o 3aL6@sddlZddlZddlZddlZddlmZmZddlmZddlm Z ddl m Z ddl m Z ddlmZddlmZmZmZdd lmZdd lmZdd lmZejejZGd d d eZGdddeZGdddZ dS)N)datetime timedelta)settings)SuspiciousSession)signing)SuspiciousOperation)timezone)constant_time_compareget_random_string salted_hmac)RemovedInDjango40Warning) import_string)LANGUAGE_SESSION_KEYc@eZdZdZdS) CreateErrorz Used internally as a consistent exception type to catch from save (see the docstring for SessionBase.save() for details). N__name__ __module__ __qualname____doc__rrG/usr/lib/python3/dist-packages/django/contrib/sessions/backends/base.pyrsrc@r) UpdateErrorzF Occurs if Django tries to update a session that was deleted. Nrrrrrr src@seZdZdZdZdZeZd\ddZddZ d d Z d d Z d dZ e ddZd\ddZefddZddZddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/d0Zd1d2Zd3d4Z d5d6Z!d7d8Z"d9d:Z#d;d<Z$d=d>Z%e e$Z&e e$e%Z'd]d@dAZ(e e(Z)dBdCZ*dDdEZ+dFdGZ,dHdIZ-dJdKZ.dLdMZ/dNdOZ0dPdQZ1dRdSZ2d]dTdUZ3d\dVdWZ4dXdYZ5e6dZd[Z7dS)^ SessionBasez- Base class for all Session classes. testcookieworkedNcCs"||_d|_d|_ttj|_dS)NF) _session_keyaccessedmodifiedr rSESSION_SERIALIZER serializerself session_keyrrr__init__0szSessionBase.__init__cC ||jvSN_sessionr"keyrrr __contains__6 zSessionBase.__contains__cCs"|tkr tjdtdd|j|S)NzThe user language will no longer be stored in request.session in Django 4.0. Read it from request.COOKIES[settings.LANGUAGE_COOKIE_NAME] instead.) stacklevel)rwarningswarnr r(r)rrr __getitem__9s  zSessionBase.__getitem__cCs||j|<d|_dSNTr(rr"r*valuerrr __setitem__Cs  zSessionBase.__setitem__cCs|j|=d|_dSr2r3r)rrr __delitem__Gs zSessionBase.__delitem__cCs d|jjS)Nzdjango.contrib.sessions.) __class__rr"rrrkey_saltKs zSessionBase.key_saltcCs|j||Sr&)r(get)r"r*defaultrrrr;OszSessionBase.getcCs:|jp||jv|_||jurdn|f}|jj|g|RS)Nr)rr(_SessionBase__not_givenpop)r"r*r<argsrrrr>RszSessionBase.popcCs(||jvr |j|Sd|_||j|<|Sr2r3r4rrr setdefaultWs   zSessionBase.setdefaultcCs|j||j<dSr&)TEST_COOKIE_VALUETEST_COOKIE_NAMEr9rrrset_test_cookie_szSessionBase.set_test_cookiecCs||j|jkSr&)r;rBrAr9rrrtest_cookie_workedbszSessionBase.test_cookie_workedcCs ||j=dSr&)rBr9rrrdelete_test_cookiees zSessionBase.delete_test_cookiecCsd|jj}t||S)Nzdjango.contrib.sessions)r8rr hexdigest)r"r5r:rrr_hashhs zSessionBase._hashcCs*tjdkr ||Stj||j|jddS)zGReturn the given session dictionary serialized and encoded as a string.sha1T)saltr compress)rDEFAULT_HASHING_ALGORITHM_legacy_encoderdumpsr:r )r" session_dictrrrencodems   zSessionBase.encodec Csz tj||j|jdWStjy3z||WYSty2td}| diYYSwty@||YSw)N)rIr z!django.security.SuspiciousSessionSession data corrupted) rloadsr:r BadSignature_legacy_decode Exceptionlogging getLoggerwarning)r" session_dataloggerrrrdecodews     zSessionBase.decodecCs4||}||}t|d|dS)N:ascii)r rMrGbase64 b64encoderOrZ)r"rN serializedhashrrrrLs zSessionBase._legacy_encodec Cst|d}z |dd\}}||}t||s!td| |WSt yQ}zt |t rEt d|jj}|t|iWYd}~Sd}~ww)Nr\r[rPzdjango.security.%s)r] b64decoderOsplitrGr rZrr rQrT isinstancerrUrVr8rrWstr)r"rX encoded_datar`r_ expected_hasherYrrrrSs  zSessionBase._legacy_decodecCs|j|d|_dSr2)r(updater)r"dict_rrrris  zSessionBase.updatecCr%r&r'r)rrrhas_keyr,zSessionBase.has_keycC |jSr&)r(keysr9rrrrmr,zSessionBase.keyscCrlr&)r(valuesr9rrrrnr,zSessionBase.valuescCrlr&)r(itemsr9rrrror,zSessionBase.itemscCsi|_d|_d|_dSr2)_session_cacherrr9rrrclears zSessionBase.clearcCs(z |j o|j WStyYdSw)zBReturn True when there is no session_key and the session is empty.T)rrpAttributeErrorr9rrris_emptys  zSessionBase.is_emptycCs tdt}||s |Sq)z)Return session key that isn't being used.T )r VALID_KEY_CHARSexistsr!rrr_get_new_session_keys   z SessionBase._get_new_session_keycCs|jdur ||_|jSr&)rrwr9rrr_get_or_create_session_keys  z&SessionBase._get_or_create_session_keycCs|ot|dkS)z Key must be truthy and at least 8 characters long. 8 characters is an arbitrary lower bound for some minimal key security. )lenr)rrr_validate_session_keysz!SessionBase._validate_session_keycCs|jSr&)_SessionBase__session_keyr9rrr_get_session_keyzSessionBase._get_session_keycCs||r ||_dSd|_dS)zV Validate session key on assignment. Invalid values will set to None. N)r{r|r"r5rrr_set_session_keys   zSessionBase._set_session_keyFcCsLd|_z|jWSty%|jdus|ri|_Y|jS||_Y|jSw)z Lazily load session from storage (unless "no_load" is True, when only an empty dict is stored) and store it in the current instance. TN)rrprrr#load)r"no_loadrrr _get_sessions  zSessionBase._get_sessioncCstjSr&)rSESSION_COOKIE_AGEr9rrrget_session_cookie_ager~z"SessionBase.get_session_cookie_agecKsz|d}Wn tyt}Ynwz|d}Wnty(|d}Ynw|s/|St|ts6|S||}|jd|jS)zGet the number of seconds until the session expires. Optionally, this function accepts `modification` and `expiry` keyword arguments specifying the modification and expiry of the session. modificationexpiry_session_expiryiQ) KeyErrorrnowr;rrdrdaysseconds)r"kwargsrrdeltarrrget_expiry_ages       zSessionBase.get_expiry_agecKszz|d}Wn tyt}Ynwz|d}Wnty(|d}Ynwt|tr0|S|p5|}|t|dS)zGet session the expiry date (as a datetime object). Optionally, this function accepts `modification` and `expiry` keyword arguments specifying the modification and expiry of the session. rrr)r)rrrr;rdrrr)r"rrrrrrget_expiry_dates       zSessionBase.get_expiry_datecCsL|durz|d=WdStyYdSwt|tr t|}||d<dS)a* Set a custom expiration for the session. ``value`` can be an integer, a Python ``datetime`` or ``timedelta`` object or ``None``. If ``value`` is an integer, the session will expire after that many seconds of inactivity. If set to ``0`` then the session will expire on browser close. If ``value`` is a ``datetime`` or ``timedelta`` object, the session will expire at that specific future time. If ``value`` is ``None``, the session uses the global session expiry policy. Nr)rrdrrrrrrr set_expiry$s    zSessionBase.set_expirycCs"|ddur tjS|ddkS)a Return ``True`` if the session is set to expire when the browser closes, and ``False`` if there's an expiry date. Use ``get_expiry_date()`` or ``get_expiry_age()`` to find the actual expiry date/age, if there is one. rNr)r;rSESSION_EXPIRE_AT_BROWSER_CLOSEr9rrrget_expire_at_browser_close>sz'SessionBase.get_expire_at_browser_closecCs||d|_dS)zc Remove the current session data from the database and regenerate the key. N)rqdeleterr9rrrflushIs zSessionBase.flushcCs0|j}|j}|||_|r||dSdS)zU Create a new session key, while retaining the current session data. N)r(r#createrpr)r"datar*rrr cycle_keyRszSessionBase.cycle_keycCtd)zF Return True if the given session_key already exists. z9subclasses of SessionBase must provide an exists() methodNotImplementedErrorr!rrrrv_zSessionBase.existscCr)z Create a new session instance. Guaranteed to create a new object with a unique key and will have saved the result once (with empty data) before the method returns. z8subclasses of SessionBase must provide a create() methodrr9rrrrezSessionBase.createcCr)z Save the session data. If 'must_create' is True, create a new session object (or raise CreateError). Otherwise, only update an existing object and don't create one (raise UpdateError if needed). z6subclasses of SessionBase must provide a save() methodr)r" must_createrrrsavemrzSessionBase.savecCr)zx Delete the session data under this key. If the key is None, use the current session key value. z8subclasses of SessionBase must provide a delete() methodrr!rrrruszSessionBase.deletecCr)z@ Load the session data and return a dictionary. z6subclasses of SessionBase must provide a load() methodrr9rrrr|rzSessionBase.loadcCr)a Remove expired sessions from the session store. If this operation isn't possible on a given backend, it should raise NotImplementedError. If it isn't necessary, because the backend has a built-in expiration mechanism, it should be a no-op. z.This backend does not support clear_expired().r)clsrrr clear_expireds zSessionBase.clear_expiredr&)F)8rrrrrBrAobjectr=r$r+r1r6r7propertyr:r;r>r@rCrDrErGrOrZrLrSrirkrmrnrorqrsrwrxr{r}rr#rrr(rrrrrrrrvrrrr classmethodrrrrrr'sj             r)!r]rUstringr/rr django.confr"django.contrib.sessions.exceptionsr django.corerdjango.core.exceptionsr django.utilsrdjango.utils.cryptor r r django.utils.deprecationr django.utils.module_loadingr django.utils.translationrascii_lowercasedigitsrurTrrrrrrrs$