o
    jTte5                     @   s*  d Z ddlZddlZddlZddlmZ ddlmZ ddlm	Z	m
Z
 ddlmZ ddlmZ ddlmZmZ dd	lmZ dd
lmZ ddlmZ edZdZdZdZdZdZdZdZ de  Z!ej"ej# Z$dZ%dd Z&dd Z'dd Z(dd Z)dd Z*d d! Z+d"d# Z,d$d% Z-d&d' Z.G d(d) d)eZ/dS )*z
Cross Site Request Forgery Middleware.

This module provides a middleware that implements protection
against request forgeries from other sites.
    N)urlparse)settings)DisallowedHostImproperlyConfigured)get_callable)patch_vary_headers)constant_time_compareget_random_string)MiddlewareMixin)is_same_domain)log_responsezdjango.security.csrfz%Referer checking failed - no Referer.z@Referer checking failed - %s does not match any trusted origins.zCSRF cookie not set.z CSRF token missing or incorrect.z/Referer checking failed - Referer is malformed.zCReferer checking failed - Referer is insecure while host is secure.       
_csrftokenc                   C   s
   t tjS )z/Return the view to be used for CSRF rejections.)r   r   CSRF_FAILURE_VIEW r   r   b/var/www/social.2tendo.club/virtuCedar/venv/lib/python3.10/site-packages/django/middleware/csrf.py_get_failure_view$   s   
r   c                   C   s   t ttdS )N)allowed_chars)r	   CSRF_SECRET_LENGTHCSRF_ALLOWED_CHARSr   r   r   r   _get_new_csrf_string)   s   r   c                    sP   t  }t t fdd| D  fdd|D }d fdd|D }|| S )z
    Given a secret (assumed to be a string of CSRF_ALLOWED_CHARS), generate a
    token by adding a mask and applying it to the secret.
    c                 3       | ]}  |V  qd S Nindex.0xcharsr   r   	<genexpr>4       z&_mask_cipher_secret.<locals>.<genexpr> c                 3   s(    | ]\}} || t    V  qd S r   )lenr   r   yr   r   r   r!   5   s   & )r   r   zipjoin)secretmaskpairscipherr   r   r   _mask_cipher_secret-   s
   &r-   c                    sZ   | dt  }| t d } t t fdd| D  fdd|D }d fdd|D S )z
    Given a token (assumed to be a string of CSRF_ALLOWED_CHARS, of length
    CSRF_TOKEN_LENGTH, and that its first half is a mask), use it to decrypt
    the second half to produce the original secret.
    Nc                 3   r   r   r   r   r   r   r   r!   B   r"   z'_unmask_cipher_token.<locals>.<genexpr>r#   c                 3   s     | ]\}} ||  V  qd S r   r   r%   r   r   r   r!   C   s    )r   r   r'   r(   )tokenr*   r+   r   r   r   _unmask_cipher_token9   s
   &r/   c                   C   s
   t t S r   )r-   r   r   r   r   r   _get_new_csrf_tokenF   s   
r0   c                 C   s@   d| j vrt }t|| j d< nt| j d }d| j d< t|S )a  
    Return the CSRF token required for a POST form. The token is an
    alphanumeric value. A new token is created if one is not already set.

    A side effect of calling this function is to make the csrf_protect
    decorator and the CsrfViewMiddleware add a CSRF cookie and a 'Vary: Cookie'
    header to the outgoing response.  For this reason, you may need to use this
    function lazily, as is done by the csrf context processor.
    CSRF_COOKIETCSRF_COOKIE_USED)METAr   r-   r/   )requestcsrf_secretr   r   r   	get_tokenJ   s   


r6   c                 C   s   | j dt d d| _dS )zi
    Change the CSRF token in use for a request - should be done on login
    for security purposes.
    T)r2   r1   N)r3   updater0   csrf_cookie_needs_reset)r4   r   r   r   rotate_token]   s
   
r9   c                 C   s<   t d| r	t S t| tkr| S t| tkrt| S t S )Nz[^a-zA-Z0-9])researchr0   r$   CSRF_TOKEN_LENGTHr   r-   )r.   r   r   r   _sanitize_tokeni   s   r=   c                 C   s   t t| t|S r   )r   r/   )request_csrf_token
csrf_tokenr   r   r   _compare_masked_tokensz   s   r@   c                   @   sH   e Zd ZdZdd Zdd Zdd Zdd	 Zd
d Zdd Z	dd Z
dS )CsrfViewMiddlewarez
    Require a present and correct csrfmiddlewaretoken for POST requests that
    have a CSRF cookie, and set an outgoing CSRF cookie.

    This middleware should be used in conjunction with the {% csrf_token %}
    template tag.
    c                 C   s
   d|_ d S )NT)csrf_processing_done)selfr4   r   r   r   _accept   s   zCsrfViewMiddleware._acceptc                 C   s(   t  ||d}td||j||td |S )N)reasonzForbidden (%s): %s)responser4   logger)r   r   pathrG   )rC   r4   rE   rF   r   r   r   _reject   s   zCsrfViewMiddleware._rejectc                 C   sl   t jrz|jtW S  ty   tdw z|jt j }W n
 t	y(   Y d S w t
|}||kr4d|_|S )NzCSRF_USE_SESSIONS is enabled, but request.session is not set. SessionMiddleware must appear before CsrfViewMiddleware in MIDDLEWARE.T)r   CSRF_USE_SESSIONSsessiongetCSRF_SESSION_KEYAttributeErrorr   COOKIESCSRF_COOKIE_NAMEKeyErrorr=   r8   )rC   r4   cookie_tokenr?   r   r   r   
_get_token   s"   zCsrfViewMiddleware._get_tokenc              
   C   sp   t jr|jt|jd kr|jd |jt< d S d S |jt j|jd t jt j	t j
t jt jt jd t|d d S )Nr1   )max_agedomainrH   securehttponlysamesite)Cookie)r   rJ   rK   rL   rM   r3   
set_cookierP   CSRF_COOKIE_AGECSRF_COOKIE_DOMAINCSRF_COOKIE_PATHCSRF_COOKIE_SECURECSRF_COOKIE_HTTPONLYCSRF_COOKIE_SAMESITEr   rC   r4   rF   r   r   r   
_set_token   s   zCsrfViewMiddleware._set_tokenc                 C   s$   |  |}|d ur||jd< d S d S )Nr1   )rS   r3   )rC   r4   r?   r   r   r   process_request   s   
z"CsrfViewMiddleware.process_requestc                    s  t |ddrd S t |ddrd S |jdvrt |ddr | |S | r|jd  d u r4| |tS t  d j	 j
fv rF| |tS  j	dkrQ| |tS tjrWtjntj}|d urm| }|d	vrld
||f }nz| }W n	 ty|   Y nw ttj}|d ur|| t fdd|D st   }| ||S | |}	|	d u r| |tS d}
|jdkrz	|jdd}
W n	 ty   Y nw |
dkr|jtjd}
t|
}
t |
|	s| |t!S | |S )NrB   Fcsrf_exempt)GETHEADOPTIONSTRACE_dont_enforce_csrf_checksHTTP_REFERERr#   https)44380z%s:%sc                 3   s    | ]	}t  j|V  qd S r   )r   netloc)r   hostrefererr   r   r!     s    z2CsrfViewMiddleware.process_view.<locals>.<genexpr>POSTcsrfmiddlewaretoken)"getattrmethodrD   	is_securer3   rL   rI   REASON_NO_REFERERr   schemern   REASON_MALFORMED_REFERERREASON_INSECURE_REFERERr   rJ   SESSION_COOKIE_DOMAINr\   get_portget_hostr   listCSRF_TRUSTED_ORIGINSappendanyREASON_BAD_REFERERgeturlrS   REASON_NO_CSRF_COOKIErr   OSErrorCSRF_HEADER_NAMEr=   r@   REASON_BAD_TOKEN)rC   r4   callbackcallback_argscallback_kwargsgood_refererserver_port
good_hostsrE   r?   r>   r   rp   r   process_view   sh   








zCsrfViewMiddleware.process_viewc                 C   sD   t |ddst |ddr|S |jdds|S | || d|_|S )Nr8   Fcsrf_cookie_setr2   T)rt   r3   rL   rb   r   ra   r   r   r   process_response=  s   z#CsrfViewMiddleware.process_responseN)__name__
__module____qualname____doc__rD   rI   rS   rb   rc   r   r   r   r   r   r   rA      s    	
prA   )0r   loggingr:   stringurllib.parser   django.confr   django.core.exceptionsr   r   django.urlsr   django.utils.cacher   django.utils.cryptor   r	   django.utils.deprecationr
   django.utils.httpr   django.utils.logr   	getLoggerrG   rw   r   r   r   ry   rz   r   r<   ascii_lettersdigitsr   rM   r   r   r-   r/   r0   r6   r9   r=   r@   rA   r   r   r   r   <module>   sD    
	