dfh%xdZddlZddlZddlZddlZddlZddlZddlmZddl m Z m Z ddl m Z ddlmZddlmZddlmZed Zd ZGd d eZGd deZdZdZdZdZd"dZdZd#dZGddZ dde dfdZ!dde ddfdZ"GddZ#Gd d!e#Z$dS)$a_ Functions for creating and restoring url-safe signed JSON objects. The format used looks like this: >>> signing.dumps("hello") 'ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk' There are two components here, separated by a ':'. The first component is a URLsafe base64 encoded JSON of the object passed to dumps(). The second component is a base64 encoded hmac/SHA-256 hash of "$first_component:$secret" signing.loads(s) checks the signature and returns the deserialized object. If the signature fails, a BadSignature exception is raised. >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk") 'hello' >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv42-modified") ... BadSignature: Signature "ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv42-modified" does not match You can optionally compress the JSON prior to base64 encoding it to save space, using the compress=True argument. This checks if compression actually helps and only applies compression if the result is a shorter string: >>> signing.dumps(list(range(1, 20)), compress=True) '.eJwFwcERACAIwLCF-rCiILN47r-GyZVJsNgkxaFxoDgxcOHGxMKD_T7vhAml:1QaUaL:BA0thEZrp4FQVXIXuOvYJtLJSrQ' The fact that the string is compressed is signalled by the prefixed '.' at the start of the base64 JSON. There are 65 url-safe characters: the 64 used by url-safe base64 and the ':'. These functions make use of all of them. N)settings)constant_time_compare salted_hmac)RemovedInDjango51Warning force_bytes) import_string)_lazy_re_compilez^[A-z0-9-_=]*$>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzceZdZdZdS) BadSignaturezSignature does not match.N__name__ __module__ __qualname____doc__OD:\Python Project\djangoTemplates\venv\Lib\site-packages\django/core/signing.pyr r 6s##Drr ceZdZdZdS)SignatureExpiredz3Signature timestamp is older than required max_age.Nrrrrrr<s==Drrc|dkrdS|dkrdnd}t|}d}|dkr)t|d\}}t||z}|dk)||zS)Nr0->)absdivmodBASE62_ALPHABET)ssignencoded remainders r b62_encoder$BsqAvvsa%%33RD AAG a%%a}} 9!),w6 a%% '>rc|dkrdSd}|ddkr |dd}d}d}|D]"}|dzt|z}#||zS)Nrrrr)rindex)r r!decodeddigits r b62_decoder+NspCxxq Dts{{ abbEG>>B,!6!6u!=!== '>rcPtj|dS)N=)base64urlsafe_b64encodestrip)r s r b64_encoder1[s!  #A & & , ,T 2 22rc\dt| dzz}tj||zS)Nr-)lenr.urlsafe_b64decode)r pads r b64_decoder7_s- 3q66'A+ C  #AG , ,,rsha1ctt||||S)N algorithm)r1rdigestdecode)saltvaluekeyr;s r base64_hmacrAds= D% :::AACC   fhhrc&dt|zS)Nsdjango.http.cookiesr)r@s r_cookie_signer_keyrCjs !K$4$4 44r%django.core.signing.get_cookie_signercttj}|ttjt ttj|S)N)r@ fallback_keysr>)r rSIGNING_BACKENDrC SECRET_KEYmapSECRET_KEY_FALLBACKS)r>Signers rget_cookie_signerrLosM 83 4 4F 6 x2 3 3,h.KLL    rceZdZdZdZdZdS)JSONSerializerzW Simple wrapper around json to be used in signing.dumps and signing.loads. cTtj|ddS)N),:) separatorslatin-1)jsondumpsencode)selfobjs rrUzJSONSerializer.dumps~s%z#*555<) serializercompress)TimestampSigner sign_object)rXr@r>r]r^s rrUrUs5& s . . . : : X ;  rcRt||||||S)z| Reverse of dumps(), raise BadSignature if signature fails. The serializer is expected to accept a bytestring. )r@r>rF)r]max_age)r_ unsign_object)r r@r>r]rbrFs rrZrZs?  d-   m rcLeZdZdddddddZd dZdZdZedfd Zefd Z dS) rKNrQr@sepr>r;rFc|p tj|_||n tj|_||_|p|jjd|jj|_ |pd|_ |r[tj d|jjdtdt|gdD]\}}|s|dkrt|||t |jrt%d |zdS) N.sha256z Passing positional arguments to z is deprecated.) stacklevelrerfzJUnsafe Signer separator: %r (cannot be empty or consist of only A-z0-9-_=))rrHr@rJrFrf __class__rrr>r;warningswarnrzipsetattr _SEP_UNSAFEmatch ValueError) rWr@rfr>r;rFargsargattrs r__init__zSigner.__init__sD-(-( M.   N % % % N # #  #.h  - M4>3J(      !JJJ - - T-$%--D$,,,   TX & & "$'(   rcT|p|j}t|jdz|||jS)Nsignerr:)r@rAr>r;)rWr?r@s r signaturezSigner.signatures-oTX49x/t~VVVVrcB||j||SN)rfrz)rWr?s rr!z Signer.signs$ 5$((DNN5,A,A,ABBrc|j|vrtd|jz||jd\}}|jg|jD]*}t ||||r|cS+td|z)NzNo "%s" found in valuer&zSignature "%s" does not match)rfr rsplitr@rFrrz)rW signed_valuer?sigr@s runsignz Signer.unsigns 8< ' '7$(BCC C!((155 sH2t12  C$S$..*D*DEE   :S@AAArFc4||}d}|r;tj|}t|t|dz kr|}d}t |}|rd|z}||S)ae Return URL-safe, hmac signed base64 compressed JSON string. If compress is True (not the default), check if compressing using zlib can save some space. Prepend a '.' to signify compression. This is included in the signature, to protect against zip bombs. The serializer is expected to return a bytestring. Fr&Trh)rUzlibr^r4r1r=r!)rWrXr]r^r[ is_compressed compressedbase64ds rr`zSigner.sign_objectsz||!!#&&  %t,,J:#d))a-00! $ T""))++  $GmGyy!!!rc |j|fi|}|dddk}|r |dd}t|}|rtj|}||S)Nr&.)rrVr7r decompressrZ)rW signed_objr]kwargsrrr[s rrczSigner.unsign_object s$+j33F33::<<RaR[D(  "abbkG'""  )?4((Dz||!!$'''rr|) rrrrwrzr!rrNr`rcrrrrKrKs   &&&&&PWWWWCCCBBB+95""""24B ( ( ( ( ( (rrKc0eZdZdZfdZdfd ZxZS)r_c\tttjSr|)r$inttime)rWs r timestampzTimestampSigner.timestamps#dikk**+++rc||j|}t|Sr|)rfrsuperr!)rWr?rls rr!zTimestampSigner.signs8!E488T^^-=-=-=>ww||E"""rNcht|}||jd\}}t |}|`t |t jr|}tj |z }||krtd|d|d|S)zk Retrieve original value and check it wasn't signed more than max_age seconds ago. r&NzSignature age z > z seconds) rrr~rfr+ isinstancedatetime timedelta total_secondsrr)rWr?rbresultragerls rrzTimestampSigner.unsigns &&!==155yy))  '8#566 2!//11)++ )CW}}&&###www'WXXX rr|)rrrrr!r __classcell__)rls@rr_r_se,,,#####rr_)r8)rD)%rr.rrTrrmr django.confrdjango.utils.cryptorrdjango.utils.deprecationrdjango.utils.encodingrdjango.utils.module_loadingr django.utils.regex_helperr rqr Exceptionr rr$r+r1r7rArCrLrNrUrZrKr_rrrrsj!!F   BBBBBBBB======------555555666666011 R     9        |        333---  555  2 2 2 2 2 2 2 2-.SX4   ,a(a(a(a(a(a(a(a(Hfr