U M}gg@sUddlmZddlZddlZddlZddlZddlZdZdZe ddej ej j fDZ ded<d d d d d Zd d d ddddZdd d d d dddZd d ddddZd d ddddZdS) ) annotationsNZ>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789i' ccs"|]}|dk r|dkr|VqdS)N/.0seprr5/tmp/pip-unpacked-wheel-s46b54kd/werkzeug/security.py sr z list[str] _os_alt_sepsintstr)lengthreturncCs(|dkrtddddt|DS)zAGenerate a random string of SALT_CHARS with specified ``length``.rzSalt length must be at least 1.css|]}ttVqdSN)secretschoice SALT_CHARS)r_rrrr szgen_salt..) ValueErrorjoinrange)r rrrgen_saltsrztuple[str, str])methodsaltpasswordrc CsF|d^}}|}|}|dkr|s8d}d}d}n4ztt|\}}}Wntk rjtddYnXd|||} tj|||||| dd |d|d|fS|d kr2t|} | d krd } t } n>| dkr|d } t } n(| d kr|d } t|d} ntdt | ||| d| d| fStd|ddS)N:scryptiz'scrypt' takes 3 arguments.)rnrpmaxmemzscrypt:Zpbkdf2rsha256z'pbkdf2' takes 2 arguments.zpbkdf2:zInvalid hash method 'z'.) splitencodemapr rhashlibrhexlenDEFAULT_PBKDF2_ITERATIONS pbkdf2_hmac) rrrargsZ salt_bytesZpassword_bytesr!r"r#r$Zlen_args hash_nameZ iterationsrrr_hash_internalsX  r1r)rr salt_lengthrcCs,t|}t|||\}}|d|d|S)aSecurely hash a password for storage. A password can be compared to a stored hash using :func:`check_password_hash`. The following methods are supported: - ``scrypt``, the default. The parameters are ``n``, ``r``, and ``p``, the default is ``scrypt:32768:8:1``. See :func:`hashlib.scrypt`. - ``pbkdf2``, less secure. The parameters are ``hash_method`` and ``iterations``, the default is ``pbkdf2:sha256:600000``. See :func:`hashlib.pbkdf2_hmac`. Default parameters may be updated to reflect current guidelines, and methods may be deprecated and removed if they are no longer considered secure. To migrate old hashes, you may generate a new hash when checking an old hash, or you may contact users with a link to reset their password. :param password: The plaintext password. :param method: The key derivation function and parameters. :param salt_length: The number of characters to generate for the salt. .. versionchanged:: 2.3 Scrypt support was added. .. versionchanged:: 2.3 The default iterations for pbkdf2 was increased to 600,000. .. versionchanged:: 2.3 All plain hashes are deprecated and will not be supported in Werkzeug 3.0. $)rr1)rrr3rhZ actual_methodrrrgenerate_password_hashIsr6bool)pwhashrrcCsFz|dd\}}}Wntk r,YdSXtt|||d|S)aASecurely check that the given stored password hash, previously generated using :func:`generate_password_hash`, matches the given password. Methods may be deprecated and removed if they are no longer considered secure. To migrate old hashes, you may generate a new hash when checking an old hash, or you may contact users with a link to reset their password. :param pwhash: The hashed password. :param password: The plaintext password. .. versionchanged:: 2.3 All plain hashes are deprecated and will not be supported in Werkzeug 3.0. r4r&Fr)r'rhmaccompare_digestr1)r8rrrZhashvalrrrcheck_password_hashms r;z str | None) directory pathnamesrcs|sd}|g}|D]ddkr(ttfddtDsftjsfdsfdksfdrldS|qtj |S) a2Safely join zero or more untrusted path components to a base directory to avoid escaping the base directory. :param directory: The trusted base directory. :param pathnames: The untrusted path components relative to the base directory. :return: A safe path, otherwise ``None``. .rc3s|]}|kVqdSrrrfilenamerrr szsafe_join..rz..z../N) posixpathnormpathanyr ospathisabs startswithappendr)r<r=partsrr?r safe_joins&    rJ)rr2) __future__rr*r9rDrArrr-listrrEaltsepr __annotations__rr1r6r;rJrrrrs$  1$