ó `¾Tc@sYdZddlZddlZddlmZmZddlmZddlmZm Z ddl m Z ddl m Z mZdd lmZmZdd lmZmZd „Zd efd „ƒYZdefd„ƒYZeƒZde efd„ƒYZdefd„ƒYZdefd„ƒYZdefd„ƒYZddlmZdS(s flask.sessions ~~~~~~~~~~~~~~ Implements cookie based sessions based on itsdangerous. :copyright: (c) 2012 by Armin Ronacher. :license: BSD, see LICENSE for more details. iÿÿÿÿN(t b64encodet b64decode(tdatetime(t http_datet parse_date(t CallbackDicti(tMarkuptjson(t iteritemst text_type(tURLSafeTimedSerializert BadSignaturecCs|jddd|jS(Ni<i(tdaystseconds(ttd((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyt total_secondsst SessionMixincBsAeZdZd„Zd„ZeeeƒZ[[eZe Z RS(svExpands a basic dictionary with an accessors that are expected by Flask extensions and users for the session. cCs|jdtƒS(Nt _permanent(tgettFalse(tself((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyt_get_permanent!scCst|ƒ|dKsužA byte string with non-ASCII data was passed to the session system which can only store unicode strings. Consider base64 encoding your string (String was %r)(t isinstancettupletuuidtUUIDthextbytesRtdecodetcallabletgetattrtNoneR R#tlistRRtdictRtstrt UnicodeErrortUnexpectedUnicodeError(Rtx(R'(sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyR'=s*$  t separatorst,t:(R9R:(Rtdumps(RR((R'sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyR;<scCsd„}tj|d|ƒS(NcSs£t|ƒdkr|Stt|ƒƒ\}}|dkrDt|ƒS|dkr]tj|ƒS|dkrst|ƒS|dkr‰t|ƒS|dkrŸt|ƒS|S(Nis ts us bs ms d( tlentnextRR)R*R+RRR(tobjtthe_keyt the_value((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyt object_hookXs          RA(Rtloads(RRRA((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyRBWs (RRRR;RB(((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyR!7s tSecureCookieSessioncBseZdZdd„ZRS(s/Baseclass for sessions based on signed cookies.cCs)d„}tj|||ƒt|_dS(NcSs t|_dS(N(RR (R((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyt on_updateqs(Rt__init__RR (RtinitialRD((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyREps N(RRRR1RE(((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyRCmst NullSessioncBs8eZdZd„ZeZZZZZZ Z [RS(s¤Class used to generate nicer error messages if sessions are not available. Will still allow read-only access to the empty session but fail on setting. cOstdƒ‚dS(Ns€the session is unavailable because no secret key was set. Set the secret_key on the application to something unique and secret.(t RuntimeError(Rtargstkwargs((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyt_fail}s( RRRRKt __setitem__t __delitem__tcleartpoptpopitemtupdatet setdefault(((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyRGws tSessionInterfacecBskeZdZeZeZd„Zd„Zd„Z d„Z d„Z d„Z d„Z d„Zd „ZRS( s´The basic interface you have to implement in order to replace the default session interface which uses werkzeug's securecookie implementation. The only methods you have to implement are :meth:`open_session` and :meth:`save_session`, the others have useful defaults which you don't need to change. The session object returned by the :meth:`open_session` method has to provide a dictionary like interface plus the properties and methods from the :class:`SessionMixin`. We recommend just subclassing a dict and adding that mixin:: class Session(dict, SessionMixin): pass If :meth:`open_session` returns `None` Flask will call into :meth:`make_null_session` to create a session that acts as replacement if the session support cannot work because some requirement is not fulfilled. The default :class:`NullSession` class that is created will complain that the secret key was not set. To replace the session interface on an application all you have to do is to assign :attr:`flask.Flask.session_interface`:: app = Flask(__name__) app.session_interface = MySessionInterface() .. versionadded:: 0.8 cCs |jƒS(sÉCreates a null session which acts as a replacement object if the real session support could not be loaded due to a configuration error. This mainly aids the user experience because the job of the null session is to still support lookup without complaining but modifications are answered with a helpful error message of what failed. This creates an instance of :attr:`null_session_class` by default. (tnull_session_class(Rtapp((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pytmake_null_session±s cCst||jƒS(sÊChecks if a given object is a null session. Null sessions are not asked to be saved. This checks if the object is an instance of :attr:`null_session_class` by default. (R(RT(RR>((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pytis_null_session½scCs«|jdd k r|jdS|jdd k r§d|jdjddƒd}|dkrgd }n|d k r£|j|ƒ}|dkr£|jdƒ}q£n|Sd S( sHelpful helper method that returns the cookie domain that should be used for the session cookie if session cookies are used. tSESSION_COOKIE_DOMAINt SERVER_NAMEt.R:iis .localhostt/N(tconfigR1trsplittget_cookie_pathtlstrip(RRUtrvtpath((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pytget_cookie_domainÆs !    cCs|jdp|jdpdS(sþReturns the path for which the cookie should be valid. The default implementation uses the value from the SESSION_COOKIE_PATH`` config var if it's set, and falls back to ``APPLICATION_ROOT`` or uses ``/`` if it's `None`. tSESSION_COOKIE_PATHtAPPLICATION_ROOTR[(R\(RRU((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyR^às cCs |jdS(s¥Returns True if the session cookie should be httponly. This currently just returns the value of the ``SESSION_COOKIE_HTTPONLY`` config var. tSESSION_COOKIE_HTTPONLY(R\(RRU((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pytget_cookie_httponlyéscCs |jdS(sŽReturns True if the cookie should be secure. This currently just returns the value of the ``SESSION_COOKIE_SECURE`` setting. tSESSION_COOKIE_SECURE(R\(RRU((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pytget_cookie_secureðscCs|jrtjƒ|jSdS(sA helper method that returns an expiration date for the session or `None` if the session is linked to the browser session. The default implementation returns now + the permanent session lifetime configured on the application. N(RRtutcnowtpermanent_session_lifetime(RRUtsession((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pytget_expiration_timeös cCs tƒ‚dS(s#This method has to be implemented and must either return `None` in case the loading failed because of a configuration error or an instance of a session object which implements a dictionary like interface + the methods and attributes on :class:`SessionMixin`. N(tNotImplementedError(RRUtrequest((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyt open_sessionÿscCs tƒ‚dS(sïThis is called for actual sessions returned by :meth:`open_session` at the end of the request. This is still called during a request context so if you absolutely need access to the request you can do that. N(Rm(RRURktresponse((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyt save_sessions(RRRRGRTRt pickle_basedRVRWRbR^RfRhRlRoRq(((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyRS†s    tSecureCookieSessionInterfacecBsPeZdZdZeejƒZdZe Z e Z d„Z d„Zd„ZRS(suThe default session interface that stores sessions in signed cookies through the :mod:`itsdangerous` module. scookie-sessionthmaccCsM|js dStd|jd|jƒ}t|jd|jd|jd|ƒS(Ntkey_derivationt digest_methodtsaltt serializert signer_kwargs(t secret_keyR1R3RuRvR RwRx(RRURy((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pytget_signing_serializer"s    cCs˜|j|ƒ}|dkrdS|jj|jƒ}|sD|jƒSt|jƒ}y&|j|d|ƒ}|j|ƒSWnt k r“|jƒSXdS(Ntmax_age( R{R1tcookiesRtsession_cookie_namet session_classRRjRBR (RRURntstvalR|tdata((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyRo-s   c CsÓ|j|ƒ}|j|ƒ}|sP|jrL|j|jd|d|ƒndS|j|ƒ}|j|ƒ}|j||ƒ}|j|ƒj t |ƒƒ} |j |j| d|d|d|d|d|ƒdS(NtdomainRatexpiresthttponlytsecure( RbR^R t delete_cookieR~RfRhRlR{R;R3t set_cookie( RRURkRpRƒRaR…R†R„R((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyRq;s  (RRRRwt staticmethodthashlibtsha1RvRutsession_json_serializerRxRCRR{RoRq(((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyRss (R6( RR*RŠtbase64RRRt werkzeug.httpRRtwerkzeug.datastructuresRtRRt_compatRR t itsdangerousR R RtobjectRR!RŒRCRGRSRstflask.debughelpersR6(((sT/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask/sessions.pyt s$   3  Š<