o RDi5@sddlZddlZddlZddlmZmZmZddlmZddl m Z ddl m Z ddl mZddlmZddlmZdd lmZdd lmZdd lmZmZd d lmZd dlmZd dlmZd dl m!Z!d dl"m#Z#m$Z$d dl%m&Z&d dl'm(Z(d dl)m*Z*ddl+m,Z,e-dZ.eeddGdddee,eZ/dZ0Gddde/eZ1eeddeeddGdd d e,eZ2eeddeeddGd!d"d"e,eZ3dS)#N) parse_qsl urlencodeurlparse)LoginRequiredMixin)redirect_to_login) HttpResponse) resolve_url)timezone)method_decorator) csrf_exempt)sensitive_post_parameters)FormViewView)login_not_required)OAuthToolkitError) AllowForm)OAuth2ResponseRedirect)get_access_token_modelget_application_model)get_scopes_backend)oauth2_settings)app_authorized) OAuthLibMixinoauth2_providerdispatch)namecs4eZdZdZfddZfddZddZZS)BaseAuthorizationViewa Implements a generic endpoint to handle *Authorization Requests* as in :rfc:`4.1.1`. The view does not implement any strategy to determine *authorize/do not authorize* logic. The endpoint is used in the following flows: * Authorization code * Implicit grant cs i|_tj|g|Ri|SN) oauth2_datasuperr)selfrequestargskwargs __class__S/var/www/Datamplify/venv/lib/python3.10/site-packages/oauth2_provider/views/base.pyr+szBaseAuthorizationView.dispatchc sDtj|fi|\}}|r||d|S|dj}|j||dS)z Handle errors either by redirecting to redirect_uri with a json in the body containing error details or providing an error response urlerror)status)r!error_responseredirect status_coderender_to_response)r"r+ applicationr%r.r-r,r&r(r)r-/s  z$BaseAuthorizationView.error_responsecCs"|durtj}n|}t||Sr)rALLOWED_REDIRECT_URI_SCHEMESget_allowed_schemesr)r" redirect_tor1allowed_schemesr(r(r)r.<s zBaseAuthorizationView.redirect)__name__ __module__ __qualname____doc__rr-r. __classcell__r(r(r&r)rs   rz%Y-%m-%dT%H:%M:%SZcsLeZdZdZdZeZdZddZddZ dd Z d d Z fd d Z Z S)AuthorizationViewa Implements an endpoint to handle *Authorization Requests* as in :rfc:`4.1.1` and prompting the user with a form to determine if she authorizes the client application to access her data. This endpoint is reached two times during the authorization process: * first receive a ``GET`` request from user asking authorization for a certain client application, a form is served possibly showing some useful info and prompting for *authorize/do not authorize*. * then receive a ``POST`` request possibly after user authorized the access Some information contained in the ``GET`` request and needed to create a Grant token during the ``POST`` request would be lost between the two steps above, so they are temporarily stored in hidden fields on the form. A possible alternative could be keeping such information in the session. The endpoint is used in the following flows: * Authorization code * Implicit grant zoauth2_provider/authorize.htmlFc Cs|jd|jdg}|jddd||jdd|jdd|jdd|jdd|jd d|jd d|jd dd }|S) Nscopescopes redirect_uri nonce client_idstate response_typecode_challengecode_challenge_methodclaims) r>r<r@rArBrCrDrErF)r getjoin)r"r= initial_datar(r(r) get_initialcs         zAuthorizationView.get_initialc CsT|jd}tjj|d}|jd|jd|jdd|jddd}|jddr5|jd|d<|jd drD|jd |d <|jd drS|jd |d <|jd drb|jd |d <|jd }|jd }z|j|j|||d\}}} } Wnty} z || |WYd} ~ Sd} ~ ww||_t d |j| |j|S)NrArAr>rCrB)rAr>rCrBrDFrEr@rFr<allowr#r= credentialsrLz Success url for the request: {0}) cleaned_datarobjectsrGcreate_authorization_responser#rr- success_urllogdebugformatr.) r"formrAr1rNr=rLuriheadersbodyr,r+r(r(r) form_validss8        zAuthorizationView.form_validc szz ||\}}Wnty"}z |j|ddWYd}~Sd}~ww|jd}|dkr1|Stfdd|D|d<||d<tj j|dd }||d <|d|d<|d |d <|d |d <|d |d <d|vru|d|d<d|vr|d|d<d|vr|d|d<d|vrt |d|d<||_ | |} | |d<|jdtj} d|vrt|dtrd|d|d<zX|jr|j|jd||dd\} } } }|| |WS| dkrtj j|j|d td}|D]"}||r|j|jd||dd\} } } }|| |WSqWnty1}z |||WYd}~Sd}~ww||j di|S)Nr1promptlogincsg|]}|qSr(r().0r< all_scopesr(r) sz)AuthorizationView.get..scopes_descriptionsr=rArKr1r>rCrBrDrEr@rFrVapproval_prompt ui_localesr?TrMauto)userr1 expires__gtr()!validate_authorization_requestrr-GETrGhandle_prompt_loginrget_all_scopesrrPjsondumpsr get_formget_form_classrREQUEST_APPROVAL_PROMPT isinstancelistrHskip_authorizationrQr#r.rfilterrfr nowall allow_scopesr0get_context_data)r"r#r$r%r=rNr+r\r1rVrequire_approvalrWrXrYr,tokenstokenr(r_r)rGsz            zAuthorizationView.getc Cs|j}t|}t|dd\}}t|dd\}}|r%||kr0|r+||kr0|j}t|}tt|j}| d|j t |d}t | ||S)Nrr\)query)r#build_absolute_urir get_login_urlr get_full_pathdictrr|pop_replacerrgeturlget_redirect_field_name) r"pathresolved_login_url login_scheme login_netloccurrent_schemecurrent_netlocparsed parsed_queryr(r(r)rjs$     z%AuthorizationView.handle_prompt_logincs|jjd}|jjd}|dkr<|rnoner+login_requiredrB?&Nr[)r#rirGrr.r!handle_no_permission)r"r\r>response_parametersrB separatorr4r&r(r)rs   z&AuthorizationView.handle_no_permission)r6r7r8r9 template_namer form_classskip_authorization_completelyrJrZrGrjrr:r(r(r&r)r;Is Rr;c@s$eZdZdZeedddZdS) TokenViewz Implements an endpoint to provide access tokens The endpoint is used in the following flows: * Authorization code * Password * Client credentials passwordcOs||\}}}}|dkr3t|d}|dur3t|d} tj j| d} t j ||| dt ||d} | D]\} } | | | <q=| S)N access_tokenzutf-8)token_checksum)senderr#r{contentr,)create_token_responserlloadsrGhashlibsha256encode hexdigestrrPrsendritems)r"r#r$r%r*rXrYr,rrr{responsekvr(r(r)post's  zTokenView.postN)r6r7r8r9r r rr(r(r(r)rs rc@seZdZdZddZdS)RevokeTokenViewzC Implements an endpoint to revoke access or refresh tokens c Os@||\}}}}t|p d|d}|D]\} } | || <q|S)Nr)create_revocation_responserr) r"r#r$r%r*rXrYr,rrrr(r(r)r>s  zRevokeTokenView.postN)r6r7r8r9rr(r(r(r)r7s r)4rrllogging urllib.parserrrdjango.contrib.auth.mixinsrdjango.contrib.auth.viewsr django.httprdjango.shortcutsr django.utilsr django.utils.decoratorsr django.views.decorators.csrfr django.views.decorators.debugr django.views.genericr rcompatr exceptionsrformsrhttprmodelsrrr=rsettingsrsignalsrmixinsr getLoggerrSrRFC3339r;rrr(r(r(r)sD                  & S