+h JddlmZddlmZdZGddeZGddZy) ) HiddenField)ValidationError)CSRFTokenFieldCSRFcBeZdZdZdZfdZdZdZdZfdZ xZ S)raA A subclass of HiddenField designed for sending the CSRF token that is used for most CSRF protection schemes. Notably different from a normal field, this field always renders the current token regardless of the submitted value, and also will not be populated over to object data via populate_obj NcP|jd|_t| |i|y)N csrf_impl)popr super__init__)selfargskw __class__s D/var/www/html/venv/lib/python3.12/site-packages/wtforms/csrf/core.pyr zCSRFTokenField.__init__s% , $%"%c|jS)z We want to always return the current token on render, regardless of whether a good or bad token was passed. ) current_token)r s r_valuezCSRFTokenField._values !!!rcy)z< Don't populate objects with the CSRF token N)r rs r populate_objzCSRFTokenField.populate_objs rc<|jj||y)z8 Handle validation of this token field. N)r validate_csrf_token)r forms r pre_validatezCSRFTokenField.pre_validate$s **46rcdt||i||jj||_y)N)r processr generate_csrf_tokenr)r rkwargsrs rrzCSRFTokenField.process*s+ ((!^^??Er) __name__ __module__ __qualname____doc__rr rrrr __classcell__)rs@rrrs/M&" 7 FFrrc"eZdZeZdZdZdZy)rcb|j}|j}|jd|}||fgS)a Receive the form we're attached to and set up fields. The default implementation creates a single field of type :attr:`field_class` with name taken from the ``csrf_field_name`` of the class meta. :param form: The form instance we're attaching to. :return: A sequence of `(field_name, unbound_field)` 2-tuples which are unbound fields to be added to the form. z CSRF Token)labelr )metacsrf_field_name field_class)r rr) field_name unbound_fields r setup_formzCSRF.setup_form2s;yy)) ((|t(L ]+,,rct)a Implementations must override this to provide a method with which one can get a CSRF token for this form. A CSRF token is usually a string that is generated deterministically based on some sort of user data, though it can be anything which you can validate on a subsequent request. :param csrf_token_field: The field which is being used for CSRF. :return: A generated CSRF string. )NotImplementedError)r csrf_token_fields rrzCSRF.generate_csrf_tokenEs "##rcj|j|jk7rt|jdy)a> Override this method to provide custom CSRF validation logic. The default CSRF validation logic simply checks if the recently generated token equals the one we received as formdata. :param form: The form which has this CSRF token. :param field: The CSRF token field. zInvalid CSRF Token.N)rdatargettext)r rfields rrzCSRF.validate_csrf_tokenUs0   %** ,!%--0E"FG G -rN)r!r"r#rr+r.rrrrrrr/s K-&$ HrrN)wtforms.fieldsrwtforms.validatorsr__all__rrrrrr9s+&. $%F[%FP1H1Hr