o &zh@sddlmZmZddlmZddlmZmZddlm Z ddl m Z ddl m Z ddlmZddlmZd efd d Zd efd d Zd eefddZd efddZGddde jZGddde jjZGddde jZdS))ListOptional)settings)check_password make_password)models)Q)timezone) gettext_lazy) get_adapterreturncCst}|}|SN)r generate_client_id)adapter client_idrR/var/www/html/kangema/venv/lib/python3.10/site-packages/allauth/idp/oidc/models.pydefault_client_id srcCst}|}t|Sr )r generate_client_secretr)r client_secretrrrdefault_client_secretsrcCsttddd|dDS)NcSsg|]}|qSr)strip).0srrr sz%_values_from_text.. )listfiltersplit)textrrr_values_from_textsr cCst|tr t|d|S)Nr) isinstancestr ValueErrorjoin)valuesrrr_values_to_texts  r&c@s@eZdZGdddejZGdddejZejddeddZ ejdd Z ejd e d Z ej ed d dZej eddddZejdejejdZej ejeddZej ddddZej deddddZej deddZejejddejdZejdddZej e!j"d Z#ej$ddd!d"Z%Gd#d$d$Z&d%e'e(fd&d'Z)d(e'e(fd)d*Z*d%e'e(fd+d,Z+d(e'e(fd-d.Z,d%e'e(fd/d0Z-d1e'e(d%d!fd2d3Z.d%e'e(fd4d5Z/d1e'e(d%d!fd6d7Z0d%e'e(fd8d9Z1d:e'e(d%d!fd;d<Z2d%e'e(fd=d>Z3d?e'e(fd@dAZ4dIdBdCZ5dDe(d%e6fdEdFZ7d%e(fdGdHZ8d!S)JClientc@s<eZdZdedfZdedfZdedfZdedfZd S) zClient.GrantTypeauthorization_codeAuthorization codez,urn:ietf:params:oauth:grant-type:device_codez Device codeclient_credentialszClient credentials refresh_token Refresh tokenN)__name__ __module__ __qualname___AUTHORIZATION_CODE DEVICE_CODECLIENT_CREDENTIALS REFRESH_TOKENrrrr GrantType$s    r5c@s$eZdZdedfZdedfZdS)z Client.Type confidential ConfidentialpublicPublicN)r-r.r/r0 CONFIDENTIALPUBLICrrrrType*s r<Tdz Client ID) primary_key max_lengthdefault verbose_namer?)r?r@zxThe scope(s) the client is allowed to request. Provide one value per line, e.g.: openid(ENTER)profile(ENTER)email(ENTER)openid) help_textr@zIn case the client does not specify any scope, these default scopes are used. Provide one value per line, e.g.: openid(ENTER)profile(ENTER)email(ENTER))rEr@blank)r?r@choiceszA list of allowed grant types. Provide one value per line, e.g.: authorization_code(ENTER)client_credentials(ENTER)refresh_token(ENTER))r@rEz9A list of allowed redirect (callback) URLs, one per line.)rErGr@zBA list of allowed origins for cross-origin requests, one per line.zCORS allowed origins)rGrEr@rAcodezdA list of allowed response types. Provide one value per line, e.g.: code(ENTER)id_token token(ENTER))rGnull on_deleteFz5Flag to allow skip the consent screen for this clientr@NrGrKr@c@seZdZedZedZdS)z Client.MetaclientclientsN)r-r.r/r0rAverbose_name_pluralrrrrMetajs rRr cC t|jSr )r redirect_urisselfrrrget_redirect_urisn zClient.get_redirect_urisuriscCt||_dSr )r&rTrVrYrrrset_redirect_urisqzClient.set_redirect_uriscCrSr )r cors_originsrUrrrget_cors_originstrXzClient.get_cors_originscCrZr )r&r^r[rrrset_cors_originswr]zClient.set_cors_originscCrSr r scopesrUrrr get_scopeszrXzClient.get_scopesrbcCrZr r&rbrVrbrrr set_scopes}r]zClient.set_scopescCrSr )r default_scopesrUrrrget_default_scopesrXzClient.get_default_scopescCrZr )r&rgrerrrset_default_scopesr]zClient.set_default_scopescCrSr )r response_typesrUrrrget_response_typesrXzClient.get_response_typesrjcCrZr )r&rj)rVrjrrrset_response_typesr]zClient.set_response_typescCrSr )r grant_typesrUrrrget_grant_typesrXzClient.get_grant_typesrmcCrZr )r&rm)rVrmrrrset_grant_typesr]zClient.set_grant_typescCrZr )rsecretrVrprrr set_secretr]zClient.set_secretrpcCs t||jSr )rrprqrrr check_secrets zClient.check_secretcCs|jSr )idrUrrr__str__szClient.__str__)r N)9r-r.r/r TextChoicesr5r< CharFieldrrtnamerrp TextFieldr0rbrgr:rItyper1rmrTr^rj ForeignKeyrAUTH_USER_MODELCASCADEowner BooleanField skip_consent DateTimeFieldr now created_at JSONFielddatarRrr"rWr\r_r`rcrfrhrirkrlrnrorrboolrsrurrrrr'#s   r'c@s*eZdZddZdefddZddZdS) TokenQuerySetcCs|tddttdBS)NT)expires_at__isnull)expires_at__gt)rrr rrUrrrvalidszTokenQuerySet.validvaluecCs|jt|dS)N)hash)rr hash_token)rVrrrrby_valueszTokenQuerySet.by_valuecCs||j|dS)N)rz)rrrfirst)rVrzrrrrlookupszTokenQuerySet.lookupN)r-r.r/rr"rrrrrrrs rc@seZdZeZGdddejZej dej dZ ej ddZ ej eejdddZej ejejdddZejddd d Zejejd Zejdddd Zejd d ZGdddZdefddZde efddZ!de edd fddZ"dedd fddZ#de$efddZ%d S)Tokenc@seZdZdZdZdZdZdS)z Token.Type)iazInitial access token)atz Access token)rtr,)acr)N)r-r.r/INITIAL_ACCESS_TOKEN ACCESS_TOKENr4r1rrrrr<s r<)r?rIrBT)rLrGrKNrNrM)rGrKdb_indexrFc@seZdZdZdS)z Token.Meta))rzrN)r-r.r/unique_togetherrrrrrRsrRr cCs"|jr |d|jS|S)Nz for user #)user_idget_type_displayrUrrrrusz Token.__str__cCrSr rarUrrrrcrXzToken.get_scopesrbcCrZr rdrerrrrfr]zToken.set_scopesemailcCs|jduri|_||jd<dS)zx In case a specific email was chosen to be exposed to the client, store that using this method. Nr)r)rVrrrrset_scope_emails zToken.set_scope_emailcCst|jtsdS|jdS)z Returns the email that was selected when the email scope was granted. Note that this may e outdated, as the user can change email addresses at any time. Nr)r!rdictgetrUrrrget_scope_emails  zToken.get_scope_email)&r-r.r/r as_managerobjectsrrvr<rwrIrzrr{r'r}rOrr|userrrrr rr expires_atryrbrRr"rurrcrfrrrrrrrrs&    rN)typingrr django.confrdjango.contrib.auth.hashersrr django.dbrdjango.db.modelsr django.utilsr django.utils.translationr r0allauth.idp.oidc.adapterr r"rrr r&Modelr'queryQuerySetrrrrrrs      y