ó ù¢TQc@sdZddlmZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZddlmZdd lmZmZejd ƒZd Zd Zd ZdZdZd„Zd„Zd„Zd„Zdefd„ƒYZ dS(u’ Cross Site Request Forgery Middleware. This module provides a middleware that implements protection against request forgeries from other sites. iÿÿÿÿ(tunicode_literalsN(tsettings(t get_callable(tpatch_vary_headers(t force_text(t same_origin(tconstant_time_comparetget_random_stringudjango.requestu%Referer checking failed - no Referer.u/Referer checking failed - %s does not match %s.uCSRF cookie not set.u CSRF token missing or incorrect.i cCs ttjƒS(u9 Returns the view to be used for CSRF rejections (RRtCSRF_FAILURE_VIEW(((s/../Django//lib/python/django/middleware/csrf.pyt_get_failure_viewscCs ttƒS(N(RtCSRF_KEY_LENGTH(((s/../Django//lib/python/django/middleware/csrf.pyt_get_new_csrf_key&scCs t|jd<|jjddƒS(u‰ Returns the CSRF token required for a POST form. The token is an alphanumeric value. A side effect of calling this function is to make the csrf_protect decorator and the CsrfViewMiddleware add a CSRF cookie and a 'Vary: Cookie' header to the outgoing response. For this reason, you may need to use this function lazily, as is done by the csrf context processor. uCSRF_COOKIE_USEDu CSRF_COOKIEN(tTruetMETAtgettNone(trequest((s/../Django//lib/python/django/middleware/csrf.pyt get_token*s cCsKt|ƒtkrtƒStjddt|ƒƒ}|dkrGtƒS|S(Nu [^a-zA-Z0-9]+u(tlenR R tretsubR(ttoken((s/../Django//lib/python/django/middleware/csrf.pyt_sanitize_token8s  tCsrfViewMiddlewarecBs2eZdZd„Zd„Zd„Zd„ZRS(uú Middleware that requires a present and correct csrfmiddlewaretoken for POST requests that have a CSRF cookie, and sets an outgoing CSRF cookie. This middleware should be used in conjunction with the csrf_token template tag. cCs t|_dS(N(R tcsrf_processing_doneR(tselfR((s/../Django//lib/python/django/middleware/csrf.pyt_acceptNs cCstƒ|d|ƒS(Ntreason(R (RRR((s/../Django//lib/python/django/middleware/csrf.pyt_rejectUsc Cskt|dtƒrdSy't|jtjƒ}||jd(((s/../Django//lib/python/django/middleware/csrf.pyRCs    i(!RAt __future__RthashlibtloggingRtrandomt django.confRtdjango.core.urlresolversRtdjango.utils.cacheRtdjango.utils.encodingRtdjango.utils.httpRtdjango.utils.cryptoRRt getLoggerR%R'R*R+R-R R R RRtobjectR(((s/../Django//lib/python/django/middleware/csrf.pyts,