+
    TjAL                        R t ^ RIt^ RIt^ RIHt ^ RIHt ^ RIHt ^ RI	H
t
Ht ^ RIHtHt ^ RIHt ^ RIHt ^ R	IHtHt ^ R
IHt ^ RIHt ^ RIHt ^ RIHt ^ RIHt ]P@                  ! R4      t!]! R4      t"Rt#Rt$Rt%Rt&Rt'Rt(Rt)Rt*Rt+^ t,^],,          t-]P\                  ]P^                  ,           t0Rt1R t2R t3R t4R t5R t6R  t7R! t8 ! R" R#]94      t:R$ t;R% t< ! R& R']94      t= ! R( R)]4      t>R# )*z
Cross Site Request Forgery Middleware.

This module provides a middleware that implements protection
against request forgeries from other sites.
N)defaultdicturlsplit)settings)DisallowedHostImproperlyConfigured)HttpHeadersUnreadablePostError)get_callable)patch_vary_headers)constant_time_compareget_random_string)MiddlewareMixin)cached_propertyis_same_domain)log_response)_lazy_re_compilezdjango.security.csrfz[^a-zA-Z0-9]z?Origin checking failed - %s does not match any trusted origins.z%Referer checking failed - no Referer.z@Referer checking failed - %s does not match any trusted origins.zCSRF cookie not set.zCSRF token missing.z/Referer checking failed - Referer is malformed.zCReferer checking failed - Referer is insecure while host is secure.zhas incorrect lengthzhas invalid characters
_csrftokenc                 4    \        \        P                  4      # )z/Return the view to be used for CSRF rejections.)r
   r   CSRF_FAILURE_VIEW     K/var/www/idalgo/venv/lib/python3.14/site-packages/django/middleware/csrf.py_get_failure_viewr   2   s    2233r   c                  ,    \        \        \        R 7      # ))allowed_chars)r   CSRF_SECRET_LENGTHCSRF_ALLOWED_CHARSr   r   r   _get_new_csrf_stringr   7   s    /?QRRr   c                   a \        4       p\        o\        V3R lV  4       V3R lV 4       4      pRP                  V3R lV 4       4      pW,           # )z
Given a secret (assumed to be a string of CSRF_ALLOWED_CHARS), generate a
token by adding a mask and applying it to the secret.
c              3   F   <"   T F  pSP                  V4      x  K  	  R # 5iNindex.0xcharss   & r   	<genexpr>&_mask_cipher_secret.<locals>.<genexpr>B   s     0AQ   !c              3   F   <"   T F  pSP                  V4      x  K  	  R # 5ir"   r#   r%   s   & r   r)   r*   B   s     2P4a5;;q>>4r+    c              3   f   <"   T F&  w  rSW,           \        S4      ,          ,          x  K(  	  R # 5ir"   )lenr&   r'   yr(   s   &  r   r)   r*   C   s&     CUTQUAESZ/00Us   .1)r   r   zipjoin)secretmaskpairscipherr(   s   &   @r   _mask_cipher_secretr8   ;   sF    
  !DE002P42PQEWWCUCCF=r   c                   a V R\          pV \         R p \        o\        V3R lV  4       V3R lV 4       4      pRP                  V3R lV 4       4      # )z
Given a token (assumed to be a string of CSRF_ALLOWED_CHARS, of length
CSRF_TOKEN_LENGTH, and that its first half is a mask), use it to decrypt
the second half to produce the original secret.
Nc              3   F   <"   T F  pSP                  V4      x  K  	  R # 5ir"   r#   r%   s   & r   r)   '_unmask_cipher_token.<locals>.<genexpr>P   s     /AQr+   c              3   F   <"   T F  pSP                  V4      x  K  	  R # 5ir"   r#   r%   s   & r   r)   r;   P   s     1O$Q%++a..$r+   r-   c              3   F   <"   T F  w  rSW,
          ,          x  K  	  R # 5ir"   r   r0   s   &  r   r)   r;   Q   s     2EDA5<<Er+   )r   r   r2   r3   )tokenr5   r6   r(   s   &  @r   _unmask_cipher_tokenr?   G   sS     $$%D$%&EE//1O$1OPE772E222r   c                X    \        4       pV P                  P                  RVRR/4       V# )zDGenerate a new random CSRF_COOKIE value, and add it to request.META.CSRF_COOKIECSRF_COOKIE_NEEDS_UPDATET)r   METAupdaterequestcsrf_secrets   & r   _add_new_csrf_cookierH   T   s3    &(KLL;&	
 r   c                    RV P                   9   d$   V P                   R,          pRV P                   R&   M\        V 4      p\        V4      # )a  
Return the CSRF token required for a POST form. The token is an
alphanumeric value. A new token is created if one is not already set.

A side effect of calling this function is to make the csrf_protect
decorator and the CsrfViewMiddleware add a CSRF cookie and a 'Vary: Cookie'
header to the outgoing response. For this reason, you may need to use this
function lazily, as is done by the csrf context processor.
rA   TrB   )rC   rH   r8   rE   s   & r   	get_tokenrJ   `   sD     $ll=1 48/0*73{++r   c                    \        V 4       R# )z]
Change the CSRF token in use for a request - should be done on login
for security purposes.
N)rH   )rF   s   &r   rotate_tokenrL   u   s    
 !r   c                   &   a  ] tR t^}t o R tRtV tR# )InvalidTokenFormatc                    Wn         R # r"   reasonselfrQ   s   &&r   __init__InvalidTokenFormat.__init__~       r   rP   N__name__
__module____qualname____firstlineno__rT   __static_attributes____classdictcell____classdict__s   @r   rN   rN   }         r   rN   c                    \        V 4      \        \        39  d   \        \        4      h\
        P                  V 4      '       d   \        \        4      hR# )z
Raise an InvalidTokenFormat error if the token has an invalid length or
characters that aren't allowed. The token argument can be a CSRF cookie
secret or non-cookie CSRF token, and either masked or unmasked.
N)r/   CSRF_TOKEN_LENGTHr   rN   REASON_INCORRECT_LENGTHinvalid_token_chars_researchREASON_INVALID_CHARACTERS)r>   s   &r   _check_token_formatrg      sE     5z+-?@@ !899$$U++ !:;; ,r   c                    \        V 4      \        8X  d   \        V 4      p \        V 4      \        8X  g   Q h\	        W4      # )ag  
Return whether the given CSRF token matches the given CSRF secret, after
unmasking the token if necessary.

This function assumes that the request_csrf_token argument has been
validated to have the correct length (CSRF_SECRET_LENGTH or
CSRF_TOKEN_LENGTH characters) and allowed characters, and that if it has
length CSRF_TOKEN_LENGTH, it is a masked secret.
)r/   rb   r?   r   r   )request_csrf_tokenrG   s   &&r   _does_token_matchrj      s@     "3312DE!"&8888 !3AAr   c                   &   a  ] tR t^t o R tRtV tR# )RejectRequestc                    Wn         R # r"   rP   rR   s   &&r   rT   RejectRequest.__init__   rV   r   rP   NrW   r^   s   @r   rl   rl      r`   r   rl   c                      a  ] tR t^t o Rt]R 4       t]R 4       t]R 4       tR t	R t
R tR tR	 tR
 tR tR tR tR tR tRtV tR# )CsrfViewMiddlewarez
Require a present and correct csrfmiddlewaretoken for POST requests that
have a CSRF cookie, and set an outgoing CSRF cookie.

This middleware should be used in conjunction with the {% csrf_token %}
template tag.
c                    \         P                   Uu. uF'  p\        V4      P                  P	                  R 4      NK)  	  up# u upi *)r   CSRF_TRUSTED_ORIGINSr   netloclstriprS   origins   & r   csrf_trusted_origins_hosts-CsrfViewMiddleware.csrf_trusted_origins_hosts   sE     #77
7 V##**3/7
 	
 
s   -Ac                ^    \         P                   Uu0 uF  pR V9  g   K  VkK  	  up# u upi rr   )r   rt   rw   s   & r   allowed_origins_exact(CsrfViewMiddleware.allowed_origins_exact   s,    %-%B%BX%B6cQWFW%BXXXs   	**c                    \        \        4      pR \        P                   4        F=  pWP                  ,          P                  VP                  P                  R4      4       K?  	  V# )zj
A mapping of allowed schemes to list of allowed netlocs, where all
subdomains of the netloc are allowed.
c              3   J   "   T F  pR V9   g   K  \        V4      x  K  	  R# 5i)rs   Nr   )r&   rx   s   & r   r)   ?CsrfViewMiddleware.allowed_origin_subdomains.<locals>.<genexpr>   s(      
7f} HV7s   	##rs   )r   listr   rt   schemeappendru   rv   )rS   allowed_origin_subdomainsparseds   &  r   r   ,CsrfViewMiddleware.allowed_origin_subdomains   sX     %0$5!
"77
F
 &mm4;;FMM<P<PQT<UV
 )(r   c                    R Vn         R# )TN)csrf_processing_done)rS   rF   s   &&r   _acceptCsrfViewMiddleware._accept   s     (,$r   c           	     f    \        4       ! WR 7      p\        RVVP                  VV\        R7       V# )rP   zForbidden (%s): %s)responserF   logger)r   r   pathr   )rS   rF   rQ   r   s   &&& r   _rejectCsrfViewMiddleware._reject   s4    $&w> LL	
 r   c                r   \         P                  '       d"    VP                  P                  \        4      pM- VP                  \         P                  ,          p\        V4       Vf   R# \        V4      \        8X  d   \        V4      pV#   \
         d    \        R4      hi ; i  \         d    Rp LPi ; i)z
Return the CSRF secret originally associated with the request, or None
if it didn't have one.

If the CSRF_USE_SESSIONS setting is false, raises InvalidTokenFormat if
the request's secret has invalid characters or an invalid length.
zCSRF_USE_SESSIONS is enabled, but request.session is not set. SessionMiddleware must appear before CsrfViewMiddleware in MIDDLEWARE.N)r   CSRF_USE_SESSIONSsessiongetCSRF_SESSION_KEYAttributeErrorr   COOKIESCSRF_COOKIE_NAMErg   KeyErrorr/   rb   r?   rS   rF   rG   s   && r   _get_secretCsrfViewMiddleware._get_secret   s     %%%%oo112BC1%ooh.G.GH
 $K0{00.{;K' " *%   #"#s   B !B& B#&B65B6c                   \         P                  '       d^   VP                  P                  \        4      VP
                  R ,          8w  d'   VP
                  R ,          VP                  \        &   R# R# VP                  \         P                  VP
                  R ,          \         P                  \         P                  \         P                  \         P                  \         P                  \         P                  R7       \        VR4       R# )rA   )max_agedomainr   securehttponlysamesiteN)Cookie)r   r   r   r   r   rC   
set_cookier   CSRF_COOKIE_AGECSRF_COOKIE_DOMAINCSRF_COOKIE_PATHCSRF_COOKIE_SECURECSRF_COOKIE_HTTPONLYCSRF_COOKIE_SAMESITEr   rS   rF   r   s   &&&r   _set_csrf_cookie#CsrfViewMiddleware._set_csrf_cookie   s    %%%""#34]8SS4;LL4O 01 T ))]+ 0022..22!66!66   	 x5r   c                .  a VP                   R ,          p VP                  4       pVP                  4       '       d   RMR: RV: 2pW$8X  d   R#  W P                  9   d   R#  \        V4      pTP                  pTP                  o\        ;QJ d9    T3R lT P                  P                  TR4       4       F  '       g   K   R# 	  R# ! T3R lT P                  P                  TR4       4       4      #   \         d     Li ; i  \         d     R# i ; i)HTTP_ORIGINhttpshttpz://TFc              3   <   <"   T F  p\        SV4      x  K  	  R # 5ir"   r   )r&   hostparsed_origin_netlocs   & r   r)   6CsrfViewMiddleware._origin_verified.<locals>.<genexpr>$  s#      
T /66Ts   r   )rC   get_host	is_securer   r|   r   
ValueErrorr   ru   anyr   r   )rS   rF   request_origin	good_hostgood_originparsed_originparsed_origin_schemer   s   &&     @r   _origin_verified#CsrfViewMiddleware._origin_verified  s    m4
	((*I
 #,,..F:K , -777	$^4M  -33,33s 
66::;OQST
ss 	
s 	
s 
66::;OQST
 
 	
#  		  		s#   C4 #D 4DDDDc                  a VP                   P                  R 4      oSf   \        \        4      h \	        S4      oRSP                  SP                  39   d   \        \        4      hSP                  R8w  d   \        \        4      h\        ;QJ d)    T3R lT P                   4       F  '       g   K   RM	  RM! T3R lT P                   4       4      '       d   R# \        P                  '       d   \        P                  M\        P                  pTf    TP!                  4       pM TP)                  4       pTR9  d
   T: RT: 2p\+        SP                  T4      '       g%   \        \$        SP'                  4       ,          4      hR#   \
         d    \        \        4      hi ; i  \"         d&    \        \$        SP'                  4       ,          4      hi ; i)	HTTP_REFERERNr-   r   c              3   P   <"   T F  p\        SP                  V4      x  K  	  R # 5ir"   )r   ru   )r&   r   referers   & r   r)   4CsrfViewMiddleware._check_referer.<locals>.<genexpr>;  s&      
7 7>>4007s   #&TF:)44380)rC   r   rl   REASON_NO_REFERERr   r   REASON_MALFORMED_REFERERr   ru   REASON_INSECURE_REFERERr   ry   r   r   SESSION_COOKIE_DOMAINr   r   r   REASON_BAD_REFERERgeturlget_portr   )rS   rF   good_refererserver_portr   s   &&  @r   _check_referer!CsrfViewMiddleware._check_referer)  s   ,,"">2? 122	:w'G
 '..'..11 899 >>W$ 7883 
77
333 
77
 
 
  ))) **,, 	
 K&//1 "**,K-/*6Dgnnl;; 2W^^5E EFF <G  	: 899	:8 " K#$69I$IJJKs   F F* F'*0Gc                \    VR 8w  d   \         P                  ! V4      pRV: R2pRV RV R2# )POSTzthe z HTTP headerzCSRF token from  .)r   parse_header_name)rS   rQ   token_sourceheader_names   &&& r   _bad_token_message%CsrfViewMiddleware._bad_token_messageV  s=    6!%77EK!+=L!,q::r   c                    V P                  V4      pTf   \        \        4      hRpTP
                  R8X  d    TP                  P                  RR4      pTR8X  d4    TP                  \        P                  ,          p\        P                  pMRp \        T4       \!        YB4      '       g   T P                  RT4      p\        T4      hR#   \         d   p\        R TP                   R24      hRp?ii ; i  \         d     Li ; i  \         d    \        \        4      hi ; i  \         d-   pT P                  TP                  T4      p\        T4      hRp?ii ; i)zCSRF cookie r   Nr-   r   csrfmiddlewaretoken	incorrect)r   rN   rl   rQ   REASON_NO_CSRF_COOKIEmethodr   r   r	   rC   r   CSRF_HEADER_NAMEr   REASON_CSRF_TOKEN_MISSINGrg   r   rj   )rS   rF   rG   excri   r   rQ   s   &&     r   _check_tokenCsrfViewMiddleware._check_token]  sc   	>**73K    566  >>V#%,\\%5%56KR%P" #?
 &-\\(2K2K%L" $44L!L	( 23
 !!3AA,,[,GF'' BU " 	>,szzl! <==	> ' 
    ?#$=>>? " 	(,,SZZFF''	(sL   C C: !D D) C7C22C7:DDD&)E 4'EE c                     V P                  V4      pVe   W!P                  R&   R # R #   \         d    \        T4        R # i ; i)NrA   )r   rC   rN   rH   r   s   && r   process_request"CsrfViewMiddleware.process_request  sK    
	:**73K &
 /:]+ ' " 	* )	*s   ) AAc                   \        VR R4      '       d   R# \        VRR4      '       d   R# VP                  R9   d   V P                  V4      # \        VRR4      '       d   V P                  V4      # RVP                  9   dG   V P	                  V4      '       g/   V P                  V\        VP                  R,          ,          4      # M(VP                  4       '       d    V P                  V4        V P                  V4       T P                  T4      #   \         d&   pT P                  YP                  4      u Rp?# Rp?ii ; i  \         d&   pT P                  YP                  4      u Rp?# Rp?ii ; i)r   FNcsrf_exempt_dont_enforce_csrf_checksr   )GETHEADOPTIONSTRACE)getattrr   r   rC   r   r   REASON_BAD_ORIGINr   r   rl   rQ   r   )rS   rF   callbackcallback_argscallback_kwargsr   s   &&&&& r   process_viewCsrfViewMiddleware.process_view  sB   72E:: 8]E22 >>@@<<((77??
 <<(( GLL(((11||.m1LL  2   $9##G,	5g& ||G$$ ! 9||GZZ889
  	5<<44	5s<   D 1E ED>8E>EE6E1+E61E6c                    VP                   P                  R 4      '       d!   V P                  W4       RVP                   R &   V# )rB   F)rC   r   r   r   s   &&&r   process_response#CsrfViewMiddleware.process_response  s<    <<677!!'4 8=GLL34r   r   N)rX   rY   rZ   r[   __doc__r   ry   r|   r   r   r   r   r   r   r   r   r   r   r   r   r\   r]   r^   s   @r   rp   rp      s      
 
 Y Y ) ) 
@6$
4+GZ;2(h:8%t r   rp   )?r   loggingstringcollectionsr   urllib.parser   django.confr   django.core.exceptionsr   r   django.httpr   r	   django.urlsr
   django.utils.cacher   django.utils.cryptor   r   django.utils.deprecationr   django.utils.functionalr   django.utils.httpr   django.utils.logr   django.utils.regex_helperr   	getLoggerr   rd   r   r   r   r   r   r   r   rc   rf   r   rb   ascii_lettersdigitsr   r   r   r   r8   r?   rH   rJ   rL   	ExceptionrN   rg   rj   rl   rp   r   r   r   <module>r     s     # !   G 8 $ 1 H 4 3 , ) 6			1	2).9 U ; W . 1 L I  1 4  ** ))FMM9  4
S	
3	,*" 

<B"I 
 r   