o Ò>h ã@s>ddlmZddlmZdZGdd„deƒZGdd„dƒZdS) é)Ú HiddenField)ÚValidationError)ÚCSRFTokenFieldÚCSRFcsHeZdZdZdZ‡fdd„Zdd„Zdd„Zd d „Z‡fd d „Z ‡Z S) raA A subclass of HiddenField designed for sending the CSRF token that is used for most CSRF protection schemes. Notably different from a normal field, this field always renders the current token regardless of the submitted value, and also will not be populated over to object data via populate_obj Ncs"| d¡|_tƒj|i|¤ŽdS)NÚ csrf_impl)ÚpoprÚsuperÚ__init__)ÚselfÚargsÚkw©Ú __class__©úQ/var/www/html/flask_server/venv/lib/python3.10/site-packages/wtforms/csrf/core.pyr s zCSRFTokenField.__init__cCs|jS)z… We want to always return the current token on render, regardless of whether a good or bad token was passed. )Ú current_token)r rrrÚ_valueszCSRFTokenField._valuecGsdS)z< Don't populate objects with the CSRF token Nr)r r rrrÚ populate_objszCSRFTokenField.populate_objcCs|j ||¡dS)z8 Handle validation of this token field. N)rÚvalidate_csrf_token)r ÚformrrrÚ pre_validate$szCSRFTokenField.pre_validatecs$tƒj|i|¤Ž|j |¡|_dS)N)rÚprocessrÚgenerate_csrf_tokenr)r r Úkwargsr rrr*szCSRFTokenField.process) Ú__name__Ú __module__Ú __qualname__Ú__doc__rr rrrrÚ __classcell__rrr rrs rc@s(eZdZeZdd„Zdd„Zdd„ZdS)rcCs$|j}|j}|jd|d}||fgS)aÆ Receive the form we're attached to and set up fields. The default implementation creates a single field of type :attr:`field_class` with name taken from the ``csrf_field_name`` of the class meta. :param form: The form instance we're attaching to. :return: A sequence of `(field_name, unbound_field)` 2-tuples which are unbound fields to be added to the form. z CSRF Token)Úlabelr)ÚmetaÚcsrf_field_nameÚ field_class)r rr Ú field_nameÚ unbound_fieldrrrÚ setup_form2s zCSRF.setup_formcCstƒ‚)aØ Implementations must override this to provide a method with which one can get a CSRF token for this form. A CSRF token is usually a string that is generated deterministically based on some sort of user data, though it can be anything which you can validate on a subsequent request. :param csrf_token_field: The field which is being used for CSRF. :return: A generated CSRF string. )ÚNotImplementedError)r Úcsrf_token_fieldrrrrEszCSRF.generate_csrf_tokencCs|j|jkr t| d¡ƒ‚dS)a> Override this method to provide custom CSRF validation logic. The default CSRF validation logic simply checks if the recently generated token equals the one we received as formdata. :param form: The form which has this CSRF token. :param field: The CSRF token field. zInvalid CSRF Token.N)rÚdatarÚgettext)r rÚfieldrrrrUs ÿzCSRF.validate_csrf_tokenN)rrrrr"r%rrrrrrr/s  rN)Úwtforms.fieldsrÚwtforms.validatorsrÚ__all__rrrrrrÚs (