wdfU ZddlmZddlmZdZGddeZGddeZdS) )ValidationError) HiddenField)CSRFTokenFieldCSRFcBeZdZdZdZfdZdZdZdZfdZ xZ S)raA A subclass of HiddenField designed for sending the CSRF token that is used for most CSRF protection schemes. Notably different from a normal field, this field always renders the current token regardless of the submitted value, and also will not be populated over to object data via populate_obj Nc||d|_tt|j|i|dS)N csrf_impl)popr superr__init__)selfargskw __class__s V/var/www/book.euthymeo.com/html/venv/lib/python3.11/site-packages/wtforms/csrf/core.pyr zCSRFTokenField.__init__s> ,,,nd##,d9b99999c|jS)z We want to always return the current token on render, regardless of whether a good or bad token was passed. ) current_token)r s r_valuezCSRFTokenField._values !!rcdS)z< Don't populate objects with the CSRF token N)r rs r populate_objzCSRFTokenField.populate_objs  rc<|j||dS)z8 Handle validation of this token field. N)r validate_csrf_token)r forms r pre_validatezCSRFTokenField.pre_validate#s" **466666rctt|j||j||_dS)N)r rprocessr generate_csrf_tokenr)r rrs rrzCSRFTokenField.process)s;+nd##+T22!^??EEr) __name__ __module__ __qualname____doc__rr rrrr __classcell__)rs@rrrsM:::::"""   777 FFFFFFFFFrrc$eZdZeZdZdZdZdS)rcV|j}|j}|d|}||fgS)a Receive the form we're attached to and set up fields. The default implementation creates a single field of type :attr:`field_class` with name taken from the ``csrf_field_name`` of the class meta. :param form: The form instance we're attaching to. :return: A sequence of `(field_name, unbound_field)` 2-tuples which are unbound fields to be added to the form. z CSRF Token)labelr )metacsrf_field_name field_class)r rr( field_name unbound_fields r setup_formzCSRF.setup_form1sCy) (()  ]+,,rct)a Implementations must override this to provide a method with which one can get a CSRF token for this form. A CSRF token is usually a string that is generated deterministically based on some sort of user data, though it can be anything which you can validate on a subsequent request. :param csrf_token_field: The field which is being used for CSRF. :return: A generated CSRF string. )NotImplementedError)r csrf_token_fields rrzCSRF.generate_csrf_tokenGs"###rcj|j|jkr"t|ddS)a> Override this method to provide custom CSRF validation logic. The default CSRF validation logic simply checks if the recently generated token equals the one we received as formdata. :param form: The form which has this CSRF token. :param field: The CSRF token field. zInvalid CSRF TokenN)rdatargettext)r rfields rrzCSRF.validate_csrf_tokenWs7  %* , ,!%--0D"E"EFF F - ,rN)r r!r"rr*r-rrrrrrr.sK K---,$$$ G G G G GrrN)wtforms.validatorsrwtforms.fieldsr__all__robjectrrrrr9s......&&&&&& $$F$F$F$F$F[$F$F$FN4G4G4G4G4G64G4G4G4G4Gr