a !f @sddZddlZddlZddlZddlZddlmZdZdZe dd dd Z e d dd d Z dS)z4Helper methods for creating & verifying XSRF tokens.N)_helpers:icCsttj|dd}|tjt|dd|t|tj|dd|ttjt|phttdd}||| }t |t|}|S)aGenerates a URL-safe token for the given user, action, time tuple. Args: key: secret key to use. user_id: the user ID of the authenticated user. action_id: a string identifier of the action they requested authorization for. when: the time in seconds since the epoch at which the user was authorized for this action. If not set the current time is used. Returns: A string XSRF protection token. zutf-8)encoding) hmacnewr _to_bytesupdatestr DELIMITERinttimedigestbase64urlsafe_b64encode)keyuser_id action_idwhenZdigesterrtokenr^/var/www/html/python-backend/venv/lib/python3.9/site-packages/oauth2client/contrib/xsrfutil.pygenerate_token s   rc Cs|sdSz t|}t|td}WntttjfyDYdS0|durVt }||t krfdSt ||||d}t |t |krdSd}t t|t|D]\} } || | AO}q| S)aRValidates that the given token authorizes the user for the action. Tokens are invalid if the time of issue is too old or if the token does not match what generateToken outputs (i.e. the token was forged). Args: key: secret key to use. token: a string of the token generated by generateToken. user_id: the user ID of the authenticated user. action_id: a string identifier of the action they requested authorization for. Returns: A boolean - True if the user is authorized for the action, False otherwise. FN)rrr)rurlsafe_b64decoder splitr TypeError ValueErrorbinasciiErrorrDEFAULT_TIMEOUT_SECSrlenzip bytearray) rrrr current_timedecodedZ token_timeZexpected_tokenZ differentxyrrrvalidate_token<s(  r*)rN)rN) __doc__rr rrZ oauth2clientrr r" positionalrr*rrrrs