U MÚd" ã@s„dZddlZddlZddlZddlmZmZmZdZej ej Z dd„Z dd„Z d d „Zd d „Zd d„Zdd„Zdd„Zdd„ZdS)z’ Cross Site Request Forgery Middleware. This module provides a middleware that implements protection against request forgeries from other sites. éN)ÚsessionÚrequestÚaborté cCsd dd„ttƒDƒ¡S)NÚcss|]}t t¡VqdS©N)ÚrandomÚchoiceÚCSRF_ALLOWED_CHARS)Ú.0Úi©r ú./cmf/views/csrf.pyÚ sz'_get_new_csrf_string..)ÚjoinÚrangeÚCSRF_SECRET_LENGTHr r r rÚ_get_new_csrf_stringsrcsPtƒ}t‰t‡fdd„|Dƒ‡fdd„|Dƒƒ}d ‡fdd„|Dƒ¡}||S)Nc3s|]}ˆ |¡VqdSr©Úindex©r Úx©Úcharsr rrsz&_salt_cipher_secret..rc3s&|]\}}ˆ||tˆƒVqdSr)Úlen©r rÚyrr rrs)rr Úzipr)ÚsecretÚsaltÚpairsZcipherr rrÚ_salt_cipher_secrets &r!cs^|dt…}|td…}t‰t‡fdd„|Dƒ‡fdd„|Dƒƒ}d ‡fdd„|Dƒ¡}|S)Nc3s|]}ˆ |¡VqdSrrrrr rr sz'_unsalt_cipher_token..rc3s|]\}}ˆ||VqdSrr rrr rr!s)rr rr)Útokenrr rr rrÚ_unsalt_cipher_tokens   &r#cCs ttƒƒSr)r!rr r r rÚ_get_new_csrf_token%sr$cCs0dtkrtƒ}t|ƒtd<n ttdƒ}t|ƒS©NÚ csrf_token)rrr!r#)Z csrf_secretr r rÚget_csrf_token)s  r'cCstƒtd<dSr%)r$rr r r rÚrotate_csrf_token2sr(cCst t|ƒt|ƒ¡Sr)ÚhmacZcompare_digestr#)Zrequest_csrf_tokenr&r r rÚ_compare_salted_tokens6sþr*cs‡fdd„}|S)NcsZt dd¡}tj dd¡}|s.tƒtddƒ|s.wrapperr )r/r0r r.rÚcsrf_token_required?s r1)Ú__doc__Ústringrr)ZflaskrrrrZ ascii_lettersÚdigitsr rr!r#r$r'r(r*r1r r r rÚs