_vg ddlZddlZddlZddlZddlZddlZddlZddlZddlm Z m Z gdZ ej dZ dZdZdZd d d d d d dddZdZdZddZddZejdZdZdS)N)packerssettings) create_token detect_token parse_tokensesamei ^ctjdSttjtz }t jd|S)zi When SESAME_MAX_AGE is enabled, encode the time in seconds since the epoch. Return bytes. N!i)rMAX_AGEinttimeTIMESTAMP_OFFSETstructpack) timestamps M/var/www/pixelcanvas.ch/venv/lib/python3.11/site-packages/sesame/tokens_v2.pypack_timestamprs=sDIKK  #33I ;tY ' ''r ctjd|fStjd|dd|ddc\}}t t jt z |z |fS)z When SESAME_MAX_AGE is enabled, extract the timestamp and calculate the age. Return an age in seconds or None and the remaining bytes. Nr )rr runpackrrr)datars runpack_timestampr seTztT"1"X66QRRLY$ ty{{  . . :D @@r ,( ) pbkdf2_sha256 pbkdf2_sha1argon2 bcrypt_sha256bcryptsha1md5cryptcd}tjrc|j\|jdd} t|}||j| dz }n#t $r ||jz }YnwxYwtjr%|t||z }tj r#|j ||j z }| S)ay When the value returned by this method changes, this revokes tokens. It is derived from the hashed password so that changing the password revokes tokens. It may be derived from the email so that changing the email revokes tokens too. For one-time tokens, it also contains the last login datetime so that logging in revokes existing tokens. N$r) rINVALIDATE_ON_PASSWORD_CHANGEpassword partition HASH_SIZESKeyErrorINVALIDATE_ON_EMAIL_CHANGEgetattrget_email_field_nameONE_TIME last_login isoformatencode)userr algorithm hash_sizes rget_revocation_keyr<:s D2-/$-2KM++C003  /"9-I DM9*++. .DD " " " DM !DDD " *; d7799:::,T_8 ))+++ ;;==s AA/.A/cVtj|||dS)z+ Create a MAC with keyed hashing. ssesame.tokens_v2) digest_sizekeyperson)hashlibblake2bdigest)rr?sizes rsignrEss4 ?  "      fhh r r+ctjt|tj}t }t|}t||z|z| ztj tj }||z|z}tj |d}|S)z/ Create a v2 signed token for a user. =)rpackerpack_pkr3rPRIMARY_KEY_FIELDrr<rEr8 SIGNING_KEYSIGNATURE_SIZEbase64urlsafe_b64encoderstripdecode)r9scope primary_keyrrevocation_key signaturertokens rrrs .((x7Q)R)RSSK  I'--Ni.05<<>>AI  "Y .D  $T * * 1 1$ 7 7E <<>>r c|} tj|dt| dzzz}n+#t$rt dYdSwxYw tj |\}}n+#t$rt dYdSwxYw t|\}}n+#t$rt dYdSwxYwt|tj krt ddS| tj }nUtj t dn.t|t jr|}|#||krt d |dS||} | (t d tj|dS|dtj } t)| } tjD]w} t-| | z|z| tj } t/j|| r-|d krd nd |}t d| || cSx|d krd nd |}t d| |dS)z0 Obtain a user from a v2 signed token. rGrzBad token: cannot decode tokenNz%Bad token: cannot extract primary keyz#Bad token: cannot extract timestampz#Bad token: cannot extract signaturezHIgnoring max_age argument; it isn't supported when SESAME_MAX_AGE = NonezExpired token: age = %d secondsz!Unknown or inactive user: %s = %rr+zin default scopez in scope zValid token for user %s %szInvalid token for user %s %s)r8rMurlsafe_b64decodelen ExceptionloggerdebugrrH unpack_pkrrrLr warning isinstancedatetime timedelta total_secondsrJr<VERIFICATION_KEYSrEhmaccompare_digest)rUget_userrQmax_ageruser_pktimestamp_and_signatureagerTr9primary_key_and_timestamprSverification_keyexpected_signature log_scopes rrrs  LLNNE 'U a0H(HII  5666tt +2>+C+CD+I+I(((  <===tt)*ABBYY  :;;;tt 9~~000 :;;;t"   ! <     GX/ 0 0*'')) 3'>> 6<<<t 8G  D | /  &    t!%%?(?'?%? @'--N$6  ! % 6 G   #    y*< = = .3rkk**?R5?R?RI LL5tY G G GKKK  ',rkk""7J57J7JI LL/yAAA 4s5+A$A*)A*."B$B98B9=C$C87C8z[A-Za-z0-9-_]{4,}c:t|duS)z7 Tell whether token may be a v2 signed token. N)token_re fullmatch)rUs rrrs   e $ $D 00r )r+)r+N)rMr_rArcloggingrerrr+rr__all__ getLoggerrZrrrr0r<rErrcompilerorr rrwsH    9 9 9  8 $ $ ( ( ( A A A     666r   ,WWWW~ 2:* + +11111r