P}bgGdZddlZddlZddlmZddlmZddlmZddl m Z m Z ddl m Z ddlmZdd lmZdd lmZdd lmZmZdd lmZdd lmZddlmZddlmZddlm Z ej!dZ"e dZ#dZ$dZ%dZ&dZ'dZ(dZ)dZ*dZ+dZ,dZ-de-zZ.ej/ej0zZ1dZ2dZ3d Z4d!Z5d"Z6d#Z7d$Z8d%Z9Gd&d'e:Z;d(ZGd,d-eZ?dS).z Cross Site Request Forgery Middleware. This module provides a middleware that implements protection against request forgeries from other sites. N) defaultdicturlparse)settings)DisallowedHostImproperlyConfigured)UnreadablePostError) HttpHeaders) get_callable)patch_vary_headers)constant_time_compareget_random_string)MiddlewareMixin)cached_propertyis_same_domain) log_response)_lazy_re_compilezdjango.security.csrfz [^a-zA-Z0-9]z?Origin checking failed - %s does not match any trusted origins.z%Referer checking failed - no Referer.z@Referer checking failed - %s does not match any trusted origins.zCSRF cookie not set.zCSRF token missing.z/Referer checking failed - Referer is malformed.zCReferer checking failed - Referer is insecure while host is secure.zhas incorrect lengthzhas invalid characters  _csrftokenc4ttjS)z/Return the view to be used for CSRF rejections.)r rCSRF_FAILURE_VIEWi/home/e360mart.nyusoft.in/public_html/e360mart_env/lib/python3.11/site-packages/django/middleware/csrf.py_get_failure_viewr0s 2 3 33rc8tttS)N) allowed_chars)rCSRF_SECRET_LENGTHCSRF_ALLOWED_CHARSrrr_get_new_csrf_stringr"5s /?Q R R RRrct}ttfd|Dfd|D}dfd|D}||zS)z Given a secret (assumed to be a string of CSRF_ALLOWED_CHARS), generate a token by adding a mask and applying it to the secret. c3BK|]}|VdSNindex.0xcharss r z&_mask_cipher_secret..@s-00AQ000000rc3BK|]}|VdSr%r&r(s rr,z&_mask_cipher_secret..@s-2P2Pa5;;q>>2P2P2P2P2P2Prc3TK|]"\}}||ztzV#dSr%)lenr)r*yr+s rr,z&_mask_cipher_secret..As;CCTQUAESZZ/0CCCCCCr)r"r!zipjoin)secretmaskpairscipherr+s @r_mask_cipher_secretr99s~ ! !D E 00000002P2P2P2P42P2P2P Q QE WWCCCCUCCC C CF &=rc|dt}|td}ttfd|Dfd|D}dfd|DS)z Given a token (assumed to be a string of CSRF_ALLOWED_CHARS, of length CSRF_TOKEN_LENGTH, and that its first half is a mask), use it to decrypt the second half to produce the original secret. Nc3BK|]}|VdSr%r&r(s rr,z'_unmask_cipher_token..Ns-//AQ//////rc3BK|]}|VdSr%r&r(s rr,z'_unmask_cipher_token..Ns-1O1OQ%++a..1O1O1O1O1O1Orr.c34K|]\}}||z VdSr%rr1s rr,z'_unmask_cipher_token..Os/22DAq5Q<222222r)r r!r3r4)tokenr6r7r+s @r_unmask_cipher_tokenr?Es $$$ %D $%% &E E ///////1O1O1O1O$1O1O1O P PE 772222E222 2 22rcvt}|jt|dd|S)zDGenerate a new random CSRF_COOKIE value, and add it to request.META.T) CSRF_COOKIECSRF_COOKIE_NEEDS_UPDATE)r"METAupdater9request csrf_secrets r_add_new_csrf_cookierHRsG&((K L*;77$( rcd|jvr%t|jd}d|jd<nt|}t|S)a Return the CSRF token required for a POST form. The token is an alphanumeric value. A new token is created if one is not already set. A side effect of calling this function is to make the csrf_protect decorator and the CsrfViewMiddleware add a CSRF cookie and a 'Vary: Cookie' header to the outgoing response. For this reason, you may need to use this function lazily, as is done by the csrf context processor. rATrB)rCr?rHr9rEs r get_tokenrJ\sR $$*7< +FGG 48 /00*733 { + ++rc$t|dS)zi Change the CSRF token in use for a request - should be done on login for security purposes. N)rH)rFs r rotate_tokenrLqs !!!!!rceZdZdZdS)InvalidTokenFormatc||_dSr%reasonselfrQs r__init__zInvalidTokenFormat.__init__z  rN__name__ __module__ __qualname__rTrrrrNrNy#rrNct|ttfvrttt |rttt|tkrt|S|Sr%) r0CSRF_TOKEN_LENGTHr rNREASON_INCORRECT_LENGTHinvalid_token_chars_researchREASON_INVALID_CHARACTERSr9)r>s r_sanitize_tokenra~su 5zz+-?@@@ !8999$$U++< !:;;; 5zz'''#5))) LrcVtt|t|Sr%)r r?)request_csrf_token csrf_tokens r_does_token_matchres- !/00Z((  rceZdZdZdS) RejectRequestc||_dSr%rPrRs rrTzRejectRequest.__init__rUrNrVrrrrgrgrZrrgceZdZdZedZedZedZdZdZ dZ dZ d Z d Z d Zd Zd ZdZdZdS)CsrfViewMiddlewarez Require a present and correct csrfmiddlewaretoken for POST requests that have a CSRF cookie, and set an outgoing CSRF cookie. This middleware should be used in conjunction with the {% csrf_token %} template tag. c.dtjDS)Nc\g|])}t|jd*S*)rnetloclstripr)origins r zACsrfViewMiddleware.csrf_trusted_origins_hosts..sA    V   # * *3 / /   rrCSRF_TRUSTED_ORIGINSrSs rcsrf_trusted_origins_hostsz-CsrfViewMiddleware.csrf_trusted_origins_hostss&  "7    rc.dtjDS)Nch|]}d|v| Srmrrqs r z;CsrfViewMiddleware.allowed_origins_exact..s-   &      rrtrvs rallowed_origins_exactz(CsrfViewMiddleware.allowed_origins_exacts&  !)!>    rctt}dtjDD]:}||j|jd;|S)z A mapping of allowed schemes to list of allowed netlocs, where all subdomains of the netloc are allowed. c3<K|]}d|vt|VdS)rnNrrqs rr,z?CsrfViewMiddleware.allowed_origin_subdomains..s6eeFWZ^dWdWdx''WdWdWdWdeerrn)rlistrruschemeappendrorp)rSallowed_origin_subdomainsparseds rrz,CsrfViewMiddleware.allowed_origin_subdomainssi %0$5$5!eeh6Seee W WF %fm 4 ; ;FM>> &',     rc*tjr= |jtS#t $rt dwxYw |jtj}n#t$rYdSwxYwt|}||kr d|j d<|S)NzCSRF_USE_SESSIONS is enabled, but request.session is not set. SessionMiddleware must appear before CsrfViewMiddleware in MIDDLEWARE.TrB) rCSRF_USE_SESSIONSsessiongetCSRF_SESSION_KEYAttributeErrorrCOOKIESCSRF_COOKIE_NAMEKeyErrorrarC)rSrF cookie_tokenrds r _get_tokenzCsrfViewMiddleware._get_tokens  %  **+;<<<!   *%  &x/HI    tt )66J\))<@ 78 s-A A## A10A1c tjrL|jt|jdkr|jd|jt<dSdS|tj|jdtjtj tj tj tj tj t|ddS)NrA)max_agedomainrsecurehttponlysamesite)Cookie)rrrrrrC set_cookierCSRF_COOKIE_AGECSRF_COOKIE_DOMAINCSRF_COOKIE_PATHCSRF_COOKIE_SECURECSRF_COOKIE_HTTPONLYCSRF_COOKIE_SAMESITEr rSrFrs r_set_csrf_cookiez#CsrfViewMiddleware._set_csrf_cookies  % 6""#344 ]8SSS4;L4O 0111TS   ) ]+ 02.2!6!6    x 5 5 5 5 5rc|jd} |}|rdndd|}||krdSn#t$rYnwxYw||jvrdS t |}n#t $rYdSwxYw|j}|jtfd|j |dDS) N HTTP_ORIGINhttpshttpz://TFc38K|]}t|VdSr%r)r)hostrequest_netlocs rr,z6CsrfViewMiddleware._origin_verified..sA   >4 0 0      rr) rCget_host is_securerr{r ValueErrorrroanyrr)rSrFrequest_origin good_host good_origin parsed_originrequest_schemers @r_origin_verifiedz#CsrfViewMiddleware._origin_verifieds0 m4 ((**I #,,..:F:: K,,t-    D  T7 7 74 $^44MM   55 &-&-    6::>2NN      s#A AA&A66 BBc8|jdtt t n"#t $rtt wxYwdjjfvrtt jdkrtttfd|j DrdStj r tjn tj}|M |}nV#t"$r*tt$zwxYw|}|dvr|d|}t+j|s)tt$zdS)N HTTP_REFERERr.rc3BK|]}tj|VdSr%)rro)r)rreferers rr,z4CsrfViewMiddleware._check_referer..(sC   7>4 0 0      r)44380:)rCrrgREASON_NO_REFERERrrREASON_MALFORMED_REFERERrroREASON_INSECURE_REFERERrrwrrSESSION_COOKIE_DOMAINrrrREASON_BAD_REFERERgeturlget_portr)rSrF good_referer server_portrs @r_check_refererz!CsrfViewMiddleware._check_referers,"">22 ? 122 2 :w''GG : : : 899 9 : '.'.1 1 1 899 9 >W $ $ 788 8     7       F) -H * *,    K&//11 ! K K K#$69I9I$IJJJ K"**,,K-//*6,, D gnl;; G 2W^^5E5E EFF F G GsAA"1D4D:cT|dkrtj|}d|d}d|d|dS)NPOSTzthe z HTTP headerzCSRF token from  .)r parse_header_name)rSrQ token_source header_names r_bad_token_messagez%CsrfViewMiddleware._bad_token_messageCsF 6 ! !%7 EEK=+===L:,::::::rc ||}n*#t$r}td|jdd}~wwxYw|ttd}|jdkr- |jdd}n#t$rYnwxYw|dkrH |j tj }n"#t$rttwxYwtj }nd} t|}n<#t$r/}||j|}t|d}~wwxYwt!||s%|d|}t|dS)Nz CSRF cookie rr.rcsrfmiddlewaretoken incorrect)rrNrgrQREASON_NO_CSRF_COOKIEmethodrrr rCrCSRF_HEADER_NAMErREASON_CSRF_TOKEN_MISSINGrarre)rSrFrdexcrcrrQs r _check_tokenzCsrfViewMiddleware._check_tokenJs >11JJ! > > >    566 6  >V # # %,\%5%56KR%P%P""&        # # ?%,\(2K%L"" ? ? ?#$=>>> ?#4LL!L (!01C!D!D  ! ( ( (,,SZFFF'' ' (!!3Z@@ (,,[,GGF'' ' ( (sF ?:?&B BBB11C#C33 D,=*D''D,c ||}| ||jd<dSdS#t$rt|YdSwxYw)NrA)rrCrNrH)rSrFrds rprocess_requestz"CsrfViewMiddleware.process_requestzsn 911J%.8 ]+++&%" * * *  ) ) ) ) ) ) *s'AAct|ddrdSt|ddrdS|jdvr||St|ddr||Sd|jvr?||s)||t |jdzSn]|rI ||n2#t$r%}|||j cYd}~Sd}~wwxYw | |n2#t$r%}|||j cYd}~Sd}~wwxYw||S)NrF csrf_exempt)GETHEADOPTIONSTRACE_dont_enforce_csrf_checksr) getattrrrrCrrREASON_BAD_ORIGINrrrgrQr)rSrFcallback callback_argscallback_kwargsrs r process_viewzCsrfViewMiddleware.process_views 72E : : 4 8]E 2 2 4 >@ @ @<<(( ( 77 ? ? ) <<(( ( GL ( (((11 ^||G->mA\-\]]] ^     9$ 9##G,,,,  9 9 9||GSZ88888888 9 5   g & & & & 5 5 5<<44 4 4 4 4 4 4 5||G$$$s<C D (DD D D'' E1E EEcz|jdr |||d|jd<|S)NrBF)rCrrrs rprocess_responsez#CsrfViewMiddleware.process_responsesE <  6 7 7 =  ! !'8 4 4 48=GL3 4rN)rWrXrY__doc__rrwr{rrrrrrrrrrrrrrrrjrjs  _   _ ))_)2666$   4+G+G+GZ;;;.(.(.(`9995%5%5%n     rrj)@rloggingstring collectionsr urllib.parser django.confrdjango.core.exceptionsrr django.httpr django.http.requestr django.urlsr django.utils.cacher django.utils.cryptor rdjango.utils.deprecationrdjango.utils.functionalrdjango.utils.httprdjango.utils.logrdjango.utils.regex_helperr getLoggerrr^rrrrrrrr]r`r r\ ascii_lettersdigitsr!rrr"r9r?rHrJrL ExceptionrNrarergrjrrrrs  ######!!!!!! GGGGGGGG++++++++++++$$$$$$111111HHHHHHHH444444333333,,,,,,))))))666666  1 2 2)).99U;W.1L_14**)FM9444 SSS    3 3 3,,,*""" "I jjjjjjjjjjr