WeIi vdZddlZddlZddlmZddlmZddlmZddlmZdd l m Z d Z Gd d e Z dS) a A provided CSRF implementation which puts CSRF data in a session. This can be used fairly comfortably with many `request.session` type objects, including the Werkzeug/Flask session store, Django sessions, and potentially other similar objects which use a dict-like API for storing session keys. The basic concept is a randomly generated value is stored in the user's session, and an hmac-sha1 of it (along with an optional expiration time, for extra security) is used as the value of the csrf_token. If this token validates with the hmac of the random value + expiration time, and the expiration time is not passed, the CSRF validation will pass. N)datetime) timedelta)sha1)ValidationError)CSRF) SessionCSRFc`eZdZdZfdZdZdZdZedZ edZ xZ S)r z %Y%m%d%H%M%Sc^|j|_t|S)N)meta form_metasuper setup_form)selfform __class__s Y/var/www/html/MCyber-Diagnostic/venv/lib/python3.11/site-packages/wtforms/csrf/session.pyrzSessionCSRF.setup_forms$ww!!$'''cH|j}|jtd|jt d|j}d|vr6t tjd |d<|j rQ| |j z |j }d|d|}n d}|d}tj|j|dt }|d | S) Nz>22<<>>GFO ? )xxzzDO3==d>NOOGwv@@JJG JH  j//774   44Y0022444rcj|j}|jr d|jvr"t|d|jdd\}}|jd|zd}tj|j |t}| |kr"t|d|j rT| |j}||kr$t|ddSdS) NrzCSRF token missing.rrrrz CSRF failed.zCSRF token expired.)rdatargettextsplitr"r-r+r,rrr%r&r'r(r)) rrfieldr r/r1 check_val hmac_compare now_formatteds rvalidate_csrf_tokenzSessionCSRF.validate_csrf_token=s!~z HT33!%--0E"F"FGG G"Z--dA66\&)G3;;FCC x 0)tLLL  ! ! # #y 0 0!%--"?"?@@ @ ? L HHJJ//0@AAMw&&%emm4I&J&JKKK L L&&rc(tjS)zP Get the current time. Used for test mocking/overriding mainly. )rr'rs rr'zSessionCSRF.nowOs|~~rcJt|jdtdS)Ncsrf_time_limit)minutes)getattrrrr=s rr&zSessionCSRF.time_limitUs"t~'8)B:O:O:OPPPrcLt|jjd|jjS)Nr")rBrr r=s rr"zSessionCSRF.sessionYs% N 'DN4O   r) __name__ __module__ __qualname__r)rr2r;r'propertyr&r" __classcell__)rs@rr r s K(((((5554LLL$ QQXQ  X     rr ) __doc__r+r#rrhashlibr validatorsrcorer __all__r rrrOs   (((((( A A A A A $A A A A A r