U
    MÚd"	  ã                   @   s„   d Z ddlZddlZddlZddlmZmZmZ dZej	ej
 Zdd„ Zdd„ Zd	d
„ Zdd„ Zdd„ Zdd„ Zdd„ Zdd„ ZdS )z’
Cross Site Request Forgery Middleware.

This module provides a middleware that implements protection
against request forgeries from other sites.
é    N)ÚsessionÚrequestÚaborté    c                   C   s   d  dd„ ttƒD ƒ¡S )NÚ c                 s   s   | ]}t  t¡V  qd S ©N)ÚrandomÚchoiceÚCSRF_ALLOWED_CHARS)Ú.0Úi© r   ú./cmf/views/csrf.pyÚ	<genexpr>   s     z'_get_new_csrf_string.<locals>.<genexpr>)ÚjoinÚrangeÚCSRF_SECRET_LENGTHr   r   r   r   Ú_get_new_csrf_string   s    r   c                    sP   t ƒ }t‰ t‡ fdd„| D ƒ‡ fdd„|D ƒƒ}d ‡ fdd„|D ƒ¡}|| S )Nc                 3   s   | ]}ˆ   |¡V  qd S r   ©Úindex©r   Úx©Úcharsr   r   r      s     z&_salt_cipher_secret.<locals>.<genexpr>r   c                 3   s&   | ]\}}ˆ || t ˆ ƒ  V  qd S r   )Úlen©r   r   Úyr   r   r   r      s     )r   r
   Úzipr   )ÚsecretÚsaltÚpairsZcipherr   r   r   Ú_salt_cipher_secret   s
    &r!   c                    s^   | d t … }| t d … } t‰ t‡ fdd„| D ƒ‡ fdd„|D ƒƒ}d ‡ fdd„|D ƒ¡}|S )Nc                 3   s   | ]}ˆ   |¡V  qd S r   r   r   r   r   r   r       s     z'_unsalt_cipher_token.<locals>.<genexpr>r   c                 3   s   | ]\}}ˆ ||  V  qd S r   r   r   r   r   r   r   !   s     )r   r
   r   r   )Útokenr   r    r   r   r   r   Ú_unsalt_cipher_token   s    &r#   c                   C   s
   t tƒ ƒS r   )r!   r   r   r   r   r   Ú_get_new_csrf_token%   s    r$   c                  C   s0   dt krtƒ } t| ƒt d< ntt d ƒ} t| ƒS ©NÚ
csrf_token)r   r   r!   r#   )Zcsrf_secretr   r   r   Úget_csrf_token)   s
    r'   c                   C   s   t ƒ td< d S r%   )r$   r   r   r   r   r   Úrotate_csrf_token2   s    r(   c                 C   s   t  t| ƒt|ƒ¡S r   )ÚhmacZcompare_digestr#   )Zrequest_csrf_tokenr&   r   r   r   Ú_compare_salted_tokens6   s    þr*   c                    s   ‡ fdd„}|S )Nc                     sZ   t  dd ¡}tj dd ¡}|s.tƒ  tddƒ |s<tddƒ t||ƒsPtddƒ ˆ | |ŽS )Nr&   i  zNo csrf token is sessionzNo csrf token in formzcsrf token is not valid)r   Úgetr   Zformr(   r   r*   )ÚargsÚkwargsZsession_tokenZ
form_token©Úfr   r   Úwrapper@   s    



z$csrf_token_required.<locals>.wrapperr   )r/   r0   r   r.   r   Úcsrf_token_required?   s    r1   )Ú__doc__Ústringr   r)   Zflaskr   r   r   r   Zascii_lettersÚdigitsr
   r   r!   r#   r$   r'   r(   r*   r1   r   r   r   r   Ú<module>   s   			