h5`dZddlZddlZddlZddlmZddlmZddlm Z m Z ddl m Z ddl mZddlmZmZdd lmZdd lmZdd lmZej0d Zd ZdZdZdZdZdZdZ de zZ!ejDejFzZ$dZ%dZ&dZ'dZ(dZ)dZ*dZ+dZ,dZ-dZ.Gdd eZ/y)!z Cross Site Request Forgery Middleware. This module provides a middleware that implements protection against request forgeries from other sites. N)urlparse)settings)DisallowedHostImproperlyConfigured) get_callable)patch_vary_headers)constant_time_compareget_random_string)MiddlewareMixin)is_same_domain) log_responsezdjango.security.csrfz%Referer checking failed - no Referer.z@Referer checking failed - %s does not match any trusted origins.zCSRF cookie not set.z CSRF token missing or incorrect.z/Referer checking failed - Referer is malformed.zCReferer checking failed - Referer is insecure while host is secure.  _csrftokenc4ttjS)z/Return the view to be used for CSRF rejections.)rrCSRF_FAILURE_VIEWY/var/www/html/ranktracker/api/venv/lib/python3.12/site-packages/django/middleware/csrf.py_get_failure_viewr$s 22 33rc,tttS)N) allowed_chars)r CSRF_SECRET_LENGTHCSRF_ALLOWED_CHARSrrr_get_new_csrf_stringr)s /?Q RRrct}ttfd|Dfd|D}djfd|D}||zS)z Given a secret (assumed to be a string of CSRF_ALLOWED_CHARS), generate a token by adding a mask and applying it to the secret. c3@K|]}j|ywNindex.0xcharss r z&_mask_cipher_secret..4s0AQ0c3@K|]}j|ywrrr!s rr%z&_mask_cipher_secret..4s2Pa5;;q>2Pr&c3LK|]\}}||ztzywr)lenr"r#yr$s rr%z&_mask_cipher_secret..5s'CTQUAESZ/0Cs!$)rrzipjoin)secretmaskpairscipherr$s @r_mask_cipher_secretr3-sH !D E 002P42P QE WWCUC CF &=rc|dt}|td}ttfd|Dfd|D}djfd|DS)z Given a token (assumed to be a string of CSRF_ALLOWED_CHARS, of length CSRF_TOKEN_LENGTH, and that its first half is a mask), use it to decrypt the second half to produce the original secret. Nc3@K|]}j|ywrrr!s rr%z'_unmask_cipher_token..Bs/AQ/r&c3@K|]}j|ywrrr!s rr%z'_unmask_cipher_token..Bs1OQ%++a.1Or&r(c34K|]\}}||z ywrrr+s rr%z'_unmask_cipher_token..Cs2DAq5Q<2s)rrr-r.)tokenr0r1r$s @r_unmask_cipher_tokenr99sS $$ %D $% &E E //1O$1O PE 772E2 22rc(ttSr)r3rrrr_get_new_csrf_tokenr;Fs 35 66rcd|jvr#t}t||jd<nt|jd}d|jd<t|S)a Return the CSRF token required for a POST form. The token is an alphanumeric value. A new token is created if one is not already set. A side effect of calling this function is to make the csrf_protect decorator and the CsrfViewMiddleware add a CSRF cookie and a 'Vary: Cookie' header to the outgoing response. For this reason, you may need to use this function lazily, as is done by the csrf context processor. CSRF_COOKIETCSRF_COOKIE_USED)METArr3r9)request csrf_secrets r get_tokenrBJsXGLL(*, &9+&F ]#*7<< +FG '+GLL#$ { ++rc^|jjdtdd|_y)zi Change the CSRF token in use for a request - should be done on login for security purposes. T)r>r=N)r?updater;csrf_cookie_needs_reset)r@s r rotate_tokenrF]s.  LL *,'+G#rctjd|r tSt|tk(r|St|t k(r t |StS)Nz [^a-zA-Z0-9])researchr;r*CSRF_TOKEN_LENGTHrr3)r8s r_sanitize_tokenrKisN yy'"$$ U( ( U) )#5))   rc>tt|t|Sr)r r9)request_csrf_token csrf_tokens r_compare_masked_tokensrOzs" !/0Z( rc:eZdZdZdZdZdZdZdZdZ dZ y ) CsrfViewMiddlewarez Require a present and correct csrfmiddlewaretoken for POST requests that have a CSRF cookie, and set an outgoing CSRF cookie. This middleware should be used in conjunction with the {% csrf_token %} template tag. cd|_y)NT)csrf_processing_done)selfr@s r_acceptzCsrfViewMiddleware._accepts(,$rcht||}td||j||t|S)N)reasonzForbidden (%s): %s)responser@logger)rr pathrY)rTr@rWrXs r_rejectzCsrfViewMiddleware._rejects7&$&wv> &',,  rctjr |jjtS |jtj}t|}||k7rd|_ |S#t $r t dwxYw#t$rYywxYw)NzCSRF_USE_SESSIONS is enabled, but request.session is not set. SessionMiddleware must appear before CsrfViewMiddleware in MIDDLEWARE.T) rCSRF_USE_SESSIONSsessiongetCSRF_SESSION_KEYAttributeErrorrCOOKIESCSRF_COOKIE_NAMEKeyErrorrKrE)rTr@ cookie_tokenrNs r _get_tokenzCsrfViewMiddleware._get_tokens  % % **+;<< &x/H/HI )6J\)37/ #" *%   sA(B(A= B  B c tjrQ|jjt|j dk7r!|j d|jt<yy|j tj|j dtjtjtjtjtjtjt|dy)Nr=)max_agedomainrZsecurehttponlysamesite)Cookie)rr]r^r_r`r? set_cookiercCSRF_COOKIE_AGECSRF_COOKIE_DOMAINCSRF_COOKIE_PATHCSRF_COOKIE_SECURECSRF_COOKIE_HTTPONLYCSRF_COOKIE_SAMESITErrTr@rXs r _set_tokenzCsrfViewMiddleware._set_tokens  % %""#34 ]8SS4;LL4O 01T   )) ]+ 0022..22!66!66  x 5rcJ|j|}|||jd<yy)Nr=)rfr?)rTr@rNs rprocess_requestz"CsrfViewMiddleware.process_requests)__W-  !*4GLL ' "rc4 t|ddryt|ddry|jdvr=t|ddr|j|S|jr[|jj d |j |tSt  d j jfvr|j |tS jdk7r|j |tStjrtjntj }||j#}|d vr|d |}n |j%}t)tj*}||j-|t/ fd |Ds)t0 j3z}|j ||S|j5|} | |j |t6Sd} |jd k(r |j8j d d} | dk(r*|jj tj<d} t?| } tA| | s|j |tBS|j|S#t&$rY9wxYw#t:$rYwxYw)NrSF csrf_exempt)GETHEADOPTIONSTRACE_dont_enforce_csrf_checks HTTP_REFERERr(https)44380:c3JK|]}tj|ywr)r netloc)r"hostreferers rr%z2CsrfViewMiddleware.process_view..sWD>'..$?Ws #POSTcsrfmiddlewaretoken)"getattrmethodrU is_securer?r_r[REASON_NO_REFERERrschemerREASON_MALFORMED_REFERERREASON_INSECURE_REFERERrr]SESSION_COOKIE_DOMAINrpget_portget_hostrlistCSRF_TRUSTED_ORIGINSappendanyREASON_BAD_REFERERgeturlrfREASON_NO_CSRF_COOKIErOSErrorCSRF_HEADER_NAMErKrOREASON_BAD_TOKEN) rTr@callback callback_argscallback_kwargs good_referer server_port good_hostsrWrNrMrs @r process_viewzCsrfViewMiddleware.process_viewsz 72E : 8]E 2 >>!D Dw ;UC ||G,,  " ",,**>:?<<1BCC"7+'..'..99<<1IJJ>>W,<<1HII 1122!44  +")"2"2"4K"-72> 'L '.'7'7'9 "("?"?@ +%%l3WJWW/'..2BBF<<88 1J!||G-BCC"$ ~~')0)9)9:OQS)T&"R'&-\\%5%5h6O6OQS%T"!01C!D )*>||G$$[*8  s$>I;2J ; JJ JJct|ddst|ddr|S|jjdds|S|j||d|_|S)NrEFcsrf_cookie_setr>T)rr?r_rvrrus rprocess_responsez#CsrfViewMiddleware.process_response=sXw 95Ax!2E:|| 2E:O *#' rN) __name__ __module__ __qualname____doc__rUr[rfrvrxrrrrrrQrQs,.6$5 n%` rrQ)0rloggingrHstring urllib.parser django.confrdjango.core.exceptionsrr django.urlsrdjango.utils.cacherdjango.utils.cryptor r django.utils.deprecationr django.utils.httpr django.utils.logr getLoggerrYrrrrrrrrJ ascii_lettersdigitsrr`rrr3r9r;rBrFrKrOrQrrrrs  ! G$1H4,)   1 2;W.5L_**))FMM94 S  37,& +!"FFr