ןEf" dZddlZddlZddlZddlmZmZmZdZej ej zZ dZ dZ dZdZd Zd Zd Zd ZdS) z Cross Site Request Forgery Middleware. This module provides a middleware that implements protection against request forgeries from other sites. N)sessionrequestabort cdddttDS)Nc3HK|]}tjtVdSN)randomchoiceCSRF_ALLOWED_CHARS).0is ./cmf/views/csrf.py z'_get_new_csrf_string..s-XX6=!344XXXXXX)joinrangeCSRF_SECRET_LENGTHrr_get_new_csrf_stringrs, 77XXeDV>W>WXXX X XXrct}ttfd|Dfd|D}dfd|D}||zS)Nc3BK|]}|VdSr indexrxcharss rrz&_salt_cipher_secret..s-00AQ000000rc3BK|]}|VdSr rrs rrz&_salt_cipher_secret..s-2P2Pa5;;q>>2P2P2P2P2P2Prrc3TK|]"\}}||ztzV#dSr )lenrryrs rrz&_salt_cipher_secret..s;CCTQUAESZZ/0CCCCCCr)rr zipr)secretsaltpairscipherrs @r_salt_cipher_secretr)s|  ! !D E 00000002P2P2P2P42P2P2P Q QE WWCCCCUCCC C CF &=rc|dt}|td}ttfd|Dfd|D}dfd|D}|S)Nc3BK|]}|VdSr rrs rrz'_unsalt_cipher_token.. s-//AQ//////rc3BK|]}|VdSr rrs rrz'_unsalt_cipher_token.. s-1O1OQ%++a..1O1O1O1O1O1Orrc34K|]\}}||z VdSr rr"s rrz'_unsalt_cipher_token..!s/44daU1q5\444444r)rr r$r)tokenr&r'r%rs @r_unsalt_cipher_tokenr/s $$$ %D $%% &E E ///////1O1O1O1O$1O1O1O P PE WW4444e444 4 4F Mrc8ttSr )r)rrrr_get_new_csrf_tokenr1%s 355 6 66rcdtvr&t}t|td<nttd}t|SN csrf_token)rrr)r/) csrf_secrets rget_csrf_tokenr6)sM7""*,, 3K @ @ *7<+@AA { + ++rc2ttd<dSr3)r1rrrrrotate_csrf_tokenr82s/11GLrc`tjt|t|Sr )hmaccompare_digestr/)request_csrf_tokenr4s r_compare_salted_tokensr=6s0  /00Z((  rcfd}|S)Nc"tjdd}tjdd}|st t dd|st ddt ||st dd|i|S)Nr4izNo csrf token is sessionzNo csrf token in formzcsrf token is not valid)rgetrformr8rr=)argskwargs session_token form_tokenfs rwrapperz$csrf_token_required..wrapper@s L$77 \%%lD99  3     #1 2 2 2 0 #. / / /%mZ@@ 2 #0 1 1 1q$!&!!!rr)rFrGs` rcsrf_token_requiredrH?s# " " " " " Nr)__doc__stringr r:flaskrrrr ascii_lettersdigitsr rr)r/r1r6r8r=rHrrrrNs  )))))))))))FM9YYY777,,,222     r