iD"ddZddlZddlZddlZddlZddlZddlmZddlm Z m Z ddl m Z ddl mZddlmZedZd ZGd d eZGd d eZdZdZdZdZd!dZdZd"dZGddZddedfdZddeddfdZGddZ Gdd e Z!dS)#a_ Functions for creating and restoring url-safe signed JSON objects. The format used looks like this: >>> signing.dumps("hello") 'ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk' There are two components here, separated by a ':'. The first component is a URLsafe base64 encoded JSON of the object passed to dumps(). The second component is a base64 encoded hmac/SHA-256 hash of "$first_component:$secret" signing.loads(s) checks the signature and returns the deserialized object. If the signature fails, a BadSignature exception is raised. >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk") 'hello' >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv42-modified") ... BadSignature: Signature "ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv42-modified" does not match You can optionally compress the JSON prior to base64 encoding it to save space, using the compress=True argument. This checks if compression actually helps and only applies compression if the result is a shorter string: >>> signing.dumps(list(range(1, 20)), compress=True) '.eJwFwcERACAIwLCF-rCiILN47r-GyZVJsNgkxaFxoDgxcOHGxMKD_T7vhAml:1QaUaL:BA0thEZrp4FQVXIXuOvYJtLJSrQ' The fact that the string is compressed is signalled by the prefixed '.' at the start of the base64 JSON. There are 65 url-safe characters: the 64 used by url-safe base64 and the ':'. These functions make use of all of them. N)settings)constant_time_compare salted_hmac force_bytes) import_string)_lazy_re_compilez^[A-z0-9-_=]*$>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzceZdZdZdS) BadSignaturezSignature does not match.N__name__ __module__ __qualname____doc__K/srv/django_bis/venv311/lib/python3.11/site-packages/django/core/signing.pyr r 4s##Drr ceZdZdZdS)SignatureExpiredz3Signature timestamp is older than required max_age.Nr rrrrr:s==Drrc|dkrdS|dkrdnd}t|}d}|dkr)t|d\}}t||z}|dk)||zS)Nr0->)absdivmodBASE62_ALPHABET)ssignencoded remainders r b62_encoder#@sqAvvsa%%33RD AAG a%%a}} 9!),w6 a%% '>rc|dkrdSd}|ddkr |dd}d}d}|D]"}|dzt|z}#||zS)Nrrrr)rindex)rr decodeddigits r b62_decoder*LspCxxq Dts{{ abbEG>>B,!6!6u!=!== '>rcPtj|dS)N=)base64urlsafe_b64encodestrip)rs r b64_encoder0Ys!  #A & & , ,T 2 22rc\dt| dzz}tj||zS)Nr,)lenr-urlsafe_b64decode)rpads r b64_decoder6]s- 3q66'A+ C  #AG , ,,rsha1ctt||||S)N algorithm)r0rdigestdecode)saltvaluekeyr:s r base64_hmacr@bs= D% :::AACC   fhhrc&dt|zS)Nsdjango.http.cookiesr)r?s r_cookie_signer_keyrBhs !K$4$4 44r%django.core.signing.get_cookie_signercttj}|ttjt ttj|S)N)r? fallback_keysr=)rrSIGNING_BACKENDrB SECRET_KEYmapSECRET_KEY_FALLBACKS)r=Signers rget_cookie_signerrKmsM 83 4 4F 6 x2 3 3,h.KLL    rceZdZdZdZdZdS)JSONSerializerzW Simple wrapper around json to be used in signing.dumps and signing.loads. cTtj|ddS)N),:) separatorslatin-1)jsondumpsencode)selfobjs rrTzJSONSerializer.dumps|s%z#*555<r?s r signaturezSigner.signatures-oTX49x/t~VVVVrcB||j||SN)rdro)rVr>s rr z Signer.signs$ 5$((DNN5,A,A,ABBrc|j|vrtd|jz||jd\}}|jg|jD]*}t ||||r|cS+td|z)NzNo "%s" found in valuer%zSignature "%s" does not match)rdr rsplitr?rErro)rV signed_valuer>sigr?s runsignz Signer.unsigns 8< ' '7$(BCC C!((155 sH2t12  C$S$..*D*DEE   :S@AAArFc4||}d}|r;tj|}t|t|dz kr|}d}t |}|rd|z}||S)ae Return URL-safe, hmac signed base64 compressed JSON string. If compress is True (not the default), check if compressing using zlib can save some space. Prepend a '.' to signify compression. This is included in the signature, to protect against zip bombs. The serializer is expected to return a bytestring. Fr%Trf)rTzlibr]r3r0r<r )rVrWr\r]rZ is_compressed compressedbase64ds rr_zSigner.sign_objectsz||!!#&&  %t,,J:#d))a-00! $ T""))++  $GmGyy!!!rc |j|fi|}|dddk}|r |dd}t|}|rtj|}||S)Nr%.)rvrUr6rx decompressrY)rV signed_objr\kwargsr{r~rZs rrbzSigner.unsign_objects$+j33F33::<<RaR[D(  "abbkG'""  )?4((Dz||!!$'''rrq) rrrrlror rvrMr_rbrrrrJrJssT*WWWWCCCBBB+95""""24B ( ( ( ( ( (rrJc0eZdZdZfdZdfd ZxZS)r^c\tttjSrq)r#inttime)rVs r timestampzTimestampSigner.timestamps#dikk**+++rc||j|}t|Srq)rdrsuperr )rVr>rhs rr zTimestampSigner.signs8!E488T^^-=-=-=>ww||E"""rNcht|}||jd\}}t |}|`t |t jr|}tj |z }||krtd|d|d|S)zk Retrieve original value and check it wasn't signed more than max_age seconds ago. r%NzSignature age z > z seconds) rrvrsrdr* isinstancedatetime timedelta total_secondsrr)rVr>raresultragerhs rrvzTimestampSigner.unsigns &&!==155yy))  '8#566 2!//11)++ )CW}}&&###www'WXXX rrq)rrrrr rv __classcell__)rhs@rr^r^se,,,#####rr^)r7)rC)"rr-rrSrrx django.confrdjango.utils.cryptorrdjango.utils.encodingrdjango.utils.module_loadingrdjango.utils.regex_helperr rir Exceptionr rr#r*r0r6r@rBrKrMrTrYrJr^rrrrsO!!F  BBBBBBBB------555555666666011 R     9        |        333---  555  2 2 2 2 2 2 2 2-.SX4   ,J(J(J(J(J(J(J(J(Zfr