PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB`  ]c@sdZddlmZddlZddlZddlZddlZddlZddlZddl m Z ddl m Z ddl mZmZddlmZmZmZddlmZejd Zd efd YZd efd YZdZdZdZddZdefdYZ dde e"dZ#dde ddZ$defdYZ%de%fdYZ&dS(u` Functions for creating and restoring url-safe signed JSON objects. The format used looks like this: >>> signing.dumps("hello") 'ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk' There are two components here, separated by a ':'. The first component is a URLsafe base64 encoded JSON of the object passed to dumps(). The second component is a base64 encoded hmac/SHA1 hash of "$first_component:$secret" signing.loads(s) checks the signature and returns the deserialized object. If the signature fails, a BadSignature exception is raised. >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk") u'hello' >>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk-modified") ... BadSignature: Signature failed: ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk-modified You can optionally compress the JSON prior to base64 encoding it to save space, using the compress=True argument. This checks if compression actually helps and only applies compression if the result is a shorter string: >>> signing.dumps(range(1, 20), compress=True) '.eJwFwcERACAIwLCF-rCiILN47r-GyZVJsNgkxaFxoDgxcOHGxMKD_T7vhAml:1QaUaL:BA0thEZrp4FQVXIXuOvYJtLJSrQ' The fact that the string is compressed is signalled by the prefixed '.' at the start of the base64 JSON. There are 65 url-safe characters: the 64 used by url-safe base64 and the ':'. These functions make use of all of them. i(tunicode_literalsN(tsettings(tbaseconv(tconstant_time_comparet salted_hmac(t force_bytest force_strt force_text(t import_stringu^[A-z0-9-_=]*$t BadSignaturecBseZdZRS(u" Signature does not match (t__name__t __module__t__doc__(((s7/usr/lib/python2.7/site-packages/django/core/signing.pyR 6stSignatureExpiredcBseZdZRS(u< Signature timestamp is older than required max_age (R R R (((s7/usr/lib/python2.7/site-packages/django/core/signing.pyR =scCstj|jdS(Nt=(tbase64turlsafe_b64encodetstrip(ts((s7/usr/lib/python2.7/site-packages/django/core/signing.pyt b64_encodeDscCs&dt| d}tj||S(NRi(tlenRturlsafe_b64decode(Rtpad((s7/usr/lib/python2.7/site-packages/django/core/signing.pyt b64_decodeHscCstt|||jS(N(RRtdigest(tsalttvaluetkey((s7/usr/lib/python2.7/site-packages/django/core/signing.pyt base64_hmacMsu%django.core.signing.get_cookie_signercCs2ttj}ttj}|d|d|S(Nsdjango.http.cookiesR(RRtSIGNING_BACKENDRt SECRET_KEY(RtSignerR((s7/usr/lib/python2.7/site-packages/django/core/signing.pytget_cookie_signerQstJSONSerializercBs eZdZdZdZRS(uW Simple wrapper around json to be used in signing.dumps and signing.loads. cCstj|ddjdS(Nt separatorsu,u:ulatin-1(u,u:(tjsontdumpstencode(tselftobj((s7/usr/lib/python2.7/site-packages/django/core/signing.pyR$\scCstj|jdS(Nulatin-1(R#tloadstdecode(R&tdata((s7/usr/lib/python2.7/site-packages/django/core/signing.pyR(_s(R R R R$R((((s7/usr/lib/python2.7/site-packages/django/core/signing.pyR!Ws udjango.core.signingc Cs|j|}t}|r[tj|}t|t|dkr[|}t}q[nt|}|rzd|}nt|d|j|S(u Returns URL-safe, sha1 signed base64 compressed JSON string. If key is None, settings.SECRET_KEY is used instead. If compress is True (not the default) checks if compressing using zlib can save some space. Prepends a '.' to signify compression. This is included in the signature, to protect against zip bombs. Salt can be used to namespace the hash, so that a signed string is only valid for a given namespace. Leaving this at the default value or re-using a salt value across different parts of your application without good cause is a security risk. The serializer is expected to return a bytestring. it.R( R$tFalsetzlibtcompressRtTrueRtTimestampSignertsign( R'RRt serializerR.R*t is_compressedt compressedtbase64d((s7/usr/lib/python2.7/site-packages/django/core/signing.pyR$cs   cCstt|d|j|d|}t}|d dkrP|d}t}nt|}|rttj|}n|j|S(u} Reverse of dumps(), raises BadSignature if signature fails. The serializer is expected to accept a bytestring. Rtmax_ageiR+( RR0tunsignR,R/RR-t decompressR((RRRR2R6R5R8R*((s7/usr/lib/python2.7/site-packages/django/core/signing.pyR(s'   RcBs5eZddddZdZdZdZRS(u:cCsu|p tj|_t||_tj|jrFtd|nt|phd|jj |jj f|_ dS(NuJUnsafe Signer separator: %r (cannot be empty or consist of only A-z0-9-_=)u%s.%s( RRRRtsept _SEP_UNSAFEtmatcht ValueErrort __class__R R R(R&RR9R((s7/usr/lib/python2.7/site-packages/django/core/signing.pyt__init__s cCs&t|jd||j}t|S(Nusigner(RRRR(R&Rt signature((s7/usr/lib/python2.7/site-packages/django/core/signing.pyR?scCs/t|}td||j|j|fS(Nu%s%s%s(RtstrR9R?(R&R((s7/usr/lib/python2.7/site-packages/django/core/signing.pyR1s cCst|}|j|kr1td|jn|j|jd\}}t||j|rnt|Std|dS(NuNo "%s" found in valueiuSignature "%s" does not match(RR9R trsplitRR?R(R&t signed_valueRtsig((s7/usr/lib/python2.7/site-packages/django/core/signing.pyR7s  N(R R tNoneR>R?R1R7(((s7/usr/lib/python2.7/site-packages/django/core/signing.pyRs  R0cBs&eZdZdZddZRS(cCstjjttjS(N(Rtbase62R%tintttime(R&((s7/usr/lib/python2.7/site-packages/django/core/signing.pyt timestampscCsDt|}td||j|jf}tt|j|S(Nu%s%s%s(RR@R9RHtsuperR0R1(R&R((s7/usr/lib/python2.7/site-packages/django/core/signing.pyR1s "cCstt|j|}|j|jd\}}tjj|}|dk rt |t j rr|j }nt j |}||krtd||fqn|S(uk Retrieve original value and check it wasn't signed more than max_age seconds ago. iuSignature age %s > %s secondsN(RIR0R7RAR9RRER)RDt isinstancetdatetimet timedeltat total_secondsRGR (R&RR6tresultRHtage((s7/usr/lib/python2.7/site-packages/django/core/signing.pyR7s  N(R R RHR1RDR7(((s7/usr/lib/python2.7/site-packages/django/core/signing.pyR0s  ('R t __future__RRRKR#treRGR-t django.confRt django.utilsRtdjango.utils.cryptoRRtdjango.utils.encodingRRRtdjango.utils.module_loadingRtcompileR:t ExceptionR R RRRR tobjectR!RDR,R$R(RR0(((s7/usr/lib/python2.7/site-packages/django/core/signing.pyt"s0           !