3 7^o.@sddlZddlZddlZddlmZmZddlmZddlmZddl m Z ddl m Z ddl mZmZmZddlmZejejZGd d d eZGd d d eZGd ddZdS)N)datetime timedelta)settings)SuspiciousSession)SuspiciousOperation)timezone)constant_time_compareget_random_string salted_hmac) import_stringc@seZdZdZdS) CreateErrorz Used internally as a consistent exception type to catch from save (see the docstring for SessionBase.save() for details). N)__name__ __module__ __qualname____doc__rrG/tmp/pip-build-8app2_gc/Django/django/contrib/sessions/backends/base.pyr sr c@seZdZdZdS) UpdateErrorzF Occurs if Django tries to update a session that was deleted. N)r rrrrrrrrsrc@seZdZdZdZdZeZdTddZddZ d d Z d d Z d dZ dUddZ efddZddZddZddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/d0Zd1d2Zd3d4Zd5d6Z d7d8Z!e"e Z#e"e e!Z$dVd:d;Z%e"e%Z&dd?Z(d@dAZ)dBdCZ*dDdEZ+dFdGZ,dHdIZ-dJdKZ.dWdLdMZ/dXdNdOZ0dPdQZ1e2dRdSZ3dS)Y SessionBasez- Base class for all Session classes. Z testcookieZworkedNcCs"||_d|_d|_ttj|_dS)NF) _session_keyaccessedmodifiedr rZSESSION_SERIALIZER serializer)self session_keyrrr__init__,szSessionBase.__init__cCs ||jkS)N)_session)rkeyrrr __contains__2szSessionBase.__contains__cCs |j|S)N)r)rrrrr __getitem__5szSessionBase.__getitem__cCs||j|<d|_dS)NT)rr)rrvaluerrr __setitem__8s zSessionBase.__setitem__cCs|j|=d|_dS)NT)rr)rrrrr __delitem__<szSessionBase.__delitem__cCs|jj||S)N)rget)rrdefaultrrrr#@szSessionBase.getcCs8|jp||jk|_||jkr fn|f}|jj|f|S)N)rr_SessionBase__not_givenpop)rrr$argsrrrr&CszSessionBase.popcCs,||jkr|j|Sd|_||j|<|SdS)NT)rr)rrr rrr setdefaultHs    zSessionBase.setdefaultcCs|j||j<dS)N)TEST_COOKIE_VALUETEST_COOKIE_NAME)rrrrset_test_cookiePszSessionBase.set_test_cookiecCs|j|j|jkS)N)r#r*r))rrrrtest_cookie_workedSszSessionBase.test_cookie_workedcCs ||j=dS)N)r*)rrrrdelete_test_cookieVszSessionBase.delete_test_cookiecCsd|jj}t||jS)Nzdjango.contrib.sessions) __class__r r hexdigest)rr Zkey_saltrrr_hashYs zSessionBase._hashcCs4|jj|}|j|}tj|jd|jdS)zGReturn the given session dictionary serialized and encoded as a string.:ascii)rdumpsr0base64 b64encodeencodedecode)rZ session_dict serializedhashrrrr6]s zSessionBase.encodecCstj|jd}yD|jdd\}}|j|}t|j|sDtdn|jj |SWnJt k r}z.t |t rt jd|jj}|jt|iSd}~XnXdS)Nr2r1zSession data corruptedzdjango.security.%s)r4 b64decoder6splitr0rr7rrloads Exception isinstancerlogging getLoggerr.r warningstr)rZ session_dataZ encoded_datar9r8Z expected_hasheloggerrrrr7cs   zSessionBase.decodecCs|jj|d|_dS)NT)rupdater)rZdict_rrrrFus zSessionBase.updatecCs ||jkS)N)r)rrrrrhas_keyyszSessionBase.has_keycCs |jjS)N)rkeys)rrrrrH|szSessionBase.keyscCs |jjS)N)rvalues)rrrrrIszSessionBase.valuescCs |jjS)N)ritems)rrrrrJszSessionBase.itemscCsi|_d|_d|_dS)NT)_session_cacherr)rrrrclearszSessionBase.clearc Cs*y|j o|j Stk r$dSXdS)zBReturn True when there is no session_key and the session is empty.TN)rrKAttributeError)rrrris_emptyszSessionBase.is_emptycCs"xtdt}|j|s|SqWdS)z)Return session key that isn't being used. N)r VALID_KEY_CHARSexists)rrrrr_get_new_session_keys  z SessionBase._get_new_session_keycCs|jdkr|j|_|jS)N)rrR)rrrr_get_or_create_session_keys  z&SessionBase._get_or_create_session_keycCs|ot|dkS)z Key must be truthy and at least 8 characters long. 8 characters is an arbitrary lower bound for some minimal key security. )len)rrrrr_validate_session_keysz!SessionBase._validate_session_keycCs|jS)N)_SessionBase__session_key)rrrr_get_session_keyszSessionBase._get_session_keycCs|j|r||_nd|_dS)zV Validate session key on assignment. Invalid values will set to None. N)rVrW)rr rrr_set_session_keys zSessionBase._set_session_keyFc CsHd|_y|jStk r@|jdks*|r2i|_n |j|_YnX|jS)z Lazily load session from storage (unless "no_load" is True, when only an empty dict is stored) and store it in the current instance. TN)rrKrMrload)rZno_loadrrr _get_sessionszSessionBase._get_sessioncKsy |d}Wntk r(tj}YnXy |d}Wntk rT|jd}YnX|s`tjSt|tsn|S||}|jd|j S)zGet the number of seconds until the session expires. Optionally, this function accepts `modification` and `expiry` keyword arguments specifying the modification and expiry of the session. modificationexpiry_session_expiryiQ) KeyErrorrnowr#rSESSION_COOKIE_AGEr?rdaysseconds)rkwargsr\r]deltarrrget_expiry_ages   zSessionBase.get_expiry_agecKs|y |d}Wntk r(tj}YnXy |d}Wntk rT|jd}YnXt|trd|S|pltj}|t|dS)zGet session the expiry date (as a datetime object). Optionally, this function accepts `modification` and `expiry` keyword arguments specifying the modification and expiry of the session. r\r]r^)rc) r_rr`r#r?rrrar)rrdr\r]rrrget_expiry_dates    zSessionBase.get_expiry_datec CsN|dkr,y |d=Wntk r&YnXdSt|trBtj|}||d<dS)a* Set a custom expiration for the session. ``value`` can be an integer, a Python ``datetime`` or ``timedelta`` object or ``None``. If ``value`` is an integer, the session will expire after that many seconds of inactivity. If set to ``0`` then the session will expire on browser close. If ``value`` is a ``datetime`` or ``timedelta`` object, the session will expire at that specific future time. If ``value`` is ``None``, the session uses the global session expiry policy. Nr^)r_r?rrr`)rr rrr set_expirys   zSessionBase.set_expirycCs"|jddkrtjS|jddkS)a Return ``True`` if the session is set to expire when the browser closes, and ``False`` if there's an expiry date. Use ``get_expiry_date()`` or ``get_expiry_age()`` to find the actual expiry date/age, if there is one. r^Nr)r#rZSESSION_EXPIRE_AT_BROWSER_CLOSE)rrrrget_expire_at_browser_closesz'SessionBase.get_expire_at_browser_closecCs|j|jd|_dS)zc Remove the current session data from the database and regenerate the key. N)rLdeleter)rrrrflushszSessionBase.flushcCs,|j}|j}|j||_|r(|j|dS)zU Create a new session key, while retaining the current session data. N)rrcreaterKrj)rdatarrrr cycle_key#s zSessionBase.cycle_keycCs tddS)zF Return True if the given session_key already exists. z9subclasses of SessionBase must provide an exists() methodN)NotImplementedError)rrrrrrQ0szSessionBase.existscCs tddS)z Create a new session instance. Guaranteed to create a new object with a unique key and will have saved the result once (with empty data) before the method returns. z8subclasses of SessionBase must provide a create() methodN)ro)rrrrrl6szSessionBase.createcCs tddS)z Save the session data. If 'must_create' is True, create a new session object (or raise CreateError). Otherwise, only update an existing object and don't create one (raise UpdateError if needed). z6subclasses of SessionBase must provide a save() methodN)ro)rZ must_createrrrsave>szSessionBase.savecCs tddS)zx Delete the session data under this key. If the key is None, use the current session key value. z8subclasses of SessionBase must provide a delete() methodN)ro)rrrrrrjFszSessionBase.deletecCs tddS)z@ Load the session data and return a dictionary. z6subclasses of SessionBase must provide a load() methodN)ro)rrrrrZMszSessionBase.loadcCs tddS)a Remove expired sessions from the session store. If this operation isn't possible on a given backend, it should raise NotImplementedError. If it isn't necessary, because the backend has a built-in expiration mechanism, it should be a no-op. z.This backend does not support clear_expired().N)ro)clsrrr clear_expiredSs zSessionBase.clear_expired)N)N)F)F)N)4r rrrr*r)objectr%rrrr!r"r#r&r(r+r,r-r0r6r7rFrGrHrIrJrLrNrRrSrVrXrYpropertyrrr[rrfrgrhrirkrnrQrlrprjrZ classmethodrrrrrrr#s\           r)r4r@stringrrZ django.confrZ"django.contrib.sessions.exceptionsrZdjango.core.exceptionsrZ django.utilsrZdjango.utils.cryptorr r Zdjango.utils.module_loadingr ascii_lowercasedigitsrPr>r rrrrrrs