U d@sUddlmZddlZddlZddlZddlZddlZddlZdZdZ e ddej ej j fDZded<d d d d d Zd d d ddddZdd d d d dddZd d ddddZd d ddddZdS) ) annotationsNZ>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789i' ccs"|]}|dk r|dkr|VqdS)N/.0seprr5/tmp/pip-unpacked-wheel-m99gisyz/werkzeug/security.py sr z list[str] _os_alt_sepsintstr)lengthreturncCs(|dkrtddddt|DS)zAGenerate a random string of SALT_CHARS with specified ``length``.rzSalt length must be at least 1.css|]}ttVqdSN)secretschoice SALT_CHARS)r_rrrr szgen_salt..) ValueErrorjoinrange)r rrrgen_saltsrztuple[str, str])methodsaltpasswordrc Cs|dkrtjddd||fS|d^}}|d}|d}|dkr|sZd}d }d }n4ztt|\}}}Wntk rtd dYnXd |||}tj||||||d  d|d|d|fS|dkrVt |}|dkrd} t } n@|d kr |d} t } n(|dkr*|d} t|d } ntdt | |||  d| d| fStjd|dddt ||||fSdS)NplainznThe 'plain' password method is deprecated and will be removed in Werkzeug 3.0. Migrate to the 'scrypt' method.) stacklevel:zutf-8scryptiz'scrypt' takes 3 arguments.)rnrpmaxmemzscrypt:pbkdf2rsha256z'pbkdf2' takes 2 arguments.zpbkdf2:zThe 'zd' password method is deprecated and will be removed in Werkzeug 3.0. Migrate to the 'scrypt' method.)warningswarnsplitencodemapr rhashlibr hexlenDEFAULT_PBKDF2_ITERATIONS pbkdf2_hmachmacnew hexdigest) rrrargsr$r%r&r'Zlen_args hash_nameZ iterationsrrr_hash_internalsT      r:r()rr salt_lengthrcCs,t|}t|||\}}|d|d|S)aSecurely hash a password for storage. A password can be compared to a stored hash using :func:`check_password_hash`. The following methods are supported: - ``scrypt``, more secure but not available on PyPy. The parameters are ``n``, ``r``, and ``p``, the default is ``scrypt:32768:8:1``. See :func:`hashlib.scrypt`. - ``pbkdf2``, the default. The parameters are ``hash_method`` and ``iterations``, the default is ``pbkdf2:sha256:600000``. See :func:`hashlib.pbkdf2_hmac`. Default parameters may be updated to reflect current guidelines, and methods may be deprecated and removed if they are no longer considered secure. To migrate old hashes, you may generate a new hash when checking an old hash, or you may contact users with a link to reset their password. :param password: The plaintext password. :param method: The key derivation function and parameters. :param salt_length: The number of characters to generate for the salt. .. versionchanged:: 2.3 Scrypt support was added. .. versionchanged:: 2.3 The default iterations for pbkdf2 was increased to 600,000. .. versionchanged:: 2.3 All plain hashes are deprecated and will not be supported in Werkzeug 3.0. $)rr:)rrr<rhZ actual_methodrrrgenerate_password_hashSs r?bool)pwhashrrcCsFz|dd\}}}Wntk r,YdSXtt|||d|S)aASecurely check that the given stored password hash, previously generated using :func:`generate_password_hash`, matches the given password. Methods may be deprecated and removed if they are no longer considered secure. To migrate old hashes, you may generate a new hash when checking an old hash, or you may contact users with a link to reset their password. :param pwhash: The hashed password. :param password: The plaintext password. .. versionchanged:: 2.3 All plain hashes are deprecated and will not be supported in Werkzeug 3.0. r=r*Fr)r-rr5compare_digestr:)rArrrZhashvalrrrcheck_password_hashxs rCz str | None) directory pathnamesrcsx|sd}|g}|D]Zdkr(ttfddtDs\tjs\dks\drbdS|qtj |S)a2Safely join zero or more untrusted path components to a base directory to avoid escaping the base directory. :param directory: The trusted base directory. :param pathnames: The untrusted path components relative to the base directory. :return: A safe path, otherwise ``None``. .rc3s|]}|kVqdSrrrfilenamerrr szsafe_join..z..z../N) posixpathnormpathanyr ospathisabs startswithappendr)rDrEpartsrrGr safe_joins"    rR)r(r;) __future__rr0r5rLrIrr+rr3listrrMaltsepr __annotations__rr:r?rCrRrrrrs&  :%