U
    ןEf"	                     @   s   d Z ddlZddlZddlZddlmZmZmZ dZej	ej
 Zdd Zdd Zd	d
 Zdd Zdd Zdd Zdd Zdd ZdS )z
Cross Site Request Forgery Middleware.

This module provides a middleware that implements protection
against request forgeries from other sites.
    N)sessionrequestabort    c                   C   s   d dd ttD S )N c                 s   s   | ]}t tV  qd S N)randomchoiceCSRF_ALLOWED_CHARS).0i r   ./cmf/views/csrf.py	<genexpr>   s     z'_get_new_csrf_string.<locals>.<genexpr>)joinrangeCSRF_SECRET_LENGTHr   r   r   r   _get_new_csrf_string   s    r   c                    sP   t  }t t fdd| D  fdd|D }d fdd|D }|| S )Nc                 3   s   | ]}  |V  qd S r   indexr   xcharsr   r   r      s     z&_salt_cipher_secret.<locals>.<genexpr>r   c                 3   s&   | ]\}} || t    V  qd S r   )lenr   r   yr   r   r   r      s     )r   r
   zipr   )secretsaltpairsZcipherr   r   r   _salt_cipher_secret   s
    &r!   c                    s^   | d t  }| t d  } t t fdd| D  fdd|D }d fdd|D }|S )Nc                 3   s   | ]}  |V  qd S r   r   r   r   r   r   r       s     z'_unsalt_cipher_token.<locals>.<genexpr>r   c                 3   s   | ]\}} ||  V  qd S r   r   r   r   r   r   r   !   s     )r   r
   r   r   )tokenr   r    r   r   r   r   _unsalt_cipher_token   s    &r#   c                   C   s
   t t S r   )r!   r   r   r   r   r   _get_new_csrf_token%   s    r$   c                  C   s0   dt krt } t| t d< ntt d } t| S N
csrf_token)r   r   r!   r#   )Zcsrf_secretr   r   r   get_csrf_token)   s
    r'   c                   C   s   t  td< d S r%   )r$   r   r   r   r   r   rotate_csrf_token2   s    r(   c                 C   s   t t| t|S r   )hmacZcompare_digestr#   )Zrequest_csrf_tokenr&   r   r   r   _compare_salted_tokens6   s    r*   c                    s    fdd}|S )Nc                     sZ   t dd }tjdd }|s.t  tdd |s<tdd t||sPtdd  | |S )Nr&   i  zNo csrf token is sessionzNo csrf token in formzcsrf token is not valid)r   getr   Zformr(   r   r*   )argskwargsZsession_tokenZ
form_tokenfr   r   wrapper@   s    



z$csrf_token_required.<locals>.wrapperr   )r/   r0   r   r.   r   csrf_token_required?   s    r1   )__doc__stringr   r)   Zflaskr   r   r   r   ascii_lettersdigitsr
   r   r!   r#   r$   r'   r(   r*   r1   r   r   r   r   <module>   s   			