o :Zc@sdZddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z m Z ddlmZddlmZedZGd d d eZGd d d eZd dZddZddZd"ddZGdddZddedfddZddedfddZGdddZGd d!d!eZdS)#ae Functions for creating and restoring url-safe signed JSON objects. The format used looks like this: >>> signing.dumps("hello") 'ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk' There are two components here, separated by a ':'. The first component is a URLsafe base64 encoded JSON of the object passed to dumps(). The second component is a base64 encoded hmac/SHA1 hash of "$first_component:$secret" signing.loads(s) checks the signature and returns the deserialized object. If the signature fails, a BadSignature exception is raised. >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk") 'hello' >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk-modified") ... BadSignature: Signature failed: ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk-modified You can optionally compress the JSON prior to base64 encoding it to save space, using the compress=True argument. This checks if compression actually helps and only applies compression if the result is a shorter string: >>> signing.dumps(list(range(1, 20)), compress=True) '.eJwFwcERACAIwLCF-rCiILN47r-GyZVJsNgkxaFxoDgxcOHGxMKD_T7vhAml:1QaUaL:BA0thEZrp4FQVXIXuOvYJtLJSrQ' The fact that the string is compressed is signalled by the prefixed '.' at the start of the base64 JSON. There are 65 url-safe characters: the 64 used by url-safe base64 and the ':'. These functions make use of all of them. N)settings)baseconv)constant_time_compare salted_hmac) force_bytes) import_stringz^[A-z0-9-_=]*$c@eZdZdZdS) BadSignaturezSignature does not match.N__name__ __module__ __qualname____doc__rrI/var/www/chikooza/env/lib/python3.10/site-packages/django/core/signing.pyr 4r c@r)SignatureExpiredz3Signature timestamp is older than required max_age.Nr rrrrr9rrcCst|dS)N=)base64urlsafe_b64encodestrip)srrr b64_encode>rcCs dt| d}t||S)Nr)lenrurlsafe_b64decode)rpadrrr b64_decodeBsrcCstt|||SN)rrdigestdecode)saltvaluekeyrrr base64_hmacGsr%%django.core.signing.get_cookie_signercCs$ttj}ttj}|d||dS)Nsdjango.http.cookiesr")rrSIGNING_BACKENDr SECRET_KEY)r"Signerr$rrrget_cookie_signerKs  r+c@s eZdZdZddZddZdS)JSONSerializerzW Simple wrapper around json to be used in signing.dumps and signing.loads. cCstj|dddS)N),:) separatorslatin-1)jsondumpsencode)selfobjrrrr2VzJSONSerializer.dumpscCst|dS)Nr0)r1loadsr!)r4datarrrr7YrzJSONSerializer.loadsN)r r r rr2r7rrrrr,Qs r,zdjango.core.signingFc Csd||}d}|rt|}t|t|dkr|}d}t|}|r)d|}t||d|S)a Return URL-safe, hmac/SHA1 signed base64 compressed JSON string. If key is None, use settings.SECRET_KEY instead. If compress is True (not the default), check if compressing using zlib can save some space. Prepend a '.' to signify compression. This is included in the signature, to protect against zip bombs. Salt can be used to namespace the hash, so that a signed string is only valid for a given namespace. Leaving this at the default value or re-using a salt value across different parts of your application without good cause is a security risk. The serializer is expected to return a bytestring. FT.r')r2zlibcompressrrr!TimestampSignersign) r5r$r" serializerr<r8 is_compressed compressedbase64drrrr2]s   r2cCs\t||dj||d}|dddk}|r|dd}t|}|r(t|}||S)z| Reverse of dumps(), raise BadSignature if signature fails. The serializer is expected to accept a bytestring. r')max_ageNr9.)r=unsignr3rr; decompressr7)rr$r"r?rCrBrFr8rrrr7~s   r7c@s.eZdZd ddZddZddZd d ZdS) r*Nr.cCsH|ptj|_||_t|jrtd||p d|jj|jj f|_ dS)NzJUnsafe Signer separator: %r (cannot be empty or consist of only A-z0-9-_=)z%s.%s) rr)r$sep _SEP_UNSAFEmatch ValueError __class__r r r")r4r$rGr"rrr__init__s  zSigner.__init__cCst|jd||jS)Nsigner)r%r"r$r4r#rrr signaturer6zSigner.signaturecCsd||j||fSNz%s%s%s)rGrOrNrrrr>sz Signer.signcCsJ|j|vr td|j||jd\}}t|||r|Std|)NzNo "%s" found in valuer9zSignature "%s" does not match)rGr rsplitrrO)r4 signed_valuer#sigrrrrEs  z Signer.unsign)Nr.N)r r r rLrOr>rErrrrr*s    r*cs2eZdZddZfddZdfdd ZZS) r=cCstjttSr)rbase62r3inttime)r4rrr timestampr6zTimestampSigner.timestampcs d||j|f}t|SrP)rGrWsuperr>rNrKrrr>s zTimestampSigner.signNcsnt|}||jd\}}tj|}|dur5t|tj r#| }t |}||kr5t d||f|S)zk Retrieve original value and check it wasn't signed more than max_age seconds ago. r9NzSignature age %s > %s seconds) rXrErQrGrrTr! isinstancedatetime timedelta total_secondsrVr)r4r#rCresultrWagerYrrrEs     zTimestampSigner.unsignr)r r r rWr>rE __classcell__rrrYrr=s r=)r&) rrr[r1rerVr; django.confr django.utilsrdjango.utils.cryptorrdjango.utils.encodingrdjango.utils.module_loadingrcompilerH Exceptionr rrrr%r+r,r2r7r*r=rrrrs0#       !