o O@h( @s dZddlZddlZddlZddlZddlZddlmZddlm Z m Z ddl m Z ddl mZddlmZedZd ZGd d d eZGd d d eZddZddZddZddZd(ddZd)ddZGdddZddedfd d!Zddedfd"d#ZGd$d%d%ZGd&d'd'eZ dS)*ae Functions for creating and restoring url-safe signed JSON objects. The format used looks like this: >>> signing.dumps("hello") 'ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk' There are two components here, separated by a ':'. The first component is a URLsafe base64 encoded JSON of the object passed to dumps(). The second component is a base64 encoded hmac/SHA1 hash of "$first_component:$secret" signing.loads(s) checks the signature and returns the deserialized object. If the signature fails, a BadSignature exception is raised. >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk") 'hello' >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk-modified") ... BadSignature: Signature failed: ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk-modified You can optionally compress the JSON prior to base64 encoding it to save space, using the compress=True argument. This checks if compression actually helps and only applies compression if the result is a shorter string: >>> signing.dumps(list(range(1, 20)), compress=True) '.eJwFwcERACAIwLCF-rCiILN47r-GyZVJsNgkxaFxoDgxcOHGxMKD_T7vhAml:1QaUaL:BA0thEZrp4FQVXIXuOvYJtLJSrQ' The fact that the string is compressed is signalled by the prefixed '.' at the start of the base64 JSON. There are 65 url-safe characters: the 64 used by url-safe base64 and the ':'. These functions make use of all of them. N)settings)constant_time_compare salted_hmac) force_bytes) import_string)_lazy_re_compilez^[A-z0-9-_=]*$Z>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzc@eZdZdZdS) BadSignaturezSignature does not match.N__name__ __module__ __qualname____doc__rr=D:\git\psytec\devenv\Lib\site-packages\django/core/signing.pyr 4r c@r)SignatureExpiredz3Signature timestamp is older than required max_age.Nr rrrrr:rrcCsZ|dkrdS|dkr dnd}t|}d}|dkr)t|d\}}t||}|dks||S)Nr0->)absdivmodBASE62_ALPHABET)ssignencoded remainderrrr b62_encode@s rcCsT|dkrdSd}|ddkr|dd}d}d}|D] }|dt|}q||S)Nrrrr)rindex)rrdecodeddigitrrr b62_decodeLs  r$cCst|dS)N=)base64urlsafe_b64encodestrip)rrrr b64_encodeYr)cCs dt| d}t||S)Nr%)lenr&urlsafe_b64decode)rpadrrr b64_decode]sr/sha1cCstt||||dS)N algorithm)r)rdigestdecode)saltvaluekeyr2rrr base64_hmacbs r8%django.core.signing.get_cookie_signercCs$ttj}ttj}|d||dS)Nsdjango.http.cookiesr5)rrZSIGNING_BACKENDr SECRET_KEY)r5Signerr7rrrget_cookie_signerhs  r=c@s eZdZdZddZddZdS)JSONSerializerzW Simple wrapper around json to be used in signing.dumps and signing.loads. cCstj|dddS)N),:) separatorslatin-1)jsondumpsencode)selfobjrrrrDtszJSONSerializer.dumpscCst|dS)NrB)rCloadsr4)rFdatarrrrHwr*zJSONSerializer.loadsN)r r r rrDrHrrrrr>ns r>zdjango.core.signingFcCt||dj|||dS)a Return URL-safe, hmac signed base64 compressed JSON string. If key is None, use settings.SECRET_KEY instead. The hmac algorithm is the default Signer algorithm. If compress is True (not the default), check if compressing using zlib can save some space. Prepend a '.' to signify compression. This is included in the signature, to protect against zip bombs. Salt can be used to namespace the hash, so that a signed string is only valid for a given namespace. Leaving this at the default value or re-using a salt value across different parts of your application without good cause is a security risk. The serializer is expected to return a bytestring. r:) serializercompress)TimestampSigner sign_object)rGr7r5rKrLrrrrD{s rDcCrJ)z| Reverse of dumps(), raise BadSignature if signature fails. The serializer is expected to accept a bytestring. r:)rKmax_age)rM unsign_object)rr7r5rKrOrrrrHs rHc@sHeZdZdddZddZddZd d Zed fd d ZefddZ dS)r<Nr@cCsR|ptj|_||_t|jrtd||p d|jj|jj f|_ |p%d|_ dS)NzJUnsafe Signer separator: %r (cannot be empty or consist of only A-z0-9-_=)z%s.%ssha256) rr;r7sep _SEP_UNSAFEmatch ValueError __class__r r r5r2)rFr7rRr5r2rrr__init__s  zSigner.__init__cCst|jd||j|jdS)NZsignerr1)r8r5r7r2rFr6rrr signatureszSigner.signaturecCsd||j||fSNz%s%s%s)rRrYrXrrrrsz Signer.signcCsJ|j|vr td|j||jd\}}t|||r|Std|)NzNo "%s" found in valuerzSignature "%s" does not match)rRr rsplitrrY)rFZ signed_valuer6sigrrrunsigns  z Signer.unsignFcCs\||}d}|rt|}t|t|dkr|}d}t|}|r)d|}||S)ae Return URL-safe, hmac signed base64 compressed JSON string. If compress is True (not the default), check if compressing using zlib can save some space. Prepend a '.' to signify compression. This is included in the signature, to protect against zip bombs. The serializer is expected to return a bytestring. FrT.)rDzlibrLr,r)r4r)rFrGrKrLrIZ is_compressed compressedbase64drrrrNs    zSigner.sign_objectcKsX|j|fi|}|dddk}|r|dd}t|}|r&t|}||S)Nr.)r]rEr/r_ decompressrH)rFZ signed_objrKkwargsrarcrIrrrrPs   zSigner.unsign_object)Nr@NN) r r r rWrYrr]r>rNrPrrrrr<s r<cs2eZdZddZfddZdfdd ZZS) rMcCstttSN)rinttime)rFrrr timestampr*zTimestampSigner.timestampcs d||j|f}t|SrZ)rRrhsuperrrXrVrrrs zTimestampSigner.signNcsjt|}||jd\}}t|}|dur3t|tjr!|}t |}||kr3t d||f|S)zk Retrieve original value and check it wasn't signed more than max_age seconds ago. rNzSignature age %s > %s seconds) rir]r[rRr$ isinstancedatetime timedelta total_secondsrgr)rFr6rOresultrhZagerjrrr]s   zTimestampSigner.unsignre)r r r rhrr] __classcell__rrrjrrMs rM)r0)r9)!rr&rlrCrgr_Z django.confrZdjango.utils.cryptorrZdjango.utils.encodingrZdjango.utils.module_loadingrZdjango.utils.regex_helperrrSr Exceptionr rrr$r)r/r8r=r>rDrHr<rMrrrrs8#           F