&^gD">dZddlZddlZddlZddlZddlZddlmZddlm Z m Z ddl m Z ddl mZddlmZedZd ZGd d eZGd d eZdZdZdZdZddZdZd dZGddZddedfdZddeddfdZGddZ Gdde Z!y)!a_ Functions for creating and restoring url-safe signed JSON objects. The format used looks like this: >>> signing.dumps("hello") 'ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk' There are two components here, separated by a ':'. The first component is a URLsafe base64 encoded JSON of the object passed to dumps(). The second component is a base64 encoded hmac/SHA-256 hash of "$first_component:$secret" signing.loads(s) checks the signature and returns the deserialized object. If the signature fails, a BadSignature exception is raised. >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk") 'hello' >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv42-modified") ... BadSignature: Signature "ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv42-modified" does not match You can optionally compress the JSON prior to base64 encoding it to save space, using the compress=True argument. This checks if compression actually helps and only applies compression if the result is a shorter string: >>> signing.dumps(list(range(1, 20)), compress=True) '.eJwFwcERACAIwLCF-rCiILN47r-GyZVJsNgkxaFxoDgxcOHGxMKD_T7vhAml:1QaUaL:BA0thEZrp4FQVXIXuOvYJtLJSrQ' The fact that the string is compressed is signalled by the prefixed '.' at the start of the base64 JSON. There are 65 url-safe characters: the 64 used by url-safe base64 and the ':'. These functions make use of all of them. N)settings)constant_time_compare salted_hmac force_bytes) import_string)_lazy_re_compilez^[A-z0-9-_=]*$>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzceZdZdZy) BadSignaturezSignature does not match.N__name__ __module__ __qualname____doc__W/var/www/html/webapps/promises/venv/lib/python3.12/site-packages/django/core/signing.pyr r 4s#rr ceZdZdZy)SignatureExpiredz3Signature timestamp is older than required max_age.Nr rrrrr:s=rrc|dk(ry|dkrdnd}t|}d}|dkDr!t|d\}}t||z}|dkDr!||zS)Nr0->)absdivmodBASE62_ALPHABET)ssignencoded remainders r b62_encoder#@saAva%3RD AAG a%a} 9!),w6 a% '>rc|dk(ryd}|ddk(r|dd}d}d}|D]}|dztj|z}||zS)Nrrrr)rindex)rr decodeddigits r b62_decoder*LscCx Dts{ abEG>B,!6!6u!==> '>rcJtj|jdS)N=)base64urlsafe_b64encodestrip)rs r b64_encoder0Ys  # #A & , ,T 22rcVdt| dzz}tj||zS)Nr,)lenr-urlsafe_b64decode)rpads r b64_decoder6]s+ 3q6'A+ C  # #AG ,,rcjtt||||jjS)N algorithm)r0rdigestdecode)saltvaluekeyr9s r base64_hmacr?bs- D% :AAC  fhrcdt|zS)Nsdjango.http.cookiesr)r>s r_cookie_signer_keyrAhs !K$4 44rcttj}|ttjt ttj |S)N)r> fallback_keysr<)rrSIGNING_BACKENDrA SECRET_KEYmapSECRET_KEY_FALLBACKS)r<Signers rget_cookie_signerrImsA 833 4F  x22 3,h.K.KL  rceZdZdZdZdZy)JSONSerializerzW Simple wrapper around json to be used in signing.dumps and signing.loads. cNtj|djdS)N),:) separatorslatin-1)jsondumpsencode)selfobjs rrRzJSONSerializer.dumps|szz#*5<r<) serializercompress)TimestampSigner sign_object)rUr>r<rZr[s rrRrRs*& s . : : X ; rcBt|||j|||S)z| Reverse of dumps(), raise BadSignature if signature fails. The serializer is expected to accept a bytestring. )r>r<rC)rZmax_age)r\ unsign_object)rr>r<rZr_rCs rrWrWs0  d- m rcJeZdZdddddddZd dZdZdZedfd Zefd Z y) rHNrN)r>sepr<r9rCcV|xstj|_||ntj|_||_|xs/|j jd|j j|_ |xsd|_ tj|j rtd|zy)N.sha256zJUnsafe Signer separator: %r (cannot be empty or consist of only A-z0-9-_=))rrEr>rGrCrb __class__rrr<r9 _SEP_UNSAFEmatch ValueError)rTr>rbr<r9rCs r__init__zSigner.__init__s-(--( ..   NN % % NN # #  #.h   TXX &"$'(  'rcn|xs |j}t|jdz|||jS)Nsignerr8)r>r?r<r9)rTr=r>s r signaturezSigner.signatures-oTXX499x/t~~VVrcD||j|j|SN)rbrm)rTr=s rr z Signer.signs $((DNN5,ABBrc$|j|vrtd|jz|j|jd\}}|jg|jD]"}t ||j ||s |cStd|z)NzNo "%s" found in valuer%zSignature "%s" does not match)rbr rsplitr>rCrrm)rT signed_valuer=sigr>s runsignz Signer.unsigns 88< '7$((BC C!((15 sHH2t112 C$S$..*DE  :S@AArFc|j|}d}|r3tj|}t|t|dz kr|}d}t |j }|rd|z}|j |S)ae Return URL-safe, hmac signed base64 compressed JSON string. If compress is True (not the default), check if compressing using zlib can save some space. Prepend a '.' to signify compression. This is included in the signature, to protect against zip bombs. The serializer is expected to return a bytestring. Fr%Trd)rRzlibr[r3r0r;r )rTrUrZr[rX is_compressed compressedbase64ds rr]zSigner.sign_objectsx|!!#& t,J:#d)a-0! $ T"))+ GmGyy!!rc |j|fi|j}|dddk(}|r|dd}t|}|rtj|}|j |S)Nr%.)rtrSr6rv decompressrW)rT signed_objrZkwargsryr|rXs rr`zSigner.unsign_objectsn$++j3F3::<Ra[D( abkG'" ??4(D|!!$''rro) rrrrjrmr rtrKr]r`rrrrHrHs;sT*WCB+95"24B (rrHc0eZdZdZfdZdfd ZxZS)r\cNtttjSro)r#inttime)rTs r timestampzTimestampSigner.timestamps#diik*++rcb||j|j}t| |Sro)rbrsuperr )rTr=rfs rr zTimestampSigner.signs)!488T^^-=>w|E""rc.t||}|j|jd\}}t |}|Xt |t jr|j}tj|z }||kDrtd|d|d|S)zk Retrieve original value and check it wasn't signed more than max_age seconds ago. r%zSignature age z > z seconds) rrtrqrbr* isinstancedatetime timedelta total_secondsrr)rTr=r_resultragerfs rrtzTimestampSigner.unsigns &!==15yy)  '8#5#56!//1))+ )CW}&#w'WXX rro)rrrrr rt __classcell__)rfs@rr\r\s,#rr\)sha1)z%django.core.signing.get_cookie_signer)"rr-rrQrrv django.confrdjango.utils.cryptorrdjango.utils.encodingrdjango.utils.module_loadingrdjango.utils.regex_helperr rgr Exceptionr rr#r*r0r6r?rArIrKrRrWrHr\rrrrs!F B-5601 R 9  |  3-  5  2 2-.SX4   ,J(J(Zfr