a Qhh%@s>dZddlZddlZddlZddlZddlZddlZddlmZddl m Z m Z ddl m Z ddlmZddlmZddlmZed Zd ZGd d d eZGd ddeZddZddZddZddZd+ddZddZd,ddZGdd d Z dd!e d"fd#d$Z!dd!e ddfd%d&Z"Gd'd(d(Z#Gd)d*d*e#Z$dS)-a_ Functions for creating and restoring url-safe signed JSON objects. The format used looks like this: >>> signing.dumps("hello") 'ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk' There are two components here, separated by a ':'. The first component is a URLsafe base64 encoded JSON of the object passed to dumps(). The second component is a base64 encoded hmac/SHA-256 hash of "$first_component:$secret" signing.loads(s) checks the signature and returns the deserialized object. If the signature fails, a BadSignature exception is raised. >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk") 'hello' >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv42-modified") ... BadSignature: Signature "ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv42-modified" does not match You can optionally compress the JSON prior to base64 encoding it to save space, using the compress=True argument. This checks if compression actually helps and only applies compression if the result is a shorter string: >>> signing.dumps(list(range(1, 20)), compress=True) '.eJwFwcERACAIwLCF-rCiILN47r-GyZVJsNgkxaFxoDgxcOHGxMKD_T7vhAml:1QaUaL:BA0thEZrp4FQVXIXuOvYJtLJSrQ' The fact that the string is compressed is signalled by the prefixed '.' at the start of the base64 JSON. There are 65 url-safe characters: the 64 used by url-safe base64 and the ':'. These functions make use of all of them. N)settings)constant_time_compare salted_hmac)RemovedInDjango51Warning force_bytes) import_string)_lazy_re_compilez^[A-z0-9-_=]*$Z>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzc@seZdZdZdS) BadSignaturezSignature does not match.N__name__ __module__ __qualname____doc__rrL/var/www/sistema_ama/venv/lib/python3.9/site-packages/django/core/signing.pyr 6sr c@seZdZdZdS)SignatureExpiredz3Signature timestamp is older than required max_age.Nr rrrrr<srcCsT|dkr dS|dkrdnd}t|}d}|dkrLt|d\}}t||}q(||S)Nr0->)absdivmodBASE62_ALPHABET)ssignencoded remainderrrr b62_encodeBsrcCsT|dkr dSd}|ddkr,|dd}d}d}|D]}|dt|}q4||S)Nrrrr)rindex)rrdecodeddigitrrr b62_decodeNs  r$cCst|dS)N=)base64urlsafe_b64encodestrip)rrrr b64_encode[sr)cCs dt| d}t||S)Nr%)lenr&urlsafe_b64decode)rpadrrr b64_decode_sr.sha1cCstt||||dS)N algorithm)r)rdigestdecode)saltvaluekeyr1rrr base64_hmacdsr7cCs dt|S)Nsdjango.http.cookiesr)r6rrr_cookie_signer_keyjsr8%django.core.signing.get_cookie_signercCs&ttj}|ttjtttj|dS)N)r6 fallback_keysr4)rrSIGNING_BACKENDr8 SECRET_KEYmapSECRET_KEY_FALLBACKS)r4Signerrrrget_cookie_signeros   r@c@s eZdZdZddZddZdS)JSONSerializerzW Simple wrapper around json to be used in signing.dumps and signing.loads. cCstj|dddS)N),:) separatorslatin-1)jsondumpsencode)selfobjrrrrG~szJSONSerializer.dumpscCst|dS)NrE)rFloadsr3)rIdatarrrrKszJSONSerializer.loadsN)r r rrrGrKrrrrrAxsrAzdjango.core.signingFcCst||dj|||dS)a Return URL-safe, hmac signed base64 compressed JSON string. If key is None, use settings.SECRET_KEY instead. The hmac algorithm is the default Signer algorithm. If compress is True (not the default), check if compressing using zlib can save some space. Prepend a '.' to signify compression. This is included in the signature, to protect against zip bombs. Salt can be used to namespace the hash, so that a signed string is only valid for a given namespace. Leaving this at the default value or re-using a salt value across different parts of your application without good cause is a security risk. The serializer is expected to return a bytestring. )r6r4) serializercompress)TimestampSigner sign_object)rJr6r4rMrNrrrrGs rGcCst|||dj|||dS)z| Reverse of dumps(), raise BadSignature if signature fails. The serializer is expected to accept a bytestring. )r6r4r:)rMmax_age)rO unsign_object)rr6r4rMrQr:rrrrKs rKc@sVeZdZddddddddZdddZdd Zd d Zed fd dZefddZ dS)r?NrCr6sepr4r1r:c Gs|ptj|_|dur|ntj|_||_|pr:rT __class__r r r4r1warningswarnrzipsetattr _SEP_UNSAFEmatch ValueError) rIr6rTr4r1r:argsargattrrrr__init__s8     zSigner.__init__cCs"|p|j}t|jd|||jdS)NZsignerr0)r6r7r4r1)rIr5r6rrr signatures zSigner.signaturecCsd||j||fSNz%s%s%s)rTrdrIr5rrrrsz Signer.signcCsh|j|vrtd|j||jd\}}|jg|jD]}t||||r8|Sq8td|dS)NzNo "%s" found in valuerzSignature "%s" does not match)rTr rsplitr6r:rrd)rIZ signed_valuer5sigr6rrrunsigns  z Signer.unsignFcCs\||}d}|r:t|}t|t|dkr:|}d}t|}|rRd|}||S)ae Return URL-safe, hmac signed base64 compressed JSON string. If compress is True (not the default), check if compressing using zlib can save some space. Prepend a '.' to signify compression. This is included in the signature, to protect against zip bombs. The serializer is expected to return a bytestring. FrT.)rGzlibrNr+r)r3r)rIrJrMrNrLZ is_compressed compressedbase64drrrrPs   zSigner.sign_objectcKsX|j|fi|}|dddk}|r6|dd}t|}|rLt|}||S)Nr.)rirHr.rk decompressrK)rIZ signed_objrMkwargsrmrorLrrrrR s  zSigner.unsign_object)N) r r rrcrdrrirArPrRrrrrr?s (  r?cs2eZdZddZfddZdfdd ZZS) rOcCstttS)N)rinttime)rIrrr timestampszTimestampSigner.timestampcs d||j|f}t|Sre)rTrssuperrrfrXrrrszTimestampSigner.signNcsjt|}||jd\}}t|}|durft|tjrB|}t |}||krft d||f|S)zk Retrieve original value and check it wasn't signed more than max_age seconds ago. rNzSignature age %s > %s seconds) rtrirgrTr$ isinstancedatetime timedelta total_secondsrrr)rIr5rQresultrsZagerurrris   zTimestampSigner.unsign)N)r r rrsrri __classcell__rrrurrOs rO)r/)r9)%rr&rwrFrrrYrk django.confrdjango.utils.cryptorrdjango.utils.deprecationrdjango.utils.encodingrdjango.utils.module_loadingrdjango.utils.regex_helperr r]r Exceptionr rrr$r)r.r7r8r@rArGrKr?rOrrrrsD#           d