o RDiE@sddlZddlmZddlmZddlmZddlmZm Z ddl m Z ddl m Z ddlmZdd lmZmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlm Z m!Z!m"Z"m#Z#m$Z$m%Z%ddl&m'Z'ddl(m)Z)ddl*m+Z+m,Z,m-Z-m.Z.m/Z/ddl0m1Z1ddl2m3Z3ddl4m5Z5m6Z6m7Z7e-Z8e eddGddde7eZ9e eddGddde7eZ:e edde eddGdd d e7e5eZ;d!d"ZdS)'N)urlparse)logout) AnonymousUser) HttpResponse JsonResponse)reverse)method_decorator) csrf_exempt)FormViewView)jwt) JWException)InvalidJWSObject) JWTExpired)add_params_to_uri)login_not_required)ClientIdMissmatchInvalidIDTokenErrorInvalidOIDCClientErrorInvalidOIDCRedirectURIError LogoutDenied OIDCError)ConfirmLogoutForm)OAuth2ResponseRedirect) AbstractGrantget_access_token_modelget_application_modelget_id_token_modelget_refresh_token_model)oauth2_settings) jwk_from_pem) OAuthLibMixinOIDCLogoutOnlyMixin OIDCOnlyMixindispatch)namec@eZdZdZddZdS)ConnectDiscoveryInfoViewz View used to show oidc provider configuration information per `OpenID Provider Metadata `_ c Ostj}|s4t|}|td}|td}tjp!|td}|td}tjr3|td} n;ttj} | jd| j } d | td}d | td}tjp[d | td}d | td}tjrod | td} t j g} tj r|t jt j g} tj} | }tt||}tj}|}dd |D}||||||tjtj| tjd d tjD|d }tjr| |d <t|}d |d<|S)Nzoauth2_provider:authorizezoauth2_provider:tokenzoauth2_provider:user-infozoauth2_provider:jwks-infoz#oauth2_provider:rp-initiated-logoutz://z{}{}cSsg|]}|qSr*).0scoper*r*S/var/www/Datamplify/venv/lib/python3.10/site-packages/oauth2_provider/views/oidc.py Vsz0ConnectDiscoveryInfoView.get..cSsg|]\}}|qSr*r*)r+key_r*r*r-r.es) issuerauthorization_endpointtoken_endpointuserinfo_endpointjwks_uriscopes_supportedresponse_types_supportedsubject_types_supported%id_token_signing_alg_values_supported%token_endpoint_auth_methods_supported code_challenge_methods_supportedclaims_supportedend_session_endpoint*Access-Control-Allow-Origin)r OIDC_ISS_ENDPOINT oidc_issuerbuild_absolute_urirOIDC_USERINFO_ENDPOINT OIDC_RP_INITIATED_LOGOUT_ENABLEDrschemenetlocformat ApplicationHS256_ALGORITHMOIDC_RSA_PRIVATE_KEYRS256_ALGORITHMOAUTH2_VALIDATOR_CLASSlistsetget_discovery_claimsSCOPES_BACKEND_CLASSget_available_scopesOIDC_RESPONSE_TYPES_SUPPORTEDOIDC_SUBJECT_TYPES_SUPPORTED*OIDC_TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTEDrCODE_CHALLENGE_METHODSr)selfrequestargskwargs issuer_urlr2r3r4r5r= parsed_urlhostsigning_algorithmsvalidator_class validator oidc_claims scopes_classscopesr6dataresponser*r*r-get2sf     zConnectDiscoveryInfoView.getN__name__ __module__ __qualname____doc__rer*r*r*r-r)+s r)c@r() JwksInfoViewz: View used to show oidc json web key set document c Osg}tjr*tjgtjD]}t|}dd|d}|t|| |q t d|i}d|d<ddtj d d tj d d tj |d <|S) NRS256sig)algusekidkeysr>r?zCache-Control: public, zmax-age=z, zstale-while-revalidate=zstale-if-error=z Cache-Control) r rJOIDC_RSA_PRIVATE_KEYS_INACTIVEr! thumbprintupdatejsonloads export_publicappendrOIDC_JWKS_MAX_AGE_SECONDS) rVrWrXrYrqpemr/rcrdr*r*r-reus*     zJwksInfoView.getNrfr*r*r*r-rkos rkc@s(eZdZdZddZddZddZdS) UserInfoViewzC View used to show Claims about the authenticated End-User cO ||SN_create_userinfo_responserVrWrXrYr*r*r-re zUserInfoView.getcOr|r}r~rr*r*r-postrzUserInfoView.postc Cs@||\}}}}t|p d|d}|D]\}}|||<q|S)N)contentstatus)create_userinfo_responseritems) rVrWurlheadersbodyrrdkvr*r*r-rs  z&UserInfoView._create_userinfo_responseN)rgrhrirjrerrr*r*r*r-r{s  r{c Cst}t}z||}Wn tyYdSw|sdSz"tjr$i}nd}tj|||d}t |j }|j j |dd|fWSt t|jfyMYdSw)z Loads an IDToken given its string representation for use with RP-Initiated Logout. A tuple (IDToken, claims) is returned. Depending on the configuration expired tokens may be loaded. If loading failed (None, None) is returned. )NNN)r/r check_claimsjti)r)rr rL_get_key_for_tokenr.OIDC_RP_INITIATED_LOGOUT_ACCEPT_EXPIRED_TOKENSr JWTrurvclaimsobjectsrer r DoesNotExist)tokenIDTokenr_r/r jwt_tokenrr*r*r-_load_id_tokens&  rcCs*t}d|vs|d||krdSdS)zS Validates the claims of an IDToken for use with OIDC RP-Initiated Logout. issFT)r rLget_oidc_issuer_endpoint)rWrr_r*r*r-_validate_claimssrcseZdZdZeZejejgZ ej ej ej ej ejgZddZfddZddZdd Zd d Zd d ZddZddZddZdddZddZZS)RPInitiatedLogoutViewz#oauth2_provider/logout_confirm.htmlc CsN|jdd|jdd|jdd|jdd|jdd|jdddS)N id_token_hint logout_hint client_idpost_logout_redirect_uristate ui_locales)rrrrrr) oidc_datare)rVr*r*r- get_initials      z!RPInitiatedLogoutView.get_initialcs i|_tj|g|Ri|Sr})rsuperr&r __class__r*r-r&szRPInitiatedLogoutView.dispatchc Os|jd}|jd}|jd}|jd}z |j|||d\}} Wnty;} z || WYd} ~ Sd} ~ ww|| sI||||| S||||d|_|| } | |d<|rb||d<| |j d i|S) Nrrrrrrr)rrrrform applicationr*) GETrevalidate_logout_requestrerror_response must_prompt do_logoutrget_formget_form_classrender_to_responseget_context_data) rVrWrXrYrrrrr token_usererrorrr*r*r-res4     zRPInitiatedLogoutView.getc Cs|jd}|jd}|jd}|jd}z!|j|||d\}}||r.|jdr7|||||WSttyP}z ||WYd}~Sd}~ww)Nrrrrrallow) cleaned_datarerrrrrr) rVrrrrrrrrr*r*r- form_valids"     z RPInitiatedLogoutView.form_validcCs||sdS|s tt|d}|stdtjr%|dkr%|jdkr%td||vr3td|d||ssD                   C  +