ó `¾Tc@sêdZddlZddlZddlmZddlmZddlmZddl m Z m Z ddl m Z mZddlmZdd lmZdd lmZdd l mZd efd „ƒYZdefd„ƒYZdS(s: werkzeug.contrib.securecookie ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This module implements a cookie that is not alterable from the client because it adds a checksum the server checks for. You can use it as session replacement if all you have is a user id or something to mark a logged in user. Keep in mind that the data is still readable from the client as a normal cookie is. However you don't have to store and flush the sessions you have at the server. Example usage: >>> from werkzeug.contrib.securecookie import SecureCookie >>> x = SecureCookie({"foo": 42, "baz": (1, 2, 3)}, "deadbeef") Dumping into a string so that one can store it in a cookie: >>> value = x.serialize() Loading from that string again: >>> x = SecureCookie.unserialize(value, "deadbeef") >>> x["baz"] (1, 2, 3) If someone modifies the cookie and the checksum is wrong the unserialize method will fail silently and return a new empty `SecureCookie` object. Keep in mind that the values will be visible in the cookie so do not store data in a cookie you don't want the user to see. Application Integration ======================= If you are using the werkzeug request objects you could integrate the secure cookie into your application like this:: from werkzeug.utils import cached_property from werkzeug.wrappers import BaseRequest from werkzeug.contrib.securecookie import SecureCookie # don't use this key but a different one; you could just use # os.urandom(20) to get something random SECRET_KEY = '\xfa\xdd\xb8z\xae\xe0}4\x8b\xea' class Request(BaseRequest): @cached_property def client_session(self): data = self.cookies.get('session_data') if not data: return SecureCookie(secret_key=SECRET_KEY) return SecureCookie.unserialize(data, SECRET_KEY) def application(environ, start_response): request = Request(environ, start_response) # get a response object here response = ... if request.client_session.should_save: session_data = request.client_session.serialize() response.set_cookie('session_data', session_data, httponly=True) return response(environ, start_response) A less verbose integration can be achieved by using shorthand methods:: class Request(BaseRequest): @cached_property def client_session(self): return SecureCookie.load_cookie(self, secret_key=COOKIE_SECRET) def application(environ, start_response): request = Request(environ, start_response) # get a response object here response = ... request.client_session.save_cookie(response) return response(environ, start_response) :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details. :license: BSD, see LICENSE for more details. iÿÿÿÿN(tnew(ttime(tsha1(t iteritemst text_type(turl_quote_plusturl_unquote_plus(t _date_to_unix(tModificationTrackingDict(t safe_str_cmp(t to_nativet UnquoteErrorcBseZdZRS(s6Internal exception used to signal failures on quoting.(t__name__t __module__t__doc__(((sc/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/contrib/securecookie.pyR ist SecureCookiec BsÂeZdZeeƒZeZeZ d d ed„Z d„Z e d„ƒZed„ƒZed„ƒZd d„Zed„ƒZedd d „ƒZdd d d d d d eed „ ZRS( sáRepresents a secure cookie. You can subclass this class and provide an alternative mac method. The import thing is that the mac method is a function with a similar interface to the hashlib. Required methods are update() and digest(). Example usage: >>> x = SecureCookie({"foo": 42, "baz": (1, 2, 3)}, "deadbeef") >>> x["foo"] 42 >>> x["baz"] (1, 2, 3) >>> x["blafasel"] = 23 >>> x.should_save True :param data: the initial data. Either a dict, list of tuples or `None`. :param secret_key: the secret key. If not set `None` or not specified it has to be set before :meth:`serialize` is called. :param new: The initial value of the `new` flag. cCsGtj||pdƒ|dk r1t|ƒ}n||_||_dS(N((Rt__init__tNonetbytest secret_keyR(tselftdataRR((sc/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/contrib/securecookie.pyR”s   cCs/d|jjtj|ƒ|jr'dp*dfS(Ns <%s %s%s>t*t(t __class__R tdictt__repr__t should_save(R((sc/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/contrib/securecookie.pyRs  cCs|jS(s‚True if the session should be saved. By default this is only true for :attr:`modified` cookies, not :attr:`new`. (tmodified(R((sc/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/contrib/securecookie.pyR¤scCsX|jdk r$|jj|ƒ}n|jrTdjtj|ƒjƒƒjƒ}n|S(sžQuote the value for the cookie. This can be any object supported by :attr:`serialization_method`. :param value: the value to quote. RN( tserialization_methodRtdumpst quote_base64tjointbase64t b64encodet splitlineststrip(tclstvalue((sc/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/contrib/securecookie.pytquote«s  'cCshyG|jrtj|ƒ}n|jdk rB|jj|ƒ}n|SWntk rctƒ‚nXdS(sœUnquote the value for the cookie. If unquoting does not work a :exc:`UnquoteError` is raised. :param value: the value to unquote. N(RR!t b64decodeRRtloadst ExceptionR (R%R&((sc/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/contrib/securecookie.pytunquote¸s  cCsö|jd krtdƒ‚n|r7t|ƒ|dR&t client_hash((sc/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/contrib/securecookie.pyt unserializeæsL    !     tsessioncCs5|jj|ƒ}|s%|d|ƒS|j||ƒS(sLoads a :class:`SecureCookie` from a cookie in request. If the cookie is not set, a new :class:`SecureCookie` instanced is returned. :param request: a request object that has a `cookies` attribute which is a dict of all cookie values. :param key: the name of the cookie. :param secret_key: the secret key used to unquote the cookie. Always provide the value even though it has no default! R(tcookiestgetRM(R%trequestR>RR((sc/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/contrib/securecookie.pyt load_cookies  t/c Cs_| s|jr[|j|p|ƒ} |j|| d|d|d|d|d|d| ƒndS(s=Saves the SecureCookie in a cookie on response object. All parameters that are not described here are forwarded directly to :meth:`~BaseResponse.set_cookie`. :param response: a response object that has a :meth:`~BaseResponse.set_cookie` method. :param key: the name of the cookie. :param session_expires: the expiration date of the secure cookie stored information. If this is not provided the cookie `expires` date is used instead. R;tmax_agetpathtdomaintsecurethttponlyN(RR?t set_cookie( RtresponseR>R;tsession_expiresRTRURVRWRXtforceR((sc/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/contrib/securecookie.pyt save_cookie/s N(R R Rt staticmethodt _default_hashR3tpickleRtTrueRRRRtpropertyRt classmethodR'R+R?RMRRRHR](((sc/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/contrib/securecookie.pyRms     7 (RR`R!R2RRthashlibRR_twerkzeug._compatRRt werkzeug.urlsRRtwerkzeug._internalRtwerkzeug.contrib.sessionsRtwerkzeug.securityR R R*R R(((sc/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/contrib/securecookie.pytZs