σ mάJ]c@`sLdZddlmZmZmZmZddlZejeƒZ ddl Z ddl Z ddl Z ddl Z ddlZddlmZddlmZddlmZdZd „Zejƒejƒd „Zejƒejƒd „Zd „Zd„Zd„Zd„Zd„Zddejƒd„Z eƒ\Z!Z"dS(uρ Utilities for generating and manipulating session IDs. A session ID would typically be associated with each browser tab viewing an application or plot. Each session has its own state separate from any other sessions hosted by the server. i(tabsolute_importtdivisiontprint_functiontunicode_literalsN(t binary_type(tsettings(t encode_utf8ucheck_session_id_signatureugenerate_secret_keyugenerate_session_idcC`stƒS(u¬ Generate a new securely-generated secret key appropriate for SHA-256 HMAC signatures. This key could be used to sign Bokeh server session IDs for example. (t_get_random_string(((s4lib/python2.7/site-packages/bokeh/util/session_id.pytgenerate_secret_key7scC`sGt|ƒ}|r6td|ƒ}|dt||ƒStd|ƒSdS(uΰGenerate a random session ID. Typically, each browser tab connected to a Bokeh application has its own session ID. In production deployments of a Bokeh app, session IDs should be random and unguessable - otherwise users of the app could interfere with one another. If session IDs are signed with a secret key, the server can verify that the generator of the session ID was "authorized" (the generator had to know the secret key). This can be used to have a separate process, such as another web application, which generates new sessions on a Bokeh server. This other process may require users to log in before redirecting them to the Bokeh server with a valid session ID, for example. Args: secret_key (str, optional) : Secret key (default: value of 'BOKEH_SECRET_KEY' env var) signed (bool, optional) : Whether to sign the session ID (default: value of 'BOKEH_SIGN_SESSIONS' env var) t secret_keyu-N(t _ensure_bytesRt _signature(R tsignedtbase_id((s4lib/python2.7/site-packages/bokeh/util/session_id.pytgenerate_session_id?s  cC`st|ƒ}|ry|jddƒ}t|ƒdkr:tS|d}|d}t||ƒ}tjt|ƒt|ƒƒStSdS(u-Check the signature of a session ID, returning True if it's valid. The server uses this function to check whether a session ID was generated with the correct secret key. If signed sessions are disabled, this function always returns True. Args: session_id (str) : The session ID to check secret_key (str, optional) : Secret key (default: value of 'BOKEH_SECRET_KEY' env var) signed (bool, optional) : Whether to check anything (default: value of 'BOKEH_SIGN_SESSIONS' env var) u-iiiN( R tsplittlentFalseR thmactcompare_digestRtTrue(t session_idR R tpiecesR tprovided_signaturetexpected_signature((s4lib/python2.7/site-packages/bokeh/util/session_id.pytcheck_session_id_signature]s   cC`sddl}y|jƒ}t}WnRtk rvddl}|jdƒtjƒdkrm|jdƒnt }nX||fS(NiujA secure pseudo-random number generator is not available on your system. Falling back to Mersenne Twister.u‘A secure pseudo-random number generator is not available and no BOKEH_SECRET_KEY has been set. Setting a secret key will mitigate the lack of a secure generator.( trandomt SystemRandomRtNotImplementedErrortwarningstwarnRR tNoneR(Rtusing_sysrandomR((s4lib/python2.7/site-packages/bokeh/util/session_id.pyt_get_sysrandomƒs       cC`s7|dkrdSt|tƒr#|Stj|dƒSdS(Nuutf-8(Rt isinstanceRtcodecstencode(R ((s4lib/python2.7/site-packages/bokeh/util/session_id.pyR ˜s  cC`sWt|ƒ}|sStjtjdtjƒtjƒ|fjdƒƒjƒƒndS(Nu%s%s%suutf-8( R Rtseedthashlibtsha256tgetstatettimeR$tdigest(R R ((s4lib/python2.7/site-packages/bokeh/util/session_id.pyt_reseed_if_needed‘s   cC`s:t|ƒ}tjtj|ƒdƒ}t|jdƒƒS(Nuasciiu=(R R#tdecodetbase64turlsafe_b64encodetstrtrstrip(tdecodedtdecoded_as_bytestencoded((s4lib/python2.7/site-packages/bokeh/util/session_id.pyt_base64_encode²s cC`sFt|ƒ}tj|dƒ}tj||tjƒ}t|jƒƒS(Nuutf-8( R R#R$RtnewR&R'R4R*(R R tsigner((s4lib/python2.7/site-packages/bokeh/util/session_id.pyR Ίs i,u>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789c`s<t|ƒ}tt|ƒdj‡fd†t|ƒDƒƒS(uΧ Return a securely generated random string. With the a-z, A-Z, 0-9 character set: Length 12 is a 71-bit value. log_2((26+26+10)^12) =~ 71 Length 44 is a 261-bit value. log_2((26+26+10)^44) = 261 uc3`s|]}tjˆƒVqdS(N(Rtchoice(t.0ti(t allowed_chars(s4lib/python2.7/site-packages/bokeh/util/session_id.pys Μs(R R+R tjointrange(tlengthR:R ((R:s4lib/python2.7/site-packages/bokeh/util/session_id.pyRΐs  (ucheck_session_id_signatureugenerate_secret_keyugenerate_session_id(#t__doc__t __future__RRRRtloggingt getLoggert__name__tlogR-R#R&RR)tsixRtbokeh.settingsRtbokeh.util.stringRt__all__Rtsecret_key_bytest sign_sessionsRRR!R R+R4R RRR (((s4lib/python2.7/site-packages/bokeh/util/session_id.pyt s6"        %