U HaL6@sddlZddlZddlZddlZddlmZmZddlmZddlm Z ddl m Z ddl m Z ddlmZddlmZmZmZdd lmZdd lmZdd lmZejejZGd d d eZGdddeZGdddZ dS)N)datetime timedelta)settings)SuspiciousSession)signing)SuspiciousOperation)timezone)constant_time_compareget_random_string salted_hmac)RemovedInDjango40Warning) import_string)LANGUAGE_SESSION_KEYc@seZdZdZdS) CreateErrorz Used internally as a consistent exception type to catch from save (see the docstring for SessionBase.save() for details). N__name__ __module__ __qualname____doc__rrI/tmp/pip-unpacked-wheel-3jxiddxt/django/contrib/sessions/backends/base.pyrsrc@seZdZdZdS) UpdateErrorzF Occurs if Django tries to update a session that was deleted. Nrrrrrr src@seZdZdZdZdZeZd\ddZddZ d d Z d d Z d dZ e ddZd]ddZefddZddZddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/d0Zd1d2Zd3d4Z d5d6Z!d7d8Z"d9d:Z#d;d<Z$d=d>Z%e e$Z&e e$e%Z'd^d@dAZ(e e(Z)dBdCZ*dDdEZ+dFdGZ,dHdIZ-dJdKZ.dLdMZ/dNdOZ0dPdQZ1dRdSZ2d_dTdUZ3d`dVdWZ4dXdYZ5e6dZd[Z7dS)a SessionBasez- Base class for all Session classes. Z testcookieZworkedNcCs"||_d|_d|_ttj|_dS)NF) _session_keyaccessedmodifiedr rZSESSION_SERIALIZER serializerself session_keyrrr__init__0szSessionBase.__init__cCs ||jkSN_sessionrkeyrrr __contains__6szSessionBase.__contains__cCs"|tkrtjdtdd|j|S)NzThe user language will no longer be stored in request.session in Django 4.0. Read it from request.COOKIES[settings.LANGUAGE_COOKIE_NAME] instead.) stacklevel)rwarningswarnr r#r$rrr __getitem__9szSessionBase.__getitem__cCs||j|<d|_dSNTr#rrr%valuerrr __setitem__Cs zSessionBase.__setitem__cCs|j|=d|_dSr,r-r$rrr __delitem__GszSessionBase.__delitem__cCs d|jjS)Nzdjango.contrib.sessions.) __class__rrrrrkey_saltKszSessionBase.key_saltcCs|j||Sr!)r#get)rr%defaultrrrr5OszSessionBase.getcCs8|jp||jk|_||jkr dn|f}|jj|f|S)Nr)rr#_SessionBase__not_givenpop)rr%r6argsrrrr8RszSessionBase.popcCs,||jkr|j|Sd|_||j|<|SdSr,r-r.rrr setdefaultWs    zSessionBase.setdefaultcCs|j||j<dSr!)TEST_COOKIE_VALUETEST_COOKIE_NAMEr3rrrset_test_cookie_szSessionBase.set_test_cookiecCs||j|jkSr!)r5r<r;r3rrrtest_cookie_workedbszSessionBase.test_cookie_workedcCs ||j=dSr!)r<r3rrrdelete_test_cookieeszSessionBase.delete_test_cookiecCsd|jj}t||S)Nzdjango.contrib.sessions)r2rr hexdigest)rr/r4rrr_hashhs zSessionBase._hashcCs*tjdkr||Stj||j|jddS)zGReturn the given session dictionary serialized and encoded as a string.sha1T)saltrcompress)rZDEFAULT_HASHING_ALGORITHM_legacy_encoderdumpsr4r)r session_dictrrrencodems  zSessionBase.encodec Csztj||j|jdWStjk rnz||WYStk rhtd}| diYYSXYntk r||YSXdS)N)rCrz!django.security.SuspiciousSessionSession data corrupted) rloadsr4rZ BadSignature_legacy_decode Exceptionlogging getLoggerwarning)r session_dataloggerrrrdecodews  zSessionBase.decodecCs4||}||}t|d|dS)N:ascii)rrFrAbase64 b64encoderHrR)rrG serializedhashrrrrEs zSessionBase._legacy_encodec Cst|d}zF|dd\}}||}t||sDtdn| |WSWnTt k r}z6t |t rt d|jj}|t|iWYSd}~XYnXdS)NrTrSrIzdjango.security.%s)rU b64decoderHsplitrAr rRrrrJrL isinstancerrMrNr2rrOstr)rrPZ encoded_datarXrWZ expected_hasherQrrrrKs   zSessionBase._legacy_decodecCs|j|d|_dSr,)r#updater)rZdict_rrrr_s zSessionBase.updatecCs ||jkSr!r"r$rrrhas_keyszSessionBase.has_keycCs |jSr!)r#keysr3rrrraszSessionBase.keyscCs |jSr!)r#valuesr3rrrrbszSessionBase.valuescCs |jSr!)r#itemsr3rrrrcszSessionBase.itemscCsi|_d|_d|_dSr,)_session_cacherrr3rrrclearszSessionBase.clearcCs.z|j o|j WStk r(YdSXdS)zBReturn True when there is no session_key and the session is empty.TN)rrdAttributeErrorr3rrris_emptyszSessionBase.is_emptycCstdt}||s|SqdS)z)Return session key that isn't being used. N)r VALID_KEY_CHARSexistsrrrr_get_new_session_keys  z SessionBase._get_new_session_keycCs|jdkr||_|jSr!)rrkr3rrr_get_or_create_session_keys  z&SessionBase._get_or_create_session_keycCs|ot|dkS)z Key must be truthy and at least 8 characters long. 8 characters is an arbitrary lower bound for some minimal key security. )lenr$rrr_validate_session_keysz!SessionBase._validate_session_keycCs|jSr!)_SessionBase__session_keyr3rrr_get_session_keyszSessionBase._get_session_keycCs||r||_nd|_dS)zV Validate session key on assignment. Invalid values will set to None. N)rorprr/rrr_set_session_keys zSessionBase._set_session_keyFcCsJd|_z|jWStk rB|jdks,|r4i|_n ||_YnX|jS)z Lazily load session from storage (unless "no_load" is True, when only an empty dict is stored) and store it in the current instance. TN)rrdrfrload)rZno_loadrrr _get_sessionszSessionBase._get_sessioncCstjSr!)rZSESSION_COOKIE_AGEr3rrrget_session_cookie_agesz"SessionBase.get_session_cookie_agecKsz |d}Wntk r(t}YnXz |d}Wntk rT|d}YnX|sb|St|tsp|S||}|jd|jS)zGet the number of seconds until the session expires. Optionally, this function accepts `modification` and `expiry` keyword arguments specifying the modification and expiry of the session. modificationexpiry_session_expiryiQ) KeyErrorrnowr5rvr\rdaysseconds)rkwargsrwrxdeltarrrget_expiry_ages   zSessionBase.get_expiry_agecKs~z |d}Wntk r(t}YnXz |d}Wntk rT|d}YnXt|trd|S|pn|}|t|dS)zGet session the expiry date (as a datetime object). Optionally, this function accepts `modification` and `expiry` keyword arguments specifying the modification and expiry of the session. rwrxry)r})rzrr{r5r\rrvr)rr~rwrxrrrget_expiry_dates    zSessionBase.get_expiry_datecCsN|dkr,z |d=Wntk r&YnXdSt|trBt|}||d<dS)a* Set a custom expiration for the session. ``value`` can be an integer, a Python ``datetime`` or ``timedelta`` object or ``None``. If ``value`` is an integer, the session will expire after that many seconds of inactivity. If set to ``0`` then the session will expire on browser close. If ``value`` is a ``datetime`` or ``timedelta`` object, the session will expire at that specific future time. If ``value`` is ``None``, the session uses the global session expiry policy. Nry)rzr\rrr{rrrrr set_expiry$s   zSessionBase.set_expirycCs"|ddkrtjS|ddkS)a Return ``True`` if the session is set to expire when the browser closes, and ``False`` if there's an expiry date. Use ``get_expiry_date()`` or ``get_expiry_age()`` to find the actual expiry date/age, if there is one. ryNr)r5rZSESSION_EXPIRE_AT_BROWSER_CLOSEr3rrrget_expire_at_browser_close>sz'SessionBase.get_expire_at_browser_closecCs||d|_dS)zc Remove the current session data from the database and regenerate the key. N)redeleterr3rrrflushIszSessionBase.flushcCs,|j}|j}|||_|r(||dS)zU Create a new session key, while retaining the current session data. N)r#rcreaterdr)rdatar%rrr cycle_keyRs zSessionBase.cycle_keycCs tddS)zF Return True if the given session_key already exists. z9subclasses of SessionBase must provide an exists() methodNNotImplementedErrorrrrrrj_szSessionBase.existscCs tddS)z Create a new session instance. Guaranteed to create a new object with a unique key and will have saved the result once (with empty data) before the method returns. z8subclasses of SessionBase must provide a create() methodNrr3rrrreszSessionBase.createcCs tddS)z Save the session data. If 'must_create' is True, create a new session object (or raise CreateError). Otherwise, only update an existing object and don't create one (raise UpdateError if needed). z6subclasses of SessionBase must provide a save() methodNr)rZ must_createrrrsavemszSessionBase.savecCs tddS)zx Delete the session data under this key. If the key is None, use the current session key value. z8subclasses of SessionBase must provide a delete() methodNrrrrrruszSessionBase.deletecCs tddS)z@ Load the session data and return a dictionary. z6subclasses of SessionBase must provide a load() methodNrr3rrrrt|szSessionBase.loadcCs tddS)a Remove expired sessions from the session store. If this operation isn't possible on a given backend, it should raise NotImplementedError. If it isn't necessary, because the backend has a built-in expiration mechanism, it should be a no-op. z.This backend does not support clear_expired().Nr)clsrrr clear_expireds zSessionBase.clear_expired)N)N)F)F)N)8rrrrr<r;objectr7r r&r+r0r1propertyr4r5r8r:r=r>r?rArHrRrErKr_r`rarbrcrergrkrlrorqrsrrrur#rvrrrrrrrjrrrrt classmethodrrrrrr'sh              r)!rUrMstringr)rrZ django.confrZ"django.contrib.sessions.exceptionsrZ django.corerZdjango.core.exceptionsrZ django.utilsrZdjango.utils.cryptor r r Zdjango.utils.deprecationr Zdjango.utils.module_loadingr Zdjango.utils.translationrascii_lowercasedigitsrirLrrrrrrrs"