --- a/examples/plnt/database.py +++ b/examples/plnt/database.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ plnt.database ~~~~~~~~~~~~~ @@ -56,24 +55,24 @@ def new_db_session(): ) -class Blog(object): +class Blog: query = session.query_property() - def __init__(self, name, url, feed_url, description=u""): + def __init__(self, name, url, feed_url, description=""): self.name = name self.url = url self.feed_url = feed_url self.description = description def __repr__(self): - return "<%s %r>" % (self.__class__.__name__, self.url) + return f"<{self.__class__.__name__} {self.url!r}>" -class Entry(object): +class Entry: query = session.query_property() def __repr__(self): - return "<%s %r>" % (self.__class__.__name__, self.guid) + return f"<{self.__class__.__name__} {self.guid!r}>" mapper(Entry, entry_table) diff --git a/examples/plnt/sync.py b/examples/plnt/sync.py index e12ab8445..d5b753cd1 100644 --- a/examples/plnt/sync.py +++ b/examples/plnt/sync.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ plnt.sync ~~~~~~~~~ diff --git a/examples/plnt/utils.py b/examples/plnt/utils.py index 9d3ff74a7..2160fafd9 100644 --- a/examples/plnt/utils.py +++ b/examples/plnt/utils.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ plnt.utils ~~~~~~~~~~ @@ -78,7 +77,7 @@ def render_template(template_name, **context): def nl2p(s): """Add paragraphs to a text.""" - return u"\n".join(u"

    %s

    " % p for p in _par_re.split(s)) + return "\n".join("

    %s

    " % p for p in _par_re.split(s)) def url_for(endpoint, **kw): @@ -97,18 +96,18 @@ def handle_match(m): try: return chr(int(name[2:], 16)) except ValueError: - return u"" + return "" elif name.startswith("#"): try: return chr(int(name[1:])) except ValueError: - return u"" - return u"" + return "" + return "" return _entity_re.sub(handle_match, _striptags_re.sub("", s)) -class Pagination(object): +class Pagination: """ Paginate a SQLAlchemy query object. """ diff --git a/examples/plnt/views.py b/examples/plnt/views.py index d64e98e38..6d8668d5f 100644 --- a/examples/plnt/views.py +++ b/examples/plnt/views.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ plnt.views ~~~~~~~~~~ diff --git a/examples/plnt/webapp.py b/examples/plnt/webapp.py index dee7336b1..347148137 100644 --- a/examples/plnt/webapp.py +++ b/examples/plnt/webapp.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ plnt.webapp ~~~~~~~~~~~ @@ -28,7 +27,7 @@ SHARED_DATA = path.join(path.dirname(__file__), "shared") -class Plnt(object): +class Plnt: def __init__(self, database_uri): self.database_engine = create_engine(database_uri) diff --git a/examples/shortly/shortly.py b/examples/shortly/shortly.py index a3ff9f7fc..abe97e147 100644 --- a/examples/shortly/shortly.py +++ b/examples/shortly/shortly.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ shortly ~~~~~~~ @@ -44,7 +43,7 @@ def get_hostname(url): return url_parse(url).netloc -class Shortly(object): +class Shortly: def __init__(self, config): self.redis = redis.Redis(config["redis_host"], config["redis_port"]) template_path = os.path.join(os.path.dirname(__file__), "templates") diff --git a/examples/shorty/application.py b/examples/shorty/application.py index af7934446..adb8e9787 100644 --- a/examples/shorty/application.py +++ b/examples/shorty/application.py @@ -14,7 +14,7 @@ from .utils import url_map -class Shorty(object): +class Shorty: def __init__(self, db_uri): local.application = self self.database_engine = create_engine(db_uri, convert_unicode=True) diff --git a/examples/shorty/models.py b/examples/shorty/models.py index 7d0df5bd8..b02b40142 100644 --- a/examples/shorty/models.py +++ b/examples/shorty/models.py @@ -22,7 +22,7 @@ ) -class URL(object): +class URL: query = session.query_property() def __init__(self, target, public=True, uid=None, added=None): diff --git a/examples/shorty/utils.py b/examples/shorty/utils.py index 2a2a766c5..2d9fe0e10 100644 --- a/examples/shorty/utils.py +++ b/examples/shorty/utils.py @@ -66,7 +66,7 @@ def get_random_uid(): return "".join(sample(URL_CHARS, randrange(3, 9))) -class Pagination(object): +class Pagination: def __init__(self, query, per_page, page, endpoint): self.query = query self.per_page = per_page diff --git a/examples/simplewiki/__init__.py b/examples/simplewiki/__init__.py index 591a06e93..fae8a2695 100644 --- a/examples/simplewiki/__init__.py +++ b/examples/simplewiki/__init__.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ simplewiki ~~~~~~~~~~ diff --git a/examples/simplewiki/actions.py b/examples/simplewiki/actions.py index c9a88b41c..c8eb80023 100644 --- a/examples/simplewiki/actions.py +++ b/examples/simplewiki/actions.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ simplewiki.actions ~~~~~~~~~~~~~~~~~~ @@ -103,14 +102,14 @@ def on_diff(request, page_name): if not (old and new): error = "No revisions specified." else: - revisions = dict( - (x.revision_id, x) + revisions = { + x.revision_id: x for x in Revision.query.filter( (Revision.revision_id.in_((old, new))) & (Revision.page_id == Page.page_id) & (Page.name == page_name) ) - ) + } if len(revisions) != 2: error = "At least one of the revisions requested does not exist." else: diff --git a/examples/simplewiki/application.py b/examples/simplewiki/application.py index 5f85eef3c..4d905108e 100644 --- a/examples/simplewiki/application.py +++ b/examples/simplewiki/application.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ simplewiki.application ~~~~~~~~~~~~~~~~~~~~~~ @@ -32,7 +31,7 @@ SHARED_DATA = path.join(path.dirname(__file__), "shared") -class SimpleWiki(object): +class SimpleWiki: """ Our central WSGI application. """ @@ -73,7 +72,7 @@ def dispatch_request(self, environ, start_response): # get the current action from the url and normalize the page name # which is just the request path action_name = request.args.get("action") or "show" - page_name = u"_".join([x for x in request.path.strip("/").split() if x]) + page_name = "_".join([x for x in request.path.strip("/").split() if x]) # redirect to the Main_Page if the user requested the index if not page_name: diff --git a/examples/simplewiki/database.py b/examples/simplewiki/database.py index b808aae0e..64a135fbf 100644 --- a/examples/simplewiki/database.py +++ b/examples/simplewiki/database.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ simplewiki.database ~~~~~~~~~~~~~~~~~~~ @@ -67,7 +66,7 @@ def new_db_session(): ) -class Revision(object): +class Revision: """ Represents one revision of a page. This is useful for editing particular revision of pages or creating @@ -91,10 +90,10 @@ def render(self): return parse_creole(self.text) def __repr__(self): - return "<%s %r:%r>" % (self.__class__.__name__, self.page_id, self.revision_id) + return f"<{self.__class__.__name__} {self.page_id!r}:{self.revision_id!r}>" -class Page(object): +class Page: """ Represents a simple page without any revisions. This is for example used in the page index where the page contents are not relevant. @@ -110,7 +109,7 @@ def title(self): return self.name.replace("_", " ") def __repr__(self): - return "<%s %r>" % (self.__class__.__name__, self.name) + return f"<{self.__class__.__name__} {self.name!r}>" class RevisionedPage(Page, Revision): @@ -129,7 +128,7 @@ def __init__(self): ) def __repr__(self): - return "<%s %r:%r>" % (self.__class__.__name__, self.name, self.revision_id) + return f"<{self.__class__.__name__} {self.name!r}:{self.revision_id!r}>" # setup mappers diff --git a/examples/simplewiki/specialpages.py b/examples/simplewiki/specialpages.py index 9636f7ca7..204296c5f 100644 --- a/examples/simplewiki/specialpages.py +++ b/examples/simplewiki/specialpages.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ simplewiki.specialpages ~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/examples/simplewiki/utils.py b/examples/simplewiki/utils.py index 66289e8b2..8635ef51a 100644 --- a/examples/simplewiki/utils.py +++ b/examples/simplewiki/utils.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ simplewiki.utils ~~~~~~~~~~~~~~~~ @@ -107,7 +106,7 @@ def __init__( BaseResponse.__init__(self, response, status, headers, mimetype, content_type) -class Pagination(object): +class Pagination: """ Paginate a SQLAlchemy query object. """ diff --git a/examples/webpylike/example.py b/examples/webpylike/example.py index 0bb6896d8..6663ac549 100644 --- a/examples/webpylike/example.py +++ b/examples/webpylike/example.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ Example application based on weblikepy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/examples/webpylike/webpylike.py b/examples/webpylike/webpylike.py index 0a7325cab..6eb6bfeb9 100644 --- a/examples/webpylike/webpylike.py +++ b/examples/webpylike/webpylike.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ webpylike ~~~~~~~~~ @@ -28,7 +27,7 @@ class Response(BaseResponse): """Encapsulates a response.""" -class View(object): +class View: """Baseclass for our views.""" def __init__(self, app, req): @@ -44,7 +43,7 @@ def HEAD(self): return self.GET() -class WebPyApp(object): +class WebPyApp: """ An interface to a web.py like application. It works like the web.run function in web.py From 95c64574bf86067f9841c12f0c7be41effef144b Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 14 Mar 2020 18:14:34 -0700 Subject: [PATCH 147/733] use "str" and "bytes" instead of "unicode" --- README.rst | 8 +- docs/deployment/cgi.rst | 3 - docs/exceptions.rst | 5 - docs/http.rst | 2 +- docs/index.rst | 6 +- docs/installation.rst | 79 ++------------- docs/quickstart.rst | 26 ++--- docs/serving.rst | 12 +-- docs/terms.rst | 2 +- docs/test.rst | 4 +- docs/tutorial.rst | 2 +- docs/unicode.rst | 134 ++++++++++--------------- docs/wsgi.rst | 30 +++--- examples/cupoftee/utils.py | 2 +- src/werkzeug/datastructures.py | 14 +-- src/werkzeug/debug/repr.py | 2 +- src/werkzeug/debug/tbtools.py | 4 +- src/werkzeug/filesystem.py | 2 +- src/werkzeug/formparser.py | 2 +- src/werkzeug/http.py | 4 +- src/werkzeug/local.py | 6 -- src/werkzeug/middleware/lint.py | 2 +- src/werkzeug/routing.py | 10 +- src/werkzeug/test.py | 4 +- src/werkzeug/urls.py | 22 ++-- src/werkzeug/utils.py | 11 +- src/werkzeug/wrappers/__init__.py | 4 - src/werkzeug/wrappers/base_request.py | 14 +-- src/werkzeug/wrappers/base_response.py | 22 ++-- src/werkzeug/wsgi.py | 14 ++- tests/middleware/test_http_proxy.py | 2 +- tests/test_datastructures.py | 16 ++- tests/test_debug.py | 5 +- tests/test_http.py | 4 +- tests/test_internal.py | 2 +- tests/test_routing.py | 2 +- tests/test_wrappers.py | 5 - 37 files changed, 169 insertions(+), 319 deletions(-) diff --git a/README.rst b/README.rst index 02d2ea9dc..40598cb1a 100644 --- a/README.rst +++ b/README.rst @@ -26,10 +26,10 @@ It includes: - A test client for simulating HTTP requests during testing without requiring running a server. -Werkzeug is Unicode aware and doesn't enforce any dependencies. It is up -to the developer to choose a template engine, database adapter, and even -how to handle requests. It can be used to build all sorts of end user -applications such as blogs, wikis, or bulletin boards. +Werkzeug doesn't enforce any dependencies. It is up to the developer to +choose a template engine, database adapter, and even how to handle +requests. It can be used to build all sorts of end user applications +such as blogs, wikis, or bulletin boards. `Flask`_ wraps Werkzeug, using it to handle the details of WSGI while providing more structure and patterns for defining powerful diff --git a/docs/deployment/cgi.rst b/docs/deployment/cgi.rst index e43f4e203..dae48daeb 100644 --- a/docs/deployment/cgi.rst +++ b/docs/deployment/cgi.rst @@ -25,9 +25,6 @@ First you need to create the CGI application file. Let's call it application = make_app() CGIHandler().run(application) -If you're running Python 2.4 you will need the :mod:`wsgiref` package. Python -2.5 and higher ship this as part of the standard library. - Server Setup ============ diff --git a/docs/exceptions.rst b/docs/exceptions.rst index 8f4ab3725..88a309d45 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -71,11 +71,6 @@ The following error classes exist in Werkzeug: .. autoexception:: HTTPVersionNotSupported -.. exception:: HTTPUnicodeError - - This exception is used to signal unicode decode errors of request - data. For more information see the :ref:`unicode` chapter. - .. autoexception:: ClientDisconnected .. autoexception:: SecurityError diff --git a/docs/http.rst b/docs/http.rst index 89841c092..0fda9c2d2 100644 --- a/docs/http.rst +++ b/docs/http.rst @@ -140,7 +140,7 @@ Usage example: >>> stream.read() '' >>> form['test'] -u'Hello World!' +'Hello World!' >>> not files True diff --git a/docs/index.rst b/docs/index.rst index f1ad4613d..ba38fba8c 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -8,9 +8,9 @@ Werkzeug is a comprehensive `WSGI`_ web application library. It began as a simple collection of various utilities for WSGI applications and has become one of the most advanced WSGI utility libraries. -Werkzeug is Unicode aware and doesn't enforce any dependencies. It is up -to the developer to choose a template engine, database adapter, and even -how to handle requests. +Werkzeug doesn't enforce any dependencies. It is up to the developer to +choose a template engine, database adapter, and even how to handle +requests. .. _WSGI: https://wsgi.readthedocs.io/en/latest/ diff --git a/docs/installation.rst b/docs/installation.rst index 913171edb..dd2104cac 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -7,8 +7,8 @@ Installation Python Version -------------- -We recommend using the latest version of Python 3. Werkzeug supports -Python 3.5 and newer and Python 2.7. +We recommend using the latest version of Python. Werkzeug supports +Python 3.6 and newer. Dependencies @@ -27,13 +27,14 @@ detect and use them if you install them. Python's ``json`` module. It is preferred for JSON operations if it is installed. * `Click`_ provides request log highlighting when using the - development server. + development server. On Windows, you should also install `colorama`_. * `Watchdog`_ provides a faster, more efficient reloader for the development server. .. _SimpleJSON: https://simplejson.readthedocs.io/en/latest/ .. _Click: https://pypi.org/project/click/ .. _Watchdog: https://pypi.org/project/watchdog/ +.. _colorama: https://pypi.org/project/colorama/ Virtual environments @@ -52,11 +53,8 @@ Virtual environments are independent groups of Python libraries, one for each project. Packages installed for one project will not affect other projects or the operating system's packages. -Python 3 comes bundled with the :mod:`venv` module to create virtual -environments. If you're using a modern version of Python, you can -continue on to the next section. - -If you're using Python 2, see :ref:`install-install-virtualenv` first. +Python comes bundled with the :mod:`venv` module to create virtual +environments. .. _install-create-env: @@ -77,19 +75,6 @@ On Windows: py -3 -m venv venv -If you needed to install virtualenv because you are on an older version -of Python, use the following command instead: - -.. code-block:: sh - - virtualenv venv - -On Windows: - -.. code-block:: bat - - \Python27\Scripts\virtualenv.exe venv - Activate the environment ~~~~~~~~~~~~~~~~~~~~~~~~ @@ -119,55 +104,3 @@ Werkzeug: .. code-block:: sh pip install Werkzeug - - -Living on the edge -~~~~~~~~~~~~~~~~~~ - -If you want to work with the latest Werkzeug code before it's released, -install or update the code from the master branch: - -.. code-block:: sh - - pip install -U https://github.com/pallets/werkzeug/archive/master.tar.gz - - -.. _install-install-virtualenv: - -Install virtualenv ------------------- - -If you are using Python 2, the venv module is not available. Instead, -install `virtualenv`_. - -On Linux, virtualenv is provided by your package manager: - -.. code-block:: sh - - # Debian, Ubuntu - sudo apt-get install python-virtualenv - - # CentOS, Fedora - sudo yum install python-virtualenv - - # Arch - sudo pacman -S python-virtualenv - -If you are on Mac OS X or Windows, download `get-pip.py`_, then: - -.. code-block:: sh - - sudo python2 Downloads/get-pip.py - sudo python2 -m pip install virtualenv - -On Windows, as an administrator: - -.. code-block:: bat - - \Python27\python.exe Downloads\get-pip.py - \Python27\python.exe -m pip install virtualenv - -Now you can continue to :ref:`install-create-env`. - -.. _virtualenv: https://virtualenv.pypa.io/en/latest/ -.. _get-pip.py: https://bootstrap.pypa.io/get-pip.py diff --git a/docs/quickstart.rst b/docs/quickstart.rst index 84cb17094..6a1712daa 100644 --- a/docs/quickstart.rst +++ b/docs/quickstart.rst @@ -1,4 +1,3 @@ -========== Quickstart ========== @@ -6,16 +5,7 @@ Quickstart This part of the documentation shows how to use the most important parts of Werkzeug. It's intended as a starting point for developers with basic -understanding of :pep:`333` (WSGI) and :rfc:`2616` (HTTP). - -.. warning:: - - Make sure to import all objects from the places the documentation - suggests. It is theoretically possible in some situations to import - objects from different locations but this is not supported. - - For example :class:`MultiDict` is a member of the `werkzeug` module - but internally implemented in a different one. +understanding of :pep:`3333` (WSGI) and :rfc:`2616` (HTTP). WSGI Environment @@ -37,9 +27,9 @@ Now we have an environment to play around: >>> environ['SERVER_NAME'] 'localhost' -Usually nobody wants to work with the environ directly because it is limited -to bytestrings and does not provide any way to access the form data besides -parsing that data by hand. +Usually nobody wants to work with the environ directly because it uses a +confusing string encoding scheme, and it does not provide any way to +access the form data besides parsing that data by hand. Enter Request @@ -58,9 +48,9 @@ requests is set to `utf-8` but you can change that by subclassing :class:`Request`. >>> request.path -u'/foo' +'/foo' >>> request.script_root -u'' +'' >>> request.host 'localhost:8080' >>> request.url @@ -92,12 +82,12 @@ Now we can access the URL parameters easily: >>> request.args.keys() ['blah', 'foo'] >>> request.args['blah'] -u'blafasel' +'blafasel' Same for the supplied form data: >>> request.form['name'] -u'this is encoded form data' +'this is encoded form data' Handling for uploaded files is not much harder as you can see from this example:: diff --git a/docs/serving.rst b/docs/serving.rst index 7016ec9b3..62d96e889 100644 --- a/docs/serving.rst +++ b/docs/serving.rst @@ -12,9 +12,6 @@ with a builtin development server. The easiest way is creating a small ``start-myproject.py`` file that runs the application using the builtin server:: - #!/usr/bin/env python - # -*- coding: utf-8 -*- - from werkzeug.serving import run_simple from myproject import make_app @@ -193,12 +190,13 @@ You will have to acknowledge the certificate in your browser once then. Loading Contexts by Hand ```````````````````````` -In Python 2.7.9 and 3+ you also have the option to use a ``ssl.SSLContext`` -object instead of a simple tuple. This way you have better control over the SSL -behavior of Werkzeug's builtin server:: +You can use a ``ssl.SSLContext`` object instead of a tuple for full +control over the TLS configuration. + +.. code-block:: python import ssl - ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) ctx.load_cert_chain('ssl.cert', 'ssl.key') run_simple('localhost', 4000, application, ssl_context=ctx) diff --git a/docs/terms.rst b/docs/terms.rst index f2d8fc649..a582b665c 100644 --- a/docs/terms.rst +++ b/docs/terms.rst @@ -12,7 +12,7 @@ WSGI ---- WSGI a specification for Python web applications Werkzeug follows. It was -specified in the :pep:`333` and is widely supported. Unlike previous solutions +specified in the :pep:`3333` and is widely supported. Unlike previous solutions it guarantees that web applications, servers and utilities can work together. Response Object diff --git a/docs/test.rst b/docs/test.rst index d726123f3..1e9a0956d 100644 --- a/docs/test.rst +++ b/docs/test.rst @@ -74,7 +74,7 @@ further processing: >>> req.form['foo'] 'this is some text' >>> req.files['file'] - + >>> req.files['file'].read() b'my file contents' @@ -112,7 +112,7 @@ Testing API .. attribute:: charset - The charset used to encode unicode data. + The charset used to encode to bytes. .. attribute:: headers diff --git a/docs/tutorial.rst b/docs/tutorial.rst index 60d2f729f..a548d477d 100644 --- a/docs/tutorial.rst +++ b/docs/tutorial.rst @@ -270,7 +270,7 @@ endpoint and a dictionary of values in the URL. For instance the rule for to ``http://localhost:5000/foo`` we will get the following values back:: endpoint = 'follow_short_link' - values = {'short_id': u'foo'} + values = {'short_id': 'foo'} If it does not match anything, it will raise a :exc:`~werkzeug.exceptions.NotFound` exception, which is an diff --git a/docs/unicode.rst b/docs/unicode.rst index a993ca5eb..a59aeaee6 100644 --- a/docs/unicode.rst +++ b/docs/unicode.rst @@ -1,76 +1,49 @@ .. _unicode: -======= Unicode ======= .. currentmodule:: werkzeug -Since early Python 2 days unicode was part of all default Python builds. It -allows developers to write applications that deal with non-ASCII characters -in a straightforward way. But working with unicode requires a basic knowledge -about that matter, especially when working with libraries that do not support -it. +Werkzeug uses strings internally everwhere text data is assumed, even if +the HTTP standard is not Unicode aware. Basically all incoming data is +decoded from the charset (UTF-8 by default) so that you don't work with +bytes directly. Outgoing data is encoded into the target charset. -Werkzeug uses unicode internally everywhere text data is assumed, even if the -HTTP standard is not unicode aware as it. Basically all incoming data is -decoded from the charset specified (per default `utf-8`) so that you don't -operate on bytestrings any more. Outgoing unicode data is then encoded into -the target charset again. Unicode in Python -================= +----------------- -In Python 2 there are two basic string types: `str` and `unicode`. `str` may -carry encoded unicode data but it's always represented in bytes whereas the -`unicode` type does not contain bytes but charpoints. What does this mean? -Imagine you have the German Umlaut `ö`. In ASCII you cannot represent that -character, but in the `latin-1` and `utf-8` character sets you can represent -it, but they look differently when encoded: +Imagine you have the German Umlaut ``ö``. In ASCII you cannot represent +that character, but in the ``latin-1`` and ``utf-8`` character sets you +can represent it, but they look different when encoded: ->>> u'ö'.encode('latin1') -'\xf6' ->>> u'ö'.encode('utf-8') -'\xc3\xb6' +>>> "ö".encode("latin1") +b'\xf6' +>>> "ö".encode("utf-8") +b'\xc3\xb6' -So an `ö` might look totally different depending on the encoding which makes -it hard to work with it. The solution is using the `unicode` type (as we did -above, note the `u` prefix before the string). The unicode type does not -store the bytes for `ö` but the information, that this is a -``LATIN SMALL LETTER O WITH DIAERESIS``. +An ``ö`` looks different depending on the encoding which makes it hard +to work with it as bytes. Instead, Python treats strings as Unicode text +and stores the information ``LATIN SMALL LETTER O WITH DIAERESIS`` +instead of the bytes for ``ö`` in a specific encoding. The length of a +string with 1 character will be 1, where the length of the bytes might +be some other value. -Doing ``len(u'ö')`` will always give us the expected "1" but ``len('ö')`` -might give different results depending on the encoding of ``'ö'``. Unicode in HTTP -=============== - -The problem with unicode is that HTTP does not know what unicode is. HTTP -is limited to bytes but this is not a big problem as Werkzeug decodes and -encodes for us automatically all incoming and outgoing data. Basically what -this means is that data sent from the browser to the web application is per -default decoded from an utf-8 bytestring into a `unicode` string. Data sent -from the application back to the browser that is not yet a bytestring is then -encoded back to utf-8. - -Usually this "just works" and we don't have to worry about it, but there are -situations where this behavior is problematic. For example the Python 2 IO -layer is not unicode aware. This means that whenever you work with data from -the file system you have to properly decode it. The correct way to load -a text file from the file system looks like this:: +--------------- - f = file('/path/to/the_file.txt', 'r') - try: - text = f.decode('utf-8') # assuming the file is utf-8 encoded - finally: - f.close() - -There is also the codecs module which provides an open function that decodes -automatically from the given encoding. +However, the HTTP spec was written in a time where ASCII bytes were the +common way data was represented. To work around this for the modern +web, Werkzeug decodes and encodes incoming and outgoing data +automatically. Data sent from the browser to the web application is +decoded from UTF-8 bytes into a string. Data sent from the application +back to the browser is encoded back to UTF-8. Error Handling -============== +-------------- Functions that do internal encoding or decoding accept an ``errors`` keyword argument that is passed to :meth:`str.decode` and @@ -80,27 +53,29 @@ the error and report the bad data to the client. Request and Response Objects -============================ +---------------------------- + +In most cases, you should stick with Werkzeug's default encoding of +UTF-8. If you have a specific reason to, you can subclass +:class:`wrappers.Request` and :class:`wrappers.Response` to change the +encoding and error handling. -As request and response objects usually are the central entities of Werkzeug -powered applications you can change the default encoding Werkzeug operates on -by subclassing these two classes. For example you can easily set the -application to utf-7 and strict error handling:: +.. code-block:: python - from werkzeug.wrappers import BaseRequest, BaseResponse + from werkzeug.wrappers import Request as _Request + from werkzeug.wrappers import Response as _Response - class Request(BaseRequest): - charset = 'utf-7' - encoding_errors = 'strict' + class Request(_Request): + charset = "latin1" + encoding_errors = "strict" - class Response(BaseResponse): - charset = 'utf-7' + class Response(_BaseResponse): + charset = "latin1" -Keep in mind that the error handling is only customizable for all decoding -but not encoding. If Werkzeug encounters an encoding error it will raise a -:exc:`UnicodeEncodeError`. It's your responsibility to not create data that is -not present in the target charset (a non issue with all unicode encodings -such as utf-8). +The error handling can only be changed for the request. Werkzeug will +always raise errors when encoding to bytes in the response. It's your +responsibility to not create data that is not present in the target +charset. This is not an issue for UTF-8. .. _filesystem-encoding: @@ -109,17 +84,14 @@ The Filesystem .. versionchanged:: 0.11 -Up until version 0.11, Werkzeug used Python's stdlib functionality to detect -the filesystem encoding. However, several bug reports against Werkzeug have -shown that the value of :py:func:`sys.getfilesystemencoding` cannot be -trusted under traditional UNIX systems. The usual problems come from -misconfigured systems, where ``LANG`` and similar environment variables are not -set. In such cases, Python would default to ASCII as filesystem encoding, a -very conservative default that is usually wrong and causes more problems than -it avoids. +Several bug reports against Werkzeug have shown that the value of +:py:func:`sys.getfilesystemencoding` cannot be trusted under traditional +UNIX systems. Usually this occurs due to a misconfigured system where +``LANG`` and similar environment variables are not set. In such cases, +Python defaults to ASCII as the filesystem encoding, a very conservative +default that is usually wrong and causes more problems than it avoids. -Therefore Werkzeug will force the filesystem encoding to ``UTF-8`` and issue a -warning whenever it detects that it is running under BSD or Linux, and -:py:func:`sys.getfilesystemencoding` is returning an ASCII encoding. +If Werkzeug detects it's running in a misconfigured environment, it will +assume the filesystem encoding is ``UTF-8`` and issue a warning. -See also :py:mod:`werkzeug.filesystem`. +See :mod:`werkzeug.filesystem`. diff --git a/docs/wsgi.rst b/docs/wsgi.rst index 699a07ee8..ba9bfb548 100644 --- a/docs/wsgi.rst +++ b/docs/wsgi.rst @@ -69,21 +69,17 @@ Convenience Helpers Bytes, Strings, and Encodings ----------------------------- -The WSGI environment on Python 3 works slightly different than it does -on Python 2. Werkzeug hides the differences from you if you use the -higher level APIs. - -The WSGI specification (`PEP 3333`_) decided to always use the native -``str`` type. On Python 2 this means the raw bytes are passed through -and can be decoded directly. On Python 3, however, the raw bytes are -always decoded using the ISO-8859-1 charset to produce a Unicode string. - -Python 3 Unicode strings in the WSGI environment are restricted to -ISO-8859-1 code points. If a string read from the environment might -contain characters outside that charset, it must first be decoded to -bytes as ISO-8859-1, then encoded to a Unicode string using the proper -charset (typically UTF-8). The reverse is done when writing to the -environ. This is known as the "WSGI encoding dance". +The values in HTTP requests come in as bytes representing (or encoded +to) ASCII. The WSGI specification (:pep:`3333`) decided to always use +the ``str`` type to represent values. To accomplish this, the raw bytes +are decoded using the ISO-8859-1 charset to produce a string. + +Strings in the WSGI environment are restricted to ISO-8859-1 code +points. If a string read from the environment might contain characters +outside that charset, it must first be decoded to bytes as ISO-8859-1, +then encoded to a string using the proper charset (typically UTF-8). The +reverse is done when writing to the environ. This is known as the "WSGI +encoding dance". Werkzeug provides functions to deal with this automatically so that you don't need to be aware of the inner workings. Use the functions on this @@ -95,8 +91,6 @@ environment unless they take care of the proper encoding or decoding step. All high level interfaces in Werkzeug will apply the encoding and decoding as necessary. -.. _PEP 3333: https://www.python.org/dev/peps/pep-3333/#unicode-issues - Raw Request URI and Path Encoding --------------------------------- @@ -107,7 +101,7 @@ show up from the WSGI server to Werkzeug as ``/hello/world``. This loses the information that the slash was a raw character as opposed to a path separator. -The WSGI specification (`PEP 3333`_) does not provide a way to get the +The WSGI specification (:pep:`3333`) does not provide a way to get the original value, so it is impossible to route some types of data in the path. The most compatible way to work around this is to send problematic data in the query string instead of the path. diff --git a/examples/cupoftee/utils.py b/examples/cupoftee/utils.py index 15c95102a..7708633b9 100644 --- a/examples/cupoftee/utils.py +++ b/examples/cupoftee/utils.py @@ -10,7 +10,7 @@ import re -_sort_re = re.compile(r"\w+", re.UNICODE) +_sort_re = re.compile(r"\w+") def unicodecmp(a, b): diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 7df1fd3f5..aceade942 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -921,9 +921,6 @@ def get(self, key, default=None, type=None, as_bytes=False): >>> d.get('Content-Length', type=int) 42 - If a headers object is bound you must not add unicode strings - because no encoding takes place. - .. versionadded:: 0.9 Added support for `as_bytes`. @@ -934,7 +931,7 @@ def get(self, key, default=None, type=None, as_bytes=False): :param type: A callable that is used to cast the value in the :class:`Headers`. If a :exc:`ValueError` is raised by this callable the default value is returned. - :param as_bytes: return bytes instead of unicode strings. + :param as_bytes: return bytes instead of strings. """ try: rv = self.__getitem__(key, _get_mode=True) @@ -963,7 +960,7 @@ def getlist(self, key, type=None, as_bytes=False): :class:`Headers`. If a :exc:`ValueError` is raised by this callable the value will be removed from the list. :return: a :class:`list` of all the values for the key. - :param as_bytes: return bytes instead of unicode strings. + :param as_bytes: return bytes instead of strings. """ ikey = key.lower() result = [] @@ -1111,7 +1108,7 @@ def add(self, _key, _value, **kw): def _validate_value(self, value): if not isinstance(value, str): - raise TypeError("Value should be unicode.") + raise TypeError("Value should be a string.") if "\n" in value or "\r" in value: raise ValueError( "Detected newline in header value. This is " @@ -2896,9 +2893,8 @@ def __init__( if filename and filename[0] == s("<") and filename[-1] == s(">"): filename = None - # We want to make sure the filename is always unicode. - # This might not be if the name attribute is bytes due to the - # file being opened from the bytes API. + # Make sure the filename is not bytes. This might happen if + # the file was opened from the bytes API. if isinstance(filename, bytes): filename = filename.decode(get_filesystem_encoding(), "replace") diff --git a/src/werkzeug/debug/repr.py b/src/werkzeug/debug/repr.py index 81bb40567..f846397b0 100644 --- a/src/werkzeug/debug/repr.py +++ b/src/werkzeug/debug/repr.py @@ -42,7 +42,7 @@ def debug_repr(obj): - """Creates a debug repr of an object as HTML unicode string.""" + """Creates a debug repr of an object as HTML string.""" return DebugReprGenerator().repr(obj) diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py index bc13d7fbe..3e15ac623 100644 --- a/src/werkzeug/debug/tbtools.py +++ b/src/werkzeug/debug/tbtools.py @@ -540,7 +540,7 @@ def eval(self, code, mode="single"): @cached_property def sourcelines(self): - """The sourcecode of the file as list of unicode strings.""" + """The sourcecode of the file as list of strings.""" # get sourcecode from loader or file source = None if self.loader is not None: @@ -563,7 +563,7 @@ def sourcelines(self): except OSError: return [] - # already unicode? return right away + # already str? return right away if isinstance(source, str): return source.splitlines() diff --git a/src/werkzeug/filesystem.py b/src/werkzeug/filesystem.py index fcb14a4ea..a528a7fa3 100644 --- a/src/werkzeug/filesystem.py +++ b/src/werkzeug/filesystem.py @@ -41,7 +41,7 @@ class BrokenFilesystemWarning(RuntimeWarning, UnicodeWarning): def get_filesystem_encoding(): """Returns the filesystem encoding that should be used. Note that this is different from the Python understanding of the filesystem encoding which - might be deeply flawed. Do not use this value against Python's unicode APIs + might be deeply flawed. Do not use this value against Python's string APIs because it might be different. See :ref:`filesystem-encoding` for the exact behavior. diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py index 6510ff0a3..6f11fb8f0 100644 --- a/src/werkzeug/formparser.py +++ b/src/werkzeug/formparser.py @@ -426,7 +426,7 @@ def parse_lines(self, file, boundary, content_length, cap_at_buffer=True): """Generate parts of ``('begin_form', (headers, name))`` ``('begin_file', (headers, name, filename))`` - ``('cont', bytestring)`` + ``('cont', bytes)`` ``('end', None)`` Always obeys the grammar diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index 54c51a593..7fdf6fbbc 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -189,7 +189,7 @@ def wsgi_to_bytes(data): - """coerce wsgi unicode represented bytes to real ones""" + """If data is not bytes, encode it as latin1 for WSGI.""" if isinstance(data, bytes): return data return data.encode("latin1") # XXX: utf8 fallback? @@ -1156,7 +1156,7 @@ def dump_cookie( :param httponly: disallow JavaScript to access the cookie. This is an extension to the cookie standard and probably not supported by all browsers. - :param charset: the encoding for unicode values. + :param charset: the encoding for string values. :param sync_expires: automatically set expires if max_age is defined but expires not. :param max_size: Warn if the final header value exceeds this size. The diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py index f876f8ba7..7078e5ccb 100644 --- a/src/werkzeug/local.py +++ b/src/werkzeug/local.py @@ -326,12 +326,6 @@ def __bool__(self): except RuntimeError: return False - def __unicode__(self): - try: - return unicode(self._get_current_object()) # noqa - except RuntimeError: - return repr(self) - def __dir__(self): try: return dir(self._get_current_object()) diff --git a/src/werkzeug/middleware/lint.py b/src/werkzeug/middleware/lint.py index 0bc784d4d..66e62c57b 100644 --- a/src/werkzeug/middleware/lint.py +++ b/src/werkzeug/middleware/lint.py @@ -201,7 +201,7 @@ class LintMiddleware: server and wrapped application. Some of the issues it check are: - invalid status codes - - non-bytestrings sent to the WSGI server + - non-bytes sent to the WSGI server - strings returned from the WSGI application - non-empty conditional responses - unquoted etags diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index e3eeacd9e..c8accc9c6 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -151,7 +151,7 @@ [urUR]?(?P"[^"]*?"|'[^']*') )\s*, """, - re.VERBOSE | re.UNICODE, + re.VERBOSE, ) @@ -841,7 +841,7 @@ def _build_regex(rule): tail = "" regex = "^{}{}$".format("".join(regex_parts), tail) - self._regex = re.compile(regex, re.UNICODE) + self._regex = re.compile(regex) def match(self, path, method=None): """Check if the rule matches a given path. Path is a string in the @@ -1124,7 +1124,7 @@ def __repr__(self): tmp.append(data) return "<{} {}{} -> {}>".format( self.__class__.__name__, - repr(("".join(tmp)).lstrip("|")).lstrip("u"), + repr(("".join(tmp)).lstrip("|")), self.methods is not None and " (%s)" % ", ".join(self.methods) or "", self.endpoint, ) @@ -2093,10 +2093,10 @@ def build( 'http://example.com/downloads/42' Because URLs cannot contain non ASCII data you will always get - bytestrings back. Non ASCII characters are urlencoded with the + bytes back. Non ASCII characters are urlencoded with the charset defined on the map instance. - Additional values are converted to unicode and appended to the URL as + Additional values are converted to strings and appended to the URL as URL querystring parameters: >>> urls.build("index", {'q': 'My Searchstring'}) diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index c5e487696..0ca7bd351 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -122,7 +122,7 @@ def write(string): def encode_multipart(values, boundary=None, charset="utf-8"): """Like `stream_encode_multipart` but returns a tuple in the form - (``boundary``, ``data``) where data is a bytestring. + (``boundary``, ``data``) where data is bytes. """ stream, length, boundary = stream_encode_multipart( values, use_tempfile=False, boundary=boundary, charset=charset @@ -276,7 +276,7 @@ class EnvironBuilder: Serialized with the function assigned to :attr:`json_dumps`. :param environ_base: an optional dict of environment defaults. :param environ_overrides: an optional dict of environment overrides. - :param charset: the charset used to encode unicode data. + :param charset: the charset used to encode string data. .. versionadded:: 0.15 The ``json`` param and :meth:`json_dumps` method. diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py index acf4aca1b..10bad94d6 100644 --- a/src/werkzeug/urls.py +++ b/src/werkzeug/urls.py @@ -91,7 +91,7 @@ def auth(self): @property def username(self): """The username if it was part of the URL, `None` otherwise. - This undergoes URL decoding and will always be a unicode string. + This undergoes URL decoding and will always be a string. """ rv = self._split_auth()[0] if rv is not None: @@ -107,7 +107,7 @@ def raw_username(self): @property def password(self): """The password if it was part of the URL, `None` otherwise. - This undergoes URL decoding and will always be a unicode string. + This undergoes URL decoding and will always be a string. """ rv = self._split_auth()[1] if rv is not None: @@ -568,12 +568,12 @@ def url_unparse(components): def url_unquote(string, charset="utf-8", errors="replace", unsafe=""): """URL decode a single string with a given encoding. If the charset - is set to `None` no unicode decoding is performed and raw bytes - are returned. + is set to `None` no decoding is performed and raw bytes are + returned. :param s: the string to unquote. :param charset: the charset of the query string. If set to `None` - no unicode decoding will take place. + no decoding will take place. :param errors: the error handling for the charset decoding. """ rv = _unquote_to_bytes(string, unsafe) @@ -591,7 +591,7 @@ def url_unquote_plus(s, charset="utf-8", errors="replace"): :param s: The string to unquote. :param charset: the charset of the query string. If set to `None` - no unicode decoding will take place. + no decoding will take place. :param errors: The error handling for the `charset` decoding. """ if isinstance(s, str): @@ -607,14 +607,14 @@ def url_fix(s, charset="utf-8"): some of the problems in a similar way browsers handle data entered by the user: - >>> url_fix(u'http://de.wikipedia.org/wiki/Elf (Begriffskl\xe4rung)') + >>> url_fix('http://de.wikipedia.org/wiki/Elf (Begriffskl\xe4rung)') 'http://de.wikipedia.org/wiki/Elf%20(Begriffskl%C3%A4rung)' :param s: the string with the URL to fix. - :param charset: The target charset for the URL if the url was given as - unicode string. + :param charset: The target charset for the URL if the url was given + as a string. """ - # First step is to switch to unicode processing and to convert + # First step is to switch to text processing and to convert # backslashes (which are invalid in URLs anyways) to slashes. This is # consistent with what Chrome does. s = _to_str(s, charset, "replace").replace("\\", "/") @@ -812,7 +812,7 @@ def url_decode_stream( :param stream: a stream with the encoded querystring :param charset: the charset of the query string. If set to `None` - no unicode decoding will take place. + no decoding will take place. :param include_empty: Set to `False` if you don't want empty values to appear in the dict. :param errors: the decoding error behavior. diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index 65816761b..85d924a24 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -159,7 +159,7 @@ class HTMLBuilder: >>> html.p(class_='foo', *[html.a('foo', href='foo.html'), ' ', ... html.a('bar', href='bar.html')]) - u'

    foo bar

    ' + '

    foo bar

    ' This class works around some browser limitations and can not be used for arbitrary SGML/XML generation. For that purpose lxml and similar @@ -168,7 +168,7 @@ class HTMLBuilder: Calling the builder escapes the string passed: >>> html.p(html("")) - u'

    <foo>

    ' + '

    <foo>

    ' """ _entity_re = re.compile(r"&([^;]+);") @@ -387,7 +387,7 @@ def secure_filename(filename): 'My_cool_movie.mov' >>> secure_filename("../../../etc/passwd") 'etc_passwd' - >>> secure_filename(u'i contain cool \xfcml\xe4uts.txt') + >>> secure_filename('i contain cool \xfcml\xe4uts.txt') 'i_contain_cool_umlauts.txt' The function might return an empty filename. It's your responsibility @@ -544,10 +544,7 @@ def import_string(import_name, silent=False): `None` is returned instead. :return: imported object """ - # force the import name to automatically convert to strings - # __import__ is not able to handle unicode strings in the fromlist - # if the module is a package - import_name = str(import_name).replace(":", ".") + import_name = import_name.replace(":", ".") try: try: __import__(import_name) diff --git a/src/werkzeug/wrappers/__init__.py b/src/werkzeug/wrappers/__init__.py index 56c764abb..ca72d756b 100644 --- a/src/werkzeug/wrappers/__init__.py +++ b/src/werkzeug/wrappers/__init__.py @@ -11,10 +11,6 @@ environ and will act as high-level proxy whereas the response object is an actual WSGI application. -Like everything else in Werkzeug these objects will work correctly with -unicode data. Incoming form data parsed by the response object will be -decoded into an unicode object if possible and if it makes sense. - :copyright: 2007 Pallets :license: BSD-3-Clause """ diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py index 140d6ec75..3e241f1f5 100644 --- a/src/werkzeug/wrappers/base_request.py +++ b/src/werkzeug/wrappers/base_request.py @@ -49,8 +49,8 @@ class Request(BaseRequest, ETagRequestMixin): request object will use immutable objects everywhere possible. Per default the request object will assume all the text data is `utf-8` - encoded. Please refer to :doc:`the unicode chapter ` for more - details about customizing the behavior. + encoded. Please refer to :doc:`/unicode` for more details about + customizing the behavior. Per default the request object will be added to the WSGI environment as `werkzeug.request` to support the debugging system. @@ -426,7 +426,7 @@ def data(self): def get_data(self, cache=True, as_text=False, parse_form_data=False): """This reads the buffered incoming data from the client into one - bytestring. By default this is cached but that behavior can be + bytes object. By default this is cached but that behavior can be changed by setting `cache` to `False`. Usually it's a bad idea to call this method without checking the @@ -445,7 +445,7 @@ def get_data(self, cache=True, as_text=False, parse_form_data=False): to avoid exhausting server memory. If `as_text` is set to `True` the return value will be a decoded - unicode string. + string. .. versionadded:: 0.9 """ @@ -533,7 +533,7 @@ def headers(self): @cached_property def path(self): - """Requested path as unicode. This works a bit like the regular path + """Requested path. This works a bit like the regular path info in the WSGI environment but will always include a leading slash, even if the URL root is accessed. """ @@ -544,7 +544,7 @@ def path(self): @cached_property def full_path(self): - """Requested path as unicode, including the query string.""" + """Requested path, including the query string.""" return self.path + "?" + _to_str(self.query_string, self.url_charset) @cached_property @@ -600,7 +600,7 @@ def host(self): "", read_only=True, load_func=lambda x: x.encode("latin1"), - doc="The URL parameters as raw bytestring.", + doc="The URL parameters as raw bytes.", ) method = environ_property( "REQUEST_METHOD", diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py index bb1c3e899..2b02377df 100644 --- a/src/werkzeug/wrappers/base_response.py +++ b/src/werkzeug/wrappers/base_response.py @@ -95,8 +95,8 @@ def application(environ, start_response): known interface. Per default the response object will assume all the text data is `utf-8` - encoded. Please refer to :doc:`the unicode chapter ` for more - details about customizing the behavior. + encoded. Please refer to :doc:`/unicode` for more details about + customizing the behavior. Response can be any kind of iterable or string. If it's a string it's considered being an iterable with one item which is the string passed. @@ -325,7 +325,7 @@ def get_data(self, as_text=False): :attr:`implicit_sequence_conversion` to `False`. If `as_text` is set to `True` the return value will be a decoded - unicode string. + string. .. versionadded:: 0.9 """ @@ -336,13 +336,13 @@ def get_data(self, as_text=False): return rv def set_data(self, value): - """Sets a new string as response. The value set must be either a - unicode or bytestring. If a unicode string is set it's encoded - automatically to the charset of the response (utf-8 by default). + """Sets a new string as response. The value must be a string or + bytes. If a string is set it's encoded to the charset of the + response (utf-8 by default). .. versionadded:: 0.9 """ - # if an unicode string is set, it's encoded directly so that we + # if a string is set, it's encoded directly so that we # can set the content length if isinstance(value, str): value = value.encode(self.charset) @@ -616,8 +616,8 @@ def get_wsgi_headers(self, environ): # if we can determine the content length automatically, we # should try to do that. But only if this does not involve - # flattening the iterator or encoding of unicode strings in - # the response. We however should not do that if we have a 304 + # flattening the iterator or encoding of strings in the + # response. We however should not do that if we have a 304 # response. if ( self.automatically_set_content_length @@ -629,8 +629,8 @@ def get_wsgi_headers(self, environ): try: content_length = sum(len(_to_bytes(x, "ascii")) for x in self.response) except UnicodeError: - # aha, something non-bytestringy in there, too bad, we - # can't safely figure out the length of the response. + # Something other than bytes, can't safely figure out + # the length of the response. pass else: headers["Content-Length"] = str(content_length) diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py index 9b3b917c0..9f02b2a83 100644 --- a/src/werkzeug/wsgi.py +++ b/src/werkzeug/wsgi.py @@ -278,7 +278,7 @@ def pop_path_info(environ, charset="utf-8", errors="replace"): """Removes and returns the next segment of `PATH_INFO`, pushing it onto `SCRIPT_NAME`. Returns `None` if there is nothing left on `PATH_INFO`. - If the `charset` is set to `None` a bytestring is returned. + If the `charset` is set to `None` bytes are returned. If there are empty segments (``'/foo//bar``) these are ignored but properly pushed to the `SCRIPT_NAME`: @@ -337,7 +337,7 @@ def peek_path_info(environ, charset="utf-8", errors="replace"): >>> peek_path_info(env) 'a' - If the `charset` is set to `None` a bytestring is returned. + If the `charset` is set to `None` bytes are returned. .. versionadded:: 0.5 @@ -362,18 +362,17 @@ def extract_path_info( collapse_http_schemes=True, ): """Extracts the path info from the given URL (or WSGI environment) and - path. The path info returned is a unicode string, not a bytestring - suitable for a WSGI environment. The URLs might also be IRIs. + path. The path info returned is a string. The URLs might also be IRIs. If the path info could not be determined, `None` is returned. Some examples: >>> extract_path_info('http://example.com/app', '/app/hello') - u'/hello' + '/hello' >>> extract_path_info('http://example.com/app', ... 'https://example.com/app/hello') - u'/hello' + '/hello' >>> extract_path_info('http://example.com/app', ... 'https://example.com/app/hello', ... collapse_http_schemes=False) is None @@ -386,8 +385,7 @@ def extract_path_info( application. :param path_or_url: an absolute path from the server root, a relative path (in which case it's the path info) - or a full URL. Also accepts IRIs and unicode - parameters. + or a full URL. :param charset: the charset for byte data in URLs :param errors: the error handling on decode :param collapse_http_schemes: if set to `False` the algorithm does diff --git a/tests/middleware/test_http_proxy.py b/tests/middleware/test_http_proxy.py index 12856eb8b..afc143023 100644 --- a/tests/middleware/test_http_proxy.py +++ b/tests/middleware/test_http_proxy.py @@ -11,7 +11,7 @@ def test_http_proxy(dev_server): @Request.application def app(request): - return Response(u'%s|%s|%s' % ( + return Response('%s|%s|%s' % ( request.headers.get('X-Special'), request.environ['HTTP_HOST'], request.full_path, diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index 34650cf0a..d201c3616 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -1158,17 +1158,15 @@ def test_mimetype_always_lowercase(self): file_storage = self.storage_class(content_type="APPLICATION/JSON") assert file_storage.mimetype == "application/json" - def test_bytes_proper_sentinel(self): - # ensure we iterate over new lines and don't enter into an infinite loop - import io + @pytest.mark.parametrize("data", [io.StringIO("one\ntwo"), io.BytesIO(b"one\ntwo")]) + def test_bytes_proper_sentinel(self, data): + # iterate over new lines and don't enter an infinite loop + storage = self.storage_class(data) + idx = -1 - unicode_storage = self.storage_class(io.StringIO("one\ntwo")) - for idx, _line in enumerate(unicode_storage): - assert idx < 2 - assert idx == 1 - binary_storage = self.storage_class(io.BytesIO(b"one\ntwo")) - for idx, _line in enumerate(binary_storage): + for idx, _line in enumerate(storage): assert idx < 2 + assert idx == 1 @pytest.mark.parametrize("stream", (tempfile.SpooledTemporaryFile, io.BytesIO)) diff --git a/tests/test_debug.py b/tests/test_debug.py index f5d19d8fe..3c6c0e33d 100644 --- a/tests/test_debug.py +++ b/tests/test_debug.py @@ -351,9 +351,8 @@ def test_console_closure_variables(monkeypatch): c = console.Console() c.eval("y = 5") c.eval("x = lambda: y") - # strip() is only needed for Python 2 compat - ret = c.eval("x()").strip() - assert ret == ">>> x()\n5" + ret = c.eval("x()") + assert ret == ">>> x()\n5\n" @pytest.mark.timeout(2) diff --git a/tests/test_http.py b/tests/test_http.py index 045543195..467e4c262 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -519,9 +519,7 @@ def test_cookie_unicode_keys(self): assert cookies["fö"] == "fö" def test_cookie_unicode_parsing(self): - # This is actually a correct test. This is what is being submitted - # by firefox if you set an unicode cookie and we get the cookie sent - # in on Python 3 under PEP 3333. + # This is submitted by Firefox if you set a Unicode cookie. cookies = http.parse_cookie("fö=fö") assert cookies["fö"] == "fö" diff --git a/tests/test_internal.py b/tests/test_internal.py index 6bde4f602..5b06e015d 100644 --- a/tests/test_internal.py +++ b/tests/test_internal.py @@ -52,7 +52,7 @@ def test_wrapper_internals(): resp.response = iter(["Test"]) assert repr(resp) == "" - # unicode data does not set content length + # string data does not set content length response = Response(["Hällo Wörld"]) headers = response.get_wsgi_headers(create_environ()) assert "Content-Length" not in headers diff --git a/tests/test_routing.py b/tests/test_routing.py index 02854acde..5ce04d1c0 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -859,7 +859,7 @@ def test_converter_parser(): args, kwargs = r.parse_converter_args("True, False, None") assert args == (True, False, None) - args, kwargs = r.parse_converter_args('"foo", u"bar"') + args, kwargs = r.parse_converter_args('"foo", "bar"') assert args == ("foo", "bar") diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py index 6f35b947a..19b9dcad3 100644 --- a/tests/test_wrappers.py +++ b/tests/test_wrappers.py @@ -148,10 +148,6 @@ def test_query_string_is_bytes(): def test_request_repr(): req = wrappers.Request.from_values("/foobar") assert "" == repr(req) - # test with non-ascii characters - req = wrappers.Request.from_values("/привет") - assert "" == repr(req) - # test with unicode type for python 2 req = wrappers.Request.from_values("/привет") assert "" == repr(req) @@ -292,7 +288,6 @@ def test_response_access_control(): def test_base_response(): - # unicode response = wrappers.BaseResponse("öäü") strict_eq(response.get_data(), "öäü".encode()) From 38f9cbf4cbdaeb47a273849d264412c79c92ed60 Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 14 Mar 2020 18:29:53 -0700 Subject: [PATCH 148/733] remove compat that checked hasattr --- src/werkzeug/_internal.py | 8 +------- src/werkzeug/routing.py | 7 +------ src/werkzeug/serving.py | 3 +-- 3 files changed, 3 insertions(+), 15 deletions(-) diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py index 498cd36d5..dcc87b1c3 100644 --- a/src/werkzeug/_internal.py +++ b/src/werkzeug/_internal.py @@ -175,19 +175,13 @@ def _log(type, message, *args, **kwargs): def _parse_signature(func): """Return a signature object for the function.""" - if hasattr(func, "im_func"): - func = func.im_func - # if we have a cached validator for this function, return it parse = _signature_cache.get(func) if parse is not None: return parse # inspect the function signature and collect all the information - if hasattr(inspect, "getfullargspec"): - tup = inspect.getfullargspec(func) - else: - tup = inspect.getargspec(func) + tup = inspect.getfullargspec(func) positional, vararg_var, kwarg_var, defaults = tup[:4] defaults = defaults or () arg_count = len(positional) diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index c8accc9c6..cdd5dcadc 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -966,12 +966,7 @@ def _parts(ops): def _join(parts): if len(parts) == 1: # shortcut return parts[0] - elif hasattr(ast, "JoinedStr"): # py36+ - return ast.JoinedStr(parts) - else: - call = _prefix_names('"".join()') - call.args = [ast.Tuple(parts, ast.Load())] - return call + return ast.JoinedStr(parts) body.append( ast.Return(ast.Tuple([_join(dom_parts), _join(url_parts)], ast.Load())) diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index 485016703..8f0bf1468 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -895,8 +895,7 @@ def inner(): s = socket.socket(address_family, socket.SOCK_STREAM) s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) s.bind(server_address) - if hasattr(s, "set_inheritable"): - s.set_inheritable(True) + s.set_inheritable(True) # If we can open the socket by file descriptor, then we can just # reuse this one and our socket will survive the restarts. From 58630b82029a54717043e14c29651f20ff42a9d8 Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 14 Mar 2020 18:48:09 -0700 Subject: [PATCH 149/733] replace "and or" with "if else" --- examples/i18nurls/application.py | 2 +- examples/plnt/sync.py | 2 +- examples/simplewiki/actions.py | 2 +- src/werkzeug/datastructures.py | 6 +++++- src/werkzeug/routing.py | 4 ++-- src/werkzeug/security.py | 2 +- src/werkzeug/serving.py | 2 +- src/werkzeug/urls.py | 2 +- 8 files changed, 13 insertions(+), 9 deletions(-) diff --git a/examples/i18nurls/application.py b/examples/i18nurls/application.py index 47d7db9b4..77ef50f29 100644 --- a/examples/i18nurls/application.py +++ b/examples/i18nurls/application.py @@ -79,7 +79,7 @@ def __call__(self, environ, start_response): req.matched_url = (endpoint, args) if endpoint == "#language_select": lng = req.accept_languages.best - lng = lng and lng.split("-")[0].lower() or "en" + lng = lng.split("-")[0].lower() if lng else "en" index_url = urls.build("index", {"lang_code": lng}) resp = Response("Moved to %s" % index_url, status=302) resp.headers["Location"] = index_url diff --git a/examples/plnt/sync.py b/examples/plnt/sync.py index d5b753cd1..09afa9ecc 100644 --- a/examples/plnt/sync.py +++ b/examples/plnt/sync.py @@ -55,7 +55,7 @@ def sync(): title = entry.get("title") url = entry.get("link") or blog.blog_url text = ( - "content" in entry and entry.content[0] or entry.get("summary_detail") + entry.content[0] if "content" in entry else entry.get("summary_detail") ) if not title or not text: diff --git a/examples/simplewiki/actions.py b/examples/simplewiki/actions.py index c8eb80023..c5997e4df 100644 --- a/examples/simplewiki/actions.py +++ b/examples/simplewiki/actions.py @@ -175,7 +175,7 @@ def on_revert(request, page_name): page = old_revision.page if request.method == "POST": change_note = request.form.get("change_note", "") - change_note = "revert" + (change_note and ": " + change_note or "") + change_note = "revert" + (": " + change_note if change_note else "") session.add(Revision(page, old_revision.text, change_note)) session.commit() return redirect(href(page_name)) diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index aceade942..1a401be49 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -2351,7 +2351,11 @@ class ETags(Container, Iterable): """ def __init__(self, strong_etags=None, weak_etags=None, star_tag=False): - self._strong = frozenset(not star_tag and strong_etags or ()) + if not star_tag and strong_etags: + self._strong = frozenset(strong_etags) + else: + self._strong = frozenset() + self._weak = frozenset(weak_etags or ()) self.star_tag = star_tag diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index cdd5dcadc..073229e38 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -1120,7 +1120,7 @@ def __repr__(self): return "<{} {}{} -> {}>".format( self.__class__.__name__, repr(("".join(tmp)).lstrip("|")), - self.methods is not None and " (%s)" % ", ".join(self.methods) or "", + " (%s)" % ", ".join(self.methods) if self.methods is not None else "", self.endpoint, ) @@ -1839,7 +1839,7 @@ def match( require_redirect = False path = "{}|{}".format( - self.map.host_matching and self.server_name or self.subdomain, + self.server_name if self.map.host_matching else self.subdomain, path_info and "/%s" % path_info.lstrip("/"), ) diff --git a/src/werkzeug/security.py b/src/werkzeug/security.py index 571738493..5ae197d4d 100644 --- a/src/werkzeug/security.py +++ b/src/werkzeug/security.py @@ -131,7 +131,7 @@ def _hash_internal(method, salt, password): if len(args) not in (1, 2): raise ValueError("Invalid number of arguments for PBKDF2") method = args.pop(0) - iterations = args and int(args[0] or 0) or DEFAULT_PBKDF2_ITERATIONS + iterations = int(args[0] or 0) if args else DEFAULT_PBKDF2_ITERATIONS is_pbkdf2 = True actual_method = "pbkdf2:%s:%d" % (method, iterations) else: diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index 8f0bf1468..2f3856d2e 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -351,7 +351,7 @@ def send_response(self, code, message=None): """Send the response header and log the response code.""" self.log_request(code) if message is None: - message = code in self.responses and self.responses[code][0] or "" + message = self.responses[code][0] if code in self.responses else "" if self.request_version != "HTTP/0.9": hdr = "%s %d %s\r\n" % (self.protocol_version, code, message) self.wfile.write(hdr.encode("ascii")) diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py index 10bad94d6..a5bca45ae 100644 --- a/src/werkzeug/urls.py +++ b/src/werkzeug/urls.py @@ -1087,7 +1087,7 @@ def __call__(self, *path, **query): raise TypeError("keyword arguments and query-dicts can't be combined") query, path = path[-1], path[:-1] elif query: - query = {k.endswith("_") and k[:-1] or k: v for k, v in query.items()} + query = {k[:-1] if k.endswith("_") else k: v for k, v in query.items()} path = "/".join( [ _to_str(url_quote(x, self.charset), "ascii") From 0c013a04d6d8a850e249f49aa1b4cf545f109c67 Mon Sep 17 00:00:00 2001 From: David Lord Date: Mon, 16 Mar 2020 09:31:06 -0700 Subject: [PATCH 150/733] f-strings everywhere --- bench/wzbench.py | 27 +++-- docs/levels.rst | 8 +- docs/routing.rst | 2 +- docs/tutorial.rst | 23 +++-- docs/wrappers.rst | 4 +- examples/coolmagic/application.py | 2 +- examples/coolmagic/utils.py | 2 +- examples/couchy/models.py | 8 +- examples/cupoftee/application.py | 2 +- examples/cupoftee/network.py | 4 +- examples/cupoftee/pages.py | 4 +- examples/httpbasicauth.py | 4 +- examples/i18nurls/application.py | 2 +- examples/i18nurls/views.py | 2 +- examples/plnt/database.py | 4 +- examples/plnt/utils.py | 2 +- examples/shortly/shortly.py | 18 ++-- examples/shorty/models.py | 2 +- examples/simplewiki/actions.py | 11 +- examples/simplewiki/application.py | 2 +- examples/simplewiki/database.py | 6 +- examples/simplewiki/utils.py | 6 +- examples/webpylike/webpylike.py | 2 +- src/werkzeug/_internal.py | 41 ++++---- src/werkzeug/_reloader.py | 10 +- src/werkzeug/datastructures.py | 107 ++++++++------------ src/werkzeug/debug/__init__.py | 12 +-- src/werkzeug/debug/console.py | 4 +- src/werkzeug/debug/repr.py | 38 ++++--- src/werkzeug/debug/tbtools.py | 36 +++---- src/werkzeug/exceptions.py | 26 +++-- src/werkzeug/filesystem.py | 2 +- src/werkzeug/formparser.py | 4 +- src/werkzeug/http.py | 68 ++++++------- src/werkzeug/local.py | 6 +- src/werkzeug/middleware/http_proxy.py | 16 ++- src/werkzeug/middleware/lint.py | 27 +++-- src/werkzeug/middleware/profiler.py | 5 +- src/werkzeug/middleware/shared_data.py | 14 ++- src/werkzeug/posixemulation.py | 2 +- src/werkzeug/routing.py | 133 +++++++++++-------------- src/werkzeug/security.py | 2 +- src/werkzeug/serving.py | 20 ++-- src/werkzeug/test.py | 15 ++- src/werkzeug/testapp.py | 18 ++-- src/werkzeug/urls.py | 28 +++--- src/werkzeug/useragents.py | 6 +- src/werkzeug/utils.py | 81 +++++++-------- src/werkzeug/wrappers/base_request.py | 8 +- src/werkzeug/wrappers/base_response.py | 10 +- src/werkzeug/wsgi.py | 16 +-- tests/conftest.py | 18 +--- tests/middleware/test_http_proxy.py | 12 +-- tests/middleware/test_proxy_fix.py | 2 +- tests/multipart/test_collect.py | 10 +- tests/test_debug.py | 40 +++----- tests/test_formparser.py | 8 +- tests/test_routing.py | 49 +++++---- tests/test_serving.py | 47 ++++----- tests/test_test.py | 14 +-- tests/test_urls.py | 4 +- tests/test_wrappers.py | 18 ++-- 62 files changed, 515 insertions(+), 609 deletions(-) diff --git a/bench/wzbench.py b/bench/wzbench.py index 0331d19a5..116568787 100755 --- a/bench/wzbench.py +++ b/bench/wzbench.py @@ -113,7 +113,7 @@ def format_func(func): def bench(func): """Times a single function.""" - sys.stdout.write("%44s " % format_func(func)) + sys.stdout.write(f"{format_func(func):44} ") sys.stdout.flush() # figure out how many times we have to run the function to @@ -139,8 +139,8 @@ def _run(): finally: gc.enable() - delta = median(_run() for x in range(TEST_RUNS)) - sys.stdout.write("%.4f\n" % delta) + delta = median(_run() for _ in range(TEST_RUNS)) + sys.stdout.write(f"{delta:.4f}\n") sys.stdout.flush() return delta @@ -247,12 +247,9 @@ def hg(*x): if abs(1 - d1[key] / d2[key]) < TOLERANCE or abs(delta) < MIN_RESOLUTION: delta = "==" else: - delta = "%+.4f (%+d%%)" % (delta, round(d2[key] / d1[key] * 100 - 100)) - print( - "{:>36} {:.4f} {:.4f} {}".format( - format_func(key), d1[key], d2[key], delta - ) - ) + pct = round(d2[key] / d1[key] * 100 - 100) + delta = f"{delta:+.4f} ({pct:+d}%)" + print(f"{format_func(key):>36} {d1[key]:.4f} {d2[key]:.4f} {delta}") print("-" * 80) @@ -264,18 +261,18 @@ def run(path, no_header=False): print("=" * 80) print("WERKZEUG INTERNAL BENCHMARK".center(80)) print("-" * 80) - print("Path: %s" % path) - print("Version: %s" % wz_version) + print(f"Path: {path}") + print(f"Version: {wz_version}") if hg_tag is not None: - print("HG Tag: %s" % hg_tag) + print(f"HG Tag: {hg_tag}") print("-" * 80) for key, value in sorted(globals().items()): if key.startswith("time_"): - before = globals().get("before_" + key[5:]) + before = globals().get(f"before_{key[5:]}") if before: before() result[key] = bench(value) - after = globals().get("after_" + key[5:]) + after = globals().get(f"after_{key[5:]}") if after: after() print("-" * 80) @@ -283,7 +280,7 @@ def run(path, no_header=False): URL_DECODED_DATA = {str(x): str(x) for x in range(100)} -URL_ENCODED_DATA = "&".join("%s=%s" % x for x in URL_DECODED_DATA.items()) +URL_ENCODED_DATA = "&".join(f"{k}={v}" for k, v in URL_DECODED_DATA.items()) MULTIPART_ENCODED_DATA = "\n".join( ( "--foo", diff --git a/docs/levels.rst b/docs/levels.rst index 1629355f5..fa7b2e4eb 100644 --- a/docs/levels.rst +++ b/docs/levels.rst @@ -15,7 +15,9 @@ Example ======= This example implements a small `Hello World` application that greets the -user with the name entered:: +user with the name entered. + +.. code-block:: python from werkzeug.utils import escape from werkzeug.wrappers import Request, Response @@ -24,7 +26,7 @@ user with the name entered:: def hello_world(request): result = ['Greeter'] if request.method == 'POST': - result.append('

    Hello %s!

    ' % escape(request.form['name'])) + result.append(f"

    Hello {escape(request.form['name'])}!

    ") result.append('''

    Name: @@ -43,7 +45,7 @@ objects but by taking advantage of the parsing functions werkzeug provides:: result = ['Greeter'] if environ['REQUEST_METHOD'] == 'POST': form = parse_form_data(environ)[1] - result.append('

    Hello %s!

    ' % escape(form['name'])) + result.append(f"

    Hello {escape(form['name'])}!

    ") result.append('''

    Name: diff --git a/docs/routing.rst b/docs/routing.rst index b2564e42a..07f7d4236 100644 --- a/docs/routing.rst +++ b/docs/routing.rst @@ -44,7 +44,7 @@ Here is a simple example which could be the URL definition for a blog:: except HTTPException, e: return e(environ, start_response) start_response('200 OK', [('Content-Type', 'text/plain')]) - return ['Rule points to %r with arguments %r' % (endpoint, args)] + return [f'Rule points to {endpoint!r} with arguments {args!r}'] So what does that do? First of all we create a new :class:`Map` which stores a bunch of URL rules. Then we pass it a list of :class:`Rule` objects. diff --git a/docs/tutorial.rst b/docs/tutorial.rst index a548d477d..6cd3f5d7e 100644 --- a/docs/tutorial.rst +++ b/docs/tutorial.rst @@ -89,7 +89,7 @@ against another word):: def application(environ, start_response): request = Request(environ) - text = 'Hello %s!' % request.args.get('name', 'World') + text = f"Hello {request.args.get('name', 'World')}!" response = Response(text, mimetype='text/plain') return response(environ, start_response) @@ -258,7 +258,7 @@ The way we will do it in this tutorial is by calling the method ``on_`` adapter = self.url_map.bind_to_environ(request.environ) try: endpoint, values = adapter.match() - return getattr(self, 'on_' + endpoint)(request, **values) + return getattr(self, f'on_{endpoint}')(request, **values) except HTTPException as e: return e @@ -296,7 +296,10 @@ Let's start with the first view: the one for new URLs:: error = 'Please enter a valid URL' else: short_id = self.insert_url(url) - return redirect('/%s+' % short_id) + return redirect(f"/{short_id}+" + + + ) return self.render_template('new_url.html', error=error, url=url) This logic should be easy to understand. Basically we are checking that @@ -312,13 +315,13 @@ is good enough:: For inserting the URL, all we need is this little method on our class:: def insert_url(self, url): - short_id = self.redis.get('reverse-url:' + url) + short_id = self.redis.get(f'reverse-url:{url}') if short_id is not None: return short_id url_num = self.redis.incr('last-url-id') short_id = base36_encode(url_num) - self.redis.set('url-target:' + short_id, url) - self.redis.set('reverse-url:' + url, short_id) + self.redis.set(f'url-target:{short_id}', url) + self.redis.set(f'reverse-url:{url}', short_id) return short_id ``reverse-url:`` + the URL will store the short id. If the URL was @@ -349,10 +352,10 @@ redis and redirect to it. Additionally we will also increment a counter so that we know how often a link was clicked:: def on_follow_short_link(self, request, short_id): - link_target = self.redis.get('url-target:' + short_id) + link_target = self.redis.get(f'url-target:{short_id') if link_target is None: raise NotFound() - self.redis.incr('click-count:' + short_id) + self.redis.incr(f'click-count:{short_id}') return redirect(link_target) In this case we will raise a :exc:`~werkzeug.exceptions.NotFound` exception @@ -369,10 +372,10 @@ number of times the link was clicked and let it default to zero if such a key does not yet exist:: def on_short_link_details(self, request, short_id): - link_target = self.redis.get('url-target:' + short_id) + link_target = self.redis.get(f'url-target:{short_id}') if link_target is None: raise NotFound() - click_count = int(self.redis.get('click-count:' + short_id) or 0) + click_count = int(self.redis.get(f'click-count:{short_id}') or 0) return self.render_template('short_link_details.html', link_target=link_target, short_id=short_id, diff --git a/docs/wrappers.rst b/docs/wrappers.rst index 9d3de82a9..b59df865c 100644 --- a/docs/wrappers.rst +++ b/docs/wrappers.rst @@ -31,7 +31,7 @@ processing:: def application(environ, start_response): request = Request(environ) - response = Response("Hello %s!" % request.args.get('name', 'World!')) + response = Response(f"Hello {request.args.get('name', 'World!')}!") return response(environ, start_response) Because this is a very common task the :class:`~Request` object provides @@ -41,7 +41,7 @@ a helper for that. The above code can be rewritten like this:: @Request.application def application(request): - return Response("Hello %s!" % request.args.get('name', 'World!')) + return Response(f"Hello {request.args.get('name', 'World!')}!") The `application` is still a valid WSGI application that accepts the environment and `start_response` callable. diff --git a/examples/coolmagic/application.py b/examples/coolmagic/application.py index f6ee8a0b2..a6add0f85 100644 --- a/examples/coolmagic/application.py +++ b/examples/coolmagic/application.py @@ -35,7 +35,7 @@ def __init__(self, config): for fn in listdir(path.join(path.dirname(__file__), "views")): if fn.endswith(".py") and fn != "__init__.py": - __import__("coolmagic.views." + fn[:-3]) + __import__(f"coolmagic.views.{fn[:-3]}") from coolmagic.utils import exported_views diff --git a/examples/coolmagic/utils.py b/examples/coolmagic/utils.py index da301b263..809a54ba9 100644 --- a/examples/coolmagic/utils.py +++ b/examples/coolmagic/utils.py @@ -36,7 +36,7 @@ def export(string, template=None, **extra): """ def wrapped(f): - endpoint = (f.__module__ + "." + f.__name__)[16:] + endpoint = f"{f.__module__}.{f.__name__}"[16:] if template is not None: old_f = f diff --git a/examples/couchy/models.py b/examples/couchy/models.py index 252141f4f..57bb6395f 100644 --- a/examples/couchy/models.py +++ b/examples/couchy/models.py @@ -30,9 +30,9 @@ def store(self): while 1: id = new_id if new_id else get_random_uid() try: - docid = URL.db.resource.put( - content=self._data, path="/%s/" % str(id) - )["id"] + docid = URL.db.resource.put(content=self._data, path=f"/{id}/")[ + "id" + ] except Exception: continue if docid: @@ -47,4 +47,4 @@ def short_url(self): return url_for("link", uid=self.id, _external=True) def __repr__(self): - return "" % self.id + return f"" diff --git a/examples/cupoftee/application.py b/examples/cupoftee/application.py index 2b0b5f2b4..57a7758c0 100644 --- a/examples/cupoftee/application.py +++ b/examples/cupoftee/application.py @@ -77,7 +77,7 @@ def process(self): def render_template(self, template=None): if template is None: - template = self.__class__.identifier + ".html" + template = f"{type(self).identifier}.html" context = dict(self.__dict__) context.update(url_for=self.url_for, self=self) return self.cup.render_template(template, context) diff --git a/examples/cupoftee/network.py b/examples/cupoftee/network.py index c288002dc..85012b373 100644 --- a/examples/cupoftee/network.py +++ b/examples/cupoftee/network.py @@ -38,7 +38,7 @@ def __init__(self, cup): def _sync(self): to_delete = set(self.servers) for x in range(1, 17): - addr = ("master%d.teeworlds.com" % x, 8300) + addr = (f"master{x}.teeworlds.com", 8300) print(addr) try: self._sync_master(addr, to_delete) @@ -62,7 +62,7 @@ def _sync_master(self, addr, to_delete): ".".join(map(str, map(ord, data[n * 6 : n * 6 + 4]))), ord(data[n * 6 + 5]) * 256 + ord(data[n * 6 + 4]), ) - server_id = "%s:%d" % addr + server_id = f"{addr[0]}:{addr[1]}" if server_id in self.servers: if not self.servers[server_id].sync(): continue diff --git a/examples/cupoftee/pages.py b/examples/cupoftee/pages.py index bb36a38bf..b47be0efc 100644 --- a/examples/cupoftee/pages.py +++ b/examples/cupoftee/pages.py @@ -21,11 +21,11 @@ class ServerList(Page): def order_link(self, name, title): cls = "" - link = "?order_by=" + name + link = f"?order_by={name}" desc = False if name == self.order_by: desc = not self.order_desc - cls = ' class="%s"' % ("down" if desc else "up") + cls = f' class="{"down" if desc else "up"}"' if desc: link += "&dir=desc" return f'{title}' diff --git a/examples/httpbasicauth.py b/examples/httpbasicauth.py index af6d8c69a..8303a5d24 100644 --- a/examples/httpbasicauth.py +++ b/examples/httpbasicauth.py @@ -26,11 +26,11 @@ def auth_required(self, request): "Could not verify your access level for that URL.\n" "You have to login with proper credentials", 401, - {"WWW-Authenticate": 'Basic realm="%s"' % self.realm}, + {"WWW-Authenticate": f'Basic realm="{self.realm}"'}, ) def dispatch_request(self, request): - return Response("Logged in as %s" % request.authorization.username) + return Response(f"Logged in as {request.authorization.username}") def __call__(self, environ, start_response): request = Request(environ) diff --git a/examples/i18nurls/application.py b/examples/i18nurls/application.py index 77ef50f29..0d1057781 100644 --- a/examples/i18nurls/application.py +++ b/examples/i18nurls/application.py @@ -81,7 +81,7 @@ def __call__(self, environ, start_response): lng = req.accept_languages.best lng = lng.split("-")[0].lower() if lng else "en" index_url = urls.build("index", {"lang_code": lng}) - resp = Response("Moved to %s" % index_url, status=302) + resp = Response(f"Moved to {index_url}", status=302) resp.headers["Location"] = index_url else: req.language = args.pop("lang_code", None) diff --git a/examples/i18nurls/views.py b/examples/i18nurls/views.py index 6c0ca895c..26ba10197 100644 --- a/examples/i18nurls/views.py +++ b/examples/i18nurls/views.py @@ -21,7 +21,7 @@ def blog_index(req): @expose("blog/show") def blog_show(req, post_id): return TemplateResponse( - "blog.html", title="Blog Post #%d" % post_id, post_id=post_id, mode="show" + "blog.html", title=f"Blog Post #{post_id}", post_id=post_id, mode="show" ) diff --git a/examples/plnt/database.py b/examples/plnt/database.py index 4334dced4..03a3688d9 100644 --- a/examples/plnt/database.py +++ b/examples/plnt/database.py @@ -65,14 +65,14 @@ def __init__(self, name, url, feed_url, description=""): self.description = description def __repr__(self): - return f"<{self.__class__.__name__} {self.url!r}>" + return f"<{type(self).__name__} {self.url!r}>" class Entry: query = session.query_property() def __repr__(self): - return f"<{self.__class__.__name__} {self.guid!r}>" + return f"<{type(self).__name__} {self.guid!r}>" mapper(Entry, entry_table) diff --git a/examples/plnt/utils.py b/examples/plnt/utils.py index 2160fafd9..0f1878f82 100644 --- a/examples/plnt/utils.py +++ b/examples/plnt/utils.py @@ -77,7 +77,7 @@ def render_template(template_name, **context): def nl2p(s): """Add paragraphs to a text.""" - return "\n".join("

    %s

    " % p for p in _par_re.split(s)) + return "\n".join(f"

    {p}

    " for p in _par_re.split(s)) def url_for(endpoint, **kw): diff --git a/examples/shortly/shortly.py b/examples/shortly/shortly.py index abe97e147..f97373111 100644 --- a/examples/shortly/shortly.py +++ b/examples/shortly/shortly.py @@ -69,21 +69,21 @@ def on_new_url(self, request): error = "Please enter a valid URL" else: short_id = self.insert_url(url) - return redirect("/%s+" % short_id) + return redirect(f"/{short_id}+") return self.render_template("new_url.html", error=error, url=url) def on_follow_short_link(self, request, short_id): - link_target = self.redis.get("url-target:" + short_id) + link_target = self.redis.get(f"url-target:{short_id}") if link_target is None: raise NotFound() - self.redis.incr("click-count:" + short_id) + self.redis.incr(f"click-count:{short_id}") return redirect(link_target) def on_short_link_details(self, request, short_id): - link_target = self.redis.get("url-target:" + short_id) + link_target = self.redis.get(f"url-target:{short_id}") if link_target is None: raise NotFound() - click_count = int(self.redis.get("click-count:" + short_id) or 0) + click_count = int(self.redis.get(f"click-count:{short_id}") or 0) return self.render_template( "short_link_details.html", link_target=link_target, @@ -97,13 +97,13 @@ def error_404(self): return response def insert_url(self, url): - short_id = self.redis.get("reverse-url:" + url) + short_id = self.redis.get(f"reverse-url:{url}") if short_id is not None: return short_id url_num = self.redis.incr("last-url-id") short_id = base36_encode(url_num) - self.redis.set("url-target:" + short_id, url) - self.redis.set("reverse-url:" + url, short_id) + self.redis.set(f"url-target:{short_id}", url) + self.redis.set(f"reverse-url:{url}", short_id) return short_id def render_template(self, template_name, **context): @@ -114,7 +114,7 @@ def dispatch_request(self, request): adapter = self.url_map.bind_to_environ(request.environ) try: endpoint, values = adapter.match() - return getattr(self, "on_" + endpoint)(request, **values) + return getattr(self, f"on_{endpoint}")(request, **values) except NotFound: return self.error_404() except HTTPException as e: diff --git a/examples/shorty/models.py b/examples/shorty/models.py index b02b40142..15e2020f1 100644 --- a/examples/shorty/models.py +++ b/examples/shorty/models.py @@ -42,7 +42,7 @@ def short_url(self): return url_for("link", uid=self.uid, _external=True) def __repr__(self): - return "" % self.uid + return f"" mapper(URL, url_table) diff --git a/examples/simplewiki/actions.py b/examples/simplewiki/actions.py index c5997e4df..77384accf 100644 --- a/examples/simplewiki/actions.py +++ b/examples/simplewiki/actions.py @@ -117,8 +117,8 @@ def on_diff(request, page_name): old_rev = revisions[old] page = old_rev.page diff = unified_diff( - (old_rev.text + "\n").splitlines(True), - (new_rev.text + "\n").splitlines(True), + f"{old_rev.text}\n".splitlines(True), + f"{new_rev.text}\n".splitlines(True), page.name, page.name, format_datetime(old_rev.timestamp), @@ -175,7 +175,12 @@ def on_revert(request, page_name): page = old_revision.page if request.method == "POST": change_note = request.form.get("change_note", "") - change_note = "revert" + (": " + change_note if change_note else "") + + if change_note: + change_note = f"revert: {change_note}" + else: + change_note = "revert" + session.add(Revision(page, old_revision.text, change_note)) session.commit() return redirect(href(page_name)) diff --git a/examples/simplewiki/application.py b/examples/simplewiki/application.py index 4d905108e..42769b447 100644 --- a/examples/simplewiki/application.py +++ b/examples/simplewiki/application.py @@ -89,7 +89,7 @@ def dispatch_request(self, environ, start_response): # action module. It's "on_" + the action name. If it doesn't # exists call the missing_action method from the same module. else: - action = getattr(actions, "on_" + action_name, None) + action = getattr(actions, f"on_{action_name}", None) if action is None: response = actions.missing_action(request, action_name) else: diff --git a/examples/simplewiki/database.py b/examples/simplewiki/database.py index 64a135fbf..873684a47 100644 --- a/examples/simplewiki/database.py +++ b/examples/simplewiki/database.py @@ -90,7 +90,7 @@ def render(self): return parse_creole(self.text) def __repr__(self): - return f"<{self.__class__.__name__} {self.page_id!r}:{self.revision_id!r}>" + return f"<{type(self).__name__} {self.page_id!r}:{self.revision_id!r}>" class Page: @@ -109,7 +109,7 @@ def title(self): return self.name.replace("_", " ") def __repr__(self): - return f"<{self.__class__.__name__} {self.name!r}>" + return f"<{type(self).__name__} {self.name!r}>" class RevisionedPage(Page, Revision): @@ -128,7 +128,7 @@ def __init__(self): ) def __repr__(self): - return f"<{self.__class__.__name__} {self.name!r}:{self.revision_id!r}>" + return f"<{type(self).__name__} {self.name!r}:{self.revision_id!r}>" # setup mappers diff --git a/examples/simplewiki/utils.py b/examples/simplewiki/utils.py index 8635ef51a..e8771b3e5 100644 --- a/examples/simplewiki/utils.py +++ b/examples/simplewiki/utils.py @@ -66,11 +66,11 @@ def href(*args, **kw): Simple function for URL generation. Position arguments are used for the URL path and keyword arguments are used for the url parameters. """ - result = [(request.script_root if request else "") + "/"] + result = [f"{request.script_root if request else ''}/"] for idx, arg in enumerate(args): - result.append(("/" if idx else "") + url_quote(arg)) + result.append(f"{'/' if idx else ''}{url_quote(arg)}") if kw: - result.append("?" + url_encode(kw)) + result.append(f"?{url_encode(kw)}") return "".join(result) diff --git a/examples/webpylike/webpylike.py b/examples/webpylike/webpylike.py index 6eb6bfeb9..40e4eee79 100644 --- a/examples/webpylike/webpylike.py +++ b/examples/webpylike/webpylike.py @@ -51,7 +51,7 @@ class WebPyApp: def __init__(self, urls, views): self.urls = [ - (re.compile("^%s$" % urls[i]), urls[i + 1]) for i in range(0, len(urls), 2) + (re.compile(f"^{urls[i]}$"), urls[i + 1]) for i in range(0, len(urls), 2) ] self.views = views diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py index dcc87b1c3..961a43ad6 100644 --- a/src/werkzeug/_internal.py +++ b/src/werkzeug/_internal.py @@ -22,15 +22,13 @@ _logger = None _signature_cache = WeakKeyDictionary() _epoch_ord = date(1970, 1, 1).toordinal() -_legal_cookie_chars = ( - string.ascii_letters + string.digits + "/=!#$%&'*+-.^_`|~:" -).encode("ascii") +_legal_cookie_chars = f"{string.ascii_letters}{string.digits}/=!#$%&'*+-.^_`|~:".encode( + "ascii" +) _cookie_quoting_map = {b",": b"\\054", b";": b"\\073", b'"': b'\\"', b"\\": b"\\\\"} for _i in chain(range(32), range(127, 256)): - _cookie_quoting_map[_i.to_bytes(1, sys.byteorder)] = ("\\%03o" % _i).encode( - "latin1" - ) + _cookie_quoting_map[_i.to_bytes(1, sys.byteorder)] = f"\\{_i:03o}".encode("latin1") _octal_re = re.compile(br"\\[0-3][0-7][0-7]") _quote_re = re.compile(br"[\\].") @@ -73,7 +71,7 @@ def _normalize_string_tuple(tup): is_text = isinstance(next(tupiter, None), str) for arg in tupiter: if isinstance(arg, str) != is_text: - raise TypeError("Cannot mix str and bytes arguments (got %s)" % repr(tup)) + raise TypeError(f"Cannot mix str and bytes arguments (got {tup!r})") return tup @@ -126,9 +124,9 @@ def _wsgi_encoding_dance(s, charset="utf-8", errors="replace"): def _get_environ(obj): env = getattr(obj, "environ", obj) - assert isinstance(env, dict), ( - "%r is not a WSGI environment (has to be a dict)" % type(obj).__name__ - ) + assert isinstance( + env, dict + ), f"{type(obj).__name__!r} is not a WSGI environment (has to be a dict)" return env @@ -310,7 +308,7 @@ def __delete__(self, obj): self.lookup(obj).pop(self.name, None) def __repr__(self): - return f"<{self.__class__.__name__} {self.name}>" + return f"<{type(self).__name__} {self.name}>" def _cookie_quote(b): @@ -501,28 +499,27 @@ def injecting_start_response(status, headers, exc_info=None): return app(environ, injecting_start_response) injecting_start_response("200 OK", [("Content-Type", "text/html")]) return [ - ( - """ + f"""\ About Werkzeug

    Werkzeug

    the Swiss Army knife of Python web development.

    -
    %s\n\n\n
    +
    {gyver}\n\n\n
    -""" - % gyver - ).encode("latin1") +""".encode( + "latin1" + ) ] return easteregged diff --git a/src/werkzeug/_reloader.py b/src/werkzeug/_reloader.py index 503a20d57..c2be5e66a 100644 --- a/src/werkzeug/_reloader.py +++ b/src/werkzeug/_reloader.py @@ -73,7 +73,7 @@ def _get_args_for_reloading(): os.name == "nt" and __main__.__package__ == "" and not os.path.exists(py_script) - and os.path.exists(py_script + ".exe") + and os.path.exists(f"{py_script}.exe") ): # Executed a file, like "python app.py". py_script = os.path.abspath(py_script) @@ -81,7 +81,7 @@ def _get_args_for_reloading(): if os.name == "nt": # Windows entry points have ".exe" extension and should be # called directly. - if not os.path.exists(py_script) and os.path.exists(py_script + ".exe"): + if not os.path.exists(py_script) and os.path.exists(f"{py_script}.exe"): py_script += ".exe" if ( @@ -105,7 +105,7 @@ def _get_args_for_reloading(): name = os.path.splitext(os.path.basename(py_script))[0] if name != "__main__": - py_module += "." + name + py_module += f".{name}" else: # Incorrectly rewritten by pydevd debugger from "-m script" to "script". py_module = py_script @@ -158,7 +158,7 @@ def restart_with_reloader(self): but running the reloader thread. """ while 1: - _log("info", " * Restarting with %s" % self.name) + _log("info", f" * Restarting with {self.name}") args = _get_args_for_reloading() new_environ = os.environ.copy() @@ -173,7 +173,7 @@ def trigger_reload(self, filename): def log_reload(self, filename): filename = os.path.abspath(filename) - _log("info", " * Detected change in %r, reloading" % filename) + _log("info", f" * Detected change in {filename!r}, reloading") class StatReloaderLoop(ReloaderLoop): diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 1a401be49..4b2bc79f3 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -25,7 +25,7 @@ def is_immutable(self): - raise TypeError("%r objects are immutable" % self.__class__.__name__) + raise TypeError(f"{type(self).__name__!r} objects are immutable") def iter_multi_items(mapping): @@ -105,7 +105,7 @@ class ImmutableList(ImmutableListMixin, list): """ def __repr__(self): - return "{}({})".format(self.__class__.__name__, list.__repr__(self)) + return f"{type(self).__name__}({list.__repr__(self)})" class ImmutableDictMixin: @@ -614,7 +614,7 @@ def __deepcopy__(self, memo): return self.deepcopy(memo=memo) def __repr__(self): - return "{}({!r})".format(self.__class__.__name__, list(self.items(multi=True))) + return f"{type(self).__name__}({list(self.items(multi=True))!r})" class _omd_bucket: @@ -1013,7 +1013,7 @@ def extend(self, *args, **kwargs): Support :class:`MultiDict`. Allow passing ``kwargs``. """ if len(args) > 1: - raise TypeError("update expected at most 1 arguments, got %d" % len(args)) + raise TypeError(f"update expected at most 1 arguments, got {len(args)}") if args: for key, value in iter_multi_items(args[0]): @@ -1244,7 +1244,7 @@ def update(self, *args, **kwargs): .. versionadded:: 1.0 """ if len(args) > 1: - raise TypeError("update expected at most 1 arguments, got %d" % len(args)) + raise TypeError(f"update expected at most 1 arguments, got {len(args)}") if args: mapping = args[0] @@ -1290,7 +1290,7 @@ def __str__(self): return "\r\n".join(strs) def __repr__(self): - return "{}({!r})".format(self.__class__.__name__, list(self)) + return f"{type(self).__name__}({list(self)!r})" class ImmutableHeadersMixin: @@ -1373,7 +1373,7 @@ def __getitem__(self, key, _get_mode=False): key = key.upper().replace("-", "_") if key in ("CONTENT_TYPE", "CONTENT_LENGTH"): return _unicodify_header_value(self.environ[key]) - return _unicodify_header_value(self.environ["HTTP_" + key]) + return _unicodify_header_value(self.environ[f"HTTP_{key}"]) def __len__(self): # the iter is necessary because otherwise list calls our @@ -1394,7 +1394,7 @@ def __iter__(self): yield (key.replace("_", "-").title(), _unicodify_header_value(value)) def copy(self): - raise TypeError("cannot create %r copies" % self.__class__.__name__) + raise TypeError(f"cannot create {type(self).__name__!r} copies") class CombinedMultiDict(ImmutableMultiDictMixin, MultiDict): @@ -1428,7 +1428,7 @@ def __init__(self, dicts=None): @classmethod def fromkeys(cls): - raise TypeError("cannot create %r instances by fromkeys" % cls.__name__) + raise TypeError(f"cannot create {cls.__name__!r} instances by fromkeys") def __getitem__(self, key): for d in self.dicts: @@ -1529,7 +1529,7 @@ def __contains__(self, key): has_key = __contains__ def __repr__(self): - return f"{self.__class__.__name__}({self.dicts!r})" + return f"{type(self).__name__}({self.dicts!r})" class FileMultiDict(MultiDict): @@ -1572,7 +1572,7 @@ class ImmutableDict(ImmutableDictMixin, dict): """ def __repr__(self): - return "{}({})".format(self.__class__.__name__, dict.__repr__(self)) + return f"{type(self).__name__}({dict.__repr__(self)})" def copy(self): """Return a shallow mutable copy of this object. Keep in mind that @@ -1708,9 +1708,8 @@ def __contains__(self, value): return False def __repr__(self): - return "{}([{}])".format( - self.__class__.__name__, ", ".join(f"({x!r}, {y})" for x, y in self), - ) + pairs_str = ", ".join(f"({x!r}, {y})" for x, y in self) + return f"{type(self).__name__}([{pairs_str}])" def index(self, key): """Get the position of an entry or raise :exc:`ValueError`. @@ -1817,7 +1816,7 @@ def _value_matches(self, value, item): # value comes from the application, tell the developer when it # doesn't look valid. if "/" not in value: - raise ValueError("invalid mimetype %r" % value) + raise ValueError(f"invalid mimetype {value!r}") # Split the match value into type, subtype, and a sorted list of parameters. normalized_value = _normalize_mime(value) @@ -1826,7 +1825,7 @@ def _value_matches(self, value, item): # "*/*" is the only valid value that can start with "*". if value_type == "*" and value_subtype != "*": - raise ValueError("invalid mimetype %r" % value) + raise ValueError(f"invalid mimetype {value!r}") # Split the accept item into type, subtype, and parameters. normalized_item = _normalize_mime(item) @@ -1949,7 +1948,7 @@ def cache_property(key, empty, type): lambda x: x._get_cache_value(key, empty, type), lambda x, v: x._set_cache_value(key, v, type), lambda x: x._del_cache_value(key), - "accessor for %r" % key, + f"accessor for {key!r}", ) @@ -2038,10 +2037,8 @@ def __str__(self): return self.to_header() def __repr__(self): - return "<{} {}>".format( - self.__class__.__name__, - " ".join(f"{k}={v!r}" for k, v in sorted(self.items())), - ) + kv_str = " ".join(f"{k}={v!r}" for k, v in sorted(self.items())) + return f"<{type(self).__name__} {kv_str}>" class RequestCacheControl(ImmutableDictMixin, _CacheControl): @@ -2100,7 +2097,7 @@ def csp_property(key): lambda x: x._get_value(key), lambda x, v: x._set_value(key, v), lambda x: x._del_value(key), - "accessor for %r" % key, + f"accessor for {key!r}", ) @@ -2176,10 +2173,8 @@ def __str__(self): return self.to_header() def __repr__(self): - return "<{} {}>".format( - self.__class__.__name__, - " ".join(f"{k}={v!r}" for k, v in sorted(self.items())), - ) + kv_str = " ".join(f"{k}={v!r}" for k, v in sorted(self.items())) + return f"<{type(self).__name__} {kv_str}>" class CallbackDict(UpdateDictMixin, dict): @@ -2192,7 +2187,7 @@ def __init__(self, initial=None, on_update=None): self.on_update = on_update def __repr__(self): - return "<{} {}>".format(self.__class__.__name__, dict.__repr__(self)) + return f"<{type(self).__name__} {dict.__repr__(self)}>" class HeaderSet(MutableSet): @@ -2342,7 +2337,7 @@ def __str__(self): return self.to_header() def __repr__(self): - return f"{self.__class__.__name__}({self._headers!r})" + return f"{type(self).__name__}({self._headers!r})" class ETags(Container, Iterable): @@ -2401,7 +2396,7 @@ def to_header(self): if self.star_tag: return "*" return ", ".join( - ['"%s"' % x for x in self._strong] + ['W/"%s"' % x for x in self._weak] + [f'"{x}"' for x in self._strong] + [f'W/"{x}"' for x in self._weak] ) def __call__(self, etag=None, data=None, include_weak=False): @@ -2429,7 +2424,7 @@ def __contains__(self, etag): return self.contains(etag) def __repr__(self): - return "<{} {!r}>".format(self.__class__.__name__, str(self)) + return f"<{type(self).__name__} {str(self)!r}>" class IfRange: @@ -2459,7 +2454,7 @@ def __str__(self): return self.to_header() def __repr__(self): - return "<{} {!r}>".format(self.__class__.__name__, str(self)) + return f"<{type(self).__name__} {str(self)!r}>" class Range: @@ -2484,7 +2479,7 @@ def __init__(self, units, ranges): for start, end in ranges: if start is None or (end is not None and (start < 0 or start >= end)): - raise ValueError("{} is not a valid range.".format((start, end))) + raise ValueError(f"{(start, end)} is not a valid range.") def range_for_length(self, length): """If the range is for bytes, the length is not None and there is @@ -2514,30 +2509,25 @@ def to_header(self): ranges = [] for begin, end in self.ranges: if end is None: - ranges.append("%s-" % begin if begin >= 0 else str(begin)) + ranges.append(f"{begin}-" if begin >= 0 else str(begin)) else: - ranges.append("{}-{}".format(begin, end - 1)) - return "{}={}".format(self.units, ",".join(ranges)) + ranges.append(f"{begin}-{end - 1}") + return f"{self.units}={','.join(ranges)}" def to_content_range_header(self, length): """Converts the object into `Content-Range` HTTP header, based on given length """ - range_for_length = self.range_for_length(length) - if range_for_length is not None: - return "%s %d-%d/%d" % ( - self.units, - range_for_length[0], - range_for_length[1] - 1, - length, - ) + range = self.range_for_length(length) + if range is not None: + return f"{self.units} {range[0]}-{range[1] - 1}/{length}" return None def __str__(self): return self.to_header() def __repr__(self): - return "<{} {!r}>".format(self.__class__.__name__, str(self)) + return f"<{type(self).__name__} {str(self)!r}>" class ContentRange: @@ -2598,7 +2588,7 @@ def to_header(self): length = self.length if self.start is None: return f"{self.units} */{length}" - return "{} {}-{}/{}".format(self.units, self.start, self.stop - 1, length) + return f"{self.units} {self.start}-{self.stop - 1}/{length}" def __nonzero__(self): return self.units is not None @@ -2609,7 +2599,7 @@ def __str__(self): return self.to_header() def __repr__(self): - return "<{} {!r}>".format(self.__class__.__name__, str(self)) + return f"<{type(self).__name__} {str(self)!r}>" class Authorization(ImmutableDictMixin, dict): @@ -2746,27 +2736,18 @@ def to_header(self): """Convert the stored values into a WWW-Authenticate header.""" d = dict(self) auth_type = d.pop("__auth_type__", None) or "basic" - return "{} {}".format( - auth_type.title(), - ", ".join( - [ - "%s=%s" - % ( - key, - quote_header_value( - value, allow_token=key not in self._require_quoting - ), - ) - for key, value in d.items() - ] - ), + kv_items = ( + (k, quote_header_value(v, allow_token=k not in self._require_quoting)) + for k, v in d.items() ) + kv_string = ", ".join([f"{k}={v}" for k, v in kv_items]) + return f"{auth_type.title()} {kv_string}" def __str__(self): return self.to_header() def __repr__(self): - return f"<{self.__class__.__name__} {self.to_header()!r}>" + return f"<{type(self).__name__} {self.to_header()!r}>" def auth_property(name, doc=None): # noqa: B902 """A static helper function for subclasses to add extra authentication @@ -3006,9 +2987,7 @@ def __iter__(self): return iter(self.stream) def __repr__(self): - return "<{}: {!r} ({!r})>".format( - self.__class__.__name__, self.filename, self.content_type, - ) + return f"<{type(self).__name__}: {self.filename!r} ({self.content_type!r})>" # circular dependencies diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py index 9712a625a..278c679c2 100644 --- a/src/werkzeug/debug/__init__.py +++ b/src/werkzeug/debug/__init__.py @@ -169,7 +169,7 @@ def get_pin_and_cookie_name(app): probably_public_bits = [ username, modname, - getattr(app, "__name__", app.__class__.__name__), + getattr(app, "__name__", type(app).__name__), getattr(mod, "__file__", None), ] @@ -187,13 +187,13 @@ def get_pin_and_cookie_name(app): h.update(bit) h.update(b"cookiesalt") - cookie_name = "__wzd" + h.hexdigest()[:20] + cookie_name = f"__wzd{h.hexdigest()[:20]}" # If we need to generate a pin we salt it a bit more so that we don't # end up with the same value and generate out 9 digits if num is None: h.update(b"pinsalt") - num = ("%09d" % int(h.hexdigest(), 16))[:9] + num = f"{int(h.hexdigest(), 16):09d}"[:9] # Format the pincode in groups of digits for easier remembering if # we don't have a result yet. @@ -270,7 +270,7 @@ def __init__( if self.pin is None: _log("warning", " * Debugger PIN disabled. DEBUGGER UNSECURED!") else: - _log("info", " * Debugger PIN: %s" % self.pin) + _log("info", " * Debugger PIN: %s", self.pin) else: self.pin = None @@ -437,7 +437,7 @@ def pin_auth(self, request): if auth: rv.set_cookie( self.pin_cookie_name, - "{}|{}".format(int(time.time()), hash_pin(self.pin)), + f"{int(time.time())}|{hash_pin(self.pin)}", httponly=True, ) elif bad_cookie: @@ -450,7 +450,7 @@ def log_pin_request(self): _log( "info", " * To enable the debugger you need to enter the security pin:" ) - _log("info", " * Debugger pin code: %s" % self.pin) + _log("info", " * Debugger pin code: %s", self.pin) return Response("") def __call__(self, environ, start_response): diff --git a/src/werkzeug/debug/console.py b/src/werkzeug/debug/console.py index 8fdb40fab..ebe7d07ab 100644 --- a/src/werkzeug/debug/console.py +++ b/src/werkzeug/debug/console.py @@ -93,7 +93,7 @@ def displayhook(obj): stream._write(debug_repr(obj)) def __setattr__(self, name, value): - raise AttributeError("read only attribute %s" % name) + raise AttributeError(f"read only attribute {name}") def __dir__(self): return dir(sys.__stdout__) @@ -158,7 +158,7 @@ def __init__(self, globals, locals): _wrap_compiler(self) def runsource(self, source): - source = source.rstrip() + "\n" + source = f"{source.rstrip()}\n" ThreadedStream.push() prompt = "... " if self.more else ">>> " try: diff --git a/src/werkzeug/debug/repr.py b/src/werkzeug/debug/repr.py index f846397b0..c545a74f5 100644 --- a/src/werkzeug/debug/repr.py +++ b/src/werkzeug/debug/repr.py @@ -68,7 +68,7 @@ def __repr__(self): def __call__(self, topic=None): if topic is None: - sys.stdout._write("%s" % repr(self)) + sys.stdout._write(f"{self!r}") return import pydoc @@ -98,8 +98,8 @@ def _add_subclass_info(inner, obj, base): return inner module = "" if obj.__class__.__module__ not in ("__builtin__", "exceptions"): - module = '%s.' % obj.__class__.__module__ - return f"{module}{obj.__class__.__name__}({inner})" + module = f'{obj.__class__.__module__}.' + return f"{module}{type(obj).__name__}({inner})" class DebugReprGenerator: @@ -109,7 +109,7 @@ def __init__(self): def _sequence_repr_maker(left, right, base=object(), limit=8): # noqa: B008, B902 def proxy(self, obj, recursive): if recursive: - return _add_subclass_info(left + "..." + right, obj, base) + return _add_subclass_info(f"{left}...{right}", obj, base) buf = [left] have_extended_section = False for idx, item in enumerate(obj): @@ -138,8 +138,8 @@ def proxy(self, obj, recursive): def regex_repr(self, obj): pattern = repr(obj.pattern) pattern = codecs.decode(pattern, "unicode-escape", "ignore") - pattern = "r" + pattern - return 're.compile(%s)' % pattern + pattern = f"r{pattern}" + return f're.compile({pattern})' def string_repr(self, obj, limit=70): buf = [''] @@ -180,9 +180,8 @@ def dict_repr(self, d, recursive, limit=5): buf.append('') have_extended_section = True buf.append( - '%s: ' - '%s' - % (self.repr(key), self.repr(value)) + f'{self.repr(key)}:' + f' {self.repr(value)}' ) if have_extended_section: buf.append("") @@ -191,13 +190,13 @@ def dict_repr(self, d, recursive, limit=5): def object_repr(self, obj): r = repr(obj) - return '%s' % escape(r) + return f'{escape(r)}' def dispatch_repr(self, obj, recursive): if obj is helper: - return '%r' % helper + return f'{helper!r}' if isinstance(obj, (int, float, complex)): - return '%r' % obj + return f'{obj!r}' if isinstance(obj, str) or isinstance(obj, bytes): return self.string_repr(obj) if isinstance(obj, RegexType): @@ -212,7 +211,7 @@ def dispatch_repr(self, obj, recursive): return self.frozenset_repr(obj, recursive) if isinstance(obj, dict): return self.dict_repr(obj, recursive) - if deque is not None and isinstance(obj, deque): + if isinstance(obj, deque): return self.deque_repr(obj, recursive) return self.object_repr(obj) @@ -221,8 +220,9 @@ def fallback_repr(self): info = "".join(format_exception_only(*sys.exc_info()[:2])) except Exception: info = "?" - return '<broken repr (%s)>' % escape( - info.strip() + return ( + '' + f"<broken repr ({escape(info.strip())})>" ) def repr(self, obj): @@ -259,7 +259,7 @@ def dump_object(self, obj): except Exception: pass title = "Details for" - title += " " + object.__repr__(obj)[1:-1] + title += f" {object.__repr__(obj)[1:-1]}" return self.render_object_dump(items, title, repr) def dump_locals(self, d): @@ -269,13 +269,11 @@ def dump_locals(self, d): def render_object_dump(self, items, title, repr=None): html_items = [] for key, value in items: - html_items.append( - "{}
    {}
    ".format(escape(key), value) - ) + html_items.append(f"{escape(key)}
    {value}
    ") if not html_items: html_items.append("Nothing") return OBJECT_DUMP_HTML % { "title": escape(title), - "repr": "
    %s
    " % repr if repr else "", + "repr": f"
    {repr if repr else ''}
    ", "items": "\n".join(html_items), } diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py index 3e15ac623..4641f34dc 100644 --- a/src/werkzeug/debug/tbtools.py +++ b/src/werkzeug/debug/tbtools.py @@ -236,7 +236,7 @@ def __init__(self, exc_type, exc_value, tb): exception_type = exc_type.__name__ if exc_type.__module__ not in {"builtins", "__builtin__", "exceptions"}: - exception_type = exc_type.__module__ + "." + exception_type + exception_type = f"{exc_type.__module__}.{exception_type}" self.exception_type = exception_type self.groups = [] @@ -273,7 +273,7 @@ def log(self, logfile=None): """Log the ASCII traceback into a file object.""" if logfile is None: logfile = sys.stderr - tb = self.plaintext.rstrip() + "\n" + tb = f"{self.plaintext.rstrip()}\n" logfile.write(_to_native(tb, "utf-8", "replace")) def paste(self): @@ -311,15 +311,15 @@ def render_summary(self, include_title=True): title = "Traceback (most recent call last):" if self.is_syntax_error: - description_wrapper = "
    %s
    " + description = f"
    {escape(self.exception)}
    " else: - description_wrapper = "
    %s
    " + description = f"
    {escape(self.exception)}
    " return SUMMARY_HTML % { "classes": " ".join(classes), - "title": "

    %s

    " % title if title else "", + "title": f"

    {title if title else ''}

    ", "frames": "\n".join(frames), - "description": description_wrapper % escape(self.exception), + "description": description, } def render_full(self, evalex=False, secret=None, evalex_trusted=True): @@ -414,21 +414,16 @@ def exception(self): def render(self, mark_lib=True): out = [] if self.info is not None: - out.append('
  • %s:
    ' % self.info) + out.append(f'
  • {self.info}:
    ') for frame in self.frames: - out.append( - "%s" - % ( - ' title="%s"' % escape(frame.info) if frame.info else "", - frame.render(mark_lib=mark_lib), - ) - ) + title = f' title="{escape(frame.info)}"' if frame.info else "" + out.append(f"{frame.render(mark_lib=mark_lib)}") return "\n".join(out) def render_text(self): out = [] if self.info is not None: - out.append("\n%s:\n" % self.info) + out.append(f"\n{self.info}:\n") out.append("Traceback (most recent call last):") for frame in self.frames: out.append(frame.render_text()) @@ -481,8 +476,9 @@ def is_library(self): ) def render_text(self): - return ' File "{}", line {}, in {}\n {}'.format( - self.filename, self.lineno, self.function_name, self.current_line.strip(), + return ( + f' File "{self.filename}", line {self.lineno}, in {self.function_name}\n' + f" {self.current_line.strip()}" ) def render_line_context(self): @@ -494,8 +490,8 @@ def render_line(line, cls): stripped_line = line.strip() prefix = len(line) - len(stripped_line) rv.append( - '
    %s%s
    ' - % (cls, " " * prefix, escape(stripped_line) or " ") + f'
    {" " * prefix}'
+                f"{escape(stripped_line) if stripped_line else ' '}
    " ) for line in before: @@ -518,7 +514,7 @@ def get_annotated_lines(self): break lineno -= 1 try: - offset = len(inspect.getblock([x.code + "\n" for x in lines[lineno:]])) + offset = len(inspect.getblock([f"{x.code}\n" for x in lines[lineno:]])) except TokenError: offset = 0 for line in lines[lineno : lineno + offset]: diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index b8432bdf8..f9f6ec2e6 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -109,8 +109,9 @@ def __init__(self, arg=None, *args, **kwargs): @property def description(self): if self.show_exception: - return "{}\n{}: {}".format( - self._description, exception.__name__, exception.__str__(self) + return ( + f"{self._description}\n" + f"{exception.__name__}: {exception.__str__(self)}" ) return self._description @@ -133,20 +134,17 @@ def name(self): def get_description(self, environ=None): """Get the description.""" - return "

    %s

    " % escape(self.description).replace("\n", "
    ") + description = escape(self.description).replace("\n", "
    ") + return f"

    {description}

    " def get_body(self, environ=None): """Get the HTML body.""" return ( '\n' - "%(code)s %(name)s\n" - "

    %(name)s

    \n" - "%(description)s\n" - ) % { - "code": self.code, - "name": escape(self.name), - "description": self.get_description(environ), - } + f"{self.code} {escape(self.name)}\n" + f"

    {escape(self.name)}

    \n" + f"{self.get_description(environ)}\n" + ) def get_headers(self, environ=None): """Get a list of headers.""" @@ -186,7 +184,7 @@ def __str__(self): def __repr__(self): code = self.code if self.code is not None else "???" - return f"<{self.__class__.__name__} '{code}: {self.name}'>" + return f"<{type(self).__name__} '{code}: {self.name}'>" class BadRequest(HTTPException): @@ -494,7 +492,7 @@ def __init__(self, length=None, units="bytes", description=None): def get_headers(self, environ=None): headers = HTTPException.get_headers(self, environ) if self.length is not None: - headers.append(("Content-Range", "%s */%d" % (self.units, self.length))) + headers.append(("Content-Range", f"{self.units} */{self.length}")) return headers @@ -789,7 +787,7 @@ def __call__(self, code, *args, **kwargs): if not args and not kwargs and not isinstance(code, int): raise HTTPException(response=code) if code not in self.mapping: - raise LookupError("no exception for %r" % code) + raise LookupError(f"no exception for {code!r}") raise self.mapping[code](*args, **kwargs) diff --git a/src/werkzeug/filesystem.py b/src/werkzeug/filesystem.py index a528a7fa3..60179abd2 100644 --- a/src/werkzeug/filesystem.py +++ b/src/werkzeug/filesystem.py @@ -55,7 +55,7 @@ def get_filesystem_encoding(): if not _warned_about_filesystem_encoding: warnings.warn( "Detected a misconfigured UNIX filesystem: Will use" - " UTF-8 as filesystem encoding instead of {!r}".format(rv), + f" UTF-8 as filesystem encoding instead of {rv!r}", BrokenFilesystemWarning, ) _warned_about_filesystem_encoding = True diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py index 6f11fb8f0..bc7395cc9 100644 --- a/src/werkzeug/formparser.py +++ b/src/werkzeug/formparser.py @@ -305,7 +305,7 @@ def parse_multipart_headers(iterable): break elif line[0] in " \t" and result: key, value = result[-1] - result[-1] = (key, value + "\n " + line[1:]) + result[-1] = (key, f"{value}\n {line[1:]}") else: parts = line.split(":", 1) if len(parts) == 2: @@ -414,7 +414,7 @@ def validate_boundary(self, boundary): if not boundary: self.fail("Missing boundary") if not is_valid_multipart_boundary(boundary): - self.fail("Invalid boundary: %s" % boundary) + self.fail(f"Invalid boundary: {boundary}") if len(boundary) > self.buffer_size: # this should never happen because we check for a minimum size # of 1024 and boundaries may not be longer than 200. The only diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index 7fdf6fbbc..d8d7d3f2f 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -220,7 +220,8 @@ def quote_header_value(value, extra_chars="", allow_token=True): token_chars = _token_chars | set(extra_chars) if set(value).issubset(token_chars): return value - return '"%s"' % value.replace("\\", "\\\\").replace('"', '\\"') + value = value.replace("\\", "\\\\").replace('"', '\\"') + return f'"{value}"' def unquote_header_value(value, is_filename=False): @@ -262,7 +263,7 @@ def dump_options_header(header, options): if value is None: segments.append(key) else: - segments.append("{}={}".format(key, quote_header_value(value))) + segments.append(f"{key}={quote_header_value(value)}") return "; ".join(segments) @@ -288,9 +289,7 @@ def dump_header(iterable, allow_token=True): items.append(key) else: items.append( - "{}={}".format( - key, quote_header_value(value, allow_token=allow_token) - ) + f"{key}={quote_header_value(value, allow_token=allow_token)}" ) else: items = [quote_header_value(x, allow_token=allow_token) for x in iterable] @@ -746,9 +745,9 @@ def quote_etag(etag, weak=False): """ if '"' in etag: raise ValueError("invalid etag") - etag = '"%s"' % etag + etag = f'"{etag}"' if weak: - etag = "W/" + etag + etag = f"W/{etag}" return etag @@ -849,29 +848,24 @@ def _dump_date(d, delim): d = d.utctimetuple() elif isinstance(d, (int, float)): d = gmtime(d) - return "%s, %02d%s%s%s%s %02d:%02d:%02d GMT" % ( - ("Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun")[d.tm_wday], - d.tm_mday, - delim, - ( - "Jan", - "Feb", - "Mar", - "Apr", - "May", - "Jun", - "Jul", - "Aug", - "Sep", - "Oct", - "Nov", - "Dec", - )[d.tm_mon - 1], - delim, - str(d.tm_year), - d.tm_hour, - d.tm_min, - d.tm_sec, + weekday = ("Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun")[d.tm_wday] + month = ( + "Jan", + "Feb", + "Mar", + "Apr", + "May", + "Jun", + "Jul", + "Aug", + "Sep", + "Oct", + "Nov", + "Dec", + )[d.tm_mon - 1] + return ( + f"{weekday}, {d.tm_mday:02d}{delim}{month}{delim}{d.tm_year}" + f" {d.tm_hour:02d}:{d.tm_min:02d}:{d.tm_sec:02d} GMT" ) @@ -1235,16 +1229,10 @@ def dump_cookie( if max_size and cookie_size > max_size: value_size = len(value) warnings.warn( - 'The "{key}" cookie is too large: the value was {value_size} bytes' - " but the header required {extra_size} extra bytes. The final size" - " was {cookie_size} bytes but the limit is {max_size} bytes." - " Browsers may silently ignore cookies larger than this.".format( - key=key, - value_size=value_size, - extra_size=cookie_size - value_size, - cookie_size=cookie_size, - max_size=max_size, - ), + f'The "{key}" cookie is too large: the value was {value_size} bytes but the' + f" header required {cookie_size - value_size} extra bytes. The final size" + f" was {cookie_size} bytes but the limit is {max_size} bytes. Browsers may" + f" silently ignore cookies larger than this.", stacklevel=2, ) diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py index 7078e5ccb..69c9746b5 100644 --- a/src/werkzeug/local.py +++ b/src/werkzeug/local.py @@ -245,7 +245,7 @@ def application(environ, start_response): return update_wrapper(self.make_middleware(func), func) def __repr__(self): - return "<%s storages: %d>" % (self.__class__.__name__, len(self.locals)) + return f"<{type(self).__name__} storages: {len(self.locals)}>" class LocalProxy: @@ -304,7 +304,7 @@ def _get_current_object(self): try: return getattr(self.__local, self.__name__) except AttributeError: - raise RuntimeError("no object bound to %s" % self.__name__) + raise RuntimeError(f"no object bound to {self.__name__}") @property def __dict__(self): @@ -317,7 +317,7 @@ def __repr__(self): try: obj = self._get_current_object() except RuntimeError: - return "<%s unbound>" % self.__class__.__name__ + return f"<{type(self).__name__} unbound>" return repr(obj) def __bool__(self): diff --git a/src/werkzeug/middleware/http_proxy.py b/src/werkzeug/middleware/http_proxy.py index 27110910d..efccb1b3c 100644 --- a/src/werkzeug/middleware/http_proxy.py +++ b/src/werkzeug/middleware/http_proxy.py @@ -80,7 +80,7 @@ def _set_defaults(opts): self.app = app self.targets = { - "/%s/" % k.strip("/"): _set_defaults(v) for k, v in targets.items() + f"/{k.strip('/')}/": _set_defaults(v) for k, v in targets.items() } self.chunk_size = chunk_size self.timeout = timeout @@ -109,9 +109,8 @@ def application(environ, start_response): remote_path = path if opts["remove_prefix"]: - remote_path = "{}/{}".format( - target.path.rstrip("/"), remote_path[len(prefix) :].lstrip("/"), - ) + remote_path = remote_path[len(prefix) :].lstrip("/") + remote_path = f"{target.path.rstrip('/')}/{remote_path}" content_length = environ.get("CONTENT_LENGTH") chunked = False @@ -136,9 +135,8 @@ def application(environ, start_response): ) else: raise RuntimeError( - "Target scheme must be 'http' or 'https', got '{}'.".format( - target.scheme - ) + "Target scheme must be 'http' or 'https', got" + f" {target.scheme!r}." ) con.connect() @@ -146,7 +144,7 @@ def application(environ, start_response): querystring = environ["QUERY_STRING"] if querystring: - remote_url = remote_url + "?" + querystring + remote_url = f"{remote_url}?{querystring}" con.putrequest(environ["REQUEST_METHOD"], remote_url, skip_host=True) @@ -177,7 +175,7 @@ def application(environ, start_response): return BadGateway()(environ, start_response) start_response( - "%d %s" % (resp.status, resp.reason), + f"{resp.status} {resp.reason}", [ (k.title(), v) for k, v in resp.getheaders() diff --git a/src/werkzeug/middleware/lint.py b/src/werkzeug/middleware/lint.py index 66e62c57b..c2b373195 100644 --- a/src/werkzeug/middleware/lint.py +++ b/src/werkzeug/middleware/lint.py @@ -31,8 +31,7 @@ class HTTPWarning(Warning): def check_string(context, obj, stacklevel=3): if type(obj) is not str: warn( - "'{}' requires strings, got '{}'".format(context, type(obj).__name__), - WSGIWarning, + f"'{context}' requires strings, got '{type(obj).__name__}'", WSGIWarning, ) @@ -165,20 +164,18 @@ def close(self): key ): warn( - "Entity header %r found in 304 response." % key, HTTPWarning + f"Entity header {key!r} found in 304 response.", HTTPWarning ) if bytes_sent: warn("304 responses must not have a body.", HTTPWarning) elif 100 <= status_code < 200 or status_code == 204: if content_length != 0: warn( - "%r responses must have an empty content length." % status_code, + f"{status_code} responses must have an empty content length.", HTTPWarning, ) if bytes_sent: - warn( - "%r responses must not have a body." % status_code, HTTPWarning - ) + warn(f"{status_code} responses must not have a body.", HTTPWarning) elif content_length is not None and content_length != bytes_sent: warn( "Content-Length and the number of bytes sent to the client do not" @@ -242,7 +239,7 @@ def check_environ(self, environ): ): if key not in environ: warn( - "Required environment key %r not found" % key, + f"Required environment key {key!r} not found", WSGIWarning, stacklevel=3, ) @@ -254,14 +251,14 @@ def check_environ(self, environ): if script_name and script_name[0] != "/": warn( - "'SCRIPT_NAME' does not start with a slash: %r" % script_name, + f"'SCRIPT_NAME' does not start with a slash: {script_name!r}", WSGIWarning, stacklevel=3, ) if path_info and path_info[0] != "/": warn( - "'PATH_INFO' does not start with a slash: %r" % path_info, + f"'PATH_INFO' does not start with a slash: {path_info!r}", WSGIWarning, stacklevel=3, ) @@ -276,7 +273,7 @@ def check_start_response(self, status, headers, exc_info): if len(status) < 4 or status[3] != " ": warn( WSGIWarning( - "Invalid value for status %r. Valid " + f"Invalid value for status {status!r}. Valid " "status strings are three digits, a space " "and a status explanation" ), @@ -342,9 +339,9 @@ def check_headers(self, headers): def check_iterator(self, app_iter): if isinstance(app_iter, str): warn( - "The application returned astring. The response will send one character" - " at a time to the client, which will kill performance. Return a list" - " or iterable instead.", + "The application returned a string. The response will send one" + " character at a time to the client, which will kill performance." + " Return a list or iterable instead.", WSGIWarning, stacklevel=3, ) @@ -374,7 +371,7 @@ def __call__(self, *args, **kwargs): def checking_start_response(*args, **kwargs): if len(args) not in (2, 3): warn( - "Invalid number of arguments: %s, expected 2 or 3." % len(args), + f"Invalid number of arguments: {len(args)}, expected 2 or 3.", WSGIWarning, stacklevel=2, ) diff --git a/src/werkzeug/middleware/profiler.py b/src/werkzeug/middleware/profiler.py index 7999fa4b6..60239cf15 100644 --- a/src/werkzeug/middleware/profiler.py +++ b/src/werkzeug/middleware/profiler.py @@ -123,8 +123,9 @@ def runapp(): stats = Stats(profile, stream=self._stream) stats.sort_stats(*self._sort_by) print("-" * 80, file=self._stream) - print("PATH: {!r}".format(environ.get("PATH_INFO", "")), file=self._stream) + path_info = environ.get("PATH_INFO", "") + print(f"PATH: {path_info!r}", file=self._stream) stats.print_stats(*self._restrictions) - print("-" * 80 + "\n", file=self._stream) + print(f"{'-' * 80}\n", file=self._stream) return [body] diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py index 22415474a..fa3509346 100644 --- a/src/werkzeug/middleware/shared_data.py +++ b/src/werkzeug/middleware/shared_data.py @@ -115,7 +115,7 @@ def __init__( else: loader = self.get_directory_loader(value) else: - raise TypeError("unknown def %r" % value) + raise TypeError(f"unknown def {value!r}") self.exports.append((key, loader)) @@ -224,11 +224,9 @@ def generate_etag(self, mtime, file_size, real_filename): if not isinstance(real_filename, bytes): real_filename = real_filename.encode(get_filesystem_encoding()) - return "wzsdm-%d-%s-%s" % ( - mktime(mtime.timetuple()), - file_size, - adler32(real_filename) & 0xFFFFFFFF, - ) + timestamp = mktime(mtime.timetuple()) + checksum = adler32(real_filename) & 0xFFFFFFFF + return f"wzsdm-{timestamp}-{file_size}-{checksum}" def __call__(self, environ, start_response): path = get_path_info(environ) @@ -264,8 +262,8 @@ def __call__(self, environ, start_response): timeout = self.cache_timeout etag = self.generate_etag(mtime, file_size, real_filename) headers += [ - ("Etag", '"%s"' % etag), - ("Cache-Control", "max-age=%d, public" % timeout), + ("Etag", f'"{etag}"'), + ("Cache-Control", f"max-age={timeout}, public"), ] if not is_resource_modified(environ, etag, last_modified=mtime): diff --git a/src/werkzeug/posixemulation.py b/src/werkzeug/posixemulation.py index 7bce09eb5..f8799279e 100644 --- a/src/werkzeug/posixemulation.py +++ b/src/werkzeug/posixemulation.py @@ -102,7 +102,7 @@ def rename(src, dst): except OSError as e: if e.errno != errno.EEXIST: raise - old = "{}-{:08x}".format(dst, random.randint(0, sys.maxsize)) + old = f"{dst}-{random.randint(0, sys.maxsize):08x}" os.rename(dst, old) os.rename(src, dst) try: diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index 073229e38..86292e161 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -211,14 +211,14 @@ def parse_rule(rule): variable = data["variable"] converter = data["converter"] or "default" if variable in used_names: - raise ValueError("variable name %r used twice." % variable) + raise ValueError(f"variable name {variable!r} used twice.") used_names.add(variable) yield converter, data["args"] or None, variable pos = m.end() if pos < end: remaining = rule[pos:] if ">" in remaining or "<" in remaining: - raise ValueError("malformed url rule: %r" % rule) + raise ValueError(f"malformed url rule: {rule!r}") yield None, None, remaining @@ -297,28 +297,28 @@ def _score_rule(rule): def __str__(self): message = [] - message.append("Could not build url for endpoint %r" % self.endpoint) + message.append(f"Could not build url for endpoint {self.endpoint!r}") if self.method: - message.append(" (%r)" % self.method) + message.append(f" ({self.method!r})") if self.values: - message.append(" with values %r" % sorted(self.values.keys())) + message.append(f" with values {sorted(self.values)!r}") message.append(".") if self.suggested: if self.endpoint == self.suggested.endpoint: if self.method and self.method not in self.suggested.methods: message.append( - " Did you mean to use methods %r?" - % sorted(self.suggested.methods) + " Did you mean to use methods" + f" {sorted(self.suggested.methods)!r}?" ) missing_values = self.suggested.arguments.union( set(self.suggested.defaults or ()) ) - set(self.values.keys()) if missing_values: message.append( - " Did you forget to specify values %r?" % sorted(missing_values) + f" Did you forget to specify values {sorted(missing_values)!r}?" ) else: - message.append(" Did you mean %r instead?" % self.suggested.endpoint) + message.append(f" Did you mean {self.suggested.endpoint!r} instead?") return "".join(message) @@ -498,7 +498,7 @@ def _prefix_names(src): tree = tree.value for node in ast.walk(tree): if isinstance(node, ast.Name): - node.id = "." + node.id + node.id = f".{node.id}" return tree @@ -596,7 +596,7 @@ class Rule(RuleFactory): def foo_with_slug(adapter, id): # ask the database for the slug for the old id. this of # course has nothing to do with werkzeug. - return 'foo/' + Foo.get_slug_for_id(id) + return f'foo/{Foo.get_slug_for_id(id)}' url_map = Map([ Rule('/foo/', endpoint='foo'), @@ -763,7 +763,7 @@ def get_converter(self, variable_name, converter_name, args, kwargs): .. versionadded:: 0.9 """ if converter_name not in self.map.converters: - raise LookupError("the converter %r does not exist" % converter_name) + raise LookupError(f"the converter {converter_name!r} does not exist") return self.map.converters[converter_name](self.map, *args, **kwargs) def _encode_query_vars(self, query_vars): @@ -836,11 +836,11 @@ def _build_regex(rule): if not (self.is_leaf and self.strict_slashes): reps = "*" if self.merge_slashes else "?" - tail = "(?/%s)" % reps + tail = f"(?/{reps})" else: tail = "" - regex = "^{}{}$".format("".join(regex_parts), tail) + regex = f"^{''.join(regex_parts)}{tail}$" self._regex = re.compile(regex) def match(self, path, method=None): @@ -1110,19 +1110,16 @@ def __str__(self): def __repr__(self): if self.map is None: - return "<%s (unbound)>" % self.__class__.__name__ - tmp = [] + return f"<{type(self).__name__} (unbound)>" + parts = [] for is_dynamic, data in self._trace: if is_dynamic: - tmp.append("<%s>" % data) + parts.append(f"<{data}>") else: - tmp.append(data) - return "<{} {}{} -> {}>".format( - self.__class__.__name__, - repr(("".join(tmp)).lstrip("|")), - " (%s)" % ", ".join(self.methods) if self.methods is not None else "", - self.endpoint, - ) + parts.append(data) + parts = "".join(parts).lstrip("|") + methods = f" ({', '.join(self.methods)})" if self.methods is not None else "" + return f"<{type(self).__name__} {parts!r}{methods} -> {self.endpoint}>" class BaseConverter: @@ -1164,14 +1161,14 @@ class UnicodeConverter(BaseConverter): def __init__(self, map, minlength=1, maxlength=None, length=None): BaseConverter.__init__(self, map) if length is not None: - length = "{%d}" % int(length) + length = f"{{{int(length)}}}" else: if maxlength is None: maxlength = "" else: maxlength = int(maxlength) - length = "{{{},{}}}".format(int(minlength), maxlength) - self.regex = "[^/]" + length + length = f"{{{int(minlength)},{maxlength}}}" + self.regex = f"[^/]{length}" class AnyConverter(BaseConverter): @@ -1187,7 +1184,7 @@ class AnyConverter(BaseConverter): def __init__(self, map, *items): BaseConverter.__init__(self, map) - self.regex = "(?:%s)" % "|".join([re.escape(x) for x in items]) + self.regex = f"(?:{'|'.join([re.escape(x) for x in items])})" class PathConverter(BaseConverter): @@ -1234,12 +1231,12 @@ def to_python(self, value): def to_url(self, value): value = self.num_convert(value) if self.fixed_digits: - value = ("%%0%sd" % self.fixed_digits) % value + value = str(value).zfill(self.fixed_digits) return str(value) @property def signed_regex(self): - return r"-?" + self.regex + return f"-?{self.regex}" class IntegerConverter(NumberConverter): @@ -1595,8 +1592,8 @@ def bind_to_environ(self, environ, server_name=None, subdomain=None): # earlier we go by an invalid subdomain which will result # in a 404 error on matching. warnings.warn( - "Current server name '{}' doesn't match configured" - " server name '{}'".format(wsgi_server_name, server_name), + f"Current server name {wsgi_server_name!r} doesn't match configured" + f" server name {server_name!r}", stacklevel=2, ) subdomain = "" @@ -1640,7 +1637,7 @@ def update(self): def __repr__(self): rules = self.iter_rules() - return "{}({})".format(self.__class__.__name__, pformat(list(rules))) + return f"{type(self).__name__}({pformat(list(rules))})" class MapAdapter: @@ -1838,10 +1835,9 @@ def match( require_redirect = False - path = "{}|{}".format( - self.server_name if self.map.host_matching else self.subdomain, - path_info and "/%s" % path_info.lstrip("/"), - ) + domain_part = self.server_name if self.map.host_matching else self.subdomain + path_part = f"/{path_info.lstrip('/')}" if path_info else "" + path = f"{domain_part}|{path_part}" have_match_for = set() websocket_mismatch = False @@ -1887,18 +1883,16 @@ def _handle_match(match): redirect_url = _simple_rule_re.sub(_handle_match, rule.redirect_to) else: redirect_url = rule.redirect_to(self, **rv) + + if self.subdomain: + netloc = f"{self.subdomain}.{self.server_name}" + else: + netloc = self.server_name + raise RequestRedirect( - str( - url_join( - "%s://%s%s%s" - % ( - self.url_scheme or "http", - self.subdomain + "." if self.subdomain else "", - self.server_name, - self.script_name, - ), - redirect_url, - ) + url_join( + f"{self.url_scheme or 'http'}://{netloc}{self.script_name}", + redirect_url, ) ) @@ -1966,7 +1960,11 @@ def get_host(self, domain_part): subdomain = self.subdomain else: subdomain = _to_str(subdomain, "ascii") - return (subdomain + "." if subdomain else "") + self.server_name + + if subdomain: + return f"{subdomain}.{self.server_name}" + else: + return self.server_name def get_default_redirect(self, rule, method, values, query_args): """A helper that returns the URL to redirect to if it finds one. @@ -1996,20 +1994,15 @@ def make_redirect_url(self, path_info, query_args=None, domain_part=None): :internal: """ - suffix = "" if query_args: - suffix = "?" + self.encode_query_args(query_args) - return str( - "%s://%s/%s%s" - % ( - self.url_scheme or "http", - self.get_host(domain_part), - posixpath.join( - self.script_name[:-1].lstrip("/"), path_info.lstrip("/") - ), - suffix, - ) - ) + suffix = f"?{self.encode_query_args(query_args)}" + else: + suffix = "" + + scheme = self.url_scheme or "http" + host = self.get_host(domain_part) + path = posixpath.join(self.script_name.strip("/"), path_info.lstrip("/")) + return f"{scheme}://{host}/{path}{suffix}" def make_alias_redirect_url(self, path, endpoint, values, method, query_args): """Internally called to make an alias redirect URL.""" @@ -2017,7 +2010,7 @@ def make_alias_redirect_url(self, path, endpoint, values, method, query_args): endpoint, values, method, append_unknown=False, force_external=True ) if query_args: - url += "?" + self.encode_query_args(query_args) + url += f"?{self.encode_query_args(query_args)}" assert url != path, "detected invalid alias setting. No canonical URL found" return url @@ -2184,13 +2177,7 @@ def build( (self.map.host_matching and host == self.server_name) or (not self.map.host_matching and domain_part == self.subdomain) ): - return "{}/{}".format(self.script_name.rstrip("/"), path.lstrip("/")) - return str( - "%s//%s%s/%s" - % ( - url_scheme + ":" if url_scheme else "", - host, - self.script_name[:-1], - path.lstrip("/"), - ) - ) + return f"{self.script_name.rstrip('/')}/{path.lstrip('/')}" + + scheme = f"{url_scheme}:" if url_scheme else "" + return f"{scheme}//{host}{self.script_name[:-1]}/{path.lstrip('/')}" diff --git a/src/werkzeug/security.py b/src/werkzeug/security.py index 5ae197d4d..8c991f008 100644 --- a/src/werkzeug/security.py +++ b/src/werkzeug/security.py @@ -133,7 +133,7 @@ def _hash_internal(method, salt, password): method = args.pop(0) iterations = int(args[0] or 0) if args else DEFAULT_PBKDF2_ITERATIONS is_pbkdf2 = True - actual_method = "pbkdf2:%s:%d" % (method, iterations) + actual_method = f"pbkdf2:{method}:{iterations}" else: is_pbkdf2 = False actual_method = method diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index 2f3856d2e..cfa6812ca 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -145,7 +145,7 @@ class WSGIRequestHandler(BaseHTTPRequestHandler): def server_version(self): from . import __version__ - return "Werkzeug/" + __version__ + return f"Werkzeug/{__version__}" def make_environ(self): request_url = url_parse(self.path) @@ -200,9 +200,9 @@ def shutdown_server(): key = key.upper().replace("-", "_") value = value.replace("\r\n", "") if key not in ("CONTENT_TYPE", "CONTENT_LENGTH"): - key = "HTTP_" + key + key = f"HTTP_{key}" if key in environ: - value = "{},{}".format(environ[key], value) + value = f"{environ[key]},{value}" environ[key] = value if environ.get("HTTP_TRANSFER_ENCODING", "").strip().lower() == "chunked": @@ -353,7 +353,7 @@ def send_response(self, code, message=None): if message is None: message = self.responses[code][0] if code in self.responses else "" if self.request_version != "HTTP/0.9": - hdr = "%s %d %s\r\n" % (self.protocol_version, code, message) + hdr = f"{self.protocol_version} {code} {message}\r\n" self.wfile.write(hdr.encode("ascii")) def version_string(self): @@ -411,8 +411,8 @@ def log_message(self, format, *args): def log(self, type, message, *args): _log( type, - "%s - - [%s] %s\n" - % (self.address_string(), self.log_date_time_string(), message % args), + f"{self.address_string()} - - [{self.log_date_time_string()}] {message}\n", + *args, ) @@ -484,8 +484,8 @@ def make_ssl_devcert(base_path, host=None, cn=None): from cryptography.hazmat.primitives import serialization - cert_file = base_path + ".crt" - pkey_file = base_path + ".key" + cert_file = f"{base_path}.crt" + pkey_file = f"{base_path}.key" with open(cert_file, "wb") as f: f.write(cert.public_bytes(serialization.Encoding.PEM)) @@ -844,7 +844,7 @@ def log_startup(sock): _log("info", " * Running on %s %s", display_hostname, quit_msg) else: if ":" in display_hostname: - display_hostname = "[%s]" % display_hostname + display_hostname = f"[{display_hostname}]" port = sock.getsockname()[1] _log( "info", @@ -906,7 +906,7 @@ def inner(): else: s.close() if address_family == af_unix: - _log("info", "Unlinking %s" % server_address) + _log("info", "Unlinking %s", server_address) os.unlink(server_address) from ._reloader import run_with_reloader diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index 0ca7bd351..a0e3557a4 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -96,10 +96,10 @@ def write(string): or "application/octet-stream" ) if filename is not None: - write('; filename="%s"\r\n' % filename) + write(f'; filename="{filename}"\r\n') else: write("\r\n") - write("Content-Type: %s\r\n\r\n" % content_type) + write(f"Content-Type: {content_type}\r\n\r\n") while 1: chunk = reader(16384) if not chunk: @@ -113,7 +113,7 @@ def write(string): write("\r\n\r\n") write_binary(value) write("\r\n") - write("--%s--\r\n" % boundary) + write(f"--{boundary}--\r\n") length = int(_closure[0].tell()) _closure[0].seek(0) @@ -674,9 +674,8 @@ def get_environ(self): input_stream, content_length, boundary = stream_encode_multipart( values, charset=self.charset ) - content_type = mimetype + '; boundary="%s"' % boundary + content_type = f'{mimetype}; boundary="{boundary}"' elif mimetype == "application/x-www-form-urlencoded": - # XXX: py2v3 review values = url_encode(self.form, charset=self.charset) values = values.encode("ascii") content_length = len(values) @@ -730,7 +729,7 @@ def _path_encode(x): combined_headers = defaultdict(list) for key, value in headers.to_wsgi_list(): - combined_headers["HTTP_%s" % key.upper().replace("-", "_")].append(value) + combined_headers[f"HTTP_{key.upper().replace('-', '_')}"].append(value) for key, values in combined_headers.items(): result[key] = ", ".join(values) @@ -836,7 +835,7 @@ def set_cookie( charset, samesite=samesite, ) - environ = create_environ(path, base_url="http://" + server_name) + environ = create_environ(path, base_url=f"http://{server_name}") headers = [("Set-Cookie", header)] self.cookie_jar.extract_wsgi(environ, headers) @@ -1033,7 +1032,7 @@ def trace(self, *args, **kw): return self.open(*args, **kw) def __repr__(self): - return f"<{self.__class__.__name__} {self.application!r}>" + return f"<{type(self).__name__} {self.application!r}>" def create_environ(*args, **kwargs): diff --git a/src/werkzeug/testapp.py b/src/werkzeug/testapp.py index d193f6ce7..883cefddd 100644 --- a/src/werkzeug/testapp.py +++ b/src/werkzeug/testapp.py @@ -145,7 +145,7 @@ def iter_sys_path(): def strip(x): prefix = os.path.expanduser("~") if x.startswith(prefix): - x = "~" + x[len(prefix) :] + x = f"~{x[len(prefix) :]}" return x else: @@ -173,18 +173,14 @@ def render_testapp(req): except (ValueError, AttributeError): version = "unknown" python_eggs.append( - "
  • {} [{}]".format( - escape(egg.project_name), escape(version) - ) + f"
  • {escape(egg.project_name)} [{escape(version)}]" ) wsgi_env = [] sorted_environ = sorted(req.environ.items(), key=lambda x: repr(x[0]).lower()) for key, value in sorted_environ: - wsgi_env.append( - "%s%s" - % (escape(str(key)), " ".join(wrap(escape(repr(value))))) - ) + value = "".join(wrap(escape(repr(value)))) + wsgi_env.append(f"{escape(str(key))}{value}") sys_path = [] for item, virtual, expanded in iter_sys_path(): @@ -193,10 +189,8 @@ def render_testapp(req): class_.append("virtual") if expanded: class_.append("exp") - sys_path.append( - "%s" - % (' class="%s"' % " ".join(class_) if class_ else "", escape(item)) - ) + class_ = f' class="{" ".join(class_)}"' if class_ else "" + sys_path.append(f"{escape(item)}") return ( TEMPLATE diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py index a5bca45ae..c754f1a29 100644 --- a/src/werkzeug/urls.py +++ b/src/werkzeug/urls.py @@ -30,8 +30,12 @@ ) _hexdigits = "0123456789ABCDEFabcdef" -_hextobyte = {(a + b).encode(): int(a + b, 16) for a in _hexdigits for b in _hexdigits} -_bytetohex = [("%%%02X" % char).encode("ascii") for char in range(256)] +_hextobyte = { + f"{a}{b}".encode("ascii"): int(f"{a}{b}", 16) + for a in _hexdigits + for b in _hexdigits +} +_bytetohex = [f"%{char:02X}".encode("ascii") for char in range(256)] _URLTuple = namedtuple("_URLTuple", ["scheme", "netloc", "path", "query", "fragment"]) @@ -146,10 +150,10 @@ def decode_netloc(self): rv = _decode_idna(self.host or "") if ":" in rv: - rv = "[%s]" % rv + rv = f"[{rv}]" port = self.port if port is not None: - rv = "%s:%d" % (rv, port) + rv = f"{rv}:{port}" auth = ":".join( filter( None, @@ -216,7 +220,7 @@ def get_file_location(self, pathformat=None): if pathformat == "windows": if path[:1] == "/" and path[1:2].isalpha() and path[2:3] in "|:": - path = path[1:2] + ":" + path[3:] + path = f"{path[1:2]}:{path[3:]}" windows_share = path[:3] in ("\\" * 3, "/" * 3) import ntpath @@ -237,7 +241,7 @@ def get_file_location(self, pathformat=None): path = posixpath.normpath(path) else: - raise TypeError("Invalid path format %s" % repr(pathformat)) + raise TypeError(f"Invalid path format {pathformat!r}") if host in ("127.0.0.1", "::1", "localhost"): host = None @@ -297,10 +301,10 @@ def encode_netloc(self): """Encodes the netloc part to an ASCII safe URL as bytes.""" rv = self.ascii_host or "" if ":" in rv: - rv = "[%s]" % rv + rv = f"[{rv}]" port = self.port if port is not None: - rv = "%s:%d" % (rv, port) + rv = f"{rv}:{port}" auth = ":".join( filter( None, @@ -403,7 +407,7 @@ def _url_encode_impl(obj, charset, sort, key): key = str(key).encode(charset) if not isinstance(value, bytes): value = str(value).encode(charset) - yield _fast_url_quote_plus(key) + "=" + _fast_url_quote_plus(value) + yield f"{_fast_url_quote_plus(key)}={_fast_url_quote_plus(value)}" def _url_unquote_legacy(value, unsafe=""): @@ -480,7 +484,7 @@ def _make_fast_url_quote(charset="utf-8", errors="strict", safe="/:", unsafe="") unsafe = unsafe.encode(charset, errors) safe = (frozenset(bytearray(safe)) | _always_safe) - frozenset(bytearray(unsafe)) - table = [chr(c) if c in safe else "%%%02X" % c for c in range(256)] + table = [chr(c) if c in safe else f"%{c:02X}" for c in range(256)] def quote(string): return "".join([table[c] for c in string]) @@ -622,7 +626,7 @@ def url_fix(s, charset="utf-8"): # For the specific case that we look like a malformed windows URL # we want to fix this up manually: if s.startswith("file://") and s[7:8].isalpha() and s[8:10] in (":/", "|/"): - s = "file:///" + s[7:] + s = f"file:///{s[7:]}" url = url_parse(s) path = url_quote(url.path, charset, safe="/%+$!*'(),") @@ -1099,7 +1103,7 @@ def __call__(self, *path, **query): if path: if not rv.endswith("/"): rv += "/" - rv = url_join(rv, "./" + path) + rv = url_join(rv, f"./{path}") if query: rv += "?" + _to_str( url_encode(query, self.charset, sort=self.sort, key=self.key), "ascii" diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py index 437978235..08a3bbcad 100644 --- a/src/werkzeug/useragents.py +++ b/src/werkzeug/useragents.py @@ -65,7 +65,7 @@ class UserAgentParser: ("mozilla", "mozilla"), ) - _browser_version_re = r"(?:%s)[/\sa-z(]*(\d+[.\da-z]+)?" + _browser_version_re = r"(?:{pattern})[/\sa-z(]*(\d+[.\da-z]+)?" _language_re = re.compile( r"(?:;\s*|\s+)(\b\w{2}\b(?:-\b\w{2}\b)?)\s*;|" r"(?:\(|\[|;)\s*(\b\w{2}\b(?:-\b\w{2}\b)?)\s*(?:\]|\)|;)" @@ -74,7 +74,7 @@ class UserAgentParser: def __init__(self): self.platforms = [(b, re.compile(a, re.I)) for a, b in self.platforms] self.browsers = [ - (b, re.compile(self._browser_version_re % a, re.I)) + (b, re.compile(self._browser_version_re.format(pattern=a), re.I)) for a, b in self.browsers ] @@ -198,4 +198,4 @@ def __nonzero__(self): __bool__ = __nonzero__ def __repr__(self): - return f"<{self.__class__.__name__} {self.browser!r}/{self.version}>" + return f"<{type(self).__name__} {self.browser!r}/{self.version}>" diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index 85d924a24..88fd03e50 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -21,7 +21,7 @@ from ._internal import _parse_signature from ._internal import _reraise -_format_re = re.compile(r"\$(?:(%s)|\{(%s)\})" % (("[a-zA-Z_][a-zA-Z0-9_]*",) * 2)) +_format_re = re.compile(r"\$(?:([a-zA-Z_][a-zA-Z0-9_]*)|\{([a-zA-Z_][a-zA-Z0-9_]*)\})") _entity_re = re.compile(r"&([^;]+);") _filename_ascii_strip_re = re.compile(r"[^A-Za-z0-9_.-]") _windows_device_files = ( @@ -105,8 +105,8 @@ def invalidate_cached_property(obj, name): """ if not isinstance(getattr(obj.__class__, name, None), cached_property): raise TypeError( - "Attribute {} of object {} is not a cached_property, " - "cannot be invalidated".format(name, obj) + f"Attribute {name!r} of object {obj} is not a" + " cached_property, cannot be invalidated." ) obj.__dict__[name] = _missing @@ -222,7 +222,7 @@ def __getattr__(self, tag): raise AttributeError(tag) def proxy(*children, **arguments): - buffer = "<" + tag + buffer = f"<{tag}" for key, value in arguments.items(): if value is None: continue @@ -232,12 +232,12 @@ def proxy(*children, **arguments): if not value: continue if self._dialect == "xhtml": - value = '="' + key + '"' + value = f'="{key}"' else: value = "" else: - value = '="' + escape(value) + '"' - buffer += " " + key + value + value = f'="{escape(value)}"' + buffer += f" {key}{value}" if not children and tag in self._empty_elements: if self._dialect == "xhtml": buffer += " />" @@ -252,16 +252,14 @@ def proxy(*children, **arguments): if tag in self._plaintext_elements: children_as_string = escape(children_as_string) elif tag in self._c_like_cdata and self._dialect == "xhtml": - children_as_string = ( - "/**/" - ) - buffer += children_as_string + "" + children_as_string = f"/**/" + buffer += children_as_string + f"" return buffer return proxy def __repr__(self): - return f"<{self.__class__.__name__} for {self._dialect!r}>" + return f"<{type(self).__name__} for {self._dialect!r}>" html = HTMLBuilder("html") @@ -300,7 +298,7 @@ def get_content_type(mimetype, charset): or mimetype in _charset_mimetypes or mimetype.endswith("+xml") ): - mimetype += "; charset=" + charset + mimetype += f"; charset={charset}" return mimetype @@ -417,7 +415,7 @@ def secure_filename(filename): and filename and filename.split(".")[0].upper() in _windows_device_files ): - filename = "_" + filename + filename = f"_{filename}" return filename @@ -507,8 +505,7 @@ def redirect(location, code=302, Response=None): "Redirecting...\n" "

    Redirecting...

    \n" "

    You should be redirected automatically to target URL: " - '%s. If not click the link.' - % (escape(location), display_location), + f'{display_location}. If not click the link.', code, mimetype="text/html", ) @@ -527,7 +524,7 @@ def append_slash_redirect(environ, code=301): new_path = environ["PATH_INFO"].strip("/") + "/" query_string = environ.get("QUERY_STRING") if query_string: - new_path += "?" + query_string + new_path += f"?{query_string}" return redirect(new_path, code) @@ -586,8 +583,8 @@ def find_modules(import_path, include_packages=False, recursive=False): module = import_string(import_path) path = getattr(module, "__path__", None) if path is None: - raise ValueError("%r is not a package" % import_path) - basename = module.__name__ + "." + raise ValueError(f"{import_path!r} is not a package") + basename = f"{module.__name__}." for _importer, modname, ispkg in pkgutil.iter_modules(path): modname = basename + modname if ispkg: @@ -685,11 +682,11 @@ def bind_arguments(func, args, kwargs): multikw = set(extra) & {x[0] for x in arg_spec} if multikw: raise TypeError( - "got multiple values for keyword argument " + repr(next(iter(multikw))) + f"got multiple values for keyword argument {next(iter(multikw))!r}" ) values[kwarg_var] = extra elif extra: - raise TypeError("got unexpected keyword argument " + repr(next(iter(extra)))) + raise TypeError(f"got unexpected keyword argument {next(iter(extra))!r}") return values @@ -703,8 +700,9 @@ def __init__(self, missing=None, extra=None, extra_positional=None): self.extra_positional = extra_positional or [] ValueError.__init__( self, - "function arguments invalid. (%d missing, %d additional)" - % (len(self.missing), len(self.extra) + len(self.extra_positional)), + "function arguments invalid." + f" ({len(self.missing)} missing," + f" {len(self.extra) + len(self.extra_positional)} additional)", ) @@ -719,39 +717,32 @@ class ImportStringError(ImportError): def __init__(self, import_name, exception): self.import_name = import_name self.exception = exception - - msg = ( - "import_string() failed for %r. Possible reasons are:\n\n" - "- missing __init__.py in a package;\n" - "- package or module path not included in sys.path;\n" - "- duplicated package or module name taking precedence in " - "sys.path;\n" - "- missing module, class, function or variable;\n\n" - "Debugged import:\n\n%s\n\n" - "Original exception:\n\n%s: %s" - ) - + msg = import_name name = "" tracked = [] for part in import_name.replace(":", ".").split("."): - name += (name and ".") + part + name = f"{name}.{part}" if name else part imported = import_string(name, silent=True) if imported: tracked.append((name, getattr(imported, "__file__", None))) else: track = [f"- {n!r} found in {i!r}." for n, i in tracked] - track.append("- %r not found." % name) - msg = msg % ( - import_name, - "\n".join(track), - exception.__class__.__name__, - str(exception), + track.append(f"- {name!r} not found.") + track_str = "\n".join(track) + msg = ( + f"import_string() failed for {import_name!r}. Possible reasons" + f" are:\n\n" + "- missing __init__.py in a package;\n" + "- package or module path not included in sys.path;\n" + "- duplicated package or module name taking precedence in" + " sys.path;\n" + "- missing module, class, function or variable;\n\n" + f"Debugged import:\n\n{track_str}\n\n" + f"Original exception:\n\n{type(exception).__name__}: {exception}" ) break ImportError.__init__(self, msg) def __repr__(self): - return "<{}({!r}, {!r})>".format( - self.__class__.__name__, self.import_name, self.exception, - ) + return f"<{type(self).__name__}({self.import_name!r}, {self.exception!r})>" diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py index 3e241f1f5..dedbb4698 100644 --- a/src/werkzeug/wrappers/base_request.py +++ b/src/werkzeug/wrappers/base_request.py @@ -159,12 +159,12 @@ def __repr__(self): # in a debug session we don't want the repr to blow up. args = [] try: - args.append("'%s'" % _to_native(self.url, self.url_charset)) - args.append("[%s]" % self.method) + args.append(f"'{_to_native(self.url, self.url_charset)}'") + args.append(f"[{self.method}]") except Exception: args.append("(invalid WSGI environ)") - return "<{} {}>".format(self.__class__.__name__, " ".join(args)) + return f"<{type(self).__name__} {' '.join(args)}>" @property def url_charset(self): @@ -545,7 +545,7 @@ def path(self): @cached_property def full_path(self): """Requested path, including the query string.""" - return self.path + "?" + _to_str(self.query_string, self.url_charset) + return f"{self.path}?{_to_str(self.query_string, self.url_charset)}" @cached_property def script_root(self): diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py index 2b02377df..e93fdb893 100644 --- a/src/werkzeug/wrappers/base_response.py +++ b/src/werkzeug/wrappers/base_response.py @@ -223,10 +223,10 @@ def call_on_close(self, func): def __repr__(self): if self.is_sequence: - body_info = "%d bytes" % sum(map(len, self.iter_encoded())) + body_info = f"{sum(map(len, self.iter_encoded()))} bytes" else: body_info = "streamed" if self.is_streamed else "likely-streamed" - return f"<{self.__class__.__name__} {body_info} [{self.status}]>" + return f"<{type(self).__name__} {body_info} [{self.status}]>" @classmethod def force_type(cls, response, environ=None): @@ -292,9 +292,9 @@ def status_code(self): def status_code(self, code): self._status_code = code try: - self._status = "%d %s" % (code, HTTP_STATUS_CODES[code].upper()) + self._status = f"{code} {HTTP_STATUS_CODES[code].upper()}" except KeyError: - self._status = "%d UNKNOWN" % code + self._status = f"{code} UNKNOWN" @property def status(self): @@ -312,7 +312,7 @@ def status(self, value): self._status_code = int(self._status.split(None, 1)[0]) except ValueError: self._status_code = 0 - self._status = "0 %s" % self._status + self._status = f"0 {self._status}" except IndexError: raise ValueError("Empty status argument") diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py index 9f02b2a83..1995fe715 100644 --- a/src/werkzeug/wsgi.py +++ b/src/werkzeug/wsgi.py @@ -80,7 +80,7 @@ def get_current_url( tmp = [environ["wsgi.url_scheme"], "://", get_host(environ, trusted_hosts)] cat = tmp.append if host_only: - return uri_to_iri("".join(tmp) + "/") + return uri_to_iri(f"{''.join(tmp)}/") cat(url_quote(environ.get("SCRIPT_NAME", "").encode("latin1")).rstrip("/")) cat("/") if not root_only: @@ -88,7 +88,7 @@ def get_current_url( if not strip_querystring: qs = get_query_string(environ) if qs: - cat("?" + qs) + cat(f"?{qs}") return uri_to_iri("".join(tmp)) @@ -163,12 +163,12 @@ def get_host(environ, trusted_hosts=None): ("https", "443"), ("http", "80"), ): - rv += ":" + environ["SERVER_PORT"] + rv += f":{environ['SERVER_PORT']}" if trusted_hosts is not None: if not host_is_trusted(rv, trusted_hosts): from .exceptions import SecurityError - raise SecurityError('Host "%s" is not trusted' % rv) + raise SecurityError(f'Host "{rv}" is not trusted') return rv @@ -319,7 +319,7 @@ def pop_path_info(environ, charset="utf-8", errors="replace"): rv = path.encode("latin1") else: segment, path = path.split("/", 1) - environ["PATH_INFO"] = "/" + path + environ["PATH_INFO"] = f"/{path}" environ["SCRIPT_NAME"] = script_name + segment rv = segment.encode("latin1") @@ -412,7 +412,7 @@ def _normalize_netloc(scheme, netloc): netloc = parts[0] port = None if port is not None: - netloc += ":" + port + netloc += f":{port}" return netloc # make sure whatever we are working on is a IRI and parse it @@ -445,7 +445,7 @@ def _normalize_netloc(scheme, netloc): if not cur_path.startswith(base_path): return None - return "/" + cur_path[len(base_path) :].lstrip("/") + return f"/{cur_path[len(base_path) :].lstrip('/')}" class ClosingIterator: @@ -788,7 +788,7 @@ def make_chunk_iter( _iter = chain((first_item,), _iter) if isinstance(first_item, str): separator = _to_str(separator) - _split = re.compile(r"(%s)" % re.escape(separator)).split + _split = re.compile(f"({re.escape(separator)})").split _join = "".join else: separator = _to_bytes(separator) diff --git a/tests/conftest.py b/tests/conftest.py index 0fbeaaf60..114e5b55e 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -100,7 +100,7 @@ def request_pid(self): for i in range(10): time.sleep(0.1 * i) try: - response = rget(self.url + "/_getpid", verify=False) + response = rget(f"{self.url}/_getpid", verify=False) self.last_pid = int(response.text) return self.last_pid except Exception as e: # urllib also raises socketerrors @@ -139,16 +139,8 @@ def run_dev_server(application): app_pkg = tmpdir.mkdir("testsuite_app") appfile = app_pkg.join("__init__.py") port = next(port_generator) - appfile.write( - "\n\n".join( - ( - "kwargs = {{'hostname': 'localhost', 'port': {port:d}}}".format( - port=port - ), - textwrap.dedent(application), - ) - ) - ) + kwargs_str = f"kwargs = {{'hostname': 'localhost', 'port': {port:d}}}" + appfile.write(f"{kwargs_str}\n\n{textwrap.dedent(application)}") monkeypatch.delitem(sys.modules, "testsuite_app", raising=False) monkeypatch.syspath_prepend(str(tmpdir)) @@ -160,7 +152,7 @@ def run_dev_server(application): if hostname.startswith("unix://"): addr = hostname.split("unix://", 1)[1] - requests_url = "http+unix://" + url_quote(addr, safe="") + requests_url = f"http+unix://{url_quote(addr, safe='')}" elif testsuite_app.kwargs.get("ssl_context", None): requests_url = f"https://localhost:{port}" else: @@ -175,7 +167,7 @@ class Starter(ProcessStarter): @property def pattern(self): - return "pid=%s" % info.request_pid() + return f"pid={info.request_pid()}" xprocess.ensure("dev_server", Starter, restart=True) diff --git a/tests/middleware/test_http_proxy.py b/tests/middleware/test_http_proxy.py index afc143023..07f116850 100644 --- a/tests/middleware/test_http_proxy.py +++ b/tests/middleware/test_http_proxy.py @@ -6,16 +6,14 @@ def test_http_proxy(dev_server): server = dev_server( - r""" + """ from werkzeug.wrappers import Request, Response @Request.application def app(request): - return Response('%s|%s|%s' % ( - request.headers.get('X-Special'), - request.environ['HTTP_HOST'], - request.full_path, - )) + special = request.headers.get("X-Special") + host = request.environ["HTTP_HOST"] + return Response(f"{special}|{host}|{request.full_path}") """ ) @@ -49,7 +47,7 @@ def app(request): assert rv.data.decode("ascii") == "bar|localhost|/baz?" rv = client.get("/autohost/aha") - expected = "None|%s|/autohost/aha?" % url_parse(server.url).ascii_host + expected = f"None|{url_parse(server.url).ascii_host}|/autohost/aha?" assert rv.data.decode("ascii") == expected # test query string diff --git a/tests/middleware/test_proxy_fix.py b/tests/middleware/test_proxy_fix.py index 1f1e365d1..5a26c0c3a 100644 --- a/tests/middleware/test_proxy_fix.py +++ b/tests/middleware/test_proxy_fix.py @@ -173,4 +173,4 @@ def app(request): redirect_app = redirect(url_map.bind_to_environ(environ).build("parrot")) response = Response.from_app(redirect_app, environ) location = response.headers["Location"] - assert location == url_root + "parrot" + assert location == f"{url_root}parrot" diff --git a/tests/multipart/test_collect.py b/tests/multipart/test_collect.py index 01b89bbf4..079bd1173 100644 --- a/tests/multipart/test_collect.py +++ b/tests/multipart/test_collect.py @@ -11,10 +11,10 @@ def copy_stream(request): from os import mkdir from time import time - folder = "request-%d" % time() + folder = f"request-{time()}" mkdir(folder) environ = request.environ - f = open(folder + "/request.http", "wb+") + f = open(f"{folder}/request.http", "wb+") f.write(environ["wsgi.input"].read(int(environ["CONTENT_LENGTH"]))) f.flush() f.seek(0) @@ -27,9 +27,9 @@ def stats(request): f1 = request.files["file1"] f2 = request.files["file2"] text = request.form["text"] - f1.save(request.stat_folder + "/file1.bin") - f2.save(request.stat_folder + "/file2.bin") - with open(request.stat_folder + "/text.txt", "w") as f: + f1.save(f"{request.stat_folder}/file1.bin") + f2.save(f"{request.stat_folder}/file2.bin") + with open(f"{request.stat_folder}/text.txt", "w") as f: f.write(text.encode("utf-8")) return Response("Done.") diff --git a/tests/test_debug.py b/tests/test_debug.py index 3c6c0e33d..af2c48918 100644 --- a/tests/test_debug.py +++ b/tests/test_debug.py @@ -44,21 +44,13 @@ def test_basic_repr(self): def test_string_repr(self): assert debug_repr("") == "''" assert debug_repr("foo") == "'foo'" - assert ( - debug_repr("s" * 80) - == '\'' - + "s" * 69 - + '' - + "s" * 11 - + "'" + assert debug_repr("s" * 80) == ( + f'\'{"s" * 69}' + f'{"s" * 11}\'' ) - assert ( - debug_repr("<" * 80) - == '\'' - + "<" * 69 - + '' - + "<" * 11 - + "'" + assert debug_repr("<" * 80) == ( + f'\'{"<" * 69}' + f'{"<" * 11}\'' ) def test_string_subclass_repr(self): @@ -323,18 +315,16 @@ def test_get_machine_id(): @pytest.mark.parametrize("crash", (True, False)) def test_basic(dev_server, crash): server = dev_server( + f""" + from werkzeug.debug import DebuggedApplication + + @DebuggedApplication + def app(environ, start_response): + if {crash}: + 1 / 0 + start_response('200 OK', [('Content-Type', 'text/html')]) + return [b'hello'] """ - from werkzeug.debug import DebuggedApplication - - @DebuggedApplication - def app(environ, start_response): - if {crash}: - 1 / 0 - start_response('200 OK', [('Content-Type', 'text/html')]) - return [b'hello'] - """.format( - crash=crash - ) ) r = requests.get(server.url) diff --git a/tests/test_formparser.py b/tests/test_formparser.py index 8d21e484c..46fc94e88 100644 --- a/tests/test_formparser.py +++ b/tests/test_formparser.py @@ -292,9 +292,9 @@ def test_basic(self): data = get_contents(join(folder, "request.http")) for filename, field, content_type, fsname in files: response = client.post( - "/?object=" + field, + f"/?object={field}", data=data, - content_type='multipart/form-data; boundary="%s"' % boundary, + content_type=f'multipart/form-data; boundary="{boundary}"', content_length=len(data), ) lines = response.get_data().split(b"\n", 3) @@ -305,7 +305,7 @@ def test_basic(self): response = client.post( "/?object=text", data=data, - content_type='multipart/form-data; boundary="%s"' % boundary, + content_type=f'multipart/form-data; boundary="{boundary}"', content_length=len(data), ) strict_eq(response.get_data(), repr(text).encode("utf-8")) @@ -318,7 +318,7 @@ def test_ie7_unc_path(self): response = client.post( "/?object=cb_file_upload_multiple", data=data, - content_type='multipart/form-data; boundary="%s"' % boundary, + content_type=f'multipart/form-data; boundary="{boundary}"', content_length=len(data), ) lines = response.get_data().split(b"\n", 3) diff --git a/tests/test_routing.py b/tests/test_routing.py index 5ce04d1c0..9bfaf0501 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -247,21 +247,20 @@ def test_basic_building(): def test_long_build(): - long_args = {"v%d" % x: x for x in range(10000)} + long_args = {f"v{x}": x for x in range(10000)} map = r.Map( [ r.Rule( - "".join("/<%s>" % k for k in long_args.keys()), + "".join(f"/<{k}>" for k in long_args.keys()), endpoint="bleep", build_only=True, ) ] ) adapter = map.bind("localhost", "/") - url = adapter.build("bleep", long_args) - url += "/" + url = f"{adapter.build('bleep', long_args)}/" for v in long_args.values(): - assert "/%d" % v in url + assert f"/{v}" in url def test_defaults(): @@ -506,15 +505,15 @@ def test_server_name_interpolation(): [r.Rule("/", endpoint="index"), r.Rule("/", endpoint="alt", subdomain="alt")] ) - env = create_environ("/", "http://%s/" % server_name) + env = create_environ("/", f"http://{server_name}/") adapter = map.bind_to_environ(env, server_name=server_name) assert adapter.match() == ("index", {}) - env = create_environ("/", "http://alt.%s/" % server_name) + env = create_environ("/", f"http://alt.{server_name}/") adapter = map.bind_to_environ(env, server_name=server_name) assert adapter.match() == ("alt", {}) - env = create_environ("/", "http://%s/" % server_name) + env = create_environ("/", f"http://{server_name}/") with pytest.warns(UserWarning): adapter = map.bind_to_environ(env, server_name="foo") @@ -697,7 +696,7 @@ def to_python(self, two_values): return one, two def to_url(self, values): - return "{}/{}".format(values[0], values[1]) + return f"{values[0]}/{values[1]}" map = r.Map( [r.Rule("//", endpoint="handler")], @@ -881,7 +880,7 @@ def test_alias_redirects(): def ensure_redirect(path, new_url, args=None): with pytest.raises(r.RequestRedirect) as excinfo: a.match(path, query_args=args) - assert excinfo.value.new_url == "http://example.com" + new_url + assert excinfo.value.new_url == f"http://example.com{new_url}" ensure_redirect("/index.html", "/") ensure_redirect("/users/index.html", "/users/") @@ -898,25 +897,25 @@ def ensure_redirect(path, new_url, args=None): def test_double_defaults(prefix): m = r.Map( [ - r.Rule(prefix + "/", defaults={"foo": 1, "bar": False}, endpoint="x"), - r.Rule(prefix + "/", defaults={"bar": False}, endpoint="x"), - r.Rule(prefix + "/bar/", defaults={"foo": 1, "bar": True}, endpoint="x"), - r.Rule(prefix + "/bar/", defaults={"bar": True}, endpoint="x"), + r.Rule(f"{prefix}/", defaults={"foo": 1, "bar": False}, endpoint="x"), + r.Rule(f"{prefix}/", defaults={"bar": False}, endpoint="x"), + r.Rule(f"{prefix}/bar/", defaults={"foo": 1, "bar": True}, endpoint="x"), + r.Rule(f"{prefix}/bar/", defaults={"bar": True}, endpoint="x"), ] ) a = m.bind("example.com") - assert a.match(prefix + "/") == ("x", {"foo": 1, "bar": False}) - assert a.match(prefix + "/2") == ("x", {"foo": 2, "bar": False}) - assert a.match(prefix + "/bar/") == ("x", {"foo": 1, "bar": True}) - assert a.match(prefix + "/bar/2") == ("x", {"foo": 2, "bar": True}) - - assert a.build("x", {"foo": 1, "bar": False}) == prefix + "/" - assert a.build("x", {"foo": 2, "bar": False}) == prefix + "/2" - assert a.build("x", {"bar": False}) == prefix + "/" - assert a.build("x", {"foo": 1, "bar": True}) == prefix + "/bar/" - assert a.build("x", {"foo": 2, "bar": True}) == prefix + "/bar/2" - assert a.build("x", {"bar": True}) == prefix + "/bar/" + assert a.match(f"{prefix}/") == ("x", {"foo": 1, "bar": False}) + assert a.match(f"{prefix}/2") == ("x", {"foo": 2, "bar": False}) + assert a.match(f"{prefix}/bar/") == ("x", {"foo": 1, "bar": True}) + assert a.match(f"{prefix}/bar/2") == ("x", {"foo": 2, "bar": True}) + + assert a.build("x", {"foo": 1, "bar": False}) == f"{prefix}/" + assert a.build("x", {"foo": 2, "bar": False}) == f"{prefix}/2" + assert a.build("x", {"bar": False}) == f"{prefix}/" + assert a.build("x", {"foo": 1, "bar": True}) == f"{prefix}/bar/" + assert a.build("x", {"foo": 2, "bar": True}) == f"{prefix}/bar/2" + assert a.build("x", {"bar": True}) == f"{prefix}/bar/" def test_building_bytes(): diff --git a/tests/test_serving.py b/tests/test_serving.py index f4f9175b6..846d74dc7 100644 --- a/tests/test_serving.py +++ b/tests/test_serving.py @@ -46,10 +46,10 @@ def test_serving(dev_server): server = dev_server("from werkzeug.testapp import test_app as app") - rv = requests.get("http://%s/?foo=bar&baz=blah" % server.addr).content - assert b"WSGI Information" in rv - assert b"foo=bar&baz=blah" in rv - assert b"Werkzeug/" + version.encode("ascii") in rv + rv = requests.get(f"http://{server.addr}/?foo=bar&baz=blah").text + assert "WSGI Information" in rv + assert "foo=bar&baz=blah" in rv + assert f"Werkzeug/{version}" in rv def test_absolute_requests(dev_server): @@ -85,7 +85,7 @@ def app(environ, start_response): """ ) - r = requests.get(server.url + "//fail") + r = requests.get(f"{server.url}//fail") assert r.content == b"YES" @@ -97,7 +97,7 @@ def app(environ, start_response): """ ) - r = requests.get(server.url + "/?foo=bar&baz=blah") + r = requests.get(f"{server.url}/?foo=bar&baz=blah") assert r.status_code == 500 assert "Internal Server Error" in r.text @@ -107,17 +107,16 @@ def test_stdlib_ssl_contexts(dev_server, tmpdir): certificate, private_key = serving.make_ssl_devcert(str(tmpdir.mkdir("certs"))) server = dev_server( - """ + f""" def app(environ, start_response): start_response('200 OK', [('Content-Type', 'text/html')]) return [b'hello'] import ssl ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) - ctx.load_cert_chain(r"%s", r"%s") + ctx.load_cert_chain(r"{certificate}", r"{private_key}") kwargs['ssl_context'] = ctx """ - % (certificate, private_key) ) assert server.addr is not None @@ -277,10 +276,8 @@ def app(environ, start_response): real_app_binary.write("anything is fine here") server.wait_for_reloader() - change_event = " * Detected change in '{path}', reloading".format( - # need to double escape Windows paths - path=str(real_app_binary).replace("\\", "\\\\") - ) + escaped_path = str(real_app_binary).replace("\\", "\\\\") + change_event = f" * Detected change in {escaped_path!r}, reloading" server.logfile.seek(0) for i in range(20): time.sleep(0.1 * i) @@ -343,7 +340,7 @@ def app(environ, start_response): """ ) with pytest.raises(requests.exceptions.ConnectionError): - requests.get("https://%s/" % server.addr) + requests.get(f"https://{server.addr}/") log = server.logfile.read() assert "Traceback" not in log @@ -383,7 +380,7 @@ def app(environ, start_response): assert r.content == b"YES" -def test_port_must_be_integer(dev_server): +def test_port_must_be_integer(): def app(environ, start_response): start_response("200 OK", [("Content-Type", "text/html")]) return [b"hello"] @@ -403,14 +400,14 @@ def app(environ, start_response): def test_chunked_encoding(dev_server): server = dev_server( - r""" + """ from werkzeug.wrappers import Request def app(environ, start_response): assert environ['HTTP_TRANSFER_ENCODING'] == 'chunked' assert environ.get('wsgi.input_terminated', False) request = Request(environ) assert request.mimetype == 'multipart/form-data' - assert request.files['file'].read() == b'This is a test\n' + assert request.files['file'].read() == b'This is a test\\n' assert request.form['type'] == 'text/plain' start_response('200 OK', [('Content-Type', 'text/plain')]) return [b'YES'] @@ -443,14 +440,14 @@ def app(environ, start_response): def test_chunked_encoding_with_content_length(dev_server): server = dev_server( - r""" + """ from werkzeug.wrappers import Request def app(environ, start_response): assert environ['HTTP_TRANSFER_ENCODING'] == 'chunked' assert environ.get('wsgi.input_terminated', False) request = Request(environ) assert request.mimetype == 'multipart/form-data' - assert request.files['file'].read() == b'This is a test\n' + assert request.files['file'].read() == b'This is a test\\n' assert request.form['type'] == 'text/plain' start_response('200 OK', [('Content-Type', 'text/plain')]) return [b'YES'] @@ -485,7 +482,7 @@ def app(environ, start_response): def test_multiple_headers_concatenated_per_rfc_3875_section_4_1_18(dev_server): server = dev_server( - r""" + """ from werkzeug.wrappers import Response def app(environ, start_response): start_response('200 OK', [('Content-Type', 'text/plain')]) @@ -521,7 +518,7 @@ def test_multiline_header_folding_for_http_1_1(dev_server): * RFC 3875 Section 4.1.18 """ server = dev_server( - r""" + """ from werkzeug.wrappers import Response def app(environ, start_response): start_response('200 OK', [('Content-Type', 'text/plain')]) @@ -558,11 +555,9 @@ def can_test_unix_socket(): def test_unix_socket(tmpdir, dev_server): socket_f = str(tmpdir.join("socket")) dev_server( - """ + f""" app = None - kwargs['hostname'] = {socket!r} - """.format( - socket="unix://" + socket_f - ) + kwargs["hostname"] = "unix://{socket_f}" + """ ) assert os.path.exists(socket_f) diff --git a/tests/test_test.py b/tests/test_test.py index 224551e09..71eb6bdb8 100644 --- a/tests/test_test.py +++ b/tests/test_test.py @@ -54,11 +54,11 @@ def redirect_with_get_app(environ, start_response): "http://localhost/first/request", "http://localhost/some/redirect/", ): - raise AssertionError('redirect_demo_app() did not expect URL "%s"' % req.url) + raise AssertionError(f'redirect_demo_app() did not expect URL "{req.url}"') if "/some/redirect" not in req.url: response = redirect("http://localhost/some/redirect/") else: - response = Response("current url: %s" % req.url) + response = Response(f"current url: {req.url}") return response(environ, start_response) @@ -298,7 +298,7 @@ def test_environ_builder_stream_switch(): { "wsgi.input": stream, "CONTENT_LENGTH": str(length), - "CONTENT_TYPE": 'multipart/form-data; boundary="%s"' % boundary, + "CONTENT_TYPE": f'multipart/form-data; boundary="{boundary}"', } )[1] strict_eq(form, d) @@ -318,7 +318,7 @@ def test_environ_builder_unicode_file_mix(): { "wsgi.input": stream, "CONTENT_LENGTH": str(length), - "CONTENT_TYPE": 'multipart/form-data; boundary="%s"' % boundary, + "CONTENT_TYPE": f'multipart/form-data; boundary="{boundary}"', } ) strict_eq(form["s"], "\N{SNOWMAN}") @@ -420,7 +420,7 @@ def local_redirect_app(environ, start_response): if "/from/location" in req.url: response = redirect("/to/location", Response=LocalResponse) else: - response = Response("current path: %s" % req.path) + response = Response(f"current path: {req.path}") return response(environ, start_response) c = Client(local_redirect_app, response_wrapper=BaseResponse) @@ -444,7 +444,7 @@ def app(request): else: assert not request.form - return Response("current url: %s" % request.url) + return Response(f"current url: {request.url}") return redirect("http://localhost/some/redirect/", code=code) @@ -573,7 +573,7 @@ def middleware(environ, start_response): def test_path_info_script_name_unquoting(): def test_app(environ, start_response): start_response("200 OK", [("Content-Type", "text/plain")]) - return [environ["PATH_INFO"] + "\n" + environ["SCRIPT_NAME"]] + return [f"{environ['PATH_INFO']}\n{environ['SCRIPT_NAME']}"] c = Client(test_app, response_wrapper=BaseResponse) resp = c.get("/foo%40bar") diff --git a/tests/test_urls.py b/tests/test_urls.py index 861235e57..e412754d5 100644 --- a/tests/test_urls.py +++ b/tests/test_urls.py @@ -51,10 +51,10 @@ def test_fileurl_parsing_windows(implicit_format, localhost, monkeypatch): url = urls.url_parse("file://///server.tld") assert url.get_file_location(pathformat) == ("server.tld", "") - url = urls.url_parse("file://///%s" % localhost) + url = urls.url_parse(f"file://///{localhost}") assert url.get_file_location(pathformat) == (None, "") - url = urls.url_parse("file://///%s/file.txt" % localhost) + url = urls.url_parse(f"file://///{localhost}/file.txt") assert url.get_file_location(pathformat) == (None, r"file.txt") diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py index 19b9dcad3..58192d829 100644 --- a/tests/test_wrappers.py +++ b/tests/test_wrappers.py @@ -183,10 +183,10 @@ def test_url_request_descriptors(): def test_url_request_descriptors_query_quoting(): next = "http%3A%2F%2Fwww.example.com%2F%3Fnext%3D%2Fbaz%23my%3Dhash" - req = wrappers.Request.from_values("/bar?next=" + next, "http://example.com/") + req = wrappers.Request.from_values(f"/bar?next={next}", "http://example.com/") assert req.path == "/bar" - strict_eq(req.full_path, "/bar?next=" + next) - strict_eq(req.url, "http://example.com/bar?next=" + next) + strict_eq(req.full_path, f"/bar?next={next}") + strict_eq(req.url, f"http://example.com/bar?next={next}") def test_url_request_descriptors_hosts(): @@ -787,7 +787,7 @@ def test_etag_response_412(): assert "date" not in response.headers env = create_environ() env.update( - {"REQUEST_METHOD": "GET", "HTTP_IF_MATCH": response.get_etag()[0] + "xyz"} + {"REQUEST_METHOD": "GET", "HTTP_IF_MATCH": f"{response.get_etag()[0]}xyz"} ) response.make_conditional(env) assert "date" in response.headers @@ -852,7 +852,7 @@ def test_range_request_with_file(): ) assert response.status_code == 206 assert response.headers["Accept-Ranges"] == "bytes" - assert response.headers["Content-Range"] == "bytes 0-0/%d" % len(fcontent) + assert response.headers["Content-Range"] == f"bytes 0-0/{len(fcontent)}" assert response.headers["Content-Length"] == "1" assert response.data == fcontent[:1] @@ -866,11 +866,11 @@ def test_range_request_with_complete_file(): with open(fname, "rb") as f: fsize = os.path.getsize(fname) response = wrappers.Response(wrap_file(env, f)) - env["HTTP_RANGE"] = "bytes=0-%d" % (fsize - 1) + env["HTTP_RANGE"] = f"bytes=0-{fsize - 1}" response.make_conditional(env, accept_ranges=True, complete_length=fsize) assert response.status_code == 206 assert response.headers["Accept-Ranges"] == "bytes" - assert response.headers["Content-Range"] == "bytes 0-%d/%d" % (fsize - 1, fsize) + assert response.headers["Content-Range"] == f"bytes 0-{fsize - 1}/{fsize}" assert response.headers["Content-Length"] == str(fsize) assert response.data == fcontent @@ -925,13 +925,13 @@ def test_authenticate_mixin_quoted_qop(): resp = wrappers.Response() resp.www_authenticate.set_digest("REALM", "NONCE", qop=("auth", "auth-int")) - actual = set((resp.headers["WWW-Authenticate"] + ",").split()) + actual = set(f"{resp.headers['WWW-Authenticate']},".split()) expected = set('Digest nonce="NONCE", realm="REALM", qop="auth, auth-int",'.split()) assert actual == expected resp.www_authenticate.set_digest("REALM", "NONCE", qop=("auth",)) - actual = set((resp.headers["WWW-Authenticate"] + ",").split()) + actual = set(f"{resp.headers['WWW-Authenticate']},".split()) expected = set('Digest nonce="NONCE", realm="REALM", qop="auth",'.split()) assert actual == expected From e24f8f8b1d7a0fb31d31774cf7824a257ac47680 Mon Sep 17 00:00:00 2001 From: David Lord Date: Mon, 16 Mar 2020 10:19:00 -0700 Subject: [PATCH 151/733] remove strict_eq test helper --- tests/__init__.py | 13 -- tests/test_datastructures.py | 23 +-- tests/test_debug.py | 6 +- tests/test_formparser.py | 66 ++++---- tests/test_http.py | 10 +- tests/test_routing.py | 41 +++-- tests/test_test.py | 157 ++++++++++--------- tests/test_urls.py | 235 ++++++++++++++-------------- tests/test_wrappers.py | 288 ++++++++++++++++------------------- tests/test_wsgi.py | 55 ++++--- 10 files changed, 420 insertions(+), 474 deletions(-) delete mode 100644 tests/__init__.py diff --git a/tests/__init__.py b/tests/__init__.py deleted file mode 100644 index 238b50c45..000000000 --- a/tests/__init__.py +++ /dev/null @@ -1,13 +0,0 @@ -def strict_eq(x, y): - """Equality test bypassing the implicit string conversion in - Python 2.""" - __tracebackhide__ = True - assert x == y, (x, y) - assert issubclass(type(x), type(y)) or issubclass(type(y), type(x)) - if isinstance(x, dict) and isinstance(y, dict): - x = sorted(x.items()) - y = sorted(y.items()) - elif isinstance(x, set) and isinstance(y, set): - x = sorted(x) - y = sorted(y) - assert repr(x) == repr(y), (x, y) diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index d201c3616..282698178 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -26,7 +26,6 @@ import pytest -from . import strict_eq from werkzeug import datastructures from werkzeug import http from werkzeug.datastructures import LanguageAccept @@ -786,15 +785,15 @@ def test_to_wsgi_list(self): h = self.storage_class() h.set("Key", "Value") for key, value in h.to_wsgi_list(): - strict_eq(key, "Key") - strict_eq(value, "Value") + assert key == "Key" + assert value == "Value" def test_to_wsgi_list_bytes(self): h = self.storage_class() h.set(b"Key", b"Value") for key, value in h.to_wsgi_list(): - strict_eq(key, "Key") - strict_eq(value, "Value") + assert key == "Key" + assert value == "Value" def test_equality(self): # test equality, given keys are case insensitive @@ -846,18 +845,10 @@ def test_skip_empty_special_vars(self): headers = self.storage_class(env) assert dict(headers) == {"X-Foo": "42", "Content-Length": "0"} - def test_return_type_is_unicode(self): - # environ contains native strings; we return unicode - headers = self.storage_class( - {"HTTP_FOO": "\xe2\x9c\x93", "CONTENT_TYPE": "text/plain"} - ) + def test_return_type_is_str(self): + headers = self.storage_class({"HTTP_FOO": "\xe2\x9c\x93"}) assert headers["Foo"] == "\xe2\x9c\x93" - assert isinstance(headers["Foo"], str) - assert isinstance(headers["Content-Type"], str) - iter_output = dict(iter(headers)) - assert iter_output["Foo"] == "\xe2\x9c\x93" - assert isinstance(iter_output["Foo"], str) - assert isinstance(iter_output["Content-Type"], str) + assert next(iter(headers)) == ("Foo", "\xe2\x9c\x93") def test_bytes_operations(self): foo_val = "\xff" diff --git a/tests/test_debug.py b/tests/test_debug.py index af2c48918..e9f2ce190 100644 --- a/tests/test_debug.py +++ b/tests/test_debug.py @@ -58,7 +58,7 @@ class Test(str): pass assert debug_repr(Test("foo")) == ( - 'tests.test_debug.' + 'test_debug.' "Test('foo')" ) @@ -134,7 +134,7 @@ class MyList(list): pass assert debug_repr(MyList([1, 2])) == ( - 'tests.test_debug.MyList([' + 'test_debug.MyList([' '1, 2])' ) @@ -184,7 +184,7 @@ class TestDebugHelpers: def test_object_dumping(self): drg = DebugReprGenerator() out = drg.dump_object(Foo()) - assert re.search("Details for tests.test_debug.Foo object at", out) + assert re.search("Details for test_debug.Foo object at", out) assert re.search('x.*42', out, flags=re.DOTALL) assert re.search('y.*23', out, flags=re.DOTALL) assert re.search('z.*15', out, flags=re.DOTALL) diff --git a/tests/test_formparser.py b/tests/test_formparser.py index 46fc94e88..0ec69ca97 100644 --- a/tests/test_formparser.py +++ b/tests/test_formparser.py @@ -14,7 +14,6 @@ import pytest -from . import strict_eq from werkzeug import formparser from werkzeug.datastructures import MultiDict from werkzeug.exceptions import RequestEntityTooLarge @@ -59,7 +58,7 @@ def test_limiting(self): method="POST", ) req.max_content_length = 400 - strict_eq(req.form["foo"], "Hello World") + assert req.form["foo"] == "Hello World" req = Request.from_values( input_stream=io.BytesIO(data), @@ -77,7 +76,7 @@ def test_limiting(self): method="POST", ) req.max_form_memory_size = 400 - strict_eq(req.form["foo"], "Hello World") + assert req.form["foo"] == "Hello World" data = ( b"--foo\r\nContent-Disposition: form-field; name=foo\r\n\r\n" @@ -101,7 +100,7 @@ def test_limiting(self): method="POST", ) req.max_content_length = 400 - strict_eq(req.form["foo"], "Hello World") + assert req.form["foo"] == "Hello World" req = Request.from_values( input_stream=io.BytesIO(data), @@ -119,7 +118,7 @@ def test_limiting(self): method="POST", ) req.max_form_memory_size = 400 - strict_eq(req.form["foo"], "Hello World") + assert req.form["foo"] == "Hello World" def test_missing_multipart_boundary(self): data = ( @@ -146,17 +145,17 @@ def test_parse_form_data_put_without_content(self): env = create_environ("/foo", "http://example.org/", method="PUT") stream, form, files = formparser.parse_form_data(env) - strict_eq(stream.read(), b"") - strict_eq(len(form), 0) - strict_eq(len(files), 0) + assert stream.read() == b"" + assert len(form) == 0 + assert len(files) == 0 def test_parse_form_data_get_without_content(self): env = create_environ("/foo", "http://example.org/", method="GET") stream, form, files = formparser.parse_form_data(env) - strict_eq(stream.read(), b"") - strict_eq(len(form), 0) - strict_eq(len(files), 0) + assert stream.read() == b"" + assert len(form) == 0 + assert len(files) == 0 @pytest.mark.parametrize( ("no_spooled", "size"), ((False, 100), (False, 3000), (True, 100), (True, 3000)) @@ -215,10 +214,10 @@ class StreamReq(Request): req = StreamReq.from_values( data={"foo": (io.BytesIO(data), "test.txt")}, method="POST" ) - strict_eq("begin_file", req.files["one"][0]) - strict_eq(("foo", "test.txt"), req.files["one"][1][1:]) - strict_eq("cont", req.files["two"][0]) - strict_eq(data, req.files["two"][1]) + assert "begin_file" == req.files["one"][0] + assert ("foo", "test.txt") == req.files["one"][1][1:] + assert "cont" == req.files["two"][0] + assert data == req.files["two"][1] def test_parse_bad_content_type(self): parser = FormDataParser() @@ -298,17 +297,17 @@ def test_basic(self): content_length=len(data), ) lines = response.get_data().split(b"\n", 3) - strict_eq(lines[0], repr(filename).encode("ascii")) - strict_eq(lines[1], repr(field).encode("ascii")) - strict_eq(lines[2], repr(content_type).encode("ascii")) - strict_eq(lines[3], get_contents(join(folder, fsname))) + assert lines[0] == repr(filename).encode("ascii") + assert lines[1] == repr(field).encode("ascii") + assert lines[2] == repr(content_type).encode("ascii") + assert lines[3] == get_contents(join(folder, fsname)) response = client.post( "/?object=text", data=data, content_type=f'multipart/form-data; boundary="{boundary}"', content_length=len(data), ) - strict_eq(response.get_data(), repr(text).encode("utf-8")) + assert response.get_data() == repr(text).encode("utf-8") def test_ie7_unc_path(self): client = Client(form_data_consumer, Response) @@ -322,10 +321,7 @@ def test_ie7_unc_path(self): content_length=len(data), ) lines = response.get_data().split(b"\n", 3) - strict_eq( - lines[0], - repr("Sellersburg Town Council Meeting 02-22-2010doc.doc").encode("ascii"), - ) + assert lines[0] == b"'Sellersburg Town Council Meeting 02-22-2010doc.doc'" def test_end_of_file(self): # This test looks innocent but it was actually timeing out in @@ -388,7 +384,7 @@ def test_file_no_content_type(self): method="POST", ) assert data.files["test"].filename == "test.txt" - strict_eq(data.files["test"].read(), b"file contents") + assert data.files["test"].read() == b"file contents" def test_extra_newline(self): # this test looks innocent but it was actually timeing out in @@ -406,7 +402,7 @@ def test_extra_newline(self): method="POST", ) assert not data.files - strict_eq(data.form["foo"], "a string") + assert data.form["foo"] == "a string" def test_headers(self): data = ( @@ -424,11 +420,11 @@ def test_headers(self): method="POST", ) foo = req.files["foo"] - strict_eq(foo.mimetype, "text/plain") - strict_eq(foo.mimetype_params, {"charset": "utf-8"}) - strict_eq(foo.headers["content-type"], foo.content_type) - strict_eq(foo.content_type, "text/plain; charset=utf-8") - strict_eq(foo.headers["x-custom-header"], "blah") + assert foo.mimetype == "text/plain" + assert foo.mimetype_params == {"charset": "utf-8"} + assert foo.headers["content-type"] == foo.content_type + assert foo.content_type == "text/plain; charset=utf-8" + assert foo.headers["x-custom-header"] == "blah" def test_nonstandard_line_endings(self): for nl in b"\n", b"\r", b"\r\n": @@ -451,8 +447,8 @@ def test_nonstandard_line_endings(self): content_type="multipart/form-data; boundary=foo", method="POST", ) - strict_eq(req.form["foo"], "this is just bar") - strict_eq(req.form["bar"], "blafasel") + assert req.form["foo"] == "this is just bar" + assert req.form["bar"] == "blafasel" def test_failures(self): def parse_multipart(stream, boundary, content_length): @@ -476,7 +472,7 @@ def parse_multipart(stream, boundary, content_length): pytest.raises(ValueError, parse_multipart, io.BytesIO(data), b"foo", len(data)) x = formparser.parse_multipart_headers(["foo: bar\r\n", " x test\r\n"]) - strict_eq(x["foo"], "bar\n x test") + assert x["foo"] == "bar\n x test" pytest.raises( ValueError, formparser.parse_multipart_headers, ["foo: bar\r\n", " x test"] ) @@ -496,7 +492,7 @@ class ISORequest(Request): content_type="multipart/form-data; boundary=foo", method="POST", ) - strict_eq(req.form["test"], "Sk\xe5ne l\xe4n") + assert req.form["test"] == "Sk\xe5ne l\xe4n" def test_empty_multipart(self): environ = {} diff --git a/tests/test_http.py b/tests/test_http.py index 467e4c262..6fe15f7e5 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -11,7 +11,6 @@ import pytest -from . import strict_eq from werkzeug import datastructures from werkzeug import http from werkzeug._internal import _wsgi_encoding_dance @@ -459,7 +458,6 @@ def test_dump_cookie(self): rv = http.dump_cookie( "foo", "bar baz blub", 360, httponly=True, sync_expires=False ) - assert type(rv) is str assert set(rv.split("; ")) == { "HttpOnly", "Max-Age=360", @@ -500,7 +498,7 @@ def test_parse_set_cookie_directive(self): def test_cookie_domain_resolving(self): val = http.dump_cookie("foo", "bar", domain="\N{SNOWMAN}.com") - strict_eq(val, "foo=bar; Domain=xn--n3h.com; Path=/") + assert val == "foo=bar; Domain=xn--n3h.com; Path=/" def test_cookie_unicode_dumping(self): val = http.dump_cookie("foo", "\N{SNOWMAN}") @@ -525,13 +523,13 @@ def test_cookie_unicode_parsing(self): def test_cookie_domain_encoding(self): val = http.dump_cookie("foo", "bar", domain="\N{SNOWMAN}.com") - strict_eq(val, "foo=bar; Domain=xn--n3h.com; Path=/") + assert val == "foo=bar; Domain=xn--n3h.com; Path=/" val = http.dump_cookie("foo", "bar", domain=".\N{SNOWMAN}.com") - strict_eq(val, "foo=bar; Domain=.xn--n3h.com; Path=/") + assert val == "foo=bar; Domain=.xn--n3h.com; Path=/" val = http.dump_cookie("foo", "bar", domain=".foo.com") - strict_eq(val, "foo=bar; Domain=.foo.com; Path=/") + assert val == "foo=bar; Domain=.foo.com; Path=/" def test_cookie_maxsize(self, recwarn): val = http.dump_cookie("foo", "bar" * 1360 + "b") diff --git a/tests/test_routing.py b/tests/test_routing.py index 9bfaf0501..9e98badde 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -12,7 +12,6 @@ import pytest -from . import strict_eq from werkzeug import routing as r from werkzeug.datastructures import ImmutableDict from werkzeug.datastructures import MultiDict @@ -175,12 +174,12 @@ def test_strict_slashes_redirect(): def test_environ_defaults(): environ = create_environ("/foo") - strict_eq(environ["PATH_INFO"], "/foo") + assert environ["PATH_INFO"] == "/foo" m = r.Map([r.Rule("/foo", endpoint="foo"), r.Rule("/bar", endpoint="bar")]) a = m.bind_to_environ(environ) - strict_eq(a.match("/foo"), ("foo", {})) - strict_eq(a.match(), ("foo", {})) - strict_eq(a.match("/bar"), ("bar", {})) + assert a.match("/foo") == ("foo", {}) + assert a.match() == ("foo", {}) + assert a.match("/bar") == ("bar", {}) pytest.raises(r.NotFound, a.match, "/bars") @@ -188,8 +187,8 @@ def test_environ_nonascii_pathinfo(): environ = create_environ("/лошадь") m = r.Map([r.Rule("/", endpoint="index"), r.Rule("/лошадь", endpoint="horse")]) a = m.bind_to_environ(environ) - strict_eq(a.match("/"), ("index", {})) - strict_eq(a.match("/лошадь"), ("horse", {})) + assert a.match("/") == ("index", {}) + assert a.match("/лошадь") == ("horse", {}) pytest.raises(r.NotFound, a.match, "/барсук") @@ -1002,7 +1001,7 @@ def test_redirect_request_exception_code(): exc = r.RequestRedirect("http://www.google.com/") exc.code = 307 env = create_environ() - strict_eq(exc.get_response(env).status_code, exc.code) + assert exc.get_response(env).status_code == exc.code def test_redirect_path_quoting(): @@ -1017,7 +1016,7 @@ def test_redirect_path_quoting(): with pytest.raises(r.RequestRedirect) as excinfo: adapter.match("/foo bar/page/1") response = excinfo.value.get_response({}) - strict_eq(response.headers["location"], "http://example.com/foo%20bar") + assert response.headers["location"] == "http://example.com/foo%20bar" def test_unicode_rules(): @@ -1027,28 +1026,28 @@ def test_unicode_rules(): a = m.bind("☃.example.com") with pytest.raises(r.RequestRedirect) as excinfo: a.match("/войти") - strict_eq( - excinfo.value.new_url, - "http://xn--n3h.example.com/%D0%B2%D0%BE%D0%B9%D1%82%D0%B8/", + assert ( + excinfo.value.new_url + == "http://xn--n3h.example.com/%D0%B2%D0%BE%D0%B9%D1%82%D0%B8/" ) endpoint, values = a.match("/войти/") - strict_eq(endpoint, "enter") - strict_eq(values, {}) + assert endpoint == "enter" + assert values == {} with pytest.raises(r.RequestRedirect) as excinfo: a.match("/foo+bar") - strict_eq(excinfo.value.new_url, "http://xn--n3h.example.com/foo+bar/") + assert excinfo.value.new_url == "http://xn--n3h.example.com/foo+bar/" endpoint, values = a.match("/foo+bar/") - strict_eq(endpoint, "foobar") - strict_eq(values, {}) + assert endpoint == "foobar" + assert values == {} url = a.build("enter", {}, force_external=True) - strict_eq(url, "http://xn--n3h.example.com/%D0%B2%D0%BE%D0%B9%D1%82%D0%B8/") + assert url == "http://xn--n3h.example.com/%D0%B2%D0%BE%D0%B9%D1%82%D0%B8/" url = a.build("foobar", {}, force_external=True) - strict_eq(url, "http://xn--n3h.example.com/foo+bar/") + assert url == "http://xn--n3h.example.com/foo+bar/" def test_empty_path_info(): @@ -1068,13 +1067,13 @@ def test_empty_path_info(): def test_both_bind_and_match_path_info_are_none(): m = r.Map([r.Rule("/", endpoint="index")]) ma = m.bind("example.org") - strict_eq(ma.match(), ("index", {})) + assert ma.match() == ("index", {}) def test_map_repr(): m = r.Map([r.Rule("/wat", endpoint="enter"), r.Rule("/woop", endpoint="foobar")]) rv = repr(m) - strict_eq(rv, "Map([ foobar>, enter>])") + assert rv == "Map([ foobar>, enter>])" def test_empty_subclass_rules_with_custom_kwargs(): diff --git a/tests/test_test.py b/tests/test_test.py index 71eb6bdb8..287caccb1 100644 --- a/tests/test_test.py +++ b/tests/test_test.py @@ -14,7 +14,6 @@ import pytest -from . import strict_eq from werkzeug._internal import _to_bytes from werkzeug.datastructures import FileStorage from werkzeug.datastructures import Headers @@ -87,7 +86,7 @@ def test_cookie_forging(): c = Client(cookie_app) c.set_cookie("localhost", "foo", "bar") appiter, code, headers = c.open() - strict_eq(list(appiter), [b"foo=bar"]) + assert list(appiter) == [b"foo=bar"] def test_set_cookie_app(): @@ -105,28 +104,28 @@ def test_cookiejar_stores_cookie(): def test_no_initial_cookie(): c = Client(cookie_app) appiter, code, headers = c.open() - strict_eq(b"".join(appiter), b"No Cookie") + assert b"".join(appiter) == b"No Cookie" def test_resent_cookie(): c = Client(cookie_app) c.open() appiter, code, headers = c.open() - strict_eq(b"".join(appiter), b"test=test") + assert b"".join(appiter) == b"test=test" def test_disable_cookies(): c = Client(cookie_app, use_cookies=False) c.open() appiter, code, headers = c.open() - strict_eq(b"".join(appiter), b"No Cookie") + assert b"".join(appiter) == b"No Cookie" def test_cookie_for_different_path(): c = Client(cookie_app) c.open("/path1") appiter, code, headers = c.open("/path2") - strict_eq(b"".join(appiter), b"test=test") + assert b"".join(appiter) == b"test=test" def test_environ_builder_basics(): @@ -144,12 +143,12 @@ def test_environ_builder_basics(): req = b.get_request() b.close() - strict_eq(req.url, "http://localhost/") - strict_eq(req.method, "POST") - strict_eq(req.form["test"], "normal value") + assert req.url == "http://localhost/" + assert req.method == "POST" + assert req.form["test"] == "normal value" assert req.files["test"].content_type == "text/plain" - strict_eq(req.files["test"].filename, "test.txt") - strict_eq(req.files["test"].read(), b"test contents") + assert req.files["test"].filename == "test.txt" + assert req.files["test"].read() == b"test contents" def test_environ_builder_data(): @@ -201,13 +200,13 @@ def test_environ_builder_headers(): ) b.headers["X-Beat-My-Horse"] = "very well sir" env = b.get_environ() - strict_eq(env["HTTP_USER_AGENT"], "Foo/0.1") - strict_eq(env["HTTP_X_BEAT_MY_HORSE"], "very well sir") - strict_eq(env["wsgi.version"], (1, 1)) + assert env["HTTP_USER_AGENT"] == "Foo/0.1" + assert env["HTTP_X_BEAT_MY_HORSE"] == "very well sir" + assert env["wsgi.version"] == (1, 1) b.headers["User-Agent"] = "Bar/1.0" env = b.get_environ() - strict_eq(env["HTTP_USER_AGENT"], "Bar/1.0") + assert env["HTTP_USER_AGENT"] == "Bar/1.0" def test_environ_builder_headers_content_type(): @@ -233,35 +232,35 @@ def test_envrion_builder_multiple_headers(): def test_environ_builder_paths(): b = EnvironBuilder(path="/foo", base_url="http://example.com/") - strict_eq(b.base_url, "http://example.com/") - strict_eq(b.path, "/foo") - strict_eq(b.script_root, "") - strict_eq(b.host, "example.com") + assert b.base_url == "http://example.com/" + assert b.path == "/foo" + assert b.script_root == "" + assert b.host == "example.com" b = EnvironBuilder(path="/foo", base_url="http://example.com/bar") - strict_eq(b.base_url, "http://example.com/bar/") - strict_eq(b.path, "/foo") - strict_eq(b.script_root, "/bar") - strict_eq(b.host, "example.com") + assert b.base_url == "http://example.com/bar/" + assert b.path == "/foo" + assert b.script_root == "/bar" + assert b.host == "example.com" b.host = "localhost" - strict_eq(b.base_url, "http://localhost/bar/") + assert b.base_url == "http://localhost/bar/" b.base_url = "http://localhost:8080/" - strict_eq(b.host, "localhost:8080") - strict_eq(b.server_name, "localhost") - strict_eq(b.server_port, 8080) + assert b.host == "localhost:8080" + assert b.server_name == "localhost" + assert b.server_port == 8080 b.host = "foo.invalid" b.url_scheme = "https" b.script_root = "/test" env = b.get_environ() - strict_eq(env["SERVER_NAME"], "foo.invalid") - strict_eq(env["SERVER_PORT"], "443") - strict_eq(env["SCRIPT_NAME"], "/test") - strict_eq(env["PATH_INFO"], "/foo") - strict_eq(env["HTTP_HOST"], "foo.invalid") - strict_eq(env["wsgi.url_scheme"], "https") - strict_eq(b.base_url, "https://foo.invalid/test/") + assert env["SERVER_NAME"] == "foo.invalid" + assert env["SERVER_PORT"] == "443" + assert env["SCRIPT_NAME"] == "/test" + assert env["PATH_INFO"] == "/foo" + assert env["HTTP_HOST"] == "foo.invalid" + assert env["wsgi.url_scheme"] == "https" + assert b.base_url == "https://foo.invalid/test/" def test_environ_builder_content_type(): @@ -282,8 +281,8 @@ def test_environ_builder_content_type(): builder.files.add_file("blafasel", BytesIO(b"foo"), "test.txt") assert builder.content_type == "multipart/form-data" req = builder.get_request() - strict_eq(req.form["foo"], "bar") - strict_eq(req.files["blafasel"].read(), b"foo") + assert req.form["foo"] == "bar" + assert req.files["blafasel"].read() == b"foo" def test_environ_builder_stream_switch(): @@ -301,7 +300,7 @@ def test_environ_builder_stream_switch(): "CONTENT_TYPE": f'multipart/form-data; boundary="{boundary}"', } )[1] - strict_eq(form, d) + assert form == d stream.close() @@ -321,10 +320,10 @@ def test_environ_builder_unicode_file_mix(): "CONTENT_TYPE": f'multipart/form-data; boundary="{boundary}"', } ) - strict_eq(form["s"], "\N{SNOWMAN}") - strict_eq(files["f"].name, "f") - strict_eq(files["f"].filename, "snowman.txt") - strict_eq(files["f"].read(), br"\N{SNOWMAN}") + assert form["s"] == "\N{SNOWMAN}" + assert files["f"].name == "f" + assert files["f"].filename == "snowman.txt" + assert files["f"].read() == br"\N{SNOWMAN}" stream.close() @@ -348,8 +347,8 @@ def test_create_environ(): } for key, value in iter(expected.items()): assert env[key] == value - strict_eq(env["wsgi.input"].read(0), b"") - strict_eq(create_environ("/foo", "http://example.com/")["SCRIPT_NAME"], "") + assert env["wsgi.input"].read(0) == b"" + assert create_environ("/foo", "http://example.com/")["SCRIPT_NAME"] == "" def test_create_environ_query_string_error(): @@ -384,31 +383,31 @@ def close(self): closed.append(self) create_environ(data={"foo": SpecialInput()}) - strict_eq(len(closed), 1) + assert len(closed) == 1 builder = EnvironBuilder() builder.files.add_file("blah", SpecialInput()) builder.close() - strict_eq(len(closed), 2) + assert len(closed) == 2 def test_follow_redirect(): env = create_environ("/", base_url="http://localhost") c = Client(redirect_with_get_app) appiter, code, headers = c.open(environ_overrides=env, follow_redirects=True) - strict_eq(code, "200 OK") - strict_eq(b"".join(appiter), b"current url: http://localhost/some/redirect/") + assert code == "200 OK" + assert b"".join(appiter) == b"current url: http://localhost/some/redirect/" # Test that the :cls:`Client` is aware of user defined response wrappers c = Client(redirect_with_get_app, response_wrapper=BaseResponse) resp = c.get("/", follow_redirects=True) - strict_eq(resp.status_code, 200) - strict_eq(resp.data, b"current url: http://localhost/some/redirect/") + assert resp.status_code == 200 + assert resp.data == b"current url: http://localhost/some/redirect/" # test with URL other than '/' to make sure redirected URL's are correct c = Client(redirect_with_get_app, response_wrapper=BaseResponse) resp = c.get("/first/request", follow_redirects=True) - strict_eq(resp.status_code, 200) - strict_eq(resp.data, b"current url: http://localhost/some/redirect/") + assert resp.status_code == 200 + assert resp.data == b"current url: http://localhost/some/redirect/" def test_follow_local_redirect(): @@ -425,8 +424,8 @@ def local_redirect_app(environ, start_response): c = Client(local_redirect_app, response_wrapper=BaseResponse) resp = c.get("/from/location", follow_redirects=True) - strict_eq(resp.status_code, 200) - strict_eq(resp.data, b"current path: /to/location") + assert resp.status_code == 200 + assert resp.data == b"current path: /to/location" @pytest.mark.parametrize( @@ -577,27 +576,27 @@ def test_app(environ, start_response): c = Client(test_app, response_wrapper=BaseResponse) resp = c.get("/foo%40bar") - strict_eq(resp.data, b"/foo@bar\n") + assert resp.data == b"/foo@bar\n" c = Client(test_app, response_wrapper=BaseResponse) resp = c.get("/foo%40bar", "http://localhost/bar%40baz") - strict_eq(resp.data, b"/foo@bar\n/bar@baz") + assert resp.data == b"/foo@bar\n/bar@baz" def test_multi_value_submit(): c = Client(multi_value_post_app, response_wrapper=BaseResponse) data = {"field": ["val1", "val2"]} resp = c.post("/", data=data) - strict_eq(resp.status_code, 200) + assert resp.status_code == 200 c = Client(multi_value_post_app, response_wrapper=BaseResponse) data = MultiDict({"field": ["val1", "val2"]}) resp = c.post("/", data=data) - strict_eq(resp.status_code, 200) + assert resp.status_code == 200 def test_iri_support(): b = EnvironBuilder("/föö-bar", base_url="http://☃.net/") - strict_eq(b.path, "/f%C3%B6%C3%B6-bar") - strict_eq(b.base_url, "http://xn--n3h.net/") + assert b.path == "/f%C3%B6%C3%B6-bar" + assert b.base_url == "http://xn--n3h.net/" @pytest.mark.parametrize("buffered", (True, False)) @@ -639,9 +638,9 @@ def close(self): if iterable: app = iterable_middleware(app) app_iter, status, headers = run_wsgi_app(app, {}, buffered=buffered) - strict_eq(status, "200 OK") - strict_eq(list(headers), [("Content-Type", "text/html")]) - strict_eq("".join(app_iter), "Hello World!") + assert status == "200 OK" + assert list(headers) == [("Content-Type", "text/html")] + assert "".join(app_iter) == "Hello World!" if hasattr(app_iter, "close"): app_iter.close() @@ -665,9 +664,9 @@ def __next__(self): if iterable: app = iterable_middleware(app) app_iter, status, headers = run_wsgi_app(app, {}, buffered=buffered) - strict_eq(status, "200 OK") - strict_eq(list(headers), [("Content-Type", "text/html")]) - strict_eq("".join(app_iter), "") + assert status == "200 OK" + assert list(headers) == [("Content-Type", "text/html")] + assert "".join(app_iter) == "" def test_run_wsgi_app_closing_iterator(): @@ -735,9 +734,9 @@ def test_app(request): client = Client(test_app, Response) resp = client.get("/") - strict_eq(resp.data, b"[]") + assert resp.data == b"[]" resp = client.get("/") - strict_eq(resp.data, _to_bytes(repr([("test1", "foo"), ("test2", "bar")]), "ascii")) + assert resp.data == _to_bytes(repr([("test1", "foo"), ("test2", "bar")]), "ascii") def test_correct_open_invocation_on_redirect(): @@ -755,15 +754,15 @@ def test_app(request): return Response(str(request.environ["werkzeug._foo"])) c = MyClient(test_app, response_wrapper=Response) - strict_eq(c.get("/").data, b"1") - strict_eq(c.get("/").data, b"2") - strict_eq(c.get("/").data, b"3") + assert c.get("/").data == b"1" + assert c.get("/").data == b"2" + assert c.get("/").data == b"3" def test_correct_encoding(): req = Request.from_values("/\N{SNOWMAN}", "http://example.com/foo") - strict_eq(req.script_root, "/foo") - strict_eq(req.path, "/\N{SNOWMAN}") + assert req.script_root == "/foo" + assert req.path == "/\N{SNOWMAN}" def test_full_url_requests_with_args(): @@ -775,9 +774,9 @@ def test_app(request): client = Client(test_app, Response) resp = client.get("/?x=42", base) - strict_eq(resp.data, b"42") + assert resp.data == b"42" resp = client.get("http://www.example.com/?x=23", base) - strict_eq(resp.data, b"23") + assert resp.data == b"23" def test_delete_requests_with_form(): @@ -787,7 +786,7 @@ def test_app(request): client = Client(test_app, Response) resp = client.delete("/", data={"x": 42}) - strict_eq(resp.data, b"42") + assert resp.data == b"42" def test_post_with_file_descriptor(tmpdir): @@ -796,10 +795,10 @@ def test_post_with_file_descriptor(tmpdir): f.write("foo") with open(f.strpath, mode="rt") as data: resp = c.post("/", data=data) - strict_eq(resp.status_code, 200) + assert resp.status_code == 200 with open(f.strpath, mode="rb") as data: resp = c.post("/", data=data) - strict_eq(resp.status_code, 200) + assert resp.status_code == 200 def test_content_type(): @@ -810,10 +809,10 @@ def test_app(request): client = Client(test_app, Response) resp = client.get("/", data=b"testing", mimetype="text/css") - strict_eq(resp.data, b"text/css; charset=utf-8") + assert resp.data == b"text/css; charset=utf-8" resp = client.get("/", data=b"testing", mimetype="application/octet-stream") - strict_eq(resp.data, b"application/octet-stream") + assert resp.data == b"application/octet-stream" def test_raw_request_uri(): diff --git a/tests/test_urls.py b/tests/test_urls.py index e412754d5..7d07c343c 100644 --- a/tests/test_urls.py +++ b/tests/test_urls.py @@ -11,7 +11,6 @@ import pytest -from . import strict_eq from werkzeug import urls from werkzeug.datastructures import OrderedMultiDict @@ -60,60 +59,58 @@ def test_fileurl_parsing_windows(implicit_format, localhost, monkeypatch): def test_replace(): url = urls.url_parse("http://de.wikipedia.org/wiki/Troll") - strict_eq( - url.replace(query="foo=bar"), - urls.url_parse("http://de.wikipedia.org/wiki/Troll?foo=bar"), + assert url.replace(query="foo=bar") == urls.url_parse( + "http://de.wikipedia.org/wiki/Troll?foo=bar" ) - strict_eq( - url.replace(scheme="https"), - urls.url_parse("https://de.wikipedia.org/wiki/Troll"), + assert url.replace(scheme="https") == urls.url_parse( + "https://de.wikipedia.org/wiki/Troll" ) def test_quoting(): - strict_eq(urls.url_quote("\xf6\xe4\xfc"), "%C3%B6%C3%A4%C3%BC") - strict_eq(urls.url_unquote(urls.url_quote('#%="\xf6')), '#%="\xf6') - strict_eq(urls.url_quote_plus("foo bar"), "foo+bar") - strict_eq(urls.url_unquote_plus("foo+bar"), "foo bar") - strict_eq(urls.url_quote_plus("foo+bar"), "foo%2Bbar") - strict_eq(urls.url_unquote_plus("foo%2Bbar"), "foo+bar") - strict_eq(urls.url_encode({b"a": None, b"b": b"foo bar"}), "b=foo+bar") - strict_eq(urls.url_encode({"a": None, "b": "foo bar"}), "b=foo+bar") - strict_eq( - urls.url_fix("http://de.wikipedia.org/wiki/Elf (Begriffsklärung)"), - "http://de.wikipedia.org/wiki/Elf%20(Begriffskl%C3%A4rung)", + assert urls.url_quote("\xf6\xe4\xfc") == "%C3%B6%C3%A4%C3%BC" + assert urls.url_unquote(urls.url_quote('#%="\xf6')) == '#%="\xf6' + assert urls.url_quote_plus("foo bar") == "foo+bar" + assert urls.url_unquote_plus("foo+bar") == "foo bar" + assert urls.url_quote_plus("foo+bar") == "foo%2Bbar" + assert urls.url_unquote_plus("foo%2Bbar") == "foo+bar" + assert urls.url_encode({b"a": None, b"b": b"foo bar"}) == "b=foo+bar" + assert urls.url_encode({"a": None, "b": "foo bar"}) == "b=foo+bar" + assert ( + urls.url_fix("http://de.wikipedia.org/wiki/Elf (Begriffsklärung)") + == "http://de.wikipedia.org/wiki/Elf%20(Begriffskl%C3%A4rung)" ) - strict_eq(urls.url_quote_plus(42), "42") - strict_eq(urls.url_quote(b"\xff"), "%FF") + assert urls.url_quote_plus(42) == "42" + assert urls.url_quote(b"\xff") == "%FF" def test_bytes_unquoting(): - strict_eq( - urls.url_unquote(urls.url_quote('#%="\xf6', charset="latin1"), charset=None), - b'#%="\xf6', + assert ( + urls.url_unquote(urls.url_quote('#%="\xf6', charset="latin1"), charset=None) + == b'#%="\xf6' ) def test_url_decoding(): x = urls.url_decode(b"foo=42&bar=23&uni=H%C3%A4nsel") - strict_eq(x["foo"], "42") - strict_eq(x["bar"], "23") - strict_eq(x["uni"], "Hänsel") + assert x["foo"] == "42" + assert x["bar"] == "23" + assert x["uni"] == "Hänsel" x = urls.url_decode(b"foo=42;bar=23;uni=H%C3%A4nsel", separator=b";") - strict_eq(x["foo"], "42") - strict_eq(x["bar"], "23") - strict_eq(x["uni"], "Hänsel") + assert x["foo"] == "42" + assert x["bar"] == "23" + assert x["uni"] == "Hänsel" x = urls.url_decode(b"%C3%9Ch=H%C3%A4nsel") - strict_eq(x["Üh"], "Hänsel") + assert x["Üh"] == "Hänsel" def test_url_bytes_decoding(): x = urls.url_decode(b"foo=42&bar=23&uni=H%C3%A4nsel", charset=None) - strict_eq(x[b"foo"], b"42") - strict_eq(x[b"bar"], b"23") - strict_eq(x[b"uni"], "Hänsel".encode()) + assert x[b"foo"] == b"42" + assert x[b"bar"] == b"23" + assert x[b"uni"] == "Hänsel".encode() def test_streamed_url_decoding(): @@ -123,9 +120,9 @@ def test_streamed_url_decoding(): gen = urls.url_decode_stream( io.BytesIO(string), limit=len(string), return_iterator=True ) - strict_eq(next(gen), ("a", item1)) - strict_eq(next(gen), ("b", item2)) - strict_eq(next(gen), ("c", item2)) + assert next(gen) == ("a", item1) + assert next(gen) == ("b", item2) + assert next(gen) == ("c", item2) pytest.raises(StopIteration, lambda: next(gen)) @@ -134,48 +131,48 @@ def test_stream_decoding_string_fails(): def test_url_encoding(): - strict_eq(urls.url_encode({"foo": "bar 45"}), "foo=bar+45") + assert urls.url_encode({"foo": "bar 45"}) == "foo=bar+45" d = {"foo": 1, "bar": 23, "blah": "Hänsel"} - strict_eq(urls.url_encode(d, sort=True), "bar=23&blah=H%C3%A4nsel&foo=1") - strict_eq( - urls.url_encode(d, sort=True, separator=";"), "bar=23;blah=H%C3%A4nsel;foo=1" + assert urls.url_encode(d, sort=True) == "bar=23&blah=H%C3%A4nsel&foo=1" + assert ( + urls.url_encode(d, sort=True, separator=";") == "bar=23;blah=H%C3%A4nsel;foo=1" ) def test_sorted_url_encode(): - strict_eq( + assert ( urls.url_encode( {"a": 42, "b": 23, 1: 1, 2: 2}, sort=True, key=lambda i: str(i[0]) - ), - "1=1&2=2&a=42&b=23", + ) + == "1=1&2=2&a=42&b=23" ) - strict_eq( + assert ( urls.url_encode( {"A": 1, "a": 2, "B": 3, "b": 4}, sort=True, key=lambda x: x[0].lower() + x[0], - ), - "A=1&a=2&B=3&b=4", + ) + == "A=1&a=2&B=3&b=4" ) def test_streamed_url_encoding(): out = io.StringIO() urls.url_encode_stream({"foo": "bar 45"}, out) - strict_eq(out.getvalue(), "foo=bar+45") + assert out.getvalue() == "foo=bar+45" d = {"foo": 1, "bar": 23, "blah": "Hänsel"} out = io.StringIO() urls.url_encode_stream(d, out, sort=True) - strict_eq(out.getvalue(), "bar=23&blah=H%C3%A4nsel&foo=1") + assert out.getvalue() == "bar=23&blah=H%C3%A4nsel&foo=1" out = io.StringIO() urls.url_encode_stream(d, out, sort=True, separator=";") - strict_eq(out.getvalue(), "bar=23;blah=H%C3%A4nsel;foo=1") + assert out.getvalue() == "bar=23;blah=H%C3%A4nsel;foo=1" gen = urls.url_encode_stream(d, sort=True) - strict_eq(next(gen), "bar=23") - strict_eq(next(gen), "blah=H%C3%A4nsel") - strict_eq(next(gen), "foo=1") + assert next(gen) == "bar=23" + assert next(gen) == "blah=H%C3%A4nsel" + assert next(gen) == "foo=1" pytest.raises(StopIteration, lambda: next(gen)) @@ -224,47 +221,47 @@ def test_url_fixing_qs(): def test_iri_support(): - strict_eq(urls.uri_to_iri("http://xn--n3h.net/"), "http://\u2603.net/") - strict_eq( - urls.uri_to_iri(b"http://%C3%BCser:p%C3%A4ssword@xn--n3h.net/p%C3%A5th"), - "http://\xfcser:p\xe4ssword@\u2603.net/p\xe5th", + assert urls.uri_to_iri("http://xn--n3h.net/") == "http://\u2603.net/" + assert ( + urls.uri_to_iri(b"http://%C3%BCser:p%C3%A4ssword@xn--n3h.net/p%C3%A5th") + == "http://\xfcser:p\xe4ssword@\u2603.net/p\xe5th" ) - strict_eq(urls.iri_to_uri("http://☃.net/"), "http://xn--n3h.net/") - strict_eq( - urls.iri_to_uri("http://üser:pässword@☃.net/påth"), - "http://%C3%BCser:p%C3%A4ssword@xn--n3h.net/p%C3%A5th", + assert urls.iri_to_uri("http://☃.net/") == "http://xn--n3h.net/" + assert ( + urls.iri_to_uri("http://üser:pässword@☃.net/påth") + == "http://%C3%BCser:p%C3%A4ssword@xn--n3h.net/p%C3%A5th" ) - strict_eq( - urls.uri_to_iri("http://test.com/%3Fmeh?foo=%26%2F"), - "http://test.com/%3Fmeh?foo=%26%2F", + assert ( + urls.uri_to_iri("http://test.com/%3Fmeh?foo=%26%2F") + == "http://test.com/%3Fmeh?foo=%26%2F" ) # this should work as well, might break on 2.4 because of a broken # idna codec - strict_eq(urls.uri_to_iri(b"/foo"), "/foo") - strict_eq(urls.iri_to_uri("/foo"), "/foo") + assert urls.uri_to_iri(b"/foo") == "/foo" + assert urls.iri_to_uri("/foo") == "/foo" - strict_eq( - urls.iri_to_uri("http://föö.com:8080/bam/baz"), - "http://xn--f-1gaa.com:8080/bam/baz", + assert ( + urls.iri_to_uri("http://föö.com:8080/bam/baz") + == "http://xn--f-1gaa.com:8080/bam/baz" ) def test_iri_safe_conversion(): - strict_eq(urls.iri_to_uri("magnet:?foo=bar"), "magnet:?foo=bar") - strict_eq(urls.iri_to_uri("itms-service://?foo=bar"), "itms-service:?foo=bar") - strict_eq( - urls.iri_to_uri("itms-service://?foo=bar", safe_conversion=True), - "itms-service://?foo=bar", + assert urls.iri_to_uri("magnet:?foo=bar") == "magnet:?foo=bar" + assert urls.iri_to_uri("itms-service://?foo=bar") == "itms-service:?foo=bar" + assert ( + urls.iri_to_uri("itms-service://?foo=bar", safe_conversion=True) + == "itms-service://?foo=bar" ) def test_iri_safe_quoting(): uri = "http://xn--f-1gaa.com/%2F%25?q=%C3%B6&x=%3D%25#%25" iri = "http://föö.com/%2F%25?q=ö&x=%3D%25#%25" - strict_eq(urls.uri_to_iri(uri), iri) - strict_eq(urls.iri_to_uri(urls.uri_to_iri(uri)), uri) + assert urls.uri_to_iri(uri) == iri + assert urls.iri_to_uri(urls.uri_to_iri(uri)) == uri def test_ordered_multidict_encoding(): @@ -288,20 +285,20 @@ def test_multidict_encoding(): def test_href(): x = urls.Href("http://www.example.com/") - strict_eq(x("foo"), "http://www.example.com/foo") - strict_eq(x.foo("bar"), "http://www.example.com/foo/bar") - strict_eq(x.foo("bar", x=42), "http://www.example.com/foo/bar?x=42") - strict_eq(x.foo("bar", class_=42), "http://www.example.com/foo/bar?class=42") - strict_eq(x.foo("bar", {"class": 42}), "http://www.example.com/foo/bar?class=42") + assert x("foo") == "http://www.example.com/foo" + assert x.foo("bar") == "http://www.example.com/foo/bar" + assert x.foo("bar", x=42) == "http://www.example.com/foo/bar?x=42" + assert x.foo("bar", class_=42) == "http://www.example.com/foo/bar?class=42" + assert x.foo("bar", {"class": 42}) == "http://www.example.com/foo/bar?class=42" pytest.raises(AttributeError, lambda: x.__blah__) x = urls.Href("blah") - strict_eq(x.foo("bar"), "blah/foo/bar") + assert x.foo("bar") == "blah/foo/bar" pytest.raises(TypeError, x.foo, {"foo": 23}, x=42) x = urls.Href("") - strict_eq(x("foo"), "foo") + assert x("foo") == "foo" def test_href_url_join(): @@ -313,72 +310,70 @@ def test_href_url_join(): def test_href_past_root(): base_href = urls.Href("http://www.blagga.com/1/2/3") - strict_eq(base_href("../foo"), "http://www.blagga.com/1/2/foo") - strict_eq(base_href("../../foo"), "http://www.blagga.com/1/foo") - strict_eq(base_href("../../../foo"), "http://www.blagga.com/foo") - strict_eq(base_href("../../../../foo"), "http://www.blagga.com/foo") - strict_eq(base_href("../../../../../foo"), "http://www.blagga.com/foo") - strict_eq(base_href("../../../../../../foo"), "http://www.blagga.com/foo") + assert base_href("../foo") == "http://www.blagga.com/1/2/foo" + assert base_href("../../foo") == "http://www.blagga.com/1/foo" + assert base_href("../../../foo") == "http://www.blagga.com/foo" + assert base_href("../../../../foo") == "http://www.blagga.com/foo" + assert base_href("../../../../../foo") == "http://www.blagga.com/foo" + assert base_href("../../../../../../foo") == "http://www.blagga.com/foo" def test_url_unquote_plus_unicode(): # was broken in 0.6 - strict_eq(urls.url_unquote_plus("\x6d"), "\x6d") - assert type(urls.url_unquote_plus("\x6d")) is str + assert urls.url_unquote_plus("\x6d") == "\x6d" def test_quoting_of_local_urls(): rv = urls.iri_to_uri("/foo\x8f") - strict_eq(rv, "/foo%C2%8F") - assert type(rv) is str + assert rv == "/foo%C2%8F" def test_url_attributes(): rv = urls.url_parse("http://foo%3a:bar%3a@[::1]:80/123?x=y#frag") - strict_eq(rv.scheme, "http") - strict_eq(rv.auth, "foo%3a:bar%3a") - strict_eq(rv.username, "foo:") - strict_eq(rv.password, "bar:") - strict_eq(rv.raw_username, "foo%3a") - strict_eq(rv.raw_password, "bar%3a") - strict_eq(rv.host, "::1") + assert rv.scheme == "http" + assert rv.auth == "foo%3a:bar%3a" + assert rv.username == "foo:" + assert rv.password == "bar:" + assert rv.raw_username == "foo%3a" + assert rv.raw_password == "bar%3a" + assert rv.host == "::1" assert rv.port == 80 - strict_eq(rv.path, "/123") - strict_eq(rv.query, "x=y") - strict_eq(rv.fragment, "frag") + assert rv.path == "/123" + assert rv.query == "x=y" + assert rv.fragment == "frag" rv = urls.url_parse("http://\N{SNOWMAN}.com/") - strict_eq(rv.host, "\N{SNOWMAN}.com") - strict_eq(rv.ascii_host, "xn--n3h.com") + assert rv.host == "\N{SNOWMAN}.com" + assert rv.ascii_host == "xn--n3h.com" def test_url_attributes_bytes(): rv = urls.url_parse(b"http://foo%3a:bar%3a@[::1]:80/123?x=y#frag") - strict_eq(rv.scheme, b"http") - strict_eq(rv.auth, b"foo%3a:bar%3a") - strict_eq(rv.username, "foo:") - strict_eq(rv.password, "bar:") - strict_eq(rv.raw_username, b"foo%3a") - strict_eq(rv.raw_password, b"bar%3a") - strict_eq(rv.host, b"::1") + assert rv.scheme == b"http" + assert rv.auth == b"foo%3a:bar%3a" + assert rv.username == "foo:" + assert rv.password == "bar:" + assert rv.raw_username == b"foo%3a" + assert rv.raw_password == b"bar%3a" + assert rv.host == b"::1" assert rv.port == 80 - strict_eq(rv.path, b"/123") - strict_eq(rv.query, b"x=y") - strict_eq(rv.fragment, b"frag") + assert rv.path == b"/123" + assert rv.query == b"x=y" + assert rv.fragment == b"frag" def test_url_joining(): - strict_eq(urls.url_join("/foo", "/bar"), "/bar") - strict_eq(urls.url_join("http://example.com/foo", "/bar"), "http://example.com/bar") - strict_eq(urls.url_join("file:///tmp/", "test.html"), "file:///tmp/test.html") - strict_eq(urls.url_join("file:///tmp/x", "test.html"), "file:///tmp/test.html") - strict_eq(urls.url_join("file:///tmp/x", "../../../x.html"), "file:///x.html") + assert urls.url_join("/foo", "/bar") == "/bar" + assert urls.url_join("http://example.com/foo", "/bar") == "http://example.com/bar" + assert urls.url_join("file:///tmp/", "test.html") == "file:///tmp/test.html" + assert urls.url_join("file:///tmp/x", "test.html") == "file:///tmp/test.html" + assert urls.url_join("file:///tmp/x", "../../../x.html") == "file:///x.html" def test_partial_unencoded_decode(): ref = "foo=정상처리".encode("euc-kr") x = urls.url_decode(ref, charset="euc-kr") - strict_eq(x["foo"], "정상처리") + assert x["foo"] == "정상처리" def test_iri_to_uri_idempotence_ascii_only(): diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py index 58192d829..77093bf86 100644 --- a/tests/test_wrappers.py +++ b/tests/test_wrappers.py @@ -17,7 +17,6 @@ import pytest -from . import strict_eq from werkzeug import wrappers from werkzeug.datastructures import Accept from werkzeug.datastructures import CharsetAccept @@ -85,12 +84,12 @@ def prepare_environ_pickle(environ): def assert_environ(environ, method): - strict_eq(environ["REQUEST_METHOD"], method) - strict_eq(environ["PATH_INFO"], "/") - strict_eq(environ["SCRIPT_NAME"], "") - strict_eq(environ["SERVER_NAME"], "localhost") - strict_eq(environ["wsgi.version"], (1, 0)) - strict_eq(environ["wsgi.url_scheme"], "http") + assert environ["REQUEST_METHOD"] == method + assert environ["PATH_INFO"] == "/" + assert environ["SCRIPT_NAME"] == "" + assert environ["SERVER_NAME"] == "localhost" + assert environ["wsgi.version"] == (1, 0) + assert environ["wsgi.url_scheme"] == "http" def test_base_request(): @@ -98,11 +97,11 @@ def test_base_request(): # get requests response = client.get("/?foo=bar&foo=hehe") - strict_eq(response["args"], MultiDict([("foo", "bar"), ("foo", "hehe")])) - strict_eq(response["args_as_list"], [("foo", ["bar", "hehe"])]) - strict_eq(response["form"], MultiDict()) - strict_eq(response["form_as_list"], []) - strict_eq(response["data"], b"") + assert response["args"] == MultiDict([("foo", "bar"), ("foo", "hehe")]) + assert response["args_as_list"] == [("foo", ["bar", "hehe"])] + assert response["form"] == MultiDict() + assert response["form_as_list"] == [] + assert response["data"] == b"" assert_environ(response["environ"], "GET") # post requests with form data @@ -111,13 +110,13 @@ def test_base_request(): data="foo=blub+hehe&blah=42", content_type="application/x-www-form-urlencoded", ) - strict_eq(response["args"], MultiDict([("blub", "blah")])) - strict_eq(response["args_as_list"], [("blub", ["blah"])]) - strict_eq(response["form"], MultiDict([("foo", "blub hehe"), ("blah", "42")])) - strict_eq(response["data"], b"") + assert response["args"] == MultiDict([("blub", "blah")]) + assert response["args_as_list"] == [("blub", ["blah"])] + assert response["form"] == MultiDict([("foo", "blub hehe"), ("blah", "42")]) + assert response["data"] == b"" # currently we do not guarantee that the values are ordered correctly # for post data. - # strict_eq(response['form_as_list'], [('foo', ['blub hehe']), ('blah', ['42'])]) + # assert response['form_as_list'] == [('foo', ['blub hehe']), ('blah', ['42'])] assert_environ(response["environ"], "POST") # patch requests with form data @@ -126,23 +125,23 @@ def test_base_request(): data="foo=blub+hehe&blah=42", content_type="application/x-www-form-urlencoded", ) - strict_eq(response["args"], MultiDict([("blub", "blah")])) - strict_eq(response["args_as_list"], [("blub", ["blah"])]) - strict_eq(response["form"], MultiDict([("foo", "blub hehe"), ("blah", "42")])) - strict_eq(response["data"], b"") + assert response["args"] == MultiDict([("blub", "blah")]) + assert response["args_as_list"] == [("blub", ["blah"])] + assert response["form"] == MultiDict([("foo", "blub hehe"), ("blah", "42")]) + assert response["data"] == b"" assert_environ(response["environ"], "PATCH") # post requests with json data json = b'{"foo": "bar", "blub": "blah"}' response = client.post("/?a=b", data=json, content_type="application/json") - strict_eq(response["data"], json) - strict_eq(response["args"], MultiDict([("a", "b")])) - strict_eq(response["form"], MultiDict()) + assert response["data"] == json + assert response["args"] == MultiDict([("a", "b")]) + assert response["form"] == MultiDict() def test_query_string_is_bytes(): req = wrappers.Request.from_values("/?foo=%2f") - strict_eq(req.query_string, b"foo=%2f") + assert req.query_string == b"foo=%2f" def test_request_repr(): @@ -158,52 +157,52 @@ def test_access_route(): ) req.environ["REMOTE_ADDR"] = "192.168.1.3" assert req.access_route == ["192.168.1.2", "192.168.1.1"] - strict_eq(req.remote_addr, "192.168.1.3") + assert req.remote_addr == "192.168.1.3" req = wrappers.Request.from_values() req.environ["REMOTE_ADDR"] = "192.168.1.3" - strict_eq(list(req.access_route), ["192.168.1.3"]) + assert list(req.access_route) == ["192.168.1.3"] def test_url_request_descriptors(): req = wrappers.Request.from_values("/bar?foo=baz", "http://example.com/test") - strict_eq(req.path, "/bar") - strict_eq(req.full_path, "/bar?foo=baz") - strict_eq(req.script_root, "/test") - strict_eq(req.url, "http://example.com/test/bar?foo=baz") - strict_eq(req.base_url, "http://example.com/test/bar") - strict_eq(req.url_root, "http://example.com/test/") - strict_eq(req.host_url, "http://example.com/") - strict_eq(req.host, "example.com") - strict_eq(req.scheme, "http") + assert req.path == "/bar" + assert req.full_path == "/bar?foo=baz" + assert req.script_root == "/test" + assert req.url == "http://example.com/test/bar?foo=baz" + assert req.base_url == "http://example.com/test/bar" + assert req.url_root == "http://example.com/test/" + assert req.host_url == "http://example.com/" + assert req.host == "example.com" + assert req.scheme == "http" req = wrappers.Request.from_values("/bar?foo=baz", "https://example.com/test") - strict_eq(req.scheme, "https") + assert req.scheme == "https" def test_url_request_descriptors_query_quoting(): next = "http%3A%2F%2Fwww.example.com%2F%3Fnext%3D%2Fbaz%23my%3Dhash" req = wrappers.Request.from_values(f"/bar?next={next}", "http://example.com/") assert req.path == "/bar" - strict_eq(req.full_path, f"/bar?next={next}") - strict_eq(req.url, f"http://example.com/bar?next={next}") + assert req.full_path == f"/bar?next={next}" + assert req.url == f"http://example.com/bar?next={next}" def test_url_request_descriptors_hosts(): req = wrappers.Request.from_values("/bar?foo=baz", "http://example.com/test") req.trusted_hosts = ["example.com"] - strict_eq(req.path, "/bar") - strict_eq(req.full_path, "/bar?foo=baz") - strict_eq(req.script_root, "/test") - strict_eq(req.url, "http://example.com/test/bar?foo=baz") - strict_eq(req.base_url, "http://example.com/test/bar") - strict_eq(req.url_root, "http://example.com/test/") - strict_eq(req.host_url, "http://example.com/") - strict_eq(req.host, "example.com") - strict_eq(req.scheme, "http") + assert req.path == "/bar" + assert req.full_path == "/bar?foo=baz" + assert req.script_root == "/test" + assert req.url == "http://example.com/test/bar?foo=baz" + assert req.base_url == "http://example.com/test/bar" + assert req.url_root == "http://example.com/test/" + assert req.host_url == "http://example.com/" + assert req.host == "example.com" + assert req.scheme == "http" req = wrappers.Request.from_values("/bar?foo=baz", "https://example.com/test") - strict_eq(req.scheme, "https") + assert req.scheme == "https" req = wrappers.Request.from_values("/bar?foo=baz", "http://example.com/test") req.trusted_hosts = ["example.org"] @@ -219,9 +218,9 @@ def test_authorization_mixin(): headers={"Authorization": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="} ) a = request.authorization - strict_eq(a.type, "basic") - strict_eq(a.username, "Aladdin") - strict_eq(a.password, "open sesame") + assert a.type == "basic" + assert a.username == "Aladdin" + assert a.password == "open sesame" def test_authorization_with_unicode(): @@ -229,9 +228,9 @@ def test_authorization_with_unicode(): headers={"Authorization": "Basic 0YDRg9GB0YHQutC40IE60JHRg9C60LLRiw=="} ) a = request.authorization - strict_eq(a.type, "basic") - strict_eq(a.username, "русскиЁ") - strict_eq(a.password, "Буквы") + assert a.type == "basic" + assert a.username == "русскиЁ" + assert a.password == "Буквы" def test_stream_only_mixing(): @@ -241,7 +240,7 @@ def test_stream_only_mixing(): assert list(request.files.items()) == [] assert list(request.form.items()) == [] pytest.raises(AttributeError, lambda: request.data) - strict_eq(request.stream.read(), b"foo=blub+hehe") + assert request.stream.read() == b"foo=blub+hehe" def test_request_application(): @@ -289,12 +288,12 @@ def test_response_access_control(): def test_base_response(): response = wrappers.BaseResponse("öäü") - strict_eq(response.get_data(), "öäü".encode()) + assert response.get_data() == "öäü".encode() # writing response = wrappers.Response("foo") response.stream.write("bar") - strict_eq(response.get_data(), b"foobar") + assert response.get_data() == b"foobar" # set cookie response = wrappers.BaseResponse() @@ -307,32 +306,26 @@ def test_base_response(): domain="example.org", samesite="Strict", ) - strict_eq( - response.headers.to_wsgi_list(), - [ - ("Content-Type", "text/plain; charset=utf-8"), - ( - "Set-Cookie", - "foo=bar; Domain=example.org; Expires=Thu, " - "01-Jan-1970 00:00:00 GMT; Max-Age=60; Path=/blub; " - "SameSite=Strict", - ), - ], - ) + assert response.headers.to_wsgi_list() == [ + ("Content-Type", "text/plain; charset=utf-8"), + ( + "Set-Cookie", + "foo=bar; Domain=example.org;" + " Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=60;" + " Path=/blub; SameSite=Strict", + ), + ] # delete cookie response = wrappers.BaseResponse() response.delete_cookie("foo") - strict_eq( - response.headers.to_wsgi_list(), - [ - ("Content-Type", "text/plain; charset=utf-8"), - ( - "Set-Cookie", - "foo=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/", - ), - ], - ) + assert response.headers.to_wsgi_list() == [ + ("Content-Type", "text/plain; charset=utf-8"), + ( + "Set-Cookie", + "foo=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/", + ), + ] # close call forwarding closed = [] @@ -350,9 +343,9 @@ def close(self): response = wrappers.BaseResponse(Iterable()) response.call_on_close(lambda: closed.append(True)) app_iter, status, headers = run_wsgi_app(response, create_environ(), buffered=True) - strict_eq(status, "200 OK") - strict_eq("".join(app_iter), "") - strict_eq(len(closed), 2) + assert status == "200 OK" + assert "".join(app_iter) == "" + assert len(closed) == 2 # with statement del closed[:] @@ -365,17 +358,17 @@ def close(self): def test_response_status_codes(): response = wrappers.BaseResponse() response.status_code = 404 - strict_eq(response.status, "404 NOT FOUND") + assert response.status == "404 NOT FOUND" response.status = "200 OK" - strict_eq(response.status_code, 200) + assert response.status_code == 200 response.status = "999 WTF" - strict_eq(response.status_code, 999) + assert response.status_code == 999 response.status_code = 588 - strict_eq(response.status_code, 588) - strict_eq(response.status, "588 UNKNOWN") + assert response.status_code == 588 + assert response.status == "588 UNKNOWN" response.status = "wtf" - strict_eq(response.status_code, 0) - strict_eq(response.status, "0 wtf") + assert response.status_code == 0 + assert response.status == "0 wtf" # invalid status codes with pytest.raises(ValueError) as info: @@ -407,8 +400,8 @@ def foo(self): for orig_resp in wsgi_application, base_response: response = SpecialResponse.force_type(orig_resp, fake_env) assert response.__class__ is SpecialResponse - strict_eq(response.foo(), 42) - strict_eq(response.get_data(), b"Hello World!") + assert response.foo() == 42 + assert response.get_data() == b"Hello World!" assert response.content_type == "text/html" # without env, no arbitrary conversion @@ -436,15 +429,14 @@ def test_accept_mixin(): ("*/*", 0.5), ] ) - strict_eq( - request.accept_charsets, - CharsetAccept([("ISO-8859-1", 1), ("utf-8", 0.7), ("*", 0.7)]), + assert request.accept_charsets == CharsetAccept( + [("ISO-8859-1", 1), ("utf-8", 0.7), ("*", 0.7)] ) - strict_eq(request.accept_encodings, Accept([("gzip", 1), ("deflate", 1)])) - strict_eq(request.accept_languages, LanguageAccept([("en-us", 1), ("en", 0.5)])) + assert request.accept_encodings == Accept([("gzip", 1), ("deflate", 1)]) + assert request.accept_languages == LanguageAccept([("en-us", 1), ("en", 0.5)]) request = wrappers.Request({"HTTP_ACCEPT": ""}) - strict_eq(request.accept_mimetypes, MIMEAccept()) + assert request.accept_mimetypes == MIMEAccept() def test_etag_request_mixin(): @@ -653,13 +645,13 @@ def test_user_agent_mixin(): ] for ua, browser, platform, version, lang in user_agents: request = wrappers.Request({"HTTP_USER_AGENT": ua}) - strict_eq(request.user_agent.browser, browser) - strict_eq(request.user_agent.platform, platform) - strict_eq(request.user_agent.version, version) - strict_eq(request.user_agent.language, lang) + assert request.user_agent.browser == browser + assert request.user_agent.platform == platform + assert request.user_agent.version == version + assert request.user_agent.language == lang assert bool(request.user_agent) - strict_eq(request.user_agent.to_header(), ua) - strict_eq(str(request.user_agent), ua) + assert request.user_agent.to_header() == ua + assert str(request.user_agent) == ua request = wrappers.Request({"HTTP_USER_AGENT": "foo"}) assert not request.user_agent @@ -901,7 +893,7 @@ class WithoutFreeze(wrappers.BaseResponse, wrappers.ETagResponseMixin): response = WithFreeze("Hello World") response.freeze() - strict_eq(response.get_etag(), (str(generate_etag(b"Hello World")), False)) + assert response.get_etag() == (str(generate_etag(b"Hello World")), False) response = WithoutFreeze("Hello World") response.freeze() assert response.get_etag() == (None, None) @@ -914,7 +906,7 @@ def test_authenticate_mixin(): resp = wrappers.Response() resp.www_authenticate.type = "basic" resp.www_authenticate.realm = "Testing" - strict_eq(resp.headers["WWW-Authenticate"], 'Basic realm="Testing"') + assert resp.headers["WWW-Authenticate"] == 'Basic realm="Testing"' resp.www_authenticate.realm = None resp.www_authenticate.type = None assert "WWW-Authenticate" not in resp.headers @@ -1403,7 +1395,7 @@ class ModifiedRequest(wrappers.Request): url_charset = "euc-kr" req = ModifiedRequest.from_values("/?foo=정상처리".encode("euc-kr")) - strict_eq(req.args["foo"], "정상처리") + assert req.args["foo"] == "정상처리" def test_request_method_case_sensitivity(): @@ -1445,17 +1437,15 @@ def test_secure(self): secure=True, samesite=None, ) - strict_eq( - response.headers.to_wsgi_list(), - [ - ("Content-Type", "text/plain; charset=utf-8"), - ( - "Set-Cookie", - "foo=bar; Domain=example.org; Expires=Thu, " - "01-Jan-1970 00:00:00 GMT; Max-Age=60; Secure; Path=/blub", - ), - ], - ) + assert response.headers.to_wsgi_list() == [ + ("Content-Type", "text/plain; charset=utf-8"), + ( + "Set-Cookie", + "foo=bar; Domain=example.org;" + " Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=60;" + " Secure; Path=/blub", + ), + ] def test_httponly(self): response = wrappers.BaseResponse() @@ -1470,17 +1460,15 @@ def test_httponly(self): httponly=True, samesite=None, ) - strict_eq( - response.headers.to_wsgi_list(), - [ - ("Content-Type", "text/plain; charset=utf-8"), - ( - "Set-Cookie", - "foo=bar; Domain=example.org; Expires=Thu, " - "01-Jan-1970 00:00:00 GMT; Max-Age=60; HttpOnly; Path=/blub", - ), - ], - ) + assert response.headers.to_wsgi_list() == [ + ("Content-Type", "text/plain; charset=utf-8"), + ( + "Set-Cookie", + "foo=bar; Domain=example.org;" + " Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=60;" + " HttpOnly; Path=/blub", + ), + ] def test_secure_and_httponly(self): response = wrappers.BaseResponse() @@ -1495,18 +1483,15 @@ def test_secure_and_httponly(self): httponly=True, samesite=None, ) - strict_eq( - response.headers.to_wsgi_list(), - [ - ("Content-Type", "text/plain; charset=utf-8"), - ( - "Set-Cookie", - "foo=bar; Domain=example.org; Expires=Thu, " - "01-Jan-1970 00:00:00 GMT; Max-Age=60; Secure; HttpOnly; " - "Path=/blub", - ), - ], - ) + assert response.headers.to_wsgi_list() == [ + ("Content-Type", "text/plain; charset=utf-8"), + ( + "Set-Cookie", + "foo=bar; Domain=example.org;" + " Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=60;" + " Secure; HttpOnly; Path=/blub", + ), + ] def test_samesite(self): response = wrappers.BaseResponse() @@ -1520,18 +1505,15 @@ def test_samesite(self): secure=False, samesite="strict", ) - strict_eq( - response.headers.to_wsgi_list(), - [ - ("Content-Type", "text/plain; charset=utf-8"), - ( - "Set-Cookie", - "foo=bar; Domain=example.org; Expires=Thu, " - "01-Jan-1970 00:00:00 GMT; Max-Age=60; Path=/blub; " - "SameSite=Strict", - ), - ], - ) + assert response.headers.to_wsgi_list() == [ + ("Content-Type", "text/plain; charset=utf-8"), + ( + "Set-Cookie", + "foo=bar; Domain=example.org;" + " Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=60;" + " Path=/blub; SameSite=Strict", + ), + ] class TestJSONMixin: diff --git a/tests/test_wsgi.py b/tests/test_wsgi.py index 36eda104e..c0ea3ecd3 100644 --- a/tests/test_wsgi.py +++ b/tests/test_wsgi.py @@ -13,7 +13,6 @@ import pytest -from . import strict_eq from werkzeug import wsgi from werkzeug.exceptions import BadRequest from werkzeug.exceptions import ClientDisconnected @@ -134,7 +133,7 @@ def test_path_info_and_script_name_fetching(): def test_query_string_fetching(): env = create_environ("/?\N{SNOWMAN}=\N{COMET}") qs = wsgi.get_query_string(env) - strict_eq(qs, "%E2%98%83=%E2%98%84") + assert qs == "%E2%98%83=%E2%98%84" def test_limited_stream(): @@ -144,65 +143,65 @@ def on_exhausted(self): io_ = io.BytesIO(b"123456") stream = RaisingLimitedStream(io_, 3) - strict_eq(stream.read(), b"123") + assert stream.read() == b"123" pytest.raises(BadRequest, stream.read) io_ = io.BytesIO(b"123456") stream = RaisingLimitedStream(io_, 3) - strict_eq(stream.tell(), 0) - strict_eq(stream.read(1), b"1") - strict_eq(stream.tell(), 1) - strict_eq(stream.read(1), b"2") - strict_eq(stream.tell(), 2) - strict_eq(stream.read(1), b"3") - strict_eq(stream.tell(), 3) + assert stream.tell() == 0 + assert stream.read(1) == b"1" + assert stream.tell() == 1 + assert stream.read(1) == b"2" + assert stream.tell() == 2 + assert stream.read(1) == b"3" + assert stream.tell() == 3 pytest.raises(BadRequest, stream.read) io_ = io.BytesIO(b"123456\nabcdefg") stream = wsgi.LimitedStream(io_, 9) - strict_eq(stream.readline(), b"123456\n") - strict_eq(stream.readline(), b"ab") + assert stream.readline() == b"123456\n" + assert stream.readline() == b"ab" io_ = io.BytesIO(b"123456\nabcdefg") stream = wsgi.LimitedStream(io_, 9) - strict_eq(stream.readlines(), [b"123456\n", b"ab"]) + assert stream.readlines() == [b"123456\n", b"ab"] io_ = io.BytesIO(b"123456\nabcdefg") stream = wsgi.LimitedStream(io_, 9) - strict_eq(stream.readlines(2), [b"12"]) - strict_eq(stream.readlines(2), [b"34"]) - strict_eq(stream.readlines(), [b"56\n", b"ab"]) + assert stream.readlines(2) == [b"12"] + assert stream.readlines(2) == [b"34"] + assert stream.readlines() == [b"56\n", b"ab"] io_ = io.BytesIO(b"123456\nabcdefg") stream = wsgi.LimitedStream(io_, 9) - strict_eq(stream.readline(100), b"123456\n") + assert stream.readline(100) == b"123456\n" io_ = io.BytesIO(b"123456\nabcdefg") stream = wsgi.LimitedStream(io_, 9) - strict_eq(stream.readlines(100), [b"123456\n", b"ab"]) + assert stream.readlines(100) == [b"123456\n", b"ab"] io_ = io.BytesIO(b"123456") stream = wsgi.LimitedStream(io_, 3) - strict_eq(stream.read(1), b"1") - strict_eq(stream.read(1), b"2") - strict_eq(stream.read(), b"3") - strict_eq(stream.read(), b"") + assert stream.read(1) == b"1" + assert stream.read(1) == b"2" + assert stream.read() == b"3" + assert stream.read() == b"" io_ = io.BytesIO(b"123456") stream = wsgi.LimitedStream(io_, 3) - strict_eq(stream.read(-1), b"123") + assert stream.read(-1) == b"123" io_ = io.BytesIO(b"123456") stream = wsgi.LimitedStream(io_, 0) - strict_eq(stream.read(-1), b"") + assert stream.read(-1) == b"" io_ = io.StringIO("123456") stream = wsgi.LimitedStream(io_, 0) - strict_eq(stream.read(-1), "") + assert stream.read(-1) == "" io_ = io.StringIO("123\n456\n") stream = wsgi.LimitedStream(io_, 8) - strict_eq(list(stream), ["123\n", "456\n"]) + assert list(stream) == ["123\n", "456\n"] def test_limited_stream_json_load(): @@ -288,7 +287,7 @@ def test_get_host_fallback(): def test_get_current_url_unicode(): env = create_environ(query_string="foo=bar&baz=blah&meh=\xcf") rv = wsgi.get_current_url(env) - strict_eq(rv, "http://localhost/?foo=bar&baz=blah&meh=\xcf") + assert rv == "http://localhost/?foo=bar&baz=blah&meh=\xcf" def test_get_current_url_invalid_utf8(): @@ -297,7 +296,7 @@ def test_get_current_url_invalid_utf8(): env["QUERY_STRING"] = "foo=bar&baz=blah&meh=\xcf" rv = wsgi.get_current_url(env) # it remains percent-encoded - strict_eq(rv, "http://localhost/?foo=bar&baz=blah&meh=%CF") + assert rv == "http://localhost/?foo=bar&baz=blah&meh=%CF" def test_multi_part_line_breaks(): From b2ead96fe42cf01f643bad2f97e65de2447b47f8 Mon Sep 17 00:00:00 2001 From: David Lord Date: Mon, 16 Mar 2020 15:23:11 -0700 Subject: [PATCH 152/733] remove reraise compat helper --- src/werkzeug/_internal.py | 6 ------ src/werkzeug/debug/tbtools.py | 3 +-- src/werkzeug/serving.py | 3 +-- src/werkzeug/test.py | 8 +++++--- src/werkzeug/utils.py | 5 +---- 5 files changed, 8 insertions(+), 17 deletions(-) diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py index 961a43ad6..427dbc788 100644 --- a/src/werkzeug/_internal.py +++ b/src/werkzeug/_internal.py @@ -106,12 +106,6 @@ def _to_str( return x.decode(charset, errors) -def _reraise(tp, value, tb=None): - if value.__traceback__ is not tb: - raise value.with_traceback(tb) - raise value - - def _wsgi_decoding_dance(s, charset="utf-8", errors="replace"): return s.encode("latin1").decode(charset, errors) diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py index 4641f34dc..0ccbc54e2 100644 --- a/src/werkzeug/debug/tbtools.py +++ b/src/werkzeug/debug/tbtools.py @@ -17,7 +17,6 @@ import traceback from tokenize import TokenError -from .._internal import _reraise from .._internal import _to_native from .._internal import _to_str from ..filesystem import get_filesystem_encoding @@ -187,7 +186,7 @@ def get_current_traceback( """ exc_type, exc_value, tb = sys.exc_info() if ignore_system_exceptions and exc_type in system_exceptions: - _reraise(exc_type, exc_value, tb) + raise for _ in range(skip): if tb.tb_next is None: break diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index cfa6812ca..b8987a569 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -43,7 +43,6 @@ from http.server import HTTPServer from ._internal import _log -from ._internal import _reraise from ._internal import _wsgi_encoding_dance from .exceptions import InternalServerError from .urls import uri_to_iri @@ -275,7 +274,7 @@ def start_response(status, response_headers, exc_info=None): if exc_info: try: if headers_sent: - _reraise(*exc_info) + raise exc_info[1].with_traceback(exc_info[2]) finally: exc_info = None elif headers_set: diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index a0e3557a4..28ccb1c5a 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -20,7 +20,6 @@ from ._internal import _get_environ from ._internal import _make_literal_wrapper -from ._internal import _reraise from ._internal import _to_bytes from ._internal import _wsgi_encoding_dance from .datastructures import CallbackDict @@ -1079,8 +1078,11 @@ def run_wsgi_app(app, environ, buffered=False): buffer = [] def start_response(status, headers, exc_info=None): - if exc_info is not None: - _reraise(*exc_info) + if exc_info: + try: + raise exc_info[1].with_traceback(exc_info[2]) + finally: + exc_info = None response[:] = [status, headers] return buffer.append diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index 88fd03e50..f03c133e2 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -19,7 +19,6 @@ from ._internal import _DictAccessorProperty from ._internal import _missing from ._internal import _parse_signature -from ._internal import _reraise _format_re = re.compile(r"\$(?:([a-zA-Z_][a-zA-Z0-9_]*)|\{([a-zA-Z_][a-zA-Z0-9_]*)\})") _entity_re = re.compile(r"&([^;]+);") @@ -560,9 +559,7 @@ def import_string(import_name, silent=False): except ImportError as e: if not silent: - _reraise( - ImportStringError, ImportStringError(import_name, e), sys.exc_info()[2] - ) + raise ImportStringError(import_name, e).with_traceback(sys.exc_info()[2]) def find_modules(import_path, include_packages=False, recursive=False): From 44e17065b233b81c88c34ada66c55969e70d10f5 Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 17 Mar 2020 07:14:28 -0700 Subject: [PATCH 153/733] replace to_native with to_str remove to_native call where possible rename normalize_string_tuple to check_str_tuple rename make_literal_wrapper to make_encode_wrapper --- src/werkzeug/_internal.py | 49 ++++++++++++++------------ src/werkzeug/datastructures.py | 4 +-- src/werkzeug/debug/tbtools.py | 11 ++---- src/werkzeug/formparser.py | 4 +-- src/werkzeug/security.py | 3 +- src/werkzeug/test.py | 4 +-- src/werkzeug/urls.py | 46 ++++++++++++------------ src/werkzeug/wrappers/base_request.py | 3 +- src/werkzeug/wrappers/base_response.py | 10 +++--- src/werkzeug/wsgi.py | 4 +-- tests/middleware/test_shared_data.py | 3 +- 11 files changed, 68 insertions(+), 73 deletions(-) diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py index 427dbc788..1ca3d33d9 100644 --- a/src/werkzeug/_internal.py +++ b/src/werkzeug/_internal.py @@ -59,50 +59,55 @@ def __reduce__(self): _missing = _Missing() -def _make_literal_wrapper(reference): +def _make_encode_wrapper(reference): + """Create a function that will be called with a string argument. If + the reference is bytes, values will be encoded to bytes. + """ if isinstance(reference, str): return lambda x: x + return operator.methodcaller("encode", "latin1") -def _normalize_string_tuple(tup): - """Ensures that all types in the tuple are either strings or bytes.""" - tupiter = iter(tup) - is_text = isinstance(next(tupiter, None), str) - for arg in tupiter: - if isinstance(arg, str) != is_text: - raise TypeError(f"Cannot mix str and bytes arguments (got {tup!r})") - return tup +def _check_str_tuple(value): + """Ensure tuple items are all strings or all bytes.""" + if not value: + return + item_type = str if isinstance(value[0], str) else bytes -def _to_bytes(x, charset=sys.getdefaultencoding(), errors="strict"): # noqa - if x is None: - return None - if isinstance(x, (bytes, bytearray, memoryview)): # noqa + if any(not isinstance(item, item_type) for item in value): + raise TypeError(f"Cannot mix str and bytes arguments (got {value!r})") + + +def _to_bytes(x, charset=sys.getdefaultencoding(), errors="strict"): # noqa: B008 + if x is None or isinstance(x, bytes): + return x + + if isinstance(x, (bytearray, memoryview)): return bytes(x) + if isinstance(x, str): return x.encode(charset, errors) - raise TypeError("Expected bytes") - -def _to_native(x, charset=sys.getdefaultencoding(), errors="strict"): # noqa - if x is None or isinstance(x, str): - return x - return x.decode(charset, errors) + raise TypeError("Expected bytes") def _to_str( x, - charset=sys.getdefaultencoding(), # noqa + charset=sys.getdefaultencoding(), # noqa: B008 errors="strict", allow_none_charset=False, ): - if x is None: - return None + if x is None or isinstance(x, str): + return x + if not isinstance(x, bytes): return str(x) + if charset is None and allow_none_charset: return x + return x.decode(charset, errors) diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 4b2bc79f3..d65157d46 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -19,7 +19,7 @@ from os import fspath from . import exceptions -from ._internal import _make_literal_wrapper +from ._internal import _make_encode_wrapper from ._internal import _missing from .filesystem import get_filesystem_encoding @@ -2874,7 +2874,7 @@ def __init__( # special filenames with angular brackets. if filename is None: filename = getattr(stream, "name", None) - s = _make_literal_wrapper(filename) + s = _make_encode_wrapper(filename) if filename and filename[0] == s("<") and filename[-1] == s(">"): filename = None diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py index 0ccbc54e2..b5a907754 100644 --- a/src/werkzeug/debug/tbtools.py +++ b/src/werkzeug/debug/tbtools.py @@ -17,7 +17,6 @@ import traceback from tokenize import TokenError -from .._internal import _to_native from .._internal import _to_str from ..filesystem import get_filesystem_encoding from ..utils import cached_property @@ -273,7 +272,7 @@ def log(self, logfile=None): if logfile is None: logfile = sys.stderr tb = f"{self.plaintext.rstrip()}\n" - logfile.write(_to_native(tb, "utf-8", "replace")) + logfile.write(tb) def paste(self): """Create a paste and return the paste id.""" @@ -551,9 +550,7 @@ def sourcelines(self): if source is None: try: - with open( - _to_native(self.filename, get_filesystem_encoding()), mode="rb" - ) as f: + with open(self.filename, mode="rb") as f: source = f.read() except OSError: return [] @@ -562,8 +559,6 @@ def sourcelines(self): if isinstance(source, str): return source.splitlines() - # yes. it should be ascii, but we don't want to reject too many - # characters in the debugger if something breaks charset = "utf-8" if source.startswith(UTF8_COOKIE): source = source[3:] @@ -577,7 +572,7 @@ def sourcelines(self): break # on broken cookies we fall back to utf-8 too - charset = _to_native(charset) + charset = _to_str(charset) try: codecs.lookup(charset) except LookupError: diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py index bc7395cc9..5babe639a 100644 --- a/src/werkzeug/formparser.py +++ b/src/werkzeug/formparser.py @@ -17,7 +17,7 @@ from itertools import tee from . import exceptions -from ._internal import _to_native +from ._internal import _to_str from .datastructures import FileStorage from .datastructures import Headers from .datastructures import MultiDict @@ -297,7 +297,7 @@ def parse_multipart_headers(iterable): """ result = [] for line in iterable: - line = _to_native(line) + line = _to_str(line) line, line_terminated = _line_parse(line) if not line_terminated: raise ValueError("unexpected end of line in multipart header") diff --git a/src/werkzeug/security.py b/src/werkzeug/security.py index 8c991f008..f536aaee5 100644 --- a/src/werkzeug/security.py +++ b/src/werkzeug/security.py @@ -16,7 +16,6 @@ from struct import Struct from ._internal import _to_bytes -from ._internal import _to_native SALT_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" DEFAULT_PBKDF2_ITERATIONS = 150000 @@ -46,7 +45,7 @@ def pbkdf2_hex( from the hashlib module. Defaults to sha256. """ rv = pbkdf2_bin(data, salt, iterations, keylen, hashfunc) - return _to_native(codecs.encode(rv, "hex_codec")) + return codecs.encode(rv, "hex_codec").decode("ascii") def pbkdf2_bin( diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index 28ccb1c5a..35c7d5b36 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -19,7 +19,7 @@ from urllib.request import Request as _UrllibRequest from ._internal import _get_environ -from ._internal import _make_literal_wrapper +from ._internal import _make_encode_wrapper from ._internal import _to_bytes from ._internal import _wsgi_encoding_dance from .datastructures import CallbackDict @@ -326,7 +326,7 @@ def __init__( mimetype=None, json=None, ): - path_s = _make_literal_wrapper(path) + path_s = _make_encode_wrapper(path) if query_string is not None and path_s("?") in path: raise ValueError("Query string is defined in the path and as an argument") if query_string is None and path_s("?") in path: diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py index c754f1a29..4935948cf 100644 --- a/src/werkzeug/urls.py +++ b/src/werkzeug/urls.py @@ -9,11 +9,10 @@ import warnings from collections import namedtuple +from ._internal import _check_str_tuple from ._internal import _decode_idna from ._internal import _encode_idna -from ._internal import _make_literal_wrapper -from ._internal import _normalize_string_tuple -from ._internal import _to_native +from ._internal import _make_encode_wrapper from ._internal import _to_str # A regular expression for what a valid schema looks like @@ -71,7 +70,7 @@ def ascii_host(self): rv = _encode_idna(rv) except UnicodeError: rv = rv.encode("ascii", "ignore") - return _to_native(rv, "ascii", "ignore") + return _to_str(rv, "ascii", "ignore") @property def port(self): @@ -79,7 +78,7 @@ def port(self): otherwise. This does not fill in default ports. """ try: - rv = int(_to_native(self._split_host()[1])) + rv = int(_to_str(self._split_host()[1])) if 0 <= rv <= 65535: return rv except (ValueError, TypeError): @@ -316,7 +315,7 @@ def encode_netloc(self): ) if auth: rv = f"{auth}@{rv}" - return _to_native(rv) + return rv def encode(self, charset="utf-8", errors="replace"): """Encodes the URL to a tuple made out of bytes. The charset is @@ -430,14 +429,14 @@ def url_parse(url, scheme=None, allow_fragments=True): :param allow_fragments: if set to `False` a fragment will be removed from the URL. """ - s = _make_literal_wrapper(url) + s = _make_encode_wrapper(url) is_text_based = isinstance(url, str) if scheme is None: scheme = s("") netloc = query = fragment = s("") i = url.find(s(":")) - if i > 0 and _scheme_re.match(_to_native(url[:i], errors="replace")): + if i > 0 and _scheme_re.match(_to_str(url[:i], errors="replace")): # make sure "iri" is not actually a port number (in which case # "scheme" is really part of the path) rest = url[i + 1 :] @@ -526,7 +525,7 @@ def url_quote(string, charset="utf-8", errors="strict", safe="/:", unsafe=""): rv.append(char) else: rv.extend(_bytetohex[char]) - return _to_native(bytes(rv)) + return bytes(rv).decode(charset) def url_quote_plus(string, charset="utf-8", errors="strict", safe=""): @@ -547,8 +546,9 @@ def url_unparse(components): :param components: the parsed URL as tuple which should be converted into a URL string. """ - scheme, netloc, path, query, fragment = _normalize_string_tuple(components) - s = _make_literal_wrapper(scheme) + _check_str_tuple(components) + scheme, netloc, path, query, fragment = components + s = _make_encode_wrapper(scheme) url = s("") # We generally treat file:///x and file:/x the same which is also @@ -632,7 +632,7 @@ def url_fix(s, charset="utf-8"): path = url_quote(url.path, charset, safe="/%+$!*'(),") qs = url_quote_plus(url.query, charset, safe=":&%=+$!*'(),") anchor = url_quote_plus(url.fragment, charset, safe=":&%=+$!*'(),") - return _to_native(url_unparse((url.scheme, url.encode_netloc(), path, qs, anchor))) + return url_unparse((url.scheme, url.encode_netloc(), path, qs, anchor)) # not-unreserved characters remain quoted when unquoting to IRI @@ -729,7 +729,7 @@ def iri_to_uri(iri, charset="utf-8", errors="strict", safe_conversion=False): # If we're not sure if it's safe to convert the URL, and it only # contains ASCII characters, return it unconverted. try: - native_iri = _to_native(iri) + native_iri = _to_str(iri) ascii_iri = native_iri.encode("ascii") # Only return if it doesn't have whitespace. (Why?) @@ -742,9 +742,7 @@ def iri_to_uri(iri, charset="utf-8", errors="strict", safe_conversion=False): path = url_quote(iri.path, charset, errors, _to_uri_safe) query = url_quote(iri.query, charset, errors, _to_uri_safe) fragment = url_quote(iri.fragment, charset, errors, _to_uri_safe) - return _to_native( - url_unparse((iri.scheme, iri.encode_netloc(), path, query, fragment)) - ) + return url_unparse((iri.scheme, iri.encode_netloc(), path, query, fragment)) def url_decode( @@ -862,7 +860,7 @@ def _url_decode_impl(pair_iter, charset, include_empty, errors): for pair in pair_iter: if not pair: continue - s = _make_literal_wrapper(pair) + s = _make_encode_wrapper(pair) equal = s("=") if equal in pair: key, value = pair.split(equal, 1) @@ -876,7 +874,7 @@ def _url_decode_impl(pair_iter, charset, include_empty, errors): def url_encode( - obj, charset="utf-8", encode_keys=None, sort=False, key=None, separator=b"&" + obj, charset="utf-8", encode_keys=None, sort=False, key=None, separator="&" ): """URL encode a dict/`MultiDict`. If a value is `None` it will not appear in the result string. Per default only values are encoded into the target @@ -902,7 +900,7 @@ def url_encode( DeprecationWarning, stacklevel=2, ) - separator = _to_native(separator, "ascii") + separator = _to_str(separator, "ascii") return separator.join(_url_encode_impl(obj, charset, sort, key)) @@ -913,7 +911,7 @@ def url_encode_stream( encode_keys=None, sort=False, key=None, - separator=b"&", + separator="&", ): """Like :meth:`url_encode` but writes the results to a stream object. If the stream is `None` a generator over all encoded @@ -941,7 +939,7 @@ def url_encode_stream( DeprecationWarning, stacklevel=2, ) - separator = _to_native(separator, "ascii") + separator = _to_str(separator, "ascii") gen = _url_encode_impl(obj, charset, sort, key) if stream is None: return gen @@ -964,8 +962,8 @@ def url_join(base, url, allow_fragments=True): if isinstance(url, tuple): url = url_unparse(url) - base, url = _normalize_string_tuple((base, url)) - s = _make_literal_wrapper(base) + _check_str_tuple((base, url)) + s = _make_encode_wrapper(base) if not base: return url @@ -1108,4 +1106,4 @@ def __call__(self, *path, **query): rv += "?" + _to_str( url_encode(query, self.charset, sort=self.sort, key=self.key), "ascii" ) - return _to_native(rv) + return rv diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py index dedbb4698..aeaa5d389 100644 --- a/src/werkzeug/wrappers/base_request.py +++ b/src/werkzeug/wrappers/base_request.py @@ -1,7 +1,6 @@ from functools import update_wrapper from io import BytesIO -from .._internal import _to_native from .._internal import _to_str from .._internal import _wsgi_decoding_dance from ..datastructures import CombinedMultiDict @@ -159,7 +158,7 @@ def __repr__(self): # in a debug session we don't want the repr to blow up. args = [] try: - args.append(f"'{_to_native(self.url, self.url_charset)}'") + args.append(f"'{self.url}'") args.append(f"[{self.method}]") except Exception: args.append("(invalid WSGI environ)") diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py index e93fdb893..383777238 100644 --- a/src/werkzeug/wrappers/base_response.py +++ b/src/werkzeug/wrappers/base_response.py @@ -1,7 +1,7 @@ import warnings from .._internal import _to_bytes -from .._internal import _to_native +from .._internal import _to_str from ..datastructures import Headers from ..http import dump_cookie from ..http import HTTP_STATUS_CODES @@ -52,7 +52,7 @@ def _clean_accept_ranges(accept_ranges): elif accept_ranges is False: return "none" elif isinstance(accept_ranges, str): - return _to_native(accept_ranges) + return accept_ranges raise ValueError("Invalid accept_ranges value") @@ -303,11 +303,11 @@ def status(self): @status.setter def status(self, value): - try: - self._status = _to_native(value) - except AttributeError: + if not isinstance(value, (str, bytes)): raise TypeError("Invalid status argument") + self._status = _to_str(value) + try: self._status_code = int(self._status.split(None, 1)[0]) except ValueError: diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py index 1995fe715..d62c5bb26 100644 --- a/src/werkzeug/wsgi.py +++ b/src/werkzeug/wsgi.py @@ -14,7 +14,7 @@ from itertools import chain from ._internal import _encode_idna -from ._internal import _make_literal_wrapper +from ._internal import _make_encode_wrapper from ._internal import _to_bytes from ._internal import _to_str from .urls import uri_to_iri @@ -705,7 +705,7 @@ def make_line_iter(stream, limit=None, buffer_size=10 * 1024, cap_at_buffer=Fals if not first_item: return - s = _make_literal_wrapper(first_item) + s = _make_encode_wrapper(first_item) empty = s("") cr = s("\r") lf = s("\n") diff --git a/tests/middleware/test_shared_data.py b/tests/middleware/test_shared_data.py index 2836dba8e..9b4f5dced 100644 --- a/tests/middleware/test_shared_data.py +++ b/tests/middleware/test_shared_data.py @@ -1,7 +1,6 @@ import os from contextlib import closing -from werkzeug._internal import _to_native from werkzeug.middleware.shared_data import SharedDataMiddleware from werkzeug.test import create_environ from werkzeug.test import run_wsgi_app @@ -19,7 +18,7 @@ def null_application(environ, start_response): test_dir = str(tmpdir) - with open(os.path.join(test_dir, _to_native("äöü", "utf-8")), "w") as test_file: + with open(os.path.join(test_dir, "äöü"), "w") as test_file: test_file.write("FOUND") for t in [list, dict]: From 80e5a8b24bf6f21317155c92a9b83d4b154461d0 Mon Sep 17 00:00:00 2001 From: raymond-devries Date: Mon, 10 Feb 2020 15:06:03 -0800 Subject: [PATCH 154/733] Improve status and status code setting in Response class. Co-authored-by: lathamfell --- src/werkzeug/wrappers/base_response.py | 57 ++++++++++++++++++-------- tests/test_wrappers.py | 55 +++++++++++++++++++------ 2 files changed, 82 insertions(+), 30 deletions(-) diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py index 383777238..d9e71fae1 100644 --- a/src/werkzeug/wrappers/base_response.py +++ b/src/werkzeug/wrappers/base_response.py @@ -193,10 +193,7 @@ def __init__( self.headers["Content-Type"] = content_type if status is None: status = self.default_status - if isinstance(status, int): - self.status_code = status - else: - self.status = status + self.status = status self.direct_passthrough = direct_passthrough self._on_close = [] @@ -290,11 +287,7 @@ def status_code(self): @status_code.setter def status_code(self, code): - self._status_code = code - try: - self._status = f"{code} {HTTP_STATUS_CODES[code].upper()}" - except KeyError: - self._status = f"{code} UNKNOWN" + self.status = code @property def status(self): @@ -303,19 +296,49 @@ def status(self): @status.setter def status(self, value): - if not isinstance(value, (str, bytes)): + self._check_status_is_valid(value) + self._status, self._status_code = self._clean_status(value) + + @staticmethod + def _check_status_is_valid(value): + if not isinstance(value, (str, bytes, int)): raise TypeError("Invalid status argument") - self._status = _to_str(value) + def _clean_status(self, value): + status = _to_str(value, self.charset) + split_status = status.split(None, 1) - try: - self._status_code = int(self._status.split(None, 1)[0]) - except ValueError: - self._status_code = 0 - self._status = f"0 {self._status}" - except IndexError: + if len(split_status) == 0: raise ValueError("Empty status argument") + if len(split_status) > 1: + if split_status[0].isdigit(): + return self._clean_custom_status(status, split_status) + + return self._clean_status_with_no_code_provided(status) + + if split_status[0].isdigit(): + return self._clean_status_with_only_code_provided(split_status) + + return self._clean_status_with_no_code_provided(status) + + @staticmethod + def _clean_custom_status(status, split_status): + return status, int(split_status[0]) + + @staticmethod + def _clean_status_with_no_code_provided(status): + return f"0 {status}", 0 + + @staticmethod + def _clean_status_with_only_code_provided(split_status): + status_code = int(split_status[0]) + try: + status = f"{status_code} {HTTP_STATUS_CODES[status_code].upper()}" + except KeyError: + status = f"{status_code} UNKNOWN" + return status, status_code + def get_data(self, as_text=False): """The string representation of the request body. Whenever you call this property the request iterable is encoded and flattened. This diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py index 77093bf86..614bab5d0 100644 --- a/tests/test_wrappers.py +++ b/tests/test_wrappers.py @@ -355,27 +355,56 @@ def close(self): assert len(closed) == 1 -def test_response_status_codes(): +@pytest.mark.parametrize( + ("status_code", "expected_status"), + [ + (200, "200 OK"), + (404, "404 NOT FOUND"), + (588, "588 UNKNOWN"), + (999, "999 UNKNOWN"), + ], +) +def test_response_set_status_code(status_code, expected_status): response = wrappers.BaseResponse() - response.status_code = 404 - assert response.status == "404 NOT FOUND" - response.status = "200 OK" - assert response.status_code == 200 - response.status = "999 WTF" - assert response.status_code == 999 - response.status_code = 588 - assert response.status_code == 588 - assert response.status == "588 UNKNOWN" - response.status = "wtf" - assert response.status_code == 0 - assert response.status == "0 wtf" + response.status_code = status_code + assert response.status_code == status_code + assert response.status == expected_status + +@pytest.mark.parametrize( + ("status", "expected_status_code", "expected_status"), + [ + ("404", 404, "404 NOT FOUND"), + ("588", 588, "588 UNKNOWN"), + ("999", 999, "999 UNKNOWN"), + ("200 OK", 200, "200 OK"), + ("999 WTF", 999, "999 WTF"), + ("wtf", 0, "0 wtf"), + ("200 TEA POT", 200, "200 TEA POT"), + (200, 200, "200 OK"), + (400, 400, "400 BAD REQUEST"), + ], +) +def test_response_set_status(status, expected_status_code, expected_status): + response = wrappers.BaseResponse() + response.status = status + assert response.status_code == expected_status_code + assert response.status == expected_status + + response = wrappers.Response(status=status) + assert response.status_code == expected_status_code + assert response.status == expected_status + + +def test_response_init_status_empty_string(): # invalid status codes with pytest.raises(ValueError) as info: wrappers.BaseResponse(None, "") assert "Empty status argument" in str(info.value) + +def test_response_init_status_tuple(): with pytest.raises(TypeError) as info: wrappers.BaseResponse(None, tuple()) From 30b968e82da385563010687a9faf2eec14205a60 Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 17 Mar 2020 08:57:03 -0700 Subject: [PATCH 155/733] refactor response status setter --- CHANGES.rst | 2 ++ src/werkzeug/wrappers/base_response.py | 37 ++++++++++---------------- 2 files changed, 16 insertions(+), 23 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index b4f5a2c96..3c33af0ce 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -12,6 +12,8 @@ Unreleased ``EnvironBuilder``, multiple values for a key are joined into one comma separated value. This matches the HTTP spec on multi-value headers. :issue:`1655` +- Setting ``Response.status`` and ``status_code`` uses identical + parsing and error checking. :issue:`1658`, :pr:`1728` Version 1.0.1 diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py index d9e71fae1..b0124d6a1 100644 --- a/src/werkzeug/wrappers/base_response.py +++ b/src/werkzeug/wrappers/base_response.py @@ -296,14 +296,11 @@ def status(self): @status.setter def status(self, value): - self._check_status_is_valid(value) - self._status, self._status_code = self._clean_status(value) - - @staticmethod - def _check_status_is_valid(value): if not isinstance(value, (str, bytes, int)): raise TypeError("Invalid status argument") + self._status, self._status_code = self._clean_status(value) + def _clean_status(self, value): status = _to_str(value, self.charset) split_status = status.split(None, 1) @@ -313,32 +310,26 @@ def _clean_status(self, value): if len(split_status) > 1: if split_status[0].isdigit(): - return self._clean_custom_status(status, split_status) + # code and message + return status, int(split_status[0]) - return self._clean_status_with_no_code_provided(status) + # multi-word message + return f"0 {status}", 0 if split_status[0].isdigit(): - return self._clean_status_with_only_code_provided(split_status) + # code only + status_code = int(split_status[0]) - return self._clean_status_with_no_code_provided(status) + try: + status = f"{status_code} {HTTP_STATUS_CODES[status_code].upper()}" + except KeyError: + status = f"{status_code} UNKNOWN" - @staticmethod - def _clean_custom_status(status, split_status): - return status, int(split_status[0]) + return status, status_code - @staticmethod - def _clean_status_with_no_code_provided(status): + # one-word message return f"0 {status}", 0 - @staticmethod - def _clean_status_with_only_code_provided(split_status): - status_code = int(split_status[0]) - try: - status = f"{status_code} {HTTP_STATUS_CODES[status_code].upper()}" - except KeyError: - status = f"{status_code} UNKNOWN" - return status, status_code - def get_data(self, as_text=False): """The string representation of the request body. Whenever you call this property the request iterable is encoded and flattened. This From b70df18e5a53031547ac05dcb11e9302000c5886 Mon Sep 17 00:00:00 2001 From: Samuel Nicolary Date: Tue, 25 Feb 2020 13:33:26 -0700 Subject: [PATCH 156/733] zfill year < 1000 --- CHANGES.rst | 2 ++ src/werkzeug/http.py | 4 ++-- tests/test_http.py | 12 ++++++++++++ 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 6c77093cc..ee0deb617 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -10,6 +10,8 @@ Unreleased - Only allow a single access control allow origin value. :pr:`1723` - Fix crash when trying to parse a non-existent Content Security Policy header. :pr:`1731` +- ``http_date`` zero fills years < 1000 to always output four digits. + :issue:`1739` Version 1.0.0 diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index 954b1f0ec..c33293a23 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -865,7 +865,7 @@ def _dump_date(d, delim): d = d.utctimetuple() elif isinstance(d, (integer_types, float)): d = gmtime(d) - return "%s, %02d%s%s%s%s %02d:%02d:%02d GMT" % ( + return "%s, %02d%s%s%s%04d %02d:%02d:%02d GMT" % ( ("Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun")[d.tm_wday], d.tm_mday, delim, @@ -884,7 +884,7 @@ def _dump_date(d, delim): "Dec", )[d.tm_mon - 1], delim, - str(d.tm_year), + d.tm_year, d.tm_hour, d.tm_min, d.tm_sec, diff --git a/tests/test_http.py b/tests/test_http.py index 86359609b..57251700c 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -668,6 +668,18 @@ def test_content_range_parsing(self): assert rv.length == 100 assert rv.units == "bytes" + @pytest.mark.parametrize( + ("args", "expected"), + ( + ((1, 1, 1), "Mon, 01 Jan 0001 00:00:00 GMT"), + ((999, 1, 1), "Tue, 01 Jan 0999 00:00:00 GMT"), + ((1000, 1, 1), "Wed, 01 Jan 1000 00:00:00 GMT"), + ((2020, 1, 1), "Wed, 01 Jan 2020 00:00:00 GMT"), + ), + ) + def test_http_date_lt_1000(self, args, expected): + assert http.http_date(datetime(*args)) == expected + class TestRegression(object): def test_best_match_works(self): From c761ff82486affbede7f6d0990a50acbd9e759b4 Mon Sep 17 00:00:00 2001 From: Michele Bertoldi Date: Tue, 25 Feb 2020 17:51:41 +0100 Subject: [PATCH 157/733] fix locals in InteractiveConsole --- CHANGES.rst | 2 ++ src/werkzeug/debug/console.py | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index ee0deb617..1f9676fbb 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -12,6 +12,8 @@ Unreleased Policy header. :pr:`1731` - ``http_date`` zero fills years < 1000 to always output four digits. :issue:`1739` +- Fix missing local variables in interactive debugger console. + :issue:`1746` Version 1.0.0 diff --git a/src/werkzeug/debug/console.py b/src/werkzeug/debug/console.py index 5b2f1e608..f5e08688f 100644 --- a/src/werkzeug/debug/console.py +++ b/src/werkzeug/debug/console.py @@ -148,8 +148,9 @@ def func(source, filename, symbol): class _InteractiveConsole(code.InteractiveInterpreter): def __init__(self, globals, locals): - locals = dict(globals) - locals.update(locals) + _locals = dict(globals) + _locals.update(locals) + locals = _locals locals["dump"] = dump locals["help"] = helper locals["__loader__"] = self.loader = _ConsoleLoader() From c341a0ab6fd9ed375e8bb902504f4747160f98f2 Mon Sep 17 00:00:00 2001 From: Alexey Vasilyev Date: Wed, 19 Feb 2020 22:17:38 +0100 Subject: [PATCH 158/733] fix os.fspath call on file-like objects --- CHANGES.rst | 2 ++ src/werkzeug/datastructures.py | 4 +++- tests/test_datastructures.py | 14 ++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index 1f9676fbb..788b2b32c 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -14,6 +14,8 @@ Unreleased :issue:`1739` - Fix missing local variables in interactive debugger console. :issue:`1746` +- Fix passing file-like objects like ``io.BytesIO`` to + ``FileStorage.save``. :issue:`1733` Version 1.0.0 diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 1cda034fc..480d73aec 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -3058,7 +3058,9 @@ def save(self, dst, buffer_size=16384): from shutil import copyfileobj close_dst = False - dst = fspath(dst) + + if hasattr(dst, "__fspath__"): + dst = fspath(dst) if isinstance(dst, string_types): dst = open(dst, "wb") diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index a64fa9e1b..56f170ba6 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -1243,6 +1243,20 @@ def test_save_to_pathlib_dst(self, tmp_path): storage.save(dst) assert dst.read_text() == "test" + def test_save_to_bytes_io(self): + storage = self.storage_class(io.BytesIO(b"one\ntwo")) + dst = io.BytesIO() + storage.save(dst) + assert dst.getvalue() == b"one\ntwo" + + def test_save_to_file(self, tmp_path): + path = tmp_path / "file.data" + storage = self.storage_class(io.BytesIO(b"one\ntwo")) + with path.open("wb") as dst: + storage.save(dst) + with path.open("rb") as src: + assert src.read() == b"one\ntwo" + @pytest.mark.parametrize("ranges", ([(0, 1), (-5, None)], [(5, None)])) def test_range_to_header(ranges): From a9ba22af18b3e4fa9fca067ee07b57cf0ae38e8b Mon Sep 17 00:00:00 2001 From: Sam Bull Date: Mon, 2 Mar 2020 13:33:00 +0000 Subject: [PATCH 159/733] Add missing documentation about None return type. --- src/werkzeug/useragents.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py index 74f2fa4fd..6ef6e2b8e 100644 --- a/src/werkzeug/useragents.py +++ b/src/werkzeug/useragents.py @@ -112,8 +112,8 @@ class UserAgent(object): .. attribute:: platform - the browser platform. The following platforms are currently - recognized: + the browser platform. ``None`` if not recognized. + The following platforms are currently recognized: - `aix` - `amiga` @@ -139,8 +139,8 @@ class UserAgent(object): .. attribute:: browser - the name of the browser. The following browsers are currently - recognized: + the name of the browser. ``None`` if not recognized. + The following browsers are currently recognized: - `aol` * - `ask` * @@ -170,11 +170,11 @@ class UserAgent(object): .. attribute:: version - the version of the browser + the version of the browser. ``None`` if not recognized. .. attribute:: language - the language of the browser + the language of the browser. ``None`` if not recognized. """ _parser = UserAgentParser() From 276ae9236aa1a519fad32d744127467223aa7aa6 Mon Sep 17 00:00:00 2001 From: Jarek Zgoda Date: Wed, 11 Mar 2020 10:51:00 +0100 Subject: [PATCH 160/733] all HTTPException subclasses accept response kwarg --- src/werkzeug/exceptions.py | 8 +++--- tests/test_exceptions.py | 51 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 4 deletions(-) diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index f9f6ec2e6..4e5437db1 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -332,10 +332,10 @@ class MethodNotAllowed(HTTPException): code = 405 description = "The method is not allowed for the requested URL." - def __init__(self, valid_methods=None, description=None): + def __init__(self, valid_methods=None, description=None, response=None): """Takes an optional list of valid http methods starting with werkzeug 0.3 the list will be mandatory.""" - HTTPException.__init__(self, description) + HTTPException.__init__(self, description, response=response) self.valid_methods = valid_methods def get_headers(self, environ=None): @@ -481,11 +481,11 @@ class RequestedRangeNotSatisfiable(HTTPException): code = 416 description = "The server cannot provide the requested range." - def __init__(self, length=None, units="bytes", description=None): + def __init__(self, length=None, units="bytes", description=None, response=None): """Takes an optional `Content-Range` header value based on ``length`` parameter. """ - HTTPException.__init__(self, description) + HTTPException.__init__(self, description, response=response) self.length = length self.units = units diff --git a/tests/test_exceptions.py b/tests/test_exceptions.py index d8b5d0905..61d839991 100644 --- a/tests/test_exceptions.py +++ b/tests/test_exceptions.py @@ -137,3 +137,54 @@ def test_retry_after_mixin(cls, value, expect): e = cls(retry_after=value) h = dict(e.get_headers({})) assert h["Retry-After"] == expect + + +@pytest.mark.parametrize( + "cls", + [ + exceptions.HTTPException, + exceptions.BadRequest, + exceptions.ClientDisconnected, + exceptions.SecurityError, + exceptions.BadHost, + exceptions.Unauthorized, + exceptions.Forbidden, + exceptions.NotFound, + exceptions.MethodNotAllowed, + exceptions.NotAcceptable, + exceptions.RequestTimeout, + exceptions.Conflict, + exceptions.Gone, + exceptions.LengthRequired, + exceptions.PreconditionFailed, + exceptions.RequestEntityTooLarge, + exceptions.RequestURITooLarge, + exceptions.UnsupportedMediaType, + exceptions.RequestedRangeNotSatisfiable, + exceptions.ExpectationFailed, + exceptions.ImATeapot, + exceptions.UnprocessableEntity, + exceptions.Locked, + exceptions.FailedDependency, + exceptions.PreconditionRequired, + exceptions.TooManyRequests, + exceptions.RequestHeaderFieldsTooLarge, + exceptions.UnavailableForLegalReasons, + exceptions.InternalServerError, + exceptions.NotImplemented, + exceptions.BadGateway, + exceptions.ServiceUnavailable, + exceptions.GatewayTimeout, + exceptions.HTTPVersionNotSupported, + ], +) +def test_passing_response(cls): + dummy_mimetype = "application/x-dummy" + + class TestResponse(Response): + default_mimetype = dummy_mimetype + + exc = cls(response=TestResponse("dummy")) + rp = exc.get_response({}) + assert rp.content_type == dummy_mimetype + assert isinstance(rp, TestResponse) From 0658f0ae7d0afea1371aaea8c6fbfa5c4252d7e1 Mon Sep 17 00:00:00 2001 From: David Lord Date: Wed, 18 Mar 2020 09:39:05 -0700 Subject: [PATCH 161/733] dynamic HTTPException response test --- CHANGES.rst | 2 ++ src/werkzeug/exceptions.py | 4 ++-- tests/test_exceptions.py | 48 ++++++-------------------------------- 3 files changed, 11 insertions(+), 43 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 3c33af0ce..86097d569 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -14,6 +14,8 @@ Unreleased headers. :issue:`1655` - Setting ``Response.status`` and ``status_code`` uses identical parsing and error checking. :issue:`1658`, :pr:`1728` +- ``MethodNotAllowed`` and ``RequestedRangeNotSatisfiable`` take a + ``response`` kwarg, consistent with other HTTP errors. :pr:`1748` Version 1.0.1 diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index 4e5437db1..4da93dc7c 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -335,7 +335,7 @@ class MethodNotAllowed(HTTPException): def __init__(self, valid_methods=None, description=None, response=None): """Takes an optional list of valid http methods starting with werkzeug 0.3 the list will be mandatory.""" - HTTPException.__init__(self, description, response=response) + HTTPException.__init__(self, description=description, response=response) self.valid_methods = valid_methods def get_headers(self, environ=None): @@ -485,7 +485,7 @@ def __init__(self, length=None, units="bytes", description=None, response=None): """Takes an optional `Content-Range` header value based on ``length`` parameter. """ - HTTPException.__init__(self, description, response=response) + HTTPException.__init__(self, description=description, response=response) self.length = length self.units = units diff --git a/tests/test_exceptions.py b/tests/test_exceptions.py index 61d839991..9844d47c8 100644 --- a/tests/test_exceptions.py +++ b/tests/test_exceptions.py @@ -17,6 +17,7 @@ from werkzeug import exceptions from werkzeug.datastructures import WWWAuthenticate +from werkzeug.exceptions import HTTPException from werkzeug.wrappers import Response @@ -141,50 +142,15 @@ def test_retry_after_mixin(cls, value, expect): @pytest.mark.parametrize( "cls", - [ - exceptions.HTTPException, - exceptions.BadRequest, - exceptions.ClientDisconnected, - exceptions.SecurityError, - exceptions.BadHost, - exceptions.Unauthorized, - exceptions.Forbidden, - exceptions.NotFound, - exceptions.MethodNotAllowed, - exceptions.NotAcceptable, - exceptions.RequestTimeout, - exceptions.Conflict, - exceptions.Gone, - exceptions.LengthRequired, - exceptions.PreconditionFailed, - exceptions.RequestEntityTooLarge, - exceptions.RequestURITooLarge, - exceptions.UnsupportedMediaType, - exceptions.RequestedRangeNotSatisfiable, - exceptions.ExpectationFailed, - exceptions.ImATeapot, - exceptions.UnprocessableEntity, - exceptions.Locked, - exceptions.FailedDependency, - exceptions.PreconditionRequired, - exceptions.TooManyRequests, - exceptions.RequestHeaderFieldsTooLarge, - exceptions.UnavailableForLegalReasons, - exceptions.InternalServerError, - exceptions.NotImplemented, - exceptions.BadGateway, - exceptions.ServiceUnavailable, - exceptions.GatewayTimeout, - exceptions.HTTPVersionNotSupported, - ], + sorted( + (e for e in HTTPException.__subclasses__() if e.code and e.code >= 400), + key=lambda e: e.code, + ), ) def test_passing_response(cls): - dummy_mimetype = "application/x-dummy" - class TestResponse(Response): - default_mimetype = dummy_mimetype + pass - exc = cls(response=TestResponse("dummy")) + exc = cls(response=TestResponse()) rp = exc.get_response({}) - assert rp.content_type == dummy_mimetype assert isinstance(rp, TestResponse) From d80925c2a5c4c1323f45dee9b2fb00d6cfda8c54 Mon Sep 17 00:00:00 2001 From: Joshua Bronson Date: Sun, 15 Mar 2020 17:00:24 -0400 Subject: [PATCH 162/733] Fix browser interop for multiple www_authenticate values. When serializing Unauthorized responses, produce one WWW-Authenticate header for each element in the www_authenticate attribute, rather than comma-joining all elements into a single WWW-Authenticate header, to improve interoperability with browsers and other clients. See https://stackoverflow.com/a/11253555 for more info. --- CHANGES.rst | 4 ++++ src/werkzeug/exceptions.py | 11 +++++++---- tests/test_exceptions.py | 9 +++++---- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 86097d569..1196e51dc 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -16,6 +16,10 @@ Unreleased parsing and error checking. :issue:`1658`, :pr:`1728` - ``MethodNotAllowed`` and ``RequestedRangeNotSatisfiable`` take a ``response`` kwarg, consistent with other HTTP errors. :pr:`1748` +- The response generated by :exc:`~exceptions.Unauthorized` produces + one ``WWW-Authenticate`` header per value in ``www_authenticate``, + rather than joining them into a single value, to improve + interoperability with browsers and other clients. :pr:`1755` Version 1.0.1 diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index 4da93dc7c..2966e0360 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -246,7 +246,12 @@ class Unauthorized(HTTPException): :param description: Override the default message used for the body of the response. :param www-authenticate: A single value, or list of values, for the - WWW-Authenticate header. + WWW-Authenticate header(s). + + .. versionchanged:: 2.0.0 + Serialize multiple ``www_authenticate`` items into multiple + ``WWW-Authenticate`` headers, rather than joining them + into a single value, for better interoperability. .. versionchanged:: 0.15.3 If the ``www_authenticate`` argument is not set, the @@ -284,9 +289,7 @@ def __init__(self, description=None, response=None, www_authenticate=None): def get_headers(self, environ=None): headers = HTTPException.get_headers(self, environ) if self.www_authenticate: - headers.append( - ("WWW-Authenticate", ", ".join([str(x) for x in self.www_authenticate])) - ) + headers.extend(("WWW-Authenticate", str(x)) for x in self.www_authenticate) return headers diff --git a/tests/test_exceptions.py b/tests/test_exceptions.py index 9844d47c8..68d0553f3 100644 --- a/tests/test_exceptions.py +++ b/tests/test_exceptions.py @@ -16,6 +16,7 @@ import pytest from werkzeug import exceptions +from werkzeug.datastructures import Headers from werkzeug.datastructures import WWWAuthenticate from werkzeug.exceptions import HTTPException from werkzeug.wrappers import Response @@ -105,15 +106,15 @@ def test_unauthorized_www_authenticate(): digest.set_digest("test", "test") exc = exceptions.Unauthorized(www_authenticate=basic) - h = dict(exc.get_headers({})) + h = Headers(exc.get_headers({})) assert h["WWW-Authenticate"] == str(basic) exc = exceptions.Unauthorized(www_authenticate=[digest, basic]) - h = dict(exc.get_headers({})) - assert h["WWW-Authenticate"] == ", ".join((str(digest), str(basic))) + h = Headers(exc.get_headers({})) + assert h.get_all("WWW-Authenticate") == [str(digest), str(basic)] exc = exceptions.Unauthorized() - h = dict(exc.get_headers({})) + h = Headers(exc.get_headers({})) assert "WWW-Authenticate" not in h From b30355264efaac7dd1cf442d405cd7e2628f374f Mon Sep 17 00:00:00 2001 From: northernSage Date: Tue, 17 Mar 2020 23:38:51 -0300 Subject: [PATCH 163/733] deprecate format_string, use string.Template --- src/werkzeug/routing.py | 10 +++++----- src/werkzeug/utils.py | 9 +++++++++ 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index 86292e161..d4b53ae75 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -101,6 +101,7 @@ import uuid import warnings from pprint import pformat +from string import Template from threading import Lock from ._internal import _encode_idna @@ -120,7 +121,6 @@ from .urls import url_join from .urls import url_quote from .utils import cached_property -from .utils import format_string from .utils import redirect from .wsgi import get_host @@ -473,15 +473,15 @@ def get_rules(self, map): new_defaults = {} for key, value in rule.defaults.items(): if isinstance(value, str): - value = format_string(value, self.context) + value = Template(value).substitute(self.context) new_defaults[key] = value if rule.subdomain is not None: - subdomain = format_string(rule.subdomain, self.context) + subdomain = Template(rule.subdomain).substitute(self.context) new_endpoint = rule.endpoint if isinstance(new_endpoint, str): - new_endpoint = format_string(new_endpoint, self.context) + new_endpoint = Template(new_endpoint).substitute(self.context) yield Rule( - format_string(rule.rule, self.context), + Template(rule.rule).substitute(self.context), new_defaults, subdomain, rule.methods, diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index f03c133e2..d36934015 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -14,6 +14,7 @@ import pkgutil import re import sys +import warnings from html.entities import name2codepoint from ._internal import _DictAccessorProperty @@ -362,6 +363,14 @@ def format_string(string, context): :param context: a dict with the variables to insert. """ + warnings.warn( + "'utils.format_string' is deprecated" + " and will be removed in 2.1. Use " + "'string.Template' instead.", + DeprecationWarning, + stacklevel=2, + ) + def lookup_arg(match): x = context[match.group(1) or match.group(2)] if not isinstance(x, str): From 6ef5ecac1f26c15cbf1a6fea1d01903084167b43 Mon Sep 17 00:00:00 2001 From: David Lord Date: Wed, 18 Mar 2020 12:28:48 -0700 Subject: [PATCH 164/733] replace format_string code with Template add deprecation docs and changelog --- CHANGES.rst | 2 ++ src/werkzeug/utils.py | 22 ++++++++-------------- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 86097d569..f7fcfaf8e 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -6,6 +6,8 @@ Version 2.0.0 Unreleased - Drop support for Python 2 and 3.5. :pr:`1693` +- Deprecate :func:`utils.format_string`, use :class:`string.Template` + instead. :issue:`1756` - Add a ``url_scheme`` argument to :meth:`~routing.MapAdapter.build` to override the bound scheme. :pr:`1721` - When passing a ``Headers`` object to a test client method or diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index d36934015..692044aec 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -21,7 +21,6 @@ from ._internal import _missing from ._internal import _parse_signature -_format_re = re.compile(r"\$(?:([a-zA-Z_][a-zA-Z0-9_]*)|\{([a-zA-Z_][a-zA-Z0-9_]*)\})") _entity_re = re.compile(r"&([^;]+);") _filename_ascii_strip_re = re.compile(r"[^A-Za-z0-9_.-]") _windows_device_files = ( @@ -356,28 +355,23 @@ def format_string(string, context): >>> format_string('$foo and ${foo}s', dict(foo=42)) '42 and 42s' - This does not do any attribute lookup etc. For more advanced string - formattings have a look at the `werkzeug.template` module. + This does not do any attribute lookup. :param string: the format string. :param context: a dict with the variables to insert. + + .. deprecated:: 2.0 + Will be removed in 2.1. Use :class:`string.Template` instead. """ + from string import Template warnings.warn( - "'utils.format_string' is deprecated" - " and will be removed in 2.1. Use " - "'string.Template' instead.", + "'utils.format_string' is deprecated and will be removed in" + " 2.1. Use 'string.Template' instead.", DeprecationWarning, stacklevel=2, ) - - def lookup_arg(match): - x = context[match.group(1) or match.group(2)] - if not isinstance(x, str): - x = type(string)(x) - return x - - return _format_re.sub(lookup_arg, string) + return Template(string).substitute(context) def secure_filename(filename): From e3aecede89cf771d6435dc71991d065ff5e85637 Mon Sep 17 00:00:00 2001 From: David Lord Date: Wed, 18 Mar 2020 14:11:46 -0700 Subject: [PATCH 165/733] remove unneeded local.get_ident compat --- src/werkzeug/local.py | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py index 69c9746b5..d1355a77f 100644 --- a/src/werkzeug/local.py +++ b/src/werkzeug/local.py @@ -12,17 +12,13 @@ from .wsgi import ClosingIterator -# since each thread has its own greenlet we can just use those as identifiers -# for the context. If greenlets are not available we fall back to the -# current thread ident depending on where it is. +# Each thread has its own greenlet, use that as the identifier for the +# context. If greenlets are not available fall back to the current +# thread ident. try: from greenlet import getcurrent as get_ident except ImportError: - try: - from thread import get_ident - except ImportError: - # Python < 3.7 - from _thread import get_ident + from threading import get_ident def release_local(local): From 361c3af48df21f7b24b9d26afa7a6cc11963e869 Mon Sep 17 00:00:00 2001 From: David Lord Date: Wed, 18 Mar 2020 14:55:33 -0700 Subject: [PATCH 166/733] remove unmaintained benchmark script --- bench/wzbench.py | 481 ----------------------------------------------- 1 file changed, 481 deletions(-) delete mode 100755 bench/wzbench.py diff --git a/bench/wzbench.py b/bench/wzbench.py deleted file mode 100755 index 116568787..000000000 --- a/bench/wzbench.py +++ /dev/null @@ -1,481 +0,0 @@ -#!/usr/bin/env python -""" - wzbench - ~~~~~~~ - - A werkzeug internal benchmark module. It's used in combination with - hg bisect to find out how the Werkzeug performance of some internal - core parts changes over time. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" -import gc -import os -import subprocess -import sys -from io import StringIO -from timeit import default_timer as timer -from types import FunctionType - -# create a new module where we later store all the werkzeug attributes. -wz = type(sys)("werkzeug_nonlazy") -sys.path.insert(0, "") -null_out = open(os.devnull, "w") - -# ±4% are ignored -TOLERANCE = 0.04 -MIN_RESOLUTION = 0.002 - -# we run each test 5 times -TEST_RUNS = 5 - - -def find_hg_tag(path): - """Returns the current node or tag for the given path.""" - tags = {} - try: - client = subprocess.Popen( - ["hg", "cat", "-r", "tip", ".hgtags"], stdout=subprocess.PIPE, cwd=path - ) - for line in client.communicate()[0].splitlines(): - line = line.strip() - if not line: - continue - hash, tag = line.split() - tags[hash] = tag - except OSError: - return - - client = subprocess.Popen( - ["hg", "parent", "--template", "#node#"], stdout=subprocess.PIPE, cwd=path - ) - - tip = client.communicate()[0].strip() - tag = tags.get(tip) - if tag is not None: - return tag - return tip - - -def load_werkzeug(path): - """Load werkzeug.""" - sys.path[0] = path - - # get rid of already imported stuff - wz.__dict__.clear() - for key in sys.modules.keys(): - if key.startswith("werkzeug.") or key == "werkzeug": - sys.modules.pop(key, None) - - # import werkzeug again. - import werkzeug - - for key in werkzeug.__all__: - setattr(wz, key, getattr(werkzeug, key)) - - # get the hg tag - hg_tag = find_hg_tag(path) - - # get the real version from the setup file - try: - f = open(os.path.join(path, "setup.py")) - except OSError: - pass - else: - try: - for line in f: - line = line.strip() - if line.startswith("version="): - return line[8:].strip(" \t,")[1:-1], hg_tag - finally: - f.close() - print("Unknown werkzeug version loaded", file=sys.stderr) - sys.exit(2) - - -def median(seq): - seq = sorted(seq) - if not seq: - return 0.0 - return seq[len(seq) // 2] - - -def format_func(func): - if type(func) is FunctionType: - name = func.__name__ - else: - name = func - if name.startswith("time_"): - name = name[5:] - return name.replace("_", " ").title() - - -def bench(func): - """Times a single function.""" - sys.stdout.write(f"{format_func(func):44} ") - sys.stdout.flush() - - # figure out how many times we have to run the function to - # get reliable timings. - for i in range(3, 10): - rounds = 1 << i - t = timer() - for _ in range(rounds): - func() - if timer() - t >= 0.2: - break - - # now run the tests without gc TEST_RUNS times and use the median - # value of these runs. - def _run(): - gc.collect() - gc.disable() - try: - t = timer() - for _ in range(rounds): - func() - return (timer() - t) / rounds * 1000 - finally: - gc.enable() - - delta = median(_run() for _ in range(TEST_RUNS)) - sys.stdout.write(f"{delta:.4f}\n") - sys.stdout.flush() - - return delta - - -def main(): - """The main entrypoint.""" - from optparse import OptionParser - - parser = OptionParser(usage="%prog [options]") - parser.add_option( - "--werkzeug-path", - "-p", - dest="path", - default="..", - help="the path to the werkzeug package. defaults to cwd", - ) - parser.add_option( - "--compare", - "-c", - dest="compare", - nargs=2, - default=False, - help="compare two hg nodes of Werkzeug", - ) - parser.add_option( - "--init-compare", - dest="init_compare", - action="store_true", - default=False, - help="Initializes the comparison feature", - ) - options, args = parser.parse_args() - if args: - parser.error("Script takes no arguments") - if options.compare: - compare(*options.compare) - elif options.init_compare: - init_compare() - else: - run(options.path) - - -def init_compare(): - """Initializes the comparison feature.""" - print("Initializing comparison feature") - subprocess.Popen(["hg", "clone", "..", "a"]).wait() - subprocess.Popen(["hg", "clone", "..", "b"]).wait() - - -def compare(node1, node2): - """Compares two Werkzeug hg versions.""" - if not os.path.isdir("a"): - print("error: comparison feature not initialized", file=sys.stderr) - sys.exit(4) - - print("=" * 80) - print("WERKZEUG INTERNAL BENCHMARK -- COMPARE MODE".center(80)) - print("-" * 80) - - def _hg_update(repo, node): - def hg(*x): - return subprocess.call( - ["hg"] + list(x), cwd=repo, stdout=null_out, stderr=null_out - ) - - hg("revert", "-a", "--no-backup") - client = subprocess.Popen( - ["hg", "status", "--unknown", "-n", "-0"], stdout=subprocess.PIPE, cwd=repo - ) - unknown = client.communicate()[0] - if unknown: - client = subprocess.Popen( - ["xargs", "-0", "rm", "-f"], - cwd=repo, - stdout=null_out, - stdin=subprocess.PIPE, - ) - client.communicate(unknown) - hg("pull", "../..") - hg("update", node) - if node == "tip": - diff = subprocess.Popen( - ["hg", "diff"], cwd="..", stdout=subprocess.PIPE - ).communicate()[0] - if diff: - client = subprocess.Popen( - ["hg", "import", "--no-commit", "-"], - cwd=repo, - stdout=null_out, - stdin=subprocess.PIPE, - ) - client.communicate(diff) - - _hg_update("a", node1) - _hg_update("b", node2) - d1 = run("a", no_header=True) - d2 = run("b", no_header=True) - - print("DIRECT COMPARISON".center(80)) - print("-" * 80) - for key in sorted(d1): - delta = d1[key] - d2[key] - if abs(1 - d1[key] / d2[key]) < TOLERANCE or abs(delta) < MIN_RESOLUTION: - delta = "==" - else: - pct = round(d2[key] / d1[key] * 100 - 100) - delta = f"{delta:+.4f} ({pct:+d}%)" - print(f"{format_func(key):>36} {d1[key]:.4f} {d2[key]:.4f} {delta}") - print("-" * 80) - - -def run(path, no_header=False): - path = os.path.abspath(path) - wz_version, hg_tag = load_werkzeug(path) - result = {} - if not no_header: - print("=" * 80) - print("WERKZEUG INTERNAL BENCHMARK".center(80)) - print("-" * 80) - print(f"Path: {path}") - print(f"Version: {wz_version}") - if hg_tag is not None: - print(f"HG Tag: {hg_tag}") - print("-" * 80) - for key, value in sorted(globals().items()): - if key.startswith("time_"): - before = globals().get(f"before_{key[5:]}") - if before: - before() - result[key] = bench(value) - after = globals().get(f"after_{key[5:]}") - if after: - after() - print("-" * 80) - return result - - -URL_DECODED_DATA = {str(x): str(x) for x in range(100)} -URL_ENCODED_DATA = "&".join(f"{k}={v}" for k, v in URL_DECODED_DATA.items()) -MULTIPART_ENCODED_DATA = "\n".join( - ( - "--foo", - "Content-Disposition: form-data; name=foo", - "", - "this is just bar", - "--foo", - "Content-Disposition: form-data; name=bar", - "", - "blafasel", - "--foo", - "Content-Disposition: form-data; name=foo; filename=wzbench.py", - "Content-Type: text/plain", - "", - open(__file__.rstrip("c")).read(), - "--foo--", - ) -) -MULTIDICT = None -REQUEST = None -TEST_ENV = None -LOCAL = None -LOCAL_MANAGER = None - - -def time_url_decode(): - wz.url_decode(URL_ENCODED_DATA) - - -def time_url_encode(): - wz.url_encode(URL_DECODED_DATA) - - -def time_parse_form_data_multipart(): - # use a hand written env creator so that we don't bench - # from_values which is known to be slowish in 0.5.1 and higher. - # we don't want to bench two things at once. - environ = { - "REQUEST_METHOD": "POST", - "CONTENT_TYPE": "multipart/form-data; boundary=foo", - "wsgi.input": StringIO(MULTIPART_ENCODED_DATA), - "CONTENT_LENGTH": str(len(MULTIPART_ENCODED_DATA)), - } - request = wz.Request(environ) - request.form - - -def before_multidict_lookup_hit(): - global MULTIDICT - MULTIDICT = wz.MultiDict({"foo": "bar"}) - - -def time_multidict_lookup_hit(): - MULTIDICT["foo"] - - -def after_multidict_lookup_hit(): - global MULTIDICT - MULTIDICT = None - - -def before_multidict_lookup_miss(): - global MULTIDICT - MULTIDICT = wz.MultiDict() - - -def time_multidict_lookup_miss(): - try: - MULTIDICT["foo"] - except KeyError: - pass - - -def after_multidict_lookup_miss(): - global MULTIDICT - MULTIDICT = None - - -def time_cached_property(): - class Foo: - @wz.cached_property - def x(self): - return 42 - - f = Foo() - for _ in range(60): - f.x - - -def before_request_form_access(): - global REQUEST - data = "foo=bar&blah=blub" - REQUEST = wz.Request( - { - "CONTENT_LENGTH": str(len(data)), - "wsgi.input": StringIO(data), - "REQUEST_METHOD": "POST", - "wsgi.version": (1, 0), - "QUERY_STRING": data, - "CONTENT_TYPE": "application/x-www-form-urlencoded", - "PATH_INFO": "/", - "SCRIPT_NAME": "", - } - ) - - -def time_request_form_access(): - for _ in range(30): - REQUEST.path - REQUEST.script_root - REQUEST.args["foo"] - REQUEST.form["foo"] - - -def after_request_form_access(): - global REQUEST - REQUEST = None - - -def time_request_from_values(): - wz.Request.from_values( - base_url="http://www.google.com/", - query_string="foo=bar&blah=blaz", - input_stream=StringIO(MULTIPART_ENCODED_DATA), - content_length=len(MULTIPART_ENCODED_DATA), - content_type="multipart/form-data; boundary=foo", - method="POST", - ) - - -def before_request_shallow_init(): - global TEST_ENV - TEST_ENV = wz.create_environ() - - -def time_request_shallow_init(): - wz.Request(TEST_ENV, shallow=True) - - -def after_request_shallow_init(): - global TEST_ENV - TEST_ENV = None - - -def time_response_iter_performance(): - resp = wz.Response("Hällo Wörld " * 1000, mimetype="text/html") - for _ in resp({"REQUEST_METHOD": "GET"}, lambda *s: None): - pass - - -def time_response_iter_head_performance(): - resp = wz.Response("Hällo Wörld " * 1000, mimetype="text/html") - for _ in resp({"REQUEST_METHOD": "HEAD"}, lambda *s: None): - pass - - -def before_local_manager_dispatch(): - global LOCAL_MANAGER, LOCAL - LOCAL = wz.Local() - LOCAL_MANAGER = wz.LocalManager([LOCAL]) - - -def time_local_manager_dispatch(): - for _ in range(10): - LOCAL.x = 42 - for _ in range(10): - LOCAL.x - - -def after_local_manager_dispatch(): - global LOCAL_MANAGER, LOCAL - LOCAL = LOCAL_MANAGER = None - - -def before_html_builder(): - global TABLE - TABLE = [["col 1", "col 2", "col 3", "4", "5", "6"] for x in range(10)] - - -def time_html_builder(): - html_rows = [] - for row in TABLE: # noqa - html_cols = [wz.html.td(col, class_="col") for col in row] - html_rows.append(wz.html.tr(class_="row", *html_cols)) - wz.html.table(*html_rows) - - -def after_html_builder(): - global TABLE - TABLE = None - - -if __name__ == "__main__": - os.chdir(os.path.dirname(__file__) or os.path.curdir) - try: - main() - except KeyboardInterrupt: - print("\nInterrupted!", file=sys.stderr) From 565755fa622903cd10155762869d960513279526 Mon Sep 17 00:00:00 2001 From: David Lord Date: Wed, 18 Mar 2020 14:57:06 -0700 Subject: [PATCH 167/733] remove undocumented test script --- tests/multipart/__init__.py | 0 tests/multipart/test_collect.py | 60 --------------------------------- 2 files changed, 60 deletions(-) delete mode 100644 tests/multipart/__init__.py delete mode 100644 tests/multipart/test_collect.py diff --git a/tests/multipart/__init__.py b/tests/multipart/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/tests/multipart/test_collect.py b/tests/multipart/test_collect.py deleted file mode 100644 index 079bd1173..000000000 --- a/tests/multipart/test_collect.py +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/bin/env python -""" -Hacky helper application to collect form data. -""" -from werkzeug.serving import run_simple -from werkzeug.wrappers import Request -from werkzeug.wrappers import Response - - -def copy_stream(request): - from os import mkdir - from time import time - - folder = f"request-{time()}" - mkdir(folder) - environ = request.environ - f = open(f"{folder}/request.http", "wb+") - f.write(environ["wsgi.input"].read(int(environ["CONTENT_LENGTH"]))) - f.flush() - f.seek(0) - environ["wsgi.input"] = f - request.stat_folder = folder - - -def stats(request): - copy_stream(request) - f1 = request.files["file1"] - f2 = request.files["file2"] - text = request.form["text"] - f1.save(f"{request.stat_folder}/file1.bin") - f2.save(f"{request.stat_folder}/file2.bin") - with open(f"{request.stat_folder}/text.txt", "w") as f: - f.write(text.encode("utf-8")) - return Response("Done.") - - -def upload_file(request): - return Response( - """

    Upload File

    - -
    -
    -
    - - """, - mimetype="text/html", - ) - - -def application(environ, start_responseonse): - request = Request(environ) - if request.method == "POST": - response = stats(request) - else: - response = upload_file(request) - return response(environ, start_responseonse) - - -if __name__ == "__main__": - run_simple("localhost", 5000, application, use_debugger=True) From 13e842872e4281ddb06f3db4234c37cea81117ce Mon Sep 17 00:00:00 2001 From: David Lord Date: Wed, 18 Mar 2020 15:01:06 -0700 Subject: [PATCH 168/733] remove unused module docstrings --- examples/coolmagic/__init__.py | 9 -- examples/coolmagic/application.py | 15 +-- examples/coolmagic/helpers.py | 10 -- examples/coolmagic/utils.py | 14 +-- examples/coolmagic/views/__init__.py | 9 -- examples/coolmagic/views/static.py | 9 -- examples/cupoftee/__init__.py | 10 +- examples/cupoftee/application.py | 9 -- examples/cupoftee/db.py | 11 +- examples/cupoftee/network.py | 10 +- examples/cupoftee/pages.py | 9 -- examples/cupoftee/utils.py | 9 -- examples/httpbasicauth.py | 11 +- examples/manage-coolmagic.py | 10 -- examples/manage-couchy.py | 1 - examples/manage-cupoftee.py | 1 - examples/manage-i18nurls.py | 10 -- examples/manage-plnt.py | 10 -- examples/manage-shorty.py | 1 - examples/manage-simplewiki.py | 10 -- examples/manage-webpylike.py | 14 --- examples/plnt/__init__.py | 10 +- examples/plnt/database.py | 9 -- examples/plnt/sync.py | 10 +- examples/plnt/utils.py | 9 -- examples/plnt/views.py | 10 +- examples/plnt/webapp.py | 9 -- examples/shortly/shortly.py | 10 +- examples/simplewiki/__init__.py | 11 +- examples/simplewiki/actions.py | 17 +-- examples/simplewiki/application.py | 13 +-- examples/simplewiki/database.py | 9 -- examples/simplewiki/specialpages.py | 11 +- examples/simplewiki/utils.py | 10 -- examples/upload.py | 11 +- examples/webpylike/example.py | 9 -- examples/webpylike/webpylike.py | 13 +-- src/werkzeug/__init__.py | 16 +-- src/werkzeug/_internal.py | 10 -- src/werkzeug/datastructures.py | 9 -- src/werkzeug/debug/__init__.py | 9 -- src/werkzeug/debug/console.py | 9 -- src/werkzeug/debug/repr.py | 16 +-- src/werkzeug/debug/tbtools.py | 9 -- src/werkzeug/exceptions.py | 80 ++++++------- src/werkzeug/filesystem.py | 9 -- src/werkzeug/formparser.py | 10 -- src/werkzeug/http.py | 17 --- src/werkzeug/local.py | 9 -- src/werkzeug/middleware/__init__.py | 3 - src/werkzeug/posixemulation.py | 19 +-- src/werkzeug/routing.py | 165 ++++++++++++++------------- src/werkzeug/security.py | 9 -- src/werkzeug/serving.py | 37 ++---- src/werkzeug/test.py | 9 -- src/werkzeug/testapp.py | 11 +- src/werkzeug/useragents.py | 12 -- src/werkzeug/utils.py | 11 -- src/werkzeug/wrappers/__init__.py | 16 --- src/werkzeug/wsgi.py | 9 -- tests/conftest.py | 7 -- tests/test_datastructures.py | 19 --- tests/test_debug.py | 9 -- tests/test_exceptions.py | 13 --- tests/test_formparser.py | 9 -- tests/test_http.py | 9 -- tests/test_internal.py | 9 -- tests/test_local.py | 9 -- tests/test_routing.py | 9 -- tests/test_security.py | 9 -- tests/test_serving.py | 9 -- tests/test_test.py | 9 -- tests/test_urls.py | 9 -- tests/test_utils.py | 9 -- tests/test_wrappers.py | 9 -- tests/test_wsgi.py | 9 -- 76 files changed, 174 insertions(+), 849 deletions(-) diff --git a/examples/coolmagic/__init__.py b/examples/coolmagic/__init__.py index 77a0324c1..2d6c9047e 100644 --- a/examples/coolmagic/__init__.py +++ b/examples/coolmagic/__init__.py @@ -1,10 +1 @@ -""" - coolmagic - ~~~~~~~~~ - - Package description goes here. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" from .application import make_app diff --git a/examples/coolmagic/application.py b/examples/coolmagic/application.py index a6add0f85..819616b00 100644 --- a/examples/coolmagic/application.py +++ b/examples/coolmagic/application.py @@ -1,15 +1,8 @@ -""" - coolmagic.application - ~~~~~~~~~~~~~~~~~~~~~ - - This module provides the WSGI application. - - The WSGI middlewares are applied in the `make_app` factory function - that automatically wraps the application within the require - middlewares. Per default only the `SharedDataMiddleware` is applied. +"""This module provides the WSGI application. - :copyright: 2007 Pallets - :license: BSD-3-Clause +The WSGI middlewares are applied in the `make_app` factory function that +automatically wraps the application within the require middlewares. Per +default only the `SharedDataMiddleware` is applied. """ from os import listdir from os import path diff --git a/examples/coolmagic/helpers.py b/examples/coolmagic/helpers.py index 61cf14bda..9074a2414 100644 --- a/examples/coolmagic/helpers.py +++ b/examples/coolmagic/helpers.py @@ -1,15 +1,5 @@ -""" - coolmagic.helpers - ~~~~~~~~~~~~~~~~~ - - The star-import module for all views. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" from .utils import ThreadedRequest - #: a thread local proxy request object request = ThreadedRequest() del ThreadedRequest diff --git a/examples/coolmagic/utils.py b/examples/coolmagic/utils.py index 809a54ba9..f96b20920 100644 --- a/examples/coolmagic/utils.py +++ b/examples/coolmagic/utils.py @@ -1,14 +1,6 @@ -""" - coolmagic.utils - ~~~~~~~~~~~~~~~ - - This module contains the subclasses of the base request and response - objects provided by werkzeug. The subclasses know about their charset - and implement some additional functionality like the ability to link - to view functions. - - :copyright: 2007 Pallets - :license: BSD-3-Clause +"""Subclasses of the base request and response objects provided by +werkzeug. The subclasses know about their charset and implement some +additional functionality like the ability to link to view functions. """ from os.path import dirname from os.path import join diff --git a/examples/coolmagic/views/__init__.py b/examples/coolmagic/views/__init__.py index 9052b42d3..e69de29bb 100644 --- a/examples/coolmagic/views/__init__.py +++ b/examples/coolmagic/views/__init__.py @@ -1,9 +0,0 @@ -""" - coolmagic.views - ~~~~~~~~~~~~~~~ - - This module collects and assambles the urls. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" diff --git a/examples/coolmagic/views/static.py b/examples/coolmagic/views/static.py index 12ef930c4..c61e01427 100644 --- a/examples/coolmagic/views/static.py +++ b/examples/coolmagic/views/static.py @@ -1,12 +1,3 @@ -""" - coolmagic.views.static - ~~~~~~~~~~~~~~~~~~~~~~ - - Some static views. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" from coolmagic.utils import export diff --git a/examples/cupoftee/__init__.py b/examples/cupoftee/__init__.py index 8f9c9cb83..d009f775d 100644 --- a/examples/cupoftee/__init__.py +++ b/examples/cupoftee/__init__.py @@ -1,10 +1,2 @@ -""" - cupoftee - ~~~~~~~~ - - Werkzeug powered Teeworlds Server Browser. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" +"""Werkzeug powered Teeworlds Server Browser.""" from .application import make_app diff --git a/examples/cupoftee/application.py b/examples/cupoftee/application.py index 57a7758c0..2b549bfb4 100644 --- a/examples/cupoftee/application.py +++ b/examples/cupoftee/application.py @@ -1,12 +1,3 @@ -""" - cupoftee.application - ~~~~~~~~~~~~~~~~~~~~ - - The WSGI application for the cup of tee browser. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import time from os import path from threading import Thread diff --git a/examples/cupoftee/db.py b/examples/cupoftee/db.py index 1e833a173..97c2c51cb 100644 --- a/examples/cupoftee/db.py +++ b/examples/cupoftee/db.py @@ -1,12 +1,5 @@ -""" - cupoftee.db - ~~~~~~~~~~~ - - A simple object database. As long as the server is not running in - multiprocess mode that's good enough. - - :copyright: 2007 Pallets - :license: BSD-3-Clause +"""A simple object database. As long as the server is not running in +multiprocess mode that's good enough. """ import dbm from pickle import dumps diff --git a/examples/cupoftee/network.py b/examples/cupoftee/network.py index 85012b373..906f8ff4f 100644 --- a/examples/cupoftee/network.py +++ b/examples/cupoftee/network.py @@ -1,12 +1,4 @@ -""" - cupoftee.network - ~~~~~~~~~~~~~~~~~ - - Query the servers for information. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" +"""Query the servers for information.""" import socket from datetime import datetime from math import log diff --git a/examples/cupoftee/pages.py b/examples/cupoftee/pages.py index b47be0efc..e22e60fac 100644 --- a/examples/cupoftee/pages.py +++ b/examples/cupoftee/pages.py @@ -1,12 +1,3 @@ -""" - cupoftee.pages - ~~~~~~~~~~~~~~ - - The pages. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" from functools import reduce from werkzeug.exceptions import NotFound diff --git a/examples/cupoftee/utils.py b/examples/cupoftee/utils.py index 7708633b9..da4453a2f 100644 --- a/examples/cupoftee/utils.py +++ b/examples/cupoftee/utils.py @@ -1,12 +1,3 @@ -""" - cupoftee.utils - ~~~~~~~~~~~~~~ - - Various utilities. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import re diff --git a/examples/httpbasicauth.py b/examples/httpbasicauth.py index 8303a5d24..7ceaa4d49 100644 --- a/examples/httpbasicauth.py +++ b/examples/httpbasicauth.py @@ -1,12 +1,5 @@ -""" - HTTP Basic Auth Example - ~~~~~~~~~~~~~~~~~~~~~~~ - - Shows how you can implement HTTP basic auth support without an - additional component. - - :copyright: 2007 Pallets - :license: BSD-3-Clause +"""Shows how you can implement HTTP basic auth support without an +additional component. """ from werkzeug.serving import run_simple from werkzeug.wrappers import Request diff --git a/examples/manage-coolmagic.py b/examples/manage-coolmagic.py index f5817d38e..73bbb8fc2 100755 --- a/examples/manage-coolmagic.py +++ b/examples/manage-coolmagic.py @@ -1,13 +1,3 @@ -#!/usr/bin/env python -""" - Manage Coolmagic - ~~~~~~~~~~~~~~~~ - - Manage the coolmagic example application. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import click from werkzeug.serving import run_simple diff --git a/examples/manage-couchy.py b/examples/manage-couchy.py index 8a00a4007..db9d19b78 100755 --- a/examples/manage-couchy.py +++ b/examples/manage-couchy.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python import click from werkzeug.serving import run_simple diff --git a/examples/manage-cupoftee.py b/examples/manage-cupoftee.py index a787f3247..99f7179af 100755 --- a/examples/manage-cupoftee.py +++ b/examples/manage-cupoftee.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python """ Manage Cup Of Tee ~~~~~~~~~~~~~~~~~ diff --git a/examples/manage-i18nurls.py b/examples/manage-i18nurls.py index 2a1330e84..71ddfc948 100755 --- a/examples/manage-i18nurls.py +++ b/examples/manage-i18nurls.py @@ -1,13 +1,3 @@ -#!/usr/bin/env python -""" - Manage i18nurls - ~~~~~~~~~~~~~~~ - - Manage the i18n url example application. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import click from werkzeug.serving import run_simple diff --git a/examples/manage-plnt.py b/examples/manage-plnt.py index 0afca374c..ff083b88b 100755 --- a/examples/manage-plnt.py +++ b/examples/manage-plnt.py @@ -1,13 +1,3 @@ -#!/usr/bin/env python -""" - Manage plnt - ~~~~~~~~~~~ - - This script manages the plnt application. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import os import click diff --git a/examples/manage-shorty.py b/examples/manage-shorty.py index f70fffdd0..1dc4278eb 100755 --- a/examples/manage-shorty.py +++ b/examples/manage-shorty.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python import os import tempfile diff --git a/examples/manage-simplewiki.py b/examples/manage-simplewiki.py index 097883924..9f578183e 100755 --- a/examples/manage-simplewiki.py +++ b/examples/manage-simplewiki.py @@ -1,13 +1,3 @@ -#!/usr/bin/env python -""" - Manage SimpleWiki - ~~~~~~~~~~~~~~~~~ - - This script provides some basic commands to debug and test SimpleWiki. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import os import click diff --git a/examples/manage-webpylike.py b/examples/manage-webpylike.py index 974cf3562..0cb15aae5 100755 --- a/examples/manage-webpylike.py +++ b/examples/manage-webpylike.py @@ -1,17 +1,3 @@ -#!/usr/bin/env python -""" - Manage web.py like application - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - - A small example application that is built after the web.py tutorial. We - even use regular expression based dispatching. The original code can be - found on the `webpy.org webpage`__ in the tutorial section. - - __ http://webpy.org/tutorial2.en - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import os import sys diff --git a/examples/plnt/__init__.py b/examples/plnt/__init__.py index 5a6a0c39c..81f235969 100644 --- a/examples/plnt/__init__.py +++ b/examples/plnt/__init__.py @@ -1,10 +1,2 @@ -""" - plnt - ~~~~ - - Noun. plnt (plant) -- a planet application that sounds like a herb. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" +"""A planet application, pronounced "plant".""" from .webapp import Plnt diff --git a/examples/plnt/database.py b/examples/plnt/database.py index 03a3688d9..a3d20d7c8 100644 --- a/examples/plnt/database.py +++ b/examples/plnt/database.py @@ -1,12 +1,3 @@ -""" - plnt.database - ~~~~~~~~~~~~~ - - The database definitions for the planet. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" from sqlalchemy import Column from sqlalchemy import DateTime from sqlalchemy import ForeignKey diff --git a/examples/plnt/sync.py b/examples/plnt/sync.py index 09afa9ecc..8b0390240 100644 --- a/examples/plnt/sync.py +++ b/examples/plnt/sync.py @@ -1,12 +1,4 @@ -""" - plnt.sync - ~~~~~~~~~ - - Does the synchronization. Called by "manage-plnt.py sync" - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" +"""Does the synchronization. Called by "manage-plnt.py sync".""" from datetime import datetime import feedparser diff --git a/examples/plnt/utils.py b/examples/plnt/utils.py index 0f1878f82..b4e0f60a2 100644 --- a/examples/plnt/utils.py +++ b/examples/plnt/utils.py @@ -1,12 +1,3 @@ -""" - plnt.utils - ~~~~~~~~~~ - - The planet utilities. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import re from os import path diff --git a/examples/plnt/views.py b/examples/plnt/views.py index 6d8668d5f..1729f9a23 100644 --- a/examples/plnt/views.py +++ b/examples/plnt/views.py @@ -1,12 +1,4 @@ -""" - plnt.views - ~~~~~~~~~~ - - Display the aggregated feeds. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" +"""Display the aggregated feeds.""" from datetime import date from .database import Entry diff --git a/examples/plnt/webapp.py b/examples/plnt/webapp.py index 347148137..eefea1328 100644 --- a/examples/plnt/webapp.py +++ b/examples/plnt/webapp.py @@ -1,12 +1,3 @@ -""" - plnt.webapp - ~~~~~~~~~~~ - - The web part of the planet. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" from os import path from sqlalchemy import create_engine diff --git a/examples/shortly/shortly.py b/examples/shortly/shortly.py index f97373111..063bf2658 100644 --- a/examples/shortly/shortly.py +++ b/examples/shortly/shortly.py @@ -1,12 +1,4 @@ -""" - shortly - ~~~~~~~ - - A simple URL shortener using Werkzeug and redis. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" +"""A simple URL shortener using Werkzeug and redis.""" import os import redis diff --git a/examples/simplewiki/__init__.py b/examples/simplewiki/__init__.py index fae8a2695..827ac0709 100644 --- a/examples/simplewiki/__init__.py +++ b/examples/simplewiki/__init__.py @@ -1,11 +1,4 @@ -""" - simplewiki - ~~~~~~~~~~ - - Very simple wiki application based on Genshi, Werkzeug and SQLAlchemy. - Additionally the creoleparser is used for the wiki markup. - - :copyright: 2007 Pallets - :license: BSD-3-Clause +"""Very simple wiki application based on Genshi, Werkzeug and +SQLAlchemy. Additionally the creoleparser is used for the wiki markup. """ from .application import SimpleWiki diff --git a/examples/simplewiki/actions.py b/examples/simplewiki/actions.py index 77384accf..93237f185 100644 --- a/examples/simplewiki/actions.py +++ b/examples/simplewiki/actions.py @@ -1,15 +1,8 @@ -""" - simplewiki.actions - ~~~~~~~~~~~~~~~~~~ - - The per page actions. The actions are defined in the URL with the - `action` parameter and directly dispatched to the functions in this - module. In the module the actions are prefixed with 'on_', so be - careful not to name any other objects in the module with the same - prefix unless you want to act them as actions. - - :copyright: 2007 Pallets - :license: BSD-3-Clause +"""The per page actions. The actions are defined in the URL with the +``action`` parameter and directly dispatched to the functions in this +module. In the module the actions are prefixed with '`on_`', so be +careful not to name any other objects in the module with the same prefix +unless you want to act them as actions. """ from difflib import unified_diff diff --git a/examples/simplewiki/application.py b/examples/simplewiki/application.py index 42769b447..e6efb4a55 100644 --- a/examples/simplewiki/application.py +++ b/examples/simplewiki/application.py @@ -1,13 +1,5 @@ -""" - simplewiki.application - ~~~~~~~~~~~~~~~~~~~~~~ - - This module implements the wiki WSGI application which dispatches - requests to specific wiki pages and actions. - - - :copyright: 2007 Pallets - :license: BSD-3-Clause +"""Implements the wiki WSGI application which dispatches requests to +specific wiki pages and actions. """ from os import path @@ -26,7 +18,6 @@ from .utils import local_manager from .utils import Request - #: path to shared data SHARED_DATA = path.join(path.dirname(__file__), "shared") diff --git a/examples/simplewiki/database.py b/examples/simplewiki/database.py index 873684a47..00dd0b4a5 100644 --- a/examples/simplewiki/database.py +++ b/examples/simplewiki/database.py @@ -1,12 +1,3 @@ -""" - simplewiki.database - ~~~~~~~~~~~~~~~~~~~ - - The database. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" from datetime import datetime from sqlalchemy import Column diff --git a/examples/simplewiki/specialpages.py b/examples/simplewiki/specialpages.py index 204296c5f..2c286f5b5 100644 --- a/examples/simplewiki/specialpages.py +++ b/examples/simplewiki/specialpages.py @@ -1,13 +1,4 @@ -""" - simplewiki.specialpages - ~~~~~~~~~~~~~~~~~~~~~~~ - - This module contains special pages such as the recent changes page. - - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" +"""Special pages such as the recent changes page.""" from .actions import page_missing from .database import Page from .database import RevisionedPage diff --git a/examples/simplewiki/utils.py b/examples/simplewiki/utils.py index e8771b3e5..ced91c64b 100644 --- a/examples/simplewiki/utils.py +++ b/examples/simplewiki/utils.py @@ -1,13 +1,3 @@ -""" - simplewiki.utils - ~~~~~~~~~~~~~~~~ - - This module implements various utility functions and classes used all - over the application. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" from os import path import creoleparser diff --git a/examples/upload.py b/examples/upload.py index 6f520b421..ac0842507 100644 --- a/examples/upload.py +++ b/examples/upload.py @@ -1,13 +1,4 @@ -#!/usr/bin/env python -""" - Simple Upload Application - ~~~~~~~~~~~~~~~~~~~~~~~~~ - - All uploaded files are directly send back to the client. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" +"""All uploaded files are directly send back to the client.""" from werkzeug.serving import run_simple from werkzeug.wrappers import BaseRequest from werkzeug.wrappers import BaseResponse diff --git a/examples/webpylike/example.py b/examples/webpylike/example.py index 6663ac549..74534d1d4 100644 --- a/examples/webpylike/example.py +++ b/examples/webpylike/example.py @@ -1,12 +1,3 @@ -""" - Example application based on weblikepy - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - - The application from th web.py tutorial. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" from .webpylike import Response from .webpylike import View from .webpylike import WebPyApp diff --git a/examples/webpylike/webpylike.py b/examples/webpylike/webpylike.py index 40e4eee79..8b1c837af 100644 --- a/examples/webpylike/webpylike.py +++ b/examples/webpylike/webpylike.py @@ -1,13 +1,6 @@ -""" - webpylike - ~~~~~~~~~ - - This module implements web.py like dispatching. What this module does - not implement is a stream system that hooks into sys.stdout like web.py - provides. I consider this bad design. - - :copyright: 2007 Pallets - :license: BSD-3-Clause +"""Implements web.py like dispatching. What this module does not +implement is a stream system that hooks into sys.stdout like web.py +provides. """ import re diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index 202fcea91..5a04935bf 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -1,20 +1,6 @@ -""" -werkzeug -~~~~~~~~ - -Werkzeug is the Swiss Army knife of Python web development. - -It provides useful classes and functions for any WSGI application to -make the life of a Python web developer much easier. All of the provided -classes are independent from each other so you can mix it with any other -library. - -:copyright: 2007 Pallets -:license: BSD-3-Clause -""" from .serving import run_simple from .test import Client from .wrappers import Request from .wrappers import Response -__version__ = "1.0.0" +__version__ = "2.0.0.dev" diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py index 1ca3d33d9..172ff175f 100644 --- a/src/werkzeug/_internal.py +++ b/src/werkzeug/_internal.py @@ -1,12 +1,3 @@ -""" - werkzeug._internal - ~~~~~~~~~~~~~~~~~~ - - This module provides internally used helpers and constants. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import inspect import logging import operator @@ -18,7 +9,6 @@ from itertools import chain from weakref import WeakKeyDictionary - _logger = None _signature_cache = WeakKeyDictionary() _epoch_ord = date(1970, 1, 1).toordinal() diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index d11ff367b..51d419a09 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -1,12 +1,3 @@ -""" - werkzeug.datastructures - ~~~~~~~~~~~~~~~~~~~~~~~ - - This module provides mixins and classes with an immutable interface. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import codecs import mimetypes import re diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py index 278c679c2..5ea22913d 100644 --- a/src/werkzeug/debug/__init__.py +++ b/src/werkzeug/debug/__init__.py @@ -1,12 +1,3 @@ -""" - werkzeug.debug - ~~~~~~~~~~~~~~ - - WSGI application traceback debugger. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import getpass import hashlib import json diff --git a/src/werkzeug/debug/console.py b/src/werkzeug/debug/console.py index 0bc0e3f6c..5fa9924da 100644 --- a/src/werkzeug/debug/console.py +++ b/src/werkzeug/debug/console.py @@ -1,12 +1,3 @@ -""" - werkzeug.debug.console - ~~~~~~~~~~~~~~~~~~~~~~ - - Interactive console support. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import code import sys from types import CodeType diff --git a/src/werkzeug/debug/repr.py b/src/werkzeug/debug/repr.py index c545a74f5..2d184a3ee 100644 --- a/src/werkzeug/debug/repr.py +++ b/src/werkzeug/debug/repr.py @@ -1,16 +1,8 @@ -""" - werkzeug.debug.repr - ~~~~~~~~~~~~~~~~~~~ - - This module implements object representations for debugging purposes. - Unlike the default repr these reprs expose a lot more information and - produce HTML instead of ASCII. - - Together with the CSS and JavaScript files of the debugger this gives - a colorful and more compact output. +"""Object representations for debugging purposes. Unlike the default +repr, these expose more information and produce HTML instead of ASCII. - :copyright: 2007 Pallets - :license: BSD-3-Clause +Together with the CSS and JavaScript of the debugger this gives a +colorful and more compact output. """ import codecs import re diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py index b5a907754..a15d89b2a 100644 --- a/src/werkzeug/debug/tbtools.py +++ b/src/werkzeug/debug/tbtools.py @@ -1,12 +1,3 @@ -""" - werkzeug.debug.tbtools - ~~~~~~~~~~~~~~~~~~~~~~ - - This module provides various traceback related utility functions. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import codecs import inspect import json diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index 2966e0360..64ed74115 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -1,57 +1,49 @@ -""" - werkzeug.exceptions - ~~~~~~~~~~~~~~~~~~~ - - This module implements a number of Python exceptions you can raise from - within your views to trigger a standard non-200 response. - - - Usage Example - ------------- +"""Implements a number of Python exceptions you can raise from within +your views to trigger a standard non-200 response. - :: +Usage Example +------------- - from werkzeug.wrappers import BaseRequest - from werkzeug.wsgi import responder - from werkzeug.exceptions import HTTPException, NotFound +.. code-block:: python - def view(request): - raise NotFound() + from werkzeug.wrappers import BaseRequest + from werkzeug.wsgi import responder + from werkzeug.exceptions import HTTPException, NotFound - @responder - def application(environ, start_response): - request = BaseRequest(environ) - try: - return view(request) - except HTTPException as e: - return e + def view(request): + raise NotFound() + @responder + def application(environ, start_response): + request = BaseRequest(environ) + try: + return view(request) + except HTTPException as e: + return e - As you can see from this example those exceptions are callable WSGI - applications. However, they are not Werkzeug response objects. You - can get a response object by calling ``get_response()`` on a HTTP - exception. - - Keep in mind that you have to pass an environment to ``get_response()`` - because some errors fetch additional information from the WSGI - environment. +As you can see from this example those exceptions are callable WSGI +applications. However, they are not Werkzeug response objects. You +can get a response object by calling ``get_response()`` on a HTTP +exception. - If you want to hook in a different exception page to say, a 404 status - code, you can add a second except for a specific subclass of an error:: +Keep in mind that you have to pass an environment to ``get_response()`` +because some errors fetch additional information from the WSGI +environment. - @responder - def application(environ, start_response): - request = BaseRequest(environ) - try: - return view(request) - except NotFound, e: - return not_found(request) - except HTTPException, e: - return e +If you want to hook in a different exception page to say, a 404 status +code, you can add a second except for a specific subclass of an error: +.. code-block:: python - :copyright: 2007 Pallets - :license: BSD-3-Clause + @responder + def application(environ, start_response): + request = BaseRequest(environ) + try: + return view(request) + except NotFound, e: + return not_found(request) + except HTTPException, e: + return e """ import sys from datetime import datetime diff --git a/src/werkzeug/filesystem.py b/src/werkzeug/filesystem.py index 60179abd2..d8aecfeb5 100644 --- a/src/werkzeug/filesystem.py +++ b/src/werkzeug/filesystem.py @@ -1,12 +1,3 @@ -""" - werkzeug.filesystem - ~~~~~~~~~~~~~~~~~~~ - - Various utilities for the local filesystem. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import codecs import sys import warnings diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py index 5babe639a..6755d5bcb 100644 --- a/src/werkzeug/formparser.py +++ b/src/werkzeug/formparser.py @@ -1,13 +1,3 @@ -""" - werkzeug.formparser - ~~~~~~~~~~~~~~~~~~~ - - This module implements the form parsing. It supports url-encoded forms - as well as non-nested multipart uploads. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import codecs import re from functools import update_wrapper diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index 0dcc9f025..eddc1a9b3 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -1,20 +1,3 @@ -""" - werkzeug.http - ~~~~~~~~~~~~~ - - Werkzeug comes with a bunch of utilities that help Werkzeug to deal with - HTTP data. Most of the classes and functions provided by this module are - used by the wrappers, but they are useful on their own, too, especially if - the response and request objects are not used. - - This covers some of the more HTTP centric features of WSGI, some other - utilities such as cookie handling are documented in the `werkzeug.utils` - module. - - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import base64 import re import warnings diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py index d1355a77f..48fa9733c 100644 --- a/src/werkzeug/local.py +++ b/src/werkzeug/local.py @@ -1,12 +1,3 @@ -""" - werkzeug.local - ~~~~~~~~~~~~~~ - - This module implements context-local objects. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import copy from functools import update_wrapper diff --git a/src/werkzeug/middleware/__init__.py b/src/werkzeug/middleware/__init__.py index 5e049f5ee..6ddcf7f5c 100644 --- a/src/werkzeug/middleware/__init__.py +++ b/src/werkzeug/middleware/__init__.py @@ -19,7 +19,4 @@ The :doc:`interactive debugger ` is also a middleware that can be applied manually, although it is typically used automatically with the :doc:`development server `. - -:copyright: 2007 Pallets -:license: BSD-3-Clause """ diff --git a/src/werkzeug/posixemulation.py b/src/werkzeug/posixemulation.py index f8799279e..144376000 100644 --- a/src/werkzeug/posixemulation.py +++ b/src/werkzeug/posixemulation.py @@ -1,20 +1,7 @@ -r""" - werkzeug.posixemulation - ~~~~~~~~~~~~~~~~~~~~~~~ +"""A ``rename`` function that follows POSIX semantics. If the target +file already exists it will be replaced without asking. - Provides a POSIX emulation for some features that are relevant to - web applications. The main purpose is to simplify support for - systems such as Windows NT that are not 100% POSIX compatible. - - Currently this only implements a :func:`rename` function that - follows POSIX semantics. Eg: if the target file already exists it - will be replaced without asking. - - This module was introduced in 0.6.1 and is not a public interface. - It might become one in later versions of Werkzeug. - - :copyright: 2007 Pallets - :license: BSD-3-Clause +This is not a public interface. """ import errno import os diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index d4b53ae75..d9a721efc 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -1,98 +1,109 @@ -""" - werkzeug.routing - ~~~~~~~~~~~~~~~~ - - When it comes to combining multiple controller or view functions (however - you want to call them) you need a dispatcher. A simple way would be - applying regular expression tests on the ``PATH_INFO`` and calling - registered callback functions that return the value then. - - This module implements a much more powerful system than simple regular - expression matching because it can also convert values in the URLs and - build URLs. - - Here a simple example that creates an URL map for an application with - two subdomains (www and kb) and some URL rules: - - >>> m = Map([ - ... # Static URLs - ... Rule('/', endpoint='static/index'), - ... Rule('/about', endpoint='static/about'), - ... Rule('/help', endpoint='static/help'), - ... # Knowledge Base - ... Subdomain('kb', [ - ... Rule('/', endpoint='kb/index'), - ... Rule('/browse/', endpoint='kb/browse'), - ... Rule('/browse//', endpoint='kb/browse'), - ... Rule('/browse//', endpoint='kb/browse') - ... ]) - ... ], default_subdomain='www') - - If the application doesn't use subdomains it's perfectly fine to not set - the default subdomain and not use the `Subdomain` rule factory. The endpoint - in the rules can be anything, for example import paths or unique - identifiers. The WSGI application can use those endpoints to get the - handler for that URL. It doesn't have to be a string at all but it's - recommended. - - Now it's possible to create a URL adapter for one of the subdomains and - build URLs: - - >>> c = m.bind('example.com') - >>> c.build("kb/browse", dict(id=42)) +"""When it comes to combining multiple controller or view functions +(however you want to call them) you need a dispatcher. A simple way +would be applying regular expression tests on the ``PATH_INFO`` and +calling registered callback functions that return the value then. + +This module implements a much more powerful system than simple regular +expression matching because it can also convert values in the URLs and +build URLs. + +Here a simple example that creates a URL map for an application with +two subdomains (www and kb) and some URL rules: + +.. code-block:: python + + m = Map([ + # Static URLs + Rule('/', endpoint='static/index'), + Rule('/about', endpoint='static/about'), + Rule('/help', endpoint='static/help'), + # Knowledge Base + Subdomain('kb', [ + Rule('/', endpoint='kb/index'), + Rule('/browse/', endpoint='kb/browse'), + Rule('/browse//', endpoint='kb/browse'), + Rule('/browse//', endpoint='kb/browse') + ]) + ], default_subdomain='www') + +If the application doesn't use subdomains it's perfectly fine to not set +the default subdomain and not use the `Subdomain` rule factory. The +endpoint in the rules can be anything, for example import paths or +unique identifiers. The WSGI application can use those endpoints to get the +handler for that URL. It doesn't have to be a string at all but it's +recommended. + +Now it's possible to create a URL adapter for one of the subdomains and +build URLs: + +.. code-block:: python + + c = m.bind('example.com') + + c.build("kb/browse", dict(id=42)) 'http://kb.example.com/browse/42/' - >>> c.build("kb/browse", dict()) + + c.build("kb/browse", dict()) 'http://kb.example.com/browse/' - >>> c.build("kb/browse", dict(id=42, page=3)) + + c.build("kb/browse", dict(id=42, page=3)) 'http://kb.example.com/browse/42/3' - >>> c.build("static/about") + + c.build("static/about") '/about' - >>> c.build("static/index", force_external=True) + + c.build("static/index", force_external=True) 'http://www.example.com/' - >>> c = m.bind('example.com', subdomain='kb') - >>> c.build("static/about") + c = m.bind('example.com', subdomain='kb') + + c.build("static/about") 'http://www.example.com/about' - The first argument to bind is the server name *without* the subdomain. - Per default it will assume that the script is mounted on the root, but - often that's not the case so you can provide the real mount point as - second argument: +The first argument to bind is the server name *without* the subdomain. +Per default it will assume that the script is mounted on the root, but +often that's not the case so you can provide the real mount point as +second argument: + +.. code-block:: python + + c = m.bind('example.com', '/applications/example') + +The third argument can be the subdomain, if not given the default +subdomain is used. For more details about binding have a look at the +documentation of the `MapAdapter`. - >>> c = m.bind('example.com', '/applications/example') +And here is how you can match URLs: - The third argument can be the subdomain, if not given the default - subdomain is used. For more details about binding have a look at the - documentation of the `MapAdapter`. +.. code-block:: python - And here is how you can match URLs: + c = m.bind('example.com') - >>> c = m.bind('example.com') - >>> c.match("/") + c.match("/") ('static/index', {}) - >>> c.match("/about") + + c.match("/about") ('static/about', {}) - >>> c = m.bind('example.com', '/', 'kb') - >>> c.match("/") - ('kb/index', {}) - >>> c.match("/browse/42/23") - ('kb/browse', {'id': 42, 'page': 23}) - If matching fails you get a `NotFound` exception, if the rule thinks - it's a good idea to redirect (for example because the URL was defined - to have a slash at the end but the request was missing that slash) it - will raise a `RequestRedirect` exception. Both are subclasses of the - `HTTPException` so you can use those errors as responses in the - application. + c = m.bind('example.com', '/', 'kb') - If matching succeeded but the URL rule was incompatible to the given - method (for example there were only rules for `GET` and `HEAD` and - routing system tried to match a `POST` request) a `MethodNotAllowed` - exception is raised. + c.match("/") + ('kb/index', {}) + c.match("/browse/42/23") + ('kb/browse', {'id': 42, 'page': 23}) - :copyright: 2007 Pallets - :license: BSD-3-Clause +If matching fails you get a ``NotFound`` exception, if the rule thinks +it's a good idea to redirect (for example because the URL was defined +to have a slash at the end but the request was missing that slash) it +will raise a ``RequestRedirect`` exception. Both are subclasses of +``HTTPException`` so you can use those errors as responses in the +application. + +If matching succeeded but the URL rule was incompatible to the given +method (for example there were only rules for ``GET`` and ``HEAD`` but +routing tried to match a ``POST`` request) a ``MethodNotAllowed`` +exception is raised. """ import ast import difflib diff --git a/src/werkzeug/security.py b/src/werkzeug/security.py index f536aaee5..211faf4f3 100644 --- a/src/werkzeug/security.py +++ b/src/werkzeug/security.py @@ -1,12 +1,3 @@ -""" - werkzeug.security - ~~~~~~~~~~~~~~~~~ - - Security related helpers such as secure password hashing tools. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import codecs import hashlib import hmac diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index b8987a569..a0f820d74 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -1,34 +1,15 @@ -""" - werkzeug.serving - ~~~~~~~~~~~~~~~~ - - There are many ways to serve a WSGI application. While you're developing - it you usually don't want a full blown webserver like Apache but a simple - standalone one. There is the `wsgiref`_ server in the standard library. - - However there are some caveats. Sourcecode won't reload itself when - changed and each time you kill the server using ``^C`` you get an - `KeyboardInterrupt` error. While the latter is easy to solve the first - one can be a pain in the ass in some situations. - - The easiest way is creating a small ``start-myproject.py`` that runs the - application:: - - from myproject import make_app - from werkzeug.serving import run_simple - - app = make_app(...) - run_simple("localhost", 8080, app, use_reloader=True) - - You can also pass it a `extra_files` keyword argument with a list of - additional files (like configuration files) you want to observe. +"""A WSGI and HTTP server for use **during development only**. This +server is convenient to use, but is not designed to be particularly +stable, secure, or efficient. Use a dedicate WSGI server and HTTP +server when deploying to production. - For bigger applications you should consider using `click` - (http://click.pocoo.org) instead of a simple start file. +It provides features like interactive debugging and code reloading. Use +``run_simple`` to start the server. Put this in a ``run.py`` script: +.. code-block:: python - :copyright: 2007 Pallets - :license: BSD-3-Clause + from myapp import create_app + from werkzeug import run_simple """ import io import os diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index 35c7d5b36..2755dd6c6 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -1,12 +1,3 @@ -""" - werkzeug.test - ~~~~~~~~~~~~~ - - This module implements a client to WSGI applications for testing. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import mimetypes import sys from collections import defaultdict diff --git a/src/werkzeug/testapp.py b/src/werkzeug/testapp.py index 883cefddd..4cec6b88c 100644 --- a/src/werkzeug/testapp.py +++ b/src/werkzeug/testapp.py @@ -1,12 +1,5 @@ -""" - werkzeug.testapp - ~~~~~~~~~~~~~~~~ - - Provide a small test application that can be used to test a WSGI server - and check it for WSGI compliance. - - :copyright: 2007 Pallets - :license: BSD-3-Clause +"""A small application that can be used to test a WSGI server and check +it for WSGI compliance. """ import base64 import os diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py index b6a71c372..800b1f6a1 100644 --- a/src/werkzeug/useragents.py +++ b/src/werkzeug/useragents.py @@ -1,15 +1,3 @@ -""" - werkzeug.useragents - ~~~~~~~~~~~~~~~~~~~ - - This module provides a helper to inspect user agent strings. This module - is far from complete but should work for most of the currently available - browsers. - - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import re diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index 692044aec..d2ab613c1 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -1,14 +1,3 @@ -""" - werkzeug.utils - ~~~~~~~~~~~~~~ - - This module implements various utilities for WSGI applications. Most of - them are used by the request and response wrappers but especially for - middleware development it makes sense to use them without the wrappers. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import codecs import os import pkgutil diff --git a/src/werkzeug/wrappers/__init__.py b/src/werkzeug/wrappers/__init__.py index ca72d756b..63210c720 100644 --- a/src/werkzeug/wrappers/__init__.py +++ b/src/werkzeug/wrappers/__init__.py @@ -1,19 +1,3 @@ -""" -werkzeug.wrappers -~~~~~~~~~~~~~~~~~ - -The wrappers are simple request and response objects which you can -subclass to do whatever you want them to do. The request object contains -the information transmitted by the client (webbrowser) and the response -object contains all the information sent back to the browser. - -An important detail is that the request object is created with the WSGI -environ and will act as high-level proxy whereas the response object is an -actual WSGI application. - -:copyright: 2007 Pallets -:license: BSD-3-Clause -""" from .accept import AcceptMixin from .auth import AuthorizationMixin from .auth import WWWAuthenticateMixin diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py index d62c5bb26..9678384a5 100644 --- a/src/werkzeug/wsgi.py +++ b/src/werkzeug/wsgi.py @@ -1,12 +1,3 @@ -""" - werkzeug.wsgi - ~~~~~~~~~~~~~ - - This module implements WSGI related helpers. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import io import re from functools import partial diff --git a/tests/conftest.py b/tests/conftest.py index 114e5b55e..e8340558a 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1,10 +1,3 @@ -""" - tests.conftest - ~~~~~~~~~~~~~~ - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import logging import os import platform diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py index 5e17a7c31..76a08df13 100644 --- a/tests/test_datastructures.py +++ b/tests/test_datastructures.py @@ -1,22 +1,3 @@ -""" - tests.datastructures - ~~~~~~~~~~~~~~~~~~~~ - - Tests the functionality of the provided Werkzeug - datastructures. - - Classes prefixed with an underscore are mixins and are not discovered by - the test runner. - - TODO: - - - FileMultiDict - - Immutable types undertested - - Split up dict tests - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import io import pickle import tempfile diff --git a/tests/test_debug.py b/tests/test_debug.py index e9f2ce190..bcc5b66f9 100644 --- a/tests/test_debug.py +++ b/tests/test_debug.py @@ -1,12 +1,3 @@ -""" - tests.debug - ~~~~~~~~~~~ - - Tests some debug utilities. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import io import re import sys diff --git a/tests/test_exceptions.py b/tests/test_exceptions.py index 68d0553f3..1936c169b 100644 --- a/tests/test_exceptions.py +++ b/tests/test_exceptions.py @@ -1,16 +1,3 @@ -""" - tests.exceptions - ~~~~~~~~~~~~~~~~ - - The tests for the exception classes. - - TODO: - - - This is undertested. HTML is never checked - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" from datetime import datetime import pytest diff --git a/tests/test_formparser.py b/tests/test_formparser.py index 0ec69ca97..296d423b7 100644 --- a/tests/test_formparser.py +++ b/tests/test_formparser.py @@ -1,12 +1,3 @@ -""" - tests.formparser - ~~~~~~~~~~~~~~~~ - - Tests the form parsing facilities. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import csv import io from os.path import dirname diff --git a/tests/test_http.py b/tests/test_http.py index 2fa15c4ce..623922e47 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -1,12 +1,3 @@ -""" - tests.http - ~~~~~~~~~~ - - HTTP parsing utilities. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" from datetime import datetime import pytest diff --git a/tests/test_internal.py b/tests/test_internal.py index 5b06e015d..6506beffa 100644 --- a/tests/test_internal.py +++ b/tests/test_internal.py @@ -1,12 +1,3 @@ -""" - tests.internal - ~~~~~~~~~~~~~~ - - Internal tests. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" from datetime import datetime from warnings import filterwarnings from warnings import resetwarnings diff --git a/tests/test_local.py b/tests/test_local.py index 9a89d5c9d..3d92eb1df 100644 --- a/tests/test_local.py +++ b/tests/test_local.py @@ -1,12 +1,3 @@ -""" - tests.local - ~~~~~~~~~~~~~~~~~~~~~~~~ - - Local and local proxy tests. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import copy import time from functools import partial diff --git a/tests/test_routing.py b/tests/test_routing.py index 9e98badde..c7a46ce53 100644 --- a/tests/test_routing.py +++ b/tests/test_routing.py @@ -1,12 +1,3 @@ -""" - tests.routing - ~~~~~~~~~~~~~ - - Routing tests. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import gc import uuid diff --git a/tests/test_security.py b/tests/test_security.py index 834c0a0fd..6caccf4e1 100644 --- a/tests/test_security.py +++ b/tests/test_security.py @@ -1,12 +1,3 @@ -""" - tests.security - ~~~~~~~~~~~~~~ - - Tests the security helpers. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import os import posixpath diff --git a/tests/test_serving.py b/tests/test_serving.py index 846d74dc7..5c650d87a 100644 --- a/tests/test_serving.py +++ b/tests/test_serving.py @@ -1,12 +1,3 @@ -""" - tests.serving - ~~~~~~~~~~~~~ - - Added serving tests. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import os import platform import socket diff --git a/tests/test_test.py b/tests/test_test.py index 287caccb1..1196ff2f1 100644 --- a/tests/test_test.py +++ b/tests/test_test.py @@ -1,12 +1,3 @@ -""" - tests.test - ~~~~~~~~~~ - - Tests the testing tools. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import json import sys from functools import partial diff --git a/tests/test_urls.py b/tests/test_urls.py index 7d07c343c..9f9fcae86 100644 --- a/tests/test_urls.py +++ b/tests/test_urls.py @@ -1,12 +1,3 @@ -""" - tests.urls - ~~~~~~~~~~ - - URL helper tests. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import io import pytest diff --git a/tests/test_utils.py b/tests/test_utils.py index a45c9e7c2..9b7e21a5f 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -1,12 +1,3 @@ -""" - tests.utils - ~~~~~~~~~~~ - - General utilities. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import inspect from datetime import datetime diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py index 614bab5d0..58e0a83a4 100644 --- a/tests/test_wrappers.py +++ b/tests/test_wrappers.py @@ -1,12 +1,3 @@ -""" - tests.wrappers - ~~~~~~~~~~~~~~ - - Tests for the response and request objects. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import contextlib import json import os diff --git a/tests/test_wsgi.py b/tests/test_wsgi.py index c0ea3ecd3..b1c4eae2c 100644 --- a/tests/test_wsgi.py +++ b/tests/test_wsgi.py @@ -1,12 +1,3 @@ -""" - tests.wsgi - ~~~~~~~~~~ - - Tests the WSGI utilities. - - :copyright: 2007 Pallets - :license: BSD-3-Clause -""" import io import json import os From b6b702da0786820c5cb73f6d7adbc0f297dac70f Mon Sep 17 00:00:00 2001 From: David Lord Date: Thu, 19 Mar 2020 08:08:03 -0700 Subject: [PATCH 169/733] remove coverage --- .azure-pipelines.yml | 25 ++++--------------------- setup.py | 1 - tox.ini | 19 +------------------ 3 files changed, 5 insertions(+), 40 deletions(-) diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index 2c3465e55..565961196 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -5,8 +5,7 @@ trigger: variables: vmImage: ubuntu-latest python.version: '3.8' - TOXENV: py,coverage-ci - hasTestResults: 'true' + TOXENV: py strategy: matrix: @@ -16,18 +15,16 @@ strategy: vmImage: windows-latest Python 3.8 Mac: vmImage: macos-latest - PyPy 3 Linux: - python.version: pypy3 Python 3.7 Linux: python.version: '3.7' Python 3.6 Linux: python.version: '3.6' + PyPy 3 Linux: + python.version: pypy3 Docs: TOXENV: docs - hasTestResults: 'false' Style: TOXENV: style - hasTestResults: 'false' pool: vmImage: $[ variables.vmImage ] @@ -41,19 +38,5 @@ steps: - script: pip --disable-pip-version-check install -U tox displayName: Install tox - - script: tox -s false -- --junit-xml=test-results.xml + - script: tox displayName: Run tox - - - task: PublishTestResults@2 - inputs: - testResultsFiles: test-results.xml - testRunTitle: $(Agent.JobName) - condition: eq(variables['hasTestResults'], 'true') - displayName: Publish test results - - - task: PublishCodeCoverageResults@1 - inputs: - codeCoverageTool: Cobertura - summaryFileLocation: coverage.xml - condition: eq(variables['hasTestResults'], 'true') - displayName: Publish coverage results diff --git a/setup.py b/setup.py index e11ea4ae9..37a5fc74a 100644 --- a/setup.py +++ b/setup.py @@ -54,7 +54,6 @@ "dev": [ "pytest", "pytest-timeout", - "coverage", "tox", "sphinx", "pallets-sphinx-themes", diff --git a/tox.ini b/tox.ini index d3ff05216..b74fb051f 100644 --- a/tox.ini +++ b/tox.ini @@ -3,12 +3,10 @@ envlist = py{38,37,36,py3} style docs - coverage skip_missing_interpreters = true [testenv] deps = - coverage pytest pytest-timeout pytest-xprocess @@ -17,7 +15,7 @@ deps = cryptography greenlet watchdog -commands = coverage run -p -m pytest --tb=short --basetemp={envtmpdir} {posargs} +commands = pytest --tb=short --basetemp={envtmpdir} {posargs} [testenv:style] deps = pre-commit @@ -27,18 +25,3 @@ commands = pre-commit run --all-files --show-diff-on-failure [testenv:docs] deps = -r docs/requirements.txt commands = sphinx-build -W -b html -d {envtmpdir}/doctrees docs {envtmpdir}/html - -[testenv:coverage] -deps = coverage -skip_install = true -commands = - coverage combine - coverage html - coverage report - -[testenv:coverage-ci] -deps = coverage -skip_install = true -commands = - coverage combine - coverage xml From 51bbafdda6e03cf19bc7d2b725460e12e13578b8 Mon Sep 17 00:00:00 2001 From: David Lord Date: Thu, 19 Mar 2020 08:22:13 -0700 Subject: [PATCH 170/733] move package metadata to setup.cfg --- MANIFEST.in | 3 +-- setup.cfg | 37 ++++++++++++++++++++++++++++++++++--- setup.py | 48 +----------------------------------------------- 3 files changed, 36 insertions(+), 52 deletions(-) diff --git a/MANIFEST.in b/MANIFEST.in index 2d4aaac86..13e164764 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,5 +1,4 @@ include CHANGES.rst -include LICENSE.rst include tox.ini graft artwork graft docs @@ -7,4 +6,4 @@ prune docs/_build graft examples graft tests graft src/werkzeug/debug/shared -global-exclude *.py[co] +global-exclude *.pyc diff --git a/setup.cfg b/setup.cfg index 145b701de..e39dc914e 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,14 +1,45 @@ [metadata] -license_file = LICENSE.rst +name = Werkzeug +version = attr: werkzeug.__version__ +url = https://palletsprojects.com/p/werkzeug +project_urls = + Documentation = https://werkzeug.palletsprojects.com/ + Code = https://github.com/pallets/werkzeug + Issue tracker = https://github.com/pallets/werkzeug/issues +license = BSD-3-Clause +maintainer = Pallets +maintainer_email = contact@palletsprojects.com +description = The comprehensive WSGI web application library. +long_description = file: README.rst long_description_content_type = text/x-rst +classifiers = + Development Status :: 5 - Production/Stable + Environment :: Web Environment + Intended Audience :: Developers + License :: OSI Approved :: BSD License + Operating System :: OS Independent + Programming Language :: Python + Topic :: Internet :: WWW/HTTP :: Dynamic Content + Topic :: Internet :: WWW/HTTP :: WSGI + Topic :: Internet :: WWW/HTTP :: WSGI :: Application + Topic :: Internet :: WWW/HTTP :: WSGI :: Middleware + Topic :: Software Development :: Libraries :: Application Frameworks + +[options] +packages = find: +package_dir = = src +include_package_data = true +python_requires = >= 3.6 +# Dependencies are in setup.py for GitHub's dependency graph. + +[options.packages.find] +where = src [tool:pytest] testpaths = tests filterwarnings = error ignore::requests.packages.urllib3.exceptions.InsecureRequestWarning - ; warning about collections.abc fixed in watchdog master - ignore::DeprecationWarning:watchdog.utils.bricks:175 [coverage:run] branch = True diff --git a/setup.py b/setup.py index 37a5fc74a..e5eb8042a 100644 --- a/setup.py +++ b/setup.py @@ -1,54 +1,8 @@ -import re - -from setuptools import find_packages from setuptools import setup -with open("README.rst", encoding="utf8") as f: - readme = f.read() - -with open("src/werkzeug/__init__.py", encoding="utf8") as f: - version = re.search(r'__version__ = "(.*?)"', f.read(), re.M).group(1) - +# Metadata goes in setup.cfg. These are here for GitHub's dependency graph. setup( name="Werkzeug", - version=version, - url="https://palletsprojects.com/p/werkzeug/", - project_urls={ - "Documentation": "https://werkzeug.palletsprojects.com/", - "Code": "https://github.com/pallets/werkzeug", - "Issue tracker": "https://github.com/pallets/werkzeug/issues", - }, - license="BSD-3-Clause", - author="Armin Ronacher", - author_email="armin.ronacher@active-4.com", - maintainer="Pallets", - maintainer_email="contact@palletsprojects.com", - description="The comprehensive WSGI web application library.", - long_description=readme, - classifiers=[ - "Development Status :: 5 - Production/Stable", - "Environment :: Web Environment", - "Intended Audience :: Developers", - "License :: OSI Approved :: BSD License", - "Operating System :: OS Independent", - "Programming Language :: Python", - "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.6", - "Programming Language :: Python :: 3.7", - "Programming Language :: Python :: 3.8", - "Programming Language :: Python :: Implementation :: CPython", - "Programming Language :: Python :: Implementation :: PyPy", - "Topic :: Internet :: WWW/HTTP :: Dynamic Content", - "Topic :: Internet :: WWW/HTTP :: WSGI", - "Topic :: Internet :: WWW/HTTP :: WSGI :: Application", - "Topic :: Internet :: WWW/HTTP :: WSGI :: Middleware", - "Topic :: Software Development :: Libraries :: Application Frameworks", - "Topic :: Software Development :: Libraries :: Python Modules", - ], - packages=find_packages("src"), - package_dir={"": "src"}, - include_package_data=True, - python_requires=">=3.6", extras_require={ "watchdog": ["watchdog"], "dev": [ From 09a248649069780b4adfb910fb69f6fb304f2ea3 Mon Sep 17 00:00:00 2001 From: David Lord Date: Thu, 19 Mar 2020 08:48:10 -0700 Subject: [PATCH 171/733] remove unused ref directives replace page refs with doc directives --- docs/deployment/index.rst | 2 -- docs/installation.rst | 3 --- docs/request_data.rst | 2 -- docs/routing.rst | 2 -- docs/serving.rst | 4 ++-- docs/unicode.rst | 2 -- docs/wrappers.rst | 2 -- docs/wsgi.rst | 2 +- src/werkzeug/formparser.py | 2 +- src/werkzeug/wrappers/base_request.py | 4 ++-- 10 files changed, 6 insertions(+), 19 deletions(-) diff --git a/docs/deployment/index.rst b/docs/deployment/index.rst index 524d52834..012b171b4 100644 --- a/docs/deployment/index.rst +++ b/docs/deployment/index.rst @@ -1,5 +1,3 @@ -.. _deployment: - ====================== Application Deployment ====================== diff --git a/docs/installation.rst b/docs/installation.rst index dd2104cac..53940f4f0 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -1,5 +1,3 @@ -.. _installation: - Installation ============ @@ -56,7 +54,6 @@ projects or the operating system's packages. Python comes bundled with the :mod:`venv` module to create virtual environments. -.. _install-create-env: Create an environment ~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/request_data.rst b/docs/request_data.rst index dfbd08d3e..c47e4aa1e 100644 --- a/docs/request_data.rst +++ b/docs/request_data.rst @@ -1,5 +1,3 @@ -.. _dealing-with-request-data: - Dealing with Request Data ========================= diff --git a/docs/routing.rst b/docs/routing.rst index 07f7d4236..a93bc3ce9 100644 --- a/docs/routing.rst +++ b/docs/routing.rst @@ -1,5 +1,3 @@ -.. _routing: - =========== URL Routing =========== diff --git a/docs/serving.rst b/docs/serving.rst index 62d96e889..6eacc98b0 100644 --- a/docs/serving.rst +++ b/docs/serving.rst @@ -32,7 +32,7 @@ additional files (like configuration files) you want to observe. The development server is not intended to be used on production systems. It was designed especially for development purposes and performs poorly under high load. For deployment setups have a look at the - :ref:`deployment` pages. + :doc:`/deployment/index` pages. .. _reloader: @@ -104,7 +104,7 @@ You can open the file with your favorite text editor and add a new name after Save the changes and after a while you should be able to access the development server on these host names as well. You can use the -:ref:`routing` system to dispatch between different hosts or parse +:doc:`/routing` system to dispatch between different hosts or parse :attr:`request.host` yourself. Shutting Down The Server diff --git a/docs/unicode.rst b/docs/unicode.rst index a59aeaee6..1731c8feb 100644 --- a/docs/unicode.rst +++ b/docs/unicode.rst @@ -1,5 +1,3 @@ -.. _unicode: - Unicode ======= diff --git a/docs/wrappers.rst b/docs/wrappers.rst index b59df865c..f1f5daa86 100644 --- a/docs/wrappers.rst +++ b/docs/wrappers.rst @@ -1,5 +1,3 @@ -.. _wrappers: - ========================== Request / Response Objects ========================== diff --git a/docs/wsgi.rst b/docs/wsgi.rst index ba9bfb548..a96916b52 100644 --- a/docs/wsgi.rst +++ b/docs/wsgi.rst @@ -6,7 +6,7 @@ WSGI Helpers The following classes and functions are designed to make working with the WSGI specification easier or operate on the WSGI layer. All the functionality from this module is available on the high-level -:ref:`Request / Response classes `. +:doc:`/wrappers`. Iterator / Stream Helpers diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py index 6755d5bcb..6c5ec07c4 100644 --- a/src/werkzeug/formparser.py +++ b/src/werkzeug/formparser.py @@ -71,7 +71,7 @@ def parse_form_data( This is a shortcut for the common usage of :class:`FormDataParser`. - Have a look at :ref:`dealing-with-request-data` for more details. + Have a look at :doc:`/request_data` for more details. .. versionadded:: 0.5 The `max_form_memory_size`, `max_content_length` and diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py index aeaa5d389..24021a9b4 100644 --- a/src/werkzeug/wrappers/base_request.py +++ b/src/werkzeug/wrappers/base_request.py @@ -80,7 +80,7 @@ class Request(BaseRequest, ETagRequestMixin): #: parsing fails because more than the specified value is transmitted #: a :exc:`~werkzeug.exceptions.RequestEntityTooLarge` exception is raised. #: - #: Have a look at :ref:`dealing-with-request-data` for more details. + #: Have a look at :doc:`/request_data` for more details. #: #: .. versionadded:: 0.5 max_content_length = None @@ -91,7 +91,7 @@ class Request(BaseRequest, ETagRequestMixin): #: data in memory for post data is longer than the specified value a #: :exc:`~werkzeug.exceptions.RequestEntityTooLarge` exception is raised. #: - #: Have a look at :ref:`dealing-with-request-data` for more details. + #: Have a look at :doc:`/request_data` for more details. #: #: .. versionadded:: 0.5 max_form_memory_size = None From c73bfe938c752e91cf8ce48ca24c58dcf3a95abd Mon Sep 17 00:00:00 2001 From: David Lord Date: Thu, 19 Mar 2020 09:09:17 -0700 Subject: [PATCH 172/733] remove simplejson In modern Python it's unlikely to be significantly better than the built-in json module. The module used by JSONMixin is overridable, so users can plug it in if they want. See https://github.com/pallets/itsdangerous/issues/146 --- CHANGES.rst | 2 ++ docs/installation.rst | 4 ---- docs/request_data.rst | 2 +- src/werkzeug/wrappers/json.py | 15 +++------------ 4 files changed, 6 insertions(+), 17 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index e57453f74..c91272f8e 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -8,6 +8,8 @@ Unreleased - Drop support for Python 2 and 3.5. :pr:`1693` - Deprecate :func:`utils.format_string`, use :class:`string.Template` instead. :issue:`1756` +- ``JSONMixin`` no longer uses simplejson if it's installed. To use + another JSON module, override ``JSONMixin.json_module``. :pr:`1766` - Add a ``url_scheme`` argument to :meth:`~routing.MapAdapter.build` to override the bound scheme. :pr:`1721` - When passing a ``Headers`` object to a test client method or diff --git a/docs/installation.rst b/docs/installation.rst index 53940f4f0..9a7b13f62 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -21,15 +21,11 @@ Optional dependencies These distributions will not be installed automatically. Werkzeug will detect and use them if you install them. -* `SimpleJSON`_ is a fast JSON implementation that is compatible with - Python's ``json`` module. It is preferred for JSON operations if it is - installed. * `Click`_ provides request log highlighting when using the development server. On Windows, you should also install `colorama`_. * `Watchdog`_ provides a faster, more efficient reloader for the development server. -.. _SimpleJSON: https://simplejson.readthedocs.io/en/latest/ .. _Click: https://pypi.org/project/click/ .. _Watchdog: https://pypi.org/project/watchdog/ .. _colorama: https://pypi.org/project/colorama/ diff --git a/docs/request_data.rst b/docs/request_data.rst index c47e4aa1e..db338d110 100644 --- a/docs/request_data.rst +++ b/docs/request_data.rst @@ -109,9 +109,9 @@ There is already a mixin that provides JSON parsing:: The basic implementation of that looks like:: + import json from werkzeug.utils import cached_property from werkzeug.wrappers import Request - import simplejson as json class JSONRequest(Request): @cached_property diff --git a/src/werkzeug/wrappers/json.py b/src/werkzeug/wrappers/json.py index c8fbb3488..2d093eb89 100644 --- a/src/werkzeug/wrappers/json.py +++ b/src/werkzeug/wrappers/json.py @@ -1,13 +1,9 @@ import datetime +import json import uuid from ..exceptions import BadRequest -try: - import simplejson as _json -except ImportError: - import json as _json - class _JSONModule: @staticmethod @@ -28,22 +24,17 @@ def dumps(cls, obj, **kw): kw.setdefault("separators", (",", ":")) kw.setdefault("default", cls._default) kw.setdefault("sort_keys", True) - return _json.dumps(obj, **kw) + return json.dumps(obj, **kw) @staticmethod def loads(s, **kw): - return _json.loads(s, **kw) + return json.loads(s, **kw) class JSONMixin: """Mixin to parse :attr:`data` as JSON. Can be mixed in for both :class:`~werkzeug.wrappers.Request` and :class:`~werkzeug.wrappers.Response` classes. - - If `simplejson`_ is installed it is preferred over Python's built-in - :mod:`json` module. - - .. _simplejson: https://simplejson.readthedocs.io/en/latest/ """ #: A module or other object that has ``dumps`` and ``loads`` From fa6781dfbf73288c63fe885c2220536fb46f7c35 Mon Sep 17 00:00:00 2001 From: Joshua Bronson Date: Fri, 20 Mar 2020 14:29:03 -0400 Subject: [PATCH 173/733] Remove vestiges of Python 2 support, test improvements. Python 2 support was dropped in #1693. * Remove superfluous __ne__ and __cmp__ implementations. * Use no-arg super() rather than 2-arg super(...). Also improve associated tests. --- docs/routing.rst | 2 +- src/werkzeug/datastructures.py | 10 ++-------- src/werkzeug/exceptions.py | 2 +- src/werkzeug/local.py | 1 - src/werkzeug/routing.py | 3 --- tests/test_local.py | 5 ++++- 6 files changed, 8 insertions(+), 15 deletions(-) diff --git a/docs/routing.rst b/docs/routing.rst index a93bc3ce9..6ce8b8e5a 100644 --- a/docs/routing.rst +++ b/docs/routing.rst @@ -180,7 +180,7 @@ for ``"maybe"``. :: regex = r"(?:yes|no|maybe)" def __init__(self, url_map, maybe=False): - super(BooleanConverter, self).__init__(url_map) + super().__init__(url_map) self.maybe = maybe def to_python(self, value): diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index 51d419a09..fe72a3911 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -111,7 +111,7 @@ class ImmutableDictMixin: @classmethod def fromkeys(cls, keys, value=None): - instance = super(cls, cls).__new__(cls) + instance = super().__new__(cls) instance.__init__(zip(keys, repeat(value))) return instance @@ -191,7 +191,7 @@ class UpdateDictMixin: def calls_update(name): # noqa: B902 def oncall(self, *args, **kw): - rv = getattr(super(UpdateDictMixin, self), name)(*args, **kw) + rv = getattr(super(), name)(*args, **kw) if self.on_update is not None: self.on_update(self) return rv @@ -689,9 +689,6 @@ def __eq__(self, other): __hash__ = None - def __ne__(self, other): - return not self.__eq__(other) - def __reduce_ex__(self, protocol): return type(self), (list(self.items(multi=True)),) @@ -898,9 +895,6 @@ def lowered(item): __hash__ = None - def __ne__(self, other): - return not self.__eq__(other) - def get(self, key, default=None, type=None, as_bytes=False): """Return the default value if the requested data doesn't exist. If `type` is provided and is a callable it should convert the value, diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py index 64ed74115..31d527831 100644 --- a/src/werkzeug/exceptions.py +++ b/src/werkzeug/exceptions.py @@ -91,7 +91,7 @@ class newcls(cls, exception): show_exception = False def __init__(self, arg=None, *args, **kwargs): - super(cls, self).__init__(*args, **kwargs) + super().__init__(*args, **kwargs) if arg is None: exception.__init__(self) diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py index 48fa9733c..9467aff2e 100644 --- a/src/werkzeug/local.py +++ b/src/werkzeug/local.py @@ -339,7 +339,6 @@ def __delitem__(self, key): __ne__ = lambda x, o: x._get_current_object() != o __gt__ = lambda x, o: x._get_current_object() > o __ge__ = lambda x, o: x._get_current_object() >= o - __cmp__ = lambda x, o: cmp(x._get_current_object(), o) # noqa __hash__ = lambda x: hash(x._get_current_object()) __call__ = lambda x, *a, **kw: x._get_current_object()(*a, **kw) __len__ = lambda x: len(x._get_current_object()) diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py index d9a721efc..b26d79390 100644 --- a/src/werkzeug/routing.py +++ b/src/werkzeug/routing.py @@ -1113,9 +1113,6 @@ def __eq__(self, other): __hash__ = None - def __ne__(self, other): - return not self.__eq__(other) - def __str__(self): return self.rule diff --git a/tests/test_local.py b/tests/test_local.py index 3d92eb1df..7560e3fd1 100644 --- a/tests/test_local.py +++ b/tests/test_local.py @@ -22,7 +22,8 @@ def value_setter(idx): threads = [Thread(target=value_setter, args=(x,)) for x in [1, 2, 3]] for thread in threads: thread.start() - time.sleep(0.2) + for thread in threads: + thread.join() assert sorted(values) == [1, 2, 3] def delfoo(): @@ -63,6 +64,8 @@ def test_local_proxy(): def test_local_proxy_operations_math(): foo = 2 ls = local.LocalProxy(lambda: foo) + assert ls == 2 + assert ls != 3 assert ls + 1 == 3 assert 1 + ls == 3 assert ls - 1 == 1 From 65026914d9dfa7db584fccfabb606ae596c2159a Mon Sep 17 00:00:00 2001 From: Rohan Talip Date: Sun, 29 Mar 2020 18:28:49 -0700 Subject: [PATCH 174/733] Improved some grammar in datastructures.py : "as" --> "like" and added commas. See: https://www.quora.com/What-is-the-difference-between-just-like-and-just-as-in-grammar https://www.quora.com/Whats-the-difference-between-as-and-like --- src/werkzeug/datastructures.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py index fe72a3911..a61c88684 100644 --- a/src/werkzeug/datastructures.py +++ b/src/werkzeug/datastructures.py @@ -385,7 +385,7 @@ def add(self, key, value): def getlist(self, key, type=None): """Return the list of items for a given key. If that key is not in the - `MultiDict`, the return value will be an empty list. Just as `get` + `MultiDict`, the return value will be an empty list. Just like `get`, `getlist` accepts a `type` parameter. All items will be converted with the callable defined there. @@ -933,8 +933,8 @@ def get(self, key, default=None, type=None, as_bytes=False): def getlist(self, key, type=None, as_bytes=False): """Return the list of items for a given key. If that key is not in the - :class:`Headers`, the return value will be an empty list. Just as - :meth:`get` :meth:`getlist` accepts a `type` parameter. All items will + :class:`Headers`, the return value will be an empty list. Just like + :meth:`get`, :meth:`getlist` accepts a `type` parameter. All items will be converted with the callable defined there. .. versionadded:: 0.9 From 1dde4b1790f9c46b7122bb8225e6b48a5b22a615 Mon Sep 17 00:00:00 2001 From: David Lord Date: Tue, 31 Mar 2020 11:00:43 -0700 Subject: [PATCH 175/733] release version 1.0.1 --- CHANGES.rst | 2 +- src/werkzeug/__init__.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 788b2b32c..6193f3eec 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -3,7 +3,7 @@ Version 1.0.1 ------------- -Unreleased +Released 2020-03-31 - Make the argument to ``RequestRedirect.get_response`` optional. :issue:`1718` diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py index 202fcea91..f163e76c1 100644 --- a/src/werkzeug/__init__.py +++ b/src/werkzeug/__init__.py @@ -17,4 +17,4 @@ from .wrappers import Request from .wrappers import Response -__version__ = "1.0.0" +__version__ = "1.0.1" From 958fffba9d3bbf81aa56c0be816943c0d29f177e Mon Sep 17 00:00:00 2001 From: northernSage Date: Sat, 21 Mar 2020 12:17:16 -0300 Subject: [PATCH 176/733] deprecate utils.bind/validate_arguments --- CHANGES.rst | 3 +++ src/werkzeug/_internal.py | 6 +++++- src/werkzeug/utils.py | 23 ++++++++++++++++++++++- tests/test_utils.py | 38 -------------------------------------- 4 files changed, 30 insertions(+), 40 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index c91272f8e..f130e9357 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -8,6 +8,9 @@ Unreleased - Drop support for Python 2 and 3.5. :pr:`1693` - Deprecate :func:`utils.format_string`, use :class:`string.Template` instead. :issue:`1756` +- Deprecate :func:`utils.bind_arguments` and + :func:`utils.validate_arguments`, use :meth:`Signature.bind` and + :func:`inspect.signature` instead. :issue:`1757` - ``JSONMixin`` no longer uses simplejson if it's installed. To use another JSON module, override ``JSONMixin.json_module``. :pr:`1766` - Add a ``url_scheme`` argument to :meth:`~routing.MapAdapter.build` diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py index 172ff175f..b4c916b41 100644 --- a/src/werkzeug/_internal.py +++ b/src/werkzeug/_internal.py @@ -161,7 +161,11 @@ def _log(type, message, *args, **kwargs): def _parse_signature(func): - """Return a signature object for the function.""" + """Return a signature object for the function. + + .. deprecated:: 2.0 + Will be removed in 2.1 along with utils.bind/validate_arguments + """ # if we have a cached validator for this function, return it parse = _signature_cache.get(func) if parse is not None: diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index d2ab613c1..f804d77b2 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -628,7 +628,16 @@ def proxy(request): :param drop_extra: set to `False` if you don't want extra arguments to be silently dropped. :return: tuple in the form ``(args, kwargs)``. + + .. deprecated:: 2.0 + Will be removed in 2.1. Use :func:`inspect.signature` instead. """ + warnings.warn( + "'utils.validate_arguments' is deprecated and will be removed" + " in 2.1. Use 'inspect.signature' instead.", + DeprecationWarning, + stacklevel=2, + ) parser = _parse_signature(func) args, kwargs, missing, extra, extra_positional = parser(args, kwargs)[:5] if missing: @@ -649,7 +658,16 @@ def bind_arguments(func, args, kwargs): :param args: tuple of positional arguments. :param kwargs: a dict of keyword arguments. :return: a :class:`dict` of bound keyword arguments. + + .. deprecated:: 2.0 + Will be removed in 2.1. Use :meth:`Signature.bind` instead. """ + warnings.warn( + "'utils.bind_arguments' is deprecated and will be removed in" + " 2.1. Use 'Signature.bind' instead.", + DeprecationWarning, + stacklevel=2, + ) ( args, kwargs, @@ -680,8 +698,11 @@ def bind_arguments(func, args, kwargs): class ArgumentValidationError(ValueError): + """Raised if :func:`validate_arguments` fails to validate - """Raised if :func:`validate_arguments` fails to validate""" + .. deprecated:: 2.0 + Will be removed in 2.1 along with utils.bind/validate_arguments. + """ def __init__(self, missing=None, extra=None, extra_positional=None): self.missing = set(missing or ()) diff --git a/tests/test_utils.py b/tests/test_utils.py index 9b7e21a5f..a646a1f36 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -279,44 +279,6 @@ def test_html_builder(): ) -def test_validate_arguments(): - def take_none(): - pass - - def take_two(a, b): - pass - - def take_two_one_default(a, b=0): - pass - - assert utils.validate_arguments(take_two, (1, 2), {}) == ((1, 2), {}) - assert utils.validate_arguments(take_two, (1,), {"b": 2}) == ((1, 2), {}) - assert utils.validate_arguments(take_two_one_default, (1,), {}) == ((1, 0), {}) - assert utils.validate_arguments(take_two_one_default, (1, 2), {}) == ((1, 2), {}) - - pytest.raises( - utils.ArgumentValidationError, utils.validate_arguments, take_two, (), {} - ) - - assert utils.validate_arguments(take_none, (1, 2), {"c": 3}) == ((), {}) - pytest.raises( - utils.ArgumentValidationError, - utils.validate_arguments, - take_none, - (1,), - {}, - drop_extra=False, - ) - pytest.raises( - utils.ArgumentValidationError, - utils.validate_arguments, - take_none, - (), - {"a": 1}, - drop_extra=False, - ) - - def test_header_set_duplication_bug(): headers = Headers([("Content-Type", "text/html"), ("Foo", "bar"), ("Blub", "blah")]) headers["blub"] = "hehe" From c8803517e8113261cd619cd9dab0e5be58c5ebc6 Mon Sep 17 00:00:00 2001 From: northernSage Date: Tue, 24 Mar 2020 00:07:53 -0300 Subject: [PATCH 177/733] deprecate utils.HTMLBuilder --- CHANGES.rst | 1 + src/werkzeug/utils.py | 18 ++++++++++++++++++ tests/test_utils.py | 31 ------------------------------- 3 files changed, 19 insertions(+), 31 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index d6ced7727..df78327bb 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -11,6 +11,7 @@ Unreleased - Deprecate :func:`utils.bind_arguments` and :func:`utils.validate_arguments`, use :meth:`Signature.bind` and :func:`inspect.signature` instead. :issue:`1757` +- Deprecate :class:`utils.HTMLBuilder`. :issue:`1761` - ``JSONMixin`` no longer uses simplejson if it's installed. To use another JSON module, override ``JSONMixin.json_module``. :pr:`1766` - Add a ``url_scheme`` argument to :meth:`~routing.MapAdapter.build` diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index f804d77b2..1681d6ffd 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -157,6 +157,9 @@ class HTMLBuilder: >>> html.p(html("")) '

    <foo>

    ' + + .. deprecated:: 2.0 + Will be removed in 2.1. """ _entity_re = re.compile(r"&([^;]+);") @@ -200,12 +203,27 @@ class HTMLBuilder: _c_like_cdata = {"script", "style"} def __init__(self, dialect): + warnings.warn( + "'utils.HTMLBuilder' is deprecated and will be removed in 2.1.", + DeprecationWarning, + stacklevel=2, + ) self._dialect = dialect def __call__(self, s): + warnings.warn( + "'utils.HTMLBuilder' is deprecated and will be removed in 2.1.", + DeprecationWarning, + stacklevel=2, + ) return escape(s) def __getattr__(self, tag): + warnings.warn( + "'utils.HTMLBuilder' is deprecated and will be removed in 2.1.", + DeprecationWarning, + stacklevel=2, + ) if tag[:2] == "__": raise AttributeError(tag) diff --git a/tests/test_utils.py b/tests/test_utils.py index a646a1f36..108f6ea0b 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -248,37 +248,6 @@ def test_find_modules(): ] -def test_html_builder(): - html = utils.html - xhtml = utils.xhtml - assert html.p("Hello World") == "

    Hello World

    " - assert html.a("Test", href="#") == 'Test' - assert html.br() == "
    " - assert xhtml.br() == "
    " - assert html.img(src="foo") == '' - assert xhtml.img(src="foo") == '' - assert html.html( - html.head(html.title("foo"), html.script(type="text/javascript")) - ) == ( - 'foo " - ) - assert html("") == "<foo>" - assert html.input(disabled=True) == "" - assert xhtml.input(disabled=True) == '' - assert html.input(disabled="") == "" - assert xhtml.input(disabled="") == "" - assert html.input(disabled=None) == "" - assert xhtml.input(disabled=None) == "" - assert ( - html.script('alert("Hello World");') == '' - ) - assert ( - xhtml.script('alert("Hello World");') - == '' - ) - - def test_header_set_duplication_bug(): headers = Headers([("Content-Type", "text/html"), ("Foo", "bar"), ("Blub", "blah")]) headers["blub"] = "hehe" From e13b8fba7ddc0d56b1266f439a190dd11aa40c0d Mon Sep 17 00:00:00 2001 From: northernSage Date: Fri, 10 Apr 2020 00:20:40 -0300 Subject: [PATCH 178/733] deprecate utils.escape/unescape --- CHANGES.rst | 2 ++ src/werkzeug/utils.py | 31 +++++++++++++++++++++---------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index df78327bb..bed9decf6 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -12,6 +12,8 @@ Unreleased :func:`utils.validate_arguments`, use :meth:`Signature.bind` and :func:`inspect.signature` instead. :issue:`1757` - Deprecate :class:`utils.HTMLBuilder`. :issue:`1761` +- Deprecate :func:`utils.escape` and :func:`utils.unescape`, use + MarkupSafe instead. :issue:`1758` - ``JSONMixin`` no longer uses simplejson if it's installed. To use another JSON module, override ``JSONMixin.json_module``. :pr:`1766` - Add a ``url_scheme`` argument to :meth:`~routing.MapAdapter.build` diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index 1681d6ffd..ef5ecaa36 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -430,16 +430,20 @@ def secure_filename(filename): def escape(s): - """Replace special characters "&", "<", ">" and (") to HTML-safe sequences. + """Replace ``&``, ``<``, ``>``, and ``"`` with HTML-safe sequences. - There is a special handling for `None` which escapes to an empty string. + ``None`` is escaped to an empty string. - .. versionchanged:: 0.9 - `quote` is now implicitly on. - - :param s: the string to escape. - :param quote: ignored. + .. deprecated:: 2.0 + Will be removed in 2.1. Use MarkupSafe instead. """ + warnings.warn( + "'utils.escape' is deprecated and will be removed in 2.1. Use" + " MarkupSafe instead.", + DeprecationWarning, + stacklevel=2, + ) + if s is None: return "" elif hasattr(s, "__html__"): @@ -457,11 +461,18 @@ def escape(s): def unescape(s): - """The reverse function of `escape`. This unescapes all the HTML - entities, not only the XML entities inserted by `escape`. + """The reverse of :func:`escape`. This unescapes all the HTML + entities, not only those inserted by ``escape``. - :param s: the string to unescape. + .. deprecated:: 2.0 + Will be removed in 2.1. Use MarkupSafe instead. """ + warnings.warn( + "'utils.unescape' is deprecated and will be removed in 2.1. Use" + " MarkupSafe instead.", + DeprecationWarning, + stacklevel=2, + ) def handle_match(m): name = m.group(1) From 5fd13860d7f649fbe592601b1dea728050daffa5 Mon Sep 17 00:00:00 2001 From: David Lord Date: Sun, 12 Apr 2020 13:28:46 -0700 Subject: [PATCH 179/733] replace deprecated escape with html.escape --- docs/levels.rst | 4 +-- examples/plnt/sync.py | 2 +- src/werkzeug/debug/console.py | 2 +- src/werkzeug/debug/repr.py | 3 +-- src/werkzeug/debug/tbtools.py | 3 +-- src/werkzeug/exceptions.py | 2 +- src/werkzeug/testapp.py | 2 +- src/werkzeug/utils.py | 47 +++++++++++++++-------------------- tests/test_debug.py | 37 +++++++++++++-------------- tests/test_utils.py | 16 ------------ 10 files changed, 47 insertions(+), 71 deletions(-) diff --git a/docs/levels.rst b/docs/levels.rst index fa7b2e4eb..f36f8b09d 100644 --- a/docs/levels.rst +++ b/docs/levels.rst @@ -19,7 +19,7 @@ user with the name entered. .. code-block:: python - from werkzeug.utils import escape + from html import escape from werkzeug.wrappers import Request, Response @Request.application @@ -38,8 +38,8 @@ user with the name entered. Alternatively the same application could be used without request and response objects but by taking advantage of the parsing functions werkzeug provides:: + from html import escape from werkzeug.formparser import parse_form_data - from werkzeug.utils import escape def hello_world(environ, start_response): result = ['Greeter'] diff --git a/examples/plnt/sync.py b/examples/plnt/sync.py index 8b0390240..40359156f 100644 --- a/examples/plnt/sync.py +++ b/examples/plnt/sync.py @@ -1,8 +1,8 @@ """Does the synchronization. Called by "manage-plnt.py sync".""" from datetime import datetime +from html import escape import feedparser -from werkzeug.utils import escape from .database import Blog from .database import Entry diff --git a/src/werkzeug/debug/console.py b/src/werkzeug/debug/console.py index 5fa9924da..39c3083e2 100644 --- a/src/werkzeug/debug/console.py +++ b/src/werkzeug/debug/console.py @@ -1,9 +1,9 @@ import code import sys +from html import escape from types import CodeType from ..local import Local -from ..utils import escape from .repr import debug_repr from .repr import dump from .repr import helper diff --git a/src/werkzeug/debug/repr.py b/src/werkzeug/debug/repr.py index 2d184a3ee..5ac7d7d28 100644 --- a/src/werkzeug/debug/repr.py +++ b/src/werkzeug/debug/repr.py @@ -8,10 +8,9 @@ import re import sys from collections import deque +from html import escape from traceback import format_exception_only -from ..utils import escape - missing = object() _paragraph_re = re.compile(r"(?:\r\n|\r|\n){2,}") diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py index a15d89b2a..a10a66dac 100644 --- a/src/werkzeug/debug/tbtools.py +++ b/src/werkzeug/debug/tbtools.py @@ -6,15 +6,14 @@ import sys import sysconfig import traceback +from html import escape from tokenize import TokenError from .._internal import _to_str from ..filesystem import get_filesystem_encoding from ..utils import cached_property -from ..utils import escape from .console import Console - _coding_re = re.compile(br"coding[:=]\s*([-\w.]+)") _line_re = re.compile(br"^(.*?)$", re.MULTILINE) _funcdef_re = re.compile(r"^(\s*def\s)|(.*(?*/" buffer += children_as_string + f"" @@ -437,6 +441,8 @@ def escape(s): .. deprecated:: 2.0 Will be removed in 2.1. Use MarkupSafe instead. """ + import html + warnings.warn( "'utils.escape' is deprecated and will be removed in 2.1. Use" " MarkupSafe instead.", @@ -446,18 +452,14 @@ def escape(s): if s is None: return "" - elif hasattr(s, "__html__"): + + if hasattr(s, "__html__"): return s.__html__() if not isinstance(s, str): s = str(s) - return ( - s.replace("&", "&") - .replace("<", "<") - .replace(">", ">") - .replace('"', """) - ) + return html.escape(s, quote=True) def unescape(s): @@ -467,27 +469,15 @@ def unescape(s): .. deprecated:: 2.0 Will be removed in 2.1. Use MarkupSafe instead. """ + import html + warnings.warn( "'utils.unescape' is deprecated and will be removed in 2.1. Use" " MarkupSafe instead.", DeprecationWarning, stacklevel=2, ) - - def handle_match(m): - name = m.group(1) - if name in HTMLBuilder._entities: - return chr(HTMLBuilder._entities[name]) - try: - if name[:2] in ("#x", "#X"): - return chr(int(name[2:], 16)) - elif name.startswith("#"): - return chr(int(name[1:])) - except ValueError: - pass - return "" - - return _entity_re.sub(handle_match, s) + return html.unescape(s) def redirect(location, code=302, Response=None): @@ -510,10 +500,12 @@ def redirect(location, code=302, Response=None): response. The default is :class:`werkzeug.wrappers.Response` if unspecified. """ + import html + if Response is None: from .wrappers import Response - display_location = escape(location) + display_location = html.escape(location) if isinstance(location, str): # Safe conversion is necessary here as we might redirect # to a broken URI scheme (for instance itms-services). @@ -525,7 +517,8 @@ def redirect(location, code=302, Response=None): "Redirecting...\n" "

    Redirecting...

    \n" "

    You should be redirected automatically to target URL: " - f'{display_location}. If not click the link.', + f'{display_location}. If' + " not click the link.", code, mimetype="text/html", ) diff --git a/tests/test_debug.py b/tests/test_debug.py index bcc5b66f9..6c52e9c3f 100644 --- a/tests/test_debug.py +++ b/tests/test_debug.py @@ -22,26 +22,25 @@ class TestDebugRepr: def test_basic_repr(self): assert debug_repr([]) == "[]" - assert ( - debug_repr([1, 2]) - == '[1, 2]' + assert debug_repr([1, 2]) == ( + '[1, 2]' ) - assert ( - debug_repr([1, "test"]) - == '[1, \'test\']' + assert debug_repr([1, "test"]) == ( + '[1,' + ' 'test']' ) assert debug_repr([None]) == '[None]' def test_string_repr(self): - assert debug_repr("") == "''" - assert debug_repr("foo") == "'foo'" + assert debug_repr("") == '''' + assert debug_repr("foo") == ''foo'' assert debug_repr("s" * 80) == ( - f'\'{"s" * 69}' - f'{"s" * 11}\'' + f''{"s" * 69}' + f'{"s" * 11}'' ) assert debug_repr("<" * 80) == ( - f'\'{"<" * 69}' - f'{"<" * 11}\'' + f''{"<" * 69}' + f'{"<" * 11}'' ) def test_string_subclass_repr(self): @@ -50,7 +49,7 @@ class Test(str): assert debug_repr(Test("foo")) == ( 'test_debug.' - "Test('foo')" + 'Test('foo')' ) def test_sequence_repr(self): @@ -71,7 +70,7 @@ def test_sequence_repr(self): def test_mapping_repr(self): assert debug_repr({}) == "{}" assert debug_repr({"foo": 42}) == ( - '{\'foo\'' + '{'foo'' ': 42' "}" ) @@ -109,8 +108,8 @@ def test_mapping_repr(self): "}" ) assert debug_repr((1, "zwei", "drei")) == ( - '(1, \'' - "zwei', 'drei')" + '(1, '' + 'zwei', 'drei')' ) def test_custom_repr(self): @@ -143,9 +142,11 @@ def test_regex_repr(self): def test_set_repr(self): assert ( debug_repr(frozenset("x")) - == "frozenset(['x'])" + == 'frozenset(['x'])' + ) + assert debug_repr(set("x")) == ( + 'set(['x'])' ) - assert debug_repr(set("x")) == "set(['x'])" def test_recursive_repr(self): a = [1] diff --git a/tests/test_utils.py b/tests/test_utils.py index 108f6ea0b..88b8a341f 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -172,22 +172,6 @@ def test_assign(): assert a.environ["date"] == "Tue, 22 Jan 2008 10:00:00 GMT" -def test_escape(): - class Foo(str): - def __html__(self): - return str(self) - - assert utils.escape(None) == "" - assert utils.escape(42) == "42" - assert utils.escape("<>") == "<>" - assert utils.escape('"foo"') == ""foo"" - assert utils.escape(Foo("")) == "" - - -def test_unescape(): - assert utils.unescape("<ä>") == "<ä>" - - def test_import_string(): from datetime import date from werkzeug.debug import DebuggedApplication From e515b425d4c139106543a34c910f41f7d502a51d Mon Sep 17 00:00:00 2001 From: keii1111 Date: Tue, 14 Apr 2020 20:25:16 +0900 Subject: [PATCH 180/733] fix mistyped path in CONTRIBUTING.rst --- CONTRIBUTING.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index 33a2e3129..1d89ae60b 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -64,7 +64,7 @@ First time setup - Create a virtualenv:: - python3 -m venv env + python3 -m venv venv . venv/bin/activate # or "venv\Scripts\activate" on Windows From b050d8797ab4d3541e68fd287113648cca8a0158 Mon Sep 17 00:00:00 2001 From: northernSage Date: Wed, 15 Apr 2020 18:03:15 -0300 Subject: [PATCH 181/733] add pre-commit installation --- CONTRIBUTING.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index 1d89ae60b..81154183c 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -72,6 +72,12 @@ First time setup pip install -e ".[dev]" +- Install pre-commit hooks for automatically checking each commit for simple + issues (Linting and Formatting) before submission to code review:: + + pip install pre-commit + pre-commit install + git commit Start coding ~~~~~~~~~~~~ From d956506775d8d3cc8000916096e5f119df0a28b7 Mon Sep 17 00:00:00 2001 From: Dennis Duong Date: Sun, 3 May 2020 00:00:56 -0700 Subject: [PATCH 182/733] Update documentation of SharedDataMiddleware --- src/werkzeug/middleware/shared_data.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py index 55f3e8600..28758b68a 100644 --- a/src/werkzeug/middleware/shared_data.py +++ b/src/werkzeug/middleware/shared_data.py @@ -36,7 +36,7 @@ class SharedDataMiddleware: from werkzeug.middleware.shared_data import SharedDataMiddleware app = SharedDataMiddleware(app, { - '/static': os.path.join(os.path.dirname(__file__), 'static') + '/shared': os.path.join(os.path.dirname(__file__), 'shared') }) The contents of the folder ``./shared`` will now be available on From d03b97779720c614287d2aef0f075ee4a1391c5b Mon Sep 17 00:00:00 2001 From: Adam Englander Date: Mon, 4 May 2020 20:19:00 -0700 Subject: [PATCH 183/733] Add new "edg" identifier for Edge in UserAgentPreparser Resolves #1797 --- CHANGES.rst | 7 ++++++ src/werkzeug/useragents.py | 2 +- tests/test_useragents.py | 44 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 tests/test_useragents.py diff --git a/CHANGES.rst b/CHANGES.rst index 6193f3eec..d275a24e7 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,5 +1,12 @@ .. currentmodule:: werkzeug +Version 1.0.2 +------------- + +- Add new "edg" identifier for Edge in UserAgentPreparser. + :issue:`1797` + + Version 1.0.1 ------------- diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py index 6ef6e2b8e..5f8e6b211 100644 --- a/src/werkzeug/useragents.py +++ b/src/werkzeug/useragents.py @@ -47,7 +47,7 @@ class UserAgentParser(object): ("ask jeeves", "ask"), (r"aol|america\s+online\s+browser", "aol"), (r"opera|opr", "opera"), - ("edge", "edge"), + ("edge|edg", "edge"), ("chrome|crios", "chrome"), ("seamonkey", "seamonkey"), ("firefox|firebird|phoenix|iceweasel", "firefox"), diff --git a/tests/test_useragents.py b/tests/test_useragents.py new file mode 100644 index 000000000..68e700c68 --- /dev/null +++ b/tests/test_useragents.py @@ -0,0 +1,44 @@ +# -*- coding: utf-8 -*- +""" + tests.urls + ~~~~~~~~~~ + + URL helper tests. + + :copyright: 2020 Pallets + :license: BSD-3-Clause +""" +import pytest + +from werkzeug import useragents + + +@pytest.mark.parametrize( + ("user_agent", "platform", "browser", "version", "language"), + ( + ( + "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36 Edge/13.10586", # noqa B950 + "windows", + "edge", + "13.10586", + None, + ), + ( + "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Edg/81.0.416.68", # noqa B950 + "windows", + "edge", + "81.0.416.68", + None, + ), + ( + "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4123.0 Safari/537.36 Edg/84.0.499.0 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36", # noqa B950 + "windows", + "edge", + "84.0.499.0", + None, + ), + ), +) +def test_edge_browsers(user_agent, platform, browser, version, language): + parsed = useragents.UserAgentParser()(user_agent) + assert parsed == (platform, browser, version, language) From f5af20af1bbb1919b5d1cfc380e545beb78460d2 Mon Sep 17 00:00:00 2001 From: pgjones Date: Sat, 16 May 2020 10:45:44 +0100 Subject: [PATCH 184/733] Note that 1.0.2 is currently unreleased --- CHANGES.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index d275a24e7..5d897e4af 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -3,6 +3,8 @@ Version 1.0.2 ------------- +Unreleased + - Add new "edg" identifier for Edge in UserAgentPreparser. :issue:`1797` From 012d44b9b946e899eafcdb79b18f0d0c6c5c742a Mon Sep 17 00:00:00 2001 From: pgjones Date: Sat, 16 May 2020 11:32:25 +0100 Subject: [PATCH 185/733] Upgrade the debugger to jQuery 3.5.1 This resolves any concerns around CVE-2020-11022 which may allow for untrusted code execution in the debugger frontend. --- CHANGES.rst | 1 + src/werkzeug/debug/shared/jquery.js | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 5d897e4af..49d87ec97 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -7,6 +7,7 @@ Unreleased - Add new "edg" identifier for Edge in UserAgentPreparser. :issue:`1797` +- Upgrade the debugger to jQuery 3.5.1. :issue:`1802` Version 1.0.1 diff --git a/src/werkzeug/debug/shared/jquery.js b/src/werkzeug/debug/shared/jquery.js index a1c07fd80..b0614034a 100644 --- a/src/werkzeug/debug/shared/jquery.js +++ b/src/werkzeug/debug/shared/jquery.js @@ -1,2 +1,2 @@ -/*! jQuery v3.4.1 | (c) JS Foundation and other contributors | jquery.org/license */ -!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.4.1",k=function(e,t){return new k.fn.init(e,t)},p=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g;function d(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp($),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+$),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\([\\da-f]{1,6}"+M+"?|("+M+")|.)","ig"),ne=function(e,t,n){var r="0x"+t-65536;return r!=r||n?t:r<0?String.fromCharCode(r+65536):String.fromCharCode(r>>10|55296,1023&r|56320)},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(m.childNodes),m.childNodes),t[m.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&((e?e.ownerDocument||e:m)!==C&&T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&d.getElementsByClassName&&e.getElementsByClassName)return H.apply(n,e.getElementsByClassName(i)),n}if(d.qsa&&!A[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&U.test(t)){(s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=k),o=(l=h(t)).length;while(o--)l[o]="#"+s+" "+xe(l[o]);c=l.join(","),f=ee.test(t)&&ye(e.parentNode)||e}try{return H.apply(n,f.querySelectorAll(c)),n}catch(e){A(t,!0)}finally{s===k&&e.removeAttribute("id")}}}return g(t.replace(B,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[k]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,t){var n=e.split("|"),r=n.length;while(r--)b.attrHandle[n[r]]=t}function pe(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function de(t){return function(e){return"input"===e.nodeName.toLowerCase()&&e.type===t}}function he(n){return function(e){var t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e.namespaceURI,n=(e.ownerDocument||e).documentElement;return!Y.test(t||n&&n.nodeName||"HTML")},T=se.setDocument=function(e){var t,n,r=e?e.ownerDocument||e:m;return r!==C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),m!==C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.attributes=ce(function(e){return e.className="i",!e.getAttribute("className")}),d.getElementsByTagName=ce(function(e){return e.appendChild(C.createComment("")),!e.getElementsByTagName("*").length}),d.getElementsByClassName=K.test(C.getElementsByClassName),d.getById=ce(function(e){return a.appendChild(e).id=k,!C.getElementsByName||!C.getElementsByName(k).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},b.find.CLASS=d.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&E)return t.getElementsByClassName(e)},s=[],v=[],(d.qsa=K.test(C.querySelectorAll))&&(ce(function(e){a.appendChild(e).innerHTML="",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+k+"-]").length||v.push("~="),e.querySelectorAll(":checked").length||v.push(":checked"),e.querySelectorAll("a#"+k+"+*").length||v.push(".#.+[+~]")}),ce(function(e){e.innerHTML="";var t=C.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&v.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),v.push(",.*:")})),(d.matchesSelector=K.test(c=a.matches||a.webkitMatchesSelector||a.mozMatchesSelector||a.oMatchesSelector||a.msMatchesSelector))&&ce(function(e){d.disconnectedMatch=c.call(e,"*"),c.call(e,"[s!='']:x"),s.push("!=",$)}),v=v.length&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},D=t?function(e,t){if(e===t)return l=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)===(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!d.sortDetached&&t.compareDocumentPosition(e)===n?e===C||e.ownerDocument===m&&y(m,e)?-1:t===C||t.ownerDocument===m&&y(m,t)?1:u?P(u,e)-P(u,t):0:4&n?-1:1)}:function(e,t){if(e===t)return l=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e===C?-1:t===C?1:i?-1:o?1:u?P(u,e)-P(u,t):0;if(i===o)return pe(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?pe(a[r],s[r]):a[r]===m?-1:s[r]===m?1:0}),C},se.matches=function(e,t){return se(e,null,null,t)},se.matchesSelector=function(e,t){if((e.ownerDocument||e)!==C&&T(e),d.matchesSelector&&E&&!A[t+" "]&&(!s||!s.test(t))&&(!v||!v.test(t)))try{var n=c.call(e,t);if(n||d.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){A(t,!0)}return 0":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(te,ne),e[3]=(e[3]||e[4]||e[5]||"").replace(te,ne),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return G.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=h(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(te,ne).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=p[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&p(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=se.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function j(e,n,r){return m(n)?k.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?k.grep(e,function(e){return e===n!==r}):"string"!=typeof n?k.grep(e,function(e){return-1)[^>]*|#([\w-]+))$/;(k.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||q,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:L.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof k?t[0]:t,k.merge(this,k.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:E,!0)),D.test(r[1])&&k.isPlainObject(t))for(r in t)m(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=E.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):m(e)?void 0!==n.ready?n.ready(e):e(k):k.makeArray(e,this)}).prototype=k.fn,q=k(E);var H=/^(?:parents|prev(?:Until|All))/,O={children:!0,contents:!0,next:!0,prev:!0};function P(e,t){while((e=e[t])&&1!==e.nodeType);return e}k.fn.extend({has:function(e){var t=k(e,this),n=t.length;return this.filter(function(){for(var e=0;e\x20\t\r\n\f]*)/i,he=/^$|^module$|\/(?:java|ecma)script/i,ge={option:[1,""],thead:[1,"","
    "],col:[2,"","
    "],tr:[2,"","
    "],td:[3,"","
    "],_default:[0,"",""]};function ve(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&A(e,t)?k.merge([e],n):n}function ye(e,t){for(var n=0,r=e.length;nx",y.noCloneChecked=!!me.cloneNode(!0).lastChild.defaultValue;var Te=/^key/,Ce=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,Ee=/^([^.]*)(?:\.(.+)|)/;function ke(){return!0}function Se(){return!1}function Ne(e,t){return e===function(){try{return E.activeElement}catch(e){}}()==("focus"===t)}function Ae(e,t,n,r,i,o){var a,s;if("object"==typeof t){for(s in"string"!=typeof n&&(r=r||n,n=void 0),t)Ae(e,s,n,r,t[s],o);return e}if(null==r&&null==i?(i=n,r=n=void 0):null==i&&("string"==typeof n?(i=r,r=void 0):(i=r,r=n,n=void 0)),!1===i)i=Se;else if(!i)return e;return 1===o&&(a=i,(i=function(e){return k().off(e),a.apply(this,arguments)}).guid=a.guid||(a.guid=k.guid++)),e.each(function(){k.event.add(this,t,i,r,n)})}function De(e,i,o){o?(Q.set(e,i,!1),k.event.add(e,i,{namespace:!1,handler:function(e){var t,n,r=Q.get(this,i);if(1&e.isTrigger&&this[i]){if(r.length)(k.event.special[i]||{}).delegateType&&e.stopPropagation();else if(r=s.call(arguments),Q.set(this,i,r),t=o(this,i),this[i](),r!==(n=Q.get(this,i))||t?Q.set(this,i,!1):n={},r!==n)return e.stopImmediatePropagation(),e.preventDefault(),n.value}else r.length&&(Q.set(this,i,{value:k.event.trigger(k.extend(r[0],k.Event.prototype),r.slice(1),this)}),e.stopImmediatePropagation())}})):void 0===Q.get(e,i)&&k.event.add(e,i,ke)}k.event={global:{},add:function(t,e,n,r,i){var o,a,s,u,l,c,f,p,d,h,g,v=Q.get(t);if(v){n.handler&&(n=(o=n).handler,i=o.selector),i&&k.find.matchesSelector(ie,i),n.guid||(n.guid=k.guid++),(u=v.events)||(u=v.events={}),(a=v.handle)||(a=v.handle=function(e){return"undefined"!=typeof k&&k.event.triggered!==e.type?k.event.dispatch.apply(t,arguments):void 0}),l=(e=(e||"").match(R)||[""]).length;while(l--)d=g=(s=Ee.exec(e[l])||[])[1],h=(s[2]||"").split(".").sort(),d&&(f=k.event.special[d]||{},d=(i?f.delegateType:f.bindType)||d,f=k.event.special[d]||{},c=k.extend({type:d,origType:g,data:r,handler:n,guid:n.guid,selector:i,needsContext:i&&k.expr.match.needsContext.test(i),namespace:h.join(".")},o),(p=u[d])||((p=u[d]=[]).delegateCount=0,f.setup&&!1!==f.setup.call(t,r,h,a)||t.addEventListener&&t.addEventListener(d,a)),f.add&&(f.add.call(t,c),c.handler.guid||(c.handler.guid=n.guid)),i?p.splice(p.delegateCount++,0,c):p.push(c),k.event.global[d]=!0)}},remove:function(e,t,n,r,i){var o,a,s,u,l,c,f,p,d,h,g,v=Q.hasData(e)&&Q.get(e);if(v&&(u=v.events)){l=(t=(t||"").match(R)||[""]).length;while(l--)if(d=g=(s=Ee.exec(t[l])||[])[1],h=(s[2]||"").split(".").sort(),d){f=k.event.special[d]||{},p=u[d=(r?f.delegateType:f.bindType)||d]||[],s=s[2]&&new RegExp("(^|\\.)"+h.join("\\.(?:.*\\.|)")+"(\\.|$)"),a=o=p.length;while(o--)c=p[o],!i&&g!==c.origType||n&&n.guid!==c.guid||s&&!s.test(c.namespace)||r&&r!==c.selector&&("**"!==r||!c.selector)||(p.splice(o,1),c.selector&&p.delegateCount--,f.remove&&f.remove.call(e,c));a&&!p.length&&(f.teardown&&!1!==f.teardown.call(e,h,v.handle)||k.removeEvent(e,d,v.handle),delete u[d])}else for(d in u)k.event.remove(e,d+t[l],n,r,!0);k.isEmptyObject(u)&&Q.remove(e,"handle events")}},dispatch:function(e){var t,n,r,i,o,a,s=k.event.fix(e),u=new Array(arguments.length),l=(Q.get(this,"events")||{})[s.type]||[],c=k.event.special[s.type]||{};for(u[0]=s,t=1;t\x20\t\r\n\f]*)[^>]*)\/>/gi,qe=/\s*$/g;function Oe(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&k(e).children("tbody")[0]||e}function Pe(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function Re(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Me(e,t){var n,r,i,o,a,s,u,l;if(1===t.nodeType){if(Q.hasData(e)&&(o=Q.access(e),a=Q.set(t,o),l=o.events))for(i in delete a.handle,a.events={},l)for(n=0,r=l[i].length;n")},clone:function(e,t,n){var r,i,o,a,s,u,l,c=e.cloneNode(!0),f=oe(e);if(!(y.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||k.isXMLDoc(e)))for(a=ve(c),r=0,i=(o=ve(e)).length;r").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),E.head.appendChild(r[0])},abort:function(){i&&i()}}});var Vt,Gt=[],Yt=/(=)\?(?=&|$)|\?\?/;k.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=Gt.pop()||k.expando+"_"+kt++;return this[e]=!0,e}}),k.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Yt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Yt.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Yt,"$1"+r):!1!==e.jsonp&&(e.url+=(St.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||k.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=C[r],C[r]=function(){o=arguments},n.always(function(){void 0===i?k(C).removeProp(r):C[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,Gt.push(r)),o&&m(i)&&i(o[0]),o=i=void 0}),"script"}),y.createHTMLDocument=((Vt=E.implementation.createHTMLDocument("").body).innerHTML="

    ",2===Vt.childNodes.length),k.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(y.createHTMLDocument?((r=(t=E.implementation.createHTMLDocument("")).createElement("base")).href=E.location.href,t.head.appendChild(r)):t=E),o=!n&&[],(i=D.exec(e))?[t.createElement(i[1])]:(i=we([e],t,o),o&&o.length&&k(o).remove(),k.merge([],i.childNodes)));var r,i,o},k.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1").append(k.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},k.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){k.fn[t]=function(e){return this.on(t,e)}}),k.expr.pseudos.animated=function(t){return k.grep(k.timers,function(e){return t===e.elem}).length},k.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=k.css(e,"position"),c=k(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=k.css(e,"top"),u=k.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),m(t)&&(t=t.call(e,n,k.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):c.css(f)}},k.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){k.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===k.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===k.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=k(e).offset()).top+=k.css(e,"borderTopWidth",!0),i.left+=k.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-k.css(r,"marginTop",!0),left:t.left-i.left-k.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===k.css(e,"position"))e=e.offsetParent;return e||ie})}}),k.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;k.fn[t]=function(e){return _(this,function(e,t,n){var r;if(x(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),k.each(["top","left"],function(e,n){k.cssHooks[n]=ze(y.pixelPosition,function(e,t){if(t)return t=_e(e,n),$e.test(t)?k(e).position()[n]+"px":t})}),k.each({Height:"height",Width:"width"},function(a,s){k.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){k.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return _(this,function(e,t,n){var r;return x(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?k.css(e,t,i):k.style(e,t,n,i)},s,n?e:void 0,n)}})}),k.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){k.fn[n]=function(e,t){return 0+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp(F),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+F),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(p.childNodes),p.childNodes),t[p.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&(T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&d.getElementsByClassName&&e.getElementsByClassName)return H.apply(n,e.getElementsByClassName(i)),n}if(d.qsa&&!N[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&(U.test(t)||z.test(t))){(f=ee.test(t)&&ye(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(e){N(t,!0)}finally{s===S&&e.removeAttribute("id")}}}return g(t.replace($,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[S]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,t){var n=e.split("|"),r=n.length;while(r--)b.attrHandle[n[r]]=t}function pe(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function de(t){return function(e){return"input"===e.nodeName.toLowerCase()&&e.type===t}}function he(n){return function(e){var t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e.namespaceURI,n=(e.ownerDocument||e).documentElement;return!Y.test(t||n&&n.nodeName||"HTML")},T=se.setDocument=function(e){var t,n,r=e?e.ownerDocument||e:p;return r!=C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),p!=C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.scope=ce(function(e){return a.appendChild(e).appendChild(C.createElement("div")),"undefined"!=typeof e.querySelectorAll&&!e.querySelectorAll(":scope fieldset div").length}),d.attributes=ce(function(e){return e.className="i",!e.getAttribute("className")}),d.getElementsByTagName=ce(function(e){return e.appendChild(C.createComment("")),!e.getElementsByTagName("*").length}),d.getElementsByClassName=K.test(C.getElementsByClassName),d.getById=ce(function(e){return a.appendChild(e).id=S,!C.getElementsByName||!C.getElementsByName(S).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},b.find.CLASS=d.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&E)return t.getElementsByClassName(e)},s=[],v=[],(d.qsa=K.test(C.querySelectorAll))&&(ce(function(e){var t;a.appendChild(e).innerHTML="",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+S+"-]").length||v.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||v.push("\\["+M+"*name"+M+"*="+M+"*(?:''|\"\")"),e.querySelectorAll(":checked").length||v.push(":checked"),e.querySelectorAll("a#"+S+"+*").length||v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="";var t=C.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&v.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),v.push(",.*:")})),(d.matchesSelector=K.test(c=a.matches||a.webkitMatchesSelector||a.mozMatchesSelector||a.oMatchesSelector||a.msMatchesSelector))&&ce(function(e){d.disconnectedMatch=c.call(e,"*"),c.call(e,"[s!='']:x"),s.push("!=",F)}),v=v.length&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},D=t?function(e,t){if(e===t)return l=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)==(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C||e.ownerDocument==p&&y(p,e)?-1:t==C||t.ownerDocument==p&&y(p,t)?1:u?P(u,e)-P(u,t):0:4&n?-1:1)}:function(e,t){if(e===t)return l=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e==C?-1:t==C?1:i?-1:o?1:u?P(u,e)-P(u,t):0;if(i===o)return pe(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?pe(a[r],s[r]):a[r]==p?-1:s[r]==p?1:0}),C},se.matches=function(e,t){return se(e,null,null,t)},se.matchesSelector=function(e,t){if(T(e),d.matchesSelector&&E&&!N[t+" "]&&(!s||!s.test(t))&&(!v||!v.test(t)))try{var n=c.call(e,t);if(n||d.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){N(t,!0)}return 0":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(te,ne),e[3]=(e[3]||e[4]||e[5]||"").replace(te,ne),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return G.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=h(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(te,ne).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=m[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&m(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=se.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function D(e,n,r){return m(n)?S.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?S.grep(e,function(e){return e===n!==r}):"string"!=typeof n?S.grep(e,function(e){return-1)[^>]*|#([\w-]+))$/;(S.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||j,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:q.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof S?t[0]:t,S.merge(this,S.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:E,!0)),N.test(r[1])&&S.isPlainObject(t))for(r in t)m(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=E.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):m(e)?void 0!==n.ready?n.ready(e):e(S):S.makeArray(e,this)}).prototype=S.fn,j=S(E);var L=/^(?:parents|prev(?:Until|All))/,H={children:!0,contents:!0,next:!0,prev:!0};function O(e,t){while((e=e[t])&&1!==e.nodeType);return e}S.fn.extend({has:function(e){var t=S(e,this),n=t.length;return this.filter(function(){for(var e=0;e\x20\t\r\n\f]*)/i,he=/^$|^module$|\/(?:java|ecma)script/i;ce=E.createDocumentFragment().appendChild(E.createElement("div")),(fe=E.createElement("input")).setAttribute("type","radio"),fe.setAttribute("checked","checked"),fe.setAttribute("name","t"),ce.appendChild(fe),y.checkClone=ce.cloneNode(!0).cloneNode(!0).lastChild.checked,ce.innerHTML="",y.noCloneChecked=!!ce.cloneNode(!0).lastChild.defaultValue,ce.innerHTML="",y.option=!!ce.lastChild;var ge={thead:[1,"","
    "],col:[2,"","
    "],tr:[2,"","
    "],td:[3,"","
    "],_default:[0,"",""]};function ve(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&A(e,t)?S.merge([e],n):n}function ye(e,t){for(var n=0,r=e.length;n",""]);var me=/<|&#?\w+;/;function xe(e,t,n,r,i){for(var o,a,s,u,l,c,f=t.createDocumentFragment(),p=[],d=0,h=e.length;d\s*$/g;function qe(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&S(e).children("tbody")[0]||e}function Le(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function He(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Oe(e,t){var n,r,i,o,a,s;if(1===t.nodeType){if(Y.hasData(e)&&(s=Y.get(e).events))for(i in Y.remove(t,"handle events"),s)for(n=0,r=s[i].length;n").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),E.head.appendChild(r[0])},abort:function(){i&&i()}}});var Ut,Xt=[],Vt=/(=)\?(?=&|$)|\?\?/;S.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=Xt.pop()||S.expando+"_"+Ct.guid++;return this[e]=!0,e}}),S.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Vt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Vt.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Vt,"$1"+r):!1!==e.jsonp&&(e.url+=(Et.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||S.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=C[r],C[r]=function(){o=arguments},n.always(function(){void 0===i?S(C).removeProp(r):C[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,Xt.push(r)),o&&m(i)&&i(o[0]),o=i=void 0}),"script"}),y.createHTMLDocument=((Ut=E.implementation.createHTMLDocument("").body).innerHTML="
    ",2===Ut.childNodes.length),S.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(y.createHTMLDocument?((r=(t=E.implementation.createHTMLDocument("")).createElement("base")).href=E.location.href,t.head.appendChild(r)):t=E),o=!n&&[],(i=N.exec(e))?[t.createElement(i[1])]:(i=xe([e],t,o),o&&o.length&&S(o).remove(),S.merge([],i.childNodes)));var r,i,o},S.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1").append(S.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},S.expr.pseudos.animated=function(t){return S.grep(S.timers,function(e){return t===e.elem}).length},S.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=S.css(e,"position"),c=S(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=S.css(e,"top"),u=S.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),m(t)&&(t=t.call(e,n,S.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):("number"==typeof f.top&&(f.top+="px"),"number"==typeof f.left&&(f.left+="px"),c.css(f))}},S.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){S.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===S.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===S.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=S(e).offset()).top+=S.css(e,"borderTopWidth",!0),i.left+=S.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-S.css(r,"marginTop",!0),left:t.left-i.left-S.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===S.css(e,"position"))e=e.offsetParent;return e||re})}}),S.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;S.fn[t]=function(e){return $(this,function(e,t,n){var r;if(x(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),S.each(["top","left"],function(e,n){S.cssHooks[n]=$e(y.pixelPosition,function(e,t){if(t)return t=Be(e,n),Me.test(t)?S(e).position()[n]+"px":t})}),S.each({Height:"height",Width:"width"},function(a,s){S.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){S.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return $(this,function(e,t,n){var r;return x(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?S.css(e,t,i):S.style(e,t,n,i)},s,n?e:void 0,n)}})}),S.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){S.fn[t]=function(e){return this.on(t,e)}}),S.fn.extend({bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),S.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){S.fn[n]=function(e,t){return 0 Date: Mon, 18 May 2020 14:18:00 +0100 Subject: [PATCH 186/733] Fix a style warning Mistakenly merged from d03b97779720c614287d2aef0f075ee4a1391c5b. --- tests/test_useragents.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/test_useragents.py b/tests/test_useragents.py index 68e700c68..1b950330a 100644 --- a/tests/test_useragents.py +++ b/tests/test_useragents.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ tests.urls ~~~~~~~~~~ From a0ebf9c640ad8b4ee3ca28563476c624e863a798 Mon Sep 17 00:00:00 2001 From: David Lord Date: Mon, 18 May 2020 13:40:27 -0700 Subject: [PATCH 187/733] add ReadTheDocs config --- .readthedocs.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .readthedocs.yaml diff --git a/.readthedocs.yaml b/.readthedocs.yaml new file mode 100644 index 000000000..af232107a --- /dev/null +++ b/.readthedocs.yaml @@ -0,0 +1,8 @@ +version: 2 +python: + install: + - method: pip + path: . + - requirements: docs/requirements.txt +sphinx: + builder: dirhtml From ddc9fef1bbc287de82a8bb6e41ebcaac0ef99690 Mon Sep 17 00:00:00 2001 From: David Lord Date: Mon, 18 May 2020 14:19:02 -0700 Subject: [PATCH 188/733] use pip-compile to pin dev requirements --- .readthedocs.yaml | 2 +- CONTRIBUTING.rst | 2 +- MANIFEST.in | 1 + docs/requirements.txt | 4 --- requirements/dev.in | 5 ++++ requirements/dev.txt | 66 ++++++++++++++++++++++++++++++++++++++++++ requirements/docs.in | 4 +++ requirements/docs.txt | 36 +++++++++++++++++++++++ requirements/tests.in | 8 +++++ requirements/tests.txt | 30 +++++++++++++++++++ setup.py | 16 +--------- tox.ini | 12 ++------ 12 files changed, 155 insertions(+), 31 deletions(-) delete mode 100644 docs/requirements.txt create mode 100644 requirements/dev.in create mode 100644 requirements/dev.txt create mode 100644 requirements/docs.in create mode 100644 requirements/docs.txt create mode 100644 requirements/tests.in create mode 100644 requirements/tests.txt diff --git a/.readthedocs.yaml b/.readthedocs.yaml index af232107a..f4dd25bf6 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -3,6 +3,6 @@ python: install: - method: pip path: . - - requirements: docs/requirements.txt + - requirements: requirements/docs.txt sphinx: builder: dirhtml diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index 81154183c..c1560b05b 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -70,7 +70,7 @@ First time setup - Install Werkzeug in editable mode with development dependencies:: - pip install -e ".[dev]" + pip install -e . -r requirements/dev.txt - Install pre-commit hooks for automatically checking each commit for simple issues (Linting and Formatting) before submission to code review:: diff --git a/MANIFEST.in b/MANIFEST.in index 13e164764..78168a957 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,5 +1,6 @@ include CHANGES.rst include tox.ini +include requirements/*.txt graft artwork graft docs prune docs/_build diff --git a/docs/requirements.txt b/docs/requirements.txt deleted file mode 100644 index cd135e3d5..000000000 --- a/docs/requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -Sphinx~=1.8.3 -Pallets-Sphinx-Themes~=1.1.2 -sphinx-issues~=1.2.0 -sphinxcontrib-log-cabinet~=1.0.1 diff --git a/requirements/dev.in b/requirements/dev.in new file mode 100644 index 000000000..c854000e4 --- /dev/null +++ b/requirements/dev.in @@ -0,0 +1,5 @@ +-r docs.in +-r tests.in +pip-tools +pre-commit +tox diff --git a/requirements/dev.txt b/requirements/dev.txt new file mode 100644 index 000000000..b28251de3 --- /dev/null +++ b/requirements/dev.txt @@ -0,0 +1,66 @@ +# +# This file is autogenerated by pip-compile +# To update, run: +# +# pip-compile requirements/dev.in +# +alabaster==0.7.12 # via sphinx +appdirs==1.4.4 # via virtualenv +attrs==19.3.0 # via pytest +babel==2.8.0 # via sphinx +certifi==2020.4.5.1 # via requests +cffi==1.14.0 # via cryptography +cfgv==3.1.0 # via pre-commit +chardet==3.0.4 # via requests +click==7.1.2 # via pip-tools +cryptography==2.9.2 # via -r requirements/tests.in +distlib==0.3.0 # via virtualenv +docutils==0.16 # via sphinx +filelock==3.0.12 # via tox, virtualenv +greenlet==0.4.15 # via -r requirements/tests.in +identify==1.4.15 # via pre-commit +idna==2.9 # via requests +imagesize==1.2.0 # via sphinx +jinja2==2.11.2 # via sphinx +markupsafe==1.1.1 # via jinja2 +more-itertools==8.3.0 # via pytest +nodeenv==1.3.5 # via pre-commit +packaging==20.3 # via pallets-sphinx-themes, pytest, sphinx, tox +pallets-sphinx-themes==1.2.3 # via -r requirements/docs.in +pathtools==0.1.2 # via watchdog +pip-tools==5.1.2 # via -r requirements/dev.in +pluggy==0.13.1 # via pytest, tox +pre-commit==2.4.0 # via -r requirements/dev.in +psutil==5.7.0 # via pytest-xprocess +py==1.8.1 # via pytest, tox +pycparser==2.20 # via cffi +pygments==2.6.1 # via sphinx +pyparsing==2.4.7 # via packaging +pytest-timeout==1.3.4 # via -r requirements/tests.in +pytest-xprocess==0.13.1 # via -r requirements/tests.in +pytest==5.4.2 # via -r requirements/tests.in, pytest-timeout, pytest-xprocess +pytz==2020.1 # via babel +pyyaml==5.3.1 # via pre-commit +requests-unixsocket==0.2.0 # via -r requirements/tests.in +requests==2.23.0 # via -r requirements/tests.in, requests-unixsocket, sphinx +six==1.14.0 # via cryptography, packaging, pip-tools, tox, virtualenv +snowballstemmer==2.0.0 # via sphinx +sphinx-issues==1.2.0 # via -r requirements/docs.in +sphinx==3.0.3 # via -r requirements/docs.in, pallets-sphinx-themes, sphinx-issues, sphinxcontrib-log-cabinet +sphinxcontrib-applehelp==1.0.2 # via sphinx +sphinxcontrib-devhelp==1.0.2 # via sphinx +sphinxcontrib-htmlhelp==1.0.3 # via sphinx +sphinxcontrib-jsmath==1.0.1 # via sphinx +sphinxcontrib-log-cabinet==1.0.1 # via -r requirements/docs.in +sphinxcontrib-qthelp==1.0.3 # via sphinx +sphinxcontrib-serializinghtml==1.1.4 # via sphinx +toml==0.10.1 # via pre-commit, tox +tox==3.15.0 # via -r requirements/dev.in +urllib3==1.25.9 # via requests, requests-unixsocket +virtualenv==20.0.20 # via pre-commit, tox +watchdog==0.10.2 # via -r requirements/tests.in +wcwidth==0.1.9 # via pytest + +# The following packages are considered to be unsafe in a requirements file: +# pip +# setuptools diff --git a/requirements/docs.in b/requirements/docs.in new file mode 100644 index 000000000..7ec501b6d --- /dev/null +++ b/requirements/docs.in @@ -0,0 +1,4 @@ +Pallets-Sphinx-Themes +Sphinx +sphinx-issues +sphinxcontrib-log-cabinet diff --git a/requirements/docs.txt b/requirements/docs.txt new file mode 100644 index 000000000..6f5c81e5a --- /dev/null +++ b/requirements/docs.txt @@ -0,0 +1,36 @@ +# +# This file is autogenerated by pip-compile +# To update, run: +# +# pip-compile requirements/docs.in +# +alabaster==0.7.12 # via sphinx +babel==2.8.0 # via sphinx +certifi==2020.4.5.1 # via requests +chardet==3.0.4 # via requests +docutils==0.16 # via sphinx +idna==2.9 # via requests +imagesize==1.2.0 # via sphinx +jinja2==2.11.2 # via sphinx +markupsafe==1.1.1 # via jinja2 +packaging==20.3 # via pallets-sphinx-themes, sphinx +pallets-sphinx-themes==1.2.3 # via -r requirements/docs.in +pygments==2.6.1 # via sphinx +pyparsing==2.4.7 # via packaging +pytz==2020.1 # via babel +requests==2.23.0 # via sphinx +six==1.14.0 # via packaging +snowballstemmer==2.0.0 # via sphinx +sphinx-issues==1.2.0 # via -r requirements/docs.in +sphinx==3.0.3 # via -r requirements/docs.in, pallets-sphinx-themes, sphinx-issues, sphinxcontrib-log-cabinet +sphinxcontrib-applehelp==1.0.2 # via sphinx +sphinxcontrib-devhelp==1.0.2 # via sphinx +sphinxcontrib-htmlhelp==1.0.3 # via sphinx +sphinxcontrib-jsmath==1.0.1 # via sphinx +sphinxcontrib-log-cabinet==1.0.1 # via -r requirements/docs.in +sphinxcontrib-qthelp==1.0.3 # via sphinx +sphinxcontrib-serializinghtml==1.1.4 # via sphinx +urllib3==1.25.9 # via requests + +# The following packages are considered to be unsafe in a requirements file: +# setuptools diff --git a/requirements/tests.in b/requirements/tests.in new file mode 100644 index 000000000..f692b79ad --- /dev/null +++ b/requirements/tests.in @@ -0,0 +1,8 @@ +pytest +pytest-timeout +pytest-xprocess +requests +requests_unixsocket +cryptography +greenlet +watchdog diff --git a/requirements/tests.txt b/requirements/tests.txt new file mode 100644 index 000000000..45b0668e1 --- /dev/null +++ b/requirements/tests.txt @@ -0,0 +1,30 @@ +# +# This file is autogenerated by pip-compile +# To update, run: +# +# pip-compile requirements/tests.in +# +attrs==19.3.0 # via pytest +certifi==2020.4.5.1 # via requests +cffi==1.14.0 # via cryptography +chardet==3.0.4 # via requests +cryptography==2.9.2 # via -r requirements/tests.in +greenlet==0.4.15 # via -r requirements/tests.in +idna==2.9 # via requests +more-itertools==8.3.0 # via pytest +packaging==20.3 # via pytest +pathtools==0.1.2 # via watchdog +pluggy==0.13.1 # via pytest +psutil==5.7.0 # via pytest-xprocess +py==1.8.1 # via pytest +pycparser==2.20 # via cffi +pyparsing==2.4.7 # via packaging +pytest-timeout==1.3.4 # via -r requirements/tests.in +pytest-xprocess==0.13.1 # via -r requirements/tests.in +pytest==5.4.2 # via -r requirements/tests.in, pytest-timeout, pytest-xprocess +requests-unixsocket==0.2.0 # via -r requirements/tests.in +requests==2.23.0 # via -r requirements/tests.in, requests-unixsocket +six==1.14.0 # via cryptography, packaging +urllib3==1.25.9 # via requests, requests-unixsocket +watchdog==0.10.2 # via -r requirements/tests.in +wcwidth==0.1.9 # via pytest diff --git a/setup.py b/setup.py index e5eb8042a..3798d27f5 100644 --- a/setup.py +++ b/setup.py @@ -1,18 +1,4 @@ from setuptools import setup # Metadata goes in setup.cfg. These are here for GitHub's dependency graph. -setup( - name="Werkzeug", - extras_require={ - "watchdog": ["watchdog"], - "dev": [ - "pytest", - "pytest-timeout", - "tox", - "sphinx", - "pallets-sphinx-themes", - "sphinxcontrib-log-cabinet", - "sphinx-issues", - ], - }, -) +setup(name="Werkzeug", extras_require={"watchdog": ["watchdog"]}) diff --git a/tox.ini b/tox.ini index b74fb051f..9b6d47135 100644 --- a/tox.ini +++ b/tox.ini @@ -6,15 +6,7 @@ envlist = skip_missing_interpreters = true [testenv] -deps = - pytest - pytest-timeout - pytest-xprocess - requests - requests_unixsocket - cryptography - greenlet - watchdog +deps = -r requirements/tests.txt commands = pytest --tb=short --basetemp={envtmpdir} {posargs} [testenv:style] @@ -23,5 +15,5 @@ skip_install = true commands = pre-commit run --all-files --show-diff-on-failure [testenv:docs] -deps = -r docs/requirements.txt +deps = -r requirements/docs.txt commands = sphinx-build -W -b html -d {envtmpdir}/doctrees docs {envtmpdir}/html From 6a50caf4c6a17b110eb23531655dacbf8c61c6af Mon Sep 17 00:00:00 2001 From: David Lord Date: Mon, 18 May 2020 14:35:33 -0700 Subject: [PATCH 189/733] fix docs build --- docs/test.rst | 6 ------ docs/wrappers.rst | 4 ---- src/werkzeug/test.py | 6 ++++-- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/docs/test.rst b/docs/test.rst index 1e9a0956d..ef8781b36 100644 --- a/docs/test.rst +++ b/docs/test.rst @@ -138,12 +138,6 @@ Testing API A dict with values that are used to override the generated environ. - .. attribute:: input_stream - - The optional input stream. This and :attr:`form` / :attr:`files` - is mutually exclusive. Also do not provide this stream if the - request method is not `POST` / `PUT` or something comparable. - .. autoclass:: Client .. automethod:: open diff --git a/docs/wrappers.rst b/docs/wrappers.rst index f1f5daa86..dbad941b5 100644 --- a/docs/wrappers.rst +++ b/docs/wrappers.rst @@ -109,10 +109,6 @@ are available by mixing in various mixin classes or using :class:`Request` and A :class:`Headers` object representing the response headers. - .. attribute:: status_code - - The response status as integer. - .. attribute:: direct_passthrough If ``direct_passthrough=True`` was passed to the response object or if diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py index 2755dd6c6..252f2cd3a 100644 --- a/src/werkzeug/test.py +++ b/src/werkzeug/test.py @@ -559,8 +559,10 @@ def files(self, value): @property def input_stream(self): - """An optional input stream. If you set this it will clear - :attr:`form` and :attr:`files`. + """An optional input stream. This is mutually exclusive with + setting :attr:`form` and :attr:`files`, setting it will clear + those. Do not provide this if the method is not ``POST`` or + another method that has a body. """ return self._input_stream From 78b08197d48a43f8e7bfc7bb89d1891ab77acee7 Mon Sep 17 00:00:00 2001 From: David Lord Date: Mon, 18 May 2020 14:48:44 -0700 Subject: [PATCH 190/733] use GitHub Actions for CI --- .azure-pipelines.yml | 42 ----------------------------- .github/workflows/tests.yaml | 52 ++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 42 deletions(-) delete mode 100644 .azure-pipelines.yml create mode 100644 .github/workflows/tests.yaml diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml deleted file mode 100644 index 565961196..000000000 --- a/.azure-pipelines.yml +++ /dev/null @@ -1,42 +0,0 @@ -trigger: - - master - - '*.x' - -variables: - vmImage: ubuntu-latest - python.version: '3.8' - TOXENV: py - -strategy: - matrix: - Python 3.8 Linux: - vmImage: ubuntu-latest - Python 3.8 Windows: - vmImage: windows-latest - Python 3.8 Mac: - vmImage: macos-latest - Python 3.7 Linux: - python.version: '3.7' - Python 3.6 Linux: - python.version: '3.6' - PyPy 3 Linux: - python.version: pypy3 - Docs: - TOXENV: docs - Style: - TOXENV: style - -pool: - vmImage: $[ variables.vmImage ] - -steps: - - task: UsePythonVersion@0 - inputs: - versionSpec: $(python.version) - displayName: Use Python $(python.version) - - - script: pip --disable-pip-version-check install -U tox - displayName: Install tox - - - script: tox - displayName: Run tox diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml new file mode 100644 index 000000000..e9f5f85a6 --- /dev/null +++ b/.github/workflows/tests.yaml @@ -0,0 +1,52 @@ +name: Tests +on: + push: + branches: + - master + - '*.x' + pull_request: + branches: + - master + - '*.x' +jobs: + tests: + name: ${{ matrix.name }} + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + include: + - {name: Linux, python: '3.8', os: ubuntu-latest, tox: py38} + - {name: '3.7', python: '3.7', os: ubuntu-latest, tox: py37} + - {name: '3.6', python: '3.6', os: ubuntu-latest, tox: py36} + - {name: 'PyPy', python: pypy3, os: ubuntu-latest, tox: pypy3} + - {name: Style, python: '3.8', os: ubuntu-latest, tox: style} + - {name: Docs, python: '3.8', os: ubuntu-latest, tox: docs} + - {name: Windows, python: '3.8', os: windows-latest, tox: py38} + - {name: Mac, python: '3.8', os: macos-latest, tox: py38} + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-python@v2 + with: + python-version: ${{ matrix.python }} + - name: update pip + run: | + pip install -U wheel + pip install -U setuptools + pip install -U pip + - name: get pip cache dir + id: pip-cache + run: echo "::set-output name=dir::$(pip cache dir)" + - name: cache pip + uses: actions/cache@v1 + with: + path: ${{ steps.pip-cache.outputs.dir }} + key: pip|${{ runner.os }}|${{ matrix.python }}|${{ hashFiles('setup.py') }}|${{ hashFiles('requirements/*.txt') }} + - name: cache pre-commit + uses: actions/cache@v1 + with: + path: ~/.cache/pre-commit + key: pre-commit|${{ matrix.python }}|${{ hashFiles('.pre-commit-config.yaml') }} + if: matrix.tox == 'style' + - run: pip install tox + - run: tox -e ${{ matrix.tox }} From 5b2aba4ead90aa8d568293de526d85ec7e950d63 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 21 May 2020 08:25:46 +0000 Subject: [PATCH 191/733] Bump tox from 3.15.0 to 3.15.1 Bumps [tox](https://github.com/tox-dev/tox) from 3.15.0 to 3.15.1. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/master/docs/changelog.rst) - [Commits](https://github.com/tox-dev/tox/compare/3.15.0...3.15.1) Signed-off-by: dependabot-preview[bot] --- requirements/dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/dev.txt b/requirements/dev.txt index b28251de3..14779a817 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -55,7 +55,7 @@ sphinxcontrib-log-cabinet==1.0.1 # via -r requirements/docs.in sphinxcontrib-qthelp==1.0.3 # via sphinx sphinxcontrib-serializinghtml==1.1.4 # via sphinx toml==0.10.1 # via pre-commit, tox -tox==3.15.0 # via -r requirements/dev.in +tox==3.15.1 # via -r requirements/dev.in urllib3==1.25.9 # via requests, requests-unixsocket virtualenv==20.0.20 # via pre-commit, tox watchdog==0.10.2 # via -r requirements/tests.in From 596b7897763e1e5be2e5e6c19f052487fdf9f84c Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 23 May 2020 13:04:08 -0700 Subject: [PATCH 192/733] fix pip update on Windows --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index e9f5f85a6..a826fda6c 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -33,7 +33,7 @@ jobs: run: | pip install -U wheel pip install -U setuptools - pip install -U pip + python -m pip install -U pip - name: get pip cache dir id: pip-cache run: echo "::set-output name=dir::$(pip cache dir)" From 236bdc724f2cb45750a9bf47d52b011a88b0d228 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 27 May 2020 06:47:19 -0700 Subject: [PATCH 193/733] Bump sphinx from 3.0.3 to 3.0.4 (#1817) Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.0.3...v3.0.4) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- requirements/dev.txt | 2 +- requirements/docs.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/dev.txt b/requirements/dev.txt index 14779a817..bbcbd2140 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -46,7 +46,7 @@ requests==2.23.0 # via -r requirements/tests.in, requests-unixsocket, s six==1.14.0 # via cryptography, packaging, pip-tools, tox, virtualenv snowballstemmer==2.0.0 # via sphinx sphinx-issues==1.2.0 # via -r requirements/docs.in -sphinx==3.0.3 # via -r requirements/docs.in, pallets-sphinx-themes, sphinx-issues, sphinxcontrib-log-cabinet +sphinx==3.0.4 # via -r requirements/docs.in, pallets-sphinx-themes, sphinx-issues, sphinxcontrib-log-cabinet sphinxcontrib-applehelp==1.0.2 # via sphinx sphinxcontrib-devhelp==1.0.2 # via sphinx sphinxcontrib-htmlhelp==1.0.3 # via sphinx diff --git a/requirements/docs.txt b/requirements/docs.txt index 6f5c81e5a..699addfd5 100644 --- a/requirements/docs.txt +++ b/requirements/docs.txt @@ -22,7 +22,7 @@ requests==2.23.0 # via sphinx six==1.14.0 # via packaging snowballstemmer==2.0.0 # via sphinx sphinx-issues==1.2.0 # via -r requirements/docs.in -sphinx==3.0.3 # via -r requirements/docs.in, pallets-sphinx-themes, sphinx-issues, sphinxcontrib-log-cabinet +sphinx==3.0.4 # via -r requirements/docs.in, pallets-sphinx-themes, sphinx-issues, sphinxcontrib-log-cabinet sphinxcontrib-applehelp==1.0.2 # via sphinx sphinxcontrib-devhelp==1.0.2 # via sphinx sphinxcontrib-htmlhelp==1.0.3 # via sphinx From 6ddc34810f3a60c62bbdadc829c6f6063486575b Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 28 May 2020 08:53:26 -0700 Subject: [PATCH 194/733] Bump pip-tools from 5.1.2 to 5.2.0 (#1819) Bumps [pip-tools](https://github.com/jazzband/pip-tools) from 5.1.2 to 5.2.0. - [Release notes](https://github.com/jazzband/pip-tools/releases) - [Changelog](https://github.com/jazzband/pip-tools/blob/master/CHANGELOG.md) - [Commits](https://github.com/jazzband/pip-tools/compare/5.1.2...5.2.0) Signed-off-by: dependabot-preview[bot] Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> --- requirements/dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/dev.txt b/requirements/dev.txt index bbcbd2140..db4d2f104 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -28,7 +28,7 @@ nodeenv==1.3.5 # via pre-commit packaging==20.3 # via pallets-sphinx-themes, pytest, sphinx, tox pallets-sphinx-themes==1.2.3 # via -r requirements/docs.in pathtools==0.1.2 # via watchdog -pip-tools==5.1.2 # via -r requirements/dev.in +pip-tools==5.2.0 # via -r requirements/dev.in pluggy==0.13.1 # via pytest, tox pre-commit==2.4.0 # via -r requirements/dev.in psutil==5.7.0 # via pytest-xprocess From 90f78d25552e4885e11a990ae537af5242f9365b Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 3 Jun 2020 08:45:42 +0000 Subject: [PATCH 195/733] Bump pytest from 5.4.2 to 5.4.3 Bumps [pytest](https://github.com/pytest-dev/pytest) from 5.4.2 to 5.4.3. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/5.4.2...5.4.3) Signed-off-by: dependabot-preview[bot] --- requirements/dev.txt | 2 +- requirements/tests.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/dev.txt b/requirements/dev.txt index db4d2f104..eef807f7d 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -38,7 +38,7 @@ pygments==2.6.1 # via sphinx pyparsing==2.4.7 # via packaging pytest-timeout==1.3.4 # via -r requirements/tests.in pytest-xprocess==0.13.1 # via -r requirements/tests.in -pytest==5.4.2 # via -r requirements/tests.in, pytest-timeout, pytest-xprocess +pytest==5.4.3 # via -r requirements/tests.in, pytest-timeout, pytest-xprocess pytz==2020.1 # via babel pyyaml==5.3.1 # via pre-commit requests-unixsocket==0.2.0 # via -r requirements/tests.in diff --git a/requirements/tests.txt b/requirements/tests.txt index 45b0668e1..86c225bd4 100644 --- a/requirements/tests.txt +++ b/requirements/tests.txt @@ -21,7 +21,7 @@ pycparser==2.20 # via cffi pyparsing==2.4.7 # via packaging pytest-timeout==1.3.4 # via -r requirements/tests.in pytest-xprocess==0.13.1 # via -r requirements/tests.in -pytest==5.4.2 # via -r requirements/tests.in, pytest-timeout, pytest-xprocess +pytest==5.4.3 # via -r requirements/tests.in, pytest-timeout, pytest-xprocess requests-unixsocket==0.2.0 # via -r requirements/tests.in requests==2.23.0 # via -r requirements/tests.in, requests-unixsocket six==1.14.0 # via cryptography, packaging From ae571206d3d730e9bef668570367a6224ddd4f65 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Fri, 5 Jun 2020 08:36:25 +0000 Subject: [PATCH 196/733] Bump greenlet from 0.4.15 to 0.4.16 Bumps [greenlet](https://github.com/python-greenlet/greenlet) from 0.4.15 to 0.4.16. - [Release notes](https://github.com/python-greenlet/greenlet/releases) - [Changelog](https://github.com/python-greenlet/greenlet/blob/master/NEWS) - [Commits](https://github.com/python-greenlet/greenlet/compare/0.4.15...0.4.16) Signed-off-by: dependabot-preview[bot] --- requirements/dev.txt | 2 +- requirements/tests.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/dev.txt b/requirements/dev.txt index eef807f7d..bd6fe3306 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -17,7 +17,7 @@ cryptography==2.9.2 # via -r requirements/tests.in distlib==0.3.0 # via virtualenv docutils==0.16 # via sphinx filelock==3.0.12 # via tox, virtualenv -greenlet==0.4.15 # via -r requirements/tests.in +greenlet==0.4.16 # via -r requirements/tests.in identify==1.4.15 # via pre-commit idna==2.9 # via requests imagesize==1.2.0 # via sphinx diff --git a/requirements/tests.txt b/requirements/tests.txt index 86c225bd4..433026c26 100644 --- a/requirements/tests.txt +++ b/requirements/tests.txt @@ -9,7 +9,7 @@ certifi==2020.4.5.1 # via requests cffi==1.14.0 # via cryptography chardet==3.0.4 # via requests cryptography==2.9.2 # via -r requirements/tests.in -greenlet==0.4.15 # via -r requirements/tests.in +greenlet==0.4.16 # via -r requirements/tests.in idna==2.9 # via requests more-itertools==8.3.0 # via pytest packaging==20.3 # via pytest From a750988c8e4724640b83b57e3be2f8fc2cb46eb6 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 8 Jun 2020 08:45:53 +0000 Subject: [PATCH 197/733] Bump tox from 3.15.1 to 3.15.2 Bumps [tox](https://github.com/tox-dev/tox) from 3.15.1 to 3.15.2. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/master/docs/changelog.rst) - [Commits](https://github.com/tox-dev/tox/compare/3.15.1...3.15.2) Signed-off-by: dependabot-preview[bot] --- requirements/dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/dev.txt b/requirements/dev.txt index bd6fe3306..1ebcfb6be 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -55,7 +55,7 @@ sphinxcontrib-log-cabinet==1.0.1 # via -r requirements/docs.in sphinxcontrib-qthelp==1.0.3 # via sphinx sphinxcontrib-serializinghtml==1.1.4 # via sphinx toml==0.10.1 # via pre-commit, tox -tox==3.15.1 # via -r requirements/dev.in +tox==3.15.2 # via -r requirements/dev.in urllib3==1.25.9 # via requests, requests-unixsocket virtualenv==20.0.20 # via pre-commit, tox watchdog==0.10.2 # via -r requirements/tests.in From a01e77846c8bee61caeca15e294dbe994c41fc72 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 8 Jun 2020 14:16:07 +0000 Subject: [PATCH 198/733] Bump sphinx from 3.0.4 to 3.1.0 Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.0.4 to 3.1.0. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.0.4...v3.1.0) Signed-off-by: dependabot-preview[bot] --- requirements/dev.txt | 2 +- requirements/docs.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/dev.txt b/requirements/dev.txt index bd6fe3306..c24c3e891 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -46,7 +46,7 @@ requests==2.23.0 # via -r requirements/tests.in, requests-unixsocket, s six==1.14.0 # via cryptography, packaging, pip-tools, tox, virtualenv snowballstemmer==2.0.0 # via sphinx sphinx-issues==1.2.0 # via -r requirements/docs.in -sphinx==3.0.4 # via -r requirements/docs.in, pallets-sphinx-themes, sphinx-issues, sphinxcontrib-log-cabinet +sphinx==3.1.0 # via -r requirements/docs.in, pallets-sphinx-themes, sphinx-issues, sphinxcontrib-log-cabinet sphinxcontrib-applehelp==1.0.2 # via sphinx sphinxcontrib-devhelp==1.0.2 # via sphinx sphinxcontrib-htmlhelp==1.0.3 # via sphinx diff --git a/requirements/docs.txt b/requirements/docs.txt index 699addfd5..a16db8de1 100644 --- a/requirements/docs.txt +++ b/requirements/docs.txt @@ -22,7 +22,7 @@ requests==2.23.0 # via sphinx six==1.14.0 # via packaging snowballstemmer==2.0.0 # via sphinx sphinx-issues==1.2.0 # via -r requirements/docs.in -sphinx==3.0.4 # via -r requirements/docs.in, pallets-sphinx-themes, sphinx-issues, sphinxcontrib-log-cabinet +sphinx==3.1.0 # via -r requirements/docs.in, pallets-sphinx-themes, sphinx-issues, sphinxcontrib-log-cabinet sphinxcontrib-applehelp==1.0.2 # via sphinx sphinxcontrib-devhelp==1.0.2 # via sphinx sphinxcontrib-htmlhelp==1.0.3 # via sphinx From 00a1a1d95f4acef28b5965cad98ae7fd1b82bcfc Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Tue, 9 Jun 2020 08:26:55 +0000 Subject: [PATCH 199/733] Bump pre-commit from 2.4.0 to 2.5.0 Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/master/CHANGELOG.md) - [Commits](https://github.com/pre-commit/pre-commit/compare/v2.4.0...v2.5.0) Signed-off-by: dependabot-preview[bot] --- requirements/dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/dev.txt b/requirements/dev.txt index 5cfb8ac94..acf94abb3 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -30,7 +30,7 @@ pallets-sphinx-themes==1.2.3 # via -r requirements/docs.in pathtools==0.1.2 # via watchdog pip-tools==5.2.0 # via -r requirements/dev.in pluggy==0.13.1 # via pytest, tox -pre-commit==2.4.0 # via -r requirements/dev.in +pre-commit==2.5.0 # via -r requirements/dev.in psutil==5.7.0 # via pytest-xprocess py==1.8.1 # via pytest, tox pycparser==2.20 # via cffi From a4afb81d18a64a9baee2318172251c1cfd7eb906 Mon Sep 17 00:00:00 2001 From: Teymour Aldridge Date: Tue, 9 Jun 2020 12:07:36 +0100 Subject: [PATCH 200/733] Replace `optparse` with `argparse` --- src/werkzeug/serving.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index a0f820d74..2151d3dfb 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -906,17 +906,17 @@ def run_with_reloader(*args, **kwargs): def main(): """A simple command-line interface for :py:func:`run_simple`.""" - import optparse + import argparse from .utils import import_string - parser = optparse.OptionParser(usage="Usage: %prog [options] app_module:app_object") - parser.add_option( + parser = argparse.ArgumentParser(description="Usage: %prog [options] app_module:app_object") + parser.add_argument( "-b", "--bind", dest="address", help="The hostname:port the app should listen on.", ) - parser.add_option( + parser.add_argument( "-d", "--debug", dest="use_debugger", @@ -924,7 +924,7 @@ def main(): default=False, help="Use Werkzeug's debugger.", ) - parser.add_option( + parser.add_argument( "-r", "--reload", dest="use_reloader", From 32c5a38de20bdef852483d848e7f1954d9ff7611 Mon Sep 17 00:00:00 2001 From: Teymour Aldridge Date: Tue, 9 Jun 2020 12:11:29 +0100 Subject: [PATCH 201/733] Fix formatting. --- src/werkzeug/serving.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index 2151d3dfb..b713668ec 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -909,7 +909,9 @@ def main(): import argparse from .utils import import_string - parser = argparse.ArgumentParser(description="Usage: %prog [options] app_module:app_object") + parser = argparse.ArgumentParser( + description="Usage: %prog [options] app_module:app_object" + ) parser.add_argument( "-b", "--bind", From 26c5c1218162ff8915bebf3d5bb403ed771c7fe5 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 10 Jun 2020 08:39:56 +0000 Subject: [PATCH 202/733] Bump pre-commit from 2.5.0 to 2.5.1 Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.5.0 to 2.5.1. - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/master/CHANGELOG.md) - [Commits](https://github.com/pre-commit/pre-commit/compare/v2.5.0...v2.5.1) Signed-off-by: dependabot-preview[bot] --- requirements/dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/dev.txt b/requirements/dev.txt index acf94abb3..adc2f7735 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -30,7 +30,7 @@ pallets-sphinx-themes==1.2.3 # via -r requirements/docs.in pathtools==0.1.2 # via watchdog pip-tools==5.2.0 # via -r requirements/dev.in pluggy==0.13.1 # via pytest, tox -pre-commit==2.5.0 # via -r requirements/dev.in +pre-commit==2.5.1 # via -r requirements/dev.in psutil==5.7.0 # via pytest-xprocess py==1.8.1 # via pytest, tox pycparser==2.20 # via cffi From ac3a9978623dbbcdca2209de2be5f0edf114534c Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 10 Jun 2020 08:45:15 +0000 Subject: [PATCH 203/733] Bump pip-tools from 5.2.0 to 5.2.1 Bumps [pip-tools](https://github.com/jazzband/pip-tools) from 5.2.0 to 5.2.1. - [Release notes](https://github.com/jazzband/pip-tools/releases) - [Changelog](https://github.com/jazzband/pip-tools/blob/master/CHANGELOG.md) - [Commits](https://github.com/jazzband/pip-tools/compare/5.2.0...5.2.1) Signed-off-by: dependabot-preview[bot] --- requirements/dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/dev.txt b/requirements/dev.txt index adc2f7735..4040be61b 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -28,7 +28,7 @@ nodeenv==1.3.5 # via pre-commit packaging==20.3 # via pallets-sphinx-themes, pytest, sphinx, tox pallets-sphinx-themes==1.2.3 # via -r requirements/docs.in pathtools==0.1.2 # via watchdog -pip-tools==5.2.0 # via -r requirements/dev.in +pip-tools==5.2.1 # via -r requirements/dev.in pluggy==0.13.1 # via pytest, tox pre-commit==2.5.1 # via -r requirements/dev.in psutil==5.7.0 # via pytest-xprocess From 1938f9d205822962120a2973ba59b091074edcc3 Mon Sep 17 00:00:00 2001 From: Teymour Aldridge Date: Wed, 10 Jun 2020 17:16:57 +0100 Subject: [PATCH 204/733] don't fail when decoding auth header --- CHANGES.rst | 3 +++ src/werkzeug/http.py | 17 ++++++++++------- tests/test_http.py | 6 ++++++ 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index d04f52180..729303889 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -30,6 +30,9 @@ Unreleased one ``WWW-Authenticate`` header per value in ``www_authenticate``, rather than joining them into a single value, to improve interoperability with browsers and other clients. :pr:`1755` +- If ``parse_authorization_header`` can't decode the header value, it + returns ``None`` instead of raising a ``UnicodeDecodeError``. + :issue:`1816` Version 1.0.2 diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py index eddc1a9b3..91a870588 100644 --- a/src/werkzeug/http.py +++ b/src/werkzeug/http.py @@ -572,13 +572,16 @@ def parse_authorization_header(value): username, password = base64.b64decode(auth_info).split(b":", 1) except Exception: return - return Authorization( - "basic", - { - "username": _to_str(username, _basic_auth_charset), - "password": _to_str(password, _basic_auth_charset), - }, - ) + try: + return Authorization( + "basic", + { + "username": _to_str(username, _basic_auth_charset), + "password": _to_str(password, _basic_auth_charset), + }, + ) + except UnicodeDecodeError: + return elif auth_type == b"digest": auth_map = parse_dict_header(auth_info) for key in "username", "realm", "nonce", "uri", "response": diff --git a/tests/test_http.py b/tests/test_http.py index 623922e47..aebc7b38a 100644 --- a/tests/test_http.py +++ b/tests/test_http.py @@ -1,3 +1,4 @@ +import base64 from datetime import datetime import pytest @@ -181,6 +182,11 @@ def test_authorization_header(self): assert http.parse_authorization_header(None) is None assert http.parse_authorization_header("foo") is None + def test_bad_authorization_header_encoding(self): + """If the base64 encoded bytes can't be decoded as UTF-8""" + content = base64.b64encode(b"\xffser:pass").decode() + assert http.parse_authorization_header(f"Basic {content}") is None + def test_www_authenticate_header(self): wa = http.parse_www_authenticate_header('Basic realm="WallyWorld"') assert wa.type == "basic" From 75215972967c1c00c15b8b5c3c661c2278423360 Mon Sep 17 00:00:00 2001 From: David Lord Date: Thu, 11 Jun 2020 19:30:56 -0700 Subject: [PATCH 205/733] update contributing guide --- CONTRIBUTING.rst | 235 +++++++++++++++++++++++++++++++---------------- 1 file changed, 154 insertions(+), 81 deletions(-) diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index c1560b05b..7afc63214 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -7,107 +7,179 @@ Thank you for considering contributing to Werkzeug! Support questions ----------------- -Please, don't use the issue tracker for this. Use one of the following -resources for questions about your own code: +Please, don't use the issue tracker for this. The issue tracker is a +tool to address bugs and feature requests in Werkzeug itself. Use one of +the following resources for questions about using Werkzeug or issues +with your own code: + +- The ``#get-help`` channel on our Discord chat: + https://discord.gg/t6rrQZH +- The mailing list flask@python.org for long term discussion or larger + issues. +- Ask on `Stack Overflow`_. Search with Google first using: + ``site:stackoverflow.com werkzeug {search term, exception message, etc.}`` -- The IRC channel ``#pocoo`` on FreeNode. -- The IRC channel ``#python`` on FreeNode for more general questions. -- The mailing list flask@python.org for long term discussion or larger - issues. -- Ask on `Stack Overflow`_. Search with Google first using: - ``site:stackoverflow.com werkzeug {search term, exception message, etc.}``. - Be sure to include a `minimal, complete, and verifiable example`_. +.. _Stack Overflow: https://stackoverflow.com/questions/tagged/werkzeug?sort=linked Reporting issues ---------------- -- Describe what you expected to happen. -- If possible, include a `minimal, complete, and verifiable example`_ to - help us identify the issue. This also helps check that the issue is - not with your own code. -- Describe what actually happened. Include the full traceback if there - was an exception. -- List your Python and Werkzeug versions. If possible, check if - this issue is already fixed in the repository. +Include the following information in your post: + +- Describe what you expected to happen. +- If possible, include a `minimal reproducible example`_ to help us + identify the issue. This also helps check that the issue is not with + your own code. +- Describe what actually happened. Include the full traceback if there + was an exception. +- List your Python and Werkzeug versions. If possible, check if this + issue is already fixed in the latest releases or the latest code in + the repository. + +.. _minimal reproducible example: https://stackoverflow.com/help/minimal-reproducible-example Submitting patches ------------------ -- Include tests if your patch is supposed to solve a bug, and explain - clearly under which circumstances the bug happens. Make sure the test - fails without your patch. -- Follow the `PEP8`_ style guide. +If there is not an open issue for what you want to submit, prefer +opening one for discussion before working on a PR. You can work on any +issue that doesn't have an open PR linked to it or a maintainer assigned +to it. These show up in the sidebar. No need to ask if you can work on +an issue that interests you. + +Include the following in your patch: + +- Use `Black`_ to format your code. This and other tools will run + automatically if you install `pre-commit`_ using the instructions + below. +- Include tests if your patch adds or changes code. Make sure the test + fails without your patch. +- Update any relevant docs pages and docstrings. Docs pages and + docstrings should be wrapped at 72 characters. +- Add an entry in ``CHANGES.rst``. Use the same style as other + entries. Also include ``.. versionchanged::`` inline changelogs in + relevant docstrings. + +.. _Black: https://black.readthedocs.io +.. _pre-commit: https://pre-commit.com First time setup ~~~~~~~~~~~~~~~~ -- Download and install the `latest version of git`_. -- Configure git with your `username`_ and `email`_:: +- Download and install the `latest version of git`_. +- Configure git with your `username`_ and `email`_. + + .. code-block:: text + + $ git config --global user.name 'your name' + $ git config --global user.email 'your email' + +- Make sure you have a `GitHub account`_. +- Fork Werkzeug to your GitHub account by clicking the `Fork`_ button. +- `Clone`_ the main repository locally. + + .. code-block:: text + + $ git clone https://github.com/pallets/werkzeug + $ cd werkzeug - git config --global user.name 'your name' - git config --global user.email 'your email' +- Add your fork as a remote to push your work to. Replace + ``{username}`` with your username. This names the remote "fork", the + default Pallets remote is "origin". -- Make sure you have a `GitHub account`_. -- Fork Werkzeug to your GitHub account by clicking the `Fork`_ button. -- `Clone`_ your GitHub fork locally:: + .. code-block:: text - git clone https://github.com/{username}/werkzeug - cd werkzeug + git remote add fork https://github.com/{username}/werkzeug -- Add the main repository as a remote to update later:: +- Create a virtualenv. - git remote add pallets https://github.com/pallets/werkzeug - git fetch pallets + .. code-block:: text -- Create a virtualenv:: + $ python3 -m venv env + $ . env/bin/activate - python3 -m venv venv - . venv/bin/activate - # or "venv\Scripts\activate" on Windows + On Windows, activating is different. -- Install Werkzeug in editable mode with development dependencies:: + .. code-block:: text - pip install -e . -r requirements/dev.txt + > env\Scripts\activate -- Install pre-commit hooks for automatically checking each commit for simple - issues (Linting and Formatting) before submission to code review:: +- Install Werkzeug in editable mode with development dependencies. + + .. code-block:: text + + $ pip install -e . -r requirements/dev.txt + +- Install the pre-commit hooks. + + .. code-block:: text + + $ pre-commit install + +.. _latest version of git: https://git-scm.com/downloads +.. _username: https://help.github.com/en/articles/setting-your-username-in-git +.. _email: https://help.github.com/en/articles/setting-your-commit-email-address-in-git +.. _GitHub account: https://github.com/join +.. _Fork: https://github.com/pallets/werkzeug/fork +.. _Clone: https://help.github.com/en/articles/fork-a-repo#step-2-create-a-local-clone-of-your-fork - pip install pre-commit - pre-commit install - git commit Start coding ~~~~~~~~~~~~ -- Create a branch to identify the issue you would like to work on (e.g. - ``2287-dry-test-suite``) -- Using your favorite editor, make your changes, `committing as you go`_. -- Follow the `PEP8`_ style guide. -- Include tests that cover any code changes you make. Make sure the test - fails without your patch. Run the tests as described below. -- Push your commits to GitHub and `create a pull request`_. -- Celebrate 🎉 +- Create a branch to identify the issue you would like to work on. If + you're submitting a bug or documentation fix, branch off of the + latest ".x" branch. + + .. code-block:: text + + $ git fetch origin + $ git checkout -b your-branch-name origin/1.0.x + + If you're submitting a feature addition or change, branch off of the + "master" branch. + + .. code-block:: text + + $ git fetch origin + $ git checkout -b your-branch-name origin/master + +- Using your favorite editor, make your changes, + `committing as you go`_. +- Include tests that cover any code changes you make. Make sure the + test fails without your patch. Run the tests as described below. +- Push your commits to your fork on GitHub and + `create a pull request`_. Link to the issue being addressed with + ``fixes #123`` in the pull request. + + .. code-block:: text + + $ git push --set-upstream fork your-branch-name + +.. _committing as you go: https://dont-be-afraid-to-commit.readthedocs.io/en/latest/git/commandlinegit.html#commit-your-changes +.. _create a pull request: https://help.github.com/en/articles/creating-a-pull-request Running the tests ~~~~~~~~~~~~~~~~~ -Run the basic test suite with:: +Run the basic test suite with pytest. - pytest +.. code-block:: text -This only runs the tests for the current environment. Whether this is -relevant depends on which part of Werkzeug you're working on. Travis-CI -will run the full suite when you submit your pull request. + $ pytest -The full test suite takes a long time to run because it tests multiple -combinations of Python and dependencies. You need to have all supported -CPython and PyPy versions installed to run all of the environments. :: +This runs the tests for the current environment, which is usually +sufficient. CI will run the full suite when you submit your pull +request. You can run the full test suite with tox if you don't want to +wait. - tox +.. code-block:: text + + $ tox Running test coverage @@ -115,28 +187,29 @@ Running test coverage Generating a report of lines that do not have test coverage can indicate where to start contributing. Run ``pytest`` using ``coverage`` and -generate a report on the terminal and as an interactive HTML document:: +generate a report. - coverage run -m pytest - coverage report - coverage html - # then open htmlcov/index.html +.. code-block:: text -Read more about `coverage`_. + $ pip install coverage + $ coverage run -m pytest + $ coverage html -Running the full test suite with ``tox`` will combine the coverage -reports from all runs. +Open ``htmlcov/index.html`` in your browser to explore the report. +Read more about `coverage `__. -.. _Stack Overflow: https://stackoverflow.com/questions/tagged/werkzeug?sort=linked -.. _minimal, complete, and verifiable example: https://stackoverflow.com/help/mcve -.. _GitHub account: https://github.com/join -.. _latest version of git: https://git-scm.com/downloads -.. _username: https://help.github.com/articles/setting-your-username-in-git/ -.. _email: https://help.github.com/articles/setting-your-email-in-git/ -.. _Fork: https://github.com/pallets/werkzeug/pull/2305#fork-destination-box -.. _Clone: https://help.github.com/articles/fork-a-repo/#step-2-create-a-local-clone-of-your-fork -.. _committing as you go: https://dont-be-afraid-to-commit.readthedocs.io/en/latest/git/commandlinegit.html#commit-your-changes -.. _PEP8: https://pep8.org/ -.. _create a pull request: https://help.github.com/articles/creating-a-pull-request/ -.. _coverage: https://coverage.readthedocs.io + +Building the docs +~~~~~~~~~~~~~~~~~ + +Build the docs in the ``docs`` directory using Sphinx. + +.. code-block:: text + + $ cd docs + $ make html + +Open ``_build/html/index.html`` in your browser to view the docs. + +Read more about `Sphinx `__. From 7e56ec651f1b04ee93f26b7502123562fd64339e Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 15 Jun 2020 08:50:11 +0000 Subject: [PATCH 206/733] Bump pytest-timeout from 1.3.4 to 1.4.0 Bumps [pytest-timeout](https://github.com/pytest-dev/pytest-timeout) from 1.3.4 to 1.4.0. - [Release notes](https://github.com/pytest-dev/pytest-timeout/releases) - [Commits](https://github.com/pytest-dev/pytest-timeout/compare/1.3.4...1.4.0) Signed-off-by: dependabot-preview[bot] --- requirements/dev.txt | 2 +- requirements/tests.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/dev.txt b/requirements/dev.txt index 4040be61b..f50cb6dda 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -36,7 +36,7 @@ py==1.8.1 # via pytest, tox pycparser==2.20 # via cffi pygments==2.6.1 # via sphinx pyparsing==2.4.7 # via packaging -pytest-timeout==1.3.4 # via -r requirements/tests.in +pytest-timeout==1.4.0 # via -r requirements/tests.in pytest-xprocess==0.13.1 # via -r requirements/tests.in pytest==5.4.3 # via -r requirements/tests.in, pytest-timeout, pytest-xprocess pytz==2020.1 # via babel diff --git a/requirements/tests.txt b/requirements/tests.txt index 433026c26..3f74d6f52 100644 --- a/requirements/tests.txt +++ b/requirements/tests.txt @@ -19,7 +19,7 @@ psutil==5.7.0 # via pytest-xprocess py==1.8.1 # via pytest pycparser==2.20 # via cffi pyparsing==2.4.7 # via packaging -pytest-timeout==1.3.4 # via -r requirements/tests.in +pytest-timeout==1.4.0 # via -r requirements/tests.in pytest-xprocess==0.13.1 # via -r requirements/tests.in pytest==5.4.3 # via -r requirements/tests.in, pytest-timeout, pytest-xprocess requests-unixsocket==0.2.0 # via -r requirements/tests.in From 3cae0bb45ad06792f177a03311cec73da5658b4c Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 15 Jun 2020 08:55:30 +0000 Subject: [PATCH 207/733] Bump sphinx from 3.1.0 to 3.1.1 Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.1.0...v3.1.1) Signed-off-by: dependabot-preview[bot] --- requirements/dev.txt | 2 +- requirements/docs.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/dev.txt b/requirements/dev.txt index f50cb6dda..538414083 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -46,7 +46,7 @@ requests==2.23.0 # via -r requirements/tests.in, requests-unixsocket, s six==1.14.0 # via cryptography, packaging, pip-tools, tox, virtualenv snowballstemmer==2.0.0 # via sphinx sphinx-issues==1.2.0 # via -r requirements/docs.in -sphinx==3.1.0 # via -r requirements/docs.in, pallets-sphinx-themes, sphinx-issues, sphinxcontrib-log-cabinet +sphinx==3.1.1 # via -r requirements/docs.in, pallets-sphinx-themes, sphinx-issues, sphinxcontrib-log-cabinet sphinxcontrib-applehelp==1.0.2 # via sphinx sphinxcontrib-devhelp==1.0.2 # via sphinx sphinxcontrib-htmlhelp==1.0.3 # via sphinx diff --git a/requirements/docs.txt b/requirements/docs.txt index a16db8de1..7a3352098 100644 --- a/requirements/docs.txt +++ b/requirements/docs.txt @@ -22,7 +22,7 @@ requests==2.23.0 # via sphinx six==1.14.0 # via packaging snowballstemmer==2.0.0 # via sphinx sphinx-issues==1.2.0 # via -r requirements/docs.in -sphinx==3.1.0 # via -r requirements/docs.in, pallets-sphinx-themes, sphinx-issues, sphinxcontrib-log-cabinet +sphinx==3.1.1 # via -r requirements/docs.in, pallets-sphinx-themes, sphinx-issues, sphinxcontrib-log-cabinet sphinxcontrib-applehelp==1.0.2 # via sphinx sphinxcontrib-devhelp==1.0.2 # via sphinx sphinxcontrib-htmlhelp==1.0.3 # via sphinx From b1931884aec568114a21e8a1016b5d4b75a06a34 Mon Sep 17 00:00:00 2001 From: Joe Coburn Date: Mon, 15 Jun 2020 15:42:27 +0100 Subject: [PATCH 208/733] Fixed bad hash method iteration example Updated the iteration docs to a working example. Made consistent with iteration and method example in previous lines. --- src/werkzeug/security.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/werkzeug/security.py b/src/werkzeug/security.py index 211faf4f3..2d01da614 100644 --- a/src/werkzeug/security.py +++ b/src/werkzeug/security.py @@ -173,7 +173,7 @@ def generate_password_hash(password, method="pbkdf2:sha256", salt_length=8): :param password: the password to hash. :param method: the hash method to use (one that hashlib supports). Can - optionally be in the format ``pbkdf2:[:iterations]`` + optionally be in the format ``pbkdf2:method:iterations`` to enable PBKDF2. :param salt_length: the length of the salt in letters. """ From 93e93d03b6f6429d75adbb4ba701c5e2d14a8126 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Tue, 16 Jun 2020 08:10:29 +0000 Subject: [PATCH 209/733] Bump pytest-timeout from 1.4.0 to 1.4.1 Bumps [pytest-timeout](https://github.com/pytest-dev/pytest-timeout) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/pytest-dev/pytest-timeout/releases) - [Commits](https://github.com/pytest-dev/pytest-timeout/compare/1.4.0...1.4.1) Signed-off-by: dependabot-preview[bot] --- requirements/dev.txt | 2 +- requirements/tests.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/dev.txt b/requirements/dev.txt index 538414083..08c619a88 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -36,7 +36,7 @@ py==1.8.1 # via pytest, tox pycparser==2.20 # via cffi pygments==2.6.1 # via sphinx pyparsing==2.4.7 # via packaging -pytest-timeout==1.4.0 # via -r requirements/tests.in +pytest-timeout==1.4.1 # via -r requirements/tests.in pytest-xprocess==0.13.1 # via -r requirements/tests.in pytest==5.4.3 # via -r requirements/tests.in, pytest-timeout, pytest-xprocess pytz==2020.1 # via babel diff --git a/requirements/tests.txt b/requirements/tests.txt index 3f74d6f52..7d430a9af 100644 --- a/requirements/tests.txt +++ b/requirements/tests.txt @@ -19,7 +19,7 @@ psutil==5.7.0 # via pytest-xprocess py==1.8.1 # via pytest pycparser==2.20 # via cffi pyparsing==2.4.7 # via packaging -pytest-timeout==1.4.0 # via -r requirements/tests.in +pytest-timeout==1.4.1 # via -r requirements/tests.in pytest-xprocess==0.13.1 # via -r requirements/tests.in pytest==5.4.3 # via -r requirements/tests.in, pytest-timeout, pytest-xprocess requests-unixsocket==0.2.0 # via -r requirements/tests.in From 2544f0168fd3bafa843bd12acb87443f1d9bb5a2 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2020 08:17:59 +0000 Subject: [PATCH 210/733] Bump requests from 2.23.0 to 2.24.0 Bumps [requests](https://github.com/psf/requests) from 2.23.0 to 2.24.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/master/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.23.0...v2.24.0) Signed-off-by: dependabot-preview[bot] --- requirements/dev.txt | 2 +- requirements/docs.txt | 2 +- requirements/tests.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/dev.txt b/requirements/dev.txt index 08c619a88..f355a530f 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -42,7 +42,7 @@ pytest==5.4.3 # via -r requirements/tests.in, pytest-timeout, pytest pytz==2020.1 # via babel pyyaml==5.3.1 # via pre-commit requests-unixsocket==0.2.0 # via -r requirements/tests.in -requests==2.23.0 # via -r requirements/tests.in, requests-unixsocket, sphinx +requests==2.24.0 # via -r requirements/tests.in, requests-unixsocket, sphinx six==1.14.0 # via cryptography, packaging, pip-tools, tox, virtualenv snowballstemmer==2.0.0 # via sphinx sphinx-issues==1.2.0 # via -r requirements/docs.in diff --git a/requirements/docs.txt b/requirements/docs.txt index 7a3352098..bde8209a3 100644 --- a/requirements/docs.txt +++ b/requirements/docs.txt @@ -18,7 +18,7 @@ pallets-sphinx-themes==1.2.3 # via -r requirements/docs.in pygments==2.6.1 # via sphinx pyparsing==2.4.7 # via packaging pytz==2020.1 # via babel -requests==2.23.0 # via sphinx +requests==2.24.0 # via sphinx six==1.14.0 # via packaging snowballstemmer==2.0.0 # via sphinx sphinx-issues==1.2.0 # via -r requirements/docs.in diff --git a/requirements/tests.txt b/requirements/tests.txt index 7d430a9af..9e369e92d 100644 --- a/requirements/tests.txt +++ b/requirements/tests.txt @@ -23,7 +23,7 @@ pytest-timeout==1.4.1 # via -r requirements/tests.in pytest-xprocess==0.13.1 # via -r requirements/tests.in pytest==5.4.3 # via -r requirements/tests.in, pytest-timeout, pytest-xprocess requests-unixsocket==0.2.0 # via -r requirements/tests.in -requests==2.23.0 # via -r requirements/tests.in, requests-unixsocket +requests==2.24.0 # via -r requirements/tests.in, requests-unixsocket six==1.14.0 # via cryptography, packaging urllib3==1.25.9 # via requests, requests-unixsocket watchdog==0.10.2 # via -r requirements/tests.in From c1f057a47c355e8c865df3cdb7a263f14a1f6012 Mon Sep 17 00:00:00 2001 From: Teymour Aldridge Date: Thu, 11 Jun 2020 15:24:31 +0100 Subject: [PATCH 211/733] deprecate servering.py CLI --- CHANGES.rst | 2 ++ src/werkzeug/serving.py | 2 ++ 2 files changed, 4 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 729303889..ecb1e69fa 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -14,6 +14,8 @@ Unreleased - Deprecate :class:`utils.HTMLBuilder`. :issue:`1761` - Deprecate :func:`utils.escape` and :func:`utils.unescape`, use MarkupSafe instead. :issue:`1758` +- Deprecate the undocumented ``python -m werkzeug.serving`` CLI. + :issue:`1834` - ``JSONMixin`` no longer uses simplejson if it's installed. To use another JSON module, override ``JSONMixin.json_module``. :pr:`1766` - Add a ``url_scheme`` argument to :meth:`~routing.MapAdapter.build` diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index b713668ec..ae9a511cf 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -909,6 +909,8 @@ def main(): import argparse from .utils import import_string + _log("warning", "This CLI is deprecated and will be removed in 3.1.") + parser = argparse.ArgumentParser( description="Usage: %prog [options] app_module:app_object" ) From ef948cfdb8cdee6f9b3030cf263469d6ff6d1def Mon Sep 17 00:00:00 2001 From: David Lord Date: Fri, 19 Jun 2020 10:09:40 -0700 Subject: [PATCH 212/733] finish converting to argparse fix deprecation version --- src/werkzeug/serving.py | 38 +++++++++++++++----------------------- 1 file changed, 15 insertions(+), 23 deletions(-) diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index ae9a511cf..2c5145b51 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -909,10 +909,11 @@ def main(): import argparse from .utils import import_string - _log("warning", "This CLI is deprecated and will be removed in 3.1.") + _log("warning", "This CLI is deprecated and will be removed in version 2.1.") parser = argparse.ArgumentParser( - description="Usage: %prog [options] app_module:app_object" + description="Run the given WSGI application with the development server.", + allow_abbrev=False, ) parser.add_argument( "-b", @@ -923,39 +924,30 @@ def main(): parser.add_argument( "-d", "--debug", - dest="use_debugger", action="store_true", - default=False, - help="Use Werkzeug's debugger.", + help="Show the interactive debugger for unhandled exceptions.", ) parser.add_argument( "-r", "--reload", - dest="use_reloader", action="store_true", - default=False, - help="Reload Python process if modules change.", + help="Reload the process if modules change.", ) - options, args = parser.parse_args() - + parser.add_argument( + "application", help="Application to import and serve, in the form module:app." + ) + args = parser.parse_args() hostname, port = None, None - if options.address: - address = options.address.split(":") - hostname = address[0] - if len(address) > 1: - port = address[1] - if len(args) != 1: - sys.stdout.write("No application supplied, or too much. See --help\n") - sys.exit(1) - app = import_string(args[0]) + if args.address: + hostname, _, port = args.address.partition(":") run_simple( - hostname=(hostname or "127.0.0.1"), + hostname=hostname or "127.0.0.1", port=int(port or 5000), - application=app, - use_reloader=options.use_reloader, - use_debugger=options.use_debugger, + application=import_string(args.application), + use_reloader=args.reload, + use_debugger=args.debug, ) From 5fdca4441ca5bf2665290f620a5fb8577106f9ce Mon Sep 17 00:00:00 2001 From: David Lord Date: Fri, 19 Jun 2020 10:23:24 -0700 Subject: [PATCH 213/733] deprecate run_with_reloader, it's private --- src/werkzeug/serving.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py index 2c5145b51..82f2b84a0 100644 --- a/src/werkzeug/serving.py +++ b/src/werkzeug/serving.py @@ -897,10 +897,23 @@ def inner(): def run_with_reloader(*args, **kwargs): - # People keep using undocumented APIs. Do not use this function - # please, we do not guarantee that it continues working. + """Run a process with the reloader. This is not a public API, do + not use this function. + + .. deprecated:: 2.0 + This function will be removed in version 2.1. + """ + import warnings from ._reloader import run_with_reloader + warnings.warn( + ( + "'run_with_reloader' is a private API, it will no longer be" + " accessible in version 2.1. Use 'run_simple' instead." + ), + DeprecationWarning, + stacklevel=2, + ) return run_with_reloader(*args, **kwargs) From 43f75e3d980c53b6a91b2972f30943308643d207 Mon Sep 17 00:00:00 2001 From: Kai Chen Date: Tue, 9 Jun 2020 12:14:18 -0700 Subject: [PATCH 214/733] replace jQuery with vanilla JavaScript Co-authored-by: Christopher Nguyen Co-authored-by: Rodrigo Medina Co-authored-by: Yanlam Ko --- CHANGES.rst | 1 + docs/debug.rst | 6 +- src/werkzeug/debug/__init__.py | 8 - src/werkzeug/debug/shared/debugger.js | 502 ++++++++++++++++---------- src/werkzeug/debug/shared/jquery.js | 2 - src/werkzeug/debug/shared/style.css | 9 + src/werkzeug/debug/tbtools.py | 26 +- tests/middleware/test_shared_data.py | 2 +- 8 files changed, 335 insertions(+), 221 deletions(-) delete mode 100644 src/werkzeug/debug/shared/jquery.js diff --git a/CHANGES.rst b/CHANGES.rst index ecb1e69fa..5d812896e 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -35,6 +35,7 @@ Unreleased - If ``parse_authorization_header`` can't decode the header value, it returns ``None`` instead of raising a ``UnicodeDecodeError``. :issue:`1816` +- The debugger no longer uses jQuery. :issue:`1807` Version 1.0.2 diff --git a/docs/debug.rst b/docs/debug.rst index c553f99e9..25a9f0b2d 100644 --- a/docs/debug.rst +++ b/docs/debug.rst @@ -96,6 +96,6 @@ Pasting Errors -------------- If you click on the "Traceback (most recent call last)" header, the -view switches to a tradition text-based traceback. The text can be -copied, or automatically pasted to `gist.github.com -`_ with one click. +view switches to a traditional text-based traceback. You can copy and +paste this in order to provide information when asking a question or +reporting an issue. diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py index 5ea22913d..bf6c0c0ea 100644 --- a/src/werkzeug/debug/__init__.py +++ b/src/werkzeug/debug/__init__.py @@ -349,11 +349,6 @@ def display_console(self, request): mimetype="text/html", ) - def paste_traceback(self, request, traceback): - """Paste the traceback and return a JSON response.""" - rv = traceback.paste() - return Response(json.dumps(rv), mimetype="application/json") - def get_resource(self, request, filename): """Return a static resource from the shared folder.""" filename = join("shared", basename(filename)) @@ -455,12 +450,9 @@ def __call__(self, environ, start_response): cmd = request.args.get("cmd") arg = request.args.get("f") secret = request.args.get("s") - traceback = self.tracebacks.get(request.args.get("tb", type=int)) frame = self.frames.get(request.args.get("frm", type=int)) if cmd == "resource" and arg: response = self.get_resource(request, arg) - elif cmd == "paste" and traceback is not None and secret == self.secret: - response = self.paste_traceback(request, traceback) elif cmd == "pinauth" and secret == self.secret: response = self.pin_auth(request) elif cmd == "printpin" and secret == self.secret: diff --git a/src/werkzeug/debug/shared/debugger.js b/src/werkzeug/debug/shared/debugger.js index ba267ed60..3056f38f2 100644 --- a/src/werkzeug/debug/shared/debugger.js +++ b/src/werkzeug/debug/shared/debugger.js @@ -1,210 +1,348 @@ -$(function() { +docReady(() => { if (!EVALEX_TRUSTED) { initPinBox(); } - - /** - * if we are in console mode, show the console. - */ + // if we are in console mode, show the console. if (CONSOLE_MODE && EVALEX) { - openShell(null, $('div.console div.inner').empty(), 0); + createInteractiveConsole(); } - - $("div.detail").click(function() { - $("div.traceback").get(0).scrollIntoView(false); - }); - - $('div.traceback div.frame').each(function() { - var - target = $('pre', this), - consoleNode = null, - frameID = this.id.substring(6); - - target.click(function() { - $(this).parent().toggleClass('expanded'); - }); - - /** - * Add an interactive console to the frames - */ - if (EVALEX && target.is('.current')) { - $('') - .attr('title', 'Open an interactive python shell in this frame') - .click(function() { - consoleNode = openShell(consoleNode, target, frameID); - return false; - }) - .prependTo(target); - } - }); - - /** - * toggle traceback types on click. - */ - $('h2.traceback').click(function() { - $(this).next().slideToggle('fast'); - $('div.plain').slideToggle('fast'); - }).css('cursor', 'pointer'); - $('div.plain').hide(); - - /** - * Add extra info (this is here so that only users with JavaScript - * enabled see it.) - */ - $('span.nojavascript') - .removeClass('nojavascript') - .html('

    To switch between the interactive traceback and the plaintext ' + - 'one, you can click on the "Traceback" headline. From the text ' + - 'traceback you can also create a paste of it. ' + (!EVALEX ? '' : - 'For code execution mouse-over the frame you want to debug and ' + - 'click on the console icon on the right side.' + - '

    You can execute arbitrary Python code in the stack frames and ' + - 'there are some extra helpers available for introspection:' + - '

    • dump() shows all variables in the frame' + - '
    • dump(obj) dumps all that\'s known about the object
    ')); - - /** - * Add the pastebin feature - */ - $('div.plain form') - .submit(function() { - var label = $('input[type="submit"]', this); - var old_val = label.val(); - label.val('submitting...'); - $.ajax({ - dataType: 'json', - url: document.location.pathname, - data: {__debugger__: 'yes', tb: TRACEBACK, cmd: 'paste', - s: SECRET}, - success: function(data) { - $('div.plain span.pastemessage') - .removeClass('pastemessage') - .text('Paste created: ') - .append($('#' + data.id + '').attr('href', data.url)); - }, - error: function() { - alert('Error: Could not submit paste. No network connection?'); - label.val(old_val); - } - }); - return false; - }); - - // if we have javascript we submit by ajax anyways, so no need for the - // not scaling textarea. - var plainTraceback = $('div.plain textarea'); - plainTraceback.replaceWith($('
    ').text(plainTraceback.text()));
+  addEventListenersToElements(document.querySelectorAll("div.detail"), "click", () =>
+    document.querySelector("div.traceback").scrollIntoView(false)
+  );
+  addConsoleIconToFrames(document.querySelectorAll("div.traceback div.frame"));
+  addToggleTraceTypesOnClick(document.querySelectorAll("h2.traceback"));
+  addInfoPrompt(document.querySelectorAll("span.nojavascript"));
+  wrapPlainTraceback();
 });
 
+function wrapPlainTraceback() {
+  const plainTraceback = document.querySelector("div.plain textarea");
+  const wrapper = document.createElement("pre");
+  const textNode = document.createTextNode(plainTraceback.textContent);
+  wrapper.appendChild(textNode);
+  plainTraceback.replaceWith(wrapper);
+}
+
 function initPinBox() {
-  $('.pin-prompt form').submit(function(evt) {
-    evt.preventDefault();
-    var pin = this.pin.value;
-    var btn = this.btn;
-    btn.disabled = true;
-    $.ajax({
-      dataType: 'json',
-      url: document.location.pathname,
-      data: {__debugger__: 'yes', cmd: 'pinauth', pin: pin,
-             s: SECRET},
-      success: function(data) {
-        btn.disabled = false;
-        if (data.auth) {
-          EVALEX_TRUSTED = true;
-          $('.pin-prompt').fadeOut();
-        } else {
-          if (data.exhausted) {
-            alert('Error: too many attempts.  Restart server to retry.');
+  document.querySelector(".pin-prompt form").addEventListener(
+    "submit",
+    function (event) {
+      event.preventDefault();
+      const pin = encodeURIComponent(this.pin.value);
+      const encodedSecret = encodeURIComponent(SECRET);
+      const btn = this.btn;
+      btn.disabled = true;
+
+      fetch(
+        `${document.location.pathname}?__debugger__=yes&cmd=pinauth&pin=${pin}&s=${encodedSecret}`
+      )
+        .then((res) => res.json())
+        .then(({auth, exhausted}) => {
+          if (auth) {
+            EVALEX_TRUSTED = true;
+            fadeOut(document.getElementsByClassName("pin-prompt")[0]);
           } else {
-            alert('Error: incorrect pin');
+            alert(
+              `Error: ${
+                exhausted
+                  ? "too many attempts.  Restart server to retry."
+                  : "incorrect pin"
+              }`
+            );
           }
-        }
-        console.log(data);
-      },
-      error: function() {
-        btn.disabled = false;
-        alert('Error: Could not verify PIN.  Network error?');
-      }
-    });
-  });
+        })
+        .catch((err) => {
+          alert("Error: Could not verify PIN.  Network error?");
+          console.error(err);
+        })
+        .finally(() => (btn.disabled = false));
+    },
+    false
+  );
 }
 
 function promptForPin() {
   if (!EVALEX_TRUSTED) {
-    $.ajax({
-      url: document.location.pathname,
-      data: {__debugger__: 'yes', cmd: 'printpin', s: SECRET}
-    });
-    $('.pin-prompt').fadeIn(function() {
-      $('.pin-prompt input[name="pin"]').focus();
-    });
+    const encodedSecret = encodeURIComponent(SECRET);
+    fetch(
+      `${document.location.pathname}?__debugger__=yes&cmd=printpin&s=${encodedSecret}`
+    );
+    const pinPrompt = document.getElementsByClassName("pin-prompt")[0];
+    fadeIn(pinPrompt);
+    document.querySelector('.pin-prompt input[name="pin"]').focus();
   }
 }
 
-
 /**
  * Helper function for shell initialization
  */
 function openShell(consoleNode, target, frameID) {
   promptForPin();
-  if (consoleNode)
-    return consoleNode.slideToggle('fast');
-  consoleNode = $('
    ')
-    .appendTo(target.parent())
-    .hide()
-  var historyPos = 0, history = [''];
-  var output = $('
    [console ready]
    ')
-    .appendTo(consoleNode);
-  var form = $('
    >>> 
    ')
-    .submit(function() {
-      var cmd = command.val();
-      $.get('', {
-          __debugger__: 'yes', cmd: cmd, frm: frameID, s: SECRET}, function(data) {
-        var tmp = $('
    ').html(data);
-        $('span.extended', tmp).each(function() {
-          var hidden = $(this).wrap('').hide();
-          hidden
-            .parent()
-            .append($('  ')
-              .click(function() {
-                hidden.toggle();
-                $(this).toggleClass('open')
-                return false;
-              }));
-        });
-        output.append(tmp);
-        command.focus();
-        consoleNode.scrollTop(consoleNode.get(0).scrollHeight);
-        var old = history.pop();
-        history.push(cmd);
-        if (typeof old != 'undefined')
-          history.push(old);
-        historyPos = history.length - 1;
-      });
-      command.val('');
-      return false;
-    }).
-    appendTo(consoleNode);
-
-  var command = $('')
-    .appendTo(form)
-    .keydown(function(e) {
-      if (e.key == 'l' && e.ctrlKey) {
-        output.text('--- screen cleared ---');
-        return false;
+  if (consoleNode) {
+    slideToggle(consoleNode);
+    return consoleNode;
+  }
+  let historyPos = 0;
+  const history = [""];
+  const consoleElement = createConsole();
+  const output = createConsoleOutput();
+  const form = createConsoleInputForm();
+  const command = createConsoleInput();
+
+  target.parentNode.appendChild(consoleElement);
+  consoleElement.append(output);
+  consoleElement.append(form);
+  form.append(command);
+  command.focus();
+  slideToggle(consoleElement);
+
+  form.addEventListener("submit", (e) => {
+    handleConsoleSubmit(e, command, frameID).then((consoleOutput) => {
+      output.append(consoleOutput);
+      command.focus();
+      consoleElement.scrollTo(0, consoleElement.scrollHeight);
+      const old = history.pop();
+      history.push(command.value);
+      if (typeof old !== "undefined") {
+        history.push(old);
       }
-      else if (e.charCode == 0 && (e.keyCode == 38 || e.keyCode == 40)) {
-        //   handle up arrow and down arrow
-        if (e.keyCode == 38 && historyPos > 0)
-          historyPos--;
-        else if (e.keyCode == 40 && historyPos < history.length)
-          historyPos++;
-        command.val(history[historyPos]);
-        return false;
+      historyPos = history.length - 1;
+      command.value = "";
+    });
+  });
+
+  command.addEventListener("keydown", (e) => {
+    if (e.key === "l" && e.ctrlKey) {
+      output.innerText = "--- screen cleared ---";
+    } else if (e.key === "ArrowUp" || e.key === "ArrowDown") {
+      // Handle up arrow and down arrow.
+      if (e.key === "ArrowUp" && historyPos > 0) {
+        e.preventDefault();
+        historyPos--;
+      } else if (e.key === "ArrowDown" && historyPos < history.length - 1) {
+        historyPos++;
       }
+      command.value = history[historyPos];
+    }
+    return false;
+  });
+
+  return consoleElement;
+}
+
+function addEventListenersToElements(elements, event, listener) {
+  elements.forEach((el) => el.addEventListener(event, listener));
+}
+
+/**
+ * Add extra info
+ */
+function addInfoPrompt(elements) {
+  for (let i = 0; i < elements.length; i++) {
+    elements[i].innerHTML =
+      "
    To switch between the interactive traceback and the plaintext " +
+      'one, you can click on the "Traceback" headline. From the text ' +
+      "traceback you can also create a paste of it. " +
+      (!EVALEX
+        ? ""
+        : "For code execution mouse-over the frame you want to debug and " +
+          "click on the console icon on the right side." +
+          "
    You can execute arbitrary Python code in the stack frames and " +
+          "there are some extra helpers available for introspection:" +
+          "
    • dump() shows all variables in the frame" +
+          "
    • dump(obj) dumps all that's known about the object
    ");
+    elements[i].classList.remove("nojavascript");
+  }
+}
+
+function addConsoleIconToFrames(frames) {
+  for (let i = 0; i < frames.length; i++) {
+    let consoleNode = null;
+    const target = frames[i];
+    const frameID = frames[i].id.substring(6);
+    target.addEventListener("click", () => {
+      target.getElementsByTagName("pre")[i].parentElement.classList.toggle("expanded");
+    });
+
+    for (let j = 0; j < target.getElementsByTagName("pre").length; j++) {
+      const img = createIconForConsole();
+      img.addEventListener("click", (e) => {
+        e.stopPropagation();
+        consoleNode = openShell(consoleNode, target, frameID);
+        return false;
+      });
+      target.getElementsByTagName("pre")[j].append(img);
+    }
+  }
+}
+
+function slideToggle(target) {
+  target.classList.toggle("active");
+}
+
+/**
+ * toggle traceback types on click.
+ */
+function addToggleTraceTypesOnClick(elements) {
+  for (let i = 0; i < elements.length; i++) {
+    elements[i].addEventListener("click", () => {
+      document.querySelector("div.traceback").classList.toggle("hidden");
+      document.querySelector("div.plain").classList.toggle("hidden");
     });
+    elements[i].style.cursor = "pointer";
+    document.querySelector("div.plain").classList.toggle("hidden");
+  }
+}
+
+function createConsole() {
+  const consoleNode = document.createElement("pre");
+  consoleNode.classList.add("console");
+  consoleNode.classList.add("active");
+  return consoleNode;
+}
+
+function createConsoleOutput() {
+  const output = document.createElement("div");
+  output.classList.add("output");
+  output.innerHTML = "[console ready]";
+  return output;
+}
+
+function createConsoleInputForm() {
+  const form = document.createElement("form");
+  form.innerHTML = ">>> ";
+  return form;
+}
+
+function createConsoleInput() {
+  const command = document.createElement("input");
+  command.type = "text";
+  command.setAttribute("autocomplete", "off");
+  command.setAttribute("spellcheck", false);
+  command.setAttribute("autocapitalize", "off");
+  command.setAttribute("autocorrect", "off");
+  return command;
+}
+
+function createIconForConsole() {
+  const img = document.createElement("img");
+  img.setAttribute("src", "?__debugger__=yes&cmd=resource&f=console.png");
+  img.setAttribute("title", "Open an interactive python shell in this frame");
+  return img;
+}
+
+function createExpansionButtonForConsole() {
+  const expansionButton = document.createElement("a");
+  expansionButton.setAttribute("href", "#");
+  expansionButton.setAttribute("class", "toggle");
+  expansionButton.innerHTML = "  ";
+  return expansionButton;
+}
 
-  return consoleNode.slideDown('fast', function() {
-    command.focus();
+function createInteractiveConsole() {
+  const target = document.querySelector("div.console div.inner");
+  while (target.firstChild) {
+    target.removeChild(target.firstChild);
+  }
+  openShell(null, target, 0);
+}
+
+function handleConsoleSubmit(e, command, frameID) {
+  // Prevent page from refreshing.
+  e.preventDefault();
+
+  return new Promise((resolve) => {
+    // Get input command.
+    const cmd = command.value;
+
+    // Setup GET request.
+    const urlPath = "";
+    const params = {
+      __debugger__: "yes",
+      cmd: cmd,
+      frm: frameID,
+      s: SECRET,
+    };
+    const paramString = Object.keys(params)
+      .map((key) => {
+        return "&" + encodeURIComponent(key) + "=" + encodeURIComponent(params[key]);
+      })
+      .join("");
+
+    fetch(urlPath + "?" + paramString)
+      .then((res) => {
+        return res.text();
+      })
+      .then((data) => {
+        const tmp = document.createElement("div");
+        tmp.innerHTML = data;
+        resolve(tmp);
+
+        // Handle expandable span for long list outputs.
+        // Example to test: list(range(13))
+        let wrapperAdded = false;
+        const wrapperSpan = document.createElement("span");
+        const expansionButton = createExpansionButtonForConsole();
+
+        tmp.querySelectorAll("span.extended").forEach((spanToWrap) => {
+          const parentDiv = spanToWrap.parentNode;
+          if (!wrapperAdded) {
+            parentDiv.insertBefore(wrapperSpan, spanToWrap);
+            wrapperAdded = true;
+          }
+          parentDiv.removeChild(spanToWrap);
+          wrapperSpan.append(spanToWrap);
+          spanToWrap.hidden = true;
+
+          expansionButton.addEventListener("click", () => {
+            spanToWrap.hidden = !spanToWrap.hidden;
+            expansionButton.classList.toggle("open");
+            return false;
+          });
+        });
+
+        // Add expansion button at end of wrapper.
+        if (wrapperAdded) {
+          wrapperSpan.append(expansionButton);
+        }
+      })
+      .catch((err) => {
+        console.error(err);
+      });
+    return false;
   });
 }
+
+function fadeOut(element) {
+  element.style.opacity = 1;
+
+  (function fade() {
+    element.style.opacity -= 0.1;
+    if (element.style.opacity < 0) {
+      element.style.display = "none";
+    } else {
+      requestAnimationFrame(fade);
+    }
+  })();
+}
+
+function fadeIn(element, display) {
+  element.style.opacity = 0;
+  element.style.display = display || "block";
+
+  (function fade() {
+    let val = parseFloat(element.style.opacity) + 0.1;
+    if (val <= 1) {
+      element.style.opacity = val;
+      requestAnimationFrame(fade);
+    }
+  })();
+}
+
+function docReady(fn) {
+  if (document.readyState === "complete" || document.readyState === "interactive") {
+    setTimeout(fn, 1);
+  } else {
+    document.addEventListener("DOMContentLoaded", fn);
+  }
+}
diff --git a/src/werkzeug/debug/shared/jquery.js b/src/werkzeug/debug/shared/jquery.js
deleted file mode 100644
index b0614034a..000000000
--- a/src/werkzeug/debug/shared/jquery.js
+++ /dev/null
@@ -1,2 +0,0 @@
-/*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */
-!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.5.1",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp(F),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+F),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(p.childNodes),p.childNodes),t[p.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&(T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&d.getElementsByClassName&&e.getElementsByClassName)return H.apply(n,e.getElementsByClassName(i)),n}if(d.qsa&&!N[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&(U.test(t)||z.test(t))){(f=ee.test(t)&&ye(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(e){N(t,!0)}finally{s===S&&e.removeAttribute("id")}}}return g(t.replace($,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[S]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,t){var n=e.split("|"),r=n.length;while(r--)b.attrHandle[n[r]]=t}function pe(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function de(t){return function(e){return"input"===e.nodeName.toLowerCase()&&e.type===t}}function he(n){return function(e){var t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e.namespaceURI,n=(e.ownerDocument||e).documentElement;return!Y.test(t||n&&n.nodeName||"HTML")},T=se.setDocument=function(e){var t,n,r=e?e.ownerDocument||e:p;return r!=C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),p!=C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.scope=ce(function(e){return a.appendChild(e).appendChild(C.createElement("div")),"undefined"!=typeof e.querySelectorAll&&!e.querySelectorAll(":scope fieldset div").length}),d.attributes=ce(function(e){return e.className="i",!e.getAttribute("className")}),d.getElementsByTagName=ce(function(e){return e.appendChild(C.createComment("")),!e.getElementsByTagName("*").length}),d.getElementsByClassName=K.test(C.getElementsByClassName),d.getById=ce(function(e){return a.appendChild(e).id=S,!C.getElementsByName||!C.getElementsByName(S).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},b.find.CLASS=d.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&E)return t.getElementsByClassName(e)},s=[],v=[],(d.qsa=K.test(C.querySelectorAll))&&(ce(function(e){var t;a.appendChild(e).innerHTML="",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+S+"-]").length||v.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||v.push("\\["+M+"*name"+M+"*="+M+"*(?:''|\"\")"),e.querySelectorAll(":checked").length||v.push(":checked"),e.querySelectorAll("a#"+S+"+*").length||v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="";var t=C.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&v.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),v.push(",.*:")})),(d.matchesSelector=K.test(c=a.matches||a.webkitMatchesSelector||a.mozMatchesSelector||a.oMatchesSelector||a.msMatchesSelector))&&ce(function(e){d.disconnectedMatch=c.call(e,"*"),c.call(e,"[s!='']:x"),s.push("!=",F)}),v=v.length&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},D=t?function(e,t){if(e===t)return l=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)==(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C||e.ownerDocument==p&&y(p,e)?-1:t==C||t.ownerDocument==p&&y(p,t)?1:u?P(u,e)-P(u,t):0:4&n?-1:1)}:function(e,t){if(e===t)return l=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e==C?-1:t==C?1:i?-1:o?1:u?P(u,e)-P(u,t):0;if(i===o)return pe(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?pe(a[r],s[r]):a[r]==p?-1:s[r]==p?1:0}),C},se.matches=function(e,t){return se(e,null,null,t)},se.matchesSelector=function(e,t){if(T(e),d.matchesSelector&&E&&!N[t+" "]&&(!s||!s.test(t))&&(!v||!v.test(t)))try{var n=c.call(e,t);if(n||d.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){N(t,!0)}return 0":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(te,ne),e[3]=(e[3]||e[4]||e[5]||"").replace(te,ne),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return G.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=h(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(te,ne).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=m[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&m(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=se.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function D(e,n,r){return m(n)?S.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?S.grep(e,function(e){return e===n!==r}):"string"!=typeof n?S.grep(e,function(e){return-1)[^>]*|#([\w-]+))$/;(S.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||j,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:q.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof S?t[0]:t,S.merge(this,S.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:E,!0)),N.test(r[1])&&S.isPlainObject(t))for(r in t)m(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=E.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):m(e)?void 0!==n.ready?n.ready(e):e(S):S.makeArray(e,this)}).prototype=S.fn,j=S(E);var L=/^(?:parents|prev(?:Until|All))/,H={children:!0,contents:!0,next:!0,prev:!0};function O(e,t){while((e=e[t])&&1!==e.nodeType);return e}S.fn.extend({has:function(e){var t=S(e,this),n=t.length;return this.filter(function(){for(var e=0;e\x20\t\r\n\f]*)/i,he=/^$|^module$|\/(?:java|ecma)script/i;ce=E.createDocumentFragment().appendChild(E.createElement("div")),(fe=E.createElement("input")).setAttribute("type","radio"),fe.setAttribute("checked","checked"),fe.setAttribute("name","t"),ce.appendChild(fe),y.checkClone=ce.cloneNode(!0).cloneNode(!0).lastChild.checked,ce.innerHTML="",y.noCloneChecked=!!ce.cloneNode(!0).lastChild.defaultValue,ce.innerHTML="",y.option=!!ce.lastChild;var ge={thead:[1,"","
    "],col:[2,"","
    "],tr:[2,"","
    "],td:[3,"","
    "],_default:[0,"",""]};function ve(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&A(e,t)?S.merge([e],n):n}function ye(e,t){for(var n=0,r=e.length;n",""]);var me=/<|&#?\w+;/;function xe(e,t,n,r,i){for(var o,a,s,u,l,c,f=t.createDocumentFragment(),p=[],d=0,h=e.length;d\s*$/g;function qe(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&S(e).children("tbody")[0]||e}function Le(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function He(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Oe(e,t){var n,r,i,o,a,s;if(1===t.nodeType){if(Y.hasData(e)&&(s=Y.get(e).events))for(i in Y.remove(t,"handle events"),s)for(n=0,r=s[i].length;n").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),E.head.appendChild(r[0])},abort:function(){i&&i()}}});var Ut,Xt=[],Vt=/(=)\?(?=&|$)|\?\?/;S.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=Xt.pop()||S.expando+"_"+Ct.guid++;return this[e]=!0,e}}),S.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Vt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Vt.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Vt,"$1"+r):!1!==e.jsonp&&(e.url+=(Et.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||S.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=C[r],C[r]=function(){o=arguments},n.always(function(){void 0===i?S(C).removeProp(r):C[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,Xt.push(r)),o&&m(i)&&i(o[0]),o=i=void 0}),"script"}),y.createHTMLDocument=((Ut=E.implementation.createHTMLDocument("").body).innerHTML="
    ",2===Ut.childNodes.length),S.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(y.createHTMLDocument?((r=(t=E.implementation.createHTMLDocument("")).createElement("base")).href=E.location.href,t.head.appendChild(r)):t=E),o=!n&&[],(i=N.exec(e))?[t.createElement(i[1])]:(i=xe([e],t,o),o&&o.length&&S(o).remove(),S.merge([],i.childNodes)));var r,i,o},S.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1").append(S.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},S.expr.pseudos.animated=function(t){return S.grep(S.timers,function(e){return t===e.elem}).length},S.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=S.css(e,"position"),c=S(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=S.css(e,"top"),u=S.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),m(t)&&(t=t.call(e,n,S.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):("number"==typeof f.top&&(f.top+="px"),"number"==typeof f.left&&(f.left+="px"),c.css(f))}},S.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){S.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===S.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===S.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=S(e).offset()).top+=S.css(e,"borderTopWidth",!0),i.left+=S.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-S.css(r,"marginTop",!0),left:t.left-i.left-S.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===S.css(e,"position"))e=e.offsetParent;return e||re})}}),S.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;S.fn[t]=function(e){return $(this,function(e,t,n){var r;if(x(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),S.each(["top","left"],function(e,n){S.cssHooks[n]=$e(y.pixelPosition,function(e,t){if(t)return t=Be(e,n),Me.test(t)?S(e).position()[n]+"px":t})}),S.each({Height:"height",Width:"width"},function(a,s){S.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){S.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return $(this,function(e,t,n){var r;return x(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?S.css(e,t,i):S.style(e,t,n,i)},s,n?e:void 0,n)}})}),S.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){S.fn[t]=function(e){return this.on(t,e)}}),S.fn.extend({bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),S.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){S.fn[n]=function(e,t){return 0
     
-    
     
     
diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py
index 51a688b98..2b6af203b 100644
--- a/src/werkzeug/exceptions.py
+++ b/src/werkzeug/exceptions.py
@@ -1,5 +1,5 @@
-"""Implements a number of Python exceptions you can raise from within
-your views to trigger a standard non-200 response.
+"""Implements a number of Python exceptions which can be raised from within
+a view to trigger a standard HTTP non-200 response.
 
 Usage Example
 -------------
@@ -53,7 +53,7 @@ def application(environ, start_response):
 
 
 class HTTPException(Exception):
-    """Baseclass for all HTTP exceptions.  This exception can be called as WSGI
+    """The base class for all HTTP exceptions. This exception can be called as a WSGI
     application to render a default error page or you can catch the subclasses
     of it independently and render nicer error messages.
     """
diff --git a/src/werkzeug/middleware/http_proxy.py b/src/werkzeug/middleware/http_proxy.py
index efccb1b3c..6f7b0525b 100644
--- a/src/werkzeug/middleware/http_proxy.py
+++ b/src/werkzeug/middleware/http_proxy.py
@@ -20,13 +20,13 @@ class ProxyMiddleware:
     """Proxy requests under a path to an external server, routing other
     requests to the app.
 
-    This middleware can only proxy HTTP requests, as that is the only
+    This middleware can only proxy HTTP requests, as HTTP is the only
     protocol handled by the WSGI server. Other protocols, such as
-    websocket requests, cannot be proxied at this layer. This should
-    only be used for development, in production a real proxying server
+    WebSocket requests, cannot be proxied at this layer. This should
+    only be used for development, in production a real proxy server
     should be used.
 
-    The middleware takes a dict that maps a path prefix to a dict
+    The middleware takes a dict mapping a path prefix to a dict
     describing the host to be proxied to::
 
         app = ProxyMiddleware(app, {
diff --git a/src/werkzeug/middleware/lint.py b/src/werkzeug/middleware/lint.py
index c2b373195..649883b71 100644
--- a/src/werkzeug/middleware/lint.py
+++ b/src/werkzeug/middleware/lint.py
@@ -195,7 +195,7 @@ def __del__(self):
 
 class LintMiddleware:
     """Warns about common errors in the WSGI and HTTP behavior of the
-    server and wrapped application. Some of the issues it check are:
+    server and wrapped application. Some of the issues it checks are:
 
     -   invalid status codes
     -   non-bytes sent to the WSGI server
diff --git a/src/werkzeug/middleware/proxy_fix.py b/src/werkzeug/middleware/proxy_fix.py
index 890640aae..afec4ca29 100644
--- a/src/werkzeug/middleware/proxy_fix.py
+++ b/src/werkzeug/middleware/proxy_fix.py
@@ -10,7 +10,7 @@
 request as coming from that server rather than the real client. Proxies
 set various headers to track where the request actually came from.
 
-This middleware should only be applied if the application is actually
+This middleware should only be used if the application is actually
 behind such a proxy, and should be configured with the number of proxies
 that are chained in front of it. Not all proxies set all the headers.
 Since incoming headers can be faked, you must set how many proxies are
diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py
index 28758b68a..2d7a16fbe 100644
--- a/src/werkzeug/middleware/shared_data.py
+++ b/src/werkzeug/middleware/shared_data.py
@@ -29,8 +29,8 @@
 
 class SharedDataMiddleware:
 
-    """A WSGI middleware that provides static content for development
-    environments or simple server setups. Usage is quite simple::
+    """A WSGI middleware which provides static content for development
+    environments or simple server setups. Its usage is quite simple::
 
         import os
         from werkzeug.middleware.shared_data import SharedDataMiddleware
@@ -41,8 +41,8 @@ class SharedDataMiddleware:
 
     The contents of the folder ``./shared`` will now be available on
     ``http://example.com/shared/``.  This is pretty useful during development
-    because a standalone media server is not required.  One can also mount
-    files on the root folder and still continue to use the application because
+    because a standalone media server is not required. Files can also be
+    mounted on the root folder and still continue to use the application because
     the shared data middleware forwards all unhandled requests to the
     application, even if the requests are below one of the shared folders.
 
@@ -60,9 +60,9 @@ class SharedDataMiddleware:
     rules for files that are not accessible from the web.  If `cache` is set to
     `False` no caching headers are sent.
 
-    Currently the middleware does not support non ASCII filenames.  If the
-    encoding on the file system happens to be the encoding of the URI it may
-    work but this could also be by accident.  We strongly suggest using ASCII
+    Currently the middleware does not support non-ASCII filenames. If the
+    encoding on the file system happens to match the encoding of the URI it may
+    work but this could also be by accident. We strongly suggest using ASCII
     only file names for static files.
 
     The middleware will guess the mimetype using the Python `mimetype`

From f0d37ae9832b6da14ab78212102ed66865268515 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Mangano-Tarumi?= 
Date: Tue, 31 Mar 2020 18:04:38 -0400
Subject: [PATCH 216/733] tests: Expect REQUEST_URI to preserve the query
 string

---
 tests/test_test.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tests/test_test.py b/tests/test_test.py
index 1196ff2f1..7052f3467 100644
--- a/tests/test_test.py
+++ b/tests/test_test.py
@@ -817,3 +817,9 @@ def app(request):
     response = client.get("/hello%2fworld")
     data = response.get_data(as_text=True)
     assert data == "/hello/world\n/hello%2fworld"
+
+    response = client.get("/?a=b")
+    assert response.get_data(as_text=True) == "/\n/?a=b"
+
+    response = client.get("/%3f?")  # escaped ? in path, and empty query string
+    assert response.get_data(as_text=True) == "/?\n/%3f?"

From bc589f538fdd7ce78223809e4b211f29ab8f9d64 Mon Sep 17 00:00:00 2001
From: Kai Chen 
Date: Thu, 18 Jun 2020 14:07:52 -0700
Subject: [PATCH 217/733] test.py: Preserve query string

---
 CHANGES.rst          |  2 ++
 src/werkzeug/test.py | 14 ++++++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 5d812896e..632defd36 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -36,6 +36,8 @@ Unreleased
     returns ``None`` instead of raising a ``UnicodeDecodeError``.
     :issue:`1816`
 -   The debugger no longer uses jQuery. :issue:`1807`
+-   The test client includes the query string in ``REQUEST_URI`` and
+    ``RAW_URI``. :issue:`1781`
 
 
 Version 1.0.2
diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py
index 252f2cd3a..f1cb93339 100644
--- a/src/werkzeug/test.py
+++ b/src/werkzeug/test.py
@@ -268,6 +268,10 @@ class EnvironBuilder:
     :param environ_overrides: an optional dict of environment overrides.
     :param charset: the charset used to encode string data.
 
+    .. versionchanged:: 2.0.0
+        ``REQUEST_URI`` and ``RAW_URI`` is the full raw URI including
+        the query string, not only the path.
+
     .. versionadded:: 0.15
         The ``json`` param and :meth:`json_dumps` method.
 
@@ -320,10 +324,12 @@ def __init__(
         path_s = _make_encode_wrapper(path)
         if query_string is not None and path_s("?") in path:
             raise ValueError("Query string is defined in the path and as an argument")
+        request_uri = url_parse(path)
         if query_string is None and path_s("?") in path:
-            path, query_string = path.split(path_s("?"), 1)
+            query_string = request_uri.query
         self.charset = charset
-        self.path = iri_to_uri(path)
+        self.path = iri_to_uri(request_uri.path)
+        self.request_uri = path
         if base_url is not None:
             base_url = url_fix(iri_to_uri(base_url, charset), charset)
         self.base_url = base_url
@@ -691,9 +697,9 @@ def _path_encode(x):
                 "PATH_INFO": _path_encode(self.path),
                 "QUERY_STRING": qs,
                 # Non-standard, added by mod_wsgi, uWSGI
-                "REQUEST_URI": _wsgi_encoding_dance(self.path),
+                "REQUEST_URI": _wsgi_encoding_dance(self.request_uri),
                 # Non-standard, added by gunicorn
-                "RAW_URI": _wsgi_encoding_dance(self.path),
+                "RAW_URI": _wsgi_encoding_dance(self.request_uri),
                 "SERVER_NAME": self.server_name,
                 "SERVER_PORT": str(self.server_port),
                 "HTTP_HOST": self.host,

From 4f4a6b6efd2c062168df53ff572875471dd25f51 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Sun, 10 May 2020 01:19:50 +0100
Subject: [PATCH 218/733] Add initial type hinting

This mostly adds mypy to the tox process to enable checking of any
types added (and code it understands). This will allow type hints to
be progressively added to the Werkzeug codebase, with the eventual aim
of turning on disallow_untyped_defs.

Type annotations are enforced as is the convention of only importing
typing required objects within a `if TYPE_CHECKING:` block. This
should limit the import time cost of type hinting.

Note that,
 - mypy doesn't understand conditional imports
   https://github.com/python/mypy/issues/1153

 - mypy insists mixins with different kwarg signatures are errors,
   https://github.com/python/mypy/issues/2125 (Response)
---
 .github/workflows/tests.yaml                |  1 +
 .gitignore                                  |  1 +
 setup.cfg                                   | 40 ++++++++++++++++++
 src/werkzeug/__init__.py                    |  2 +
 src/werkzeug/_internal.py                   |  9 +++-
 src/werkzeug/_reloader.py                   |  8 +++-
 src/werkzeug/datastructures.py              | 46 ++++++++++++++-------
 src/werkzeug/debug/__init__.py              |  2 +
 src/werkzeug/debug/console.py               |  2 +
 src/werkzeug/debug/repr.py                  |  6 ++-
 src/werkzeug/debug/tbtools.py               |  7 ++--
 src/werkzeug/exceptions.py                  | 14 +++++--
 src/werkzeug/filesystem.py                  |  2 +
 src/werkzeug/formparser.py                  |  4 +-
 src/werkzeug/http.py                        |  2 +
 src/werkzeug/local.py                       | 16 +++----
 src/werkzeug/middleware/__init__.py         |  2 +
 src/werkzeug/middleware/dispatcher.py       |  2 +
 src/werkzeug/middleware/http_proxy.py       |  2 +
 src/werkzeug/middleware/lint.py             |  6 +--
 src/werkzeug/middleware/profiler.py         |  4 +-
 src/werkzeug/middleware/proxy_fix.py        |  2 +
 src/werkzeug/middleware/shared_data.py      |  2 +
 src/werkzeug/posixemulation.py              | 12 +++---
 src/werkzeug/routing.py                     |  2 +
 src/werkzeug/security.py                    |  2 +
 src/werkzeug/serving.py                     |  6 ++-
 src/werkzeug/test.py                        |  2 +
 src/werkzeug/testapp.py                     |  2 +
 src/werkzeug/urls.py                        | 10 ++++-
 src/werkzeug/useragents.py                  |  2 +
 src/werkzeug/utils.py                       |  2 +
 src/werkzeug/wrappers/__init__.py           |  2 +
 src/werkzeug/wrappers/accept.py             |  2 +
 src/werkzeug/wrappers/auth.py               |  2 +
 src/werkzeug/wrappers/base_request.py       |  2 +
 src/werkzeug/wrappers/base_response.py      |  2 +
 src/werkzeug/wrappers/common_descriptors.py | 10 ++++-
 src/werkzeug/wrappers/cors.py               |  2 +
 src/werkzeug/wrappers/etag.py               |  2 +
 src/werkzeug/wrappers/json.py               |  2 +
 src/werkzeug/wrappers/request.py            |  2 +
 src/werkzeug/wrappers/response.py           |  4 +-
 src/werkzeug/wrappers/user_agent.py         |  2 +
 src/werkzeug/wsgi.py                        |  2 +
 tests/test_datastructures.py                | 12 +++---
 tests/test_wrappers.py                      |  8 ++--
 tox.ini                                     |  6 +++
 48 files changed, 228 insertions(+), 56 deletions(-)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index a826fda6c..6fbd29664 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -22,6 +22,7 @@ jobs:
           - {name: 'PyPy', python: pypy3, os: ubuntu-latest, tox: pypy3}
           - {name: Style, python: '3.8', os: ubuntu-latest, tox: style}
           - {name: Docs, python: '3.8', os: ubuntu-latest, tox: docs}
+          - {name: Typing, python: '3.8', os: ubuntu-latest, tox: mypy}
           - {name: Windows, python: '3.8', os: windows-latest, tox: py38}
           - {name: Mac, python: '3.8', os: macos-latest, tox: py38}
     steps:
diff --git a/.gitignore b/.gitignore
index 23c42f03c..46955f612 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,3 +22,4 @@ test_uwsgi_failed
 .pytest_cache/
 venv/
 .vscode
+.mypy_cache/
diff --git a/setup.cfg b/setup.cfg
index e39dc914e..48af2530b 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -78,3 +78,43 @@ per-file-ignores =
     **/__init__.py: F401
     # LocalProxy assigns lambdas
     src/werkzeug/local.py: E731
+
+[mypy]
+allow_redefinition = True
+disallow_subclassing_any = True
+# disallow_untyped_defs = True
+strict_equality = True
+strict_optional = False
+warn_redundant_casts = True
+warn_unused_configs = True
+warn_unused_ignores = True
+
+[mypy-_pytest.*]
+ignore_missing_imports = True
+
+[mypy-bar.*]
+ignore_missing_imports = True
+
+[mypy-cryptography.*]
+ignore_missing_imports = True
+
+[mypy-greenlet.*]
+ignore_missing_imports = True
+
+[mypy-pytest.*]
+ignore_missing_imports = True
+
+[mypy-requests_unixsocket.*]
+ignore_missing_imports = True
+
+[mypy-testsuite_app.*]
+ignore_missing_imports = True
+
+[mypy-watchdog.*]
+ignore_missing_imports = True
+
+[mypy-winreg.*]
+ignore_missing_imports = True
+
+[mypy-xprocess.*]
+ignore_missing_imports = True
diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index 5a04935bf..d184324c8 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 from .serving import run_simple
 from .test import Client
 from .wrappers import Request
diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
index b4c916b41..448d5943b 100644
--- a/src/werkzeug/_internal.py
+++ b/src/werkzeug/_internal.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import inspect
 import logging
 import operator
@@ -7,10 +9,15 @@
 from datetime import date
 from datetime import datetime
 from itertools import chain
+from typing import TYPE_CHECKING
 from weakref import WeakKeyDictionary
 
+if TYPE_CHECKING:
+    from typing import Callable
+
+
 _logger = None
-_signature_cache = WeakKeyDictionary()
+_signature_cache: WeakKeyDictionary[Callable, Callable] = WeakKeyDictionary()
 _epoch_ord = date(1970, 1, 1).toordinal()
 _legal_cookie_chars = f"{string.ascii_letters}{string.digits}/=!#$%&'*+-.^_`|~:".encode(
     "ascii"
diff --git a/src/werkzeug/_reloader.py b/src/werkzeug/_reloader.py
index ad2db7bf2..0a74ade96 100644
--- a/src/werkzeug/_reloader.py
+++ b/src/werkzeug/_reloader.py
@@ -1,12 +1,18 @@
+from __future__ import annotations
+
 import os
 import subprocess
 import sys
 import threading
 import time
 from itertools import chain
+from typing import TYPE_CHECKING
 
 from ._internal import _log
 
+if TYPE_CHECKING:
+    from typing import Optional
+
 
 def _iter_module_files():
     """This iterates over all relevant Python files.  It goes through all
@@ -139,7 +145,7 @@ def _walk(node, path):
 
 
 class ReloaderLoop:
-    name = None
+    name: Optional[str] = None
 
     # Patched during tests. Wrapping with `staticmethod` is required in
     # case `time.sleep` has been replaced by a non-c function (e.g. by
diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index a61c88684..de7fbfbbb 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import codecs
 import mimetypes
 import re
@@ -8,12 +10,16 @@
 from io import BytesIO
 from itertools import repeat
 from os import fspath
+from typing import TYPE_CHECKING
 
 from . import exceptions
 from ._internal import _make_encode_wrapper
 from ._internal import _missing
 from .filesystem import get_filesystem_encoding
 
+if TYPE_CHECKING:
+    from typing import Optional
+
 
 def is_immutable(self):
     raise TypeError(f"{type(self).__name__!r} objects are immutable")
@@ -87,7 +93,7 @@ def sort(self, cmp=None, key=None, reverse=None):
         is_immutable(self)
 
 
-class ImmutableList(ImmutableListMixin, list):
+class ImmutableList(ImmutableListMixin, list):  # type: ignore
     """An immutable :class:`list`.
 
     .. versionadded:: 0.5
@@ -189,7 +195,7 @@ class UpdateDictMixin:
 
     on_update = None
 
-    def calls_update(name):  # noqa: B902
+    def calls_update(name: str):  # type: ignore # noqa: B902
         def oncall(self, *args, **kw):
             rv = getattr(super(), name)(*args, **kw)
             if self.on_update is not None:
@@ -265,7 +271,9 @@ def get(self, key, default=None, type=None):
         return rv
 
 
-class ImmutableTypeConversionDict(ImmutableDictMixin, TypeConversionDict):
+class ImmutableTypeConversionDict(  # type: ignore
+    ImmutableDictMixin, TypeConversionDict
+):
     """Works like a :class:`TypeConversionDict` but does not support
     modifications.
 
@@ -1331,7 +1339,7 @@ def setlistdefault(self, key, default):
         is_immutable(self)
 
 
-class EnvironHeaders(ImmutableHeadersMixin, Headers):
+class EnvironHeaders(ImmutableHeadersMixin, Headers):  # type: ignore
     """Read only version of the headers from a WSGI environment.  This
     provides the same interface as `Headers` and is constructed from
     a WSGI environment.
@@ -1382,7 +1390,7 @@ def copy(self):
         raise TypeError(f"cannot create {type(self).__name__!r} copies")
 
 
-class CombinedMultiDict(ImmutableMultiDictMixin, MultiDict):
+class CombinedMultiDict(ImmutableMultiDictMixin, MultiDict):  # type: ignore
     """A read only :class:`MultiDict` that you can pass multiple :class:`MultiDict`
     instances as sequence and it will combine the return values of all wrapped
     dicts:
@@ -1550,7 +1558,7 @@ def add_file(self, name, file, filename=None, content_type=None):
         self.add(name, value)
 
 
-class ImmutableDict(ImmutableDictMixin, dict):
+class ImmutableDict(ImmutableDictMixin, dict):  # type: ignore
     """An immutable :class:`dict`.
 
     .. versionadded:: 0.5
@@ -1570,7 +1578,7 @@ def __copy__(self):
         return self
 
 
-class ImmutableMultiDict(ImmutableMultiDictMixin, MultiDict):
+class ImmutableMultiDict(ImmutableMultiDictMixin, MultiDict):  # type: ignore
     """An immutable :class:`MultiDict`.
 
     .. versionadded:: 0.5
@@ -1587,7 +1595,9 @@ def __copy__(self):
         return self
 
 
-class ImmutableOrderedMultiDict(ImmutableMultiDictMixin, OrderedMultiDict):
+class ImmutableOrderedMultiDict(  # type: ignore
+    ImmutableMultiDictMixin, OrderedMultiDict
+):
     """An immutable :class:`OrderedMultiDict`.
 
     .. versionadded:: 0.6
@@ -1653,7 +1663,7 @@ def __init__(self, values=()):
         else:
             self.provided = True
             values = sorted(
-                values, key=lambda x: (self._specificity(x[0]), x[1]), reverse=True,
+                values, key=lambda x: (self._specificity(x[0]), x[1]), reverse=True
             )
             list.__init__(self, values)
 
@@ -2026,7 +2036,7 @@ def __repr__(self):
         return f"<{type(self).__name__} {kv_str}>"
 
 
-class RequestCacheControl(ImmutableDictMixin, _CacheControl):
+class RequestCacheControl(ImmutableDictMixin, _CacheControl):  # type: ignore
     """A cache control for requests.  This is immutable and gives access
     to all the request-relevant cache control headers.
 
@@ -2070,7 +2080,7 @@ class ResponseCacheControl(_CacheControl):
 
 # attach cache_property to the _CacheControl as staticmethod
 # so that others can reuse it.
-_CacheControl.cache_property = staticmethod(cache_property)
+_CacheControl.cache_property = staticmethod(cache_property)  # type: ignore
 
 
 def csp_property(key):
@@ -2526,7 +2536,7 @@ def __init__(self, units, start, stop, length=None, on_update=None):
         self.on_update = on_update
         self.set(start, stop, length, units)
 
-    def _callback_property(name):  # noqa: B902
+    def _callback_property(name: str):  # type: ignore # noqa: B902
         def fget(self):
             return getattr(self, name)
 
@@ -2587,7 +2597,7 @@ def __repr__(self):
         return f"<{type(self).__name__} {str(self)!r}>"
 
 
-class Authorization(ImmutableDictMixin, dict):
+class Authorization(ImmutableDictMixin, dict):  # type: ignore
     """Represents an `Authorization` header sent by the client.  You should
     not create this kind of object yourself but use it when it's returned by
     the `parse_authorization_header` function.
@@ -2734,7 +2744,9 @@ def __str__(self):
     def __repr__(self):
         return f"<{type(self).__name__} {self.to_header()!r}>"
 
-    def auth_property(name, doc=None):  # noqa: B902
+    def auth_property(  # type: ignore
+        name: str, doc: Optional[str] = None  # noqa: B902
+    ):
         """A static helper function for subclasses to add extra authentication
         system properties onto a class::
 
@@ -2753,7 +2765,9 @@ def _set_value(self, value):
 
         return property(lambda x: x.get(name), _set_value, doc=doc)
 
-    def _set_property(name, doc=None):  # noqa: B902
+    def _set_property(  # type: ignore
+        name: str, doc: Optional[str] = None  # noqa: B902
+    ):
         def fget(self):
             def on_update(header_set):
                 if not header_set and name in self:
@@ -2829,7 +2843,7 @@ def stale(self, value):
         else:
             self["stale"] = "TRUE" if value else "FALSE"
 
-    auth_property = staticmethod(auth_property)
+    auth_property = staticmethod(auth_property)  # type: ignore
     del _set_property
 
 
diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py
index bf6c0c0ea..d5d07a8d6 100644
--- a/src/werkzeug/debug/__init__.py
+++ b/src/werkzeug/debug/__init__.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import getpass
 import hashlib
 import json
diff --git a/src/werkzeug/debug/console.py b/src/werkzeug/debug/console.py
index 39c3083e2..5fd2142f9 100644
--- a/src/werkzeug/debug/console.py
+++ b/src/werkzeug/debug/console.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import code
 import sys
 from html import escape
diff --git a/src/werkzeug/debug/repr.py b/src/werkzeug/debug/repr.py
index 5ac7d7d28..4a6693062 100644
--- a/src/werkzeug/debug/repr.py
+++ b/src/werkzeug/debug/repr.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 """Object representations for debugging purposes. Unlike the default
 repr, these expose more information and produce HTML instead of ASCII.
 
@@ -97,7 +99,9 @@ class DebugReprGenerator:
     def __init__(self):
         self._stack = []
 
-    def _sequence_repr_maker(left, right, base=object(), limit=8):  # noqa: B008, B902
+    def _sequence_repr_maker(  # type: ignore
+        left: str, right: str, base=object(), limit=8  # noqa: B008, B902
+    ):
         def proxy(self, obj, recursive):
             if recursive:
                 return _add_subclass_info(f"{left}...{right}", obj, base)
diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py
index 8fe4d8f78..5cffc73d3 100644
--- a/src/werkzeug/debug/tbtools.py
+++ b/src/werkzeug/debug/tbtools.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import codecs
 import inspect
 import os
@@ -18,11 +20,10 @@
 _funcdef_re = re.compile(r"^(\s*def\s)|(.*(? o
     __ge__ = lambda x, o: x._get_current_object() >= o
-    __hash__ = lambda x: hash(x._get_current_object())
+    __hash__ = lambda x: hash(x._get_current_object())  # type: ignore
     __call__ = lambda x, *a, **kw: x._get_current_object()(*a, **kw)
     __len__ = lambda x: len(x._get_current_object())
     __getitem__ = lambda x, i: x._get_current_object()[i]
@@ -365,7 +367,7 @@ def __delitem__(self, key):
     __invert__ = lambda x: ~(x._get_current_object())
     __complex__ = lambda x: complex(x._get_current_object())
     __int__ = lambda x: int(x._get_current_object())
-    __long__ = lambda x: long(x._get_current_object())  # noqa
+    __long__ = lambda x: long(x._get_current_object())  # type: ignore # noqa
     __float__ = lambda x: float(x._get_current_object())
     __oct__ = lambda x: oct(x._get_current_object())
     __hex__ = lambda x: hex(x._get_current_object())
diff --git a/src/werkzeug/middleware/__init__.py b/src/werkzeug/middleware/__init__.py
index 6ddcf7f5c..21cc2031b 100644
--- a/src/werkzeug/middleware/__init__.py
+++ b/src/werkzeug/middleware/__init__.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 """
 Middleware
 ==========
diff --git a/src/werkzeug/middleware/dispatcher.py b/src/werkzeug/middleware/dispatcher.py
index 5866325ee..b96dafa1a 100644
--- a/src/werkzeug/middleware/dispatcher.py
+++ b/src/werkzeug/middleware/dispatcher.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 """
 Application Dispatcher
 ======================
diff --git a/src/werkzeug/middleware/http_proxy.py b/src/werkzeug/middleware/http_proxy.py
index 6f7b0525b..04c81454a 100644
--- a/src/werkzeug/middleware/http_proxy.py
+++ b/src/werkzeug/middleware/http_proxy.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 """
 Basic HTTP Proxy
 ================
diff --git a/src/werkzeug/middleware/lint.py b/src/werkzeug/middleware/lint.py
index 649883b71..482fdfe16 100644
--- a/src/werkzeug/middleware/lint.py
+++ b/src/werkzeug/middleware/lint.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 """
 WSGI Protocol Linter
 ====================
@@ -30,9 +32,7 @@ class HTTPWarning(Warning):
 
 def check_string(context, obj, stacklevel=3):
     if type(obj) is not str:
-        warn(
-            f"'{context}' requires strings, got '{type(obj).__name__}'", WSGIWarning,
-        )
+        warn(f"'{context}' requires strings, got '{type(obj).__name__}'", WSGIWarning)
 
 
 class InputStream:
diff --git a/src/werkzeug/middleware/profiler.py b/src/werkzeug/middleware/profiler.py
index 60239cf15..d49072799 100644
--- a/src/werkzeug/middleware/profiler.py
+++ b/src/werkzeug/middleware/profiler.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 """
 Application Profiler
 ====================
@@ -19,7 +21,7 @@
 try:
     from cProfile import Profile
 except ImportError:
-    from profile import Profile
+    from profile import Profile  # type: ignore
 
 
 class ProfilerMiddleware:
diff --git a/src/werkzeug/middleware/proxy_fix.py b/src/werkzeug/middleware/proxy_fix.py
index afec4ca29..6f52dd76d 100644
--- a/src/werkzeug/middleware/proxy_fix.py
+++ b/src/werkzeug/middleware/proxy_fix.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 """
 X-Forwarded-For Proxy Fix
 =========================
diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py
index 2d7a16fbe..c49edb0d3 100644
--- a/src/werkzeug/middleware/shared_data.py
+++ b/src/werkzeug/middleware/shared_data.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 """
 Serve Shared Static Files
 =========================
diff --git a/src/werkzeug/posixemulation.py b/src/werkzeug/posixemulation.py
index 144376000..c71768435 100644
--- a/src/werkzeug/posixemulation.py
+++ b/src/werkzeug/posixemulation.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 """A ``rename`` function that follows POSIX semantics. If the target
 file already exists it will be replaced without asking.
 
@@ -20,7 +22,7 @@
 
         _MOVEFILE_REPLACE_EXISTING = 0x1
         _MOVEFILE_WRITE_THROUGH = 0x8
-        _MoveFileEx = ctypes.windll.kernel32.MoveFileExW
+        _MoveFileEx = ctypes.windll.kernel32.MoveFileExW  # type: ignore
 
         def _rename(src, dst):
             src = _to_str(src, get_filesystem_encoding())
@@ -39,10 +41,10 @@ def _rename(src, dst):
             return rv
 
         # new in Vista and Windows Server 2008
-        _CreateTransaction = ctypes.windll.ktmw32.CreateTransaction
-        _CommitTransaction = ctypes.windll.ktmw32.CommitTransaction
-        _MoveFileTransacted = ctypes.windll.kernel32.MoveFileTransactedW
-        _CloseHandle = ctypes.windll.kernel32.CloseHandle
+        _CreateTransaction = ctypes.windll.ktmw32.CreateTransaction  # type: ignore
+        _CommitTransaction = ctypes.windll.ktmw32.CommitTransaction  # type: ignore
+        _MoveFileTransacted = ctypes.windll.kernel32.MoveFileTransactedW  # type: ignore
+        _CloseHandle = ctypes.windll.kernel32.CloseHandle  # type: ignore
         can_rename_open_file = True
 
         def _rename_atomic(src, dst):
diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index b26d79390..94f930761 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 """When it comes to combining multiple controller or view functions
 (however you want to call them) you need a dispatcher. A simple way
 would be applying regular expression tests on the ``PATH_INFO`` and
diff --git a/src/werkzeug/security.py b/src/werkzeug/security.py
index 2d01da614..fde088ed9 100644
--- a/src/werkzeug/security.py
+++ b/src/werkzeug/security.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import codecs
 import hashlib
 import hmac
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 82f2b84a0..54478f34f 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 """A WSGI and HTTP server for use **during development only**. This
 server is convenient to use, but is not designed to be particularly
 stable, secure, or efficient. Use a dedicate WSGI server and HTTP
@@ -38,7 +40,7 @@ class _SslDummy:
         def __getattr__(self, name):
             raise RuntimeError("SSL support unavailable")
 
-    ssl = _SslDummy()
+    ssl = _SslDummy()  # type: ignore
 
 try:
     import click
@@ -51,7 +53,7 @@ def __getattr__(self, name):
     ForkingMixIn = socketserver.ForkingMixIn
 else:
 
-    class ForkingMixIn:
+    class ForkingMixIn:  # type: ignore
         pass
 
 
diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py
index f1cb93339..bee5d1140 100644
--- a/src/werkzeug/test.py
+++ b/src/werkzeug/test.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import mimetypes
 import sys
 from collections import defaultdict
diff --git a/src/werkzeug/testapp.py b/src/werkzeug/testapp.py
index 6edfb42be..eb0124349 100644
--- a/src/werkzeug/testapp.py
+++ b/src/werkzeug/testapp.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 """A small application that can be used to test a WSGI server and check
 it for WSGI compliance.
 """
diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py
index 4935948cf..0bcd7d3eb 100644
--- a/src/werkzeug/urls.py
+++ b/src/werkzeug/urls.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 """Functions for working with URLs.
 
 Contains implementations of functions from :mod:`urllib.parse` that
@@ -8,6 +10,7 @@
 import re
 import warnings
 from collections import namedtuple
+from typing import TYPE_CHECKING
 
 from ._internal import _check_str_tuple
 from ._internal import _decode_idna
@@ -15,6 +18,11 @@
 from ._internal import _make_encode_wrapper
 from ._internal import _to_str
 
+if TYPE_CHECKING:
+    from typing import Dict
+    from typing import FrozenSet
+
+
 # A regular expression for what a valid schema looks like
 _scheme_re = re.compile(r"^[a-zA-Z0-9+-.]+$")
 
@@ -359,7 +367,7 @@ def decode(self, charset="utf-8", errors="replace"):
         )
 
 
-_unquote_maps = {frozenset(): _hextobyte}
+_unquote_maps: Dict[FrozenSet, Dict[bytes, int]] = {frozenset(): _hextobyte}
 
 
 def _unquote_to_bytes(string, unsafe=""):
diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py
index f20a5a3a6..e3302d4f2 100644
--- a/src/werkzeug/useragents.py
+++ b/src/werkzeug/useragents.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import re
 
 
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index 4ef73458d..3bc10cf28 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import codecs
 import os
 import pkgutil
diff --git a/src/werkzeug/wrappers/__init__.py b/src/werkzeug/wrappers/__init__.py
index 63210c720..5f38f75e3 100644
--- a/src/werkzeug/wrappers/__init__.py
+++ b/src/werkzeug/wrappers/__init__.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 from .accept import AcceptMixin
 from .auth import AuthorizationMixin
 from .auth import WWWAuthenticateMixin
diff --git a/src/werkzeug/wrappers/accept.py b/src/werkzeug/wrappers/accept.py
index 1f4a8c321..9124bdee3 100644
--- a/src/werkzeug/wrappers/accept.py
+++ b/src/werkzeug/wrappers/accept.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 from ..datastructures import CharsetAccept
 from ..datastructures import LanguageAccept
 from ..datastructures import MIMEAccept
diff --git a/src/werkzeug/wrappers/auth.py b/src/werkzeug/wrappers/auth.py
index 40a340682..79208cdf8 100644
--- a/src/werkzeug/wrappers/auth.py
+++ b/src/werkzeug/wrappers/auth.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 from ..http import parse_authorization_header
 from ..http import parse_www_authenticate_header
 from ..utils import cached_property
diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py
index 24021a9b4..f33564f00 100644
--- a/src/werkzeug/wrappers/base_request.py
+++ b/src/werkzeug/wrappers/base_request.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 from functools import update_wrapper
 from io import BytesIO
 
diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py
index b0124d6a1..91ded1ece 100644
--- a/src/werkzeug/wrappers/base_response.py
+++ b/src/werkzeug/wrappers/base_response.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import warnings
 
 from .._internal import _to_bytes
diff --git a/src/werkzeug/wrappers/common_descriptors.py b/src/werkzeug/wrappers/common_descriptors.py
index 0dd67e082..76425c48a 100644
--- a/src/werkzeug/wrappers/common_descriptors.py
+++ b/src/werkzeug/wrappers/common_descriptors.py
@@ -1,5 +1,8 @@
+from __future__ import annotations
+
 from datetime import datetime
 from datetime import timedelta
+from typing import TYPE_CHECKING
 
 from ..datastructures import CallbackDict
 from ..http import dump_age
@@ -18,6 +21,9 @@
 from ..utils import header_property
 from ..wsgi import get_content_length
 
+if TYPE_CHECKING:
+    from typing import Optional
+
 
 class CommonRequestDescriptorsMixin:
     """A mixin for :class:`BaseRequest` subclasses.  Request objects that
@@ -293,7 +299,9 @@ def retry_after(self, value):
             value = str(value)
         self.headers["Retry-After"] = value
 
-    def _set_property(name, doc=None):  # noqa: B902
+    def _set_property(  # type: ignore
+        name: str, doc: Optional[str] = None  # noqa: B902
+    ):
         def fget(self):
             def on_update(header_set):
                 if not header_set and name in self.headers:
diff --git a/src/werkzeug/wrappers/cors.py b/src/werkzeug/wrappers/cors.py
index 6b8283d69..a31cd2db6 100644
--- a/src/werkzeug/wrappers/cors.py
+++ b/src/werkzeug/wrappers/cors.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 from ..http import dump_header
 from ..http import parse_set_header
 from ..utils import environ_property
diff --git a/src/werkzeug/wrappers/etag.py b/src/werkzeug/wrappers/etag.py
index 219b6e52b..aafdb3a36 100644
--- a/src/werkzeug/wrappers/etag.py
+++ b/src/werkzeug/wrappers/etag.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 from .._internal import _get_environ
 from ..datastructures import ContentRange
 from ..datastructures import RequestCacheControl
diff --git a/src/werkzeug/wrappers/json.py b/src/werkzeug/wrappers/json.py
index 2d093eb89..3c8e5f74b 100644
--- a/src/werkzeug/wrappers/json.py
+++ b/src/werkzeug/wrappers/json.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import datetime
 import json
 import uuid
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index 95502980d..8595484d7 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 from .accept import AcceptMixin
 from .auth import AuthorizationMixin
 from .base_request import BaseRequest
diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py
index 212c0eaaf..58aa88c60 100644
--- a/src/werkzeug/wrappers/response.py
+++ b/src/werkzeug/wrappers/response.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 from ..utils import cached_property
 from .auth import WWWAuthenticateMixin
 from .base_response import BaseResponse
@@ -63,7 +65,7 @@ def stream(self):
         return ResponseStream(self)
 
 
-class Response(
+class Response(  # type: ignore
     BaseResponse,
     ETagResponseMixin,
     WWWAuthenticateMixin,
diff --git a/src/werkzeug/wrappers/user_agent.py b/src/werkzeug/wrappers/user_agent.py
index 77ef1b6b4..5e61741d5 100644
--- a/src/werkzeug/wrappers/user_agent.py
+++ b/src/werkzeug/wrappers/user_agent.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 from ..useragents import UserAgent
 from ..utils import cached_property
 
diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py
index 9678384a5..348fc36b8 100644
--- a/src/werkzeug/wsgi.py
+++ b/src/werkzeug/wsgi.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import io
 import re
 from functools import partial
diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py
index 76a08df13..407ea63d8 100644
--- a/tests/test_datastructures.py
+++ b/tests/test_datastructures.py
@@ -301,11 +301,11 @@ def test_dict_is_hashable(self):
 
 
 class TestImmutableTypeConversionDict(_ImmutableDictTests):
-    storage_class = datastructures.ImmutableTypeConversionDict
+    storage_class = datastructures.ImmutableTypeConversionDict  # type: ignore
 
 
 class TestImmutableMultiDict(_ImmutableDictTests):
-    storage_class = datastructures.ImmutableMultiDict
+    storage_class = datastructures.ImmutableMultiDict  # type: ignore
 
     def test_multidict_is_hashable(self):
         cls = self.storage_class
@@ -326,11 +326,11 @@ def test_multidict_is_hashable(self):
 
 
 class TestImmutableDict(_ImmutableDictTests):
-    storage_class = datastructures.ImmutableDict
+    storage_class = datastructures.ImmutableDict  # type: ignore
 
 
 class TestImmutableOrderedMultiDict(_ImmutableDictTests):
-    storage_class = datastructures.ImmutableOrderedMultiDict
+    storage_class = datastructures.ImmutableOrderedMultiDict  # type: ignore
 
     def test_ordered_multidict_is_hashable(self):
         a = self.storage_class([("a", 1), ("b", 1), ("a", 2)])
@@ -339,7 +339,7 @@ def test_ordered_multidict_is_hashable(self):
 
 
 class TestMultiDict(_MutableMultiDictTests):
-    storage_class = datastructures.MultiDict
+    storage_class = datastructures.MultiDict  # type: ignore
 
     def test_multidict_pop(self):
         def make_d():
@@ -409,7 +409,7 @@ def test_getitem_raise_badrequestkeyerror_for_empty_list_value(self):
 
 
 class TestOrderedMultiDict(_MutableMultiDictTests):
-    storage_class = datastructures.OrderedMultiDict
+    storage_class = datastructures.OrderedMultiDict  # type: ignore
 
     def test_ordered_interface(self):
         cls = self.storage_class
diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py
index 58e0a83a4..c3610841b 100644
--- a/tests/test_wrappers.py
+++ b/tests/test_wrappers.py
@@ -258,7 +258,7 @@ def test_request_access_control():
             "Origin": "https://palletsprojects.com",
             "Access-Control-Request-Headers": "X-A, X-B",
             "Access-Control-Request-Method": "PUT",
-        },
+        }
     )
     assert request.origin == "https://palletsprojects.com"
     assert request.access_control_request_headers == {"X-A", "X-B"}
@@ -908,7 +908,9 @@ def test_etag_response_mixin_freezing():
     class WithFreeze(wrappers.ETagResponseMixin, wrappers.BaseResponse):
         pass
 
-    class WithoutFreeze(wrappers.BaseResponse, wrappers.ETagResponseMixin):
+    class WithoutFreeze(  # type: ignore
+        wrappers.BaseResponse, wrappers.ETagResponseMixin
+    ):
         pass
 
     response = WithFreeze("Hello World")
@@ -1540,7 +1542,7 @@ class TestJSONMixin:
     class Request(JSONMixin, wrappers.Request):
         pass
 
-    class Response(JSONMixin, wrappers.Response):
+    class Response(JSONMixin, wrappers.Response):  # type: ignore
         pass
 
     def test_request(self):
diff --git a/tox.ini b/tox.ini
index 9b6d47135..ff7fcdecc 100644
--- a/tox.ini
+++ b/tox.ini
@@ -3,6 +3,7 @@ envlist =
     py{38,37,36,py3}
     style
     docs
+    mypy
 skip_missing_interpreters = true
 
 [testenv]
@@ -17,3 +18,8 @@ commands = pre-commit run --all-files --show-diff-on-failure
 [testenv:docs]
 deps = -r requirements/docs.txt
 commands = sphinx-build -W -b html -d {envtmpdir}/doctrees docs {envtmpdir}/html
+
+[testenv:mypy]
+deps = mypy
+commands =
+    mypy src/werkzeug/ tests/

From f46997e45cacc3b43a287fb13b719676a62c8c9b Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Sun, 10 May 2020 11:37:40 +0100
Subject: [PATCH 219/733] Apply the typeshed typings to the codebase

This uses retype to convert the typing stubs to types, with some hand
editing after.
---
 src/werkzeug/_internal.py             | 26 +++++++++++-------
 src/werkzeug/_reloader.py             | 22 +++++++++++++---
 src/werkzeug/debug/console.py         | 16 ++++++++---
 src/werkzeug/debug/repr.py            | 38 +++++++++++++++------------
 src/werkzeug/filesystem.py            |  7 ++++-
 src/werkzeug/middleware/dispatcher.py | 20 ++++++++++++--
 src/werkzeug/middleware/http_proxy.py | 28 +++++++++++++++++---
 src/werkzeug/middleware/profiler.py   | 33 ++++++++++++++++-------
 src/werkzeug/testapp.py               |  8 ++++--
 src/werkzeug/useragents.py            | 11 +++++---
 10 files changed, 154 insertions(+), 55 deletions(-)

diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
index 448d5943b..8373317a8 100644
--- a/src/werkzeug/_internal.py
+++ b/src/werkzeug/_internal.py
@@ -13,8 +13,9 @@
 from weakref import WeakKeyDictionary
 
 if TYPE_CHECKING:
+    from typing import Any
     from typing import Callable
-
+    from typing import Optional
 
 _logger = None
 _signature_cache: WeakKeyDictionary[Callable, Callable] = WeakKeyDictionary()
@@ -262,16 +263,21 @@ def _date_to_unix(arg):
 class _DictAccessorProperty:
     """Baseclass for `environ_property` and `header_property`."""
 
-    read_only = False
+    name: Any
+    default: Any
+    load_func: Any
+    dump_func: Any
+    __doc__: Any
+    read_only: Any = False
 
     def __init__(
         self,
         name,
-        default=None,
-        load_func=None,
-        dump_func=None,
-        read_only=None,
-        doc=None,
+        default: Optional[Any] = None,
+        load_func: Optional[Any] = None,
+        dump_func: Optional[Any] = None,
+        read_only: Optional[Any] = None,
+        doc: Optional[Any] = None,
     ):
         self.name = name
         self.default = default
@@ -281,10 +287,10 @@ def __init__(
             self.read_only = read_only
         self.__doc__ = doc
 
-    def __get__(self, obj, type=None):
+    def __get__(self, obj, type: Optional[Any] = None):
         if obj is None:
             return self
-        storage = self.lookup(obj)
+        storage = self.lookup(obj)  # type: ignore
         if self.name not in storage:
             return self.default
         rv = storage[self.name]
@@ -441,7 +447,7 @@ def _make_cookie_domain(domain):
     )
 
 
-def _easteregg(app=None):
+def _easteregg(app: Optional[Any] = None):
     """Like the name says.  But who knows how it works?"""
 
     def bzzzzzzz(gyver):
diff --git a/src/werkzeug/_reloader.py b/src/werkzeug/_reloader.py
index 0a74ade96..08033f8cd 100644
--- a/src/werkzeug/_reloader.py
+++ b/src/werkzeug/_reloader.py
@@ -11,6 +11,7 @@
 from ._internal import _log
 
 if TYPE_CHECKING:
+    from typing import Any
     from typing import Optional
 
 
@@ -145,6 +146,8 @@ def _walk(node, path):
 
 
 class ReloaderLoop:
+    extra_files: Any
+    interval: float
     name: Optional[str] = None
 
     # Patched during tests. Wrapping with `staticmethod` is required in
@@ -152,7 +155,7 @@ class ReloaderLoop:
     # `eventlet.monkey_patch`) before we get here
     _sleep = staticmethod(time.sleep)
 
-    def __init__(self, extra_files=None, interval=1):
+    def __init__(self, extra_files: Optional[Any] = None, interval: float = 1):
         self.extra_files = {os.path.abspath(x) for x in extra_files or ()}
         self.interval = interval
 
@@ -183,7 +186,7 @@ def log_reload(self, filename):
 
 
 class StatReloaderLoop(ReloaderLoop):
-    name = "stat"
+    name: Any = "stat"
 
     def run(self):
         mtimes = {}
@@ -204,6 +207,12 @@ def run(self):
 
 
 class WatchdogReloaderLoop(ReloaderLoop):
+    observable_paths: Any
+    name: Any
+    observer_class: Any
+    event_handler: Any
+    should_reload: Any
+
     def __init__(self, *args, **kwargs):
         ReloaderLoop.__init__(self, *args, **kwargs)
         from watchdog.observers import Observer
@@ -285,7 +294,7 @@ def run(self):
         sys.exit(3)
 
 
-reloader_loops = {"stat": StatReloaderLoop, "watchdog": WatchdogReloaderLoop}
+reloader_loops: Any = {"stat": StatReloaderLoop, "watchdog": WatchdogReloaderLoop}
 
 try:
     __import__("watchdog.observers")
@@ -311,7 +320,12 @@ def ensure_echo_on():
         termios.tcsetattr(sys.stdin, termios.TCSANOW, attributes)
 
 
-def run_with_reloader(main_func, extra_files=None, interval=1, reloader_type="auto"):
+def run_with_reloader(
+    main_func,
+    extra_files: Optional[Any] = None,
+    interval: float = 1,
+    reloader_type: str = "auto",
+):
     """Run the given function in an independent Python interpreter."""
     import signal
 
diff --git a/src/werkzeug/debug/console.py b/src/werkzeug/debug/console.py
index 5fd2142f9..d601c7344 100644
--- a/src/werkzeug/debug/console.py
+++ b/src/werkzeug/debug/console.py
@@ -4,12 +4,16 @@
 import sys
 from html import escape
 from types import CodeType
+from typing import TYPE_CHECKING
 
 from ..local import Local
 from .repr import debug_repr
 from .repr import dump
 from .repr import helper
 
+if TYPE_CHECKING:
+    from typing import Any
+    from typing import Optional
 
 _local = Local()
 
@@ -29,7 +33,7 @@ def close(self):
     def flush(self):
         pass
 
-    def seek(self, n, mode=0):
+    def seek(self, n, mode: int = 0):
         pass
 
     def readline(self):
@@ -139,6 +143,10 @@ def func(source, filename, symbol):
 
 
 class _InteractiveConsole(code.InteractiveInterpreter):
+    globals: Any
+    more: Any
+    buffer: Any
+
     def __init__(self, globals, locals):
         _locals = dict(globals)
         _locals.update(locals)
@@ -181,11 +189,11 @@ def showtraceback(self):
         tb = get_current_traceback(skip=1)
         sys.stdout._write(tb.render_summary())
 
-    def showsyntaxerror(self, filename=None):
+    def showsyntaxerror(self, filename: Optional[Any] = None):
         from .tbtools import get_current_traceback
 
         tb = get_current_traceback(skip=4)
-        sys.stdout._write(tb.render_summary())
+        sys.stdout._write(tb.render_summary())  # type: ignore
 
     def write(self, data):
         sys.stdout.write(data)
@@ -194,7 +202,7 @@ def write(self, data):
 class Console:
     """An interactive console."""
 
-    def __init__(self, globals=None, locals=None):
+    def __init__(self, globals: Optional[Any] = None, locals: Optional[Any] = None):
         if locals is None:
             locals = {}
         if globals is None:
diff --git a/src/werkzeug/debug/repr.py b/src/werkzeug/debug/repr.py
index 4a6693062..1c121a9e2 100644
--- a/src/werkzeug/debug/repr.py
+++ b/src/werkzeug/debug/repr.py
@@ -12,20 +12,24 @@
 from collections import deque
 from html import escape
 from traceback import format_exception_only
+from typing import TYPE_CHECKING
 
+if TYPE_CHECKING:
+    from typing import Any
+    from typing import Optional
 
-missing = object()
+missing: Any = object()
 _paragraph_re = re.compile(r"(?:\r\n|\r|\n){2,}")
-RegexType = type(_paragraph_re)
+RegexType: Any = type(_paragraph_re)
 
 
-HELP_HTML = """\
+HELP_HTML: Any = """\
 
    
   
    %(title)s
    
   
    %(text)s
    
 
    \
 """
-OBJECT_DUMP_HTML = """\
+OBJECT_DUMP_HTML: Any = """\
 
    
   
    %(title)s
    
   %(repr)s
@@ -59,14 +63,14 @@ class _Helper:
     def __repr__(self):
         return "Type help(object) for help about object."
 
-    def __call__(self, topic=None):
+    def __call__(self, topic: Optional[Any] = None):
         if topic is None:
-            sys.stdout._write(f"{self!r}")
+            sys.stdout._write(f"{self!r}")  # type: ignore
             return
         import pydoc
 
         pydoc.help(topic)
-        rv = sys.stdout.reset()
+        rv = sys.stdout.reset()  # type: ignore
         if isinstance(rv, bytes):
             rv = rv.decode("utf-8", "ignore")
         paragraphs = _paragraph_re.split(rv)
@@ -76,10 +80,10 @@ def __call__(self, topic=None):
         else:
             title = "Help"
             text = paragraphs[0]
-        sys.stdout._write(HELP_HTML % {"title": title, "text": text})
+        sys.stdout._write(HELP_HTML % {"title": title, "text": text})  # type: ignore
 
 
-helper = _Helper()
+helper: Any = _Helper()
 
 
 def _add_subclass_info(inner, obj, base):
@@ -121,11 +125,11 @@ def proxy(self, obj, recursive):
 
         return proxy
 
-    list_repr = _sequence_repr_maker("[", "]", list)
-    tuple_repr = _sequence_repr_maker("(", ")", tuple)
-    set_repr = _sequence_repr_maker("set([", "])", set)
-    frozenset_repr = _sequence_repr_maker("frozenset([", "])", frozenset)
-    deque_repr = _sequence_repr_maker(
+    list_repr: Any = _sequence_repr_maker("[", "]", list)
+    tuple_repr: Any = _sequence_repr_maker("(", ")", tuple)
+    set_repr: Any = _sequence_repr_maker("set([", "])", set)
+    frozenset_repr: Any = _sequence_repr_maker("frozenset([", "])", frozenset)
+    deque_repr: Any = _sequence_repr_maker(
         'collections.deque([', "])", deque
     )
     del _sequence_repr_maker
@@ -136,7 +140,7 @@ def regex_repr(self, obj):
         pattern = f"r{pattern}"
         return f're.compile({pattern})'
 
-    def string_repr(self, obj, limit=70):
+    def string_repr(self, obj, limit: int = 70):
         buf = ['']
         r = repr(obj)
 
@@ -163,7 +167,7 @@ def string_repr(self, obj, limit=70):
         # otherwise, assume the repr distinguishes the subclass already
         return out
 
-    def dict_repr(self, d, recursive, limit=5):
+    def dict_repr(self, d, recursive, limit: int = 5):
         if recursive:
             return _add_subclass_info("{...}", d, dict)
         buf = ["{"]
@@ -261,7 +265,7 @@ def dump_locals(self, d):
         items = [(key, self.repr(value)) for key, value in d.items()]
         return self.render_object_dump(items, "Local variables in frame")
 
-    def render_object_dump(self, items, title, repr=None):
+    def render_object_dump(self, items, title, repr: Optional[Any] = None):
         html_items = []
         for key, value in items:
             html_items.append(f"{escape(key)}
    {value}
    ")
diff --git a/src/werkzeug/filesystem.py b/src/werkzeug/filesystem.py
index 33771b2f9..62d9005bb 100644
--- a/src/werkzeug/filesystem.py
+++ b/src/werkzeug/filesystem.py
@@ -3,9 +3,14 @@
 import codecs
 import sys
 import warnings
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from typing import Any
 
 # We do not trust traditional unixes.
-has_likely_buggy_unicode_filesystem = (
+
+has_likely_buggy_unicode_filesystem: Any = (
     sys.platform.startswith("linux") or "bsd" in sys.platform
 )
 
diff --git a/src/werkzeug/middleware/dispatcher.py b/src/werkzeug/middleware/dispatcher.py
index b96dafa1a..c3dfb4a8a 100644
--- a/src/werkzeug/middleware/dispatcher.py
+++ b/src/werkzeug/middleware/dispatcher.py
@@ -32,6 +32,16 @@
 :copyright: 2007 Pallets
 :license: BSD-3-Clause
 """
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from typing import Iterable
+    from typing import Mapping
+    from typing import Optional
+    from typing import Text
+    from wsgiref.types import StartResponse
+    from wsgiref.types import WSGIApplication
+    from wsgiref.types import WSGIEnvironment
 
 
 class DispatcherMiddleware:
@@ -44,11 +54,17 @@ class DispatcherMiddleware:
     :param mounts: Maps path prefixes to applications for dispatching.
     """
 
-    def __init__(self, app, mounts=None):
+    def __init__(
+        self,
+        app: WSGIApplication,
+        mounts: Optional[Mapping[Text, WSGIApplication]] = None,
+    ) -> None:
         self.app = app
         self.mounts = mounts or {}
 
-    def __call__(self, environ, start_response):
+    def __call__(
+        self, environ: WSGIEnvironment, start_response: StartResponse
+    ) -> Iterable[bytes]:
         script = environ.get("PATH_INFO", "")
         path_info = ""
 
diff --git a/src/werkzeug/middleware/http_proxy.py b/src/werkzeug/middleware/http_proxy.py
index 04c81454a..e87fbed0f 100644
--- a/src/werkzeug/middleware/http_proxy.py
+++ b/src/werkzeug/middleware/http_proxy.py
@@ -10,6 +10,7 @@
 :license: BSD-3-Clause
 """
 from http import client
+from typing import TYPE_CHECKING
 
 from ..datastructures import EnvironHeaders
 from ..http import is_hop_by_hop_header
@@ -17,6 +18,19 @@
 from ..urls import url_quote
 from ..wsgi import get_input_stream
 
+if TYPE_CHECKING:
+    from typing import Any
+    from typing import Iterable
+    from typing import Mapping
+    from typing import MutableMapping
+    from typing import Text
+    from wsgiref.types import StartResponse
+    from wsgiref.types import WSGIApplication
+    from wsgiref.types import WSGIEnvironment
+
+    _MutableOpts = MutableMapping[Text, Any]
+    _Opts = Mapping[Text, Any]
+
 
 class ProxyMiddleware:
     """Proxy requests under a path to an external server, routing other
@@ -72,7 +86,13 @@ class ProxyMiddleware:
     .. versionadded:: 0.14
     """
 
-    def __init__(self, app, targets, chunk_size=2 << 13, timeout=10):
+    def __init__(
+        self,
+        app: WSGIApplication,
+        targets: Mapping[Text, _MutableOpts],
+        chunk_size: int = 2 << 13,
+        timeout: int = 10,
+    ) -> None:
         def _set_defaults(opts):
             opts.setdefault("remove_prefix", False)
             opts.setdefault("host", "")
@@ -87,7 +107,7 @@ def _set_defaults(opts):
         self.chunk_size = chunk_size
         self.timeout = timeout
 
-    def proxy_to(self, opts, path, prefix):
+    def proxy_to(self, opts: _Opts, path: Text, prefix: Text) -> WSGIApplication:
         target = url_parse(opts["target"])
 
         def application(environ, start_response):
@@ -201,7 +221,9 @@ def read():
 
         return application
 
-    def __call__(self, environ, start_response):
+    def __call__(
+        self, environ: WSGIEnvironment, start_response: StartResponse
+    ) -> Iterable[bytes]:
         path = environ["PATH_INFO"]
         app = self.app
 
diff --git a/src/werkzeug/middleware/profiler.py b/src/werkzeug/middleware/profiler.py
index d49072799..57ba4043b 100644
--- a/src/werkzeug/middleware/profiler.py
+++ b/src/werkzeug/middleware/profiler.py
@@ -17,6 +17,19 @@
 import sys
 import time
 from pstats import Stats
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from typing import IO
+    from typing import Iterable
+    from typing import List
+    from typing import Optional
+    from typing import Text
+    from typing import Tuple
+    from typing import Union
+    from wsgiref.types import StartResponse
+    from wsgiref.types import WSGIApplication
+    from wsgiref.types import WSGIEnvironment
 
 try:
     from cProfile import Profile
@@ -72,13 +85,13 @@ class ProfilerMiddleware:
 
     def __init__(
         self,
-        app,
-        stream=sys.stdout,
-        sort_by=("time", "calls"),
-        restrictions=(),
-        profile_dir=None,
-        filename_format="{method}.{path}.{elapsed:.0f}ms.{time:.0f}.prof",
-    ):
+        app: WSGIApplication,
+        stream: IO[str] = sys.stdout,
+        sort_by: Tuple[Text, Text] = ("time", "calls"),
+        restrictions: Iterable[Union[str, float]] = (),
+        profile_dir: Optional[Text] = None,
+        filename_format: Text = "{method}.{path}.{elapsed:.0f}ms.{time:.0f}.prof",
+    ) -> None:
         self._app = app
         self._stream = stream
         self._sort_by = sort_by
@@ -86,8 +99,10 @@ def __init__(
         self._profile_dir = profile_dir
         self._filename_format = filename_format
 
-    def __call__(self, environ, start_response):
-        response_body = []
+    def __call__(
+        self, environ: WSGIEnvironment, start_response: StartResponse
+    ) -> List[bytes]:
+        response_body: List[bytes] = []
 
         def catching_start_response(status, headers, exc_info=None):
             start_response(status, headers, exc_info)
diff --git a/src/werkzeug/testapp.py b/src/werkzeug/testapp.py
index eb0124349..6cf5e8862 100644
--- a/src/werkzeug/testapp.py
+++ b/src/werkzeug/testapp.py
@@ -8,12 +8,16 @@
 import sys
 from html import escape
 from textwrap import wrap
+from typing import TYPE_CHECKING
 
 from . import __version__ as _werkzeug_version
 from .wrappers import BaseRequest as Request
 from .wrappers import BaseResponse as Response
 
-logo = Response(
+if TYPE_CHECKING:
+    from typing import Any
+
+logo: Any = Response(
     base64.b64decode(
         """
 R0lGODlhoACgAOMIAAEDACwpAEpCAGdgAJaKAM28AOnVAP3rAP/////////
@@ -55,7 +59,7 @@
 )
 
 
-TEMPLATE = """\
+TEMPLATE: Any = """\
 
 WSGI Information
diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py
index e3302d4f2..d36165e29 100644
--- a/src/werkzeug/useragents.py
+++ b/src/werkzeug/useragents.py
@@ -1,12 +1,16 @@
 from __future__ import annotations
 
 import re
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from typing import Any
 
 
 class UserAgentParser:
     """A simple user agent parser.  Used by the `UserAgent`."""
 
-    platforms = (
+    platforms: Any = (
         (" cros ", "chromeos"),
         ("iphone|ios", "iphone"),
         ("ipad", "ipad"),
@@ -29,7 +33,7 @@ class UserAgentParser:
         ("blackberry|playbook", "blackberry"),
         ("symbian", "symbian"),
     )
-    browsers = (
+    browsers: Any = (
         ("googlebot", "google"),
         ("msnbot", "msn"),
         ("yahoo", "yahoo"),
@@ -166,6 +170,7 @@ class UserAgent:
         the language of the browser. ``None`` if not recognized.
     """
 
+    string: Any
     _parser = UserAgentParser()
 
     def __init__(self, environ_or_string):
@@ -185,7 +190,7 @@ def __str__(self):
     def __nonzero__(self):
         return bool(self.browser)
 
-    __bool__ = __nonzero__
+    __bool__: Any = __nonzero__
 
     def __repr__(self):
         return f"<{type(self).__name__} {self.browser!r}/{self.version}>"

From cebb4475d826fd85eb1cbaf462c970f4238f11ef Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Sat, 20 Jun 2020 20:07:43 +0100
Subject: [PATCH 220/733] Remove future annotations import and usage

It isn't supported in Python3.6 and Werkzeug supports 3.6

Using the testing procedure listed in
https://pgjones.dev/blog/cost-of-type-hints-2020/ I find no difference
in import times between this and the previous commit.
---
 src/werkzeug/__init__.py                    |  2 --
 src/werkzeug/_internal.py                   | 11 +++--------
 src/werkzeug/_reloader.py                   |  9 ++-------
 src/werkzeug/datastructures.py              |  7 +------
 src/werkzeug/debug/__init__.py              |  2 --
 src/werkzeug/debug/console.py               |  9 ++-------
 src/werkzeug/debug/repr.py                  |  9 ++-------
 src/werkzeug/debug/tbtools.py               |  2 --
 src/werkzeug/exceptions.py                  | 11 +++--------
 src/werkzeug/filesystem.py                  |  7 +------
 src/werkzeug/formparser.py                  |  2 --
 src/werkzeug/http.py                        |  2 --
 src/werkzeug/local.py                       |  2 --
 src/werkzeug/middleware/__init__.py         |  2 --
 src/werkzeug/middleware/dispatcher.py       | 16 +++++++--------
 src/werkzeug/middleware/http_proxy.py       | 22 ++++++++++-----------
 src/werkzeug/middleware/lint.py             |  2 --
 src/werkzeug/middleware/profiler.py         | 20 +++++++++----------
 src/werkzeug/middleware/proxy_fix.py        |  2 --
 src/werkzeug/middleware/shared_data.py      |  2 --
 src/werkzeug/posixemulation.py              |  2 --
 src/werkzeug/routing.py                     |  2 --
 src/werkzeug/security.py                    |  2 --
 src/werkzeug/serving.py                     |  2 --
 src/werkzeug/test.py                        |  2 --
 src/werkzeug/testapp.py                     |  7 +------
 src/werkzeug/urls.py                        | 10 ++--------
 src/werkzeug/useragents.py                  |  7 +------
 src/werkzeug/utils.py                       |  2 --
 src/werkzeug/wrappers/__init__.py           |  2 --
 src/werkzeug/wrappers/accept.py             |  2 --
 src/werkzeug/wrappers/auth.py               |  2 --
 src/werkzeug/wrappers/base_request.py       |  2 --
 src/werkzeug/wrappers/base_response.py      |  2 --
 src/werkzeug/wrappers/common_descriptors.py |  7 +------
 src/werkzeug/wrappers/cors.py               |  2 --
 src/werkzeug/wrappers/etag.py               |  2 --
 src/werkzeug/wrappers/json.py               |  2 --
 src/werkzeug/wrappers/request.py            |  2 --
 src/werkzeug/wrappers/response.py           |  2 --
 src/werkzeug/wrappers/user_agent.py         |  2 --
 src/werkzeug/wsgi.py                        |  2 --
 42 files changed, 45 insertions(+), 163 deletions(-)

diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index d184324c8..5a04935bf 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 from .serving import run_simple
 from .test import Client
 from .wrappers import Request
diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
index 8373317a8..32a1441dc 100644
--- a/src/werkzeug/_internal.py
+++ b/src/werkzeug/_internal.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 import inspect
 import logging
 import operator
@@ -9,16 +7,13 @@
 from datetime import date
 from datetime import datetime
 from itertools import chain
-from typing import TYPE_CHECKING
+from typing import Any
+from typing import Optional
 from weakref import WeakKeyDictionary
 
-if TYPE_CHECKING:
-    from typing import Any
-    from typing import Callable
-    from typing import Optional
 
 _logger = None
-_signature_cache: WeakKeyDictionary[Callable, Callable] = WeakKeyDictionary()
+_signature_cache = WeakKeyDictionary()  # type: ignore
 _epoch_ord = date(1970, 1, 1).toordinal()
 _legal_cookie_chars = f"{string.ascii_letters}{string.digits}/=!#$%&'*+-.^_`|~:".encode(
     "ascii"
diff --git a/src/werkzeug/_reloader.py b/src/werkzeug/_reloader.py
index 08033f8cd..032a446aa 100644
--- a/src/werkzeug/_reloader.py
+++ b/src/werkzeug/_reloader.py
@@ -1,19 +1,14 @@
-from __future__ import annotations
-
 import os
 import subprocess
 import sys
 import threading
 import time
 from itertools import chain
-from typing import TYPE_CHECKING
+from typing import Any
+from typing import Optional
 
 from ._internal import _log
 
-if TYPE_CHECKING:
-    from typing import Any
-    from typing import Optional
-
 
 def _iter_module_files():
     """This iterates over all relevant Python files.  It goes through all
diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index de7fbfbbb..9164bb027 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 import codecs
 import mimetypes
 import re
@@ -10,16 +8,13 @@
 from io import BytesIO
 from itertools import repeat
 from os import fspath
-from typing import TYPE_CHECKING
+from typing import Optional
 
 from . import exceptions
 from ._internal import _make_encode_wrapper
 from ._internal import _missing
 from .filesystem import get_filesystem_encoding
 
-if TYPE_CHECKING:
-    from typing import Optional
-
 
 def is_immutable(self):
     raise TypeError(f"{type(self).__name__!r} objects are immutable")
diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py
index d5d07a8d6..bf6c0c0ea 100644
--- a/src/werkzeug/debug/__init__.py
+++ b/src/werkzeug/debug/__init__.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 import getpass
 import hashlib
 import json
diff --git a/src/werkzeug/debug/console.py b/src/werkzeug/debug/console.py
index d601c7344..287c92348 100644
--- a/src/werkzeug/debug/console.py
+++ b/src/werkzeug/debug/console.py
@@ -1,20 +1,15 @@
-from __future__ import annotations
-
 import code
 import sys
 from html import escape
 from types import CodeType
-from typing import TYPE_CHECKING
+from typing import Any
+from typing import Optional
 
 from ..local import Local
 from .repr import debug_repr
 from .repr import dump
 from .repr import helper
 
-if TYPE_CHECKING:
-    from typing import Any
-    from typing import Optional
-
 _local = Local()
 
 
diff --git a/src/werkzeug/debug/repr.py b/src/werkzeug/debug/repr.py
index 1c121a9e2..36dc30913 100644
--- a/src/werkzeug/debug/repr.py
+++ b/src/werkzeug/debug/repr.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 """Object representations for debugging purposes. Unlike the default
 repr, these expose more information and produce HTML instead of ASCII.
 
@@ -12,11 +10,8 @@
 from collections import deque
 from html import escape
 from traceback import format_exception_only
-from typing import TYPE_CHECKING
-
-if TYPE_CHECKING:
-    from typing import Any
-    from typing import Optional
+from typing import Any
+from typing import Optional
 
 missing: Any = object()
 _paragraph_re = re.compile(r"(?:\r\n|\r|\n){2,}")
diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py
index 5cffc73d3..883d662f1 100644
--- a/src/werkzeug/debug/tbtools.py
+++ b/src/werkzeug/debug/tbtools.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 import codecs
 import inspect
 import os
diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py
index 2fd8bc4d4..1f073a0a5 100644
--- a/src/werkzeug/exceptions.py
+++ b/src/werkzeug/exceptions.py
@@ -45,20 +45,15 @@ def application(environ, start_response):
         except HTTPException, e:
             return e
 """
-from __future__ import annotations
-
 import sys
 from datetime import datetime
 from html import escape
-from typing import TYPE_CHECKING
+from typing import Dict
+from typing import Optional
+from typing import Type
 
 from ._internal import _get_environ
 
-if TYPE_CHECKING:
-    from typing import Dict
-    from typing import Optional
-    from typing import Type
-
 
 class HTTPException(Exception):
     """The base class for all HTTP exceptions. This exception can be called as a WSGI
diff --git a/src/werkzeug/filesystem.py b/src/werkzeug/filesystem.py
index 62d9005bb..63d42d691 100644
--- a/src/werkzeug/filesystem.py
+++ b/src/werkzeug/filesystem.py
@@ -1,12 +1,7 @@
-from __future__ import annotations
-
 import codecs
 import sys
 import warnings
-from typing import TYPE_CHECKING
-
-if TYPE_CHECKING:
-    from typing import Any
+from typing import Any
 
 # We do not trust traditional unixes.
 
diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py
index c90a9f203..dce226550 100644
--- a/src/werkzeug/formparser.py
+++ b/src/werkzeug/formparser.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 import codecs
 import re
 from functools import update_wrapper
diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py
index c2115e8d5..91a870588 100644
--- a/src/werkzeug/http.py
+++ b/src/werkzeug/http.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 import base64
 import re
 import warnings
diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index 4b71a802c..aa59f944c 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 import copy
 from functools import update_wrapper
 
diff --git a/src/werkzeug/middleware/__init__.py b/src/werkzeug/middleware/__init__.py
index 21cc2031b..6ddcf7f5c 100644
--- a/src/werkzeug/middleware/__init__.py
+++ b/src/werkzeug/middleware/__init__.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 """
 Middleware
 ==========
diff --git a/src/werkzeug/middleware/dispatcher.py b/src/werkzeug/middleware/dispatcher.py
index c3dfb4a8a..7bc7d65d2 100644
--- a/src/werkzeug/middleware/dispatcher.py
+++ b/src/werkzeug/middleware/dispatcher.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 """
 Application Dispatcher
 ======================
@@ -32,13 +30,13 @@
 :copyright: 2007 Pallets
 :license: BSD-3-Clause
 """
+from typing import Iterable
+from typing import Mapping
+from typing import Optional
+from typing import Text
 from typing import TYPE_CHECKING
 
 if TYPE_CHECKING:
-    from typing import Iterable
-    from typing import Mapping
-    from typing import Optional
-    from typing import Text
     from wsgiref.types import StartResponse
     from wsgiref.types import WSGIApplication
     from wsgiref.types import WSGIEnvironment
@@ -56,14 +54,14 @@ class DispatcherMiddleware:
 
     def __init__(
         self,
-        app: WSGIApplication,
-        mounts: Optional[Mapping[Text, WSGIApplication]] = None,
+        app: "WSGIApplication",
+        mounts: Optional[Mapping[Text, "WSGIApplication"]] = None,
     ) -> None:
         self.app = app
         self.mounts = mounts or {}
 
     def __call__(
-        self, environ: WSGIEnvironment, start_response: StartResponse
+        self, environ: "WSGIEnvironment", start_response: "StartResponse"
     ) -> Iterable[bytes]:
         script = environ.get("PATH_INFO", "")
         path_info = ""
diff --git a/src/werkzeug/middleware/http_proxy.py b/src/werkzeug/middleware/http_proxy.py
index e87fbed0f..5345e25b0 100644
--- a/src/werkzeug/middleware/http_proxy.py
+++ b/src/werkzeug/middleware/http_proxy.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 """
 Basic HTTP Proxy
 ================
@@ -10,6 +8,11 @@
 :license: BSD-3-Clause
 """
 from http import client
+from typing import Any
+from typing import Iterable
+from typing import Mapping
+from typing import MutableMapping
+from typing import Text
 from typing import TYPE_CHECKING
 
 from ..datastructures import EnvironHeaders
@@ -19,17 +22,12 @@
 from ..wsgi import get_input_stream
 
 if TYPE_CHECKING:
-    from typing import Any
-    from typing import Iterable
-    from typing import Mapping
-    from typing import MutableMapping
-    from typing import Text
     from wsgiref.types import StartResponse
     from wsgiref.types import WSGIApplication
     from wsgiref.types import WSGIEnvironment
 
-    _MutableOpts = MutableMapping[Text, Any]
-    _Opts = Mapping[Text, Any]
+_MutableOpts = MutableMapping[Text, Any]
+_Opts = Mapping[Text, Any]
 
 
 class ProxyMiddleware:
@@ -88,7 +86,7 @@ class ProxyMiddleware:
 
     def __init__(
         self,
-        app: WSGIApplication,
+        app: "WSGIApplication",
         targets: Mapping[Text, _MutableOpts],
         chunk_size: int = 2 << 13,
         timeout: int = 10,
@@ -107,7 +105,7 @@ def _set_defaults(opts):
         self.chunk_size = chunk_size
         self.timeout = timeout
 
-    def proxy_to(self, opts: _Opts, path: Text, prefix: Text) -> WSGIApplication:
+    def proxy_to(self, opts: _Opts, path: Text, prefix: Text) -> "WSGIApplication":
         target = url_parse(opts["target"])
 
         def application(environ, start_response):
@@ -222,7 +220,7 @@ def read():
         return application
 
     def __call__(
-        self, environ: WSGIEnvironment, start_response: StartResponse
+        self, environ: "WSGIEnvironment", start_response: "StartResponse"
     ) -> Iterable[bytes]:
         path = environ["PATH_INFO"]
         app = self.app
diff --git a/src/werkzeug/middleware/lint.py b/src/werkzeug/middleware/lint.py
index 482fdfe16..7d5b50b2a 100644
--- a/src/werkzeug/middleware/lint.py
+++ b/src/werkzeug/middleware/lint.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 """
 WSGI Protocol Linter
 ====================
diff --git a/src/werkzeug/middleware/profiler.py b/src/werkzeug/middleware/profiler.py
index 57ba4043b..e46e6b112 100644
--- a/src/werkzeug/middleware/profiler.py
+++ b/src/werkzeug/middleware/profiler.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 """
 Application Profiler
 ====================
@@ -17,16 +15,16 @@
 import sys
 import time
 from pstats import Stats
+from typing import IO
+from typing import Iterable
+from typing import List
+from typing import Optional
+from typing import Text
+from typing import Tuple
 from typing import TYPE_CHECKING
+from typing import Union
 
 if TYPE_CHECKING:
-    from typing import IO
-    from typing import Iterable
-    from typing import List
-    from typing import Optional
-    from typing import Text
-    from typing import Tuple
-    from typing import Union
     from wsgiref.types import StartResponse
     from wsgiref.types import WSGIApplication
     from wsgiref.types import WSGIEnvironment
@@ -85,7 +83,7 @@ class ProfilerMiddleware:
 
     def __init__(
         self,
-        app: WSGIApplication,
+        app: "WSGIApplication",
         stream: IO[str] = sys.stdout,
         sort_by: Tuple[Text, Text] = ("time", "calls"),
         restrictions: Iterable[Union[str, float]] = (),
@@ -100,7 +98,7 @@ def __init__(
         self._filename_format = filename_format
 
     def __call__(
-        self, environ: WSGIEnvironment, start_response: StartResponse
+        self, environ: "WSGIEnvironment", start_response: "StartResponse"
     ) -> List[bytes]:
         response_body: List[bytes] = []
 
diff --git a/src/werkzeug/middleware/proxy_fix.py b/src/werkzeug/middleware/proxy_fix.py
index 6f52dd76d..afec4ca29 100644
--- a/src/werkzeug/middleware/proxy_fix.py
+++ b/src/werkzeug/middleware/proxy_fix.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 """
 X-Forwarded-For Proxy Fix
 =========================
diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py
index c49edb0d3..2d7a16fbe 100644
--- a/src/werkzeug/middleware/shared_data.py
+++ b/src/werkzeug/middleware/shared_data.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 """
 Serve Shared Static Files
 =========================
diff --git a/src/werkzeug/posixemulation.py b/src/werkzeug/posixemulation.py
index c71768435..18782eecd 100644
--- a/src/werkzeug/posixemulation.py
+++ b/src/werkzeug/posixemulation.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 """A ``rename`` function that follows POSIX semantics. If the target
 file already exists it will be replaced without asking.
 
diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index 94f930761..b26d79390 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 """When it comes to combining multiple controller or view functions
 (however you want to call them) you need a dispatcher. A simple way
 would be applying regular expression tests on the ``PATH_INFO`` and
diff --git a/src/werkzeug/security.py b/src/werkzeug/security.py
index fde088ed9..2d01da614 100644
--- a/src/werkzeug/security.py
+++ b/src/werkzeug/security.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 import codecs
 import hashlib
 import hmac
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 54478f34f..983eda4bc 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 """A WSGI and HTTP server for use **during development only**. This
 server is convenient to use, but is not designed to be particularly
 stable, secure, or efficient. Use a dedicate WSGI server and HTTP
diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py
index bee5d1140..f1cb93339 100644
--- a/src/werkzeug/test.py
+++ b/src/werkzeug/test.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 import mimetypes
 import sys
 from collections import defaultdict
diff --git a/src/werkzeug/testapp.py b/src/werkzeug/testapp.py
index 6cf5e8862..7a9742bfd 100644
--- a/src/werkzeug/testapp.py
+++ b/src/werkzeug/testapp.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 """A small application that can be used to test a WSGI server and check
 it for WSGI compliance.
 """
@@ -8,15 +6,12 @@
 import sys
 from html import escape
 from textwrap import wrap
-from typing import TYPE_CHECKING
+from typing import Any
 
 from . import __version__ as _werkzeug_version
 from .wrappers import BaseRequest as Request
 from .wrappers import BaseResponse as Response
 
-if TYPE_CHECKING:
-    from typing import Any
-
 logo: Any = Response(
     base64.b64decode(
         """
diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py
index 0bcd7d3eb..eca7d3322 100644
--- a/src/werkzeug/urls.py
+++ b/src/werkzeug/urls.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 """Functions for working with URLs.
 
 Contains implementations of functions from :mod:`urllib.parse` that
@@ -10,7 +8,8 @@
 import re
 import warnings
 from collections import namedtuple
-from typing import TYPE_CHECKING
+from typing import Dict
+from typing import FrozenSet
 
 from ._internal import _check_str_tuple
 from ._internal import _decode_idna
@@ -18,11 +17,6 @@
 from ._internal import _make_encode_wrapper
 from ._internal import _to_str
 
-if TYPE_CHECKING:
-    from typing import Dict
-    from typing import FrozenSet
-
-
 # A regular expression for what a valid schema looks like
 _scheme_re = re.compile(r"^[a-zA-Z0-9+-.]+$")
 
diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py
index d36165e29..1a1ab03a5 100644
--- a/src/werkzeug/useragents.py
+++ b/src/werkzeug/useragents.py
@@ -1,10 +1,5 @@
-from __future__ import annotations
-
 import re
-from typing import TYPE_CHECKING
-
-if TYPE_CHECKING:
-    from typing import Any
+from typing import Any
 
 
 class UserAgentParser:
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index 3bc10cf28..4ef73458d 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 import codecs
 import os
 import pkgutil
diff --git a/src/werkzeug/wrappers/__init__.py b/src/werkzeug/wrappers/__init__.py
index 5f38f75e3..63210c720 100644
--- a/src/werkzeug/wrappers/__init__.py
+++ b/src/werkzeug/wrappers/__init__.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 from .accept import AcceptMixin
 from .auth import AuthorizationMixin
 from .auth import WWWAuthenticateMixin
diff --git a/src/werkzeug/wrappers/accept.py b/src/werkzeug/wrappers/accept.py
index 9124bdee3..1f4a8c321 100644
--- a/src/werkzeug/wrappers/accept.py
+++ b/src/werkzeug/wrappers/accept.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 from ..datastructures import CharsetAccept
 from ..datastructures import LanguageAccept
 from ..datastructures import MIMEAccept
diff --git a/src/werkzeug/wrappers/auth.py b/src/werkzeug/wrappers/auth.py
index 79208cdf8..40a340682 100644
--- a/src/werkzeug/wrappers/auth.py
+++ b/src/werkzeug/wrappers/auth.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 from ..http import parse_authorization_header
 from ..http import parse_www_authenticate_header
 from ..utils import cached_property
diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py
index f33564f00..24021a9b4 100644
--- a/src/werkzeug/wrappers/base_request.py
+++ b/src/werkzeug/wrappers/base_request.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 from functools import update_wrapper
 from io import BytesIO
 
diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py
index 91ded1ece..b0124d6a1 100644
--- a/src/werkzeug/wrappers/base_response.py
+++ b/src/werkzeug/wrappers/base_response.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 import warnings
 
 from .._internal import _to_bytes
diff --git a/src/werkzeug/wrappers/common_descriptors.py b/src/werkzeug/wrappers/common_descriptors.py
index 76425c48a..6e0ac8d03 100644
--- a/src/werkzeug/wrappers/common_descriptors.py
+++ b/src/werkzeug/wrappers/common_descriptors.py
@@ -1,8 +1,6 @@
-from __future__ import annotations
-
 from datetime import datetime
 from datetime import timedelta
-from typing import TYPE_CHECKING
+from typing import Optional
 
 from ..datastructures import CallbackDict
 from ..http import dump_age
@@ -21,9 +19,6 @@
 from ..utils import header_property
 from ..wsgi import get_content_length
 
-if TYPE_CHECKING:
-    from typing import Optional
-
 
 class CommonRequestDescriptorsMixin:
     """A mixin for :class:`BaseRequest` subclasses.  Request objects that
diff --git a/src/werkzeug/wrappers/cors.py b/src/werkzeug/wrappers/cors.py
index a31cd2db6..6b8283d69 100644
--- a/src/werkzeug/wrappers/cors.py
+++ b/src/werkzeug/wrappers/cors.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 from ..http import dump_header
 from ..http import parse_set_header
 from ..utils import environ_property
diff --git a/src/werkzeug/wrappers/etag.py b/src/werkzeug/wrappers/etag.py
index aafdb3a36..219b6e52b 100644
--- a/src/werkzeug/wrappers/etag.py
+++ b/src/werkzeug/wrappers/etag.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 from .._internal import _get_environ
 from ..datastructures import ContentRange
 from ..datastructures import RequestCacheControl
diff --git a/src/werkzeug/wrappers/json.py b/src/werkzeug/wrappers/json.py
index 3c8e5f74b..2d093eb89 100644
--- a/src/werkzeug/wrappers/json.py
+++ b/src/werkzeug/wrappers/json.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 import datetime
 import json
 import uuid
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index 8595484d7..95502980d 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 from .accept import AcceptMixin
 from .auth import AuthorizationMixin
 from .base_request import BaseRequest
diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py
index 58aa88c60..3f02b2497 100644
--- a/src/werkzeug/wrappers/response.py
+++ b/src/werkzeug/wrappers/response.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 from ..utils import cached_property
 from .auth import WWWAuthenticateMixin
 from .base_response import BaseResponse
diff --git a/src/werkzeug/wrappers/user_agent.py b/src/werkzeug/wrappers/user_agent.py
index 5e61741d5..77ef1b6b4 100644
--- a/src/werkzeug/wrappers/user_agent.py
+++ b/src/werkzeug/wrappers/user_agent.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 from ..useragents import UserAgent
 from ..utils import cached_property
 
diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py
index 348fc36b8..9678384a5 100644
--- a/src/werkzeug/wsgi.py
+++ b/src/werkzeug/wsgi.py
@@ -1,5 +1,3 @@
-from __future__ import annotations
-
 import io
 import re
 from functools import partial

From 7f04586f824321bf17c00e7ce03cf46ed4e7f2dd Mon Sep 17 00:00:00 2001
From: Teymour Aldridge 
Date: Fri, 12 Jun 2020 14:14:16 +0100
Subject: [PATCH 221/733] Add pull request and issue templates.

---
 .github/ISSUE_TEMPLATE/bug-report.md      | 17 +++++++++++++++++
 .github/ISSUE_TEMPLATE/feature-request.md | 14 ++++++++++++++
 .github/pull_request_template.md          | 13 +++++++++++++
 3 files changed, 44 insertions(+)
 create mode 100644 .github/ISSUE_TEMPLATE/bug-report.md
 create mode 100644 .github/ISSUE_TEMPLATE/feature-request.md
 create mode 100644 .github/pull_request_template.md

diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md
new file mode 100644
index 000000000..da0f87dad
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug-report.md
@@ -0,0 +1,17 @@
+---
+name: Bug report
+about: Report a bug
+title: ''
+labels: bug
+assignees: ''
+---
+**Problem**
+
+**How to produce**
+
+**Expected behaviour**
+
+**Setup**
+- Python version: 
+- Werkzeug version: 
+- Operating system and version (if relevant): 
diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md
new file mode 100644
index 000000000..c2c92981a
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature-request.md
@@ -0,0 +1,14 @@
+---
+name: Feature request
+about: Suggest a new feature for Werkzeug
+title: ''
+labels:
+assignees: ''
+---
+
+**Description of feature**
+
+**Is this feature request related to a problem?**
+
+**Additional context**
+
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 000000000..4b995761f
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,13 @@
+**Issues fixed**
+
+- fixes #
+- also resolves #
+
+**Summary of changes made:**
+- a change
+- another change
+
+Checklist:
+[ ] My code is formatted correctly
+[ ] The tests are passing
+[ ] I have added tests (if needed). If this pull request implements a new feature, these tests should demonstrate that my feature is effective. If this is a bug fix these tests should fail if the bug is present to stop it from re-appearing in future releases.

From 34ff42926a922341736cb6a513a66536c1f9f7e8 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 22 Jun 2020 09:01:09 -0700
Subject: [PATCH 222/733] update issue and pull request templates

Add more specific instructions.
Add config with links for security and questions.
---
 .github/ISSUE_TEMPLATE/bug-report.md      | 38 ++++++++++++++---------
 .github/ISSUE_TEMPLATE/config.yaml        | 11 +++++++
 .github/ISSUE_TEMPLATE/feature-request.md | 21 +++++++------
 .github/pull_request_template.md          | 31 ++++++++++++------
 4 files changed, 68 insertions(+), 33 deletions(-)
 create mode 100644 .github/ISSUE_TEMPLATE/config.yaml

diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md
index da0f87dad..f1ecbe802 100644
--- a/.github/ISSUE_TEMPLATE/bug-report.md
+++ b/.github/ISSUE_TEMPLATE/bug-report.md
@@ -1,17 +1,27 @@
 ---
 name: Bug report
-about: Report a bug
-title: ''
-labels: bug
-assignees: ''
+about: Report a bug in Werkzeug itself
 ---
-**Problem**
-
-**How to produce**
-
-**Expected behaviour**
-
-**Setup**
-- Python version: 
-- Werkzeug version: 
-- Operating system and version (if relevant): 
+
+
+
+
+
+
+
+Environment:
+
+- Python version:
+- Werkzeug version:
diff --git a/.github/ISSUE_TEMPLATE/config.yaml b/.github/ISSUE_TEMPLATE/config.yaml
new file mode 100644
index 000000000..42453d7f3
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/config.yaml
@@ -0,0 +1,11 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security issue
+    url: security@palletsprojects.com
+    about: Do not report security issues publicly. Email our security contact.
+  - name: Questions
+    url: https://stackoverflow.com/questions/tagged/werkzeug?tab=Frequent
+    about: Search for and ask questions about your code on Stack Overflow.
+  - name: Questions and discussions
+    url: https://discord.gg/t6rrQZH
+    about: Discuss questions about your code on our Discord chat.
diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md
index c2c92981a..48698798f 100644
--- a/.github/ISSUE_TEMPLATE/feature-request.md
+++ b/.github/ISSUE_TEMPLATE/feature-request.md
@@ -1,14 +1,15 @@
 ---
 name: Feature request
 about: Suggest a new feature for Werkzeug
-title: ''
-labels:
-assignees: ''
 ---
-
-**Description of feature**
-
-**Is this feature request related to a problem?**
-
-**Additional context**
-
+
+
+
+
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 4b995761f..23cd08810 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,13 +1,26 @@
-**Issues fixed**
-
+
+
+
+
 - fixes #
-- also resolves #
 
-**Summary of changes made:**
-- a change
-- another change
+
 
 Checklist:
-[ ] My code is formatted correctly
-[ ] The tests are passing
-[ ] I have added tests (if needed). If this pull request implements a new feature, these tests should demonstrate that my feature is effective. If this is a bug fix these tests should fail if the bug is present to stop it from re-appearing in future releases.
+
+- [ ] Add tests that demonstrate the correct behavior of the change. Tests should fail without the change.
+- [ ] Add or update relevant docs, in the docs folder and in code.
+- [ ] Add an entry in `CHANGES.rst` summarizing the change and linking to the issue.
+- [ ] Add `.. versionchanged::` entries in any relevant code docs.
+- [ ] Run `pre-commit` hooks and fix any issues.
+- [ ] Run `pytest` and `tox`, no tests failed.

From 0949e2d10dd0e34a90b511834e96551b41eca54e Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 22 Jun 2020 09:08:12 -0700
Subject: [PATCH 223/733] Update .github/ISSUE_TEMPLATE/bug-report.md

Co-authored-by: Teymour Aldridge <42674621+teymour-aldridge@users.noreply.github.com>
---
 .github/ISSUE_TEMPLATE/bug-report.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md
index f1ecbe802..eb5e22b21 100644
--- a/.github/ISSUE_TEMPLATE/bug-report.md
+++ b/.github/ISSUE_TEMPLATE/bug-report.md
@@ -1,6 +1,6 @@
 ---
 name: Bug report
-about: Report a bug in Werkzeug itself
+about: Report a bug in Werkzeug (not other projects which depend on Werkzeug)
 ---
 
 
 
 
 
 - fixes #
 
 
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index 7afc63214..4ebf92885 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -7,19 +7,19 @@ Thank you for considering contributing to Werkzeug!
 Support questions
 -----------------
 
-Please, don't use the issue tracker for this. The issue tracker is a
+Please don't use the issue tracker for this. The issue tracker is a
 tool to address bugs and feature requests in Werkzeug itself. Use one of
 the following resources for questions about using Werkzeug or issues
 with your own code:
 
 -   The ``#get-help`` channel on our Discord chat:
-    https://discord.gg/t6rrQZH
+    https://discord.gg/pallets
 -   The mailing list flask@python.org for long term discussion or larger
     issues.
 -   Ask on `Stack Overflow`_. Search with Google first using:
     ``site:stackoverflow.com werkzeug {search term, exception message, etc.}``
 
-.. _Stack Overflow: https://stackoverflow.com/questions/tagged/werkzeug?sort=linked
+.. _Stack Overflow: https://stackoverflow.com/questions/tagged/werkzeug?tab=Frequent
 
 
 Reporting issues
@@ -107,11 +107,12 @@ First time setup
 
         > env\Scripts\activate
 
--   Install Werkzeug in editable mode with development dependencies.
+-   Install the development dependencies, then install Werkzeug in
+    editable mode.
 
     .. code-block:: text
 
-        $ pip install -e . -r requirements/dev.txt
+        $ pip install -r requirements/dev.txt && pip install -e .
 
 -   Install the pre-commit hooks.
 
@@ -120,11 +121,11 @@ First time setup
         $ pre-commit install
 
 .. _latest version of git: https://git-scm.com/downloads
-.. _username: https://help.github.com/en/articles/setting-your-username-in-git
-.. _email: https://help.github.com/en/articles/setting-your-commit-email-address-in-git
+.. _username: https://docs.github.com/en/github/using-git/setting-your-username-in-git
+.. _email: https://docs.github.com/en/github/setting-up-and-managing-your-github-user-account/setting-your-commit-email-address
 .. _GitHub account: https://github.com/join
-.. _Fork: https://github.com/pallets/werkzeug/fork
-.. _Clone: https://help.github.com/en/articles/fork-a-repo#step-2-create-a-local-clone-of-your-fork
+.. _Fork: https://github.com/pallets/jinja/fork
+.. _Clone: https://docs.github.com/en/github/getting-started-with-github/fork-a-repo#step-2-create-a-local-clone-of-your-fork
 
 
 Start coding
@@ -160,7 +161,7 @@ Start coding
         $ git push --set-upstream fork your-branch-name
 
 .. _committing as you go: https://dont-be-afraid-to-commit.readthedocs.io/en/latest/git/commandlinegit.html#commit-your-changes
-.. _create a pull request: https://help.github.com/en/articles/creating-a-pull-request
+.. _create a pull request: https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request
 
 
 Running the tests

From a3d04876ba25199dc1a87a2f05d2abb1d7ed5c70 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 8 Feb 2021 11:44:05 -0800
Subject: [PATCH 359/733] remove unused pre-commit cache step

---
 .github/workflows/tests.yaml | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index dadb6695f..465499234 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -39,15 +39,9 @@ jobs:
         id: pip-cache
         run: echo "::set-output name=dir::$(pip cache dir)"
       - name: cache pip
-        uses: actions/cache@v1
+        uses: actions/cache@v2
         with:
           path: ${{ steps.pip-cache.outputs.dir }}
           key: pip|${{ runner.os }}|${{ matrix.python }}|${{ hashFiles('setup.py') }}|${{ hashFiles('requirements/*.txt') }}
-      - name: cache pre-commit
-        uses: actions/cache@v1
-        with:
-          path: ~/.cache/pre-commit
-          key: pre-commit|${{ matrix.python }}|${{ hashFiles('.pre-commit-config.yaml') }}
-        if: matrix.tox == 'style'
       - run: pip install tox
       - run: tox -e ${{ matrix.tox }}

From fb353d4bf00b3bce2aeb1526fc2ddd7cb0b70bc3 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 9 Feb 2021 12:41:35 -0800
Subject: [PATCH 360/733] deprecation warnings for local ident func

---
 examples/plnt/database.py       |   8 +-
 examples/simplewiki/database.py |   7 +-
 src/werkzeug/local.py           | 136 ++++++++++++++++++++------------
 3 files changed, 95 insertions(+), 56 deletions(-)

diff --git a/examples/plnt/database.py b/examples/plnt/database.py
index a3d20d7c8..c126363c8 100644
--- a/examples/plnt/database.py
+++ b/examples/plnt/database.py
@@ -11,7 +11,11 @@
 from sqlalchemy.orm import scoped_session
 
 from .utils import application
-from .utils import local_manager
+
+try:
+    from greenlet import getcurrent as get_ident
+except ImportError:
+    from threading import get_ident
 
 
 def new_db_session():
@@ -19,7 +23,7 @@ def new_db_session():
 
 
 metadata = MetaData()
-session = scoped_session(new_db_session, local_manager.get_ident)
+session = scoped_session(new_db_session, get_ident)
 
 
 blog_table = Table(
diff --git a/examples/simplewiki/database.py b/examples/simplewiki/database.py
index 00dd0b4a5..f060b9e97 100644
--- a/examples/simplewiki/database.py
+++ b/examples/simplewiki/database.py
@@ -14,9 +14,12 @@
 from sqlalchemy.orm import scoped_session
 
 from .utils import application
-from .utils import local_manager
 from .utils import parse_creole
 
+try:
+    from greenlet import getcurrent as get_ident
+except ImportError:
+    from threading import get_ident
 
 # create a global metadata
 metadata = MetaData()
@@ -35,7 +38,7 @@ def new_db_session():
 
 # and create a new global session factory.  Calling this object gives
 # you the current active session
-session = scoped_session(new_db_session, local_manager.get_ident)
+session = scoped_session(new_db_session, get_ident)
 
 
 # our database tables.
diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index c6c8d8f9e..75dc4d466 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -8,16 +8,24 @@
 
 from .wsgi import ClosingIterator
 
-# Each thread has its own greenlet, use that as the identifier for the
-# context. If greenlets are not available fall back to the current
-# thread ident.
+if t.TYPE_CHECKING:
+    from wsgiref.types import WSGIApplication
+
 try:
-    from greenlet import getcurrent as get_ident
+    from greenlet import getcurrent as _get_ident
 except ImportError:
-    from threading import get_ident
+    from threading import get_ident as _get_ident
 
-if t.TYPE_CHECKING:
-    from wsgiref.types import WSGIApplication
+
+def get_ident():
+    warnings.warn(
+        "'get_ident' is deprecated and will be removed in Werkzeug"
+        " version 2.1. Use 'greenlet.getcurrent' or"
+        " 'threading.get_ident' for previous behavior.",
+        DeprecationWarning,
+        stacklevel=2,
+    )
+    return _get_ident()
 
 
 class _CannotUseContextVar(Exception):
@@ -50,17 +58,19 @@ class _CannotUseContextVar(Exception):
 except (ImportError, _CannotUseContextVar):
 
     class ContextVar:  # type: ignore
-        """A fake ContextVar for Python3.6 based on the ident function."""
+        """A fake ContextVar based on the previous greenlet/threading
+        ident function. Used on Python 3.6, eventlet, and old versions
+        of gevent.
+        """
 
         def __init__(self, _name):
-            self.ident_func = get_ident
             self.storage = {}
 
         def get(self, default):
-            return self.storage.get(self.ident_func(), default)
+            return self.storage.get(_get_ident(), default)
 
         def set(self, value):
-            self.storage[self.ident_func()] = value
+            self.storage[_get_ident()] = value
 
 
 def release_local(local: t.Union["Local", "LocalStack"]) -> None:
@@ -87,16 +97,16 @@ def release_local(local: t.Union["Local", "LocalStack"]) -> None:
 
 
 class Local:
-    __slots__ = ("_storage", "_ident_func")
+    __slots__ = ("_storage",)
 
     def __init__(self) -> None:
         object.__setattr__(self, "_storage", ContextVar("local_storage"))
-        object.__setattr__(self, "_ident_func", get_ident)
 
     @property
     def __storage__(self):
         warnings.warn(
-            "__storage__ is deprecated",
+            "'__storage__' is deprecated and will be removed in"
+            " Werkzeug version 2.1.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -104,33 +114,24 @@ def __storage__(self):
 
     @property
     def __ident_func__(self):
-        if not hasattr(self._storage, "ident_func"):
-            raise RuntimeError(
-                "The __ident_func__ should not be used in Python 3.7+ "
-                "as a ContextVar is used."
-            )
-        else:
-            warnings.warn(
-                "__ident_func__ is deprecated and does not work with Python 3.7+",
-                DeprecationWarning,
-                stacklevel=2,
-            )
-            return self._ident_func
+        warnings.warn(
+            "'__ident_func__' is deprecated and will be removed in"
+            " Werkzeug version 2.1. It should not be used in Python"
+            " 3.7+",
+            DeprecationWarning,
+            stacklevel=2,
+        )
+        return _get_ident
 
     @__ident_func__.setter
     def __ident_func__(self, func):
-        if not hasattr(self._storage, "ident_func"):
-            raise RuntimeError(
-                "The __ident_func__ cannot be changed in Python 3.7+ "
-                "as a ContextVar is used."
-            )
-        else:
-            warnings.warn(
-                "__ident_func__ is deprecated and does not work with Python 3.7+",
-                DeprecationWarning,
-                stacklevel=2,
-            )
-            self._ident_func = func
+        warnings.warn(
+            "'__ident_func__' is deprecated and will be removed in"
+            " Werkzeug version 2.1. Setting it no longer has any"
+            " effect.",
+            DeprecationWarning,
+            stacklevel=2,
+        )
 
     def __iter__(self) -> t.Iterator[t.Tuple[int, t.Any]]:
         return iter(self._storage.get({}).items())
@@ -247,25 +248,26 @@ def top(self) -> t.Any:
 
 class LocalManager:
     """Local objects cannot manage themselves. For that you need a local
-    manager.  You can pass a local manager multiple locals or add them later
-    by appending them to `manager.locals`.  Every time the manager cleans up,
-    it will clean up all the data left in the locals for this context.
+    manager. You can pass a local manager multiple locals or add them
+    later y appending them to `manager.locals`. Every time the manager
+    cleans up, it will clean up all the data left in the locals for this
+    context.
 
-    The `ident_func` parameter can be added to override the default ident
-    function for the wrapped locals.
+    .. versionchanged:: 2.0.0
+        ``ident_func`` is deprecated and will be removed in version 2.1.
 
     .. versionchanged:: 0.6.1
-       Instead of a manager the :func:`release_local` function can be used
-       as well.
+        The :func:`release_local` function can be used instead of a
+        manager.
 
     .. versionchanged:: 0.7
-       `ident_func` was added.
+        The ``ident_func`` parameter was added.
     """
 
     def __init__(
         self,
         locals: t.Optional[t.Iterable[t.Union[Local, LocalStack]]] = None,
-        ident_func: t.Optional[t.Callable[[], int]] = None,
+        ident_func: None = None,
     ) -> None:
         if locals is None:
             self.locals = []
@@ -273,12 +275,34 @@ def __init__(
             self.locals = [locals]
         else:
             self.locals = list(locals)
+
         if ident_func is not None:
-            self.ident_func = ident_func
-            for local in self.locals:
-                object.__setattr__(local, "__ident_func__", ident_func)
-        else:
-            self.ident_func = get_ident
+            warnings.warn(
+                "'ident_func' is deprecated and will be removed in"
+                " Werkzeug version 2.1. Setting it no longer has any"
+                " effect.",
+                DeprecationWarning,
+                stacklevel=2,
+            )
+
+    @property
+    def ident_func(self):
+        warnings.warn(
+            "'ident_func' is deprecated and will be removed in Werkzeug"
+            " version 2.1.",
+            DeprecationWarning,
+            stacklevel=2,
+        )
+        return _get_ident
+
+    @ident_func.setter
+    def ident_func(self, func):
+        warnings.warn(
+            "'ident_func' is deprecated and will be removedin Werkzeug"
+            " version 2.1. Setting it no longer has any effect.",
+            DeprecationWarning,
+            stacklevel=2,
+        )
 
     def get_ident(self) -> int:
         """Return the context identifier the local objects use internally for
@@ -286,11 +310,19 @@ def get_ident(self) -> int:
         but use it to link other context local objects (such as SQLAlchemy's
         scoped sessions) to the Werkzeug locals.
 
+        .. deprecated:: 2.0.0
+            Will be removed in version 2.1.
+
         .. versionchanged:: 0.7
            You can pass a different ident function to the local manager that
            will then be propagated to all the locals passed to the
            constructor.
         """
+        warnings.warn(
+            "'get_ident' is deprecated and will be removed in Werkzeug version 2.1.",
+            DeprecationWarning,
+            stacklevel=2,
+        )
         return self.ident_func()
 
     def cleanup(self):

From 18de3245d10fe0ff2b74230d17fe1022310a4d58 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 9 Feb 2021 14:50:07 -0800
Subject: [PATCH 361/733] request.values ignores form data for GET

---
 CHANGES.rst                      |  3 +++
 src/werkzeug/wrappers/request.py | 24 +++++++++++++++++++++---
 tests/test_wrappers.py           | 15 +++++++++++++++
 3 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index b79e69c31..35aa037cb 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -147,6 +147,9 @@ Unreleased
     to check if an object is actually a proxy. :issue:`1754`
 -   ``Local`` uses ``ContextVar`` on Python 3.7+ instead of
     ``threading.local``. :pr:`1778`
+-   ``request.values`` does not include ``form`` for GET requests (even
+    though GET bodies are undefined). This prevents bad caching proxies
+    from caching form data instead of query strings. :pr:`2037`
 
 
 Version 1.0.2
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index da342cbd8..a606ab43d 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -447,13 +447,31 @@ def form(self) -> "ImmutableMultiDict[str, str]":
 
     @cached_property
     def values(self) -> "CombinedMultiDict[str, str]":
-        """A :class:`werkzeug.datastructures.CombinedMultiDict` that combines
-        :attr:`args` and :attr:`form`."""
+        """A :class:`werkzeug.datastructures.CombinedMultiDict` that
+        combines :attr:`args` and :attr:`form`.
+
+        For GET requests, only ``args`` are present, not ``form``.
+
+        .. versionchanged:: 2.0.0
+            For GET requests, only ``args`` are present, not ``form``.
+        """
+        sources = [self.args]
+
+        if self.method != "GET":
+            # GET requests can have a body, and some caching proxies
+            # might not treat that differently than a normal GET
+            # request, allowing form data to "invisibly" affect the
+            # cache without indication in the query string / URL.
+            sources.append(self.form)
+
         args = []
-        for d in self.args, self.form:
+
+        for d in sources:
             if not isinstance(d, MultiDict):
                 d = MultiDict(d)
+
             args.append(d)
+
         return CombinedMultiDict(args)
 
     @cached_property
diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py
index b6ce3b08a..13214302b 100644
--- a/tests/test_wrappers.py
+++ b/tests/test_wrappers.py
@@ -1203,6 +1203,21 @@ class MyRequest(wrappers.Request):
     assert req.values.getlist("foo") == ["1", "3"]
 
 
+def test_values():
+    r = wrappers.Request.from_values(
+        method="POST", query_string={"a": "1"}, data={"a": "2", "b": "2"}
+    )
+    assert r.values["a"] == "1"
+    assert r.values["b"] == "2"
+
+    # form should not be combined for GET method
+    r = wrappers.Request.from_values(
+        method="GET", query_string={"a": "1"}, data={"a": "2", "b": "2"}
+    )
+    assert r.values["a"] == "1"
+    assert "b" not in r.values
+
+
 def test_storage_classes():
     class MyRequest(wrappers.Request):
         dict_storage_class = dict

From 168f576858fb4ec70c5121f41168a6bdbddad9a7 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Wed, 10 Feb 2021 01:38:05 +0000
Subject: [PATCH 362/733] [Security] Bump cryptography from 3.3.1 to 3.3.2

Bumps [cryptography](https://github.com/pyca/cryptography) from 3.3.1 to 3.3.2. **This update includes a security fix.**
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.3.1...3.3.2)

Signed-off-by: dependabot-preview[bot] 
---
 requirements/dev.txt   | 2 +-
 requirements/tests.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 9a1e16941..5320d7458 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -22,7 +22,7 @@ chardet==4.0.0
     # via requests
 click==7.1.2
     # via pip-tools
-cryptography==3.3.1
+cryptography==3.3.2
     # via -r requirements/tests.in
 distlib==0.3.1
     # via virtualenv
diff --git a/requirements/tests.txt b/requirements/tests.txt
index d0cf3eb8b..c452e7ef2 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -8,7 +8,7 @@ attrs==20.3.0
     # via pytest
 cffi==1.14.4
     # via cryptography
-cryptography==3.3.1
+cryptography==3.3.2
     # via -r requirements/tests.in
 greenlet==1.0.0
     # via -r requirements/tests.in

From 9be544900740f45679ab3ceb61ba86d2bc708d4a Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Wed, 10 Feb 2021 15:45:41 +0000
Subject: [PATCH 363/733] Tweak local contextvar feature checking

This uses GREENLET_USE_CONTEXT_VARS if available (as added to Greenlet
0.4.17 or later) in place of the eventlet check, as eventlet does not
patch contextvars but Greenlet now does. This also allows the gevent's
monkeypatching to work if an older version of greenlet is used.
---
 src/werkzeug/local.py | 33 +++++++++++++++++++--------------
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index 75dc4d466..142c5d97a 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -35,25 +35,30 @@ class _CannotUseContextVar(Exception):
 try:
     from contextvars import ContextVar
 
-    # Gevent < 20.5 does not patch contextvars
+    # If Greenlet is used, check it has patched ContextVars, Greenlet
+    # <0.4.17 does not.
     try:
-        from gevent.monkey import is_object_patched
+        import greenlet
     except ImportError:
+        # Not used
         pass
     else:
-        if is_object_patched("threading", "local") and not is_object_patched(
-            "contextvars", "ContextVar"
-        ):
-            raise _CannotUseContextVar()
+        greenlet_patched = getattr(greenlet, "GREENLET_USE_CONTEXT_VARS", False)
+
+        if not greenlet_patched:
+            # If Gevent is used, check it has patched ContextVars,
+            # <20.5 does not.
+            try:
+                from gevent.monkey import is_object_patched
+            except ImportError:
+                # Gevent isn't used, but Greenlet is and hasn't patched
+                raise _CannotUseContextVar()
+            else:
+                if is_object_patched("threading", "local") and not is_object_patched(
+                    "contextvars", "ContextVar"
+                ):
+                    raise _CannotUseContextVar()
 
-    # Eventlet does not patch contextvars at all
-    try:
-        from eventlet.patcher import is_monkey_patched
-    except ImportError:
-        pass
-    else:
-        if is_monkey_patched("thread") and not is_monkey_patched("contextvars"):
-            raise _CannotUseContextVar()
 
 except (ImportError, _CannotUseContextVar):
 

From 265bad79ee60b94f509464dcaa827cfec5833bcc Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 10 Feb 2021 18:57:36 -0800
Subject: [PATCH 364/733] http.parse_date returns timzeone-aware value

---
 CHANGES.rst                            |  14 +++
 docs/http.rst                          |  29 ++++--
 docs/quickstart.rst                    |   6 +-
 src/werkzeug/_internal.py              |  36 ++++---
 src/werkzeug/http.py                   | 139 ++++++++++---------------
 src/werkzeug/middleware/shared_data.py |  12 ++-
 src/werkzeug/sansio/request.py         |  25 +++--
 src/werkzeug/sansio/response.py        |  24 ++++-
 src/werkzeug/serving.py                |   5 +-
 src/werkzeug/utils.py                  |   3 +-
 tests/test_http.py                     |  98 ++++++++++-------
 tests/test_internal.py                 |   9 --
 tests/test_send_file.py                |   2 +-
 tests/test_wrappers.py                 |  22 ++--
 14 files changed, 236 insertions(+), 188 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 35aa037cb..ce39938e4 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -19,6 +19,15 @@ Unreleased
 -   Deprecate the ``environ["werkzeug.server.shutdown"]`` function
     that is available when running the development server. :issue:`1752`
 -   Remove the unused, internal ``posixemulation`` module. :issue:`1759`
+-   All ``datetime`` values are timezone-aware with
+    ``tzinfo=timezone.utc``. This applies to anything using
+    ``http.parse_date``: ``Request.date``, ``.if_modified_since``,
+    ``.if_unmodified_since``; ``Response.date``, ``.expires``,
+    ``.last_modified``, ``.retry_after``; ``parse_if_range_header``, and
+    ``IfRange.date``. When comparing values, the other values must also
+    be aware, or these values must be made naive. When passing
+    parameters or setting attributes, naive values are still assumed to
+    be in UTC. :pr:`2040`
 -   Merge all request and response wrapper mixin code into single
     ``Request`` and ``Response`` classes. Using the mixin classes is no
     longer necessary and will show a deprecation warning. Checking
@@ -86,6 +95,11 @@ Unreleased
     :pr:`1915`
 -   Add arguments to ``delete_cookie`` to match ``set_cookie`` and the
     attributes modern browsers expect. :pr:`1889`
+-   ``utils.cookie_date`` is deprecated, use ``utils.http_date``
+    instead. The value for ``Set-Cookie expires`` is no longer "-"
+    delimited. :pr:`2040`
+-   ``utils.http_date``, and attributes and values that use it, no
+    longer accept ``time.struct_time`` tuples. :pr:`2040`
 -   Use ``request.headers`` instead of ``request.environ`` to look up
     header attributes. :pr:`1808`
 -   The test ``Client`` request methods (``client.get``, etc.) always
diff --git a/docs/http.rst b/docs/http.rst
index 0f16cc8fa..3db53506a 100644
--- a/docs/http.rst
+++ b/docs/http.rst
@@ -9,21 +9,32 @@ that are useful when implementing WSGI middlewares or whenever you are
 operating on a lower level layer.  All this functionality is also exposed
 from request and response objects.
 
-Date Functions
-==============
 
-The following functions simplify working with times in an HTTP context.
-Werkzeug uses offset-naive :class:`~datetime.datetime` objects internally
-that store the time in UTC.  If you're working with timezones in your
-application make sure to replace the tzinfo attribute with a UTC timezone
-information before processing the values.
+Datetime Functions
+==================
 
-.. autofunction:: cookie_date
+These functions simplify working with times in an HTTP context. Werkzeug
+produces timezone-aware :class:`~datetime.datetime` objects in UTC. When
+passing datetime objects to Werkzeug, it assumes any naive datetime is
+in UTC.
 
-.. autofunction:: http_date
+When comparing datetime values from Werkzeug, your own datetime objects
+must also be timezone-aware, or you must make the values from Werkzeug
+naive.
+
+*   ``dt = datetime.now(timezone.utc)`` gets the current time in UTC.
+*   ``dt = datetime(..., tzinfo=timezone.utc)`` creates a time in UTC.
+*   ``dt = dt.replace(tzinfo=timezone.utc)`` makes a naive object aware
+    by assuming it's in UTC.
+*   ``dt = dt.replace(tzinfo=None)`` makes an aware object naive.
 
 .. autofunction:: parse_date
 
+.. autofunction:: http_date
+
+.. autofunction:: cookie_date
+
+
 Header Parsing
 ==============
 
diff --git a/docs/quickstart.rst b/docs/quickstart.rst
index abe5c798b..be4574f22 100644
--- a/docs/quickstart.rst
+++ b/docs/quickstart.rst
@@ -185,7 +185,7 @@ True
 E-tags and other conditional headers are available in parsed form as well:
 
 >>> request.if_modified_since
-datetime.datetime(2009, 2, 20, 10, 10, 25)
+datetime.datetime(2009, 2, 20, 10, 10, 25, tzinfo=datetime.timezone.utc)
 >>> request.if_none_match
 
 >>> request.cache_control
@@ -253,8 +253,8 @@ retrieve them:
 
 >>> response.content_length
 12
->>> from datetime import datetime
->>> response.date = datetime(2009, 2, 20, 17, 42, 51)
+>>> from datetime import datetime, timezone
+>>> response.date = datetime(2009, 2, 20, 17, 42, 51, tzinfo=timezone.utc)
 >>> response.headers['Date']
 'Fri, 20 Feb 2009 17:42:51 GMT'
 
diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
index afb7f3f33..8a0c17b6d 100644
--- a/src/werkzeug/_internal.py
+++ b/src/werkzeug/_internal.py
@@ -8,8 +8,8 @@
 import typing as t
 from datetime import date
 from datetime import datetime
+from datetime import timezone
 from itertools import chain
-from time import struct_time
 from weakref import WeakKeyDictionary
 
 if t.TYPE_CHECKING:
@@ -295,20 +295,26 @@ def parse(args, kwargs):
     return parse
 
 
-def _date_to_unix(arg: t.Union[datetime, int, float, struct_time]) -> int:
-    """Converts a timetuple, integer or datetime object into the seconds from
-    epoch in utc.
-    """
-    if isinstance(arg, datetime):
-        arg = arg.utctimetuple()
-    elif isinstance(arg, (int, float)):
-        return int(arg)
-    year, month, day, hour, minute, second = arg[:6]
-    days = date(year, month, 1).toordinal() - _epoch_ord + day - 1
-    hours = days * 24 + hour
-    minutes = hours * 60 + minute
-    seconds = minutes * 60 + second
-    return seconds
+@typing.overload
+def _dt_as_utc(dt: None) -> None:
+    ...
+
+
+@typing.overload
+def _dt_as_utc(dt: datetime) -> datetime:
+    ...
+
+
+def _dt_as_utc(dt):
+    if dt is None:
+        return dt
+
+    if dt.tzinfo is None:
+        return dt.replace(tzinfo=timezone.utc)
+    elif dt.tzinfo != timezone.utc:
+        return dt.astimezone(timezone.utc)
+
+    return dt
 
 
 _TAccessorValue = t.TypeVar("_TAccessorValue")
diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py
index 4b7a04893..569bb4d1d 100644
--- a/src/werkzeug/http.py
+++ b/src/werkzeug/http.py
@@ -1,15 +1,14 @@
 import base64
+import email.utils
 import re
 import typing
 import typing as t
 import warnings
 from datetime import datetime
 from datetime import timedelta
-from email.utils import parsedate_tz
+from datetime import timezone
 from enum import Enum
 from hashlib import sha1
-from time import gmtime
-from time import struct_time
 from time import time
 from urllib.parse import unquote_to_bytes as _unquote
 from urllib.request import parse_http_list as _parse_list_header
@@ -20,6 +19,7 @@
 from ._internal import _to_bytes
 from ._internal import _to_str
 from ._internal import _wsgi_decoding_dance
+from werkzeug._internal import _dt_as_utc
 
 if t.TYPE_CHECKING:
     from wsgiref.types import WSGIEnvironment
@@ -699,6 +699,9 @@ def parse_if_range_header(value: t.Optional[str]) -> "ds.IfRange":
     """Parses an if-range header which can be an etag or a date.  Returns
     a :class:`~werkzeug.datastructures.IfRange` object.
 
+    .. versionchanged:: 2.0.0
+        If the value represents a datetime, it is timezone-aware.
+
     .. versionadded:: 0.7
     """
     if not value:
@@ -892,97 +895,69 @@ def generate_etag(data: bytes) -> str:
 
 
 def parse_date(value: t.Optional[str]) -> t.Optional[datetime]:
-    """Parse one of the following date formats into a datetime object:
-
-    .. sourcecode:: text
+    """Parse an :rfc:`2822` date into a timezone-aware
+    :class:`datetime.datetime` object, or ``None`` if parsing fails.
 
-        Sun, 06 Nov 1994 08:49:37 GMT  ; RFC 822, updated by RFC 1123
-        Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036
-        Sun Nov  6 08:49:37 1994       ; ANSI C's asctime() format
+    This is a wrapper for :func:`email.utils.parsedate_to_datetime`. It
+    returns ``None`` if parsing fails instead of raising an exception,
+    and always returns a timezone-aware datetime object. If the string
+    doesn't have timezone information, it is assumed to be UTC.
 
-    If parsing fails the return value is `None`.
+    :param value: A string with a supported date format.
 
-    :param value: a string with a supported date format.
-    :return: a :class:`datetime.datetime` object.
+    .. versionchanged:: 2.0.0
+        Return a timezone-aware datetime object. Use
+        ``email.utils.parsedate_to_datetime``.
     """
-    if value:
-        t = parsedate_tz(value.strip())
-        if t is not None:
-            try:
-                year = t[0]
-                # unfortunately that function does not tell us if two digit
-                # years were part of the string, or if they were prefixed
-                # with two zeroes.  So what we do is to assume that 69-99
-                # refer to 1900, and everything below to 2000
-                if 0 <= year <= 68:
-                    year += 2000
-                elif 69 <= year <= 99:
-                    year += 1900
-                return datetime(*((year,) + t[1:7])) - timedelta(seconds=t[-1] or 0)
-            except (ValueError, OverflowError):
-                return None
-    return None
-
+    if value is None:
+        return None
 
-_t_date_input = t.Optional[t.Union[datetime, int, float, struct_time]]
-
-
-def _dump_date(d: _t_date_input, delim: str) -> str:
-    """Used for `http_date` and `cookie_date`."""
-    if d is None:
-        d = gmtime()
-    elif isinstance(d, datetime):
-        d = d.utctimetuple()
-    elif isinstance(d, (int, float)):
-        d = gmtime(d)
-    weekday = ("Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun")[d.tm_wday]
-    month = (
-        "Jan",
-        "Feb",
-        "Mar",
-        "Apr",
-        "May",
-        "Jun",
-        "Jul",
-        "Aug",
-        "Sep",
-        "Oct",
-        "Nov",
-        "Dec",
-    )[d.tm_mon - 1]
-    return (
-        f"{weekday}, {d.tm_mday:02d}{delim}{month}{delim}{d.tm_year:04d}"
-        f" {d.tm_hour:02d}:{d.tm_min:02d}:{d.tm_sec:02d} GMT"
-    )
+    try:
+        dt = email.utils.parsedate_to_datetime(value)
+    except (TypeError, ValueError):
+        return None
 
+    if dt.tzinfo is None:
+        return dt.replace(tzinfo=timezone.utc)
 
-def cookie_date(expires: _t_date_input = None) -> str:
-    """Formats the time to ensure compatibility with Netscape's cookie
-    standard.
+    return dt
 
-    Accepts a floating point number expressed in seconds since the epoch in, a
-    datetime object or a timetuple.  All times in UTC.  The :func:`parse_date`
-    function can be used to parse such a date.
 
-    Outputs a string in the format ``Wdy, DD-Mon-YYYY HH:MM:SS GMT``.
+def cookie_date(expires: t.Optional[t.Union[datetime, int, float]] = None) -> str:
+    """Format a datetime object or timestamp into an :rfc:`2822` date
+    string for ``Set-Cookie expires``.
 
-    :param expires: If provided that date is used, otherwise the current.
+    .. deprecated:: 2.0.0
+        Use :func:`http_date` instead. Will be removed in version 2.1.
     """
-    return _dump_date(expires, "-")
+    warnings.warn(
+        "'cookie_date' is deprecated and will be removed in Werkzeug"
+        " version 2.1. Use 'http_date' instead.",
+        DeprecationWarning,
+        stacklevel=2,
+    )
+    return http_date(expires)
 
 
-def http_date(timestamp: _t_date_input = None) -> str:
-    """Formats the time to match the RFC1123 date format.
+def http_date(timestamp: t.Optional[t.Union[datetime, int, float]] = None) -> str:
+    """Format a datetime object or timestamp into an :rfc:`2822` date
+    string.
 
-    Accepts a floating point number expressed in seconds since the epoch in, a
-    datetime object or a timetuple.  All times in UTC.  The :func:`parse_date`
-    function can be used to parse such a date.
+    This is a wrapper for :func:`email.utils.format_datetime` and
+    ``.formatdate``. It assumes naive datetime objects are in UTC
+    instead of raising an exception.
 
-    Outputs a string in the format ``Wdy, DD Mon YYYY HH:MM:SS GMT``.
+    :param timestamp: The datetime or timestamp to format. Defaults to
+        the current time.
 
-    :param timestamp: If provided that date is used, otherwise the current.
+    .. versionchanged:: 2.0.0
+        Use ``email.utils.format_datetime``.
     """
-    return _dump_date(timestamp, " ")
+    if isinstance(timestamp, datetime):
+        timestamp = _dt_as_utc(timestamp)
+        return email.utils.format_datetime(timestamp, usegmt=True)
+
+    return email.utils.formatdate(timestamp, usegmt=True)
 
 
 def parse_age(value: t.Optional[str] = None) -> t.Optional[timedelta]:
@@ -1061,10 +1036,10 @@ def is_resource_modified(
     if isinstance(last_modified, str):
         last_modified = parse_date(last_modified)
 
-    # ensure that microsecond is zero because the HTTP spec does not transmit
-    # that either and we might have some false positives.  See issue #39
+    # HTTP doesn't use microsecond, remove it to avoid false positive
+    # comparisons. Mark naive datetimes as UTC.
     if last_modified is not None:
-        last_modified = last_modified.replace(microsecond=0)
+        last_modified = _dt_as_utc(last_modified.replace(microsecond=0))
 
     if_range = None
     if not ignore_if_range and "HTTP_RANGE" in environ:
@@ -1285,9 +1260,9 @@ def dump_cookie(
         max_age = (max_age.days * 60 * 60 * 24) + max_age.seconds
     if expires is not None:
         if not isinstance(expires, str):
-            expires = cookie_date(expires)
+            expires = http_date(expires)
     elif max_age is not None and sync_expires:
-        expires = cookie_date(time() + max_age)
+        expires = http_date(time() + max_age)
 
     if samesite is not None:
         samesite = samesite.title()
diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py
index 776498ee9..2578f7ae4 100644
--- a/src/werkzeug/middleware/shared_data.py
+++ b/src/werkzeug/middleware/shared_data.py
@@ -14,8 +14,8 @@
 import posixpath
 import typing as t
 from datetime import datetime
+from datetime import timezone
 from io import BytesIO
-from time import mktime
 from time import time
 from zlib import adler32
 
@@ -148,7 +148,7 @@ def is_allowed(self, filename: str) -> bool:
     def _opener(self, filename: str) -> _TOpener:
         return lambda: (
             open(filename, "rb"),
-            datetime.utcfromtimestamp(os.path.getmtime(filename)),
+            datetime.fromtimestamp(os.path.getmtime(filename), tz=timezone.utc),
             int(os.path.getsize(filename)),
         )
 
@@ -156,7 +156,7 @@ def get_file_loader(self, filename: str) -> _TLoader:
         return lambda x: (os.path.basename(filename), self._opener(filename))
 
     def get_package_loader(self, package: str, package_path: str) -> _TLoader:
-        load_time = datetime.utcnow()
+        load_time = datetime.now(timezone.utc)
         provider = pkgutil.get_loader(package)
 
         if hasattr(provider, "get_resource_reader"):
@@ -185,7 +185,9 @@ def loader(path):
                     basename,
                     lambda: (
                         resource,
-                        datetime.utcfromtimestamp(os.path.getmtime(resource.name)),
+                        datetime.fromtimestamp(
+                            os.path.getmtime(resource.name), tz=timezone.utc
+                        ),
                         os.path.getsize(resource.name),
                     ),
                 )
@@ -238,7 +240,7 @@ def generate_etag(self, mtime: datetime, file_size: int, real_filename: str) ->
                 get_filesystem_encoding()
             )
 
-        timestamp = mktime(mtime.timetuple())
+        timestamp = mtime.timestamp()
         checksum = adler32(real_filename) & 0xFFFFFFFF  # type: ignore
         return f"wzsdm-{timestamp}-{file_size}-{checksum}"
 
diff --git a/src/werkzeug/sansio/request.py b/src/werkzeug/sansio/request.py
index 3aec37c1f..de0b7edcd 100644
--- a/src/werkzeug/sansio/request.py
+++ b/src/werkzeug/sansio/request.py
@@ -229,7 +229,11 @@ def content_length(self) -> t.Optional[int]:
         parse_date,
         doc="""The Date general-header field represents the date and
         time at which the message was originated, having the same
-        semantics as orig-date in RFC 822.""",
+        semantics as orig-date in RFC 822.
+
+        .. versionchanged:: 2.0.0
+            The datetime object is timezone-aware.
+        """,
         read_only=True,
     )
     max_forwards = header_property(
@@ -341,21 +345,30 @@ def if_none_match(self) -> ETags:
 
     @cached_property
     def if_modified_since(self) -> t.Optional[datetime]:
-        """The parsed `If-Modified-Since` header as datetime object."""
+        """The parsed `If-Modified-Since` header as a datetime object.
+
+        .. versionchanged:: 2.0.0
+            The datetime object is timezone-aware.
+        """
         return parse_date(self.headers.get("If-Modified-Since"))
 
     @cached_property
     def if_unmodified_since(self) -> t.Optional[datetime]:
-        """The parsed `If-Unmodified-Since` header as datetime object."""
+        """The parsed `If-Unmodified-Since` header as a datetime object.
+
+        .. versionchanged:: 2.0.0
+            The datetime object is timezone-aware.
+        """
         return parse_date(self.headers.get("If-Unmodified-Since"))
 
     @cached_property
     def if_range(self) -> IfRange:
-        """The parsed `If-Range` header.
+        """The parsed ``If-Range`` header.
 
-        .. versionadded:: 0.7
+        .. versionchanged:: 2.0.0
+            ``IfRange.date`` is timezone-aware.
 
-        :rtype: :class:`~werkzeug.datastructures.IfRange`
+        .. versionadded:: 0.7
         """
         return parse_if_range_header(self.headers.get("If-Range"))
 
diff --git a/src/werkzeug/sansio/response.py b/src/werkzeug/sansio/response.py
index b7b5a4a12..f0c5586e6 100644
--- a/src/werkzeug/sansio/response.py
+++ b/src/werkzeug/sansio/response.py
@@ -2,6 +2,7 @@
 import typing as t
 from datetime import datetime
 from datetime import timedelta
+from datetime import timezone
 
 from .._internal import _to_str
 from ..datastructures import Headers
@@ -382,7 +383,11 @@ def on_update(d):
         http_date,
         doc="""The Date general-header field represents the date and
         time at which the message was originated, having the same
-        semantics as orig-date in RFC 822.""",
+        semantics as orig-date in RFC 822.
+
+        .. versionchanged:: 2.0.0
+            The datetime object is timezone-aware.
+        """,
     )
     expires = header_property(
         "Expires",
@@ -391,7 +396,11 @@ def on_update(d):
         http_date,
         doc="""The Expires entity-header field gives the date/time after
         which the response is considered stale. A stale cache entry may
-        not normally be returned by a cache.""",
+        not normally be returned by a cache.
+
+        .. versionchanged:: 2.0.0
+            The datetime object is timezone-aware.
+        """,
     )
     last_modified = header_property(
         "Last-Modified",
@@ -400,7 +409,11 @@ def on_update(d):
         http_date,
         doc="""The Last-Modified entity-header field indicates the date
         and time at which the origin server believes the variant was
-        last modified.""",
+        last modified.
+
+        .. versionchanged:: 2.0.0
+            The datetime object is timezone-aware.
+        """,
     )
 
     @property
@@ -410,12 +423,15 @@ def retry_after(self) -> t.Optional[datetime]:
         service is expected to be unavailable to the requesting client.
 
         Time in seconds until expiration or date.
+
+        .. versionchanged:: 2.0.0
+            The datetime object is timezone-aware.
         """
         value = self.headers.get("retry-after")
         if value is None:
             return None
         elif value.isdigit():
-            return datetime.utcnow() + timedelta(seconds=int(value))
+            return datetime.now(timezone.utc) + timedelta(seconds=int(value))
         return parse_date(value)
 
     @retry_after.setter
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index dd6922a60..a5526d038 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -22,6 +22,7 @@
 import warnings
 from datetime import datetime as dt
 from datetime import timedelta
+from datetime import timezone
 from http.server import BaseHTTPRequestHandler
 from http.server import HTTPServer
 
@@ -475,8 +476,8 @@ def generate_adhoc_ssl_pair(
         .issuer_name(subject)
         .public_key(pkey.public_key())
         .serial_number(x509.random_serial_number())
-        .not_valid_before(dt.utcnow())
-        .not_valid_after(dt.utcnow() + timedelta(days=365))
+        .not_valid_before(dt.now(timezone.utc))
+        .not_valid_after(dt.now(timezone.utc) + timedelta(days=365))
         .add_extension(x509.ExtendedKeyUsage([x509.OID_SERVER_AUTH]), critical=False)
         .add_extension(x509.SubjectAlternativeName([x509.DNSName("*")]), critical=False)
         .sign(pkey, hashes.SHA256(), default_backend())
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index fafba99e4..f834138de 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -11,7 +11,6 @@
 import warnings
 from datetime import datetime
 from html.entities import name2codepoint
-from time import struct_time
 from time import time
 from zlib import adler32
 
@@ -564,7 +563,7 @@ def send_file(
     download_name: t.Optional[str] = None,
     conditional: bool = True,
     etag: t.Union[bool, str] = True,
-    last_modified: t.Optional[t.Union[datetime, int, float, struct_time]] = None,
+    last_modified: t.Optional[t.Union[datetime, int, float]] = None,
     max_age: t.Optional[
         t.Union[int, t.Callable[[t.Optional[t.Union[os.PathLike, str]]], int]]
     ] = None,
diff --git a/tests/test_http.py b/tests/test_http.py
index b0231192d..dcb62ddbd 100644
--- a/tests/test_http.py
+++ b/tests/test_http.py
@@ -1,5 +1,7 @@
 import base64
 from datetime import datetime
+from datetime import timedelta
+from datetime import timezone
 
 import pytest
 
@@ -239,27 +241,6 @@ def test_etags_nonzero(self):
         assert bool(etags)
         assert etags.contains_raw('W/"foo"')
 
-    def test_parse_date(self):
-        assert http.parse_date("Sun, 06 Nov 1994 08:49:37 GMT    ") == datetime(
-            1994, 11, 6, 8, 49, 37
-        )
-        assert http.parse_date("Sunday, 06-Nov-94 08:49:37 GMT") == datetime(
-            1994, 11, 6, 8, 49, 37
-        )
-        assert http.parse_date(" Sun Nov  6 08:49:37 1994") == datetime(
-            1994, 11, 6, 8, 49, 37
-        )
-        assert http.parse_date("foo") is None
-
-    def test_parse_date_overflows(self):
-        assert http.parse_date(" Sun 02 Feb 1343 08:49:37 GMT") == datetime(
-            1343, 2, 2, 8, 49, 37
-        )
-        assert http.parse_date("Thu, 01 Jan 1970 00:00:00 GMT") == datetime(
-            1970, 1, 1, 0, 0
-        )
-        assert http.parse_date("Thu, 33 Jan 1970 00:00:00 GMT") is None
-
     def test_remove_entity_headers(self):
         now = http.http_date()
         headers1 = [
@@ -430,12 +411,6 @@ def test_is_resource_modified_for_range_requests(self):
             env, last_modified=datetime(2008, 1, 1, 13, 30), ignore_if_range=True
         )
 
-    def test_date_formatting(self):
-        assert http.cookie_date(0) == "Thu, 01-Jan-1970 00:00:00 GMT"
-        assert http.cookie_date(datetime(1970, 1, 1)) == "Thu, 01-Jan-1970 00:00:00 GMT"
-        assert http.http_date(0) == "Thu, 01 Jan 1970 00:00:00 GMT"
-        assert http.http_date(datetime(1970, 1, 1)) == "Thu, 01 Jan 1970 00:00:00 GMT"
-
     def test_parse_cookie(self):
         cookies = http.parse_cookie(
             "dismiss-top=6; CP=null*; PHPSESSID=0a539d42abc001cdc762809248d4beed;"
@@ -583,7 +558,7 @@ def test_if_range_parsing(self):
 
         rv = http.parse_if_range_header("Thu, 01 Jan 1970 00:00:00 GMT")
         assert rv.etag is None
-        assert rv.date == datetime(1970, 1, 1)
+        assert rv.date == datetime(1970, 1, 1, tzinfo=timezone.utc)
         assert rv.to_header() == "Thu, 01 Jan 1970 00:00:00 GMT"
 
         for x in "", None:
@@ -660,18 +635,6 @@ def test_content_range_parsing(self):
         assert rv.length == 100
         assert rv.units == "bytes"
 
-    @pytest.mark.parametrize(
-        ("args", "expected"),
-        (
-            ((1, 1, 1), "Mon, 01 Jan 0001 00:00:00 GMT"),
-            ((999, 1, 1), "Tue, 01 Jan 0999 00:00:00 GMT"),
-            ((1000, 1, 1), "Wed, 01 Jan 1000 00:00:00 GMT"),
-            ((2020, 1, 1), "Wed, 01 Jan 2020 00:00:00 GMT"),
-        ),
-    )
-    def test_http_date_lt_1000(self, args, expected):
-        assert http.http_date(datetime(*args)) == expected
-
 
 class TestRegression:
     def test_best_match_works(self):
@@ -699,3 +662,58 @@ def test_authorization_to_header(value: str) -> None:
     parsed = http.parse_authorization_header(value)
     assert parsed is not None
     assert parsed.to_header() == value
+
+
+@pytest.mark.parametrize(
+    ("value", "expect"),
+    [
+        (
+            "Sun, 06 Nov 1994 08:49:37 GMT    ",
+            datetime(1994, 11, 6, 8, 49, 37, tzinfo=timezone.utc),
+        ),
+        (
+            "Sunday, 06-Nov-94 08:49:37 GMT",
+            datetime(1994, 11, 6, 8, 49, 37, tzinfo=timezone.utc),
+        ),
+        (
+            " Sun Nov  6 08:49:37 1994",
+            datetime(1994, 11, 6, 8, 49, 37, tzinfo=timezone.utc),
+        ),
+        ("foo", None),
+        (
+            " Sun 02 Feb 1343 08:49:37 GMT",
+            datetime(1343, 2, 2, 8, 49, 37, tzinfo=timezone.utc),
+        ),
+        (
+            "Thu, 01 Jan 1970 00:00:00 GMT",
+            datetime(1970, 1, 1, tzinfo=timezone.utc),
+        ),
+        ("Thu, 33 Jan 1970 00:00:00 GMT", None),
+    ],
+)
+def test_parse_date(value, expect):
+    assert http.parse_date(value) == expect
+
+
+@pytest.mark.parametrize(
+    ("value", "expect"),
+    [
+        (
+            datetime(1994, 11, 6, 8, 49, 37, tzinfo=timezone.utc),
+            "Sun, 06 Nov 1994 08:49:37 GMT",
+        ),
+        (
+            datetime(1994, 11, 6, 8, 49, 37, tzinfo=timezone(timedelta(hours=-8))),
+            "Sun, 06 Nov 1994 16:49:37 GMT",
+        ),
+        (datetime(1994, 11, 6, 8, 49, 37), "Sun, 06 Nov 1994 08:49:37 GMT"),
+        (0, "Thu, 01 Jan 1970 00:00:00 GMT"),
+        (datetime(1970, 1, 1), "Thu, 01 Jan 1970 00:00:00 GMT"),
+        (datetime(1, 1, 1), "Mon, 01 Jan 0001 00:00:00 GMT"),
+        (datetime(999, 1, 1), "Tue, 01 Jan 0999 00:00:00 GMT"),
+        (datetime(1000, 1, 1), "Wed, 01 Jan 1000 00:00:00 GMT"),
+        (datetime(2020, 1, 1), "Wed, 01 Jan 2020 00:00:00 GMT"),
+    ],
+)
+def test_http_date(value, expect):
+    assert http.http_date(value) == expect
diff --git a/tests/test_internal.py b/tests/test_internal.py
index 6506beffa..6e673fdc6 100644
--- a/tests/test_internal.py
+++ b/tests/test_internal.py
@@ -1,4 +1,3 @@
-from datetime import datetime
 from warnings import filterwarnings
 from warnings import resetwarnings
 
@@ -10,14 +9,6 @@
 from werkzeug.wrappers import Response
 
 
-def test_date_to_unix():
-    assert internal._date_to_unix(datetime(1970, 1, 1)) == 0
-    assert internal._date_to_unix(datetime(1970, 1, 1, 1, 0, 0)) == 3600
-    assert internal._date_to_unix(datetime(1970, 1, 1, 1, 1, 1)) == 3661
-    x = datetime(2010, 2, 15, 16, 15, 39)
-    assert internal._date_to_unix(x) == 1266250539
-
-
 def test_easteregg():
     req = Request.from_values("/?macgybarchakku")
     resp = Response.force_type(internal._easteregg(None), req)
diff --git a/tests/test_send_file.py b/tests/test_send_file.py
index 424fe6026..159aeb5fb 100644
--- a/tests/test_send_file.py
+++ b/tests/test_send_file.py
@@ -35,7 +35,7 @@ def test_x_sendfile():
 
 
 def test_last_modified():
-    last_modified = datetime.datetime(1999, 1, 1)
+    last_modified = datetime.datetime(1999, 1, 1, tzinfo=datetime.timezone.utc)
     rv = send_file(txt_path, environ, last_modified=last_modified)
     assert rv.last_modified == last_modified
     rv.close()
diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py
index 13214302b..dfb9a75cb 100644
--- a/tests/test_wrappers.py
+++ b/tests/test_wrappers.py
@@ -3,6 +3,7 @@
 import os
 from datetime import datetime
 from datetime import timedelta
+from datetime import timezone
 from io import BytesIO
 
 import pytest
@@ -258,7 +259,7 @@ def test_base_response():
         (
             "Set-Cookie",
             "foo=bar; Domain=example.org;"
-            " Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=60;"
+            " Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=60;"
             " Path=/blub; SameSite=Strict",
         ),
     ]
@@ -270,7 +271,7 @@ def test_base_response():
         ("Content-Type", "text/plain; charset=utf-8"),
         (
             "Set-Cookie",
-            "foo=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/",
+            "foo=; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/",
         ),
     ]
 
@@ -434,8 +435,9 @@ def test_etag_request():
         assert etags.contains_weak("foo")
         assert not etags.contains("foo")
 
-    assert request.if_modified_since == datetime(2008, 1, 22, 11, 18, 44)
-    assert request.if_unmodified_since == datetime(2008, 1, 22, 11, 18, 44)
+    dt = datetime(2008, 1, 22, 11, 18, 44, tzinfo=timezone.utc)
+    assert request.if_modified_since == dt
+    assert request.if_unmodified_since == dt
 
 
 def test_user_agent():
@@ -910,7 +912,7 @@ def test_common_response_descriptors():
     del response.mimetype_params["charset"]
     assert response.content_type == "text/html; x-foo=yep"
 
-    now = datetime.utcnow().replace(microsecond=0)
+    now = datetime.now(timezone.utc).replace(microsecond=0)
 
     assert response.content_length is None
     response.content_length = "42"
@@ -967,7 +969,7 @@ def test_common_request_descriptors():
     assert request.mimetype_params == {"charset": "utf-8"}
     assert request.content_length == 23
     assert request.referrer == "http://www.example.com/"
-    assert request.date == datetime(2009, 2, 28, 19, 4, 35)
+    assert request.date == datetime(2009, 2, 28, 19, 4, 35, tzinfo=timezone.utc)
     assert request.max_forwards == 10
     assert "no-cache" in request.pragma
     assert request.content_encoding == "gzip"
@@ -1419,7 +1421,7 @@ def test_secure(self):
             (
                 "Set-Cookie",
                 "foo=bar; Domain=example.org;"
-                " Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=60;"
+                " Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=60;"
                 " Secure; Path=/blub",
             ),
         ]
@@ -1442,7 +1444,7 @@ def test_httponly(self):
             (
                 "Set-Cookie",
                 "foo=bar; Domain=example.org;"
-                " Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=60;"
+                " Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=60;"
                 " HttpOnly; Path=/blub",
             ),
         ]
@@ -1465,7 +1467,7 @@ def test_secure_and_httponly(self):
             (
                 "Set-Cookie",
                 "foo=bar; Domain=example.org;"
-                " Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=60;"
+                " Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=60;"
                 " Secure; HttpOnly; Path=/blub",
             ),
         ]
@@ -1487,7 +1489,7 @@ def test_samesite(self):
             (
                 "Set-Cookie",
                 "foo=bar; Domain=example.org;"
-                " Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=60;"
+                " Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=60;"
                 " Path=/blub; SameSite=Strict",
             ),
         ]

From df14dd9886429c72cc2c63450ed11eb44d1cb28c Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 11 Feb 2021 14:19:33 -0800
Subject: [PATCH 365/733] test client response.close() closes input stream

---
 CHANGES.rst                      |  3 +++
 src/werkzeug/test.py             | 28 ++++++++++++++++++++++++----
 src/werkzeug/wrappers/request.py |  4 ++--
 3 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index ce39938e4..d3814c9a5 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -112,6 +112,9 @@ Unreleased
     add an ``Authorization`` header. It can be an ``Authorization``
     object or a ``(username, password)`` tuple for ``Basic`` auth.
     :pr:`1809`
+-   Calling ``response.close()`` on a response from the test ``Client``
+    will close the request input stream. This matches file behavior
+    and can prevent a ``ResourceWarning`` in some cases. :issue:`1785`
 -   ``EnvironBuilder.from_environ`` decodes values encoded for WSGI, to
     avoid double encoding the new values. :pr:`1959`
 -   The default stat reloader will watch Python files under
diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py
index f590c59cd..4e67c939f 100644
--- a/src/werkzeug/test.py
+++ b/src/werkzeug/test.py
@@ -994,7 +994,11 @@ def resolve_redirect(
                 builder.method = "GET"
 
             # Clear the body and the headers that describe it.
-            builder.input_stream = None
+
+            if builder.input_stream is not None:
+                builder.input_stream.close()
+                builder.input_stream = None
+
             builder.content_type = None
             builder.content_length = None
             builder.headers.pop("Transfer-Encoding", None)
@@ -1028,6 +1032,11 @@ def open(
             2.1. Use :attr:`TestResponse.request` and
             ``request.environ`` instead.
 
+        .. versionchanged:: 2.0.0
+            The request input stream is closed when calling
+            ``response.close()``. Input streams for redirects are
+            automatically closed.
+
         .. versionchanged:: 0.5
             If a dict is provided as file in the dict for the ``data``
             parameter the content type has to be called ``content_type``
@@ -1089,14 +1098,21 @@ def open(
             response.history = tuple(history)
             history.append(response)
             response = self.resolve_redirect(response, buffered=buffered)
-
-        response.history = tuple(history)
+        else:
+            # This is the final request after redirects, or not
+            # following redirects.
+            response.history = tuple(history)
+            # Close the input stream when closing the response, in case
+            # the input is an open temporary file.
+            response.call_on_close(request.input_stream.close)
 
         if as_tuple:
             warnings.warn(
                 "'as_tuple' is deprecated and will be removed in"
                 " version 2.1. Access 'response.request.environ'"
-                " instead."
+                " instead.",
+                DeprecationWarning,
+                stacklevel=2,
             )
             return request.environ, response  # type: ignore
 
@@ -1248,6 +1264,10 @@ class TestResponse(Response):
     Test client requests will always return an instance of this class.
     If a custom response class is passed to the client, it is
     subclassed along with this to support test information.
+
+    If the test request included large files, or if the application is
+    serving a file, call :meth:`close` to close any open files and
+    prevent Python showing a ``ResourceWarning``.
     """
 
     request: Request
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index a606ab43d..76154f3e9 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -361,9 +361,9 @@ def stream(self) -> t.BinaryIO:
         _assert_not_shallow(self)
         return get_input_stream(self.environ)
 
-    input_stream = environ_property(
+    input_stream = environ_property[t.BinaryIO](
         "wsgi.input",
-        """The WSGI input stream.
+        doc="""The WSGI input stream.
 
         In general it's a bad idea to use this one because you can
         easily read past the boundary.  Use the :attr:`stream`

From e4dcfa77375ad6c6c7220ebaf899209bd9e48c35 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 16 Feb 2021 08:38:46 -0800
Subject: [PATCH 366/733] use rtd to build docs for prs

skip code tests when only docs change
---
 .github/workflows/tests.yaml | 13 ++++++++++---
 .readthedocs.yaml            |  1 +
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 465499234..e656dcf84 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -4,10 +4,18 @@ on:
     branches:
       - master
       - '*.x'
+    paths-ignore:
+      - 'docs/**'
+      - '*.md'
+      - '*.rst'
   pull_request:
     branches:
       - master
       - '*.x'
+    paths-ignore:
+      - 'docs/**'
+      - '*.md'
+      - '*.rst'
 jobs:
   tests:
     name: ${{ matrix.name }}
@@ -17,14 +25,13 @@ jobs:
       matrix:
         include:
           - {name: Linux, python: '3.9', os: ubuntu-latest, tox: py39}
+          - {name: Windows, python: '3.9', os: windows-latest, tox: py39}
+          - {name: Mac, python: '3.9', os: macos-latest, tox: py39}
           - {name: '3.8', python: '3.8', os: ubuntu-latest, tox: py38}
           - {name: '3.7', python: '3.7', os: ubuntu-latest, tox: py37}
           - {name: '3.6', python: '3.6', os: ubuntu-latest, tox: py36}
           - {name: 'PyPy', python: pypy3, os: ubuntu-latest, tox: pypy3}
-          - {name: Docs, python: '3.9', os: ubuntu-latest, tox: docs}
           - {name: Typing, python: '3.9', os: ubuntu-latest, tox: typing}
-          - {name: Windows, python: '3.9', os: windows-latest, tox: py39}
-          - {name: Mac, python: '3.9', os: macos-latest, tox: py39}
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-python@v2
diff --git a/.readthedocs.yaml b/.readthedocs.yaml
index 190695202..0c363636f 100644
--- a/.readthedocs.yaml
+++ b/.readthedocs.yaml
@@ -6,3 +6,4 @@ python:
       path: .
 sphinx:
   builder: dirhtml
+  fail_on_warning: true

From 0fff5272c481d71b991dff296adb960f674a512a Mon Sep 17 00:00:00 2001
From: Joshua Bronson 
Date: Wed, 17 Feb 2021 22:22:12 +0000
Subject: [PATCH 367/733] Fix dict interop regression for MultiDicts.

---
 src/werkzeug/datastructures.py | 6 ++++++
 tests/test_datastructures.py   | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index 8ff359744..1c7b27da6 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -355,6 +355,12 @@ def __setstate__(self, value):
         dict.clear(self)
         dict.update(self, value)
 
+    def __iter__(self):
+        # Work around https://bugs.python.org/issue43246.
+        # (`return super().__iter__()` also works here, which makes this look
+        # even more like it should be a no-op, yet it isn't.)
+        return dict.__iter__(self)
+
     def __getitem__(self, key):
         """Return the first data value for this key;
         raises KeyError if not found.
diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py
index 7249faa8f..c940ae85b 100644
--- a/tests/test_datastructures.py
+++ b/tests/test_datastructures.py
@@ -70,6 +70,14 @@ def create_instance(module=None):
             ud[b"newkey"] = b"bla"
             assert ud != d
 
+    def test_multidict_dict_interop(self):
+        # This would have caught the regression in Werkzeug 2.0.0rc1
+        # (see https://github.com/pallets/werkzeug/pull/2043).
+        md = self.storage_class([("a", 1), ("a", 2)])
+        assert dict(md)["a"] != [1, 2]
+        assert dict(md)["a"] == 1
+        assert dict(md) == {**md} == {"a": 1}
+
     def test_basic_interface(self):
         md = self.storage_class()
         assert isinstance(md, dict)

From 82842702a8ee7cb77a6be4c21873a9fec0139657 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Sat, 13 Feb 2021 10:51:35 +0000
Subject: [PATCH 368/733] Minor fix: Initialise _trace in Rule init

This ensures the __eq__ method works, as it requires _trace to exist
on the Rule instance.
---
 src/werkzeug/routing.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index 21411fd54..c6dc953d6 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -718,6 +718,8 @@ def __init__(
         else:
             self.arguments = set()
 
+        self._trace: t.List[t.Tuple[bool, str]] = []
+
     def empty(self) -> "Rule":
         """
         Return an unbound copy of this rule.
@@ -815,7 +817,7 @@ def compile(self) -> None:
         else:
             domain_rule = self.subdomain or ""
 
-        self._trace: t.List[t.Tuple[bool, str]] = []
+        self._trace = []
         self._converters: t.Dict[str, "BaseConverter"] = {}
         self._static_weights: t.List[t.Tuple[int, int]] = []
         self._argument_weights: t.List[int] = []

From b47614df3445ce365f8f1f8fc6cf8db2d735b648 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Sat, 13 Feb 2021 15:28:35 +0000
Subject: [PATCH 369/733] Improve typing

dump cookie happily takes bytes and str values (and usage does both).

There is no union, only bytes.
---
 src/werkzeug/http.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py
index 569bb4d1d..c6f2073b9 100644
--- a/src/werkzeug/http.py
+++ b/src/werkzeug/http.py
@@ -1005,7 +1005,7 @@ def dump_age(age: t.Optional[t.Union[timedelta, int]] = None) -> t.Optional[str]
 def is_resource_modified(
     environ: "WSGIEnvironment",
     etag: t.Optional[str] = None,
-    data: t.Optional[t.Union[bytes]] = None,
+    data: t.Optional[bytes] = None,
     last_modified: t.Optional[t.Union[datetime, str]] = None,
     ignore_if_range: bool = True,
 ) -> bool:
@@ -1195,7 +1195,7 @@ def _parse_pairs():
 
 def dump_cookie(
     key: str,
-    value: str = "",
+    value: t.Union[bytes, str] = "",
     max_age: t.Optional[t.Union[timedelta, int]] = None,
     expires: t.Optional[t.Union[str, datetime, int, float]] = None,
     path: t.Optional[str] = "/",

From 97ced0954d07e03c435d69a3fbc5d5b48c60260a Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Sat, 13 Feb 2021 20:39:43 +0000
Subject: [PATCH 370/733] Modify exceptions to work with ASGI frameworks

This allows the exceptions to take a scope (as alternative to environ)
if required.
---
 src/werkzeug/exceptions.py | 66 ++++++++++++++++++++++++++------------
 1 file changed, 45 insertions(+), 21 deletions(-)

diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py
index a722cd55c..38d73561a 100644
--- a/src/werkzeug/exceptions.py
+++ b/src/werkzeug/exceptions.py
@@ -24,9 +24,9 @@ def application(request):
 can get a response object by calling ``get_response()`` on a HTTP
 exception.
 
-Keep in mind that you have to pass an environment to ``get_response()``
-because some errors fetch additional information from the WSGI
-environment.
+Keep in mind that you may have to pass an environ (WSGI) or scope
+(ASGI) to ``get_response()`` because some errors fetch additional
+information relating to the request.
 
 If you want to hook in a different exception page to say, a 404 status
 code, you can add a second except for a specific subclass of an error:
@@ -41,6 +41,7 @@ def application(request):
             return not_found(request)
         except HTTPException as e:
             return e
+
 """
 import sys
 import typing as t
@@ -53,7 +54,8 @@ def application(request):
     from wsgiref.types import StartResponse
     from wsgiref.types import WSGIEnvironment
     from .datastructures import WWWAuthenticate
-    from .wrappers.response import Response
+    from .sansio.response import Response
+    from .wrappers.response import Response as WSGIResponse  # noqa: F401
 
 
 class HTTPException(Exception):
@@ -134,12 +136,20 @@ def name(self) -> str:
 
         return HTTP_STATUS_CODES.get(self.code, "Unknown Error")  # type: ignore
 
-    def get_description(self, environ: t.Optional["WSGIEnvironment"] = None) -> str:
+    def get_description(
+        self,
+        environ: t.Optional["WSGIEnvironment"] = None,
+        scope: t.Optional[dict] = None,
+    ) -> str:
         """Get the description."""
         description = escape(self.description).replace("\n", "
    ")  # type: ignore
         return f"
    {description}
    "
 
-    def get_body(self, environ: t.Optional["WSGIEnvironment"] = None) -> str:
+    def get_body(
+        self,
+        environ: t.Optional["WSGIEnvironment"] = None,
+        scope: t.Optional[dict] = None,
+    ) -> str:
         """Get the HTML body."""
         return (
             '\n'
@@ -149,12 +159,18 @@ def get_body(self, environ: t.Optional["WSGIEnvironment"] = None) -> str:
         )
 
     def get_headers(
-        self, environ: t.Optional["WSGIEnvironment"] = None
+        self,
+        environ: t.Optional["WSGIEnvironment"] = None,
+        scope: t.Optional[dict] = None,
     ) -> t.List[t.Tuple[str, str]]:
         """Get a list of headers."""
         return [("Content-Type", "text/html; charset=utf-8")]
 
-    def get_response(self, environ: t.Optional["WSGIEnvironment"] = None) -> "Response":
+    def get_response(
+        self,
+        environ: t.Optional["WSGIEnvironment"] = None,
+        scope: t.Optional[dict] = None,
+    ) -> "Response":
         """Get a response object.  If one was passed to the exception
         it's returned directly.
 
@@ -163,14 +179,14 @@ def get_response(self, environ: t.Optional["WSGIEnvironment"] = None) -> "Respon
                         on how the request looked like.
         :return: a :class:`Response` object or a subclass thereof.
         """
-        from .wrappers.response import Response
+        from .wrappers.response import Response as WSGIResponse  # noqa: F811
 
         if self.response is not None:
             return self.response
         if environ is not None:
             environ = _get_environ(environ)
-        headers = self.get_headers(environ)
-        return Response(self.get_body(environ), self.code, headers)
+        headers = self.get_headers(environ, scope)
+        return WSGIResponse(self.get_body(environ, scope), self.code, headers)
 
     def __call__(
         self, environ: "WSGIEnvironment", start_response: "StartResponse"
@@ -181,7 +197,7 @@ def __call__(
         :param start_response: the response callable provided by the WSGI
                                server.
         """
-        response = self.get_response(environ)
+        response = t.cast("WSGIResponse", self.get_response(environ))
         return response(environ, start_response)
 
     def __str__(self) -> str:
@@ -301,9 +317,11 @@ def __init__(
         self.www_authenticate = www_authenticate
 
     def get_headers(
-        self, environ: t.Optional["WSGIEnvironment"] = None
+        self,
+        environ: t.Optional["WSGIEnvironment"] = None,
+        scope: t.Optional[dict] = None,
     ) -> t.List[t.Tuple[str, str]]:
-        headers = super().get_headers(environ)
+        headers = super().get_headers(environ, scope)
         if self.www_authenticate:
             headers.extend(("WWW-Authenticate", str(x)) for x in self.www_authenticate)
         return headers
@@ -363,9 +381,11 @@ def __init__(
         self.valid_methods = valid_methods
 
     def get_headers(
-        self, environ: t.Optional["WSGIEnvironment"] = None
+        self,
+        environ: t.Optional["WSGIEnvironment"] = None,
+        scope: t.Optional[dict] = None,
     ) -> t.List[t.Tuple[str, str]]:
-        headers = super().get_headers(environ)
+        headers = super().get_headers(environ, scope)
         if self.valid_methods:
             headers.append(("Allow", ", ".join(self.valid_methods)))
         return headers
@@ -521,9 +541,11 @@ def __init__(
         self.units = units
 
     def get_headers(
-        self, environ: t.Optional["WSGIEnvironment"] = None
+        self,
+        environ: t.Optional["WSGIEnvironment"] = None,
+        scope: t.Optional[dict] = None,
     ) -> t.List[t.Tuple[str, str]]:
-        headers = super().get_headers(environ)
+        headers = super().get_headers(environ, scope)
         if self.length is not None:
             headers.append(("Content-Range", f"{self.units} */{self.length}"))
         return headers
@@ -628,9 +650,11 @@ def __init__(
         self.retry_after = retry_after
 
     def get_headers(
-        self, environ: t.Optional["WSGIEnvironment"] = None
+        self,
+        environ: t.Optional["WSGIEnvironment"] = None,
+        scope: t.Optional[dict] = None,
     ) -> t.List[t.Tuple[str, str]]:
-        headers = super().get_headers(environ)
+        headers = super().get_headers(environ, scope)
 
         if self.retry_after:
             if isinstance(self.retry_after, datetime):
@@ -831,7 +855,7 @@ def __init__(
             self.mapping.update(extra)
 
     def __call__(self, code: t.Union[int, "Response"], *args, **kwargs) -> t.NoReturn:
-        from .wrappers.response import Response
+        from .sansio.response import Response
 
         if isinstance(code, Response):
             raise HTTPException(response=code)

From 66f575a60883f293456ba8eec2eefd51afb57cc4 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Sat, 13 Feb 2021 21:29:37 +0000
Subject: [PATCH 371/733] Accept HTTPStatus as a response status code

This is the stdlib enumeration of HTTP status codes.
---
 src/werkzeug/sansio/response.py   | 11 +++++++----
 src/werkzeug/wrappers/response.py |  3 ++-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/werkzeug/sansio/response.py b/src/werkzeug/sansio/response.py
index f0c5586e6..d512104bd 100644
--- a/src/werkzeug/sansio/response.py
+++ b/src/werkzeug/sansio/response.py
@@ -3,6 +3,7 @@
 from datetime import datetime
 from datetime import timedelta
 from datetime import timezone
+from http import HTTPStatus
 
 from .._internal import _to_str
 from ..datastructures import Headers
@@ -103,7 +104,7 @@ class Response:
 
     def __init__(
         self,
-        status: t.Optional[t.Union[int, str]] = None,
+        status: t.Optional[t.Union[int, str, HTTPStatus]] = None,
         headers: t.Optional[
             t.Union[
                 t.Mapping[str, t.Union[str, int, t.Iterable[t.Union[str, int]]]],
@@ -150,13 +151,15 @@ def status(self) -> str:
         return self._status
 
     @status.setter
-    def status(self, value: t.Union[str, int]) -> None:
-        if not isinstance(value, (str, bytes, int)):
+    def status(self, value: t.Union[str, int, HTTPStatus]) -> None:
+        if not isinstance(value, (str, bytes, int, HTTPStatus)):
             raise TypeError("Invalid status argument")
 
         self._status, self._status_code = self._clean_status(value)
 
-    def _clean_status(self, value: t.Union[str, int]) -> t.Tuple[str, int]:
+    def _clean_status(self, value: t.Union[str, int, HTTPStatus]) -> t.Tuple[str, int]:
+        if isinstance(value, HTTPStatus):
+            value = int(value)
         status = _to_str(value, self.charset)
         split_status = status.split(None, 1)
 
diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py
index dd249210d..a681896ef 100644
--- a/src/werkzeug/wrappers/response.py
+++ b/src/werkzeug/wrappers/response.py
@@ -2,6 +2,7 @@
 import typing
 import typing as t
 import warnings
+from http import HTTPStatus
 
 from .._internal import _to_bytes
 from ..datastructures import Headers
@@ -165,7 +166,7 @@ def __init__(
         response: t.Optional[
             t.Union[t.Iterable[bytes], bytes, t.Iterable[str], str]
         ] = None,
-        status: t.Optional[t.Union[int, str]] = None,
+        status: t.Optional[t.Union[int, str, HTTPStatus]] = None,
         headers: t.Optional[
             t.Union[
                 t.Mapping[str, t.Union[str, int, t.Iterable[t.Union[str, int]]]],

From 352cd7167984f805daf226966f38f8dfeb991313 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Sat, 20 Feb 2021 15:22:59 +0000
Subject: [PATCH 372/733] Restore the previous Werkzeug LocalProxy __class__
 behaviour

This ensures that Flask doesn't error when isinstance checking against
something other than a LocalProsy itself, see
https://github.com/pallets/flask/issues/3909.
---
 src/werkzeug/local.py |  2 +-
 tests/test_local.py   | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index 142c5d97a..a45700a1d 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -571,7 +571,7 @@ def _get_current_object(self) -> t.Any:
     # __weakref__ (__getattr__)
     # __init_subclass__ (proxying metaclass not supported)
     # __prepare__ (metaclass)
-    __class__ = _ProxyLookup()  # type: ignore
+    __class__ = _ProxyLookup(fallback=lambda self: type(self))  # type: ignore
     __instancecheck__ = _ProxyLookup(lambda self, other: isinstance(other, self))
     __subclasscheck__ = _ProxyLookup(lambda self, other: issubclass(other, self))
     # __class_getitem__ triggered through __getitem__
diff --git a/tests/test_local.py b/tests/test_local.py
index 33543035b..d5c68e66c 100644
--- a/tests/test_local.py
+++ b/tests/test_local.py
@@ -192,6 +192,16 @@ def example():
     assert local.LocalProxy.__doc__.startswith("A proxy")
 
 
+def test_proxy_fallback():
+    def _raises():
+        raise RuntimeError()
+
+    local_proxy = local.LocalProxy(_raises)
+    assert repr(local_proxy) == ""
+    assert isinstance(local_proxy, local.LocalProxy)
+    assert not isinstance(local_proxy, Thread)
+
+
 def test_proxy_unbound():
     ns = local.Local()
     p = ns("value")

From e2116c5cfc57e7412a30a80fc8f1f046e260a7cb Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 24 Feb 2021 09:38:10 -0800
Subject: [PATCH 373/733] update project links

---
 README.rst   | 33 +++++++++++++++++++++++----------
 docs/conf.py |  8 +++++---
 setup.cfg    | 10 +++++++---
 3 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/README.rst b/README.rst
index 40598cb1a..aa8464de1 100644
--- a/README.rst
+++ b/README.rst
@@ -35,6 +35,9 @@ such as blogs, wikis, or bulletin boards.
 providing more structure and patterns for defining powerful
 applications.
 
+.. _WSGI: https://wsgi.readthedocs.io/en/latest/
+.. _Flask: https://www.palletsprojects.com/p/flask/
+
 
 Installing
 ----------
@@ -45,6 +48,8 @@ Install and update using `pip`_:
 
     pip install -U Werkzeug
 
+.. _pip: https://pip.pypa.io/en/stable/quickstart/
+
 
 A Simple Example
 ----------------
@@ -62,17 +67,25 @@ A Simple Example
         run_simple('localhost', 4000, application)
 
 
+Donate
+------
+
+The Pallets organization develops and supports Werkzeug and other
+popular packages. In order to grow the community of contributors and
+users, and allow the maintainers to devote more time to the projects,
+`please donate today`_.
+
+.. _please donate today: https://palletsprojects.com/donate
+
+
 Links
 -----
 
--   Website: https://palletsprojects.com/p/werkzeug/
 -   Documentation: https://werkzeug.palletsprojects.com/
--   Releases: https://pypi.org/project/Werkzeug/
--   Code: https://github.com/pallets/werkzeug
--   Issue tracker: https://github.com/pallets/werkzeug/issues
--   Test status: https://dev.azure.com/pallets/werkzeug/_build
--   Official chat: https://discord.gg/t6rrQZH
-
-.. _WSGI: https://wsgi.readthedocs.io/en/latest/
-.. _Flask: https://www.palletsprojects.com/p/flask/
-.. _pip: https://pip.pypa.io/en/stable/quickstart/
+-   Changes: https://werkzeug.palletsprojects.com/changes/
+-   PyPI Releases: https://pypi.org/project/Werkzeug/
+-   Source Code: https://github.com/pallets/werkzeug/
+-   Issue Tracker: https://github.com/pallets/werkzeug/issues/
+-   Website: https://palletsprojects.com/p/werkzeug/
+-   Twitter: https://twitter.com/PalletsTeam
+-   Chat: https://discord.gg/pallets
diff --git a/docs/conf.py b/docs/conf.py
index 11cd39681..b1a0eb1fd 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -26,11 +26,13 @@
 html_theme = "werkzeug"
 html_context = {
     "project_links": [
-        ProjectLink("Donate to Pallets", "https://www.palletsprojects.com/donate"),
-        ProjectLink("Werkzeug Website", "https://palletsprojects.com/p/werkzeug/"),
-        ProjectLink("PyPI releases", "https://pypi.org/project/Werkzeug/"),
+        ProjectLink("Donate", "https://palletsprojects.com/donate"),
+        ProjectLink("PyPI Releases", "https://pypi.org/project/Werkzeug/"),
         ProjectLink("Source Code", "https://github.com/pallets/werkzeug/"),
         ProjectLink("Issue Tracker", "https://github.com/pallets/werkzeug/issues/"),
+        ProjectLink("Website", "https://palletsprojects.com/p/werkzeug/"),
+        ProjectLink("Twitter", "https://twitter.com/PalletsTeam"),
+        ProjectLink("Chat", "https://discord.gg/pallets"),
     ]
 }
 html_sidebars = {
diff --git a/setup.cfg b/setup.cfg
index 2faa1aaa6..3f76d8082 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,11 +1,15 @@
 [metadata]
 name = Werkzeug
 version = attr: werkzeug.__version__
-url = https://palletsprojects.com/p/werkzeug
+url = https://palletsprojects.com/p/werkzeug/
 project_urls =
+    Donate = https://palletsprojects.com/donate
     Documentation = https://werkzeug.palletsprojects.com/
-    Code = https://github.com/pallets/werkzeug
-    Issue tracker = https://github.com/pallets/werkzeug/issues
+    Changes = https://werkzeug.palletsprojects.com/changes/
+    Source Code = https://github.com/pallets/werkzeug/
+    Issue Tracker = https://github.com/pallets/werkzeug/issues/
+    Twitter = https://twitter.com/PalletsTeam
+    Chat = https://discord.gg/pallets
 license = BSD-3-Clause
 author = Armin Ronacher
 author_email = armin.ronacher@active-4.com

From f30c077cbc9abe7f0ae8671e1484291962274ccb Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 24 Feb 2021 09:40:21 -0800
Subject: [PATCH 374/733] docs rename changelog to changes, add license

---
 docs/changes.rst |  4 ++--
 docs/index.rst   | 11 ++++++-----
 docs/license.rst |  4 ++++
 3 files changed, 12 insertions(+), 7 deletions(-)
 create mode 100644 docs/license.rst

diff --git a/docs/changes.rst b/docs/changes.rst
index 218fe3339..955deaf27 100644
--- a/docs/changes.rst
+++ b/docs/changes.rst
@@ -1,4 +1,4 @@
-Changelog
-=========
+Changes
+=======
 
 .. include:: ../CHANGES.rst
diff --git a/docs/index.rst b/docs/index.rst
index ba38fba8c..ef3be8b52 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -70,9 +70,10 @@ Additional Information
 ----------------------
 
 .. toctree::
-   :maxdepth: 2
+    :maxdepth: 2
 
-   terms
-   unicode
-   request_data
-   changes
+    terms
+    unicode
+    request_data
+    license
+    changes
diff --git a/docs/license.rst b/docs/license.rst
new file mode 100644
index 000000000..a53a98cf3
--- /dev/null
+++ b/docs/license.rst
@@ -0,0 +1,4 @@
+BSD-3-Clause License
+====================
+
+.. include:: ../LICENSE.rst

From 2a084d0dcb14ef09053aa31865a4672d4d99fd48 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 24 Feb 2021 09:39:39 -0800
Subject: [PATCH 375/733] consistent typing config

---
 MANIFEST.in                       |  4 ++--
 setup.cfg                         |  6 +++++-
 src/werkzeug/datastructures.pyi   |  3 ++-
 src/werkzeug/http.py              |  5 +++--
 src/werkzeug/routing.py           |  5 +++--
 src/werkzeug/serving.py           |  3 ++-
 src/werkzeug/wrappers/response.py |  5 +++--
 tox.ini                           | 11 +++++------
 8 files changed, 25 insertions(+), 17 deletions(-)

diff --git a/MANIFEST.in b/MANIFEST.in
index 86d1bee1f..89424810e 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,12 +1,12 @@
 include CHANGES.rst
 include tox.ini
 include requirements/*.txt
-include src/werkzeug/py.typed
-include src/werkzeug/*.pyi
 graft artwork
 graft docs
 prune docs/_build
 graft examples
 graft tests
+include src/werkzeug/py.typed
+include src/werkzeug/*.pyi
 graft src/werkzeug/debug/shared
 global-exclude *.pyc
diff --git a/setup.cfg b/setup.cfg
index 3f76d8082..6e4f08d6f 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -85,9 +85,11 @@ per-file-ignores =
     src/werkzeug/local.py: E731
 
 [mypy]
+files = src/werkzeug
+python_version = 3.6
 allow_redefinition = True
 disallow_subclassing_any = True
-# warn_return_any = True
+# disallow_untyped_calls = True
 # disallow_untyped_defs = True
 # disallow_incomplete_defs = True
 no_implicit_optional = True
@@ -97,6 +99,8 @@ strict_equality = True
 warn_redundant_casts = True
 warn_unused_configs = True
 warn_unused_ignores = True
+# warn_return_any = True
+# warn_unreachable = True
 
 [mypy-colorama.*]
 ignore_missing_imports = True
diff --git a/src/werkzeug/datastructures.pyi b/src/werkzeug/datastructures.pyi
index cc9be0900..46afc191c 100644
--- a/src/werkzeug/datastructures.pyi
+++ b/src/werkzeug/datastructures.pyi
@@ -11,7 +11,6 @@ from typing import Hashable
 from typing import Iterable
 from typing import Iterator
 from typing import List
-from typing import Literal
 from typing import Mapping
 from typing import NoReturn
 from typing import Optional
@@ -23,6 +22,8 @@ from typing import TypeVar
 from typing import Union
 from wsgiref.types import WSGIEnvironment
 
+from typing_extensions import Literal
+
 K = TypeVar("K")
 V = TypeVar("V")
 T = TypeVar("T")
diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py
index 569bb4d1d..b1bf54958 100644
--- a/src/werkzeug/http.py
+++ b/src/werkzeug/http.py
@@ -22,6 +22,7 @@
 from werkzeug._internal import _dt_as_utc
 
 if t.TYPE_CHECKING:
+    import typing_extensions as te
     from wsgiref.types import WSGIEnvironment
 
 # for explanation of "media-range", etc. see Sections 5.3.{1,2} of RFC 7231
@@ -374,14 +375,14 @@ def parse_dict_header(value: str, cls: t.Type[dict] = dict) -> t.Dict[str, str]:
 
 @typing.overload
 def parse_options_header(
-    value: t.Optional[str], multiple: "t.Literal[False]" = False
+    value: t.Optional[str], multiple: "te.Literal[False]" = False
 ) -> t.Tuple[str, t.Dict[str, str]]:
     ...
 
 
 @typing.overload
 def parse_options_header(
-    value: t.Optional[str], multiple: "t.Literal[True]"
+    value: t.Optional[str], multiple: "te.Literal[True]"
 ) -> t.Tuple[t.Any, ...]:
     ...
 
diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index 21411fd54..1eb107d7c 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -139,6 +139,7 @@
 from .wsgi import get_host
 
 if t.TYPE_CHECKING:
+    import typing_extensions as te
     from wsgiref.types import WSGIApplication
     from wsgiref.types import WSGIEnvironment
 
@@ -1798,7 +1799,7 @@ def match(  # type: ignore
         self,
         path_info: t.Optional[str] = None,
         method: t.Optional[str] = None,
-        return_rule: "t.Literal[False]" = False,
+        return_rule: "te.Literal[False]" = False,
         query_args: t.Optional[t.Union[t.Mapping[str, t.Any], str]] = None,
         websocket: t.Optional[bool] = None,
     ) -> t.Tuple[str, t.Mapping[str, t.Any]]:
@@ -1809,7 +1810,7 @@ def match(
         self,
         path_info: t.Optional[str] = None,
         method: t.Optional[str] = None,
-        return_rule: "t.Literal[True]" = True,
+        return_rule: "te.Literal[True]" = True,
         query_args: t.Optional[t.Union[t.Mapping[str, t.Any], str]] = None,
         websocket: t.Optional[bool] = None,
     ) -> t.Tuple[Rule, t.Mapping[str, t.Any]]:
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index a5526d038..2233646a7 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -70,10 +70,11 @@ class ForkingMixIn:  # type: ignore
 can_open_by_fd = not platform.system() == "Windows" and hasattr(socket, "fromfd")
 
 _TSSLContextArg = t.Optional[
-    t.Union["ssl.SSLContext", t.Tuple[str, t.Optional[str]], "t.Literal['adhoc']"]
+    t.Union["ssl.SSLContext", t.Tuple[str, t.Optional[str]], "te.Literal['adhoc']"]
 ]
 
 if t.TYPE_CHECKING:
+    import typing_extensions as te  # noqa: F401
     from wsgiref.types import WSGIApplication
     from wsgiref.types import WSGIEnvironment
     from cryptography.hazmat.primitives.asymmetric.rsa import (
diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py
index dd249210d..0a0a8ac40 100644
--- a/src/werkzeug/wrappers/response.py
+++ b/src/werkzeug/wrappers/response.py
@@ -21,6 +21,7 @@
 from werkzeug.wsgi import _RangeWrapper
 
 if t.TYPE_CHECKING:
+    import typing_extensions as te
     from wsgiref.types import StartResponse
     from wsgiref.types import WSGIApplication
     from wsgiref.types import WSGIEnvironment
@@ -284,11 +285,11 @@ def from_app(
         return cls(*run_wsgi_app(app, environ, buffered))
 
     @typing.overload
-    def get_data(self, as_text: "t.Literal[False]" = False) -> bytes:
+    def get_data(self, as_text: "te.Literal[False]" = False) -> bytes:
         ...
 
     @typing.overload
-    def get_data(self, as_text: "t.Literal[True]") -> str:
+    def get_data(self, as_text: "te.Literal[True]") -> str:
         ...
 
     def get_data(self, as_text=False):
diff --git a/tox.ini b/tox.ini
index dc04e40cc..460027dd8 100644
--- a/tox.ini
+++ b/tox.ini
@@ -2,8 +2,8 @@
 envlist =
     py{39,38,37,36,py3}
     style
-    docs
     typing
+    docs
 skip_missing_interpreters = true
 
 [testenv]
@@ -16,11 +16,10 @@ deps = pre-commit
 skip_install = true
 commands = pre-commit run --all-files --show-diff-on-failure
 
+[testenv:typing]
+deps = -r requirements/typing.txt
+commands = mypy
+
 [testenv:docs]
 deps = -r requirements/docs.txt
 commands = sphinx-build -W -b html -d {envtmpdir}/doctrees docs {envtmpdir}/html
-
-[testenv:typing]
-deps = -r requirements/typing.txt
-commands =
-    mypy src/werkzeug/ tests/

From 3875e442f15db0a89070671999f63731369dbd7a Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 24 Feb 2021 09:39:46 -0800
Subject: [PATCH 376/733] cache mypy in ci

---
 .github/workflows/tests.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index e656dcf84..d52088f92 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -50,5 +50,11 @@ jobs:
         with:
           path: ${{ steps.pip-cache.outputs.dir }}
           key: pip|${{ runner.os }}|${{ matrix.python }}|${{ hashFiles('setup.py') }}|${{ hashFiles('requirements/*.txt') }}
+      - name: cache mypy
+        uses: actions/cache@v2
+        with:
+          path: ./.mypy_cache
+          key: mypy|${{ matrix.python }}|${{ hashFiles('setup.cfg') }}
+        if: matrix.tox == 'typing'
       - run: pip install tox
       - run: tox -e ${{ matrix.tox }}

From 9aa280a95abc9887414d7ee103f424931e9a62a6 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 25 Feb 2021 09:18:02 -0800
Subject: [PATCH 377/733] http_date accepts date and struct_time

---
 CHANGES.rst          |  2 --
 src/werkzeug/http.py | 41 ++++++++++++++++++++++++++++++-----------
 tests/test_http.py   |  2 ++
 3 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index d3814c9a5..90744d8c0 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -98,8 +98,6 @@ Unreleased
 -   ``utils.cookie_date`` is deprecated, use ``utils.http_date``
     instead. The value for ``Set-Cookie expires`` is no longer "-"
     delimited. :pr:`2040`
--   ``utils.http_date``, and attributes and values that use it, no
-    longer accept ``time.struct_time`` tuples. :pr:`2040`
 -   Use ``request.headers`` instead of ``request.environ`` to look up
     header attributes. :pr:`1808`
 -   The test ``Client`` request methods (``client.get``, etc.) always
diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py
index b1bf54958..1e2190706 100644
--- a/src/werkzeug/http.py
+++ b/src/werkzeug/http.py
@@ -4,12 +4,15 @@
 import typing
 import typing as t
 import warnings
+from datetime import date
 from datetime import datetime
+from datetime import time
 from datetime import timedelta
 from datetime import timezone
 from enum import Enum
 from hashlib import sha1
-from time import time
+from time import mktime
+from time import struct_time
 from urllib.parse import unquote_to_bytes as _unquote
 from urllib.request import parse_http_list as _parse_list_header
 
@@ -924,7 +927,9 @@ def parse_date(value: t.Optional[str]) -> t.Optional[datetime]:
     return dt
 
 
-def cookie_date(expires: t.Optional[t.Union[datetime, int, float]] = None) -> str:
+def cookie_date(
+    expires: t.Optional[t.Union[datetime, date, int, float, struct_time]] = None
+) -> str:
     """Format a datetime object or timestamp into an :rfc:`2822` date
     string for ``Set-Cookie expires``.
 
@@ -940,24 +945,35 @@ def cookie_date(expires: t.Optional[t.Union[datetime, int, float]] = None) -> st
     return http_date(expires)
 
 
-def http_date(timestamp: t.Optional[t.Union[datetime, int, float]] = None) -> str:
+def http_date(
+    timestamp: t.Optional[t.Union[datetime, date, int, float, struct_time]] = None
+) -> str:
     """Format a datetime object or timestamp into an :rfc:`2822` date
     string.
 
-    This is a wrapper for :func:`email.utils.format_datetime` and
-    ``.formatdate``. It assumes naive datetime objects are in UTC
-    instead of raising an exception.
+    This is a wrapper for :func:`email.utils.format_datetime`. It
+    assumes naive datetime objects are in UTC instead of raising an
+    exception.
 
     :param timestamp: The datetime or timestamp to format. Defaults to
         the current time.
 
     .. versionchanged:: 2.0.0
-        Use ``email.utils.format_datetime``.
+        Use ``email.utils.format_datetime``. Accept ``date`` objects.
     """
-    if isinstance(timestamp, datetime):
-        timestamp = _dt_as_utc(timestamp)
+    if isinstance(timestamp, date):
+        if not isinstance(timestamp, datetime):
+            # Assume plain date is midnight UTC.
+            timestamp = datetime.combine(timestamp, time(), tzinfo=timezone.utc)
+        else:
+            # Ensure datetime is timezone-aware.
+            timestamp = _dt_as_utc(timestamp)
+
         return email.utils.format_datetime(timestamp, usegmt=True)
 
+    if isinstance(timestamp, struct_time):
+        timestamp = mktime(timestamp)
+
     return email.utils.formatdate(timestamp, usegmt=True)
 
 
@@ -1256,14 +1272,17 @@ def dump_cookie(
         from .urls import iri_to_uri
 
         path = iri_to_uri(path, charset)
+
     domain = _make_cookie_domain(domain)
+
     if isinstance(max_age, timedelta):
-        max_age = (max_age.days * 60 * 60 * 24) + max_age.seconds
+        max_age = int(max_age.total_seconds())
+
     if expires is not None:
         if not isinstance(expires, str):
             expires = http_date(expires)
     elif max_age is not None and sync_expires:
-        expires = http_date(time() + max_age)
+        expires = http_date(datetime.now(tz=timezone.utc).timestamp() + max_age)
 
     if samesite is not None:
         samesite = samesite.title()
diff --git a/tests/test_http.py b/tests/test_http.py
index dcb62ddbd..0d6c18397 100644
--- a/tests/test_http.py
+++ b/tests/test_http.py
@@ -1,4 +1,5 @@
 import base64
+from datetime import date
 from datetime import datetime
 from datetime import timedelta
 from datetime import timezone
@@ -713,6 +714,7 @@ def test_parse_date(value, expect):
         (datetime(999, 1, 1), "Tue, 01 Jan 0999 00:00:00 GMT"),
         (datetime(1000, 1, 1), "Wed, 01 Jan 1000 00:00:00 GMT"),
         (datetime(2020, 1, 1), "Wed, 01 Jan 2020 00:00:00 GMT"),
+        (date(2020, 1, 1), "Wed, 01 Jan 2020 00:00:00 GMT"),
     ],
 )
 def test_http_date(value, expect):

From 9081a409aac7eac7ef359fb958dd6f9fabbb226a Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Fri, 26 Feb 2021 16:21:01 +0000
Subject: [PATCH 378/733] Alter the local checking logic

Pypy ships it's own Greenlet version which does not patch ContextVars,
however if Greenlet isn't used Pypy's ContextVars are fine. Therefore
the logic now checks if eventlet or gevent are imported (which implies
they is used). Thereby allowing real ContextVars to be used in pypy if
available but only if greenlet isn't used by eventlet or gevent. The
other logic remains as now.
---
 src/werkzeug/local.py | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index 142c5d97a..45111b392 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -1,6 +1,7 @@
 import copy
 import math
 import operator
+import sys
 import typing as t
 import warnings
 from functools import partial
@@ -35,14 +36,11 @@ class _CannotUseContextVar(Exception):
 try:
     from contextvars import ContextVar
 
-    # If Greenlet is used, check it has patched ContextVars, Greenlet
-    # <0.4.17 does not.
-    try:
+    if "gevent" in sys.modules or "eventlet" in sys.modules:
+        # Both use greenlet, so first check it has patched
+        # ContextVars, Greenlet <0.4.17 does not.
         import greenlet
-    except ImportError:
-        # Not used
-        pass
-    else:
+
         greenlet_patched = getattr(greenlet, "GREENLET_USE_CONTEXT_VARS", False)
 
         if not greenlet_patched:

From b1d0b12c556dcccfc6b33d5871a8be38d0db0bf4 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Mon, 1 Mar 2021 12:26:00 +0000
Subject: [PATCH 379/733] Bump sphinx from 3.4.3 to 3.5.1

Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.4.3 to 3.5.1.
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES)
- [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.4.3...v3.5.1)

Signed-off-by: dependabot-preview[bot] 
---
 requirements/dev.txt  | 2 +-
 requirements/docs.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 5320d7458..f697c221d 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -105,7 +105,7 @@ snowballstemmer==2.0.0
     # via sphinx
 sphinx-issues==1.2.0
     # via -r requirements/docs.in
-sphinx==3.4.3
+sphinx==3.5.1
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
diff --git a/requirements/docs.txt b/requirements/docs.txt
index eb188a7ee..2e51efc92 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -40,7 +40,7 @@ snowballstemmer==2.0.0
     # via sphinx
 sphinx-issues==1.2.0
     # via -r requirements/docs.in
-sphinx==3.4.3
+sphinx==3.5.1
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes

From f38aaa4b8152163d7748d2c7d4786ca978e1f678 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Mon, 1 Mar 2021 12:27:10 +0000
Subject: [PATCH 380/733] Bump cryptography from 3.3.2 to 3.4.6

Bumps [cryptography](https://github.com/pyca/cryptography) from 3.3.2 to 3.4.6.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.3.2...3.4.6)

Signed-off-by: dependabot-preview[bot] 
---
 requirements/dev.txt   | 3 +--
 requirements/tests.txt | 4 +---
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 5320d7458..482788aa9 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -22,7 +22,7 @@ chardet==4.0.0
     # via requests
 click==7.1.2
     # via pip-tools
-cryptography==3.3.2
+cryptography==3.4.6
     # via -r requirements/tests.in
 distlib==0.3.1
     # via virtualenv
@@ -98,7 +98,6 @@ requests==2.25.1
     # via sphinx
 six==1.15.0
     # via
-    #   cryptography
     #   tox
     #   virtualenv
 snowballstemmer==2.0.0
diff --git a/requirements/tests.txt b/requirements/tests.txt
index c452e7ef2..98f5113d5 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -8,7 +8,7 @@ attrs==20.3.0
     # via pytest
 cffi==1.14.4
     # via cryptography
-cryptography==3.3.2
+cryptography==3.4.6
     # via -r requirements/tests.in
 greenlet==1.0.0
     # via -r requirements/tests.in
@@ -35,8 +35,6 @@ pytest==6.2.2
     #   -r requirements/tests.in
     #   pytest-timeout
     #   pytest-xprocess
-six==1.15.0
-    # via cryptography
 toml==0.10.2
     # via pytest
 watchdog==1.0.2

From e924f3204d87c93438de18a01c1812759ae40826 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Mon, 1 Mar 2021 12:28:58 +0000
Subject: [PATCH 381/733] Bump pre-commit from 2.10.0 to 2.10.1

Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.10.0 to 2.10.1.
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pre-commit/pre-commit/compare/v2.10.0...v2.10.1)

Signed-off-by: dependabot-preview[bot] 
---
 requirements/dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 5320d7458..7f0d1b987 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -66,7 +66,7 @@ pluggy==0.13.1
     # via
     #   pytest
     #   tox
-pre-commit==2.10.0
+pre-commit==2.10.1
     # via -r requirements/dev.in
 psutil==5.8.0
     # via pytest-xprocess

From 49a20723a44ae17067e1948bcf0e914aa2e3e26d Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Mon, 1 Mar 2021 12:30:04 +0000
Subject: [PATCH 382/733] Bump mypy from 0.800 to 0.812

Bumps [mypy](https://github.com/python/mypy) from 0.800 to 0.812.
- [Release notes](https://github.com/python/mypy/releases)
- [Commits](https://github.com/python/mypy/compare/v0.800...v0.812)

Signed-off-by: dependabot-preview[bot] 
---
 requirements/dev.txt    | 2 +-
 requirements/typing.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 5320d7458..6ddf82d5b 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -48,7 +48,7 @@ markupsafe==1.1.1
     # via jinja2
 mypy-extensions==0.4.3
     # via mypy
-mypy==0.800
+mypy==0.812
     # via -r requirements/typing.in
 nodeenv==1.5.0
     # via pre-commit
diff --git a/requirements/typing.txt b/requirements/typing.txt
index 59bfd8201..0015e2177 100644
--- a/requirements/typing.txt
+++ b/requirements/typing.txt
@@ -10,7 +10,7 @@ iniconfig==1.1.1
     # via pytest
 mypy-extensions==0.4.3
     # via mypy
-mypy==0.800
+mypy==0.812
     # via -r requirements/typing.in
 packaging==20.8
     # via pytest

From 06575f2e53b3d7c7f106e64cf56c1a5d33e79960 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Mon, 1 Mar 2021 12:31:20 +0000
Subject: [PATCH 383/733] Bump watchdog from 1.0.2 to 2.0.2

Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 1.0.2 to 2.0.2.
- [Release notes](https://github.com/gorakhargosh/watchdog/releases)
- [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst)
- [Commits](https://github.com/gorakhargosh/watchdog/compare/v1.0.2...v2.0.2)

Signed-off-by: dependabot-preview[bot] 
---
 requirements/dev.txt   | 2 +-
 requirements/tests.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 2fc82d4ab..43a325093 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -141,7 +141,7 @@ virtualenv==20.3.0
     # via
     #   pre-commit
     #   tox
-watchdog==1.0.2
+watchdog==2.0.2
     # via -r requirements/tests.in
 
 # The following packages are considered to be unsafe in a requirements file:
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 98f5113d5..7668780f7 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -37,5 +37,5 @@ pytest==6.2.2
     #   pytest-xprocess
 toml==0.10.2
     # via pytest
-watchdog==1.0.2
+watchdog==2.0.2
     # via -r requirements/tests.in

From 258cd556b10eed20f08eec620719a879519a8d9f Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Mon, 1 Mar 2021 12:39:32 +0000
Subject: [PATCH 384/733] Bump tox from 3.21.3 to 3.22.0

Bumps [tox](https://github.com/tox-dev/tox) from 3.21.3 to 3.22.0.
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/master/docs/changelog.rst)
- [Commits](https://github.com/tox-dev/tox/compare/3.21.3...3.22.0)

Signed-off-by: dependabot-preview[bot] 
---
 requirements/dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 85e596ec4..52ab0b564 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -129,7 +129,7 @@ toml==0.10.2
     #   pre-commit
     #   pytest
     #   tox
-tox==3.21.3
+tox==3.22.0
     # via -r requirements/dev.in
 typed-ast==1.4.2
     # via mypy

From 94af9ee11ad82823b102d014d24bbbda66dc62e4 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Wed, 17 Feb 2021 22:50:06 +0000
Subject: [PATCH 385/733] Move the host and get_host functions to sans-io

This allows ASGI frameworks to also utilise the get_host and trusted
functionality. Note though that the ASGI spec allows for the server
information to be absent, and also note that in the case of unix
sockets there is no port information.
---
 src/werkzeug/sansio/request.py   | 26 +++++++++
 src/werkzeug/sansio/utils.py     | 99 ++++++++++++++++++++++++++++++++
 src/werkzeug/wrappers/request.py | 22 +------
 src/werkzeug/wsgi.py             | 92 +++++++++--------------------
 tests/sansio/__init__.py         |  0
 tests/sansio/test_utils.py       | 32 +++++++++++
 tests/test_wrappers.py           | 32 ++++++++---
 7 files changed, 212 insertions(+), 91 deletions(-)
 create mode 100644 src/werkzeug/sansio/utils.py
 create mode 100644 tests/sansio/__init__.py
 create mode 100644 tests/sansio/test_utils.py

diff --git a/src/werkzeug/sansio/request.py b/src/werkzeug/sansio/request.py
index de0b7edcd..75dc67e35 100644
--- a/src/werkzeug/sansio/request.py
+++ b/src/werkzeug/sansio/request.py
@@ -32,6 +32,7 @@
 from ..utils import cached_property
 from ..utils import header_property
 from ..wsgi import get_content_length
+from .utils import get_host
 
 
 class Request:
@@ -51,6 +52,8 @@ class Request:
     :param root_path: Prefix that the application is mounted under. This
         is prepended to generated URLs, but is not part of route
         matching.
+    :param server: Address of the server. ``(host, port)`` for TCP
+        connections, or ``(path, None)`` for Unix socket connections.
 
     .. versionadded:: 2.0
     """
@@ -89,6 +92,18 @@ class Request:
     #: .. versionadded:: 0.6
     list_storage_class: t.Type[t.List] = ImmutableList
 
+    #: Valid host names when handling requests. By default all hosts are
+    #: trusted, which means that whatever the client says the host is
+    #: will be accepted.
+    #:
+    #: Because ``Host`` and ``X-Forwarded-Host`` headers can be set to
+    #: any value by a malicious client, it is recommended to either set
+    #: this property or implement similar validation in the proxy (if
+    #: the application is being run behind one).
+    #:
+    #: .. versionadded:: 0.9
+    trusted_hosts: t.Optional[t.List[str]] = None
+
     def __init__(
         self,
         method: str,
@@ -98,6 +113,7 @@ def __init__(
         scheme: str,
         remote_addr: t.Optional[str],
         root_path: str,
+        server: t.Optional[t.Tuple[str, t.Optional[int]]],
     ) -> None:
         self.method = method.upper()
         self.path = "/" + path.lstrip("/")
@@ -106,6 +122,7 @@ def __init__(
         self.scheme = scheme
         self.remote_addr = remote_addr
         self.root_path = root_path.rstrip("/")
+        self.server = server
 
     def __repr__(self) -> str:
         return f"<{type(self).__name__} {self.path} [{self.method}]>"
@@ -160,6 +177,15 @@ def is_secure(self) -> bool:
         "`True` if the request is secure."
         return self.scheme in {"https", "wss"}
 
+    @cached_property
+    def host(self) -> str:
+        """The host name the request was made to, including the port if
+        it's non-standard. Validated with :attr:`trusted_hosts`.
+        """
+        return get_host(
+            self.scheme, self.headers.get("host"), self.server, self.trusted_hosts
+        )
+
     @cached_property
     def cookies(self) -> "ImmutableMultiDict[str, str]":
         """A :class:`dict` with the contents of all cookies transmitted with
diff --git a/src/werkzeug/sansio/utils.py b/src/werkzeug/sansio/utils.py
new file mode 100644
index 000000000..05b7ebc66
--- /dev/null
+++ b/src/werkzeug/sansio/utils.py
@@ -0,0 +1,99 @@
+import typing as t
+
+from .._internal import _encode_idna
+from ..exceptions import SecurityError
+
+
+def host_is_trusted(hostname: str, trusted_list: t.Iterable[str]) -> bool:
+    """Check if a host matches a list of trusted names.
+
+    :param hostname: The name to check.
+    :param trusted_list: A list of valid names to match. If a name
+        starts with a dot it will match all subdomains.
+
+    .. versionadded:: 0.9
+    """
+    if not hostname:
+        return False
+
+    if isinstance(trusted_list, str):
+        trusted_list = [trusted_list]
+
+    def _normalize(hostname: str) -> bytes:
+        if ":" in hostname:
+            hostname = hostname.rsplit(":", 1)[0]
+
+        return _encode_idna(hostname)
+
+    try:
+        hostname_bytes = _normalize(hostname)
+    except UnicodeError:
+        return False
+
+    for ref in trusted_list:
+        if ref.startswith("."):
+            ref = ref[1:]
+            suffix_match = True
+        else:
+            suffix_match = False
+
+        try:
+            ref_bytes = _normalize(ref)
+        except UnicodeError:
+            return False
+
+        if ref_bytes == hostname_bytes:
+            return True
+
+        if suffix_match and hostname_bytes.endswith(b"." + ref_bytes):
+            return True
+
+    return False
+
+
+def get_host(
+    scheme: str,
+    host_header: t.Optional[str],
+    server: t.Optional[t.Tuple[str, t.Optional[int]]] = None,
+    trusted_hosts: t.Optional[t.Iterable[str]] = None,
+) -> str:
+    """Return the host for the given parameters.
+
+    This first checks the ``host_header``. If it's not present, then
+    ``server`` is used. The host will only contain the port if it is
+    different than the standard port for the protocol.
+
+    Optionally, verify that the host is trusted using
+    :func:`host_is_trusted` and raise a
+    :exc:`~werkzeug.exceptions.SecurityError` if it is not.
+
+    :param scheme: The protocol the request used, like ``"https"``.
+    :param host_header: The ``Host`` header value.
+    :param server: Address of the server. ``(host, port)``, or
+        ``(path, None)`` for unix sockets.
+    :param trusted_hosts: A list of trusted host names.
+
+    :return: Host, with port if necessary.
+    :raise ~werkzeug.exceptions.SecurityError: If the host is not
+        trusted.
+    """
+    host = ""
+
+    if host_header is not None:
+        host = host_header
+    elif server is not None:
+        host = server[0]
+
+        if server[1] is not None:
+            host = f"{host}:{server[1]}"
+
+    if scheme in {"http", "ws"} and host.endswith(":80"):
+        host = host[:-3]
+    elif scheme in {"https", "wss"} and host.endswith(":443"):
+        host = host[:-4]
+
+    if trusted_hosts is not None:
+        if not host_is_trusted(host, trusted_hosts):
+            raise SecurityError(f"Host {host!r} is not trusted.")
+
+    return host
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index 76154f3e9..a30e495c3 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -17,9 +17,9 @@
 from ..sansio.request import Request as _SansIORequest
 from ..utils import cached_property
 from ..utils import environ_property
+from ..wsgi import _get_server
 from ..wsgi import get_content_length
 from ..wsgi import get_current_url
-from ..wsgi import get_host
 from ..wsgi import get_input_stream
 from werkzeug.exceptions import BadRequest
 
@@ -86,18 +86,6 @@ class Request(_SansIORequest):
     #: the form date parsing.
     form_data_parser_class: t.Type[FormDataParser] = FormDataParser
 
-    #: Optionally a list of hosts that is trusted by this request.  By default
-    #: all hosts are trusted which means that whatever the client sends the
-    #: host is will be accepted.
-    #:
-    #: Because `Host` and `X-Forwarded-Host` headers can be set to any value by
-    #: a malicious client, it is recommended to either set this property or
-    #: implement similar validation in the proxy (if application is being run
-    #: behind one).
-    #:
-    #: .. versionadded:: 0.9
-    trusted_hosts: t.Optional[t.List[str]] = None
-
     #: Indicates whether the data descriptor should be allowed to read and
     #: buffer up the input stream.  By default it's enabled.
     #:
@@ -131,6 +119,7 @@ def __init__(
             root_path=_wsgi_decoding_dance(
                 environ.get("SCRIPT_NAME") or "", self.charset, self.encoding_errors
             ),
+            server=_get_server(environ),
         )
         self.environ = environ
         if populate_request and not shallow:
@@ -535,13 +524,6 @@ def host_url(self) -> str:
             self.environ, host_only=True, trusted_hosts=self.trusted_hosts
         )
 
-    @cached_property
-    def host(self) -> str:
-        """Just the host including the port if available.
-        See also: :attr:`trusted_hosts`.
-        """
-        return get_host(self.environ, trusted_hosts=self.trusted_hosts)
-
     remote_user = environ_property[str](
         "REMOTE_USER",
         doc="""If the server supports user authentication, and the
diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py
index 8d18fa438..194f8abc1 100644
--- a/src/werkzeug/wsgi.py
+++ b/src/werkzeug/wsgi.py
@@ -5,10 +5,11 @@
 from functools import update_wrapper
 from itertools import chain
 
-from ._internal import _encode_idna
 from ._internal import _make_encode_wrapper
 from ._internal import _to_bytes
 from ._internal import _to_str
+from .sansio.utils import get_host as sansio_get_host
+from .sansio.utils import host_is_trusted
 from .urls import _URLTuple
 from .urls import uri_to_iri
 from .urls import url_join
@@ -89,86 +90,49 @@ def get_current_url(
     return uri_to_iri("".join(tmp))
 
 
-def host_is_trusted(hostname: str, trusted_list: t.Iterable[str]) -> bool:
-    """Checks if a host is trusted against a list.  This also takes care
-    of port normalization.
-
-    .. versionadded:: 0.9
-
-    :param hostname: the hostname to check
-    :param trusted_list: a list of hostnames to check against.  If a
-                         hostname starts with a dot it will match against
-                         all subdomains as well.
-    """
-    if not hostname:
-        return False
-
-    if isinstance(trusted_list, str):
-        trusted_list = [trusted_list]
+def _get_server(
+    environ: "WSGIEnvironment",
+) -> t.Optional[t.Tuple[str, t.Optional[int]]]:
+    name = environ.get("SERVER_NAME")
 
-    def _normalize(hostname: str) -> bytes:
-        if ":" in hostname:
-            hostname = hostname.rsplit(":", 1)[0]
-        return _encode_idna(hostname)
+    if name is None:
+        return None
 
     try:
-        hostname_bytes = _normalize(hostname)
-    except UnicodeError:
-        return False
-    for ref in trusted_list:
-        if ref.startswith("."):
-            ref = ref[1:]
-            suffix_match = True
-        else:
-            suffix_match = False
-        try:
-            ref_bytes = _normalize(ref)
-        except UnicodeError:
-            return False
-        if ref_bytes == hostname_bytes:
-            return True
-        if suffix_match and hostname_bytes.endswith(b"." + ref_bytes):
-            return True
-    return False
+        port: t.Optional[int] = int(environ.get("SERVER_PORT", None))
+    except (TypeError, ValueError):
+        # unix socket
+        port = None
+
+    return name, port
 
 
 def get_host(
     environ: "WSGIEnvironment", trusted_hosts: t.Optional[t.Iterable[str]] = None
 ) -> str:
-    """Return the host for the given WSGI environment. This first checks
-    the ``Host`` header. If it's not present, then ``SERVER_NAME`` and
-    ``SERVER_PORT`` are used. The host will only contain the port if it
-    is different than the standard port for the protocol.
+    """Return the host for the given WSGI environment.
+
+    The ``Host`` header is preferred, then ``SERVER_NAME`` if it's not
+    set. The returned host will only contain the port if it is different
+    than the standard port for the protocol.
 
     Optionally, verify that the host is trusted using
     :func:`host_is_trusted` and raise a
     :exc:`~werkzeug.exceptions.SecurityError` if it is not.
 
-    :param environ: The WSGI environment to get the host from.
-    :param trusted_hosts: A list of trusted hosts.
+    :param environ: A WSGI environment dict.
+    :param trusted_hosts: A list of trusted host names.
+
     :return: Host, with port if necessary.
     :raise ~werkzeug.exceptions.SecurityError: If the host is not
         trusted.
     """
-    if "HTTP_HOST" in environ:
-        rv = environ["HTTP_HOST"]
-        if environ["wsgi.url_scheme"] == "http" and rv.endswith(":80"):
-            rv = rv[:-3]
-        elif environ["wsgi.url_scheme"] == "https" and rv.endswith(":443"):
-            rv = rv[:-4]
-    else:
-        rv = environ["SERVER_NAME"]
-        if (environ["wsgi.url_scheme"], environ["SERVER_PORT"]) not in (
-            ("https", "443"),
-            ("http", "80"),
-        ):
-            rv += f":{environ['SERVER_PORT']}"
-    if trusted_hosts is not None:
-        if not host_is_trusted(rv, trusted_hosts):
-            from .exceptions import SecurityError
-
-            raise SecurityError(f'Host "{rv}" is not trusted')
-    return rv
+    return sansio_get_host(
+        environ["wsgi.url_scheme"],
+        environ.get("HTTP_HOST"),
+        _get_server(environ),
+        trusted_hosts,
+    )
 
 
 def get_content_length(environ: "WSGIEnvironment") -> t.Optional[int]:
diff --git a/tests/sansio/__init__.py b/tests/sansio/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/sansio/test_utils.py b/tests/sansio/test_utils.py
new file mode 100644
index 000000000..8c8faa61b
--- /dev/null
+++ b/tests/sansio/test_utils.py
@@ -0,0 +1,32 @@
+import typing as t
+
+import pytest
+
+from werkzeug.sansio.utils import get_host
+
+
+@pytest.mark.parametrize(
+    ("scheme", "host_header", "server", "expected"),
+    [
+        ("http", "spam", None, "spam"),
+        ("http", "spam:80", None, "spam"),
+        ("https", "spam", None, "spam"),
+        ("https", "spam:443", None, "spam"),
+        ("http", "spam:8080", None, "spam:8080"),
+        ("ws", "spam", None, "spam"),
+        ("ws", "spam:80", None, "spam"),
+        ("wss", "spam", None, "spam"),
+        ("wss", "spam:443", None, "spam"),
+        ("http", None, ("spam", 80), "spam"),
+        ("http", None, ("spam", 8080), "spam:8080"),
+        ("http", None, ("unix/socket", None), "unix/socket"),
+        ("http", "spam", ("eggs", 80), "spam"),
+    ],
+)
+def test_get_host(
+    scheme: str,
+    host_header: t.Optional[str],
+    server: t.Optional[t.Tuple[str, t.Optional[int]]],
+    expected: str,
+) -> None:
+    assert get_host(scheme, host_header, server) == expected
diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py
index dfb9a75cb..254c3f164 100644
--- a/tests/test_wrappers.py
+++ b/tests/test_wrappers.py
@@ -393,6 +393,8 @@ def test_accept():
             "HTTP_ACCEPT_CHARSET": "ISO-8859-1,utf-8;q=0.7,*;q=0.7",
             "HTTP_ACCEPT_ENCODING": "gzip,deflate",
             "HTTP_ACCEPT_LANGUAGE": "en-us,en;q=0.5",
+            "SERVER_NAME": "eggs",
+            "SERVER_PORT": "80",
         }
     )
     assert request.accept_mimetypes == MIMEAccept(
@@ -412,7 +414,9 @@ def test_accept():
     assert request.accept_encodings == Accept([("gzip", 1), ("deflate", 1)])
     assert request.accept_languages == LanguageAccept([("en-us", 1), ("en", 0.5)])
 
-    request = wrappers.Request({"HTTP_ACCEPT": ""})
+    request = wrappers.Request(
+        {"HTTP_ACCEPT": "", "SERVER_NAME": "example.org", "SERVER_PORT": "80"}
+    )
     assert request.accept_mimetypes == MIMEAccept()
 
 
@@ -424,6 +428,8 @@ def test_etag_request():
             "HTTP_IF_NONE_MATCH": 'W/"foo", bar, "baz"',
             "HTTP_IF_MODIFIED_SINCE": "Tue, 22 Jan 2008 11:18:44 GMT",
             "HTTP_IF_UNMODIFIED_SINCE": "Tue, 22 Jan 2008 11:18:44 GMT",
+            "SERVER_NAME": "eggs",
+            "SERVER_PORT": "80",
         }
     )
     assert request.cache_control.no_store
@@ -622,7 +628,9 @@ def test_user_agent():
         ),
     ]
     for ua, browser, platform, version, lang in user_agents:
-        request = wrappers.Request({"HTTP_USER_AGENT": ua})
+        request = wrappers.Request(
+            {"HTTP_USER_AGENT": ua, "SERVER_NAME": "eggs", "SERVER_PORT": "80"}
+        )
         assert request.user_agent.browser == browser
         assert request.user_agent.platform == platform
         assert request.user_agent.version == version
@@ -631,7 +639,9 @@ def test_user_agent():
         assert request.user_agent.to_header() == ua
         assert str(request.user_agent) == ua
 
-    request = wrappers.Request({"HTTP_USER_AGENT": "foo"})
+    request = wrappers.Request(
+        {"HTTP_USER_AGENT": "foo", "SERVER_NAME": "eggs", "SERVER_PORT": "80"}
+    )
     assert not request.user_agent
 
 
@@ -982,7 +992,10 @@ def test_request_mimetype_always_lowercase():
 
 
 def test_shallow_mode():
-    request = wrappers.Request({"QUERY_STRING": "foo=bar"}, shallow=True)
+    request = wrappers.Request(
+        {"QUERY_STRING": "foo=bar", "SERVER_NAME": "eggs", "SERVER_PORT": "80"},
+        shallow=True,
+    )
     assert request.args["foo"] == "bar"
     pytest.raises(RuntimeError, lambda: request.form["foo"])
 
@@ -1380,7 +1393,9 @@ class ModifiedRequest(wrappers.Request):
 
 
 def test_request_method_case_sensitivity():
-    req = wrappers.Request({"REQUEST_METHOD": "get"})
+    req = wrappers.Request(
+        {"REQUEST_METHOD": "get", "SERVER_NAME": "eggs", "SERVER_PORT": "80"}
+    )
     assert req.method == "GET"
 
 
@@ -1554,7 +1569,7 @@ class CheckRequest(cls, wrappers.Request):
         pass
 
     with pytest.warns(DeprecationWarning, match=cls.__name__):
-        CheckRequest({})
+        CheckRequest({"SERVER_NAME": "example.org", "SERVER_PORT": "80"})
 
 
 @pytest.mark.parametrize(
@@ -1582,7 +1597,10 @@ def test_check_base_deprecated():
         assert issubclass(wrappers.Request, wrappers.BaseRequest)
 
     with pytest.raises(DeprecationWarning, match=r"isinstance\(obj, Request\)"):
-        assert isinstance(wrappers.Request({}), wrappers.BaseRequest)
+        assert isinstance(
+            wrappers.Request({"SERVER_NAME": "example.org", "SERVER_PORT": "80"}),
+            wrappers.BaseRequest,
+        )
 
     with pytest.raises(DeprecationWarning, match=r"issubclass\(cls, Response\)"):
         assert issubclass(wrappers.Response, wrappers.BaseResponse)

From 4dc084f668e20dfe15ee3673ccfc664aaafceada Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Thu, 18 Feb 2021 14:58:25 +0000
Subject: [PATCH 386/733] Move the url functions to sans-io

This allows ASGI frameworks to also utilise the get_current_url
functionality.

Note that the trusted host function is part of the wsgi module public
API, hence the import without usage. It is not defined in the module
to avoid a circular import.
---
 src/werkzeug/sansio/request.py   | 86 +++++++++++++++++++++++++-------
 src/werkzeug/sansio/utils.py     | 43 ++++++++++++++++
 src/werkzeug/wrappers/request.py | 62 +++++------------------
 src/werkzeug/wsgi.py             | 80 ++++++++++++-----------------
 4 files changed, 153 insertions(+), 118 deletions(-)

diff --git a/src/werkzeug/sansio/request.py b/src/werkzeug/sansio/request.py
index 75dc67e35..3a1db75e5 100644
--- a/src/werkzeug/sansio/request.py
+++ b/src/werkzeug/sansio/request.py
@@ -32,6 +32,7 @@
 from ..utils import cached_property
 from ..utils import header_property
 from ..wsgi import get_content_length
+from .utils import get_current_url
 from .utils import get_host
 
 
@@ -43,22 +44,24 @@ class Request:
     implementing WSGI, ASGI, or another HTTP application spec. Werkzeug
     provides a WSGI implementation at :cls:`werkzeug.wrappers.Request`.
 
-    :param method: The method the request was made with, such as GET.
-    :param path: The path part of the URL, without the query string.
-    :param query_string: The optional portion of the URL after the "?".
-    :param headers: The headers received with the request.
-    :param scheme: The protocol the request used, such as HTTP or WS.
-    :param remote_addr: Address of the client sending the request.
-    :param root_path: Prefix that the application is mounted under. This
-        is prepended to generated URLs, but is not part of route
+    :param method: The method the request was made with, such as
+        ``GET``.
+    :param scheme: The URL scheme of the protocol the request used, such
+        as ``https`` or ``wss``.
+    :param server: The address of the server. ``(host, port)``,
+        ``(path, None)`` for unix sockets, or ``None`` if not known.
+    :param root_path: The prefix that the application is mounted under.
+        This is prepended to generated URLs, but is not part of route
         matching.
-    :param server: Address of the server. ``(host, port)`` for TCP
-        connections, or ``(path, None)`` for Unix socket connections.
+    :param path: The path part of the URL after ``root_path``.
+    :param query_string: The part of the URL after the "?".
+    :param headers: The headers received with the request.
+    :param remote_addr: The address of the client sending the request.
 
     .. versionadded:: 2.0
     """
 
-    #: the charset for the request, defaults to utf-8
+    #: The charset used to decode most data in the request.
     charset = "utf-8"
 
     #: the error handling procedure for errors, defaults to 'replace'
@@ -107,25 +110,43 @@ class Request:
     def __init__(
         self,
         method: str,
+        scheme: str,
+        server: t.Optional[t.Tuple[str, t.Optional[int]]],
+        root_path: str,
         path: str,
         query_string: bytes,
         headers: Headers,
-        scheme: str,
         remote_addr: t.Optional[str],
-        root_path: str,
-        server: t.Optional[t.Tuple[str, t.Optional[int]]],
     ) -> None:
+        #: The method the request was made with, such as ``GET``.
         self.method = method.upper()
+        #: The URL scheme of the protocol the request used, such as
+        #: ``https`` or ``wss``.
+        self.scheme = scheme
+        #: The address of the server. ``(host, port)``, ``(path, None)``
+        #: for unix sockets, or ``None`` if not known.
+        self.server = server
+        #: The prefix that the application is mounted under, without a
+        #: trailing slash. :attr:`path` comes after this.
+        self.root_path = root_path.rstrip("/")
+        #: The path part of the URL after :attr:`root_path`. This is the
+        #: path used for routing within the application.
         self.path = "/" + path.lstrip("/")
+        #: The part of the URL after the "?". This is the raw value, use
+        #: :attr:`args` for the parsed values.
         self.query_string = query_string
+        #: The headers received with the request.
         self.headers = headers
-        self.scheme = scheme
+        #: The address of the client sending the request.
         self.remote_addr = remote_addr
-        self.root_path = root_path.rstrip("/")
-        self.server = server
 
     def __repr__(self) -> str:
-        return f"<{type(self).__name__} {self.path} [{self.method}]>"
+        try:
+            url = self.url
+        except Exception as e:
+            url = f"(invalid URL: {e})"
+
+        return f"<{type(self).__name__} {url!r} [{self.method}]>"
 
     @property
     def url_charset(self) -> str:
@@ -174,9 +195,36 @@ def full_path(self) -> str:
 
     @property
     def is_secure(self) -> bool:
-        "`True` if the request is secure."
+        """``True`` if the request was made with a secure protocol
+        (HTTPS or WSS).
+        """
         return self.scheme in {"https", "wss"}
 
+    @cached_property
+    def url(self) -> str:
+        """The full request URL with the scheme, host, root path, path,
+        and query string."""
+        return get_current_url(
+            self.scheme, self.host, self.root_path, self.path, self.query_string
+        )
+
+    @cached_property
+    def base_url(self) -> str:
+        """Like :attr:`url` but without the query string."""
+        return get_current_url(self.scheme, self.host, self.root_path, self.path)
+
+    @cached_property
+    def root_url(self) -> str:
+        """The request URL scheme, host, and root path. This is the root
+        that the application is accessed from.
+        """
+        return get_current_url(self.scheme, self.host, self.root_path)
+
+    @cached_property
+    def host_url(self) -> str:
+        """The request URL scheme and host only."""
+        return get_current_url(self.scheme, self.host)
+
     @cached_property
     def host(self) -> str:
         """The host name the request was made to, including the port if
diff --git a/src/werkzeug/sansio/utils.py b/src/werkzeug/sansio/utils.py
index 05b7ebc66..1b4d8920c 100644
--- a/src/werkzeug/sansio/utils.py
+++ b/src/werkzeug/sansio/utils.py
@@ -2,6 +2,8 @@
 
 from .._internal import _encode_idna
 from ..exceptions import SecurityError
+from ..urls import uri_to_iri
+from ..urls import url_quote
 
 
 def host_is_trusted(hostname: str, trusted_list: t.Iterable[str]) -> bool:
@@ -97,3 +99,44 @@ def get_host(
             raise SecurityError(f"Host {host!r} is not trusted.")
 
     return host
+
+
+def get_current_url(
+    scheme: str,
+    host: str,
+    root_path: t.Optional[str] = None,
+    path: t.Optional[str] = None,
+    query_string: t.Optional[bytes] = None,
+) -> str:
+    """Recreate the URL for a request. If an optional part isn't
+    provided, it and subsequent parts are not included in the URL.
+
+    The URL is an IRI, not a URI, so it may contain Unicode characters.
+    Use :func:`~werkzeug.urls.iri_to_uri` to convert it to ASCII.
+
+    :param scheme: The protocol the request used, like ``"https"``.
+    :param host: The host the request was made to. See :func:`get_host`.
+    :param root_path: Prefix that the application is mounted under. This
+        is prepended to ``path``.
+    :param path: The path part of the URL after ``root_path``.
+    :param query_string: The portion of the URL after the "?".
+    """
+    url = [scheme, "://", host]
+
+    if root_path is None:
+        url.append("/")
+        return uri_to_iri("".join(url))
+
+    url.append(url_quote(root_path.rstrip("/")))
+    url.append("/")
+
+    if path is None:
+        return uri_to_iri("".join(url))
+
+    url.append(url_quote(path.lstrip("/")))
+
+    if query_string:
+        url.append("?")
+        url.append(url_quote(query_string, safe=":&%=+$!*'(),"))
+
+    return uri_to_iri("".join(url))
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index a30e495c3..ccc5dd4e5 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -19,7 +19,6 @@
 from ..utils import environ_property
 from ..wsgi import _get_server
 from ..wsgi import get_content_length
-from ..wsgi import get_current_url
 from ..wsgi import get_input_stream
 from werkzeug.exceptions import BadRequest
 
@@ -109,36 +108,23 @@ def __init__(
     ) -> None:
         super().__init__(
             method=environ.get("REQUEST_METHOD", "GET"),
+            scheme=environ.get("wsgi.url_scheme", "http"),
+            server=_get_server(environ),
+            root_path=_wsgi_decoding_dance(
+                environ.get("SCRIPT_NAME") or "", self.charset, self.encoding_errors
+            ),
             path=_wsgi_decoding_dance(
                 environ.get("PATH_INFO") or "", self.charset, self.encoding_errors
             ),
             query_string=environ.get("QUERY_STRING", "").encode("latin1"),
             headers=EnvironHeaders(environ),
-            scheme=environ.get("wsgi.url_scheme", "http"),
             remote_addr=environ.get("REMOTE_ADDR"),
-            root_path=_wsgi_decoding_dance(
-                environ.get("SCRIPT_NAME") or "", self.charset, self.encoding_errors
-            ),
-            server=_get_server(environ),
         )
         self.environ = environ
         if populate_request and not shallow:
             self.environ["werkzeug.request"] = self
         self.shallow = shallow
 
-    def __repr__(self) -> str:
-        # make sure the __repr__ even works if the request was created
-        # from an invalid WSGI environment.  If we display the request
-        # in a debug session we don't want the repr to blow up.
-        args = []
-        try:
-            args.append(f"'{self.url}'")
-            args.append(f"[{self.method}]")
-        except Exception:
-            args.append("(invalid WSGI environ)")
-
-        return f"<{type(self).__name__} {' '.join(args)}>"
-
     @classmethod
     def from_values(cls, *args, **kwargs) -> "Request":
         """Create a new request object based on the values provided.  If
@@ -488,41 +474,17 @@ def files(self) -> "ImmutableMultiDict[str, FileStorage]":
 
     @property
     def script_root(self) -> str:
-        """The root path of the script without the trailing slash."""
-        return self.root_path
-
-    @cached_property
-    def url(self) -> str:
-        """The reconstructed current URL as IRI.
-        See also: :attr:`trusted_hosts`.
-        """
-        return get_current_url(self.environ, trusted_hosts=self.trusted_hosts)
-
-    @cached_property
-    def base_url(self) -> str:
-        """Like :attr:`url` but without the querystring
-        See also: :attr:`trusted_hosts`.
+        """Alias for :attr:`self.root_path`. ``environ["SCRIPT_ROOT"]``
+        without a trailing slash.
         """
-        return get_current_url(
-            self.environ, strip_querystring=True, trusted_hosts=self.trusted_hosts
-        )
-
-    @cached_property
-    def url_root(self) -> str:
-        """The full URL root (with hostname), this is the application
-        root as IRI.
-        See also: :attr:`trusted_hosts`.
-        """
-        return get_current_url(self.environ, True, trusted_hosts=self.trusted_hosts)
+        return self.root_path
 
     @cached_property
-    def host_url(self) -> str:
-        """Just the host with scheme as IRI.
-        See also: :attr:`trusted_hosts`.
+    def url_root(self):
+        """Alias for :attr:`root_url`. The URL with scheme, host, and
+        root path. For example, ``https://example.com/app/``.
         """
-        return get_current_url(
-            self.environ, host_only=True, trusted_hosts=self.trusted_hosts
-        )
+        return self.root_url
 
     remote_user = environ_property[str](
         "REMOTE_USER",
diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py
index 194f8abc1..c06b2b0c7 100644
--- a/src/werkzeug/wsgi.py
+++ b/src/werkzeug/wsgi.py
@@ -8,8 +8,8 @@
 from ._internal import _make_encode_wrapper
 from ._internal import _to_bytes
 from ._internal import _to_str
-from .sansio.utils import get_host as sansio_get_host
-from .sansio.utils import host_is_trusted
+from .sansio import utils as _sansio_utils
+from .sansio.utils import host_is_trusted  # noqa: F401 # Imported as part of API
 from .urls import _URLTuple
 from .urls import uri_to_iri
 from .urls import url_join
@@ -41,53 +41,35 @@ def get_current_url(
     host_only: bool = False,
     trusted_hosts: t.Optional[t.Iterable[str]] = None,
 ) -> str:
-    """A handy helper function that recreates the full URL as IRI for the
-    current request or parts of it.  Here's an example:
-
-    >>> from werkzeug.test import create_environ
-    >>> env = create_environ("/?param=foo", "http://localhost/script")
-    >>> get_current_url(env)
-    'http://localhost/script/?param=foo'
-    >>> get_current_url(env, root_only=True)
-    'http://localhost/script/'
-    >>> get_current_url(env, host_only=True)
-    'http://localhost/'
-    >>> get_current_url(env, strip_querystring=True)
-    'http://localhost/script/'
-
-    This optionally it verifies that the host is in a list of trusted hosts.
-    If the host is not in there it will raise a
-    :exc:`~werkzeug.exceptions.SecurityError`.
-
-    Note that the string returned might contain unicode characters as the
-    representation is an IRI not an URI.  If you need an ASCII only
-    representation you can use the :func:`~werkzeug.urls.iri_to_uri`
-    function:
-
-    >>> from werkzeug.urls import iri_to_uri
-    >>> iri_to_uri(get_current_url(env))
-    'http://localhost/script/?param=foo'
-
-    :param environ: the WSGI environment to get the current URL from.
-    :param root_only: set `True` if you only want the root URL.
-    :param strip_querystring: set to `True` if you don't want the querystring.
-    :param host_only: set to `True` if the host URL should be returned.
-    :param trusted_hosts: a list of trusted hosts, see :func:`host_is_trusted`
-                          for more information.
+    """Recreate the URL for a request from the parts in a WSGI
+    environment.
+
+    The URL is an IRI, not a URI, so it may contain Unicode characters.
+    Use :func:`~werkzeug.urls.iri_to_uri` to convert it to ASCII.
+
+    :param environ: The WSGI environment to get the URL parts from.
+    :param root_only: Only build the root path, don't include the
+        remaining path or query string.
+    :param strip_querystring: Don't include the query string.
+    :param host_only: Only build the scheme and host.
+    :param trusted_hosts: A list of trusted host names to validate the
+        host against.
     """
-    tmp = [environ["wsgi.url_scheme"], "://", get_host(environ, trusted_hosts)]
-    cat = tmp.append
-    if host_only:
-        return uri_to_iri(f"{''.join(tmp)}/")
-    cat(url_quote(environ.get("SCRIPT_NAME", "").encode("latin1")).rstrip("/"))
-    cat("/")
-    if not root_only:
-        cat(url_quote(environ.get("PATH_INFO", "").encode("latin1").lstrip(b"/")))
-        if not strip_querystring:
-            qs = get_query_string(environ)
-            if qs:
-                cat(f"?{qs}")
-    return uri_to_iri("".join(tmp))
+    parts = {
+        "scheme": environ["wsgi.url_scheme"],
+        "host": get_host(environ, trusted_hosts),
+    }
+
+    if not host_only:
+        parts["root_path"] = environ.get("SCRIPT_NAME", "")
+
+        if not root_only:
+            parts["path"] = environ.get("PATH_INFO", "")
+
+            if not strip_querystring:
+                parts["query_string"] = environ.get("QUERY_STRING", "").encode("latin1")
+
+    return _sansio_utils.get_current_url(**parts)
 
 
 def _get_server(
@@ -127,7 +109,7 @@ def get_host(
     :raise ~werkzeug.exceptions.SecurityError: If the host is not
         trusted.
     """
-    return sansio_get_host(
+    return _sansio_utils.get_host(
         environ["wsgi.url_scheme"],
         environ.get("HTTP_HOST"),
         _get_server(environ),

From 237a17f45f03ef5291fbf496bb649afa9e5772f8 Mon Sep 17 00:00:00 2001
From: Miguel Grinberg 
Date: Sun, 28 Feb 2021 12:33:09 +0000
Subject: [PATCH 387/733] websocket handling

---
 CHANGES.rst             |  6 ++++
 examples/wsecho.py      | 79 +++++++++++++++++++++++++++++++++++++++++
 src/werkzeug/routing.py | 10 ++++--
 src/werkzeug/serving.py |  1 +
 tests/test_routing.py   | 11 ++++++
 5 files changed, 105 insertions(+), 2 deletions(-)
 create mode 100644 examples/wsecho.py

diff --git a/CHANGES.rst b/CHANGES.rst
index 90744d8c0..206bac26b 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -165,6 +165,12 @@ Unreleased
 -   ``request.values`` does not include ``form`` for GET requests (even
     though GET bodies are undefined). This prevents bad caching proxies
     from caching form data instead of query strings. :pr:`2037`
+-   The development server adds the underlying socket to ``environ`` as
+    ``werkzeug.socket``. This is non-standard and specific to the dev
+    server, other servers may expose this under their own key. It is
+    useful for handling a WebSocket upgrade request. :issue:`2052`
+-   URL matching assumes ``websocket=True`` mode for WebSocket upgrade
+    requests. :issue:`2052`
 
 
 Version 1.0.2
diff --git a/examples/wsecho.py b/examples/wsecho.py
new file mode 100644
index 000000000..c6d8775e2
--- /dev/null
+++ b/examples/wsecho.py
@@ -0,0 +1,79 @@
+"""Shows how you can implement a simple WebSocket echo server using the
+wsproto library.
+"""
+from werkzeug.exceptions import InternalServerError
+from werkzeug.serving import run_simple
+from werkzeug.wrappers import Request
+from werkzeug.wrappers import Response
+from wsproto import ConnectionType
+from wsproto import WSConnection
+from wsproto.events import AcceptConnection
+from wsproto.events import CloseConnection
+from wsproto.events import Message
+from wsproto.events import Ping
+from wsproto.events import Request as WSRequest
+from wsproto.events import TextMessage
+from wsproto.frame_protocol import CloseReason
+
+
+@Request.application
+def websocket(request):
+    # The underlying socket must be provided by the server. Gunicorn and
+    # Werkzeug's dev server are known to support this.
+    stream = request.environ.get("werkzeug.socket")
+
+    if stream is None:
+        stream = request.environ.get("gunicorn.socket")
+
+    if stream is None:
+        raise InternalServerError()
+
+    # Initialize the wsproto connection. Need to recreate the request
+    # data that was read by the WSGI server already.
+    ws = WSConnection(ConnectionType.SERVER)
+    in_data = b"GET %s HTTP/1.1\r\n" % request.path.encode("utf8")
+
+    for header, value in request.headers.items():
+        in_data += f"{header}: {value}\r\n".encode("utf8")
+
+    in_data += b"\r\n"
+    ws.receive_data(in_data)
+    running = True
+
+    while True:
+        out_data = b""
+
+        for event in ws.events():
+            if isinstance(event, WSRequest):
+                out_data += ws.send(AcceptConnection())
+            elif isinstance(event, CloseConnection):
+                out_data += ws.send(event.response())
+                running = False
+            elif isinstance(event, Ping):
+                out_data += ws.send(event.response())
+            elif isinstance(event, TextMessage):
+                # echo the incoming message back to the client
+                if event.data == "quit":
+                    out_data += ws.send(
+                        CloseConnection(CloseReason.NORMAL_CLOSURE, "bye")
+                    )
+                    running = False
+                else:
+                    out_data += ws.send(Message(data=event.data))
+
+        if out_data:
+            stream.send(out_data)
+
+        if not running:
+            break
+
+        in_data = stream.recv(4096)
+        ws.receive_data(in_data)
+
+    # The connection will be closed at this point, but WSGI still
+    # requires a response.
+    return Response("", status=204)
+
+
+if __name__ == "__main__":
+    run_simple("localhost", 5000, websocket)
diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index a6d3fa6b8..a7825d219 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -1634,15 +1634,21 @@ def bind_to_environ(
         wsgi_server_name = get_host(environ).lower()
         scheme = environ["wsgi.url_scheme"]
 
+        if (
+            environ.get("HTTP_CONNECTION", "").lower() == "upgrade"
+            and environ.get("HTTP_UPGRADE", "").lower() == "websocket"
+        ):
+            scheme = "wss" if scheme == "https" else "ws"
+
         if server_name is None:
             server_name = wsgi_server_name
         else:
             server_name = server_name.lower()
 
             # strip standard port to match get_host()
-            if scheme == "http" and server_name.endswith(":80"):
+            if scheme in {"http", "ws"} and server_name.endswith(":80"):
                 server_name = server_name[:-3]
-            elif scheme == "https" and server_name.endswith(":443"):
+            elif scheme in {"https", "wss"} and server_name.endswith(":443"):
                 server_name = server_name[:-4]
 
         if subdomain is None and not self.host_matching:
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 2233646a7..1c9c13b96 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -184,6 +184,7 @@ def shutdown_server():
             "wsgi.multiprocess": self.server.multiprocess,
             "wsgi.run_once": False,
             "werkzeug.server.shutdown": shutdown_server,
+            "werkzeug.socket": self.connection,
             "SERVER_SOFTWARE": self.server_version,
             "REQUEST_METHOD": self.command,
             "SCRIPT_NAME": "",
diff --git a/tests/test_routing.py b/tests/test_routing.py
index 40dcb1aeb..4a88f2f4d 100644
--- a/tests/test_routing.py
+++ b/tests/test_routing.py
@@ -62,6 +62,17 @@ def test_basic_routing():
     with pytest.raises(r.WebsocketMismatch):
         adapter.match("/foo", websocket=True)
 
+    adapter = map.bind_to_environ(
+        create_environ(
+            "/ws?foo=bar",
+            "http://example.org/",
+            headers=[("Connection", "Upgrade"), ("upgrade", "WebSocket")],
+        )
+    )
+    assert adapter.match("/ws") == ("ws", {})
+    with pytest.raises(r.WebsocketMismatch):
+        adapter.match("/ws", websocket=False)
+
 
 def test_merge_slashes_match():
     url_map = r.Map(

From b14df0ccc5d10ac9c3dfdaed1ca5faaf3db8a1f2 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Wed, 3 Mar 2021 20:36:40 +0000
Subject: [PATCH 388/733] Release 2.0.0rc2

---
 src/werkzeug/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index 48cf73cbf..c11b3b9fd 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -3,4 +3,4 @@
 from .wrappers import Request
 from .wrappers import Response
 
-__version__ = "2.0.0rc2.dev"
+__version__ = "2.0.0rc2"

From 3da0b233294d953670dc2512b3631574f57b75e6 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Wed, 3 Mar 2021 20:37:09 +0000
Subject: [PATCH 389/733] Following the release of 2.0.0rc2 continue with
 2.0.0rc3.dev

---
 src/werkzeug/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index c11b3b9fd..b86251f0f 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -3,4 +3,4 @@
 from .wrappers import Request
 from .wrappers import Response
 
-__version__ = "2.0.0rc2"
+__version__ = "2.0.0rc3.dev"

From 3003a0bace7b236ffed5d206bf169ce8c267e040 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Sun, 7 Mar 2021 21:30:26 +0000
Subject: [PATCH 390/733] Restore the previous Werkzeug LocalProxy __doc__
 behaviour

This ensures that sphinx (and others) can get a docstring for
current_app etc without a RuntimeError. See also
352cd7167984f805daf226966f38f8dfeb991313
---
 src/werkzeug/local.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index cdccbd82f..9e9fdd615 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -538,7 +538,9 @@ def _get_current_object(self) -> t.Any:
         except AttributeError:
             raise RuntimeError(f"no object bound to {self.__name}")  # type: ignore
 
-    __doc__ = _ProxyLookup(class_value=__doc__)  # type: ignore
+    __doc__ = _ProxyLookup(  # type: ignore
+        class_value=__doc__, fallback=lambda self: type(self).__doc__
+    )
     # __del__ should only delete the proxy
     __repr__ = _ProxyLookup(
         repr, fallback=lambda self: f"<{type(self).__name__} unbound>"

From 9fc48a2daef326b5e8d2c90e104f08d223324d98 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Sat, 13 Mar 2021 20:33:23 +0000
Subject: [PATCH 391/733] Utilise existing base class code rather than
 repeating

---
 src/werkzeug/wrappers/request.py | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index ccc5dd4e5..3d4fa9b53 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -13,12 +13,10 @@
 from ..datastructures import MultiDict
 from ..formparser import default_stream_factory
 from ..formparser import FormDataParser
-from ..http import parse_options_header
 from ..sansio.request import Request as _SansIORequest
 from ..utils import cached_property
 from ..utils import environ_property
 from ..wsgi import _get_server
-from ..wsgi import get_content_length
 from ..wsgi import get_input_stream
 from werkzeug.exceptions import BadRequest
 
@@ -267,12 +265,12 @@ def _load_form_data(self) -> None:
         _assert_not_shallow(self)
 
         if self.want_form_data_parsed:
-            content_type = self.environ.get("CONTENT_TYPE", "")
-            content_length = get_content_length(self.environ)
-            mimetype, options = parse_options_header(content_type)
             parser = self.make_form_data_parser()
             data = parser.parse(
-                self._get_stream_for_parsing(), mimetype, content_length, options
+                self._get_stream_for_parsing(),
+                self.mimetype,
+                self.content_length,
+                self.mimetype_params,
             )
         else:
             data = (

From 2f0d8a7725ef3ac606d022fb16333ed482bebeaf Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Sun, 14 Mar 2021 15:25:38 +0000
Subject: [PATCH 392/733] Fix the sans-io request content length method

The previous implementation assumed a WSGI environment.
---
 src/werkzeug/sansio/request.py | 13 +++++++++++--
 tests/sansio/test_request.py   | 20 ++++++++++++++++++++
 2 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 tests/sansio/test_request.py

diff --git a/src/werkzeug/sansio/request.py b/src/werkzeug/sansio/request.py
index 3a1db75e5..8c22d4e2c 100644
--- a/src/werkzeug/sansio/request.py
+++ b/src/werkzeug/sansio/request.py
@@ -31,7 +31,6 @@
 from ..useragents import UserAgent
 from ..utils import cached_property
 from ..utils import header_property
-from ..wsgi import get_content_length
 from .utils import get_current_url
 from .utils import get_host
 
@@ -263,7 +262,17 @@ def content_length(self) -> t.Optional[int]:
         the entity-body that would have been sent had the request been a
         GET.
         """
-        return get_content_length(self.headers)
+        if self.headers.get("Transfer-Encoding", "") == "chunked":
+            return None
+
+        content_length = self.headers.get("Content-Length")
+        if content_length is not None:
+            try:
+                return max(0, int(content_length))
+            except (ValueError, TypeError):
+                pass
+
+        return None
 
     content_encoding = header_property[str](
         "Content-Encoding",
diff --git a/tests/sansio/test_request.py b/tests/sansio/test_request.py
new file mode 100644
index 000000000..e34b2c626
--- /dev/null
+++ b/tests/sansio/test_request.py
@@ -0,0 +1,20 @@
+import typing as t
+
+import pytest
+
+from werkzeug.datastructures import Headers
+from werkzeug.sansio.request import Request
+
+
+@pytest.mark.parametrize(
+    "headers, expected",
+    [
+        (Headers({"Transfer-Encoding": "chunked", "Content-Length": "6"}), None),
+        (Headers({"Transfer-Encoding": "something", "Content-Length": "6"}), 6),
+        (Headers({"Content-Length": "6"}), 6),
+        (Headers(), None),
+    ],
+)
+def test_content_length(headers: Headers, expected: t.Optional[int]) -> None:
+    req = Request("POST", "http", None, "", "", b"", headers, None)
+    assert req.content_length == expected

From 57acc4236044803956686c3f0f6ae0cacd2986b0 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Sun, 14 Mar 2021 19:20:47 +0000
Subject: [PATCH 393/733] Fix sansio request cookies

The expectation for cookie parsing is that any multiple cookies
headers are joined with a semicolon separator as WSGI does.
---
 src/werkzeug/sansio/request.py | 3 ++-
 tests/sansio/test_request.py   | 7 +++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/werkzeug/sansio/request.py b/src/werkzeug/sansio/request.py
index 8c22d4e2c..be3cdc9a8 100644
--- a/src/werkzeug/sansio/request.py
+++ b/src/werkzeug/sansio/request.py
@@ -237,8 +237,9 @@ def host(self) -> str:
     def cookies(self) -> "ImmutableMultiDict[str, str]":
         """A :class:`dict` with the contents of all cookies transmitted with
         the request."""
+        wsgi_combined_cookie = ";".join(self.headers.getlist("Cookie"))
         return parse_cookie(  # type: ignore
-            self.headers.get("Cookie"),
+            wsgi_combined_cookie,
             self.charset,
             self.encoding_errors,
             cls=self.dict_storage_class,
diff --git a/tests/sansio/test_request.py b/tests/sansio/test_request.py
index e34b2c626..310b24480 100644
--- a/tests/sansio/test_request.py
+++ b/tests/sansio/test_request.py
@@ -18,3 +18,10 @@
 def test_content_length(headers: Headers, expected: t.Optional[int]) -> None:
     req = Request("POST", "http", None, "", "", b"", headers, None)
     assert req.content_length == expected
+
+
+def test_cookies() -> None:
+    headers = Headers([("Cookie", "a=b"), ("Content-Type", "text"), ("Cookie", "a=c")])
+    req = Request("GET", "http", None, "", "", b"", headers, None)
+    assert req.cookies.get("a") == "b"
+    assert req.cookies.getlist("a") == ["b", "c"]

From 888b26f8141393c620b675408fbf8b4648be860e Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 15 Mar 2021 17:01:31 +0000
Subject: [PATCH 394/733] [pre-commit.ci] pre-commit autoupdate

---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 29cb7160b..42a816a02 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -20,7 +20,7 @@ repos:
     hooks:
       - id: black
   - repo: https://gitlab.com/pycqa/flake8
-    rev: 3.8.4
+    rev: 3.9.0
     hooks:
       - id: flake8
         additional_dependencies:

From b12649785fef71eb4ecaafca59caeb15e51bc1dd Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Wed, 17 Mar 2021 20:22:16 +0000
Subject: [PATCH 395/733] Release 2.0.0rc3

---
 src/werkzeug/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index b86251f0f..93aabd801 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -3,4 +3,4 @@
 from .wrappers import Request
 from .wrappers import Response
 
-__version__ = "2.0.0rc3.dev"
+__version__ = "2.0.0rc3"

From aa4e272a0da7910476a8d6d12bd3b48f9939ef26 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Wed, 17 Mar 2021 20:23:00 +0000
Subject: [PATCH 396/733] Following the release of 2.0.0rc3 continue with
 2.0.0rc4.dev

---
 src/werkzeug/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index 93aabd801..52238e5c3 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -3,4 +3,4 @@
 from .wrappers import Request
 from .wrappers import Response
 
-__version__ = "2.0.0rc3"
+__version__ = "2.0.0rc4.dev"

From 26572f77598bb402d50ab437f81457f1cda8e3b9 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Fri, 19 Mar 2021 19:50:47 +0000
Subject: [PATCH 397/733] [Security] Bump urllib3 from 1.26.2 to 1.26.3

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.2 to 1.26.3. **This update includes a security fix.**
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.2...1.26.3)

Signed-off-by: dependabot-preview[bot] 
---
 requirements/dev.txt  | 2 +-
 requirements/docs.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 52ab0b564..c5ef14284 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -135,7 +135,7 @@ typed-ast==1.4.2
     # via mypy
 typing-extensions==3.7.4.3
     # via mypy
-urllib3==1.26.2
+urllib3==1.26.3
     # via requests
 virtualenv==20.3.0
     # via
diff --git a/requirements/docs.txt b/requirements/docs.txt
index 2e51efc92..f60ce4610 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -60,7 +60,7 @@ sphinxcontrib-qthelp==1.0.3
     # via sphinx
 sphinxcontrib-serializinghtml==1.1.4
     # via sphinx
-urllib3==1.26.2
+urllib3==1.26.3
     # via requests
 
 # The following packages are considered to be unsafe in a requirements file:

From cf08ff186dabbf59d2dc03cf55bcb7bbd8247b9f Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Fri, 19 Mar 2021 21:43:21 +0000
Subject: [PATCH 398/733] [Security] Bump jinja2 from 2.11.2 to 2.11.3

Bumps [jinja2](https://github.com/pallets/jinja) from 2.11.2 to 2.11.3. **This update includes a security fix.**
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/master/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/2.11.2...2.11.3)

Signed-off-by: dependabot-preview[bot] 
---
 requirements/dev.txt  | 2 +-
 requirements/docs.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index c5ef14284..d66e9669e 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -42,7 +42,7 @@ imagesize==1.2.0
     # via sphinx
 iniconfig==1.1.1
     # via pytest
-jinja2==2.11.2
+jinja2==2.11.3
     # via sphinx
 markupsafe==1.1.1
     # via jinja2
diff --git a/requirements/docs.txt b/requirements/docs.txt
index f60ce4610..ac984e040 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -18,7 +18,7 @@ idna==2.10
     # via requests
 imagesize==1.2.0
     # via sphinx
-jinja2==2.11.2
+jinja2==2.11.3
     # via sphinx
 markupsafe==1.1.1
     # via jinja2

From d7393a3f5683cf8ca08b39f60eab3f9b1f83ba27 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 22 Mar 2021 17:05:18 +0000
Subject: [PATCH 399/733] [pre-commit.ci] pre-commit autoupdate

---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 42a816a02..b562d0509 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.10.0
+    rev: v2.11.0
     hooks:
       - id: pyupgrade
         args: ["--py36-plus"]

From f781f7a4eb66ce76b6033ca235047a237900e599 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 22 Mar 2021 17:05:51 +0000
Subject: [PATCH 400/733] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 tests/test_test.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/test_test.py b/tests/test_test.py
index b27b8ff27..25333b2af 100644
--- a/tests/test_test.py
+++ b/tests/test_test.py
@@ -831,7 +831,7 @@ def test_post_with_file_descriptor(tmpdir):
     c = Client(Response())
     f = tmpdir.join("some-file.txt")
     f.write("foo")
-    with open(f.strpath, mode="rt") as data:
+    with open(f.strpath) as data:
         resp = c.post("/", data=data)
     assert resp.status_code == 200
     with open(f.strpath, mode="rb") as data:

From 903b94b803b99d8200c4b818b03315b7b77a5bf5 Mon Sep 17 00:00:00 2001
From: Dave Brondsema 
Date: Mon, 22 Mar 2021 13:49:24 -0400
Subject: [PATCH 401/733] Use realpath when checking potential library
 directories (#2073)

use realpath when checking potential library directories
---
 src/werkzeug/debug/tbtools.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py
index ec9e7c6b1..75b4cd2c5 100644
--- a/src/werkzeug/debug/tbtools.py
+++ b/src/werkzeug/debug/tbtools.py
@@ -461,7 +461,8 @@ def render(self, mark_lib: bool = True) -> str:
     @cached_property
     def is_library(self) -> bool:
         return any(
-            self.filename.startswith(path) for path in sysconfig.get_paths().values()
+            self.filename.startswith(os.path.realpath(path))
+            for path in sysconfig.get_paths().values()
         )
 
     def render_text(self) -> str:

From 103852364ea6ba0e770a4191abd385208a614618 Mon Sep 17 00:00:00 2001
From: Saif Kazi <50794619+Saif807380@users.noreply.github.com>
Date: Thu, 25 Mar 2021 22:23:10 +0530
Subject: [PATCH 402/733] update UserAgentParser to handle more use cases
 (#2074)

---
 CHANGES.rst                |  3 ++-
 src/werkzeug/useragents.py | 12 +++++++++-
 tests/test_useragents.py   |  2 +-
 tests/test_wrappers.py     | 48 +++++++++++++++++++++++++++-----------
 4 files changed, 48 insertions(+), 17 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 206bac26b..fd21b24bc 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -171,6 +171,7 @@ Unreleased
     useful for handling a WebSocket upgrade request. :issue:`2052`
 -   URL matching assumes ``websocket=True`` mode for WebSocket upgrade
     requests. :issue:`2052`
+-   Updated ``UserAgentParser`` to handle more cases. :issue:`1971`
 
 
 Version 1.0.2
@@ -178,7 +179,7 @@ Version 1.0.2
 
 Unreleased
 
--   Add new "edg" identifier for Edge in UserAgentPreparser.
+-   Add new "edg" identifier for Edge in ``UserAgentParser``.
     :issue:`1797`
 -   Upgrade the debugger to jQuery 3.5.1. :issue:`1802`
 
diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py
index 0c6be1717..11af5b06b 100644
--- a/src/werkzeug/useragents.py
+++ b/src/werkzeug/useragents.py
@@ -84,8 +84,18 @@ def __call__(
                 break
         else:
             platform = None
+
+        # Except for Trident, all browser key words come after the last ')'
+        last_closing_paren = 0
+        if (
+            not re.compile(r"trident/.+? rv:", re.I).search(user_agent)
+            and ")" in user_agent
+            and user_agent[-1] != ")"
+        ):
+            last_closing_paren = user_agent.rindex(")")
+
         for browser, regex in self.browsers:  # noqa: B007
-            match = regex.search(user_agent)
+            match = regex.search(user_agent[last_closing_paren:])
             if match is not None:
                 version = match.group(1)
                 break
diff --git a/tests/test_useragents.py b/tests/test_useragents.py
index 5727d4ab3..d43e9258a 100644
--- a/tests/test_useragents.py
+++ b/tests/test_useragents.py
@@ -30,7 +30,7 @@
             None,
         ),
         (
-            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4123.0 Safari/537.36 Edg/84.0.499.0 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",  # noqa B950
+            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4123.0 Safari/537.36 Edg/84.0.499.0",  # noqa B950
             "windows",
             "edge",
             "84.0.499.0",
diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py
index 254c3f164..f1a183a27 100644
--- a/tests/test_wrappers.py
+++ b/tests/test_wrappers.py
@@ -446,8 +446,9 @@ def test_etag_request():
     assert request.if_unmodified_since == dt
 
 
-def test_user_agent():
-    user_agents = [
+@pytest.mark.parametrize(
+    ("user_agent", "browser", "platform", "version", "language"),
+    (
         (
             "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) "
             "Gecko/20071127 Firefox/2.0.0.11",
@@ -626,19 +627,38 @@ def test_user_agent():
             "51.0.2704.106",
             None,
         ),
-    ]
-    for ua, browser, platform, version, lang in user_agents:
-        request = wrappers.Request(
-            {"HTTP_USER_AGENT": ua, "SERVER_NAME": "eggs", "SERVER_PORT": "80"}
-        )
-        assert request.user_agent.browser == browser
-        assert request.user_agent.platform == platform
-        assert request.user_agent.version == version
-        assert request.user_agent.language == lang
-        assert bool(request.user_agent)
-        assert request.user_agent.to_header() == ua
-        assert str(request.user_agent) == ua
+        (
+            "Mozilla/5.0 (Linux; Android; motorola edge) AppleWebKit/537.36 "
+            "(KHTML, like Gecko) Chrome/85.0.4183.81 Mobile Safari/537.36",
+            "chrome",
+            "android",
+            "85.0.4183.81",
+            None,
+        ),
+        (
+            "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; "
+            ".NET CLR 1.1.4322)",
+            "msie",
+            "windows",
+            "7.0",
+            None,
+        ),
+    ),
+)
+def test_user_agent(user_agent, browser, platform, version, language):
+    request = wrappers.Request(
+        {"HTTP_USER_AGENT": user_agent, "SERVER_NAME": "eggs", "SERVER_PORT": "80"}
+    )
+    assert request.user_agent.browser == browser
+    assert request.user_agent.platform == platform
+    assert request.user_agent.version == version
+    assert request.user_agent.language == language
+    assert bool(request.user_agent)
+    assert request.user_agent.to_header() == user_agent
+    assert str(request.user_agent) == user_agent
+
 
+def test_invalid_user_agent():
     request = wrappers.Request(
         {"HTTP_USER_AGENT": "foo", "SERVER_NAME": "eggs", "SERVER_PORT": "80"}
     )

From 033df904a8d6bf4ac0f3cd249f2ad7c55870a4f9 Mon Sep 17 00:00:00 2001
From: Saif807380 
Date: Tue, 30 Mar 2021 11:33:11 +0530
Subject: [PATCH 403/733] fixed DechunkedInput.readinto to not read more than
 size of buffer

---
 CHANGES.rst             |  2 ++
 src/werkzeug/serving.py | 15 ++++++++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index fd21b24bc..0a65e50f8 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -172,6 +172,8 @@ Unreleased
 -   URL matching assumes ``websocket=True`` mode for WebSocket upgrade
     requests. :issue:`2052`
 -   Updated ``UserAgentParser`` to handle more cases. :issue:`1971`
+-   ``werzeug.DechunkedInput.readinto`` will not read beyond the size of
+    the buffer. :issue:`2021`
 
 
 Version 1.0.2
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 1c9c13b96..b0dad7378 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -122,9 +122,18 @@ def readinto(self, buf: bytearray) -> int:  # type: ignore
                 # buffer. If this operation fully consumes the chunk, this will
                 # reset self._len to 0.
                 n = min(len(buf), self._len)
-                buf[read : read + n] = self._rfile.read(n)
-                self._len -= n
-                read += n
+
+                # If (read + chunk size) becomes more than len(buf), buf will
+                # grow beyond the original size and read more data than
+                # required. So only read as much data as can fit in buf.
+                if read + n > len(buf):
+                    buf[read:] = self._rfile.read(len(buf) - read)
+                    self._len -= len(buf) - read
+                    read = len(buf)
+                else:
+                    buf[read : read + n] = self._rfile.read(n)
+                    self._len -= n
+                    read += n
 
             if self._len == 0:
                 # Skip the terminating newline of a chunk that has been fully

From fd8df2f60a51781498254ba828d3ba6a2d5e04e4 Mon Sep 17 00:00:00 2001
From: Anthony Sottile 
Date: Fri, 26 Feb 2021 22:21:12 -0800
Subject: [PATCH 404/733] fix connection reset when over max content size

the current version of werkzeug fails to exhaust the input stream
when it detects that the content exceeds the configured max size.
when run with gunicorn, the stream is never exhausted which leads
to firefox (and others) reporting a connection reset as they
receive the response without the body being uploaded.

here's a sample application:

```python
from flask import Flask, request, redirect, url_for

class Config:
    SECRET_KEY = 'foo'
    MAX_CONTENT_LENGTH = 1024 * 1024 * 1

app = Flask(__name__)
app.config.from_object(Config)

@app.route('/')
def index():
    return '''\


  
    File Upload
          
         
 
  
    
    File Upload
    
    
    
      
    
      
    
    
    
  

'''

@app.route('/', methods=['POST'])
def upload_file():
    request.files['file']
    print('uploaded!')
    return redirect(url_for('index'))
```

when run with gunicorn:

```bash
strace -f gunicorn --bind 127.0.0.1:8080 app:app --access-logfile - 2> log
```

the strace indicates the following happens:

```
[pid 24372] recvfrom(9, "POST / HTTP/1.1\r\nHost: localhost"..., 8192, 0, NULL, NULL) = 8192
...
[pid 24372] sendto(9, "HTTP/1.1 413 REQUEST ENTITY TOO "..., 183, 0, NULL, 0) = 183
[pid 24372] sendto(9, " None:
+    bts = stream.read(64 * 1024)
+    while bts:
+        bts = stream.read(64 * 1024)
+
+
 def default_stream_factory(
     total_content_length: int,
     content_type: t.Optional[str],
@@ -241,6 +247,8 @@ def parse(
             and content_length is not None
             and content_length > self.max_content_length
         ):
+            # if the input stream is not exhausted, firefox reports Connection Reset
+            _exhaust(stream)
             raise exceptions.RequestEntityTooLarge()
 
         if options is None:
@@ -293,6 +301,8 @@ def _parse_urlencoded(
             and content_length is not None
             and content_length > self.max_form_memory_size
         ):
+            # if the input stream is not exhausted, firefox reports Connection Reset
+            _exhaust(stream)
             raise exceptions.RequestEntityTooLarge()
 
         form = url_decode_stream(stream, self.charset, errors=self.errors, cls=self.cls)
diff --git a/tests/test_formparser.py b/tests/test_formparser.py
index 05215c20c..18ed1c0b5 100644
--- a/tests/test_formparser.py
+++ b/tests/test_formparser.py
@@ -84,6 +84,22 @@ def test_limiting(self):
         req.max_content_length = 4
         pytest.raises(RequestEntityTooLarge, lambda: req.form["foo"])
 
+        # when the request entity is too large, the input stream should be
+        # drained so that firefox (and others) do not report connection reset
+        # when run through gunicorn
+        # a sufficiently large stream is necessary for block-based reads
+        input_stream = io.BytesIO(b"foo=" + b"x" * 128 * 1024)
+        req = Request.from_values(
+            input_stream=input_stream,
+            content_length=len(data),
+            content_type="multipart/form-data; boundary=foo",
+            method="POST",
+        )
+        req.max_content_length = 4
+        pytest.raises(RequestEntityTooLarge, lambda: req.form["foo"])
+        # ensure that the stream is exhausted
+        assert input_stream.read() == b""
+
         req = Request.from_values(
             input_stream=io.BytesIO(data),
             content_length=len(data),

From a4c8dbab1488b1dfacdde9bea7e6a0eb02ebd244 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 5 Apr 2021 17:10:30 +0000
Subject: [PATCH 405/733] [pre-commit.ci] pre-commit autoupdate

---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index b562d0509..f7fd231f5 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -19,7 +19,7 @@ repos:
     rev: 20.8b1
     hooks:
       - id: black
-  - repo: https://gitlab.com/pycqa/flake8
+  - repo: https://github.com/PyCQA/flake8
     rev: 3.9.0
     hooks:
       - id: flake8

From 01eb6ae4bbc048d291c1bcd9c232b4d6eef0b70f Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 6 Apr 2021 18:01:44 +0000
Subject: [PATCH 406/733] [Security] Bump urllib3 from 1.26.3 to 1.26.4

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.3 to 1.26.4. **This update includes a security fix.**
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.3...1.26.4)

Signed-off-by: dependabot-preview[bot] 
---
 requirements/dev.txt  | 2 +-
 requirements/docs.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index d66e9669e..b40d75d27 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -135,7 +135,7 @@ typed-ast==1.4.2
     # via mypy
 typing-extensions==3.7.4.3
     # via mypy
-urllib3==1.26.3
+urllib3==1.26.4
     # via requests
 virtualenv==20.3.0
     # via
diff --git a/requirements/docs.txt b/requirements/docs.txt
index ac984e040..97c9f8980 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -60,7 +60,7 @@ sphinxcontrib-qthelp==1.0.3
     # via sphinx
 sphinxcontrib-serializinghtml==1.1.4
     # via sphinx
-urllib3==1.26.3
+urllib3==1.26.4
     # via requests
 
 # The following packages are considered to be unsafe in a requirements file:

From 931b0ecbc88821cf90cbb2eac231f3a9d439462c Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 8 Apr 2021 17:51:30 -0700
Subject: [PATCH 407/733] deprecate user agent parser

---
 CHANGES.rst                    |   4 +
 docs/quickstart.rst            |  18 +---
 docs/utils.rst                 |  24 ++++-
 src/werkzeug/sansio/request.py |  25 ++++-
 src/werkzeug/user_agent.py     |  47 ++++++++
 src/werkzeug/useragents.py     | 192 +++++++++++++++++----------------
 tests/test_useragents.py       |   4 +-
 tests/test_wrappers.py         |  20 ++--
 8 files changed, 210 insertions(+), 124 deletions(-)
 create mode 100644 src/werkzeug/user_agent.py

diff --git a/CHANGES.rst b/CHANGES.rst
index a8f5f994e..12789cc4f 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -18,6 +18,10 @@ Unreleased
     :issue:`1834`
 -   Deprecate the ``environ["werkzeug.server.shutdown"]`` function
     that is available when running the development server. :issue:`1752`
+-   Deprecate the ``useragents`` module and the built-in user agent
+    parser. Use a dedicated parser library instead by subclassing
+    ``user_agent.UserAgent`` and setting ``Request.user_agent_class``.
+    :issue:`2078`
 -   Remove the unused, internal ``posixemulation`` module. :issue:`1759`
 -   All ``datetime`` values are timezone-aware with
     ``tzinfo=timezone.utc``. This applies to anything using
diff --git a/docs/quickstart.rst b/docs/quickstart.rst
index be4574f22..1568892b0 100644
--- a/docs/quickstart.rst
+++ b/docs/quickstart.rst
@@ -124,7 +124,6 @@ so that we can play with it:
 
 >>> environ = create_environ()
 >>> environ.update(
-...     HTTP_USER_AGENT='Mozilla/5.0 (Macintosh; U; Mac OS X 10.5; en-US; ) Firefox/3.1',
 ...     HTTP_ACCEPT='text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
 ...     HTTP_ACCEPT_LANGUAGE='de-at,en-us;q=0.8,en;q=0.5',
 ...     HTTP_ACCEPT_ENCODING='gzip,deflate',
@@ -136,20 +135,9 @@ so that we can play with it:
 ...
 >>> request = Request(environ)
 
-Let's start with the most useless header: the user agent:
-
->>> request.user_agent.browser
-'firefox'
->>> request.user_agent.platform
-'macos'
->>> request.user_agent.version
-'3.1'
->>> request.user_agent.language
-'en-US'
-
-A more useful header is the accept header.  With this header the browser
-informs the web application what mimetypes it can handle and how well.  All
-accept headers are sorted by the quality, the best item being the first:
+With the accept header the browser informs the web application what
+mimetypes it can handle and how well. All accept headers are sorted by
+the quality, the best item being the first:
 
 >>> request.accept_mimetypes.best
 'text/html'
diff --git a/docs/utils.rst b/docs/utils.rst
index 5df9d2291..b7f80df78 100644
--- a/docs/utils.rst
+++ b/docs/utils.rst
@@ -51,13 +51,31 @@ URL Helpers
 
 Please refer to :doc:`urls`.
 
-UserAgent Parsing
-=================
+
+User Agent API
+==============
+
+.. module:: werkzeug.user_agent
+
+.. autoclass:: UserAgent
+    :members:
+    :member-order: bysource
+
+
+UserAgent Parsing (deprecated)
+==============================
 
 .. module:: werkzeug.useragents
 
+.. deprecated:: 2.0.0
+    This module will be removed in Werkzeug 2.1. Subclass
+    :class:`werkzeug.user_agent.UserAgent` to use a dedicated parser
+    instead.
+
 .. autoclass:: UserAgent
-   :members:
+    :members:
+    :inherited-members:
+    :member-order: bysource
 
 
 Security Helpers
diff --git a/src/werkzeug/sansio/request.py b/src/werkzeug/sansio/request.py
index be3cdc9a8..c6f20acbe 100644
--- a/src/werkzeug/sansio/request.py
+++ b/src/werkzeug/sansio/request.py
@@ -28,7 +28,8 @@
 from ..http import parse_range_header
 from ..http import parse_set_header
 from ..urls import url_decode
-from ..useragents import UserAgent
+from ..user_agent import UserAgent
+from ..useragents import UserAgent as _DeprecatedUserAgent
 from ..utils import cached_property
 from ..utils import header_property
 from .utils import get_current_url
@@ -94,6 +95,16 @@ class Request:
     #: .. versionadded:: 0.6
     list_storage_class: t.Type[t.List] = ImmutableList
 
+    user_agent_class = _DeprecatedUserAgent
+    """The class used and returned by the :attr:`user_agent` property to
+    parse the header. Defaults to
+    :class:`~werkzeug.user_agent.UserAgent`, which does no parsing. An
+    extension can provide a subclass that uses a parser to provide other
+    data.
+
+    .. versionadded:: 2.0.0
+    """
+
     #: Valid host names when handling requests. By default all hosts are
     #: trusted, which means that whatever the client says the host is
     #: will be accepted.
@@ -470,8 +481,16 @@ def range(self) -> t.Optional[Range]:
 
     @cached_property
     def user_agent(self) -> UserAgent:
-        """The current user agent."""
-        return UserAgent(self.headers.get("User-Agent", ""))  # type: ignore
+        """The user agent. Use ``user_agent.string`` to get the header
+        value. Set :attr:`user_agent_class` to a subclass of
+        :class:`~werkzeug.user_agent.UserAgent` to provide parsing for
+        the other properties or other extended data.
+
+        .. versionchanged:: 2.0.0
+            The built in parser is deprecated, a ``UserAgent`` subclass
+            must be set to parse data from the string.
+        """
+        return self.user_agent_class(t.cast(str, self.headers.get("User-Agent", "")))
 
     # Authorization
 
diff --git a/src/werkzeug/user_agent.py b/src/werkzeug/user_agent.py
new file mode 100644
index 000000000..0c207b343
--- /dev/null
+++ b/src/werkzeug/user_agent.py
@@ -0,0 +1,47 @@
+import typing as t
+
+
+class UserAgent:
+    """Represents a parsed user agent header value.
+
+    The default implementation does no parsing, only the :attr:`string`
+    attribute is set. A subclass may parse the string to set the
+    common attributes or expose other information. Set
+    :attr:`werkzeug.wrappers.Request.user_agent_class` to use a
+    subclass.
+
+    :param string: The header value to parse.
+
+    .. versionadded:: 2.0.0
+        This replaces the previous ``useragents`` module, but does not
+        provide a built-in parser.
+    """
+
+    platform: t.Optional[str] = None
+    """The OS name, if it could be parsed from the string."""
+
+    browser: t.Optional[str] = None
+    """The browser name, if it could be parsed from the string."""
+
+    version: t.Optional[str] = None
+    """The browser version, if it could be parsed from the string."""
+
+    language: t.Optional[str] = None
+    """The browser language, if it could be parsed from the string."""
+
+    def __init__(self, string: str) -> None:
+        self.string: str = string
+        """The original header value."""
+
+    def __repr__(self):
+        return f"<{type(self).__name__} {self.browser}/{self.version}>"
+
+    def __str__(self) -> str:
+        return self.string
+
+    def __bool__(self) -> bool:
+        return bool(self.browser)
+
+    def to_header(self) -> str:
+        """Convert to a header value."""
+        return self.string
diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py
index 11af5b06b..59ff017da 100644
--- a/src/werkzeug/useragents.py
+++ b/src/werkzeug/useragents.py
@@ -1,13 +1,14 @@
 import re
 import typing as t
+import warnings
+
+from .user_agent import UserAgent as _BaseUserAgent
 
 if t.TYPE_CHECKING:
     from wsgiref.types import WSGIEnvironment
 
 
-class UserAgentParser:
-    """A simple user agent parser.  Used by the `UserAgent`."""
-
+class _UserAgentParser:
     platform_rules: t.ClassVar[t.Iterable[t.Tuple[str, str]]] = (
         (" cros ", "chromeos"),
         ("iphone|ios", "iphone"),
@@ -109,102 +110,105 @@ def __call__(
         return platform, browser, version, language
 
 
-class UserAgent:
-    """Represents a user agent.  Pass it a WSGI environment or a user agent
-    string and you can inspect some of the details from the user agent
-    string via the attributes.  The following attributes exist:
-
-    .. attribute:: string
-
-       the raw user agent string
-
-    .. attribute:: platform
-
-       the browser platform. ``None`` if not recognized.
-       The following platforms are currently recognized:
-
-       -   `aix`
-       -   `amiga`
-       -   `android`
-       -   `blackberry`
-       -   `bsd`
-       -   `chromeos`
-       -   `dragonflybsd`
-       -   `freebsd`
-       -   `hpux`
-       -   `ipad`
-       -   `iphone`
-       -   `irix`
-       -   `linux`
-       -   `macos`
-       -   `netbsd`
-       -   `openbsd`
-       -   `sco`
-       -   `solaris`
-       -   `symbian`
-       -   `wii`
-       -   `windows`
-
-    .. attribute:: browser
-
-        the name of the browser. ``None`` if not recognized.
-        The following browsers are currently recognized:
-
-        -   `aol` *
-        -   `ask` *
-        -   `baidu` *
-        -   `bing` *
-        -   `camino`
-        -   `chrome`
-        -   `edge`
-        -   `firefox`
-        -   `galeon`
-        -   `google` *
-        -   `kmeleon`
-        -   `konqueror`
-        -   `links`
-        -   `lynx`
-        -   `mozilla`
-        -   `msie`
-        -   `msn`
-        -   `netscape`
-        -   `opera`
-        -   `safari`
-        -   `seamonkey`
-        -   `webkit`
-        -   `yahoo` *
-
-        (Browsers marked with a star (``*``) are crawlers.)
-
-    .. attribute:: version
-
-        the version of the browser. ``None`` if not recognized.
-
-    .. attribute:: language
-
-        the language of the browser. ``None`` if not recognized.
+# It wasn't public, but users might have imported it anyway, show a
+# warning if a user created an instance.
+class UserAgentParser(_UserAgentParser):
+    """A simple user agent parser.  Used by the `UserAgent`.
+
+    .. deprecated:: 2.0.0
+        Will be removed in 2.1. Use a dedicated parser library instead.
     """
 
-    _parser = UserAgentParser()
+    def __init__(self):
+        warnings.warn(
+            "'UserAgentParser' is deprecated and will be removed in"
+            " Werkzeug 2.1. Use a dedicated parser library instead.",
+            DeprecationWarning,
+            stacklevel=2,
+        )
+        super().__init__()
+
+
+class _deprecated_property(property):
+    def __init__(self, fget):
+        super().__init__(fget)
+        self.message = (
+            "The built-in user agent parser is deprecated and will be"
+            f" removed in Werkzeug 2.1. The {fget.__name__!r} property"
+            " will be 'None'. Subclass 'werkzeug.user_agent.UserAgent'"
+            " and set 'Request.user_agent_class' to use a different"
+            " parser."
+        )
 
-    def __init__(self, environ_or_string: t.Union["WSGIEnvironment", str]) -> None:
-        if isinstance(environ_or_string, dict):
-            self.string = environ_or_string.get("HTTP_USER_AGENT", "")
-        else:
-            self.string = environ_or_string
+    def __get__(self, *args, **kwargs):
+        warnings.warn(self.message, DeprecationWarning, stacklevel=3)
+        return super().__get__(*args, **kwargs)
 
-        self.platform, self.browser, self.version, self.language = self._parser(
-            self.string
-        )
 
-    def to_header(self) -> str:
-        return self.string
+# This is what Request.user_agent returns for now, only show warnings on
+# attribute access, not creation.
+class _UserAgent(_BaseUserAgent):
+    _parser = _UserAgentParser()
+
+    def __init__(self, string: str) -> None:
+        super().__init__(string)
+        info = self._parser(string)
+        self._platform, self._browser, self._version, self._language = info
+
+    @_deprecated_property
+    def platform(self) -> t.Optional[str]:  # type: ignore
+        return self._platform
+
+    @_deprecated_property
+    def browser(self) -> t.Optional[str]:  # type: ignore
+        return self._browser
 
-    def __str__(self) -> str:
-        return self.string
+    @_deprecated_property
+    def version(self) -> t.Optional[str]:  # type: ignore
+        return self._version
 
-    def __bool__(self) -> bool:
-        return bool(self.browser)
+    @_deprecated_property
+    def language(self) -> t.Optional[str]:  # type: ignore
+        return self._language
 
-    def __repr__(self):
-        return f"<{type(self).__name__} {self.browser!r}/{self.version}>"
+
+# This is what users might be importing, show warnings on create.
+class UserAgent(_UserAgent):
+    """Represents a parsed user agent header value.
+
+    This uses a basic parser to try to extract some information from the
+    header.
+
+    :param environ_or_string: The header value to parse, or a WSGI
+        environ containing the header.
+
+    .. deprecated:: 2.0.0
+        Will be removed in Werkzeug 2.1. Subclass
+        :class:`werkzeug.user_agent.UserAgent` (note the new module
+        name) to use a dedicated parser instead.
+
+    .. versionchanged:: 2.0.0
+        Passing a WSGI environ is deprecated and will be removed in 2.1.
+    """
+
+    def __init__(self, environ_or_string: "t.Union[str, WSGIEnvironment]") -> None:
+        if isinstance(environ_or_string, dict):
+            warnings.warn(
+                "Passing an environ to 'UserAgent' is deprecated and"
+                " will be removed in Werkzeug 2.1. Pass the header"
+                " value string instead.",
+                DeprecationWarning,
+                stacklevel=2,
+            )
+            string = environ_or_string.get("HTTP_USER_AGENT", "")
+        else:
+            string = environ_or_string
+
+        warnings.warn(
+            "The 'werkzeug.useragents' module is deprecated and will be"
+            " removed in Werkzeug 2.1. The new base API is"
+            " 'werkzeug.user_agent.UserAgent'.",
+            DeprecationWarning,
+            stacklevel=2,
+        )
+        super().__init__(string)
diff --git a/tests/test_useragents.py b/tests/test_useragents.py
index d43e9258a..aeeb512a2 100644
--- a/tests/test_useragents.py
+++ b/tests/test_useragents.py
@@ -46,5 +46,7 @@
     ),
 )
 def test_edge_browsers(user_agent, platform, browser, version, language):
-    parsed = useragents.UserAgentParser()(user_agent)
+    with pytest.deprecated_call():
+        parsed = useragents.UserAgentParser()(user_agent)
+
     assert parsed == (platform, browser, version, language)
diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py
index f1a183a27..e683c3b22 100644
--- a/tests/test_wrappers.py
+++ b/tests/test_wrappers.py
@@ -649,20 +649,24 @@ def test_user_agent(user_agent, browser, platform, version, language):
     request = wrappers.Request(
         {"HTTP_USER_AGENT": user_agent, "SERVER_NAME": "eggs", "SERVER_PORT": "80"}
     )
-    assert request.user_agent.browser == browser
-    assert request.user_agent.platform == platform
-    assert request.user_agent.version == version
-    assert request.user_agent.language == language
-    assert bool(request.user_agent)
-    assert request.user_agent.to_header() == user_agent
-    assert str(request.user_agent) == user_agent
+
+    with pytest.deprecated_call():
+        assert request.user_agent.browser == browser
+        assert request.user_agent.platform == platform
+        assert request.user_agent.version == version
+        assert request.user_agent.language == language
+        assert bool(request.user_agent)
+        assert request.user_agent.to_header() == user_agent
+        assert str(request.user_agent) == user_agent
 
 
 def test_invalid_user_agent():
     request = wrappers.Request(
         {"HTTP_USER_AGENT": "foo", "SERVER_NAME": "eggs", "SERVER_PORT": "80"}
     )
-    assert not request.user_agent
+
+    with pytest.deprecated_call():
+        assert not request.user_agent
 
 
 def test_stream_wrapping():

From 9a5151652a3ea97ec06fd43281ada704ce9e5c3e Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 8 Apr 2021 17:52:23 -0700
Subject: [PATCH 408/733] show type hints in description

---
 docs/conf.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/conf.py b/docs/conf.py
index b1a0eb1fd..57ecdf9fa 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -18,6 +18,8 @@
     "sphinx_issues",
     "sphinxcontrib.log_cabinet",
 ]
+autoclass_content = "both"
+autodoc_typehints = "description"
 intersphinx_mapping = {"python": ("https://docs.python.org/3/", None)}
 issues_github_path = "pallets/werkzeug"
 

From 051174fb74bf26e0bd1a60e6927a2f48e75193b8 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 12 Apr 2021 17:12:25 +0000
Subject: [PATCH 409/733] [pre-commit.ci] pre-commit autoupdate

---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index f7fd231f5..6195252fd 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.11.0
+    rev: v2.12.0
     hooks:
       - id: pyupgrade
         args: ["--py36-plus"]

From cb0fbec75f2e738c58e116a971656b00b9dec42c Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 15 Apr 2021 15:50:58 -0700
Subject: [PATCH 410/733] consistent versions and deprecation messages

---
 docs/utils.rst                              |  2 +-
 src/werkzeug/_internal.py                   |  3 +-
 src/werkzeug/exceptions.py                  |  2 +-
 src/werkzeug/formparser.py                  |  2 +-
 src/werkzeug/http.py                        | 12 +++---
 src/werkzeug/local.py                       | 32 ++++++--------
 src/werkzeug/sansio/request.py              | 17 ++++----
 src/werkzeug/sansio/response.py             |  8 ++--
 src/werkzeug/serving.py                     |  4 +-
 src/werkzeug/test.py                        | 18 ++++----
 src/werkzeug/urls.py                        | 24 +++++------
 src/werkzeug/user_agent.py                  |  2 +-
 src/werkzeug/useragents.py                  |  9 ++--
 src/werkzeug/utils.py                       | 48 +++++++++++----------
 src/werkzeug/wrappers/accept.py             |  4 +-
 src/werkzeug/wrappers/auth.py               |  6 +--
 src/werkzeug/wrappers/base_request.py       | 10 ++---
 src/werkzeug/wrappers/base_response.py      | 10 ++---
 src/werkzeug/wrappers/common_descriptors.py |  8 ++--
 src/werkzeug/wrappers/cors.py               |  8 ++--
 src/werkzeug/wrappers/etag.py               |  8 ++--
 src/werkzeug/wrappers/json.py               |  3 +-
 src/werkzeug/wrappers/request.py            | 21 +++++----
 src/werkzeug/wrappers/response.py           | 10 ++---
 src/werkzeug/wrappers/user_agent.py         |  4 +-
 tests/test_datastructures.py                |  3 +-
 26 files changed, 137 insertions(+), 141 deletions(-)

diff --git a/docs/utils.rst b/docs/utils.rst
index b7f80df78..9fb2077c7 100644
--- a/docs/utils.rst
+++ b/docs/utils.rst
@@ -67,7 +67,7 @@ UserAgent Parsing (deprecated)
 
 .. module:: werkzeug.useragents
 
-.. deprecated:: 2.0.0
+.. deprecated:: 2.0
     This module will be removed in Werkzeug 2.1. Subclass
     :class:`werkzeug.user_agent.UserAgent` to use a dedicated parser
     instead.
diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
index 8a0c17b6d..e220ecd6c 100644
--- a/src/werkzeug/_internal.py
+++ b/src/werkzeug/_internal.py
@@ -223,7 +223,8 @@ def _parse_signature(func):
     """Return a signature object for the function.
 
     .. deprecated:: 2.0
-        Will be removed in 2.1 along with utils.bind/validate_arguments
+        Will be removed in Werkzeug 2.1 along with ``utils.bind`` and
+        ``validate_arguments``.
     """
     # if we have a cached validator for this function, return it
     parse = _signature_cache.get(func)
diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py
index 38d73561a..afc14c3de 100644
--- a/src/werkzeug/exceptions.py
+++ b/src/werkzeug/exceptions.py
@@ -270,7 +270,7 @@ class Unauthorized(HTTPException):
     :param www-authenticate: A single value, or list of values, for the
         WWW-Authenticate header(s).
 
-    .. versionchanged:: 2.0.0
+    .. versionchanged:: 2.0
         Serialize multiple ``www_authenticate`` items into multiple
         ``WWW-Authenticate`` headers, rather than joining them
         into a single value, for better interoperability.
diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py
index bdc9cbfa1..d023c9d8f 100644
--- a/src/werkzeug/formparser.py
+++ b/src/werkzeug/formparser.py
@@ -344,7 +344,7 @@ def parse_multipart_headers(iterable: t.Iterable[bytes]) -> Headers:
     """
     warnings.warn(
         "'parse_multipart_headers' is deprecated and will be removed in"
-        " Werkzeug version 2.1.",
+        " Werkzeug 2.1.",
         DeprecationWarning,
         stacklevel=2,
     )
diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py
index 0f6367ecb..5d94e0cf5 100644
--- a/src/werkzeug/http.py
+++ b/src/werkzeug/http.py
@@ -703,7 +703,7 @@ def parse_if_range_header(value: t.Optional[str]) -> "ds.IfRange":
     """Parses an if-range header which can be an etag or a date.  Returns
     a :class:`~werkzeug.datastructures.IfRange` object.
 
-    .. versionchanged:: 2.0.0
+    .. versionchanged:: 2.0
         If the value represents a datetime, it is timezone-aware.
 
     .. versionadded:: 0.7
@@ -909,7 +909,7 @@ def parse_date(value: t.Optional[str]) -> t.Optional[datetime]:
 
     :param value: A string with a supported date format.
 
-    .. versionchanged:: 2.0.0
+    .. versionchanged:: 2.0
         Return a timezone-aware datetime object. Use
         ``email.utils.parsedate_to_datetime``.
     """
@@ -933,12 +933,12 @@ def cookie_date(
     """Format a datetime object or timestamp into an :rfc:`2822` date
     string for ``Set-Cookie expires``.
 
-    .. deprecated:: 2.0.0
-        Use :func:`http_date` instead. Will be removed in version 2.1.
+    .. deprecated:: 2.0
+        Will be removed in Werkzeug 2.1. Use :func:`http_date` instead.
     """
     warnings.warn(
         "'cookie_date' is deprecated and will be removed in Werkzeug"
-        " version 2.1. Use 'http_date' instead.",
+        " 2.1. Use 'http_date' instead.",
         DeprecationWarning,
         stacklevel=2,
     )
@@ -958,7 +958,7 @@ def http_date(
     :param timestamp: The datetime or timestamp to format. Defaults to
         the current time.
 
-    .. versionchanged:: 2.0.0
+    .. versionchanged:: 2.0
         Use ``email.utils.format_datetime``. Accept ``date`` objects.
     """
     if isinstance(timestamp, date):
diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index 9e9fdd615..3ca1fcefe 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -21,8 +21,8 @@
 def get_ident():
     warnings.warn(
         "'get_ident' is deprecated and will be removed in Werkzeug"
-        " version 2.1. Use 'greenlet.getcurrent' or"
-        " 'threading.get_ident' for previous behavior.",
+        " 2.1. Use 'greenlet.getcurrent' or 'threading.get_ident' for"
+        " previous behavior.",
         DeprecationWarning,
         stacklevel=2,
     )
@@ -108,8 +108,7 @@ def __init__(self) -> None:
     @property
     def __storage__(self):
         warnings.warn(
-            "'__storage__' is deprecated and will be removed in"
-            " Werkzeug version 2.1.",
+            "'__storage__' is deprecated and will be removed in Werkzeug 2.1.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -119,8 +118,7 @@ def __storage__(self):
     def __ident_func__(self):
         warnings.warn(
             "'__ident_func__' is deprecated and will be removed in"
-            " Werkzeug version 2.1. It should not be used in Python"
-            " 3.7+",
+            " Werkzeug 2.1. It should not be used in Python 3.7+.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -130,8 +128,7 @@ def __ident_func__(self):
     def __ident_func__(self, func):
         warnings.warn(
             "'__ident_func__' is deprecated and will be removed in"
-            " Werkzeug version 2.1. Setting it no longer has any"
-            " effect.",
+            " Werkzeug 2.1. Setting it no longer has any effect.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -256,8 +253,9 @@ class LocalManager:
     cleans up, it will clean up all the data left in the locals for this
     context.
 
-    .. versionchanged:: 2.0.0
-        ``ident_func`` is deprecated and will be removed in version 2.1.
+    .. versionchanged:: 2.0
+        ``ident_func`` is deprecated and will be removed in Werkzeug
+         2.1.
 
     .. versionchanged:: 0.6.1
         The :func:`release_local` function can be used instead of a
@@ -282,8 +280,7 @@ def __init__(
         if ident_func is not None:
             warnings.warn(
                 "'ident_func' is deprecated and will be removed in"
-                " Werkzeug version 2.1. Setting it no longer has any"
-                " effect.",
+                " Werkzeug 2.1. Setting it no longer has any effect.",
                 DeprecationWarning,
                 stacklevel=2,
             )
@@ -291,8 +288,7 @@ def __init__(
     @property
     def ident_func(self):
         warnings.warn(
-            "'ident_func' is deprecated and will be removed in Werkzeug"
-            " version 2.1.",
+            "'ident_func' is deprecated and will be removed in Werkzeug 2.1.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -302,7 +298,7 @@ def ident_func(self):
     def ident_func(self, func):
         warnings.warn(
             "'ident_func' is deprecated and will be removedin Werkzeug"
-            " version 2.1. Setting it no longer has any effect.",
+            " 2.1. Setting it no longer has any effect.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -313,8 +309,8 @@ def get_ident(self) -> int:
         but use it to link other context local objects (such as SQLAlchemy's
         scoped sessions) to the Werkzeug locals.
 
-        .. deprecated:: 2.0.0
-            Will be removed in version 2.1.
+        .. deprecated:: 2.0
+            Will be removed in Werkzeug 2.1.
 
         .. versionchanged:: 0.7
            You can pass a different ident function to the local manager that
@@ -322,7 +318,7 @@ def get_ident(self) -> int:
            constructor.
         """
         warnings.warn(
-            "'get_ident' is deprecated and will be removed in Werkzeug version 2.1.",
+            "'get_ident' is deprecated and will be removed in Werkzeug 2.1.",
             DeprecationWarning,
             stacklevel=2,
         )
diff --git a/src/werkzeug/sansio/request.py b/src/werkzeug/sansio/request.py
index c6f20acbe..af7aaeac6 100644
--- a/src/werkzeug/sansio/request.py
+++ b/src/werkzeug/sansio/request.py
@@ -102,7 +102,7 @@ class Request:
     extension can provide a subclass that uses a parser to provide other
     data.
 
-    .. versionadded:: 2.0.0
+    .. versionadded:: 2.0
     """
 
     #: Valid host names when handling requests. By default all hosts are
@@ -326,7 +326,7 @@ def content_length(self) -> t.Optional[int]:
         time at which the message was originated, having the same
         semantics as orig-date in RFC 822.
 
-        .. versionchanged:: 2.0.0
+        .. versionchanged:: 2.0
             The datetime object is timezone-aware.
         """,
         read_only=True,
@@ -442,7 +442,7 @@ def if_none_match(self) -> ETags:
     def if_modified_since(self) -> t.Optional[datetime]:
         """The parsed `If-Modified-Since` header as a datetime object.
 
-        .. versionchanged:: 2.0.0
+        .. versionchanged:: 2.0
             The datetime object is timezone-aware.
         """
         return parse_date(self.headers.get("If-Modified-Since"))
@@ -451,7 +451,7 @@ def if_modified_since(self) -> t.Optional[datetime]:
     def if_unmodified_since(self) -> t.Optional[datetime]:
         """The parsed `If-Unmodified-Since` header as a datetime object.
 
-        .. versionchanged:: 2.0.0
+        .. versionchanged:: 2.0
             The datetime object is timezone-aware.
         """
         return parse_date(self.headers.get("If-Unmodified-Since"))
@@ -460,7 +460,7 @@ def if_unmodified_since(self) -> t.Optional[datetime]:
     def if_range(self) -> IfRange:
         """The parsed ``If-Range`` header.
 
-        .. versionchanged:: 2.0.0
+        .. versionchanged:: 2.0
             ``IfRange.date`` is timezone-aware.
 
         .. versionadded:: 0.7
@@ -486,9 +486,10 @@ def user_agent(self) -> UserAgent:
         :class:`~werkzeug.user_agent.UserAgent` to provide parsing for
         the other properties or other extended data.
 
-        .. versionchanged:: 2.0.0
-            The built in parser is deprecated, a ``UserAgent`` subclass
-            must be set to parse data from the string.
+        .. versionchanged:: 2.0
+            The built in parser is deprecated and will be removed in
+            Werkzeug 2.1. A ``UserAgent`` subclass must be set to parse
+            data from the string.
         """
         return self.user_agent_class(t.cast(str, self.headers.get("User-Agent", "")))
 
diff --git a/src/werkzeug/sansio/response.py b/src/werkzeug/sansio/response.py
index d512104bd..f5975ccf8 100644
--- a/src/werkzeug/sansio/response.py
+++ b/src/werkzeug/sansio/response.py
@@ -388,7 +388,7 @@ def on_update(d):
         time at which the message was originated, having the same
         semantics as orig-date in RFC 822.
 
-        .. versionchanged:: 2.0.0
+        .. versionchanged:: 2.0
             The datetime object is timezone-aware.
         """,
     )
@@ -401,7 +401,7 @@ def on_update(d):
         which the response is considered stale. A stale cache entry may
         not normally be returned by a cache.
 
-        .. versionchanged:: 2.0.0
+        .. versionchanged:: 2.0
             The datetime object is timezone-aware.
         """,
     )
@@ -414,7 +414,7 @@ def on_update(d):
         and time at which the origin server believes the variant was
         last modified.
 
-        .. versionchanged:: 2.0.0
+        .. versionchanged:: 2.0
             The datetime object is timezone-aware.
         """,
     )
@@ -427,7 +427,7 @@ def retry_after(self) -> t.Optional[datetime]:
 
         Time in seconds until expiration or date.
 
-        .. versionchanged:: 2.0.0
+        .. versionchanged:: 2.0
             The datetime object is timezone-aware.
         """
         value = self.headers.get("retry-after")
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index b0dad7378..e37e9af1f 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -1008,14 +1008,14 @@ def run_with_reloader(*args, **kwargs) -> None:
     not use this function.
 
     .. deprecated:: 2.0
-        This function will be removed in version 2.1.
+        Will be removed in Werkzeug 2.1.
     """
     from ._reloader import run_with_reloader as _rwr
 
     warnings.warn(
         (
             "'run_with_reloader' is a private API, it will no longer be"
-            " accessible in version 2.1. Use 'run_simple' instead."
+            " accessible in Werkzeug 2.1. Use 'run_simple' instead."
         ),
         DeprecationWarning,
         stacklevel=2,
diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py
index 4e67c939f..9e02e3b35 100644
--- a/src/werkzeug/test.py
+++ b/src/werkzeug/test.py
@@ -834,7 +834,7 @@ class Client:
     `allow_subdomain_redirects` to `True` as if not no external redirects
     are allowed.
 
-    .. versionchanged:: 2.0.0
+    .. versionchanged:: 2.0
         ``response_wrapper`` is always a subclass of
         :class:``TestResponse``.
 
@@ -1027,12 +1027,12 @@ def open(
             :attr:`TestResponse.history` lists the intermediate
             responses.
 
-        .. versionchanged:: 2.0.0
-            ``as_tuple`` is deprecated and will be removed in version
+        .. versionchanged:: 2.0
+            ``as_tuple`` is deprecated and will be removed in Werkzeug
             2.1. Use :attr:`TestResponse.request` and
             ``request.environ`` instead.
 
-        .. versionchanged:: 2.0.0
+        .. versionchanged:: 2.0
             The request input stream is closed when calling
             ``response.close()``. Input streams for redirects are
             automatically closed.
@@ -1109,7 +1109,7 @@ def open(
         if as_tuple:
             warnings.warn(
                 "'as_tuple' is deprecated and will be removed in"
-                " version 2.1. Access 'response.request.environ'"
+                " Werkzeug 2.1. Access 'response.request.environ'"
                 " instead.",
                 DeprecationWarning,
                 stacklevel=2,
@@ -1299,8 +1299,8 @@ def __iter__(self) -> t.Iterator:
             (
                 "The test client no longer returns a tuple, it returns"
                 " a 'TestResponse'. Tuple unpacking is deprecated and"
-                " will be removed in version 2.1. Access the attributes"
-                " 'data', 'status', and 'headers' instead."
+                " will be removed in Werkzeug 2.1. Access the"
+                " attributes 'data', 'status', and 'headers' instead."
             ),
             DeprecationWarning,
             stacklevel=2,
@@ -1312,8 +1312,8 @@ def __getitem__(self, item: int) -> t.Any:
             (
                 "The test client no longer returns a tuple, it returns"
                 " a 'TestResponse'. Item indexing is deprecated and"
-                " will be removed in version 2.1. Access the attributes"
-                " 'data', 'status', and 'headers' instead."
+                " will be removed in Werkzeug 2.1. Access the"
+                " attributes 'data', 'status', and 'headers' instead."
             ),
             DeprecationWarning,
             stacklevel=2,
diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py
index ea60d689a..63f18104c 100644
--- a/src/werkzeug/urls.py
+++ b/src/werkzeug/urls.py
@@ -836,8 +836,8 @@ def url_decode(
     :param cls: Container to hold result instead of :class:`MultiDict`.
 
     .. versionchanged:: 2.0
-        The ``decode_keys`` argument is deprecated and will be removed
-        in 2.1.
+        The ``decode_keys`` parameter is deprecated and will be removed
+        in Werkzeug 2.1.
 
     .. versionchanged:: 0.5
         In previous versions ";" and "&" could be used for url decoding.
@@ -849,7 +849,7 @@ def url_decode(
     """
     if decode_keys is not None:
         warnings.warn(
-            "'decode_keys' is deprecated and will be removed in 2.1.",
+            "'decode_keys' is deprecated and will be removed in Werkzeug 2.1.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -903,8 +903,8 @@ def url_decode_stream(
                             returned
 
     .. versionchanged:: 2.0
-        The ``decode_keys`` argument is deprecated and will be removed
-        in 2.1.
+        The ``decode_keys`` parameter is deprecated and will be removed
+        in Werkzeug 2.1.
 
     .. versionadded:: 0.8
     """
@@ -912,7 +912,7 @@ def url_decode_stream(
 
     if decode_keys is not None:
         warnings.warn(
-            "'decode_keys' is deprecated and will be removed in 2.1.",
+            "'decode_keys' is deprecated and will be removed in Werkzeug 2.1.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -972,15 +972,15 @@ def url_encode(
                 check out the :func:`sorted` documentation.
 
     .. versionchanged:: 2.0
-        The ``encode_keys`` argument is deprecated and will be removed
-        in 2.1.
+        The ``encode_keys`` parameter is deprecated and will be removed
+        in Werkzeug 2.1.
 
     .. versionchanged:: 0.5
         Added the ``sort``, ``key``, and ``separator`` parameters.
     """
     if encode_keys is not None:
         warnings.warn(
-            "'encode_keys' is deprecated and will be removed in 2.1.",
+            "'encode_keys' is deprecated and will be removed in Werkzeug 2.1.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -1012,14 +1012,14 @@ def url_encode_stream(
                 check out the :func:`sorted` documentation.
 
     .. versionchanged:: 2.0
-        The ``encode_keys`` argument is deprecated and will be removed
-        in 2.1.
+        The ``encode_keys`` parameter is deprecated and will be removed
+        in Werkzeug 2.1.
 
     .. versionadded:: 0.8
     """
     if encode_keys is not None:
         warnings.warn(
-            "'encode_keys' is deprecated and will be removed in 2.1.",
+            "'encode_keys' is deprecated and will be removed in Werkzeug 2.1.",
             DeprecationWarning,
             stacklevel=2,
         )
diff --git a/src/werkzeug/user_agent.py b/src/werkzeug/user_agent.py
index 0c207b343..b1367553c 100644
--- a/src/werkzeug/user_agent.py
+++ b/src/werkzeug/user_agent.py
@@ -12,7 +12,7 @@ class UserAgent:
 
     :param string: The header value to parse.
 
-    .. versionadded:: 2.0.0
+    .. versionadded:: 2.0
         This replaces the previous ``useragents`` module, but does not
         provide a built-in parser.
     """
diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py
index 59ff017da..9930f72be 100644
--- a/src/werkzeug/useragents.py
+++ b/src/werkzeug/useragents.py
@@ -115,8 +115,9 @@ def __call__(
 class UserAgentParser(_UserAgentParser):
     """A simple user agent parser.  Used by the `UserAgent`.
 
-    .. deprecated:: 2.0.0
-        Will be removed in 2.1. Use a dedicated parser library instead.
+    .. deprecated:: 2.0
+        Will be removed in Werkzeug 2.1. Use a dedicated parser library
+        instead.
     """
 
     def __init__(self):
@@ -182,12 +183,12 @@ class UserAgent(_UserAgent):
     :param environ_or_string: The header value to parse, or a WSGI
         environ containing the header.
 
-    .. deprecated:: 2.0.0
+    .. deprecated:: 2.0
         Will be removed in Werkzeug 2.1. Subclass
         :class:`werkzeug.user_agent.UserAgent` (note the new module
         name) to use a dedicated parser instead.
 
-    .. versionchanged:: 2.0.0
+    .. versionchanged:: 2.0
         Passing a WSGI environ is deprecated and will be removed in 2.1.
     """
 
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index f834138de..d2deebbdb 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -176,7 +176,7 @@ class HTMLBuilder:
     '
    <foo>
    '
 
     .. deprecated:: 2.0
-        Will be removed in 2.1.
+        Will be removed in Werkzeug 2.1.
     """
 
     _entity_re = re.compile(r"&([^;]+);")
@@ -226,7 +226,7 @@ def __call__(self, s):
         import html
 
         warnings.warn(
-            "'utils.HTMLBuilder' is deprecated and will be removed in 2.1.",
+            "'utils.HTMLBuilder' is deprecated and will be removed in Werkzeug 2.1.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -236,7 +236,7 @@ def __getattr__(self, tag):
         import html
 
         warnings.warn(
-            "'utils.HTMLBuilder' is deprecated and will be removed in 2.1.",
+            "'utils.HTMLBuilder' is deprecated and will be removed in Werkzeug 2.1.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -384,13 +384,14 @@ def format_string(string, context):
     :param context: a dict with the variables to insert.
 
     .. deprecated:: 2.0
-        Will be removed in 2.1. Use :class:`string.Template` instead.
+        Will be removed in Werkzeug 2.1. Use :class:`string.Template`
+        instead.
     """
     from string import Template
 
     warnings.warn(
         "'utils.format_string' is deprecated and will be removed in"
-        " 2.1. Use 'string.Template' instead.",
+        " Werkzeug 2.1. Use 'string.Template' instead.",
         DeprecationWarning,
         stacklevel=2,
     )
@@ -451,13 +452,13 @@ def escape(s):
     ``None`` is escaped to an empty string.
 
     .. deprecated:: 2.0
-        Will be removed in 2.1. Use MarkupSafe instead.
+        Will be removed in Werkzeug 2.1. Use MarkupSafe instead.
     """
     import html
 
     warnings.warn(
-        "'utils.escape' is deprecated and will be removed in 2.1. Use"
-        " MarkupSafe instead.",
+        "'utils.escape' is deprecated and will be removed in Werkzeug"
+        " 2.1. Use MarkupSafe instead.",
         DeprecationWarning,
         stacklevel=2,
     )
@@ -479,13 +480,13 @@ def unescape(s):
     entities, not only those inserted by ``escape``.
 
     .. deprecated:: 2.0
-        Will be removed in 2.1. Use MarkupSafe instead.
+        Will be removed in Werkzeug 2.1. Use MarkupSafe instead.
     """
     import html
 
     warnings.warn(
-        "'utils.unescape' is deprecated and will be removed in 2.1. Use"
-        " MarkupSafe instead.",
+        "'utils.unescape' is deprecated and will be removed in Werkzueg"
+        " 2.1. Use MarkupSafe instead.",
         DeprecationWarning,
         stacklevel=2,
     )
@@ -618,24 +619,24 @@ def send_file(
     :param _root_path: Do not use. For internal use only. Use
         :func:`send_from_directory` to safely send files under a path.
 
-    .. versionadded:: 2.0.0
+    .. versionadded:: 2.0
         Adapted from Flask's implementation.
 
-    .. versionchanged:: 2.0.0
+    .. versionchanged:: 2.0
         ``download_name`` replaces Flask's ``attachment_filename``
          parameter. If ``as_attachment=False``, it is passed with
          ``Content-Disposition: inline`` instead.
 
-    .. versionchanged:: 2.0.0
+    .. versionchanged:: 2.0
         ``max_age`` replaces Flask's ``cache_timeout`` parameter.
         ``conditional`` is enabled and ``max_age`` is not set by
         default.
 
-    .. versionchanged:: 2.0.0
+    .. versionchanged:: 2.0
         ``etag`` replaces Flask's ``add_etags`` parameter. It can be a
         string to use instead of generating one.
 
-    .. versionchanged:: 2.0.0
+    .. versionchanged:: 2.0
         If an encoding is returned when guessing ``mimetype`` from
         ``download_name``, set the ``Content-Encoding`` header.
     """
@@ -791,7 +792,7 @@ def send_from_directory(
     :param environ: The WSGI environ for the current request.
     :param kwargs: Arguments to pass to :func:`send_file`.
 
-    .. versionadded:: 2.0.0
+    .. versionadded:: 2.0
         Adapted from Flask's implementation.
     """
     path = safe_join(os.fspath(directory), os.fspath(path))
@@ -929,11 +930,12 @@ def proxy(request):
     :return: tuple in the form ``(args, kwargs)``.
 
     .. deprecated:: 2.0
-        Will be removed in 2.1. Use :func:`inspect.signature` instead.
+        Will be removed in Werkzeug 2.1. Use :func:`inspect.signature`
+        instead.
     """
     warnings.warn(
         "'utils.validate_arguments' is deprecated and will be removed"
-        " in 2.1. Use 'inspect.signature' instead.",
+        " in Werkzeug 2.1. Use 'inspect.signature' instead.",
         DeprecationWarning,
         stacklevel=2,
     )
@@ -959,11 +961,12 @@ def bind_arguments(func, args, kwargs):
     :return: a :class:`dict` of bound keyword arguments.
 
     .. deprecated:: 2.0
-        Will be removed in 2.1. Use :meth:`Signature.bind` instead.
+        Will be removed in Werkzeug 2.1. Use :meth:`Signature.bind`
+        instead.
     """
     warnings.warn(
         "'utils.bind_arguments' is deprecated and will be removed in"
-        " 2.1. Use 'Signature.bind' instead.",
+        " Werkzeug 2.1. Use 'Signature.bind' instead.",
         DeprecationWarning,
         stacklevel=2,
     )
@@ -1000,7 +1003,8 @@ class ArgumentValidationError(ValueError):
     """Raised if :func:`validate_arguments` fails to validate
 
     .. deprecated:: 2.0
-        Will be removed in 2.1 along with utils.bind/validate_arguments.
+        Will be removed in Werkzeug 2.1 along with ``utils.bind`` and
+        ``validate_arguments``.
     """
 
     def __init__(self, missing=None, extra=None, extra_positional=None):
diff --git a/src/werkzeug/wrappers/accept.py b/src/werkzeug/wrappers/accept.py
index 20ae656b8..6de5294a8 100644
--- a/src/werkzeug/wrappers/accept.py
+++ b/src/werkzeug/wrappers/accept.py
@@ -5,8 +5,8 @@ class AcceptMixin:
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'AcceptMixin' is deprecated and will be removed in"
-            " Werkzeug version 2.1. 'Request' now includes the"
-            " functionality directly.",
+            " Werkzeug 2.1. 'Request' now includes the functionality"
+            " directly.",
             DeprecationWarning,
             stacklevel=2,
         )
diff --git a/src/werkzeug/wrappers/auth.py b/src/werkzeug/wrappers/auth.py
index a5ea216cd..11514e8db 100644
--- a/src/werkzeug/wrappers/auth.py
+++ b/src/werkzeug/wrappers/auth.py
@@ -5,8 +5,8 @@ class AuthorizationMixin:
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'AuthorizationMixin' is deprecated and will be removed in"
-            " Werkzeug version 2.1. 'Request' now includes the"
-            " functionality directly.",
+            " Werkzeug 2.1. 'Request' now includes the functionality"
+            " directly.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -17,7 +17,7 @@ class WWWAuthenticateMixin:
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'WWWAuthenticateMixin' is deprecated and will be removed"
-            " in Werkzeug version 2.1. 'Response' now includes the"
+            " in Werkzeug 2.1. 'Response' now includes the"
             " functionality directly.",
             DeprecationWarning,
             stacklevel=2,
diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py
index 4013e7509..48dcc46c5 100644
--- a/src/werkzeug/wrappers/base_request.py
+++ b/src/werkzeug/wrappers/base_request.py
@@ -7,8 +7,7 @@ class _FakeSubclassCheck(type):
     def __subclasscheck__(cls, subclass):
         warnings.warn(
             "'BaseRequest' is deprecated and will be removed in"
-            " Werkzeug version 2.1. Use 'issubclass(cls, Request)'"
-            " instead.",
+            " Werkzeug 2.1. Use 'issubclass(cls, Request)' instead.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -17,8 +16,7 @@ def __subclasscheck__(cls, subclass):
     def __instancecheck__(cls, instance):
         warnings.warn(
             "'BaseRequest' is deprecated and will be removed in"
-            " Werkzeug version 2.1. Use 'isinstance(obj, Request)'"
-            " instead.",
+            " Werkzeug 2.1. Use 'isinstance(obj, Request)' instead.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -29,8 +27,8 @@ class BaseRequest(Request, metaclass=_FakeSubclassCheck):
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'BaseRequest' is deprecated and will be removed in"
-            " Werkzeug version 2.1. 'Request' now includes the"
-            " functionality directly.",
+            " Werkzeug 2.1. 'Request' now includes the functionality"
+            " directly.",
             DeprecationWarning,
             stacklevel=2,
         )
diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py
index 74d825349..a102d8943 100644
--- a/src/werkzeug/wrappers/base_response.py
+++ b/src/werkzeug/wrappers/base_response.py
@@ -7,8 +7,7 @@ class _FakeSubclassCheck(type):
     def __subclasscheck__(cls, subclass):
         warnings.warn(
             "'BaseResponse' is deprecated and will be removed in"
-            " Werkzeug version 2.1. Use 'issubclass(cls, Response)'"
-            " instead.",
+            " Werkzeug 2.1. Use 'issubclass(cls, Response)' instead.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -17,8 +16,7 @@ def __subclasscheck__(cls, subclass):
     def __instancecheck__(cls, instance):
         warnings.warn(
             "'BaseResponse' is deprecated and will be removed in"
-            " Werkzeug version 2.1. Use 'isinstance(obj, Response)'"
-            " instead.",
+            " Werkzeug 2.1. Use 'isinstance(obj, Response)' instead.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -29,8 +27,8 @@ class BaseResponse(Response, metaclass=_FakeSubclassCheck):
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'BaseResponse' is deprecated and will be removed in"
-            " Werkzeug version 2.1. 'Response' now includes the"
-            " functionality directly.",
+            " Werkzeug 2.1. 'Response' now includes the functionality"
+            " directly.",
             DeprecationWarning,
             stacklevel=2,
         )
diff --git a/src/werkzeug/wrappers/common_descriptors.py b/src/werkzeug/wrappers/common_descriptors.py
index 347d4ae51..77e935cc3 100644
--- a/src/werkzeug/wrappers/common_descriptors.py
+++ b/src/werkzeug/wrappers/common_descriptors.py
@@ -5,8 +5,8 @@ class CommonRequestDescriptorsMixin:
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'CommonRequestDescriptorsMixin' is deprecated and will be"
-            " removed in Werkzeug version 2.1. 'Request' now includes"
-            " the functionality directly.",
+            " removed in Werkzeug 2.1. 'Request' now includes the"
+            " functionality directly.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -17,8 +17,8 @@ class CommonResponseDescriptorsMixin:
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'CommonResponseDescriptorsMixin' is deprecated and will be"
-            " removed in Werkzeug version 2.1. 'Response' now includes"
-            " the functionality directly.",
+            " removed in Werkzeug 2.1. 'Response' now includes the"
+            " functionality directly.",
             DeprecationWarning,
             stacklevel=2,
         )
diff --git a/src/werkzeug/wrappers/cors.py b/src/werkzeug/wrappers/cors.py
index 929f20718..3039abecb 100644
--- a/src/werkzeug/wrappers/cors.py
+++ b/src/werkzeug/wrappers/cors.py
@@ -5,8 +5,8 @@ class CORSRequestMixin:
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'CORSRequestMixin' is deprecated and will be removed in"
-            " Werkzeug version 2.1. 'Request' now includes the"
-            " functionality directly.",
+            " Werkzeug 2.1. 'Request' now includes the functionality"
+            " directly.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -17,8 +17,8 @@ class CORSResponseMixin:
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'CORSResponseMixin' is deprecated and will be removed in"
-            " Werkzeug version 2.1. 'Response' now includes the"
-            " functionality directly.",
+            " Werkzeug 2.1. 'Response' now includes the functionality"
+            " directly.",
             DeprecationWarning,
             stacklevel=2,
         )
diff --git a/src/werkzeug/wrappers/etag.py b/src/werkzeug/wrappers/etag.py
index e96d07a74..8b9f87875 100644
--- a/src/werkzeug/wrappers/etag.py
+++ b/src/werkzeug/wrappers/etag.py
@@ -5,8 +5,8 @@ class ETagRequestMixin:
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'ETagRequestMixin' is deprecated and will be removed in"
-            " Werkzeug version 2.1. 'Request' now includes the"
-            " functionality directly.",
+            " Werkzeug 2.1. 'Request' now includes the functionality"
+            " directly.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -17,8 +17,8 @@ class ETagResponseMixin:
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'ETagResponseMixin' is deprecated and will be removed in"
-            " Werkzeug version 2.1. 'Response' now includes the"
-            " functionality directly.",
+            " Werkzeug 2.1. 'Response' now includes the functionality"
+            " directly.",
             DeprecationWarning,
             stacklevel=2,
         )
diff --git a/src/werkzeug/wrappers/json.py b/src/werkzeug/wrappers/json.py
index 50bba7a54..a9ff5295b 100644
--- a/src/werkzeug/wrappers/json.py
+++ b/src/werkzeug/wrappers/json.py
@@ -5,8 +5,7 @@ class JSONMixin:
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'JSONMixin' is deprecated and will be removed in Werkzeug"
-            " version 2.1. 'Request' now includes the functionality"
-            " directly.",
+            " 2.1. 'Request' now includes the functionality directly.",
             DeprecationWarning,
             stacklevel=2,
         )
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index 3d4fa9b53..1e243eb10 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -51,7 +51,7 @@ class Request(_SansIORequest):
     .. versionchanged:: 2.0
         Combine ``BaseRequest`` and mixins into a single ``Request``
         class. Using the old classes is deprecated and will be removed
-        in version 2.1.
+        in Werkzeug 2.1.
 
     .. versionchanged:: 0.5
         Read-only mode is enforced with immutable classes for all data.
@@ -425,7 +425,7 @@ def values(self) -> "CombinedMultiDict[str, str]":
 
         For GET requests, only ``args`` are present, not ``form``.
 
-        .. versionchanged:: 2.0.0
+        .. versionchanged:: 2.0
             For GET requests, only ``args`` are present, not ``form``.
         """
         sources = [self.args]
@@ -596,8 +596,8 @@ class StreamOnlyMixin:
     ``form``, and ``files`` properties. Only ``stream`` is available.
 
     .. deprecated:: 2.0
-        Will be removed in 2.1. You likely want to create the request
-        with ``shallow=True`` instead. Or subclass and set
+        Will be removed in Werkzeug 2.1. You likely want to create the
+        request with ``shallow=True`` instead. Or subclass and set
         ``disable_data_descriptor`` and ``want_form_data_parsed``.
 
     .. versionadded:: 0.9
@@ -609,8 +609,8 @@ class StreamOnlyMixin:
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'StreamOnlyMixin' is deprecated and will be removed in"
-            " Werkzeug version 2.1. Create the request with"
-            " 'shallow=True' instead.",
+            " Werkzeug 2.1. Create the request with 'shallow=True'"
+            " instead.",
             DeprecationWarning,
             stacklevel=2,
         )
@@ -621,8 +621,8 @@ class PlainRequest(StreamOnlyMixin, Request):
     """A request object without ``data``, ``form``, and ``files``.
 
     .. deprecated:: 2.0
-        Will be removed in 2.1. You likely want to create the request
-        with ``shallow=True`` instead. Or subclass and set
+        Will be removed in Werkzeug 2.1. You likely want to create the
+        request with ``shallow=True`` instead. Or subclass and set
         ``disable_data_descriptor`` and ``want_form_data_parsed``.
 
     .. versionadded:: 0.9
@@ -631,14 +631,13 @@ class PlainRequest(StreamOnlyMixin, Request):
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'PlainRequest' is deprecated and will be removed in"
-            " Werkzeug version 2.1. Create the request with"
-            " 'shallow=True' instead.",
+            " Werkzeug 2.1. Create the request with 'shallow=True'"
+            " instead.",
             DeprecationWarning,
             stacklevel=2,
         )
 
         # Don't show the DeprecationWarning for StreamOnlyMixin.
         with warnings.catch_warnings():
-            # Don't show the DeprecationWarning for StreamOnlyMixin.
             warnings.simplefilter("ignore", DeprecationWarning)
             super().__init__(*args, **kwargs)
diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py
index 2031f4d13..2e8aa6fc6 100644
--- a/src/werkzeug/wrappers/response.py
+++ b/src/werkzeug/wrappers/response.py
@@ -125,7 +125,7 @@ def application(environ, start_response):
     .. versionchanged:: 2.0
         Combine ``BaseResponse`` and mixins into a single ``Response``
         class. Using the old classes is deprecated and will be removed
-        in version 2.1.
+        in Werkzeug 2.1.
 
     .. versionchanged:: 0.5
         The ``direct_passthrough`` parameter was added.
@@ -454,7 +454,7 @@ def freeze(self, no_etag: None = None) -> None:
 
         .. versionchanged:: 2.0
             An ``ETag`` header is added, the ``no_etag`` parameter is
-            deprecated and will be removed in version 2.1.
+            deprecated and will be removed in Werkzeug 2.1.
 
         .. versionchanged:: 0.6
             The ``Content-Length`` header is set.
@@ -467,7 +467,7 @@ def freeze(self, no_etag: None = None) -> None:
         if no_etag is not None:
             warnings.warn(
                 "The 'no_etag' parameter is deprecated and will be"
-                " removed in Werkzeug version 2.1.",
+                " removed in Werkzeug 2.1.",
                 DeprecationWarning,
                 stacklevel=2,
             )
@@ -880,8 +880,8 @@ class ResponseStreamMixin:
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'ResponseStreamMixin' is deprecated and will be removed in"
-            " Werkzeug version 2.1. 'Response' now includes the"
-            " functionality directly.",
+            " Werkzeug 2.1. 'Response' now includes the functionality"
+            " directly.",
             DeprecationWarning,
             stacklevel=2,
         )
diff --git a/src/werkzeug/wrappers/user_agent.py b/src/werkzeug/wrappers/user_agent.py
index 5759e3dca..292d2af6b 100644
--- a/src/werkzeug/wrappers/user_agent.py
+++ b/src/werkzeug/wrappers/user_agent.py
@@ -5,8 +5,8 @@ class UserAgentMixin:
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'UserAgentMixin' is deprecated and will be removed in"
-            " Werkzeug version 2.1. 'Request' now includes the"
-            " functionality directly.",
+            " Werkzeug 2.1. 'Request' now includes the functionality"
+            " directly.",
             DeprecationWarning,
             stacklevel=2,
         )
diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py
index c940ae85b..7bed93f41 100644
--- a/tests/test_datastructures.py
+++ b/tests/test_datastructures.py
@@ -71,8 +71,7 @@ def create_instance(module=None):
             assert ud != d
 
     def test_multidict_dict_interop(self):
-        # This would have caught the regression in Werkzeug 2.0.0rc1
-        # (see https://github.com/pallets/werkzeug/pull/2043).
+        # https://github.com/pallets/werkzeug/pull/2043
         md = self.storage_class([("a", 1), ("a", 2)])
         assert dict(md)["a"] != [1, 2]
         assert dict(md)["a"] == 1

From d847cb5d21ee0449570445224753cad0dfc08320 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 15 Apr 2021 18:48:30 -0700
Subject: [PATCH 411/733] deprecate pbkdf2 and compare functions

---
 CHANGES.rst              |   2 +
 src/werkzeug/security.py | 122 +++++++++++++++++++++---------------
 tests/test_security.py   | 131 ---------------------------------------
 3 files changed, 73 insertions(+), 182 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 12789cc4f..c00c203af 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -179,6 +179,8 @@ Unreleased
 -   ``werzeug.DechunkedInput.readinto`` will not read beyond the size of
     the buffer. :issue:`2021`
 -   Fix connection reset when exceeding max content size. :pr:`2051`
+-   ``pbkdf2_hex``, ``pbkdf2_bin``, and ``safe_str_cmp`` are deprecated.
+    ``hashlib`` and ``hmac`` provide equivalents. :pr:`2083`
 
 
 Version 1.0.2
diff --git a/src/werkzeug/security.py b/src/werkzeug/security.py
index 96579bd92..9629c1980 100644
--- a/src/werkzeug/security.py
+++ b/src/werkzeug/security.py
@@ -1,12 +1,10 @@
-import codecs
 import hashlib
 import hmac
 import os
 import posixpath
 import secrets
 import typing as t
-
-from ._internal import _to_bytes
+import warnings
 
 if t.TYPE_CHECKING:
     pass
@@ -20,16 +18,14 @@
 
 
 def pbkdf2_hex(
-    data: t.AnyStr,
-    salt: t.AnyStr,
+    data: t.Union[str, bytes],
+    salt: t.Union[str, bytes],
     iterations: int = DEFAULT_PBKDF2_ITERATIONS,
     keylen: t.Optional[int] = None,
-    hashfunc: t.Optional[str] = None,
+    hashfunc: t.Optional[t.Union[str, t.Callable]] = None,
 ) -> str:
     """Like :func:`pbkdf2_bin`, but returns a hex-encoded string.
 
-    .. versionadded:: 0.9
-
     :param data: the data to derive.
     :param salt: the salt for the derivation.
     :param iterations: the number of iterations.
@@ -38,25 +34,34 @@ def pbkdf2_hex(
     :param hashfunc: the hash function to use.  This can either be the
                      string name of a known hash function, or a function
                      from the hashlib module.  Defaults to sha256.
+
+    .. deprecated:: 2.0
+        Will be removed in Werkzeug 2.1. Use :func:`hashlib.pbkdf2_hmac`
+        instead.
+
+    .. versionadded:: 0.9
     """
-    rv = pbkdf2_bin(data, salt, iterations, keylen, hashfunc)
-    return codecs.encode(rv, "hex_codec").decode("ascii")
+    warnings.warn(
+        "'pbkdf2_hex' is deprecated and will be removed in Werkzeug"
+        " 2.1. Use 'hashlib.pbkdf2_hmac().hex()' instead.",
+        DeprecationWarning,
+        stacklevel=2,
+    )
+    return pbkdf2_bin(data, salt, iterations, keylen, hashfunc).hex()
 
 
 def pbkdf2_bin(
-    data: t.AnyStr,
-    salt: t.AnyStr,
+    data: t.Union[str, bytes],
+    salt: t.Union[str, bytes],
     iterations: int = DEFAULT_PBKDF2_ITERATIONS,
     keylen: t.Optional[int] = None,
-    hashfunc: t.Optional[str] = None,
+    hashfunc: t.Optional[t.Union[str, t.Callable]] = None,
 ) -> bytes:
     """Returns a binary digest for the PBKDF2 hash algorithm of `data`
     with the given `salt`. It iterates `iterations` times and produces a
     key of `keylen` bytes. By default, SHA-256 is used as hash function;
     a different hashlib `hashfunc` can be provided.
 
-    .. versionadded:: 0.9
-
     :param data: the data to derive.
     :param salt: the salt for the derivation.
     :param iterations: the number of iterations.
@@ -65,18 +70,33 @@ def pbkdf2_bin(
     :param hashfunc: the hash function to use.  This can either be the
                      string name of a known hash function or a function
                      from the hashlib module.  Defaults to sha256.
+
+    .. deprecated:: 2.0
+        Will be removed in Werkzeug 2.1. Use :func:`hashlib.pbkdf2_hmac`
+        instead.
+
+    .. versionadded:: 0.9
     """
-    if not hashfunc:
-        hashfunc = "sha256"
+    warnings.warn(
+        "'pbkdf2_bin' is deprecated and will be removed in Werkzeug"
+        " 2.1. Use 'hashlib.pbkdf2_hmac()' instead.",
+        DeprecationWarning,
+        stacklevel=2,
+    )
 
-    data = _to_bytes(data)
-    salt = _to_bytes(salt)
+    if isinstance(data, str):
+        data = data.encode("utf8")
 
-    if callable(hashfunc):
-        _test_hash = hashfunc()
-        hash_name = getattr(_test_hash, "name", None)
+    if isinstance(salt, str):
+        salt = salt.encode("utf8")
+
+    if not hashfunc:
+        hash_name = "sha256"
+    elif callable(hashfunc):
+        hash_name = hashfunc().name
     else:
         hash_name = hashfunc
+
     return hashlib.pbkdf2_hmac(hash_name, data, salt, iterations, keylen)
 
 
@@ -86,10 +106,22 @@ def safe_str_cmp(a: str, b: str) -> bool:
 
     Returns `True` if the two strings are equal, or `False` if they are not.
 
+    .. deprecated:: 2.0
+        Will be removed in Werkzeug 2.1. Use
+        :func:`hmac.compare_digest` instead.
+
     .. versionadded:: 0.7
     """
+    warnings.warn(
+        "'safe_str_cmp' is deprecated and will be removed in Werkzeug"
+        " 2.1. Use 'hmac.compare_digest' instead.",
+        DeprecationWarning,
+        stacklevel=2,
+    )
+
     if isinstance(a, str):
         a = a.encode("utf-8")  # type: ignore
+
     if isinstance(b, str):
         b = b.encode("utf-8")  # type: ignore
 
@@ -100,6 +132,7 @@ def gen_salt(length: int) -> str:
     """Generate a random string of SALT_CHARS with specified ``length``."""
     if length <= 0:
         raise ValueError("Salt length must be positive")
+
     return "".join(secrets.choice(SALT_CHARS) for _ in range(length))
 
 
@@ -111,43 +144,29 @@ def _hash_internal(method: str, salt: str, password: str) -> t.Tuple[str, str]:
     if method == "plain":
         return password, method
 
-    if isinstance(password, str):
-        password = password.encode("utf-8")  # type: ignore
+    salt = salt.encode("utf-8")
+    password = password.encode("utf-8")
 
     if method.startswith("pbkdf2:"):
+        if not salt:
+            raise ValueError("Salt is required for PBKDF2")
+
         args = method[7:].split(":")
+
         if len(args) not in (1, 2):
             raise ValueError("Invalid number of arguments for PBKDF2")
+
         method = args.pop(0)
         iterations = int(args[0] or 0) if args else DEFAULT_PBKDF2_ITERATIONS
-        is_pbkdf2 = True
-        actual_method = f"pbkdf2:{method}:{iterations}"
-    else:
-        is_pbkdf2 = False
-        actual_method = method
-
-    if is_pbkdf2:
-        if not salt:
-            raise ValueError("Salt is required for PBKDF2")
-        rv = pbkdf2_hex(password, salt, iterations, hashfunc=method)
-    elif salt:
-        if isinstance(salt, str):
-            salt = salt.encode("utf-8")  # type: ignore
-        mac = _create_mac(salt, password, method)  # type: ignore
-        rv = mac.hexdigest()
-    else:
-        rv = hashlib.new(method, password).hexdigest()  # type: ignore
-    return rv, actual_method
-
+        return (
+            hashlib.pbkdf2_hmac(method, password, salt, iterations).hex(),
+            f"pbkdf2:{method}:{iterations}",
+        )
 
-def _create_mac(key: bytes, msg: bytes, method: str) -> hmac.HMAC:
-    if callable(method):
-        return hmac.new(key, msg, method)
+    if salt:
+        return hmac.new(salt, password, method).hexdigest(), method
 
-    def hashfunc(d=b""):
-        return hashlib.new(method, d)
-
-    return hmac.new(key, msg, hashfunc)
+    return hashlib.new(method, password).hexdigest(), method
 
 
 def generate_password_hash(
@@ -195,8 +214,9 @@ def check_password_hash(pwhash: str, password: str) -> bool:
     """
     if pwhash.count("$") < 2:
         return False
+
     method, salt, hashval = pwhash.split("$", 2)
-    return safe_str_cmp(_hash_internal(method, salt, password)[0], hashval)
+    return hmac.compare_digest(_hash_internal(method, salt, password)[0], hashval)
 
 
 def safe_join(directory: str, *pathnames: str) -> t.Optional[str]:
diff --git a/tests/test_security.py b/tests/test_security.py
index 9026a4a4c..54987f6cb 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -5,19 +5,7 @@
 
 from werkzeug.security import check_password_hash
 from werkzeug.security import generate_password_hash
-from werkzeug.security import pbkdf2_hex
 from werkzeug.security import safe_join
-from werkzeug.security import safe_str_cmp
-
-
-def test_safe_str_cmp():
-    assert safe_str_cmp("a", "a") is True
-    assert safe_str_cmp(b"a", "a") is True
-    assert safe_str_cmp("a", "b") is False
-    assert safe_str_cmp(b"aaa", "aa") is False
-    assert safe_str_cmp(b"aaa", "bbb") is False
-    assert safe_str_cmp(b"aaa", "aaa") is True
-    assert safe_str_cmp("aaa", "aaa") is True
 
 
 def test_password_hashing():
@@ -33,9 +21,6 @@ def test_password_hashing():
     assert hash1.startswith("sha1$")
     assert hash2.startswith("sha1$")
 
-    with pytest.raises(ValueError):
-        check_password_hash("$made$up$", "default")
-
     with pytest.raises(ValueError):
         generate_password_hash("default", "sha1", salt_length=0)
 
@@ -58,119 +43,3 @@ def test_safe_join_os_sep():
     sec._os_alt_seps = "*"
     assert safe_join("foo", "bar/baz*") is None
     sec._os_alt_steps = prev_value
-
-
-def test_pbkdf2():
-    def check(data, salt, iterations, keylen, hashfunc, expected):
-        rv = pbkdf2_hex(data, salt, iterations, keylen, hashfunc)
-        assert rv == expected
-
-    # From RFC 6070
-
-    # Assumes default keylen is 20
-    # check('password', 'salt', 1, None,
-    #      '0c60c80f961f0e71f3a9b524af6012062fe037a6')
-    check("password", "salt", 1, 20, "sha1", "0c60c80f961f0e71f3a9b524af6012062fe037a6")
-    check("password", "salt", 2, 20, "sha1", "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957")
-    check(
-        "password", "salt", 4096, 20, "sha1", "4b007901b765489abead49d926f721d065a429c1"
-    )
-    check(
-        "passwordPASSWORDpassword",
-        "saltSALTsaltSALTsaltSALTsaltSALTsalt",
-        4096,
-        25,
-        "sha1",
-        "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038",
-    )
-    check(
-        "pass\x00word", "sa\x00lt", 4096, 16, "sha1", "56fa6aa75548099dcc37d7f03425e0c3"
-    )
-
-    # PBKDF2-HMAC-SHA256 test vectors
-    check(
-        "password",
-        "salt",
-        1,
-        32,
-        "sha256",
-        "120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b",
-    )
-    check(
-        "password",
-        "salt",
-        2,
-        32,
-        "sha256",
-        "ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43",
-    )
-    check(
-        "password",
-        "salt",
-        4096,
-        20,
-        "sha256",
-        "c5e478d59288c841aa530db6845c4c8d962893a0",
-    )
-
-    # This one is from the RFC but it just takes for ages
-    # check('password', 'salt', 16777216, 20,
-    #       'eefe3d61cd4da4e4e9945b3d6ba2158c2634e984')
-
-    # From Crypt-PBKDF2
-    check(
-        "password",
-        "ATHENA.MIT.EDUraeburn",
-        1,
-        16,
-        "sha1",
-        "cdedb5281bb2f801565a1122b2563515",
-    )
-    check(
-        "password",
-        "ATHENA.MIT.EDUraeburn",
-        1,
-        32,
-        "sha1",
-        "cdedb5281bb2f801565a1122b25635150ad1f7a04bb9f3a333ecc0e2e1f70837",
-    )
-    check(
-        "password",
-        "ATHENA.MIT.EDUraeburn",
-        2,
-        16,
-        "sha1",
-        "01dbee7f4a9e243e988b62c73cda935d",
-    )
-    check(
-        "password",
-        "ATHENA.MIT.EDUraeburn",
-        2,
-        32,
-        "sha1",
-        "01dbee7f4a9e243e988b62c73cda935da05378b93244ec8f48a99e61ad799d86",
-    )
-    check(
-        "password",
-        "ATHENA.MIT.EDUraeburn",
-        1200,
-        32,
-        "sha1",
-        "5c08eb61fdf71e4e4ec3cf6ba1f5512ba7e52ddbc5e5142f708a31e2e62b1e13",
-    )
-    check(
-        "X" * 64,
-        "pass phrase equals block size",
-        1200,
-        32,
-        "sha1",
-        "139c30c0966bc32ba55fdbf212530ac9c5ec59f1a452f5cc9ad940fea0598ed1",
-    )
-    check(
-        "X" * 65,
-        "pass phrase exceeds block size",
-        1200,
-        32,
-        "sha1",
-        "9ccad6d468770cd51b10e6a68721be611a8b4d282601db3b36be9246915ec82a",
-    )

From 004b446eac19db2ff351a923fd594d4f23d67e90 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 15 Apr 2021 19:11:54 -0700
Subject: [PATCH 412/733] del invalidates cached_property

---
 CHANGES.rst           |  2 ++
 src/werkzeug/utils.py | 47 ++++++++++++++++++++++++++++++-------------
 tests/test_utils.py   | 34 +++++++++++--------------------
 3 files changed, 47 insertions(+), 36 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index c00c203af..c1c8f6ead 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -181,6 +181,8 @@ Unreleased
 -   Fix connection reset when exceeding max content size. :pr:`2051`
 -   ``pbkdf2_hex``, ``pbkdf2_bin``, and ``safe_str_cmp`` are deprecated.
     ``hashlib`` and ``hmac`` provide equivalents. :pr:`2083`
+-   ``invalidate_cached_property`` is deprecated. Use ``del obj.name``
+    instead. :pr:`2084`
 
 
 Version 1.0.2
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index d2deebbdb..5b314885c 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -47,20 +47,29 @@
 
 
 class cached_property(property):
-    """A decorator that converts a function into a lazy property.  The
-    function wrapped is called the first time to retrieve the result
-    and then that calculated result is used the next time you access
-    the value::
+    """A :func:`property` that is only evaluated once. Subsequent access
+    returns the cached value. Setting the property sets the cached
+    value. Deleting the property clears the cached value, accessing it
+    again will evaluate it again.
 
-        class Foo(object):
+    .. code-block:: python
 
+        class Example:
             @cached_property
-            def foo(self):
+            def value(self):
                 # calculate something important here
                 return 42
 
-    The class has to have a `__dict__` in order for this property to
-    work.
+        e = Example()
+        e.value  # evaluates
+        e.value  # uses cache
+        e.value = 16  # sets cache
+        del e.value  # clears cache
+
+    The class must have a ``__dict__`` for this to work.
+
+    .. versionchanged:: 2.0
+        ``del obj.name`` clears the cached value.
     """
 
     def __init__(
@@ -79,12 +88,18 @@ def __set__(self, obj: object, value: t.Any) -> None:
     def __get__(self, obj: object, type: type = None) -> t.Any:  # type: ignore
         if obj is None:
             return self
+
         value = obj.__dict__.get(self.__name__, _missing)
+
         if value is _missing:
             value = self.fget(obj)  # type: ignore
             obj.__dict__[self.__name__] = value
+
         return value
 
+    def __delete__(self, obj: object) -> None:
+        del obj.__dict__[self.__name__]
+
 
 def invalidate_cached_property(obj: object, name: str) -> None:
     """Invalidates the cache for a :class:`cached_property`:
@@ -107,13 +122,17 @@ def invalidate_cached_property(obj: object, name: str) -> None:
     42
 
     You must pass the name of the cached property as the second argument.
+
+    .. deprecated:: 2.0
+        Will be removed in Werkzeug 2.1. Use ``del obj.name`` instead.
     """
-    if not isinstance(getattr(obj.__class__, name, None), cached_property):
-        raise TypeError(
-            f"Attribute {name!r} of object {obj} is not a"
-            " cached_property, cannot be invalidated."
-        )
-    del obj.__dict__[name]
+    warnings.warn(
+        "'invalidate_cached_property' is deprecated and will be removed"
+        " in Werkzeug 2.1. Use 'del obj.name' instead.",
+        DeprecationWarning,
+        stacklevel=2,
+    )
+    delattr(obj, name)
 
 
 class environ_property(_DictAccessorProperty[_TAccessorValue]):
diff --git a/tests/test_utils.py b/tests/test_utils.py
index 65ca23a47..52c6f84f7 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -94,40 +94,30 @@ def _prop(self):
     assert a._prop == "value"
 
 
-def test_can_invalidate_cached_property():
-    foo = []
+def test_invalidate_cached_property():
+    accessed = 0
 
     class A:
+        @utils.cached_property
         def prop(self):
-            foo.append(42)
+            nonlocal accessed
+            accessed += 1
             return 42
 
-        prop = utils.cached_property(prop)
-
     a = A()
     p = a.prop
     q = a.prop
     assert p == q == 42
-    assert foo == [42]
+    assert accessed == 1
+
+    a.prop = 16
+    assert a.prop == 16
+    assert accessed == 1
 
-    utils.invalidate_cached_property(a, "prop")
+    del a.prop
     r = a.prop
     assert r == 42
-    assert foo == [42, 42]
-
-    s = a.prop
-    assert s == 42
-    assert foo == [42, 42]
-
-
-def test_invalidate_cached_property_on_non_property():
-    class A:
-        def __init__(self):
-            self.prop = 42
-
-    a = A()
-    with pytest.raises(TypeError):
-        utils.invalidate_cached_property(a, "prop")
+    assert accessed == 2
 
 
 def test_inspect_treats_cached_property_as_property():

From 0193b7dda50f12d04c35384d8b60a4ee161193d9 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 15 Apr 2021 21:15:52 -0700
Subject: [PATCH 413/733] deprecate urls.Href

---
 CHANGES.rst          |  2 ++
 src/werkzeug/urls.py | 11 +++++++++++
 tests/test_urls.py   | 35 -----------------------------------
 3 files changed, 13 insertions(+), 35 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index c1c8f6ead..583ea5a29 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -183,6 +183,8 @@ Unreleased
     ``hashlib`` and ``hmac`` provide equivalents. :pr:`2083`
 -   ``invalidate_cached_property`` is deprecated. Use ``del obj.name``
     instead. :pr:`2084`
+-   ``Href`` is deprecated. Use ``werkzeug.routing`` instead.
+    :pr:`2085`
 
 
 Version 1.0.2
diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py
index 63f18104c..baf44a931 100644
--- a/src/werkzeug/urls.py
+++ b/src/werkzeug/urls.py
@@ -1152,11 +1152,22 @@ class Href:
     >>> href(a=1, b=2, c=3)
     '/?a=1&b=2&c=3'
 
+    .. deprecated:: 2.0
+        Will be removed in Werkzeug 2.1. Use :mod:`werkzeug.routing`
+        instead.
+
     .. versionadded:: 0.5
         `sort` and `key` were added.
     """
 
     def __init__(self, base="./", charset="utf-8", sort=False, key=None):
+        warnings.warn(
+            "'Href' is deprecated and will be removed in Werkzeug 2.1."
+            " Use 'werkzeug.routing' instead.",
+            DeprecationWarning,
+            stacklevel=2,
+        )
+
         if not base:
             base = "./"
         self.base = base
diff --git a/tests/test_urls.py b/tests/test_urls.py
index 9f9fcae86..218ab61b0 100644
--- a/tests/test_urls.py
+++ b/tests/test_urls.py
@@ -274,41 +274,6 @@ def test_multidict_encoding():
     )
 
 
-def test_href():
-    x = urls.Href("http://www.example.com/")
-    assert x("foo") == "http://www.example.com/foo"
-    assert x.foo("bar") == "http://www.example.com/foo/bar"
-    assert x.foo("bar", x=42) == "http://www.example.com/foo/bar?x=42"
-    assert x.foo("bar", class_=42) == "http://www.example.com/foo/bar?class=42"
-    assert x.foo("bar", {"class": 42}) == "http://www.example.com/foo/bar?class=42"
-    pytest.raises(AttributeError, lambda: x.__blah__)
-
-    x = urls.Href("blah")
-    assert x.foo("bar") == "blah/foo/bar"
-
-    pytest.raises(TypeError, x.foo, {"foo": 23}, x=42)
-
-    x = urls.Href("")
-    assert x("foo") == "foo"
-
-
-def test_href_url_join():
-    x = urls.Href("test")
-    assert x("foo:bar") == "test/foo:bar"
-    assert x("http://example.com/") == "test/http://example.com/"
-    assert x.a() == "test/a"
-
-
-def test_href_past_root():
-    base_href = urls.Href("http://www.blagga.com/1/2/3")
-    assert base_href("../foo") == "http://www.blagga.com/1/2/foo"
-    assert base_href("../../foo") == "http://www.blagga.com/1/foo"
-    assert base_href("../../../foo") == "http://www.blagga.com/foo"
-    assert base_href("../../../../foo") == "http://www.blagga.com/foo"
-    assert base_href("../../../../../foo") == "http://www.blagga.com/foo"
-    assert base_href("../../../../../../foo") == "http://www.blagga.com/foo"
-
-
 def test_url_unquote_plus_unicode():
     # was broken in 0.6
     assert urls.url_unquote_plus("\x6d") == "\x6d"

From b2b27e399f3613b44c83ea5dbe5d422b85d33828 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 15 Apr 2021 21:16:25 -0700
Subject: [PATCH 414/733] deprecate detect_utf_encoding

---
 src/werkzeug/utils.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index 5b314885c..cad786c76 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -356,8 +356,18 @@ def detect_utf_encoding(data: bytes) -> str:
     :param data: Bytes in unknown UTF encoding.
     :return: UTF encoding name
 
+    .. deprecated:: 2.0
+        Will be removed in Werkzeug 2.1. This is built in to
+        :func:`json.loads`.
+
     .. versionadded:: 0.15
     """
+    warnings.warn(
+        "'detect_utf_encoding' is deprecated and will be removed in"
+        " Werkzeug 2.1. This is built in to 'json.loads'.",
+        DeprecationWarning,
+        stacklevel=2,
+    )
     head = data[:4]
 
     if head[:3] == codecs.BOM_UTF8:

From 03979aaff2b8020fd6fd52e69745950d484e3fa5 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 15 Apr 2021 21:20:20 -0700
Subject: [PATCH 415/733] deprecate dict.has_key

---
 src/werkzeug/datastructures.py | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index 1c7b27da6..69c105593 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -2,6 +2,7 @@
 import codecs
 import mimetypes
 import re
+import warnings
 from collections.abc import Collection
 from collections.abc import MutableSet
 from copy import deepcopy
@@ -1072,7 +1073,19 @@ def __contains__(self, key):
             return False
         return True
 
-    has_key = __contains__
+    def has_key(self, key):
+        """
+        .. deprecated:: 2.0
+            Will be removed in Werkzeug 2.1. Use ``key in data``
+            instead.
+        """
+        warnings.warn(
+            "'has_key' is deprecated and will be removed in Werkzeug"
+            " 2.1. Use 'key in data' instead.",
+            DeprecationWarning,
+            stacklevel=2,
+        )
+        return key in self
 
     def __iter__(self):
         """Yield ``(key, value)`` tuples."""
@@ -1525,7 +1538,19 @@ def __contains__(self, key):
                 return True
         return False
 
-    has_key = __contains__
+    def has_key(self, key):
+        """
+        .. deprecated:: 2.0
+            Will be removed in Werkzeug 2.1. Use ``key in data``
+            instead.
+        """
+        warnings.warn(
+            "'has_key' is deprecated and will be removed in Werkzeug"
+            " 2.1. Use 'key in data' instead.",
+            DeprecationWarning,
+            stacklevel=2,
+        )
+        return key in self
 
     def __repr__(self):
         return f"{type(self).__name__}({self.dicts!r})"

From 7d9d5a8d72a31c9c6f30741a83e8f4155dec5037 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 15 Apr 2021 21:46:21 -0700
Subject: [PATCH 416/733] deprecate disable_data_descriptor

Check shallow in stream only, everything else reads from there.
---
 CHANGES.rst                      |  2 +
 src/werkzeug/wrappers/request.py | 69 +++++++++++++++-----------------
 tests/test_wrappers.py           |  4 +-
 3 files changed, 38 insertions(+), 37 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 583ea5a29..948cc516c 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -185,6 +185,8 @@ Unreleased
     instead. :pr:`2084`
 -   ``Href`` is deprecated. Use ``werkzeug.routing`` instead.
     :pr:`2085`
+-   ``Request.disable_data_descriptor`` is deprecated. Create the
+    request with ``shallow=True`` instead. :pr:`2085`
 
 
 Version 1.0.2
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index 1e243eb10..255913772 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -83,11 +83,15 @@ class Request(_SansIORequest):
     #: the form date parsing.
     form_data_parser_class: t.Type[FormDataParser] = FormDataParser
 
-    #: Indicates whether the data descriptor should be allowed to read and
-    #: buffer up the input stream.  By default it's enabled.
+    #: Disable the :attr:`data` property to avoid reading from the input
+    #: stream.
+    #:
+    #: .. deprecated:: 2.0
+    #:     Will be removed in Werkzeug 2.1. Create the request with
+    #:     ``shallow=True`` instead.
     #:
     #: .. versionadded:: 0.9
-    disable_data_descriptor: bool = False
+    disable_data_descriptor: t.Optional[bool] = None
 
     #: The WSGI environment containing HTTP headers and information from
     #: the WSGI server.
@@ -119,9 +123,21 @@ def __init__(
             remote_addr=environ.get("REMOTE_ADDR"),
         )
         self.environ = environ
+
+        if self.disable_data_descriptor is not None:
+            warnings.warn(
+                "'disable_data_descriptor' is deprecated and will be"
+                " removed in Werkzeug 2.1. Create the request with"
+                " 'shallow=True' instead.",
+                DeprecationWarning,
+                stacklevel=2,
+            )
+            shallow = shallow or self.disable_data_descriptor
+
+        self.shallow = shallow
+
         if populate_request and not shallow:
             self.environ["werkzeug.request"] = self
-        self.shallow = shallow
 
     @classmethod
     def from_values(cls, *args, **kwargs) -> "Request":
@@ -227,8 +243,8 @@ def _get_file_stream(
 
     @property
     def want_form_data_parsed(self) -> bool:
-        """Returns True if the request method carries content.  As of
-        Werkzeug 0.9 this will be the case if a content type is transmitted.
+        """``True`` if the request method carries content. By default
+        this is true if a ``Content-Type`` is sent.
 
         .. versionadded:: 0.8
         """
@@ -262,8 +278,6 @@ def _load_form_data(self) -> None:
         if "form" in self.__dict__:
             return
 
-        _assert_not_shallow(self)
-
         if self.want_form_data_parsed:
             parser = self.make_form_data_parser()
             data = parser.parse(
@@ -331,7 +345,12 @@ def stream(self) -> t.BinaryIO:
            form parser later on.  Previously the stream was only set if no
            parsing happened.
         """
-        _assert_not_shallow(self)
+        if self.shallow:
+            raise RuntimeError(
+                "This request was created with 'shallow=True', reading"
+                " from the input stream is disabled."
+            )
+
         return get_input_stream(self.environ)
 
     input_stream = environ_property[t.BinaryIO](
@@ -349,16 +368,6 @@ def data(self) -> bytes:
         Contains the incoming request data as string in case it came with
         a mimetype Werkzeug does not handle.
         """
-
-        if self.disable_data_descriptor:
-            raise AttributeError("data descriptor is disabled")
-        # XXX: this should eventually be deprecated.
-
-        # We trigger form data parsing first which means that the descriptor
-        # will not cache the data that would otherwise be .form or .files
-        # data.  This restores the behavior that was there in Werkzeug
-        # before 0.9.  New code should use :meth:`get_data` explicitly as
-        # this will make behavior explicit.
         return self.get_data(parse_form_data=True)
 
     def get_data(
@@ -583,29 +592,17 @@ def on_json_loading_failed(self, e: ValueError) -> t.Any:
         raise BadRequest(f"Failed to decode JSON object: {e}")
 
 
-def _assert_not_shallow(request: Request) -> None:
-    if request.shallow:
-        raise RuntimeError(
-            "A shallow request tried to consume form data. If you really"
-            " want to do that, set `shallow` to False."
-        )
-
-
 class StreamOnlyMixin:
     """Mixin to create a ``Request`` that disables the ``data``,
     ``form``, and ``files`` properties. Only ``stream`` is available.
 
     .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. You likely want to create the
-        request with ``shallow=True`` instead. Or subclass and set
-        ``disable_data_descriptor`` and ``want_form_data_parsed``.
+        Will be removed in Werkzeug 2.1. Create the request with
+        ``shallow=True`` instead.
 
     .. versionadded:: 0.9
     """
 
-    disable_data_descriptor = True
-    want_form_data_parsed = False
-
     def __init__(self, *args, **kwargs):
         warnings.warn(
             "'StreamOnlyMixin' is deprecated and will be removed in"
@@ -614,6 +611,7 @@ def __init__(self, *args, **kwargs):
             DeprecationWarning,
             stacklevel=2,
         )
+        kwargs["shallow"] = True
         super().__init__(*args, **kwargs)
 
 
@@ -621,9 +619,8 @@ class PlainRequest(StreamOnlyMixin, Request):
     """A request object without ``data``, ``form``, and ``files``.
 
     .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. You likely want to create the
-        request with ``shallow=True`` instead. Or subclass and set
-        ``disable_data_descriptor`` and ``want_form_data_parsed``.
+        Will be removed in Werkzeug 2.1. Create the request with
+        ``shallow=True`` instead.
 
     .. versionadded:: 0.9
     """
diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py
index e683c3b22..bf9fd6d92 100644
--- a/tests/test_wrappers.py
+++ b/tests/test_wrappers.py
@@ -1021,7 +1021,9 @@ def test_shallow_mode():
         shallow=True,
     )
     assert request.args["foo"] == "bar"
-    pytest.raises(RuntimeError, lambda: request.form["foo"])
+    pytest.raises(RuntimeError, lambda: request.stream)
+    pytest.raises(RuntimeError, lambda: request.data)
+    pytest.raises(RuntimeError, lambda: request.form)
 
 
 def test_form_parsing_failed():

From ba0247874d744b602dd13dd3410ace2221981a2c Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 15 Apr 2021 21:55:24 -0700
Subject: [PATCH 417/733] rename cache_property to cache_control_property

---
 src/werkzeug/datastructures.py | 48 ++++++++++++++++++++++------------
 1 file changed, 31 insertions(+), 17 deletions(-)

diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index 69c105593..9b7056a2c 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -1966,9 +1966,13 @@ def _normalize(name):
         return item == "*" or _normalize(value) == _normalize(item)
 
 
-def cache_property(key, empty, type):
-    """Return a new property object for a cache header.  Useful if you
-    want to add support for a cache extension in a subclass."""
+def cache_control_property(key, empty, type):
+    """Return a new property object for a cache header. Useful if you
+    want to add support for a cache extension in a subclass.
+
+    .. versionchanged:: 2.0
+        Renamed from ``cache_property``.
+    """
     return property(
         lambda x: x._get_cache_value(key, empty, type),
         lambda x, v: x._set_cache_value(key, v, type),
@@ -1977,6 +1981,16 @@ def cache_property(key, empty, type):
     )
 
 
+def cache_property(key, empty, type):
+    warnings.warn(
+        "'cache_property' is renamed to 'cache_control_property'. The"
+        " old name is deprecated and will be removed in Werkzeug 2.1.",
+        DeprecationWarning,
+        stacklevel=2,
+    )
+    return cache_control_property(key, empty, type)
+
+
 class _CacheControl(UpdateDictMixin, dict):
     """Subclass of a dict that stores values for a Cache-Control header.  It
     has accessors for all the cache-control directives specified in RFC 2616.
@@ -2009,10 +2023,10 @@ class _CacheControl(UpdateDictMixin, dict):
        no longer existing `CacheControl` class.
     """
 
-    no_cache = cache_property("no-cache", "*", None)
-    no_store = cache_property("no-store", None, bool)
-    max_age = cache_property("max-age", -1, int)
-    no_transform = cache_property("no-transform", None, None)
+    no_cache = cache_control_property("no-cache", "*", None)
+    no_store = cache_control_property("no-store", None, bool)
+    max_age = cache_control_property("max-age", -1, int)
+    no_transform = cache_control_property("no-transform", None, None)
 
     def __init__(self, values=(), on_update=None):
         dict.__init__(self, values or ())
@@ -2066,7 +2080,7 @@ def __repr__(self):
         kv_str = " ".join(f"{k}={v!r}" for k, v in sorted(self.items()))
         return f"<{type(self).__name__} {kv_str}>"
 
-    cache_property = staticmethod(cache_property)
+    cache_property = staticmethod(cache_control_property)
 
 
 class RequestCacheControl(ImmutableDictMixin, _CacheControl):
@@ -2083,9 +2097,9 @@ class RequestCacheControl(ImmutableDictMixin, _CacheControl):
        both for request and response.
     """
 
-    max_stale = cache_property("max-stale", "*", int)
-    min_fresh = cache_property("min-fresh", "*", int)
-    only_if_cached = cache_property("only-if-cached", None, bool)
+    max_stale = cache_control_property("max-stale", "*", int)
+    min_fresh = cache_control_property("min-fresh", "*", int)
+    only_if_cached = cache_control_property("only-if-cached", None, bool)
 
 
 class ResponseCacheControl(_CacheControl):
@@ -2103,12 +2117,12 @@ class ResponseCacheControl(_CacheControl):
        both for request and response.
     """
 
-    public = cache_property("public", None, bool)
-    private = cache_property("private", "*", None)
-    must_revalidate = cache_property("must-revalidate", None, bool)
-    proxy_revalidate = cache_property("proxy-revalidate", None, bool)
-    s_maxage = cache_property("s-maxage", None, None)
-    immutable = cache_property("immutable", None, bool)
+    public = cache_control_property("public", None, bool)
+    private = cache_control_property("private", "*", None)
+    must_revalidate = cache_control_property("must-revalidate", None, bool)
+    proxy_revalidate = cache_control_property("proxy-revalidate", None, bool)
+    s_maxage = cache_control_property("s-maxage", None, None)
+    immutable = cache_control_property("immutable", None, bool)
 
 
 def csp_property(key):

From e28eb930e1b493965440bb5a0417e0a45e966141 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 15 Apr 2021 22:10:32 -0700
Subject: [PATCH 418/733] deprecate url_decode_stream return_iterator

---
 src/werkzeug/urls.py | 14 +++++++-------
 tests/test_urls.py   | 13 -------------
 2 files changed, 7 insertions(+), 20 deletions(-)

diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py
index baf44a931..d9edb8860 100644
--- a/src/werkzeug/urls.py
+++ b/src/werkzeug/urls.py
@@ -885,8 +885,6 @@ def url_decode_stream(
     directly fed to the `cls` so you can consume the data while it's
     parsed.
 
-    .. versionadded:: 0.8
-
     :param stream: a stream with the encoded querystring
     :param charset: the charset of the query string.  If set to `None`
         no decoding will take place.
@@ -898,13 +896,10 @@ def url_decode_stream(
                        or `None` the default :class:`MultiDict` is used.
     :param limit: the content length of the URL data.  Not necessary if
                   a limited stream is provided.
-    :param return_iterator: if set to `True` the `cls` argument is ignored
-                            and an iterator over all decoded pairs is
-                            returned
 
     .. versionchanged:: 2.0
-        The ``decode_keys`` parameter is deprecated and will be removed
-        in Werkzeug 2.1.
+        The ``decode_keys`` and ``return_iterator`` parameters are
+        deprecated and will be removed in Werkzeug 2.1.
 
     .. versionadded:: 0.8
     """
@@ -921,6 +916,11 @@ def url_decode_stream(
     decoder = _url_decode_impl(pair_iter, charset, include_empty, errors)
 
     if return_iterator:
+        warnings.warn(
+            "'return_iterator' is deprecated and will be removed in Werkzeug 2.1.",
+            DeprecationWarning,
+            stacklevel=2,
+        )
         return decoder  # type: ignore
 
     if cls is None:
diff --git a/tests/test_urls.py b/tests/test_urls.py
index 218ab61b0..a409709c4 100644
--- a/tests/test_urls.py
+++ b/tests/test_urls.py
@@ -104,19 +104,6 @@ def test_url_bytes_decoding():
     assert x[b"uni"] == "Hänsel".encode()
 
 
-def test_streamed_url_decoding():
-    item1 = "a" * 100000
-    item2 = "b" * 400
-    string = (f"a={item1}&b={item2}&c={item2}").encode("ascii")
-    gen = urls.url_decode_stream(
-        io.BytesIO(string), limit=len(string), return_iterator=True
-    )
-    assert next(gen) == ("a", item1)
-    assert next(gen) == ("b", item2)
-    assert next(gen) == ("c", item2)
-    pytest.raises(StopIteration, lambda: next(gen))
-
-
 def test_stream_decoding_string_fails():
     pytest.raises(TypeError, urls.url_decode_stream, "testing")
 

From a397cb29d91f6d97d60a8ab4f6d054b615556c79 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 15 Apr 2021 22:25:27 -0700
Subject: [PATCH 419/733] deprecated HTTPException.wrap

---
 CHANGES.rst                |  3 ++-
 src/werkzeug/exceptions.py | 49 ++++++++++++++++++++++++++++++++++----
 2 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 948cc516c..91f03404d 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -187,7 +187,8 @@ Unreleased
     :pr:`2085`
 -   ``Request.disable_data_descriptor`` is deprecated. Create the
     request with ``shallow=True`` instead. :pr:`2085`
-
+-   ``HTTPException.wrap`` is deprecated. Create a subclass manually
+    instead. :pr:`2085`
 
 Version 1.0.2
 -------------
diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py
index afc14c3de..daceb2df3 100644
--- a/src/werkzeug/exceptions.py
+++ b/src/werkzeug/exceptions.py
@@ -45,6 +45,7 @@ def application(request):
 """
 import sys
 import typing as t
+import warnings
 from datetime import datetime
 from html import escape
 
@@ -90,6 +91,10 @@ def wrap(
         the wrapped exception message is added to the HTTP error
         description.
 
+        .. deprecated:: 2.0
+            Will be removed in Werkzeug 2.1. Create a subclass manually
+            instead.
+
         .. versionchanged:: 0.15.5
             The ``show_exception`` attribute controls whether the
             description includes the wrapped exception message.
@@ -97,6 +102,12 @@ def wrap(
         .. versionchanged:: 0.15.0
             The description includes the wrapped exception message.
         """
+        warnings.warn(
+            "'HTTPException.wrap' is deprecated and will be removed in"
+            " Werkzeug 2.1. Create a subclass manually instead.",
+            DeprecationWarning,
+            stacklevel=2,
+        )
 
         class newcls(cls, exception):  # type: ignore
             _description = cls.description
@@ -223,6 +234,40 @@ class BadRequest(HTTPException):
     )
 
 
+class BadRequestKeyError(BadRequest, KeyError):
+    """An exception that is used to signal both a :exc:`KeyError` and a
+    :exc:`BadRequest`. Used by many of the datastructures.
+    """
+
+    _description = BadRequest.description
+    #: Show the KeyError along with the HTTP error message in the
+    #: response. This should be disabled in production, but can be
+    #: useful in a debug mode.
+    show_exception = False
+
+    def __init__(self, arg=None, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        if arg is None:
+            KeyError.__init__(self)
+        else:
+            KeyError.__init__(self, arg)
+
+    @property  # type: ignore
+    def description(self) -> str:  # type: ignore
+        if self.show_exception:
+            return (
+                f"{self._description}\n"
+                f"{KeyError.__name__}: {KeyError.__str__(self)}"
+            )
+
+        return self._description
+
+    @description.setter
+    def description(self, value):
+        self._description = value
+
+
 class ClientDisconnected(BadRequest):
     """Internal exception that is raised if Werkzeug detects a disconnected
     client.  Since the client is already gone at that point attempting to
@@ -882,7 +927,3 @@ def abort(status: t.Union[int, "Response"], *args, **kwargs) -> t.NoReturn:
 
 
 _aborter: Aborter = Aborter()
-
-#: An exception that is used to signal both a :exc:`KeyError` and a
-#: :exc:`BadRequest`. Used by many of the datastructures.
-BadRequestKeyError = BadRequest.wrap(KeyError)

From 9dfb9377a3e84aa9097b9ae42589fe59cfeed88d Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 16 Apr 2021 08:29:08 -0700
Subject: [PATCH 420/733] update pallets-sphinx-themes

---
 requirements/dev.txt  | 2 +-
 requirements/docs.in  | 2 +-
 requirements/docs.txt | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index b40d75d27..e34dc00e5 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -58,7 +58,7 @@ packaging==20.8
     #   pytest
     #   sphinx
     #   tox
-pallets-sphinx-themes==1.2.3
+pallets-sphinx-themes==2.0.0rc1
     # via -r requirements/docs.in
 pip-tools==5.5.0
     # via -r requirements/dev.in
diff --git a/requirements/docs.in b/requirements/docs.in
index 7ec501b6d..1862ddd59 100644
--- a/requirements/docs.in
+++ b/requirements/docs.in
@@ -1,4 +1,4 @@
-Pallets-Sphinx-Themes
+Pallets-Sphinx-Themes >= 2.0.0rc1
 Sphinx
 sphinx-issues
 sphinxcontrib-log-cabinet
diff --git a/requirements/docs.txt b/requirements/docs.txt
index 97c9f8980..b0028ebcb 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -26,7 +26,7 @@ packaging==20.8
     # via
     #   pallets-sphinx-themes
     #   sphinx
-pallets-sphinx-themes==1.2.3
+pallets-sphinx-themes==2.0.0rc1
     # via -r requirements/docs.in
 pygments==2.7.3
     # via sphinx

From b933a61c4bc189ec8e8d2be7443bc8e4337c995a Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 16 Apr 2021 08:29:49 -0700
Subject: [PATCH 421/733] update requirements

---
 .pre-commit-config.yaml |  2 +-
 requirements/dev.txt    | 37 ++++++++++++++++++++-----------------
 requirements/docs.txt   | 10 +++++-----
 requirements/tests.txt  | 10 +++++-----
 requirements/typing.txt |  6 +++---
 5 files changed, 34 insertions(+), 31 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 6195252fd..9d5d18d36 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -20,7 +20,7 @@ repos:
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8
-    rev: 3.9.0
+    rev: 3.9.1
     hooks:
       - id: flake8
         additional_dependencies:
diff --git a/requirements/dev.txt b/requirements/dev.txt
index e34dc00e5..e62b2ad6b 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -14,7 +14,7 @@ babel==2.9.0
     # via sphinx
 certifi==2020.12.5
     # via requests
-cffi==1.14.4
+cffi==1.14.5
     # via cryptography
 cfgv==3.2.0
     # via pre-commit
@@ -22,7 +22,7 @@ chardet==4.0.0
     # via requests
 click==7.1.2
     # via pip-tools
-cryptography==3.4.6
+cryptography==3.4.7
     # via -r requirements/tests.in
 distlib==0.3.1
     # via virtualenv
@@ -34,7 +34,7 @@ filelock==3.0.12
     #   virtualenv
 greenlet==1.0.0
     # via -r requirements/tests.in
-identify==1.5.12
+identify==2.2.3
     # via pre-commit
 idna==2.10
     # via requests
@@ -50,9 +50,9 @@ mypy-extensions==0.4.3
     # via mypy
 mypy==0.812
     # via -r requirements/typing.in
-nodeenv==1.5.0
+nodeenv==1.6.0
     # via pre-commit
-packaging==20.8
+packaging==20.9
     # via
     #   pallets-sphinx-themes
     #   pytest
@@ -60,13 +60,15 @@ packaging==20.8
     #   tox
 pallets-sphinx-themes==2.0.0rc1
     # via -r requirements/docs.in
-pip-tools==5.5.0
+pep517==0.10.0
+    # via pip-tools
+pip-tools==6.1.0
     # via -r requirements/dev.in
 pluggy==0.13.1
     # via
     #   pytest
     #   tox
-pre-commit==2.10.1
+pre-commit==2.12.0
     # via -r requirements/dev.in
 psutil==5.8.0
     # via pytest-xprocess
@@ -76,23 +78,23 @@ py==1.10.0
     #   tox
 pycparser==2.20
     # via cffi
-pygments==2.7.3
+pygments==2.8.1
     # via sphinx
 pyparsing==2.4.7
     # via packaging
 pytest-timeout==1.4.2
     # via -r requirements/tests.in
-pytest-xprocess==0.17.0
+pytest-xprocess==0.17.1
     # via -r requirements/tests.in
-pytest==6.2.2
+pytest==6.2.3
     # via
     #   -r requirements/tests.in
     #   -r requirements/typing.in
     #   pytest-timeout
     #   pytest-xprocess
-pytz==2020.5
+pytz==2021.1
     # via babel
-pyyaml==5.3.1
+pyyaml==5.4.1
     # via pre-commit
 requests==2.25.1
     # via sphinx
@@ -100,11 +102,11 @@ six==1.15.0
     # via
     #   tox
     #   virtualenv
-snowballstemmer==2.0.0
+snowballstemmer==2.1.0
     # via sphinx
 sphinx-issues==1.2.0
     # via -r requirements/docs.in
-sphinx==3.5.1
+sphinx==3.5.4
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
@@ -126,18 +128,19 @@ sphinxcontrib-serializinghtml==1.1.4
     # via sphinx
 toml==0.10.2
     # via
+    #   pep517
     #   pre-commit
     #   pytest
     #   tox
-tox==3.22.0
+tox==3.23.0
     # via -r requirements/dev.in
-typed-ast==1.4.2
+typed-ast==1.4.3
     # via mypy
 typing-extensions==3.7.4.3
     # via mypy
 urllib3==1.26.4
     # via requests
-virtualenv==20.3.0
+virtualenv==20.4.3
     # via
     #   pre-commit
     #   tox
diff --git a/requirements/docs.txt b/requirements/docs.txt
index b0028ebcb..9b58c504b 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -22,25 +22,25 @@ jinja2==2.11.3
     # via sphinx
 markupsafe==1.1.1
     # via jinja2
-packaging==20.8
+packaging==20.9
     # via
     #   pallets-sphinx-themes
     #   sphinx
 pallets-sphinx-themes==2.0.0rc1
     # via -r requirements/docs.in
-pygments==2.7.3
+pygments==2.8.1
     # via sphinx
 pyparsing==2.4.7
     # via packaging
-pytz==2020.5
+pytz==2021.1
     # via babel
 requests==2.25.1
     # via sphinx
-snowballstemmer==2.0.0
+snowballstemmer==2.1.0
     # via sphinx
 sphinx-issues==1.2.0
     # via -r requirements/docs.in
-sphinx==3.5.1
+sphinx==3.5.4
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 7668780f7..e6063440b 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -6,15 +6,15 @@
 #
 attrs==20.3.0
     # via pytest
-cffi==1.14.4
+cffi==1.14.5
     # via cryptography
-cryptography==3.4.6
+cryptography==3.4.7
     # via -r requirements/tests.in
 greenlet==1.0.0
     # via -r requirements/tests.in
 iniconfig==1.1.1
     # via pytest
-packaging==20.8
+packaging==20.9
     # via pytest
 pluggy==0.13.1
     # via pytest
@@ -28,9 +28,9 @@ pyparsing==2.4.7
     # via packaging
 pytest-timeout==1.4.2
     # via -r requirements/tests.in
-pytest-xprocess==0.17.0
+pytest-xprocess==0.17.1
     # via -r requirements/tests.in
-pytest==6.2.2
+pytest==6.2.3
     # via
     #   -r requirements/tests.in
     #   pytest-timeout
diff --git a/requirements/typing.txt b/requirements/typing.txt
index 0015e2177..ba1a9f23a 100644
--- a/requirements/typing.txt
+++ b/requirements/typing.txt
@@ -12,7 +12,7 @@ mypy-extensions==0.4.3
     # via mypy
 mypy==0.812
     # via -r requirements/typing.in
-packaging==20.8
+packaging==20.9
     # via pytest
 pluggy==0.13.1
     # via pytest
@@ -20,11 +20,11 @@ py==1.10.0
     # via pytest
 pyparsing==2.4.7
     # via packaging
-pytest==6.2.2
+pytest==6.2.3
     # via -r requirements/typing.in
 toml==0.10.2
     # via pytest
-typed-ast==1.4.2
+typed-ast==1.4.3
     # via mypy
 typing-extensions==3.7.4.3
     # via mypy

From 2e9a667aaf32c83f30fd74b7472e0d172bcd33b8 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 16 Apr 2021 08:31:42 -0700
Subject: [PATCH 422/733] update deprecated pre-commit hook

---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 9d5d18d36..c21aea80f 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -29,7 +29,7 @@ repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v3.4.0
     hooks:
-      - id: check-byte-order-marker
+      - id: fix-byte-order-marker
       - id: trailing-whitespace
       - id: end-of-file-fixer
         exclude: "^tests/.*.http$"

From 99a235bbc07cd0ac9481b9bb61fe682321ec206a Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 16 Apr 2021 08:30:33 -0700
Subject: [PATCH 423/733] release version 2.0.0rc4

---
 src/werkzeug/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index 52238e5c3..a745e3e25 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -3,4 +3,4 @@
 from .wrappers import Request
 from .wrappers import Response
 
-__version__ = "2.0.0rc4.dev"
+__version__ = "2.0.0rc4"

From 33830cbd44520e441249008e3dc3dca6a5dcb4c4 Mon Sep 17 00:00:00 2001
From: Karthikeyan Singaravelan 
Date: Sat, 17 Apr 2021 07:57:24 +0000
Subject: [PATCH 424/733] Set daemon attribute instead of using setDaemon
 method that was deprecated in Python 3.10

---
 examples/cupoftee/application.py | 2 +-
 src/werkzeug/_reloader.py        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/cupoftee/application.py b/examples/cupoftee/application.py
index 2b549bfb4..7b65f5f05 100644
--- a/examples/cupoftee/application.py
+++ b/examples/cupoftee/application.py
@@ -84,7 +84,7 @@ def __init__(self, database, interval=120):
         self.db = Database(database)
         self.master = ServerBrowser(self)
         self.updater = Thread(None, self.update_master)
-        self.updater.setDaemon(True)
+        self.updater.daemon = True
         self.updater.start()
 
     def update_master(self):
diff --git a/src/werkzeug/_reloader.py b/src/werkzeug/_reloader.py
index ab0966b8a..ace5e19d7 100644
--- a/src/werkzeug/_reloader.py
+++ b/src/werkzeug/_reloader.py
@@ -417,7 +417,7 @@ def run_with_reloader(
         if os.environ.get("WERKZEUG_RUN_MAIN") == "true":
             ensure_echo_on()
             t = threading.Thread(target=main_func, args=())
-            t.setDaemon(True)
+            t.daemon = True
 
             # Enter the reloader to set up initial state, then start
             # the app thread and reloader update loop.

From 7cf5de9afab90bb7323f3aa950fe3e4011247b06 Mon Sep 17 00:00:00 2001
From: Kai 
Date: Sat, 24 Apr 2021 03:49:06 +0200
Subject: [PATCH 425/733] Update manage-plnt.py

---
 examples/manage-plnt.py | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/examples/manage-plnt.py b/examples/manage-plnt.py
index ff083b88b..226570d57 100755
--- a/examples/manage-plnt.py
+++ b/examples/manage-plnt.py
@@ -30,31 +30,33 @@ def initdb():
     blogs = [
         Blog(
             "Armin Ronacher",
-            "http://lucumr.pocoo.org/",
-            "http://lucumr.pocoo.org/cogitations/feed/",
+            "https://lucumr.pocoo.org/",
+            "https://lucumr.pocoo.org/feed.atom",
         ),
         Blog(
             "Georg Brandl",
-            "http://pyside.blogspot.com/",
-            "http://pyside.blogspot.com/feeds/posts/default",
+            "https://pyside.blogspot.com/",
+            "https://pyside.blogspot.com/feeds/posts/default",
         ),
         Blog(
             "Ian Bicking",
-            "http://blog.ianbicking.org/",
-            "http://blog.ianbicking.org/feed/",
+            "https://blog.ianbicking.org/",
+            "https://blog.ianbicking.org/feed/",
         ),
         Blog(
-            "Amir Salihefendic", "http://amix.dk/", "http://feeds.feedburner.com/amixdk"
+            "Amir Salihefendic",
+            "http://amix.dk/",
+            "https://feeds.feedburner.com/amixdk"
         ),
         Blog(
             "Christopher Lenz",
-            "http://www.cmlenz.net/blog/",
-            "http://www.cmlenz.net/blog/atom.xml",
+            "https://www.cmlenz.net/blog/",
+            "https://www.cmlenz.net/blog/atom.xml",
         ),
         Blog(
             "Frederick Lundh",
-            "http://online.effbot.org/",
-            "http://online.effbot.org/rss.xml",
+            "https://effbot.org/",
+            "https://effbot.org/rss.xml",
         ),
     ]
     # okay. got tired here.  if someone feels that he is missing, drop me

From 30642f44938e05ec685e90f56abec17e5c71517d Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Sat, 24 Apr 2021 02:01:04 +0000
Subject: [PATCH 426/733] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 examples/manage-plnt.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/manage-plnt.py b/examples/manage-plnt.py
index 226570d57..c843bcb96 100755
--- a/examples/manage-plnt.py
+++ b/examples/manage-plnt.py
@@ -46,7 +46,7 @@ def initdb():
         Blog(
             "Amir Salihefendic",
             "http://amix.dk/",
-            "https://feeds.feedburner.com/amixdk"
+            "https://feeds.feedburner.com/amixdk",
         ),
         Blog(
             "Christopher Lenz",

From aebb04478a91ebc1cb879e97af702a1465a7745a Mon Sep 17 00:00:00 2001
From: Adrian Moennich 
Date: Mon, 19 Apr 2021 19:15:40 +0200
Subject: [PATCH 427/733] Do not deprecate access to unparsed user_agent

---
 src/werkzeug/sansio/request.py |  2 +-
 tests/test_wrappers.py         | 29 ++++++++++++++++++++++++-----
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/src/werkzeug/sansio/request.py b/src/werkzeug/sansio/request.py
index af7aaeac6..6f2bceb16 100644
--- a/src/werkzeug/sansio/request.py
+++ b/src/werkzeug/sansio/request.py
@@ -29,7 +29,7 @@
 from ..http import parse_set_header
 from ..urls import url_decode
 from ..user_agent import UserAgent
-from ..useragents import UserAgent as _DeprecatedUserAgent
+from ..useragents import _UserAgent as _DeprecatedUserAgent
 from ..utils import cached_property
 from ..utils import header_property
 from .utils import get_current_url
diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py
index bf9fd6d92..3ac80003f 100644
--- a/tests/test_wrappers.py
+++ b/tests/test_wrappers.py
@@ -646,18 +646,37 @@ def test_etag_request():
     ),
 )
 def test_user_agent(user_agent, browser, platform, version, language):
-    request = wrappers.Request(
-        {"HTTP_USER_AGENT": user_agent, "SERVER_NAME": "eggs", "SERVER_PORT": "80"}
-    )
+    request = wrappers.Request({"HTTP_USER_AGENT": user_agent})
+
+    assert request.user_agent.to_header() == user_agent
+    assert str(request.user_agent) == user_agent
+    assert request.user_agent.string == user_agent
 
     with pytest.deprecated_call():
         assert request.user_agent.browser == browser
+
+    with pytest.deprecated_call():
         assert request.user_agent.platform == platform
+
+    with pytest.deprecated_call():
         assert request.user_agent.version == version
+
+    with pytest.deprecated_call():
         assert request.user_agent.language == language
+
+    with pytest.deprecated_call():
         assert bool(request.user_agent)
-        assert request.user_agent.to_header() == user_agent
-        assert str(request.user_agent) == user_agent
+
+    from werkzeug import useragents
+
+    with pytest.deprecated_call():
+        useragents.UserAgent("")
+
+    with pytest.deprecated_call(match="environ"):
+        useragents.UserAgent({})
+
+    with pytest.deprecated_call():
+        useragents.UserAgentParser()
 
 
 def test_invalid_user_agent():

From 2d8ae8950c44d6acdba8bf6ee34d21f730f33aeb Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 26 Apr 2021 17:22:37 +0000
Subject: [PATCH 428/733] [pre-commit.ci] pre-commit autoupdate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

updates:
- [github.com/asottile/pyupgrade: v2.12.0 → v2.13.0](https://github.com/asottile/pyupgrade/compare/v2.12.0...v2.13.0)
- [github.com/asottile/reorder_python_imports: v2.4.0 → v2.5.0](https://github.com/asottile/reorder_python_imports/compare/v2.4.0...v2.5.0)
- [github.com/psf/black: 20.8b1 → 21.4b0](https://github.com/psf/black/compare/20.8b1...21.4b0)
---
 .pre-commit-config.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index c21aea80f..d63b396f4 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
 repos:
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.12.0
+    rev: v2.13.0
     hooks:
       - id: pyupgrade
         args: ["--py36-plus"]
   - repo: https://github.com/asottile/reorder_python_imports
-    rev: v2.4.0
+    rev: v2.5.0
     hooks:
       - id: reorder-python-imports
         name: Reorder Python imports (src, tests)
@@ -16,7 +16,7 @@ repos:
         files: "^examples/"
         args: ["--application-directories", "examples"]
   - repo: https://github.com/psf/black
-    rev: 20.8b1
+    rev: 21.4b0
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8

From dab48ddda7d137286420e879bfa8a51501df86e0 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 26 Apr 2021 17:23:37 +0000
Subject: [PATCH 429/733] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 tests/middleware/test_lint.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/middleware/test_lint.py b/tests/middleware/test_lint.py
index 71f2ebec3..ca2b92e81 100644
--- a/tests/middleware/test_lint.py
+++ b/tests/middleware/test_lint.py
@@ -13,7 +13,7 @@ def dummy_application(environ, start_response):
 
 
 def test_lint_middleware():
-    """ Test lint middleware runs for a dummy applications without warnings """
+    """Test lint middleware runs for a dummy applications without warnings"""
     app = LintMiddleware(dummy_application)
 
     environ = create_environ("/test")

From 4718b2c9d209e69b882420d872d6a3329b062596 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Wed, 28 Apr 2021 16:46:45 +0000
Subject: [PATCH 430/733] Upgrade to GitHub-native Dependabot

---
 .github/dependabot.yml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..86e010dff
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+- package-ecosystem: pip
+  directory: "/"
+  schedule:
+    interval: monthly
+    time: "08:00"
+  open-pull-requests-limit: 99

From 775ae567cce2f750da61f98fa88f8534f20e78fa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 Apr 2021 20:54:12 +0000
Subject: [PATCH 431/733] Bump watchdog from 2.0.2 to 2.0.3

Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 2.0.2 to 2.0.3.
- [Release notes](https://github.com/gorakhargosh/watchdog/releases)
- [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst)
- [Commits](https://github.com/gorakhargosh/watchdog/compare/v2.0.2...v2.0.3)

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt   | 2 +-
 requirements/tests.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index e62b2ad6b..dc6a00f77 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -144,7 +144,7 @@ virtualenv==20.4.3
     # via
     #   pre-commit
     #   tox
-watchdog==2.0.2
+watchdog==2.0.3
     # via -r requirements/tests.in
 
 # The following packages are considered to be unsafe in a requirements file:
diff --git a/requirements/tests.txt b/requirements/tests.txt
index e6063440b..66b6cb354 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -37,5 +37,5 @@ pytest==6.2.3
     #   pytest-xprocess
 toml==0.10.2
     # via pytest
-watchdog==2.0.2
+watchdog==2.0.3
     # via -r requirements/tests.in

From 8c0c4b5ee2c793706f1079ceb60f6ff8156634c8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 Apr 2021 20:54:45 +0000
Subject: [PATCH 432/733] Bump pre-commit from 2.12.0 to 2.12.1

Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.12.0 to 2.12.1.
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pre-commit/pre-commit/compare/v2.12.0...v2.12.1)

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index e62b2ad6b..4d9cde48a 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -68,7 +68,7 @@ pluggy==0.13.1
     # via
     #   pytest
     #   tox
-pre-commit==2.12.0
+pre-commit==2.12.1
     # via -r requirements/dev.in
 psutil==5.8.0
     # via pytest-xprocess

From 7d8e0f4115ff8c5c19679d44b8b2ed654d23e61d Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 3 May 2021 07:03:56 -0700
Subject: [PATCH 433/733] release version 2.0.0rc5

---
 src/werkzeug/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index a745e3e25..f52577f15 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -3,4 +3,4 @@
 from .wrappers import Request
 from .wrappers import Response
 
-__version__ = "2.0.0rc4"
+__version__ = "2.0.0rc5"

From 092ff47d6d48ed084d75283ab25917b94975b939 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Mon, 3 May 2021 16:45:22 +0100
Subject: [PATCH 434/733] Fix LocalStack mutable list issue

The stack stored by a LocalStack should be inherited from any parent
context, but crucially and changes to it should be local to its
context. This didn't happen previously as lists are mutable and the
list instance was being shared between the contexts. This change, much
like the local dictionary usage, now takes a copy and more explicitly
separates the contexts.

Thanks to @miguelgrinberg for pointing out this issue.
---
 src/werkzeug/local.py |  5 ++---
 tests/test_local.py   | 17 +++++++++++++++++
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index 9e9fdd615..e1773a838 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -219,10 +219,9 @@ def _lookup():
 
     def push(self, obj: t.Any) -> t.List[t.Any]:
         """Pushes a new item to the stack"""
-        rv = getattr(self._local, "stack", None)
-        if rv is None:
-            self._local.stack = rv = []
+        rv = getattr(self._local, "stack", []).copy()
         rv.append(obj)
+        self._local.stack = rv
         return rv
 
     def pop(self) -> t.Any:
diff --git a/tests/test_local.py b/tests/test_local.py
index d5c68e66c..537fc32fb 100644
--- a/tests/test_local.py
+++ b/tests/test_local.py
@@ -106,6 +106,23 @@ def test_local_stack():
     assert repr(proxy) == ""
 
 
+@pytest.mark.skipif(
+    sys.version_info < (3, 7),
+    reason="Locals are not task local in Python 3.6",
+)
+def test_local_stack_asyncio():
+    ls = local.LocalStack()
+    ls.push(1)
+
+    async def task():
+        ls.push(1)
+        assert len(ls._local.stack) == 2
+
+    loop = asyncio.get_event_loop()
+    futures = [asyncio.ensure_future(task()) for _ in range(3)]
+    loop.run_until_complete(asyncio.gather(*futures))
+
+
 @pytest.mark.skipif(
     sys.version_info > (3, 6),
     reason="The ident is not supported in  Python3.7 or higher",

From 3f598bb648cc252ccb9628d83f20d22433d27e36 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 3 May 2021 17:21:36 +0000
Subject: [PATCH 435/733] [pre-commit.ci] pre-commit autoupdate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

updates:
- [github.com/asottile/pyupgrade: v2.13.0 → v2.14.0](https://github.com/asottile/pyupgrade/compare/v2.13.0...v2.14.0)
- [github.com/psf/black: 21.4b0 → 21.4b2](https://github.com/psf/black/compare/21.4b0...21.4b2)
---
 .pre-commit-config.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index d63b396f4..c4ee37f0f 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.13.0
+    rev: v2.14.0
     hooks:
       - id: pyupgrade
         args: ["--py36-plus"]
@@ -16,7 +16,7 @@ repos:
         files: "^examples/"
         args: ["--application-directories", "examples"]
   - repo: https://github.com/psf/black
-    rev: 21.4b0
+    rev: 21.4b2
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8

From e5cb7111799a5cc793474d073b79edb21eaf0b56 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 5 May 2021 11:49:43 -0700
Subject: [PATCH 436/733] fix iterating over multidict keys

---
 src/werkzeug/datastructures.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index 9b7056a2c..5fb592818 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -726,7 +726,8 @@ def __delitem__(self, key):
     def keys(self):
         return (key for key, value in self.items())
 
-    __iter__ = keys
+    def __iter__(self):
+        return iter(self.keys())
 
     def values(self):
         return (value for key, value in self.items())
@@ -1476,7 +1477,8 @@ def _keys_impl(self):
     def keys(self):
         return self._keys_impl()
 
-    __iter__ = keys
+    def __iter__(self):
+        return iter(self.keys())
 
     def items(self, multi=False):
         found = set()

From d2625f545f53252314aee0c36818f52a52f7d321 Mon Sep 17 00:00:00 2001
From: Tris <38221328+TrizlyBear@users.noreply.github.com>
Date: Fri, 7 May 2021 00:16:14 +0200
Subject: [PATCH 437/733] Fixed typo in security.py documentation

"check" was missing a capitalized C.
---
 src/werkzeug/security.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/werkzeug/security.py b/src/werkzeug/security.py
index 9629c1980..e23040af9 100644
--- a/src/werkzeug/security.py
+++ b/src/werkzeug/security.py
@@ -202,7 +202,7 @@ def generate_password_hash(
 
 
 def check_password_hash(pwhash: str, password: str) -> bool:
-    """check a password against a given salted and hashed password value.
+    """Check a password against a given salted and hashed password value.
     In order to support unsalted legacy passwords this method supports
     plain text passwords, md5 and sha1 hashes (both salted and unsalted).
 

From 621213432c198d63cd571d47393af8cf154c99f1 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 10 May 2021 20:25:29 +0000
Subject: [PATCH 438/733] [pre-commit.ci] pre-commit autoupdate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

updates:
- [github.com/asottile/pyupgrade: v2.14.0 → v2.15.0](https://github.com/asottile/pyupgrade/compare/v2.14.0...v2.15.0)
- [github.com/psf/black: 21.4b2 → 21.5b1](https://github.com/psf/black/compare/21.4b2...21.5b1)
- [github.com/PyCQA/flake8: 3.9.1 → 3.9.2](https://github.com/PyCQA/flake8/compare/3.9.1...3.9.2)
---
 .pre-commit-config.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index c4ee37f0f..927ccc465 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.14.0
+    rev: v2.15.0
     hooks:
       - id: pyupgrade
         args: ["--py36-plus"]
@@ -16,11 +16,11 @@ repos:
         files: "^examples/"
         args: ["--application-directories", "examples"]
   - repo: https://github.com/psf/black
-    rev: 21.4b2
+    rev: 21.5b1
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8
-    rev: 3.9.1
+    rev: 3.9.2
     hooks:
       - id: flake8
         additional_dependencies:

From 2dfb6dc62ad9ba5d61acecdb7f9e6e7204594b6f Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 10 May 2021 22:41:52 -0700
Subject: [PATCH 439/733] enable more mypy checks

---
 setup.cfg                                   | 14 ++-
 src/werkzeug/_internal.py                   | 48 ++++++----
 src/werkzeug/_reloader.py                   | 14 +--
 src/werkzeug/datastructures.pyi             | 92 ++++++++++---------
 src/werkzeug/debug/__init__.py              | 24 +++--
 src/werkzeug/debug/console.py               |  6 +-
 src/werkzeug/debug/tbtools.py               |  2 +-
 src/werkzeug/exceptions.py                  | 22 +++--
 src/werkzeug/filesystem.py                  |  3 +-
 src/werkzeug/formparser.py                  | 21 +++--
 src/werkzeug/http.py                        | 62 ++++++++-----
 src/werkzeug/local.py                       | 99 ++++++++++++---------
 src/werkzeug/middleware/lint.py             | 22 ++---
 src/werkzeug/middleware/profiler.py         |  6 +-
 src/werkzeug/middleware/shared_data.py      | 33 +++++--
 src/werkzeug/routing.py                     | 59 +++++++-----
 src/werkzeug/sansio/response.py             | 18 ++--
 src/werkzeug/serving.py                     | 49 +++++-----
 src/werkzeug/test.py                        | 51 ++++++-----
 src/werkzeug/testapp.py                     |  9 +-
 src/werkzeug/urls.py                        | 36 ++++----
 src/werkzeug/user_agent.py                  |  2 +-
 src/werkzeug/useragents.py                  |  6 +-
 src/werkzeug/utils.py                       | 41 ++++-----
 src/werkzeug/wrappers/accept.py             |  5 +-
 src/werkzeug/wrappers/auth.py               |  9 +-
 src/werkzeug/wrappers/base_request.py       |  7 +-
 src/werkzeug/wrappers/base_response.py      |  7 +-
 src/werkzeug/wrappers/common_descriptors.py |  9 +-
 src/werkzeug/wrappers/cors.py               |  9 +-
 src/werkzeug/wrappers/etag.py               |  9 +-
 src/werkzeug/wrappers/json.py               |  5 +-
 src/werkzeug/wrappers/request.py            | 52 +++++++----
 src/werkzeug/wrappers/response.py           | 16 ++--
 src/werkzeug/wrappers/user_agent.py         |  5 +-
 src/werkzeug/wsgi.py                        | 22 +++--
 36 files changed, 533 insertions(+), 361 deletions(-)

diff --git a/setup.cfg b/setup.cfg
index 6e4f08d6f..d95ffca88 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -90,18 +90,24 @@ python_version = 3.6
 allow_redefinition = True
 disallow_subclassing_any = True
 # disallow_untyped_calls = True
-# disallow_untyped_defs = True
-# disallow_incomplete_defs = True
+disallow_untyped_defs = True
+disallow_incomplete_defs = True
 no_implicit_optional = True
 local_partial_types = True
-# no_implicit_reexport = True
+no_implicit_reexport = True
 strict_equality = True
 warn_redundant_casts = True
 warn_unused_configs = True
 warn_unused_ignores = True
-# warn_return_any = True
+warn_return_any = True
 # warn_unreachable = True
 
+[mypy-werkzeug]
+no_implicit_reexport = False
+
+[mypy-werkzeug.wrappers]
+no_implicit_reexport = False
+
 [mypy-colorama.*]
 ignore_missing_imports = True
 
diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
index e220ecd6c..71a5e2883 100644
--- a/src/werkzeug/_internal.py
+++ b/src/werkzeug/_internal.py
@@ -13,6 +13,7 @@
 from weakref import WeakKeyDictionary
 
 if t.TYPE_CHECKING:
+    from wsgiref.types import StartResponse
     from wsgiref.types import WSGIApplication
     from wsgiref.types import WSGIEnvironment
     from .wrappers.request import Request  # noqa: F401
@@ -48,10 +49,10 @@
 
 
 class _Missing:
-    def __repr__(self):
+    def __repr__(self) -> str:
         return "no value"
 
-    def __reduce__(self):
+    def __reduce__(self) -> str:
         return "_missing"
 
 
@@ -68,7 +69,7 @@ def _make_encode_wrapper(reference: bytes) -> t.Callable[[str], bytes]:
     ...
 
 
-def _make_encode_wrapper(reference):
+def _make_encode_wrapper(reference: t.AnyStr) -> t.Callable[[str], t.AnyStr]:
     """Create a function that will be called with a string argument. If
     the reference is bytes, values will be encoded to bytes.
     """
@@ -127,7 +128,12 @@ def _to_str(
     ...
 
 
-def _to_str(x, charset=_default_encoding, errors="strict", allow_none_charset=False):
+def _to_str(
+    x: t.Optional[t.Any],
+    charset: t.Optional[str] = _default_encoding,
+    errors: str = "strict",
+    allow_none_charset: bool = False,
+) -> t.Optional[t.Union[str, bytes]]:
     if x is None or isinstance(x, str):
         return x
 
@@ -138,7 +144,7 @@ def _to_str(x, charset=_default_encoding, errors="strict", allow_none_charset=Fa
         if allow_none_charset:
             return x
 
-    return x.decode(charset, errors)
+    return x.decode(charset, errors)  # type: ignore
 
 
 def _wsgi_decoding_dance(
@@ -186,7 +192,7 @@ def _has_level_handler(logger: logging.Logger) -> bool:
 class _ColorStreamHandler(logging.StreamHandler):
     """On Windows, wrap stream with Colorama for ANSI style support."""
 
-    def __init__(self):
+    def __init__(self) -> None:
         try:
             import colorama
         except ImportError:
@@ -197,7 +203,7 @@ def __init__(self):
         super().__init__(stream)
 
 
-def _log(type: str, message: str, *args, **kwargs) -> None:
+def _log(type: str, message: str, *args: t.Any, **kwargs: t.Any) -> None:
     """Log a message to the 'werkzeug' logger.
 
     The logger is created the first time it is needed. If there is no
@@ -219,7 +225,7 @@ def _log(type: str, message: str, *args, **kwargs) -> None:
     getattr(_logger, type)(message.rstrip(), *args, **kwargs)
 
 
-def _parse_signature(func):
+def _parse_signature(func):  # type: ignore
     """Return a signature object for the function.
 
     .. deprecated:: 2.0
@@ -251,7 +257,7 @@ def _parse_signature(func):
         arguments.append(param)
     arguments = tuple(arguments)
 
-    def parse(args, kwargs):
+    def parse(args, kwargs):  # type: ignore
         new_args = []
         missing = []
         extra = {}
@@ -306,7 +312,7 @@ def _dt_as_utc(dt: datetime) -> datetime:
     ...
 
 
-def _dt_as_utc(dt):
+def _dt_as_utc(dt: t.Optional[datetime]) -> t.Optional[datetime]:
     if dt is None:
         return dt
 
@@ -356,14 +362,16 @@ def __get__(
     def __get__(self, instance: t.Any, owner: type) -> _TAccessorValue:
         ...
 
-    def __get__(self, instance, owner):
+    def __get__(
+        self, instance: t.Optional[t.Any], owner: type
+    ) -> t.Union[_TAccessorValue, "_DictAccessorProperty[_TAccessorValue]"]:
         if instance is None:
             return self
 
         storage = self.lookup(instance)
 
         if self.name not in storage:
-            return self.default
+            return self.default  # type: ignore
 
         value = storage[self.name]
 
@@ -371,9 +379,9 @@ def __get__(self, instance, owner):
             try:
                 return self.load_func(value)
             except (ValueError, TypeError):
-                return self.default
+                return self.default  # type: ignore
 
-        return value
+        return value  # type: ignore
 
     def __set__(self, instance: t.Any, value: _TAccessorValue) -> None:
         if self.read_only:
@@ -513,7 +521,7 @@ def _make_cookie_domain(domain: str) -> bytes:
     ...
 
 
-def _make_cookie_domain(domain):
+def _make_cookie_domain(domain: t.Optional[str]) -> t.Optional[bytes]:
     if domain is None:
         return None
     domain = _encode_idna(domain)
@@ -533,7 +541,7 @@ def _make_cookie_domain(domain):
 def _easteregg(app: t.Optional["WSGIApplication"] = None) -> "WSGIApplication":
     """Like the name says.  But who knows how it works?"""
 
-    def bzzzzzzz(gyver):
+    def bzzzzzzz(gyver: bytes) -> str:
         import base64
         import zlib
 
@@ -579,8 +587,12 @@ def bzzzzzzz(gyver):
         ]
     )
 
-    def easteregged(environ, start_response):
-        def injecting_start_response(status, headers, exc_info=None):
+    def easteregged(
+        environ: "WSGIEnvironment", start_response: "StartResponse"
+    ) -> t.Iterable[bytes]:
+        def injecting_start_response(
+            status: str, headers: t.List[t.Tuple[str, str]], exc_info: t.Any = None
+        ) -> t.Callable[[bytes], t.Any]:
             headers.append(("X-Powered-By", "Werkzeug"))
             return start_response(status, headers, exc_info)
 
diff --git a/src/werkzeug/_reloader.py b/src/werkzeug/_reloader.py
index ace5e19d7..ab34533d9 100644
--- a/src/werkzeug/_reloader.py
+++ b/src/werkzeug/_reloader.py
@@ -127,7 +127,7 @@ def _find_common_roots(paths: t.Iterable[str]) -> t.Iterable[str]:
 
     rv = set()
 
-    def _walk(node, path):
+    def _walk(node: t.Mapping[str, dict], path: t.Tuple[str, ...]) -> None:
         for prefix, child in node.items():
             _walk(child, path + (prefix,))
 
@@ -218,7 +218,7 @@ def __enter__(self) -> "ReloaderLoop":
         self.run_step()
         return self
 
-    def __exit__(self, exc_type, exc_val, exc_tb):
+    def __exit__(self, exc_type, exc_val, exc_tb):  # type: ignore
         """Clean up any resources associated with the reloader."""
         pass
 
@@ -284,7 +284,7 @@ def run_step(self) -> None:
 
 
 class WatchdogReloaderLoop(ReloaderLoop):
-    def __init__(self, *args, **kwargs) -> None:
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         from watchdog.observers import Observer
         from watchdog.events import PatternMatchingEventHandler
 
@@ -292,7 +292,7 @@ def __init__(self, *args, **kwargs) -> None:
         trigger_reload = self.trigger_reload
 
         class EventHandler(PatternMatchingEventHandler):  # type: ignore
-            def on_any_event(self, event):
+            def on_any_event(self, event):  # type: ignore
                 trigger_reload(event.src_path)
 
         reloader_name = Observer.__name__.lower()
@@ -331,7 +331,7 @@ def __enter__(self) -> ReloaderLoop:
         self.observer.start()
         return super().__enter__()
 
-    def __exit__(self, exc_type, exc_val, exc_tb):
+    def __exit__(self, exc_type, exc_val, exc_tb):  # type: ignore
         self.observer.stop()
         self.observer.join()
 
@@ -379,7 +379,7 @@ def run_step(self) -> None:
     reloader_loops["auto"] = reloader_loops["watchdog"]
 
 
-def ensure_echo_on():
+def ensure_echo_on() -> None:
     """Ensure that echo mode is enabled. Some tools such as PDB disable
     it which causes usability issues after a reload."""
     # tcgetattr will fail if stdin isn't a tty
@@ -404,7 +404,7 @@ def run_with_reloader(
     exclude_patterns: t.Optional[t.Iterable[str]] = None,
     interval: t.Union[int, float] = 1,
     reloader_type: str = "auto",
-):
+) -> None:
     """Run the given function in an independent Python interpreter."""
     import signal
 
diff --git a/src/werkzeug/datastructures.pyi b/src/werkzeug/datastructures.pyi
index 46afc191c..7279d3a73 100644
--- a/src/werkzeug/datastructures.pyi
+++ b/src/werkzeug/datastructures.pyi
@@ -36,17 +36,21 @@ def iter_multi_items(
 class ImmutableListMixin(List[V]):
     _hash_cache: Optional[int]
     def __hash__(self) -> int: ...  # type: ignore
-    def __delitem__(self, key) -> NoReturn: ...
-    def __iadd__(self, other) -> NoReturn: ...  # type: ignore
-    def __imul__(self, other) -> NoReturn: ...  # type: ignore
-    def __setitem__(self, key, value) -> NoReturn: ...
-    def append(self, value) -> NoReturn: ...
-    def remove(self, value) -> NoReturn: ...
-    def extend(self, values) -> NoReturn: ...
-    def insert(self, pos, value) -> NoReturn: ...
-    def pop(self, index=-1) -> NoReturn: ...
+    def __delitem__(self, key: Union[int, slice]) -> NoReturn: ...
+    def __iadd__(self, other: t.Any) -> NoReturn: ...  # type: ignore
+    def __imul__(self, other: int) -> NoReturn: ...
+    def __setitem__(  # type: ignore
+        self, key: Union[int, slice], value: V
+    ) -> NoReturn: ...
+    def append(self, value: V) -> NoReturn: ...
+    def remove(self, value: V) -> NoReturn: ...
+    def extend(self, values: Iterable[V]) -> NoReturn: ...
+    def insert(self, pos: int, value: V) -> NoReturn: ...
+    def pop(self, index: int = -1) -> NoReturn: ...
     def reverse(self) -> NoReturn: ...
-    def sort(self, key=None, reverse=False) -> NoReturn: ...
+    def sort(
+        self, key: Optional[Callable[[V], Any]] = None, reverse: bool = False
+    ) -> NoReturn: ...
 
 class ImmutableList(ImmutableListMixin[V]): ...
 
@@ -58,21 +62,23 @@ class ImmutableDictMixin(Dict[K, V]):
     ) -> ImmutableDictMixin[K, V]: ...
     def _iter_hashitems(self) -> Iterable[Hashable]: ...
     def __hash__(self) -> int: ...  # type: ignore
-    def setdefault(self, key, default=None) -> NoReturn: ...
-    def update(self, *args, **kwargs) -> NoReturn: ...
-    def pop(self, key, default=None) -> NoReturn: ...
+    def setdefault(self, key: K, default: Optional[V] = None) -> NoReturn: ...
+    def update(self, *args: Any, **kwargs: V) -> NoReturn: ...
+    def pop(self, key: K, default: Optional[V] = None) -> NoReturn: ...  # type: ignore
     def popitem(self) -> NoReturn: ...
-    def __setitem__(self, key, value) -> NoReturn: ...
-    def __delitem__(self, key) -> NoReturn: ...
+    def __setitem__(self, key: K, value: V) -> NoReturn: ...
+    def __delitem__(self, key: K) -> NoReturn: ...
     def clear(self) -> NoReturn: ...
 
 class ImmutableMultiDictMixin(ImmutableDictMixin[K, V]):
     def _iter_hashitems(self) -> Iterable[Hashable]: ...
-    def add(self, key, value) -> NoReturn: ...
+    def add(self, key: K, value: V) -> NoReturn: ...
     def popitemlist(self) -> NoReturn: ...
-    def poplist(self, key) -> NoReturn: ...
-    def setlist(self, key, new_list) -> NoReturn: ...
-    def setlistdefault(self, key, default_list=None) -> NoReturn: ...
+    def poplist(self, key: K) -> NoReturn: ...
+    def setlist(self, key: K, new_list: Iterable[V]) -> NoReturn: ...
+    def setlistdefault(
+        self, key: K, default_list: Optional[Iterable[V]] = None
+    ) -> NoReturn: ...
 
 def _calls_update(name: str) -> Callable[[UpdateDictMixin[K, V]], Any]: ...
 
@@ -129,7 +135,7 @@ class MultiDict(TypeConversionDict[K, V]):
     def values(self) -> Iterator[V]: ...  # type: ignore
     def listvalues(self) -> Iterator[List[V]]: ...
     def copy(self) -> MultiDict[K, V]: ...
-    def deepcopy(self, memo=None) -> MultiDict[K, V]: ...
+    def deepcopy(self, memo: Any = None) -> MultiDict[K, V]: ...
     @overload
     def to_dict(self) -> Dict[K, V]: ...
     @overload
@@ -145,7 +151,7 @@ class MultiDict(TypeConversionDict[K, V]):
     def poplist(self, key: K) -> List[V]: ...
     def popitemlist(self) -> Tuple[K, List[V]]: ...
     def __copy__(self) -> MultiDict[K, V]: ...
-    def __deepcopy__(self, memo) -> MultiDict[K, V]: ...
+    def __deepcopy__(self, memo: Any) -> MultiDict[K, V]: ...
 
 class _omd_bucket(Generic[K, V]):
     prev: Optional[_omd_bucket]
@@ -273,20 +279,20 @@ class Headers(Dict[str, str]):
     def __copy__(self) -> Headers: ...
 
 class ImmutableHeadersMixin(Headers):
-    def __delitem__(self, key, _index_operation: bool = True) -> NoReturn: ...
-    def __setitem__(self, key, value) -> NoReturn: ...
-    def set(self, _key, _value, **kw) -> NoReturn: ...
-    def setlist(self, key, values) -> NoReturn: ...
-    def add(self, _key, _value, **kw) -> NoReturn: ...
-    def add_header(self, _key, _value, **_kw) -> NoReturn: ...
-    def remove(self, key) -> NoReturn: ...
-    def extend(self, *args, **kwargs) -> NoReturn: ...
-    def update(self, *args, **kwargs) -> NoReturn: ...
-    def insert(self, pos, value) -> NoReturn: ...
-    def pop(self, key=None, default=...) -> NoReturn: ...
+    def __delitem__(self, key: Any, _index_operation: bool = True) -> NoReturn: ...
+    def __setitem__(self, key: Any, value: Any) -> NoReturn: ...
+    def set(self, _key: Any, _value: Any, **kw: Any) -> NoReturn: ...
+    def setlist(self, key: Any, values: Any) -> NoReturn: ...
+    def add(self, _key: Any, _value: Any, **kw: Any) -> NoReturn: ...
+    def add_header(self, _key: Any, _value: Any, **_kw: Any) -> NoReturn: ...
+    def remove(self, key: Any) -> NoReturn: ...
+    def extend(self, *args: Any, **kwargs: Any) -> NoReturn: ...
+    def update(self, *args: Any, **kwargs: Any) -> NoReturn: ...
+    def insert(self, pos: Any, value: Any) -> NoReturn: ...
+    def pop(self, key: Any = None, default: Any = ...) -> NoReturn: ...
     def popitem(self) -> NoReturn: ...
-    def setdefault(self, key, default) -> NoReturn: ...  # type: ignore
-    def setlistdefault(self, key, default) -> NoReturn: ...
+    def setdefault(self, key: Any, default: Any) -> NoReturn: ...  # type: ignore
+    def setlistdefault(self, key: Any, default: Any) -> NoReturn: ...
 
 class EnvironHeaders(ImmutableHeadersMixin, Headers):
     environ: WSGIEnvironment
@@ -298,11 +304,11 @@ class EnvironHeaders(ImmutableHeadersMixin, Headers):
     def __iter__(self) -> Iterator[Tuple[str, str]]: ...  # type: ignore
     def copy(self) -> NoReturn: ...
 
-class CombinedMultiDict(ImmutableMultiDictMixin[K, V], MultiDict[K, V]):
+class CombinedMultiDict(ImmutableMultiDictMixin[K, V], MultiDict[K, V]):  # type: ignore
     dicts: List[MultiDict[K, V]]
     def __init__(self, dicts: Optional[Iterable[MultiDict[K, V]]]) -> None: ...
     @classmethod
-    def fromkeys(cls, keys, value=None) -> NoReturn: ...
+    def fromkeys(cls, keys: Any, value: Any = None) -> NoReturn: ...
     def __getitem__(self, key: K) -> V: ...
     @overload  # type: ignore
     def get(self, key: K) -> Optional[V]: ...
@@ -344,11 +350,15 @@ class ImmutableDict(ImmutableDictMixin[K, V], Dict[K, V]):
     def copy(self) -> Dict[K, V]: ...
     def __copy__(self) -> ImmutableDict[K, V]: ...
 
-class ImmutableMultiDict(ImmutableMultiDictMixin[K, V], MultiDict[K, V]):
+class ImmutableMultiDict(  # type: ignore
+    ImmutableMultiDictMixin[K, V], MultiDict[K, V]
+):
     def copy(self) -> MultiDict[K, V]: ...
     def __copy__(self) -> ImmutableMultiDict[K, V]: ...
 
-class ImmutableOrderedMultiDict(ImmutableMultiDictMixin[K, V], OrderedMultiDict[K, V]):
+class ImmutableOrderedMultiDict(  # type: ignore
+    ImmutableMultiDictMixin[K, V], OrderedMultiDict[K, V]
+):
     def _iter_hashitems(self) -> Iterator[Tuple[int, Tuple[K, V]]]: ...
     def copy(self) -> OrderedMultiDict[K, V]: ...
     def __copy__(self) -> ImmutableOrderedMultiDict[K, V]: ...
@@ -356,9 +366,9 @@ class ImmutableOrderedMultiDict(ImmutableMultiDictMixin[K, V], OrderedMultiDict[
 class Accept(ImmutableList[Tuple[str, int]]):
     provided: bool
     def __init__(
-        self, values: Optional[Union[Accept, Iterable[Tuple[str, int]]]] = None
+        self, values: Optional[Union[Accept, Iterable[Tuple[str, float]]]] = None
     ) -> None: ...
-    def _specificity(self, value) -> Tuple[bool, ...]: ...
+    def _specificity(self, value: str) -> Tuple[bool, ...]: ...
     def _value_matches(self, value: str, item: str) -> bool: ...
     @overload  # type: ignore
     def __getitem__(self, key: str) -> int: ...
@@ -382,7 +392,7 @@ class Accept(ImmutableList[Tuple[str, int]]):
 def _normalize_mime(value: str) -> List[str]: ...
 
 class MIMEAccept(Accept):
-    def _specificity(self, value) -> Tuple[bool, ...]: ...
+    def _specificity(self, value: str) -> Tuple[bool, ...]: ...
     def _value_matches(self, value: str, item: str) -> bool: ...
     @property
     def accept_html(self) -> bool: ...
diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py
index 8f6258833..959f53013 100644
--- a/src/werkzeug/debug/__init__.py
+++ b/src/werkzeug/debug/__init__.py
@@ -19,8 +19,10 @@
 from ..wrappers.request import Request
 from ..wrappers.response import Response
 from .console import Console
+from .tbtools import Frame
 from .tbtools import get_current_traceback
 from .tbtools import render_console_html
+from .tbtools import Traceback
 
 if t.TYPE_CHECKING:
     from wsgiref.types import StartResponse
@@ -35,16 +37,16 @@ def hash_pin(pin: str) -> str:
     return hashlib.sha1(f"{pin} added salt".encode("utf-8", "replace")).hexdigest()[:12]
 
 
-_machine_id: t.Optional[str] = None
+_machine_id: t.Optional[t.Union[str, bytes]] = None
 
 
-def get_machine_id() -> str:
+def get_machine_id() -> t.Optional[t.Union[str, bytes]]:
     global _machine_id
 
     if _machine_id is not None:
         return _machine_id
 
-    def _generate():
+    def _generate() -> t.Optional[t.Union[str, bytes]]:
         linux = b""
 
         # machine-id is stable across boots, boot_id is not.
@@ -100,15 +102,19 @@ def _generate():
                     0,
                     winreg.KEY_READ | winreg.KEY_WOW64_64KEY,
                 ) as rk:
+                    guid: t.Union[str, bytes]
+                    guid_type: int
                     guid, guid_type = winreg.QueryValueEx(rk, "MachineGuid")
 
                     if guid_type == winreg.REG_SZ:
-                        return guid.encode("utf-8")
+                        return guid.encode("utf-8")  # type: ignore
 
                     return guid
             except OSError:
                 pass
 
+        return None
+
     _machine_id = _generate()
     return _machine_id
 
@@ -254,8 +260,8 @@ def __init__(
             console_init_func = None
         self.app = app
         self.evalex = evalex
-        self.frames: t.Dict[t.Hashable, t.Any] = {}
-        self.tracebacks: t.Dict[t.Hashable, t.Any] = {}
+        self.frames: t.Dict[int, t.Union[Frame, _ConsoleFrame]] = {}
+        self.tracebacks: t.Dict[int, Traceback] = {}
         self.request_key = request_key
         self.console_path = console_path
         self.console_init_func = console_init_func
@@ -344,7 +350,9 @@ def debug_application(
 
             traceback.log(environ["wsgi.errors"])
 
-    def execute_command(self, request, command, frame):
+    def execute_command(
+        self, request: Request, command: str, frame: t.Union[Frame, _ConsoleFrame]
+    ) -> Response:
         """Execute a command in a console."""
         return Response(frame.console.eval(command), mimetype="text/html")
 
@@ -483,7 +491,7 @@ def __call__(
                 and self.secret == secret
                 and self.check_pin_trust(environ)
             ):
-                response = self.execute_command(request, cmd, frame)
+                response = self.execute_command(request, cmd, frame)  # type: ignore
         elif (
             self.evalex
             and self.console_path is not None
diff --git a/src/werkzeug/debug/console.py b/src/werkzeug/debug/console.py
index c2382c43a..da786603a 100644
--- a/src/werkzeug/debug/console.py
+++ b/src/werkzeug/debug/console.py
@@ -53,7 +53,7 @@ def _write(self, x: str) -> None:
     def write(self, x: str) -> None:
         self._write(escape(x))
 
-    def writelines(self, x):
+    def writelines(self, x: t.Iterable[str]) -> None:
         self._write(escape("".join(x)))
 
 
@@ -72,14 +72,14 @@ def fetch() -> str:
             stream = _local.stream
         except AttributeError:
             return ""
-        return stream.reset()
+        return stream.reset()  # type: ignore
 
     @staticmethod
     def displayhook(obj: object) -> None:
         try:
             stream = _local.stream
         except AttributeError:
-            return _displayhook(obj)
+            return _displayhook(obj)  # type: ignore
         # stream._write bypasses escaping as debug_repr is
         # already generating HTML for us.
         if obj is not None:
diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py
index 75b4cd2c5..27c70ca42 100644
--- a/src/werkzeug/debug/tbtools.py
+++ b/src/werkzeug/debug/tbtools.py
@@ -582,7 +582,7 @@ def get_context_lines(
     @property
     def current_line(self) -> str:
         try:
-            return self.sourcelines[self.lineno - 1]
+            return self.sourcelines[self.lineno - 1]  # type: ignore
         except IndexError:
             return ""
 
diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py
index daceb2df3..3366f9da7 100644
--- a/src/werkzeug/exceptions.py
+++ b/src/werkzeug/exceptions.py
@@ -113,7 +113,9 @@ class newcls(cls, exception):  # type: ignore
             _description = cls.description
             show_exception = False
 
-            def __init__(self, arg=None, *args, **kwargs):
+            def __init__(
+                self, arg: t.Optional[t.Any] = None, *args: t.Any, **kwargs: t.Any
+            ) -> None:
                 super().__init__(*args, **kwargs)
 
                 if arg is None:
@@ -122,17 +124,17 @@ def __init__(self, arg=None, *args, **kwargs):
                     exception.__init__(self, arg)
 
             @property
-            def description(self):
+            def description(self) -> str:
                 if self.show_exception:
                     return (
                         f"{self._description}\n"
                         f"{exception.__name__}: {exception.__str__(self)}"
                     )
 
-                return self._description
+                return self._description  # type: ignore
 
             @description.setter
-            def description(self, value):
+            def description(self, value: str) -> None:
                 self._description = value
 
         newcls.__module__ = sys._getframe(1).f_globals["__name__"]
@@ -245,7 +247,7 @@ class BadRequestKeyError(BadRequest, KeyError):
     #: useful in a debug mode.
     show_exception = False
 
-    def __init__(self, arg=None, *args, **kwargs):
+    def __init__(self, arg: t.Optional[str] = None, *args: t.Any, **kwargs: t.Any):
         super().__init__(*args, **kwargs)
 
         if arg is None:
@@ -264,7 +266,7 @@ def description(self) -> str:  # type: ignore
         return self._description
 
     @description.setter
-    def description(self, value):
+    def description(self, value: str) -> None:
         self._description = value
 
 
@@ -899,7 +901,9 @@ def __init__(
         if extra is not None:
             self.mapping.update(extra)
 
-    def __call__(self, code: t.Union[int, "Response"], *args, **kwargs) -> t.NoReturn:
+    def __call__(
+        self, code: t.Union[int, "Response"], *args: t.Any, **kwargs: t.Any
+    ) -> t.NoReturn:
         from .sansio.response import Response
 
         if isinstance(code, Response):
@@ -911,7 +915,9 @@ def __call__(self, code: t.Union[int, "Response"], *args, **kwargs) -> t.NoRetur
         raise self.mapping[code](*args, **kwargs)
 
 
-def abort(status: t.Union[int, "Response"], *args, **kwargs) -> t.NoReturn:
+def abort(
+    status: t.Union[int, "Response"], *args: t.Any, **kwargs: t.Any
+) -> t.NoReturn:
     """Raises an :py:exc:`HTTPException` for the given status code or WSGI
     application.
 
diff --git a/src/werkzeug/filesystem.py b/src/werkzeug/filesystem.py
index bdb8c83ea..36a3d12e9 100644
--- a/src/werkzeug/filesystem.py
+++ b/src/werkzeug/filesystem.py
@@ -1,5 +1,6 @@
 import codecs
 import sys
+import typing as t
 import warnings
 
 # We do not trust traditional unixes.
@@ -8,7 +9,7 @@
 )
 
 
-def _is_ascii_encoding(encoding: str) -> bool:
+def _is_ascii_encoding(encoding: t.Optional[str]) -> bool:
     """Given an encoding this figures out if the encoding is actually ASCII (which
     is something we don't actually want in most cases). This is necessary
     because ASCII comes under many names such as ANSI_X3.4-1968.
diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py
index d023c9d8f..54b699f78 100644
--- a/src/werkzeug/formparser.py
+++ b/src/werkzeug/formparser.py
@@ -39,7 +39,7 @@
     class TStreamFactory(t.Protocol):
         def __call__(
             self,
-            total_content_length: int,
+            total_content_length: t.Optional[int],
             content_type: t.Optional[str],
             filename: t.Optional[str],
             content_length: t.Optional[int] = None,
@@ -47,6 +47,9 @@ def __call__(
             ...
 
 
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+
 def _exhaust(stream: t.BinaryIO) -> None:
     bts = stream.read(64 * 1024)
     while bts:
@@ -54,7 +57,7 @@ def _exhaust(stream: t.BinaryIO) -> None:
 
 
 def default_stream_factory(
-    total_content_length: int,
+    total_content_length: t.Optional[int],
     content_type: t.Optional[str],
     filename: t.Optional[str],
     content_length: t.Optional[int] = None,
@@ -130,10 +133,10 @@ def parse_form_data(
     ).parse_from_environ(environ)
 
 
-def exhaust_stream(f):
+def exhaust_stream(f: F) -> F:
     """Helper decorator for methods that exhausts the stream on return."""
 
-    def wrapper(self, stream, *args, **kwargs):
+    def wrapper(self, stream, *args, **kwargs):  # type: ignore
         try:
             return f(self, stream, *args, **kwargs)
         finally:
@@ -148,7 +151,7 @@ def wrapper(self, stream, *args, **kwargs):
                     if not chunk:
                         break
 
-    return update_wrapper(wrapper, f)
+    return update_wrapper(t.cast(F, wrapper), f)
 
 
 class FormDataParser:
@@ -270,7 +273,7 @@ def _parse_multipart(
         self,
         stream: t.BinaryIO,
         mimetype: str,
-        content_length: int,
+        content_length: t.Optional[int],
         options: t.Dict[str, str],
     ) -> "t_parse_result":
         parser = MultiPartParser(
@@ -293,7 +296,7 @@ def _parse_urlencoded(
         self,
         stream: t.BinaryIO,
         mimetype: str,
-        content_length: int,
+        content_length: t.Optional[int],
         options: t.Dict[str, str],
     ) -> "t_parse_result":
         if (
@@ -413,7 +416,7 @@ def get_part_charset(self, headers: Headers) -> str:
         return self.charset
 
     def start_file_streaming(
-        self, event: File, total_content_length: int
+        self, event: File, total_content_length: t.Optional[int]
     ) -> t.BinaryIO:
         content_type = event.headers.get("content-type")
 
@@ -431,7 +434,7 @@ def start_file_streaming(
         return container
 
     def parse(
-        self, stream: t.BinaryIO, boundary: bytes, content_length: int
+        self, stream: t.BinaryIO, boundary: bytes, content_length: t.Optional[int]
     ) -> t.Tuple[MultiDict, MultiDict]:
         container: t.Union[t.BinaryIO, t.List[bytes]]
         _write: t.Callable[[bytes], t.Any]
diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py
index 5d94e0cf5..8880d553e 100644
--- a/src/werkzeug/http.py
+++ b/src/werkzeug/http.py
@@ -243,7 +243,7 @@ def unquote_header_value(value: str, is_filename: bool = False) -> str:
 
 
 def dump_options_header(
-    header: str, options: t.Dict[str, t.Optional[t.Union[str, int]]]
+    header: t.Optional[str], options: t.Mapping[str, t.Optional[t.Union[str, int]]]
 ) -> str:
     """The reverse function to :func:`parse_options_header`.
 
@@ -390,7 +390,9 @@ def parse_options_header(
     ...
 
 
-def parse_options_header(value, multiple=False):
+def parse_options_header(
+    value: t.Optional[str], multiple: bool = False
+) -> t.Union[t.Tuple[str, t.Dict[str, str]], t.Tuple[t.Any, ...]]:
     """Parse a ``Content-Type`` like header into a tuple with the content
     type and the options:
 
@@ -414,7 +416,7 @@ def parse_options_header(value, multiple=False):
     if not value:
         return "", {}
 
-    result = []
+    result: t.List[t.Any] = []
 
     value = "," + value.replace("\n", ",")
     while value:
@@ -422,10 +424,11 @@ def parse_options_header(value, multiple=False):
         if not match:
             break
         result.append(match.group(1))  # mimetype
-        options = {}
+        options: t.Dict[str, str] = {}
         # Parse options
         rest = match.group(2)
-        continued_encoding = None
+        encoding: t.Optional[str]
+        continued_encoding: t.Optional[str] = None
         while rest:
             optmatch = _option_header_piece_re.match(rest)
             if not optmatch:
@@ -466,7 +469,7 @@ def parse_options_header(value, multiple=False):
 
 
 @typing.overload
-def parse_accept_header(value: t.Optional[str], cls: None = None) -> "ds.Accept":
+def parse_accept_header(value: t.Optional[str]) -> "ds.Accept":
     ...
 
 
@@ -477,7 +480,9 @@ def parse_accept_header(
     ...
 
 
-def parse_accept_header(value, cls=None):
+def parse_accept_header(
+    value: t.Optional[str], cls: t.Optional[t.Type[_TAnyAccept]] = None
+) -> _TAnyAccept:
     """Parses an HTTP Accept-* header.  This does not implement a complete
     valid algorithm but one that supports at least value and quality
     extraction.
@@ -494,7 +499,7 @@ def parse_accept_header(value, cls=None):
     :return: an instance of `cls`.
     """
     if cls is None:
-        cls = ds.Accept
+        cls = t.cast(t.Type[_TAnyAccept], ds.Accept)
 
     if not value:
         return cls(None)
@@ -528,7 +533,11 @@ def parse_cache_control_header(
     ...
 
 
-def parse_cache_control_header(value, on_update=None, cls=None):
+def parse_cache_control_header(
+    value: t.Optional[str],
+    on_update: _t_cc_update = None,
+    cls: t.Optional[t.Type[_TAnyCC]] = None,
+) -> _TAnyCC:
     """Parse a cache control header.  The RFC differs between response and
     request cache control, this method does not.  It's your responsibility
     to not use the wrong control statements.
@@ -546,9 +555,11 @@ def parse_cache_control_header(value, on_update=None, cls=None):
     :return: a `cls` object.
     """
     if cls is None:
-        cls = ds.RequestCacheControl
+        cls = t.cast(t.Type[_TAnyCC], ds.RequestCacheControl)
+
     if not value:
-        return cls(None, on_update)
+        return cls((), on_update)
+
     return cls(parse_dict_header(value), on_update)
 
 
@@ -570,7 +581,11 @@ def parse_csp_header(
     ...
 
 
-def parse_csp_header(value, on_update=None, cls=None):
+def parse_csp_header(
+    value: t.Optional[str],
+    on_update: _t_csp_update = None,
+    cls: t.Optional[t.Type[_TAnyCSP]] = None,
+) -> _TAnyCSP:
     """Parse a Content Security Policy header.
 
     .. versionadded:: 1.0.0
@@ -584,16 +599,21 @@ def parse_csp_header(value, on_update=None, cls=None):
     :return: a `cls` object.
     """
     if cls is None:
-        cls = ds.ContentSecurityPolicy
+        cls = t.cast(t.Type[_TAnyCSP], ds.ContentSecurityPolicy)
+
     if value is None:
-        return cls(None, on_update)
+        return cls((), on_update)
+
     items = []
+
     for policy in value.split(";"):
         policy = policy.strip()
+
         # Ignore badly formatted policies (no space)
         if " " in policy:
             directive, value = policy.strip().split(" ", 1)
             items.append((directive.strip(), value.strip()))
+
     return cls(items, on_update)
 
 
@@ -1199,13 +1219,15 @@ def parse_cookie(
     if cls is None:
         cls = ds.MultiDict
 
-    def _parse_pairs():
-        for key, val in _cookie_parse_impl(header):
-            key = _to_str(key, charset, errors, allow_none_charset=True)
-            if not key:
+    def _parse_pairs() -> t.Iterator[t.Tuple[str, str]]:
+        for key, val in _cookie_parse_impl(header):  # type: ignore
+            key_str = _to_str(key, charset, errors, allow_none_charset=True)
+
+            if not key_str:
                 continue
-            val = _to_str(val, charset, errors, allow_none_charset=True)
-            yield key, val
+
+            val_str = _to_str(val, charset, errors, allow_none_charset=True)
+            yield key_str, val_str
 
     return cls(_parse_pairs())
 
diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index a51669be7..4e664a011 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -10,7 +10,11 @@
 from .wsgi import ClosingIterator
 
 if t.TYPE_CHECKING:
+    from wsgiref.types import StartResponse
     from wsgiref.types import WSGIApplication
+    from wsgiref.types import WSGIEnvironment
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
 
 try:
     from greenlet import getcurrent as _get_ident
@@ -18,7 +22,7 @@
     from threading import get_ident as _get_ident
 
 
-def get_ident():
+def get_ident() -> int:
     warnings.warn(
         "'get_ident' is deprecated and will be removed in Werkzeug"
         " 2.1. Use 'greenlet.getcurrent' or 'threading.get_ident' for"
@@ -26,7 +30,7 @@ def get_ident():
         DeprecationWarning,
         stacklevel=2,
     )
-    return _get_ident()
+    return _get_ident()  # type: ignore
 
 
 class _CannotUseContextVar(Exception):
@@ -66,13 +70,13 @@ class ContextVar:  # type: ignore
         of gevent.
         """
 
-        def __init__(self, _name):
-            self.storage = {}
+        def __init__(self, _name: str) -> None:
+            self.storage: t.Dict[int, t.Dict[str, t.Any]] = {}
 
-        def get(self, default):
+        def get(self, default: t.Dict[str, t.Any]) -> t.Dict[str, t.Any]:
             return self.storage.get(_get_ident(), default)
 
-        def set(self, value):
+        def set(self, value: t.Dict[str, t.Any]) -> None:
             self.storage[_get_ident()] = value
 
 
@@ -106,26 +110,26 @@ def __init__(self) -> None:
         object.__setattr__(self, "_storage", ContextVar("local_storage"))
 
     @property
-    def __storage__(self):
+    def __storage__(self) -> t.Dict[str, t.Any]:
         warnings.warn(
             "'__storage__' is deprecated and will be removed in Werkzeug 2.1.",
             DeprecationWarning,
             stacklevel=2,
         )
-        return self._storage.get({})
+        return self._storage.get({})  # type: ignore
 
     @property
-    def __ident_func__(self):
+    def __ident_func__(self) -> t.Callable[[], int]:
         warnings.warn(
             "'__ident_func__' is deprecated and will be removed in"
             " Werkzeug 2.1. It should not be used in Python 3.7+.",
             DeprecationWarning,
             stacklevel=2,
         )
-        return _get_ident
+        return _get_ident  # type: ignore
 
     @__ident_func__.setter
-    def __ident_func__(self, func):
+    def __ident_func__(self, func: t.Callable[[], int]) -> None:
         warnings.warn(
             "'__ident_func__' is deprecated and will be removed in"
             " Werkzeug 2.1. Setting it no longer has any effect.",
@@ -206,7 +210,7 @@ def __ident_func__(self, value: t.Callable[[], int]) -> None:
         object.__setattr__(self._local, "__ident_func__", value)
 
     def __call__(self) -> "LocalProxy":
-        def _lookup():
+        def _lookup() -> t.Any:
             rv = self.top
             if rv is None:
                 raise RuntimeError("object unbound")
@@ -219,7 +223,7 @@ def push(self, obj: t.Any) -> t.List[t.Any]:
         rv = getattr(self._local, "stack", []).copy()
         rv.append(obj)
         self._local.stack = rv
-        return rv
+        return rv  # type: ignore
 
     def pop(self) -> t.Any:
         """Removes the topmost item from the stack, will return the
@@ -285,16 +289,16 @@ def __init__(
             )
 
     @property
-    def ident_func(self):
+    def ident_func(self) -> t.Callable[[], int]:
         warnings.warn(
             "'ident_func' is deprecated and will be removed in Werkzeug 2.1.",
             DeprecationWarning,
             stacklevel=2,
         )
-        return _get_ident
+        return _get_ident  # type: ignore
 
     @ident_func.setter
-    def ident_func(self, func):
+    def ident_func(self, func: t.Callable[[], int]) -> None:
         warnings.warn(
             "'ident_func' is deprecated and will be removedin Werkzeug"
             " 2.1. Setting it no longer has any effect.",
@@ -323,7 +327,7 @@ def get_ident(self) -> int:
         )
         return self.ident_func()
 
-    def cleanup(self):
+    def cleanup(self) -> None:
         """Manually clean up the data in the locals for this context.  Call
         this at the end of the request or use `make_middleware()`.
         """
@@ -335,7 +339,9 @@ def make_middleware(self, app: "WSGIApplication") -> "WSGIApplication":
         request end.
         """
 
-        def application(environ, start_response):
+        def application(
+            environ: "WSGIEnvironment", start_response: "StartResponse"
+        ) -> t.Iterable[bytes]:
             return ClosingIterator(app(environ, start_response), self.cleanup)
 
         return application
@@ -374,18 +380,25 @@ class _ProxyLookup:
 
     __slots__ = ("bind_f", "fallback", "class_value", "name")
 
-    def __init__(self, f=None, fallback=None, class_value=None):
+    def __init__(
+        self,
+        f: t.Optional[t.Callable] = None,
+        fallback: t.Optional[t.Callable] = None,
+        class_value: t.Optional[t.Any] = None,
+    ) -> None:
+        bind_f: t.Optional[t.Callable[["LocalProxy", t.Any], t.Callable]]
+
         if hasattr(f, "__get__"):
             # A Python function, can be turned into a bound method.
 
-            def bind_f(instance, obj):
-                return f.__get__(obj, type(obj))
+            def bind_f(instance: "LocalProxy", obj: t.Any) -> t.Callable:
+                return f.__get__(obj, type(obj))  # type: ignore
 
         elif f is not None:
             # A C function, use partial to bind the first argument.
 
-            def bind_f(instance, obj):
-                return partial(f, obj)
+            def bind_f(instance: "LocalProxy", obj: t.Any) -> t.Callable:
+                return partial(f, obj)  # type: ignore
 
         else:
             # Use getattr, which will produce a bound method.
@@ -395,10 +408,10 @@ def bind_f(instance, obj):
         self.fallback = fallback
         self.class_value = class_value
 
-    def __set_name__(self, owner, name):
+    def __set_name__(self, owner: "LocalProxy", name: str) -> None:
         self.name = name
 
-    def __get__(self, instance, owner=None):
+    def __get__(self, instance: "LocalProxy", owner: t.Optional[type] = None) -> t.Any:
         if instance is None:
             if self.class_value is not None:
                 return self.class_value
@@ -411,17 +424,17 @@ def __get__(self, instance, owner=None):
             if self.fallback is None:
                 raise
 
-            return self.fallback.__get__(instance, owner)
+            return self.fallback.__get__(instance, owner)  # type: ignore
 
         if self.bind_f is not None:
             return self.bind_f(instance, obj)
 
         return getattr(obj, self.name)
 
-    def __repr__(self):
+    def __repr__(self) -> str:
         return f"proxy {self.name}"
 
-    def __call__(self, instance, *args, **kwargs):
+    def __call__(self, instance: "LocalProxy", *args: t.Any, **kwargs: t.Any) -> t.Any:
         """Support calling unbound methods from the class. For example,
         this happens with ``copy.copy``, which does
         ``type(x).__copy__(x)``. ``type(x)`` can't be proxied, so it
@@ -437,26 +450,28 @@ class _ProxyIOp(_ProxyLookup):
 
     __slots__ = ()
 
-    def __init__(self, f=None, fallback=None):
+    def __init__(
+        self, f: t.Optional[t.Callable] = None, fallback: t.Optional[t.Callable] = None
+    ) -> None:
         super().__init__(f, fallback)
 
-        def bind_f(instance, obj):
-            def i_op(self, other):
-                f(self, other)
+        def bind_f(instance: "LocalProxy", obj: t.Any) -> t.Callable:
+            def i_op(self: t.Any, other: t.Any) -> "LocalProxy":
+                f(self, other)  # type: ignore
                 return instance
 
-            return i_op.__get__(obj, type(obj))
+            return i_op.__get__(obj, type(obj))  # type: ignore
 
         self.bind_f = bind_f
 
 
-def _l_to_r_op(op):
+def _l_to_r_op(op: F) -> F:
     """Swap the argument order to turn an l-op into an r-op."""
 
-    def r_op(obj, other):
+    def r_op(obj: t.Any, other: t.Any) -> t.Any:
         return op(other, obj)
 
-    return r_op
+    return t.cast(F, r_op)
 
 
 class LocalProxy:
@@ -537,24 +552,24 @@ def _get_current_object(self) -> t.Any:
         class_value=__doc__, fallback=lambda self: type(self).__doc__
     )
     # __del__ should only delete the proxy
-    __repr__ = _ProxyLookup(
+    __repr__ = _ProxyLookup(  # type: ignore
         repr, fallback=lambda self: f"<{type(self).__name__} unbound>"
     )
-    __str__ = _ProxyLookup(str)
+    __str__ = _ProxyLookup(str)  # type: ignore
     __bytes__ = _ProxyLookup(bytes)
     __format__ = _ProxyLookup()  # type: ignore
     __lt__ = _ProxyLookup(operator.lt)
     __le__ = _ProxyLookup(operator.le)
-    __eq__ = _ProxyLookup(operator.eq)
-    __ne__ = _ProxyLookup(operator.ne)
+    __eq__ = _ProxyLookup(operator.eq)  # type: ignore
+    __ne__ = _ProxyLookup(operator.ne)  # type: ignore
     __gt__ = _ProxyLookup(operator.gt)
     __ge__ = _ProxyLookup(operator.ge)
     __hash__ = _ProxyLookup(hash)  # type: ignore
     __bool__ = _ProxyLookup(bool, fallback=lambda self: False)
     __getattr__ = _ProxyLookup(getattr)
     # __getattribute__ triggered through __getattr__
-    __setattr__ = _ProxyLookup(setattr)
-    __delattr__ = _ProxyLookup(delattr)
+    __setattr__ = _ProxyLookup(setattr)  # type: ignore
+    __delattr__ = _ProxyLookup(delattr)  # type: ignore
     __dir__ = _ProxyLookup(dir, fallback=lambda self: [])  # type: ignore
     # __get__ (proxying descriptor not supported)
     # __set__ (descriptor)
diff --git a/src/werkzeug/middleware/lint.py b/src/werkzeug/middleware/lint.py
index 0724f014f..6e7df0ab9 100644
--- a/src/werkzeug/middleware/lint.py
+++ b/src/werkzeug/middleware/lint.py
@@ -48,7 +48,7 @@ class InputStream:
     def __init__(self, stream: t.BinaryIO) -> None:
         self._stream = stream
 
-    def read(self, *args):
+    def read(self, *args: t.Any) -> bytes:
         if len(args) == 0:
             warn(
                 "WSGI does not guarantee an EOF marker on the input stream, thus making"
@@ -65,7 +65,7 @@ def read(self, *args):
             )
         return self._stream.read(*args)
 
-    def readline(self, *args):
+    def readline(self, *args: t.Any) -> bytes:
         if len(args) == 0:
             warn(
                 "Calls to 'wsgi.input.readline()' without arguments are unsafe. Use"
@@ -84,14 +84,14 @@ def readline(self, *args):
             raise TypeError("Too many arguments passed to 'wsgi.input.readline()'.")
         return self._stream.readline(*args)
 
-    def __iter__(self):
+    def __iter__(self) -> t.Iterator[bytes]:
         try:
             return iter(self._stream)
         except TypeError:
             warn("'wsgi.input' is not iterable.", WSGIWarning, stacklevel=2)
             return iter(())
 
-    def close(self):
+    def close(self) -> None:
         warn("The application closed the input stream!", WSGIWarning, stacklevel=2)
         self._stream.close()
 
@@ -100,18 +100,18 @@ class ErrorStream:
     def __init__(self, stream: t.TextIO) -> None:
         self._stream = stream
 
-    def write(self, s):
+    def write(self, s: str) -> None:
         check_type("wsgi.error.write()", s, str)
         self._stream.write(s)
 
-    def flush(self):
+    def flush(self) -> None:
         self._stream.flush()
 
-    def writelines(self, seq):
+    def writelines(self, seq: t.Iterable[str]) -> None:
         for line in seq:
             self.write(line)
 
-    def close(self):
+    def close(self) -> None:
         warn("The application closed the error stream!", WSGIWarning, stacklevel=2)
         self._stream.close()
 
@@ -368,7 +368,7 @@ def check_iterator(self, app_iter: t.Iterable[bytes]) -> None:
                 stacklevel=3,
             )
 
-    def __call__(self, *args, **kwargs) -> t.Iterable[bytes]:
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> t.Iterable[bytes]:
         if len(args) != 2:
             warn("A WSGI app takes two arguments.", WSGIWarning, stacklevel=2)
 
@@ -391,7 +391,9 @@ def __call__(self, *args, **kwargs) -> t.Iterable[bytes]:
         headers_set: t.List[t.Any] = []
         chunks: t.List[int] = []
 
-        def checking_start_response(*args, **kwargs) -> t.Callable[[bytes], None]:
+        def checking_start_response(
+            *args: t.Any, **kwargs: t.Any
+        ) -> t.Callable[[bytes], None]:
             if len(args) not in {2, 3}:
                 warn(
                     f"Invalid number of arguments: {len(args)}, expected 2 or 3.",
diff --git a/src/werkzeug/middleware/profiler.py b/src/werkzeug/middleware/profiler.py
index 6166e4563..a15e4b4f6 100644
--- a/src/werkzeug/middleware/profiler.py
+++ b/src/werkzeug/middleware/profiler.py
@@ -95,18 +95,18 @@ def __call__(
     ) -> t.Iterable[bytes]:
         response_body: t.List[bytes] = []
 
-        def catching_start_response(status, headers, exc_info=None):
+        def catching_start_response(status, headers, exc_info=None):  # type: ignore
             start_response(status, headers, exc_info)
             return response_body.append
 
-        def runapp():
+        def runapp() -> None:
             app_iter = self._app(
                 environ, t.cast("StartResponse", catching_start_response)
             )
             response_body.extend(app_iter)
 
             if hasattr(app_iter, "close"):
-                app_iter.close()
+                app_iter.close()  # type: ignore
 
         profile = Profile()
         start = time.time()
diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py
index 2578f7ae4..9d172f7b7 100644
--- a/src/werkzeug/middleware/shared_data.py
+++ b/src/werkzeug/middleware/shared_data.py
@@ -28,7 +28,7 @@
 from ..wsgi import wrap_file
 
 _TOpener = t.Callable[[], t.Tuple[t.BinaryIO, datetime, int]]
-_TLoader = t.Callable[[t.Optional[str]], t.Tuple[str, _TOpener]]
+_TLoader = t.Callable[[t.Optional[str]], t.Tuple[t.Optional[str], t.Optional[_TOpener]]]
 
 if t.TYPE_CHECKING:
     from wsgiref.types import StartResponse
@@ -163,11 +163,17 @@ def get_package_loader(self, package: str, package_path: str) -> _TLoader:
             # Python 3
             reader = provider.get_resource_reader(package)  # type: ignore
 
-            def loader(path):
+            def loader(
+                path: t.Optional[str],
+            ) -> t.Tuple[t.Optional[str], t.Optional[_TOpener]]:
                 if path is None:
                     return None, None
 
                 path = safe_join(package_path, path)
+
+                if path is None:
+                    return None, None
+
                 basename = posixpath.basename(path)
 
                 try:
@@ -198,11 +204,17 @@ def loader(path):
             is_filesystem = os.path.exists(package_filename)
             root = os.path.join(os.path.dirname(package_filename), package_path)
 
-            def loader(path):
+            def loader(
+                path: t.Optional[str],
+            ) -> t.Tuple[t.Optional[str], t.Optional[_TOpener]]:
                 if path is None:
                     return None, None
 
                 path = safe_join(root, path)
+
+                if path is None:
+                    return None, None
+
                 basename = posixpath.basename(path)
 
                 if is_filesystem:
@@ -212,7 +224,7 @@ def loader(path):
                     return basename, self._opener(path)
 
                 try:
-                    data = provider.get_data(path)
+                    data = provider.get_data(path)  # type: ignore
                 except OSError:
                     return None, None
 
@@ -221,9 +233,14 @@ def loader(path):
         return loader
 
     def get_directory_loader(self, directory: str) -> _TLoader:
-        def loader(path):
+        def loader(
+            path: t.Optional[str],
+        ) -> t.Tuple[t.Optional[str], t.Optional[_TOpener]]:
             if path is not None:
                 path = safe_join(directory, path)
+
+                if path is None:
+                    return None, None
             else:
                 path = directory
 
@@ -266,10 +283,10 @@ def __call__(
                 if file_loader is not None:
                     break
 
-        if file_loader is None or not self.is_allowed(real_filename):
+        if file_loader is None or not self.is_allowed(real_filename):  # type: ignore
             return self.app(environ, start_response)
 
-        guessed_type = mimetypes.guess_type(real_filename)
+        guessed_type = mimetypes.guess_type(real_filename)  # type: ignore
         mime_type = get_content_type(guessed_type[0] or self.fallback_mimetype, "utf-8")
         f, mtime, file_size = file_loader()
 
@@ -277,7 +294,7 @@ def __call__(
 
         if self.cache:
             timeout = self.cache_timeout
-            etag = self.generate_etag(mtime, file_size, real_filename)
+            etag = self.generate_etag(mtime, file_size, real_filename)  # type: ignore
             headers += [
                 ("Etag", f'"{etag}"'),
                 ("Cache-Control", f"max-age={timeout}, public"),
diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index a7825d219..cc5f0ad04 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -142,6 +142,7 @@
     import typing_extensions as te
     from wsgiref.types import WSGIApplication
     from wsgiref.types import WSGIEnvironment
+    from .wrappers.response import Response
 
 _rule_re = re.compile(
     r"""
@@ -182,7 +183,7 @@ def _pythonize(value: str) -> t.Union[None, bool, int, float, str]:
         return _PYTHON_CONSTANTS[value]
     for convert in int, float:
         try:
-            return convert(value)
+            return convert(value)  # type: ignore
         except ValueError:
             pass
     if value[:1] == value[-1:] and value[0] in "\"'":
@@ -262,7 +263,11 @@ def __init__(self, new_url: str) -> None:
         super().__init__(new_url)
         self.new_url = new_url
 
-    def get_response(self, environ=None):
+    def get_response(
+        self,
+        environ: t.Optional["WSGIEnvironment"] = None,
+        scope: t.Optional[dict] = None,
+    ) -> "Response":
         return redirect(self.new_url, self.code)
 
 
@@ -478,7 +483,7 @@ class RuleTemplate:
     def __init__(self, rules: t.Iterable["Rule"]) -> None:
         self.rules = list(rules)
 
-    def __call__(self, *args, **kwargs) -> "RuleTemplateFactory":
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> "RuleTemplateFactory":
         return RuleTemplateFactory(self.rules, dict(*args, **kwargs))
 
 
@@ -801,7 +806,7 @@ def get_converter(
             raise LookupError(f"the converter {converter_name!r} does not exist")
         return self.map.converters[converter_name](self.map, *args, **kwargs)
 
-    def _encode_query_vars(self, query_vars: t.Mapping[str, t.Any]):
+    def _encode_query_vars(self, query_vars: t.Mapping[str, t.Any]) -> str:
         return url_encode(
             query_vars,
             charset=self.map.charset,
@@ -863,7 +868,9 @@ def _build_regex(rule: str) -> None:
         if not self.is_leaf:
             self._trace.append((False, "/"))
 
+        self._build: t.Callable[..., t.Tuple[str, str]]
         self._build = self._compile_builder(False).__get__(self, None)  # type: ignore
+        self._build_unknown: t.Callable[..., t.Tuple[str, str]]
         self._build_unknown = self._compile_builder(True).__get__(  # type: ignore
             self, None
         )
@@ -882,7 +889,7 @@ def _build_regex(rule: str) -> None:
 
     def match(
         self, path: str, method: t.Optional[str] = None
-    ) -> t.Optional[t.Mapping[str, t.Any]]:
+    ) -> t.Optional[t.MutableMapping[str, t.Any]]:
         """Check if the rule matches a given path. Path is a string in the
         form ``"subdomain|/path"`` and is assembled by the map.  If
         the map is doing host matching the subdomain part will be the host
@@ -952,7 +959,7 @@ def _get_func_code(code: CodeType, name: str) -> t.Callable[..., t.Tuple[str, st
         globs: t.Dict[str, t.Any] = {}
         locs: t.Dict[str, t.Any] = {}
         exec(code, globs, locs)
-        return locs[name]
+        return locs[name]  # type: ignore
 
     def _compile_builder(
         self, append_unknown: bool = True
@@ -979,12 +986,12 @@ def _compile_builder(
             else:
                 opl.append((True, data))
 
-        def _convert(elem):
+        def _convert(elem: str) -> ast.stmt:
             ret = _prefix_names(_CALL_CONVERTER_CODE_FMT.format(elem=elem))
-            ret.args = [ast.Name(str(elem), ast.Load())]  # str for py2
+            ret.args = [ast.Name(str(elem), ast.Load())]  # type: ignore  # str for py2
             return ret
 
-        def _parts(ops):
+        def _parts(ops: t.List[t.Tuple[bool, str]]) -> t.List[ast.AST]:
             parts = [
                 _convert(elem) if is_dynamic else ast.Str(s=elem)
                 for is_dynamic, elem in ops
@@ -1007,7 +1014,7 @@ def _parts(ops):
             body = [_IF_KWARGS_URL_ENCODE_AST]
             url_parts.extend(_URL_ENCODE_AST_NAMES)
 
-        def _join(parts):
+        def _join(parts: t.List[ast.AST]) -> ast.AST:
             if len(parts) == 1:  # shortcut
                 return parts[0]
             return ast.JoinedStr(parts)
@@ -1175,7 +1182,7 @@ class BaseConverter:
     regex = "[^/]+"
     weight = 100
 
-    def __init__(self, map: "Map", *args, **kwargs) -> None:
+    def __init__(self, map: "Map", *args: t.Any, **kwargs: t.Any) -> None:
         self.map = map
 
     def to_python(self, value: str) -> t.Any:
@@ -1347,8 +1354,14 @@ class FloatConverter(NumberConverter):
     regex = r"\d+\.\d+"
     num_convert = float
 
-    def __init__(self, map, min=None, max=None, signed=False):
-        super().__init__(map, min=min, max=max, signed=signed)
+    def __init__(
+        self,
+        map: "Map",
+        min: t.Optional[float] = None,
+        max: t.Optional[float] = None,
+        signed: bool = False,
+    ) -> None:
+        super().__init__(map, min=min, max=max, signed=signed)  # type: ignore
 
 
 class UUIDConverter(BaseConverter):
@@ -1369,7 +1382,7 @@ class UUIDConverter(BaseConverter):
     def to_python(self, value: str) -> uuid.UUID:
         return uuid.UUID(value)
 
-    def to_url(self, value):
+    def to_url(self, value: uuid.UUID) -> str:
         return str(value)
 
 
@@ -1826,12 +1839,12 @@ def match(
 
     def match(
         self,
-        path_info=None,
-        method=None,
-        return_rule=False,
-        query_args=None,
-        websocket=None,
-    ):
+        path_info: t.Optional[str] = None,
+        method: t.Optional[str] = None,
+        return_rule: bool = False,
+        query_args: t.Optional[t.Union[t.Mapping[str, t.Any], str]] = None,
+        websocket: t.Optional[bool] = None,
+    ) -> t.Tuple[t.Union[str, Rule], t.Mapping[str, t.Any]]:
         """The usage is simple: you just pass the match method the current
         path info as well as the method (which defaults to `GET`).  The
         following things can then happen:
@@ -1925,7 +1938,7 @@ def match(
         else:
             path_info = _to_str(path_info, self.map.charset)
         if query_args is None:
-            query_args = self.query_args
+            query_args = self.query_args or {}
         method = (method or self.default_method).upper()
 
         if websocket is None:
@@ -1974,8 +1987,8 @@ def match(
             if rule.redirect_to is not None:
                 if isinstance(rule.redirect_to, str):
 
-                    def _handle_match(match):
-                        value = rv[match.group(1)]
+                    def _handle_match(match: t.Match[str]) -> str:
+                        value = rv[match.group(1)]  # type: ignore
                         return rule._converters[match.group(1)].to_url(value)
 
                     redirect_url = _simple_rule_re.sub(_handle_match, rule.redirect_to)
diff --git a/src/werkzeug/sansio/response.py b/src/werkzeug/sansio/response.py
index f5975ccf8..aedfcb043 100644
--- a/src/werkzeug/sansio/response.py
+++ b/src/werkzeug/sansio/response.py
@@ -7,6 +7,7 @@
 
 from .._internal import _to_str
 from ..datastructures import Headers
+from ..datastructures import HeaderSet
 from ..http import dump_cookie
 from ..http import HTTP_STATUS_CODES
 from ..utils import get_content_type
@@ -35,8 +36,8 @@
 
 
 def _set_property(name: str, doc: t.Optional[str] = None) -> property:
-    def fget(self):
-        def on_update(header_set):
+    def fget(self: "Response") -> HeaderSet:
+        def on_update(header_set: HeaderSet) -> None:
             if not header_set and name in self.headers:
                 del self.headers[name]
             elif header_set:
@@ -44,7 +45,12 @@ def on_update(header_set):
 
         return parse_set_header(self.headers.get(name), on_update)
 
-    def fset(self, value):
+    def fset(
+        self: "Response",
+        value: t.Optional[
+            t.Union[str, t.Dict[str, t.Union[str, int]], t.Iterable[str]]
+        ],
+    ) -> None:
         if not value:
             del self.headers[name]
         elif isinstance(value, str):
@@ -249,7 +255,7 @@ def delete_cookie(
         secure: bool = False,
         httponly: bool = False,
         samesite: t.Optional[str] = None,
-    ):
+    ) -> None:
         """Delete a cookie.  Fails silently if key doesn't exist.
 
         :param key: the key (name) of the cookie to be deleted.
@@ -311,7 +317,7 @@ def mimetype_params(self) -> t.Dict[str, str]:
         .. versionadded:: 0.5
         """
 
-        def on_update(d):
+        def on_update(d: t.Dict[str, str]) -> None:
             self.headers["Content-Type"] = dump_options_header(self.mimetype, d)
 
         d = parse_options_header(self.headers.get("content-type", ""))[1]
@@ -482,7 +488,7 @@ def cache_control(self) -> ResponseCacheControl:
         request/response chain.
         """
 
-        def on_update(cache_control):
+        def on_update(cache_control: ResponseCacheControl) -> None:
             if not cache_control and "cache-control" in self.headers:
                 del self.headers["cache-control"]
             elif cache_control:
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index e37e9af1f..97cd01013 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -38,7 +38,7 @@
 except ImportError:
 
     class _SslDummy:
-        def __getattr__(self, name):
+        def __getattr__(self, name: str) -> t.Any:
             raise RuntimeError("SSL support unavailable")
 
     ssl = _SslDummy()  # type: ignore
@@ -159,7 +159,7 @@ def server_version(self) -> str:  # type: ignore
     def make_environ(self) -> "WSGIEnvironment":
         request_url = url_parse(self.path)
 
-        def shutdown_server():
+        def shutdown_server() -> None:
             warnings.warn(
                 "The 'environ['werkzeug.server.shutdown']' function is"
                 " deprecated and will be removed in Werkzeug 2.1.",
@@ -290,7 +290,7 @@ def write(data: bytes) -> None:
             self.wfile.write(data)
             self.wfile.flush()
 
-        def start_response(status, headers, exc_info=None):
+        def start_response(status, headers, exc_info=None):  # type: ignore
             nonlocal status_set, headers_set
             if exc_info:
                 try:
@@ -387,7 +387,7 @@ def version_string(self) -> str:
 
     def address_string(self) -> str:
         if getattr(self, "environ", None):
-            return self.environ["REMOTE_ADDR"]
+            return self.environ["REMOTE_ADDR"]  # type: ignore
 
         if not self.client_address:
             return ""
@@ -397,7 +397,9 @@ def address_string(self) -> str:
     def port_integer(self) -> int:
         return self.client_address[1]
 
-    def log_request(self, code: t.Union[int, str] = "-", size: t.Union[int, str] = "-"):
+    def log_request(
+        self, code: t.Union[int, str] = "-", size: t.Union[int, str] = "-"
+    ) -> None:
         try:
             path = uri_to_iri(self.path)
             msg = f"{self.command} {path} {self.request_version}"
@@ -425,13 +427,13 @@ def log_request(self, code: t.Union[int, str] = "-", size: t.Union[int, str] = "
 
         self.log("info", '"%s" %s %s', msg, code, size)
 
-    def log_error(self, *args) -> None:
-        self.log("error", *args)
+    def log_error(self, format: str, *args: t.Any) -> None:
+        self.log("error", format, *args)
 
-    def log_message(self, format: str, *args) -> None:
+    def log_message(self, format: str, *args: t.Any) -> None:
         self.log("info", format, *args)
 
-    def log(self, type: str, message: str, *args) -> None:
+    def log(self, type: str, message: str, *args: t.Any) -> None:
         _log(
             type,
             f"{self.address_string()} - - [{self.log_date_time_string()}] {message}\n",
@@ -439,7 +441,7 @@ def log(self, type: str, message: str, *args) -> None:
         )
 
 
-def _ansi_style(value, *styles):
+def _ansi_style(value: str, *styles: str) -> str:
     codes = {
         "bold": 1,
         "red": 31,
@@ -466,8 +468,10 @@ def generate_adhoc_ssl_pair(
         from cryptography.hazmat.primitives.asymmetric import rsa
     except ImportError:
         raise TypeError("Using ad-hoc certificates requires the cryptography library.")
+
+    backend = default_backend()
     pkey = rsa.generate_private_key(
-        public_exponent=65537, key_size=2048, backend=default_backend()
+        public_exponent=65537, key_size=2048, backend=backend
     )
 
     # pretty damn sure that this is not actually accepted by anyone
@@ -481,6 +485,7 @@ def generate_adhoc_ssl_pair(
         ]
     )
 
+    backend = default_backend()
     cert = (
         x509.CertificateBuilder()
         .subject_name(subject)
@@ -491,7 +496,7 @@ def generate_adhoc_ssl_pair(
         .not_valid_after(dt.now(timezone.utc) + timedelta(days=365))
         .add_extension(x509.ExtendedKeyUsage([x509.OID_SERVER_AUTH]), critical=False)
         .add_extension(x509.SubjectAlternativeName([x509.DNSName("*")]), critical=False)
-        .sign(pkey, hashes.SHA256(), default_backend())
+        .sign(pkey, hashes.SHA256(), backend)
     )
     return cert, pkey
 
@@ -591,10 +596,10 @@ def load_ssl_context(
     return ctx
 
 
-def is_ssl_error(error=None):
+def is_ssl_error(error: t.Optional[Exception] = None) -> bool:
     """Checks if the given error (or the current one) is an SSL error."""
     if error is None:
-        error = sys.exc_info()[1]
+        error = t.cast(Exception, sys.exc_info()[1])
     return isinstance(error, ssl.SSLError)
 
 
@@ -624,7 +629,7 @@ def get_sockaddr(
     return res[0][4]  # type: ignore
 
 
-def get_interface_ip(family: socket.AddressFamily):
+def get_interface_ip(family: socket.AddressFamily) -> str:
     """Get the IP address of an external interface. Used when binding to
     0.0.0.0 or ::1 to show a more useful URL.
 
@@ -639,7 +644,7 @@ def get_interface_ip(family: socket.AddressFamily):
         except OSError:
             return "::1" if family == socket.AF_INET6 else "127.0.0.1"
 
-        return s.getsockname()[0]
+        return s.getsockname()[0]  # type: ignore
 
 
 class BaseWSGIServer(HTTPServer):
@@ -703,10 +708,10 @@ def __init__(
         else:
             self.ssl_context = None
 
-    def log(self, type: str, message: str, *args) -> None:
+    def log(self, type: str, message: str, *args: t.Any) -> None:
         _log(type, message, *args)
 
-    def serve_forever(self, poll_interval=0.5) -> None:
+    def serve_forever(self, poll_interval: float = 0.5) -> None:
         self.shutdown_signal = False
         try:
             super().serve_forever(poll_interval=poll_interval)
@@ -905,7 +910,7 @@ def run_simple(
 
         application = SharedDataMiddleware(application, static_files)
 
-    def log_startup(sock):
+    def log_startup(sock: socket.socket) -> None:
         all_addresses_message = (
             " * Running on all addresses.\n"
             "   WARNING: This is a development server. Do not use it in"
@@ -935,9 +940,9 @@ def log_startup(sock):
                 sock.getsockname()[1],
             )
 
-    def inner():
+    def inner() -> None:
         try:
-            fd = int(os.environ["WERKZEUG_SERVER_FD"])
+            fd: t.Optional[int] = int(os.environ["WERKZEUG_SERVER_FD"])
         except (LookupError, ValueError):
             fd = None
         srv = make_server(
@@ -1003,7 +1008,7 @@ def inner():
         inner()
 
 
-def run_with_reloader(*args, **kwargs) -> None:
+def run_with_reloader(*args: t.Any, **kwargs: t.Any) -> None:
     """Run a process with the reloader. This is not a public API, do
     not use this function.
 
diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py
index 9e02e3b35..8815b0f79 100644
--- a/src/werkzeug/test.py
+++ b/src/werkzeug/test.py
@@ -64,30 +64,31 @@ def stream_encode_multipart(
     if boundary is None:
         boundary = f"---------------WerkzeugFormPart_{time()}{random()}"
 
-    stream = BytesIO()
+    stream: t.BinaryIO = BytesIO()
     total_length = 0
     on_disk = False
 
     if use_tempfile:
 
-        def write_binary(string):
+        def write_binary(s: bytes) -> int:
             nonlocal stream, total_length, on_disk
 
             if on_disk:
-                stream.write(string)
+                return stream.write(s)
             else:
-                length = len(string)
+                length = len(s)
 
                 if length + total_length <= threshold:
-                    stream.write(string)
+                    stream.write(s)
                 else:
-                    new_stream = TemporaryFile("wb+")
-                    new_stream.write(stream.getvalue())
-                    new_stream.write(string)
+                    new_stream = t.cast(t.BinaryIO, TemporaryFile("wb+"))
+                    new_stream.write(stream.getvalue())  # type: ignore
+                    new_stream.write(s)
                     stream = new_stream
                     on_disk = True
 
                 total_length += length
+                return length
 
     else:
         write_binary = stream.write
@@ -451,7 +452,9 @@ def __init__(
             self.mimetype = mimetype
 
     @classmethod
-    def from_environ(cls, environ: "WSGIEnvironment", **kwargs) -> "EnvironBuilder":
+    def from_environ(
+        cls, environ: "WSGIEnvironment", **kwargs: t.Any
+    ) -> "EnvironBuilder":
         """Turn an environ dict back into a builder. Any extra kwargs
         override the args extracted from the environ.
 
@@ -565,7 +568,7 @@ def mimetype_params(self) -> t.Mapping[str, str]:
         .. versionadded:: 0.14
         """
 
-        def on_update(d):
+        def on_update(d: t.Mapping[str, str]) -> None:
             self.headers["Content-Type"] = dump_options_header(self.mimetype, d)
 
         d = parse_options_header(self.headers.get("content-type", ""))[1]
@@ -602,7 +605,7 @@ def _get_form(self, name: str, storage: t.Type[_TAnyMultiDict]) -> _TAnyMultiDic
             rv = storage()
             setattr(self, name, rv)
 
-        return rv
+        return rv  # type: ignore
 
     def _set_form(self, name: str, value: MultiDict) -> None:
         """Common behavior for setting the :attr:`form` and
@@ -1007,11 +1010,11 @@ def resolve_redirect(
 
     def open(
         self,
-        *args,
+        *args: t.Any,
         as_tuple: bool = False,
         buffered: bool = False,
         follow_redirects: bool = False,
-        **kwargs,
+        **kwargs: t.Any,
     ) -> "TestResponse":
         """Generate an environ dict from the given arguments, make a
         request to the application using it, and return the response.
@@ -1118,42 +1121,42 @@ def open(
 
         return response
 
-    def get(self, *args, **kw) -> "TestResponse":
+    def get(self, *args: t.Any, **kw: t.Any) -> "TestResponse":
         """Call :meth:`open` with ``method`` set to ``GET``."""
         kw["method"] = "GET"
         return self.open(*args, **kw)
 
-    def post(self, *args, **kw) -> "TestResponse":
+    def post(self, *args: t.Any, **kw: t.Any) -> "TestResponse":
         """Call :meth:`open` with ``method`` set to ``POST``."""
         kw["method"] = "POST"
         return self.open(*args, **kw)
 
-    def put(self, *args, **kw) -> "TestResponse":
+    def put(self, *args: t.Any, **kw: t.Any) -> "TestResponse":
         """Call :meth:`open` with ``method`` set to ``PUT``."""
         kw["method"] = "PUT"
         return self.open(*args, **kw)
 
-    def delete(self, *args, **kw) -> "TestResponse":
+    def delete(self, *args: t.Any, **kw: t.Any) -> "TestResponse":
         """Call :meth:`open` with ``method`` set to ``DELETE``."""
         kw["method"] = "DELETE"
         return self.open(*args, **kw)
 
-    def patch(self, *args, **kw) -> "TestResponse":
+    def patch(self, *args: t.Any, **kw: t.Any) -> "TestResponse":
         """Call :meth:`open` with ``method`` set to ``PATCH``."""
         kw["method"] = "PATCH"
         return self.open(*args, **kw)
 
-    def options(self, *args, **kw) -> "TestResponse":
+    def options(self, *args: t.Any, **kw: t.Any) -> "TestResponse":
         """Call :meth:`open` with ``method`` set to ``OPTIONS``."""
         kw["method"] = "OPTIONS"
         return self.open(*args, **kw)
 
-    def head(self, *args, **kw) -> "TestResponse":
+    def head(self, *args: t.Any, **kw: t.Any) -> "TestResponse":
         """Call :meth:`open` with ``method`` set to ``HEAD``."""
         kw["method"] = "HEAD"
         return self.open(*args, **kw)
 
-    def trace(self, *args, **kw) -> "TestResponse":
+    def trace(self, *args: t.Any, **kw: t.Any) -> "TestResponse":
         """Call :meth:`open` with ``method`` set to ``TRACE``."""
         kw["method"] = "TRACE"
         return self.open(*args, **kw)
@@ -1162,7 +1165,7 @@ def __repr__(self) -> str:
         return f"<{type(self).__name__} {self.application!r}>"
 
 
-def create_environ(*args, **kwargs) -> "WSGIEnvironment":
+def create_environ(*args: t.Any, **kwargs: t.Any) -> "WSGIEnvironment":
     """Create a new WSGI environ dict based on the values passed.  The first
     parameter should be the path of the request which defaults to '/'.  The
     second one can either be an absolute path (in that case the host is
@@ -1211,7 +1214,7 @@ def run_wsgi_app(
     response: t.Optional[t.Tuple[str, t.List[t.Tuple[str, str]]]] = None
     buffer: t.List[bytes] = []
 
-    def start_response(status, headers, exc_info=None):
+    def start_response(status, headers, exc_info=None):  # type: ignore
         nonlocal response
 
         if exc_info:
@@ -1287,7 +1290,7 @@ def __init__(
         headers: Headers,
         request: Request,
         history: t.Tuple["TestResponse"] = (),  # type: ignore
-        **kwargs,
+        **kwargs: t.Any,
     ) -> None:
         super().__init__(response, status, headers, **kwargs)
         self.request = request
diff --git a/src/werkzeug/testapp.py b/src/werkzeug/testapp.py
index 0f93da584..76f83974b 100644
--- a/src/werkzeug/testapp.py
+++ b/src/werkzeug/testapp.py
@@ -141,7 +141,7 @@
 def iter_sys_path() -> t.Iterator[t.Tuple[str, bool, bool]]:
     if os.name == "posix":
 
-        def strip(x):
+        def strip(x: str) -> str:
             prefix = os.path.expanduser("~")
             if x.startswith(prefix):
                 x = f"~{x[len(prefix) :]}"
@@ -149,7 +149,7 @@ def strip(x):
 
     else:
 
-        def strip(x):
+        def strip(x: str) -> str:
             return x
 
     cwd = os.path.abspath(os.getcwd())
@@ -164,7 +164,10 @@ def render_testapp(req: Request) -> bytes:
     except ImportError:
         eggs: t.Iterable[t.Any] = ()
     else:
-        eggs = sorted(pkg_resources.working_set, key=lambda x: x.project_name.lower())
+        eggs = sorted(
+            pkg_resources.working_set,
+            key=lambda x: x.project_name.lower(),  # type: ignore
+        )
     python_eggs = []
     for egg in eggs:
         try:
diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py
index d9edb8860..7566ac273 100644
--- a/src/werkzeug/urls.py
+++ b/src/werkzeug/urls.py
@@ -60,7 +60,7 @@ class BaseURL(_URLTuple):
     def __str__(self) -> str:
         return self.to_url()
 
-    def replace(self, **kwargs) -> "BaseURL":
+    def replace(self, **kwargs: t.Any) -> "BaseURL":
         """Return an URL with the same values, except for those parameters
         given new values by whichever keyword arguments are specified."""
         return self._replace(**kwargs)
@@ -142,14 +142,14 @@ def raw_password(self) -> t.Optional[str]:
         """
         return self._split_auth()[1]
 
-    def decode_query(self, *args, **kwargs) -> "ds.MultiDict[str, str]":
+    def decode_query(self, *args: t.Any, **kwargs: t.Any) -> "ds.MultiDict[str, str]":
         """Decodes the query part of the URL.  Ths is a shortcut for
         calling :func:`url_decode` on the query argument.  The arguments and
         keyword arguments are forwarded to :func:`url_decode` unchanged.
         """
         return url_decode(self.query, *args, **kwargs)
 
-    def join(self, *args, **kwargs) -> "BaseURL":
+    def join(self, *args: t.Any, **kwargs: t.Any) -> "BaseURL":
         """Joins this URL with another one.  This is just a convenience
         function for calling into :meth:`url_join` and then parsing the
         return value again.
@@ -339,7 +339,7 @@ class URL(BaseURL):
     _lbracket = "["
     _rbracket = "]"
 
-    def encode(self, charset="utf-8", errors="replace") -> "BytesURL":
+    def encode(self, charset: str = "utf-8", errors: str = "replace") -> "BytesURL":
         """Encodes the URL to a tuple made out of bytes.  The charset is
         only being used for the path, query and fragment.
         """
@@ -368,7 +368,7 @@ def encode_netloc(self) -> bytes:  # type: ignore
         """Returns the netloc unchanged as bytes."""
         return self.netloc  # type: ignore
 
-    def decode(self, charset="utf-8", errors="replace") -> "URL":
+    def decode(self, charset: str = "utf-8", errors: str = "replace") -> "URL":
         """Decodes the URL to a tuple made out of strings.  The charset is
         only being used for the path, query and fragment.
         """
@@ -422,7 +422,7 @@ def _url_encode_impl(
     charset: str,
     sort: bool,
     key: t.Optional[t.Callable[[t.Tuple[str, str]], t.Any]],
-):
+) -> t.Iterator[str]:
     from .datastructures import iter_multi_items
 
     iterable: t.Iterable[t.Tuple[str, str]] = iter_multi_items(obj)
@@ -699,14 +699,14 @@ def url_fix(s: str, charset: str = "utf-8") -> str:
 _to_iri_unsafe = "".join([chr(c) for c in range(128) if c not in _always_safe])
 
 
-def _codec_error_url_quote(e):
+def _codec_error_url_quote(e: UnicodeError) -> t.Tuple[str, int]:
     """Used in :func:`uri_to_iri` after unquoting to re-quote any
     invalid bytes.
     """
-    # the docs state that `UnicodeError` does have these attributes,
-    # but mypy isn't picking them up?
-    out = _fast_url_quote(e.object[e.start : e.end])
-    return out, e.end
+    # the docs state that UnicodeError does have these attributes,
+    # but mypy isn't picking them up
+    out = _fast_url_quote(e.object[e.start : e.end])  # type: ignore
+    return out, e.end  # type: ignore
 
 
 codecs.register_error("werkzeug.url_quote", _codec_error_url_quote)
@@ -870,7 +870,7 @@ def url_decode(
 
 def url_decode_stream(
     stream: t.BinaryIO,
-    charset="utf-8",
+    charset: str = "utf-8",
     decode_keys: None = None,
     include_empty: bool = True,
     errors: str = "replace",
@@ -1026,7 +1026,7 @@ def url_encode_stream(
     separator = _to_str(separator, "ascii")
     gen = _url_encode_impl(obj, charset, sort, key)
     if stream is None:
-        return gen
+        return gen  # type: ignore
     for idx, chunk in enumerate(gen):
         if idx:
             stream.write(separator)
@@ -1038,7 +1038,7 @@ def url_join(
     base: t.Union[str, t.Tuple[str, str, str, str, str]],
     url: t.Union[str, t.Tuple[str, str, str, str, str]],
     allow_fragments: bool = True,
-):
+) -> str:
     """Join a base URL and a possibly relative URL to form an absolute
     interpretation of the latter.
 
@@ -1160,7 +1160,9 @@ class Href:
         `sort` and `key` were added.
     """
 
-    def __init__(self, base="./", charset="utf-8", sort=False, key=None):
+    def __init__(  # type: ignore
+        self, base="./", charset="utf-8", sort=False, key=None
+    ):
         warnings.warn(
             "'Href' is deprecated and will be removed in Werkzeug 2.1."
             " Use 'werkzeug.routing' instead.",
@@ -1175,7 +1177,7 @@ def __init__(self, base="./", charset="utf-8", sort=False, key=None):
         self.sort = sort
         self.key = key
 
-    def __getattr__(self, name):
+    def __getattr__(self, name):  # type: ignore
         if name[:2] == "__":
             raise AttributeError(name)
         base = self.base
@@ -1183,7 +1185,7 @@ def __getattr__(self, name):
             base += "/"
         return Href(url_join(base, name), self.charset, self.sort, self.key)
 
-    def __call__(self, *path, **query):
+    def __call__(self, *path, **query):  # type: ignore
         if path and isinstance(path[-1], dict):
             if query:
                 raise TypeError("keyword arguments and query-dicts can't be combined")
diff --git a/src/werkzeug/user_agent.py b/src/werkzeug/user_agent.py
index b1367553c..66ffcbe07 100644
--- a/src/werkzeug/user_agent.py
+++ b/src/werkzeug/user_agent.py
@@ -33,7 +33,7 @@ def __init__(self, string: str) -> None:
         self.string: str = string
         """The original header value."""
 
-    def __repr__(self):
+    def __repr__(self) -> str:
         return f"<{type(self).__name__} {self.browser}/{self.version}>"
 
     def __str__(self) -> str:
diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py
index 9930f72be..9ff940312 100644
--- a/src/werkzeug/useragents.py
+++ b/src/werkzeug/useragents.py
@@ -120,7 +120,7 @@ class UserAgentParser(_UserAgentParser):
         instead.
     """
 
-    def __init__(self):
+    def __init__(self) -> None:
         warnings.warn(
             "'UserAgentParser' is deprecated and will be removed in"
             " Werkzeug 2.1. Use a dedicated parser library instead.",
@@ -131,7 +131,7 @@ def __init__(self):
 
 
 class _deprecated_property(property):
-    def __init__(self, fget):
+    def __init__(self, fget: t.Callable[["_UserAgent"], t.Any]) -> None:
         super().__init__(fget)
         self.message = (
             "The built-in user agent parser is deprecated and will be"
@@ -141,7 +141,7 @@ def __init__(self, fget):
             " parser."
         )
 
-    def __get__(self, *args, **kwargs):
+    def __get__(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
         warnings.warn(self.message, DeprecationWarning, stacklevel=3)
         return super().__get__(*args, **kwargs)
 
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index cad786c76..80e2502ce 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -27,7 +27,8 @@
 
 if t.TYPE_CHECKING:
     from wsgiref.types import WSGIEnvironment
-    from .wrappers import Response
+    from .wrappers.request import Request
+    from .wrappers.response import Response
 
 _entity_re = re.compile(r"&([^;]+);")
 _filename_ascii_strip_re = re.compile(r"[^A-Za-z0-9_.-]")
@@ -158,14 +159,14 @@ class environ_property(_DictAccessorProperty[_TAccessorValue]):
 
     read_only = True
 
-    def lookup(self, obj: t.Any) -> "WSGIEnvironment":
+    def lookup(self, obj: "Request") -> "WSGIEnvironment":
         return obj.environ
 
 
 class header_property(_DictAccessorProperty[_TAccessorValue]):
     """Like `environ_property` but for headers."""
 
-    def lookup(self, obj: t.Any) -> Headers:
+    def lookup(self, obj: t.Union["Request", "Response"]) -> Headers:
         return obj.headers
 
 
@@ -238,10 +239,10 @@ class HTMLBuilder:
     _plaintext_elements = {"textarea"}
     _c_like_cdata = {"script", "style"}
 
-    def __init__(self, dialect):
+    def __init__(self, dialect):  # type: ignore
         self._dialect = dialect
 
-    def __call__(self, s):
+    def __call__(self, s):  # type: ignore
         import html
 
         warnings.warn(
@@ -251,7 +252,7 @@ def __call__(self, s):
         )
         return html.escape(s)
 
-    def __getattr__(self, tag):
+    def __getattr__(self, tag):  # type: ignore
         import html
 
         warnings.warn(
@@ -262,7 +263,7 @@ def __getattr__(self, tag):
         if tag[:2] == "__":
             raise AttributeError(tag)
 
-        def proxy(*children, **arguments):
+        def proxy(*children, **arguments):  # type: ignore
             buffer = f"<{tag}"
             for key, value in arguments.items():
                 if value is None:
@@ -299,7 +300,7 @@ def proxy(*children, **arguments):
 
         return proxy
 
-    def __repr__(self):
+    def __repr__(self) -> str:
         return f"<{type(self).__name__} for {self._dialect!r}>"
 
 
@@ -401,7 +402,7 @@ def detect_utf_encoding(data: bytes) -> str:
     return "utf-8"
 
 
-def format_string(string, context):
+def format_string(string: str, context: t.Mapping[str, t.Any]) -> str:
     """String-template format a string:
 
     >>> format_string('$foo and ${foo}s', dict(foo=42))
@@ -474,7 +475,7 @@ def secure_filename(filename: str) -> str:
     return filename
 
 
-def escape(s):
+def escape(s: t.Any) -> str:
     """Replace ``&``, ``<``, ``>``, ``"``, and ``'`` with HTML-safe
     sequences.
 
@@ -496,15 +497,15 @@ def escape(s):
         return ""
 
     if hasattr(s, "__html__"):
-        return s.__html__()
+        return s.__html__()  # type: ignore
 
     if not isinstance(s, str):
         s = str(s)
 
-    return html.escape(s, quote=True)
+    return html.escape(s, quote=True)  # type: ignore
 
 
-def unescape(s):
+def unescape(s: str) -> str:
     """The reverse of :func:`escape`. This unescapes all the HTML
     entities, not only those inserted by ``escape``.
 
@@ -600,7 +601,7 @@ def send_file(
     use_x_sendfile: bool = False,
     response_class: t.Optional[t.Type["Response"]] = None,
     _root_path: t.Optional[t.Union[os.PathLike, str]] = None,
-):
+) -> "Response":
     """Send the contents of a file to the client.
 
     The first argument can be a file path or a file-like object. Paths
@@ -803,7 +804,7 @@ def send_from_directory(
     directory: t.Union[os.PathLike, str],
     path: t.Union[os.PathLike, str],
     environ: "WSGIEnvironment",
-    **kwargs,
+    **kwargs: t.Any,
 ) -> "Response":
     """Send a file from within a directory using :func:`send_file`.
 
@@ -914,7 +915,7 @@ def find_modules(
             yield modname
 
 
-def validate_arguments(func, args, kwargs, drop_extra=True):
+def validate_arguments(func, args, kwargs, drop_extra=True):  # type: ignore
     """Checks if the function accepts the arguments and keyword arguments.
     Returns a new ``(args, kwargs)`` tuple that can safely be passed to
     the function without causing a `TypeError` because the function signature
@@ -977,7 +978,7 @@ def proxy(request):
     return tuple(args), kwargs
 
 
-def bind_arguments(func, args, kwargs):
+def bind_arguments(func, args, kwargs):  # type: ignore
     """Bind the arguments provided into a dict.  When passed a function,
     a tuple of arguments and a dict of keyword arguments `bind_arguments`
     returns a dict of names as the function would see it.  This can be useful
@@ -1036,7 +1037,7 @@ class ArgumentValidationError(ValueError):
         ``validate_arguments``.
     """
 
-    def __init__(self, missing=None, extra=None, extra_positional=None):
+    def __init__(self, missing=None, extra=None, extra_positional=None):  # type: ignore
         self.missing = set(missing or ())
         self.extra = extra or {}
         self.extra_positional = extra_positional or []
@@ -1055,7 +1056,7 @@ class ImportStringError(ImportError):
     #: Wrapped exception.
     exception: BaseException
 
-    def __init__(self, import_name, exception):
+    def __init__(self, import_name: str, exception: BaseException) -> None:
         self.import_name = import_name
         self.exception = exception
         msg = import_name
@@ -1085,5 +1086,5 @@ def __init__(self, import_name, exception):
 
         super().__init__(msg)
 
-    def __repr__(self):
+    def __repr__(self) -> str:
         return f"<{type(self).__name__}({self.import_name!r}, {self.exception!r})>"
diff --git a/src/werkzeug/wrappers/accept.py b/src/werkzeug/wrappers/accept.py
index 6de5294a8..9605e637d 100644
--- a/src/werkzeug/wrappers/accept.py
+++ b/src/werkzeug/wrappers/accept.py
@@ -1,8 +1,9 @@
+import typing as t
 import warnings
 
 
 class AcceptMixin:
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'AcceptMixin' is deprecated and will be removed in"
             " Werkzeug 2.1. 'Request' now includes the functionality"
@@ -10,4 +11,4 @@ def __init__(self, *args, **kwargs):
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wrappers/auth.py b/src/werkzeug/wrappers/auth.py
index 11514e8db..da31b7cf7 100644
--- a/src/werkzeug/wrappers/auth.py
+++ b/src/werkzeug/wrappers/auth.py
@@ -1,8 +1,9 @@
+import typing as t
 import warnings
 
 
 class AuthorizationMixin:
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'AuthorizationMixin' is deprecated and will be removed in"
             " Werkzeug 2.1. 'Request' now includes the functionality"
@@ -10,11 +11,11 @@ def __init__(self, *args, **kwargs):
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)  # type: ignore
 
 
 class WWWAuthenticateMixin:
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'WWWAuthenticateMixin' is deprecated and will be removed"
             " in Werkzeug 2.1. 'Response' now includes the"
@@ -22,4 +23,4 @@ def __init__(self, *args, **kwargs):
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py
index 48dcc46c5..451989fd7 100644
--- a/src/werkzeug/wrappers/base_request.py
+++ b/src/werkzeug/wrappers/base_request.py
@@ -1,10 +1,11 @@
+import typing as t
 import warnings
 
 from .request import Request
 
 
 class _FakeSubclassCheck(type):
-    def __subclasscheck__(cls, subclass):
+    def __subclasscheck__(cls, subclass: t.Type) -> bool:
         warnings.warn(
             "'BaseRequest' is deprecated and will be removed in"
             " Werkzeug 2.1. Use 'issubclass(cls, Request)' instead.",
@@ -13,7 +14,7 @@ def __subclasscheck__(cls, subclass):
         )
         return issubclass(subclass, Request)
 
-    def __instancecheck__(cls, instance):
+    def __instancecheck__(cls, instance: t.Any) -> bool:
         warnings.warn(
             "'BaseRequest' is deprecated and will be removed in"
             " Werkzeug 2.1. Use 'isinstance(obj, Request)' instead.",
@@ -24,7 +25,7 @@ def __instancecheck__(cls, instance):
 
 
 class BaseRequest(Request, metaclass=_FakeSubclassCheck):
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'BaseRequest' is deprecated and will be removed in"
             " Werkzeug 2.1. 'Request' now includes the functionality"
diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py
index a102d8943..3e0dc6766 100644
--- a/src/werkzeug/wrappers/base_response.py
+++ b/src/werkzeug/wrappers/base_response.py
@@ -1,10 +1,11 @@
+import typing as t
 import warnings
 
 from .response import Response
 
 
 class _FakeSubclassCheck(type):
-    def __subclasscheck__(cls, subclass):
+    def __subclasscheck__(cls, subclass: t.Type) -> bool:
         warnings.warn(
             "'BaseResponse' is deprecated and will be removed in"
             " Werkzeug 2.1. Use 'issubclass(cls, Response)' instead.",
@@ -13,7 +14,7 @@ def __subclasscheck__(cls, subclass):
         )
         return issubclass(subclass, Response)
 
-    def __instancecheck__(cls, instance):
+    def __instancecheck__(cls, instance: t.Any) -> bool:
         warnings.warn(
             "'BaseResponse' is deprecated and will be removed in"
             " Werkzeug 2.1. Use 'isinstance(obj, Response)' instead.",
@@ -24,7 +25,7 @@ def __instancecheck__(cls, instance):
 
 
 class BaseResponse(Response, metaclass=_FakeSubclassCheck):
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'BaseResponse' is deprecated and will be removed in"
             " Werkzeug 2.1. 'Response' now includes the functionality"
diff --git a/src/werkzeug/wrappers/common_descriptors.py b/src/werkzeug/wrappers/common_descriptors.py
index 77e935cc3..db87ea5fa 100644
--- a/src/werkzeug/wrappers/common_descriptors.py
+++ b/src/werkzeug/wrappers/common_descriptors.py
@@ -1,8 +1,9 @@
+import typing as t
 import warnings
 
 
 class CommonRequestDescriptorsMixin:
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'CommonRequestDescriptorsMixin' is deprecated and will be"
             " removed in Werkzeug 2.1. 'Request' now includes the"
@@ -10,11 +11,11 @@ def __init__(self, *args, **kwargs):
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)  # type: ignore
 
 
 class CommonResponseDescriptorsMixin:
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'CommonResponseDescriptorsMixin' is deprecated and will be"
             " removed in Werkzeug 2.1. 'Response' now includes the"
@@ -22,4 +23,4 @@ def __init__(self, *args, **kwargs):
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wrappers/cors.py b/src/werkzeug/wrappers/cors.py
index 3039abecb..89cf83ef8 100644
--- a/src/werkzeug/wrappers/cors.py
+++ b/src/werkzeug/wrappers/cors.py
@@ -1,8 +1,9 @@
+import typing as t
 import warnings
 
 
 class CORSRequestMixin:
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'CORSRequestMixin' is deprecated and will be removed in"
             " Werkzeug 2.1. 'Request' now includes the functionality"
@@ -10,11 +11,11 @@ def __init__(self, *args, **kwargs):
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)  # type: ignore
 
 
 class CORSResponseMixin:
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'CORSResponseMixin' is deprecated and will be removed in"
             " Werkzeug 2.1. 'Response' now includes the functionality"
@@ -22,4 +23,4 @@ def __init__(self, *args, **kwargs):
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wrappers/etag.py b/src/werkzeug/wrappers/etag.py
index 8b9f87875..2e9015a58 100644
--- a/src/werkzeug/wrappers/etag.py
+++ b/src/werkzeug/wrappers/etag.py
@@ -1,8 +1,9 @@
+import typing as t
 import warnings
 
 
 class ETagRequestMixin:
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'ETagRequestMixin' is deprecated and will be removed in"
             " Werkzeug 2.1. 'Request' now includes the functionality"
@@ -10,11 +11,11 @@ def __init__(self, *args, **kwargs):
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)  # type: ignore
 
 
 class ETagResponseMixin:
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'ETagResponseMixin' is deprecated and will be removed in"
             " Werkzeug 2.1. 'Response' now includes the functionality"
@@ -22,4 +23,4 @@ def __init__(self, *args, **kwargs):
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wrappers/json.py b/src/werkzeug/wrappers/json.py
index a9ff5295b..ab6ed7ba9 100644
--- a/src/werkzeug/wrappers/json.py
+++ b/src/werkzeug/wrappers/json.py
@@ -1,12 +1,13 @@
+import typing as t
 import warnings
 
 
 class JSONMixin:
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'JSONMixin' is deprecated and will be removed in Werkzeug"
             " 2.1. 'Request' now includes the functionality directly.",
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index 255913772..ecbd02017 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -1,5 +1,6 @@
 import functools
 import json
+import typing
 import typing as t
 import warnings
 from io import BytesIO
@@ -21,6 +22,7 @@
 from werkzeug.exceptions import BadRequest
 
 if t.TYPE_CHECKING:
+    import typing_extensions as te
     from wsgiref.types import WSGIApplication
     from wsgiref.types import WSGIEnvironment
 
@@ -140,7 +142,7 @@ def __init__(
             self.environ["werkzeug.request"] = self
 
     @classmethod
-    def from_values(cls, *args, **kwargs) -> "Request":
+    def from_values(cls, *args: t.Any, **kwargs: t.Any) -> "Request":
         """Create a new request object based on the values provided.  If
         environ is given missing values are filled from there.  This method is
         useful for small scripts when you need to simulate a request from an URL.
@@ -197,7 +199,7 @@ def my_wsgi_app(request):
         from ..exceptions import HTTPException
 
         @functools.wraps(f)
-        def application(*args):
+        def application(*args):  # type: ignore
             request = cls(args[-2])
             with request:
                 try:
@@ -206,15 +208,15 @@ def application(*args):
                     resp = e.get_response(args[-2])
                 return resp(*args[-2:])
 
-        return application
+        return t.cast("WSGIApplication", application)
 
     def _get_file_stream(
         self,
-        total_content_length: int,
+        total_content_length: t.Optional[int],
         content_type: t.Optional[str],
         filename: t.Optional[str] = None,
         content_length: t.Optional[int] = None,
-    ):
+    ) -> t.BinaryIO:
         """Called to get a stream for the file upload.
 
         This must provide a file-like class with `read()`, `readline()`
@@ -308,7 +310,7 @@ def _get_stream_for_parsing(self) -> t.BinaryIO:
         cached_data = getattr(self, "_cached_data", None)
         if cached_data is not None:
             return BytesIO(cached_data)
-        return self.stream
+        return self.stream  # type: ignore
 
     def close(self) -> None:
         """Closes associated resources of this request object.  This
@@ -324,7 +326,7 @@ def close(self) -> None:
     def __enter__(self) -> "Request":
         return self
 
-    def __exit__(self, exc_type, exc_value, tb) -> None:
+    def __exit__(self, exc_type, exc_value, tb) -> None:  # type: ignore
         self.close()
 
     @cached_property
@@ -370,9 +372,27 @@ def data(self) -> bytes:
         """
         return self.get_data(parse_form_data=True)
 
+    @typing.overload
+    def get_data(  # type: ignore
+        self,
+        cache: bool = True,
+        as_text: "te.Literal[False]" = False,
+        parse_form_data: bool = False,
+    ) -> bytes:
+        ...
+
+    @typing.overload
+    def get_data(
+        self,
+        cache: bool = True,
+        as_text: "te.Literal[True]" = ...,
+        parse_form_data: bool = False,
+    ) -> str:
+        ...
+
     def get_data(
         self, cache: bool = True, as_text: bool = False, parse_form_data: bool = False
-    ) -> bytes:
+    ) -> t.Union[bytes, str]:
         """This reads the buffered incoming data from the client into one
         bytes object.  By default this is cached but that behavior can be
         changed by setting `cache` to `False`.
@@ -406,7 +426,7 @@ def get_data(
                 self._cached_data = rv
         if as_text:
             rv = rv.decode(self.charset, self.encoding_errors)
-        return rv
+        return rv  # type: ignore
 
     @cached_property
     def form(self) -> "ImmutableMultiDict[str, str]":
@@ -425,7 +445,7 @@ def form(self) -> "ImmutableMultiDict[str, str]":
             and PUT requests.
         """
         self._load_form_data()
-        return self.form
+        return self.form  # type: ignore
 
     @cached_property
     def values(self) -> "CombinedMultiDict[str, str]":
@@ -477,7 +497,7 @@ def files(self) -> "ImmutableMultiDict[str, FileStorage]":
         more details about the used data structure.
         """
         self._load_form_data()
-        return self.files
+        return self.files  # type: ignore
 
     @property
     def script_root(self) -> str:
@@ -487,11 +507,11 @@ def script_root(self) -> str:
         return self.root_path
 
     @cached_property
-    def url_root(self):
+    def url_root(self) -> str:
         """Alias for :attr:`root_url`. The URL with scheme, host, and
         root path. For example, ``https://example.com/app/``.
         """
-        return self.root_url
+        return self.root_url  # type: ignore
 
     remote_user = environ_property[str](
         "REMOTE_USER",
@@ -603,7 +623,7 @@ class StreamOnlyMixin:
     .. versionadded:: 0.9
     """
 
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'StreamOnlyMixin' is deprecated and will be removed in"
             " Werkzeug 2.1. Create the request with 'shallow=True'"
@@ -612,7 +632,7 @@ def __init__(self, *args, **kwargs):
             stacklevel=2,
         )
         kwargs["shallow"] = True
-        super().__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)  # type: ignore
 
 
 class PlainRequest(StreamOnlyMixin, Request):
@@ -625,7 +645,7 @@ class PlainRequest(StreamOnlyMixin, Request):
     .. versionadded:: 0.9
     """
 
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'PlainRequest' is deprecated and will be removed in"
             " Werkzeug 2.1. Create the request with 'shallow=True'"
diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py
index 2e8aa6fc6..60d011c1b 100644
--- a/src/werkzeug/wrappers/response.py
+++ b/src/werkzeug/wrappers/response.py
@@ -293,7 +293,7 @@ def get_data(self, as_text: "te.Literal[False]" = False) -> bytes:
     def get_data(self, as_text: "te.Literal[True]") -> str:
         ...
 
-    def get_data(self, as_text=False):
+    def get_data(self, as_text: bool = False) -> t.Union[bytes, str]:
         """The string representation of the response body.  Whenever you call
         this property the response iterable is encoded and flattened.  This
         can lead to unwanted behavior if you stream big data.
@@ -308,8 +308,10 @@ def get_data(self, as_text=False):
         """
         self._ensure_sequence()
         rv = b"".join(self.iter_encoded())
+
         if as_text:
-            rv = rv.decode(self.charset)
+            return rv.decode(self.charset)
+
         return rv
 
     def set_data(self, value: t.Union[bytes, str]) -> None:
@@ -439,7 +441,7 @@ def close(self) -> None:
     def __enter__(self) -> "Response":
         return self
 
-    def __exit__(self, exc_type, exc_value, tb):
+    def __exit__(self, exc_type, exc_value, tb):  # type: ignore
         self.close()
 
     def freeze(self, no_etag: None = None) -> None:
@@ -530,7 +532,7 @@ def get_wsgi_headers(self, environ: "WSGIEnvironment") -> Headers:
                     current_url = iri_to_uri(current_url)
                 location = url_join(current_url, location)
             if location != old_location:
-                headers["Location"] = location  # type: ignore
+                headers["Location"] = location
 
         # make sure the content location is a URL
         if content_location is not None and isinstance(content_location, str):
@@ -750,7 +752,7 @@ def make_conditional(
         request_or_environ: "WSGIEnvironment",
         accept_ranges: t.Union[bool, str] = False,
         complete_length: t.Optional[int] = None,
-    ):
+    ) -> "Response":
         """Make the response conditional to the request.  This method works
         best if an etag was defined for the response already.  The `add_etag`
         method can be used to do that.  If called without etag just the date
@@ -877,7 +879,7 @@ def encoding(self) -> str:
 
 
 class ResponseStreamMixin:
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'ResponseStreamMixin' is deprecated and will be removed in"
             " Werkzeug 2.1. 'Response' now includes the functionality"
@@ -885,4 +887,4 @@ def __init__(self, *args, **kwargs):
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wrappers/user_agent.py b/src/werkzeug/wrappers/user_agent.py
index 292d2af6b..184ffd023 100644
--- a/src/werkzeug/wrappers/user_agent.py
+++ b/src/werkzeug/wrappers/user_agent.py
@@ -1,8 +1,9 @@
+import typing as t
 import warnings
 
 
 class UserAgentMixin:
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
         warnings.warn(
             "'UserAgentMixin' is deprecated and will be removed in"
             " Werkzeug 2.1. 'Request' now includes the functionality"
@@ -10,4 +11,4 @@ def __init__(self, *args, **kwargs):
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py
index c06b2b0c7..587cf3f42 100644
--- a/src/werkzeug/wsgi.py
+++ b/src/werkzeug/wsgi.py
@@ -157,7 +157,7 @@ def get_input_stream(
         content length is not set. Disabling this allows infinite streams,
         which can be a denial-of-service risk.
     """
-    stream = environ["wsgi.input"]
+    stream = t.cast(t.BinaryIO, environ["wsgi.input"])
     content_length = get_content_length(environ)
 
     # A wsgi extension that tells us if the input is terminated.  In
@@ -206,7 +206,7 @@ def get_path_info(
     .. versionadded:: 0.9
     """
     path = environ.get("PATH_INFO", "").encode("latin1")
-    return _to_str(path, charset, errors, allow_none_charset=True)
+    return _to_str(path, charset, errors, allow_none_charset=True)  # type: ignore
 
 
 def get_script_name(
@@ -223,7 +223,7 @@ def get_script_name(
     .. versionadded:: 0.9
     """
     path = environ.get("SCRIPT_NAME", "").encode("latin1")
-    return _to_str(path, charset, errors, allow_none_charset=True)
+    return _to_str(path, charset, errors, allow_none_charset=True)  # type: ignore
 
 
 def pop_path_info(
@@ -281,7 +281,7 @@ def pop_path_info(
         environ["SCRIPT_NAME"] = script_name + segment
         rv = segment.encode("latin1")
 
-    return _to_str(rv, charset, errors, allow_none_charset=True)
+    return _to_str(rv, charset, errors, allow_none_charset=True)  # type: ignore
 
 
 def peek_path_info(
@@ -309,7 +309,7 @@ def peek_path_info(
     """
     segments = environ.get("PATH_INFO", "").lstrip("/").split("/", 1)
     if segments:
-        return _to_str(
+        return _to_str(  # type: ignore
             segments[0].encode("latin1"), charset, errors, allow_none_charset=True
         )
     return None
@@ -361,8 +361,10 @@ def extract_path_info(
     .. versionadded:: 0.6
     """
 
-    def _normalize_netloc(scheme, netloc):
+    def _normalize_netloc(scheme: str, netloc: str) -> str:
         parts = netloc.split("@", 1)[-1].split(":", 1)
+        port: t.Optional[str]
+
         if len(parts) == 2:
             netloc, port = parts
             if (scheme == "http" and port == "80") or (
@@ -372,8 +374,10 @@ def _normalize_netloc(scheme, netloc):
         else:
             netloc = parts[0]
             port = None
+
         if port is not None:
             netloc += f":{port}"
+
         return netloc
 
     # make sure whatever we are working on is a IRI and parse it
@@ -480,7 +484,9 @@ def wrap_file(
     :param file: a :class:`file`-like object with a :meth:`~file.read` method.
     :param buffer_size: number of bytes for one iteration.
     """
-    return environ.get("wsgi.file_wrapper", FileWrapper)(file, buffer_size)
+    return environ.get("wsgi.file_wrapper", FileWrapper)(  # type: ignore
+        file, buffer_size
+    )
 
 
 class FileWrapper:
@@ -516,7 +522,7 @@ def seekable(self) -> bool:
             return True
         return False
 
-    def seek(self, *args) -> None:
+    def seek(self, *args: t.Any) -> None:
         if hasattr(self.file, "seek"):
             self.file.seek(*args)
 

From 264446fade9289567fbfe18947cc714d8c7afcf0 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 11 May 2021 07:00:37 -0700
Subject: [PATCH 440/733] update pre-commit monthly

---
 .pre-commit-config.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 927ccc465..3f106cfcf 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,3 +1,5 @@
+ci:
+  autoupdate_schedule: monthly
 repos:
   - repo: https://github.com/asottile/pyupgrade
     rev: v2.15.0

From d6a0f170f7b28cff608c0232644ab2ec78e4b299 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 11 May 2021 13:18:23 -0700
Subject: [PATCH 441/733] update requirements

---
 requirements/dev.txt    | 33 +++++++++++++++++----------------
 requirements/docs.in    |  2 +-
 requirements/docs.txt   | 14 ++++++++------
 requirements/tests.txt  |  8 ++++----
 requirements/typing.in  |  1 -
 requirements/typing.txt | 18 +-----------------
 6 files changed, 31 insertions(+), 45 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index a78667ded..74c982597 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -8,9 +8,9 @@ alabaster==0.7.12
     # via sphinx
 appdirs==1.4.4
     # via virtualenv
-attrs==20.3.0
+attrs==21.2.0
     # via pytest
-babel==2.9.0
+babel==2.9.1
     # via sphinx
 certifi==2020.12.5
     # via requests
@@ -26,15 +26,15 @@ cryptography==3.4.7
     # via -r requirements/tests.in
 distlib==0.3.1
     # via virtualenv
-docutils==0.16
+docutils==0.17.1
     # via sphinx
 filelock==3.0.12
     # via
     #   tox
     #   virtualenv
-greenlet==1.0.0
+greenlet==1.1.0
     # via -r requirements/tests.in
-identify==2.2.3
+identify==2.2.4
     # via pre-commit
 idna==2.10
     # via requests
@@ -45,7 +45,9 @@ iniconfig==1.1.1
 jinja2==2.11.3
     # via sphinx
 markupsafe==1.1.1
-    # via jinja2
+    # via
+    #   jinja2
+    #   sphinx
 mypy-extensions==0.4.3
     # via mypy
 mypy==0.812
@@ -58,7 +60,7 @@ packaging==20.9
     #   pytest
     #   sphinx
     #   tox
-pallets-sphinx-themes==2.0.0rc1
+pallets-sphinx-themes==2.0.0
     # via -r requirements/docs.in
 pep517==0.10.0
     # via pip-tools
@@ -78,7 +80,7 @@ py==1.10.0
     #   tox
 pycparser==2.20
     # via cffi
-pygments==2.8.1
+pygments==2.9.0
     # via sphinx
 pyparsing==2.4.7
     # via packaging
@@ -86,10 +88,9 @@ pytest-timeout==1.4.2
     # via -r requirements/tests.in
 pytest-xprocess==0.17.1
     # via -r requirements/tests.in
-pytest==6.2.3
+pytest==6.2.4
     # via
     #   -r requirements/tests.in
-    #   -r requirements/typing.in
     #   pytest-timeout
     #   pytest-xprocess
 pytz==2021.1
@@ -98,7 +99,7 @@ pyyaml==5.4.1
     # via pre-commit
 requests==2.25.1
     # via sphinx
-six==1.15.0
+six==1.16.0
     # via
     #   tox
     #   virtualenv
@@ -106,7 +107,7 @@ snowballstemmer==2.1.0
     # via sphinx
 sphinx-issues==1.2.0
     # via -r requirements/docs.in
-sphinx==3.5.4
+sphinx==4.0.1
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
@@ -132,19 +133,19 @@ toml==0.10.2
     #   pre-commit
     #   pytest
     #   tox
-tox==3.23.0
+tox==3.23.1
     # via -r requirements/dev.in
 typed-ast==1.4.3
     # via mypy
-typing-extensions==3.7.4.3
+typing-extensions==3.10.0.0
     # via mypy
 urllib3==1.26.4
     # via requests
-virtualenv==20.4.3
+virtualenv==20.4.6
     # via
     #   pre-commit
     #   tox
-watchdog==2.0.3
+watchdog==2.1.1
     # via -r requirements/tests.in
 
 # The following packages are considered to be unsafe in a requirements file:
diff --git a/requirements/docs.in b/requirements/docs.in
index 1862ddd59..7ec501b6d 100644
--- a/requirements/docs.in
+++ b/requirements/docs.in
@@ -1,4 +1,4 @@
-Pallets-Sphinx-Themes >= 2.0.0rc1
+Pallets-Sphinx-Themes
 Sphinx
 sphinx-issues
 sphinxcontrib-log-cabinet
diff --git a/requirements/docs.txt b/requirements/docs.txt
index 9b58c504b..cd36ee5ec 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -6,13 +6,13 @@
 #
 alabaster==0.7.12
     # via sphinx
-babel==2.9.0
+babel==2.9.1
     # via sphinx
 certifi==2020.12.5
     # via requests
 chardet==4.0.0
     # via requests
-docutils==0.16
+docutils==0.17.1
     # via sphinx
 idna==2.10
     # via requests
@@ -21,14 +21,16 @@ imagesize==1.2.0
 jinja2==2.11.3
     # via sphinx
 markupsafe==1.1.1
-    # via jinja2
+    # via
+    #   jinja2
+    #   sphinx
 packaging==20.9
     # via
     #   pallets-sphinx-themes
     #   sphinx
-pallets-sphinx-themes==2.0.0rc1
+pallets-sphinx-themes==2.0.0
     # via -r requirements/docs.in
-pygments==2.8.1
+pygments==2.9.0
     # via sphinx
 pyparsing==2.4.7
     # via packaging
@@ -40,7 +42,7 @@ snowballstemmer==2.1.0
     # via sphinx
 sphinx-issues==1.2.0
     # via -r requirements/docs.in
-sphinx==3.5.4
+sphinx==4.0.1
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 66b6cb354..8aaaceed0 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -4,13 +4,13 @@
 #
 #    pip-compile requirements/tests.in
 #
-attrs==20.3.0
+attrs==21.2.0
     # via pytest
 cffi==1.14.5
     # via cryptography
 cryptography==3.4.7
     # via -r requirements/tests.in
-greenlet==1.0.0
+greenlet==1.1.0
     # via -r requirements/tests.in
 iniconfig==1.1.1
     # via pytest
@@ -30,12 +30,12 @@ pytest-timeout==1.4.2
     # via -r requirements/tests.in
 pytest-xprocess==0.17.1
     # via -r requirements/tests.in
-pytest==6.2.3
+pytest==6.2.4
     # via
     #   -r requirements/tests.in
     #   pytest-timeout
     #   pytest-xprocess
 toml==0.10.2
     # via pytest
-watchdog==2.0.3
+watchdog==2.1.1
     # via -r requirements/tests.in
diff --git a/requirements/typing.in b/requirements/typing.in
index d76706eae..f0aa93ac8 100644
--- a/requirements/typing.in
+++ b/requirements/typing.in
@@ -1,2 +1 @@
 mypy
-pytest
diff --git a/requirements/typing.txt b/requirements/typing.txt
index ba1a9f23a..0e342aaad 100644
--- a/requirements/typing.txt
+++ b/requirements/typing.txt
@@ -4,27 +4,11 @@
 #
 #    pip-compile requirements/typing.in
 #
-attrs==20.3.0
-    # via pytest
-iniconfig==1.1.1
-    # via pytest
 mypy-extensions==0.4.3
     # via mypy
 mypy==0.812
     # via -r requirements/typing.in
-packaging==20.9
-    # via pytest
-pluggy==0.13.1
-    # via pytest
-py==1.10.0
-    # via pytest
-pyparsing==2.4.7
-    # via packaging
-pytest==6.2.3
-    # via -r requirements/typing.in
-toml==0.10.2
-    # via pytest
 typed-ast==1.4.3
     # via mypy
-typing-extensions==3.7.4.3
+typing-extensions==3.10.0.0
     # via mypy

From c987e02763407178c990b1a4f7c71bc1a4205f6d Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 11 May 2021 13:19:49 -0700
Subject: [PATCH 442/733] release version 2.0.0

---
 CHANGES.rst              | 11 +----------
 src/werkzeug/__init__.py |  2 +-
 2 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 91f03404d..04ca341d9 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -3,7 +3,7 @@
 Version 2.0.0
 -------------
 
-Unreleased
+Released 2021-05-11
 
 -   Drop support for Python 2 and 3.5. :pr:`1693`
 -   Deprecate :func:`utils.format_string`, use :class:`string.Template`
@@ -190,15 +190,6 @@ Unreleased
 -   ``HTTPException.wrap`` is deprecated. Create a subclass manually
     instead. :pr:`2085`
 
-Version 1.0.2
--------------
-
-Unreleased
-
--   Add new "edg" identifier for Edge in ``UserAgentParser``.
-    :issue:`1797`
--   Upgrade the debugger to jQuery 3.5.1. :issue:`1802`
-
 
 Version 1.0.1
 -------------
diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index f52577f15..34f654a29 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -3,4 +3,4 @@
 from .wrappers import Request
 from .wrappers import Response
 
-__version__ = "2.0.0rc5"
+__version__ = "2.0.0"

From d554d289714c4c87ed1ebd5cb8b40db6b0d8f542 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 11 May 2021 13:27:22 -0700
Subject: [PATCH 443/733] start version 2.0.1.dev0

---
 CHANGES.rst              | 6 ++++++
 src/werkzeug/__init__.py | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 04ca341d9..9c0bea485 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,5 +1,11 @@
 .. currentmodule:: werkzeug
 
+Version 2.0.1
+-------------
+
+Unreleased
+
+
 Version 2.0.0
 -------------
 
diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index 34f654a29..2c5405b5a 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -3,4 +3,4 @@
 from .wrappers import Request
 from .wrappers import Response
 
-__version__ = "2.0.0"
+__version__ = "2.0.1.dev0"

From c0be480cf26c6da846c2d1f80f769cd5cfe94b1a Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 11 May 2021 13:28:55 -0700
Subject: [PATCH 444/733] start version 2.1.0.dev0

---
 CHANGES.rst              | 6 ++++++
 src/werkzeug/__init__.py | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 9c0bea485..23c1cf591 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,5 +1,11 @@
 .. currentmodule:: werkzeug
 
+Version 2.1.0
+-------------
+
+Unreleased
+
+
 Version 2.0.1
 -------------
 
diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index 2c5405b5a..cf014bd1d 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -3,4 +3,4 @@
 from .wrappers import Request
 from .wrappers import Response
 
-__version__ = "2.0.1.dev0"
+__version__ = "2.1.0.dev0"

From 682f75370e30eab69582223d8ef473b6f24c52ca Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 11 May 2021 16:12:56 -0700
Subject: [PATCH 445/733] rename default branch in files

---
 .github/workflows/tests.yaml                | 4 ++--
 CONTRIBUTING.rst                            | 4 ++--
 docs/tutorial.rst                           | 2 +-
 examples/cupoftee/application.py            | 8 ++++----
 examples/cupoftee/network.py                | 4 ++--
 examples/cupoftee/pages.py                  | 6 +++---
 examples/cupoftee/templates/serverlist.html | 6 +++---
 7 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index d52088f92..b00a86634 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -2,7 +2,7 @@ name: Tests
 on:
   push:
     branches:
-      - master
+      - main
       - '*.x'
     paths-ignore:
       - 'docs/**'
@@ -10,7 +10,7 @@ on:
       - '*.rst'
   pull_request:
     branches:
-      - master
+      - main
       - '*.x'
     paths-ignore:
       - 'docs/**'
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index 4ebf92885..34bab0fe3 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -141,12 +141,12 @@ Start coding
         $ git checkout -b your-branch-name origin/1.0.x
 
     If you're submitting a feature addition or change, branch off of the
-    "master" branch.
+    "main" branch.
 
     .. code-block:: text
 
         $ git fetch origin
-        $ git checkout -b your-branch-name origin/master
+        $ git checkout -b your-branch-name origin/main
 
 -   Using your favorite editor, make your changes,
     `committing as you go`_.
diff --git a/docs/tutorial.rst b/docs/tutorial.rst
index 32c1143b7..bd7468171 100644
--- a/docs/tutorial.rst
+++ b/docs/tutorial.rst
@@ -477,4 +477,4 @@ Look at the implementation in the example dictionary in the Werkzeug
 repository to see a version of this tutorial with some small refinements
 such as a custom 404 page.
 
--   `shortly in the example folder `_
+-   `shortly in the example folder `_
diff --git a/examples/cupoftee/application.py b/examples/cupoftee/application.py
index 7b65f5f05..7104cfd40 100644
--- a/examples/cupoftee/application.py
+++ b/examples/cupoftee/application.py
@@ -82,14 +82,14 @@ def __init__(self, database, interval=120):
         self.jinja_env = Environment(loader=PackageLoader("cupoftee"), autoescape=True)
         self.interval = interval
         self.db = Database(database)
-        self.master = ServerBrowser(self)
-        self.updater = Thread(None, self.update_master)
+        self.server_browser = ServerBrowser(self)
+        self.updater = Thread(None, self.update_server_browser)
         self.updater.daemon = True
         self.updater.start()
 
-    def update_master(self):
+    def update_server_browser(self):
         while 1:
-            if self.master.sync():
+            if self.server_browser.sync():
                 wait = self.interval
             else:
                 wait = self.interval // 2
diff --git a/examples/cupoftee/network.py b/examples/cupoftee/network.py
index 906f8ff4f..5cbb9c205 100644
--- a/examples/cupoftee/network.py
+++ b/examples/cupoftee/network.py
@@ -33,7 +33,7 @@ def _sync(self):
             addr = (f"master{x}.teeworlds.com", 8300)
             print(addr)
             try:
-                self._sync_master(addr, to_delete)
+                self._sync_server_browser(addr, to_delete)
             except (OSError, socket.timeout):
                 continue
         for server_id in to_delete:
@@ -42,7 +42,7 @@ def _sync(self):
             raise OSError("no servers found")
         self.cup.db.sync()
 
-    def _sync_master(self, addr, to_delete):
+    def _sync_server_browser(self, addr, to_delete):
         s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
         s.settimeout(5)
         s.sendto(b"\x20\x00\x00\x00\x00\x48\xff\xff\xff\xffreqt", addr)
diff --git a/examples/cupoftee/pages.py b/examples/cupoftee/pages.py
index e22e60fac..abe43c8e6 100644
--- a/examples/cupoftee/pages.py
+++ b/examples/cupoftee/pages.py
@@ -33,7 +33,7 @@ def process(self):
         if sort_func is None:
             return redirect(self.url_for("serverlist"))
 
-        self.servers = self.cup.master.servers.values()
+        self.servers = self.cup.server_browser.servers.values()
         self.servers.sort(key=sort_func)
         if self.request.args.get("dir") == "desc":
             self.servers.reverse()
@@ -50,7 +50,7 @@ class Server(Page):
 
     def process(self, id):
         try:
-            self.server = self.cup.master.servers[id]
+            self.server = self.cup.server_browser.servers[id]
         except KeyError:
             raise NotFound()
 
@@ -62,7 +62,7 @@ def process(self):
         self.user = self.request.args.get("user")
         if self.user:
             self.results = []
-            for server in self.cup.master.servers.values():
+            for server in self.cup.server_browser.servers.values():
                 for player in server.players:
                     if player.name == self.user:
                         self.results.append(server)
diff --git a/examples/cupoftee/templates/serverlist.html b/examples/cupoftee/templates/serverlist.html
index 308564af1..c77d441f4 100644
--- a/examples/cupoftee/templates/serverlist.html
+++ b/examples/cupoftee/templates/serverlist.html
@@ -4,11 +4,11 @@ 
    Server List
    
 
    
   Currently {{ len(players) }} players are playing on
   {{ len(servers) }} servers.
-  {% if cup.master.last_sync %}
+  {% if cup.server_browser.last_sync %}
     This list was last synced on
-    {{ cup.master.last_sync.strftime('%d %B %Y at %H:%M UTC') }}.
+    {{ cup.server_browser.last_sync.strftime('%d %B %Y at %H:%M UTC') }}.
   {% else %}
-    Synchronization with master server in progress.  Reload the page in a minute
+    Synchronization with main server in progress.  Reload the page in a minute
     or two, to see the server list.
   {% endif %}
 
    

From 07ed4afba340ca9066a7d024948ebbece2ed1614 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 13 May 2021 06:47:52 -0700
Subject: [PATCH 446/733] fix max_age typing

---
 CHANGES.rst           |  3 +++
 src/werkzeug/utils.py | 21 ++++++++++-----------
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 9c0bea485..cac63883d 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -5,6 +5,9 @@ Version 2.0.1
 
 Unreleased
 
+-   Fix type annotation for ``send_file`` ``max_age`` callable. Don't
+    pass ``pathlib.Path`` to ``max_age``. :issue:`2119`
+
 
 Version 2.0.0
 -------------
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index 80e2502ce..fff1a8780 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -2,7 +2,6 @@
 import io
 import mimetypes
 import os
-import pathlib
 import pkgutil
 import re
 import sys
@@ -596,7 +595,7 @@ def send_file(
     etag: t.Union[bool, str] = True,
     last_modified: t.Optional[t.Union[datetime, int, float]] = None,
     max_age: t.Optional[
-        t.Union[int, t.Callable[[t.Optional[t.Union[os.PathLike, str]]], int]]
+        t.Union[int, t.Callable[[t.Optional[str]], t.Optional[int]]]
     ] = None,
     use_x_sendfile: bool = False,
     response_class: t.Optional[t.Type["Response"]] = None,
@@ -675,7 +674,7 @@ def send_file(
 
         response_class = Response
 
-    path: t.Optional[pathlib.Path] = None
+    path: t.Optional[str] = None
     file: t.Optional[t.BinaryIO] = None
     size: t.Optional[int] = None
     mtime: t.Optional[float] = None
@@ -689,18 +688,18 @@ def send_file(
         # Flask will pass app.root_path, allowing its send_file wrapper
         # to not have to deal with paths.
         if _root_path is not None:
-            path = pathlib.Path(_root_path, path_or_file)
+            path = os.path.join(_root_path, path_or_file)
         else:
-            path = pathlib.Path(path_or_file).absolute()
+            path = os.path.abspath(path_or_file)
 
-        stat = path.stat()
+        stat = os.stat(path)
         size = stat.st_size
         mtime = stat.st_mtime
     else:
         file = path_or_file
 
     if download_name is None and path is not None:
-        download_name = path.name
+        download_name = os.path.basename(path)
 
     if mimetype is None:
         if download_name is None:
@@ -737,12 +736,12 @@ def send_file(
             " 'download_name' or pass a path instead of a file."
         )
 
-    if use_x_sendfile and path:
-        headers["X-Sendfile"] = str(path)
+    if use_x_sendfile and path is not None:
+        headers["X-Sendfile"] = path
         data = None
     else:
         if file is None:
-            file = path.open("rb")  # type: ignore
+            file = open(path, "rb")  # type: ignore
         elif isinstance(file, io.BytesIO):
             size = file.getbuffer().nbytes
         elif isinstance(file, io.TextIOBase):
@@ -780,7 +779,7 @@ def send_file(
     if isinstance(etag, str):
         rv.set_etag(etag)
     elif etag and path is not None:
-        check = adler32(str(path).encode("utf-8")) & 0xFFFFFFFF
+        check = adler32(path.encode("utf-8")) & 0xFFFFFFFF
         rv.set_etag(f"{mtime}-{size}-{check}")
 
     if conditional:

From 6ea5c55da4c7ba624ec418e536c0d8dcb4d371df Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 13 May 2021 16:50:46 -0700
Subject: [PATCH 447/733] mark top-level names as exported

---
 CHANGES.rst                       | 2 ++
 setup.cfg                         | 3 ---
 src/werkzeug/__init__.py          | 8 ++++----
 src/werkzeug/wrappers/__init__.py | 4 ++--
 4 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index cac63883d..a2b9d002d 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -7,6 +7,8 @@ Unreleased
 
 -   Fix type annotation for ``send_file`` ``max_age`` callable. Don't
     pass ``pathlib.Path`` to ``max_age``. :issue:`2119`
+-   Mark top-level names as exported so type checking understands
+    imports in user projects. :issue:`2122`
 
 
 Version 2.0.0
diff --git a/setup.cfg b/setup.cfg
index d95ffca88..47c5426cd 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -102,9 +102,6 @@ warn_unused_ignores = True
 warn_return_any = True
 # warn_unreachable = True
 
-[mypy-werkzeug]
-no_implicit_reexport = False
-
 [mypy-werkzeug.wrappers]
 no_implicit_reexport = False
 
diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index 2c5405b5a..4fbb6d081 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -1,6 +1,6 @@
-from .serving import run_simple
-from .test import Client
-from .wrappers import Request
-from .wrappers import Response
+from .serving import run_simple as run_simple
+from .test import Client as Client
+from .wrappers import Request as Request
+from .wrappers import Response as Response
 
 __version__ = "2.0.1.dev0"
diff --git a/src/werkzeug/wrappers/__init__.py b/src/werkzeug/wrappers/__init__.py
index 63210c720..eb69a9949 100644
--- a/src/werkzeug/wrappers/__init__.py
+++ b/src/werkzeug/wrappers/__init__.py
@@ -8,9 +8,9 @@
 from .etag import ETagRequestMixin
 from .etag import ETagResponseMixin
 from .request import PlainRequest
-from .request import Request
+from .request import Request as Request
 from .request import StreamOnlyMixin
-from .response import Response
+from .response import Response as Response
 from .response import ResponseStream
 from .response import ResponseStreamMixin
 from .user_agent import UserAgentMixin

From 7c79d763e3ede9e27277c2ce5267c4f09102644c Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 13 May 2021 17:00:45 -0700
Subject: [PATCH 448/733] fix typing that wasn't available in Python 3.6.0

---
 CHANGES.rst                | 1 +
 src/werkzeug/exceptions.py | 5 +++--
 src/werkzeug/formparser.py | 5 +++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index a2b9d002d..355f5b4dd 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -9,6 +9,7 @@ Unreleased
     pass ``pathlib.Path`` to ``max_age``. :issue:`2119`
 -   Mark top-level names as exported so type checking understands
     imports in user projects. :issue:`2122`
+-   Fix some types that weren't available in Python 3.6.0. :issue:`2123`
 
 
 Version 2.0.0
diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py
index 3366f9da7..7c43d85ef 100644
--- a/src/werkzeug/exceptions.py
+++ b/src/werkzeug/exceptions.py
@@ -52,6 +52,7 @@ def application(request):
 from ._internal import _get_environ
 
 if t.TYPE_CHECKING:
+    import typing_extensions as te
     from wsgiref.types import StartResponse
     from wsgiref.types import WSGIEnvironment
     from .datastructures import WWWAuthenticate
@@ -903,7 +904,7 @@ def __init__(
 
     def __call__(
         self, code: t.Union[int, "Response"], *args: t.Any, **kwargs: t.Any
-    ) -> t.NoReturn:
+    ) -> "te.NoReturn":
         from .sansio.response import Response
 
         if isinstance(code, Response):
@@ -917,7 +918,7 @@ def __call__(
 
 def abort(
     status: t.Union[int, "Response"], *args: t.Any, **kwargs: t.Any
-) -> t.NoReturn:
+) -> "te.NoReturn":
     """Raises an :py:exc:`HTTPException` for the given status code or WSGI
     application.
 
diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py
index 54b699f78..c24608d05 100644
--- a/src/werkzeug/formparser.py
+++ b/src/werkzeug/formparser.py
@@ -32,11 +32,12 @@
     SpooledTemporaryFile = None  # type: ignore
 
 if t.TYPE_CHECKING:
+    import typing as te
     from wsgiref.types import WSGIEnvironment
 
     t_parse_result = t.Tuple[t.BinaryIO, MultiDict, MultiDict]
 
-    class TStreamFactory(t.Protocol):
+    class TStreamFactory(te.Protocol):
         def __call__(
             self,
             total_content_length: t.Optional[int],
@@ -402,7 +403,7 @@ def __init__(
 
         self.buffer_size = buffer_size
 
-    def fail(self, message: str) -> "t.NoReturn":
+    def fail(self, message: str) -> "te.NoReturn":
         raise ValueError(message)
 
     def get_part_charset(self, headers: Headers) -> str:

From d7bb8464225f9e3ccf4875c3bdaeb527acc09739 Mon Sep 17 00:00:00 2001
From: Sebastian Rittau 
Date: Wed, 12 May 2021 09:55:12 +0200
Subject: [PATCH 449/733] Make @cached_property generic over the return type

---
 CHANGES.rst                      |  2 ++
 src/werkzeug/debug/__init__.py   |  2 +-
 src/werkzeug/debug/tbtools.py    |  2 +-
 src/werkzeug/utils.py            | 14 ++++++++------
 src/werkzeug/wrappers/request.py |  8 ++++----
 5 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 355f5b4dd..5340da9fa 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -10,6 +10,8 @@ Unreleased
 -   Mark top-level names as exported so type checking understands
     imports in user projects. :issue:`2122`
 -   Fix some types that weren't available in Python 3.6.0. :issue:`2123`
+-   ``cached_property`` is generic over its return type, properties
+    decorated with it report the correct type. :issue:`2113`
 
 
 Version 2.0.0
diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py
index 959f53013..03ccae3d9 100644
--- a/src/werkzeug/debug/__init__.py
+++ b/src/werkzeug/debug/__init__.py
@@ -477,7 +477,7 @@ def __call__(
             cmd = request.args.get("cmd")
             arg = request.args.get("f")
             secret = request.args.get("s")
-            frame = self.frames.get(request.args.get("frm", type=int))
+            frame = self.frames.get(request.args.get("frm", type=int))  # type: ignore
             if cmd == "resource" and arg:
                 response = self.get_resource(request, arg)  # type: ignore
             elif cmd == "pinauth" and secret == self.secret:
diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py
index 27c70ca42..75b4cd2c5 100644
--- a/src/werkzeug/debug/tbtools.py
+++ b/src/werkzeug/debug/tbtools.py
@@ -582,7 +582,7 @@ def get_context_lines(
     @property
     def current_line(self) -> str:
         try:
-            return self.sourcelines[self.lineno - 1]  # type: ignore
+            return self.sourcelines[self.lineno - 1]
         except IndexError:
             return ""
 
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index fff1a8780..5255294cc 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -29,6 +29,8 @@
     from .wrappers.request import Request
     from .wrappers.response import Response
 
+_T = t.TypeVar("_T")
+
 _entity_re = re.compile(r"&([^;]+);")
 _filename_ascii_strip_re = re.compile(r"[^A-Za-z0-9_.-]")
 _windows_device_files = (
@@ -46,7 +48,7 @@
 )
 
 
-class cached_property(property):
+class cached_property(property, t.Generic[_T]):
     """A :func:`property` that is only evaluated once. Subsequent access
     returns the cached value. Setting the property sets the cached
     value. Deleting the property clears the cached value, accessing it
@@ -74,7 +76,7 @@ def value(self):
 
     def __init__(
         self,
-        fget: t.Callable[[t.Any], t.Any],
+        fget: t.Callable[[t.Any], _T],
         name: t.Optional[str] = None,
         doc: t.Optional[str] = None,
     ) -> None:
@@ -82,14 +84,14 @@ def __init__(
         self.__name__ = name or fget.__name__
         self.__module__ = fget.__module__
 
-    def __set__(self, obj: object, value: t.Any) -> None:
+    def __set__(self, obj: object, value: _T) -> None:
         obj.__dict__[self.__name__] = value
 
-    def __get__(self, obj: object, type: type = None) -> t.Any:  # type: ignore
+    def __get__(self, obj: object, type: type = None) -> _T:  # type: ignore
         if obj is None:
-            return self
+            return self  # type: ignore
 
-        value = obj.__dict__.get(self.__name__, _missing)
+        value: _T = obj.__dict__.get(self.__name__, _missing)
 
         if value is _missing:
             value = self.fget(obj)  # type: ignore
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index ecbd02017..7862e58dc 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -310,7 +310,7 @@ def _get_stream_for_parsing(self) -> t.BinaryIO:
         cached_data = getattr(self, "_cached_data", None)
         if cached_data is not None:
             return BytesIO(cached_data)
-        return self.stream  # type: ignore
+        return self.stream
 
     def close(self) -> None:
         """Closes associated resources of this request object.  This
@@ -445,7 +445,7 @@ def form(self) -> "ImmutableMultiDict[str, str]":
             and PUT requests.
         """
         self._load_form_data()
-        return self.form  # type: ignore
+        return self.form
 
     @cached_property
     def values(self) -> "CombinedMultiDict[str, str]":
@@ -497,7 +497,7 @@ def files(self) -> "ImmutableMultiDict[str, FileStorage]":
         more details about the used data structure.
         """
         self._load_form_data()
-        return self.files  # type: ignore
+        return self.files
 
     @property
     def script_root(self) -> str:
@@ -511,7 +511,7 @@ def url_root(self) -> str:
         """Alias for :attr:`root_url`. The URL with scheme, host, and
         root path. For example, ``https://example.com/app/``.
         """
-        return self.root_url  # type: ignore
+        return self.root_url
 
     remote_user = environ_property[str](
         "REMOTE_USER",

From a7ee5b10bb7a05d1859e735d7d5e96be7279285d Mon Sep 17 00:00:00 2001
From: Sebastian Rittau 
Date: Thu, 13 May 2021 15:27:52 +0200
Subject: [PATCH 450/733] Fix potential None access

---
 src/werkzeug/routing.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index cc5f0ad04..59463a7f7 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -338,7 +338,11 @@ def __str__(self) -> str:
         message.append(".")
         if self.suggested:
             if self.endpoint == self.suggested.endpoint:
-                if self.method and self.method not in self.suggested.methods:
+                if (
+                    self.method
+                    and self.suggested.methods is not None
+                    and self.method not in self.suggested.methods
+                ):
                     message.append(
                         " Did you mean to use methods"
                         f" {sorted(self.suggested.methods)!r}?"

From 3f8a95fb275dcad27d541f00026b229636e1a485 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Fri, 14 May 2021 19:52:33 +0100
Subject: [PATCH 451/733] Fix multipart parsing bug

Escape special regex characters from the boundary before placing into
the regexs used to locate the boundaries in the multipart data.
---
 CHANGES.rst                      | 2 ++
 src/werkzeug/sansio/multipart.py | 4 ++--
 tests/sansio/test_multipart.py   | 8 ++++----
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 5340da9fa..85ccae878 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -12,6 +12,8 @@ Unreleased
 -   Fix some types that weren't available in Python 3.6.0. :issue:`2123`
 -   ``cached_property`` is generic over its return type, properties
     decorated with it report the correct type. :issue:`2113`
+-   Fix multipart parsing bug when boundary contains special regex
+    characters. :issue:`2125`
 
 
 Version 2.0.0
diff --git a/src/werkzeug/sansio/multipart.py b/src/werkzeug/sansio/multipart.py
index d96cc1598..bb8ab3455 100644
--- a/src/werkzeug/sansio/multipart.py
+++ b/src/werkzeug/sansio/multipart.py
@@ -101,7 +101,7 @@ def __init__(
         # group to understand if it is an epilogue boundary.
         self.preamble_re = re.compile(
             br"%s?--%s(--[^\S\n\r]*%s?|[^\S\n\r]*%s)"
-            % (LINE_BREAK, boundary, LINE_BREAK, LINE_BREAK),
+            % (LINE_BREAK, re.escape(boundary), LINE_BREAK, LINE_BREAK),
             re.MULTILINE,
         )
         # A boundary must include a line break prefix and suffix, and
@@ -110,7 +110,7 @@ def __init__(
         # understand if it is an epilogue boundary.
         self.boundary_re = re.compile(
             br"%s--%s(--[^\S\n\r]*%s?|[^\S\n\r]*%s)"
-            % (LINE_BREAK, boundary, LINE_BREAK, LINE_BREAK),
+            % (LINE_BREAK, re.escape(boundary), LINE_BREAK, LINE_BREAK),
             re.MULTILINE,
         )
 
diff --git a/tests/sansio/test_multipart.py b/tests/sansio/test_multipart.py
index 22ba7555b..f9c48b47e 100644
--- a/tests/sansio/test_multipart.py
+++ b/tests/sansio/test_multipart.py
@@ -10,18 +10,18 @@
 
 
 def test_decoder_simple() -> None:
-    boundary = b"---------------------------9704338192090380615194531385"
+    boundary = b"---------------------------9704338192090380615194531385$"
     decoder = MultipartDecoder(boundary)
     data = """
------------------------------9704338192090380615194531385
+-----------------------------9704338192090380615194531385$
 Content-Disposition: form-data; name="fname"
 
 ß∑œß∂ƒå∂
------------------------------9704338192090380615194531385
+-----------------------------9704338192090380615194531385$
 Content-Disposition: form-data; name="lname"; filename="bob"
 
 asdasd
------------------------------9704338192090380615194531385--
+-----------------------------9704338192090380615194531385$--
     """.replace(
         "\n", "\r\n"
     ).encode(

From 625aaba621115657859a1c6ae889f4ced28834e6 Mon Sep 17 00:00:00 2001
From: Pascal Corpet 
Date: Sun, 16 May 2021 22:45:21 +0200
Subject: [PATCH 452/733] Enhance type of headers.get method.

When given a default value that is not None, the get method always
returns a string.
---
 CHANGES.rst                     | 1 +
 src/werkzeug/datastructures.pyi | 2 ++
 src/werkzeug/sansio/request.py  | 2 +-
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 85ccae878..f8a2d0f93 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -14,6 +14,7 @@ Unreleased
     decorated with it report the correct type. :issue:`2113`
 -   Fix multipart parsing bug when boundary contains special regex
     characters. :issue:`2125`
+-   Enhance type annotation for ``headers.get``. :issue:`2128`
 
 
 Version 2.0.0
diff --git a/src/werkzeug/datastructures.pyi b/src/werkzeug/datastructures.pyi
index 7279d3a73..292e1a262 100644
--- a/src/werkzeug/datastructures.pyi
+++ b/src/werkzeug/datastructures.pyi
@@ -220,6 +220,8 @@ class Headers(Dict[str, str]):
     def __getitem__(self, key: str, _get_mode: Literal[True] = ...) -> str: ...
     def __eq__(self, other: object) -> bool: ...
     @overload  # type: ignore
+    def get(self, key: str, default: str) -> str: ...
+    @overload
     def get(self, key: str, default: Optional[str] = None) -> Optional[str]: ...
     @overload
     def get(
diff --git a/src/werkzeug/sansio/request.py b/src/werkzeug/sansio/request.py
index 6f2bceb16..2c21a2134 100644
--- a/src/werkzeug/sansio/request.py
+++ b/src/werkzeug/sansio/request.py
@@ -491,7 +491,7 @@ def user_agent(self) -> UserAgent:
             Werkzeug 2.1. A ``UserAgent`` subclass must be set to parse
             data from the string.
         """
-        return self.user_agent_class(t.cast(str, self.headers.get("User-Agent", "")))
+        return self.user_agent_class(self.headers.get("User-Agent", ""))
 
     # Authorization
 

From c2fd0f1fdec4376b9410fda78ad878e2d74c4e10 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 17 May 2021 13:19:49 -0700
Subject: [PATCH 453/733] update 2128 changelog

---
 CHANGES.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index f8a2d0f93..8a8af6e9b 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -14,7 +14,8 @@ Unreleased
     decorated with it report the correct type. :issue:`2113`
 -   Fix multipart parsing bug when boundary contains special regex
     characters. :issue:`2125`
--   Enhance type annotation for ``headers.get``. :issue:`2128`
+-   Type checking understands that calling ``headers.get`` with a string
+    default will always return a string. :issue:`2128`
 
 
 Version 2.0.0

From ca830cafd0f3d2f8c733dda040c2f2f49e7fbe66 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 17 May 2021 14:34:11 -0700
Subject: [PATCH 454/733] use _typeshed.wsgi instead of wsgiref.types

---
 src/werkzeug/_internal.py              | 6 +++---
 src/werkzeug/datastructures.pyi        | 2 +-
 src/werkzeug/debug/__init__.py         | 6 +++---
 src/werkzeug/exceptions.py             | 4 ++--
 src/werkzeug/formparser.py             | 2 +-
 src/werkzeug/http.py                   | 2 +-
 src/werkzeug/local.py                  | 6 +++---
 src/werkzeug/middleware/dispatcher.py  | 6 +++---
 src/werkzeug/middleware/http_proxy.py  | 6 +++---
 src/werkzeug/middleware/lint.py        | 6 +++---
 src/werkzeug/middleware/profiler.py    | 6 +++---
 src/werkzeug/middleware/proxy_fix.py   | 6 +++---
 src/werkzeug/middleware/shared_data.py | 6 +++---
 src/werkzeug/routing.py                | 4 ++--
 src/werkzeug/serving.py                | 4 ++--
 src/werkzeug/test.py                   | 4 ++--
 src/werkzeug/testapp.py                | 4 ++--
 src/werkzeug/useragents.py             | 2 +-
 src/werkzeug/utils.py                  | 2 +-
 src/werkzeug/wrappers/request.py       | 4 ++--
 src/werkzeug/wrappers/response.py      | 6 +++---
 src/werkzeug/wsgi.py                   | 4 ++--
 22 files changed, 49 insertions(+), 49 deletions(-)

diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
index 71a5e2883..7d33563ec 100644
--- a/src/werkzeug/_internal.py
+++ b/src/werkzeug/_internal.py
@@ -13,9 +13,9 @@
 from weakref import WeakKeyDictionary
 
 if t.TYPE_CHECKING:
-    from wsgiref.types import StartResponse
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import StartResponse
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
     from .wrappers.request import Request  # noqa: F401
 
 _logger: t.Optional[logging.Logger] = None
diff --git a/src/werkzeug/datastructures.pyi b/src/werkzeug/datastructures.pyi
index 292e1a262..b61540ec6 100644
--- a/src/werkzeug/datastructures.pyi
+++ b/src/werkzeug/datastructures.pyi
@@ -20,7 +20,7 @@ from typing import Tuple
 from typing import Type
 from typing import TypeVar
 from typing import Union
-from wsgiref.types import WSGIEnvironment
+from _typeshed.wsgi import WSGIEnvironment
 
 from typing_extensions import Literal
 
diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py
index 03ccae3d9..ca46bb92f 100644
--- a/src/werkzeug/debug/__init__.py
+++ b/src/werkzeug/debug/__init__.py
@@ -25,9 +25,9 @@
 from .tbtools import Traceback
 
 if t.TYPE_CHECKING:
-    from wsgiref.types import StartResponse
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import StartResponse
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
 
 # A week
 PIN_TIME = 60 * 60 * 24 * 7
diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py
index 7c43d85ef..718c8ebb0 100644
--- a/src/werkzeug/exceptions.py
+++ b/src/werkzeug/exceptions.py
@@ -53,8 +53,8 @@ def application(request):
 
 if t.TYPE_CHECKING:
     import typing_extensions as te
-    from wsgiref.types import StartResponse
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import StartResponse
+    from _typeshed.wsgi import WSGIEnvironment
     from .datastructures import WWWAuthenticate
     from .sansio.response import Response
     from .wrappers.response import Response as WSGIResponse  # noqa: F401
diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py
index c24608d05..2dcb709fc 100644
--- a/src/werkzeug/formparser.py
+++ b/src/werkzeug/formparser.py
@@ -33,7 +33,7 @@
 
 if t.TYPE_CHECKING:
     import typing as te
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import WSGIEnvironment
 
     t_parse_result = t.Tuple[t.BinaryIO, MultiDict, MultiDict]
 
diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py
index 8880d553e..ca48fe215 100644
--- a/src/werkzeug/http.py
+++ b/src/werkzeug/http.py
@@ -26,7 +26,7 @@
 
 if t.TYPE_CHECKING:
     import typing_extensions as te
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import WSGIEnvironment
 
 # for explanation of "media-range", etc. see Sections 5.3.{1,2} of RFC 7231
 _accept_re = re.compile(
diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index 4e664a011..a5a7870e4 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -10,9 +10,9 @@
 from .wsgi import ClosingIterator
 
 if t.TYPE_CHECKING:
-    from wsgiref.types import StartResponse
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import StartResponse
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
 
 F = t.TypeVar("F", bound=t.Callable[..., t.Any])
 
diff --git a/src/werkzeug/middleware/dispatcher.py b/src/werkzeug/middleware/dispatcher.py
index 5f79db910..ace1c7504 100644
--- a/src/werkzeug/middleware/dispatcher.py
+++ b/src/werkzeug/middleware/dispatcher.py
@@ -33,9 +33,9 @@
 import typing as t
 
 if t.TYPE_CHECKING:
-    from wsgiref.types import StartResponse
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import StartResponse
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
 
 
 class DispatcherMiddleware:
diff --git a/src/werkzeug/middleware/http_proxy.py b/src/werkzeug/middleware/http_proxy.py
index c09231c11..1cde458df 100644
--- a/src/werkzeug/middleware/http_proxy.py
+++ b/src/werkzeug/middleware/http_proxy.py
@@ -17,9 +17,9 @@
 from ..wsgi import get_input_stream
 
 if t.TYPE_CHECKING:
-    from wsgiref.types import StartResponse
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import StartResponse
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
 
 
 class ProxyMiddleware:
diff --git a/src/werkzeug/middleware/lint.py b/src/werkzeug/middleware/lint.py
index 6e7df0ab9..80c423dd3 100644
--- a/src/werkzeug/middleware/lint.py
+++ b/src/werkzeug/middleware/lint.py
@@ -22,9 +22,9 @@
 from ..wsgi import FileWrapper
 
 if t.TYPE_CHECKING:
-    from wsgiref.types import StartResponse
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import StartResponse
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
 
 
 class WSGIWarning(Warning):
diff --git a/src/werkzeug/middleware/profiler.py b/src/werkzeug/middleware/profiler.py
index a15e4b4f6..0992f8f16 100644
--- a/src/werkzeug/middleware/profiler.py
+++ b/src/werkzeug/middleware/profiler.py
@@ -23,9 +23,9 @@
     from profile import Profile  # type: ignore
 
 if t.TYPE_CHECKING:
-    from wsgiref.types import StartResponse
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import StartResponse
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
 
 
 class ProfilerMiddleware:
diff --git a/src/werkzeug/middleware/proxy_fix.py b/src/werkzeug/middleware/proxy_fix.py
index e1f8d3219..e90b1b34e 100644
--- a/src/werkzeug/middleware/proxy_fix.py
+++ b/src/werkzeug/middleware/proxy_fix.py
@@ -26,9 +26,9 @@
 from ..http import parse_list_header
 
 if t.TYPE_CHECKING:
-    from wsgiref.types import StartResponse
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import StartResponse
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
 
 
 class ProxyFix:
diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py
index 9d172f7b7..f11b43a03 100644
--- a/src/werkzeug/middleware/shared_data.py
+++ b/src/werkzeug/middleware/shared_data.py
@@ -31,9 +31,9 @@
 _TLoader = t.Callable[[t.Optional[str]], t.Tuple[t.Optional[str], t.Optional[_TOpener]]]
 
 if t.TYPE_CHECKING:
-    from wsgiref.types import StartResponse
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import StartResponse
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
 
 
 class SharedDataMiddleware:
diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index 59463a7f7..104387593 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -140,8 +140,8 @@
 
 if t.TYPE_CHECKING:
     import typing_extensions as te
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
     from .wrappers.response import Response
 
 _rule_re = re.compile(
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 97cd01013..1be994929 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -75,8 +75,8 @@ class ForkingMixIn:  # type: ignore
 
 if t.TYPE_CHECKING:
     import typing_extensions as te  # noqa: F401
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
     from cryptography.hazmat.primitives.asymmetric.rsa import (
         RSAPrivateKeyWithSerialization,
     )
diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py
index 8815b0f79..9301c02fd 100644
--- a/src/werkzeug/test.py
+++ b/src/werkzeug/test.py
@@ -46,8 +46,8 @@
 from .wsgi import get_current_url
 
 if t.TYPE_CHECKING:
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
 
 
 def stream_encode_multipart(
diff --git a/src/werkzeug/testapp.py b/src/werkzeug/testapp.py
index 76f83974b..981f8878b 100644
--- a/src/werkzeug/testapp.py
+++ b/src/werkzeug/testapp.py
@@ -13,8 +13,8 @@
 from .wrappers.response import Response
 
 if t.TYPE_CHECKING:
-    from wsgiref.types import StartResponse
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import StartResponse
+    from _typeshed.wsgi import WSGIEnvironment
 
 
 logo = Response(
diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py
index 9ff940312..4deed8f46 100644
--- a/src/werkzeug/useragents.py
+++ b/src/werkzeug/useragents.py
@@ -5,7 +5,7 @@
 from .user_agent import UserAgent as _BaseUserAgent
 
 if t.TYPE_CHECKING:
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import WSGIEnvironment
 
 
 class _UserAgentParser:
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index 5255294cc..7bb02bbc1 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -25,7 +25,7 @@
 from .wsgi import wrap_file
 
 if t.TYPE_CHECKING:
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import WSGIEnvironment
     from .wrappers.request import Request
     from .wrappers.response import Response
 
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index 7862e58dc..60c3b5f4e 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -23,8 +23,8 @@
 
 if t.TYPE_CHECKING:
     import typing_extensions as te
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
 
 
 class Request(_SansIORequest):
diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py
index 60d011c1b..a43c8bca3 100644
--- a/src/werkzeug/wrappers/response.py
+++ b/src/werkzeug/wrappers/response.py
@@ -23,9 +23,9 @@
 
 if t.TYPE_CHECKING:
     import typing_extensions as te
-    from wsgiref.types import StartResponse
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import StartResponse
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
 
 
 def _warn_if_string(iterable: t.Iterable) -> None:
diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py
index 587cf3f42..9439a1e5c 100644
--- a/src/werkzeug/wsgi.py
+++ b/src/werkzeug/wsgi.py
@@ -17,8 +17,8 @@
 from .urls import url_quote
 
 if t.TYPE_CHECKING:
-    from wsgiref.types import WSGIApplication
-    from wsgiref.types import WSGIEnvironment
+    from _typeshed.wsgi import WSGIApplication
+    from _typeshed.wsgi import WSGIEnvironment
 
 
 def responder(f: t.Callable[..., "WSGIApplication"]) -> "WSGIApplication":

From 67ef7411a0e7add1192c23aa6fd63eb299e8217e Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 17 May 2021 15:52:51 -0700
Subject: [PATCH 455/733] convert `HTTPException.description` to string

---
 CHANGES.rst                | 2 ++
 src/werkzeug/exceptions.py | 9 ++++++++-
 tests/test_exceptions.py   | 4 ++++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 8a8af6e9b..7444a2014 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -16,6 +16,8 @@ Unreleased
     characters. :issue:`2125`
 -   Type checking understands that calling ``headers.get`` with a string
     default will always return a string. :issue:`2128`
+-   If ``HTTPException.description`` is not a string,
+    ``get_description`` will convert it to a string. :issue:`2115`
 
 
 Version 2.0.0
diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py
index 7c43d85ef..a3e3b0796 100644
--- a/src/werkzeug/exceptions.py
+++ b/src/werkzeug/exceptions.py
@@ -156,7 +156,14 @@ def get_description(
         scope: t.Optional[dict] = None,
     ) -> str:
         """Get the description."""
-        description = escape(self.description).replace("\n", "
    ")  # type: ignore
+        if self.description is None:
+            description = ""
+        elif not isinstance(self.description, str):
+            description = str(self.description)
+        else:
+            description = self.description
+
+        description = escape(description).replace("\n", "
    ")
         return f"
    {description}
    "
 
     def get_body(
diff --git a/tests/test_exceptions.py b/tests/test_exceptions.py
index 12ea8b920..2a6839057 100644
--- a/tests/test_exceptions.py
+++ b/tests/test_exceptions.py
@@ -142,3 +142,7 @@ class TestResponse(Response):
     exc = cls(response=TestResponse())
     rp = exc.get_response({})
     assert isinstance(rp, TestResponse)
+
+
+def test_description_none():
+    HTTPException().get_response()

From c09fe3fa458b57ef0f604a1490c406a444d066d4 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 17 May 2021 16:07:17 -0700
Subject: [PATCH 456/733] release version 2.0.1

---
 CHANGES.rst              | 2 +-
 src/werkzeug/__init__.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 7444a2014..3aa33990d 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -3,7 +3,7 @@
 Version 2.0.1
 -------------
 
-Unreleased
+Released 2021-05-17
 
 -   Fix type annotation for ``send_file`` ``max_age`` callable. Don't
     pass ``pathlib.Path`` to ``max_age``. :issue:`2119`
diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index 4fbb6d081..5a71a3790 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -3,4 +3,4 @@
 from .wrappers import Request as Request
 from .wrappers import Response as Response
 
-__version__ = "2.0.1.dev0"
+__version__ = "2.0.1"

From c4d0884f4322bc91b3f7e4b8bbfc398aae5c8aaf Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 18 May 2021 08:14:04 -0700
Subject: [PATCH 457/733] start version 2.0.2.dev0

---
 CHANGES.rst              | 6 ++++++
 src/werkzeug/__init__.py | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 3aa33990d..1efd28475 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,5 +1,11 @@
 .. currentmodule:: werkzeug
 
+Version 2.0.2
+-------------
+
+Unreleased
+
+
 Version 2.0.1
 -------------
 
diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index 5a71a3790..8c7e1c402 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -3,4 +3,4 @@
 from .wrappers import Request as Request
 from .wrappers import Response as Response
 
-__version__ = "2.0.1"
+__version__ = "2.0.2.dev0"

From c69a22a576bf44a3d0da70896576cf1464586c17 Mon Sep 17 00:00:00 2001
From: Miguel Grinberg 
Date: Tue, 18 May 2021 00:12:38 +0100
Subject: [PATCH 458/733] handle multiple tokens in Connection header

---
 CHANGES.rst             |  3 +++
 src/werkzeug/routing.py |  9 +++++----
 tests/test_routing.py   | 11 +++++++++++
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 1efd28475..deda16b8f 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -5,6 +5,9 @@ Version 2.0.2
 
 Unreleased
 
+-   Handle multiple tokens in ``Connection`` header when routing
+    WebSocket requests. :issue:`2131`
+
 
 Version 2.0.1
 -------------
diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index 104387593..345871eef 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -1650,11 +1650,12 @@ def bind_to_environ(
         environ = _get_environ(environ)
         wsgi_server_name = get_host(environ).lower()
         scheme = environ["wsgi.url_scheme"]
+        upgrade = any(
+            v.strip() == "upgrade"
+            for v in environ.get("HTTP_CONNECTION", "").lower().split(",")
+        )
 
-        if (
-            environ.get("HTTP_CONNECTION", "").lower() == "upgrade"
-            and environ.get("HTTP_UPGRADE", "").lower() == "websocket"
-        ):
+        if upgrade and environ.get("HTTP_UPGRADE", "").lower() == "websocket":
             scheme = "wss" if scheme == "https" else "ws"
 
         if server_name is None:
diff --git a/tests/test_routing.py b/tests/test_routing.py
index 4a88f2f4d..1d4cef901 100644
--- a/tests/test_routing.py
+++ b/tests/test_routing.py
@@ -73,6 +73,17 @@ def test_basic_routing():
     with pytest.raises(r.WebsocketMismatch):
         adapter.match("/ws", websocket=False)
 
+    adapter = map.bind_to_environ(
+        create_environ(
+            "/ws?foo=bar",
+            "http://example.org/",
+            headers=[("Connection", "keep-alive, Upgrade"), ("upgrade", "websocket")],
+        )
+    )
+    assert adapter.match("/ws") == ("ws", {})
+    with pytest.raises(r.WebsocketMismatch):
+        adapter.match("/ws", websocket=False)
+
 
 def test_merge_slashes_match():
     url_map = r.Map(

From 584f3cff7d5cb8a588189ae1137b814cf5c47e05 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 19 May 2021 20:01:58 -0700
Subject: [PATCH 459/733] address deprecation warnings from Python 3.10b1

---
 tests/conftest.py   |  5 ++++-
 tests/test_local.py | 34 +++++++++++++++++++++++++---------
 2 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/tests/conftest.py b/tests/conftest.py
index 3b5cbd71c..4ad1ff23e 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -66,7 +66,10 @@ def connect(self, **kwargs):
 
         if protocol == "https":
             if "context" not in kwargs:
-                kwargs["context"] = ssl.SSLContext()
+                context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+                context.check_hostname = False
+                context.verify_mode = ssl.CERT_NONE
+                kwargs["context"] = context
 
             return http.client.HTTPSConnection(self.addr, **kwargs)
 
diff --git a/tests/test_local.py b/tests/test_local.py
index 537fc32fb..b5c392890 100644
--- a/tests/test_local.py
+++ b/tests/test_local.py
@@ -12,6 +12,18 @@
 from werkzeug import local
 
 
+if sys.version_info < (3, 7):
+
+    def run_async(coro):
+        return asyncio.get_event_loop().run_until_complete(coro)
+
+
+else:
+
+    def run_async(coro):
+        return asyncio.run(coro)
+
+
 def test_basic_local():
     ns = local.Local()
     ns.foo = 0
@@ -55,9 +67,11 @@ async def value_setter(idx):
         await asyncio.sleep(0.02)
         values.append(ns.foo)
 
-    loop = asyncio.get_event_loop()
-    futures = [asyncio.ensure_future(value_setter(idx)) for idx in [1, 2, 3]]
-    loop.run_until_complete(asyncio.gather(*futures))
+    async def main():
+        futures = [asyncio.ensure_future(value_setter(i)) for i in [1, 2, 3]]
+        await asyncio.gather(*futures)
+
+    run_async(main())
     assert sorted(values) == [1, 2, 3]
 
     def delfoo():
@@ -118,9 +132,11 @@ async def task():
         ls.push(1)
         assert len(ls._local.stack) == 2
 
-    loop = asyncio.get_event_loop()
-    futures = [asyncio.ensure_future(task()) for _ in range(3)]
-    loop.run_until_complete(asyncio.gather(*futures))
+    async def main():
+        futures = [asyncio.ensure_future(task()) for _ in range(3)]
+        await asyncio.gather(*futures)
+
+    run_async(main())
 
 
 @pytest.mark.skipif(
@@ -571,7 +587,7 @@ async def get():
     async def main():
         return await p
 
-    out = asyncio.get_event_loop().run_until_complete(main())
+    out = run_async(main())
     assert out == 1
 
 
@@ -599,7 +615,7 @@ async def main():
 
         return out
 
-    out = asyncio.get_event_loop().run_until_complete(main())
+    out = run_async(main())
     assert out == [2, 1, 0]
 
 
@@ -623,4 +639,4 @@ async def main():
         assert p.value == 2
         return True
 
-    assert asyncio.get_event_loop().run_until_complete(main())
+    assert run_async(main())

From 835f0f35c05cec8c71fb298cc40a114ea5b5a118 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 20 May 2021 20:56:59 -0700
Subject: [PATCH 460/733] update pallets-sphinx-themes

---
 docs/conf.py          | 6 +++---
 requirements/dev.txt  | 2 +-
 requirements/docs.txt | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/conf.py b/docs/conf.py
index 57ecdf9fa..96e998b80 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -38,10 +38,10 @@
     ]
 }
 html_sidebars = {
-    "index": ["project.html", "localtoc.html", "searchbox.html"],
-    "**": ["localtoc.html", "relations.html", "searchbox.html"],
+    "index": ["project.html", "localtoc.html", "searchbox.html", "ethicalads.html"],
+    "**": ["localtoc.html", "relations.html", "searchbox.html", "ethicalads.html"],
 }
-singlehtml_sidebars = {"index": ["project.html", "localtoc.html"]}
+singlehtml_sidebars = {"index": ["project.html", "localtoc.html", "ethicalads.html"]}
 html_static_path = ["_static"]
 html_favicon = "_static/favicon.ico"
 html_logo = "_static/werkzeug.png"
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 74c982597..54ed310ca 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -60,7 +60,7 @@ packaging==20.9
     #   pytest
     #   sphinx
     #   tox
-pallets-sphinx-themes==2.0.0
+pallets-sphinx-themes==2.0.1
     # via -r requirements/docs.in
 pep517==0.10.0
     # via pip-tools
diff --git a/requirements/docs.txt b/requirements/docs.txt
index cd36ee5ec..857c20e2b 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -28,7 +28,7 @@ packaging==20.9
     # via
     #   pallets-sphinx-themes
     #   sphinx
-pallets-sphinx-themes==2.0.0
+pallets-sphinx-themes==2.0.1
     # via -r requirements/docs.in
 pygments==2.9.0
     # via sphinx

From ad1b6f915b175f37b5e79a28511a2b8d31bdc361 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 20 May 2021 20:57:19 -0700
Subject: [PATCH 461/733] update pallets and sphinx requirements

---
 requirements/dev.txt   | 16 +++++++---------
 requirements/docs.txt  | 10 ++++------
 requirements/tests.txt |  2 +-
 3 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 54ed310ca..c45592b49 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -16,11 +16,11 @@ certifi==2020.12.5
     # via requests
 cffi==1.14.5
     # via cryptography
-cfgv==3.2.0
+cfgv==3.3.0
     # via pre-commit
 chardet==4.0.0
     # via requests
-click==7.1.2
+click==8.0.1
     # via pip-tools
 cryptography==3.4.7
     # via -r requirements/tests.in
@@ -42,12 +42,10 @@ imagesize==1.2.0
     # via sphinx
 iniconfig==1.1.1
     # via pytest
-jinja2==2.11.3
+jinja2==3.0.1
     # via sphinx
-markupsafe==1.1.1
-    # via
-    #   jinja2
-    #   sphinx
+markupsafe==2.0.1
+    # via jinja2
 mypy-extensions==0.4.3
     # via mypy
 mypy==0.812
@@ -107,7 +105,7 @@ snowballstemmer==2.1.0
     # via sphinx
 sphinx-issues==1.2.0
     # via -r requirements/docs.in
-sphinx==4.0.1
+sphinx==4.0.2
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
@@ -145,7 +143,7 @@ virtualenv==20.4.6
     # via
     #   pre-commit
     #   tox
-watchdog==2.1.1
+watchdog==2.1.2
     # via -r requirements/tests.in
 
 # The following packages are considered to be unsafe in a requirements file:
diff --git a/requirements/docs.txt b/requirements/docs.txt
index 857c20e2b..93878a7e1 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -18,12 +18,10 @@ idna==2.10
     # via requests
 imagesize==1.2.0
     # via sphinx
-jinja2==2.11.3
+jinja2==3.0.1
     # via sphinx
-markupsafe==1.1.1
-    # via
-    #   jinja2
-    #   sphinx
+markupsafe==2.0.1
+    # via jinja2
 packaging==20.9
     # via
     #   pallets-sphinx-themes
@@ -42,7 +40,7 @@ snowballstemmer==2.1.0
     # via sphinx
 sphinx-issues==1.2.0
     # via -r requirements/docs.in
-sphinx==4.0.1
+sphinx==4.0.2
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 8aaaceed0..e1a6e36e7 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -37,5 +37,5 @@ pytest==6.2.4
     #   pytest-xprocess
 toml==0.10.2
     # via pytest
-watchdog==2.1.1
+watchdog==2.1.2
     # via -r requirements/tests.in

From 2b7fb5075d9f7f862dd06d5ec3c3824b8bcf1679 Mon Sep 17 00:00:00 2001
From: Grey Li 
Date: Mon, 24 May 2021 17:26:38 +0800
Subject: [PATCH 462/733] Improve the contributing guide

---
 CONTRIBUTING.rst | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index 34bab0fe3..9f4080030 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -92,7 +92,7 @@ First time setup
 
     .. code-block:: text
 
-        git remote add fork https://github.com/{username}/werkzeug
+        $ git remote add fork https://github.com/{username}/werkzeug
 
 -   Create a virtualenv.
 
@@ -107,6 +107,12 @@ First time setup
 
         > env\Scripts\activate
 
+-   Upgrade pip and setuptools.
+
+    .. code-block:: text
+
+        $ python -m pip install --upgrade pip setuptools
+
 -   Install the development dependencies, then install Werkzeug in
     editable mode.
 
@@ -124,7 +130,7 @@ First time setup
 .. _username: https://docs.github.com/en/github/using-git/setting-your-username-in-git
 .. _email: https://docs.github.com/en/github/setting-up-and-managing-your-github-user-account/setting-your-commit-email-address
 .. _GitHub account: https://github.com/join
-.. _Fork: https://github.com/pallets/jinja/fork
+.. _Fork: https://github.com/pallets/werkzeug/fork
 .. _Clone: https://docs.github.com/en/github/getting-started-with-github/fork-a-repo#step-2-create-a-local-clone-of-your-fork
 
 
@@ -138,7 +144,7 @@ Start coding
     .. code-block:: text
 
         $ git fetch origin
-        $ git checkout -b your-branch-name origin/1.0.x
+        $ git checkout -b your-branch-name origin/2.0.x
 
     If you're submitting a feature addition or change, branch off of the
     "main" branch.

From 45fc965ce048c1e0c101dc5f2e940a919a0015d5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Jun 2021 08:04:54 +0000
Subject: [PATCH 463/733] Bump pre-commit from 2.12.1 to 2.13.0

Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.12.1 to 2.13.0.
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pre-commit/pre-commit/compare/v2.12.1...v2.13.0)

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index c45592b49..70e4d8402 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -68,7 +68,7 @@ pluggy==0.13.1
     # via
     #   pytest
     #   tox
-pre-commit==2.12.1
+pre-commit==2.13.0
     # via -r requirements/dev.in
 psutil==5.8.0
     # via pytest-xprocess

From 5098a0691b012c8f7e534d53a50927adc3bbf7f2 Mon Sep 17 00:00:00 2001
From: Dave Brondsema 
Date: Thu, 27 May 2021 15:07:42 -0400
Subject: [PATCH 464/733] debugger: set appropriate secure flag on cookie

---
 CHANGES.rst                    | 1 +
 src/werkzeug/debug/__init__.py | 1 +
 2 files changed, 2 insertions(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index deda16b8f..6a4e6db48 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -7,6 +7,7 @@ Unreleased
 
 -   Handle multiple tokens in ``Connection`` header when routing
     WebSocket requests. :issue:`2131`
+-   Set the debugger pin cookie secure flag when on https. :pr:`2150`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py
index ca46bb92f..7069428d3 100644
--- a/src/werkzeug/debug/__init__.py
+++ b/src/werkzeug/debug/__init__.py
@@ -450,6 +450,7 @@ def pin_auth(self, request: Request) -> Response:
                 f"{int(time.time())}|{hash_pin(pin)}",
                 httponly=True,
                 samesite="None",
+                secure=request.is_secure,
             )
         elif bad_cookie:
             rv.delete_cookie(self.pin_cookie_name)

From a27b759a793ba268240363e116c9e8be686fa7cc Mon Sep 17 00:00:00 2001
From: Philipp Gortan 
Date: Wed, 2 Jun 2021 14:16:49 +0200
Subject: [PATCH 465/733] is_json is a property, not a method

---
 src/werkzeug/wrappers/request.py  | 4 ++--
 src/werkzeug/wrappers/response.py | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index 60c3b5f4e..6deb50407 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -546,7 +546,7 @@ def url_root(self) -> str:
     @property
     def json(self) -> t.Optional[t.Any]:
         """The parsed JSON data if :attr:`mimetype` indicates JSON
-        (:mimetype:`application/json`, see :meth:`is_json`).
+        (:mimetype:`application/json`, see :attr:`is_json`).
 
         Calls :meth:`get_json` with default arguments.
         """
@@ -562,7 +562,7 @@ def get_json(
         """Parse :attr:`data` as JSON.
 
         If the mimetype does not indicate JSON
-        (:mimetype:`application/json`, see :meth:`is_json`), this
+        (:mimetype:`application/json`, see :attr:`is_json`), this
         returns ``None``.
 
         If parsing fails, :meth:`on_json_loading_failed` is called and
diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py
index a43c8bca3..d365c4e09 100644
--- a/src/werkzeug/wrappers/response.py
+++ b/src/werkzeug/wrappers/response.py
@@ -640,7 +640,7 @@ def __call__(
     @property
     def json(self) -> t.Optional[t.Any]:
         """The parsed JSON data if :attr:`mimetype` indicates JSON
-        (:mimetype:`application/json`, see :meth:`is_json`).
+        (:mimetype:`application/json`, see :attr:`is_json`).
 
         Calls :meth:`get_json` with default arguments.
         """
@@ -650,7 +650,7 @@ def get_json(self, force: bool = False, silent: bool = False) -> t.Optional[t.An
         """Parse :attr:`data` as JSON. Useful during testing.
 
         If the mimetype does not indicate JSON
-        (:mimetype:`application/json`, see :meth:`is_json`), this
+        (:mimetype:`application/json`, see :attr:`is_json`), this
         returns ``None``.
 
         Unlike :meth:`Request.get_json`, the result is not cached.

From c5dc54519c56ee56b793851fde4d47c631bdacc7 Mon Sep 17 00:00:00 2001
From: Benedict Jin 
Date: Thu, 27 May 2021 10:40:02 +0800
Subject: [PATCH 466/733] Remove the useless import in response

---
 src/werkzeug/sansio/response.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/werkzeug/sansio/response.py b/src/werkzeug/sansio/response.py
index aedfcb043..4d55a9ad7 100644
--- a/src/werkzeug/sansio/response.py
+++ b/src/werkzeug/sansio/response.py
@@ -1,4 +1,3 @@
-import typing
 import typing as t
 from datetime import datetime
 from datetime import timedelta

From f61d9a36ec11f3914c824ff1ae832c5a74dfec59 Mon Sep 17 00:00:00 2001
From: Maico Timmerman 
Date: Sat, 22 May 2021 20:26:15 +0200
Subject: [PATCH 467/733] typing: MultiDict.update accepts Iterable Mapping
 values.

MultiDict.__init__ correctly represents it, however the update was
missing the iterable variant.

Also, flipped the order of Iterable[V] and V fixes PyCharm's naive
matching for generics. Mypy would accept both versions, however PyCharm
would only try to infer Mapping V as the List. By listing it second it
will first try to map to the Iterable[V].
---
 CHANGES.rst                     | 2 ++
 src/werkzeug/datastructures.pyi | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 6a4e6db48..bd4e46946 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -8,6 +8,8 @@ Unreleased
 -   Handle multiple tokens in ``Connection`` header when routing
     WebSocket requests. :issue:`2131`
 -   Set the debugger pin cookie secure flag when on https. :pr:`2150`
+-   Fix type annotation for ``MultiDict.update`` to accept iterable values
+    :pr:`2142`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/datastructures.pyi b/src/werkzeug/datastructures.pyi
index b61540ec6..34ddebf6a 100644
--- a/src/werkzeug/datastructures.pyi
+++ b/src/werkzeug/datastructures.pyi
@@ -115,7 +115,7 @@ class MultiDict(TypeConversionDict[K, V]):
     def __init__(
         self,
         mapping: Optional[
-            Union[Mapping[K, Union[V, Iterable[V]]], Iterable[Tuple[K, V]]]
+            Union[Mapping[K, Union[Iterable[V], V]], Iterable[Tuple[K, V]]]
         ] = None,
     ) -> None: ...
     def __getitem__(self, item: K) -> V: ...
@@ -141,7 +141,7 @@ class MultiDict(TypeConversionDict[K, V]):
     @overload
     def to_dict(self, flat: Literal[False]) -> Dict[K, List[V]]: ...
     def update(  # type: ignore
-        self, mapping: Union[Mapping[K, V], Iterable[Tuple[K, V]]]
+        self, mapping: Union[Mapping[K, Union[Iterable[V], V]], Iterable[Tuple[K, V]]]
     ) -> None: ...
     @overload
     def pop(self, key: K) -> V: ...

From 61bea015f8452e8af9cceea936cd0a854d65b788 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Jul 2021 08:03:01 +0000
Subject: [PATCH 468/733] Bump pip-tools from 6.1.0 to 6.2.0

Bumps [pip-tools](https://github.com/jazzband/pip-tools) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/jazzband/pip-tools/releases)
- [Changelog](https://github.com/jazzband/pip-tools/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jazzband/pip-tools/compare/6.1.0...6.2.0)

---
updated-dependencies:
- dependency-name: pip-tools
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 70e4d8402..5d7bebe2d 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -46,10 +46,10 @@ jinja2==3.0.1
     # via sphinx
 markupsafe==2.0.1
     # via jinja2
-mypy-extensions==0.4.3
-    # via mypy
 mypy==0.812
     # via -r requirements/typing.in
+mypy-extensions==0.4.3
+    # via mypy
 nodeenv==1.6.0
     # via pre-commit
 packaging==20.9
@@ -62,7 +62,7 @@ pallets-sphinx-themes==2.0.1
     # via -r requirements/docs.in
 pep517==0.10.0
     # via pip-tools
-pip-tools==6.1.0
+pip-tools==6.2.0
     # via -r requirements/dev.in
 pluggy==0.13.1
     # via
@@ -82,15 +82,15 @@ pygments==2.9.0
     # via sphinx
 pyparsing==2.4.7
     # via packaging
-pytest-timeout==1.4.2
-    # via -r requirements/tests.in
-pytest-xprocess==0.17.1
-    # via -r requirements/tests.in
 pytest==6.2.4
     # via
     #   -r requirements/tests.in
     #   pytest-timeout
     #   pytest-xprocess
+pytest-timeout==1.4.2
+    # via -r requirements/tests.in
+pytest-xprocess==0.17.1
+    # via -r requirements/tests.in
 pytz==2021.1
     # via babel
 pyyaml==5.4.1
@@ -103,14 +103,14 @@ six==1.16.0
     #   virtualenv
 snowballstemmer==2.1.0
     # via sphinx
-sphinx-issues==1.2.0
-    # via -r requirements/docs.in
 sphinx==4.0.2
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
     #   sphinx-issues
     #   sphinxcontrib-log-cabinet
+sphinx-issues==1.2.0
+    # via -r requirements/docs.in
 sphinxcontrib-applehelp==1.0.2
     # via sphinx
 sphinxcontrib-devhelp==1.0.2
@@ -145,6 +145,8 @@ virtualenv==20.4.6
     #   tox
 watchdog==2.1.2
     # via -r requirements/tests.in
+wheel==0.36.2
+    # via pip-tools
 
 # The following packages are considered to be unsafe in a requirements file:
 # pip

From e368381d7ce542cb6d3194ec85fd2bd1c167d885 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Jul 2021 12:54:14 +0000
Subject: [PATCH 469/733] Bump watchdog from 2.1.2 to 2.1.3

Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/gorakhargosh/watchdog/releases)
- [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst)
- [Commits](https://github.com/gorakhargosh/watchdog/compare/v2.1.2...v2.1.3)

---
updated-dependencies:
- dependency-name: watchdog
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt   |  2 +-
 requirements/tests.txt | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 5d7bebe2d..215e90d5d 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -143,7 +143,7 @@ virtualenv==20.4.6
     # via
     #   pre-commit
     #   tox
-watchdog==2.1.2
+watchdog==2.1.3
     # via -r requirements/tests.in
 wheel==0.36.2
     # via pip-tools
diff --git a/requirements/tests.txt b/requirements/tests.txt
index e1a6e36e7..6b7658a93 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -26,16 +26,16 @@ pycparser==2.20
     # via cffi
 pyparsing==2.4.7
     # via packaging
-pytest-timeout==1.4.2
-    # via -r requirements/tests.in
-pytest-xprocess==0.17.1
-    # via -r requirements/tests.in
 pytest==6.2.4
     # via
     #   -r requirements/tests.in
     #   pytest-timeout
     #   pytest-xprocess
+pytest-timeout==1.4.2
+    # via -r requirements/tests.in
+pytest-xprocess==0.17.1
+    # via -r requirements/tests.in
 toml==0.10.2
     # via pytest
-watchdog==2.1.2
+watchdog==2.1.3
     # via -r requirements/tests.in

From 247e054a9f271edf69e619f67972214caba56134 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 5 Jul 2021 22:10:50 +0000
Subject: [PATCH 470/733] [pre-commit.ci] pre-commit autoupdate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

updates:
- [github.com/asottile/pyupgrade: v2.15.0 → v2.20.0](https://github.com/asottile/pyupgrade/compare/v2.15.0...v2.20.0)
- [github.com/psf/black: 21.5b1 → 21.6b0](https://github.com/psf/black/compare/21.5b1...21.6b0)
- [github.com/pre-commit/pre-commit-hooks: v3.4.0 → v4.0.1](https://github.com/pre-commit/pre-commit-hooks/compare/v3.4.0...v4.0.1)
---
 .pre-commit-config.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 3f106cfcf..fc4fd1ba4 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,7 +2,7 @@ ci:
   autoupdate_schedule: monthly
 repos:
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.15.0
+    rev: v2.20.0
     hooks:
       - id: pyupgrade
         args: ["--py36-plus"]
@@ -18,7 +18,7 @@ repos:
         files: "^examples/"
         args: ["--application-directories", "examples"]
   - repo: https://github.com/psf/black
-    rev: 21.5b1
+    rev: 21.6b0
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8
@@ -29,7 +29,7 @@ repos:
           - flake8-bugbear
           - flake8-implicit-str-concat
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.4.0
+    rev: v4.0.1
     hooks:
       - id: fix-byte-order-marker
       - id: trailing-whitespace

From 1edbdd6f598674fe334b5301bc262234dfe30634 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 5 Jul 2021 22:13:08 +0000
Subject: [PATCH 471/733] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 tests/test_routing.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/test_routing.py b/tests/test_routing.py
index 1d4cef901..18ac30c5e 100644
--- a/tests/test_routing.py
+++ b/tests/test_routing.py
@@ -582,7 +582,7 @@ def test_rule_templates():
         ]
     )
 
-    out = sorted([(x.rule, x.subdomain, x.endpoint) for x in url_map.iter_rules()])
+    out = sorted((x.rule, x.subdomain, x.endpoint) for x in url_map.iter_rules())
 
     assert out == [
         ("/blah", "test1", "x_bar"),

From 7a30284ba1b17e6ccae90eaceb577e4f2fcd1886 Mon Sep 17 00:00:00 2001
From: Hasanul Islam 
Date: Tue, 6 Jul 2021 22:55:27 +0600
Subject: [PATCH 472/733] Fix f-string issues in tutorial.rst (#2180)

---
 docs/tutorial.rst | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/docs/tutorial.rst b/docs/tutorial.rst
index bd7468171..bb245f85d 100644
--- a/docs/tutorial.rst
+++ b/docs/tutorial.rst
@@ -296,10 +296,7 @@ Let's start with the first view: the one for new URLs::
                 error = 'Please enter a valid URL'
             else:
                 short_id = self.insert_url(url)
-                return redirect(f"/{short_id}+"
-
-
-                )
+                return redirect(f"/{short_id}+")
         return self.render_template('new_url.html', error=error, url=url)
 
 This logic should be easy to understand.  Basically we are checking that
@@ -352,7 +349,7 @@ redis and redirect to it.  Additionally we will also increment a counter
 so that we know how often a link was clicked::
 
     def on_follow_short_link(self, request, short_id):
-        link_target = self.redis.get(f'url-target:{short_id')
+        link_target = self.redis.get(f'url-target:{short_id}')
         if link_target is None:
             raise NotFound()
         self.redis.incr(f'click-count:{short_id}')

From af5e92060bb81064a5f7b48045220844bd812bcc Mon Sep 17 00:00:00 2001
From: Hammy Goonan 
Date: Sat, 24 Jul 2021 21:50:06 +1000
Subject: [PATCH 473/733] updating a couple of comments so they are gender
 neurtal.

---
 examples/manage-plnt.py | 2 +-
 src/werkzeug/routing.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/manage-plnt.py b/examples/manage-plnt.py
index c843bcb96..d48cb8efa 100755
--- a/examples/manage-plnt.py
+++ b/examples/manage-plnt.py
@@ -59,7 +59,7 @@ def initdb():
             "https://effbot.org/rss.xml",
         ),
     ]
-    # okay. got tired here.  if someone feels that he is missing, drop me
+    # okay. got tired here.  if someone feels that they are missing, drop me
     # a line ;-)
     for blog in blogs:
         session.add(blog)
diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index 345871eef..417090eea 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -584,7 +584,7 @@ class Rule(RuleFactory):
                 Rule('/all/page/', endpoint='all_entries')
             ])
 
-        If a user now visits ``http://example.com/all/page/1`` he will be
+        If a user now visits ``http://example.com/all/page/1`` they will be
         redirected to ``http://example.com/all/``.  If `redirect_defaults` is
         disabled on the `Map` instance this will only affect the URL
         generation.

From 8ef46764b823ede4f393a6615cc4dccace76c07c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 1 Aug 2021 08:05:26 +0000
Subject: [PATCH 474/733] Bump tox from 3.23.1 to 3.24.1

Bumps [tox](https://github.com/tox-dev/tox) from 3.23.1 to 3.24.1.
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/master/docs/changelog.rst)
- [Commits](https://github.com/tox-dev/tox/compare/3.23.1...3.24.1)

---
updated-dependencies:
- dependency-name: tox
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 215e90d5d..5eb33ca85 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -131,7 +131,7 @@ toml==0.10.2
     #   pre-commit
     #   pytest
     #   tox
-tox==3.23.1
+tox==3.24.1
     # via -r requirements/dev.in
 typed-ast==1.4.3
     # via mypy

From 3bc5f6e55ab0c2e23d5ee7da4dccd30722724fb1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 1 Aug 2021 08:06:33 +0000
Subject: [PATCH 475/733] Bump pytest-xprocess from 0.17.1 to 0.18.1

Bumps [pytest-xprocess](https://github.com/pytest-dev/pytest-xprocess) from 0.17.1 to 0.18.1.
- [Release notes](https://github.com/pytest-dev/pytest-xprocess/releases)
- [Changelog](https://github.com/pytest-dev/pytest-xprocess/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest-xprocess/compare/0.17.1...0.18.1)

---
updated-dependencies:
- dependency-name: pytest-xprocess
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt   | 2 +-
 requirements/tests.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 215e90d5d..248e735f1 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -89,7 +89,7 @@ pytest==6.2.4
     #   pytest-xprocess
 pytest-timeout==1.4.2
     # via -r requirements/tests.in
-pytest-xprocess==0.17.1
+pytest-xprocess==0.18.1
     # via -r requirements/tests.in
 pytz==2021.1
     # via babel
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 6b7658a93..51c2a8ac0 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -33,7 +33,7 @@ pytest==6.2.4
     #   pytest-xprocess
 pytest-timeout==1.4.2
     # via -r requirements/tests.in
-pytest-xprocess==0.17.1
+pytest-xprocess==0.18.1
     # via -r requirements/tests.in
 toml==0.10.2
     # via pytest

From c5bc8c86b48db57f2f6a44a3e3550c14cfc34bb7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 1 Aug 2021 08:07:52 +0000
Subject: [PATCH 476/733] Bump sphinx from 4.0.2 to 4.1.2

Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 4.0.2 to 4.1.2.
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/4.x/CHANGES)
- [Commits](https://github.com/sphinx-doc/sphinx/compare/v4.0.2...v4.1.2)

---
updated-dependencies:
- dependency-name: sphinx
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt  |  6 +++---
 requirements/docs.txt | 10 +++++-----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 215e90d5d..17ae8256c 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -103,7 +103,7 @@ six==1.16.0
     #   virtualenv
 snowballstemmer==2.1.0
     # via sphinx
-sphinx==4.0.2
+sphinx==4.1.2
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
@@ -115,7 +115,7 @@ sphinxcontrib-applehelp==1.0.2
     # via sphinx
 sphinxcontrib-devhelp==1.0.2
     # via sphinx
-sphinxcontrib-htmlhelp==1.0.3
+sphinxcontrib-htmlhelp==2.0.0
     # via sphinx
 sphinxcontrib-jsmath==1.0.1
     # via sphinx
@@ -123,7 +123,7 @@ sphinxcontrib-log-cabinet==1.0.1
     # via -r requirements/docs.in
 sphinxcontrib-qthelp==1.0.3
     # via sphinx
-sphinxcontrib-serializinghtml==1.1.4
+sphinxcontrib-serializinghtml==1.1.5
     # via sphinx
 toml==0.10.2
     # via
diff --git a/requirements/docs.txt b/requirements/docs.txt
index 93878a7e1..7bde243df 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -38,19 +38,19 @@ requests==2.25.1
     # via sphinx
 snowballstemmer==2.1.0
     # via sphinx
-sphinx-issues==1.2.0
-    # via -r requirements/docs.in
-sphinx==4.0.2
+sphinx==4.1.2
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
     #   sphinx-issues
     #   sphinxcontrib-log-cabinet
+sphinx-issues==1.2.0
+    # via -r requirements/docs.in
 sphinxcontrib-applehelp==1.0.2
     # via sphinx
 sphinxcontrib-devhelp==1.0.2
     # via sphinx
-sphinxcontrib-htmlhelp==1.0.3
+sphinxcontrib-htmlhelp==2.0.0
     # via sphinx
 sphinxcontrib-jsmath==1.0.1
     # via sphinx
@@ -58,7 +58,7 @@ sphinxcontrib-log-cabinet==1.0.1
     # via -r requirements/docs.in
 sphinxcontrib-qthelp==1.0.3
     # via sphinx
-sphinxcontrib-serializinghtml==1.1.4
+sphinxcontrib-serializinghtml==1.1.5
     # via sphinx
 urllib3==1.26.4
     # via requests

From 7550615de756d2b04d5d9a8a110001e2d35866e6 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 2 Aug 2021 18:50:54 +0000
Subject: [PATCH 477/733] [pre-commit.ci] pre-commit autoupdate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

updates:
- [github.com/asottile/pyupgrade: v2.20.0 → v2.23.1](https://github.com/asottile/pyupgrade/compare/v2.20.0...v2.23.1)
- [github.com/asottile/reorder_python_imports: v2.5.0 → v2.6.0](https://github.com/asottile/reorder_python_imports/compare/v2.5.0...v2.6.0)
- [github.com/psf/black: 21.6b0 → 21.7b0](https://github.com/psf/black/compare/21.6b0...21.7b0)
---
 .pre-commit-config.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index fc4fd1ba4..61e56b9bc 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,12 +2,12 @@ ci:
   autoupdate_schedule: monthly
 repos:
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.20.0
+    rev: v2.23.1
     hooks:
       - id: pyupgrade
         args: ["--py36-plus"]
   - repo: https://github.com/asottile/reorder_python_imports
-    rev: v2.5.0
+    rev: v2.6.0
     hooks:
       - id: reorder-python-imports
         name: Reorder Python imports (src, tests)
@@ -18,7 +18,7 @@ repos:
         files: "^examples/"
         args: ["--application-directories", "examples"]
   - repo: https://github.com/psf/black
-    rev: 21.6b0
+    rev: 21.7b0
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8

From bcb39cb08361c356cf9822fba125e45b1bfb752f Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 2 Aug 2021 18:54:49 +0000
Subject: [PATCH 478/733] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 examples/wsecho.py             | 2 +-
 src/werkzeug/datastructures.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/wsecho.py b/examples/wsecho.py
index c6d8775e2..23223c979 100644
--- a/examples/wsecho.py
+++ b/examples/wsecho.py
@@ -34,7 +34,7 @@ def websocket(request):
     in_data = b"GET %s HTTP/1.1\r\n" % request.path.encode("utf8")
 
     for header, value in request.headers.items():
-        in_data += f"{header}: {value}\r\n".encode("utf8")
+        in_data += f"{header}: {value}\r\n".encode()
 
     in_data += b"\r\n"
     ws.receive_data(in_data)
diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index 5fb592818..d2fe2b8ec 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -2738,7 +2738,7 @@ def to_header(self):
         """
         if self.type == "basic":
             value = base64.b64encode(
-                f"{self.username}:{self.password}".encode("utf8")
+                f"{self.username}:{self.password}".encode()
             ).decode("utf8")
             return f"Basic {value}"
 

From bf958a50cbfc1fe80ab1e4cbc650755b8158419e Mon Sep 17 00:00:00 2001
From: cAtaman 
Date: Sat, 24 Jul 2021 20:26:39 +0100
Subject: [PATCH 479/733] prevent double encoding of merge_slash redirect url

---
 CHANGES.rst             |  6 ++++--
 src/werkzeug/routing.py |  6 +++++-
 tests/test_routing.py   | 20 ++++++++++++++++++++
 3 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index bd4e46946..bf157b560 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -8,8 +8,10 @@ Unreleased
 -   Handle multiple tokens in ``Connection`` header when routing
     WebSocket requests. :issue:`2131`
 -   Set the debugger pin cookie secure flag when on https. :pr:`2150`
--   Fix type annotation for ``MultiDict.update`` to accept iterable values
-    :pr:`2142`
+-   Fix type annotation for ``MultiDict.update`` to accept iterable
+    values :pr:`2142`
+-   Prevent double encoding of redirect URL when ``merge_slash=True``
+    for ``Rule.match``. :issue:`2157`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index 345871eef..5c456c346 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -134,6 +134,7 @@
 from .urls import url_encode
 from .urls import url_join
 from .urls import url_quote
+from .urls import url_unquote
 from .utils import cached_property
 from .utils import redirect
 from .wsgi import get_host
@@ -944,7 +945,10 @@ def match(
                     if path.endswith("/") and not new_path.endswith("/"):
                         new_path += "/"
                     if new_path.count("/") < path.count("/"):
-                        path = new_path
+                        # The URL will be encoded when MapAdapter.match
+                        # handles the RequestPath raised below. Decode
+                        # the URL here to avoid a double encoding.
+                        path = url_unquote(new_path)
                         require_redirect = True
 
                 if require_redirect:
diff --git a/tests/test_routing.py b/tests/test_routing.py
index 1d4cef901..fb343ee82 100644
--- a/tests/test_routing.py
+++ b/tests/test_routing.py
@@ -122,6 +122,26 @@ def test_merge_slashes_match():
     assert adapter.match("/no//merge")[0] == "no_merge"
 
 
+@pytest.mark.parametrize(
+    ("path", "expected"),
+    [("/merge/%//path", "/merge/%25/path"), ("/merge//st/path", "/merge/st/path")],
+)
+def test_merge_slash_encoding(path, expected):
+    """This test is to make sure URLs are not double-encoded
+    when a redirect is thrown with `merge_slash = True`"""
+    url_map = r.Map(
+        [
+            r.Rule("/merge//path"),
+        ]
+    )
+    adapter = url_map.bind("localhost", "/")
+
+    with pytest.raises(r.RequestRedirect) as excinfo:
+        adapter.match(path)
+
+    assert excinfo.value.new_url.endswith(expected)
+
+
 def test_merge_slashes_build():
     url_map = r.Map(
         [

From e8d8db5f4ed54707bd90d70b9e12a8cbb3ee6882 Mon Sep 17 00:00:00 2001
From: cAtaman 
Date: Sun, 25 Jul 2021 15:56:12 +0100
Subject: [PATCH 480/733] CombinedMultiDict.to_dict flat=False collects values
 from all dicts

---
 CHANGES.rst                    | 2 ++
 src/werkzeug/datastructures.py | 8 ++++----
 tests/test_datastructures.py   | 8 ++++++--
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index bf157b560..3ebba3fe4 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -12,6 +12,8 @@ Unreleased
     values :pr:`2142`
 -   Prevent double encoding of redirect URL when ``merge_slash=True``
     for ``Rule.match``. :issue:`2157`
+-   ``CombinedMultiDict.to_dict`` with ``flat=False`` considers all
+    component dicts when building value lists. :issue:`2189`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index 5fb592818..b4bee5f90 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -1526,10 +1526,10 @@ def to_dict(self, flat=True):
                      contain the first item for each key.
         :return: a :class:`dict`
         """
-        rv = {}
-        for d in reversed(self.dicts):
-            rv.update(d.to_dict(flat))
-        return rv
+        if flat:
+            return dict(self.items())
+
+        return dict(self.lists())
 
     def __len__(self):
         return len(self._keys_impl())
diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py
index 7bed93f41..a46599fd8 100644
--- a/tests/test_datastructures.py
+++ b/tests/test_datastructures.py
@@ -595,10 +595,14 @@ def test_basic_interface(self):
         d["foo"] = "blub"
 
         # make sure lists merges
-        md1 = ds.MultiDict((("foo", "bar"),))
+        md1 = ds.MultiDict((("foo", "bar"), ("foo", "baz")))
         md2 = ds.MultiDict((("foo", "blafasel"),))
         x = self.storage_class((md1, md2))
-        assert list(x.lists()) == [("foo", ["bar", "blafasel"])]
+        assert list(x.lists()) == [("foo", ["bar", "baz", "blafasel"])]
+
+        # make sure dicts are created properly
+        assert x.to_dict() == {"foo": "bar"}
+        assert x.to_dict(flat=False) == {"foo": ["bar", "baz", "blafasel"]}
 
     def test_length(self):
         d1 = ds.MultiDict([("foo", "1")])

From a2063c168044a75199b4d2405284ebd9108b7e29 Mon Sep 17 00:00:00 2001
From: cAtaman 
Date: Fri, 6 Aug 2021 05:54:11 +0100
Subject: [PATCH 481/733] use Headers.extend to add defaults as opposed to
 List.extend

this would allow all internal checks and conversions to be done on default values
---
 CHANGES.rst                    |  3 +++
 src/werkzeug/datastructures.py | 14 +++++++-------
 tests/test_datastructures.py   | 17 +++++++++++++++--
 3 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 8fa1e454c..0ddfd874f 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -5,6 +5,9 @@ Version 2.1.0
 
 Unreleased
 
+-   Default values passed to ``Headers`` are validated the same way
+    values added later are. :issue:`1608`
+
 
 Version 2.0.2
 -------------
diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index d2fe2b8ec..64695cb89 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -857,12 +857,15 @@ class Headers:
     `None` for ``headers['missing']``, whereas :class:`Headers` will raise
     a :class:`KeyError`.
 
-    To create a new :class:`Headers` object pass it a list or dict of headers
-    which are used as default values.  This does not reuse the list passed
-    to the constructor for internal usage.
+    To create a new ``Headers`` object, pass it a list, dict, or
+    other ``Headers`` object with default values. These values are
+    validated the same way values added later are.
 
     :param defaults: The list of default values for the :class:`Headers`.
 
+    .. versionchanged:: 2.1.0
+        Default values are validated the same as values added later.
+
     .. versionchanged:: 0.9
        This data structure now stores unicode values similar to how the
        multi dicts do it.  The main difference is that bytes can be set as
@@ -876,10 +879,7 @@ class Headers:
     def __init__(self, defaults=None):
         self._list = []
         if defaults is not None:
-            if isinstance(defaults, (list, Headers)):
-                self._list.extend(defaults)
-            else:
-                self.extend(defaults)
+            self.extend(defaults)
 
     def __getitem__(self, key, _get_mode=False):
         if not _get_mode:
diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py
index 7bed93f41..9de02378b 100644
--- a/tests/test_datastructures.py
+++ b/tests/test_datastructures.py
@@ -621,6 +621,9 @@ def test_basic_interface(self):
         assert "x-Foo" in headers
         assert "Content-type" in headers
 
+        with pytest.raises(ValueError):
+            headers.add("X-Example", "foo\r\n bar")
+
         headers["Content-Type"] = "foo/bar"
         assert headers["Content-Type"] == "foo/bar"
         assert len(headers.getlist("Content-Type")) == 1
@@ -637,6 +640,10 @@ def test_basic_interface(self):
         headers.add("x", "y", z='"')
         assert headers["x"] == r'y; z="\""'
 
+        # string conversion
+        headers.add("a", 1)
+        assert headers["a"] == "1"
+
     def test_defaults_and_conversion(self):
         # defaults
         headers = self.storage_class(
@@ -657,6 +664,10 @@ def test_defaults_and_conversion(self):
         assert headers.setdefault("X-Baz", "nope") == "quux"
         headers.pop("X-Baz")
 
+        # newlines are not allowed in values
+        with pytest.raises(ValueError):
+            self.storage_class([("X-Example", "foo\r\n bar")])
+
         # type conversion
         assert headers.get("x-bar", type=int) == 1
         assert headers.getlist("x-bar", type=int) == [1, 2]
@@ -677,8 +688,10 @@ def test_copying(self):
 
     def test_popping(self):
         headers = self.storage_class([("a", 1)])
-        assert headers.pop("a") == 1
-        assert headers.pop("b", 2) == 2
+        # headers object expect string values. If a non string value
+        # is passed, it tries converting it to a string
+        assert headers.pop("a") == "1"
+        assert headers.pop("b", "2") == "2"
 
         with pytest.raises(KeyError):
             headers.pop("c")

From 24665353db0b74ba35a7d8253a4f6f7897009d80 Mon Sep 17 00:00:00 2001
From: Shivam Verma 
Date: Fri, 11 Jun 2021 12:00:40 +0530
Subject: [PATCH 482/733] send_file only sets content-encoding if as_attachment
 is False

---
 CHANGES.rst             | 3 +++
 src/werkzeug/utils.py   | 8 +++++++-
 tests/test_send_file.py | 9 ++++++---
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 3ebba3fe4..9b0c46866 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -14,6 +14,9 @@ Unreleased
     for ``Rule.match``. :issue:`2157`
 -   ``CombinedMultiDict.to_dict`` with ``flat=False`` considers all
     component dicts when building value lists. :issue:`2189`
+-   ``send_file`` only sets a detected ``Content-Encoding`` if
+    ``as_attachment`` is disabled to avoid browsers saving
+    decompressed ``.tar.gz`` files. :issue:`2149`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index 7bb02bbc1..4143c3fc5 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -650,6 +650,10 @@ def send_file(
     :param _root_path: Do not use. For internal use only. Use
         :func:`send_from_directory` to safely send files under a path.
 
+    .. versionchanged:: 2.0.2
+        ``send_file`` only sets a detected ``Content-Encoding`` if
+        ``as_attachment`` is disabled.
+
     .. versionadded:: 2.0
         Adapted from Flask's implementation.
 
@@ -716,7 +720,9 @@ def send_file(
         if mimetype is None:
             mimetype = "application/octet-stream"
 
-        if encoding is not None:
+        # Don't send encoding for attachments, it causes browsers to
+        # save decompress tar.gz files.
+        if encoding is not None and not as_attachment:
             headers.set("Content-Encoding", encoding)
 
     if download_name is not None:
diff --git a/tests/test_send_file.py b/tests/test_send_file.py
index 159aeb5fb..fc4299a94 100644
--- a/tests/test_send_file.py
+++ b/tests/test_send_file.py
@@ -160,11 +160,14 @@ def test_etag():
     assert rv.headers["ETag"] == '"unique"'
 
 
-def test_content_encoding():
-    rv = send_file(txt_path, environ, download_name="logo.svgz")
+@pytest.mark.parametrize("as_attachment", (True, False))
+def test_content_encoding(as_attachment):
+    rv = send_file(
+        txt_path, environ, download_name="logo.svgz", as_attachment=as_attachment
+    )
     rv.close()
     assert rv.mimetype == "image/svg+xml"
-    assert rv.content_encoding == "gzip"
+    assert rv.content_encoding == ("gzip" if not as_attachment else None)
 
 
 @pytest.mark.parametrize(

From 899f868fa6f0accf80fa8f657a2191f7c8b580ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= 
Date: Sat, 19 Jun 2021 09:51:43 +0200
Subject: [PATCH 483/733] warning tests work without -Werror

---
 tests/test_wrappers.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py
index 3ac80003f..8d7a5ae87 100644
--- a/tests/test_wrappers.py
+++ b/tests/test_wrappers.py
@@ -1613,7 +1613,7 @@ def test_request_mixins_deprecated(cls):
     class CheckRequest(cls, wrappers.Request):
         pass
 
-    with pytest.warns(DeprecationWarning, match=cls.__name__):
+    with pytest.deprecated_call(match=cls.__name__):
         CheckRequest({"SERVER_NAME": "example.org", "SERVER_PORT": "80"})
 
 
@@ -1633,29 +1633,29 @@ def test_response_mixins_deprecated(cls):
     class CheckResponse(cls, wrappers.Response):
         pass
 
-    with pytest.raises(DeprecationWarning, match=cls.__name__):
+    with pytest.deprecated_call(match=cls.__name__):
         CheckResponse()
 
 
 def test_check_base_deprecated():
-    with pytest.raises(DeprecationWarning, match=r"issubclass\(cls, Request\)"):
+    with pytest.deprecated_call(match=r"issubclass\(cls, Request\)"):
         assert issubclass(wrappers.Request, wrappers.BaseRequest)
 
-    with pytest.raises(DeprecationWarning, match=r"isinstance\(obj, Request\)"):
+    with pytest.deprecated_call(match=r"isinstance\(obj, Request\)"):
         assert isinstance(
             wrappers.Request({"SERVER_NAME": "example.org", "SERVER_PORT": "80"}),
             wrappers.BaseRequest,
         )
 
-    with pytest.raises(DeprecationWarning, match=r"issubclass\(cls, Response\)"):
+    with pytest.deprecated_call(match=r"issubclass\(cls, Response\)"):
         assert issubclass(wrappers.Response, wrappers.BaseResponse)
 
-    with pytest.raises(DeprecationWarning, match=r"isinstance\(obj, Response\)"):
+    with pytest.deprecated_call(match=r"isinstance\(obj, Response\)"):
         assert isinstance(wrappers.Response(), wrappers.BaseResponse)
 
 
 def test_response_freeze_no_etag_deprecated():
-    with pytest.raises(DeprecationWarning, match="no_etag"):
+    with pytest.deprecated_call(match="no_etag"):
         Response("Hello, World!").freeze(no_etag=True)
 
 

From a65a2f46be5b47f668aaf0c7cf69a7a5205abb94 Mon Sep 17 00:00:00 2001
From: Jan Teske 
Date: Tue, 22 Jun 2021 09:30:24 +0200
Subject: [PATCH 484/733] Fix type hints for TypeConversionDict.get

If both the `default` and the `type` parameter are given and not `None`,
the return value should not be `Optional`.
---
 CHANGES.rst                     |  3 +++
 src/werkzeug/datastructures.pyi | 13 +++++++------
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 9b0c46866..31e9869ec 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -17,6 +17,9 @@ Unreleased
 -   ``send_file`` only sets a detected ``Content-Encoding`` if
     ``as_attachment`` is disabled to avoid browsers saving
     decompressed ``.tar.gz`` files. :issue:`2149`
+-   Fix type annotations for ``TypeConversionDict.get`` to not return an
+    ``Optional`` value if both ``default`` and ``type`` are not
+    ``None``. :issue:`2169`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/datastructures.pyi b/src/werkzeug/datastructures.pyi
index 34ddebf6a..710a89353 100644
--- a/src/werkzeug/datastructures.pyi
+++ b/src/werkzeug/datastructures.pyi
@@ -27,6 +27,7 @@ from typing_extensions import Literal
 K = TypeVar("K")
 V = TypeVar("V")
 T = TypeVar("T")
+D = TypeVar("D")
 
 def is_immutable(self: object) -> NoReturn: ...
 def iter_multi_items(
@@ -98,14 +99,14 @@ class UpdateDictMixin(Dict[K, V]):
     ) -> None: ...
 
 class TypeConversionDict(Dict[K, V]):
-    @overload  # type: ignore
-    def get(self, key: K) -> Optional[V]: ...
     @overload
-    def get(self, key: K, default: Union[V, T] = ...) -> Union[V, T]: ...
+    def get(self, key: K, default: None = ..., type: None = ...) -> Optional[V]: ...
     @overload
-    def get(
-        self, key: K, default: Optional[T] = None, type: Callable[[V], T] = ...
-    ) -> Optional[T]: ...
+    def get(self, key: K, default: D, type: None = ...) -> Union[D, V]: ...
+    @overload
+    def get(self, key: K, default: D, type: Callable[[V], T]) -> Union[D, T]: ...
+    @overload
+    def get(self, key: K, type: Callable[[V], T]) -> Optional[T]: ...
 
 class ImmutableTypeConversionDict(ImmutableDictMixin[K, V], TypeConversionDict[K, V]):
     def copy(self) -> TypeConversionDict[K, V]: ...

From 3b6449781dd613274ad415d2292c5aef493feeab Mon Sep 17 00:00:00 2001
From: jkhsjdhjs 
Date: Thu, 8 Jul 2021 18:43:29 +0200
Subject: [PATCH 485/733] fix type annotations of RuleFactory classes

---
 CHANGES.rst             |  3 +++
 src/werkzeug/routing.py | 10 ++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 31e9869ec..b488156fd 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -20,6 +20,9 @@ Unreleased
 -   Fix type annotations for ``TypeConversionDict.get`` to not return an
     ``Optional`` value if both ``default`` and ``type`` are not
     ``None``. :issue:`2169`
+-   Fix type annotation for routing rule factories to accept
+    ``Iterable[RuleFactory]`` instead of ``Iterable[Rule]`` for the
+    ``rules`` parameter. :issue:`2183`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index 5c456c346..0953a4860 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -403,7 +403,7 @@ class Subdomain(RuleFactory):
     for the current request.
     """
 
-    def __init__(self, subdomain: str, rules: t.Iterable["Rule"]) -> None:
+    def __init__(self, subdomain: str, rules: t.Iterable[RuleFactory]) -> None:
         self.subdomain = subdomain
         self.rules = rules
 
@@ -429,7 +429,7 @@ class Submount(RuleFactory):
     Now the rule ``'blog/show'`` matches ``/blog/entry/``.
     """
 
-    def __init__(self, path: str, rules: t.Iterable["Rule"]) -> None:
+    def __init__(self, path: str, rules: t.Iterable[RuleFactory]) -> None:
         self.path = path.rstrip("/")
         self.rules = rules
 
@@ -454,7 +454,7 @@ class EndpointPrefix(RuleFactory):
         ])
     """
 
-    def __init__(self, prefix: str, rules: t.Iterable["Rule"]) -> None:
+    def __init__(self, prefix: str, rules: t.Iterable[RuleFactory]) -> None:
         self.prefix = prefix
         self.rules = rules
 
@@ -499,7 +499,9 @@ class RuleTemplateFactory(RuleFactory):
     :internal:
     """
 
-    def __init__(self, rules: t.Iterable["Rule"], context: t.Dict[str, t.Any]) -> None:
+    def __init__(
+        self, rules: t.Iterable[RuleFactory], context: t.Dict[str, t.Any]
+    ) -> None:
         self.rules = rules
         self.context = context
 

From b156d60d70df31eb52bf49c67a9698dc840553a9 Mon Sep 17 00:00:00 2001
From: Filipe Morais 
Date: Wed, 28 Jul 2021 16:30:59 +0100
Subject: [PATCH 486/733] add missing type annotations for FileStorage special
 methods

---
 CHANGES.rst                     | 2 ++
 src/werkzeug/datastructures.pyi | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index b488156fd..ac3c856c3 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -23,6 +23,8 @@ Unreleased
 -   Fix type annotation for routing rule factories to accept
     ``Iterable[RuleFactory]`` instead of ``Iterable[Rule]`` for the
     ``rules`` parameter. :issue:`2183`
+-   Add missing type annotation for ``FileStorage.__getattr__``
+    :issue:`2155`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/datastructures.pyi b/src/werkzeug/datastructures.pyi
index 710a89353..90334d22c 100644
--- a/src/werkzeug/datastructures.pyi
+++ b/src/werkzeug/datastructures.pyi
@@ -904,4 +904,7 @@ class FileStorage:
         self, dst: Union[str, PathLike, BinaryIO], buffer_size: int = ...
     ) -> None: ...
     def close(self) -> None: ...
+    def __bool__(self) -> bool: ...
+    def __getattr__(self, name: str) -> Any: ...
     def __iter__(self) -> Iterator[bytes]: ...
+    def __repr__(self) -> str: ...

From f663609dd665e835982872d9088d0f3ab64ced75 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 6 Aug 2021 08:14:23 -0700
Subject: [PATCH 487/733] debugger cookie uses SameSite=Strict

---
 CHANGES.rst                    | 3 +++
 src/werkzeug/debug/__init__.py | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index ac3c856c3..b3d5639dd 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -25,6 +25,9 @@ Unreleased
     ``rules`` parameter. :issue:`2183`
 -   Add missing type annotation for ``FileStorage.__getattr__``
     :issue:`2155`
+-   The debugger pin cookie is set with ``SameSite`` set to ``Strict``
+    instead of ``None`` to be compatible with modern browser security.
+    :issue:`2156`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py
index 7069428d3..1d471c411 100644
--- a/src/werkzeug/debug/__init__.py
+++ b/src/werkzeug/debug/__init__.py
@@ -449,7 +449,7 @@ def pin_auth(self, request: Request) -> Response:
                 self.pin_cookie_name,
                 f"{int(time.time())}|{hash_pin(pin)}",
                 httponly=True,
-                samesite="None",
+                samesite="Strict",
                 secure=request.is_secure,
             )
         elif bad_cookie:

From 6df0f70ea331a042f9d9528de03a4508f7a83a74 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 6 Aug 2021 09:07:53 -0700
Subject: [PATCH 488/733] document server shutdown without deprecated dev
 function

---
 docs/serving.rst | 65 +++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 56 insertions(+), 9 deletions(-)

diff --git a/docs/serving.rst b/docs/serving.rst
index 1d3a5705d..666829fdf 100644
--- a/docs/serving.rst
+++ b/docs/serving.rst
@@ -107,21 +107,68 @@ development server on these host names as well.  You can use the
 :doc:`/routing` system to dispatch between different hosts or parse
 :attr:`request.host` yourself.
 
+
 Shutting Down The Server
 ------------------------
 
-.. versionadded:: 0.7
+In some cases it can be useful to shut down a server after handling a
+request. For example, a local command line tool that needs OAuth
+authentication could temporarily start a server to listen for a
+response, record the user's token, then stop the server.
+
+One method to do this could be to start a server in a
+:mod:`multiprocessing` process, then terminate the process after a value
+is passed back to the parent.
+
+.. code-block:: python
+
+    import multiprocessing
+    from werkzeug import Request, Response, run_simple
+
+    def get_token(q: multiprocessing.Queue) -> None:
+        @Request.application
+        def app(request: Request) -> Response:
+            q.put(request.args["token"])
+            return Response("", 204)
+
+        run_simple("localhost", 5000, app)
+
+    if __name__ == "__main__":
+        q = multiprocessing.Queue()
+        p = multiprocessing.Process(target=get_token, args=(q,))
+        p.start()
+        print("waiting")
+        token = q.get(block=True)
+        p.terminate()
+        print(token)
 
-Starting with Werkzeug 0.7 the development server provides a way to shut
-down the server after a request.  This currently only works with Python
-2.6 and later and will only work with the development server.  To initiate
-the shutdown you have to call a function named
-``'werkzeug.server.shutdown'`` in the WSGI environment::
+That example uses Werkzeug's development server, but any production
+server that can be started as a Python process could use the same
+technique and should be preferred for security. Another method could be
+to start a :mod:`subprocess` process and send the value back over
+``stdout``.
+
+.. deprecated:: 2.0
+
+    Shutting down the server with
+    ``environ["werkzeug.server.shutdown"]`` is deprecated and will be
+    removed in Werkzeug 2.1.
+
+The development server provides a way to shutdown the server from a
+request. This will only work with the development server. The
+development server injects a function into the WSGI environ with the
+``"werkzeug.server.shutdown"`` key.
+
+.. code-block:: python
 
     def shutdown_server(environ):
-        if not 'werkzeug.server.shutdown' in environ:
-            raise RuntimeError('Not running the development server')
-        environ['werkzeug.server.shutdown']()
+        shutdown = environ.get("werkzeug.server.shutdown")
+
+        if shutdown is None:
+            raise RuntimeError("Not running the development server.")
+
+        shutdown()
+
 
 Troubleshooting
 ---------------

From 770ac299b8cd94a0da23f82b23313ca9910994d6 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 6 Aug 2021 09:37:03 -0700
Subject: [PATCH 489/733] use IO[bytes] instead of BinaryIO for wider
 compatibility

---
 CHANGES.rst                            |  3 +++
 src/werkzeug/datastructures.pyi        | 10 ++++-----
 src/werkzeug/debug/tbtools.py          |  2 +-
 src/werkzeug/formparser.py             | 30 +++++++++++++-------------
 src/werkzeug/middleware/lint.py        |  4 ++--
 src/werkzeug/middleware/profiler.py    |  2 +-
 src/werkzeug/middleware/shared_data.py |  2 +-
 src/werkzeug/serving.py                |  2 +-
 src/werkzeug/test.py                   | 22 ++++++++++---------
 src/werkzeug/urls.py                   |  4 ++--
 src/werkzeug/utils.py                  |  4 ++--
 src/werkzeug/wrappers/request.py       |  8 +++----
 src/werkzeug/wsgi.py                   | 24 ++++++++++-----------
 13 files changed, 61 insertions(+), 56 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index b3d5639dd..994066082 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -28,6 +28,9 @@ Unreleased
 -   The debugger pin cookie is set with ``SameSite`` set to ``Strict``
     instead of ``None`` to be compatible with modern browser security.
     :issue:`2156`
+-   Type annotations use ``IO[bytes]`` and ``IO[str]`` instead of
+    ``BinaryIO`` and ``TextIO`` for wider type compatibility.
+    :issue:`2130`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/datastructures.pyi b/src/werkzeug/datastructures.pyi
index 90334d22c..dbdbd2c30 100644
--- a/src/werkzeug/datastructures.pyi
+++ b/src/werkzeug/datastructures.pyi
@@ -1,13 +1,13 @@
 from datetime import datetime
 from os import PathLike
 from typing import Any
-from typing import BinaryIO
 from typing import Callable
 from typing import Collection
 from typing import Dict
 from typing import FrozenSet
 from typing import Generic
 from typing import Hashable
+from typing import IO
 from typing import Iterable
 from typing import Iterator
 from typing import List
@@ -344,7 +344,7 @@ class FileMultiDict(MultiDict[str, "FileStorage"]):
     def add_file(
         self,
         name: str,
-        file: Union[FileStorage, str, BinaryIO],
+        file: Union[FileStorage, str, IO[bytes]],
         filename: Optional[str] = None,
         content_type: Optional[str] = None,
     ) -> None: ...
@@ -878,13 +878,13 @@ class WWWAuthenticate(UpdateDictMixin[str, str], Dict[str, str]):
 
 class FileStorage:
     name: Optional[str]
-    stream: BinaryIO
+    stream: IO[bytes]
     filename: Optional[str]
     headers: Headers
     _parsed_content_type: Tuple[str, Dict[str, str]]
     def __init__(
         self,
-        stream: Optional[BinaryIO] = None,
+        stream: Optional[IO[bytes]] = None,
         filename: Optional[str] = None,
         name: Optional[str] = None,
         content_type: Optional[str] = None,
@@ -901,7 +901,7 @@ class FileStorage:
     @property
     def mimetype_params(self) -> Dict[str, str]: ...
     def save(
-        self, dst: Union[str, PathLike, BinaryIO], buffer_size: int = ...
+        self, dst: Union[str, PathLike, IO[bytes]], buffer_size: int = ...
     ) -> None: ...
     def close(self) -> None: ...
     def __bool__(self) -> bool: ...
diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py
index 75b4cd2c5..a8e2c96e6 100644
--- a/src/werkzeug/debug/tbtools.py
+++ b/src/werkzeug/debug/tbtools.py
@@ -259,7 +259,7 @@ def exception(self) -> str:
         """String representation of the final exception."""
         return self.groups[-1].exception
 
-    def log(self, logfile: t.Optional[t.TextIO] = None) -> None:
+    def log(self, logfile: t.Optional[t.IO[str]] = None) -> None:
         """Log the ASCII traceback into a file object."""
         if logfile is None:
             logfile = sys.stderr
diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py
index 2dcb709fc..6cb758feb 100644
--- a/src/werkzeug/formparser.py
+++ b/src/werkzeug/formparser.py
@@ -35,7 +35,7 @@
     import typing as te
     from _typeshed.wsgi import WSGIEnvironment
 
-    t_parse_result = t.Tuple[t.BinaryIO, MultiDict, MultiDict]
+    t_parse_result = t.Tuple[t.IO[bytes], MultiDict, MultiDict]
 
     class TStreamFactory(te.Protocol):
         def __call__(
@@ -44,14 +44,14 @@ def __call__(
             content_type: t.Optional[str],
             filename: t.Optional[str],
             content_length: t.Optional[int] = None,
-        ) -> t.BinaryIO:
+        ) -> t.IO[bytes]:
             ...
 
 
 F = t.TypeVar("F", bound=t.Callable[..., t.Any])
 
 
-def _exhaust(stream: t.BinaryIO) -> None:
+def _exhaust(stream: t.IO[bytes]) -> None:
     bts = stream.read(64 * 1024)
     while bts:
         bts = stream.read(64 * 1024)
@@ -62,13 +62,13 @@ def default_stream_factory(
     content_type: t.Optional[str],
     filename: t.Optional[str],
     content_length: t.Optional[int] = None,
-) -> t.BinaryIO:
+) -> t.IO[bytes]:
     max_size = 1024 * 500
 
     if SpooledTemporaryFile is not None:
-        return t.cast(t.BinaryIO, SpooledTemporaryFile(max_size=max_size, mode="rb+"))
+        return t.cast(t.IO[bytes], SpooledTemporaryFile(max_size=max_size, mode="rb+"))
     elif total_content_length is None or total_content_length > max_size:
-        return t.cast(t.BinaryIO, TemporaryFile("rb+"))
+        return t.cast(t.IO[bytes], TemporaryFile("rb+"))
 
     return BytesIO()
 
@@ -212,7 +212,7 @@ def get_parse_func(
         self, mimetype: str, options: t.Dict[str, str]
     ) -> t.Optional[
         t.Callable[
-            ["FormDataParser", t.BinaryIO, str, t.Optional[int], t.Dict[str, str]],
+            ["FormDataParser", t.IO[bytes], str, t.Optional[int], t.Dict[str, str]],
             "t_parse_result",
         ]
     ]:
@@ -231,7 +231,7 @@ def parse_from_environ(self, environ: "WSGIEnvironment") -> "t_parse_result":
 
     def parse(
         self,
-        stream: t.BinaryIO,
+        stream: t.IO[bytes],
         mimetype: str,
         content_length: t.Optional[int],
         options: t.Optional[t.Dict[str, str]] = None,
@@ -272,7 +272,7 @@ def parse(
     @exhaust_stream
     def _parse_multipart(
         self,
-        stream: t.BinaryIO,
+        stream: t.IO[bytes],
         mimetype: str,
         content_length: t.Optional[int],
         options: t.Dict[str, str],
@@ -295,7 +295,7 @@ def _parse_multipart(
     @exhaust_stream
     def _parse_urlencoded(
         self,
-        stream: t.BinaryIO,
+        stream: t.IO[bytes],
         mimetype: str,
         content_length: t.Optional[int],
         options: t.Dict[str, str],
@@ -316,7 +316,7 @@ def _parse_urlencoded(
     parse_functions: t.Dict[
         str,
         t.Callable[
-            ["FormDataParser", t.BinaryIO, str, t.Optional[int], t.Dict[str, str]],
+            ["FormDataParser", t.IO[bytes], str, t.Optional[int], t.Dict[str, str]],
             "t_parse_result",
         ],
     ] = {
@@ -418,7 +418,7 @@ def get_part_charset(self, headers: Headers) -> str:
 
     def start_file_streaming(
         self, event: File, total_content_length: t.Optional[int]
-    ) -> t.BinaryIO:
+    ) -> t.IO[bytes]:
         content_type = event.headers.get("content-type")
 
         try:
@@ -435,9 +435,9 @@ def start_file_streaming(
         return container
 
     def parse(
-        self, stream: t.BinaryIO, boundary: bytes, content_length: t.Optional[int]
+        self, stream: t.IO[bytes], boundary: bytes, content_length: t.Optional[int]
     ) -> t.Tuple[MultiDict, MultiDict]:
-        container: t.Union[t.BinaryIO, t.List[bytes]]
+        container: t.Union[t.IO[bytes], t.List[bytes]]
         _write: t.Callable[[bytes], t.Any]
 
         iterator = chain(
@@ -476,7 +476,7 @@ def parse(
                             )
                             fields.append((current_part.name, value))
                         else:
-                            container = t.cast(t.BinaryIO, container)
+                            container = t.cast(t.IO[bytes], container)
                             container.seek(0)
                             files.append(
                                 (
diff --git a/src/werkzeug/middleware/lint.py b/src/werkzeug/middleware/lint.py
index 80c423dd3..c74703b27 100644
--- a/src/werkzeug/middleware/lint.py
+++ b/src/werkzeug/middleware/lint.py
@@ -45,7 +45,7 @@ def check_type(context: str, obj: object, need: t.Type = str) -> None:
 
 
 class InputStream:
-    def __init__(self, stream: t.BinaryIO) -> None:
+    def __init__(self, stream: t.IO[bytes]) -> None:
         self._stream = stream
 
     def read(self, *args: t.Any) -> bytes:
@@ -97,7 +97,7 @@ def close(self) -> None:
 
 
 class ErrorStream:
-    def __init__(self, stream: t.TextIO) -> None:
+    def __init__(self, stream: t.IO[str]) -> None:
         self._stream = stream
 
     def write(self, s: str) -> None:
diff --git a/src/werkzeug/middleware/profiler.py b/src/werkzeug/middleware/profiler.py
index 0992f8f16..200dae034 100644
--- a/src/werkzeug/middleware/profiler.py
+++ b/src/werkzeug/middleware/profiler.py
@@ -77,7 +77,7 @@ class ProfilerMiddleware:
     def __init__(
         self,
         app: "WSGIApplication",
-        stream: t.TextIO = sys.stdout,
+        stream: t.IO[str] = sys.stdout,
         sort_by: t.Iterable[str] = ("time", "calls"),
         restrictions: t.Iterable[t.Union[str, int, float]] = (),
         profile_dir: t.Optional[str] = None,
diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py
index f11b43a03..62da67277 100644
--- a/src/werkzeug/middleware/shared_data.py
+++ b/src/werkzeug/middleware/shared_data.py
@@ -27,7 +27,7 @@
 from ..wsgi import get_path_info
 from ..wsgi import wrap_file
 
-_TOpener = t.Callable[[], t.Tuple[t.BinaryIO, datetime, int]]
+_TOpener = t.Callable[[], t.Tuple[t.IO[bytes], datetime, int]]
 _TLoader = t.Callable[[t.Optional[str]], t.Tuple[t.Optional[str], t.Optional[_TOpener]]]
 
 if t.TYPE_CHECKING:
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 1be994929..2978be78d 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -86,7 +86,7 @@ class ForkingMixIn:  # type: ignore
 class DechunkedInput(io.RawIOBase):
     """An input stream that handles Transfer-Encoding 'chunked'"""
 
-    def __init__(self, rfile: t.BinaryIO) -> None:
+    def __init__(self, rfile: t.IO[bytes]) -> None:
         self._rfile = rfile
         self._done = False
         self._len = 0
diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py
index 9301c02fd..d0ce6f95b 100644
--- a/src/werkzeug/test.py
+++ b/src/werkzeug/test.py
@@ -56,7 +56,7 @@ def stream_encode_multipart(
     threshold: int = 1024 * 500,
     boundary: t.Optional[str] = None,
     charset: str = "utf-8",
-) -> t.Tuple[t.BinaryIO, int, str]:
+) -> t.Tuple[t.IO[bytes], int, str]:
     """Encode a dict of values (either strings or file descriptors or
     :class:`FileStorage` objects.) into a multipart encoded string stored
     in a file descriptor.
@@ -64,7 +64,7 @@ def stream_encode_multipart(
     if boundary is None:
         boundary = f"---------------WerkzeugFormPart_{time()}{random()}"
 
-    stream: t.BinaryIO = BytesIO()
+    stream: t.IO[bytes] = BytesIO()
     total_length = 0
     on_disk = False
 
@@ -81,7 +81,7 @@ def write_binary(s: bytes) -> int:
                 if length + total_length <= threshold:
                     stream.write(s)
                 else:
-                    new_stream = t.cast(t.BinaryIO, TemporaryFile("wb+"))
+                    new_stream = t.cast(t.IO[bytes], TemporaryFile("wb+"))
                     new_stream.write(stream.getvalue())  # type: ignore
                     new_stream.write(s)
                     stream = new_stream
@@ -347,7 +347,7 @@ class EnvironBuilder:
 
     _args: t.Optional[MultiDict]
     _query_string: t.Optional[str]
-    _input_stream: t.Optional[t.BinaryIO]
+    _input_stream: t.Optional[t.IO[bytes]]
     _form: t.Optional[MultiDict]
     _files: t.Optional[FileMultiDict]
 
@@ -357,15 +357,17 @@ def __init__(
         base_url: t.Optional[str] = None,
         query_string: t.Optional[t.Union[t.Mapping[str, str], str]] = None,
         method: str = "GET",
-        input_stream: t.Optional[t.BinaryIO] = None,
+        input_stream: t.Optional[t.IO[bytes]] = None,
         content_type: t.Optional[str] = None,
         content_length: t.Optional[int] = None,
-        errors_stream: t.Optional[t.TextIO] = None,
+        errors_stream: t.Optional[t.IO[str]] = None,
         multithread: bool = False,
         multiprocess: bool = False,
         run_once: bool = False,
         headers: t.Optional[t.Union[Headers, t.Iterable[t.Tuple[str, str]]]] = None,
-        data: t.Optional[t.Union[t.BinaryIO, str, bytes, t.Mapping[str, t.Any]]] = None,
+        data: t.Optional[
+            t.Union[t.IO[bytes], str, bytes, t.Mapping[str, t.Any]]
+        ] = None,
         environ_base: t.Optional[t.Mapping[str, t.Any]] = None,
         environ_overrides: t.Optional[t.Mapping[str, t.Any]] = None,
         charset: str = "utf-8",
@@ -490,7 +492,7 @@ def _add_file_from_data(
         self,
         key: str,
         value: t.Union[
-            t.BinaryIO, t.Tuple[t.BinaryIO, str], t.Tuple[t.BinaryIO, str, str]
+            t.IO[bytes], t.Tuple[t.IO[bytes], str], t.Tuple[t.IO[bytes], str, str]
         ],
     ) -> None:
         """Called in the EnvironBuilder to add files from the data dict."""
@@ -638,7 +640,7 @@ def files(self, value: FileMultiDict) -> None:
         self._set_form("_files", value)
 
     @property
-    def input_stream(self) -> t.Optional[t.BinaryIO]:
+    def input_stream(self) -> t.Optional[t.IO[bytes]]:
         """An optional input stream. This is mutually exclusive with
         setting :attr:`form` and :attr:`files`, setting it will clear
         those. Do not provide this if the method is not ``POST`` or
@@ -647,7 +649,7 @@ def input_stream(self) -> t.Optional[t.BinaryIO]:
         return self._input_stream
 
     @input_stream.setter
-    def input_stream(self, value: t.Optional[t.BinaryIO]) -> None:
+    def input_stream(self, value: t.Optional[t.IO[bytes]]) -> None:
         self._input_stream = value
         self._form = None
         self._files = None
diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py
index 7566ac273..9529da0c7 100644
--- a/src/werkzeug/urls.py
+++ b/src/werkzeug/urls.py
@@ -869,7 +869,7 @@ def url_decode(
 
 
 def url_decode_stream(
-    stream: t.BinaryIO,
+    stream: t.IO[bytes],
     charset: str = "utf-8",
     decode_keys: None = None,
     include_empty: bool = True,
@@ -990,7 +990,7 @@ def url_encode(
 
 def url_encode_stream(
     obj: t.Union[t.Mapping[str, str], t.Iterable[t.Tuple[str, str]]],
-    stream: t.Optional[t.TextIO] = None,
+    stream: t.Optional[t.IO[str]] = None,
     charset: str = "utf-8",
     encode_keys: None = None,
     sort: bool = False,
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index 4143c3fc5..d5e4a8e1b 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -588,7 +588,7 @@ def append_slash_redirect(environ: "WSGIEnvironment", code: int = 301) -> "Respo
 
 
 def send_file(
-    path_or_file: t.Union[os.PathLike, str, t.BinaryIO],
+    path_or_file: t.Union[os.PathLike, str, t.IO[bytes]],
     environ: "WSGIEnvironment",
     mimetype: t.Optional[str] = None,
     as_attachment: bool = False,
@@ -681,7 +681,7 @@ def send_file(
         response_class = Response
 
     path: t.Optional[str] = None
-    file: t.Optional[t.BinaryIO] = None
+    file: t.Optional[t.IO[bytes]] = None
     size: t.Optional[int] = None
     mtime: t.Optional[float] = None
     headers = Headers()
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index 6deb50407..700cda04c 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -216,7 +216,7 @@ def _get_file_stream(
         content_type: t.Optional[str],
         filename: t.Optional[str] = None,
         content_length: t.Optional[int] = None,
-    ) -> t.BinaryIO:
+    ) -> t.IO[bytes]:
         """Called to get a stream for the file upload.
 
         This must provide a file-like class with `read()`, `readline()`
@@ -300,7 +300,7 @@ def _load_form_data(self) -> None:
         d = self.__dict__
         d["stream"], d["form"], d["files"] = data
 
-    def _get_stream_for_parsing(self) -> t.BinaryIO:
+    def _get_stream_for_parsing(self) -> t.IO[bytes]:
         """This is the same as accessing :attr:`stream` with the difference
         that if it finds cached data from calling :meth:`get_data` first it
         will create a new stream out of the cached data.
@@ -330,7 +330,7 @@ def __exit__(self, exc_type, exc_value, tb) -> None:  # type: ignore
         self.close()
 
     @cached_property
-    def stream(self) -> t.BinaryIO:
+    def stream(self) -> t.IO[bytes]:
         """
         If the incoming form data was not encoded with a known mimetype
         the data is stored unmodified in this stream for consumption.  Most
@@ -355,7 +355,7 @@ def stream(self) -> t.BinaryIO:
 
         return get_input_stream(self.environ)
 
-    input_stream = environ_property[t.BinaryIO](
+    input_stream = environ_property[t.IO[bytes]](
         "wsgi.input",
         doc="""The WSGI input stream.
 
diff --git a/src/werkzeug/wsgi.py b/src/werkzeug/wsgi.py
index 9439a1e5c..9cfa74de8 100644
--- a/src/werkzeug/wsgi.py
+++ b/src/werkzeug/wsgi.py
@@ -140,7 +140,7 @@ def get_content_length(environ: "WSGIEnvironment") -> t.Optional[int]:
 
 def get_input_stream(
     environ: "WSGIEnvironment", safe_fallback: bool = True
-) -> t.BinaryIO:
+) -> t.IO[bytes]:
     """Returns the input stream from the WSGI environment and wraps it
     in the most sensible way possible. The stream returned is not the
     raw WSGI stream in most cases but one that is safe to read from
@@ -157,7 +157,7 @@ def get_input_stream(
         content length is not set. Disabling this allows infinite streams,
         which can be a denial-of-service risk.
     """
-    stream = t.cast(t.BinaryIO, environ["wsgi.input"])
+    stream = t.cast(t.IO[bytes], environ["wsgi.input"])
     content_length = get_content_length(environ)
 
     # A wsgi extension that tells us if the input is terminated.  In
@@ -173,7 +173,7 @@ def get_input_stream(
         return io.BytesIO() if safe_fallback else stream
 
     # Otherwise limit the stream to the content length
-    return t.cast(t.BinaryIO, LimitedStream(stream, content_length))
+    return t.cast(t.IO[bytes], LimitedStream(stream, content_length))
 
 
 def get_query_string(environ: "WSGIEnvironment") -> str:
@@ -467,7 +467,7 @@ def close(self) -> None:
 
 
 def wrap_file(
-    environ: "WSGIEnvironment", file: t.BinaryIO, buffer_size: int = 8192
+    environ: "WSGIEnvironment", file: t.IO[bytes], buffer_size: int = 8192
 ) -> t.Iterable[bytes]:
     """Wraps a file.  This uses the WSGI server's file wrapper if available
     or otherwise the generic :class:`FileWrapper`.
@@ -507,7 +507,7 @@ class FileWrapper:
     :param buffer_size: number of bytes for one iteration.
     """
 
-    def __init__(self, file: t.BinaryIO, buffer_size: int = 8192) -> None:
+    def __init__(self, file: t.IO[bytes], buffer_size: int = 8192) -> None:
         self.file = file
         self.buffer_size = buffer_size
 
@@ -560,7 +560,7 @@ class _RangeWrapper:
 
     def __init__(
         self,
-        iterable: t.Union[t.Iterable[bytes], t.BinaryIO],
+        iterable: t.Union[t.Iterable[bytes], t.IO[bytes]],
         start_byte: int = 0,
         byte_range: t.Optional[int] = None,
     ):
@@ -631,7 +631,7 @@ def close(self) -> None:
 
 
 def _make_chunk_iter(
-    stream: t.Union[t.Iterable[bytes], t.BinaryIO],
+    stream: t.Union[t.Iterable[bytes], t.IO[bytes]],
     limit: t.Optional[int],
     buffer_size: int,
 ) -> t.Iterator[bytes]:
@@ -645,9 +645,9 @@ def _make_chunk_iter(
             if item:
                 yield item
         return
-    stream = t.cast(t.BinaryIO, stream)
+    stream = t.cast(t.IO[bytes], stream)
     if not isinstance(stream, LimitedStream) and limit is not None:
-        stream = t.cast(t.BinaryIO, LimitedStream(stream, limit))
+        stream = t.cast(t.IO[bytes], LimitedStream(stream, limit))
     _read = stream.read
     while True:
         item = _read(buffer_size)
@@ -657,7 +657,7 @@ def _make_chunk_iter(
 
 
 def make_line_iter(
-    stream: t.Union[t.Iterable[bytes], t.BinaryIO],
+    stream: t.Union[t.Iterable[bytes], t.IO[bytes]],
     limit: t.Optional[int] = None,
     buffer_size: int = 10 * 1024,
     cap_at_buffer: bool = False,
@@ -749,7 +749,7 @@ def _iter_basic_lines() -> t.Iterator[bytes]:
 
 
 def make_chunk_iter(
-    stream: t.Union[t.Iterable[bytes], t.BinaryIO],
+    stream: t.Union[t.Iterable[bytes], t.IO[bytes]],
     separator: bytes,
     limit: t.Optional[int] = None,
     buffer_size: int = 10 * 1024,
@@ -859,7 +859,7 @@ class LimitedStream(io.IOBase):
                   end with `EOF` (like `wsgi.input`)
     """
 
-    def __init__(self, stream: t.BinaryIO, limit: int) -> None:
+    def __init__(self, stream: t.IO[bytes], limit: int) -> None:
         self._read = stream.read
         self._readline = stream.readline
         self._pos = 0

From d226187866e1065aa1b9c30667f9e4bf52fb54fa Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 6 Aug 2021 15:02:38 -0700
Subject: [PATCH 490/733] update mypy

---
 requirements/dev.txt    | 21 ++++++++++-----------
 requirements/docs.txt   |  6 +++---
 requirements/tests.txt  | 10 +++++-----
 requirements/typing.txt |  8 ++++----
 4 files changed, 22 insertions(+), 23 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index c45592b49..f1b97a0e1 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -1,5 +1,5 @@
 #
-# This file is autogenerated by pip-compile
+# This file is autogenerated by pip-compile with python 3.9
 # To update, run:
 #
 #    pip-compile requirements/dev.in
@@ -46,10 +46,10 @@ jinja2==3.0.1
     # via sphinx
 markupsafe==2.0.1
     # via jinja2
+mypy==0.910
+    # via -r requirements/typing.in
 mypy-extensions==0.4.3
     # via mypy
-mypy==0.812
-    # via -r requirements/typing.in
 nodeenv==1.6.0
     # via pre-commit
 packaging==20.9
@@ -82,15 +82,15 @@ pygments==2.9.0
     # via sphinx
 pyparsing==2.4.7
     # via packaging
-pytest-timeout==1.4.2
-    # via -r requirements/tests.in
-pytest-xprocess==0.17.1
-    # via -r requirements/tests.in
 pytest==6.2.4
     # via
     #   -r requirements/tests.in
     #   pytest-timeout
     #   pytest-xprocess
+pytest-timeout==1.4.2
+    # via -r requirements/tests.in
+pytest-xprocess==0.17.1
+    # via -r requirements/tests.in
 pytz==2021.1
     # via babel
 pyyaml==5.4.1
@@ -103,14 +103,14 @@ six==1.16.0
     #   virtualenv
 snowballstemmer==2.1.0
     # via sphinx
-sphinx-issues==1.2.0
-    # via -r requirements/docs.in
 sphinx==4.0.2
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
     #   sphinx-issues
     #   sphinxcontrib-log-cabinet
+sphinx-issues==1.2.0
+    # via -r requirements/docs.in
 sphinxcontrib-applehelp==1.0.2
     # via sphinx
 sphinxcontrib-devhelp==1.0.2
@@ -127,14 +127,13 @@ sphinxcontrib-serializinghtml==1.1.4
     # via sphinx
 toml==0.10.2
     # via
+    #   mypy
     #   pep517
     #   pre-commit
     #   pytest
     #   tox
 tox==3.23.1
     # via -r requirements/dev.in
-typed-ast==1.4.3
-    # via mypy
 typing-extensions==3.10.0.0
     # via mypy
 urllib3==1.26.4
diff --git a/requirements/docs.txt b/requirements/docs.txt
index 93878a7e1..9585b7b99 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -1,5 +1,5 @@
 #
-# This file is autogenerated by pip-compile
+# This file is autogenerated by pip-compile with python 3.9
 # To update, run:
 #
 #    pip-compile requirements/docs.in
@@ -38,14 +38,14 @@ requests==2.25.1
     # via sphinx
 snowballstemmer==2.1.0
     # via sphinx
-sphinx-issues==1.2.0
-    # via -r requirements/docs.in
 sphinx==4.0.2
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
     #   sphinx-issues
     #   sphinxcontrib-log-cabinet
+sphinx-issues==1.2.0
+    # via -r requirements/docs.in
 sphinxcontrib-applehelp==1.0.2
     # via sphinx
 sphinxcontrib-devhelp==1.0.2
diff --git a/requirements/tests.txt b/requirements/tests.txt
index e1a6e36e7..783bf79bf 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -1,5 +1,5 @@
 #
-# This file is autogenerated by pip-compile
+# This file is autogenerated by pip-compile with python 3.9
 # To update, run:
 #
 #    pip-compile requirements/tests.in
@@ -26,15 +26,15 @@ pycparser==2.20
     # via cffi
 pyparsing==2.4.7
     # via packaging
-pytest-timeout==1.4.2
-    # via -r requirements/tests.in
-pytest-xprocess==0.17.1
-    # via -r requirements/tests.in
 pytest==6.2.4
     # via
     #   -r requirements/tests.in
     #   pytest-timeout
     #   pytest-xprocess
+pytest-timeout==1.4.2
+    # via -r requirements/tests.in
+pytest-xprocess==0.17.1
+    # via -r requirements/tests.in
 toml==0.10.2
     # via pytest
 watchdog==2.1.2
diff --git a/requirements/typing.txt b/requirements/typing.txt
index 0e342aaad..e1fc1f43b 100644
--- a/requirements/typing.txt
+++ b/requirements/typing.txt
@@ -1,14 +1,14 @@
 #
-# This file is autogenerated by pip-compile
+# This file is autogenerated by pip-compile with python 3.9
 # To update, run:
 #
 #    pip-compile requirements/typing.in
 #
+mypy==0.910
+    # via -r requirements/typing.in
 mypy-extensions==0.4.3
     # via mypy
-mypy==0.812
-    # via -r requirements/typing.in
-typed-ast==1.4.3
+toml==0.10.2
     # via mypy
 typing-extensions==3.10.0.0
     # via mypy

From 61450f279c97e5586fd8097be1ae36d0d9d145d3 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 6 Aug 2021 15:03:13 -0700
Subject: [PATCH 491/733] add type stub packages

---
 requirements/dev.txt    | 6 ++++++
 requirements/typing.in  | 3 +++
 requirements/typing.txt | 6 ++++++
 3 files changed, 15 insertions(+)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index f1b97a0e1..506c95b87 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -134,6 +134,12 @@ toml==0.10.2
     #   tox
 tox==3.23.1
     # via -r requirements/dev.in
+types-contextvars==0.1.4
+    # via -r requirements/typing.in
+types-dataclasses==0.1.5
+    # via -r requirements/typing.in
+types-setuptools==57.0.0
+    # via -r requirements/typing.in
 typing-extensions==3.10.0.0
     # via mypy
 urllib3==1.26.4
diff --git a/requirements/typing.in b/requirements/typing.in
index f0aa93ac8..e17c43d49 100644
--- a/requirements/typing.in
+++ b/requirements/typing.in
@@ -1 +1,4 @@
 mypy
+types-contextvars
+types-dataclasses
+types-setuptools
diff --git a/requirements/typing.txt b/requirements/typing.txt
index e1fc1f43b..341638c2c 100644
--- a/requirements/typing.txt
+++ b/requirements/typing.txt
@@ -10,5 +10,11 @@ mypy-extensions==0.4.3
     # via mypy
 toml==0.10.2
     # via mypy
+types-contextvars==0.1.4
+    # via -r requirements/typing.in
+types-dataclasses==0.1.5
+    # via -r requirements/typing.in
+types-setuptools==57.0.0
+    # via -r requirements/typing.in
 typing-extensions==3.10.0.0
     # via mypy

From b0804817972d6efb259e759f9eaad77ca2dbd34d Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 6 Aug 2021 15:03:42 -0700
Subject: [PATCH 492/733] fix new mypy errors

---
 src/werkzeug/datastructures.pyi | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/werkzeug/datastructures.pyi b/src/werkzeug/datastructures.pyi
index dbdbd2c30..f1e650da0 100644
--- a/src/werkzeug/datastructures.pyi
+++ b/src/werkzeug/datastructures.pyi
@@ -23,6 +23,7 @@ from typing import Union
 from _typeshed.wsgi import WSGIEnvironment
 
 from typing_extensions import Literal
+from typing_extensions import SupportsIndex
 
 K = TypeVar("K")
 V = TypeVar("V")
@@ -37,7 +38,7 @@ def iter_multi_items(
 class ImmutableListMixin(List[V]):
     _hash_cache: Optional[int]
     def __hash__(self) -> int: ...  # type: ignore
-    def __delitem__(self, key: Union[int, slice]) -> NoReturn: ...
+    def __delitem__(self, key: Union[SupportsIndex, slice]) -> NoReturn: ...
     def __iadd__(self, other: t.Any) -> NoReturn: ...  # type: ignore
     def __imul__(self, other: int) -> NoReturn: ...
     def __setitem__(  # type: ignore

From 9f2101f7b358907b521c05245dcbdde6b9742400 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 6 Aug 2021 15:09:30 -0700
Subject: [PATCH 493/733] update requirements

---
 requirements/dev.txt   | 51 +++++++++++++++++++++++-------------------
 requirements/docs.txt  | 18 +++++++--------
 requirements/tests.txt | 10 ++++-----
 3 files changed, 42 insertions(+), 37 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 506c95b87..ec77ac52b 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -6,25 +6,25 @@
 #
 alabaster==0.7.12
     # via sphinx
-appdirs==1.4.4
-    # via virtualenv
 attrs==21.2.0
     # via pytest
 babel==2.9.1
     # via sphinx
-certifi==2020.12.5
+backports.entry-points-selectable==1.1.0
+    # via virtualenv
+certifi==2021.5.30
     # via requests
-cffi==1.14.5
+cffi==1.14.6
     # via cryptography
 cfgv==3.3.0
     # via pre-commit
-chardet==4.0.0
+charset-normalizer==2.0.4
     # via requests
 click==8.0.1
     # via pip-tools
 cryptography==3.4.7
     # via -r requirements/tests.in
-distlib==0.3.1
+distlib==0.3.2
     # via virtualenv
 docutils==0.17.1
     # via sphinx
@@ -32,11 +32,11 @@ filelock==3.0.12
     # via
     #   tox
     #   virtualenv
-greenlet==1.1.0
+greenlet==1.1.1
     # via -r requirements/tests.in
-identify==2.2.4
+identify==2.2.13
     # via pre-commit
-idna==2.10
+idna==3.2
     # via requests
 imagesize==1.2.0
     # via sphinx
@@ -52,7 +52,7 @@ mypy-extensions==0.4.3
     # via mypy
 nodeenv==1.6.0
     # via pre-commit
-packaging==20.9
+packaging==21.0
     # via
     #   pallets-sphinx-themes
     #   pytest
@@ -60,15 +60,17 @@ packaging==20.9
     #   tox
 pallets-sphinx-themes==2.0.1
     # via -r requirements/docs.in
-pep517==0.10.0
+pep517==0.11.0
     # via pip-tools
-pip-tools==6.1.0
+pip-tools==6.2.0
     # via -r requirements/dev.in
+platformdirs==2.2.0
+    # via virtualenv
 pluggy==0.13.1
     # via
     #   pytest
     #   tox
-pre-commit==2.12.1
+pre-commit==2.14.0
     # via -r requirements/dev.in
 psutil==5.8.0
     # via pytest-xprocess
@@ -89,13 +91,13 @@ pytest==6.2.4
     #   pytest-xprocess
 pytest-timeout==1.4.2
     # via -r requirements/tests.in
-pytest-xprocess==0.17.1
+pytest-xprocess==0.18.1
     # via -r requirements/tests.in
 pytz==2021.1
     # via babel
 pyyaml==5.4.1
     # via pre-commit
-requests==2.25.1
+requests==2.26.0
     # via sphinx
 six==1.16.0
     # via
@@ -103,7 +105,7 @@ six==1.16.0
     #   virtualenv
 snowballstemmer==2.1.0
     # via sphinx
-sphinx==4.0.2
+sphinx==4.1.2
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
@@ -115,7 +117,7 @@ sphinxcontrib-applehelp==1.0.2
     # via sphinx
 sphinxcontrib-devhelp==1.0.2
     # via sphinx
-sphinxcontrib-htmlhelp==1.0.3
+sphinxcontrib-htmlhelp==2.0.0
     # via sphinx
 sphinxcontrib-jsmath==1.0.1
     # via sphinx
@@ -123,16 +125,17 @@ sphinxcontrib-log-cabinet==1.0.1
     # via -r requirements/docs.in
 sphinxcontrib-qthelp==1.0.3
     # via sphinx
-sphinxcontrib-serializinghtml==1.1.4
+sphinxcontrib-serializinghtml==1.1.5
     # via sphinx
 toml==0.10.2
     # via
     #   mypy
-    #   pep517
     #   pre-commit
     #   pytest
     #   tox
-tox==3.23.1
+tomli==1.2.1
+    # via pep517
+tox==3.24.1
     # via -r requirements/dev.in
 types-contextvars==0.1.4
     # via -r requirements/typing.in
@@ -142,14 +145,16 @@ types-setuptools==57.0.0
     # via -r requirements/typing.in
 typing-extensions==3.10.0.0
     # via mypy
-urllib3==1.26.4
+urllib3==1.26.6
     # via requests
-virtualenv==20.4.6
+virtualenv==20.7.0
     # via
     #   pre-commit
     #   tox
-watchdog==2.1.2
+watchdog==2.1.3
     # via -r requirements/tests.in
+wheel==0.36.2
+    # via pip-tools
 
 # The following packages are considered to be unsafe in a requirements file:
 # pip
diff --git a/requirements/docs.txt b/requirements/docs.txt
index 9585b7b99..540ed1fe9 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -8,13 +8,13 @@ alabaster==0.7.12
     # via sphinx
 babel==2.9.1
     # via sphinx
-certifi==2020.12.5
+certifi==2021.5.30
     # via requests
-chardet==4.0.0
+charset-normalizer==2.0.4
     # via requests
 docutils==0.17.1
     # via sphinx
-idna==2.10
+idna==3.2
     # via requests
 imagesize==1.2.0
     # via sphinx
@@ -22,7 +22,7 @@ jinja2==3.0.1
     # via sphinx
 markupsafe==2.0.1
     # via jinja2
-packaging==20.9
+packaging==21.0
     # via
     #   pallets-sphinx-themes
     #   sphinx
@@ -34,11 +34,11 @@ pyparsing==2.4.7
     # via packaging
 pytz==2021.1
     # via babel
-requests==2.25.1
+requests==2.26.0
     # via sphinx
 snowballstemmer==2.1.0
     # via sphinx
-sphinx==4.0.2
+sphinx==4.1.2
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
@@ -50,7 +50,7 @@ sphinxcontrib-applehelp==1.0.2
     # via sphinx
 sphinxcontrib-devhelp==1.0.2
     # via sphinx
-sphinxcontrib-htmlhelp==1.0.3
+sphinxcontrib-htmlhelp==2.0.0
     # via sphinx
 sphinxcontrib-jsmath==1.0.1
     # via sphinx
@@ -58,9 +58,9 @@ sphinxcontrib-log-cabinet==1.0.1
     # via -r requirements/docs.in
 sphinxcontrib-qthelp==1.0.3
     # via sphinx
-sphinxcontrib-serializinghtml==1.1.4
+sphinxcontrib-serializinghtml==1.1.5
     # via sphinx
-urllib3==1.26.4
+urllib3==1.26.6
     # via requests
 
 # The following packages are considered to be unsafe in a requirements file:
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 783bf79bf..34d8c0b30 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -6,15 +6,15 @@
 #
 attrs==21.2.0
     # via pytest
-cffi==1.14.5
+cffi==1.14.6
     # via cryptography
 cryptography==3.4.7
     # via -r requirements/tests.in
-greenlet==1.1.0
+greenlet==1.1.1
     # via -r requirements/tests.in
 iniconfig==1.1.1
     # via pytest
-packaging==20.9
+packaging==21.0
     # via pytest
 pluggy==0.13.1
     # via pytest
@@ -33,9 +33,9 @@ pytest==6.2.4
     #   pytest-xprocess
 pytest-timeout==1.4.2
     # via -r requirements/tests.in
-pytest-xprocess==0.17.1
+pytest-xprocess==0.18.1
     # via -r requirements/tests.in
 toml==0.10.2
     # via pytest
-watchdog==2.1.2
+watchdog==2.1.3
     # via -r requirements/tests.in

From 47eeb1ec638380f1969a99782f45908f91c22f01 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 6 Aug 2021 15:09:49 -0700
Subject: [PATCH 494/733] update pre-commit hooks

---
 .pre-commit-config.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 3f106cfcf..ab7fe976c 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,12 +2,12 @@ ci:
   autoupdate_schedule: monthly
 repos:
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.15.0
+    rev: v2.23.3
     hooks:
       - id: pyupgrade
         args: ["--py36-plus"]
   - repo: https://github.com/asottile/reorder_python_imports
-    rev: v2.5.0
+    rev: v2.6.0
     hooks:
       - id: reorder-python-imports
         name: Reorder Python imports (src, tests)
@@ -18,7 +18,7 @@ repos:
         files: "^examples/"
         args: ["--application-directories", "examples"]
   - repo: https://github.com/psf/black
-    rev: 21.5b1
+    rev: 21.7b0
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8
@@ -29,7 +29,7 @@ repos:
           - flake8-bugbear
           - flake8-implicit-str-concat
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.4.0
+    rev: v4.0.1
     hooks:
       - id: fix-byte-order-marker
       - id: trailing-whitespace

From 517aa6909de49b38d6cf732ccf6f7e6ff993707b Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 6 Aug 2021 15:10:08 -0700
Subject: [PATCH 495/733] run pyupgrade

---
 examples/wsecho.py             | 2 +-
 src/werkzeug/datastructures.py | 2 +-
 tests/test_routing.py          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/examples/wsecho.py b/examples/wsecho.py
index c6d8775e2..23223c979 100644
--- a/examples/wsecho.py
+++ b/examples/wsecho.py
@@ -34,7 +34,7 @@ def websocket(request):
     in_data = b"GET %s HTTP/1.1\r\n" % request.path.encode("utf8")
 
     for header, value in request.headers.items():
-        in_data += f"{header}: {value}\r\n".encode("utf8")
+        in_data += f"{header}: {value}\r\n".encode()
 
     in_data += b"\r\n"
     ws.receive_data(in_data)
diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index b4bee5f90..b10912b90 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -2738,7 +2738,7 @@ def to_header(self):
         """
         if self.type == "basic":
             value = base64.b64encode(
-                f"{self.username}:{self.password}".encode("utf8")
+                f"{self.username}:{self.password}".encode()
             ).decode("utf8")
             return f"Basic {value}"
 
diff --git a/tests/test_routing.py b/tests/test_routing.py
index fb343ee82..be3767d29 100644
--- a/tests/test_routing.py
+++ b/tests/test_routing.py
@@ -602,7 +602,7 @@ def test_rule_templates():
         ]
     )
 
-    out = sorted([(x.rule, x.subdomain, x.endpoint) for x in url_map.iter_rules()])
+    out = sorted((x.rule, x.subdomain, x.endpoint) for x in url_map.iter_rules())
 
     assert out == [
         ("/blah", "test1", "x_bar"),

From e65eed8c1009c39083ffe717599e4897bf1e286d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henryk=20Pl=C3=B6tz?= 
Date: Thu, 10 Jun 2021 10:13:22 +0200
Subject: [PATCH 496/733] Use provided `cn` for subjAltName

As the comment in line 477 suggests, `*` is not accepted by a lot of implementations.

However, even providing a `cn` parameter to `generate_adhoc_ssl_pair()` doesn't solve the problem, since a subjAltName of `*` was hardcoded in line 498.
For example python stdlib `ssl` module function `match_hostname()` will check subjAltName using `_dnsname_match()` *before* checking the common name, and then raise `CertificateError("sole wildcard without additional labels are not support")` when encountering a subjAltName of `*`.

This change should be safe, since the local value of `cn` still defaults to `*` (e.g. the previous behaviour), if parameter `cn` is not provided.
---
 CHANGES.rst             | 1 +
 src/werkzeug/serving.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 994066082..fc7328f4e 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -31,6 +31,7 @@ Unreleased
 -   Type annotations use ``IO[bytes]`` and ``IO[str]`` instead of
     ``BinaryIO`` and ``TextIO`` for wider type compatibility.
     :issue:`2130`
+-   Ad-hoc TLS certs are generated with SAN matching CN. :issue:`2158`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 2978be78d..86c15f906 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -495,7 +495,7 @@ def generate_adhoc_ssl_pair(
         .not_valid_before(dt.now(timezone.utc))
         .not_valid_after(dt.now(timezone.utc) + timedelta(days=365))
         .add_extension(x509.ExtendedKeyUsage([x509.OID_SERVER_AUTH]), critical=False)
-        .add_extension(x509.SubjectAlternativeName([x509.DNSName("*")]), critical=False)
+        .add_extension(x509.SubjectAlternativeName([x509.DNSName(cn)]), critical=False)
         .sign(pkey, hashes.SHA256(), backend)
     )
     return cert, pkey

From 51e41c2c415f89be9bcd65fc4b59e6b4fdb59a5c Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Sun, 8 Aug 2021 10:25:41 +0100
Subject: [PATCH 497/733] Fix memory usage with the non-stdlib ContextVar

The release functionality used before this commit would replace the
value in the storage for a given greenlet ident with an empty
dictionary, which was problematic as it means the storage would grow
with each greenlet used until eventually consisting of many empty
dictionaries. The fix is to restore the Werkzeug 1.0 behaviour of
poping from the storage instead.

Note that stdlib ContextVars (as I understand them) are released when
the relevant task completes, and hence assigning an empty dictionary
releases references to anything stored whilst in the context as
desired (with the dictionary being release when the task completed).
---
 CHANGES.rst           |  2 ++
 src/werkzeug/local.py | 12 +++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index fc7328f4e..d4f44162e 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -32,6 +32,8 @@ Unreleased
     ``BinaryIO`` and ``TextIO`` for wider type compatibility.
     :issue:`2130`
 -   Ad-hoc TLS certs are generated with SAN matching CN. :issue:`2158`
+-   Fix memory usage for locals when using Python 3.6 or pre 0.4.17
+    greenlet versions. :pr:`2212`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index a5a7870e4..570f2b0cf 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -61,6 +61,11 @@ class _CannotUseContextVar(Exception):
                 ):
                     raise _CannotUseContextVar()
 
+    def __release_local__(storage: t.Any) -> None:
+        # Can remove when support for non-stdlib ContextVars is
+        # removed, see "Fake" version below.
+        storage.set({})
+
 
 except (ImportError, _CannotUseContextVar):
 
@@ -79,6 +84,11 @@ def get(self, default: t.Dict[str, t.Any]) -> t.Dict[str, t.Any]:
         def set(self, value: t.Dict[str, t.Any]) -> None:
             self.storage[_get_ident()] = value
 
+    def __release_local__(storage: t.Any) -> None:
+        # Special version to ensure that the storage is cleaned up on
+        # release.
+        storage.storage.pop(_get_ident(), None)
+
 
 def release_local(local: t.Union["Local", "LocalStack"]) -> None:
     """Releases the contents of the local for the current context.
@@ -145,7 +155,7 @@ def __call__(self, proxy: str) -> "LocalProxy":
         return LocalProxy(self, proxy)
 
     def __release_local__(self) -> None:
-        self._storage.set({})
+        __release_local__(self._storage)
 
     def __getattr__(self, name: str) -> t.Any:
         values = self._storage.get({})

From 350006c8d58ee9d3242cfa43bdf8bc8ade5169c3 Mon Sep 17 00:00:00 2001
From: Emil Sadek 
Date: Mon, 9 Aug 2021 00:19:48 -0700
Subject: [PATCH 498/733] update pip link

---
 README.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index aa8464de1..f1592a569 100644
--- a/README.rst
+++ b/README.rst
@@ -48,7 +48,7 @@ Install and update using `pip`_:
 
     pip install -U Werkzeug
 
-.. _pip: https://pip.pypa.io/en/stable/quickstart/
+.. _pip: https://pip.pypa.io/en/stable/getting-started/
 
 
 A Simple Example

From c46a01aec01e71307f8b80a0ea918c1f20464a0e Mon Sep 17 00:00:00 2001
From: Rahul-RB 
Date: Thu, 19 Aug 2021 07:55:39 +0530
Subject: [PATCH 499/733] Spelling fix: changed 'y' to 'by'

---
 src/werkzeug/local.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index 570f2b0cf..be33f9aa9 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -262,7 +262,7 @@ def top(self) -> t.Any:
 class LocalManager:
     """Local objects cannot manage themselves. For that you need a local
     manager. You can pass a local manager multiple locals or add them
-    later y appending them to `manager.locals`. Every time the manager
+    later by appending them to `manager.locals`. Every time the manager
     cleans up, it will clean up all the data left in the locals for this
     context.
 

From 189c45cb4cd46e35231d33d4576fffc273f84a3b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Sep 2021 08:02:32 +0000
Subject: [PATCH 500/733] Bump cryptography from 3.4.7 to 3.4.8

Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.7 to 3.4.8.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.4.7...3.4.8)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt   | 2 +-
 requirements/tests.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index ec77ac52b..b2ba872ad 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -22,7 +22,7 @@ charset-normalizer==2.0.4
     # via requests
 click==8.0.1
     # via pip-tools
-cryptography==3.4.7
+cryptography==3.4.8
     # via -r requirements/tests.in
 distlib==0.3.2
     # via virtualenv
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 34d8c0b30..3bd7ca684 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -8,7 +8,7 @@ attrs==21.2.0
     # via pytest
 cffi==1.14.6
     # via cryptography
-cryptography==3.4.7
+cryptography==3.4.8
     # via -r requirements/tests.in
 greenlet==1.1.1
     # via -r requirements/tests.in

From 443a2a3f17bddb67482142c4ec1b284c6b7b1641 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Sep 2021 08:03:21 +0000
Subject: [PATCH 501/733] Bump types-setuptools from 57.0.0 to 57.0.2

Bumps [types-setuptools](https://github.com/python/typeshed) from 57.0.0 to 57.0.2.
- [Release notes](https://github.com/python/typeshed/releases)
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: types-setuptools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt    | 2 +-
 requirements/typing.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index ec77ac52b..847a3b43b 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -141,7 +141,7 @@ types-contextvars==0.1.4
     # via -r requirements/typing.in
 types-dataclasses==0.1.5
     # via -r requirements/typing.in
-types-setuptools==57.0.0
+types-setuptools==57.0.2
     # via -r requirements/typing.in
 typing-extensions==3.10.0.0
     # via mypy
diff --git a/requirements/typing.txt b/requirements/typing.txt
index 341638c2c..9a9c50e1c 100644
--- a/requirements/typing.txt
+++ b/requirements/typing.txt
@@ -14,7 +14,7 @@ types-contextvars==0.1.4
     # via -r requirements/typing.in
 types-dataclasses==0.1.5
     # via -r requirements/typing.in
-types-setuptools==57.0.0
+types-setuptools==57.0.2
     # via -r requirements/typing.in
 typing-extensions==3.10.0.0
     # via mypy

From 6b9715e466d9fc4ee80a2e33adede84dbc347d53 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Sep 2021 08:03:45 +0000
Subject: [PATCH 502/733] Bump pre-commit from 2.14.0 to 2.14.1

Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.14.0 to 2.14.1.
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pre-commit/pre-commit/compare/v2.14.0...v2.14.1)

---
updated-dependencies:
- dependency-name: pre-commit
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index ec77ac52b..afefe15b5 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -70,7 +70,7 @@ pluggy==0.13.1
     # via
     #   pytest
     #   tox
-pre-commit==2.14.0
+pre-commit==2.14.1
     # via -r requirements/dev.in
 psutil==5.8.0
     # via pytest-xprocess

From 6de1c472faf676215b1f1a5b62baa3474946036b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Sep 2021 08:04:12 +0000
Subject: [PATCH 503/733] Bump watchdog from 2.1.3 to 2.1.5

Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 2.1.3 to 2.1.5.
- [Release notes](https://github.com/gorakhargosh/watchdog/releases)
- [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst)
- [Commits](https://github.com/gorakhargosh/watchdog/compare/v2.1.3...v2.1.5)

---
updated-dependencies:
- dependency-name: watchdog
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt   | 2 +-
 requirements/tests.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index ec77ac52b..d45584acd 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -151,7 +151,7 @@ virtualenv==20.7.0
     # via
     #   pre-commit
     #   tox
-watchdog==2.1.3
+watchdog==2.1.5
     # via -r requirements/tests.in
 wheel==0.36.2
     # via pip-tools
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 34d8c0b30..4d920a383 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -37,5 +37,5 @@ pytest-xprocess==0.18.1
     # via -r requirements/tests.in
 toml==0.10.2
     # via pytest
-watchdog==2.1.3
+watchdog==2.1.5
     # via -r requirements/tests.in

From dbcb7486a5dccae06525a52a6df7c95dc281f271 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Sep 2021 08:04:40 +0000
Subject: [PATCH 504/733] Bump types-dataclasses from 0.1.5 to 0.1.7

Bumps [types-dataclasses](https://github.com/python/typeshed) from 0.1.5 to 0.1.7.
- [Release notes](https://github.com/python/typeshed/releases)
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: types-dataclasses
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt    | 2 +-
 requirements/typing.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index ec77ac52b..09112bae9 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -139,7 +139,7 @@ tox==3.24.1
     # via -r requirements/dev.in
 types-contextvars==0.1.4
     # via -r requirements/typing.in
-types-dataclasses==0.1.5
+types-dataclasses==0.1.7
     # via -r requirements/typing.in
 types-setuptools==57.0.0
     # via -r requirements/typing.in
diff --git a/requirements/typing.txt b/requirements/typing.txt
index 341638c2c..1f608c13c 100644
--- a/requirements/typing.txt
+++ b/requirements/typing.txt
@@ -12,7 +12,7 @@ toml==0.10.2
     # via mypy
 types-contextvars==0.1.4
     # via -r requirements/typing.in
-types-dataclasses==0.1.5
+types-dataclasses==0.1.7
     # via -r requirements/typing.in
 types-setuptools==57.0.0
     # via -r requirements/typing.in

From eb7c960c222e84b8169dfc261bda78ba1cbf5546 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Sep 2021 08:05:08 +0000
Subject: [PATCH 505/733] Bump pytest from 6.2.4 to 6.2.5

Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.4 to 6.2.5.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/6.2.4...6.2.5)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt   | 2 +-
 requirements/tests.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index ec77ac52b..c96dc2647 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -84,7 +84,7 @@ pygments==2.9.0
     # via sphinx
 pyparsing==2.4.7
     # via packaging
-pytest==6.2.4
+pytest==6.2.5
     # via
     #   -r requirements/tests.in
     #   pytest-timeout
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 34d8c0b30..eb459bce5 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -26,7 +26,7 @@ pycparser==2.20
     # via cffi
 pyparsing==2.4.7
     # via packaging
-pytest==6.2.4
+pytest==6.2.5
     # via
     #   -r requirements/tests.in
     #   pytest-timeout

From e7ee334d0cfa6f31f3ab0f894e3b6cea6ebd0cd1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Sep 2021 14:58:04 +0000
Subject: [PATCH 506/733] Bump tox from 3.24.1 to 3.24.3

Bumps [tox](https://github.com/tox-dev/tox) from 3.24.1 to 3.24.3.
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/master/docs/changelog.rst)
- [Commits](https://github.com/tox-dev/tox/compare/3.24.1...3.24.3)

---
updated-dependencies:
- dependency-name: tox
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] 
---
 requirements/dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index b54c1beda..6a4911335 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -135,7 +135,7 @@ toml==0.10.2
     #   tox
 tomli==1.2.1
     # via pep517
-tox==3.24.1
+tox==3.24.3
     # via -r requirements/dev.in
 types-contextvars==0.1.4
     # via -r requirements/typing.in

From 8866000ee7062be9fbbd756fe604cdf09144a0c7 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 6 Sep 2021 19:07:11 +0000
Subject: [PATCH 507/733] [pre-commit.ci] pre-commit autoupdate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

updates:
- [github.com/asottile/pyupgrade: v2.23.3 → v2.25.0](https://github.com/asottile/pyupgrade/compare/v2.23.3...v2.25.0)
- [github.com/psf/black: 21.7b0 → 21.8b0](https://github.com/psf/black/compare/21.7b0...21.8b0)
---
 .pre-commit-config.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index ab7fe976c..403d0e62d 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,7 +2,7 @@ ci:
   autoupdate_schedule: monthly
 repos:
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.23.3
+    rev: v2.25.0
     hooks:
       - id: pyupgrade
         args: ["--py36-plus"]
@@ -18,7 +18,7 @@ repos:
         files: "^examples/"
         args: ["--application-directories", "examples"]
   - repo: https://github.com/psf/black
-    rev: 21.7b0
+    rev: 21.8b0
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8

From d7c4f91c373ecab55583238dc6a8c9e17f34acf1 Mon Sep 17 00:00:00 2001
From: "Bruno P. Kinoshita" 
Date: Tue, 14 Sep 2021 15:00:21 +1200
Subject: [PATCH 508/733] Replace NBSP by space

---
 src/werkzeug/debug/shared/style.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/werkzeug/debug/shared/style.css b/src/werkzeug/debug/shared/style.css
index a45522db8..bd996134d 100644
--- a/src/werkzeug/debug/shared/style.css
+++ b/src/werkzeug/debug/shared/style.css
@@ -108,7 +108,7 @@ pre.console div.traceback pre.syntaxerror { background: inherit; border: none;
 pre.console div.noframe-traceback pre.syntaxerror { margin-top: -10px; border: none; }
 
 pre.console div.box pre.repr { padding: 0; margin: 0; background-color: white; border: none; }
-pre.console div.box table { margin-top: 6px; }
+pre.console div.box table { margin-top: 6px; }
 pre.console div.box pre { border: none; }
 pre.console div.box pre.help { background-color: white; }
 pre.console div.box pre.help:hover { cursor: default; }

From 0e9160bb766153b10a59ebf3e4f584600c76e4ab Mon Sep 17 00:00:00 2001
From: "Bruno P. Kinoshita" 
Date: Tue, 14 Sep 2021 15:00:21 +1200
Subject: [PATCH 509/733] Replace NBSP by space

---
 src/werkzeug/debug/shared/style.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/werkzeug/debug/shared/style.css b/src/werkzeug/debug/shared/style.css
index a45522db8..bd996134d 100644
--- a/src/werkzeug/debug/shared/style.css
+++ b/src/werkzeug/debug/shared/style.css
@@ -108,7 +108,7 @@ pre.console div.traceback pre.syntaxerror { background: inherit; border: none;
 pre.console div.noframe-traceback pre.syntaxerror { margin-top: -10px; border: none; }
 
 pre.console div.box pre.repr { padding: 0; margin: 0; background-color: white; border: none; }
-pre.console div.box table { margin-top: 6px; }
+pre.console div.box table { margin-top: 6px; }
 pre.console div.box pre { border: none; }
 pre.console div.box pre.help { background-color: white; }
 pre.console div.box pre.help:hover { cursor: default; }

From 60e83271dce5cc019dbfc0935052da0904a5d425 Mon Sep 17 00:00:00 2001
From: Hongkuan Wang 
Date: Wed, 22 Sep 2021 22:13:48 +0800
Subject: [PATCH 510/733] fix typo and grammar mistake

---
 src/werkzeug/filesystem.py | 2 +-
 src/werkzeug/test.py       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/werkzeug/filesystem.py b/src/werkzeug/filesystem.py
index 36a3d12e9..16eb58611 100644
--- a/src/werkzeug/filesystem.py
+++ b/src/werkzeug/filesystem.py
@@ -37,7 +37,7 @@ def get_filesystem_encoding() -> str:
     because it might be different. See :ref:`filesystem-encoding` for the exact
     behavior.
 
-    The concept of a filesystem encoding in generally is not something you
+    The concept of a filesystem encoding in general is not something you
     should rely on. As such if you ever need to use this function except for
     writing wrapper code reconsider.
     """
diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py
index d0ce6f95b..7ee27477d 100644
--- a/src/werkzeug/test.py
+++ b/src/werkzeug/test.py
@@ -322,7 +322,7 @@ class EnvironBuilder:
 
     .. versionadded:: 0.15
         The environ has keys ``REQUEST_URI`` and ``RAW_URI`` containing
-        the path before perecent-decoding. This is not part of the WSGI
+        the path before percent-decoding. This is not part of the WSGI
         PEP, but many WSGI servers include it.
 
     .. versionchanged:: 0.6

From 366b2d97eb10d5e3c16c2a5c19892dce68322ca2 Mon Sep 17 00:00:00 2001
From: Yourun-Proger 
Date: Fri, 17 Sep 2021 19:49:38 +0300
Subject: [PATCH 511/733] Fix type-hint in `CallbackDict`

---
 CHANGES.rst                     | 2 ++
 src/werkzeug/datastructures.pyi | 3 ++-
 src/werkzeug/sansio/response.py | 2 +-
 src/werkzeug/test.py            | 2 +-
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index d4f44162e..728623a78 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -34,6 +34,8 @@ Unreleased
 -   Ad-hoc TLS certs are generated with SAN matching CN. :issue:`2158`
 -   Fix memory usage for locals when using Python 3.6 or pre 0.4.17
     greenlet versions. :pr:`2212`
+-   Fix type anntoation in ``CallbackDict``, because it is not
+    utilizing a bound TypeVar. :issue:`2235`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/datastructures.pyi b/src/werkzeug/datastructures.pyi
index f1e650da0..1fcd4f355 100644
--- a/src/werkzeug/datastructures.pyi
+++ b/src/werkzeug/datastructures.pyi
@@ -29,6 +29,7 @@ K = TypeVar("K")
 V = TypeVar("V")
 T = TypeVar("T")
 D = TypeVar("D")
+_CD = TypeVar("_CD", bound="CallbackDict")
 
 def is_immutable(self: object) -> NoReturn: ...
 def iter_multi_items(
@@ -685,7 +686,7 @@ class CallbackDict(UpdateDictMixin[K, V], Dict[K, V]):
     def __init__(
         self,
         initial: Optional[Union[Mapping[K, V], Iterable[Tuple[K, V]]]] = None,
-        on_update: Optional[Callable[[CallbackDict], None]] = None,
+        on_update: Optional[Callable[[_CD], None]] = None,
     ) -> None: ...
 
 class HeaderSet(Set[str]):
diff --git a/src/werkzeug/sansio/response.py b/src/werkzeug/sansio/response.py
index 4d55a9ad7..40bdcd8df 100644
--- a/src/werkzeug/sansio/response.py
+++ b/src/werkzeug/sansio/response.py
@@ -316,7 +316,7 @@ def mimetype_params(self) -> t.Dict[str, str]:
         .. versionadded:: 0.5
         """
 
-        def on_update(d: t.Dict[str, str]) -> None:
+        def on_update(d: CallbackDict) -> None:
             self.headers["Content-Type"] = dump_options_header(self.mimetype, d)
 
         d = parse_options_header(self.headers.get("content-type", ""))[1]
diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py
index d0ce6f95b..09cb7e89c 100644
--- a/src/werkzeug/test.py
+++ b/src/werkzeug/test.py
@@ -570,7 +570,7 @@ def mimetype_params(self) -> t.Mapping[str, str]:
         .. versionadded:: 0.14
         """
 
-        def on_update(d: t.Mapping[str, str]) -> None:
+        def on_update(d: CallbackDict) -> None:
             self.headers["Content-Type"] = dump_options_header(self.mimetype, d)
 
         d = parse_options_header(self.headers.get("content-type", ""))[1]

From 08a0ea55152503f7ee1be8f1513b56f2c9dd490b Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 4 Oct 2021 18:34:17 -0700
Subject: [PATCH 512/733] use exception chaining

fixes flake8-bugbear B904
---
 examples/cupoftee/pages.py     |  2 +-
 src/werkzeug/datastructures.py | 22 +++++++++++++++-------
 src/werkzeug/local.py          |  9 +++++----
 src/werkzeug/routing.py        | 10 ++++++----
 src/werkzeug/serving.py        | 10 ++++++----
 src/werkzeug/utils.py          |  8 +++++---
 tests/test_debug.py            |  4 ++--
 7 files changed, 40 insertions(+), 25 deletions(-)

diff --git a/examples/cupoftee/pages.py b/examples/cupoftee/pages.py
index abe43c8e6..3cbf842dd 100644
--- a/examples/cupoftee/pages.py
+++ b/examples/cupoftee/pages.py
@@ -52,7 +52,7 @@ def process(self, id):
         try:
             self.server = self.cup.server_browser.servers[id]
         except KeyError:
-            raise NotFound()
+            raise NotFound() from None
 
 
 class Search(Page):
diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index b10912b90..ff48a0d04 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -578,7 +578,8 @@ def pop(self, key, default=_missing):
         except KeyError:
             if default is not _missing:
                 return default
-            raise exceptions.BadRequestKeyError(key)
+
+            raise exceptions.BadRequestKeyError(key) from None
 
     def popitem(self):
         """Pop an item from the dict."""
@@ -586,11 +587,11 @@ def popitem(self):
             item = dict.popitem(self)
 
             if len(item[1]) == 0:
-                raise exceptions.BadRequestKeyError(item)
+                raise exceptions.BadRequestKeyError(item[0])
 
             return (item[0], item[1][0])
         except KeyError as e:
-            raise exceptions.BadRequestKeyError(e.args[0])
+            raise exceptions.BadRequestKeyError(e.args[0]) from None
 
     def poplist(self, key):
         """Pop the list for a key from the dict.  If the key is not in the dict
@@ -607,7 +608,7 @@ def popitemlist(self):
         try:
             return dict.popitem(self)
         except KeyError as e:
-            raise exceptions.BadRequestKeyError(e.args[0])
+            raise exceptions.BadRequestKeyError(e.args[0]) from None
 
     def __copy__(self):
         return self.copy()
@@ -801,27 +802,34 @@ def pop(self, key, default=_missing):
         except KeyError:
             if default is not _missing:
                 return default
-            raise exceptions.BadRequestKeyError(key)
+
+            raise exceptions.BadRequestKeyError(key) from None
+
         for bucket in buckets:
             bucket.unlink(self)
+
         return buckets[0].value
 
     def popitem(self):
         try:
             key, buckets = dict.popitem(self)
         except KeyError as e:
-            raise exceptions.BadRequestKeyError(e.args[0])
+            raise exceptions.BadRequestKeyError(e.args[0]) from None
+
         for bucket in buckets:
             bucket.unlink(self)
+
         return key, buckets[0].value
 
     def popitemlist(self):
         try:
             key, buckets = dict.popitem(self)
         except KeyError as e:
-            raise exceptions.BadRequestKeyError(e.args[0])
+            raise exceptions.BadRequestKeyError(e.args[0]) from None
+
         for bucket in buckets:
             bucket.unlink(self)
+
         return key, [x.value for x in buckets]
 
 
diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index be33f9aa9..b4dee7b4d 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -54,7 +54,7 @@ class _CannotUseContextVar(Exception):
                 from gevent.monkey import is_object_patched
             except ImportError:
                 # Gevent isn't used, but Greenlet is and hasn't patched
-                raise _CannotUseContextVar()
+                raise _CannotUseContextVar() from None
             else:
                 if is_object_patched("threading", "local") and not is_object_patched(
                     "contextvars", "ContextVar"
@@ -162,7 +162,7 @@ def __getattr__(self, name: str) -> t.Any:
         try:
             return values[name]
         except KeyError:
-            raise AttributeError(name)
+            raise AttributeError(name) from None
 
     def __setattr__(self, name: str, value: t.Any) -> None:
         values = self._storage.get({}).copy()
@@ -175,7 +175,7 @@ def __delattr__(self, name: str) -> None:
             del values[name]
             self._storage.set(values)
         except KeyError:
-            raise AttributeError(name)
+            raise AttributeError(name) from None
 
 
 class LocalStack:
@@ -556,7 +556,8 @@ def _get_current_object(self) -> t.Any:
         try:
             return getattr(self.__local, self.__name)  # type: ignore
         except AttributeError:
-            raise RuntimeError(f"no object bound to {self.__name}")  # type: ignore
+            name = self.__name  # type: ignore
+            raise RuntimeError(f"no object bound to {name}") from None
 
     __doc__ = _ProxyLookup(  # type: ignore
         class_value=__doc__, fallback=lambda self: type(self).__doc__
diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index 0953a4860..ddb8ef9c1 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -1591,10 +1591,12 @@ def bind(
             script_name = "/"
         if path_info is None:
             path_info = "/"
+
         try:
             server_name = _encode_idna(server_name)  # type: ignore
-        except UnicodeError:
-            raise BadHost()
+        except UnicodeError as e:
+            raise BadHost() from e
+
         return MapAdapter(
             self,
             server_name,
@@ -1973,13 +1975,13 @@ def match(
                         url_quote(e.path_info, self.map.charset, safe="/:|+"),
                         query_args,
                     )
-                )
+                ) from None
             except RequestAliasRedirect as e:
                 raise RequestRedirect(
                     self.make_alias_redirect_url(
                         path, rule.endpoint, e.matched_values, method, query_args
                     )
-                )
+                ) from None
             if rv is None:
                 continue
             if rule.methods is not None and method not in rule.methods:
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 86c15f906..197b6fb9a 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -39,7 +39,7 @@
 
     class _SslDummy:
         def __getattr__(self, name: str) -> t.Any:
-            raise RuntimeError("SSL support unavailable")
+            raise RuntimeError("SSL support unavailable")  # noqa: B904
 
     ssl = _SslDummy()  # type: ignore
 
@@ -98,8 +98,8 @@ def read_chunk_len(self) -> int:
         try:
             line = self._rfile.readline().decode("latin1")
             _len = int(line.strip(), 16)
-        except ValueError:
-            raise OSError("Invalid chunk header")
+        except ValueError as e:
+            raise OSError("Invalid chunk header") from e
         if _len < 0:
             raise OSError("Negative chunk length not allowed")
         return _len
@@ -467,7 +467,9 @@ def generate_adhoc_ssl_pair(
         from cryptography.hazmat.primitives import hashes
         from cryptography.hazmat.primitives.asymmetric import rsa
     except ImportError:
-        raise TypeError("Using ad-hoc certificates requires the cryptography library.")
+        raise TypeError(
+            "Using ad-hoc certificates requires the cryptography library."
+        ) from None
 
     backend = default_backend()
     pkey = rsa.generate_private_key(
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index d5e4a8e1b..900723149 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -847,7 +847,7 @@ def send_from_directory(
             raise NotFound()
     except ValueError:
         # path contains null byte on Python < 3.8
-        raise NotFound()
+        raise NotFound() from None
 
     return send_file(path, environ, **kwargs)
 
@@ -880,11 +880,13 @@ def import_string(import_name: str, silent: bool = False) -> t.Any:
         try:
             return getattr(module, obj_name)
         except AttributeError as e:
-            raise ImportError(e)
+            raise ImportError(e) from None
 
     except ImportError as e:
         if not silent:
-            raise ImportStringError(import_name, e).with_traceback(sys.exc_info()[2])
+            raise ImportStringError(import_name, e).with_traceback(
+                sys.exc_info()[2]
+            ) from None
 
     return None
 
diff --git a/tests/test_debug.py b/tests/test_debug.py
index d218c4e80..19318c72f 100644
--- a/tests/test_debug.py
+++ b/tests/test_debug.py
@@ -230,7 +230,7 @@ def do_something():
             try:
                 do_something()
             except ValueError:
-                raise KeyError("outer")
+                raise KeyError("outer")  # noqa: B904
 
         debugged = DebuggedApplication(app)
         client = Client(debugged)
@@ -331,7 +331,7 @@ def test_chained_exception_cycle():
         try:
             raise ValueError()
         except ValueError:
-            raise TypeError()
+            raise TypeError()  # noqa: B904
     except TypeError as e:
         # create a cycle and make it available outside the except block
         e.__context__.__context__ = error = e

From e3d652c2511cd0dc64d1d9cd5da336c75e90ec08 Mon Sep 17 00:00:00 2001
From: Yourun-Proger 
Date: Tue, 5 Oct 2021 20:12:45 +0300
Subject: [PATCH 513/733] fix typo

---
 CHANGES.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 728623a78..300e04ea4 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -34,7 +34,7 @@ Unreleased
 -   Ad-hoc TLS certs are generated with SAN matching CN. :issue:`2158`
 -   Fix memory usage for locals when using Python 3.6 or pre 0.4.17
     greenlet versions. :pr:`2212`
--   Fix type anntoation in ``CallbackDict``, because it is not
+-   Fix type annotation in ``CallbackDict``, because it is not
     utilizing a bound TypeVar. :issue:`2235`
 
 

From e35d33526e8564e60c8634a84b2ff0951f3544a1 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 5 Oct 2021 13:53:40 -0700
Subject: [PATCH 514/733] update requirements

---
 .pre-commit-config.yaml |  4 ++--
 requirements/dev.txt    | 48 ++++++++++++++++++++---------------------
 requirements/docs.txt   | 12 +++++------
 requirements/tests.txt  | 10 ++++-----
 requirements/typing.txt |  6 +++---
 5 files changed, 40 insertions(+), 40 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index ab7fe976c..4ed83f5b3 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,7 +2,7 @@ ci:
   autoupdate_schedule: monthly
 repos:
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.23.3
+    rev: v2.29.0
     hooks:
       - id: pyupgrade
         args: ["--py36-plus"]
@@ -18,7 +18,7 @@ repos:
         files: "^examples/"
         args: ["--application-directories", "examples"]
   - repo: https://github.com/psf/black
-    rev: 21.7b0
+    rev: 21.9b0
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8
diff --git a/requirements/dev.txt b/requirements/dev.txt
index ec77ac52b..9ab855911 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -16,25 +16,25 @@ certifi==2021.5.30
     # via requests
 cffi==1.14.6
     # via cryptography
-cfgv==3.3.0
+cfgv==3.3.1
     # via pre-commit
-charset-normalizer==2.0.4
+charset-normalizer==2.0.6
     # via requests
 click==8.0.1
     # via pip-tools
-cryptography==3.4.7
+cryptography==35.0.0
     # via -r requirements/tests.in
-distlib==0.3.2
+distlib==0.3.3
     # via virtualenv
 docutils==0.17.1
     # via sphinx
-filelock==3.0.12
+filelock==3.3.0
     # via
     #   tox
     #   virtualenv
-greenlet==1.1.1
+greenlet==1.1.2
     # via -r requirements/tests.in
-identify==2.2.13
+identify==2.3.0
     # via pre-commit
 idna==3.2
     # via requests
@@ -42,7 +42,7 @@ imagesize==1.2.0
     # via sphinx
 iniconfig==1.1.1
     # via pytest
-jinja2==3.0.1
+jinja2==3.0.2
     # via sphinx
 markupsafe==2.0.1
     # via jinja2
@@ -62,15 +62,15 @@ pallets-sphinx-themes==2.0.1
     # via -r requirements/docs.in
 pep517==0.11.0
     # via pip-tools
-pip-tools==6.2.0
+pip-tools==6.3.0
     # via -r requirements/dev.in
-platformdirs==2.2.0
+platformdirs==2.4.0
     # via virtualenv
-pluggy==0.13.1
+pluggy==1.0.0
     # via
     #   pytest
     #   tox
-pre-commit==2.14.0
+pre-commit==2.15.0
     # via -r requirements/dev.in
 psutil==5.8.0
     # via pytest-xprocess
@@ -80,11 +80,11 @@ py==1.10.0
     #   tox
 pycparser==2.20
     # via cffi
-pygments==2.9.0
+pygments==2.10.0
     # via sphinx
 pyparsing==2.4.7
     # via packaging
-pytest==6.2.4
+pytest==6.2.5
     # via
     #   -r requirements/tests.in
     #   pytest-timeout
@@ -93,7 +93,7 @@ pytest-timeout==1.4.2
     # via -r requirements/tests.in
 pytest-xprocess==0.18.1
     # via -r requirements/tests.in
-pytz==2021.1
+pytz==2021.3
     # via babel
 pyyaml==5.4.1
     # via pre-commit
@@ -105,7 +105,7 @@ six==1.16.0
     #   virtualenv
 snowballstemmer==2.1.0
     # via sphinx
-sphinx==4.1.2
+sphinx==4.2.0
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
@@ -135,25 +135,25 @@ toml==0.10.2
     #   tox
 tomli==1.2.1
     # via pep517
-tox==3.24.1
+tox==3.24.4
     # via -r requirements/dev.in
 types-contextvars==0.1.4
     # via -r requirements/typing.in
-types-dataclasses==0.1.5
+types-dataclasses==0.1.7
     # via -r requirements/typing.in
-types-setuptools==57.0.0
+types-setuptools==57.4.0
     # via -r requirements/typing.in
-typing-extensions==3.10.0.0
+typing-extensions==3.10.0.2
     # via mypy
-urllib3==1.26.6
+urllib3==1.26.7
     # via requests
-virtualenv==20.7.0
+virtualenv==20.8.1
     # via
     #   pre-commit
     #   tox
-watchdog==2.1.3
+watchdog==2.1.6
     # via -r requirements/tests.in
-wheel==0.36.2
+wheel==0.37.0
     # via pip-tools
 
 # The following packages are considered to be unsafe in a requirements file:
diff --git a/requirements/docs.txt b/requirements/docs.txt
index 540ed1fe9..4b9eb5d27 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -10,7 +10,7 @@ babel==2.9.1
     # via sphinx
 certifi==2021.5.30
     # via requests
-charset-normalizer==2.0.4
+charset-normalizer==2.0.6
     # via requests
 docutils==0.17.1
     # via sphinx
@@ -18,7 +18,7 @@ idna==3.2
     # via requests
 imagesize==1.2.0
     # via sphinx
-jinja2==3.0.1
+jinja2==3.0.2
     # via sphinx
 markupsafe==2.0.1
     # via jinja2
@@ -28,17 +28,17 @@ packaging==21.0
     #   sphinx
 pallets-sphinx-themes==2.0.1
     # via -r requirements/docs.in
-pygments==2.9.0
+pygments==2.10.0
     # via sphinx
 pyparsing==2.4.7
     # via packaging
-pytz==2021.1
+pytz==2021.3
     # via babel
 requests==2.26.0
     # via sphinx
 snowballstemmer==2.1.0
     # via sphinx
-sphinx==4.1.2
+sphinx==4.2.0
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
@@ -60,7 +60,7 @@ sphinxcontrib-qthelp==1.0.3
     # via sphinx
 sphinxcontrib-serializinghtml==1.1.5
     # via sphinx
-urllib3==1.26.6
+urllib3==1.26.7
     # via requests
 
 # The following packages are considered to be unsafe in a requirements file:
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 34d8c0b30..593bb44d2 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -8,15 +8,15 @@ attrs==21.2.0
     # via pytest
 cffi==1.14.6
     # via cryptography
-cryptography==3.4.7
+cryptography==35.0.0
     # via -r requirements/tests.in
-greenlet==1.1.1
+greenlet==1.1.2
     # via -r requirements/tests.in
 iniconfig==1.1.1
     # via pytest
 packaging==21.0
     # via pytest
-pluggy==0.13.1
+pluggy==1.0.0
     # via pytest
 psutil==5.8.0
     # via pytest-xprocess
@@ -26,7 +26,7 @@ pycparser==2.20
     # via cffi
 pyparsing==2.4.7
     # via packaging
-pytest==6.2.4
+pytest==6.2.5
     # via
     #   -r requirements/tests.in
     #   pytest-timeout
@@ -37,5 +37,5 @@ pytest-xprocess==0.18.1
     # via -r requirements/tests.in
 toml==0.10.2
     # via pytest
-watchdog==2.1.3
+watchdog==2.1.6
     # via -r requirements/tests.in
diff --git a/requirements/typing.txt b/requirements/typing.txt
index 341638c2c..63c0e5928 100644
--- a/requirements/typing.txt
+++ b/requirements/typing.txt
@@ -12,9 +12,9 @@ toml==0.10.2
     # via mypy
 types-contextvars==0.1.4
     # via -r requirements/typing.in
-types-dataclasses==0.1.5
+types-dataclasses==0.1.7
     # via -r requirements/typing.in
-types-setuptools==57.0.0
+types-setuptools==57.4.0
     # via -r requirements/typing.in
-typing-extensions==3.10.0.0
+typing-extensions==3.10.0.2
     # via mypy

From 9c79d7b7adcefb2ee517fe3779aec63f3e81fe1a Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 5 Oct 2021 16:15:12 -0700
Subject: [PATCH 515/733] setting CacheControl int property enforces type

---
 CHANGES.rst                    |  2 ++
 src/werkzeug/datastructures.py | 14 +++++++++++++-
 tests/test_http.py             |  4 ++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index b092f0a59..4a4e21024 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -7,6 +7,8 @@ Unreleased
 
 -   Default values passed to ``Headers`` are validated the same way
     values added later are. :issue:`1608`
+-   Setting ``CacheControl`` int properties, such as ``max_age``, will
+    convert the value to an int. :issue:`2230`
 
 
 Version 2.0.2
diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index 8f2c80057..b36798f50 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -2014,6 +2014,10 @@ class _CacheControl(UpdateDictMixin, dict):
     to subclass it and add your own items have a look at the sourcecode for
     that class.
 
+    .. versionchanged:: 2.1.0
+        Setting int properties such as ``max_age`` will convert the
+        value to an int.
+
     .. versionchanged:: 0.4
 
        Setting `no_cache` or `private` to boolean `True` will set the implicit
@@ -2072,7 +2076,7 @@ def _set_cache_value(self, key, value, type):
             elif value is True:
                 self[key] = None
             else:
-                self[key] = value
+                self[key] = type(value)
 
     def _del_cache_value(self, key):
         """Used internally by the accessor properties."""
@@ -2102,6 +2106,10 @@ class RequestCacheControl(ImmutableDictMixin, _CacheControl):
     you plan to subclass it and add your own items have a look at the sourcecode
     for that class.
 
+    .. versionchanged:: 2.1.0
+        Setting int properties such as ``max_age`` will convert the
+        value to an int.
+
     .. versionadded:: 0.5
        In previous versions a `CacheControl` class existed that was used
        both for request and response.
@@ -2122,6 +2130,10 @@ class ResponseCacheControl(_CacheControl):
     you plan to subclass it and add your own items have a look at the sourcecode
     for that class.
 
+    .. versionchanged:: 2.1.0
+        Setting int properties such as ``max_age`` will convert the
+        value to an int.
+
     .. versionadded:: 0.5
        In previous versions a `CacheControl` class existed that was used
        both for request and response.
diff --git a/tests/test_http.py b/tests/test_http.py
index 0d6c18397..853df5478 100644
--- a/tests/test_http.py
+++ b/tests/test_http.py
@@ -115,6 +115,10 @@ def test_cache_control_header(self):
         assert c.private == "*"
         del c.private
         assert c.private is None
+        # max_age is an int, other types are converted
+        c.max_age = 3.1
+        assert c.max_age == 3
+        del c.max_age
         assert c.to_header() == "no-cache"
 
     def test_csp_header(self):

From 9ee2b8cc62c2d7d3201a7d7d78a68b5f25e11821 Mon Sep 17 00:00:00 2001
From: pgjones 
Date: Tue, 21 Sep 2021 18:22:54 +0100
Subject: [PATCH 516/733] fix setting CSP header options

The header_property does not set the on_update method in the CSP
datastructure which means any changes wouldn't be set in the
headers. This fixes the issue by specifying the properties directly
and including tests to ensure it works.
---
 CHANGES.rst                     |  1 +
 src/werkzeug/sansio/response.py | 83 ++++++++++++++++++++++++++-------
 tests/test_wrappers.py          | 14 ++++++
 3 files changed, 81 insertions(+), 17 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 300e04ea4..74571797b 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -36,6 +36,7 @@ Unreleased
     greenlet versions. :pr:`2212`
 -   Fix type annotation in ``CallbackDict``, because it is not
     utilizing a bound TypeVar. :issue:`2235`
+-   Fix setting CSP header options on the response. :pr:`2237`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/sansio/response.py b/src/werkzeug/sansio/response.py
index 40bdcd8df..82817e8c1 100644
--- a/src/werkzeug/sansio/response.py
+++ b/src/werkzeug/sansio/response.py
@@ -12,12 +12,12 @@
 from ..utils import get_content_type
 from werkzeug.datastructures import CallbackDict
 from werkzeug.datastructures import ContentRange
+from werkzeug.datastructures import ContentSecurityPolicy
 from werkzeug.datastructures import ResponseCacheControl
 from werkzeug.datastructures import WWWAuthenticate
 from werkzeug.http import COEP
 from werkzeug.http import COOP
 from werkzeug.http import dump_age
-from werkzeug.http import dump_csp_header
 from werkzeug.http import dump_header
 from werkzeug.http import dump_options_header
 from werkzeug.http import http_date
@@ -567,23 +567,72 @@ def on_update(www_auth: WWWAuthenticate) -> None:
 
     # CSP
 
-    content_security_policy = header_property(
-        "Content-Security-Policy",
-        None,
-        parse_csp_header,  # type: ignore
-        dump_csp_header,
-        doc="""The Content-Security-Policy header adds an additional layer of
-        security to help detect and mitigate certain types of attacks.""",
-    )
-    content_security_policy_report_only = header_property(
-        "Content-Security-Policy-Report-Only",
-        None,
-        parse_csp_header,  # type: ignore
-        dump_csp_header,
-        doc="""The Content-Security-Policy-Report-Only header adds a csp policy
+    @property
+    def content_security_policy(self) -> ContentSecurityPolicy:
+        """The ``Content-Security-Policy`` header as a
+        :class:`~werkzeug.datastructures.ContentSecurityPolicy` object. Available
+        even if the header is not set.
+
+        The Content-Security-Policy header adds an additional layer of
+        security to help detect and mitigate certain types of attacks.
+        """
+
+        def on_update(csp: ContentSecurityPolicy) -> None:
+            if not csp:
+                del self.headers["content-security-policy"]
+            else:
+                self.headers["Content-Security-Policy"] = csp.to_header()
+
+        rv = parse_csp_header(self.headers.get("content-security-policy"), on_update)
+        if rv is None:
+            rv = ContentSecurityPolicy(None, on_update=on_update)
+        return rv
+
+    @content_security_policy.setter
+    def content_security_policy(
+        self, value: t.Optional[t.Union[ContentSecurityPolicy, str]]
+    ) -> None:
+        if not value:
+            del self.headers["content-security-policy"]
+        elif isinstance(value, str):
+            self.headers["Content-Security-Policy"] = value
+        else:
+            self.headers["Content-Security-Policy"] = value.to_header()
+
+    @property
+    def content_security_policy_report_only(self) -> ContentSecurityPolicy:
+        """The ``Content-Security-policy-report-only`` header as a
+        :class:`~werkzeug.datastructures.ContentSecurityPolicy` object. Available
+        even if the header is not set.
+
+        The Content-Security-Policy-Report-Only header adds a csp policy
         that is not enforced but is reported thereby helping detect
-        certain types of attacks.""",
-    )
+        certain types of attacks.
+        """
+
+        def on_update(csp: ContentSecurityPolicy) -> None:
+            if not csp:
+                del self.headers["content-security-policy-report-only"]
+            else:
+                self.headers["Content-Security-policy-report-only"] = csp.to_header()
+
+        rv = parse_csp_header(
+            self.headers.get("content-security-policy-report-only"), on_update
+        )
+        if rv is None:
+            rv = ContentSecurityPolicy(None, on_update=on_update)
+        return rv
+
+    @content_security_policy_report_only.setter
+    def content_security_policy_report_only(
+        self, value: t.Optional[t.Union[ContentSecurityPolicy, str]]
+    ) -> None:
+        if not value:
+            del self.headers["content-security-policy-report-only"]
+        elif isinstance(value, str):
+            self.headers["Content-Security-policy-report-only"] = value
+        else:
+            self.headers["Content-Security-policy-report-only"] = value.to_header()
 
     # CORS
 
diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py
index 8d7a5ae87..913033070 100644
--- a/tests/test_wrappers.py
+++ b/tests/test_wrappers.py
@@ -1343,6 +1343,20 @@ def test_ranges():
     assert resp.content_range.length == 1000
 
 
+def test_csp():
+    resp = wrappers.Response()
+    resp.content_security_policy.default_src = "'self'"
+    assert resp.headers["Content-Security-Policy"] == "default-src 'self'"
+    resp.content_security_policy.script_src = "'self' palletsprojects.com"
+    assert (
+        resp.headers["Content-Security-Policy"]
+        == "default-src 'self'; script-src 'self' palletsprojects.com"
+    )
+
+    resp.content_security_policy = None
+    assert "Content-Security-Policy" not in resp.headers
+
+
 def test_auto_content_length():
     resp = wrappers.Response("Hello World!")
     assert resp.content_length == 12

From f408b2527c9c8eeca4fee13cefcc22c9ae3a3e59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20Bend=C3=ADk?= 
Date: Wed, 29 Sep 2021 17:38:32 +0200
Subject: [PATCH 517/733] Fixed expand frame exception

---
 CHANGES.rst                           | 2 ++
 src/werkzeug/debug/shared/debugger.js | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 74571797b..de283cfbc 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -37,6 +37,8 @@ Unreleased
 -   Fix type annotation in ``CallbackDict``, because it is not
     utilizing a bound TypeVar. :issue:`2235`
 -   Fix setting CSP header options on the response. :pr:`2237`
+-   Fix an issue lines not expanding on click in the interactive
+    debugger for very long tracebacks. :pr:`2239`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/debug/shared/debugger.js b/src/werkzeug/debug/shared/debugger.js
index cd9efcdff..2354f0300 100644
--- a/src/werkzeug/debug/shared/debugger.js
+++ b/src/werkzeug/debug/shared/debugger.js
@@ -21,9 +21,9 @@ docReady(() => {
 });
 
 function addToggleFrameTraceback(frames) {
-  frames.forEach((frame, i) => {
+  frames.forEach((frame) => {
     frame.addEventListener("click", () => {
-      frame.getElementsByTagName("pre")[i].parentElement.classList.toggle("expanded");
+      frame.getElementsByTagName("pre")[0].parentElement.classList.toggle("expanded");
     });
   })
 }

From c7deb75c36ba394635245a5042976f6795c63a69 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 5 Oct 2021 17:04:53 -0700
Subject: [PATCH 518/733] fix changelog typo

---
 CHANGES.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index de283cfbc..a63e0e18f 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -37,8 +37,8 @@ Unreleased
 -   Fix type annotation in ``CallbackDict``, because it is not
     utilizing a bound TypeVar. :issue:`2235`
 -   Fix setting CSP header options on the response. :pr:`2237`
--   Fix an issue lines not expanding on click in the interactive
-    debugger for very long tracebacks. :pr:`2239`
+-   Fix an issue with with the interactive debugger where lines would
+    not expand on click for very long tracebacks. :pr:`2239`
 
 
 Version 2.0.1

From a02609581689cdd2307b376d533da4ea93f46fb3 Mon Sep 17 00:00:00 2001
From: Kris Jurka 
Date: Sun, 3 Oct 2021 00:06:47 -0700
Subject: [PATCH 519/733] handle an exception without a traceback

When an exception does not have a traceback there are no frames
to filter, but there's an explicit check for the last frame which
will fail if there are no frames.

An example exception with this problem can be seen when using
concurrent.futures.ProcessPoolExecutor.  When it reconstitutes a
remote exception it has serialized the traceback to a string it
includes as the error message instead of an object that can be
inspected.
---
 CHANGES.rst                   |  3 +++
 src/werkzeug/debug/tbtools.py |  5 +++++
 tests/test_debug.py           | 10 ++++++++++
 3 files changed, 18 insertions(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index a63e0e18f..915ca7dd5 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -39,6 +39,9 @@ Unreleased
 -   Fix setting CSP header options on the response. :pr:`2237`
 -   Fix an issue with with the interactive debugger where lines would
     not expand on click for very long tracebacks. :pr:`2239`
+-   The interactive debugger handles displaying an exception that does
+    not have a traceback, such as from ``ProcessPoolExecutor``.
+    :issue:`2217`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py
index a8e2c96e6..5ffd65422 100644
--- a/src/werkzeug/debug/tbtools.py
+++ b/src/werkzeug/debug/tbtools.py
@@ -357,6 +357,11 @@ def __init__(
             tb = tb.tb_next  # type: ignore
 
     def filter_hidden_frames(self) -> None:
+        # An exception may not have a traceback to filter frames, such
+        # as one re-raised from ProcessPoolExecutor.
+        if not self.frames:
+            return
+
         new_frames: t.List[Frame] = []
         hidden = False
 
diff --git a/tests/test_debug.py b/tests/test_debug.py
index 19318c72f..a5c6a7ad0 100644
--- a/tests/test_debug.py
+++ b/tests/test_debug.py
@@ -6,6 +6,7 @@
 
 from werkzeug.debug import console
 from werkzeug.debug import DebuggedApplication
+from werkzeug.debug import get_current_traceback
 from werkzeug.debug import get_machine_id
 from werkzeug.debug.console import HTMLStringO
 from werkzeug.debug.repr import debug_repr
@@ -350,3 +351,12 @@ class MutableException(ValueError):
     except MutableException:
         # previously crashed: `TypeError: unhashable type 'MutableException'`
         Traceback(*sys.exc_info())
+
+
+def test_exception_without_traceback():
+    try:
+        raise Exception("msg1")
+    except Exception as e:
+        # filter_hidden_frames should skip this since it has no traceback
+        e.__context__ = Exception("msg2")
+        get_current_traceback()

From f1761b2f5dbe8a3bb4772d16015f4649eb8cd939 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 5 Oct 2021 17:23:11 -0700
Subject: [PATCH 520/733] release version 2.0.2

---
 CHANGES.rst              | 2 +-
 src/werkzeug/__init__.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 915ca7dd5..c4343c445 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -3,7 +3,7 @@
 Version 2.0.2
 -------------
 
-Unreleased
+Released 2021-10-05
 
 -   Handle multiple tokens in ``Connection`` header when routing
     WebSocket requests. :issue:`2131`
diff --git a/src/werkzeug/__init__.py b/src/werkzeug/__init__.py
index 8c7e1c402..e63e0661c 100644
--- a/src/werkzeug/__init__.py
+++ b/src/werkzeug/__init__.py
@@ -3,4 +3,4 @@
 from .wrappers import Request as Request
 from .wrappers import Response as Response
 
-__version__ = "2.0.2.dev0"
+__version__ = "2.0.2"

From b3eb374e1c653868e86bb971e625e10d535c6f75 Mon Sep 17 00:00:00 2001
From: Hongkuan Wang 
Date: Wed, 6 Oct 2021 22:23:55 +0800
Subject: [PATCH 521/733] shortly example opens redis with
 decode_responses=True

---
 examples/shortly/shortly.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/examples/shortly/shortly.py b/examples/shortly/shortly.py
index 063bf2658..10e957e84 100644
--- a/examples/shortly/shortly.py
+++ b/examples/shortly/shortly.py
@@ -37,7 +37,9 @@ def get_hostname(url):
 
 class Shortly:
     def __init__(self, config):
-        self.redis = redis.Redis(config["redis_host"], config["redis_port"])
+        self.redis = redis.Redis(
+            config["redis_host"], config["redis_port"], decode_responses=True
+        )
         template_path = os.path.join(os.path.dirname(__file__), "templates")
         self.jinja_env = Environment(
             loader=FileSystemLoader(template_path), autoescape=True

From 34e0aedae5385d76da45ff457891f49f40a3490f Mon Sep 17 00:00:00 2001
From: Hongkuan Wang 
Date: Thu, 7 Oct 2021 16:57:53 +0800
Subject: [PATCH 522/733] update tutorial doc based on #2257

---
 docs/tutorial.rst | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/tutorial.rst b/docs/tutorial.rst
index bb245f85d..3c2edc861 100644
--- a/docs/tutorial.rst
+++ b/docs/tutorial.rst
@@ -138,7 +138,9 @@ that exports all the files on the `static` folder on the web::
     class Shortly(object):
 
         def __init__(self, config):
-            self.redis = redis.Redis(config['redis_host'], config['redis_port'])
+            self.redis = redis.Redis(
+                config['redis_host'], config['redis_port'], decode_responses=True
+            )
 
         def dispatch_request(self, request):
             return Response('Hello World!')

From 27be90ee8dd6d2e1c7dbc54d664f0f577169fdcb Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 1 Nov 2021 12:42:20 -0700
Subject: [PATCH 523/733] update requirements

---
 .pre-commit-config.yaml |  4 ++--
 requirements/dev.txt    | 36 ++++++++++++++++++------------------
 requirements/docs.txt   | 10 +++++-----
 requirements/tests.txt  |  8 ++++----
 requirements/typing.txt |  8 ++++----
 5 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4ed83f5b3..a63d8e0d3 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -18,11 +18,11 @@ repos:
         files: "^examples/"
         args: ["--application-directories", "examples"]
   - repo: https://github.com/psf/black
-    rev: 21.9b0
+    rev: 21.10b0
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8
-    rev: 3.9.2
+    rev: 4.0.1
     hooks:
       - id: flake8
         additional_dependencies:
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 9ab855911..f87b78018 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -1,5 +1,5 @@
 #
-# This file is autogenerated by pip-compile with python 3.9
+# This file is autogenerated by pip-compile with python 3.10
 # To update, run:
 #
 #    pip-compile requirements/dev.in
@@ -12,15 +12,15 @@ babel==2.9.1
     # via sphinx
 backports.entry-points-selectable==1.1.0
     # via virtualenv
-certifi==2021.5.30
+certifi==2021.10.8
     # via requests
-cffi==1.14.6
+cffi==1.15.0
     # via cryptography
 cfgv==3.3.1
     # via pre-commit
-charset-normalizer==2.0.6
+charset-normalizer==2.0.7
     # via requests
-click==8.0.1
+click==8.0.3
     # via pip-tools
 cryptography==35.0.0
     # via -r requirements/tests.in
@@ -28,15 +28,15 @@ distlib==0.3.3
     # via virtualenv
 docutils==0.17.1
     # via sphinx
-filelock==3.3.0
+filelock==3.3.2
     # via
     #   tox
     #   virtualenv
 greenlet==1.1.2
     # via -r requirements/tests.in
-identify==2.3.0
+identify==2.3.3
     # via pre-commit
-idna==3.2
+idna==3.3
     # via requests
 imagesize==1.2.0
     # via sphinx
@@ -52,7 +52,7 @@ mypy-extensions==0.4.3
     # via mypy
 nodeenv==1.6.0
     # via pre-commit
-packaging==21.0
+packaging==21.2
     # via
     #   pallets-sphinx-themes
     #   pytest
@@ -60,9 +60,9 @@ packaging==21.0
     #   tox
 pallets-sphinx-themes==2.0.1
     # via -r requirements/docs.in
-pep517==0.11.0
+pep517==0.12.0
     # via pip-tools
-pip-tools==6.3.0
+pip-tools==6.4.0
     # via -r requirements/dev.in
 platformdirs==2.4.0
     # via virtualenv
@@ -89,13 +89,13 @@ pytest==6.2.5
     #   -r requirements/tests.in
     #   pytest-timeout
     #   pytest-xprocess
-pytest-timeout==1.4.2
+pytest-timeout==2.0.1
     # via -r requirements/tests.in
 pytest-xprocess==0.18.1
     # via -r requirements/tests.in
 pytz==2021.3
     # via babel
-pyyaml==5.4.1
+pyyaml==6.0
     # via pre-commit
 requests==2.26.0
     # via sphinx
@@ -133,21 +133,21 @@ toml==0.10.2
     #   pre-commit
     #   pytest
     #   tox
-tomli==1.2.1
+tomli==1.2.2
     # via pep517
 tox==3.24.4
     # via -r requirements/dev.in
-types-contextvars==0.1.4
+types-contextvars==2.4.0
     # via -r requirements/typing.in
-types-dataclasses==0.1.7
+types-dataclasses==0.6.1
     # via -r requirements/typing.in
-types-setuptools==57.4.0
+types-setuptools==57.4.2
     # via -r requirements/typing.in
 typing-extensions==3.10.0.2
     # via mypy
 urllib3==1.26.7
     # via requests
-virtualenv==20.8.1
+virtualenv==20.10.0
     # via
     #   pre-commit
     #   tox
diff --git a/requirements/docs.txt b/requirements/docs.txt
index 4b9eb5d27..bd47a92d7 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -1,5 +1,5 @@
 #
-# This file is autogenerated by pip-compile with python 3.9
+# This file is autogenerated by pip-compile with python 3.10
 # To update, run:
 #
 #    pip-compile requirements/docs.in
@@ -8,13 +8,13 @@ alabaster==0.7.12
     # via sphinx
 babel==2.9.1
     # via sphinx
-certifi==2021.5.30
+certifi==2021.10.8
     # via requests
-charset-normalizer==2.0.6
+charset-normalizer==2.0.7
     # via requests
 docutils==0.17.1
     # via sphinx
-idna==3.2
+idna==3.3
     # via requests
 imagesize==1.2.0
     # via sphinx
@@ -22,7 +22,7 @@ jinja2==3.0.2
     # via sphinx
 markupsafe==2.0.1
     # via jinja2
-packaging==21.0
+packaging==21.2
     # via
     #   pallets-sphinx-themes
     #   sphinx
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 593bb44d2..f23970875 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -1,12 +1,12 @@
 #
-# This file is autogenerated by pip-compile with python 3.9
+# This file is autogenerated by pip-compile with python 3.10
 # To update, run:
 #
 #    pip-compile requirements/tests.in
 #
 attrs==21.2.0
     # via pytest
-cffi==1.14.6
+cffi==1.15.0
     # via cryptography
 cryptography==35.0.0
     # via -r requirements/tests.in
@@ -14,7 +14,7 @@ greenlet==1.1.2
     # via -r requirements/tests.in
 iniconfig==1.1.1
     # via pytest
-packaging==21.0
+packaging==21.2
     # via pytest
 pluggy==1.0.0
     # via pytest
@@ -31,7 +31,7 @@ pytest==6.2.5
     #   -r requirements/tests.in
     #   pytest-timeout
     #   pytest-xprocess
-pytest-timeout==1.4.2
+pytest-timeout==2.0.1
     # via -r requirements/tests.in
 pytest-xprocess==0.18.1
     # via -r requirements/tests.in
diff --git a/requirements/typing.txt b/requirements/typing.txt
index 63c0e5928..3ecff4a47 100644
--- a/requirements/typing.txt
+++ b/requirements/typing.txt
@@ -1,5 +1,5 @@
 #
-# This file is autogenerated by pip-compile with python 3.9
+# This file is autogenerated by pip-compile with python 3.10
 # To update, run:
 #
 #    pip-compile requirements/typing.in
@@ -10,11 +10,11 @@ mypy-extensions==0.4.3
     # via mypy
 toml==0.10.2
     # via mypy
-types-contextvars==0.1.4
+types-contextvars==2.4.0
     # via -r requirements/typing.in
-types-dataclasses==0.1.7
+types-dataclasses==0.6.1
     # via -r requirements/typing.in
-types-setuptools==57.4.0
+types-setuptools==57.4.2
     # via -r requirements/typing.in
 typing-extensions==3.10.0.2
     # via mypy

From 60e4884171f630d2b155039784b9600341e6fa84 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 09:10:56 -0700
Subject: [PATCH 524/733] test Python 3.10 and 3.11

---
 .github/workflows/tests.yaml | 12 +++++++-----
 requirements/dev.txt         |  2 +-
 requirements/tests.txt       |  2 +-
 tox.ini                      |  2 +-
 4 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index b00a86634..4e48dd9cd 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -24,14 +24,16 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - {name: Linux, python: '3.9', os: ubuntu-latest, tox: py39}
-          - {name: Windows, python: '3.9', os: windows-latest, tox: py39}
-          - {name: Mac, python: '3.9', os: macos-latest, tox: py39}
+          - {name: Linux, python: '3.10', os: ubuntu-latest, tox: py310}
+          - {name: Windows, python: '3.10', os: windows-latest, tox: py310}
+          - {name: Mac, python: '3.10', os: macos-latest, tox: py310}
+          - {name: '3.11-dev', python: '3.11-dev', os: ubuntu-latest, tox: py311}
+          - {name: '3.9', python: '3.9', os: ubuntu-latest, tox: py39}
           - {name: '3.8', python: '3.8', os: ubuntu-latest, tox: py38}
           - {name: '3.7', python: '3.7', os: ubuntu-latest, tox: py37}
           - {name: '3.6', python: '3.6', os: ubuntu-latest, tox: py36}
-          - {name: 'PyPy', python: pypy3, os: ubuntu-latest, tox: pypy3}
-          - {name: Typing, python: '3.9', os: ubuntu-latest, tox: typing}
+          - {name: 'PyPy', python: 'pypy-3.7', os: ubuntu-latest, tox: pypy37}
+          - {name: Typing, python: '3.10', os: ubuntu-latest, tox: typing}
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-python@v2
diff --git a/requirements/dev.txt b/requirements/dev.txt
index f87b78018..dc9958797 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -74,7 +74,7 @@ pre-commit==2.15.0
     # via -r requirements/dev.in
 psutil==5.8.0
     # via pytest-xprocess
-py==1.10.0
+py==1.11.0
     # via
     #   pytest
     #   tox
diff --git a/requirements/tests.txt b/requirements/tests.txt
index f23970875..2510f0b48 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -20,7 +20,7 @@ pluggy==1.0.0
     # via pytest
 psutil==5.8.0
     # via pytest-xprocess
-py==1.10.0
+py==1.11.0
     # via pytest
 pycparser==2.20
     # via cffi
diff --git a/tox.ini b/tox.ini
index 460027dd8..cb24bdaa2 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,6 +1,6 @@
 [tox]
 envlist =
-    py{39,38,37,36,py3}
+    py3{11,10,9,8,7,6},pypy37
     style
     typing
     docs

From 7b52ecd8f3a67e19df32467a832761f4f0d97c8b Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 14:42:44 -0700
Subject: [PATCH 525/733] remove deprecated request/response mixins

---
 CHANGES.rst                                 |  5 ++
 src/werkzeug/wrappers/__init__.py           | 13 -----
 src/werkzeug/wrappers/accept.py             | 14 -----
 src/werkzeug/wrappers/auth.py               | 26 ---------
 src/werkzeug/wrappers/base_request.py       | 36 ------------
 src/werkzeug/wrappers/base_response.py      | 36 ------------
 src/werkzeug/wrappers/common_descriptors.py | 26 ---------
 src/werkzeug/wrappers/cors.py               | 26 ---------
 src/werkzeug/wrappers/etag.py               | 26 ---------
 src/werkzeug/wrappers/json.py               | 13 -----
 src/werkzeug/wrappers/request.py            | 48 ----------------
 src/werkzeug/wrappers/response.py           | 18 +-----
 src/werkzeug/wrappers/user_agent.py         | 14 -----
 tests/test_wrappers.py                      | 63 ---------------------
 14 files changed, 8 insertions(+), 356 deletions(-)
 delete mode 100644 src/werkzeug/wrappers/accept.py
 delete mode 100644 src/werkzeug/wrappers/auth.py
 delete mode 100644 src/werkzeug/wrappers/base_request.py
 delete mode 100644 src/werkzeug/wrappers/base_response.py
 delete mode 100644 src/werkzeug/wrappers/common_descriptors.py
 delete mode 100644 src/werkzeug/wrappers/cors.py
 delete mode 100644 src/werkzeug/wrappers/etag.py
 delete mode 100644 src/werkzeug/wrappers/json.py
 delete mode 100644 src/werkzeug/wrappers/user_agent.py

diff --git a/CHANGES.rst b/CHANGES.rst
index 3481fd210..63fa124e4 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -5,6 +5,11 @@ Version 2.1.0
 
 Unreleased
 
+-   Remove previously deprecated code. :pr:`2276`
+
+    -   Request and response mixins have all been merged into the
+        ``Request`` and ``Response`` classes.
+
 -   Default values passed to ``Headers`` are validated the same way
     values added later are. :issue:`1608`
 -   Setting ``CacheControl`` int properties, such as ``max_age``, will
diff --git a/src/werkzeug/wrappers/__init__.py b/src/werkzeug/wrappers/__init__.py
index eb69a9949..b8c45d71c 100644
--- a/src/werkzeug/wrappers/__init__.py
+++ b/src/werkzeug/wrappers/__init__.py
@@ -1,16 +1,3 @@
-from .accept import AcceptMixin
-from .auth import AuthorizationMixin
-from .auth import WWWAuthenticateMixin
-from .base_request import BaseRequest
-from .base_response import BaseResponse
-from .common_descriptors import CommonRequestDescriptorsMixin
-from .common_descriptors import CommonResponseDescriptorsMixin
-from .etag import ETagRequestMixin
-from .etag import ETagResponseMixin
-from .request import PlainRequest
 from .request import Request as Request
-from .request import StreamOnlyMixin
 from .response import Response as Response
 from .response import ResponseStream
-from .response import ResponseStreamMixin
-from .user_agent import UserAgentMixin
diff --git a/src/werkzeug/wrappers/accept.py b/src/werkzeug/wrappers/accept.py
deleted file mode 100644
index 9605e637d..000000000
--- a/src/werkzeug/wrappers/accept.py
+++ /dev/null
@@ -1,14 +0,0 @@
-import typing as t
-import warnings
-
-
-class AcceptMixin:
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'AcceptMixin' is deprecated and will be removed in"
-            " Werkzeug 2.1. 'Request' now includes the functionality"
-            " directly.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wrappers/auth.py b/src/werkzeug/wrappers/auth.py
deleted file mode 100644
index da31b7cf7..000000000
--- a/src/werkzeug/wrappers/auth.py
+++ /dev/null
@@ -1,26 +0,0 @@
-import typing as t
-import warnings
-
-
-class AuthorizationMixin:
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'AuthorizationMixin' is deprecated and will be removed in"
-            " Werkzeug 2.1. 'Request' now includes the functionality"
-            " directly.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(*args, **kwargs)  # type: ignore
-
-
-class WWWAuthenticateMixin:
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'WWWAuthenticateMixin' is deprecated and will be removed"
-            " in Werkzeug 2.1. 'Response' now includes the"
-            " functionality directly.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wrappers/base_request.py b/src/werkzeug/wrappers/base_request.py
deleted file mode 100644
index 451989fd7..000000000
--- a/src/werkzeug/wrappers/base_request.py
+++ /dev/null
@@ -1,36 +0,0 @@
-import typing as t
-import warnings
-
-from .request import Request
-
-
-class _FakeSubclassCheck(type):
-    def __subclasscheck__(cls, subclass: t.Type) -> bool:
-        warnings.warn(
-            "'BaseRequest' is deprecated and will be removed in"
-            " Werkzeug 2.1. Use 'issubclass(cls, Request)' instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        return issubclass(subclass, Request)
-
-    def __instancecheck__(cls, instance: t.Any) -> bool:
-        warnings.warn(
-            "'BaseRequest' is deprecated and will be removed in"
-            " Werkzeug 2.1. Use 'isinstance(obj, Request)' instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        return isinstance(instance, Request)
-
-
-class BaseRequest(Request, metaclass=_FakeSubclassCheck):
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'BaseRequest' is deprecated and will be removed in"
-            " Werkzeug 2.1. 'Request' now includes the functionality"
-            " directly.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(*args, **kwargs)
diff --git a/src/werkzeug/wrappers/base_response.py b/src/werkzeug/wrappers/base_response.py
deleted file mode 100644
index 3e0dc6766..000000000
--- a/src/werkzeug/wrappers/base_response.py
+++ /dev/null
@@ -1,36 +0,0 @@
-import typing as t
-import warnings
-
-from .response import Response
-
-
-class _FakeSubclassCheck(type):
-    def __subclasscheck__(cls, subclass: t.Type) -> bool:
-        warnings.warn(
-            "'BaseResponse' is deprecated and will be removed in"
-            " Werkzeug 2.1. Use 'issubclass(cls, Response)' instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        return issubclass(subclass, Response)
-
-    def __instancecheck__(cls, instance: t.Any) -> bool:
-        warnings.warn(
-            "'BaseResponse' is deprecated and will be removed in"
-            " Werkzeug 2.1. Use 'isinstance(obj, Response)' instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        return isinstance(instance, Response)
-
-
-class BaseResponse(Response, metaclass=_FakeSubclassCheck):
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'BaseResponse' is deprecated and will be removed in"
-            " Werkzeug 2.1. 'Response' now includes the functionality"
-            " directly.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(*args, **kwargs)
diff --git a/src/werkzeug/wrappers/common_descriptors.py b/src/werkzeug/wrappers/common_descriptors.py
deleted file mode 100644
index db87ea5fa..000000000
--- a/src/werkzeug/wrappers/common_descriptors.py
+++ /dev/null
@@ -1,26 +0,0 @@
-import typing as t
-import warnings
-
-
-class CommonRequestDescriptorsMixin:
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'CommonRequestDescriptorsMixin' is deprecated and will be"
-            " removed in Werkzeug 2.1. 'Request' now includes the"
-            " functionality directly.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(*args, **kwargs)  # type: ignore
-
-
-class CommonResponseDescriptorsMixin:
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'CommonResponseDescriptorsMixin' is deprecated and will be"
-            " removed in Werkzeug 2.1. 'Response' now includes the"
-            " functionality directly.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wrappers/cors.py b/src/werkzeug/wrappers/cors.py
deleted file mode 100644
index 89cf83ef8..000000000
--- a/src/werkzeug/wrappers/cors.py
+++ /dev/null
@@ -1,26 +0,0 @@
-import typing as t
-import warnings
-
-
-class CORSRequestMixin:
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'CORSRequestMixin' is deprecated and will be removed in"
-            " Werkzeug 2.1. 'Request' now includes the functionality"
-            " directly.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(*args, **kwargs)  # type: ignore
-
-
-class CORSResponseMixin:
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'CORSResponseMixin' is deprecated and will be removed in"
-            " Werkzeug 2.1. 'Response' now includes the functionality"
-            " directly.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wrappers/etag.py b/src/werkzeug/wrappers/etag.py
deleted file mode 100644
index 2e9015a58..000000000
--- a/src/werkzeug/wrappers/etag.py
+++ /dev/null
@@ -1,26 +0,0 @@
-import typing as t
-import warnings
-
-
-class ETagRequestMixin:
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'ETagRequestMixin' is deprecated and will be removed in"
-            " Werkzeug 2.1. 'Request' now includes the functionality"
-            " directly.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(*args, **kwargs)  # type: ignore
-
-
-class ETagResponseMixin:
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'ETagResponseMixin' is deprecated and will be removed in"
-            " Werkzeug 2.1. 'Response' now includes the functionality"
-            " directly.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wrappers/json.py b/src/werkzeug/wrappers/json.py
deleted file mode 100644
index ab6ed7ba9..000000000
--- a/src/werkzeug/wrappers/json.py
+++ /dev/null
@@ -1,13 +0,0 @@
-import typing as t
-import warnings
-
-
-class JSONMixin:
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'JSONMixin' is deprecated and will be removed in Werkzeug"
-            " 2.1. 'Request' now includes the functionality directly.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index 700cda04c..5ccfb0c1a 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -610,51 +610,3 @@ def on_json_loading_failed(self, e: ValueError) -> t.Any:
         :exc:`~werkzeug.exceptions.BadRequest`.
         """
         raise BadRequest(f"Failed to decode JSON object: {e}")
-
-
-class StreamOnlyMixin:
-    """Mixin to create a ``Request`` that disables the ``data``,
-    ``form``, and ``files`` properties. Only ``stream`` is available.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Create the request with
-        ``shallow=True`` instead.
-
-    .. versionadded:: 0.9
-    """
-
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'StreamOnlyMixin' is deprecated and will be removed in"
-            " Werkzeug 2.1. Create the request with 'shallow=True'"
-            " instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        kwargs["shallow"] = True
-        super().__init__(*args, **kwargs)  # type: ignore
-
-
-class PlainRequest(StreamOnlyMixin, Request):
-    """A request object without ``data``, ``form``, and ``files``.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Create the request with
-        ``shallow=True`` instead.
-
-    .. versionadded:: 0.9
-    """
-
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'PlainRequest' is deprecated and will be removed in"
-            " Werkzeug 2.1. Create the request with 'shallow=True'"
-            " instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-
-        # Don't show the DeprecationWarning for StreamOnlyMixin.
-        with warnings.catch_warnings():
-            warnings.simplefilter("ignore", DeprecationWarning)
-            super().__init__(*args, **kwargs)
diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py
index d365c4e09..5602cd61e 100644
--- a/src/werkzeug/wrappers/response.py
+++ b/src/werkzeug/wrappers/response.py
@@ -834,9 +834,9 @@ def add_etag(self, overwrite: bool = False, weak: bool = False) -> None:
 
 
 class ResponseStream:
-    """A file descriptor like object used by the :class:`ResponseStreamMixin` to
-    represent the body of the stream.  It directly pushes into the response
-    iterable of the response object.
+    """A file descriptor like object used by :meth:`Response.stream` to
+    represent the body of the stream. It directly pushes into the
+    response iterable of the response object.
     """
 
     mode = "wb+"
@@ -876,15 +876,3 @@ def tell(self) -> int:
     @property
     def encoding(self) -> str:
         return self.response.charset
-
-
-class ResponseStreamMixin:
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'ResponseStreamMixin' is deprecated and will be removed in"
-            " Werkzeug 2.1. 'Response' now includes the functionality"
-            " directly.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/src/werkzeug/wrappers/user_agent.py b/src/werkzeug/wrappers/user_agent.py
deleted file mode 100644
index 184ffd023..000000000
--- a/src/werkzeug/wrappers/user_agent.py
+++ /dev/null
@@ -1,14 +0,0 @@
-import typing as t
-import warnings
-
-
-class UserAgentMixin:
-    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
-        warnings.warn(
-            "'UserAgentMixin' is deprecated and will be removed in"
-            " Werkzeug 2.1. 'Request' now includes the functionality"
-            " directly.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(*args, **kwargs)  # type: ignore
diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py
index 913033070..5ed4a56d4 100644
--- a/tests/test_wrappers.py
+++ b/tests/test_wrappers.py
@@ -29,9 +29,6 @@
 from werkzeug.test import Client
 from werkzeug.test import create_environ
 from werkzeug.test import run_wsgi_app
-from werkzeug.wrappers.cors import CORSRequestMixin
-from werkzeug.wrappers.cors import CORSResponseMixin
-from werkzeug.wrappers.json import JSONMixin
 from werkzeug.wsgi import LimitedStream
 from werkzeug.wsgi import wrap_file
 
@@ -1608,66 +1605,6 @@ def test_cache_disabled(self):
             request.get_json()
 
 
-@pytest.mark.parametrize(
-    "cls",
-    [
-        wrappers.BaseRequest,
-        wrappers.CommonRequestDescriptorsMixin,
-        wrappers.AcceptMixin,
-        wrappers.ETagRequestMixin,
-        wrappers.UserAgentMixin,
-        wrappers.AuthorizationMixin,
-        wrappers.StreamOnlyMixin,
-        wrappers.PlainRequest,
-        CORSRequestMixin,
-        JSONMixin,
-    ],
-)
-def test_request_mixins_deprecated(cls):
-    class CheckRequest(cls, wrappers.Request):
-        pass
-
-    with pytest.deprecated_call(match=cls.__name__):
-        CheckRequest({"SERVER_NAME": "example.org", "SERVER_PORT": "80"})
-
-
-@pytest.mark.parametrize(
-    "cls",
-    [
-        wrappers.BaseResponse,
-        wrappers.CommonResponseDescriptorsMixin,
-        wrappers.ResponseStreamMixin,
-        wrappers.ETagResponseMixin,
-        wrappers.WWWAuthenticateMixin,
-        CORSResponseMixin,
-        JSONMixin,
-    ],
-)
-def test_response_mixins_deprecated(cls):
-    class CheckResponse(cls, wrappers.Response):
-        pass
-
-    with pytest.deprecated_call(match=cls.__name__):
-        CheckResponse()
-
-
-def test_check_base_deprecated():
-    with pytest.deprecated_call(match=r"issubclass\(cls, Request\)"):
-        assert issubclass(wrappers.Request, wrappers.BaseRequest)
-
-    with pytest.deprecated_call(match=r"isinstance\(obj, Request\)"):
-        assert isinstance(
-            wrappers.Request({"SERVER_NAME": "example.org", "SERVER_PORT": "80"}),
-            wrappers.BaseRequest,
-        )
-
-    with pytest.deprecated_call(match=r"issubclass\(cls, Response\)"):
-        assert issubclass(wrappers.Response, wrappers.BaseResponse)
-
-    with pytest.deprecated_call(match=r"isinstance\(obj, Response\)"):
-        assert isinstance(wrappers.Response(), wrappers.BaseResponse)
-
-
 def test_response_freeze_no_etag_deprecated():
     with pytest.deprecated_call(match="no_etag"):
         Response("Hello, World!").freeze(no_etag=True)

From 7d3933e188463d7efe832def75a4dc8934564f5a Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 14:45:30 -0700
Subject: [PATCH 526/733] remove deprecated has_key method

---
 CHANGES.rst                    |  2 ++
 src/werkzeug/datastructures.py | 28 ----------------------------
 2 files changed, 2 insertions(+), 28 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 63fa124e4..c16fb4d90 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -9,6 +9,8 @@ Unreleased
 
     -   Request and response mixins have all been merged into the
         ``Request`` and ``Response`` classes.
+    -   The ``has_key`` method on some datastructures; use
+        ``key in data`` instead.
 
 -   Default values passed to ``Headers`` are validated the same way
     values added later are. :issue:`1608`
diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index b36798f50..39d725257 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -1082,20 +1082,6 @@ def __contains__(self, key):
             return False
         return True
 
-    def has_key(self, key):
-        """
-        .. deprecated:: 2.0
-            Will be removed in Werkzeug 2.1. Use ``key in data``
-            instead.
-        """
-        warnings.warn(
-            "'has_key' is deprecated and will be removed in Werkzeug"
-            " 2.1. Use 'key in data' instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        return key in self
-
     def __iter__(self):
         """Yield ``(key, value)`` tuples."""
         return iter(self._list)
@@ -1548,20 +1534,6 @@ def __contains__(self, key):
                 return True
         return False
 
-    def has_key(self, key):
-        """
-        .. deprecated:: 2.0
-            Will be removed in Werkzeug 2.1. Use ``key in data``
-            instead.
-        """
-        warnings.warn(
-            "'has_key' is deprecated and will be removed in Werkzeug"
-            " 2.1. Use 'key in data' instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        return key in self
-
     def __repr__(self):
         return f"{type(self).__name__}({self.dicts!r})"
 

From a4608ed698764f047c563a62adeaf10be6d4ec31 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 14:47:07 -0700
Subject: [PATCH 527/733] remove deprecated cache_property name

---
 CHANGES.rst                    |  2 +-
 src/werkzeug/datastructures.py | 11 -----------
 2 files changed, 1 insertion(+), 12 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index c16fb4d90..b0ecfa192 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -9,7 +9,7 @@ Unreleased
 
     -   Request and response mixins have all been merged into the
         ``Request`` and ``Response`` classes.
-    -   The ``has_key`` method on some datastructures; use
+    -   The ``has_key`` method on some mapping datastructures; use
         ``key in data`` instead.
 
 -   Default values passed to ``Headers`` are validated the same way
diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index 39d725257..d44bd16c3 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -2,7 +2,6 @@
 import codecs
 import mimetypes
 import re
-import warnings
 from collections.abc import Collection
 from collections.abc import MutableSet
 from copy import deepcopy
@@ -1963,16 +1962,6 @@ def cache_control_property(key, empty, type):
     )
 
 
-def cache_property(key, empty, type):
-    warnings.warn(
-        "'cache_property' is renamed to 'cache_control_property'. The"
-        " old name is deprecated and will be removed in Werkzeug 2.1.",
-        DeprecationWarning,
-        stacklevel=2,
-    )
-    return cache_control_property(key, empty, type)
-
-
 class _CacheControl(UpdateDictMixin, dict):
     """Subclass of a dict that stores values for a Cache-Control header.  It
     has accessors for all the cache-control directives specified in RFC 2616.

From 28fa9cc8269d4cc8b33ba4e53dd208c0d85aa85e Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 14:57:21 -0700
Subject: [PATCH 528/733] remove deprecated user agent parser

---
 CHANGES.rst                    |   4 +
 docs/utils.rst                 |  16 ---
 src/werkzeug/sansio/request.py |   3 +-
 src/werkzeug/useragents.py     | 215 -----------------------------
 tests/test_useragents.py       |  52 -------
 tests/test_wrappers.py         | 238 +--------------------------------
 6 files changed, 7 insertions(+), 521 deletions(-)
 delete mode 100644 src/werkzeug/useragents.py
 delete mode 100644 tests/test_useragents.py

diff --git a/CHANGES.rst b/CHANGES.rst
index b0ecfa192..ed38a27f7 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -9,6 +9,10 @@ Unreleased
 
     -   Request and response mixins have all been merged into the
         ``Request`` and ``Response`` classes.
+    -   The user agent parser and the ``useragents`` module is removed.
+        The ``user_agent`` module provides an interface that can be
+        subclassed to add a parser, such as ua-parser. By default it
+        only stores the whole string.
     -   The ``has_key`` method on some mapping datastructures; use
         ``key in data`` instead.
 
diff --git a/docs/utils.rst b/docs/utils.rst
index 9fb2077c7..39494327b 100644
--- a/docs/utils.rst
+++ b/docs/utils.rst
@@ -62,22 +62,6 @@ User Agent API
     :member-order: bysource
 
 
-UserAgent Parsing (deprecated)
-==============================
-
-.. module:: werkzeug.useragents
-
-.. deprecated:: 2.0
-    This module will be removed in Werkzeug 2.1. Subclass
-    :class:`werkzeug.user_agent.UserAgent` to use a dedicated parser
-    instead.
-
-.. autoclass:: UserAgent
-    :members:
-    :inherited-members:
-    :member-order: bysource
-
-
 Security Helpers
 ================
 
diff --git a/src/werkzeug/sansio/request.py b/src/werkzeug/sansio/request.py
index 2c21a2134..3802403d9 100644
--- a/src/werkzeug/sansio/request.py
+++ b/src/werkzeug/sansio/request.py
@@ -29,7 +29,6 @@
 from ..http import parse_set_header
 from ..urls import url_decode
 from ..user_agent import UserAgent
-from ..useragents import _UserAgent as _DeprecatedUserAgent
 from ..utils import cached_property
 from ..utils import header_property
 from .utils import get_current_url
@@ -95,7 +94,7 @@ class Request:
     #: .. versionadded:: 0.6
     list_storage_class: t.Type[t.List] = ImmutableList
 
-    user_agent_class = _DeprecatedUserAgent
+    user_agent_class: t.Type[UserAgent] = UserAgent
     """The class used and returned by the :attr:`user_agent` property to
     parse the header. Defaults to
     :class:`~werkzeug.user_agent.UserAgent`, which does no parsing. An
diff --git a/src/werkzeug/useragents.py b/src/werkzeug/useragents.py
deleted file mode 100644
index 4deed8f46..000000000
--- a/src/werkzeug/useragents.py
+++ /dev/null
@@ -1,215 +0,0 @@
-import re
-import typing as t
-import warnings
-
-from .user_agent import UserAgent as _BaseUserAgent
-
-if t.TYPE_CHECKING:
-    from _typeshed.wsgi import WSGIEnvironment
-
-
-class _UserAgentParser:
-    platform_rules: t.ClassVar[t.Iterable[t.Tuple[str, str]]] = (
-        (" cros ", "chromeos"),
-        ("iphone|ios", "iphone"),
-        ("ipad", "ipad"),
-        (r"darwin\b|mac\b|os\s*x", "macos"),
-        ("win", "windows"),
-        (r"android", "android"),
-        ("netbsd", "netbsd"),
-        ("openbsd", "openbsd"),
-        ("freebsd", "freebsd"),
-        ("dragonfly", "dragonflybsd"),
-        ("(sun|i86)os", "solaris"),
-        (r"x11\b|lin(\b|ux)?", "linux"),
-        (r"nintendo\s+wii", "wii"),
-        ("irix", "irix"),
-        ("hp-?ux", "hpux"),
-        ("aix", "aix"),
-        ("sco|unix_sv", "sco"),
-        ("bsd", "bsd"),
-        ("amiga", "amiga"),
-        ("blackberry|playbook", "blackberry"),
-        ("symbian", "symbian"),
-    )
-    browser_rules: t.ClassVar[t.Iterable[t.Tuple[str, str]]] = (
-        ("googlebot", "google"),
-        ("msnbot", "msn"),
-        ("yahoo", "yahoo"),
-        ("ask jeeves", "ask"),
-        (r"aol|america\s+online\s+browser", "aol"),
-        (r"opera|opr", "opera"),
-        ("edge|edg", "edge"),
-        ("chrome|crios", "chrome"),
-        ("seamonkey", "seamonkey"),
-        ("firefox|firebird|phoenix|iceweasel", "firefox"),
-        ("galeon", "galeon"),
-        ("safari|version", "safari"),
-        ("webkit", "webkit"),
-        ("camino", "camino"),
-        ("konqueror", "konqueror"),
-        ("k-meleon", "kmeleon"),
-        ("netscape", "netscape"),
-        (r"msie|microsoft\s+internet\s+explorer|trident/.+? rv:", "msie"),
-        ("lynx", "lynx"),
-        ("links", "links"),
-        ("Baiduspider", "baidu"),
-        ("bingbot", "bing"),
-        ("mozilla", "mozilla"),
-    )
-
-    _browser_version_re = r"(?:{pattern})[/\sa-z(]*(\d+[.\da-z]+)?"
-    _language_re = re.compile(
-        r"(?:;\s*|\s+)(\b\w{2}\b(?:-\b\w{2}\b)?)\s*;|"
-        r"(?:\(|\[|;)\s*(\b\w{2}\b(?:-\b\w{2}\b)?)\s*(?:\]|\)|;)"
-    )
-
-    def __init__(self) -> None:
-        self.platforms = [(b, re.compile(a, re.I)) for a, b in self.platform_rules]
-        self.browsers = [
-            (b, re.compile(self._browser_version_re.format(pattern=a), re.I))
-            for a, b in self.browser_rules
-        ]
-
-    def __call__(
-        self, user_agent: str
-    ) -> t.Tuple[t.Optional[str], t.Optional[str], t.Optional[str], t.Optional[str]]:
-        platform: t.Optional[str]
-        browser: t.Optional[str]
-        version: t.Optional[str]
-        language: t.Optional[str]
-
-        for platform, regex in self.platforms:  # noqa: B007
-            match = regex.search(user_agent)
-            if match is not None:
-                break
-        else:
-            platform = None
-
-        # Except for Trident, all browser key words come after the last ')'
-        last_closing_paren = 0
-        if (
-            not re.compile(r"trident/.+? rv:", re.I).search(user_agent)
-            and ")" in user_agent
-            and user_agent[-1] != ")"
-        ):
-            last_closing_paren = user_agent.rindex(")")
-
-        for browser, regex in self.browsers:  # noqa: B007
-            match = regex.search(user_agent[last_closing_paren:])
-            if match is not None:
-                version = match.group(1)
-                break
-        else:
-            browser = version = None
-        match = self._language_re.search(user_agent)
-        if match is not None:
-            language = match.group(1) or match.group(2)
-        else:
-            language = None
-        return platform, browser, version, language
-
-
-# It wasn't public, but users might have imported it anyway, show a
-# warning if a user created an instance.
-class UserAgentParser(_UserAgentParser):
-    """A simple user agent parser.  Used by the `UserAgent`.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Use a dedicated parser library
-        instead.
-    """
-
-    def __init__(self) -> None:
-        warnings.warn(
-            "'UserAgentParser' is deprecated and will be removed in"
-            " Werkzeug 2.1. Use a dedicated parser library instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__()
-
-
-class _deprecated_property(property):
-    def __init__(self, fget: t.Callable[["_UserAgent"], t.Any]) -> None:
-        super().__init__(fget)
-        self.message = (
-            "The built-in user agent parser is deprecated and will be"
-            f" removed in Werkzeug 2.1. The {fget.__name__!r} property"
-            " will be 'None'. Subclass 'werkzeug.user_agent.UserAgent'"
-            " and set 'Request.user_agent_class' to use a different"
-            " parser."
-        )
-
-    def __get__(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
-        warnings.warn(self.message, DeprecationWarning, stacklevel=3)
-        return super().__get__(*args, **kwargs)
-
-
-# This is what Request.user_agent returns for now, only show warnings on
-# attribute access, not creation.
-class _UserAgent(_BaseUserAgent):
-    _parser = _UserAgentParser()
-
-    def __init__(self, string: str) -> None:
-        super().__init__(string)
-        info = self._parser(string)
-        self._platform, self._browser, self._version, self._language = info
-
-    @_deprecated_property
-    def platform(self) -> t.Optional[str]:  # type: ignore
-        return self._platform
-
-    @_deprecated_property
-    def browser(self) -> t.Optional[str]:  # type: ignore
-        return self._browser
-
-    @_deprecated_property
-    def version(self) -> t.Optional[str]:  # type: ignore
-        return self._version
-
-    @_deprecated_property
-    def language(self) -> t.Optional[str]:  # type: ignore
-        return self._language
-
-
-# This is what users might be importing, show warnings on create.
-class UserAgent(_UserAgent):
-    """Represents a parsed user agent header value.
-
-    This uses a basic parser to try to extract some information from the
-    header.
-
-    :param environ_or_string: The header value to parse, or a WSGI
-        environ containing the header.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Subclass
-        :class:`werkzeug.user_agent.UserAgent` (note the new module
-        name) to use a dedicated parser instead.
-
-    .. versionchanged:: 2.0
-        Passing a WSGI environ is deprecated and will be removed in 2.1.
-    """
-
-    def __init__(self, environ_or_string: "t.Union[str, WSGIEnvironment]") -> None:
-        if isinstance(environ_or_string, dict):
-            warnings.warn(
-                "Passing an environ to 'UserAgent' is deprecated and"
-                " will be removed in Werkzeug 2.1. Pass the header"
-                " value string instead.",
-                DeprecationWarning,
-                stacklevel=2,
-            )
-            string = environ_or_string.get("HTTP_USER_AGENT", "")
-        else:
-            string = environ_or_string
-
-        warnings.warn(
-            "The 'werkzeug.useragents' module is deprecated and will be"
-            " removed in Werkzeug 2.1. The new base API is"
-            " 'werkzeug.user_agent.UserAgent'.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        super().__init__(string)
diff --git a/tests/test_useragents.py b/tests/test_useragents.py
deleted file mode 100644
index aeeb512a2..000000000
--- a/tests/test_useragents.py
+++ /dev/null
@@ -1,52 +0,0 @@
-"""
-    tests.urls
-    ~~~~~~~~~~
-
-    URL helper tests.
-
-    :copyright: 2020 Pallets
-    :license: BSD-3-Clause
-"""
-import pytest
-
-from werkzeug import useragents
-
-
-@pytest.mark.parametrize(
-    ("user_agent", "platform", "browser", "version", "language"),
-    (
-        (
-            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36 Edge/13.10586",  # noqa B950
-            "windows",
-            "edge",
-            "13.10586",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Edg/81.0.416.68",  # noqa B950
-            "windows",
-            "edge",
-            "81.0.416.68",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4123.0 Safari/537.36 Edg/84.0.499.0",  # noqa B950
-            "windows",
-            "edge",
-            "84.0.499.0",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (Linux; Android 9; motorola one macro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.111 Mobile Safari/537.36",  # noqa B950
-            "android",
-            "chrome",
-            "84.0.4147.111",
-            None,
-        ),
-    ),
-)
-def test_edge_browsers(user_agent, platform, browser, version, language):
-    with pytest.deprecated_call():
-        parsed = useragents.UserAgentParser()(user_agent)
-
-    assert parsed == (platform, browser, version, language)
diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py
index 5ed4a56d4..9784d70d5 100644
--- a/tests/test_wrappers.py
+++ b/tests/test_wrappers.py
@@ -443,247 +443,13 @@ def test_etag_request():
     assert request.if_unmodified_since == dt
 
 
-@pytest.mark.parametrize(
-    ("user_agent", "browser", "platform", "version", "language"),
-    (
-        (
-            "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) "
-            "Gecko/20071127 Firefox/2.0.0.11",
-            "firefox",
-            "macos",
-            "2.0.0.11",
-            "en-US",
-        ),
-        (
-            "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de-DE) Opera 8.54",
-            "opera",
-            "windows",
-            "8.54",
-            "de-DE",
-        ),
-        (
-            "Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420 "
-            "(KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3",
-            "safari",
-            "iphone",
-            "3.0",
-            "en",
-        ),
-        (
-            "Bot Googlebot/2.1 ( http://www.googlebot.com/bot.html)",
-            "google",
-            None,
-            "2.1",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (X11; CrOS armv7l 3701.81.0) AppleWebKit/537.31 "
-            "(KHTML, like Gecko) Chrome/26.0.1410.57 Safari/537.31",
-            "chrome",
-            "chromeos",
-            "26.0.1410.57",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; .NET4.0E; rv:11.0) like Gecko",
-            "msie",
-            "windows",
-            "11.0",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (SymbianOS/9.3; Series60/3.2 NokiaE5-00/101.003; "
-            "Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/533.4 "
-            "(KHTML, like Gecko) NokiaBrowser/7.3.1.35 Mobile Safari/533.4 3gpp-gba",
-            "safari",
-            "symbian",
-            "533.4",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (X11; OpenBSD amd64; rv:45.0) Gecko/20100101 Firefox/45.0",
-            "firefox",
-            "openbsd",
-            "45.0",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (X11; NetBSD amd64; rv:45.0) Gecko/20100101 Firefox/45.0",
-            "firefox",
-            "netbsd",
-            "45.0",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (X11; FreeBSD amd64) AppleWebKit/537.36 (KHTML, like Gecko) "
-            "Chrome/48.0.2564.103 Safari/537.36",
-            "chrome",
-            "freebsd",
-            "48.0.2564.103",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Firefox/45.0",
-            "firefox",
-            "freebsd",
-            "45.0",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (X11; U; NetBSD amd64; en-US; rv:) Gecko/20150921 "
-            "SeaMonkey/1.1.18",
-            "seamonkey",
-            "netbsd",
-            "1.1.18",
-            "en-US",
-        ),
-        (
-            "Mozilla/5.0 (Windows; U; Windows NT 6.2; WOW64; rv:1.8.0.7) "
-            "Gecko/20110321 MultiZilla/4.33.2.6a SeaMonkey/8.6.55",
-            "seamonkey",
-            "windows",
-            "8.6.55",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120427 Firefox/12.0 "
-            "SeaMonkey/2.9",
-            "seamonkey",
-            "linux",
-            "2.9",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (compatible; Baiduspider/2.0; "
-            "+http://www.baidu.com/search/spider.html)",
-            "baidu",
-            None,
-            "2.0",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (X11; SunOS i86pc; rv:38.0) Gecko/20100101 Firefox/38.0",
-            "firefox",
-            "solaris",
-            "38.0",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 "
-            "Iceweasel/38.7.1",
-            "firefox",
-            "linux",
-            "38.0",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 "
-            "(KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36",
-            "chrome",
-            "windows",
-            "50.0.2661.75",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)",
-            "bing",
-            None,
-            "2.0",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (X11; DragonFly x86_64) AppleWebKit/537.36 "
-            "(KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36",
-            "chrome",
-            "dragonflybsd",
-            "47.0.2526.106",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (X11; U; DragonFly i386; de; rv:1.9.1) "
-            "Gecko/20090720 Firefox/3.5.1",
-            "firefox",
-            "dragonflybsd",
-            "3.5.1",
-            "de",
-        ),
-        (
-            "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36"
-            "(KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 OPR/60.0.3255.95",
-            "opera",
-            "macos",
-            "60.0.3255.95",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (Linux; Android 4.4.4; Google Nexus 7 2013 - 4.4.4 - "
-            "API 19 - 1200x1920 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) "
-            "Chrome/51.0.2704.106 Crosswalk/21.51.546.7 Safari/537.36",
-            "chrome",
-            "android",
-            "51.0.2704.106",
-            None,
-        ),
-        (
-            "Mozilla/5.0 (Linux; Android; motorola edge) AppleWebKit/537.36 "
-            "(KHTML, like Gecko) Chrome/85.0.4183.81 Mobile Safari/537.36",
-            "chrome",
-            "android",
-            "85.0.4183.81",
-            None,
-        ),
-        (
-            "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; "
-            ".NET CLR 1.1.4322)",
-            "msie",
-            "windows",
-            "7.0",
-            None,
-        ),
-    ),
-)
-def test_user_agent(user_agent, browser, platform, version, language):
+def test_user_agent():
+    user_agent = "Mozilla/5.0 (X11; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0"
     request = wrappers.Request({"HTTP_USER_AGENT": user_agent})
-
     assert request.user_agent.to_header() == user_agent
     assert str(request.user_agent) == user_agent
     assert request.user_agent.string == user_agent
 
-    with pytest.deprecated_call():
-        assert request.user_agent.browser == browser
-
-    with pytest.deprecated_call():
-        assert request.user_agent.platform == platform
-
-    with pytest.deprecated_call():
-        assert request.user_agent.version == version
-
-    with pytest.deprecated_call():
-        assert request.user_agent.language == language
-
-    with pytest.deprecated_call():
-        assert bool(request.user_agent)
-
-    from werkzeug import useragents
-
-    with pytest.deprecated_call():
-        useragents.UserAgent("")
-
-    with pytest.deprecated_call(match="environ"):
-        useragents.UserAgent({})
-
-    with pytest.deprecated_call():
-        useragents.UserAgentParser()
-
-
-def test_invalid_user_agent():
-    request = wrappers.Request(
-        {"HTTP_USER_AGENT": "foo", "SERVER_NAME": "eggs", "SERVER_PORT": "80"}
-    )
-
-    with pytest.deprecated_call():
-        assert not request.user_agent
-
 
 def test_stream_wrapping():
     class LowercasingStream:

From c364c52be3cb6f69384683a5debf2155dd49a4ac Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 15:06:45 -0700
Subject: [PATCH 529/733] remove deprecated Request.disable_data_descriptor

---
 CHANGES.rst                      |  2 ++
 src/werkzeug/wrappers/request.py | 25 +++----------------------
 2 files changed, 5 insertions(+), 22 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index ed38a27f7..afcf3c74e 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -15,6 +15,8 @@ Unreleased
         only stores the whole string.
     -   The ``has_key`` method on some mapping datastructures; use
         ``key in data`` instead.
+    -   ``Request.disable_data_descriptor`` is removed, pass
+        ``shallow=True`` instead.
 
 -   Default values passed to ``Headers`` are validated the same way
     values added later are. :issue:`1608`
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index 5ccfb0c1a..a23fe81b2 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -2,7 +2,6 @@
 import json
 import typing
 import typing as t
-import warnings
 from io import BytesIO
 
 from .._internal import _wsgi_decoding_dance
@@ -50,6 +49,9 @@ class Request(_SansIORequest):
         prevent consuming the form data in middleware, which would make
         it unavailable to the final application.
 
+    .. versionchanged:: 2.1
+        Remove the ``disable_data_descriptor`` attribute.
+
     .. versionchanged:: 2.0
         Combine ``BaseRequest`` and mixins into a single ``Request``
         class. Using the old classes is deprecated and will be removed
@@ -85,16 +87,6 @@ class Request(_SansIORequest):
     #: the form date parsing.
     form_data_parser_class: t.Type[FormDataParser] = FormDataParser
 
-    #: Disable the :attr:`data` property to avoid reading from the input
-    #: stream.
-    #:
-    #: .. deprecated:: 2.0
-    #:     Will be removed in Werkzeug 2.1. Create the request with
-    #:     ``shallow=True`` instead.
-    #:
-    #: .. versionadded:: 0.9
-    disable_data_descriptor: t.Optional[bool] = None
-
     #: The WSGI environment containing HTTP headers and information from
     #: the WSGI server.
     environ: "WSGIEnvironment"
@@ -125,17 +117,6 @@ def __init__(
             remote_addr=environ.get("REMOTE_ADDR"),
         )
         self.environ = environ
-
-        if self.disable_data_descriptor is not None:
-            warnings.warn(
-                "'disable_data_descriptor' is deprecated and will be"
-                " removed in Werkzeug 2.1. Create the request with"
-                " 'shallow=True' instead.",
-                DeprecationWarning,
-                stacklevel=2,
-            )
-            shallow = shallow or self.disable_data_descriptor
-
         self.shallow = shallow
 
         if populate_request and not shallow:

From c5677d0ed02edd7c80a7497ce83657e082310589 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 15:11:45 -0700
Subject: [PATCH 530/733] remove deprecated Response.freeze no_etag parameter

---
 CHANGES.rst                       |  1 +
 src/werkzeug/wrappers/response.py | 14 ++++----------
 tests/test_wrappers.py            |  5 -----
 3 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index afcf3c74e..c978a45c0 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -17,6 +17,7 @@ Unreleased
         ``key in data`` instead.
     -   ``Request.disable_data_descriptor`` is removed, pass
         ``shallow=True`` instead.
+    -   Remove the ``no_etag`` parameter from ``Response.freeze()``.
 
 -   Default values passed to ``Headers`` are validated the same way
     values added later are. :issue:`1608`
diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py
index 5602cd61e..6bfa6325d 100644
--- a/src/werkzeug/wrappers/response.py
+++ b/src/werkzeug/wrappers/response.py
@@ -444,7 +444,7 @@ def __enter__(self) -> "Response":
     def __exit__(self, exc_type, exc_value, tb):  # type: ignore
         self.close()
 
-    def freeze(self, no_etag: None = None) -> None:
+    def freeze(self) -> None:
         """Make the response object ready to be pickled. Does the
         following:
 
@@ -454,6 +454,9 @@ def freeze(self, no_etag: None = None) -> None:
         *   Set the ``Content-Length`` header.
         *   Generate an ``ETag`` header if one is not already set.
 
+        .. versionchanged:: 2.1
+            Removed the ``no_etag`` parameter.
+
         .. versionchanged:: 2.0
             An ``ETag`` header is added, the ``no_etag`` parameter is
             deprecated and will be removed in Werkzeug 2.1.
@@ -465,15 +468,6 @@ def freeze(self, no_etag: None = None) -> None:
         # implicit_sequence_conversion and direct_passthrough.
         self.response = list(self.iter_encoded())
         self.headers["Content-Length"] = str(sum(map(len, self.response)))
-
-        if no_etag is not None:
-            warnings.warn(
-                "The 'no_etag' parameter is deprecated and will be"
-                " removed in Werkzeug 2.1.",
-                DeprecationWarning,
-                stacklevel=2,
-            )
-
         self.add_etag()
 
     def get_wsgi_headers(self, environ: "WSGIEnvironment") -> Headers:
diff --git a/tests/test_wrappers.py b/tests/test_wrappers.py
index 9784d70d5..86fdf8762 100644
--- a/tests/test_wrappers.py
+++ b/tests/test_wrappers.py
@@ -1371,11 +1371,6 @@ def test_cache_disabled(self):
             request.get_json()
 
 
-def test_response_freeze_no_etag_deprecated():
-    with pytest.deprecated_call(match="no_etag"):
-        Response("Hello, World!").freeze(no_etag=True)
-
-
 def test_response_coop():
     response = wrappers.Response("Hello World")
     assert response.cross_origin_opener_policy is COOP.UNSAFE_NONE

From 7d2784f139b7ef3c14c63e73d8b616ae440838ad Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 15:29:53 -0700
Subject: [PATCH 531/733] remove deprecated test response tuple behavior

---
 CHANGES.rst          |  3 +++
 src/werkzeug/test.py | 53 +++++++++++++-------------------------------
 tests/test_test.py   | 12 ----------
 3 files changed, 18 insertions(+), 50 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index c978a45c0..2ee1c2a87 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -13,6 +13,9 @@ Unreleased
         The ``user_agent`` module provides an interface that can be
         subclassed to add a parser, such as ua-parser. By default it
         only stores the whole string.
+    -   The test client returns ``TestResponse`` instances and can no
+        longer be treated as a tuple. All data is available as
+        properties on the response.
     -   The ``has_key`` method on some mapping datastructures; use
         ``key in data`` instead.
     -   ``Request.disable_data_descriptor`` is removed, pass
diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py
index a8d656caf..624db4826 100644
--- a/src/werkzeug/test.py
+++ b/src/werkzeug/test.py
@@ -1,7 +1,6 @@
 import mimetypes
 import sys
 import typing as t
-import warnings
 from collections import defaultdict
 from datetime import datetime
 from datetime import timedelta
@@ -839,6 +838,11 @@ class Client:
     `allow_subdomain_redirects` to `True` as if not no external redirects
     are allowed.
 
+    .. versionchanged:: 2.1
+        Removed deprecated behavior of treating the response as a
+        tuple. All data is available as properties on the returned
+        response object.
+
     .. versionchanged:: 2.0
         ``response_wrapper`` is always a subclass of
         :class:``TestResponse``.
@@ -1013,7 +1017,6 @@ def resolve_redirect(
     def open(
         self,
         *args: t.Any,
-        as_tuple: bool = False,
         buffered: bool = False,
         follow_redirects: bool = False,
         **kwargs: t.Any,
@@ -1032,6 +1035,9 @@ def open(
             :attr:`TestResponse.history` lists the intermediate
             responses.
 
+        .. versionchanged:: 2.1
+            Removed the ``as_tuple`` parameter.
+
         .. versionchanged:: 2.0
             ``as_tuple`` is deprecated and will be removed in Werkzeug
             2.1. Use :attr:`TestResponse.request` and
@@ -1111,16 +1117,6 @@ def open(
             # the input is an open temporary file.
             response.call_on_close(request.input_stream.close)
 
-        if as_tuple:
-            warnings.warn(
-                "'as_tuple' is deprecated and will be removed in"
-                " Werkzeug 2.1. Access 'response.request.environ'"
-                " instead.",
-                DeprecationWarning,
-                stacklevel=2,
-            )
-            return request.environ, response  # type: ignore
-
         return response
 
     def get(self, *args: t.Any, **kw: t.Any) -> "TestResponse":
@@ -1273,6 +1269,13 @@ class TestResponse(Response):
     If the test request included large files, or if the application is
     serving a file, call :meth:`close` to close any open files and
     prevent Python showing a ``ResourceWarning``.
+
+    .. versionchanged:: 2.1
+        Removed deprecated behavior for treating the response instance
+        as a tuple.
+
+    .. versionadded:: 2.0
+        Test client methods always return instances of this class.
     """
 
     request: Request
@@ -1298,29 +1301,3 @@ def __init__(
         self.request = request
         self.history = history
         self._compat_tuple = response, status, headers
-
-    def __iter__(self) -> t.Iterator:
-        warnings.warn(
-            (
-                "The test client no longer returns a tuple, it returns"
-                " a 'TestResponse'. Tuple unpacking is deprecated and"
-                " will be removed in Werkzeug 2.1. Access the"
-                " attributes 'data', 'status', and 'headers' instead."
-            ),
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        return iter(self._compat_tuple)
-
-    def __getitem__(self, item: int) -> t.Any:
-        warnings.warn(
-            (
-                "The test client no longer returns a tuple, it returns"
-                " a 'TestResponse'. Item indexing is deprecated and"
-                " will be removed in Werkzeug 2.1. Access the"
-                " attributes 'data', 'status', and 'headers' instead."
-            ),
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        return self._compat_tuple[item]
diff --git a/tests/test_test.py b/tests/test_test.py
index 25333b2af..a558f5e26 100644
--- a/tests/test_test.py
+++ b/tests/test_test.py
@@ -870,15 +870,3 @@ def app(request):
 
     response = client.get("/%3f?")  # escaped ? in path, and empty query string
     assert response.get_data(as_text=True) == "/?\n/%3f?"
-
-
-def test_deprecated_tuple():
-    app = Request.application(lambda r: Response())
-    client = Client(app)
-    response = client.get()
-
-    with pytest.deprecated_call():
-        assert len(list(response)) == 3
-
-    with pytest.deprecated_call():
-        assert response[1] == "200 OK"

From 8665e2f0d2b4cf8c47d1f42c2f67aa670afd114d Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 15:38:26 -0700
Subject: [PATCH 532/733] remove deprecated HTTPException.wrap method

---
 CHANGES.rst                |  1 +
 src/werkzeug/exceptions.py | 69 ++------------------------------------
 2 files changed, 4 insertions(+), 66 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 2ee1c2a87..d0481988f 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -21,6 +21,7 @@ Unreleased
     -   ``Request.disable_data_descriptor`` is removed, pass
         ``shallow=True`` instead.
     -   Remove the ``no_etag`` parameter from ``Response.freeze()``.
+    -   Remove the ``HTTPException.wrap`` class method.
 
 -   Default values passed to ``Headers`` are validated the same way
     values added later are. :issue:`1608`
diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py
index 16c3964d2..374cc9206 100644
--- a/src/werkzeug/exceptions.py
+++ b/src/werkzeug/exceptions.py
@@ -43,9 +43,7 @@ def application(request):
             return e
 
 """
-import sys
 import typing as t
-import warnings
 from datetime import datetime
 from html import escape
 
@@ -64,6 +62,9 @@ class HTTPException(Exception):
     """The base class for all HTTP exceptions. This exception can be called as a WSGI
     application to render a default error page or you can catch the subclasses
     of it independently and render nicer error messages.
+
+    .. versionchanged:: 2.1
+        Removed the ``wrap`` class method.
     """
 
     code: t.Optional[int] = None
@@ -79,70 +80,6 @@ def __init__(
             self.description = description
         self.response = response
 
-    @classmethod
-    def wrap(
-        cls, exception: t.Type[BaseException], name: t.Optional[str] = None
-    ) -> t.Type["HTTPException"]:
-        """Create an exception that is a subclass of the calling HTTP
-        exception and the ``exception`` argument.
-
-        The first argument to the class will be passed to the
-        wrapped ``exception``, the rest to the HTTP exception. If
-        ``e.args`` is not empty and ``e.show_exception`` is ``True``,
-        the wrapped exception message is added to the HTTP error
-        description.
-
-        .. deprecated:: 2.0
-            Will be removed in Werkzeug 2.1. Create a subclass manually
-            instead.
-
-        .. versionchanged:: 0.15.5
-            The ``show_exception`` attribute controls whether the
-            description includes the wrapped exception message.
-
-        .. versionchanged:: 0.15.0
-            The description includes the wrapped exception message.
-        """
-        warnings.warn(
-            "'HTTPException.wrap' is deprecated and will be removed in"
-            " Werkzeug 2.1. Create a subclass manually instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-
-        class newcls(cls, exception):  # type: ignore
-            _description = cls.description
-            show_exception = False
-
-            def __init__(
-                self, arg: t.Optional[t.Any] = None, *args: t.Any, **kwargs: t.Any
-            ) -> None:
-                super().__init__(*args, **kwargs)
-
-                if arg is None:
-                    exception.__init__(self)
-                else:
-                    exception.__init__(self, arg)
-
-            @property
-            def description(self) -> str:
-                if self.show_exception:
-                    return (
-                        f"{self._description}\n"
-                        f"{exception.__name__}: {exception.__str__(self)}"
-                    )
-
-                return self._description  # type: ignore
-
-            @description.setter
-            def description(self, value: str) -> None:
-                self._description = value
-
-        newcls.__module__ = sys._getframe(1).f_globals["__name__"]
-        name = name or cls.__name__ + exception.__name__
-        newcls.__name__ = newcls.__qualname__ = name
-        return newcls
-
     @property
     def name(self) -> str:
         """The status name."""

From 3ae3abb0258fa7a76a16b49544eb0418fbc96568 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 15:40:53 -0700
Subject: [PATCH 533/733] remove deprecated parse_multipart_headers

---
 src/werkzeug/formparser.py | 40 --------------------------------------
 1 file changed, 40 deletions(-)

diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py
index 6cb758feb..10d58ca3f 100644
--- a/src/werkzeug/formparser.py
+++ b/src/werkzeug/formparser.py
@@ -1,12 +1,10 @@
 import typing as t
-import warnings
 from functools import update_wrapper
 from io import BytesIO
 from itertools import chain
 from typing import Union
 
 from . import exceptions
-from ._internal import _to_str
 from .datastructures import FileStorage
 from .datastructures import Headers
 from .datastructures import MultiDict
@@ -339,44 +337,6 @@ def _line_parse(line: str) -> t.Tuple[str, bool]:
     return line, False
 
 
-def parse_multipart_headers(iterable: t.Iterable[bytes]) -> Headers:
-    """Parses multipart headers from an iterable that yields lines (including
-    the trailing newline symbol).  The iterable has to be newline terminated.
-    The iterable will stop at the line where the headers ended so it can be
-    further consumed.
-    :param iterable: iterable of strings that are newline terminated
-    """
-    warnings.warn(
-        "'parse_multipart_headers' is deprecated and will be removed in"
-        " Werkzeug 2.1.",
-        DeprecationWarning,
-        stacklevel=2,
-    )
-    result: t.List[t.Tuple[str, str]] = []
-
-    for b_line in iterable:
-        line = _to_str(b_line)
-        line, line_terminated = _line_parse(line)
-
-        if not line_terminated:
-            raise ValueError("unexpected end of line in multipart header")
-
-        if not line:
-            break
-        elif line[0] in " \t" and result:
-            key, value = result[-1]
-            result[-1] = (key, f"{value}\n {line[1:]}")
-        else:
-            parts = line.split(":", 1)
-
-            if len(parts) == 2:
-                result.append((parts[0].strip(), parts[1].strip()))
-
-    # we link the list to the headers, no need to create a copy, the
-    # list was not shared anyways.
-    return Headers(result)
-
-
 class MultiPartParser:
     def __init__(
         self,

From 8c82bf4d5b4a45b7f489303b21b15acc37a49692 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 15:42:25 -0700
Subject: [PATCH 534/733] remove deprecated cookie_date function

---
 CHANGES.rst          |  1 +
 docs/http.rst        |  2 --
 src/werkzeug/http.py | 18 ------------------
 3 files changed, 1 insertion(+), 20 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index d0481988f..b97beb905 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -22,6 +22,7 @@ Unreleased
         ``shallow=True`` instead.
     -   Remove the ``no_etag`` parameter from ``Response.freeze()``.
     -   Remove the ``HTTPException.wrap`` class method.
+    -   Remove the ``cookie_date`` function. Use ``http_date`` instead.
 
 -   Default values passed to ``Headers`` are validated the same way
     values added later are. :issue:`1608`
diff --git a/docs/http.rst b/docs/http.rst
index 3db53506a..cbf4e04ed 100644
--- a/docs/http.rst
+++ b/docs/http.rst
@@ -32,8 +32,6 @@ naive.
 
 .. autofunction:: http_date
 
-.. autofunction:: cookie_date
-
 
 Header Parsing
 ==============
diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py
index ca48fe215..3da08b396 100644
--- a/src/werkzeug/http.py
+++ b/src/werkzeug/http.py
@@ -947,24 +947,6 @@ def parse_date(value: t.Optional[str]) -> t.Optional[datetime]:
     return dt
 
 
-def cookie_date(
-    expires: t.Optional[t.Union[datetime, date, int, float, struct_time]] = None
-) -> str:
-    """Format a datetime object or timestamp into an :rfc:`2822` date
-    string for ``Set-Cookie expires``.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Use :func:`http_date` instead.
-    """
-    warnings.warn(
-        "'cookie_date' is deprecated and will be removed in Werkzeug"
-        " 2.1. Use 'http_date' instead.",
-        DeprecationWarning,
-        stacklevel=2,
-    )
-    return http_date(expires)
-
-
 def http_date(
     timestamp: t.Optional[t.Union[datetime, date, int, float, struct_time]] = None
 ) -> str:

From 047762d1f465927baf58308daa0d0bbe9037d9ad Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 15:50:33 -0700
Subject: [PATCH 535/733] remove deprecated dev server shutdown function

---
 CHANGES.rst             |  3 +++
 docs/serving.rst        | 21 ---------------------
 src/werkzeug/serving.py | 23 -----------------------
 3 files changed, 3 insertions(+), 44 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index b97beb905..eb27b8aed 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -7,6 +7,9 @@ Unreleased
 
 -   Remove previously deprecated code. :pr:`2276`
 
+    -   Remove the non-standard ``shutdown`` function from the WSGI
+        environ when running the development server. See the docs for
+        alternatives.
     -   Request and response mixins have all been merged into the
         ``Request`` and ``Response`` classes.
     -   The user agent parser and the ``useragents`` module is removed.
diff --git a/docs/serving.rst b/docs/serving.rst
index 666829fdf..693774c53 100644
--- a/docs/serving.rst
+++ b/docs/serving.rst
@@ -148,27 +148,6 @@ technique and should be preferred for security. Another method could be
 to start a :mod:`subprocess` process and send the value back over
 ``stdout``.
 
-.. deprecated:: 2.0
-
-    Shutting down the server with
-    ``environ["werkzeug.server.shutdown"]`` is deprecated and will be
-    removed in Werkzeug 2.1.
-
-The development server provides a way to shutdown the server from a
-request. This will only work with the development server. The
-development server injects a function into the WSGI environ with the
-``"werkzeug.server.shutdown"`` key.
-
-.. code-block:: python
-
-    def shutdown_server(environ):
-        shutdown = environ.get("werkzeug.server.shutdown")
-
-        if shutdown is None:
-            raise RuntimeError("Not running the development server.")
-
-        shutdown()
-
 
 Troubleshooting
 ---------------
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 197b6fb9a..4f55baa68 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -14,7 +14,6 @@
 import io
 import os
 import platform
-import signal
 import socket
 import socketserver
 import sys
@@ -158,15 +157,6 @@ def server_version(self) -> str:  # type: ignore
 
     def make_environ(self) -> "WSGIEnvironment":
         request_url = url_parse(self.path)
-
-        def shutdown_server() -> None:
-            warnings.warn(
-                "The 'environ['werkzeug.server.shutdown']' function is"
-                " deprecated and will be removed in Werkzeug 2.1.",
-                stacklevel=2,
-            )
-            self.server.shutdown_signal = True
-
         url_scheme = "http" if self.server.ssl_context is None else "https"
 
         if not self.client_address:
@@ -192,7 +182,6 @@ def shutdown_server() -> None:
             "wsgi.multithread": self.server.multithread,
             "wsgi.multiprocess": self.server.multiprocess,
             "wsgi.run_once": False,
-            "werkzeug.server.shutdown": shutdown_server,
             "werkzeug.socket": self.connection,
             "SERVER_SOFTWARE": self.server_version,
             "REQUEST_METHOD": self.command,
@@ -347,16 +336,6 @@ def handle(self) -> None:
                 self.log_error("SSL error occurred: %s", e)
             else:
                 raise
-        if self.server.shutdown_signal:
-            self.initiate_shutdown()
-
-    def initiate_shutdown(self) -> None:
-        if is_running_from_reloader():
-            # Windows does not provide SIGKILL, go with SIGTERM then.
-            sig = getattr(signal, "SIGKILL", signal.SIGTERM)
-            os.kill(os.getpid(), sig)
-
-        self.server._BaseServer__shutdown_request = True  # type: ignore
 
     def connection_dropped(
         self, error: BaseException, environ: t.Optional["WSGIEnvironment"] = None
@@ -689,7 +668,6 @@ def __init__(
 
         self.app = app
         self.passthrough_errors = passthrough_errors
-        self.shutdown_signal = False
         self.host = host
         self.port = self.socket.getsockname()[1]
 
@@ -714,7 +692,6 @@ def log(self, type: str, message: str, *args: t.Any) -> None:
         _log(type, message, *args)
 
     def serve_forever(self, poll_interval: float = 0.5) -> None:
-        self.shutdown_signal = False
         try:
             super().serve_forever(poll_interval=poll_interval)
         except KeyboardInterrupt:

From 1e504e27e46f174b9f4384dfcd92f8285b86eaec Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 15:58:02 -0700
Subject: [PATCH 536/733] remove deprecated werkzeug.serving cli

---
 CHANGES.rst             |  1 +
 src/werkzeug/serving.py | 51 -----------------------------------------
 2 files changed, 1 insertion(+), 51 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index eb27b8aed..feac6bc85 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -19,6 +19,7 @@ Unreleased
     -   The test client returns ``TestResponse`` instances and can no
         longer be treated as a tuple. All data is available as
         properties on the response.
+    -   Remove the ``python -m werkzeug.serving`` CLI.
     -   The ``has_key`` method on some mapping datastructures; use
         ``key in data`` instead.
     -   ``Request.disable_data_descriptor`` is removed, pass
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 4f55baa68..573b99869 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -1005,54 +1005,3 @@ def run_with_reloader(*args: t.Any, **kwargs: t.Any) -> None:
         stacklevel=2,
     )
     _rwr(*args, **kwargs)
-
-
-def main() -> None:
-    """A simple command-line interface for :py:func:`run_simple`."""
-    import argparse
-    from .utils import import_string
-
-    _log("warning", "This CLI is deprecated and will be removed in version 2.1.")
-
-    parser = argparse.ArgumentParser(
-        description="Run the given WSGI application with the development server.",
-        allow_abbrev=False,
-    )
-    parser.add_argument(
-        "-b",
-        "--bind",
-        dest="address",
-        help="The hostname:port the app should listen on.",
-    )
-    parser.add_argument(
-        "-d",
-        "--debug",
-        action="store_true",
-        help="Show the interactive debugger for unhandled exceptions.",
-    )
-    parser.add_argument(
-        "-r",
-        "--reload",
-        action="store_true",
-        help="Reload the process if modules change.",
-    )
-    parser.add_argument(
-        "application", help="Application to import and serve, in the form module:app."
-    )
-    args = parser.parse_args()
-    hostname, port = None, None
-
-    if args.address:
-        hostname, _, port = args.address.partition(":")
-
-    run_simple(
-        hostname=hostname or "127.0.0.1",
-        port=int(port or 5000),
-        application=import_string(args.application),
-        use_reloader=args.reload,
-        use_debugger=args.debug,
-    )
-
-
-if __name__ == "__main__":
-    main()

From a0e15e6c43c585a7e1bc2a3f4c3936083373001b Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 15:58:47 -0700
Subject: [PATCH 537/733] remove deprecated run_with_reloader internal function

---
 src/werkzeug/serving.py | 21 ---------------------
 1 file changed, 21 deletions(-)

diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 573b99869..38f7b748d 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -18,7 +18,6 @@
 import socketserver
 import sys
 import typing as t
-import warnings
 from datetime import datetime as dt
 from datetime import timedelta
 from datetime import timezone
@@ -985,23 +984,3 @@ def inner() -> None:
         )
     else:
         inner()
-
-
-def run_with_reloader(*args: t.Any, **kwargs: t.Any) -> None:
-    """Run a process with the reloader. This is not a public API, do
-    not use this function.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1.
-    """
-    from ._reloader import run_with_reloader as _rwr
-
-    warnings.warn(
-        (
-            "'run_with_reloader' is a private API, it will no longer be"
-            " accessible in Werkzeug 2.1. Use 'run_simple' instead."
-        ),
-        DeprecationWarning,
-        stacklevel=2,
-    )
-    _rwr(*args, **kwargs)

From 9dee4cdeef7384a0d3873fa46a65cfb9c089718b Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 16:05:22 -0700
Subject: [PATCH 538/733] remove deprecated thread-local code from locals

---
 CHANGES.rst           |  3 ++
 docs/local.rst        |  2 +-
 src/werkzeug/local.py | 99 +------------------------------------------
 3 files changed, 5 insertions(+), 99 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index feac6bc85..3c8d93be8 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -19,6 +19,9 @@ Unreleased
     -   The test client returns ``TestResponse`` instances and can no
         longer be treated as a tuple. All data is available as
         properties on the response.
+    -   Remove ``locals.get_ident`` and related thread-local code from
+        ``locals``, it no longer makes sense when moving to a
+        contextvars-based implementation.
     -   Remove the ``python -m werkzeug.serving`` CLI.
     -   The ``has_key`` method on some mapping datastructures; use
         ``key in data`` instead.
diff --git a/docs/local.rst b/docs/local.rst
index 1e5639766..e4651a44e 100644
--- a/docs/local.rst
+++ b/docs/local.rst
@@ -68,7 +68,7 @@ context.
 .. autofunction:: release_local
 
 .. autoclass:: LocalManager
-   :members: cleanup, make_middleware, middleware, get_ident
+   :members: cleanup, make_middleware, middleware
 
 .. autoclass:: LocalStack
    :members: push, pop, top
diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index b4dee7b4d..724297f04 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -3,7 +3,6 @@
 import operator
 import sys
 import typing as t
-import warnings
 from functools import partial
 from functools import update_wrapper
 
@@ -22,17 +21,6 @@
     from threading import get_ident as _get_ident
 
 
-def get_ident() -> int:
-    warnings.warn(
-        "'get_ident' is deprecated and will be removed in Werkzeug"
-        " 2.1. Use 'greenlet.getcurrent' or 'threading.get_ident' for"
-        " previous behavior.",
-        DeprecationWarning,
-        stacklevel=2,
-    )
-    return _get_ident()  # type: ignore
-
-
 class _CannotUseContextVar(Exception):
     pass
 
@@ -119,34 +107,6 @@ class Local:
     def __init__(self) -> None:
         object.__setattr__(self, "_storage", ContextVar("local_storage"))
 
-    @property
-    def __storage__(self) -> t.Dict[str, t.Any]:
-        warnings.warn(
-            "'__storage__' is deprecated and will be removed in Werkzeug 2.1.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        return self._storage.get({})  # type: ignore
-
-    @property
-    def __ident_func__(self) -> t.Callable[[], int]:
-        warnings.warn(
-            "'__ident_func__' is deprecated and will be removed in"
-            " Werkzeug 2.1. It should not be used in Python 3.7+.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        return _get_ident  # type: ignore
-
-    @__ident_func__.setter
-    def __ident_func__(self, func: t.Callable[[], int]) -> None:
-        warnings.warn(
-            "'__ident_func__' is deprecated and will be removed in"
-            " Werkzeug 2.1. Setting it no longer has any effect.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-
     def __iter__(self) -> t.Iterator[t.Tuple[int, t.Any]]:
         return iter(self._storage.get({}).items())
 
@@ -211,14 +171,6 @@ def __init__(self) -> None:
     def __release_local__(self) -> None:
         self._local.__release_local__()
 
-    @property
-    def __ident_func__(self) -> t.Callable[[], int]:
-        return self._local.__ident_func__
-
-    @__ident_func__.setter
-    def __ident_func__(self, value: t.Callable[[], int]) -> None:
-        object.__setattr__(self._local, "__ident_func__", value)
-
     def __call__(self) -> "LocalProxy":
         def _lookup() -> t.Any:
             rv = self.top
@@ -279,9 +231,7 @@ class LocalManager:
     """
 
     def __init__(
-        self,
-        locals: t.Optional[t.Iterable[t.Union[Local, LocalStack]]] = None,
-        ident_func: None = None,
+        self, locals: t.Optional[t.Iterable[t.Union[Local, LocalStack]]] = None
     ) -> None:
         if locals is None:
             self.locals = []
@@ -290,53 +240,6 @@ def __init__(
         else:
             self.locals = list(locals)
 
-        if ident_func is not None:
-            warnings.warn(
-                "'ident_func' is deprecated and will be removed in"
-                " Werkzeug 2.1. Setting it no longer has any effect.",
-                DeprecationWarning,
-                stacklevel=2,
-            )
-
-    @property
-    def ident_func(self) -> t.Callable[[], int]:
-        warnings.warn(
-            "'ident_func' is deprecated and will be removed in Werkzeug 2.1.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        return _get_ident  # type: ignore
-
-    @ident_func.setter
-    def ident_func(self, func: t.Callable[[], int]) -> None:
-        warnings.warn(
-            "'ident_func' is deprecated and will be removedin Werkzeug"
-            " 2.1. Setting it no longer has any effect.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-
-    def get_ident(self) -> int:
-        """Return the context identifier the local objects use internally for
-        this context.  You cannot override this method to change the behavior
-        but use it to link other context local objects (such as SQLAlchemy's
-        scoped sessions) to the Werkzeug locals.
-
-        .. deprecated:: 2.0
-            Will be removed in Werkzeug 2.1.
-
-        .. versionchanged:: 0.7
-           You can pass a different ident function to the local manager that
-           will then be propagated to all the locals passed to the
-           constructor.
-        """
-        warnings.warn(
-            "'get_ident' is deprecated and will be removed in Werkzeug 2.1.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        return self.ident_func()
-
     def cleanup(self) -> None:
         """Manually clean up the data in the locals for this context.  Call
         this at the end of the request or use `make_middleware()`.

From 7fff62feaaa5ae398d443ecf4349adc826d7da6a Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 16:07:48 -0700
Subject: [PATCH 539/733] remove deprecated pbkdf2 security functions

---
 CHANGES.rst              |   3 ++
 docs/utils.rst           |   8 ---
 src/werkzeug/security.py | 112 ---------------------------------------
 3 files changed, 3 insertions(+), 120 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 3c8d93be8..4233dbd2c 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -30,6 +30,9 @@ Unreleased
     -   Remove the ``no_etag`` parameter from ``Response.freeze()``.
     -   Remove the ``HTTPException.wrap`` class method.
     -   Remove the ``cookie_date`` function. Use ``http_date`` instead.
+    -   Remove the ``pbkdf2_hex``, ``pbkdf2_bin``, and ``safe_str_cmp``
+        functions. Use equivalents in ``hashlib`` and ``hmac`` modules
+        instead.
 
 -   Default values passed to ``Headers`` are validated the same way
     values added later are. :issue:`1608`
diff --git a/docs/utils.rst b/docs/utils.rst
index 39494327b..af245d730 100644
--- a/docs/utils.rst
+++ b/docs/utils.rst
@@ -67,20 +67,12 @@ Security Helpers
 
 .. module:: werkzeug.security
 
-.. versionadded:: 0.6.1
-
 .. autofunction:: generate_password_hash
 
 .. autofunction:: check_password_hash
 
-.. autofunction:: safe_str_cmp
-
 .. autofunction:: safe_join
 
-.. autofunction:: pbkdf2_hex
-
-.. autofunction:: pbkdf2_bin
-
 
 Logging
 =======
diff --git a/src/werkzeug/security.py b/src/werkzeug/security.py
index e23040af9..e3597198a 100644
--- a/src/werkzeug/security.py
+++ b/src/werkzeug/security.py
@@ -4,7 +4,6 @@
 import posixpath
 import secrets
 import typing as t
-import warnings
 
 if t.TYPE_CHECKING:
     pass
@@ -17,117 +16,6 @@
 )
 
 
-def pbkdf2_hex(
-    data: t.Union[str, bytes],
-    salt: t.Union[str, bytes],
-    iterations: int = DEFAULT_PBKDF2_ITERATIONS,
-    keylen: t.Optional[int] = None,
-    hashfunc: t.Optional[t.Union[str, t.Callable]] = None,
-) -> str:
-    """Like :func:`pbkdf2_bin`, but returns a hex-encoded string.
-
-    :param data: the data to derive.
-    :param salt: the salt for the derivation.
-    :param iterations: the number of iterations.
-    :param keylen: the length of the resulting key.  If not provided,
-                   the digest size will be used.
-    :param hashfunc: the hash function to use.  This can either be the
-                     string name of a known hash function, or a function
-                     from the hashlib module.  Defaults to sha256.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Use :func:`hashlib.pbkdf2_hmac`
-        instead.
-
-    .. versionadded:: 0.9
-    """
-    warnings.warn(
-        "'pbkdf2_hex' is deprecated and will be removed in Werkzeug"
-        " 2.1. Use 'hashlib.pbkdf2_hmac().hex()' instead.",
-        DeprecationWarning,
-        stacklevel=2,
-    )
-    return pbkdf2_bin(data, salt, iterations, keylen, hashfunc).hex()
-
-
-def pbkdf2_bin(
-    data: t.Union[str, bytes],
-    salt: t.Union[str, bytes],
-    iterations: int = DEFAULT_PBKDF2_ITERATIONS,
-    keylen: t.Optional[int] = None,
-    hashfunc: t.Optional[t.Union[str, t.Callable]] = None,
-) -> bytes:
-    """Returns a binary digest for the PBKDF2 hash algorithm of `data`
-    with the given `salt`. It iterates `iterations` times and produces a
-    key of `keylen` bytes. By default, SHA-256 is used as hash function;
-    a different hashlib `hashfunc` can be provided.
-
-    :param data: the data to derive.
-    :param salt: the salt for the derivation.
-    :param iterations: the number of iterations.
-    :param keylen: the length of the resulting key.  If not provided
-                   the digest size will be used.
-    :param hashfunc: the hash function to use.  This can either be the
-                     string name of a known hash function or a function
-                     from the hashlib module.  Defaults to sha256.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Use :func:`hashlib.pbkdf2_hmac`
-        instead.
-
-    .. versionadded:: 0.9
-    """
-    warnings.warn(
-        "'pbkdf2_bin' is deprecated and will be removed in Werkzeug"
-        " 2.1. Use 'hashlib.pbkdf2_hmac()' instead.",
-        DeprecationWarning,
-        stacklevel=2,
-    )
-
-    if isinstance(data, str):
-        data = data.encode("utf8")
-
-    if isinstance(salt, str):
-        salt = salt.encode("utf8")
-
-    if not hashfunc:
-        hash_name = "sha256"
-    elif callable(hashfunc):
-        hash_name = hashfunc().name
-    else:
-        hash_name = hashfunc
-
-    return hashlib.pbkdf2_hmac(hash_name, data, salt, iterations, keylen)
-
-
-def safe_str_cmp(a: str, b: str) -> bool:
-    """This function compares strings in somewhat constant time.  This
-    requires that the length of at least one string is known in advance.
-
-    Returns `True` if the two strings are equal, or `False` if they are not.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Use
-        :func:`hmac.compare_digest` instead.
-
-    .. versionadded:: 0.7
-    """
-    warnings.warn(
-        "'safe_str_cmp' is deprecated and will be removed in Werkzeug"
-        " 2.1. Use 'hmac.compare_digest' instead.",
-        DeprecationWarning,
-        stacklevel=2,
-    )
-
-    if isinstance(a, str):
-        a = a.encode("utf-8")  # type: ignore
-
-    if isinstance(b, str):
-        b = b.encode("utf-8")  # type: ignore
-
-    return hmac.compare_digest(a, b)
-
-
 def gen_salt(length: int) -> str:
     """Generate a random string of SALT_CHARS with specified ``length``."""
     if length <= 0:

From 2289ea0076aad5a209a0d514131bbcd34c652224 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 16:29:30 -0700
Subject: [PATCH 540/733] remove deprecated invalidate_cached_property

---
 CHANGES.rst           |   3 +
 docs/utils.rst        |   2 -
 src/werkzeug/urls.py  | 145 ------------------------------------------
 src/werkzeug/utils.py |  34 ----------
 4 files changed, 3 insertions(+), 181 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 4233dbd2c..933ade26c 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -33,6 +33,9 @@ Unreleased
     -   Remove the ``pbkdf2_hex``, ``pbkdf2_bin``, and ``safe_str_cmp``
         functions. Use equivalents in ``hashlib`` and ``hmac`` modules
         instead.
+    -   Remove the ``Href`` class.
+    -   Remove the ``invalidate_cached_property`` function. Use
+        ``del obj.attr`` instead.
 
 -   Default values passed to ``Headers`` are validated the same way
     values added later are. :issue:`1608`
diff --git a/docs/utils.rst b/docs/utils.rst
index af245d730..62d92330f 100644
--- a/docs/utils.rst
+++ b/docs/utils.rst
@@ -23,8 +23,6 @@ General Helpers
 .. autoclass:: cached_property
    :members:
 
-.. autofunction:: invalidate_cached_property
-
 .. autoclass:: environ_property
 
 .. autoclass:: header_property
diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py
index 9529da0c7..1cb9418d2 100644
--- a/src/werkzeug/urls.py
+++ b/src/werkzeug/urls.py
@@ -7,7 +7,6 @@
 import os
 import re
 import typing as t
-import warnings
 
 from ._internal import _check_str_tuple
 from ._internal import _decode_idna
@@ -819,7 +818,6 @@ def iri_to_uri(
 def url_decode(
     s: t.AnyStr,
     charset: str = "utf-8",
-    decode_keys: None = None,
     include_empty: bool = True,
     errors: str = "replace",
     separator: str = "&",
@@ -847,12 +845,6 @@ def url_decode(
     .. versionchanged:: 0.5
         The ``cls`` parameter was added.
     """
-    if decode_keys is not None:
-        warnings.warn(
-            "'decode_keys' is deprecated and will be removed in Werkzeug 2.1.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
     if cls is None:
         from .datastructures import MultiDict  # noqa: F811
 
@@ -871,13 +863,11 @@ def url_decode(
 def url_decode_stream(
     stream: t.IO[bytes],
     charset: str = "utf-8",
-    decode_keys: None = None,
     include_empty: bool = True,
     errors: str = "replace",
     separator: bytes = b"&",
     cls: t.Optional[t.Type["ds.MultiDict"]] = None,
     limit: t.Optional[int] = None,
-    return_iterator: bool = False,
 ) -> "ds.MultiDict[str, str]":
     """Works like :func:`url_decode` but decodes a stream.  The behavior
     of stream and limit follows functions like
@@ -905,24 +895,9 @@ def url_decode_stream(
     """
     from .wsgi import make_chunk_iter
 
-    if decode_keys is not None:
-        warnings.warn(
-            "'decode_keys' is deprecated and will be removed in Werkzeug 2.1.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-
     pair_iter = make_chunk_iter(stream, separator, limit)
     decoder = _url_decode_impl(pair_iter, charset, include_empty, errors)
 
-    if return_iterator:
-        warnings.warn(
-            "'return_iterator' is deprecated and will be removed in Werkzeug 2.1.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        return decoder  # type: ignore
-
     if cls is None:
         from .datastructures import MultiDict  # noqa: F811
 
@@ -955,7 +930,6 @@ def _url_decode_impl(
 def url_encode(
     obj: t.Union[t.Mapping[str, str], t.Iterable[t.Tuple[str, str]]],
     charset: str = "utf-8",
-    encode_keys: None = None,
     sort: bool = False,
     key: t.Optional[t.Callable[[t.Tuple[str, str]], t.Any]] = None,
     separator: str = "&",
@@ -978,12 +952,6 @@ def url_encode(
     .. versionchanged:: 0.5
         Added the ``sort``, ``key``, and ``separator`` parameters.
     """
-    if encode_keys is not None:
-        warnings.warn(
-            "'encode_keys' is deprecated and will be removed in Werkzeug 2.1.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
     separator = _to_str(separator, "ascii")
     return separator.join(_url_encode_impl(obj, charset, sort, key))
 
@@ -992,7 +960,6 @@ def url_encode_stream(
     obj: t.Union[t.Mapping[str, str], t.Iterable[t.Tuple[str, str]]],
     stream: t.Optional[t.IO[str]] = None,
     charset: str = "utf-8",
-    encode_keys: None = None,
     sort: bool = False,
     key: t.Optional[t.Callable[[t.Tuple[str, str]], t.Any]] = None,
     separator: str = "&",
@@ -1017,12 +984,6 @@ def url_encode_stream(
 
     .. versionadded:: 0.8
     """
-    if encode_keys is not None:
-        warnings.warn(
-            "'encode_keys' is deprecated and will be removed in Werkzeug 2.1.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
     separator = _to_str(separator, "ascii")
     gen = _url_encode_impl(obj, charset, sort, key)
     if stream is None:
@@ -1103,109 +1064,3 @@ def url_join(
 
     path = s("/").join(segments)
     return url_unparse((scheme, netloc, path, query, fragment))
-
-
-class Href:
-    """Implements a callable that constructs URLs with the given base. The
-    function can be called with any number of positional and keyword
-    arguments which than are used to assemble the URL.  Works with URLs
-    and posix paths.
-
-    Positional arguments are appended as individual segments to
-    the path of the URL:
-
-    >>> href = Href('/foo')
-    >>> href('bar', 23)
-    '/foo/bar/23'
-    >>> href('foo', bar=23)
-    '/foo/foo?bar=23'
-
-    If any of the arguments (positional or keyword) evaluates to `None` it
-    will be skipped.  If no keyword arguments are given the last argument
-    can be a :class:`dict` or :class:`MultiDict` (or any other dict subclass),
-    otherwise the keyword arguments are used for the query parameters, cutting
-    off the first trailing underscore of the parameter name:
-
-    >>> href(is_=42)
-    '/foo?is=42'
-    >>> href({'foo': 'bar'})
-    '/foo?foo=bar'
-
-    Combining of both methods is not allowed:
-
-    >>> href({'foo': 'bar'}, bar=42)
-    Traceback (most recent call last):
-      ...
-    TypeError: keyword arguments and query-dicts can't be combined
-
-    Accessing attributes on the href object creates a new href object with
-    the attribute name as prefix:
-
-    >>> bar_href = href.bar
-    >>> bar_href("blub")
-    '/foo/bar/blub'
-
-    If `sort` is set to `True` the items are sorted by `key` or the default
-    sorting algorithm:
-
-    >>> href = Href("/", sort=True)
-    >>> href(a=1, b=2, c=3)
-    '/?a=1&b=2&c=3'
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Use :mod:`werkzeug.routing`
-        instead.
-
-    .. versionadded:: 0.5
-        `sort` and `key` were added.
-    """
-
-    def __init__(  # type: ignore
-        self, base="./", charset="utf-8", sort=False, key=None
-    ):
-        warnings.warn(
-            "'Href' is deprecated and will be removed in Werkzeug 2.1."
-            " Use 'werkzeug.routing' instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-
-        if not base:
-            base = "./"
-        self.base = base
-        self.charset = charset
-        self.sort = sort
-        self.key = key
-
-    def __getattr__(self, name):  # type: ignore
-        if name[:2] == "__":
-            raise AttributeError(name)
-        base = self.base
-        if base[-1:] != "/":
-            base += "/"
-        return Href(url_join(base, name), self.charset, self.sort, self.key)
-
-    def __call__(self, *path, **query):  # type: ignore
-        if path and isinstance(path[-1], dict):
-            if query:
-                raise TypeError("keyword arguments and query-dicts can't be combined")
-            query, path = path[-1], path[:-1]
-        elif query:
-            query = {k[:-1] if k.endswith("_") else k: v for k, v in query.items()}
-        path = "/".join(
-            [
-                _to_str(url_quote(x, self.charset), "ascii")
-                for x in path
-                if x is not None
-            ]
-        ).lstrip("/")
-        rv = self.base
-        if path:
-            if not rv.endswith("/"):
-                rv += "/"
-            rv = url_join(rv, f"./{path}")
-        if query:
-            rv += "?" + _to_str(
-                url_encode(query, self.charset, sort=self.sort, key=self.key), "ascii"
-            )
-        return rv
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index 900723149..a2a55e1db 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -103,40 +103,6 @@ def __delete__(self, obj: object) -> None:
         del obj.__dict__[self.__name__]
 
 
-def invalidate_cached_property(obj: object, name: str) -> None:
-    """Invalidates the cache for a :class:`cached_property`:
-
-    >>> class Test(object):
-    ...     @cached_property
-    ...     def magic_number(self):
-    ...         print("recalculating...")
-    ...         return 42
-    ...
-    >>> var = Test()
-    >>> var.magic_number
-    recalculating...
-    42
-    >>> var.magic_number
-    42
-    >>> invalidate_cached_property(var, "magic_number")
-    >>> var.magic_number
-    recalculating...
-    42
-
-    You must pass the name of the cached property as the second argument.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Use ``del obj.name`` instead.
-    """
-    warnings.warn(
-        "'invalidate_cached_property' is deprecated and will be removed"
-        " in Werkzeug 2.1. Use 'del obj.name' instead.",
-        DeprecationWarning,
-        stacklevel=2,
-    )
-    delattr(obj, name)
-
-
 class environ_property(_DictAccessorProperty[_TAccessorValue]):
     """Maps request attributes to environment variables. This works not only
     for the Werkzeug request object, but also any other class with an

From a28aaa67e31da82eb68cfbd1cd353d5e6ba111a9 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 19:05:14 -0700
Subject: [PATCH 541/733] remove deprecated HTMLBuilder class

---
 CHANGES.rst           |   1 +
 docs/utils.rst        |   2 -
 src/werkzeug/utils.py | 138 ------------------------------------------
 3 files changed, 1 insertion(+), 140 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 933ade26c..6d0930794 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -34,6 +34,7 @@ Unreleased
         functions. Use equivalents in ``hashlib`` and ``hmac`` modules
         instead.
     -   Remove the ``Href`` class.
+    -   Remove the ``HTMLBuilder`` class.
     -   Remove the ``invalidate_cached_property`` function. Use
         ``del obj.attr`` instead.
 
diff --git a/docs/utils.rst b/docs/utils.rst
index 62d92330f..f4f668146 100644
--- a/docs/utils.rst
+++ b/docs/utils.rst
@@ -10,8 +10,6 @@ HTML Helpers
 
 .. module:: werkzeug.utils
 
-.. autoclass:: HTMLBuilder
-
 .. autofunction:: escape
 
 .. autofunction:: unescape
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index a2a55e1db..dfe89d274 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -9,7 +9,6 @@
 import unicodedata
 import warnings
 from datetime import datetime
-from html.entities import name2codepoint
 from time import time
 from zlib import adler32
 
@@ -137,143 +136,6 @@ def lookup(self, obj: t.Union["Request", "Response"]) -> Headers:
         return obj.headers
 
 
-class HTMLBuilder:
-    """Helper object for HTML generation.
-
-    Per default there are two instances of that class.  The `html` one, and
-    the `xhtml` one for those two dialects.  The class uses keyword parameters
-    and positional parameters to generate small snippets of HTML.
-
-    Keyword parameters are converted to XML/SGML attributes, positional
-    arguments are used as children.  Because Python accepts positional
-    arguments before keyword arguments it's a good idea to use a list with the
-    star-syntax for some children:
-
-    >>> html.p(class_='foo', *[html.a('foo', href='foo.html'), ' ',
-    ...                        html.a('bar', href='bar.html')])
-    '
    foo bar
    '
-
-    This class works around some browser limitations and can not be used for
-    arbitrary SGML/XML generation.  For that purpose lxml and similar
-    libraries exist.
-
-    Calling the builder escapes the string passed:
-
-    >>> html.p(html(""))
-    '
    <foo>
    '
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1.
-    """
-
-    _entity_re = re.compile(r"&([^;]+);")
-    _entities = name2codepoint.copy()
-    _entities["apos"] = 39
-    _empty_elements = {
-        "area",
-        "base",
-        "basefont",
-        "br",
-        "col",
-        "command",
-        "embed",
-        "frame",
-        "hr",
-        "img",
-        "input",
-        "keygen",
-        "isindex",
-        "link",
-        "meta",
-        "param",
-        "source",
-        "wbr",
-    }
-    _boolean_attributes = {
-        "selected",
-        "checked",
-        "compact",
-        "declare",
-        "defer",
-        "disabled",
-        "ismap",
-        "multiple",
-        "nohref",
-        "noresize",
-        "noshade",
-        "nowrap",
-    }
-    _plaintext_elements = {"textarea"}
-    _c_like_cdata = {"script", "style"}
-
-    def __init__(self, dialect):  # type: ignore
-        self._dialect = dialect
-
-    def __call__(self, s):  # type: ignore
-        import html
-
-        warnings.warn(
-            "'utils.HTMLBuilder' is deprecated and will be removed in Werkzeug 2.1.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        return html.escape(s)
-
-    def __getattr__(self, tag):  # type: ignore
-        import html
-
-        warnings.warn(
-            "'utils.HTMLBuilder' is deprecated and will be removed in Werkzeug 2.1.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        if tag[:2] == "__":
-            raise AttributeError(tag)
-
-        def proxy(*children, **arguments):  # type: ignore
-            buffer = f"<{tag}"
-            for key, value in arguments.items():
-                if value is None:
-                    continue
-                if key[-1] == "_":
-                    key = key[:-1]
-                if key in self._boolean_attributes:
-                    if not value:
-                        continue
-                    if self._dialect == "xhtml":
-                        value = f'="{key}"'
-                    else:
-                        value = ""
-                else:
-                    value = f'="{html.escape(value)}"'
-                buffer += f" {key}{value}"
-            if not children and tag in self._empty_elements:
-                if self._dialect == "xhtml":
-                    buffer += " />"
-                else:
-                    buffer += ">"
-                return buffer
-            buffer += ">"
-
-            children_as_string = "".join([str(x) for x in children if x is not None])
-
-            if children_as_string:
-                if tag in self._plaintext_elements:
-                    children_as_string = html.escape(children_as_string)
-                elif tag in self._c_like_cdata and self._dialect == "xhtml":
-                    children_as_string = f"/**/"
-            buffer += children_as_string + f""
-            return buffer
-
-        return proxy
-
-    def __repr__(self) -> str:
-        return f"<{type(self).__name__} for {self._dialect!r}>"
-
-
-html = HTMLBuilder("html")
-xhtml = HTMLBuilder("xhtml")
-
 # https://cgit.freedesktop.org/xdg/shared-mime-info/tree/freedesktop.org.xml.in
 # https://www.iana.org/assignments/media-types/media-types.xhtml
 # Types listed in the XDG mime info that have a charset in the IANA registration.

From ee63ecb011639378223a882317051b792821cdc2 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 19:09:51 -0700
Subject: [PATCH 542/733] remove deprecated bind_arguments and
 validate_arguments

---
 CHANGES.rst               |   2 +
 docs/utils.rst            |   4 --
 src/werkzeug/_internal.py |  78 ----------------------
 src/werkzeug/utils.py     | 134 --------------------------------------
 4 files changed, 2 insertions(+), 216 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 6d0930794..21fbb300c 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -37,6 +37,8 @@ Unreleased
     -   Remove the ``HTMLBuilder`` class.
     -   Remove the ``invalidate_cached_property`` function. Use
         ``del obj.attr`` instead.
+    -   Remove ``bind_arguments`` and ``validate_arguments``. Use
+        :meth:`Signature.bind` and :func:`inspect.signature` instead.
 
 -   Default values passed to ``Headers`` are validated the same way
     values added later are. :issue:`1608`
diff --git a/docs/utils.rst b/docs/utils.rst
index f4f668146..c45e1ddad 100644
--- a/docs/utils.rst
+++ b/docs/utils.rst
@@ -35,12 +35,8 @@ General Helpers
 
 .. autofunction:: find_modules
 
-.. autofunction:: validate_arguments
-
 .. autofunction:: secure_filename
 
-.. autofunction:: bind_arguments
-
 
 URL Helpers
 ===========
diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
index 7d33563ec..ca583cbf6 100644
--- a/src/werkzeug/_internal.py
+++ b/src/werkzeug/_internal.py
@@ -1,4 +1,3 @@
-import inspect
 import logging
 import operator
 import re
@@ -225,83 +224,6 @@ def _log(type: str, message: str, *args: t.Any, **kwargs: t.Any) -> None:
     getattr(_logger, type)(message.rstrip(), *args, **kwargs)
 
 
-def _parse_signature(func):  # type: ignore
-    """Return a signature object for the function.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1 along with ``utils.bind`` and
-        ``validate_arguments``.
-    """
-    # if we have a cached validator for this function, return it
-    parse = _signature_cache.get(func)
-    if parse is not None:
-        return parse
-
-    # inspect the function signature and collect all the information
-    tup = inspect.getfullargspec(func)
-    positional, vararg_var, kwarg_var, defaults = tup[:4]
-    defaults = defaults or ()
-    arg_count = len(positional)
-    arguments = []
-    for idx, name in enumerate(positional):
-        if isinstance(name, list):
-            raise TypeError(
-                "cannot parse functions that unpack tuples in the function signature"
-            )
-        try:
-            default = defaults[idx - arg_count]
-        except IndexError:
-            param = (name, False, None)
-        else:
-            param = (name, True, default)
-        arguments.append(param)
-    arguments = tuple(arguments)
-
-    def parse(args, kwargs):  # type: ignore
-        new_args = []
-        missing = []
-        extra = {}
-
-        # consume as many arguments as positional as possible
-        for idx, (name, has_default, default) in enumerate(arguments):
-            try:
-                new_args.append(args[idx])
-            except IndexError:
-                try:
-                    new_args.append(kwargs.pop(name))
-                except KeyError:
-                    if has_default:
-                        new_args.append(default)
-                    else:
-                        missing.append(name)
-            else:
-                if name in kwargs:
-                    extra[name] = kwargs.pop(name)
-
-        # handle extra arguments
-        extra_positional = args[arg_count:]
-        if vararg_var is not None:
-            new_args.extend(extra_positional)
-            extra_positional = ()
-        if kwargs and kwarg_var is None:
-            extra.update(kwargs)
-            kwargs = {}
-
-        return (
-            new_args,
-            kwargs,
-            missing,
-            extra,
-            extra_positional,
-            arguments,
-            vararg_var,
-            kwarg_var,
-        )
-
-    _signature_cache[func] = parse
-    return parse
-
-
 @typing.overload
 def _dt_as_utc(dt: None) -> None:
     ...
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index dfe89d274..9731d166c 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -14,7 +14,6 @@
 
 from ._internal import _DictAccessorProperty
 from ._internal import _missing
-from ._internal import _parse_signature
 from ._internal import _TAccessorValue
 from .datastructures import Headers
 from .exceptions import NotFound
@@ -752,139 +751,6 @@ def find_modules(
             yield modname
 
 
-def validate_arguments(func, args, kwargs, drop_extra=True):  # type: ignore
-    """Checks if the function accepts the arguments and keyword arguments.
-    Returns a new ``(args, kwargs)`` tuple that can safely be passed to
-    the function without causing a `TypeError` because the function signature
-    is incompatible.  If `drop_extra` is set to `True` (which is the default)
-    any extra positional or keyword arguments are dropped automatically.
-
-    The exception raised provides three attributes:
-
-    `missing`
-        A set of argument names that the function expected but where
-        missing.
-
-    `extra`
-        A dict of keyword arguments that the function can not handle but
-        where provided.
-
-    `extra_positional`
-        A list of values that where given by positional argument but the
-        function cannot accept.
-
-    This can be useful for decorators that forward user submitted data to
-    a view function::
-
-        from werkzeug.utils import ArgumentValidationError, validate_arguments
-
-        def sanitize(f):
-            def proxy(request):
-                data = request.values.to_dict()
-                try:
-                    args, kwargs = validate_arguments(f, (request,), data)
-                except ArgumentValidationError:
-                    raise BadRequest('The browser failed to transmit all '
-                                     'the data expected.')
-                return f(*args, **kwargs)
-            return proxy
-
-    :param func: the function the validation is performed against.
-    :param args: a tuple of positional arguments.
-    :param kwargs: a dict of keyword arguments.
-    :param drop_extra: set to `False` if you don't want extra arguments
-                       to be silently dropped.
-    :return: tuple in the form ``(args, kwargs)``.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Use :func:`inspect.signature`
-        instead.
-    """
-    warnings.warn(
-        "'utils.validate_arguments' is deprecated and will be removed"
-        " in Werkzeug 2.1. Use 'inspect.signature' instead.",
-        DeprecationWarning,
-        stacklevel=2,
-    )
-    parser = _parse_signature(func)
-    args, kwargs, missing, extra, extra_positional = parser(args, kwargs)[:5]
-    if missing:
-        raise ArgumentValidationError(tuple(missing))
-    elif (extra or extra_positional) and not drop_extra:
-        raise ArgumentValidationError(None, extra, extra_positional)
-    return tuple(args), kwargs
-
-
-def bind_arguments(func, args, kwargs):  # type: ignore
-    """Bind the arguments provided into a dict.  When passed a function,
-    a tuple of arguments and a dict of keyword arguments `bind_arguments`
-    returns a dict of names as the function would see it.  This can be useful
-    to implement a cache decorator that uses the function arguments to build
-    the cache key based on the values of the arguments.
-
-    :param func: the function the arguments should be bound for.
-    :param args: tuple of positional arguments.
-    :param kwargs: a dict of keyword arguments.
-    :return: a :class:`dict` of bound keyword arguments.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Use :meth:`Signature.bind`
-        instead.
-    """
-    warnings.warn(
-        "'utils.bind_arguments' is deprecated and will be removed in"
-        " Werkzeug 2.1. Use 'Signature.bind' instead.",
-        DeprecationWarning,
-        stacklevel=2,
-    )
-    (
-        args,
-        kwargs,
-        missing,
-        extra,
-        extra_positional,
-        arg_spec,
-        vararg_var,
-        kwarg_var,
-    ) = _parse_signature(func)(args, kwargs)
-    values = {}
-    for (name, _has_default, _default), value in zip(arg_spec, args):
-        values[name] = value
-    if vararg_var is not None:
-        values[vararg_var] = tuple(extra_positional)
-    elif extra_positional:
-        raise TypeError("too many positional arguments")
-    if kwarg_var is not None:
-        multikw = set(extra) & {x[0] for x in arg_spec}
-        if multikw:
-            raise TypeError(
-                f"got multiple values for keyword argument {next(iter(multikw))!r}"
-            )
-        values[kwarg_var] = extra
-    elif extra:
-        raise TypeError(f"got unexpected keyword argument {next(iter(extra))!r}")
-    return values
-
-
-class ArgumentValidationError(ValueError):
-    """Raised if :func:`validate_arguments` fails to validate
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1 along with ``utils.bind`` and
-        ``validate_arguments``.
-    """
-
-    def __init__(self, missing=None, extra=None, extra_positional=None):  # type: ignore
-        self.missing = set(missing or ())
-        self.extra = extra or {}
-        self.extra_positional = extra_positional or []
-        super().__init__(
-            "function arguments invalid."
-            f" ({len(self.missing)} missing,"
-            f" {len(self.extra) + len(self.extra_positional)} additional)"
-        )
-
-
 class ImportStringError(ImportError):
     """Provides information about a failed :func:`import_string` attempt."""
 

From d13625aaa37d99530c2c2ddf80bf8a35e792dbf7 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 19:11:34 -0700
Subject: [PATCH 543/733] remove deprecated detect_utf_encoding

---
 CHANGES.rst           |  1 +
 src/werkzeug/utils.py | 58 -------------------------------------------
 2 files changed, 1 insertion(+), 58 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 21fbb300c..c51ff509e 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -39,6 +39,7 @@ Unreleased
         ``del obj.attr`` instead.
     -   Remove ``bind_arguments`` and ``validate_arguments``. Use
         :meth:`Signature.bind` and :func:`inspect.signature` instead.
+    -   Remove ``detect_utf_encoding``, it's built-in to ``json.loads``.
 
 -   Default values passed to ``Headers`` are validated the same way
     values added later are. :issue:`1608`
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index 9731d166c..5afe34c3a 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -1,4 +1,3 @@
-import codecs
 import io
 import mimetypes
 import os
@@ -173,63 +172,6 @@ def get_content_type(mimetype: str, charset: str) -> str:
     return mimetype
 
 
-def detect_utf_encoding(data: bytes) -> str:
-    """Detect which UTF encoding was used to encode the given bytes.
-
-    The latest JSON standard (:rfc:`8259`) suggests that only UTF-8 is
-    accepted. Older documents allowed 8, 16, or 32. 16 and 32 can be big
-    or little endian. Some editors or libraries may prepend a BOM.
-
-    :internal:
-
-    :param data: Bytes in unknown UTF encoding.
-    :return: UTF encoding name
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. This is built in to
-        :func:`json.loads`.
-
-    .. versionadded:: 0.15
-    """
-    warnings.warn(
-        "'detect_utf_encoding' is deprecated and will be removed in"
-        " Werkzeug 2.1. This is built in to 'json.loads'.",
-        DeprecationWarning,
-        stacklevel=2,
-    )
-    head = data[:4]
-
-    if head[:3] == codecs.BOM_UTF8:
-        return "utf-8-sig"
-
-    if b"\x00" not in head:
-        return "utf-8"
-
-    if head in (codecs.BOM_UTF32_BE, codecs.BOM_UTF32_LE):
-        return "utf-32"
-
-    if head[:2] in (codecs.BOM_UTF16_BE, codecs.BOM_UTF16_LE):
-        return "utf-16"
-
-    if len(head) == 4:
-        if head[:3] == b"\x00\x00\x00":
-            return "utf-32-be"
-
-        if head[::2] == b"\x00\x00":
-            return "utf-16-be"
-
-        if head[1:] == b"\x00\x00\x00":
-            return "utf-32-le"
-
-        if head[1::2] == b"\x00\x00":
-            return "utf-16-le"
-
-    if len(head) == 2:
-        return "utf-16-be" if head.startswith(b"\x00") else "utf-16-le"
-
-    return "utf-8"
-
-
 def format_string(string: str, context: t.Mapping[str, t.Any]) -> str:
     """String-template format a string:
 

From 70fc80133f6ee538b2c1b27a5f0ca860e340f1e6 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 19:13:36 -0700
Subject: [PATCH 544/733] remove deprecated format_string

---
 CHANGES.rst           |  1 +
 src/werkzeug/utils.py | 26 --------------------------
 2 files changed, 1 insertion(+), 26 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index c51ff509e..cafd06124 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -40,6 +40,7 @@ Unreleased
     -   Remove ``bind_arguments`` and ``validate_arguments``. Use
         :meth:`Signature.bind` and :func:`inspect.signature` instead.
     -   Remove ``detect_utf_encoding``, it's built-in to ``json.loads``.
+    -   Remove ``format_string``, use :class:`string.Template` instead.
 
 -   Default values passed to ``Headers`` are validated the same way
     values added later are. :issue:`1608`
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index 5afe34c3a..3e4652bfa 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -172,32 +172,6 @@ def get_content_type(mimetype: str, charset: str) -> str:
     return mimetype
 
 
-def format_string(string: str, context: t.Mapping[str, t.Any]) -> str:
-    """String-template format a string:
-
-    >>> format_string('$foo and ${foo}s', dict(foo=42))
-    '42 and 42s'
-
-    This does not do any attribute lookup.
-
-    :param string: the format string.
-    :param context: a dict with the variables to insert.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Use :class:`string.Template`
-        instead.
-    """
-    from string import Template
-
-    warnings.warn(
-        "'utils.format_string' is deprecated and will be removed in"
-        " Werkzeug 2.1. Use 'string.Template' instead.",
-        DeprecationWarning,
-        stacklevel=2,
-    )
-    return Template(string).substitute(context)
-
-
 def secure_filename(filename: str) -> str:
     r"""Pass it a filename and it will return a secure version of it.  This
     filename can then safely be stored on a regular file system and passed

From 22d1e9ac13829b83347107a9b4d77072a8e1af6a Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 19:17:46 -0700
Subject: [PATCH 545/733] remove deprecated escape and unescape

---
 CHANGES.rst           |  1 +
 docs/utils.rst        |  8 -------
 src/werkzeug/utils.py | 49 -------------------------------------------
 3 files changed, 1 insertion(+), 57 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index cafd06124..dc014e0d7 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -41,6 +41,7 @@ Unreleased
         :meth:`Signature.bind` and :func:`inspect.signature` instead.
     -   Remove ``detect_utf_encoding``, it's built-in to ``json.loads``.
     -   Remove ``format_string``, use :class:`string.Template` instead.
+    -   Remove ``escape`` and ``unescape``. Use MarkupSafe instead.
 
 -   Default values passed to ``Headers`` are validated the same way
     values added later are. :issue:`1608`
diff --git a/docs/utils.rst b/docs/utils.rst
index c45e1ddad..0d4e3391c 100644
--- a/docs/utils.rst
+++ b/docs/utils.rst
@@ -4,16 +4,8 @@ Utilities
 
 Various utility functions shipped with Werkzeug.
 
-
-HTML Helpers
-============
-
 .. module:: werkzeug.utils
 
-.. autofunction:: escape
-
-.. autofunction:: unescape
-
 
 General Helpers
 ===============
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index 3e4652bfa..c13ab586d 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -6,7 +6,6 @@
 import sys
 import typing as t
 import unicodedata
-import warnings
 from datetime import datetime
 from time import time
 from zlib import adler32
@@ -219,54 +218,6 @@ def secure_filename(filename: str) -> str:
     return filename
 
 
-def escape(s: t.Any) -> str:
-    """Replace ``&``, ``<``, ``>``, ``"``, and ``'`` with HTML-safe
-    sequences.
-
-    ``None`` is escaped to an empty string.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Use MarkupSafe instead.
-    """
-    import html
-
-    warnings.warn(
-        "'utils.escape' is deprecated and will be removed in Werkzeug"
-        " 2.1. Use MarkupSafe instead.",
-        DeprecationWarning,
-        stacklevel=2,
-    )
-
-    if s is None:
-        return ""
-
-    if hasattr(s, "__html__"):
-        return s.__html__()  # type: ignore
-
-    if not isinstance(s, str):
-        s = str(s)
-
-    return html.escape(s, quote=True)  # type: ignore
-
-
-def unescape(s: str) -> str:
-    """The reverse of :func:`escape`. This unescapes all the HTML
-    entities, not only those inserted by ``escape``.
-
-    .. deprecated:: 2.0
-        Will be removed in Werkzeug 2.1. Use MarkupSafe instead.
-    """
-    import html
-
-    warnings.warn(
-        "'utils.unescape' is deprecated and will be removed in Werkzueg"
-        " 2.1. Use MarkupSafe instead.",
-        DeprecationWarning,
-        stacklevel=2,
-    )
-    return html.unescape(s)
-
-
 def redirect(
     location: str, code: int = 302, Response: t.Optional[t.Type["Response"]] = None
 ) -> "Response":

From 97e5c11ba698b55c07b10532f8e3482ba894b543 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 20:12:24 -0700
Subject: [PATCH 546/733] drop Python 3.6

---
 .github/workflows/tests.yaml |  1 -
 .pre-commit-config.yaml      |  2 +-
 CHANGES.rst                  |  1 +
 docs/installation.rst        |  2 +-
 setup.cfg                    |  4 +--
 setup.py                     |  1 -
 tests/test_local.py          | 58 ++++--------------------------------
 tests/test_serving.py        |  1 -
 8 files changed, 10 insertions(+), 60 deletions(-)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 4e48dd9cd..e6ef91fbd 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -31,7 +31,6 @@ jobs:
           - {name: '3.9', python: '3.9', os: ubuntu-latest, tox: py39}
           - {name: '3.8', python: '3.8', os: ubuntu-latest, tox: py38}
           - {name: '3.7', python: '3.7', os: ubuntu-latest, tox: py37}
-          - {name: '3.6', python: '3.6', os: ubuntu-latest, tox: py36}
           - {name: 'PyPy', python: 'pypy-3.7', os: ubuntu-latest, tox: pypy37}
           - {name: Typing, python: '3.10', os: ubuntu-latest, tox: typing}
     steps:
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index a63d8e0d3..68e698291 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -5,7 +5,7 @@ repos:
     rev: v2.29.0
     hooks:
       - id: pyupgrade
-        args: ["--py36-plus"]
+        args: ["--py37-plus"]
   - repo: https://github.com/asottile/reorder_python_imports
     rev: v2.6.0
     hooks:
diff --git a/CHANGES.rst b/CHANGES.rst
index dc014e0d7..3295e050f 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -5,6 +5,7 @@ Version 2.1.0
 
 Unreleased
 
+-   Drop support for Python 3.6. :pr:`2277`
 -   Remove previously deprecated code. :pr:`2276`
 
     -   Remove the non-standard ``shutdown`` function from the WSGI
diff --git a/docs/installation.rst b/docs/installation.rst
index 1c6d3f748..962e6dcb9 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -6,7 +6,7 @@ Python Version
 --------------
 
 We recommend using the latest version of Python. Werkzeug supports
-Python 3.6 and newer.
+Python 3.7 and newer.
 
 
 Dependencies
diff --git a/setup.cfg b/setup.cfg
index 47c5426cd..664ca3848 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -35,7 +35,7 @@ classifiers =
 packages = find:
 package_dir = = src
 include_package_data = true
-python_requires = >= 3.6
+python_requires = >= 3.7
 # Dependencies are in setup.py for GitHub's dependency graph.
 
 [options.packages.find]
@@ -86,7 +86,7 @@ per-file-ignores =
 
 [mypy]
 files = src/werkzeug
-python_version = 3.6
+python_version = 3.7
 allow_redefinition = True
 disallow_subclassing_any = True
 # disallow_untyped_calls = True
diff --git a/setup.py b/setup.py
index 4c31c98f8..1126fea39 100644
--- a/setup.py
+++ b/setup.py
@@ -3,6 +3,5 @@
 # Metadata goes in setup.cfg. These are here for GitHub's dependency graph.
 setup(
     name="Werkzeug",
-    install_requires=["dataclasses; python_version < '3.7'"],
     extras_require={"watchdog": ["watchdog"]},
 )
diff --git a/tests/test_local.py b/tests/test_local.py
index b5c392890..0d99cf58b 100644
--- a/tests/test_local.py
+++ b/tests/test_local.py
@@ -2,7 +2,6 @@
 import copy
 import math
 import operator
-import sys
 import time
 from functools import partial
 from threading import Thread
@@ -12,18 +11,6 @@
 from werkzeug import local
 
 
-if sys.version_info < (3, 7):
-
-    def run_async(coro):
-        return asyncio.get_event_loop().run_until_complete(coro)
-
-
-else:
-
-    def run_async(coro):
-        return asyncio.run(coro)
-
-
 def test_basic_local():
     ns = local.Local()
     ns.foo = 0
@@ -52,10 +39,6 @@ def delfoo():
     local.release_local(ns)
 
 
-@pytest.mark.skipif(
-    sys.version_info < (3, 7),
-    reason="Locals are not task local in Python 3.6",
-)
 def test_basic_local_asyncio():
     ns = local.Local()
     ns.foo = 0
@@ -71,7 +54,7 @@ async def main():
         futures = [asyncio.ensure_future(value_setter(i)) for i in [1, 2, 3]]
         await asyncio.gather(*futures)
 
-    run_async(main())
+    asyncio.run(main())
     assert sorted(values) == [1, 2, 3]
 
     def delfoo():
@@ -120,10 +103,6 @@ def test_local_stack():
     assert repr(proxy) == ""
 
 
-@pytest.mark.skipif(
-    sys.version_info < (3, 7),
-    reason="Locals are not task local in Python 3.6",
-)
 def test_local_stack_asyncio():
     ls = local.LocalStack()
     ls.push(1)
@@ -136,34 +115,7 @@ async def main():
         futures = [asyncio.ensure_future(task()) for _ in range(3)]
         await asyncio.gather(*futures)
 
-    run_async(main())
-
-
-@pytest.mark.skipif(
-    sys.version_info > (3, 6),
-    reason="The ident is not supported in  Python3.7 or higher",
-)
-def test_custom_idents():
-    ident = 0
-    ns = local.Local()
-    stack = local.LocalStack()
-    local.LocalManager([ns, stack], ident_func=lambda: ident)
-
-    ns.foo = 42
-    stack.push({"foo": 42})
-    ident = 1
-    ns.foo = 23
-    stack.push({"foo": 23})
-    ident = 0
-    assert ns.foo == 42
-    assert stack.top["foo"] == 42
-    stack.pop()
-    assert stack.top is None
-    ident = 1
-    assert ns.foo == 23
-    assert stack.top["foo"] == 23
-    stack.pop()
-    assert stack.top is None
+    asyncio.run(main())
 
 
 def test_proxy_local():
@@ -587,7 +539,7 @@ async def get():
     async def main():
         return await p
 
-    out = run_async(main())
+    out = asyncio.run(main())
     assert out == 1
 
 
@@ -615,7 +567,7 @@ async def main():
 
         return out
 
-    out = run_async(main())
+    out = asyncio.run(main())
     assert out == [2, 1, 0]
 
 
@@ -639,4 +591,4 @@ async def main():
         assert p.value == 2
         return True
 
-    assert run_async(main())
+    assert asyncio.run(main())
diff --git a/tests/test_serving.py b/tests/test_serving.py
index 609eb1635..8d6ed9b23 100644
--- a/tests/test_serving.py
+++ b/tests/test_serving.py
@@ -159,7 +159,6 @@ def test_port_is_int():
 
 @pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning")
 @pytest.mark.parametrize("send_length", [False, True])
-@pytest.mark.skipif(sys.version_info < (3, 7), reason="requires Python >= 3.7")
 def test_chunked_encoding(monkeypatch, dev_server, send_length):
     stream, length, boundary = stream_encode_multipart(
         {

From ce09ed71c9df55fe3579317e239833cca372efa7 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 5 Nov 2021 20:13:07 -0700
Subject: [PATCH 547/733] remove python 3.6 compat for shared data

---
 src/werkzeug/middleware/shared_data.py | 87 ++++++++------------------
 1 file changed, 26 insertions(+), 61 deletions(-)

diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py
index 62da67277..ac7f68715 100644
--- a/src/werkzeug/middleware/shared_data.py
+++ b/src/werkzeug/middleware/shared_data.py
@@ -158,77 +158,42 @@ def get_file_loader(self, filename: str) -> _TLoader:
     def get_package_loader(self, package: str, package_path: str) -> _TLoader:
         load_time = datetime.now(timezone.utc)
         provider = pkgutil.get_loader(package)
+        reader = provider.get_resource_reader(package)  # type: ignore
 
-        if hasattr(provider, "get_resource_reader"):
-            # Python 3
-            reader = provider.get_resource_reader(package)  # type: ignore
+        def loader(
+            path: t.Optional[str],
+        ) -> t.Tuple[t.Optional[str], t.Optional[_TOpener]]:
+            if path is None:
+                return None, None
 
-            def loader(
-                path: t.Optional[str],
-            ) -> t.Tuple[t.Optional[str], t.Optional[_TOpener]]:
-                if path is None:
-                    return None, None
+            path = safe_join(package_path, path)
 
-                path = safe_join(package_path, path)
+            if path is None:
+                return None, None
 
-                if path is None:
-                    return None, None
+            basename = posixpath.basename(path)
 
-                basename = posixpath.basename(path)
-
-                try:
-                    resource = reader.open_resource(path)
-                except OSError:
-                    return None, None
-
-                if isinstance(resource, BytesIO):
-                    return (
-                        basename,
-                        lambda: (resource, load_time, len(resource.getvalue())),
-                    )
+            try:
+                resource = reader.open_resource(path)
+            except OSError:
+                return None, None
 
+            if isinstance(resource, BytesIO):
                 return (
                     basename,
-                    lambda: (
-                        resource,
-                        datetime.fromtimestamp(
-                            os.path.getmtime(resource.name), tz=timezone.utc
-                        ),
-                        os.path.getsize(resource.name),
-                    ),
+                    lambda: (resource, load_time, len(resource.getvalue())),
                 )
 
-        else:
-            # Python 3.6
-            package_filename = provider.get_filename(package)  # type: ignore
-            is_filesystem = os.path.exists(package_filename)
-            root = os.path.join(os.path.dirname(package_filename), package_path)
-
-            def loader(
-                path: t.Optional[str],
-            ) -> t.Tuple[t.Optional[str], t.Optional[_TOpener]]:
-                if path is None:
-                    return None, None
-
-                path = safe_join(root, path)
-
-                if path is None:
-                    return None, None
-
-                basename = posixpath.basename(path)
-
-                if is_filesystem:
-                    if not os.path.isfile(path):
-                        return None, None
-
-                    return basename, self._opener(path)
-
-                try:
-                    data = provider.get_data(path)  # type: ignore
-                except OSError:
-                    return None, None
-
-                return basename, lambda: (BytesIO(data), load_time, len(data))
+            return (
+                basename,
+                lambda: (
+                    resource,
+                    datetime.fromtimestamp(
+                        os.path.getmtime(resource.name), tz=timezone.utc
+                    ),
+                    os.path.getsize(resource.name),
+                ),
+            )
 
         return loader
 

From fe7a3f63e348d411aafcfb66ecb030002d706633 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Sun, 7 Nov 2021 09:24:55 -0800
Subject: [PATCH 548/733] ignore greenlet on 3.11 CI for now

---
 requirements/dev.txt   | 2 +-
 requirements/tests.in  | 2 +-
 requirements/tests.txt | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index dc9958797..51bf03a90 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -32,7 +32,7 @@ filelock==3.3.2
     # via
     #   tox
     #   virtualenv
-greenlet==1.1.2
+greenlet==1.1.2 ; python_version < "3.11"
     # via -r requirements/tests.in
 identify==2.3.3
     # via pre-commit
diff --git a/requirements/tests.in b/requirements/tests.in
index d75196c77..67ed327ae 100644
--- a/requirements/tests.in
+++ b/requirements/tests.in
@@ -2,5 +2,5 @@ pytest
 pytest-timeout
 pytest-xprocess
 cryptography
-greenlet
+greenlet ; python_version < "3.11"
 watchdog
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 2510f0b48..3432ad229 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -10,7 +10,7 @@ cffi==1.15.0
     # via cryptography
 cryptography==35.0.0
     # via -r requirements/tests.in
-greenlet==1.1.2
+greenlet==1.1.2 ; python_version < "3.11"
     # via -r requirements/tests.in
 iniconfig==1.1.1
     # via pytest

From 8eb6d0db5ba44e29765c7e88cdaf902382086f69 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Sun, 7 Nov 2021 08:47:02 -0800
Subject: [PATCH 549/733] remove contextvars compat

requires greenlet>=1.0 or PyPy>=7.3.7
---
 CHANGES.rst           |  3 ++
 docs/installation.rst | 12 ++++++++
 src/werkzeug/local.py | 66 ++-----------------------------------------
 3 files changed, 17 insertions(+), 64 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 3295e050f..3f979f322 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -6,6 +6,9 @@ Version 2.1.0
 Unreleased
 
 -   Drop support for Python 3.6. :pr:`2277`
+-   Using gevent or eventlet requires greenlet>=1.0 or PyPy>=7.3.7.
+    ``werkzeug.locals`` and ``contextvars`` will not work correctly with
+    older versions. :pr:`2278`
 -   Remove previously deprecated code. :pr:`2276`
 
     -   Remove the non-standard ``shutdown`` function from the WSGI
diff --git a/docs/installation.rst b/docs/installation.rst
index 962e6dcb9..9c5aa7f72 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -31,6 +31,18 @@ detect and use them if you install them.
 .. _Watchdog: https://pypi.org/project/watchdog/
 
 
+greenlet
+~~~~~~~~
+
+You may choose to use gevent or eventlet with your application. In this
+case, greenlet>=1.0 is required. When using PyPy, PyPy>=7.3.7 is
+required.
+
+These are not minimum supported versions, they only indicate the first
+versions that added necessary features. You should use the latest
+versions of each.
+
+
 Virtual environments
 --------------------
 
diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index 724297f04..de2e12451 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -1,8 +1,8 @@
 import copy
 import math
 import operator
-import sys
 import typing as t
+from contextvars import ContextVar
 from functools import partial
 from functools import update_wrapper
 
@@ -15,68 +15,6 @@
 
 F = t.TypeVar("F", bound=t.Callable[..., t.Any])
 
-try:
-    from greenlet import getcurrent as _get_ident
-except ImportError:
-    from threading import get_ident as _get_ident
-
-
-class _CannotUseContextVar(Exception):
-    pass
-
-
-try:
-    from contextvars import ContextVar
-
-    if "gevent" in sys.modules or "eventlet" in sys.modules:
-        # Both use greenlet, so first check it has patched
-        # ContextVars, Greenlet <0.4.17 does not.
-        import greenlet
-
-        greenlet_patched = getattr(greenlet, "GREENLET_USE_CONTEXT_VARS", False)
-
-        if not greenlet_patched:
-            # If Gevent is used, check it has patched ContextVars,
-            # <20.5 does not.
-            try:
-                from gevent.monkey import is_object_patched
-            except ImportError:
-                # Gevent isn't used, but Greenlet is and hasn't patched
-                raise _CannotUseContextVar() from None
-            else:
-                if is_object_patched("threading", "local") and not is_object_patched(
-                    "contextvars", "ContextVar"
-                ):
-                    raise _CannotUseContextVar()
-
-    def __release_local__(storage: t.Any) -> None:
-        # Can remove when support for non-stdlib ContextVars is
-        # removed, see "Fake" version below.
-        storage.set({})
-
-
-except (ImportError, _CannotUseContextVar):
-
-    class ContextVar:  # type: ignore
-        """A fake ContextVar based on the previous greenlet/threading
-        ident function. Used on Python 3.6, eventlet, and old versions
-        of gevent.
-        """
-
-        def __init__(self, _name: str) -> None:
-            self.storage: t.Dict[int, t.Dict[str, t.Any]] = {}
-
-        def get(self, default: t.Dict[str, t.Any]) -> t.Dict[str, t.Any]:
-            return self.storage.get(_get_ident(), default)
-
-        def set(self, value: t.Dict[str, t.Any]) -> None:
-            self.storage[_get_ident()] = value
-
-    def __release_local__(storage: t.Any) -> None:
-        # Special version to ensure that the storage is cleaned up on
-        # release.
-        storage.storage.pop(_get_ident(), None)
-
 
 def release_local(local: t.Union["Local", "LocalStack"]) -> None:
     """Releases the contents of the local for the current context.
@@ -115,7 +53,7 @@ def __call__(self, proxy: str) -> "LocalProxy":
         return LocalProxy(self, proxy)
 
     def __release_local__(self) -> None:
-        __release_local__(self._storage)
+        self._storage.set({})
 
     def __getattr__(self, name: str) -> t.Any:
         values = self._storage.get({})

From 64494dc6d36c90695f1cd9cfe9f194f2d5020e71 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Sun, 7 Nov 2021 08:48:33 -0800
Subject: [PATCH 550/733] fix resource warning in test on pypy3.8

---
 tests/test_datastructures.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/tests/test_datastructures.py b/tests/test_datastructures.py
index a46599fd8..06706b6bf 100644
--- a/tests/test_datastructures.py
+++ b/tests/test_datastructures.py
@@ -1162,13 +1162,15 @@ def test_proxy_can_access_stream_attrs(self, stream):
         for name in ("fileno", "writable", "readable", "seekable"):
             assert hasattr(file_storage, name)
 
-    @pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning")
     def test_save_to_pathlib_dst(self, tmp_path):
         src = tmp_path / "src.txt"
         src.write_text("test")
-        storage = self.storage_class(src.open("rb"))
         dst = tmp_path / "dst.txt"
-        storage.save(dst)
+
+        with src.open("rb") as f:
+            storage = self.storage_class(f)
+            storage.save(dst)
+
         assert dst.read_text() == "test"
 
     def test_save_to_bytes_io(self):

From afab0afca48e42642b135c11ed291e5c9b9a712a Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Sun, 7 Nov 2021 11:52:23 -0800
Subject: [PATCH 551/733] clearer error message when ssl is not available

---
 src/werkzeug/serving.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 197b6fb9a..dac7467a5 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -39,7 +39,10 @@
 
     class _SslDummy:
         def __getattr__(self, name: str) -> t.Any:
-            raise RuntimeError("SSL support unavailable")  # noqa: B904
+            raise RuntimeError(  # noqa: B904
+                "SSL is unavailable because this Python was not"
+                " compiled with SSL support."
+            )
 
     ssl = _SslDummy()  # type: ignore
 

From ff943116c609ab815734770f0209f27cbae85abb Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Sun, 7 Nov 2021 12:36:29 -0800
Subject: [PATCH 552/733] more ssl error message

---
 src/werkzeug/serving.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index dac7467a5..f6f4389c6 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -40,8 +40,8 @@
     class _SslDummy:
         def __getattr__(self, name: str) -> t.Any:
             raise RuntimeError(  # noqa: B904
-                "SSL is unavailable because this Python was not"
-                " compiled with SSL support."
+                "SSL is unavailable because this Python runtime was not"
+                " compiled with SSL/TLS support."
             )
 
     ssl = _SslDummy()  # type: ignore

From dede904a9fdbc455a38c35768f80881af905f958 Mon Sep 17 00:00:00 2001
From: Scott Talbert 
Date: Wed, 10 Nov 2021 12:17:20 -0500
Subject: [PATCH 553/733] Remove executable bit for example scripts

The shebangs were removed in 13e8428, leaving these as executable but with no
interpreter.
---
 examples/manage-coolmagic.py  | 0
 examples/manage-couchy.py     | 0
 examples/manage-cupoftee.py   | 0
 examples/manage-i18nurls.py   | 0
 examples/manage-plnt.py       | 0
 examples/manage-shorty.py     | 0
 examples/manage-simplewiki.py | 0
 examples/manage-webpylike.py  | 0
 8 files changed, 0 insertions(+), 0 deletions(-)
 mode change 100755 => 100644 examples/manage-coolmagic.py
 mode change 100755 => 100644 examples/manage-couchy.py
 mode change 100755 => 100644 examples/manage-cupoftee.py
 mode change 100755 => 100644 examples/manage-i18nurls.py
 mode change 100755 => 100644 examples/manage-plnt.py
 mode change 100755 => 100644 examples/manage-shorty.py
 mode change 100755 => 100644 examples/manage-simplewiki.py
 mode change 100755 => 100644 examples/manage-webpylike.py

diff --git a/examples/manage-coolmagic.py b/examples/manage-coolmagic.py
old mode 100755
new mode 100644
diff --git a/examples/manage-couchy.py b/examples/manage-couchy.py
old mode 100755
new mode 100644
diff --git a/examples/manage-cupoftee.py b/examples/manage-cupoftee.py
old mode 100755
new mode 100644
diff --git a/examples/manage-i18nurls.py b/examples/manage-i18nurls.py
old mode 100755
new mode 100644
diff --git a/examples/manage-plnt.py b/examples/manage-plnt.py
old mode 100755
new mode 100644
diff --git a/examples/manage-shorty.py b/examples/manage-shorty.py
old mode 100755
new mode 100644
diff --git a/examples/manage-simplewiki.py b/examples/manage-simplewiki.py
old mode 100755
new mode 100644
diff --git a/examples/manage-webpylike.py b/examples/manage-webpylike.py
old mode 100755
new mode 100644

From 7ad76a7ea653340089e4ac5b40310d3af0b2a7a0 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 16 Nov 2021 09:55:46 -0800
Subject: [PATCH 554/733] remove filesystem module

---
 CHANGES.rst                            |  3 ++
 docs/filesystem.rst                    | 11 ------
 docs/index.rst                         |  1 -
 docs/unicode.rst                       | 19 ---------
 src/werkzeug/datastructures.py         | 25 ++++++------
 src/werkzeug/debug/tbtools.py          |  4 +-
 src/werkzeug/filesystem.py             | 55 --------------------------
 src/werkzeug/middleware/shared_data.py |  9 +----
 8 files changed, 19 insertions(+), 108 deletions(-)
 delete mode 100644 docs/filesystem.rst
 delete mode 100644 src/werkzeug/filesystem.py

diff --git a/CHANGES.rst b/CHANGES.rst
index 3f979f322..c2a68f122 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -47,6 +47,9 @@ Unreleased
     -   Remove ``format_string``, use :class:`string.Template` instead.
     -   Remove ``escape`` and ``unescape``. Use MarkupSafe instead.
 
+-   Rely on :pep:`538` and :pep:`540` to handle decoding file names
+    with the correct filesystem encoding. The ``filesystem`` module is
+    removed. :issue:`1760`
 -   Default values passed to ``Headers`` are validated the same way
     values added later are. :issue:`1608`
 -   Setting ``CacheControl`` int properties, such as ``max_age``, will
diff --git a/docs/filesystem.rst b/docs/filesystem.rst
deleted file mode 100644
index 0ac92838a..000000000
--- a/docs/filesystem.rst
+++ /dev/null
@@ -1,11 +0,0 @@
-====================
-Filesystem Utilities
-====================
-
-Various utilities for the local filesystem.
-
-.. module:: werkzeug.filesystem
-
-.. autoclass:: BrokenFilesystemWarning
-
-.. autofunction:: get_filesystem_encoding
diff --git a/docs/index.rst b/docs/index.rst
index ef3be8b52..c4f00194d 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -47,7 +47,6 @@ Reference
    wrappers
    routing
    wsgi
-   filesystem
    http
    datastructures
    utils
diff --git a/docs/unicode.rst b/docs/unicode.rst
index abeff1389..30f76f5dd 100644
--- a/docs/unicode.rst
+++ b/docs/unicode.rst
@@ -74,22 +74,3 @@ The error handling can only be changed for the request. Werkzeug will
 always raise errors when encoding to bytes in the response. It's your
 responsibility to not create data that is not present in the target
 charset. This is not an issue for UTF-8.
-
-.. _filesystem-encoding:
-
-The Filesystem
-==============
-
-.. versionchanged:: 0.11
-
-Several bug reports against Werkzeug have shown that the value of
-:py:func:`sys.getfilesystemencoding` cannot be trusted under traditional
-UNIX systems. Usually this occurs due to a misconfigured system where
-``LANG`` and similar environment variables are not set. In such cases,
-Python defaults to ASCII as the filesystem encoding, a very conservative
-default that is usually wrong and causes more problems than it avoids.
-
-If Werkzeug detects it's running in a misconfigured environment, it will
-assume the filesystem encoding is ``UTF-8`` and issue a warning.
-
-See :mod:`werkzeug.filesystem`.
diff --git a/src/werkzeug/datastructures.py b/src/werkzeug/datastructures.py
index d44bd16c3..cdb578f3a 100644
--- a/src/werkzeug/datastructures.py
+++ b/src/werkzeug/datastructures.py
@@ -1,6 +1,7 @@
 import base64
 import codecs
 import mimetypes
+import os
 import re
 from collections.abc import Collection
 from collections.abc import MutableSet
@@ -10,9 +11,7 @@
 from os import fspath
 
 from . import exceptions
-from ._internal import _make_encode_wrapper
 from ._internal import _missing
-from .filesystem import get_filesystem_encoding
 
 
 def is_immutable(self):
@@ -2906,22 +2905,22 @@ def __init__(
         self.name = name
         self.stream = stream or BytesIO()
 
-        # if no filename is provided we can attempt to get the filename
-        # from the stream object passed.  There we have to be careful to
-        # skip things like ,  etc.  Python marks these
-        # special filenames with angular brackets.
+        # If no filename is provided, attempt to get the filename from
+        # the stream object. Python names special streams like
+        # ```` with angular brackets, skip these streams.
         if filename is None:
             filename = getattr(stream, "name", None)
-            s = _make_encode_wrapper(filename)
-            if filename and filename[0] == s("<") and filename[-1] == s(">"):
-                filename = None
 
-            # Make sure the filename is not bytes. This might happen if
-            # the file was opened from the bytes API.
-            if isinstance(filename, bytes):
-                filename = filename.decode(get_filesystem_encoding(), "replace")
+            if filename is not None:
+                filename = os.fsdecode(filename)
+
+            if filename and filename[0] == "<" and filename[-1] == ">":
+                filename = None
+        else:
+            filename = os.fsdecode(filename)
 
         self.filename = filename
+
         if headers is None:
             headers = Headers()
         self.headers = headers
diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py
index 5ffd65422..f9ea7b687 100644
--- a/src/werkzeug/debug/tbtools.py
+++ b/src/werkzeug/debug/tbtools.py
@@ -12,7 +12,6 @@
 from types import TracebackType
 
 from .._internal import _to_str
-from ..filesystem import get_filesystem_encoding
 from ..utils import cached_property
 from .console import Console
 
@@ -440,7 +439,8 @@ def __init__(
         # if it's a file on the file system resolve the real filename.
         if os.path.isfile(fn):
             fn = os.path.realpath(fn)
-        self.filename = _to_str(fn, get_filesystem_encoding())
+
+        self.filename = os.fsdecode(fn)
         self.module = self.globals.get("__name__", self.locals.get("__name__"))
         self.loader = self.globals.get("__loader__", self.locals.get("__loader__"))
         self.code = tb.tb_frame.f_code
diff --git a/src/werkzeug/filesystem.py b/src/werkzeug/filesystem.py
deleted file mode 100644
index 16eb58611..000000000
--- a/src/werkzeug/filesystem.py
+++ /dev/null
@@ -1,55 +0,0 @@
-import codecs
-import sys
-import typing as t
-import warnings
-
-# We do not trust traditional unixes.
-has_likely_buggy_unicode_filesystem = (
-    sys.platform.startswith("linux") or "bsd" in sys.platform
-)
-
-
-def _is_ascii_encoding(encoding: t.Optional[str]) -> bool:
-    """Given an encoding this figures out if the encoding is actually ASCII (which
-    is something we don't actually want in most cases). This is necessary
-    because ASCII comes under many names such as ANSI_X3.4-1968.
-    """
-    if encoding is None:
-        return False
-    try:
-        return codecs.lookup(encoding).name == "ascii"
-    except LookupError:
-        return False
-
-
-class BrokenFilesystemWarning(RuntimeWarning, UnicodeWarning):
-    """The warning used by Werkzeug to signal a broken filesystem. Will only be
-    used once per runtime."""
-
-
-_warned_about_filesystem_encoding = False
-
-
-def get_filesystem_encoding() -> str:
-    """Returns the filesystem encoding that should be used. Note that this is
-    different from the Python understanding of the filesystem encoding which
-    might be deeply flawed. Do not use this value against Python's string APIs
-    because it might be different. See :ref:`filesystem-encoding` for the exact
-    behavior.
-
-    The concept of a filesystem encoding in general is not something you
-    should rely on. As such if you ever need to use this function except for
-    writing wrapper code reconsider.
-    """
-    global _warned_about_filesystem_encoding
-    rv = sys.getfilesystemencoding()
-    if has_likely_buggy_unicode_filesystem and not rv or _is_ascii_encoding(rv):
-        if not _warned_about_filesystem_encoding:
-            warnings.warn(
-                "Detected a misconfigured UNIX filesystem: Will use"
-                f" UTF-8 as filesystem encoding instead of {rv!r}",
-                BrokenFilesystemWarning,
-            )
-            _warned_about_filesystem_encoding = True
-        return "utf-8"
-    return rv
diff --git a/src/werkzeug/middleware/shared_data.py b/src/werkzeug/middleware/shared_data.py
index ac7f68715..2ec396c53 100644
--- a/src/werkzeug/middleware/shared_data.py
+++ b/src/werkzeug/middleware/shared_data.py
@@ -19,7 +19,6 @@
 from time import time
 from zlib import adler32
 
-from ..filesystem import get_filesystem_encoding
 from ..http import http_date
 from ..http import is_resource_modified
 from ..security import safe_join
@@ -217,13 +216,9 @@ def loader(
         return loader
 
     def generate_etag(self, mtime: datetime, file_size: int, real_filename: str) -> str:
-        if not isinstance(real_filename, bytes):
-            real_filename = real_filename.encode(  # type: ignore
-                get_filesystem_encoding()
-            )
-
+        real_filename = os.fsencode(real_filename)
         timestamp = mtime.timestamp()
-        checksum = adler32(real_filename) & 0xFFFFFFFF  # type: ignore
+        checksum = adler32(real_filename) & 0xFFFFFFFF
         return f"wzsdm-{timestamp}-{file_size}-{checksum}"
 
     def __call__(

From 3afa6ce76121a9012b423661c6ffae1f3d28acd3 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 16 Nov 2021 13:18:54 -0800
Subject: [PATCH 555/733] always use socket.fromfd

---
 CHANGES.rst             |  2 ++
 src/werkzeug/serving.py | 25 +++----------------------
 2 files changed, 5 insertions(+), 22 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index c2a68f122..a029ba6f8 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -54,6 +54,8 @@ Unreleased
     values added later are. :issue:`1608`
 -   Setting ``CacheControl`` int properties, such as ``max_age``, will
     convert the value to an int. :issue:`2230`
+-   Always use ``socket.fromfd`` when restarting the dev server.
+    :pr:`2287`
 
 
 Version 2.0.2
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index aa957a612..3b0c55d1d 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -13,7 +13,6 @@
 """
 import io
 import os
-import platform
 import socket
 import socketserver
 import sys
@@ -68,7 +67,6 @@ class ForkingMixIn:  # type: ignore
     af_unix = None  # type: ignore
 
 LISTEN_QUEUE = 128
-can_open_by_fd = not platform.system() == "Windows" and hasattr(socket, "fromfd")
 
 _TSSLContextArg = t.Optional[
     t.Union["ssl.SSLContext", t.Tuple[str, t.Optional[str]], "te.Literal['adhoc']"]
@@ -946,13 +944,6 @@ def inner() -> None:
         # reloader we want to open up a socket early to make sure the
         # port is actually available.
         if not is_running_from_reloader():
-            if port == 0 and not can_open_by_fd:
-                raise ValueError(
-                    "Cannot bind to a random port with enabled "
-                    "reloader if the Python interpreter does "
-                    "not support socket opening by fd."
-                )
-
             # Create and destroy a socket so that any exceptions are
             # raised before we spawn a separate Python interpreter and
             # lose this ability.
@@ -962,19 +953,9 @@ def inner() -> None:
             s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
             s.bind(server_address)
             s.set_inheritable(True)
-
-            # If we can open the socket by file descriptor, then we can just
-            # reuse this one and our socket will survive the restarts.
-            if can_open_by_fd:
-                os.environ["WERKZEUG_SERVER_FD"] = str(s.fileno())
-                s.listen(LISTEN_QUEUE)
-                log_startup(s)
-            else:
-                s.close()
-                if address_family == af_unix:
-                    server_address = t.cast(str, server_address)
-                    _log("info", "Unlinking %s", server_address)
-                    os.unlink(server_address)
+            os.environ["WERKZEUG_SERVER_FD"] = str(s.fileno())
+            s.listen(LISTEN_QUEUE)
+            log_startup(s)
 
         from ._reloader import run_with_reloader as _rwr
 

From 18872bf5807c96e78dc25b420fac54ac7c09e4a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Harald=20Jens=C3=A5s?= 
Date: Mon, 18 Oct 2021 20:09:29 +0200
Subject: [PATCH 556/733] ProxyFix supports IPv6

---
 CHANGES.rst                          |  1 +
 src/werkzeug/middleware/proxy_fix.py | 14 +++++++-------
 tests/middleware/test_proxy_fix.py   | 18 ++++++++++++++++++
 3 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index c4343c445..f423b7ed1 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -42,6 +42,7 @@ Released 2021-10-05
 -   The interactive debugger handles displaying an exception that does
     not have a traceback, such as from ``ProcessPoolExecutor``.
     :issue:`2217`
+-   ``ProxyFix`` supports IPv6 addresses. :issue:`2262`
 
 
 Version 2.0.1
diff --git a/src/werkzeug/middleware/proxy_fix.py b/src/werkzeug/middleware/proxy_fix.py
index e90b1b34e..4cef7cc80 100644
--- a/src/werkzeug/middleware/proxy_fix.py
+++ b/src/werkzeug/middleware/proxy_fix.py
@@ -163,18 +163,18 @@ def __call__(
 
         x_host = self._get_real_value(self.x_host, environ_get("HTTP_X_FORWARDED_HOST"))
         if x_host:
-            environ["HTTP_HOST"] = x_host
-            parts = x_host.split(":", 1)
-            environ["SERVER_NAME"] = parts[0]
-            if len(parts) == 2:
-                environ["SERVER_PORT"] = parts[1]
+            environ["HTTP_HOST"] = environ["SERVER_NAME"] = x_host
+            # "]" to check for IPv6 address without port
+            if ":" in x_host and not x_host.endswith("]"):
+                environ["SERVER_NAME"], environ["SERVER_PORT"] = x_host.rsplit(":", 1)
 
         x_port = self._get_real_value(self.x_port, environ_get("HTTP_X_FORWARDED_PORT"))
         if x_port:
             host = environ.get("HTTP_HOST")
             if host:
-                parts = host.split(":", 1)
-                host = parts[0] if len(parts) == 2 else host
+                # "]" to check for IPv6 address without port
+                if ":" in host and not host.endswith("]"):
+                    host = host.rsplit(":", 1)[0]
                 environ["HTTP_HOST"] = f"{host}:{x_port}"
             environ["SERVER_PORT"] = x_port
 
diff --git a/tests/middleware/test_proxy_fix.py b/tests/middleware/test_proxy_fix.py
index 8fc1310d2..abbc05c33 100644
--- a/tests/middleware/test_proxy_fix.py
+++ b/tests/middleware/test_proxy_fix.py
@@ -138,6 +138,24 @@
             "http://spam/eggs/",
             id="prefix < for",
         ),
+        pytest.param(
+            {"x_host": 1},
+            {"HTTP_HOST": "spam", "HTTP_X_FORWARDED_HOST": "[2001:db8::a]"},
+            "http://[2001:db8::a]/",
+            id="ipv6 host",
+        ),
+        pytest.param(
+            {"x_port": 1},
+            {"HTTP_HOST": "[2001:db8::a]", "HTTP_X_FORWARDED_PORT": "8080"},
+            "http://[2001:db8::a]:8080/",
+            id="ipv6 port, host without port",
+        ),
+        pytest.param(
+            {"x_port": 1},
+            {"HTTP_HOST": "[2001:db8::a]:9000", "HTTP_X_FORWARDED_PORT": "8080"},
+            "http://[2001:db8::a]:8080/",
+            id="ipv6 - port, host with port",
+        ),
     ),
 )
 def test_proxy_fix(kwargs, base, url_root):

From 3d3d925bfd65f9c9b6aa4823ca445b467d0d966f Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 16 Nov 2021 13:50:16 -0800
Subject: [PATCH 557/733] 2.0.3 changelog

---
 CHANGES.rst | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index f423b7ed1..9b8a232f9 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,5 +1,13 @@
 .. currentmodule:: werkzeug
 
+Version 2.0.3
+-------------
+
+Unreleased
+
+-   ``ProxyFix`` supports IPv6 addresses. :issue:`2262`
+
+
 Version 2.0.2
 -------------
 
@@ -42,7 +50,6 @@ Released 2021-10-05
 -   The interactive debugger handles displaying an exception that does
     not have a traceback, such as from ``ProcessPoolExecutor``.
     :issue:`2217`
--   ``ProxyFix`` supports IPv6 addresses. :issue:`2262`
 
 
 Version 2.0.1

From fadd7f7a90c3db3acfa2919e1d3db25df82506df Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 15 Dec 2021 06:21:26 -0800
Subject: [PATCH 558/733] update requirements

---
 requirements/dev.txt    | 38 +++++++++++++++++++-------------------
 requirements/docs.txt   | 16 ++++++++--------
 requirements/tests.txt  | 10 +++++-----
 requirements/typing.txt |  4 ++--
 4 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index dc9958797..48d07a04e 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -10,7 +10,7 @@ attrs==21.2.0
     # via pytest
 babel==2.9.1
     # via sphinx
-backports.entry-points-selectable==1.1.0
+backports.entry-points-selectable==1.1.1
     # via virtualenv
 certifi==2021.10.8
     # via requests
@@ -18,31 +18,31 @@ cffi==1.15.0
     # via cryptography
 cfgv==3.3.1
     # via pre-commit
-charset-normalizer==2.0.7
+charset-normalizer==2.0.9
     # via requests
 click==8.0.3
     # via pip-tools
-cryptography==35.0.0
+cryptography==36.0.1
     # via -r requirements/tests.in
-distlib==0.3.3
+distlib==0.3.4
     # via virtualenv
 docutils==0.17.1
     # via sphinx
-filelock==3.3.2
+filelock==3.4.0
     # via
     #   tox
     #   virtualenv
 greenlet==1.1.2
     # via -r requirements/tests.in
-identify==2.3.3
+identify==2.4.0
     # via pre-commit
 idna==3.3
     # via requests
-imagesize==1.2.0
+imagesize==1.3.0
     # via sphinx
 iniconfig==1.1.1
     # via pytest
-jinja2==3.0.2
+jinja2==3.0.3
     # via sphinx
 markupsafe==2.0.1
     # via jinja2
@@ -52,13 +52,13 @@ mypy-extensions==0.4.3
     # via mypy
 nodeenv==1.6.0
     # via pre-commit
-packaging==21.2
+packaging==21.3
     # via
     #   pallets-sphinx-themes
     #   pytest
     #   sphinx
     #   tox
-pallets-sphinx-themes==2.0.1
+pallets-sphinx-themes==2.0.2
     # via -r requirements/docs.in
 pep517==0.12.0
     # via pip-tools
@@ -70,7 +70,7 @@ pluggy==1.0.0
     # via
     #   pytest
     #   tox
-pre-commit==2.15.0
+pre-commit==2.16.0
     # via -r requirements/dev.in
 psutil==5.8.0
     # via pytest-xprocess
@@ -78,18 +78,18 @@ py==1.11.0
     # via
     #   pytest
     #   tox
-pycparser==2.20
+pycparser==2.21
     # via cffi
 pygments==2.10.0
     # via sphinx
-pyparsing==2.4.7
+pyparsing==3.0.6
     # via packaging
 pytest==6.2.5
     # via
     #   -r requirements/tests.in
     #   pytest-timeout
     #   pytest-xprocess
-pytest-timeout==2.0.1
+pytest-timeout==2.0.2
     # via -r requirements/tests.in
 pytest-xprocess==0.18.1
     # via -r requirements/tests.in
@@ -103,9 +103,9 @@ six==1.16.0
     # via
     #   tox
     #   virtualenv
-snowballstemmer==2.1.0
+snowballstemmer==2.2.0
     # via sphinx
-sphinx==4.2.0
+sphinx==4.3.1
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
@@ -133,7 +133,7 @@ toml==0.10.2
     #   pre-commit
     #   pytest
     #   tox
-tomli==1.2.2
+tomli==2.0.0
     # via pep517
 tox==3.24.4
     # via -r requirements/dev.in
@@ -141,9 +141,9 @@ types-contextvars==2.4.0
     # via -r requirements/typing.in
 types-dataclasses==0.6.1
     # via -r requirements/typing.in
-types-setuptools==57.4.2
+types-setuptools==57.4.4
     # via -r requirements/typing.in
-typing-extensions==3.10.0.2
+typing-extensions==4.0.1
     # via mypy
 urllib3==1.26.7
     # via requests
diff --git a/requirements/docs.txt b/requirements/docs.txt
index bd47a92d7..7c6018881 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -10,35 +10,35 @@ babel==2.9.1
     # via sphinx
 certifi==2021.10.8
     # via requests
-charset-normalizer==2.0.7
+charset-normalizer==2.0.9
     # via requests
 docutils==0.17.1
     # via sphinx
 idna==3.3
     # via requests
-imagesize==1.2.0
+imagesize==1.3.0
     # via sphinx
-jinja2==3.0.2
+jinja2==3.0.3
     # via sphinx
 markupsafe==2.0.1
     # via jinja2
-packaging==21.2
+packaging==21.3
     # via
     #   pallets-sphinx-themes
     #   sphinx
-pallets-sphinx-themes==2.0.1
+pallets-sphinx-themes==2.0.2
     # via -r requirements/docs.in
 pygments==2.10.0
     # via sphinx
-pyparsing==2.4.7
+pyparsing==3.0.6
     # via packaging
 pytz==2021.3
     # via babel
 requests==2.26.0
     # via sphinx
-snowballstemmer==2.1.0
+snowballstemmer==2.2.0
     # via sphinx
-sphinx==4.2.0
+sphinx==4.3.1
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 2510f0b48..aa43866e8 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -8,13 +8,13 @@ attrs==21.2.0
     # via pytest
 cffi==1.15.0
     # via cryptography
-cryptography==35.0.0
+cryptography==36.0.1
     # via -r requirements/tests.in
 greenlet==1.1.2
     # via -r requirements/tests.in
 iniconfig==1.1.1
     # via pytest
-packaging==21.2
+packaging==21.3
     # via pytest
 pluggy==1.0.0
     # via pytest
@@ -22,16 +22,16 @@ psutil==5.8.0
     # via pytest-xprocess
 py==1.11.0
     # via pytest
-pycparser==2.20
+pycparser==2.21
     # via cffi
-pyparsing==2.4.7
+pyparsing==3.0.6
     # via packaging
 pytest==6.2.5
     # via
     #   -r requirements/tests.in
     #   pytest-timeout
     #   pytest-xprocess
-pytest-timeout==2.0.1
+pytest-timeout==2.0.2
     # via -r requirements/tests.in
 pytest-xprocess==0.18.1
     # via -r requirements/tests.in
diff --git a/requirements/typing.txt b/requirements/typing.txt
index 3ecff4a47..f65f03195 100644
--- a/requirements/typing.txt
+++ b/requirements/typing.txt
@@ -14,7 +14,7 @@ types-contextvars==2.4.0
     # via -r requirements/typing.in
 types-dataclasses==0.6.1
     # via -r requirements/typing.in
-types-setuptools==57.4.2
+types-setuptools==57.4.4
     # via -r requirements/typing.in
-typing-extensions==3.10.0.2
+typing-extensions==4.0.1
     # via mypy

From 15693ecaa6e1acb9e10e23e11ef467edc11947e7 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 15 Dec 2021 06:21:38 -0800
Subject: [PATCH 559/733] update pre-commit hooks

---
 .pre-commit-config.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index a63d8e0d3..f4879c821 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,7 +2,7 @@ ci:
   autoupdate_schedule: monthly
 repos:
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.29.0
+    rev: v2.29.1
     hooks:
       - id: pyupgrade
         args: ["--py36-plus"]
@@ -18,7 +18,7 @@ repos:
         files: "^examples/"
         args: ["--application-directories", "examples"]
   - repo: https://github.com/psf/black
-    rev: 21.10b0
+    rev: 21.12b0
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8

From 5e890bccd38aaea3998004727229f0d5583e73e4 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 15 Dec 2021 06:21:49 -0800
Subject: [PATCH 560/733] run pre-commit on all files

---
 src/werkzeug/local.py | 1 -
 tests/test_local.py   | 1 -
 2 files changed, 2 deletions(-)

diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index b4dee7b4d..273c87844 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -66,7 +66,6 @@ def __release_local__(storage: t.Any) -> None:
         # removed, see "Fake" version below.
         storage.set({})
 
-
 except (ImportError, _CannotUseContextVar):
 
     class ContextVar:  # type: ignore
diff --git a/tests/test_local.py b/tests/test_local.py
index b5c392890..d434a8403 100644
--- a/tests/test_local.py
+++ b/tests/test_local.py
@@ -17,7 +17,6 @@
     def run_async(coro):
         return asyncio.get_event_loop().run_until_complete(coro)
 
-
 else:
 
     def run_async(coro):

From 02263b216ef17628085dcb0e1365647a021f47a7 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 15 Dec 2021 06:28:03 -0800
Subject: [PATCH 561/733] exclude greenlet tests on python 3.11

---
 requirements/dev.txt   | 2 +-
 requirements/tests.in  | 2 +-
 requirements/tests.txt | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 48d07a04e..74aaaf29f 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -32,7 +32,7 @@ filelock==3.4.0
     # via
     #   tox
     #   virtualenv
-greenlet==1.1.2
+greenlet==1.1.2 ; python_version < "3.11"
     # via -r requirements/tests.in
 identify==2.4.0
     # via pre-commit
diff --git a/requirements/tests.in b/requirements/tests.in
index d75196c77..c12fb58f3 100644
--- a/requirements/tests.in
+++ b/requirements/tests.in
@@ -2,5 +2,5 @@ pytest
 pytest-timeout
 pytest-xprocess
 cryptography
-greenlet
+greenlet; python_version < "3.11"
 watchdog
diff --git a/requirements/tests.txt b/requirements/tests.txt
index aa43866e8..1daf3c9a2 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -10,7 +10,7 @@ cffi==1.15.0
     # via cryptography
 cryptography==36.0.1
     # via -r requirements/tests.in
-greenlet==1.1.2
+greenlet==1.1.2 ; python_version < "3.11"
     # via -r requirements/tests.in
 iniconfig==1.1.1
     # via pytest

From 256ca5306d8ba199e7b3af01735383c3bf55d1a3 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 22 Dec 2021 19:47:53 -0700
Subject: [PATCH 562/733] update dependabot config

- prs to maintenance branch
- update github actions
---
 .github/dependabot.yml | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 86e010dff..b0251c75a 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,8 +1,19 @@
 version: 2
 updates:
-- package-ecosystem: pip
-  directory: "/"
+- package-ecosystem: "pip"
+  directory: "/requirements"
+  target-branch: "2.0.x"
+  versioning-strategy: "lockfile-only"
   schedule:
-    interval: monthly
-    time: "08:00"
+    interval: "monthly"
+    day: "monday"
+    time: "16:00"
+    timezone: "UTC"
   open-pull-requests-limit: 99
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "monthly"
+    day: "monday"
+    time: "16:00"
+    timezone: "UTC"

From 53e67238c2f8cc0e97612a6ff77544c9d3a99104 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 22 Dec 2021 19:48:49 -0700
Subject: [PATCH 563/733] update lock action to v3

---
 .github/workflows/lock.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/lock.yaml b/.github/workflows/lock.yaml
index 7128f382b..b4f763387 100644
--- a/.github/workflows/lock.yaml
+++ b/.github/workflows/lock.yaml
@@ -8,8 +8,8 @@ jobs:
   lock:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v2
+      - uses: dessant/lock-threads@v3
         with:
           github-token: ${{ github.token }}
-          issue-lock-inactive-days: 14
-          pr-lock-inactive-days: 14
+          issue-inactive-days: 14
+          pr-inactive-days: 14

From 12b10dc79e07c0ecdf3042738c7a44335152f8a6 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 22 Dec 2021 19:50:10 -0700
Subject: [PATCH 564/733] pre-commit.ci pr to maintenance branch

---
 .pre-commit-config.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index e3351a26b..7e26a49ca 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,4 +1,5 @@
 ci:
+  autoupdate_branch: "2.0.x"
   autoupdate_schedule: monthly
 repos:
   - repo: https://github.com/asottile/pyupgrade

From 34354e06c992aec11a22b21393537ca62d1cf961 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 22 Dec 2021 19:57:29 -0700
Subject: [PATCH 565/733] pin os and python version in rtd build

---
 .readthedocs.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.readthedocs.yaml b/.readthedocs.yaml
index 0c363636f..346900b20 100644
--- a/.readthedocs.yaml
+++ b/.readthedocs.yaml
@@ -1,4 +1,8 @@
 version: 2
+build:
+  os: ubuntu-20.04
+  tools:
+    python: "3.10"
 python:
   install:
     - requirements: requirements/docs.txt

From ba6429ce8a8239dbecf8542557b686f9216c05fc Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 22 Dec 2021 19:57:29 -0700
Subject: [PATCH 566/733] pin os and python version in rtd build

(cherry picked from commit 34354e06c992aec11a22b21393537ca62d1cf961)
---
 .readthedocs.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.readthedocs.yaml b/.readthedocs.yaml
index 0c363636f..346900b20 100644
--- a/.readthedocs.yaml
+++ b/.readthedocs.yaml
@@ -1,4 +1,8 @@
 version: 2
+build:
+  os: ubuntu-20.04
+  tools:
+    python: "3.10"
 python:
   install:
     - requirements: requirements/docs.txt

From 04064c7cd5a0b149e98081247a94f3656d8057c9 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 22 Dec 2021 20:20:08 -0700
Subject: [PATCH 567/733] update requirements

---
 requirements/dev.txt    | 11 ++++++-----
 requirements/docs.txt   |  2 +-
 requirements/typing.txt |  4 ++--
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 74aaaf29f..4a98eca99 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -46,7 +46,7 @@ jinja2==3.0.3
     # via sphinx
 markupsafe==2.0.1
     # via jinja2
-mypy==0.910
+mypy==0.930
     # via -r requirements/typing.in
 mypy-extensions==0.4.3
     # via mypy
@@ -105,7 +105,7 @@ six==1.16.0
     #   virtualenv
 snowballstemmer==2.2.0
     # via sphinx
-sphinx==4.3.1
+sphinx==4.3.2
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
@@ -129,12 +129,13 @@ sphinxcontrib-serializinghtml==1.1.5
     # via sphinx
 toml==0.10.2
     # via
-    #   mypy
     #   pre-commit
     #   pytest
     #   tox
 tomli==2.0.0
-    # via pep517
+    # via
+    #   mypy
+    #   pep517
 tox==3.24.4
     # via -r requirements/dev.in
 types-contextvars==2.4.0
@@ -153,7 +154,7 @@ virtualenv==20.10.0
     #   tox
 watchdog==2.1.6
     # via -r requirements/tests.in
-wheel==0.37.0
+wheel==0.37.1
     # via pip-tools
 
 # The following packages are considered to be unsafe in a requirements file:
diff --git a/requirements/docs.txt b/requirements/docs.txt
index 7c6018881..0a0fd7a81 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -38,7 +38,7 @@ requests==2.26.0
     # via sphinx
 snowballstemmer==2.2.0
     # via sphinx
-sphinx==4.3.1
+sphinx==4.3.2
     # via
     #   -r requirements/docs.in
     #   pallets-sphinx-themes
diff --git a/requirements/typing.txt b/requirements/typing.txt
index f65f03195..b714b8eb2 100644
--- a/requirements/typing.txt
+++ b/requirements/typing.txt
@@ -4,11 +4,11 @@
 #
 #    pip-compile requirements/typing.in
 #
-mypy==0.910
+mypy==0.930
     # via -r requirements/typing.in
 mypy-extensions==0.4.3
     # via mypy
-toml==0.10.2
+tomli==2.0.0
     # via mypy
 types-contextvars==2.4.0
     # via -r requirements/typing.in

From 131ebd1f4172e27e5117b7e3884bb51fcab927b3 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 22 Dec 2021 21:11:09 -0700
Subject: [PATCH 568/733] fix new mypy findings

---
 setup.cfg                                   | 1 +
 src/werkzeug/datastructures.pyi             | 6 +++---
 src/werkzeug/debug/console.py               | 9 ++++++---
 src/werkzeug/http.py                        | 9 +++++++--
 src/werkzeug/local.py                       | 2 +-
 src/werkzeug/serving.py                     | 8 ++++++--
 src/werkzeug/wrappers/accept.py             | 2 +-
 src/werkzeug/wrappers/auth.py               | 4 ++--
 src/werkzeug/wrappers/common_descriptors.py | 4 ++--
 src/werkzeug/wrappers/cors.py               | 4 ++--
 src/werkzeug/wrappers/etag.py               | 4 ++--
 src/werkzeug/wrappers/json.py               | 2 +-
 src/werkzeug/wrappers/request.py            | 4 ++--
 src/werkzeug/wrappers/response.py           | 2 +-
 src/werkzeug/wrappers/user_agent.py         | 2 +-
 15 files changed, 38 insertions(+), 25 deletions(-)

diff --git a/setup.cfg b/setup.cfg
index 47c5426cd..437cb12cc 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -87,6 +87,7 @@ per-file-ignores =
 [mypy]
 files = src/werkzeug
 python_version = 3.6
+show_error_codes = True
 allow_redefinition = True
 disallow_subclassing_any = True
 # disallow_untyped_calls = True
diff --git a/src/werkzeug/datastructures.pyi b/src/werkzeug/datastructures.pyi
index 1fcd4f355..ee6e46d58 100644
--- a/src/werkzeug/datastructures.pyi
+++ b/src/werkzeug/datastructures.pyi
@@ -41,15 +41,15 @@ class ImmutableListMixin(List[V]):
     def __hash__(self) -> int: ...  # type: ignore
     def __delitem__(self, key: Union[SupportsIndex, slice]) -> NoReturn: ...
     def __iadd__(self, other: t.Any) -> NoReturn: ...  # type: ignore
-    def __imul__(self, other: int) -> NoReturn: ...
+    def __imul__(self, other: SupportsIndex) -> NoReturn: ...
     def __setitem__(  # type: ignore
         self, key: Union[int, slice], value: V
     ) -> NoReturn: ...
     def append(self, value: V) -> NoReturn: ...
     def remove(self, value: V) -> NoReturn: ...
     def extend(self, values: Iterable[V]) -> NoReturn: ...
-    def insert(self, pos: int, value: V) -> NoReturn: ...
-    def pop(self, index: int = -1) -> NoReturn: ...
+    def insert(self, pos: SupportsIndex, value: V) -> NoReturn: ...
+    def pop(self, index: SupportsIndex = -1) -> NoReturn: ...
     def reverse(self) -> NoReturn: ...
     def sort(
         self, key: Optional[Callable[[V], Any]] = None, reverse: bool = False
diff --git a/src/werkzeug/debug/console.py b/src/werkzeug/debug/console.py
index da786603a..f1a7b725e 100644
--- a/src/werkzeug/debug/console.py
+++ b/src/werkzeug/debug/console.py
@@ -141,12 +141,15 @@ def __init__(self, globals: t.Dict[str, t.Any], locals: t.Dict[str, t.Any]) -> N
         super().__init__(locals)
         original_compile = self.compile
 
-        def compile(source: str, filename: str, symbol: str) -> CodeType:
+        def compile(source: str, filename: str, symbol: str) -> t.Optional[CodeType]:
             code = original_compile(source, filename, symbol)
-            self.loader.register(code, source)
+
+            if code is not None:
+                self.loader.register(code, source)
+
             return code
 
-        self.compile = compile
+        self.compile = compile  # type: ignore[assignment]
         self.more = False
         self.buffer: t.List[str] = []
 
diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py
index ca48fe215..45799bf10 100644
--- a/src/werkzeug/http.py
+++ b/src/werkzeug/http.py
@@ -445,17 +445,22 @@ def parse_options_header(
                     encoding = continued_encoding
                 continued_encoding = encoding
             option = unquote_header_value(option)
+
             if option_value is not None:
                 option_value = unquote_header_value(option_value, option == "filename")
+
                 if encoding is not None:
                     option_value = _unquote(option_value).decode(encoding)
+
             if count:
                 # Continuations append to the existing value. For
                 # simplicity, this ignores the possibility of
                 # out-of-order indices, which shouldn't happen anyway.
-                options[option] = options.get(option, "") + option_value
+                if option_value is not None:
+                    options[option] = options.get(option, "") + option_value
             else:
-                options[option] = option_value
+                options[option] = option_value  # type: ignore[assignment]
+
             rest = rest[optmatch.end() :]
         result.append(options)
         if multiple is False:
diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index 273c87844..d2c99af57 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -232,7 +232,7 @@ def push(self, obj: t.Any) -> t.List[t.Any]:
         rv = getattr(self._local, "stack", []).copy()
         rv.append(obj)
         self._local.stack = rv
-        return rv  # type: ignore
+        return rv
 
     def pop(self) -> t.Any:
         """Removes the topmost item from the stack, will return the
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index f6f4389c6..80e4192ea 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -234,7 +234,9 @@ def shutdown_server() -> None:
         try:
             # binary_form=False gives nicer information, but wouldn't be compatible with
             # what Nginx or Apache could return.
-            peer_cert = self.connection.getpeercert(binary_form=True)
+            peer_cert = self.connection.getpeercert(  # type: ignore[attr-defined]
+                binary_form=True
+            )
             if peer_cert is not None:
                 # Nginx and Apache use PEM format.
                 environ["SSL_CLIENT_CERT"] = ssl.DER_cert_to_PEM_cert(peer_cert)
@@ -725,7 +727,9 @@ def serve_forever(self, poll_interval: float = 0.5) -> None:
         finally:
             self.server_close()
 
-    def handle_error(self, request: t.Any, client_address: t.Tuple[str, int]) -> None:
+    def handle_error(
+        self, request: t.Any, client_address: t.Union[t.Tuple[str, int], str]
+    ) -> None:
         if self.passthrough_errors:
             raise
 
diff --git a/src/werkzeug/wrappers/accept.py b/src/werkzeug/wrappers/accept.py
index 9605e637d..da24dbad6 100644
--- a/src/werkzeug/wrappers/accept.py
+++ b/src/werkzeug/wrappers/accept.py
@@ -11,4 +11,4 @@ def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)  # type: ignore
+        super().__init__(*args, **kwargs)
diff --git a/src/werkzeug/wrappers/auth.py b/src/werkzeug/wrappers/auth.py
index da31b7cf7..f7f58157a 100644
--- a/src/werkzeug/wrappers/auth.py
+++ b/src/werkzeug/wrappers/auth.py
@@ -11,7 +11,7 @@ def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)  # type: ignore
+        super().__init__(*args, **kwargs)
 
 
 class WWWAuthenticateMixin:
@@ -23,4 +23,4 @@ def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)  # type: ignore
+        super().__init__(*args, **kwargs)
diff --git a/src/werkzeug/wrappers/common_descriptors.py b/src/werkzeug/wrappers/common_descriptors.py
index db87ea5fa..6436b4c1f 100644
--- a/src/werkzeug/wrappers/common_descriptors.py
+++ b/src/werkzeug/wrappers/common_descriptors.py
@@ -11,7 +11,7 @@ def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)  # type: ignore
+        super().__init__(*args, **kwargs)
 
 
 class CommonResponseDescriptorsMixin:
@@ -23,4 +23,4 @@ def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)  # type: ignore
+        super().__init__(*args, **kwargs)
diff --git a/src/werkzeug/wrappers/cors.py b/src/werkzeug/wrappers/cors.py
index 89cf83ef8..efd8537b6 100644
--- a/src/werkzeug/wrappers/cors.py
+++ b/src/werkzeug/wrappers/cors.py
@@ -11,7 +11,7 @@ def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)  # type: ignore
+        super().__init__(*args, **kwargs)
 
 
 class CORSResponseMixin:
@@ -23,4 +23,4 @@ def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)  # type: ignore
+        super().__init__(*args, **kwargs)
diff --git a/src/werkzeug/wrappers/etag.py b/src/werkzeug/wrappers/etag.py
index 2e9015a58..9131b9300 100644
--- a/src/werkzeug/wrappers/etag.py
+++ b/src/werkzeug/wrappers/etag.py
@@ -11,7 +11,7 @@ def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)  # type: ignore
+        super().__init__(*args, **kwargs)
 
 
 class ETagResponseMixin:
@@ -23,4 +23,4 @@ def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)  # type: ignore
+        super().__init__(*args, **kwargs)
diff --git a/src/werkzeug/wrappers/json.py b/src/werkzeug/wrappers/json.py
index ab6ed7ba9..a4dd7c27d 100644
--- a/src/werkzeug/wrappers/json.py
+++ b/src/werkzeug/wrappers/json.py
@@ -10,4 +10,4 @@ def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)  # type: ignore
+        super().__init__(*args, **kwargs)
diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py
index 700cda04c..f68dd5a1d 100644
--- a/src/werkzeug/wrappers/request.py
+++ b/src/werkzeug/wrappers/request.py
@@ -426,7 +426,7 @@ def get_data(
                 self._cached_data = rv
         if as_text:
             rv = rv.decode(self.charset, self.encoding_errors)
-        return rv  # type: ignore
+        return rv
 
     @cached_property
     def form(self) -> "ImmutableMultiDict[str, str]":
@@ -632,7 +632,7 @@ def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
             stacklevel=2,
         )
         kwargs["shallow"] = True
-        super().__init__(*args, **kwargs)  # type: ignore
+        super().__init__(*args, **kwargs)
 
 
 class PlainRequest(StreamOnlyMixin, Request):
diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py
index d365c4e09..8ae7b106e 100644
--- a/src/werkzeug/wrappers/response.py
+++ b/src/werkzeug/wrappers/response.py
@@ -887,4 +887,4 @@ def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)  # type: ignore
+        super().__init__(*args, **kwargs)
diff --git a/src/werkzeug/wrappers/user_agent.py b/src/werkzeug/wrappers/user_agent.py
index 184ffd023..e69ab0550 100644
--- a/src/werkzeug/wrappers/user_agent.py
+++ b/src/werkzeug/wrappers/user_agent.py
@@ -11,4 +11,4 @@ def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
             DeprecationWarning,
             stacklevel=2,
         )
-        super().__init__(*args, **kwargs)  # type: ignore
+        super().__init__(*args, **kwargs)

From 5100c9b6263992339c51af632de8eff2f736bc05 Mon Sep 17 00:00:00 2001
From: Zach Miller 
Date: Tue, 30 Nov 2021 20:15:33 -0500
Subject: [PATCH 569/733] fix typing for request_or_environ parameters

---
 CHANGES.rst                       |  4 ++++
 src/werkzeug/exceptions.py        |  3 ++-
 src/werkzeug/routing.py           | 19 ++++++++++---------
 src/werkzeug/wrappers/response.py |  3 ++-
 4 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 9b8a232f9..6f3a9d78b 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -6,6 +6,10 @@ Version 2.0.3
 Unreleased
 
 -   ``ProxyFix`` supports IPv6 addresses. :issue:`2262`
+-   Type annotation for ``Response.make_conditional``,
+    ``HTTPException.get_response``, and ``Map.bind_to_environ`` accepts
+    ``Request`` in addition to ``WSGIEnvironment`` for the first
+    parameter. :pr:`2290`
 
 
 Version 2.0.2
diff --git a/src/werkzeug/exceptions.py b/src/werkzeug/exceptions.py
index 16c3964d2..8a31c4d33 100644
--- a/src/werkzeug/exceptions.py
+++ b/src/werkzeug/exceptions.py
@@ -57,6 +57,7 @@ def application(request):
     from _typeshed.wsgi import WSGIEnvironment
     from .datastructures import WWWAuthenticate
     from .sansio.response import Response
+    from .wrappers.request import Request as WSGIRequest  # noqa: F401
     from .wrappers.response import Response as WSGIResponse  # noqa: F401
 
 
@@ -189,7 +190,7 @@ def get_headers(
 
     def get_response(
         self,
-        environ: t.Optional["WSGIEnvironment"] = None,
+        environ: t.Optional[t.Union["WSGIEnvironment", "WSGIRequest"]] = None,
         scope: t.Optional[dict] = None,
     ) -> "Response":
         """Get a response object.  If one was passed to the exception
diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index ddb8ef9c1..937b42b05 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -143,6 +143,7 @@
     import typing_extensions as te
     from _typeshed.wsgi import WSGIApplication
     from _typeshed.wsgi import WSGIEnvironment
+    from .wrappers.request import Request
     from .wrappers.response import Response
 
 _rule_re = re.compile(
@@ -266,7 +267,7 @@ def __init__(self, new_url: str) -> None:
 
     def get_response(
         self,
-        environ: t.Optional["WSGIEnvironment"] = None,
+        environ: t.Optional[t.Union["WSGIEnvironment", "Request"]] = None,
         scope: t.Optional[dict] = None,
     ) -> "Response":
         return redirect(self.new_url, self.code)
@@ -1610,7 +1611,7 @@ def bind(
 
     def bind_to_environ(
         self,
-        environ: "WSGIEnvironment",
+        environ: t.Union["WSGIEnvironment", "Request"],
         server_name: t.Optional[str] = None,
         subdomain: t.Optional[str] = None,
     ) -> "MapAdapter":
@@ -1655,15 +1656,15 @@ def bind_to_environ(
         :param server_name: an optional server name hint (see above).
         :param subdomain: optionally the current subdomain (see above).
         """
-        environ = _get_environ(environ)
-        wsgi_server_name = get_host(environ).lower()
-        scheme = environ["wsgi.url_scheme"]
+        env = _get_environ(environ)
+        wsgi_server_name = get_host(env).lower()
+        scheme = env["wsgi.url_scheme"]
         upgrade = any(
             v.strip() == "upgrade"
-            for v in environ.get("HTTP_CONNECTION", "").lower().split(",")
+            for v in env.get("HTTP_CONNECTION", "").lower().split(",")
         )
 
-        if upgrade and environ.get("HTTP_UPGRADE", "").lower() == "websocket":
+        if upgrade and env.get("HTTP_UPGRADE", "").lower() == "websocket":
             scheme = "wss" if scheme == "https" else "ws"
 
         if server_name is None:
@@ -1698,7 +1699,7 @@ def bind_to_environ(
                 subdomain = ".".join(filter(None, cur_server_name[:offset]))
 
         def _get_wsgi_string(name: str) -> t.Optional[str]:
-            val = environ.get(name)
+            val = env.get(name)
             if val is not None:
                 return _wsgi_decoding_dance(val, self.charset)
             return None
@@ -1712,7 +1713,7 @@ def _get_wsgi_string(name: str) -> t.Optional[str]:
             script_name,
             subdomain,
             scheme,
-            environ["REQUEST_METHOD"],
+            env["REQUEST_METHOD"],
             path_info,
             query_args=query_args,
         )
diff --git a/src/werkzeug/wrappers/response.py b/src/werkzeug/wrappers/response.py
index 8ae7b106e..8378e7440 100644
--- a/src/werkzeug/wrappers/response.py
+++ b/src/werkzeug/wrappers/response.py
@@ -26,6 +26,7 @@
     from _typeshed.wsgi import StartResponse
     from _typeshed.wsgi import WSGIApplication
     from _typeshed.wsgi import WSGIEnvironment
+    from .request import Request
 
 
 def _warn_if_string(iterable: t.Iterable) -> None:
@@ -749,7 +750,7 @@ def _process_range_request(
 
     def make_conditional(
         self,
-        request_or_environ: "WSGIEnvironment",
+        request_or_environ: t.Union["WSGIEnvironment", "Request"],
         accept_ranges: t.Union[bool, str] = False,
         complete_length: t.Optional[int] = None,
     ) -> "Response":

From a2b95a7fe0a85506a1dc1e0bd30d6c227a71867b Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 23 Dec 2021 10:10:06 -0700
Subject: [PATCH 570/733] fix type for user_agent_class

---
 CHANGES.rst                    | 1 +
 src/werkzeug/sansio/request.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 6f3a9d78b..fd0f71635 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -10,6 +10,7 @@ Unreleased
     ``HTTPException.get_response``, and ``Map.bind_to_environ`` accepts
     ``Request`` in addition to ``WSGIEnvironment`` for the first
     parameter. :pr:`2290`
+-   Fix type annotation for ``Request.user_agent_class``. :issue:`2273`
 
 
 Version 2.0.2
diff --git a/src/werkzeug/sansio/request.py b/src/werkzeug/sansio/request.py
index 2c21a2134..adafc2686 100644
--- a/src/werkzeug/sansio/request.py
+++ b/src/werkzeug/sansio/request.py
@@ -95,7 +95,7 @@ class Request:
     #: .. versionadded:: 0.6
     list_storage_class: t.Type[t.List] = ImmutableList
 
-    user_agent_class = _DeprecatedUserAgent
+    user_agent_class: t.Type[UserAgent] = _DeprecatedUserAgent
     """The class used and returned by the :attr:`user_agent` property to
     parse the header. Defaults to
     :class:`~werkzeug.user_agent.UserAgent`, which does no parsing. An

From eb73beb4c475ea694a93158a86069e166a2696a1 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 23 Dec 2021 14:25:42 -0700
Subject: [PATCH 571/733] fix proxy fallback for __class__ and __doc__ attrs

---
 CHANGES.rst           |  3 +++
 src/werkzeug/local.py | 30 ++++++++++++++++++++++--------
 tests/test_local.py   | 15 +++++++++++----
 3 files changed, 36 insertions(+), 12 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index fd0f71635..6bbb2e0b1 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -11,6 +11,9 @@ Unreleased
     ``Request`` in addition to ``WSGIEnvironment`` for the first
     parameter. :pr:`2290`
 -   Fix type annotation for ``Request.user_agent_class``. :issue:`2273`
+-   Accessing ``LocalProxy.__class__`` and ``__doc__`` on an unbound
+    proxy returns the fallback value instead of a method object.
+    :issue:`2188`
 
 
 Version 2.0.2
diff --git a/src/werkzeug/local.py b/src/werkzeug/local.py
index d2c99af57..2b2222742 100644
--- a/src/werkzeug/local.py
+++ b/src/werkzeug/local.py
@@ -381,19 +381,23 @@ class _ProxyLookup:
     :param f: The built-in function this attribute is accessed through.
         Instead of looking up the special method, the function call
         is redone on the object.
-    :param fallback: Call this method if the proxy is unbound instead of
-        raising a :exc:`RuntimeError`.
-    :param class_value: Value to return when accessed from the class.
-        Used for ``__doc__`` so building docs still works.
+    :param fallback: Return this function if the proxy is unbound
+        instead of raising a :exc:`RuntimeError`.
+    :param is_attr: This proxied name is an attribute, not a function.
+        Call the fallback immediately to get the value.
+    :param class_value: Value to return when accessed from the
+        ``LocalProxy`` class directly. Used for ``__doc__`` so building
+        docs still works.
     """
 
-    __slots__ = ("bind_f", "fallback", "class_value", "name")
+    __slots__ = ("bind_f", "fallback", "is_attr", "class_value", "name")
 
     def __init__(
         self,
         f: t.Optional[t.Callable] = None,
         fallback: t.Optional[t.Callable] = None,
         class_value: t.Optional[t.Any] = None,
+        is_attr: bool = False,
     ) -> None:
         bind_f: t.Optional[t.Callable[["LocalProxy", t.Any], t.Callable]]
 
@@ -416,6 +420,7 @@ def bind_f(instance: "LocalProxy", obj: t.Any) -> t.Callable:
         self.bind_f = bind_f
         self.fallback = fallback
         self.class_value = class_value
+        self.is_attr = is_attr
 
     def __set_name__(self, owner: "LocalProxy", name: str) -> None:
         self.name = name
@@ -433,7 +438,14 @@ def __get__(self, instance: "LocalProxy", owner: t.Optional[type] = None) -> t.A
             if self.fallback is None:
                 raise
 
-            return self.fallback.__get__(instance, owner)  # type: ignore
+            fallback = self.fallback.__get__(instance, owner)  # type: ignore
+
+            if self.is_attr:
+                # __class__ and __doc__ are attributes, not methods.
+                # Call the fallback to get the value.
+                return fallback()
+
+            return fallback
 
         if self.bind_f is not None:
             return self.bind_f(instance, obj)
@@ -559,7 +571,7 @@ def _get_current_object(self) -> t.Any:
             raise RuntimeError(f"no object bound to {name}") from None
 
     __doc__ = _ProxyLookup(  # type: ignore
-        class_value=__doc__, fallback=lambda self: type(self).__doc__
+        class_value=__doc__, fallback=lambda self: type(self).__doc__, is_attr=True
     )
     # __del__ should only delete the proxy
     __repr__ = _ProxyLookup(  # type: ignore
@@ -591,7 +603,9 @@ def _get_current_object(self) -> t.Any:
     # __weakref__ (__getattr__)
     # __init_subclass__ (proxying metaclass not supported)
     # __prepare__ (metaclass)
-    __class__ = _ProxyLookup(fallback=lambda self: type(self))  # type: ignore
+    __class__ = _ProxyLookup(
+        fallback=lambda self: type(self), is_attr=True
+    )  # type: ignore
     __instancecheck__ = _ProxyLookup(lambda self, other: isinstance(other, self))
     __subclasscheck__ = _ProxyLookup(lambda self, other: issubclass(other, self))
     # __class_getitem__ triggered through __getitem__
diff --git a/tests/test_local.py b/tests/test_local.py
index d434a8403..dbab4e756 100644
--- a/tests/test_local.py
+++ b/tests/test_local.py
@@ -225,13 +225,20 @@ def example():
 
 
 def test_proxy_fallback():
-    def _raises():
-        raise RuntimeError()
+    local_stack = local.LocalStack()
+    local_proxy = local_stack()
 
-    local_proxy = local.LocalProxy(_raises)
     assert repr(local_proxy) == ""
     assert isinstance(local_proxy, local.LocalProxy)
-    assert not isinstance(local_proxy, Thread)
+    assert local_proxy.__class__ is local.LocalProxy
+    assert "LocalProxy" in local_proxy.__doc__
+
+    local_stack.push(42)
+
+    assert repr(local_proxy) == "42"
+    assert isinstance(local_proxy, int)
+    assert local_proxy.__class__ is int
+    assert "int(" in local_proxy.__doc__
 
 
 def test_proxy_unbound():

From 8431de6b2880e22765d7a981d6caafa7add82d95 Mon Sep 17 00:00:00 2001
From: Yourun-Proger 
Date: Mon, 11 Oct 2021 22:03:02 +0300
Subject: [PATCH 572/733] MapAdapter.build only picks first list value for
 MultiDict

---
 CHANGES.rst             | 3 +++
 src/werkzeug/routing.py | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 1d1f6a148..49dc521e9 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -56,6 +56,9 @@ Unreleased
     convert the value to an int. :issue:`2230`
 -   Always use ``socket.fromfd`` when restarting the dev server.
     :pr:`2287`
+-   The behavior of the ``build`` function has been changed,
+    it is no longer flatten a value passed as single-item-list.
+    :issue:`2249`
 
 
 Version 2.0.3
diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index 809308c6e..98ec84c57 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -2301,7 +2301,8 @@ def build(
                         continue
 
                     if len(value) == 1:
-                        value = value[0]
+                        if always_list:
+                            value = value[0]
 
                 temp_values[key] = value
 

From 206d24a6de643dfe4cd43dcac3c1e57222bfc954 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 23 Dec 2021 21:25:20 -0700
Subject: [PATCH 573/733] don't filter or collapse lists when building urls

---
 CHANGES.rst             |   8 ++-
 src/werkzeug/routing.py |  36 ++++--------
 tests/test_routing.py   | 127 +++++++++++++++++++++++++++++-----------
 3 files changed, 109 insertions(+), 62 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 49dc521e9..e7c85ee08 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -56,9 +56,11 @@ Unreleased
     convert the value to an int. :issue:`2230`
 -   Always use ``socket.fromfd`` when restarting the dev server.
     :pr:`2287`
--   The behavior of the ``build`` function has been changed,
-    it is no longer flatten a value passed as single-item-list.
-    :issue:`2249`
+-   When passing a dict of URL values to ``Map.build``, list values do
+    not filter out ``None`` or collapse to a single value. Passing a
+    ``MultiDict`` does collapse single items. This undoes a previous
+    change that made it difficult to pass a list, or ``None`` values in
+    a list, to custom URL converters. :issue:`2249`
 
 
 Version 2.0.3
diff --git a/src/werkzeug/routing.py b/src/werkzeug/routing.py
index 98ec84c57..0a66c41f0 100644
--- a/src/werkzeug/routing.py
+++ b/src/werkzeug/routing.py
@@ -545,10 +545,10 @@ def _prefix_names(src: str) -> ast.stmt:
 _CALL_CONVERTER_CODE_FMT = "self._converters[{elem!r}].to_url()"
 _IF_KWARGS_URL_ENCODE_CODE = """\
 if kwargs:
-    q = '?'
     params = self._encode_query_vars(kwargs)
+    q = "?" if params else ""
 else:
-    q = params = ''
+    q = params = ""
 """
 _IF_KWARGS_URL_ENCODE_AST = _prefix_names(_IF_KWARGS_URL_ENCODE_CODE)
 _URL_ENCODE_AST_NAMES = (_prefix_names("q"), _prefix_names("params"))
@@ -2283,30 +2283,14 @@ def build(
         self.map.update()
 
         if values:
-            temp_values: t.Dict[str, t.Union[t.List[t.Any], t.Any]] = {}
-            always_list = isinstance(values, MultiDict)
-            key: str
-            value: t.Optional[t.Union[t.List[t.Any], t.Any]]
-
-            # For MultiDict, dict.items(values) is like values.lists()
-            # without the call or list coercion overhead.
-            for key, value in dict.items(values):  # type: ignore
-                if value is None:
-                    continue
-
-                if always_list or isinstance(value, (list, tuple)):
-                    value = [v for v in value if v is not None]
-
-                    if not value:
-                        continue
-
-                    if len(value) == 1:
-                        if always_list:
-                            value = value[0]
-
-                temp_values[key] = value
-
-            values = temp_values
+            if isinstance(values, MultiDict):
+                values = {
+                    k: (v[0] if len(v) == 1 else v)
+                    for k, v in dict.items(values)
+                    if len(v) != 0
+                }
+            else:  # plain dict
+                values = {k: v for k, v in values.items() if v is not None}
         else:
             values = {}
 
diff --git a/tests/test_routing.py b/tests/test_routing.py
index be3767d29..e8c7a4299 100644
--- a/tests/test_routing.py
+++ b/tests/test_routing.py
@@ -1,4 +1,5 @@
 import gc
+import typing as t
 import uuid
 
 import pytest
@@ -754,48 +755,108 @@ def test_anyconverter():
 
 
 @pytest.mark.parametrize(
-    ("value", "expect"),
+    ("endpoint", "value", "expect"),
     [
-        (None, ""),
-        ([None], ""),
-        ([None, None], ""),
-        ("", "?extra="),
-        ([""], "?extra="),
-        (1.0, "?extra=1.0"),
-        ([1, 2], "?extra=1&extra=2"),
-        ([1, None, 2], "?extra=1&extra=2"),
-        ([1, "", 2], "?extra=1&extra=&extra=2"),
+        ("int", 1, "/1"),
+        ("int", None, r.BuildError),
+        ("int", [1], TypeError),
+        ("list", [1], "/1"),
+        ("list", [1, None, 2], "/1.None.2"),
+        ("list", 1, TypeError),
     ],
 )
-def test_build_append_unknown(value, expect):
-    map = r.Map([r.Rule("/foo/", endpoint="foo")])
-    adapter = map.bind("example.org", "/", subdomain="test")
-    assert (
-        adapter.build("foo", {"name": "bar", "extra": value})
-        == f"http://example.org/foo/bar{expect}"
+def test_build_values_dict(endpoint, value, expect):
+    class ListConverter(r.BaseConverter):
+        def to_url(self, value: t.Any) -> str:
+            return super().to_url(".".join(map(str, value)))
+
+    url_map = r.Map(
+        [r.Rule("/", endpoint="int"), r.Rule("/", endpoint="list")],
+        converters={"list": ListConverter},
     )
-    assert (
-        adapter.build("foo", {"name": "bar", "extra": value}, append_unknown=False)
-        == "http://example.org/foo/bar"
+    adapter = url_map.bind("localhost")
+
+    if isinstance(expect, str):
+        assert adapter.build(endpoint, {"v": value}) == expect
+    else:
+        with pytest.raises(expect):
+            adapter.build(endpoint, {"v": value})
+
+
+@pytest.mark.parametrize(
+    ("endpoint", "value", "expect"),
+    [
+        ("int", 1, "/1"),
+        ("int", [1], "/1"),
+        ("int", [], r.BuildError),
+        ("int", None, TypeError),
+        ("int", [None], TypeError),
+        ("list", 1, TypeError),
+        ("list", [1], TypeError),
+        ("list", [[1]], "/1"),
+        ("list", [1, None, 2], "/1.None.2"),
+    ],
+)
+def test_build_values_multidict(endpoint, value, expect):
+    class ListConverter(r.BaseConverter):
+        def to_url(self, value: t.Any) -> str:
+            return super().to_url(".".join(map(str, value)))
+
+    url_map = r.Map(
+        [r.Rule("/", endpoint="int"), r.Rule("/", endpoint="list")],
+        converters={"list": ListConverter},
     )
+    adapter = url_map.bind("localhost")
 
+    if isinstance(expect, str):
+        assert adapter.build(endpoint, MultiDict({"v": value})) == expect
+    else:
+        with pytest.raises(expect):
+            adapter.build(endpoint, MultiDict({"v": value}))
 
-def test_build_append_multiple():
-    map = r.Map([r.Rule("/bar/", endpoint="endp")])
-    adapter = map.bind("example.org", "/", subdomain="subd")
-    params = {"foo": 0.815, "x": [1.0, 3.0], "y": 2.0}
-    a, b = adapter.build("endp", params).split("?")
-    assert a == "http://example.org/bar/0.815"
-    assert set(b.split("&")) == set("y=2.0&x=1.0&x=3.0".split("&"))
+
+@pytest.mark.parametrize(
+    ("value", "expect"),
+    [
+        (None, ""),
+        ([None], ""),
+        ([None, None], ""),
+        ("", "?v="),
+        ([""], "?v="),
+        (0, "?v=0"),
+        (1.0, "?v=1.0"),
+        ([1, 2], "?v=1&v=2"),
+        ([1, None, 2], "?v=1&v=2"),
+        ([1, "", 2], "?v=1&v=&v=2"),
+    ],
+)
+def test_build_append_unknown_dict(value, expect):
+    map = r.Map([r.Rule("/", endpoint="a")])
+    adapter = map.bind("localhost")
+    assert adapter.build("a", {"v": value}) == f"/{expect}"
+    assert adapter.build("a", {"v": value}, append_unknown=False) == "/"
 
 
-def test_build_append_multidict():
-    map = r.Map([r.Rule("/bar/", endpoint="endp")])
-    adapter = map.bind("example.org", "/", subdomain="subd")
-    params = MultiDict((("foo", 0.815), ("x", 1.0), ("x", 3.0), ("y", 2.0)))
-    a, b = adapter.build("endp", params).split("?")
-    assert a == "http://example.org/bar/0.815"
-    assert set(b.split("&")) == set("y=2.0&x=1.0&x=3.0".split("&"))
+@pytest.mark.parametrize(
+    ("value", "expect"),
+    [
+        (None, ""),
+        ([None], ""),
+        ([None, None], ""),
+        ("", "?v="),
+        ([""], "?v="),
+        (0, "?v=0"),
+        (1.0, "?v=1.0"),
+        ([1, 2], "?v=1&v=2"),
+        ([1, None, 2], "?v=1&v=2"),
+        ([1, "", 2], "?v=1&v=&v=2"),
+    ],
+)
+def test_build_append_unknown_multidict(value, expect):
+    map = r.Map([r.Rule("/", endpoint="a")])
+    adapter = map.bind("localhost")
+    assert adapter.build("a", MultiDict({"v": value})) == f"/{expect}"
+    assert adapter.build("a", MultiDict({"v": value}), append_unknown=False) == "/"
 
 
 def test_build_drop_none():

From f68879f538c40c74467407c55d8d7c17e8647cc9 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 13 Jan 2022 10:48:57 -0800
Subject: [PATCH 574/733] update requirements

---
 .pre-commit-config.yaml |  4 ++--
 requirements/dev.txt    | 34 ++++++++++++++++------------------
 requirements/docs.txt   | 10 +++++-----
 requirements/tests.txt  |  4 ++--
 requirements/typing.txt |  8 ++++----
 5 files changed, 29 insertions(+), 31 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index f4879c821..2a3a819bc 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,7 +2,7 @@ ci:
   autoupdate_schedule: monthly
 repos:
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.29.1
+    rev: v2.31.0
     hooks:
       - id: pyupgrade
         args: ["--py36-plus"]
@@ -29,7 +29,7 @@ repos:
           - flake8-bugbear
           - flake8-implicit-str-concat
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.0.1
+    rev: v4.1.0
     hooks:
       - id: fix-byte-order-marker
       - id: trailing-whitespace
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 4a98eca99..8806cdd8a 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -6,19 +6,17 @@
 #
 alabaster==0.7.12
     # via sphinx
-attrs==21.2.0
+attrs==21.4.0
     # via pytest
 babel==2.9.1
     # via sphinx
-backports.entry-points-selectable==1.1.1
-    # via virtualenv
 certifi==2021.10.8
     # via requests
 cffi==1.15.0
     # via cryptography
 cfgv==3.3.1
     # via pre-commit
-charset-normalizer==2.0.9
+charset-normalizer==2.0.10
     # via requests
 click==8.0.3
     # via pip-tools
@@ -28,13 +26,13 @@ distlib==0.3.4
     # via virtualenv
 docutils==0.17.1
     # via sphinx
-filelock==3.4.0
+filelock==3.4.2
     # via
     #   tox
     #   virtualenv
 greenlet==1.1.2 ; python_version < "3.11"
     # via -r requirements/tests.in
-identify==2.4.0
+identify==2.4.3
     # via pre-commit
 idna==3.3
     # via requests
@@ -46,7 +44,7 @@ jinja2==3.0.3
     # via sphinx
 markupsafe==2.0.1
     # via jinja2
-mypy==0.930
+mypy==0.931
     # via -r requirements/typing.in
 mypy-extensions==0.4.3
     # via mypy
@@ -64,7 +62,7 @@ pep517==0.12.0
     # via pip-tools
 pip-tools==6.4.0
     # via -r requirements/dev.in
-platformdirs==2.4.0
+platformdirs==2.4.1
     # via virtualenv
 pluggy==1.0.0
     # via
@@ -72,7 +70,7 @@ pluggy==1.0.0
     #   tox
 pre-commit==2.16.0
     # via -r requirements/dev.in
-psutil==5.8.0
+psutil==5.9.0
     # via pytest-xprocess
 py==1.11.0
     # via
@@ -80,7 +78,7 @@ py==1.11.0
     #   tox
 pycparser==2.21
     # via cffi
-pygments==2.10.0
+pygments==2.11.2
     # via sphinx
 pyparsing==3.0.6
     # via packaging
@@ -97,7 +95,7 @@ pytz==2021.3
     # via babel
 pyyaml==6.0
     # via pre-commit
-requests==2.26.0
+requests==2.27.1
     # via sphinx
 six==1.16.0
     # via
@@ -111,7 +109,7 @@ sphinx==4.3.2
     #   pallets-sphinx-themes
     #   sphinx-issues
     #   sphinxcontrib-log-cabinet
-sphinx-issues==1.2.0
+sphinx-issues==3.0.1
     # via -r requirements/docs.in
 sphinxcontrib-applehelp==1.0.2
     # via sphinx
@@ -136,19 +134,19 @@ tomli==2.0.0
     # via
     #   mypy
     #   pep517
-tox==3.24.4
+tox==3.24.5
     # via -r requirements/dev.in
-types-contextvars==2.4.0
+types-contextvars==2.4.1
     # via -r requirements/typing.in
-types-dataclasses==0.6.1
+types-dataclasses==0.6.4
     # via -r requirements/typing.in
-types-setuptools==57.4.4
+types-setuptools==57.4.7
     # via -r requirements/typing.in
 typing-extensions==4.0.1
     # via mypy
-urllib3==1.26.7
+urllib3==1.26.8
     # via requests
-virtualenv==20.10.0
+virtualenv==20.13.0
     # via
     #   pre-commit
     #   tox
diff --git a/requirements/docs.txt b/requirements/docs.txt
index 0a0fd7a81..da7d6e2f5 100644
--- a/requirements/docs.txt
+++ b/requirements/docs.txt
@@ -10,7 +10,7 @@ babel==2.9.1
     # via sphinx
 certifi==2021.10.8
     # via requests
-charset-normalizer==2.0.9
+charset-normalizer==2.0.10
     # via requests
 docutils==0.17.1
     # via sphinx
@@ -28,13 +28,13 @@ packaging==21.3
     #   sphinx
 pallets-sphinx-themes==2.0.2
     # via -r requirements/docs.in
-pygments==2.10.0
+pygments==2.11.2
     # via sphinx
 pyparsing==3.0.6
     # via packaging
 pytz==2021.3
     # via babel
-requests==2.26.0
+requests==2.27.1
     # via sphinx
 snowballstemmer==2.2.0
     # via sphinx
@@ -44,7 +44,7 @@ sphinx==4.3.2
     #   pallets-sphinx-themes
     #   sphinx-issues
     #   sphinxcontrib-log-cabinet
-sphinx-issues==1.2.0
+sphinx-issues==3.0.1
     # via -r requirements/docs.in
 sphinxcontrib-applehelp==1.0.2
     # via sphinx
@@ -60,7 +60,7 @@ sphinxcontrib-qthelp==1.0.3
     # via sphinx
 sphinxcontrib-serializinghtml==1.1.5
     # via sphinx
-urllib3==1.26.7
+urllib3==1.26.8
     # via requests
 
 # The following packages are considered to be unsafe in a requirements file:
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 1daf3c9a2..0c620ccd2 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -4,7 +4,7 @@
 #
 #    pip-compile requirements/tests.in
 #
-attrs==21.2.0
+attrs==21.4.0
     # via pytest
 cffi==1.15.0
     # via cryptography
@@ -18,7 +18,7 @@ packaging==21.3
     # via pytest
 pluggy==1.0.0
     # via pytest
-psutil==5.8.0
+psutil==5.9.0
     # via pytest-xprocess
 py==1.11.0
     # via pytest
diff --git a/requirements/typing.txt b/requirements/typing.txt
index b714b8eb2..fb21e6964 100644
--- a/requirements/typing.txt
+++ b/requirements/typing.txt
@@ -4,17 +4,17 @@
 #
 #    pip-compile requirements/typing.in
 #
-mypy==0.930
+mypy==0.931
     # via -r requirements/typing.in
 mypy-extensions==0.4.3
     # via mypy
 tomli==2.0.0
     # via mypy
-types-contextvars==2.4.0
+types-contextvars==2.4.1
     # via -r requirements/typing.in
-types-dataclasses==0.6.1
+types-dataclasses==0.6.4
     # via -r requirements/typing.in
-types-setuptools==57.4.4
+types-setuptools==57.4.7
     # via -r requirements/typing.in
 typing-extensions==4.0.1
     # via mypy

From 18b9f7e30b30e209711910942746a9d5306eed09 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 13 Jan 2022 10:59:22 -0800
Subject: [PATCH 575/733] tox pypy38

---
 tox.ini | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tox.ini b/tox.ini
index cb24bdaa2..056ca0d94 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,6 +1,6 @@
 [tox]
 envlist =
-    py3{11,10,9,8,7,6},pypy37
+    py3{11,10,9,8,7},pypy3{8,7}
     style
     typing
     docs
@@ -8,7 +8,6 @@ skip_missing_interpreters = true
 
 [testenv]
 deps = -r requirements/tests.txt
-passenv = CI
 commands = pytest -v --tb=short --basetemp={envtmpdir} {posargs}
 
 [testenv:style]

From 9b27fb0e1fcba3b76585e28ca06fce8240149420 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Thu, 13 Jan 2022 14:50:13 -0800
Subject: [PATCH 576/733] update tool config

---
 .github/dependabot.yml      | 19 +++++++++++++++----
 .github/workflows/lock.yaml |  6 +++---
 .pre-commit-config.yaml     |  1 +
 setup.cfg                   |  6 +++---
 tox.ini                     |  3 +--
 5 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 86e010dff..b0251c75a 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,8 +1,19 @@
 version: 2
 updates:
-- package-ecosystem: pip
-  directory: "/"
+- package-ecosystem: "pip"
+  directory: "/requirements"
+  target-branch: "2.0.x"
+  versioning-strategy: "lockfile-only"
   schedule:
-    interval: monthly
-    time: "08:00"
+    interval: "monthly"
+    day: "monday"
+    time: "16:00"
+    timezone: "UTC"
   open-pull-requests-limit: 99
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "monthly"
+    day: "monday"
+    time: "16:00"
+    timezone: "UTC"
diff --git a/.github/workflows/lock.yaml b/.github/workflows/lock.yaml
index 7128f382b..b4f763387 100644
--- a/.github/workflows/lock.yaml
+++ b/.github/workflows/lock.yaml
@@ -8,8 +8,8 @@ jobs:
   lock:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v2
+      - uses: dessant/lock-threads@v3
         with:
           github-token: ${{ github.token }}
-          issue-lock-inactive-days: 14
-          pr-lock-inactive-days: 14
+          issue-inactive-days: 14
+          pr-inactive-days: 14
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 2a3a819bc..5248e7887 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,4 +1,5 @@
 ci:
+  autoupdate_branch: "2.0.x"
   autoupdate_schedule: monthly
 repos:
   - repo: https://github.com/asottile/pyupgrade
diff --git a/setup.cfg b/setup.cfg
index 437cb12cc..cd071938c 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -34,7 +34,7 @@ classifiers =
 [options]
 packages = find:
 package_dir = = src
-include_package_data = true
+include_package_data = True
 python_requires = >= 3.6
 # Dependencies are in setup.py for GitHub's dependency graph.
 
@@ -63,7 +63,7 @@ source =
 # F = flake8 pyflakes
 # W = pycodestyle warnings
 # B9 = bugbear opinions
-# ISC = implicit-str-concat
+# ISC = implicit str concat
 select = B, E, F, W, B9, ISC
 ignore =
     # slice notation whitespace, invalid
@@ -79,7 +79,7 @@ ignore =
 # up to 88 allowed by bugbear B950
 max-line-length = 80
 per-file-ignores =
-    # __init__ modules export names
+    # __init__ exports names
     **/__init__.py: F401
     # LocalProxy assigns lambdas
     src/werkzeug/local.py: E731
diff --git a/tox.ini b/tox.ini
index cb24bdaa2..027538579 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,6 +1,6 @@
 [tox]
 envlist =
-    py3{11,10,9,8,7,6},pypy37
+    py3{11,10,9,8,7,6},pypy3{8,7}
     style
     typing
     docs
@@ -8,7 +8,6 @@ skip_missing_interpreters = true
 
 [testenv]
 deps = -r requirements/tests.txt
-passenv = CI
 commands = pytest -v --tb=short --basetemp={envtmpdir} {posargs}
 
 [testenv:style]

From c6e0548774e641ed80289a12be6eb344e190c836 Mon Sep 17 00:00:00 2001
From: Nikita Sobolev 
Date: Thu, 30 Dec 2021 11:40:26 +0300
Subject: [PATCH 577/733] Change `try/except` to `if sys.platform` in `debug`

---
 src/werkzeug/debug/__init__.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py
index 1d471c411..dbbe9651d 100644
--- a/src/werkzeug/debug/__init__.py
+++ b/src/werkzeug/debug/__init__.py
@@ -90,11 +90,9 @@ def _generate() -> t.Optional[t.Union[str, bytes]]:
             pass
 
         # On Windows, use winreg to get the machine guid.
-        try:
+        if sys.platform == "win32":
             import winreg
-        except ImportError:
-            pass
-        else:
+
             try:
                 with winreg.OpenKey(
                     winreg.HKEY_LOCAL_MACHINE,
@@ -107,7 +105,7 @@ def _generate() -> t.Optional[t.Union[str, bytes]]:
                     guid, guid_type = winreg.QueryValueEx(rk, "MachineGuid")
 
                     if guid_type == winreg.REG_SZ:
-                        return guid.encode("utf-8")  # type: ignore
+                        return guid.encode("utf-8")
 
                     return guid
             except OSError:

From 0ede566f1df585bd8d0c0ff7e8c49addd2f41d44 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 28 May 2021 11:34:46 +0200
Subject: [PATCH 578/733] test client request_uri stays in sync with path

Co-authored-by: Marcel Jackwerth 
---
 CHANGES.rst          |  2 ++
 src/werkzeug/test.py |  4 +++-
 tests/test_test.py   | 16 ++++++++++++++++
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 6bbb2e0b1..48db70514 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -14,6 +14,8 @@ Unreleased
 -   Accessing ``LocalProxy.__class__`` and ``__doc__`` on an unbound
     proxy returns the fallback value instead of a method object.
     :issue:`2188`
+-   Redirects with the test client set ``RAW_URI`` and ``REQUEST_URI``
+    correctly. :issue:`2151`
 
 
 Version 2.0.2
diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py
index 09cb7e89c..b43ca0762 100644
--- a/src/werkzeug/test.py
+++ b/src/werkzeug/test.py
@@ -958,7 +958,9 @@ def resolve_redirect(
         :meta private:
         """
         scheme, netloc, path, qs, anchor = url_parse(response.location)
-        builder = EnvironBuilder.from_environ(response.request.environ, query_string=qs)
+        builder = EnvironBuilder.from_environ(
+            response.request.environ, path=path, query_string=qs
+        )
 
         to_name_parts = netloc.split(":", 1)[0].split(".")
         from_name_parts = builder.server_name.split(".")
diff --git a/tests/test_test.py b/tests/test_test.py
index 25333b2af..806303a8e 100644
--- a/tests/test_test.py
+++ b/tests/test_test.py
@@ -872,6 +872,22 @@ def app(request):
     assert response.get_data(as_text=True) == "/?\n/%3f?"
 
 
+def test_raw_request_uri_redirect():
+    @Request.application
+    def app(request):
+        if request.path == "/first":
+            return redirect("/second")
+
+        path_info = request.path
+        request_uri = request.environ["REQUEST_URI"]
+        return Response("\n".join((path_info, request_uri)))
+
+    client = Client(app)
+    response = client.get("/first", follow_redirects=True)
+    data = response.get_data(as_text=True)
+    assert data == "/second\n/second"
+
+
 def test_deprecated_tuple():
     app = Request.application(lambda r: Response())
     client = Client(app)

From f4b011304f7233502f0035101821c3830a6e7f2e Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 24 Jan 2022 10:31:52 -0800
Subject: [PATCH 579/733] rewrite run_simple docs

---
 setup.cfg               |   2 -
 src/werkzeug/serving.py | 140 +++++++++++++++++++++-------------------
 2 files changed, 74 insertions(+), 68 deletions(-)

diff --git a/setup.cfg b/setup.cfg
index 247831128..bb47d64cd 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -43,8 +43,6 @@ where = src
 
 [tool:pytest]
 testpaths = tests
-filterwarnings =
-    error
 
 [coverage:run]
 branch = True
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index f8bde8db9..37f038f4c 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -631,7 +631,6 @@ def get_interface_ip(family: socket.AddressFamily) -> str:
 
 
 class BaseWSGIServer(HTTPServer):
-
     """Simple single-threaded, single-process WSGI server."""
 
     multithread = False
@@ -711,7 +710,6 @@ def handle_error(
 
 
 class ThreadedWSGIServer(socketserver.ThreadingMixIn, BaseWSGIServer):
-
     """A WSGI server that does threading."""
 
     multithread = True
@@ -719,7 +717,6 @@ class ThreadedWSGIServer(socketserver.ThreadingMixIn, BaseWSGIServer):
 
 
 class ForkingWSGIServer(ForkingMixIn, BaseWSGIServer):
-
     """A WSGI server that does forking."""
 
     multiprocess = True
@@ -807,80 +804,91 @@ def run_simple(
     passthrough_errors: bool = False,
     ssl_context: t.Optional[_TSSLContextArg] = None,
 ) -> None:
-    """Start a WSGI application. Optional features include a reloader,
-    multithreading and fork support.
+    """Start a development server for a WSGI application. Various
+    optional features can be enabled.
 
-    This function has a command-line interface too::
+    .. warning::
 
-        python -m werkzeug.serving --help
+        Do not use the development server when deploying to production.
+        It is intended for use only during local development. It is not
+        designed to be particularly efficient, stable, or secure.
+
+    :param hostname: The host to bind to, for example ``'localhost'``.
+        Can be a domain, IPv4 or IPv6 address, or file path starting
+        with ``unix://`` for a Unix socket.
+    :param port: The port to bind to, for example ``8080``. Using ``0``
+        tells the OS to pick a random free port.
+    :param application: The WSGI application to run.
+    :param use_reloader: Use a reloader process to restart the server
+        process when files are changed.
+    :param use_debugger: Use Werkzeug's debugger, which will show
+        formatted tracebacks on unhandled exceptions.
+    :param use_evalex: Make the debugger interactive. A Python terminal
+        can be opened for any frame in the traceback. Some protection is
+        provided by requiring a PIN, but this should never be enabled
+        on a publicly visible server.
+    :param extra_files: The reloader will watch these files for changes
+        in addition to Python modules. For example, watch a
+        configuration file.
+    :param exclude_patterns: The reloader will ignore changes to any
+        files matching these :mod:`fnmatch` patterns. For example,
+        ignore cache files.
+    :param reloader_interval: How often the reloader tries to check for
+        changes.
+    :param reloader_type: The reloader to use. The ``'stat'`` reloader
+        is built in, but may require significant CPU to watch files. The
+        ``'watchdog'`` reloader is much more efficient but requires
+        installing the ``watchdog`` package first.
+    :param threaded: Handle concurrent requests using threads. Cannot be
+        used with ``processes``.
+    :param processes: Handle concurrent requests using up to this number
+        of processes. Cannot be used with ``threaded``.
+    :param request_handler: Use a different
+        :class:`~BaseHTTPServer.BaseHTTPRequestHandler` subclass to
+        handle requests.
+    :param static_files: A dict mapping URL prefixes to directories to
+        serve static files from using
+        :class:`~werkzeug.middleware.SharedDataMiddleware`.
+    :param passthrough_errors: Don't catch unhandled exceptions at the
+        server level, let the serve crash instead. If ``use_debugger``
+        is enabled, the debugger will still catch such errors.
+    :param ssl_context: Configure TLS to serve over HTTPS. Can be an
+        :class:`ssl.SSLContext` object, a ``(cert_file, key_file)``
+        tuple to create a typical context, or the string ``'adhoc'`` to
+        generate a temporary self-signed certificate.
+
+    .. versionchanged:: 2.1
+        The command-line interface was removed.
 
     .. versionchanged:: 2.0
-        Added ``exclude_patterns`` parameter.
+        Running on ``0.0.0.0`` or ``::`` shows a real IP address that
+        was bound as well as a warning not to run the development server
+        in production.
 
-    .. versionadded:: 0.5
-       `static_files` was added to simplify serving of static files as well
-       as `passthrough_errors`.
+    .. versionchanged:: 2.0
+        The ``exclude_patterns`` parameter was added.
 
-    .. versionadded:: 0.6
-       support for SSL was added.
+    .. versionchanged:: 0.15
+        Bind to a Unix socket by passing a ``hostname`` that starts with
+        ``unix://``.
 
-    .. versionadded:: 0.8
-       Added support for automatically loading a SSL context from certificate
-       file and private key.
+    .. versionchanged:: 0.10
+        Improved the reloader and added support for changing the backend
+        through the ``reloader_type`` parameter.
 
-    .. versionadded:: 0.9
-       Added command-line interface.
+    .. versionchanged:: 0.9
+        A command-line interface was added.
 
-    .. versionadded:: 0.10
-       Improved the reloader and added support for changing the backend
-       through the `reloader_type` parameter.  See :ref:`reloader`
-       for more information.
+    .. versionchanged:: 0.8
+        ``ssl_context`` can be a tuple of paths to the certificate and
+        private key files.
 
-    .. versionchanged:: 0.15
-        Bind to a Unix socket by passing a path that starts with
-        ``unix://`` as the ``hostname``.
+    .. versionchanged:: 0.6
+        The ``ssl_context`` parameter was added.
 
-    :param hostname: The host to bind to, for example ``'localhost'``.
-        If the value is a path that starts with ``unix://`` it will bind
-        to a Unix socket instead of a TCP socket..
-    :param port: The port for the server.  eg: ``8080``
-    :param application: the WSGI application to execute
-    :param use_reloader: should the server automatically restart the python
-                         process if modules were changed?
-    :param use_debugger: should the werkzeug debugging system be used?
-    :param use_evalex: should the exception evaluation feature be enabled?
-    :param extra_files: a list of files the reloader should watch
-                        additionally to the modules.  For example configuration
-                        files.
-    :param exclude_patterns: List of :mod:`fnmatch` patterns to ignore
-        when running the reloader. For example, ignore cache files that
-        shouldn't reload when updated.
-    :param reloader_interval: the interval for the reloader in seconds.
-    :param reloader_type: the type of reloader to use.  The default is
-                          auto detection.  Valid values are ``'stat'`` and
-                          ``'watchdog'``. See :ref:`reloader` for more
-                          information.
-    :param threaded: should the process handle each request in a separate
-                     thread?
-    :param processes: if greater than 1 then handle each request in a new process
-                      up to this maximum number of concurrent processes.
-    :param request_handler: optional parameter that can be used to replace
-                            the default one.  You can use this to replace it
-                            with a different
-                            :class:`~BaseHTTPServer.BaseHTTPRequestHandler`
-                            subclass.
-    :param static_files: a list or dict of paths for static files.  This works
-                         exactly like :class:`SharedDataMiddleware`, it's actually
-                         just wrapping the application in that middleware before
-                         serving.
-    :param passthrough_errors: set this to `True` to disable the error catching.
-                               This means that the server will die on errors but
-                               it can be useful to hook debuggers in (pdb etc.)
-    :param ssl_context: an SSL context for the connection. Either an
-                        :class:`ssl.SSLContext`, a tuple in the form
-                        ``(cert_file, pkey_file)``, the string ``'adhoc'`` if
-                        the server should automatically create one, or ``None``
-                        to disable SSL (which is the default).
+    .. versionchanged:: 0.5
+       The ``static_files`` and ``passthrough_errors`` parameters were
+       added.
     """
     if not isinstance(port, int):
         raise TypeError("port must be an integer")

From 88392eb410af8afbd952651805461e250ea38c9b Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 24 Jan 2022 10:33:26 -0800
Subject: [PATCH 580/733] debugger is applied after static middleware

---
 src/werkzeug/serving.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 37f038f4c..39dca1409 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -892,15 +892,17 @@ def run_simple(
     """
     if not isinstance(port, int):
         raise TypeError("port must be an integer")
-    if use_debugger:
-        from .debug import DebuggedApplication
 
-        application = DebuggedApplication(application, use_evalex)
     if static_files:
         from .middleware.shared_data import SharedDataMiddleware
 
         application = SharedDataMiddleware(application, static_files)
 
+    if use_debugger:
+        from .debug import DebuggedApplication
+
+        application = DebuggedApplication(application, evalex=use_evalex)
+
     def log_startup(sock: socket.socket) -> None:
         all_addresses_message = (
             " * Running on all addresses.\n"

From 9288d2a464db0e871cc327f80009fbcd1b075c69 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 24 Jan 2022 10:41:45 -0800
Subject: [PATCH 581/733] extract log_startup from run_simple

show the loopback IP in addition to the external IP
---
 src/werkzeug/serving.py | 73 +++++++++++++++++++++++------------------
 1 file changed, 41 insertions(+), 32 deletions(-)

diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 39dca1409..d2562f540 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -786,6 +786,41 @@ def is_running_from_reloader() -> bool:
     return os.environ.get("WERKZEUG_RUN_MAIN") == "true"
 
 
+def log_startup(s, *, hostname, ssl_context):
+    """Show information about the address when starting the server."""
+    if s.family == af_unix:
+        _log("info", f" * Running on {hostname} (Press CTRL+C to quit)")
+    else:
+        scheme = "http" if ssl_context is None else "https"
+        port = s.getsockname()[1]
+        messages = []
+        all_addresses_message = (
+            f" * Running on all addresses ({hostname})\n"
+            "   WARNING: This is a development server. Do not use it in"
+            " a production deployment."
+        )
+
+        if hostname == "0.0.0.0":
+            messages.append(all_addresses_message)
+            messages.append(f" * Running on {scheme}://127.0.0.1:{port}")
+            display_hostname = get_interface_ip(socket.AF_INET)
+        elif hostname == "::":
+            messages.append(all_addresses_message)
+            messages.append(f" * Running on {scheme}://[::1]:{port}")
+            display_hostname = get_interface_ip(socket.AF_INET6)
+        else:
+            display_hostname = hostname
+
+        if ":" in display_hostname:
+            display_hostname = f"[{display_hostname}]"
+
+        messages.append(
+            f" * Running on {scheme}://{display_hostname}:{port}"
+            " (Press CTRL+C to quit)"
+        )
+        _log("info", "\n".join(messages))
+
+
 def run_simple(
     hostname: str,
     port: int,
@@ -857,6 +892,10 @@ def run_simple(
         tuple to create a typical context, or the string ``'adhoc'`` to
         generate a temporary self-signed certificate.
 
+    .. versionchanged:: 2.1
+        Running on ``0.0.0.0`` or ``::`` shows the loopback IP in
+        addition to a real IP.
+
     .. versionchanged:: 2.1
         The command-line interface was removed.
 
@@ -903,36 +942,6 @@ def run_simple(
 
         application = DebuggedApplication(application, evalex=use_evalex)
 
-    def log_startup(sock: socket.socket) -> None:
-        all_addresses_message = (
-            " * Running on all addresses.\n"
-            "   WARNING: This is a development server. Do not use it in"
-            " a production deployment."
-        )
-
-        if sock.family == af_unix:
-            _log("info", " * Running on %s (Press CTRL+C to quit)", hostname)
-        else:
-            if hostname == "0.0.0.0":
-                _log("warning", all_addresses_message)
-                display_hostname = get_interface_ip(socket.AF_INET)
-            elif hostname == "::":
-                _log("warning", all_addresses_message)
-                display_hostname = get_interface_ip(socket.AF_INET6)
-            else:
-                display_hostname = hostname
-
-            if ":" in display_hostname:
-                display_hostname = f"[{display_hostname}]"
-
-            _log(
-                "info",
-                " * Running on %s://%s:%d/ (Press CTRL+C to quit)",
-                "http" if ssl_context is None else "https",
-                display_hostname,
-                sock.getsockname()[1],
-            )
-
     def inner() -> None:
         try:
             fd: t.Optional[int] = int(os.environ["WERKZEUG_SERVER_FD"])
@@ -950,7 +959,7 @@ def inner() -> None:
             fd=fd,
         )
         if fd is None:
-            log_startup(srv.socket)
+            log_startup(srv.socket, hostname=hostname, ssl_context=ssl_context)
         srv.serve_forever()
 
     if use_reloader:
@@ -969,7 +978,7 @@ def inner() -> None:
             s.set_inheritable(True)
             os.environ["WERKZEUG_SERVER_FD"] = str(s.fileno())
             s.listen(LISTEN_QUEUE)
-            log_startup(s)
+            log_startup(s, hostname=hostname, ssl_context=ssl_context)
 
         from ._reloader import run_with_reloader as _rwr
 

From feb7af3c1531ae72f738874306bc341e6e00817f Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 24 Jan 2022 11:07:50 -0800
Subject: [PATCH 582/733] rewrite server object docs

---
 src/werkzeug/serving.py | 52 +++++++++++++++++++++++++++--------------
 1 file changed, 35 insertions(+), 17 deletions(-)

diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index d2562f540..714b64e15 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -631,7 +631,10 @@ def get_interface_ip(family: socket.AddressFamily) -> str:
 
 
 class BaseWSGIServer(HTTPServer):
-    """Simple single-threaded, single-process WSGI server."""
+    """A WSGI server that that handles one request at a time.
+
+    Use :func:`make_server` to create a server instance.
+    """
 
     multithread = False
     multiprocess = False
@@ -710,14 +713,22 @@ def handle_error(
 
 
 class ThreadedWSGIServer(socketserver.ThreadingMixIn, BaseWSGIServer):
-    """A WSGI server that does threading."""
+    """A WSGI server that handles concurrent requests in separate
+    threads.
+
+    Use :func:`make_server` to create a server instance.
+    """
 
     multithread = True
     daemon_threads = True
 
 
 class ForkingWSGIServer(ForkingMixIn, BaseWSGIServer):
-    """A WSGI server that does forking."""
+    """A WSGI server that handles concurrent requests in separate forked
+    processes.
+
+    Use :func:`make_server` to create a server instance.
+    """
 
     multiprocess = True
 
@@ -734,9 +745,8 @@ def __init__(
     ) -> None:
         if not can_fork:
             raise ValueError("Your platform does not support forking.")
-        BaseWSGIServer.__init__(
-            self, host, port, app, handler, passthrough_errors, ssl_context, fd
-        )
+
+        super().__init__(host, port, app, handler, passthrough_errors, ssl_context, fd)
         self.max_children = processes
 
 
@@ -751,16 +761,24 @@ def make_server(
     ssl_context: t.Optional[_TSSLContextArg] = None,
     fd: t.Optional[int] = None,
 ) -> BaseWSGIServer:
-    """Create a new server instance that is either threaded, or forks
-    or just processes one request after another.
+    """Create an appropriate WSGI server instance based on the value of
+    ``threaded`` and ``processes``.
+
+    This is called from :func:`run_simple`, but can be used separately
+    to have access to the server object, such as to run it in a separate
+    thread.
+
+    See :func:`run_simple` for parameter docs.
     """
     if threaded and processes > 1:
-        raise ValueError("cannot have a multithreaded and multi process server.")
-    elif threaded:
+        raise ValueError("Cannot have a multi-thread and multi-process server.")
+
+    if threaded:
         return ThreadedWSGIServer(
             host, port, app, request_handler, passthrough_errors, ssl_context, fd=fd
         )
-    elif processes > 1:
+
+    if processes > 1:
         return ForkingWSGIServer(
             host,
             port,
@@ -771,15 +789,15 @@ def make_server(
             ssl_context,
             fd=fd,
         )
-    else:
-        return BaseWSGIServer(
-            host, port, app, request_handler, passthrough_errors, ssl_context, fd=fd
-        )
+
+    return BaseWSGIServer(
+        host, port, app, request_handler, passthrough_errors, ssl_context, fd=fd
+    )
 
 
 def is_running_from_reloader() -> bool:
-    """Checks if the application is running from within the Werkzeug
-    reloader subprocess.
+    """Check if the server is running as a subprocess within the
+    Werkzeug reloader.
 
     .. versionadded:: 0.10
     """

From 41045dd623652e18a978502224384b5fb948400d Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 24 Jan 2022 11:16:40 -0800
Subject: [PATCH 583/733] bind socket manually during server init

this avoids issues when reusing a socket descriptor
---
 src/werkzeug/serving.py | 50 ++++++++++++++++++++++++++---------------
 1 file changed, 32 insertions(+), 18 deletions(-)

diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 714b64e15..e2c3d4258 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -653,34 +653,48 @@ def __init__(
         if handler is None:
             handler = WSGIRequestHandler
 
-        self.address_family = select_address_family(host, port)
-
-        if fd is not None:
-            real_sock = socket.fromfd(fd, self.address_family, socket.SOCK_STREAM)
-            port = 0
+        self.app = app
+        self.passthrough_errors = passthrough_errors
 
-        server_address = get_sockaddr(host, int(port), self.address_family)
+        self.address_family = address_family = select_address_family(host, port)
+        server_address = get_sockaddr(host, int(port), address_family)
 
-        # remove socket file if it already exists
-        if self.address_family == af_unix:
+        # Remove a leftover Unix socket file from a previous run. Don't
+        # remove a file that was set up by run_simple.
+        if address_family == af_unix and fd is None:
             server_address = t.cast(str, server_address)
 
             if os.path.exists(server_address):
                 os.unlink(server_address)
 
-        super().__init__(server_address, handler)  # type: ignore
-
-        self.app = app
-        self.passthrough_errors = passthrough_errors
-        self.host = host
-        self.port = self.socket.getsockname()[1]
+        # Bind and activate will be handled manually, it should only
+        # happen if we're not using a socket that was already set up.
+        super().__init__(
+            server_address,  # type: ignore[arg-type]
+            handler,
+            bind_and_activate=False,
+        )
 
-        # Patch in the original socket.
-        if fd is not None:
-            self.socket.close()
-            self.socket = real_sock
+        if fd is None:
+            # No existing socket descriptor, do bind_and_activate=True.
+            try:
+                self.server_bind()
+                self.server_activate()
+            except BaseException:
+                self.server_close()
+                raise
+        else:
+            # Use the passed in socket directly.
+            self.socket = socket.fromfd(fd, address_family, socket.SOCK_STREAM)
             self.server_address = self.socket.getsockname()
 
+        if address_family == af_unix:
+            self.host = self.server_address
+            self.port = 0
+        else:
+            self.host = self.server_address[0]
+            self.port = self.server_address[1]
+
         if ssl_context is not None:
             if isinstance(ssl_context, tuple):
                 ssl_context = load_ssl_context(*ssl_context)

From 74601150b559c73a8c8732b4c67bbc6377d1a7df Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 24 Jan 2022 13:22:35 -0800
Subject: [PATCH 584/733] run_simple always prepares socket early

Always pass the socket as a file descriptor to the server.
Show instructions for 'address in use' error.
Extract prepare_socket as separate function.
---
 src/werkzeug/serving.py | 124 +++++++++++++++++++++++++++-------------
 1 file changed, 83 insertions(+), 41 deletions(-)

diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index e2c3d4258..07e798add 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -11,6 +11,7 @@
     from myapp import create_app
     from werkzeug import run_simple
 """
+import errno
 import io
 import os
 import socket
@@ -818,6 +819,60 @@ def is_running_from_reloader() -> bool:
     return os.environ.get("WERKZEUG_RUN_MAIN") == "true"
 
 
+def prepare_socket(hostname: str, port: int) -> socket.socket:
+    """Prepare a socket for use by the WSGI server and reloader.
+
+    The socket is marked inheritable so that it can be kept across
+    reloads instead of breaking connections.
+
+    Catch errors during bind and show simpler error messages. For
+    "address already in use", show instructions for resolving the issue,
+    with special instructions for macOS.
+
+    This is called from :func:`run_simple`, but can be used separately
+    to control server creation with :func:`make_server`.
+    """
+    address_family = select_address_family(hostname, port)
+    server_address = get_sockaddr(hostname, port, address_family)
+    s = socket.socket(address_family, socket.SOCK_STREAM)
+    s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    s.set_inheritable(True)
+
+    # Remove the socket file if it already exists.
+    if address_family == af_unix:
+        server_address = t.cast(str, server_address)
+
+        if os.path.exists(server_address):
+            os.unlink(server_address)
+
+    # Catch connection issues and show them without the traceback. Show
+    # extra instructions for address not found, and for macOS.
+    try:
+        s.bind(server_address)
+    except OSError as e:
+        print(e.strerror, file=sys.stderr)
+
+        if e.errno == errno.EADDRINUSE:
+            print(
+                f"Port {port} is in use by another program. Either"
+                " identify and stop that program, or start the"
+                " server with a different port.",
+                file=sys.stderr,
+            )
+
+            if sys.platform == "darwin" and port == 5000:
+                print(
+                    "On macOS, try disabling the 'AirPlay Receiver'"
+                    " service from System Preferences -> Sharing.",
+                    file=sys.stderr,
+                )
+
+        sys.exit(1)
+
+    s.listen(LISTEN_QUEUE)
+    return s
+
+
 def log_startup(s, *, hostname, ssl_context):
     """Show information about the address when starting the server."""
     if s.family == af_unix:
@@ -924,6 +979,10 @@ def run_simple(
         tuple to create a typical context, or the string ``'adhoc'`` to
         generate a temporary self-signed certificate.
 
+    .. versionchanged:: 2.1
+        Instructions are shown for dealing with an "address already in
+        use" error.
+
     .. versionchanged:: 2.1
         Running on ``0.0.0.0`` or ``::`` shows the loopback IP in
         addition to a real IP.
@@ -974,52 +1033,35 @@ def run_simple(
 
         application = DebuggedApplication(application, evalex=use_evalex)
 
-    def inner() -> None:
-        try:
-            fd: t.Optional[int] = int(os.environ["WERKZEUG_SERVER_FD"])
-        except (LookupError, ValueError):
-            fd = None
-        srv = make_server(
-            hostname,
-            port,
-            application,
-            threaded,
-            processes,
-            request_handler,
-            passthrough_errors,
-            ssl_context,
-            fd=fd,
-        )
-        if fd is None:
-            log_startup(srv.socket, hostname=hostname, ssl_context=ssl_context)
-        srv.serve_forever()
+    if not is_running_from_reloader():
+        s = prepare_socket(hostname, port)
+        log_startup(s, hostname=hostname, ssl_context=ssl_context)
+        fd = s.fileno()
+        os.environ["WERKZEUG_SERVER_FD"] = str(fd)
+    else:
+        fd = int(os.environ["WERKZEUG_SERVER_FD"])
+
+    srv = make_server(
+        hostname,
+        port,
+        application,
+        threaded,
+        processes,
+        request_handler,
+        passthrough_errors,
+        ssl_context,
+        fd=fd,
+    )
 
     if use_reloader:
-        # If we're not running already in the subprocess that is the
-        # reloader we want to open up a socket early to make sure the
-        # port is actually available.
-        if not is_running_from_reloader():
-            # Create and destroy a socket so that any exceptions are
-            # raised before we spawn a separate Python interpreter and
-            # lose this ability.
-            address_family = select_address_family(hostname, port)
-            server_address = get_sockaddr(hostname, port, address_family)
-            s = socket.socket(address_family, socket.SOCK_STREAM)
-            s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-            s.bind(server_address)
-            s.set_inheritable(True)
-            os.environ["WERKZEUG_SERVER_FD"] = str(s.fileno())
-            s.listen(LISTEN_QUEUE)
-            log_startup(s, hostname=hostname, ssl_context=ssl_context)
-
-        from ._reloader import run_with_reloader as _rwr
-
-        _rwr(
-            inner,
+        from ._reloader import run_with_reloader
+
+        run_with_reloader(
+            srv.serve_forever,
             extra_files=extra_files,
             exclude_patterns=exclude_patterns,
             interval=reloader_interval,
             reloader_type=reloader_type,
         )
     else:
-        inner()
+        srv.serve_forever()

From f09657791612c7b9a2839c55b98d7b024b425874 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 24 Jan 2022 13:39:12 -0800
Subject: [PATCH 585/733] make log_startup a server method

---
 src/werkzeug/serving.py | 83 ++++++++++++++++++++---------------------
 1 file changed, 41 insertions(+), 42 deletions(-)

diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 07e798add..0e5b3e54a 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -654,6 +654,8 @@ def __init__(
         if handler is None:
             handler = WSGIRequestHandler
 
+        self.host = host
+        self.port = port
         self.app = app
         self.passthrough_errors = passthrough_errors
 
@@ -689,17 +691,14 @@ def __init__(
             self.socket = socket.fromfd(fd, address_family, socket.SOCK_STREAM)
             self.server_address = self.socket.getsockname()
 
-        if address_family == af_unix:
-            self.host = self.server_address
-            self.port = 0
-        else:
-            self.host = self.server_address[0]
+        if address_family != af_unix:
+            # If port was 0, this will record the bound port.
             self.port = self.server_address[1]
 
         if ssl_context is not None:
             if isinstance(ssl_context, tuple):
                 ssl_context = load_ssl_context(*ssl_context)
-            if ssl_context == "adhoc":
+            elif ssl_context == "adhoc":
                 ssl_context = generate_adhoc_ssl_context()
 
             self.socket = ssl_context.wrap_socket(self.socket, server_side=True)
@@ -726,6 +725,39 @@ def handle_error(
 
         return super().handle_error(request, client_address)
 
+    def log_startup(self) -> None:
+        """Show information about the address when starting the server."""
+        if self.address_family == af_unix:
+            _log("info", f" * Running on {self.host} (Press CTRL+C to quit)")
+        else:
+            scheme = "http" if self.ssl_context is None else "https"
+            messages = []
+            all_addresses_message = (
+                f" * Running on all addresses ({self.host})\n"
+                "   WARNING: This is a development server. Do not use it in"
+                " a production deployment."
+            )
+
+            if self.host == "0.0.0.0":
+                messages.append(all_addresses_message)
+                messages.append(f" * Running on {scheme}://127.0.0.1:{self.port}")
+                display_hostname = get_interface_ip(socket.AF_INET)
+            elif self.host == "::":
+                messages.append(all_addresses_message)
+                messages.append(f" * Running on {scheme}://[::1]:{self.port}")
+                display_hostname = get_interface_ip(socket.AF_INET6)
+            else:
+                display_hostname = self.host
+
+            if ":" in display_hostname:
+                display_hostname = f"[{display_hostname}]"
+
+            messages.append(
+                f" * Running on {scheme}://{display_hostname}:{self.port}"
+                " (Press CTRL+C to quit)"
+            )
+            _log("info", "\n".join(messages))
+
 
 class ThreadedWSGIServer(socketserver.ThreadingMixIn, BaseWSGIServer):
     """A WSGI server that handles concurrent requests in separate
@@ -873,41 +905,6 @@ def prepare_socket(hostname: str, port: int) -> socket.socket:
     return s
 
 
-def log_startup(s, *, hostname, ssl_context):
-    """Show information about the address when starting the server."""
-    if s.family == af_unix:
-        _log("info", f" * Running on {hostname} (Press CTRL+C to quit)")
-    else:
-        scheme = "http" if ssl_context is None else "https"
-        port = s.getsockname()[1]
-        messages = []
-        all_addresses_message = (
-            f" * Running on all addresses ({hostname})\n"
-            "   WARNING: This is a development server. Do not use it in"
-            " a production deployment."
-        )
-
-        if hostname == "0.0.0.0":
-            messages.append(all_addresses_message)
-            messages.append(f" * Running on {scheme}://127.0.0.1:{port}")
-            display_hostname = get_interface_ip(socket.AF_INET)
-        elif hostname == "::":
-            messages.append(all_addresses_message)
-            messages.append(f" * Running on {scheme}://[::1]:{port}")
-            display_hostname = get_interface_ip(socket.AF_INET6)
-        else:
-            display_hostname = hostname
-
-        if ":" in display_hostname:
-            display_hostname = f"[{display_hostname}]"
-
-        messages.append(
-            f" * Running on {scheme}://{display_hostname}:{port}"
-            " (Press CTRL+C to quit)"
-        )
-        _log("info", "\n".join(messages))
-
-
 def run_simple(
     hostname: str,
     port: int,
@@ -1035,7 +1032,6 @@ def run_simple(
 
     if not is_running_from_reloader():
         s = prepare_socket(hostname, port)
-        log_startup(s, hostname=hostname, ssl_context=ssl_context)
         fd = s.fileno()
         os.environ["WERKZEUG_SERVER_FD"] = str(fd)
     else:
@@ -1053,6 +1049,9 @@ def run_simple(
         fd=fd,
     )
 
+    if not is_running_from_reloader():
+        srv.log_startup()
+
     if use_reloader:
         from ._reloader import run_with_reloader
 

From 8171810cc00c8cf824823fe4cf1cd43ba21217b0 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 25 Jan 2022 08:21:25 -0800
Subject: [PATCH 586/733] dev server tests can run in parallel tox envs

---
 requirements/dev.txt   |  2 ++
 requirements/tests.in  |  1 +
 requirements/tests.txt |  2 ++
 tests/conftest.py      | 21 ++-------------------
 4 files changed, 7 insertions(+), 19 deletions(-)

diff --git a/requirements/dev.txt b/requirements/dev.txt
index 8806cdd8a..46cf8e95c 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -26,6 +26,8 @@ distlib==0.3.4
     # via virtualenv
 docutils==0.17.1
     # via sphinx
+ephemeral-port-reserve==1.1.4
+    # via -r requirements/tests.in
 filelock==3.4.2
     # via
     #   tox
diff --git a/requirements/tests.in b/requirements/tests.in
index 67ed327ae..3ced491be 100644
--- a/requirements/tests.in
+++ b/requirements/tests.in
@@ -4,3 +4,4 @@ pytest-xprocess
 cryptography
 greenlet ; python_version < "3.11"
 watchdog
+ephemeral-port-reserve
diff --git a/requirements/tests.txt b/requirements/tests.txt
index 0c620ccd2..7ee4c4eca 100644
--- a/requirements/tests.txt
+++ b/requirements/tests.txt
@@ -10,6 +10,8 @@ cffi==1.15.0
     # via cryptography
 cryptography==36.0.1
     # via -r requirements/tests.in
+ephemeral-port-reserve==1.1.4
+    # via -r requirements/tests.in
 greenlet==1.1.2 ; python_version < "3.11"
     # via -r requirements/tests.in
 iniconfig==1.1.1
diff --git a/tests/conftest.py b/tests/conftest.py
index 4ad1ff23e..7ce089669 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -4,9 +4,9 @@
 import socket
 import ssl
 import sys
-from itertools import count
 from pathlib import Path
 
+import ephemeral_port_reserve
 import pytest
 from xprocess import ProcessStarter
 
@@ -15,23 +15,6 @@
 run_path = str(Path(__file__).parent / "live_apps" / "run.py")
 
 
-def get_free_port():
-    gen_port = count(49152)
-    s = socket.socket()
-    s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-
-    while True:
-        port = next(gen_port)
-
-        try:
-            s.bind(("127.0.0.1", port))
-        except OSError:
-            continue
-
-        s.close()
-        return port
-
-
 class UnixSocketHTTPConnection(http.client.HTTPConnection):
     def connect(self):
         self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
@@ -46,7 +29,7 @@ def __init__(self, kwargs):
             port = kwargs.get("port")
 
             if port is None:
-                kwargs["port"] = port = get_free_port()
+                kwargs["port"] = port = ephemeral_port_reserve.reserve(host)
 
             scheme = "https" if "ssl_context" in kwargs else "http"
             self.addr = f"{host}:{port}"

From b611af2f5bf5f447d1d535b45f7c19309b0dc48d Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Tue, 25 Jan 2022 12:13:02 -0800
Subject: [PATCH 587/733] changelog for address already in use instructions

---
 CHANGES.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index fa3741f2f..88bee32ea 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -61,6 +61,8 @@ Unreleased
     ``MultiDict`` does collapse single items. This undoes a previous
     change that made it difficult to pass a list, or ``None`` values in
     a list, to custom URL converters. :issue:`2249`
+-   ``run_simple`` shows instructions for dealing with "address already
+    in use" errors, including extra instructions for macOS. :pr:`2321`
 
 
 Version 2.0.3

From 087372ec340f955ac55d0a0084f2fb1f990881ac Mon Sep 17 00:00:00 2001
From: Yourun-Proger 
Date: Sat, 22 Jan 2022 20:38:06 +0300
Subject: [PATCH 588/733] tell pytest to skip collecting TestResponse

---
 src/werkzeug/test.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/werkzeug/test.py b/src/werkzeug/test.py
index b43ca0762..448dbbd1d 100644
--- a/src/werkzeug/test.py
+++ b/src/werkzeug/test.py
@@ -1287,6 +1287,9 @@ class TestResponse(Response):
     is made with ``follow_redirects`` enabled.
     """
 
+    # Tell Pytest to ignore this, it's not a test class.
+    __test__ = False
+
     def __init__(
         self,
         response: t.Iterable[bytes],

From babfc93b3834bcbb22163442a9af70141bcc5a81 Mon Sep 17 00:00:00 2001
From: Vladimir Kuzmin 
Date: Mon, 24 Jan 2022 16:58:16 -0600
Subject: [PATCH 589/733] Extend default set of always safe characters in
 url_quote

---
 CHANGES.rst                         | 2 ++
 src/werkzeug/urls.py                | 1 +
 tests/middleware/test_http_proxy.py | 4 ++++
 3 files changed, 7 insertions(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index 88bee32ea..661c3d38a 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -63,6 +63,8 @@ Unreleased
     a list, to custom URL converters. :issue:`2249`
 -   ``run_simple`` shows instructions for dealing with "address already
     in use" errors, including extra instructions for macOS. :pr:`2321`
+-   Extend list of characters considered always safe in URLs based on
+    :rfc:`3986`. :issue:`2319`
 
 
 Version 2.0.3
diff --git a/src/werkzeug/urls.py b/src/werkzeug/urls.py
index 1cb9418d2..67c08b0bc 100644
--- a/src/werkzeug/urls.py
+++ b/src/werkzeug/urls.py
@@ -27,6 +27,7 @@
         b"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
         b"0123456789"
         b"-._~"
+        b"$!'()*+,;"  # RFC3986 sub-delims set, not including query string delimiters &=
     )
 )
 
diff --git a/tests/middleware/test_http_proxy.py b/tests/middleware/test_http_proxy.py
index b39cd3517..2b3bc55bf 100644
--- a/tests/middleware/test_http_proxy.py
+++ b/tests/middleware/test_http_proxy.py
@@ -45,3 +45,7 @@ def test_http_proxy(standard_app):
     assert "HTTP_X_SPECIAL" not in r.json
     assert r.json["HTTP_HOST"] == "127.0.0.1"
     assert r.json["PATH_INFO"] == "/autohost/aha"
+
+    # test if characters allowed in URL are not encoded by proxy
+    r = client.get("/autohost/$")
+    assert r.json["REQUEST_URI"] == "/autohost/$"

From 9d2bcd9222d528a8c572cdbac576fd0ad44aa298 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Wed, 26 Jan 2022 13:04:19 -0800
Subject: [PATCH 590/733] optimize stat reloader

---
 CHANGES.rst                     |  3 ++
 src/werkzeug/_reloader.py       | 60 ++++++++++++++++++++++-----------
 tests/live_apps/reloader_app.py |  4 +--
 3 files changed, 46 insertions(+), 21 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 661c3d38a..df86fa134 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -65,6 +65,9 @@ Unreleased
     in use" errors, including extra instructions for macOS. :pr:`2321`
 -   Extend list of characters considered always safe in URLs based on
     :rfc:`3986`. :issue:`2319`
+-   Optimize the stat reloader to avoid watching unnecessary files in
+    more cases. The watchdog reloader is still recommended for
+    performance and accuracy. :issue:`2141`
 
 
 Version 2.0.3
diff --git a/src/werkzeug/_reloader.py b/src/werkzeug/_reloader.py
index ab34533d9..3c9e8c446 100644
--- a/src/werkzeug/_reloader.py
+++ b/src/werkzeug/_reloader.py
@@ -11,16 +11,28 @@
 from ._internal import _log
 
 # The various system prefixes where imports are found. Base values are
-# different when running in a virtualenv. The stat reloader won't scan
-# these directories, it would be too inefficient.
-prefix = {sys.prefix, sys.base_prefix, sys.exec_prefix, sys.base_exec_prefix}
+# different when running in a virtualenv. All reloaders will ignore the
+# base paths (usually the system installation). The stat reloader won't
+# scan the virtualenv paths, it will only include modules that are
+# already imported.
+_ignore_always = tuple({sys.base_prefix, sys.base_exec_prefix})
+prefix = {*_ignore_always, sys.prefix, sys.exec_prefix}
 
 if hasattr(sys, "real_prefix"):
     # virtualenv < 20
-    prefix.add(sys.real_prefix)  # type: ignore
+    prefix.add(sys.real_prefix)  # type: ignore[attr-defined]
 
-_ignore_prefixes = tuple(prefix)
+_stat_ignore_scan = tuple(prefix)
 del prefix
+_ignore_common_dirs = {
+    "__pycache__",
+    ".git",
+    ".hg",
+    ".tox",
+    ".nox",
+    ".pytest_cache",
+    ".mypy_cache",
+}
 
 
 def _iter_module_paths() -> t.Iterator[str]:
@@ -29,7 +41,7 @@ def _iter_module_paths() -> t.Iterator[str]:
     for module in list(sys.modules.values()):
         name = getattr(module, "__file__", None)
 
-        if name is None:
+        if name is None or name.startswith(_ignore_always):
             continue
 
         while not os.path.isfile(name):
@@ -67,24 +79,36 @@ def _find_stat_paths(
         if os.path.isfile(path):
             # zip file on sys.path, or extra file
             paths.add(path)
+            continue
+
+        parent_has_py = {os.path.dirname(path): True}
 
         for root, dirs, files in os.walk(path):
-            # Ignore system prefixes for efficience. Don't scan
-            # __pycache__, it will have a py or pyc module at the import
-            # path. As an optimization, ignore .git and .hg since
-            # nothing interesting will be there.
-            if root.startswith(_ignore_prefixes) or os.path.basename(root) in {
-                "__pycache__",
-                ".git",
-                ".hg",
-            }:
+            # Optimizations: ignore system prefixes, __pycache__ will
+            # have a py or pyc module at the import path, ignore some
+            # common known dirs such as version control and tool caches.
+            if (
+                root.startswith(_stat_ignore_scan)
+                or os.path.basename(root) in _ignore_common_dirs
+            ):
                 dirs.clear()
                 continue
 
+            has_py = False
+
             for name in files:
                 if name.endswith((".py", ".pyc")):
+                    has_py = True
                     paths.add(os.path.join(root, name))
 
+            # Optimization: stop scanning a directory if neither it nor
+            # its parent contained Python files.
+            if not (has_py or parent_has_py[os.path.dirname(root)]):
+                dirs.clear()
+                continue
+
+            parent_has_py[root] = has_py
+
     paths.update(_iter_module_paths())
     _remove_by_pattern(paths, exclude_patterns)
     return paths
@@ -267,7 +291,7 @@ def __enter__(self) -> ReloaderLoop:
         return super().__enter__()
 
     def run_step(self) -> None:
-        for name in chain(_find_stat_paths(self.extra_files, self.exclude_patterns)):
+        for name in _find_stat_paths(self.extra_files, self.exclude_patterns):
             try:
                 mtime = os.stat(name).st_mtime
             except OSError:
@@ -311,9 +335,7 @@ def on_any_event(self, event):  # type: ignore
         self.event_handler = EventHandler(
             patterns=["*.py", "*.pyc", "*.zip", *extra_patterns],
             ignore_patterns=[
-                "*/__pycache__/*",
-                "*/.git/*",
-                "*/.hg/*",
+                *[f"*/{d}/*" for d in _ignore_common_dirs],
                 *self.exclude_patterns,
             ],
         )
diff --git a/tests/live_apps/reloader_app.py b/tests/live_apps/reloader_app.py
index 596977b18..4e98ca624 100644
--- a/tests/live_apps/reloader_app.py
+++ b/tests/live_apps/reloader_app.py
@@ -8,8 +8,8 @@
 # Tox puts the tmp dir in the venv sys.prefix, patch the reloader so
 # it doesn't skip real_app.
 if "TOX_ENV_DIR" in os.environ:
-    _reloader._ignore_prefixes = tuple(
-        set(_reloader._ignore_prefixes) - {sys.prefix, sys.exec_prefix}
+    _reloader._stat_ignore_scan = tuple(
+        set(_reloader._stat_ignore_scan) - {sys.prefix, sys.exec_prefix}
     )
 
 

From 50509cf11d7cde917d1bec12eb7363d1db919299 Mon Sep 17 00:00:00 2001
From: Ulrik 
Date: Mon, 19 Apr 2021 20:55:34 +0200
Subject: [PATCH 591/733] use chunked encodding for streaming responses with
 HTTP/1.1

For HTTP/1.0, the only way to stream content is to rely on
the closing of connection to convey end of response. This can typically
lead to silently truncated content in HTTP client implementations.

For HTTP/1.1, the better way is to use `Transfer-Encoding: chunked` which
has a builtin mechanism to always terminate response with a 0-sized chunk,
marking end of stream.
---
 CHANGES.rst                      |  3 +++
 src/werkzeug/serving.py          | 33 +++++++++++++++++++++++++------
 tests/live_apps/run.py           |  9 +++++++++
 tests/live_apps/streaming_app.py | 14 +++++++++++++
 tests/test_serving.py            | 34 +++++++++++++++++++++++++++++++-
 5 files changed, 86 insertions(+), 7 deletions(-)
 create mode 100644 tests/live_apps/streaming_app.py

diff --git a/CHANGES.rst b/CHANGES.rst
index df86fa134..ba538645f 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -68,6 +68,9 @@ Unreleased
 -   Optimize the stat reloader to avoid watching unnecessary files in
     more cases. The watchdog reloader is still recommended for
     performance and accuracy. :issue:`2141`
+-   The development server uses ``Transfer-Encoding: chunked`` for
+    streaming responses when it is configured for HTTP/1.1.
+    :issue:`2090, 1327`, :pr:`2091`
 
 
 Version 2.0.3
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index 0e5b3e54a..c3c065c56 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -245,9 +245,10 @@ def run_wsgi(self) -> None:
         headers_set: t.Optional[t.List[t.Tuple[str, str]]] = None
         status_sent: t.Optional[str] = None
         headers_sent: t.Optional[t.List[t.Tuple[str, str]]] = None
+        chunk_response: bool = False
 
         def write(data: bytes) -> None:
-            nonlocal status_sent, headers_sent
+            nonlocal status_sent, headers_sent, chunk_response
             assert status_set is not None, "write() before start_response"
             assert headers_set is not None, "write() before start_response"
             if status_sent is None:
@@ -262,16 +263,19 @@ def write(data: bytes) -> None:
                 header_keys = set()
                 for key, value in headers_sent:
                     self.send_header(key, value)
-                    key = key.lower()
-                    header_keys.add(key)
+                    header_keys.add(key.lower())
                 if not (
                     "content-length" in header_keys
                     or environ["REQUEST_METHOD"] == "HEAD"
                     or code < 200
                     or code in (204, 304)
                 ):
-                    self.close_connection = True
-                    self.send_header("Connection", "close")
+                    if self.protocol_version >= "HTTP/1.1":
+                        chunk_response = True
+                        self.send_header("Transfer-Encoding", "chunked")
+                    else:
+                        self.close_connection = True
+                        self.send_header("Connection", "close")
                 if "server" not in header_keys:
                     self.send_header("Server", self.version_string())
                 if "date" not in header_keys:
@@ -279,7 +283,17 @@ def write(data: bytes) -> None:
                 self.end_headers()
 
             assert isinstance(data, bytes), "applications must write bytes"
-            self.wfile.write(data)
+
+            if data:
+                if chunk_response:
+                    self.wfile.write(hex(len(data))[2:].encode())
+                    self.wfile.write(b"\r\n")
+
+                self.wfile.write(data)
+
+                if chunk_response:
+                    self.wfile.write(b"\r\n")
+
             self.wfile.flush()
 
         def start_response(status, headers, exc_info=None):  # type: ignore
@@ -298,11 +312,14 @@ def start_response(status, headers, exc_info=None):  # type: ignore
 
         def execute(app: "WSGIApplication") -> None:
             application_iter = app(environ, start_response)
+            nonlocal chunk_response
             try:
                 for data in application_iter:
                     write(data)
                 if not headers_sent:
                     write(b"")
+                if chunk_response:
+                    self.wfile.write(b"0\r\n\r\n")
             finally:
                 if hasattr(application_iter, "close"):
                     application_iter.close()  # type: ignore
@@ -314,6 +331,10 @@ def execute(app: "WSGIApplication") -> None:
         except Exception:
             if self.server.passthrough_errors:
                 raise
+
+            if status_sent is not None and chunk_response:
+                self.close_connection = True
+
             from .debug.tbtools import get_current_traceback
 
             traceback = get_current_traceback(ignore_system_exceptions=True)
diff --git a/tests/live_apps/run.py b/tests/live_apps/run.py
index aacdcb664..5f8ff1711 100644
--- a/tests/live_apps/run.py
+++ b/tests/live_apps/run.py
@@ -4,9 +4,15 @@
 
 from werkzeug.serving import generate_adhoc_ssl_context
 from werkzeug.serving import run_simple
+from werkzeug.serving import WSGIRequestHandler
 from werkzeug.wrappers import Request
 from werkzeug.wrappers import Response
 
+
+class WSGI11RequestHandler(WSGIRequestHandler):
+    protocol_version = "HTTP/1.1"
+
+
 name = sys.argv[1]
 mod = import_module(f"{name}_app")
 
@@ -24,6 +30,9 @@ def app(request):
 kwargs.update(json.loads(sys.argv[2]))
 ssl_context = kwargs.get("ssl_context")
 
+if kwargs.get("request_handler") == "HTTP/1.1":
+    kwargs["request_handler"] = WSGI11RequestHandler
+
 if ssl_context == "custom":
     kwargs["ssl_context"] = generate_adhoc_ssl_context()
 elif isinstance(ssl_context, list):
diff --git a/tests/live_apps/streaming_app.py b/tests/live_apps/streaming_app.py
new file mode 100644
index 000000000..c8aad46eb
--- /dev/null
+++ b/tests/live_apps/streaming_app.py
@@ -0,0 +1,14 @@
+from werkzeug.wrappers import Request
+from werkzeug.wrappers import Response
+
+
+@Request.application
+def app(request):
+    def gen():
+        for x in range(5):
+            yield f"{x}\n"
+
+        if request.path == "/crash":
+            raise Exception("crash requested")
+
+    return Response(gen())
diff --git a/tests/test_serving.py b/tests/test_serving.py
index 8d6ed9b23..2b46c8a02 100644
--- a/tests/test_serving.py
+++ b/tests/test_serving.py
@@ -159,7 +159,7 @@ def test_port_is_int():
 
 @pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning")
 @pytest.mark.parametrize("send_length", [False, True])
-def test_chunked_encoding(monkeypatch, dev_server, send_length):
+def test_chunked_request(monkeypatch, dev_server, send_length):
     stream, length, boundary = stream_encode_multipart(
         {
             "value": "this is text",
@@ -239,3 +239,35 @@ def test_multiline_header_folding(standard_app):
     data = json.load(r)
     r.close()
     assert data["HTTP_XYZ"] == "first\tsecond\tthird"
+
+
+@pytest.mark.parametrize("endpoint", ["", "crash"])
+def test_streaming_close_response(dev_server, endpoint):
+    """When using HTTP/1.0, chunked encoding is not supported. Fall
+    back to Connection: close, but this allows no reliable way to
+    distinguish between complete and truncated responses.
+    """
+    r = dev_server("streaming").request("/" + endpoint)
+    assert r.getheader("connection") == "close"
+    assert r.data == "".join(str(x) + "\n" for x in range(5)).encode()
+
+
+def test_streaming_chunked_response(dev_server):
+    """When using HTTP/1.1, use Transfer-Encoding: chunked for streamed
+    responses, since it can distinguish the end of the response without
+    closing the connection.
+
+    https://tools.ietf.org/html/rfc2616#section-3.6.1
+    """
+    r = dev_server("streaming", request_handler="HTTP/1.1").request("/")
+    assert r.getheader("transfer-encoding") == "chunked"
+    assert r.data == "".join(str(x) + "\n" for x in range(5)).encode()
+
+
+@pytest.mark.filterwarnings("ignore::pytest.PytestUnraisableExceptionWarning")
+def test_streaming_chunked_truncation(dev_server):
+    """When using HTTP/1.1, chunked encoding allows the client to detect
+    content truncated by a prematurely closed connection.
+    """
+    with pytest.raises(http.client.IncompleteRead):
+        dev_server("streaming", request_handler="HTTP/1.1").request("/crash")

From a0e51e367e8ee25a34c71f65ff6d3ba477a08e22 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 28 Jan 2022 15:32:40 -0800
Subject: [PATCH 592/733] update debugger responses

use send_file and etags to serve cacheable resources
initital page sets content-length so the response isn't streamed
---
 src/werkzeug/debug/__init__.py | 45 +++++++++++++++++-----------------
 1 file changed, 23 insertions(+), 22 deletions(-)

diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py
index 1d471c411..13a05226f 100644
--- a/src/werkzeug/debug/__init__.py
+++ b/src/werkzeug/debug/__init__.py
@@ -1,7 +1,6 @@
 import getpass
 import hashlib
 import json
-import mimetypes
 import os
 import pkgutil
 import re
@@ -9,13 +8,17 @@
 import time
 import typing as t
 import uuid
+from io import BytesIO
 from itertools import chain
 from os.path import basename
 from os.path import join
+from zlib import adler32
 
 from .._internal import _log
+from ..exceptions import NotFound
 from ..http import parse_cookie
 from ..security import gen_salt
+from ..utils import send_file
 from ..wrappers.request import Request
 from ..wrappers.response import Response
 from .console import Console
@@ -322,16 +325,14 @@ def debug_application(
                 self.frames[frame.id] = frame
             self.tracebacks[traceback.id] = traceback
 
+            is_trusted = bool(self.check_pin_trust(environ))
+            html = traceback.render_full(
+                evalex=self.evalex, evalex_trusted=is_trusted, secret=self.secret
+            ).encode("utf-8", "replace")
+            response = Response(html, status=500, content_type="text/html")
+
             try:
-                start_response(
-                    "500 INTERNAL SERVER ERROR",
-                    [
-                        ("Content-Type", "text/html; charset=utf-8"),
-                        # Disable Chrome's XSS protection, the debug
-                        # output can cause false-positives.
-                        ("X-XSS-Protection", "0"),
-                    ],
-                )
+                yield from response(environ, start_response)
             except Exception:
                 # if we end up here there has been output but an error
                 # occurred.  in that situation we can do nothing fancy any
@@ -342,11 +343,6 @@ def debug_application(
                     "response at a point where response headers were already "
                     "sent.\n"
                 )
-            else:
-                is_trusted = bool(self.check_pin_trust(environ))
-                yield traceback.render_full(
-                    evalex=self.evalex, evalex_trusted=is_trusted, secret=self.secret
-                ).encode("utf-8", "replace")
 
             traceback.log(environ["wsgi.errors"])
 
@@ -373,15 +369,20 @@ def display_console(self, request: Request) -> Response:
 
     def get_resource(self, request: Request, filename: str) -> Response:
         """Return a static resource from the shared folder."""
-        filename = join("shared", basename(filename))
+        path = join("shared", basename(filename))
+
         try:
-            data = pkgutil.get_data(__package__, filename)
+            data = pkgutil.get_data(__package__, path)
         except OSError:
-            data = None
-        if data is not None:
-            mimetype = mimetypes.guess_type(filename)[0] or "application/octet-stream"
-            return Response(data, mimetype=mimetype)
-        return Response("Not Found", status=404)
+            return NotFound()  # type: ignore[return-value]
+        else:
+            if data is None:
+                return NotFound()  # type: ignore[return-value]
+
+            etag = str(adler32(data) & 0xFFFFFFFF)
+            return send_file(
+                BytesIO(data), request.environ, download_name=filename, etag=etag
+            )
 
     def check_pin_trust(self, environ: "WSGIEnvironment") -> t.Optional[bool]:
         """Checks if the request passed the pin test.  This returns `True` if the

From d062807b64a681e49bb4b0771b6539974f743ab7 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 28 Jan 2022 15:49:03 -0800
Subject: [PATCH 593/733] use base server code more

only close connection on http/1.0 if content-length is missing
connection: close header already tells server to close connection
base send_response already sets server and date headers
base handle_one_request handles timeout errors and some other behavior
version_string doesn't need override
---
 src/werkzeug/serving.py | 43 +++++++++++------------------------------
 1 file changed, 11 insertions(+), 32 deletions(-)

diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index c3c065c56..fd2164a04 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -264,22 +264,14 @@ def write(data: bytes) -> None:
                 for key, value in headers_sent:
                     self.send_header(key, value)
                     header_keys.add(key.lower())
-                if not (
-                    "content-length" in header_keys
-                    or environ["REQUEST_METHOD"] == "HEAD"
-                    or code < 200
-                    or code in (204, 304)
-                ):
+
+                if "content-length" not in header_keys:
                     if self.protocol_version >= "HTTP/1.1":
                         chunk_response = True
                         self.send_header("Transfer-Encoding", "chunked")
                     else:
-                        self.close_connection = True
                         self.send_header("Connection", "close")
-                if "server" not in header_keys:
-                    self.send_header("Server", self.version_string())
-                if "date" not in header_keys:
-                    self.send_header("Date", self.date_time_string())
+
                 self.end_headers()
 
             assert isinstance(data, bytes), "applications must write bytes"
@@ -312,7 +304,6 @@ def start_response(status, headers, exc_info=None):  # type: ignore
 
         def execute(app: "WSGIApplication") -> None:
             application_iter = app(environ, start_response)
-            nonlocal chunk_response
             try:
                 for data in application_iter:
                     write(data)
@@ -352,7 +343,7 @@ def execute(app: "WSGIApplication") -> None:
     def handle(self) -> None:
         """Handles a request ignoring dropped connections."""
         try:
-            BaseHTTPRequestHandler.handle(self)
+            super().handle()
         except (ConnectionError, socket.timeout) as e:
             self.connection_dropped(e)
         except Exception as e:
@@ -368,25 +359,13 @@ def connection_dropped(
         nothing happens.
         """
 
-    def handle_one_request(self) -> None:
-        """Handle a single HTTP request."""
-        self.raw_requestline = self.rfile.readline()
-        if not self.raw_requestline:
-            self.close_connection = True
-        elif self.parse_request():
-            self.run_wsgi()
-
-    def send_response(self, code: int, message: t.Optional[str] = None) -> None:
-        """Send the response header and log the response code."""
-        self.log_request(code)
-        if message is None:
-            message = self.responses[code][0] if code in self.responses else ""
-        if self.request_version != "HTTP/0.9":
-            hdr = f"{self.protocol_version} {code} {message}\r\n"
-            self.wfile.write(hdr.encode("ascii"))
-
-    def version_string(self) -> str:
-        return super().version_string().strip()
+    def __getattr__(self, name: str) -> t.Any:
+        # All HTTP methods are handled by run_wsgi.
+        if name.startswith("do_"):
+            return self.run_wsgi
+
+        # All other attributes are forwarded to the base class.
+        return getattr(super(), name)
 
     def address_string(self) -> str:
         if getattr(self, "environ", None):

From 4795b9a7ce49fc48c250cb89400c380731cba8b3 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Fri, 28 Jan 2022 15:52:15 -0800
Subject: [PATCH 594/733] enable HTTP/1.1 when server has multiple workers

HTTP/1.1 with the base single worker server seems to be unreliable,
sometimes simultaneous requests never complete. When the server is
multithread or multiprocess, and the handler doesn't directly set a
protocol version, enable HTTP/1.1. This enables keep-alive
connections and chunked streaming responses.
---
 CHANGES.rst             | 3 +++
 src/werkzeug/serving.py | 8 ++++++++
 tests/live_apps/run.py  | 9 ---------
 tests/test_serving.py   | 4 ++--
 4 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index ba538645f..cb5530528 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -71,6 +71,9 @@ Unreleased
 -   The development server uses ``Transfer-Encoding: chunked`` for
     streaming responses when it is configured for HTTP/1.1.
     :issue:`2090, 1327`, :pr:`2091`
+-   The development server uses HTTP/1.1, which enables keep-alive
+    connections and chunked streaming responses, when ``threaded`` or
+    ``processes`` is enabled. :pr:`2323`
 
 
 Version 2.0.3
diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
index fd2164a04..21d30f9f9 100644
--- a/src/werkzeug/serving.py
+++ b/src/werkzeug/serving.py
@@ -654,6 +654,14 @@ def __init__(
         if handler is None:
             handler = WSGIRequestHandler
 
+        # If the handler doesn't directly set a protocol version and
+        # thread or process workers are used, then allow chunked
+        # responses and keep-alive connections by enabling HTTP/1.1.
+        if "protocol_version" not in vars(handler) and (
+            self.multithread or self.multiprocess
+        ):
+            handler.protocol_version = "HTTP/1.1"
+
         self.host = host
         self.port = port
         self.app = app
diff --git a/tests/live_apps/run.py b/tests/live_apps/run.py
index 5f8ff1711..aacdcb664 100644
--- a/tests/live_apps/run.py
+++ b/tests/live_apps/run.py
@@ -4,15 +4,9 @@
 
 from werkzeug.serving import generate_adhoc_ssl_context
 from werkzeug.serving import run_simple
-from werkzeug.serving import WSGIRequestHandler
 from werkzeug.wrappers import Request
 from werkzeug.wrappers import Response
 
-
-class WSGI11RequestHandler(WSGIRequestHandler):
-    protocol_version = "HTTP/1.1"
-
-
 name = sys.argv[1]
 mod = import_module(f"{name}_app")
 
@@ -30,9 +24,6 @@ def app(request):
 kwargs.update(json.loads(sys.argv[2]))
 ssl_context = kwargs.get("ssl_context")
 
-if kwargs.get("request_handler") == "HTTP/1.1":
-    kwargs["request_handler"] = WSGI11RequestHandler
-
 if ssl_context == "custom":
     kwargs["ssl_context"] = generate_adhoc_ssl_context()
 elif isinstance(ssl_context, list):
diff --git a/tests/test_serving.py b/tests/test_serving.py
index 2b46c8a02..d670c725f 100644
--- a/tests/test_serving.py
+++ b/tests/test_serving.py
@@ -259,7 +259,7 @@ def test_streaming_chunked_response(dev_server):
 
     https://tools.ietf.org/html/rfc2616#section-3.6.1
     """
-    r = dev_server("streaming", request_handler="HTTP/1.1").request("/")
+    r = dev_server("streaming", threaded=True).request("/")
     assert r.getheader("transfer-encoding") == "chunked"
     assert r.data == "".join(str(x) + "\n" for x in range(5)).encode()
 
@@ -270,4 +270,4 @@ def test_streaming_chunked_truncation(dev_server):
     content truncated by a prematurely closed connection.
     """
     with pytest.raises(http.client.IncompleteRead):
-        dev_server("streaming", request_handler="HTTP/1.1").request("/crash")
+        dev_server("streaming", threaded=True).request("/crash")

From 9c87ba9046565339dbdd8a263031ffed18347822 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Sat, 29 Jan 2022 10:30:16 -0800
Subject: [PATCH 595/733] remove flask reloader hack

Flask used to add "-m flask" to sys.argv, but that was fixed and no
version using this version of Werkzeug will need it.
---
 src/werkzeug/_reloader.py | 28 +++++++++++-----------------
 1 file changed, 11 insertions(+), 17 deletions(-)

diff --git a/src/werkzeug/_reloader.py b/src/werkzeug/_reloader.py
index 3c9e8c446..57f3117bd 100644
--- a/src/werkzeug/_reloader.py
+++ b/src/werkzeug/_reloader.py
@@ -199,24 +199,18 @@ def _get_args_for_reloading() -> t.List[str]:
         rv.append(py_script)
     else:
         # Executed a module, like "python -m werkzeug.serving".
-        if sys.argv[0] == "-m":
-            # Flask works around previous behavior by putting
-            # "-m flask" in sys.argv.
-            # TODO remove this once Flask no longer misbehaves
-            args = sys.argv
+        if os.path.isfile(py_script):
+            # Rewritten by Python from "-m script" to "/path/to/script.py".
+            py_module = t.cast(str, __main__.__package__)
+            name = os.path.splitext(os.path.basename(py_script))[0]
+
+            if name != "__main__":
+                py_module += f".{name}"
         else:
-            if os.path.isfile(py_script):
-                # Rewritten by Python from "-m script" to "/path/to/script.py".
-                py_module = t.cast(str, __main__.__package__)
-                name = os.path.splitext(os.path.basename(py_script))[0]
-
-                if name != "__main__":
-                    py_module += f".{name}"
-            else:
-                # Incorrectly rewritten by pydevd debugger from "-m script" to "script".
-                py_module = py_script
-
-            rv.extend(("-m", py_module.lstrip(".")))
+            # Incorrectly rewritten by pydevd debugger from "-m script" to "script".
+            py_module = py_script
+
+        rv.extend(("-m", py_module.lstrip(".")))
 
     rv.extend(args)
     return rv

From 87d5dd167d1fae08365749874bdc07cabb67e53d Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 7 Feb 2022 07:33:31 -0800
Subject: [PATCH 596/733] cached_property for __slots__

---
 CHANGES.rst           |  2 ++
 src/werkzeug/utils.py | 31 ++++++++++++++++++++++++++-----
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index cb5530528..2566e12c3 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -74,6 +74,8 @@ Unreleased
 -   The development server uses HTTP/1.1, which enables keep-alive
     connections and chunked streaming responses, when ``threaded`` or
     ``processes`` is enabled. :pr:`2323`
+-   ``cached_property`` works for classes with ``__slots__`` if a
+    corresponding ``_cache_{name}`` slot is added. :pr:`2332`
 
 
 Version 2.0.3
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py
index c13ab586d..eb8b51724 100644
--- a/src/werkzeug/utils.py
+++ b/src/werkzeug/utils.py
@@ -64,7 +64,12 @@ def value(self):
         e.value = 16  # sets cache
         del e.value  # clears cache
 
-    The class must have a ``__dict__`` for this to work.
+    If the class defines ``__slots__``, it must add ``_cache_{name}`` as
+    a slot. Alternatively, it can add ``__dict__``, but that's usually
+    not desirable.
+
+    .. versionchanged:: 2.1
+        Works with ``__slots__``.
 
     .. versionchanged:: 2.0
         ``del obj.name`` clears the cached value.
@@ -78,25 +83,41 @@ def __init__(
     ) -> None:
         super().__init__(fget, doc=doc)
         self.__name__ = name or fget.__name__
+        self.slot_name = f"_cache_{self.__name__}"
         self.__module__ = fget.__module__
 
     def __set__(self, obj: object, value: _T) -> None:
-        obj.__dict__[self.__name__] = value
+        if hasattr(obj, "__dict__"):
+            obj.__dict__[self.__name__] = value
+        else:
+            setattr(obj, self.slot_name, value)
 
     def __get__(self, obj: object, type: type = None) -> _T:  # type: ignore
         if obj is None:
             return self  # type: ignore
 
-        value: _T = obj.__dict__.get(self.__name__, _missing)
+        obj_dict = getattr(obj, "__dict__", None)
+
+        if obj_dict is not None:
+            value: _T = obj_dict.get(self.__name__, _missing)
+        else:
+            value = getattr(obj, self.slot_name, _missing)  # type: ignore[arg-type]
 
         if value is _missing:
             value = self.fget(obj)  # type: ignore
-            obj.__dict__[self.__name__] = value
+
+            if obj_dict is not None:
+                obj.__dict__[self.__name__] = value
+            else:
+                setattr(obj, self.slot_name, value)
 
         return value
 
     def __delete__(self, obj: object) -> None:
-        del obj.__dict__[self.__name__]
+        if hasattr(obj, "__dict__"):
+            del obj.__dict__[self.__name__]
+        else:
+            setattr(obj, self.slot_name, _missing)
 
 
 class environ_property(_DictAccessorProperty[_TAccessorValue]):

From 70a61859d2ab0d628aeb6189b94d0fce45345373 Mon Sep 17 00:00:00 2001
From: David Lord 
Date: Mon, 7 Feb 2022 07:52:05 -0800
Subject: [PATCH 597/733] debugger uses traceback module

---
 CHANGES.rst                    |   2 +
 src/werkzeug/debug/__init__.py |  43 ++-
 src/werkzeug/debug/console.py  |  14 +-
 src/werkzeug/debug/tbtools.py  | 662 ++++++++++++---------------------
 src/werkzeug/serving.py        |  11 +-
 tests/test_debug.py            |  77 +---
 6 files changed, 285 insertions(+), 524 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 2566e12c3..b5a807d80 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -76,6 +76,8 @@ Unreleased
     ``processes`` is enabled. :pr:`2323`
 -   ``cached_property`` works for classes with ``__slots__`` if a
     corresponding ``_cache_{name}`` slot is added. :pr:`2332`
+-   Refactor the debugger traceback formatter to use Python's built-in
+    ``traceback`` module as much as possible. :issue:`1753`
 
 
 Version 2.0.3
diff --git a/src/werkzeug/debug/__init__.py b/src/werkzeug/debug/__init__.py
index 13a05226f..6c1ec514b 100644
--- a/src/werkzeug/debug/__init__.py
+++ b/src/werkzeug/debug/__init__.py
@@ -22,10 +22,9 @@
 from ..wrappers.request import Request
 from ..wrappers.response import Response
 from .console import Console
-from .tbtools import Frame
-from .tbtools import get_current_traceback
+from .tbtools import DebugFrameSummary
+from .tbtools import DebugTraceback
 from .tbtools import render_console_html
-from .tbtools import Traceback
 
 if t.TYPE_CHECKING:
     from _typeshed.wsgi import StartResponse
@@ -131,6 +130,9 @@ def __init__(self, namespace: t.Dict[str, t.Any]):
         self.console = Console(namespace)
         self.id = 0
 
+    def eval(self, code: str) -> t.Any:
+        return self.console.eval(code)
+
 
 def get_pin_and_cookie_name(
     app: "WSGIApplication",
@@ -263,8 +265,7 @@ def __init__(
             console_init_func = None
         self.app = app
         self.evalex = evalex
-        self.frames: t.Dict[int, t.Union[Frame, _ConsoleFrame]] = {}
-        self.tracebacks: t.Dict[int, Traceback] = {}
+        self.frames: t.Dict[int, t.Union[DebugFrameSummary, _ConsoleFrame]] = {}
         self.request_key = request_key
         self.console_path = console_path
         self.console_init_func = console_init_func
@@ -313,22 +314,21 @@ def debug_application(
             yield from app_iter
             if hasattr(app_iter, "close"):
                 app_iter.close()  # type: ignore
-        except Exception:
+        except Exception as e:
             if hasattr(app_iter, "close"):
                 app_iter.close()  # type: ignore
-            traceback = get_current_traceback(
-                skip=1,
-                show_hidden_frames=self.show_hidden_frames,
-                ignore_system_exceptions=True,
-            )
-            for frame in traceback.frames:
-                self.frames[frame.id] = frame
-            self.tracebacks[traceback.id] = traceback
+
+            tb = DebugTraceback(e, skip=1, hide=not self.show_hidden_frames)
+
+            for frame in tb.all_frames:
+                self.frames[id(frame)] = frame
 
             is_trusted = bool(self.check_pin_trust(environ))
-            html = traceback.render_full(
-                evalex=self.evalex, evalex_trusted=is_trusted, secret=self.secret
-            ).encode("utf-8", "replace")
+            html = tb.render_debugger_html(
+                evalex=self.evalex,
+                secret=self.secret,
+                evalex_trusted=is_trusted,
+            )
             response = Response(html, status=500, content_type="text/html")
 
             try:
@@ -344,13 +344,16 @@ def debug_application(
                     "sent.\n"
                 )
 
-            traceback.log(environ["wsgi.errors"])
+            environ["wsgi.errors"].write("".join(tb.render_traceback_text()))
 
     def execute_command(
-        self, request: Request, command: str, frame: t.Union[Frame, _ConsoleFrame]
+        self,
+        request: Request,
+        command: str,
+        frame: t.Union[DebugFrameSummary, _ConsoleFrame],
     ) -> Response:
         """Execute a command in a console."""
-        return Response(frame.console.eval(command), mimetype="text/html")
+        return Response(frame.eval(command), mimetype="text/html")
 
     def display_console(self, request: Request) -> Response:
         """Display a standalone shell."""
diff --git a/src/werkzeug/debug/console.py b/src/werkzeug/debug/console.py
index f1a7b725e..f4a0e26a7 100644
--- a/src/werkzeug/debug/console.py
+++ b/src/werkzeug/debug/console.py
@@ -176,16 +176,18 @@ def runcode(self, code: CodeType) -> None:
             self.showtraceback()
 
     def showtraceback(self) -> None:
-        from .tbtools import get_current_traceback
+        from .tbtools import DebugTraceback
 
-        tb = get_current_traceback(skip=1)
-        sys.stdout._write(tb.render_summary())  # type: ignore
+        exc = t.cast(BaseException, sys.exc_info()[1])
+        te = DebugTraceback(exc, skip=1)
+        sys.stdout._write(te.render_traceback_html())  # type: ignore
 
     def showsyntaxerror(self, filename: t.Optional[str] = None) -> None:
-        from .tbtools import get_current_traceback
+        from .tbtools import DebugTraceback
 
-        tb = get_current_traceback(skip=4)
-        sys.stdout._write(tb.render_summary())  # type: ignore
+        exc = t.cast(BaseException, sys.exc_info()[1])
+        te = DebugTraceback(exc, skip=4)
+        sys.stdout._write(te.render_traceback_html())  # type: ignore
 
     def write(self, data: str) -> None:
         sys.stdout.write(data)
diff --git a/src/werkzeug/debug/tbtools.py b/src/werkzeug/debug/tbtools.py
index f9ea7b687..17e3b3616 100644
--- a/src/werkzeug/debug/tbtools.py
+++ b/src/werkzeug/debug/tbtools.py
@@ -1,5 +1,5 @@
-import codecs
-import inspect
+import itertools
+import linecache
 import os
 import re
 import sys
@@ -7,21 +7,12 @@
 import traceback
 import typing as t
 from html import escape
-from tokenize import TokenError
-from types import CodeType
-from types import TracebackType
 
-from .._internal import _to_str
 from ..utils import cached_property
 from .console import Console
 
-_coding_re = re.compile(br"coding[:=]\s*([-\w.]+)")
-_line_re = re.compile(br"^(.*?)$", re.MULTILINE)
-_funcdef_re = re.compile(r"^(\s*def\s)|(.*(?
+
 
   
     %(title)s // Werkzeug Debugger
@@ -34,8 +25,7 @@
         href="?__debugger__=yes&cmd=resource&f=console.png">
     
     
-