ث
    ‰+h»'  م                   َ<  — d dl Z d dlZd dlZd dlZd dlmZ d dlmZ d dlmZ d dlm	Z	 d dlm
Z
 d dlmZ d dlmZ d d	lmZ d d
lmZ d dlmZ d dlmZ d dlmZ dZ ej.                  e«      Zdd„Zdd„Z	 dd„Z G d„ de«      Z G d„ d«      Z G d„ de«      Zd„ Z y)é    N)عurlparse)ع	Blueprint)عcurrent_app)عg)عrequest)عsession)عBadData)عSignatureExpired)عURLSafeTimedSerializer)ع
BadRequest)عValidationError)عCSRF)عgenerate_csrfعvalidate_csrfعCSRFProtectc                 َT  — t        | dt        j                  d¬«      } t        |ddd¬«      }|t        vr|t	        | d¬«      }|t
        vr=t        j                  t        j                  d	«      «      j                  «       t
        |<   	 |j                  t
        |   «      }t        t        ||«       t        j                  |«      S # t        $ rX t        j                  t        j                  d	«      «      j                  «       t
        |<   |j                  t
        |   «      }Y Œ†w xY w)
a  Generate a CSRF token. The token is cached for a request, so multiple
    calls to this function will generate the same token.

    During testing, it might be useful to access the signed token in
    ``g.csrf_token`` and the raw token in ``session['csrf_token']``.

    :param secret_key: Used to securely sign the token. Default is
        ``WTF_CSRF_SECRET_KEY`` or ``SECRET_KEY``.
    :param token_key: Key where token is stored in session for comparison.
        Default is ``WTF_CSRF_FIELD_NAME`` or ``'csrf_token'``.
    عWTF_CSRF_SECRET_KEYْ%A secret key is required to use CSRF.©عmessageعWTF_CSRF_FIELD_NAMEع
csrf_tokenْ%A field name is required to use CSRF.ْwtf-csrf-token©عsalté@   )ع_get_configr   ع
secret_keyr   r   r   عhashlibعsha1عosعurandomع	hexdigestعdumpsع	TypeErrorعsetattrعget)r   ع	token_keyع
field_nameعsعtokens        ْA/var/www/html/venv/lib/python3.12/site-packages/flask_wtf/csrf.pyr   r      sّ   € ô ططـ×رط7ô	€Jô طططط7ô	€Jً œرـ" :ذ4DشEˆàœWر$ـ")§,،,¬r¯z©z¸"«~س">×"Hر"Hس"JŒGگJرً	1ط—G‘GœG Jر/س0ˆEô
 	”گ:کuش%نڈ5‰5گسذّô ٍ 	1ـ")§,،,¬r¯z©z¸"«~س">×"Hر"Hس"JŒGگJرط—G‘GœG Jر/س0ٹEً	1ْs   آC أAD'ؤ&D'c                 َ¶  — t        |dt        j                  d¬«      }t        |ddd¬«      }t        |ddd	¬
«      }| st        d«      ‚|t        vrt        d«      ‚t        |d¬«      }	 |j                  | |¬«      }t        j                  t        |   |«      st        d«      ‚y# t        $ r}t        d«      |‚d}~wt        $ r}t        d«      |‚d}~ww xY w)a  Check if the given data is a valid CSRF token. This compares the given
    signed token to the one stored in the session.

    :param data: The signed CSRF token to be checked.
    :param secret_key: Used to securely sign the token. Default is
        ``WTF_CSRF_SECRET_KEY`` or ``SECRET_KEY``.
    :param time_limit: Number of seconds that the token is valid. Default is
        ``WTF_CSRF_TIME_LIMIT`` or 3600 seconds (60 minutes).
    :param token_key: Key where token is stored in session for comparison.
        Default is ``WTF_CSRF_FIELD_NAME`` or ``'csrf_token'``.

    :raises ValidationError: Contains the reason that validation failed.

    .. versionchanged:: 0.14
        Raises ``ValidationError`` with a specific error message rather than
        returning ``True`` or ``False``.
    r   r   r   r   r   r   عWTF_CSRF_TIME_LIMITé  F)عrequiredzThe CSRF token is missing.z"The CSRF session token is missing.r   r   )عmax_agezThe CSRF token has expired.NzThe CSRF token is invalid.zThe CSRF tokens do not match.)r   r   r   r   r   r   عloadsr
   r	   عhmacعcompare_digest)عdatar   ع
time_limitr)   r*   r+   r,   عes           r-   r   r   B   sُ   € ô& ططـ×رط7ô	€Jô طططط7ô	€Jô کZذ)>ہبuشU€Jلـذ:س;ذ;àœر ـذBسCذCنکzذ0@شA€AًCط—‘ک jگس1ˆô ×رœw zر2°Eش:ـذ=س>ذ>ً ;ّô ٍ Dـذ;س<ہ!ذCûـٍ Cـذ:س;ہذBûًCْs$   ء*B& آ&	Cآ/B;آ;CأCأCc                 َh   — | € t         j                  j                  ||«      } |r| €t        |«      ‚| S )a¦  Find config value based on provided value, Flask config, and default
    value.

    :param value: already provided config value
    :param config_name: Flask ``config`` key
    :param default: default value if not provided or configured
    :param required: whether the value must not be ``None``
    :param message: error message if required config is not found
    :raises KeyError: if required config is not found
    )r   عconfigr(   عRuntimeError)عvalueعconfig_nameعdefaultr1   r   s        r-   r   r   v   s8   € ً €}ـ×"ر"×&ر& {°Gس<ˆلگEگMـک7س#ذ#à€Lَ    c                   َ*   ‡ — e Zd Zˆ fd„Zd„ Zd„ Zˆ xZS )ع_FlaskFormCSRFc                 َD   •— |j                   | _         t        ‰| چ	  |«      S ©N)عmetaعsuperع
setup_form)عselfعformع	__class__s     €r-   rF   z_FlaskFormCSRF.setup_formژ   s   ّ€ ط—I‘IˆŒ	ـ‰wر! $س'ذ'r?   c                 َl   — t        | j                  j                  | j                  j                  ¬«      S )N)r   r)   )r   rD   عcsrf_secretعcsrf_field_name)rG   عcsrf_token_fields     r-   عgenerate_csrf_tokenz"_FlaskFormCSRF.generate_csrf_token’   s(   € ـط—y‘y×,ر,¸؟	¹	×8Qر8Qô
ً 	
r?   c                 َD  — t        j                  dd«      ry 	 t        |j                  | j                  j
                  | j                  j                  | j                  j                  «       y # t        $ r(}t        j                  |j                  d   «       ‚ d }~ww xY w)Nع
csrf_validFr   )r   r(   r   r6   rD   rK   عcsrf_time_limitrL   r   عloggerعinfoعargs)rG   rH   عfieldr8   s       r-   عvalidate_csrf_tokenz"_FlaskFormCSRF.validate_csrf_token—   sw   € ـڈ5‰5گکuش%àً		ـط—
‘
ط—	‘	×%ر%ط—	‘	×)ر)ط—	‘	×)ر)ُ	ّô ٍ 	ـڈK‰Kکں™کq™	ش"طûً	ْs   ™AA. ء.	Bء7#BآB)ع__name__ع
__module__ع__qualname__rF   rN   rV   ع__classcell__)rI   s   @r-   rA   rA   چ   s   ّ„ ô(ٍ
ِ
r?   rA   c                   َ6   — e Zd ZdZd	d„Zd„ Zd„ Zd„ Zd„ Zd„ Z	y)
r   a[  Enable CSRF protection globally for a Flask app.

    ::

        app = Flask(__name__)
        csrf = CSRFProtect(app)

    Checks the ``csrf_token`` field sent with forms, or the ``X-CSRFToken``
    header sent with JavaScript requests. Render the token in templates using
    ``{{ csrf_token() }}``.

    See the :ref:`csrf` documentation.
    Nc                 َh   — t        «       | _        t        «       | _        |r| j                  |«       y y rC   )عsetع_exempt_viewsع_exempt_blueprintsعinit_app)rG   عapps     r-   ع__init__zCSRFProtect.__init__·   s*   € ـ ›Uˆشـ"%£%ˆشلطڈM‰Mک#صً r?   c                 َj  ‡ ‡— ‰ ‰j                   d<   ‰j                  j                  dd«       ‰j                  j                  dd«       t        ‰j                  j	                  dg d¢«      «      ‰j                  d<   ‰j                  j                  dd«       ‰j                  j                  d	d
dg«       ‰j                  j                  dd«       ‰j                  j                  dd«       t
        ‰j                  j                  d<   ‰j                  d„ «       ‰j                  ˆˆ fd„«       }y )NعcsrfعWTF_CSRF_ENABLEDTعWTF_CSRF_CHECK_DEFAULTعWTF_CSRF_METHODS)عPOSTعPUTعPATCHعDELETEr   r   عWTF_CSRF_HEADERSzX-CSRFTokenzX-CSRF-Tokenr/   r0   عWTF_CSRF_SSL_STRICTc                  َ   — dt         iS )Nr   )r   © r?   r-   ْ<lambda>z&CSRFProtect.init_app.<locals>.<lambda>ج   s   €  |´]ذ&C€ r?   c                  َع  •— ‰j                   d   sy ‰j                   d   sy t        j                  ‰j                   d   vry t        j                  sy ‰j                  j                  t        j                  «      ‰j                  v ry ‰j                  j                  t        j                  «      } | j                  › d| j                  › ‌}|‰j                  v ry ‰j                  «        y )Nre   rf   rg   ْ.)r:   r   عmethodعendpointع
blueprintsr(   ع	blueprintr_   عview_functionsrX   rW   r^   عprotect)عviewعdestra   rG   s     €€r-   عcsrf_protectz*CSRFProtect.init_app.<locals>.csrf_protectخ   s½   ّ€ à—:‘:ذ0ز1طà—:‘:ذ6ز7طنڈ~‰~ S§Z،Zذ0Bر%CرCطن×#ز#طàڈ~‰~×!ر!¤'×"3ر"3س4¸×8Oر8OرOطà×%ر%×)ر)¬'×*:ر*:س;ˆDط—o‘oذ& a¨¯© ذ7ˆDàگt×)ر)ر)طàڈL‰LچNr?   )
ع
extensionsr:   ع
setdefaultr]   r(   r   ع	jinja_envعglobalsعcontext_processorعbefore_request)rG   ra   r{   s   `` r-   r`   zCSRFProtect.init_app¾   sù   ù€ ط!%ˆڈ‰گvرàڈ
‰
×رذ0°$ش7طڈ
‰
×رذ6¸ش=ـ),طڈJ‰JڈN‰Nذ-ز/QسRَ*
ˆڈ
‰
ذ%ر&ً 	ڈ
‰
×رذ3°\شBطڈ
‰
×رذ0°=ہ.ذ2QشRطڈ
‰
×رذ3°Tش:طڈ
‰
×رذ3°Tش:ن.;ˆڈ‰×رکlر+ط×ررCشDà	×	ر	ô	َ 
ٌ	r?   c                 َj  — t         j                  d   }t        j                  j	                  |«      }|r|S t        j                  D ]-  }|j                  |«      sŒt        j                  |   }|sŒ+|c S  t         j                  d   D ]'  }t        j                  j	                  |«      }|sŒ%|c S  y )Nr   rl   )r   r:   r   rH   r(   عendswithعheaders)rG   r*   ع
base_tokenعkeyr   عheader_names         r-   ع_get_csrf_tokenzCSRFProtect._get_csrf_tokenç   s§   € ن ×'ر'ذ(=ر>ˆ
ـ—\‘\×%ر% jس1ˆ
لطذô —<‘<ٍ 	&ˆCطڈ|‰|کJص'ـ$ں\™\¨#ر.گ
âط%ز%ً	&ô '×-ر-ذ.@رAٍ 	"ˆKـ ں™×,ر,¨[س9ˆJâط!ز!ً		"ً r?   c                 َH  — t         j                  t        j                  d   vry 	 t	        | j                  «       «       t         j                  rst        j                  d   r`t         j                  s| j                  d«       dt         j                  › d‌}t        t         j                  |«      s| j                  d«       dt        _        y # t        $ rJ}t        j                  |j                  d   «       | j                  |j                  d   «       Y d }~Œفd }~ww xY w)	Nrg   r   rm   zThe referrer header is missing.zhttps://ْ/z%The referrer does not match the host.T)r   rs   r   r:   r   rˆ   r   rR   rS   rT   ع_error_responseع	is_secureعreferrerعhostعsame_originr   rP   )rG   r8   عgood_referrers      r-   rx   zCSRFProtect.protect   sغ   € ـڈ>‰>¤×!3ر!3ذ4Fر!GرGطً	,ـک$×.ر.س0ش1ô
 ×ز¤×!3ر!3ذ4Iز!Jـ×#ز#ط×$ر$ذ%FشGà&¤w§|،| n°Aذ6ˆMنœw×/ر/°ش?ط×$ر$ذ%LشMàŒچّô ٍ 	,ـڈK‰Kکں™کq™	ش"ط× ر  §،¨،×+ر+ûً	,ْs   ¦C أ	D!أA DؤD!c                 َ
  — t        |t        «      r| j                  j                  |«       |S t        |t        «      r|}n'dj                  |j                  |j                  f«      }| j                  j                  |«       |S )a  Mark a view or blueprint to be excluded from CSRF protection.

        ::

            @app.route('/some-view', methods=['POST'])
            @csrf.exempt
            def some_view():
                ...

        ::

            bp = Blueprint(...)
            csrf.exempt(bp)

        rr   )	ع
isinstancer   r_   عaddعstrعjoinrX   rW   r^   )rG   ry   عview_locations      r-   عexemptzCSRFProtect.exempt  sj   € ô" گdœIش&ط×#ر#×'ر'¨ش-طˆKنگdœCش ط ‰MàںH™H d§o،o°t·}±}ذ%EسFˆMà×ر×رک}ش-طˆr?   c                 َ   — t        |«      ‚rC   )ع	CSRFError)rG   عreasons     r-   r‹   zCSRFProtect._error_response2  s   € ـکسذr?   rC   )
rW   rX   rY   ع__doc__rb   r`   rˆ   rx   r—   r‹   ro   r?   r-   r   r   ¨   s&   „ ٌَٍ'ٍRٍ2ٍ*َ: r?   r   c                   َ   — e Zd ZdZdZy)r™   zïRaise if the client sends invalid CSRF data with the request.

    Generates a 400 Bad Request response with the failure reason by default.
    Customize the response by registering a handler with
    :meth:`flask.Flask.errorhandler`.
    zCSRF validation failed.N)rW   rX   rY   r›   عdescriptionro   r?   r-   r™   r™   6  s   „ ٌً ,پKr?   r™   c                 َج   — t        | «      }t        |«      }|j                  |j                  k(  xr4 |j                  |j                  k(  xr |j                  |j                  k(  S rC   )r   عschemeعhostnameعport)عcurrent_uriعcompare_uriعcurrentعcompares       r-   rڈ   rڈ   A  s[   € ـگ{س#€Gـگ{س#€Gً 	ڈ‰ک'ں.™.ر(ٍ 	)ط×ر × 0ر 0ر0ٍ	)àڈL‰LکGںL™Lر(ًr?   )NN)NNN)NTzCSRF is not configured.)!r    r4   عloggingr"   عurllib.parser   عflaskr   r   r   r   r   عitsdangerousr	   r
   r   عwerkzeug.exceptionsr   عwtformsr   عwtforms.csrf.corer   ع__all__ع	getLoggerrW   rR   r   r   r   rA   r   r™   rڈ   ro   r?   r-   ْ<module>r¯      sچ   ًغ غ غ غ 	ف !ه ف ف ف ف ف  ف )ف /ف *ف #ف "à
;€ط	ˆ×	ر	ک8س	$€َ(َV1?ًj >Wَô.گTô ÷6K ٌ K ô\,گ
ô ,َr?   