ó `¾Tc@sŠdZddlZddlZddlZddlZddlZddlmZddlm Z ddl m Z ddl m Z ddlmZmZmZmZmZmZmZdZd Zed ƒjZeed dƒZe ƒZed „ejj ejj!gDƒƒZ"d „Z#e#ƒZ$eddd„Z%eddd„Z&d„Z'd„Z(d„Z)ddd„Z*d„Z+d„Z,dS(sñ werkzeug.security ~~~~~~~~~~~~~~~~~ Security related helpers such as secure password hashing tools. :copyright: (c) 2014 by the Werkzeug Team, see AUTHORS for more details. :license: BSD, see LICENSE for more details. iÿÿÿÿN(tStruct(t SystemRandom(txor(tstarmap(t range_typetPY2t text_typetiziptto_bytest string_typest to_nativet>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789iès>Itcompare_digestccs!|]}|dkr|VqdS(t/N(NR (tNone(t.0tsep((sW/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/security.pys scCsmttddƒ}|dkr'd}ni}x9|D]1}tt|dƒ}|dk r4|||Žs(t ValueErrortjoinR(tlength((sW/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/security.pytgen_saltŠs c Cs¥|dkr||fSt|tƒr7|jdƒ}n|jdƒrÄ|djdƒ}t|ƒdkrztdƒ‚n|jd ƒ}|r¥t|d pŸd ƒp¨t }t }d ||f}n t }|}t j |ƒ}|dkrþtd |ƒ‚n|r4|std ƒ‚nt|||d |ƒ}ng|ryt|tƒr[|jdƒ}ntj|||ƒjƒ}n"|ƒ} | j|ƒ| jƒ}||fS(sInternal password hash helper. Supports plaintext without salt, unsalted and salted passwords. In case salted passwords are used hmac is used. tplainsutf-8spbkdf2:it:iis&Invalid number of arguments for PBKDF2is pbkdf2:%s:%dsinvalid method %rsSalt is required for PBKDF2R'(iiN(R1RR"t startswithtsplitR>RJtpoptinttDEFAULT_PBKDF2_ITERATIONStTrueR?R2tgetRt TypeErrorR(R3R4t hexdigestR*( tmethodR$tpasswordtargsR%t is_pbkdf2t actual_methodt hash_funcRR/((sW/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/security.pyt_hash_internal‘s<  "     s pbkdf2:sha1icCsG|dkrt|ƒpd}t|||ƒ\}}d|||fS(sîHash a password with the given method and salt with with a string of the given length. The format of the string returned includes the method that was used so that :func:`check_password_hash` can check the hash. The format for the hashed string looks like this:: method$salt$hash This method can **not** generate unsalted passwords but it is possible to set the method to plain to enforce plaintext passwords. If a salt is used, hmac is used internally to salt the password. If PBKDF2 is wanted it can be enabled by setting the method to ``pbkdf2:method:iterations`` where iterations is optional:: pbkdf2:sha1:2000$salt$hash pbkdf2:sha1$salt$hash :param password: the password to hash :param method: the hash method to use (one that hashlib supports), can optionally be in the format ``pbpdf2:[:iterations]`` to enable PBKDF2. :param salt_length: the length of the salt in letters RNREs%s$%s$%s(RMR_(RZRYt salt_lengthR$R/R]((sW/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/security.pytgenerate_password_hash¼scCsQ|jdƒdkrtS|jddƒ\}}}tt|||ƒd|ƒS(sÇcheck a password against a given salted and hashed password value. In order to support unsalted legacy passwords this method supports plain text passwords, md5 and sha1 hashes (both salted and unsalted). Returns `True` if the password matched, `False` otherwise. :param pwhash: a hashed string like returned by :func:`generate_password_hash` :param password: the plaintext password to compare against the hash t$ii(tcountR?RQRDR_(tpwhashRZRYR$thashval((sW/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/security.pytcheck_password_hashÚs cCshtj|ƒ}xtD]}||krdSqWtjj|ƒsQ|jdƒrUdStjj||ƒS(sÜSafely join `directory` and `filename`. If this cannot be done, this function returns ``None``. :param directory: the base directory. :param filename: the untrusted filename relative to that directory. s../N( t posixpathtnormpatht _os_alt_sepsRtostpathtisabsRPRK(t directorytfilenameR((sW/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/security.pyt safe_joinës  !(-t__doc__RjR3RRgR!tstructRtrandomRtoperatorRt itertoolsRtwerkzeug._compatRRRRRR R RHRTtpackR6RRR=RFtlistRkRtaltsepRiRR2R(R RDRMR_RaRfRo(((sW/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/werkzeug/security.pyt s8     4 ( '   +