î ªÍX”ã@s¤dZddlmZddlZddlZddlZddlZddlZddlZddl m Z ddl m Z ddl mZmZddlmZmZmZddlmZejd ƒZGd d „d eƒZGd d „d eƒZdd„Zdd„Zdd„Zddd„ZGdd„deƒZ dde ddd„Z!dde ddd„Z"Gdd „d eƒZ#Gd!d"„d"e#ƒZ$dS)#a` Functions for creating and restoring url-safe signed JSON objects. The format used looks like this: >>> signing.dumps("hello") 'ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk' There are two components here, separated by a ':'. The first component is a URLsafe base64 encoded JSON of the object passed to dumps(). The second component is a base64 encoded hmac/SHA1 hash of "$first_component:$secret" signing.loads(s) checks the signature and returns the deserialized object. If the signature fails, a BadSignature exception is raised. >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk") u'hello' >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk-modified") ... BadSignature: Signature failed: ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk-modified You can optionally compress the JSON prior to base64 encoding it to save space, using the compress=True argument. This checks if compression actually helps and only applies compression if the result is a shorter string: >>> signing.dumps(range(1, 20), compress=True) '.eJwFwcERACAIwLCF-rCiILN47r-GyZVJsNgkxaFxoDgxcOHGxMKD_T7vhAml:1QaUaL:BA0thEZrp4FQVXIXuOvYJtLJSrQ' The fact that the string is compressed is signalled by the prefixed '.' at the start of the base64 JSON. There are 65 url-safe characters: the 64 used by url-safe base64 and the ':'. These functions make use of all of them. é)Úunicode_literalsN)Úsettings)Úbaseconv)Úconstant_time_compareÚ salted_hmac)Ú force_bytesÚ force_strÚ force_text)Ú import_stringz^[A-z0-9-_=]*$c@seZdZdZdS)Ú BadSignaturez" Signature does not match N)Ú__name__Ú __module__Ú __qualname__Ú__doc__©rrúA/home/ubuntu/projects/ifolica/build/django/django/core/signing.pyr 6s r c@seZdZdZdS)ÚSignatureExpiredz< Signature timestamp is older than required max_age N)r r rrrrrrr=s rcCstj|ƒjdƒS)Nó=)Úbase64Úurlsafe_b64encodeÚstrip)ÚsrrrÚ b64_encodeDsrcCs&dt|ƒ d}tj||ƒS)Nré)ÚlenrÚurlsafe_b64decode)rÚpadrrrÚ b64_decodeHsrcCstt|||ƒjƒƒS)N)rrÚdigest)ÚsaltÚvalueÚkeyrrrÚ base64_hmacMsr"z%django.core.signing.get_cookie_signercCs2ttjƒ}ttjƒ}|d|d|ƒS)Nsdjango.http.cookiesr)r rZSIGNING_BACKENDrÚ SECRET_KEY)rÚSignerr!rrrÚget_cookie_signerQsr%c@s.eZdZdZdd„Zdd„ZdS)ÚJSONSerializerzW Simple wrapper around json to be used in signing.dumps and signing.loads. cCstj|ddƒjdƒS)NÚ separatorsú,ú:zlatin-1)r(r))ÚjsonÚdumpsÚencode)ÚselfÚobjrrrr+\szJSONSerializer.dumpscCstj|jdƒƒS)Nzlatin-1)r*ÚloadsÚdecode)r-Údatarrrr/_szJSONSerializer.loadsN)r r rrr+r/rrrrr&Ws  r&zdjango.core.signingFc Cs“|ƒj|ƒ}d}|r[tj|ƒ}t|ƒt|ƒdkr[|}d}q[nt|ƒ}|rzd|}nt|d|ƒj|ƒS)a‹ Returns URL-safe, sha1 signed base64 compressed JSON string. If key is None, settings.SECRET_KEY is used instead. If compress is True (not the default) checks if compressing using zlib can save some space. Prepends a '.' to signify compression. This is included in the signature, to protect against zip bombs. Salt can be used to namespace the hash, so that a signed string is only valid for a given namespace. Leaving this at the default value or re-using a salt value across different parts of your application without good cause is a security risk. The serializer is expected to return a bytestring. FéTó.r)r+ÚzlibÚcompressrrÚTimestampSignerÚsign) r.r!rÚ serializerr5r1Z is_compressedÚ compressedÚbase64drrrr+cs   r+cCstt|d|ƒj|d|ƒƒ}d}|dd…dkr\|dd…}d}nt|ƒ}|r€tj|ƒ}n|ƒj|ƒS)z} Reverse of dumps(), raises BadSignature if signature fails. The serializer is expected to accept a bytestring. rÚmax_ageFNr2r3T)rr6Úunsignrr4Ú decompressr/)rr!rr8r;r:r=r1rrrr/„s'  r/c@sIeZdZddddd„Zdd„Zdd„Zd d „ZdS) r$Nr)cCsu|p tj|_t|ƒ|_tj|jƒrFtd|ƒ‚nt|phd|jj |jj fƒ|_ dS)NzJUnsafe Signer separator: %r (cannot be empty or consist of only A-z0-9-_=)z%s.%s) rr#r!rÚsepÚ _SEP_UNSAFEÚmatchÚ ValueErrorÚ __class__r r r)r-r!r>rrrrÚ__init__šs zSigner.__init__cCs&t|jd||jƒ}t|ƒS)NZsigner)r"rr!r)r-r Ú signaturerrrrD¥szSigner.signaturecCs/t|ƒ}tdƒ||j|j|ƒfS)Nz%s%s%s)rÚstrr>rD)r-r rrrr7ªs z Signer.signcCs‚t|ƒ}|j|kr1td|jƒ‚n|j|jdƒ\}}t||j|ƒƒrnt|ƒStd|ƒ‚dS)NzNo "%s" found in valuer2zSignature "%s" does not match)rr>r ÚrsplitrrDr )r-Z signed_valuer Úsigrrrr<®s  z Signer.unsign)r r rrCrDr7r<rrrrr$˜s   r$csCeZdZdd„Z‡fdd†Zd‡fdd†Z‡S)r6cCstjjttjƒƒƒS)N)rÚbase62r,ÚintÚtime)r-rrrÚ timestampºszTimestampSigner.timestampcsDt|ƒ}tdƒ||j|jƒf}tt|ƒj|ƒS)Nz%s%s%s)rrEr>rKÚsuperr6r7)r-r )rBrrr7½s "zTimestampSigner.signNcs®tt|ƒj|ƒ}|j|jdƒ\}}tjj|ƒ}|dk rªt|t j ƒrr|j ƒ}nt j ƒ|}||krªt d||fƒ‚qªn|S)zk Retrieve original value and check it wasn't signed more than max_age seconds ago. r2NzSignature age %s > %s seconds)rLr6r<rFr>rrHr0Ú isinstanceÚdatetimeÚ timedeltaÚ total_secondsrJr)r-r r;ÚresultrKZage)rBrrr<Âs  zTimestampSigner.unsign)r r rrKr7r<rr)rBrr6¸s  r6)%rÚ __future__rrrNr*ÚrerJr4Z django.confrZ django.utilsrZdjango.utils.cryptorrZdjango.utils.encodingrrr Zdjango.utils.module_loadingr Úcompiler?Ú Exceptionr rrrr"r%Úobjectr&r+r/r$r6rrrrÚ"s0          !