o _6d@s<dZddlmZddlmZmZmZddlm Z m Z zddl m Z ddl m Z Wney=ddlm Z ddlm Z YnwddlmZddlmZdd lZdd lZdd lZeeZdd lZdd lZdd lZdd lZdd lZerzdd l Z Wneyd Z d Z!Ynwdd l Z dd l"Z"e rdd l#Z#zdd l$Z$Wn eyd Z$Ynwdd l%Z%dd l&Z&dd l'm(Z(dd l)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6dd l7m8Z8m9Z9m:Z:m;Z;mZ>m?Z?ddlm@Z@mAZAmBZBmCZCmDZDmEZEmFZFmGZGmHZHmIZImJZJmKZKmLZLmMZMmNZNmOZOmPZPgdZQeReeFrejSnejTddZUgdZVddgZWddl=mXZXdZYeGdZZeGdZ[eRej\]dpCdZ^Gddde_Z`eFraejajbZcedecejajegZfddZgnd dZg ! !dd"d#Zhd$d%Zid&d'ZjejZkzdd(llmmZjWn eyYnwdd*d+Zndd-d.Zoe d urdd/d.Zod0d1ZpeFrd2d3Zqd4d5Zrndd6lmsZsmtZtd7d3Zqd8d5Zre@eqd9e@erd:d;d<Zud=d>Zvd?d@ZwdAZxeGdBZyddCdDZzdEdFZ{dGZ|e|}dHZ~dIdJZdKdLZdMZeGdNZdOdPZddRdSZddTdUZeFrddVdWZnddXdWZe@edYe8dZd[d\dd]d^Zedd_Zedd`ZedddagZddcddZdedfZzddglmZWney^d Zd!Zd!Zd!Zd ZdhdiZYnWwdjZdBZe$rePrdkejkrvdlkrnne$ZdjZn ddmlmZeZd!ZeGdnZeFrdjZzedodpWneyd!ZYnYdqdiZndjZdrdiZe@edsdtduZe%jZeZdvdwZz edxdjZWn eyd!ZYnwddydzZereZneeZd{d|Zd}d~ZdZe8d[ddddefddZdZddZdZddZddZddZd S)z4passlib.utils -- helpers for writing password hashes)JYTHON) b2a_base64 a2b_base64Error) b64encode b64decode)Sequence)Iterable)lookup)update_wrapperNznot present under Jython)warn) BASE64_CHARS AB64_CHARS HASH64_CHARS BCRYPT_CHARS Base64EngineLazyBase64Engineh64h64bigbcrypt64 ab64_encode ab64_decode b64s_encode b64s_decode)deprecated_functiondeprecated_methodmemoized_property classproperty hybrid_method)ExpectedStringErrorExpectedTypeError)add_doc join_bytesjoin_byte_valuesjoin_byte_elemsirangeimapPY3u join_unicodeunicodebyte_elem_value nextgetterunicode_or_strunicode_or_bytes_typesget_method_functionsuppress_causePYPY)rsys_bitsunix_crypt_schemesrounds_cost_valuesconsteqsaslprep xor_bytes render_bytes is_same_codec is_ascii_safeto_bytes to_unicode to_native_str has_crypt test_crypt safe_crypttickrng getrandbytes getrandstrgenerate_passwordis_crypt_handleris_crypt_contexthas_rounds_info has_salt_infog?)Z sha512_cryptZ sha256_cryptZ sha1_cryptZbcryptZ md5_cryptZ bsdi_cryptZ des_cryptZlinearlog2)MissingBackendError ZPASSLIB_MAX_PASSWORD_SIZEic@sHeZdZdZddZddZddZdd Zd d Zd d Z ddZ dS) SequenceMixinz helper which lets result object act like a fixed-length sequence. subclass just needs to provide :meth:`_as_tuple()`. cCstd)Nzimplement in subclass)NotImplementedErrorselfrTmC:\Users\jesus\OneDrive\Desktop\erpjis_fastapi\backend\jisbackend\Lib\site-packages\passlib/utils/__init__.py _as_tupleszSequenceMixin._as_tuplecC t|SN)reprrVrRrTrTrU__repr__ zSequenceMixin.__repr__cCs ||SrXrV)rSidxrTrTrU __getitem__r[zSequenceMixin.__getitem__cCrWrX)iterrVrRrTrTrU__iter__r[zSequenceMixin.__iter__cCrWrX)lenrVrRrTrTrU__len__r[zSequenceMixin.__len__cCs ||kSrXr\rSotherrTrTrU__eq__r[zSequenceMixin.__eq__cCs || SrX)rercrTrTrU__ne__r[zSequenceMixin.__ne__N) __name__ __module__ __qualname____doc__rVrZr^r`rbrerfrTrTrTrUrPs rPcCsJtt|j}|s dS||}|r|jtvrdS|t|djtkS)*test if function accepts specified keywordFT) inspect signaturer/ parametersgetkind _VAR_ANY_SETlist _VAR_KEYWORD)funckeyparamsargrTrTrUaccepts_keywords rycCs"tt|}||jvp|jduS)rkN)rm getargspecr/argskeywords)rurvspecrTrTrUrysFc s2t|tr|g}t|j}|r,t|tr|g}|D]|r"|vr"q|vr+|q|r|D]]tfdd|Dr>q0|r^t|D]\}} t| rOn|rXt| |rXnqDt|}n)|rtt |D]\} } t| |rt|| }||d| ksJnqfd}nd}| |q0|st ||_dSdS)a helper to update mixin classes installed in target class. :param target: target class whose bases will be modified. :param add: class / classes to install into target's base class list. :param remove: class / classes to remove from target's base class list. :param append: by default, prepends mixins to front of list. if True, appends to end of list instead. :param after: optionally make sure all mixins are inserted after this class / classes. :param before: optionally make sure all mixins are inserted before this class / classes. :param dryrun: optionally perform all calculations / raise errors, but don't actually modify the class. c3s|]}t|VqdSrX) issubclass).0baseZmixinrTrU z'update_mixin_classes..rN) isinstancetypers __bases__removeany enumerater~rareversedinserttuple) targetaddrappendbeforeafterZdryrunbasesr]rZend_idxrTrrUupdate_mixin_classessN        rccs|dkr tdt|tr-t|}d}||kr+||}|||V|}||ksdSdSt|trWt|} t||}zt|}Wn t yMYdSwt |f|Vq7t d)z8 split iterable into chunks of elements. rzsize must be positive integerrTzsource must be iterableN) ValueErrorrrrar r_ itertoolsislicenext StopIterationchain TypeError)sourcesizeendinitrZ chunk_itrfirstrTrTrUbatchs.     rcCst|trt|tstdd}nt|tr"t|tstdt}ntdt|t|k}|r4|}d}|s:|}d}|rPt||D] \}}|||AO}qA|dkSt||D]\}}|t|t|AO}qU|dkS)aCheck two strings/bytes for equality. This function uses an approach designed to prevent timing analysis, making it appropriate for cryptography. a and b must both be of the same type: either str (ASCII only), or any type that supports the buffer protocol (e.g. bytes). Note: If a and b are of different lengths, or if an error occurs, a timing attack could theoretically reveal information about the types and lengths of a and b--but not their values. z)inputs must be both unicode or both bytesFrr)rr*rbytesr'razipord)leftrightZ is_py3_bytesZ same_sizetmpresultlrrTrTrUr5;s.    r5)compare_digest,cCs:|}||r|dd}|sgSdd||DS)zRsplit comma-separated string into list of elements, stripping whitespace. NrlcSsg|]}|qSrT)striprelemrTrTrU szsplitcomma..)rendswithsplit)rseprTrTrU splitcommas   rvaluecst|tstdt|ftjtjtfdd|D}t d|}|s*t Stj }||drC||ds?t d|tj }n|}tj}tj}tj}tj}tj} tj} tj} tj} tj} |D]v}|rlJd|rtJd ||r~t d |||rt d |||rt d |||rt d || |rt d|| |rt d|| |rt d|| |rt d|| |rt d|||rt d|qb|S)aNormalizes unicode strings using SASLPrep stringprep profile. The SASLPrep profile is defined in :rfc:`4013`. It provides a uniform scheme for normalizing unicode usernames and passwords before performing byte-value sensitive operations such as hashing. Among other things, it normalizes diacritic representations, removes non-printing characters, and forbids invalid characters such as ``\n``. Properly internationalized applications should run user passwords through this function before hashing. :arg source: unicode string to normalize & validate :param param: Optional noun identifying source parameter in error messages (Defaults to the string ``"value"``). This is mainly useful to make the caller's error messages make more sense contextually. :raises ValueError: if any characters forbidden by the SASLPrep profile are encountered. :raises TypeError: if input is not :class:`!unicode` :returns: normalized unicode string .. note:: This function is not available under Jython, as the Jython stdlib is missing the :mod:`!stringprep` module (`Jython issue 1758320 `_). .. versionadded:: 1.6 z$input must be unicode string, not %sc3s(|]}|s|rtn|VqdSrX)_USPACErc in_table_b1 in_table_c12rTrUrs zsaslprep..NFKCrrlzmalformed bidi sequence in z$failed to strip B.1 in mapping stagez(failed to replace C.1.2 in mapping stagez$unassigned code points forbidden in z control characters forbidden in z$private use characters forbidden in z"non-char code points forbidden in zsurrogate codes forbidden in z!non-plaintext chars forbidden in z!non-canonical chars forbidden in z1display-modifying / deprecated chars forbidden inztagged characters forbidden in zforbidden bidi character in )rr*rr stringpreprrr) unicodedata normalize_UEMPTY in_table_d1r in_table_d2 in_table_a1in_table_c21_c22 in_table_c3 in_table_c4 in_table_c5 in_table_c6 in_table_c7 in_table_c8 in_table_c9)rparamdataZ is_ral_charZis_forbidden_bidi_charrrrrrrrrrrrTrrUr6sl ,             r6cCs tdt)zstub for saslprep()z>saslprep() support requires the 'stringprep' module, which is )rQ_stringprep_missing_reason)rrrTrTrUr6scGs4t|tr |d}|tdd|D}|dS)aPeform ``%`` formating using bytes in a uniform manner across Python 2/3. This function is motivated by the fact that :class:`bytes` instances do not support ``%`` or ``{}`` formatting under Python 3. This function is an attempt to provide a replacement: it converts everything to unicode (decoding bytes instances as ``latin-1``), performs the required formatting, then encodes the result to ``latin-1``. Calling ``render_bytes(source, *args)`` should function roughly the same as ``source % args`` under Python 2. .. todo:: python >= 3.5 added back limited support for bytes %, can revisit when 3.3/3.4 is dropped. latin-1css(|]}t|tr|dn|VqdS)rN)rrdecode)rrxrTrTrUr,s  zrender_bytes..)rrrrencode)rr{rrTrTrUr8s    r8cCs t|dSNbig)int from_bytesrrTrTrU bytes_to_int2r[rcCs ||dSr)r;rcountrTrTrU int_to_bytes4r[r)hexlify unhexlifycCstt|dS)N)rrrrTrTrUr9scCstd|d>|S)Nz%%0%dxr)rrrTrTrUr;sz/decode byte string as single big-endian integerz/encode integer as single big-endian byte stringcCstt|t|At|S)z;Perform bitwise-xor of two byte strings (must be same size))rrrarrrTrTrUr7Asr7cCs$d|dt|}||d|S)zE repeat or truncate string, so it has length rN)rarrZmultrTrTrU repeat_stringEsrcCs"d|dt|}t|||S)zN variant of repeat_string() which truncates to nearest UTF8 boundary. r)ra utf8_truncaterrTrTrUutf8_repeat_stringMsrcCsFt|}||kr|durt|trtnt}||||S|d|S)z>right-pad or truncate string, so it has length N)rarr*_UNULL_BNULL)rrpadcurrTrTrUright_pad_stringXs  rcstts ttdt}|dkrtd||}||kr St|d|}||kr>t|d@dkr6n|d7}||ks+||ksDJd|fdd }|sVJS) a helper to truncate UTF8 byte string to nearest character boundary ON OR AFTER . returned prefix will always have length of at least , and will stop on the first byte that's not a UTF8 continuation byte (128 - 191 inclusive). since utf8 should never take more than 4 bytes to encode known unicode values, we can stop after ``index+3`` is reached. :param bytes source: :param int index: :rtype: bytes rrrNcs<zd}Wn tyYdSw|dsJdS)Nutf-8T)rUnicodeDecodeError startswith)textrrrTrU sanity_checks z#utf8_truncate..sanity_check)rrr ramaxminr+)rindexrrrTrrUrcs$     rs aA:#!asciicCst|tkS)zRTest if codec is compatible with 7-bit ascii (e.g. latin-1, utf-8; but not utf-16))_ASCII_TEST_UNICODEr_ASCII_TEST_BYTES)codecrTrTrUis_ascii_codecsrcCs,||krdS|r |s dSt|jt|jkS)z3Check if two codec names are aliases for same codecTF) _lookup_codecnamerrTrTrUr9s r9r€cs(t|trtnttfdd|DS)z.)rr_B80_U80all)rrTrrUr:sr:rcCsR|sJt|tr|rt||s|||S|St|tr$||St||)aHelper to normalize input to bytes. :arg source: Source bytes/unicode to process. :arg encoding: Target encoding (defaults to ``"utf-8"``). :param param: Optional name of variable/noun to reference when raising errors :param source_encoding: If this is specified, and the source is bytes, the source will be transcoded from *source_encoding* to *encoding* (via unicode). :raises TypeError: if source is not unicode or bytes. :returns: * unicode strings will be encoded using *encoding*, and returned. * if *source_encoding* is not specified, byte strings will be returned unchanged. * if *source_encoding* is specified, byte strings will be transcoded to *encoding*. )rrr9rrr*r)rencodingrZsource_encodingrTrTrUr;s    r;cCs4|sJt|tr |St|tr||St||)aHelper to normalize input to unicode. :arg source: source bytes/unicode to process. :arg encoding: encoding to use when decoding bytes instances. :param param: optional name of variable/noun to reference when raising errors. :raises TypeError: if source is not unicode or bytes. :returns: * returns unicode strings unchanged. * returns bytes strings decoded using *encoding* )rr*rrrrrrrTrTrUr<s     r<cCs,t|tr ||St|tr|St||rX)rrrr*rrrTrTrUr=s    r=cCs,t|tr|St|tr||St||rX)rrr*rrrrTrTrUr=s    a>Take in unicode or bytes, return native string. Python 2: encodes unicode using specified encoding, leaves bytes alone. Python 3: leaves unicode alone, decodes bytes using specified encoding. :raises TypeError: if source is not unicode or bytes. :arg source: source unicode or bytes string. :arg encoding: encoding to use when encoding unicode or decoding bytes. this defaults to ``"utf-8"``. :param param: optional name of variable/noun to reference when raising errors. :returns: :class:`str` instance z1.6z1.7) deprecatedremovedcCst||ddS)z'deprecated, use to_native_str() insteadhash)r)r=)rrrTrTrU to_hash_str$sr z true t yes y on 1 enable enabledz#false f no n off 0 disable disablednonebooleancCsx|dvsJt|tr+|}|tvrdS|tvrdS|tvr#|Std||ft|tr2|S|dur8|St|S)z\ helper to convert value to boolean. recognizes strings such as "true", "false" )TFNTFzunrecognized %s value: %rN) rr.lowerr _true_set _false_set _none_setrbool)rr rcleanrTrTrUas_bool-s    rcCs8tst|ts dSz|dWdStyYdSw)z UT helper -- test if value is safe to pass to crypt.crypt(); under PY3, can't pass non-UTF8 bytes to crypt.crypt. TrF)crypt_accepts_bytesrrrrrrTrTrUis_safe_crypt_inputGs  r)cryptcCsdSrXrTsecretr rTrTrUr@]sr@T)rJr)rrr) nullcontextz*:!xxcCstrt|tr |d}t|vrtdt|tr|d}n6t|trC|}z|d}Wn ty7YdSw|d|ksCJdt |vrKtdt|trU|d}zt t ||}Wdn1shwYWn t yxYdSwt|tr|d}|r|dt vrdS|S)Nrnull character in secretrz"utf-8 spec says this can't happen!r)rrr*rrrrrr_NULL_safe_crypt_lock_cryptOSError_invalid_prefixes)rr origrrTrTrUr@sF            cCst|tr |d}t|vrtdt|tr|d}t t||}Wdn1s.wY|s7dS|d}|dtvrDdS|S)Nrrrr) rr*rrrrr rr")rr rrTrTrUr@s       aWrapper around stdlib's crypt. This is a wrapper around stdlib's :func:`!crypt.crypt`, which attempts to provide uniform behavior across Python 2 and 3. :arg secret: password, as bytes or unicode (unicode will be encoded as ``utf-8``). :arg hash: hash or config string, as ascii bytes or unicode. :returns: resulting hash as ascii unicode; or ``None`` if the password couldn't be hashed due to one of the issues: * :func:`crypt()` not available on platform. * Under Python 3, if *secret* is specified as bytes, it must be use ``utf-8`` or it can't be passed to :func:`crypt()`. * Some OSes will return ``None`` if they don't recognize the algorithm being used (though most will simply fall back to des-crypt). * Some OSes will return an error string if the input config is recognized but malformed; current code converts these to ``None`` as well. cCs4t|ts Jdt||sJdt|||kS)zcheck if :func:`crypt.crypt` supports specific hash :arg secret: password to test :arg hash: known hash of password to use as reference :returns: True or False z#hash must be unicode_or_str, got %szhash must be non-empty)rr-rr@rrTrTrUr?s  r?cCs2td|}|rtdd|ddDSdS)zhelper to parse version stringz(\d+(?:\.\d+)+)css|]}t|VqdSrX)rrrTrTrUrrz parse_version..r.N)researchrgroupr)rmrTrTrU parse_versions r)rc Csddlm}t|dr%t|dr%z|}Wnty$|d}Ynwtd|ttdr2tndt t t t t rFtd d ndf}t||d d S) z.generate prng seed value from system resourcesr)sha512getstate getrandbitsiz%s %s %s %.15f %.15f %sgetpidN rrr)hashlibr*hasattrr+rQr,r(osr-idobjecttimerA has_urandomurandomrrr hexdigest)rr*rrTrTrUgenseeds   r8cs stSfdd}t|S)z]return byte-string containing *count* number of randomly generated bytes, using specified rngc3sFd>}d}|kr!|d@V|dL}|d7}|ksdSdS)Nrrr)r,rrrrBrTrUhelperMs zgetrandbytes..helper)_BEMPTYr#)rBrr<rTr;rUrCBs  rCcshdkrtdtdkrtddkrSfdd}ttr/t|St|S)z|return string containing *count* number of chars/bytes, whose elements are drawn from specified charset, using specified rngrzcount must be >= 0zalphabet must not be emptyrc3sLd}d}|kr$|V|}|d7}|ksdSdS)Nrr) randranger:charsetrlettersrBrTrUr<fszgetrandstr..helper)rrarr*r)r$)rBr@rr<rTr?rUrDWs  rDZ42346789ABCDEFGHJKMNPQRTUVWXYZabcdefghjkmnpqrstuvwxyzz2.0z/passlib.pwd.genword() / passlib.pwd.genphrase())rr replacement cCs tt||S)awgenerate random password using given length & charset :param size: size of password. :param charset: optional string specified set of characters to draw from. the default charset contains all normal alphanumeric characters, except for the characters ``1IiLl0OoS5``, which were omitted due to their visual similarity. :returns: :class:`!str` containing randomly generated password. .. note:: Using the default character set, on a OS with :class:`!SystemRandom` support, this function should generate passwords with 5.7 bits of entropy per character. )rDrB)rr@rTrTrUrEvs rE)r setting_kwdsZ context_kwdsverifyr identifyctfddtDS)z4check if object follows the :ref:`password-hash-api`c3|]}t|VqdSrXr0rrobjrTrUrrz#is_crypt_handler..)r_handler_attrsrKrTrKrUrFrF)Z needs_updateZ genconfigZgenhashrEZencryptrFcrG)zOcheck if object appears to be a :class:`~passlib.context.CryptContext` instancec3rHrXrIrJrKrTrUrrz#is_crypt_context..)r_context_attrsrKrTrKrUrGrNrGcCd|jvo t|ddduS)z_check if handler provides the optional :ref:`rounds information ` attributesroundsZ min_roundsNrDgetattrhandlerrTrTrUrH rHcCrP)z[check if handler provides the optional :ref:`salt information ` attributessaltZ min_salt_sizeNrRrTrTrTrUrIrVrI)NNFNNF)rrrX)rrN)rr)r)Nr )rjZpasslib.utils.compatrbinasciirrrZ_BinAsciiErrorbase64rrcollections.abcrr ImportError collectionscodecsr r functoolsr rrmlogging getLoggerrglogmathr1sysrandomr%rrr4r threadingZtimeittypeswarningsr Zpasslib.utils.binaryr rrrrrrrrrrrrZpasslib.utils.decorrrrrrZ passlib.excrr r!r"r#r$r%r&r'r(r)r*r+r,r-r.r/r0r1__all__rmaxsizeZmaxintr2r3r4rLr=rrenvironrpZMAX_PASSWORD_SIZEr3rP Parameter VAR_KEYWORDrtsetVAR_POSITIONALrrryrrr5Z str_consteqhmacrrr6r8rrrrr7rrrrrrrrrrr9rrr:r;r<r=r rrrrrrrr r>rZcrypt_needs_lockrr@rpypy_version_infoLockrr"rr?Z default_timertimerrAr)r6r5rQr8 SystemRandomrBRandomrCrDZ _52charsetrErMrFrOrGrHrIrTrTrTrUsV           <L".    W>         F   %          *  /   !