B ןEf" @sdZddlZddlZddlZddlmZmZmZdZej ej Z ddZ ddZ d d Zd d Zd dZddZddZddZdS)z Cross Site Request Forgery Middleware. This module provides a middleware that implements protection against request forgeries from other sites. N)sessionrequestabort cCsdddttDS)Ncss|]}ttVqdS)N)randomchoiceCSRF_ALLOWED_CHARS).0ir ./cmf/views/csrf.py sz'_get_new_csrf_string..)joinrangeCSRF_SECRET_LENGTHr r r r _get_new_csrf_stringsrcsPt}ttfdd|Dfdd|D}dfdd|D}||S)Nc3s|]}|VqdS)N)index)r x)charsr r rsz&_salt_cipher_secret..rc3s&|]\}}||tVqdS)N)len)r ry)rr r rs)rr zipr)secretsaltpairsZcipherr )rr _salt_cipher_secrets &rcs^|dt}|td}ttfdd|Dfdd|D}dfdd|D}|S)Nc3s|]}|VqdS)N)r)r r)rr r r sz'_unsalt_cipher_token..rc3s|]\}}||VqdS)Nr )r rr)rr r r!s)rr rr)tokenrrrr )rr _unsalt_cipher_tokens   &rcCs ttS)N)rrr r r r _get_new_csrf_token%srcCs0dtkrt}t|td<n ttd}t|S)N csrf_token)rrrr)Z csrf_secretr r r get_csrf_token)s  r!cCsttd<dS)Nr )rrr r r r rotate_csrf_token2sr"cCstt|t|S)N)hmacZcompare_digestr)Zrequest_csrf_tokenr r r r _compare_salted_tokens6sr$csfdd}|S)NcsZtdd}tjdd}|s.ttdd|s.wrapperr )r(r)r )r(r csrf_token_required?s r*)__doc__stringrr#ZflaskrrrrZ ascii_lettersdigitsr rrrrr!r"r$r*r r r r s