+h ndZddlZddlZddlmZddlmZddlmZddlmZdd l m Z d Z Gd d e Z y) a A provided CSRF implementation which puts CSRF data in a session. This can be used fairly comfortably with many `request.session` type objects, including the Werkzeug/Flask session store, Django sessions, and potentially other similar objects which use a dict-like API for storing session keys. The basic concept is a randomly generated value is stored in the user's session, and an hmac-sha1 of it (along with an optional expiration time, for extra security) is used as the value of the csrf_token. If this token validates with the hmac of the random value + expiration time, and the expiration time is not passed, the CSRF validation will pass. N)datetime) timedelta)sha1)ValidationError)CSRF) SessionCSRFcTeZdZdZfdZdZdZdZedZ edZ xZ S)r z %Y%m%d%H%M%ScD|j|_t| |S)N)meta form_metasuper setup_form)selfform __class__s G/var/www/html/venv/lib/python3.12/site-packages/wtforms/csrf/session.pyrzSessionCSRF.setup_formsw!$''cF|j}|j td|j t d|j }d|vr/t tjdj|d<|jrL|j|jzj|j}dj|d|}nd}|d}tj |j|j#dt }|d |jS) Nz2<<>GFO ??xxzDOO3==d>N>NOGwv@JG JHH   j//74 "Y002344rcT|j}|jrd|jvrt|jd|jj dd\}}|j d|zj d}tj|j|t}|j|k7rt|jd|jrI|jj|j}||kDrt|jdyy) NrzCSRF token missing.rrrrz CSRF failed.zCSRF token expired.)rdatargettextsplitr"r-r+r,rrr%r&r'r(r)) rrfieldr r/r1 check_val hmac_compare now_formatteds rvalidate_csrf_tokenzSessionCSRF.validate_csrf_token<s~~zzT3!%--0E"FG G"ZZ--dA6\\&)G3;;FC xx 0 0)tL  ! ! #y 0!%--"?@ @ ?? HHJ//0@0@AMw&%emm4I&JKK' rc*tjS)zP Get the current time. Used for test mocking/overriding mainly. )rr'rs rr'zSessionCSRF.nowNs||~rcDt|jdtdS)Ncsrf_time_limit)minutes)getattrrrr=s rr&zSessionCSRF.time_limitTst~~'8)B:OPPrclt|jjd|jjS)Nr")rBrr r=s rr"zSessionCSRF.sessionXs* NN ' 'DNN4O4O  r) __name__ __module__ __qualname__r)rr2r;r'propertyr&r" __classcell__)rs@rr r sG K(54L$ QQ  rr ) __doc__r+r#rrhashlibr validatorsrcorer __all__r rrrOs4  ( A $A r