@d" dZddlZddlZddlZddlmZmZmZdZejejzZ dZ dZ dZdZd Zd Zd Zd Zy) z Cross Site Request Forgery Middleware. This module provides a middleware that implements protection against request forgeries from other sites. N)sessionrequestabort cLdjdttDS)Nc3NK|]}tjtywN)randomchoiceCSRF_ALLOWED_CHARS).0is ./cmf/views/csrf.py z'_get_new_csrf_string..sX6==!34Xs#%)joinrangeCSRF_SECRET_LENGTHr_get_new_csrf_stringrs 77XeDV>WX XXrct}ttfd|Dfd|D}djfd|D}||zS)Nc3@K|]}j|ywr indexrxcharss rrz&_salt_cipher_secret..s0AQ0c3@K|]}j|ywr rrs rrz&_salt_cipher_secret..s2Pa5;;q>2Prrc3LK|]\}}||ztzywr )lenrryrs rrz&_salt_cipher_secret..s'CTQUAESZ/0Cs!$)rr zipr)secretsaltpairscipherrs @r_salt_cipher_secretr*sF  !D E 002P42P QE WWCUC CF &=rc|dt}|td}ttfd|Dfd|D}djfd|D}|S)Nc3@K|]}j|ywr rrs rrz'_unsalt_cipher_token.. s/AQ/rc3@K|]}j|ywr rrs rrz'_unsalt_cipher_token.. s1OQ%++a.1Orrc34K|]\}}||z ywr rr#s rrz'_unsalt_cipher_token..!s4daU1q5\4s)rr r%r)tokenr'r(r&rs @r_unsalt_cipher_tokenr0sU $$ %D $% &E E //1O$1O PE WW4e4 4F Mrc(ttSr )r*rrrr_get_new_csrf_tokenr2%s 35 66rcdtvr't}t|td<t|Sttd}t|SN csrf_token)rrr*r0) csrf_secrets rget_csrf_tokenr7)sJ7"*, 3K @  { +++7<+@A { ++rc&ttd<yr4)r2rrrrrotate_csrf_tokenr92s/1GLrcRtjt|t|Sr )hmaccompare_digestr0)request_csrf_tokenr5s r_compare_salted_tokensr>6s(   /0Z( rcfd}|S)Nctjdd}tjjdd}|st t dd|s t ddt ||s t dd|i|S)Nr5izNo csrf token is sessionzNo csrf token in formzcsrf token is not valid)rgetrformr9rr>)argskwargs session_token form_tokenfs rwrapperz$csrf_token_required..wrapper@sp L$7 \\%%lD9    #1 2 #. /%mZ@ #0 1$!&!!rr)rGrHs` rcsrf_token_requiredrI?s " Nr)__doc__stringr r;flaskrrrr ascii_lettersdigitsr rr*r0r2r7r9r>rIrrrrOs_  ))))FMM9Y7,2 r