ó TR¹Nc@s/dZddlZddlZddlZddlmZddlmZddlm Z ddl m Z ddl m Z ejdejƒZdZeed ƒr¶ejƒjZn ejZd Zd „Zd„Zd„Zd„Zdefd„ƒYZdefd„ƒYZdefd„ƒYZdS(s’ Cross Site Request Forgery Middleware. This module provides a middleware that implements protection against request forgeries from other sites. iÿÿÿÿN(tsettings(t get_callable(tpatch_vary_headers(tmd5_constructor(t mark_safes7(]*\bmethod\s*=\s*(\'|"|)POST(\'|"|)\b[^>]*>)s text/htmlsapplication/xhtml+xmlt SystemRandomlcCs ttjƒS(s9 Returns the view to be used for CSRF rejections (RRtCSRF_FAILURE_VIEW(((sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pyt_get_failure_viewscCs&tdtdtƒtjfƒjƒS(Ns%s%si(Rt randranget _MAX_CSRF_KEYRt SECRET_KEYt hexdigest(((sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pyt_get_new_csrf_key$scCsttj|ƒjƒS(N(RRR R (t session_id((sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pyt_make_legacy_session_token(scCs t|jd<|jjddƒS(si Returns the the CSRF token required for a POST form. A side effect of calling this function is to make the the csrf_protect decorator and the CsrfViewMiddleware add a CSRF cookie and a 'Vary: Cookie' header to the outgoing response. For this reason, you may need to use this function lazily, as is done by the csrf context processor. tCSRF_COOKIE_USEDt CSRF_COOKIEN(tTruetMETAtgettNone(trequest((sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pyt get_token+s tCsrfViewMiddlewarecBs eZdZd„Zd„ZRS(sú Middleware that requires a present and correct csrfmiddlewaretoken for POST requests that have a CSRF cookie, and sets an outgoing CSRF cookie. This middleware should be used in conjunction with the csrf_token template tag. c sÓt|dtƒrdStˆdtƒr,dS‡fd†}‡fd†}y!ˆjtjˆjdGscs tˆ_dS(N(RRR((R(sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pytacceptHs RtPOSTt_dont_enforce_csrf_checkst HTTP_REFERERs%Referer checking failed - no Referer.s https://%s/s/Referer checking failed - %s does not match %s.sNo CSRF or session cookie.tcsrfmiddlewaretokensCSRF cookie not set.s CSRF token missing or incorrect.(tgetattrtFalseRtCOOKIESRtCSRF_COOKIE_NAMERtKeyErrorR Rtmethodtis_ajaxt is_secureRtget_hostt startswithtSESSION_COOKIE_NAMERR( tselfRtcallbackt callback_argstcallback_kwargstrejectRt cookie_is_newtreferert good_refererR t csrf_tokentrequest_csrf_token((RsC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pyt process_view@sL            cCsŽt|dtƒr|S|jjdƒdkr2|S|jjdtƒsK|S|jtj|jdddd tjƒt |dƒt |_ |S(NRRRtmax_agei<iii4tdomaintCookieii€Qi€: iâß(sCookie( R"R#RRRt set_cookieRR%tCSRF_COOKIE_DOMAINRRR(R-Rtresponse((sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pytprocess_response¦s    (t__name__t __module__t__doc__R7R>(((sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pyR7s ftCsrfResponseMiddlewarecBs eZdZd„Zd„ZRS(s$ DEPRECATED Middleware that post-processes a response to add a csrfmiddlewaretoken. This exists for backwards compatibility and as an interim measure until applications are converted to using use the csrf_token template tag instead. It will be removed in Django 1.4. cCs ddl}|jdtƒdS(Niÿÿÿÿs‡CsrfResponseMiddleware and CsrfMiddleware are deprecated; use CsrfViewMiddleware and the template tag instead (see CSRF documentation).(twarningstwarntPendingDeprecationWarning(R-RC((sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pyt__init__Ås csÄt|dtƒr|S|djdƒdtkrÀt|ƒ‰ˆdkrO|Stjd tjdƒƒ‰‡‡fd†}t j ||j ƒ\|_ }|dkrÀt |d ƒ|d =qÀn|S( NRs Content-Typet;isid='csrfmiddlewaretoken'tcs.t|jƒddˆjƒdˆdƒS(s=Returns the matched
tag plus the added elements
s
(Rtgrouptnext(tmatch(t idattributesR5(sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pytadd_csrf_fieldÚs#R:tETag(sid='csrfmiddlewaretoken'(sCookie( R"R#tsplitt _HTML_TYPESRRt itertoolstchaintrepeatt _POST_FORM_REtsubntcontentR(R-RR=RMtn((R5RLsC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pyR>Ìs      (R?R@RARFR>(((sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pyRB¼s tCsrfMiddlewarecBs)eZdZd„Zd„Zd„ZRS(s¶ Django middleware that adds protection against Cross Site Request Forgeries by adding hidden form fields to POST forms and checking requests for the correct value. CsrfMiddleware uses two middleware, CsrfViewMiddleware and CsrfResponseMiddleware, which can be used independently. It is recommended to use only CsrfViewMiddleware and use the csrf_token template tag in templates for inserting the token. cCstƒ|_tƒ|_dS(N(RBtresponse_middlewareRtview_middleware(R-((sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pyRFûs cCs(|jj||ƒ}|jj||ƒS(N(RYR>RZ(R-Rtresptresp2((sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pyR>ÿscCs|jj||||ƒS(N(RZR7(R-RR.R/R0((sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pyR7s(R?R@RARFR>R7(((sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pyRXîs   (s text/htmlsapplication/xhtml+xml(RARQtretrandomt django.confRtdjango.core.urlresolversRtdjango.utils.cacheRtdjango.utils.hashcompatRtdjango.utils.safestringRtcompilet IGNORECASERTRPthasattrRRR RR RRtobjectRRBRX(((sC/home/panlixing/Python_Projects/gaeseries/django/middleware/csrf.pyts*        …2