X0@sdZddlmZddlZddlZddlZddlmZddlm Z ddl m Z ddl m Z mZddlmZdd lmZdd lmZdd lmZdd lmZejd ZdZdZdZdZdZdZ dZ!de!Z"ej#ej$Z%ddZ&ddZ'ddZ(ddZ)ddZ*d d!Z+d"d#Z,d$d%Z-d&d'Z.Gd(d)d)eZ/dS)*z Cross Site Request Forgery Middleware. This module provides a middleware that implements protection against request forgeries from other sites. )unicode_literalsN)settings) get_callable)patch_vary_headers)constant_time_compareget_random_string)MiddlewareMixin) force_text)is_same_domain)zip)urlparsezdjango.requestz%Referer checking failed - no Referer.z@Referer checking failed - %s does not match any trusted origins.zCSRF cookie not set.z CSRF token missing or incorrect.z/Referer checking failed - Referer is malformed.zCReferer checking failed - Referer is insecure while host is secure. cCs ttjS)z9 Returns the view to be used for CSRF rejections )rrZCSRF_FAILURE_VIEWrrD/home/ubuntu/projects/ifolica/build/django/django/middleware/csrf.py_get_failure_view%srcCsttdtS)N allowed_chars)rCSRF_SECRET_LENGTHCSRF_ALLOWED_CHARSrrrr_get_new_csrf_string,srcsnt}ttfdd|Dfdd|D}djfdd|D}||S)z Given a secret (assumed to be a string of CSRF_ALLOWED_CHARS), generate a token by adding a salt and using it to encrypt the secret. c3s|]}j|VqdS)N)index).0x)charsrr 7sz&_salt_cipher_secret..c3s-|]#\}}||tVqdS)N)len)rry)rrrr8s)rrr join)secretsaltpairscipherr)rr_salt_cipher_secret0s  5"r#cs|dt}|td}ttfdd|Dfdd|D}djfdd|D}|S)z Given a token (assumed to be a string of CSRF_ALLOWED_CHARS, of length CSRF_TOKEN_LENGTH, and that its first half is a salt), use it to decrypt the second half to produce the original secret. Nc3s|]}j|VqdS)N)r)rr)rrrrEsz'_unsalt_cipher_token..rc3s#|]\}}||VqdS)Nr)rrr)rrrrFs)rrr r)tokenr r!rr)rr_unsalt_cipher_token<s 5"r%cCs ttS)N)r#rrrrr_get_new_csrf_tokenJsr&cCsXd|jkr.t}t||jd.POSTZcsrfmiddlewaretoken)zGETzHEADzOPTIONSzTRACE)rHz80)#getattrZCOOKIESrCSRF_COOKIE_NAMEKeyErrorr2r-r)methodr9Z is_securer getr@REASON_NO_REFERERr schemerJREASON_MALFORMED_REFERERREASON_INSECURE_REFERERCSRF_COOKIE_DOMAINget_hostZget_portlistZCSRF_TRUSTED_ORIGINSappendanyREASON_BAD_REFERERgeturlREASON_NO_CSRF_COOKIErMIOErrorZCSRF_HEADER_NAMEr5REASON_BAD_TOKEN) r8r*callback callback_argscallback_kwargsZ cookie_tokenr4Z good_refererZ server_portZ good_hostsr<r3r)rLr process_viewsh                   zCsrfViewMiddleware.process_viewc Cst|dds+t|ddr+|Sn|jjddsD|S|jtj|jddtjdtjdtjd tj d tj t |d d |_ |S)Nr-Fcsrf_cookie_setr(r'Zmax_agedomainr?securehttponlyCookieT)zCookie) rNr)rR set_cookierrOZCSRF_COOKIE_AGErWZCSRF_COOKIE_PATHZCSRF_COOKIE_SECUREZCSRF_COOKIE_HTTPONLYrre)r8r*responserrrprocess_responses         z#CsrfViewMiddleware.process_responseN)__name__ __module__ __qualname____doc__r9r@rdrlrrrrr6s   ur6)0rp __future__rloggingr/stringZ django.confrZ django.urlsrZdjango.utils.cacherZdjango.utils.cryptorrZdjango.utils.deprecationrZdjango.utils.encodingr Zdjango.utils.httpr Zdjango.utils.six.movesr Z#django.utils.six.moves.urllib.parser getLoggerr=rSr\r^r`rUrVrr1 ascii_lettersdigitsrrrr#r%r&r+r.r2r5r6rrrrsB