o RDi/@sddlZddlmZddlmZmZddlmZmZddl m Z ddl m Z ddlm Z ed Zgd ZGd d d ZGd ddZGdddeZGdddeeZGdddeZGdddZGdddeZdS)N)settings)ImproperlyConfiguredSuspiciousOperation)HttpResponseForbiddenHttpResponseNotFound)FatalClientError)get_scopes_backend)oauth2_settingsoauth2_provider)GETHEADOPTIONSc@seZdZdZdZdZdZeddZeddZ eddZ ed d Z ed d Z d dZ ddZddZddZddZddZddZddZddZdS) OAuthLibMixina This mixin decouples Django OAuth Toolkit from OAuthLib. Users can configure the Server, Validator and OAuthlibCore classes used by this mixin by setting the following class variables: * server_class * validator_class * oauthlib_backend_class If these class variables are not set, it will fall back to using the classes specified in oauth2_settings (OAUTH2_SERVER_CLASS, OAUTH2_VALIDATOR_CLASS and OAUTH2_BACKEND_CLASS). NcC|jdurtjS|jS)z9 Return the OAuthlib server class to use N) server_classr OAUTH2_SERVER_CLASSclsrU/var/www/Datamplify/venv/lib/python3.10/site-packages/oauth2_provider/views/mixins.pyget_server_class& zOAuthLibMixin.get_server_classcCr)zI Return the RequestValidator implementation class to use N)validator_classr OAUTH2_VALIDATOR_CLASSrrrrget_validator_class0rz!OAuthLibMixin.get_validator_classcCr)zE Return the OAuthLibCore implementation class to use N)oauthlib_backend_classr OAUTH2_BACKEND_CLASSrrrrget_oauthlib_backend_class:rz(OAuthLibMixin.get_oauthlib_backend_classcCs(|}|}tj}||fi|S)zj Return an instance of `server_class` initialized with a `validator_class` object )rrr server_kwargs)rrrrrrr get_serverDszOAuthLibMixin.get_servercCs0t|drtjr|}|}|||_|jS)z Cache and return `OAuthlibCore` instance so it will be created only on first request unless ALWAYS_RELOAD_OAUTHLIB_CORE is True. _oauthlib_core)hasattrr ALWAYS_RELOAD_OAUTHLIB_COREr rr!)rserver core_classrrrget_oauthlib_coreOs  zOAuthLibMixin.get_oauthlib_corecC|}||S)z A wrapper method that calls validate_authorization_request on `server_class` instance. :param request: The current django.http.HttpRequest object )r&validate_authorization_requestselfrequestcorerrrr([ z,OAuthLibMixin.validate_authorization_requestcCs*|r|dng}|}|||||S)a A wrapper method that calls create_authorization_response on `server_class` instance. :param request: The current django.http.HttpRequest object :param scopes: A space-separated string of provided scopes :param credentials: Authorization credentials dictionary containing `client_id`, `state`, `redirect_uri` and `response_type` :param allow: True if the user authorize the client, otherwise False  )splitr&create_authorization_response)r*r+scopes credentialsallowr,rrrr0ds z+OAuthLibMixin.create_authorization_responsecCr')z A wrapper method that calls create_token_response on `server_class` instance. :param request: The current django.http.HttpRequest object )r&create_token_responser)rrrr4ur-z#OAuthLibMixin.create_token_responsecCr')z A wrapper method that calls create_revocation_response on the `server_class` instance. :param request: The current django.http.HttpRequest object )r&create_revocation_responser)rrrr5~ z(OAuthLibMixin.create_revocation_responsecCr')z A wrapper method that calls create_userinfo_response on the `server_class` instance. :param request: The current django.http.HttpRequest object )r&create_userinfo_responser)rrrr7r6z&OAuthLibMixin.create_userinfo_responsec CsL|}z |j||dWSty%}z t|dkr t|d}~ww)z A wrapper method that calls verify_request on `server_class` instance. :param request: The current django.http.HttpRequest object )r1z%Invalid hex encoding in query string.N)r&verify_request get_scopes ValueErrorstrr)r*r+r,errorrrrr8s zOAuthLibMixin.verify_requestcCsgS)z This should return the list of scopes required to access the resources. By default it returns an empty list. r)r*rrrr9szOAuthLibMixin.get_scopescKs`|j}|jpd}d|vrdnd}||||jd}||t|tr*d}||fSd}||fS)z Return an error to be displayed to the resource owner if anything goes awry. :param error: :attr:`OAuthToolkitError` ?&)r<urlFT)oauthlib_error redirect_uri urlencodedupdate isinstancer)r*r<kwargsrArB separatorerror_responseredirectrrrrHs    zOAuthLibMixin.error_responsecCr')zReturns a boolean representing if client is authenticated with client credentials method. Returns `True` if authenticated. :param request: The current django.http.HttpRequest object )r&authenticate_clientr)rrrrJr-z!OAuthLibMixin.authenticate_client)__name__ __module__ __qualname____doc__rrr classmethodrrrr r&r(r0r4r5r7r8r9rHrJrrrrrs0           rc@seZdZdZdZddZdS)ScopedResourceMixinzB Helper mixin that implements "scopes handling" behaviour NcOs|jdur td|jS)z Return the scopes needed to access the resource :param args: Support scopes injections from the outside (not yet implemented) NzoProtectedResourceMixin requires either a definition of 'required_scopes' or an implementation of 'get_scopes()')required_scopesrr*argsrFrrrr9s zScopedResourceMixin.get_scopes)rKrLrMrNrQr9rrrrrPs rPc eZdZdZfddZZS)ProtectedResourceMixinz{ Helper mixin that implements OAuth2 protection on request dispatch, specially useful for Django Generic Views csb|jdkrtj|g|Ri|S||\}}|r.|j|_tj|g|Ri|StSNr)methoduppersuperdispatchr8userresource_ownerrr*r+rSrFvalidr __class__rrrZszProtectedResourceMixin.dispatchrKrLrMrNrZ __classcell__rrr`rrUrUcs@eZdZdZgZdZfddZfddZfddZZ S) ReadWriteScopedResourceMixinzG Helper mixin that implements "read and write scopes" behavior NcsPt}tjtjg}t|t|std|t j |g|Ri|S)NzmReadWriteScopedResourceMixin requires following scopes {} to be in OAUTH2_PROVIDER["SCOPES"] list in settings) r get_all_scopesr READ_SCOPE WRITE_SCOPEsetissubsetrformatrY__new__)rrSrFprovided_scopesread_write_scopesr`rrrls  z$ReadWriteScopedResourceMixin.__new__cs:|jtvr tj|_ntj|_tj|g|Ri|SN) rWrXSAFE_HTTP_METHODSr rgread_write_scoperhrYrZ)r*r+rSrFr`rrrZ s z%ReadWriteScopedResourceMixin.dispatchcstj|i|}||jgSro)rYr9rq)r*rSrFr1r`rrr9s z'ReadWriteScopedResourceMixin.get_scopes) rKrLrMrNrQrqrlrZr9rcrrr`rres  recrT)ClientProtectedResourceMixinzMixin for protecting resources with client authentication as mentioned in rfc:`3.2.1` This involves authenticating with any of: HTTP Basic Auth, Client Credentials and Access token in that order. Breaks off after first validation. cs|jdkrtj|g|Ri|S||}|s8||\}}|r5|j|_tj|g|Ri|StStj|g|Ri|SrV) rWrXrYrZrJr8r[r\rr]r`rrrZs z%ClientProtectedResourceMixin.dispatchrbrrr`rrrrdrrc$eZdZdZdZfddZZS) OIDCOnlyMixinz Mixin for views that should only be accessible when OIDC is enabled. If OIDC is not enabled: * if DEBUG is True, raises an ImproperlyConfigured exception explaining why * otherwise, returns a 404 response, logging the same warning zgdjango-oauth-toolkit OIDC views are not enabled unless you have configured OIDC_ENABLED in the settingsc:tjstjr t|jt|jtSt j |i|Sro) r OIDC_ENABLEDrDEBUGrdebug_error_messagelogwarningrrYrZrRr`rrrZA   zOIDCOnlyMixin.dispatchrKrLrMrNrxrZrcrrr`rrt2  rtcrs)OIDCLogoutOnlyMixina Mixin for views that should only be accessible when OIDC and OIDC RP-Initiated Logout are enabled. If either is not enabled: * if DEBUG is True, raises an ImproperlyConfigured exception explaining why * otherwise, returns a 404 response, logging the same warning zThe django-oauth-toolkit OIDC RP-Initiated Logout view is not enabled unless you have configured OIDC_RP_INITIATED_LOGOUT_ENABLED in the settingscruro) r OIDC_RP_INITIATED_LOGOUT_ENABLEDrrwrrxryrzrrYrZrRr`rrrZYr{zOIDCLogoutOnlyMixin.dispatchr|rrr`rr~Jr}r~)logging django.confrdjango.core.exceptionsrr django.httprr exceptionsrr1r r getLoggerryrprrPrUrerrrtr~rrrrs"     <#