ó Ñ7ec@s¤dZddlmZddlZddlZddlZddlmZddlm Z ddl m Z ddl m Z ddlmZmZdd lmZdd lmZdd lmZdd lmZdd lmZejdƒZdZdZdZdZ dZ!dZ"dZ#de#Z$ej%ej&Z'dZ(d„Z)d„Z*d„Z+d„Z,d„Z-d„Z.d„Z/d„Z0d „Z1d!efd"„ƒYZ2dS(#u’ Cross Site Request Forgery Middleware. This module provides a middleware that implements protection against request forgeries from other sites. iÿÿÿÿ(tunicode_literalsN(tsettings(tImproperlyConfigured(t get_callable(tpatch_vary_headers(tconstant_time_comparetget_random_string(tMiddlewareMixin(t force_text(tis_same_domain(tzip(turlparseudjango.security.csrfu%Referer checking failed - no Referer.u@Referer checking failed - %s does not match any trusted origins.uCSRF cookie not set.u CSRF token missing or incorrect.u/Referer checking failed - Referer is malformed.uCReferer checking failed - Referer is insecure while host is secure.i iu _csrftokencCs ttjƒS(u9 Returns the view to be used for CSRF rejections (RRtCSRF_FAILURE_VIEW(((s@/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.pyt_get_failure_view'scCsttdtƒS(Nt allowed_chars(RtCSRF_SECRET_LENGTHtCSRF_ALLOWED_CHARS(((s@/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.pyt_get_new_csrf_string.scsetƒ}t‰t‡fd†|Dƒ‡fd†|Dƒƒ}dj‡fd†|Dƒƒ}||S(u’ Given a secret (assumed to be a string of CSRF_ALLOWED_CHARS), generate a token by adding a salt and using it to encrypt the secret. c3s|]}ˆj|ƒVqdS(N(tindex(t.0tx(tchars(s@/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.pys 9suc3s-|]#\}}ˆ||tˆƒVqdS(N(tlen(RRty(R(s@/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.pys :s(RRR tjoin(tsecrettsalttpairstcipher((Rs@/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.pyt_salt_cipher_secret2s  /csl|t }|t}t‰t‡fd†|Dƒ‡fd†|Dƒƒ}dj‡fd†|Dƒƒ}|S(uÑ Given a token (assumed to be a string of CSRF_ALLOWED_CHARS, of length CSRF_TOKEN_LENGTH, and that its first half is a salt), use it to decrypt the second half to produce the original secret. c3s|]}ˆj|ƒVqdS(N(R(RR(R(s@/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.pys Gsuc3s#|]\}}ˆ||VqdS(N((RRR(R(s@/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.pys Hs(RRR R(ttokenRRR((Rs@/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.pyt_unsalt_cipher_token>s   /cCs ttƒƒS(N(RR(((s@/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.pyt_get_new_csrf_tokenLscCsXd|jkr.tƒ}t|ƒ|jdt set_cookieRBtCSRF_COOKIE_AGEtCSRF_COOKIE_DOMAINtCSRF_COOKIE_PATHtCSRF_COOKIE_SECUREtCSRF_COOKIE_HTTPONLYR(R3R#tresponse((s@/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.pyt _set_token¼s       cCs/|j|ƒ}|dk r+||jdsu CSRF_COOKIEuPOSTucsrfmiddlewaretoken(uGETuHEADuOPTIONSuTRACE(u443u80($tgetattrtFalseR2tmethodR4t is_secureRR!R=R"R:tREASON_NO_REFERERR tschemeRUtREASON_MALFORMED_REFERERtREASON_INSECURE_REFERERRR;tSESSION_COOKIE_DOMAINRLtget_porttget_hosttlisttCSRF_TRUSTED_ORIGINStappendtanytREASON_BAD_REFERERtgeturltREASON_NO_CSRF_COOKIEtPOSTtIOErrortCSRF_HEADER_NAMER,R/tREASON_BAD_TOKEN( R3R#tcallbackt callback_argstcallback_kwargst good_referert server_portt good_hostsR6R.R-((RWs@/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.pyt process_viewÒs\               cCsat|dtƒs+t|dtƒr+|Sn|jjdtƒsD|S|j||ƒt|_|S(Nucsrf_cookie_needs_resetucsrf_cookie_setuCSRF_COOKIE_USED(RXRYR!R=RQR"tcsrf_cookie_set(R3R#RP((s@/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.pytprocess_response@s ( t__name__t __module__t__doc__R4R:RERQRRRtRv(((s@/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.pyR0‰s     n(3Ryt __future__RtloggingR)tstringt django.confRtdjango.core.exceptionsRt django.urlsRtdjango.utils.cacheRtdjango.utils.cryptoRRtdjango.utils.deprecationRtdjango.utils.encodingRtdjango.utils.httpR tdjango.utils.six.movesR t#django.utils.six.moves.urllib.parseR t getLoggerR7R\RgRiRmR^R_RR+t ascii_letterstdigitsRR>R RRRR R%R(R,R/R0(((s@/usr/local/lib/python2.7/dist-packages/django/middleware/csrf.pytsF