Werkzeug 3.0.x support
TheZoc opened this issue · comments
Currently, Werkzeug 3.0.x isn't compatible with flask-openid.
File "venv/lib/python3.11/site-packages/flask_openid.py", line 23, in <module>
from werkzeug.urls import url_quote
ImportError: cannot import name 'url_quote' from 'werkzeug.urls'
it's a pretty simple fix from here: https://werkzeug.palletsprojects.com/en/2.3.x/urls/
replace the single url_quote()
call with urllib.parse.quote()
on flask_openid.py
.
I can submit a PR if you prefer me to do so :)
For anyone affected by this, here is a workaround that can be used while the issue persists.
Before importing flask_openid
, insert the following lines:
import urllib.parse
import werkzeug.urls
werkzeug.urls.url_quote = urllib.parse.quote
EDIT: Note that the signature of urllib.parse.quote
isn't quite the same as that of werkzeug.urls.url_quote
, so this workaround presupposes that werkzeug.urls.url_quote
isn't being used incompatibly elsewhere in your script/application.
@alex-ball I'd recommend against monkey-patching it like that, as it can introduce other unintended issues.
It's easy to modify the library locally instead of propagating that change everywhere else :)
@TheZoc I take your point and will edit the comment accordingly, but I'd recommend against modifying the library locally since then any tests you run against your script/application will only be valid in that one local environment, and will not be reproducible across machines/installations. Indeed, attempting to deploy to any environment where the library hasn't been manually modified will fail with the error you reported.
My suggestion was offered in the light of CVE-2023-46136 affecting Werkzeug <= 3.0.0, which has made all this rather more urgent.
Added PR #71
@alex-ball Thanks for the CVE link, wasn't aware of it