ZeIi'LddlZddlZddlZddlZddlmZddlmZddlmZddlm Z ddlm Z ddlm Z ddl m Z dd l mZdd l mZdd lmZdd lmZdd lmZdZejeZddZddZ ddZGddeZGddZGddeZdZ dS)N)urlparse) Blueprint) current_app)g)request)session)BadData)SignatureExpired)URLSafeTimedSerializer) BadRequest)ValidationError)CSRF) generate_csrf validate_csrf CSRFProtectct|dtjd}t|ddd}|tvrt |d}|t vr@t jtj d  t |< | t |}np#t$rct jtj d  t |<| t |}YnwxYwtt||tj|S) aGenerate a CSRF token. The token is cached for a request, so multiple calls to this function will generate the same token. During testing, it might be useful to access the signed token in ``g.csrf_token`` and the raw token in ``session['csrf_token']``. :param secret_key: Used to securely sign the token. Default is ``WTF_CSRF_SECRET_KEY`` or ``SECRET_KEY``. :param token_key: Key where token is stored in session for comparison. Default is ``WTF_CSRF_FIELD_NAME`` or ``'csrf_token'``. WTF_CSRF_SECRET_KEY%A secret key is required to use CSRF.messageWTF_CSRF_FIELD_NAME csrf_token%A field name is required to use CSRF.wtf-csrf-tokensalt@) _get_configr secret_keyrr rhashlibsha1osurandom hexdigestdumps TypeErrorsetattrget)r token_key field_namestokens S/var/www/html/MCyber-Diagnostic/venv/lib/python3.11/site-packages/flask_wtf/csrf.pyrrs:7 J 7 J ":4D E E E W $ $"),rz"~~">">"H"H"J"JGJ  1GGGJ/00EE 1 1 1"),rz"~~">">"H"H"J"JGJ GGGJ/00EEE 1 :u%%% 5  s B77A*D$#D$ct|dtjd}t|ddd}t|ddd }|std |tvrtd t |d } |||}n?#t$r}td|d}~wt$r}td|d}~wwxYwtj t||stddS)aCheck if the given data is a valid CSRF token. This compares the given signed token to the one stored in the session. :param data: The signed CSRF token to be checked. :param secret_key: Used to securely sign the token. Default is ``WTF_CSRF_SECRET_KEY`` or ``SECRET_KEY``. :param time_limit: Number of seconds that the token is valid. Default is ``WTF_CSRF_TIME_LIMIT`` or 3600 seconds (60 minutes). :param token_key: Key where token is stored in session for comparison. Default is ``WTF_CSRF_FIELD_NAME`` or ``'csrf_token'``. :raises ValidationError: Contains the reason that validation failed. .. versionchanged:: 0.14 Raises ``ValidationError`` with a specific error message rather than returning ``True`` or ``False``. rrrrrrWTF_CSRF_TIME_LIMITF)requiredzThe CSRF token is missing.z"The CSRF session token is missing.rr)max_agezThe CSRF token has expired.NzThe CSRF token is invalid.zThe CSRF tokens do not match.) rrrr rr loadsr r hmaccompare_digest)datar time_limitr)r*r+r,es r-rrBsV&7 J 7 J Z)>uUUUJ <:;;;  BCCCz0@AAAACj11 DDD;<>>??s$?B C!B11 C>CCTCSRF is not configured.cp| tj||}|r|t||S)aFind config value based on provided value, Flask config, and default value. :param value: already provided config value :param config_name: Flask ``config`` key :param default: default value if not provided or configured :param required: whether the value must not be ``None`` :param message: error message if required config is not found :raises KeyError: if required config is not found )rconfigr( RuntimeError)value config_namedefaultr1rs r-rrvs@ }"&&{G<<$EM7### Lc*eZdZfdZdZdZxZS)_FlaskFormCSRFc^|j|_t|SN)metasuper setup_form)selfform __class__s r-rGz_FlaskFormCSRF.setup_forms$I ww!!$'''r@cLt|jj|jjS)N)rr))rrE csrf_secretcsrf_field_name)rHcsrf_token_fields r-generate_csrf_tokenz"_FlaskFormCSRF.generate_csrf_tokens(y, 8Q    r@ctjddrdS t|j|jj|jj|jjdS#t$r+}t |j dd}~wwxYw)N csrf_validFr) rr(rr6rErLcsrf_time_limitrMr loggerinfoargs)rHrIfieldr8s r-validate_csrf_tokenz"_FlaskFormCSRF.validate_csrf_tokens 5u % %  F    % ) )           KKq " " "  s5A B&BB)__name__ __module__ __qualname__rGrOrW __classcell__)rJs@r-rBrBsV(((((   r@rBc8eZdZdZd dZdZdZdZdZdZ dS) ra[Enable CSRF protection globally for a Flask app. :: app = Flask(__name__) csrf = CSRFProtect(app) Checks the ``csrf_token`` field sent with forms, or the ``X-CSRFToken`` header sent with JavaScript requests. Render the token in templates using ``{{ csrf_token() }}``. See the :ref:`csrf` documentation. Nct|_t|_|r||dSdSrD)set _exempt_views_exempt_blueprintsinit_app)rHapps r-__init__zCSRFProtect.__init__sD UU"%%%   MM#       r@cDjd<jddjddtjdgdjd<jddjd d d gjd d jddt jjd<dj fd}dS)NcsrfWTF_CSRF_ENABLEDTWTF_CSRF_CHECK_DEFAULTWTF_CSRF_METHODS)POSTPUTPATCHDELETErrWTF_CSRF_HEADERSz X-CSRFTokenz X-CSRF-Tokenr/r0WTF_CSRF_SSL_STRICTcdtiS)Nr)rr@r-z&CSRFProtect.init_app..s |]&Cr@cjdsdSjdsdStjjdvrdStjsdSjtjjvrdSjtj}|j d|j }|j vrdS dS)Nrfrgrh.) r;rmethodendpoint blueprintsr( blueprintr`view_functionsrYrXr_protect)viewdestrbrHs r- csrf_protectz*CSRFProtect.init_app..csrf_protects:01 :67 ~SZ0B%CCC# ~!!'"3448OOO%))'*:;;Do77 77Dt))) LLNNNNNr@) extensionsr; setdefaultr^r(r jinja_envglobalscontext_processorbefore_request)rHrbr|s`` r-razCSRFProtect.init_apps<!%v 0$777 6===), JNN-/Q/Q/Q R R* *  %& 3\BBB 0=.2QRRR 3T::: 3T:::.; l+ CCDDD           r@c\tjd}tj|}|r|StjD]/}||rtj|}|r|cS0tjdD]'}tj|}|r|cS(dS)Nrrm)rr;rrIr(endswithheaders)rHr* base_tokenkeyr header_names r-_get_csrf_tokenzCSRFProtect._get_csrf_tokens '(=> \%%j11   < & &C||J'' &$\#. &%%%%'-.@A " "K ,,[99J "!!!! "tr@cXtjtjdvrdS t |n\#t $rO}t|j d| |j dYd}~nd}~wwxYwtj rrtjdr`tj s| ddtj d}ttj |s| ddt_dS) NrhrrnzThe referrer header is missing.zhttps:///z%The referrer does not match the host.T)rrtrr;rrr rSrTrU_error_response is_securereferrerhost same_originrrQ)rHr8 good_referrers r-ryzCSRFProtect.protects' >!34F!G G G F , $..00 1 1 1 1 , , , KKq " " "   + + + + + + + + ,   N!34I!J N# H$$%FGGG6w|666Mw/?? N$$%LMMM s!A BABBct|tr|j||St|tr|}n!d|j|jf}|j||S)aMark a view or blueprint to be excluded from CSRF protection. :: @app.route('/some-view', methods=['POST']) @csrf.exempt def some_view(): ... :: bp = Blueprint(...) csrf.exempt(bp) rs) isinstancerr`addstrjoinrYrXr_)rHrz view_locations r-exemptzCSRFProtect.exempts" dI & &   # ' ' - - -K dC  G MMHHdot}%EFFM }--- r@c t|rD) CSRFError)rHreasons r-rzCSRFProtect._error_response2sr@rD) rXrYrZ__doc__rcrarryrrrpr@r-rrs~  '''R2*:     r@rceZdZdZdZdS)rzRaise if the client sends invalid CSRF data with the request. Generates a 400 Bad Request response with the failure reason by default. Customize the response by registering a handler with :meth:`flask.Flask.errorhandler`. zCSRF validation failed.N)rXrYrZr descriptionrpr@r-rr6s,KKKr@rct|}t|}|j|jko|j|jko|j|jkSrD)rschemehostnameport) current_uri compare_uricurrentcompares r-rrAsS{##G{##G '.( )   0 0 ) LGL (r@)NN)NNN)NTr9)!r r4loggingr" urllib.parserflaskrrrrr itsdangerousr r r werkzeug.exceptionsr wtformsr wtforms.csrf.corer__all__ getLoggerrXrSrrrrBrrrrpr@r-rs  !!!!!! ))))))//////******######"""""" ;  8 $ $((((V1?1?1?1?j>W.T6K K K K K K K K \,,,,, ,,,r@