wdfC zdZddlmZddlZddlZddlmZddlmZmZddl m Z dd l m Z d Z Gd d e ZdS) a A provided CSRF implementation which puts CSRF data in a session. This can be used fairly comfortably with many `request.session` type objects, including the Werkzeug/Flask session store, Django sessions, and potentially other similar objects which use a dict-like API for storing session keys. The basic concept is a randomly generated value is stored in the user's session, and an hmac-sha1 of it (along with an optional expiration time, for extra security) is used as the value of the csrf_token. If this token validates with the hmac of the random value + expiration time, and the expiration time is not passed, the CSRF validation will pass. )unicode_literalsN)sha1)datetime timedelta)ValidationError) SecureForm)SessionSecureFormc:eZdZdZedZdZdZdZdS)r z %Y%m%d%H%M%S)minutesNcF|jtd|tdt|d|}d|vr6t t jd|d<|d|j_ |j r@tj |j z |j}|d|}n d}|d}tj|j|dt}|d |S) Nz=must set SECRET_KEY in a subclass of this form for it to workz2Must provide a session-like object as csrf contextsessioncsrf@utf8 digestmod##) SECRET_KEY Exception TypeErrorgetattrrosurandom hexdigest csrf_tokencsrf_key TIME_LIMITrnowstrftime TIME_FORMAThmacnewencode)self csrf_contextrexpires csrf_build hmac_csrfs ]/var/www/book.euthymeo.com/html/venv/lib/python3.11/site-packages/wtforms/ext/csrf/session.pygenerate_csrf_tokenz%SessionSecureForm.generate_csrf_token"s ? "[\\ \  PQQ Q, <@@  "2:b>>22<<>>GFO#*6? ? )|~~7AA$BRSSG#*6??GG">?? ? ? K$LNN33D4DEEMw&&%emm4H&I&IJJJ K K&&r/) __name__ __module__ __qualname__r$rr!rr.r8r/r-r r sS K2&&&JJ;;;,KKKKKr/r )__doc__ __future__rr%rhashlibrrr validatorsrformr __all__r r<r/r-rCs  (''''' (((((((()))))) !*K*K*K*K*K *K*K*K*K*Kr/