B `D @sddlZddlZddlZddlZddlmZmZddlmZddl m Z ddl m Z m Z ddlmZddlmZmZdd Zd d ZGd d d Zed deZdddZd ddZe Z edde Z edddS)!N)JSONSerializerSignedSerializer) deprecated) implementer)check_csrf_origincheck_csrf_token)ISession)bytes_text_csfdd}j|_|S)zTDecorator which causes a cookie to be renewed when an accessor method is called.csDtt|_}|jdk r4||j|jkr4||f||S)N)inttimeaccessed _reissue_timerenewedchanged)sessionargkwnow)wrappedW/home/kop/projects/devel/pgwui/test_venv/lib/python3.7/site-packages/pyramid/session.pyr s  z!manage_accessed..accessed)__doc__)rr r)rrmanage_accesseds rcsfdd}j|_|S)zMDecorator which causes a cookie to be set when a setter method is called.cs&tt|_||f||S)N)r r r r)rrr)rrrr!szmanage_changed..changed)r)rrr)rrmanage_changeds rc@s.eZdZdZejfddZddZddZdS) PickleSerializera .. deprecated:: 2.0 .. warning:: In :app:`Pyramid` 2.0 the default ``serializer`` option changed to use :class:`pyramid.session.JSONSerializer`, and ``PickleSerializer`` has been been removed from active Pyramid code. Pyramid will require JSON-serializable objects in :app:`Pyramid` 2.0. Please see :ref:`upgrading_session_20`. A serializer that uses the pickle protocol to dump Python data to bytes. This was the default serializer used by Pyramid, but has been deprecated. ``protocol`` may be specified to control the version of pickle used. Defaults to :attr:`pickle.HIGHEST_PROTOCOL`. cCs ||_dS)N)protocol)selfrrrr__init__@szPickleSerializer.__init__cCs(y t|Stk r"tYnXdS)z(Accept bytes and return a Python object.N)pickleloads Exception ValueError)rZbstructrrrr Cs zPickleSerializer.loadscCst||jS)z(Accept a Python object and return bytes.)rdumpsr)rZ appstructrrrr#LszPickleSerializer.dumpsN) __name__ __module__ __qualname__rrHIGHEST_PROTOCOLrr r#rrrrr*s rzpyramid.session.PickleSerializer is deprecated as of Pyramid 2.0 for security concerns. Use pyramid.session.JSONSerializer or reference the narrative documentation for information on building a migration tool.r/FLaxTc s4ttG f dddt} | S)a) Configure a :term:`session factory` which will provide cookie-based sessions. The return value of this function is a :term:`session factory`, which may be provided as the ``session_factory`` argument of a :class:`pyramid.config.Configurator` constructor, or used as the ``session_factory`` argument of the :meth:`pyramid.config.Configurator.set_session_factory` method. The session factory returned by this function will create sessions which are limited to storing fewer than 4000 bytes of data (as the payload must fit into a single cookie). .. warning: This class provides no protection from tampering and is only intended to be used by framework authors to create their own cookie-based session factories. Parameters: ``serializer`` An object with two methods: ``loads`` and ``dumps``. The ``loads`` method should accept bytes and return a Python object. The ``dumps`` method should accept a Python object and return bytes. A ``ValueError`` should be raised for malformed inputs. ``cookie_name`` The name of the cookie used for sessioning. Default: ``'session'``. ``max_age`` The maximum age of the cookie used for sessioning (in seconds). Default: ``None`` (browser scope). ``path`` The path used for the session cookie. Default: ``'/'``. ``domain`` The domain used for the session cookie. Default: ``None`` (no domain). ``secure`` The 'secure' flag of the session cookie. Default: ``False``. ``httponly`` Hide the cookie from Javascript by setting the 'HttpOnly' flag of the session cookie. Default: ``False``. ``samesite`` The 'samesite' option of the session cookie. Set the value to ``None`` to turn off the samesite option. Default: ``'Lax'``. ``timeout`` A number of seconds of inactivity before a session times out. If ``None`` then the cookie never expires. This lifetime only applies to the *value* within the cookie. Meaning that if the cookie expires due to a lower ``max_age``, then this setting has no effect. Default: ``1200``. ``reissue_time`` The number of seconds that must pass before the cookie is automatically reissued as the result of a request which accesses the session. The duration is measured as the number of seconds since the last session cookie was issued and 'now'. If this value is ``0``, a new cookie will be reissued on every request accessing the session. If ``None`` then the cookie's lifetime will never be extended. A good rule of thumb: if you want auto-expired cookies based on inactivity: set the ``timeout`` value to 1200 (20 mins) and set the ``reissue_time`` value to perhaps a tenth of the ``timeout`` value (120 or 2 mins). It's nonsensical to set the ``timeout`` value lower than the ``reissue_time`` value, as the ticket will never be reissued. However, such a configuration is not explicitly prevented. Default: ``0``. ``set_on_exception`` If ``True``, set a session cookie even if an exception occurs while rendering a view. Default: ``True``. .. versionadded: 1.5a3 .. versionchanged: 1.10 Added the ``samesite`` option and made the default ``'Lax'``. csleZdZdZZdkrneZZZZ Z Z Z dkrH ne Z dkr\neZdZfddZddZdd ZeejZeejZeejZeejZeejZeejZeejZeejZeejZeejZeej Z eej!Z!eej"Z"eej#Z#eej$Z$edd d Z%edddZ&edddZ'eddZ(eddZ)fddZ*dS)z/BaseCookieSessionFactory..CookieSessionz Dictionary-like session object NFc s||_t}|}}d}d}i}|j|j}|dk rdyt|}Wntk rbd}YnX|dk ry&|\} } } t| }t| }| }d}Wnt tfk ri}YnX|j dk r|||j kri}||_ ||_ ||_ ||_t||dS)NTF)requestr cookiesget _cookie_namer r r"float TypeError_timeoutcreatedr rnewdictr) rr+rr2rr3valuestate cookievalrvalcvalZsval) serializerrrrs:    z8BaseCookieSessionFactory..CookieSession.__init__cs(js$d_fdd}j|dS)NTcs|d_dS)N) _set_cookier+)r+response)rrrset_cookie_callbacks zTBaseCookieSessionFactory..CookieSession.changed..set_cookie_callback)_dirtyr+Zadd_response_callback)rr=r)rrrs z7BaseCookieSessionFactory..CookieSession.changedcSs |dS)N)clear)rrrr invalidatesz:BaseCookieSessionFactory..CookieSession.invalidateTcSs*|d|g}|s||kr&||dS)N_f_) setdefaultappend)rmsgqueueZallow_duplicatestoragerrrflashs z5BaseCookieSessionFactory..CookieSession.flashcSs|d|g}|S)NrB)pop)rrFrGrrr pop_flash$sz9BaseCookieSessionFactory..CookieSession.pop_flashcSs|d|g}|S)NrB)r-)rrFrGrrr peek_flash)sz:BaseCookieSessionFactory..CookieSession.peek_flashcSs tttd}||d<|S)N_csrft_)r binasciihexlifyosurandom)rtokenrrrnew_csrf_token/sz>BaseCookieSessionFactory..CookieSession.new_csrf_tokencSs |dd}|dkr|}|S)NrM)r-rS)rrRrrrget_csrf_token5s z>BaseCookieSessionFactory..CookieSession.get_csrf_tokenc s|js t|jdd}|dk r dSt|j|jt|f}t|dkrXt dt||j |j ||j |j |j|j|j|jddS)N exceptionFiz,Cookie value is too long to store (%s bytes))r5max_agepathdomainsecurehttponlysamesiteT)_cookie_on_exceptiongetattrr+r r#r r2r4lenr" set_cookier._cookie_max_age _cookie_path_cookie_domain_cookie_secure_cookie_httponly_cookie_samesite)rr<rUr7)r:rrr;=s(   z;BaseCookieSessionFactory..CookieSession._set_cookie)rAT)rA)rA)+r$r%r&rr.r r`rarbrcrdrer\r1rr>rrr@rr4r- __getitem__itemsvalueskeys __contains____len____iter__rr?updaterCrIpopitem __setitem__ __delitem__rHrJrKrSrTr;r) cookie_namerXrZrVrW reissue_timer[rYr:set_on_exceptiontimeoutrr CookieSessionsN *                     ru)rrr4) r:rqrVrWrXrYrZr[rtrrrsrur) rqrXrZrVrWrrr[rYr:rsrtrBaseCookieSessionFactory\sb(rvsha512pyramid.session.c Cs<| dkrt} t|| | | d}t||||||||| | |d S)a Configure a :term:`session factory` which will provide signed cookie-based sessions. The return value of this function is a :term:`session factory`, which may be provided as the ``session_factory`` argument of a :class:`pyramid.config.Configurator` constructor, or used as the ``session_factory`` argument of the :meth:`pyramid.config.Configurator.set_session_factory` method. The session factory returned by this function will create sessions which are limited to storing fewer than 4000 bytes of data (as the payload must fit into a single cookie). Parameters: ``secret`` A string which is used to sign the cookie. The secret should be at least as long as the block size of the selected hash algorithm. For ``sha512`` this would mean a 512 bit (64 character) secret. It should be unique within the set of secret values provided to Pyramid for its various subsystems (see :ref:`admonishment_against_secret_sharing`). ``hashalg`` The HMAC digest algorithm to use for signing. The algorithm must be supported by the :mod:`hashlib` library. Default: ``'sha512'``. ``salt`` A namespace to avoid collisions between different uses of a shared secret. Reusing a secret for different parts of an application is strongly discouraged (see :ref:`admonishment_against_secret_sharing`). Default: ``'pyramid.session.'``. ``cookie_name`` The name of the cookie used for sessioning. Default: ``'session'``. ``max_age`` The maximum age of the cookie used for sessioning (in seconds). Default: ``None`` (browser scope). ``path`` The path used for the session cookie. Default: ``'/'``. ``domain`` The domain used for the session cookie. Default: ``None`` (no domain). ``secure`` The 'secure' flag of the session cookie. Default: ``False``. ``httponly`` Hide the cookie from Javascript by setting the 'HttpOnly' flag of the session cookie. Default: ``False``. ``samesite`` The 'samesite' option of the session cookie. Set the value to ``None`` to turn off the samesite option. Default: ``'Lax'``. ``timeout`` A number of seconds of inactivity before a session times out. If ``None`` then the cookie never expires. This lifetime only applies to the *value* within the cookie. Meaning that if the cookie expires due to a lower ``max_age``, then this setting has no effect. Default: ``1200``. ``reissue_time`` The number of seconds that must pass before the cookie is automatically reissued as the result of accessing the session. The duration is measured as the number of seconds since the last session cookie was issued and 'now'. If this value is ``0``, a new cookie will be reissued on every request accessing the session. If ``None`` then the cookie's lifetime will never be extended. A good rule of thumb: if you want auto-expired cookies based on inactivity: set the ``timeout`` value to 1200 (20 mins) and set the ``reissue_time`` value to perhaps a tenth of the ``timeout`` value (120 or 2 mins). It's nonsensical to set the ``timeout`` value lower than the ``reissue_time`` value, as the ticket will never be reissued. However, such a configuration is not explicitly prevented. Default: ``0``. ``set_on_exception`` If ``True``, set a session cookie even if an exception occurs while rendering a view. Default: ``True``. ``serializer`` An object with two methods: ``loads`` and ``dumps``. The ``loads`` method should accept bytes and return a Python object. The ``dumps`` method should accept a Python object and return bytes. A ``ValueError`` should be raised for malformed inputs. If a serializer is not passed, the :class:`pyramid.session.JSONSerializer` serializer will be used. .. warning:: In :app:`Pyramid` 2.0 the default ``serializer`` option changed to use :class:`pyramid.session.JSONSerializer`. See :ref:`upgrading_session_20` for more information about why this change was made. .. versionadded: 1.5a3 .. versionchanged: 1.10 Added the ``samesite`` option and made the default ``Lax``. .. versionchanged: 2.0 Changed the default ``serializer`` to be an instance of :class:`pyramid.session.JSONSerializer`. N)r:) rqrVrWrXrYrZr[rtrrrs)rrrv)secretrqrVrWrXrYrZr[rsrtrrZhashalgZsaltr:Zsigned_serializerrrrSignedCookieSessionFactory[s rzrznpyramid.session.check_csrf_origin is deprecated as of Pyramid 1.9. Use pyramid.csrf.check_csrf_origin instead.rzlpyramid.session.check_csrf_token is deprecated as of Pyramid 1.9. Use pyramid.csrf.check_csrf_token instead.) rNr(NFFr)r*rT) rNr(NFFr)Tr*rrwrxN)rNrPrr Z webob.cookiesrrZzope.deprecationrZzope.interfacerZ pyramid.csrfrrZpyramid.interfacesrZ pyramid.utilr r rrrrvrzrrrrsb    ' w