|
Server : Apache System : Linux cvar2.toservers.com 3.10.0-962.3.2.lve1.5.73.el7.x86_64 #1 SMP Wed Aug 24 21:31:23 UTC 2022 x86_64 User : njnconst ( 1116) PHP Version : 8.4.18 Disable Function : NONE Directory : /usr/lib/python2.7/site-packages/werkzeug/ |
Upload File : |
�
./�_c�����������@���s���d��Z��d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�m�Z�d�d�l�m �Z �d�d�l
�m
�Z
�d�d�l
�m
�Z
�d�d�l
�m
�Z
�d�d �l
�m�Z�d�d
�l
�m�Z�d�d
�l
�m�Z�d
�Z�d
�Z�e �d���j�Z�e�e�d�d���Z�e����Z�e�d����e�j�j�e�j�j
�g�D����Z
�e�d�d�d���Z
�e�d�d�d���Z �d����Z �d����Z!�d����Z"�d����Z#�d�d�d���Z$�d����Z%�d����Z&�d�S(
���s����
werkzeug.security
~~~~~~~~~~~~~~~~~
Security related helpers such as secure password hashing tools.
:copyright: 2007 Pallets
:license: BSD-3-Clause
i����N(���t
���SystemRandom(���t���Structi���(���t���izip(���t���PY2(���t
���range_type(���t ���text_type(���t���to_bytes(���t ���to_nativet>���abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789i�I�s���>It���compare_digestc���������c���s!���|��]�}�|�d�k�r�|�Vq�d�S(���t���/N(���NR
���(���t���None(���t���.0t���sep(����(����s5���/tmp/pip-install-sTXtzD/Werkzeug/werkzeug/security.pys ���<genexpr>!���s����c���������C���s.���t��|��|�|�|�|���}�t�t�j�|�d�����S(���s)��Like :func:`pbkdf2_bin`, but returns a hex-encoded string.
.. versionadded:: 0.9
:param data: the data to derive.
:param salt: the salt for the derivation.
:param iterations: the number of iterations.
:param keylen: the length of the resulting key. If not provided,
the digest size will be used.
:param hashfunc: the hash function to use. This can either be the
string name of a known hash function, or a function
from the hashlib module. Defaults to sha256.
t ���hex_codec(���t
���pbkdf2_binR���t���codecst���encode(���t���datat���saltt
���iterationst���keylent���hashfunct���rv(����(����s5���/tmp/pip-install-sTXtzD/Werkzeug/werkzeug/security.pyt
���pbkdf2_hex%���s����c���������C���sp���|�s�d�}�n��t��|����}��t��|���}�t�|���rQ�|����}�t�|�d�d���}�n�|�}�t�j�|�|��|�|�|���S(���s���Returns a binary digest for the PBKDF2 hash algorithm of `data`
with the given `salt`. It iterates `iterations` times and produces a
key of `keylen` bytes. By default, SHA-256 is used as hash function;
a different hashlib `hashfunc` can be provided.
.. versionadded:: 0.9
:param data: the data to derive.
:param salt: the salt for the derivation.
:param iterations: the number of iterations.
:param keylen: the length of the resulting key. If not provided
the digest size will be used.
:param hashfunc: the hash function to use. This can either be the
string name of a known hash function or a function
from the hashlib module. Defaults to sha256.
t���sha256t���nameN(���R���t���callablet���getattrR
���t���hashlibt
���pbkdf2_hmac(���R���R���R���R���R���t
���_test_hasht ���hash_name(����(����s5���/tmp/pip-install-sTXtzD/Werkzeug/werkzeug/security.pyR���9���s����
c���������C���s����t��|��t���r!�|��j�d���}��n��t��|�t���rB�|�j�d���}�n��t�d�k �r[�t�|��|���St�|����t�|���k�rw�t�Sd�}�t�r��xh�t�|��|���D]&�\�}�}�|�t �|���t �|���AO}�q��Wn.�x+�t�|��|���D]�\�}�}�|�|�|�AO}�q��W|�d�k�S(���s����This function compares strings in somewhat constant time. This
requires that the length of at least one string is known in advance.
Returns `True` if the two strings are equal, or `False` if they are not.
.. versionadded:: 0.7
s���utf-8i����N(
���t
���isinstanceR���R���t���_builtin_safe_str_cmpR
���t���lent���FalseR���R���t���ord(���t���at���bR���t���xt���y(����(����s5���/tmp/pip-install-sTXtzD/Werkzeug/werkzeug/security.pyt
���safe_str_cmpZ���s
����
!
c���������C���s8���|��d�k�r�t��d�����n��d�j�d����t�|����D����S(���sA���Generate a random string of SALT_CHARS with specified ``length``.i����s
���Salt length must be positivet����c���������s���s
���|��]�}�t��j�t���Vq�d��S(���N(���t���_sys_rngt���choicet
���SALT_CHARS(���R
���t���_(����(����s5���/tmp/pip-install-sTXtzD/Werkzeug/werkzeug/security.pys ���<genexpr>|���s����(���t
���ValueErrort���joinR���(���t���length(����(����s5���/tmp/pip-install-sTXtzD/Werkzeug/werkzeug/security.pyt���gen_saltx���s����
c��� ��� ���C���sp��|��d�k�r�|�|��f�St��|�t���r7�|�j�d���}�n��|��j�d���r��|��d� j�d���}�t�|���d
�k�rz�t�d�����n��|�j�d ���}��|�r��t�|�d �p��d ���p��t �}�t
�}�d
�|��|�f�}�n
�t
�}�|��}�|�r|�s��t�d
�����n��t
�|�|�|�d
�|���}�n`�|�rNt��|�t���r-|�j�d���}�n��t
�|�|�|����}�|�j����}�n�t�j�|��|���j����}�|�|�f�S(���s����Internal password hash helper. Supports plaintext without salt,
unsalted and salted passwords. In case salted passwords are used
hmac is used.
t���plains���utf-8s���pbkdf2:i���t���:i���i���s&���Invalid number of arguments for PBKDF2i����s
���pbkdf2:%s:%ds���Salt is required for PBKDF2R���(���i���i���(���R!���R���R���t
���startswitht���splitR#���R0���t���popt���intt���DEFAULT_PBKDF2_ITERATIONSt���TrueR$���R���t
���_create_mact ���hexdigestR
���t���new( ���t���methodR���t���passwordt���argsR���t ���is_pbkdf2t
���actual_methodR���t���mac(����(����s5���/tmp/pip-install-sTXtzD/Werkzeug/werkzeug/security.pyt���_hash_internal���s2����
"c������������sM���t�������r �t�j�|��|������Sd����f�d���}�|�|�_�t�j�|��|�|���S(���NR+���c������������s���t��j����|����S(���N(���R
���R>���(���t���d(���R?���(����s5���/tmp/pip-install-sTXtzD/Werkzeug/werkzeug/security.pyR�������s����(���R���t���hmact���HMACt���__call__(���t���keyt���msgR?���R���(����(���R?���s5���/tmp/pip-install-sTXtzD/Werkzeug/werkzeug/security.pyR<�������s
����
s
���pbkdf2:sha256i���c���������C���sG���|�d�k�r�t��|���n�d�}�t�|�|�|����\�}�}�d�|�|�|�f�S(���s���Hash a password with the given method and salt with a string of
the given length. The format of the string returned includes the method
that was used so that :func:`check_password_hash` can check the hash.
The format for the hashed string looks like this::
method$salt$hash
This method can **not** generate unsalted passwords but it is possible
to set param method='plain' in order to enforce plaintext passwords.
If a salt is used, hmac is used internally to salt the password.
If PBKDF2 is wanted it can be enabled by setting the method to
``pbkdf2:method:iterations`` where iterations is optional::
pbkdf2:sha256:80000$salt$hash
pbkdf2:sha256$salt$hash
:param password: the password to hash.
:param method: the hash method to use (one that hashlib supports). Can
optionally be in the format ``pbkdf2:<method>[:iterations]``
to enable PBKDF2.
:param salt_length: the length of the salt in letters.
R4���R+���s���%s$%s$%s(���R3���RE���(���R@���R?���t
���salt_lengthR���t���hRC���(����(����s5���/tmp/pip-install-sTXtzD/Werkzeug/werkzeug/security.pyt���generate_password_hash����s����
c���������C���sQ���|��j��d���d�k��r�t�S|��j�d�d���\�}�}�}�t�t�|�|�|���d�|���S(���s���check a password against a given salted and hashed password value.
In order to support unsalted legacy passwords this method supports
plain text passwords, md5 and sha1 hashes (both salted and unsalted).
Returns `True` if the password matched, `False` otherwise.
:param pwhash: a hashed string like returned by
:func:`generate_password_hash`.
:param password: the plaintext password to compare against the hash.
t���$i���i����(���t���countR$���R7���R*���RE���(���t���pwhashR@���R?���R���t���hashval(����(����s5���/tmp/pip-install-sTXtzD/Werkzeug/werkzeug/security.pyt���check_password_hash����s����
c������������s����|��g�}�x��|�D]~�������d�k�r4�t��j���������n��t����f�d����t�D����s}�t�j�j������s}����d�k�s}����j�d���r��d�S|�j ������q�Wt��j
�|����S(���s2��Safely join zero or more untrusted path components to a base
directory to avoid escaping the base directory.
:param directory: The trusted base directory.
:param pathnames: The untrusted path components relative to the
base directory.
:return: A safe path, otherwise ``None``.
R+���c���������3���s���|��]�}�|����k�Vq�d��S(���N(����(���R
���R
���(���t���filename(����s5���/tmp/pip-install-sTXtzD/Werkzeug/werkzeug/security.pys ���<genexpr>����s����s���..s���../N(
���t ���posixpatht���normpatht���anyt
���_os_alt_sepst���ost���patht���isabsR6���R
���t���appendR1���(���t ���directoryt ���pathnamest���parts(����(���RT���s5���/tmp/pip-install-sTXtzD/Werkzeug/werkzeug/security.pyt ���safe_join����s����
('���t���__doc__R���R
���RG���RY���RU���t���randomR����t���structR���t���_compatR���R���R���R���R���R���R.���R:���t���packt ���_pack_intR
���R
���R"���R,���t���listRZ���R
���t���altsepRX���R���R���R*���R3���RE���R<���RN���RS���R`���(����(����(����s5���/tmp/pip-install-sTXtzD/Werkzeug/werkzeug/security.pyt���<module>
���s:���
%
%