ih nSrSSKrSSKrSSKJr SSKJr SSKJr SSKJr SS K J r S r "S S \ 5r g) a A provided CSRF implementation which puts CSRF data in a session. This can be used fairly comfortably with many `request.session` type objects, including the Werkzeug/Flask session store, Django sessions, and potentially other similar objects which use a dict-like API for storing session keys. The basic concept is a randomly generated value is stored in the user's session, and an hmac-sha1 of it (along with an optional expiration time, for extra security) is used as the value of the csrf_token. If this token validates with the hmac of the random value + expiration time, and the expiration time is not passed, the CSRF validation will pass. N)datetime) timedelta)sha1)ValidationError)CSRF) SessionCSRFc^^\rSrSrSrU4SjrSrSrSr\ S5r \ S5r S r U=r $) r z %Y%m%d%H%M%ScD>URUl[TU] U5$)N)meta form_metasuper setup_form)selfform __class__s W/home/kali/devsecops-assessor/venv/lib/python3.13/site-packages/wtforms/csrf/session.pyrSessionCSRF.setup_formsw!$''cVURnURc [S5eURc [ S5eUR nSU;a0[ [R"S55R5US'UR(aLUR5UR-RUR5nSRUSU5nOSnUSn[R "URUR#S5[ S9nUS UR53$) Nz2<<>GFO ??xxzDOO3==d>N>NOGwv@JG JHH   j//74 "Y002344rchURnUR(aSUR;a[URS55eURR SS5upEUR SU-R S5n[R"URU[S9nUR5U:wa[URS55eUR(aIUR5RUR5nX:a[URS55egg) NrzCSRF token missing.rrrrz CSRF failed.zCSRF token expired.)rdatargettextsplitr$r/r-r.r rr'r(r)r*r+) rrfieldrr1r3 check_val hmac_compare now_formatteds rvalidate_csrf_tokenSessionCSRF.validate_csrf_token=s~~zzT3!%--0E"FG G"ZZ--dA6\\&)G3;;FC xx 0 0)tL  ! ! #y 0!%--"?@ @ ?? HHJ//0@0@AM&%emm4I&JKK' rc,[R"5$)z@ Get the current time. Used for test mocking/overriding mainly. )rr)rs rr)SessionCSRF.nowOs||~rc>[URS[SS95$)Ncsrf_time_limit)minutes)getattrrrrAs rr(SessionCSRF.time_limitUst~~'8)B:OPPrcl[URRSURR5$)Nr$)rGrr"rAs rr$SessionCSRF.sessionYs* NN ' 'DNN4O4O  r)r)__name__ __module__ __qualname____firstlineno__r+rr4r>r)propertyr(r$__static_attributes__ __classcell__)rs@rr r sG K(54L$ QQ  rr ) __doc__r-r%rrhashlibr validatorsrcorer __all__r rrrXs4  ( A $A r