o &zh;@s(ddlmZddlmZmZddlmZmZddlm Z ddl m Z ddl m Z ddlmZmZddlmZmZmZmZmZdd lmZdd lmZdd lmZdd lmZdd lm Z ddl!m"Z"ddl#m$Z$ddl%m&Z&ddl'm(Z(ddl)m*Z*ddl+m,Z,m-Z-ddl.m/Z0ddl1m2Z2ddl3m4Z4ddl5m6Z6ddl7m8Z8m9Z9ddl:m/Z/ddl;mZ>m?Z?m@Z@ddlAmBZBddlCmDZDmEZEddlFmGZGmHZHmIZImJZJddlKmLZLddlMmNZNee2d d!Gd"d#d#e"ZOeOPZQee$d d!ee&d d!ee2d d!Gd$d%d%e(ZReRPZSee&d d!ee2d d!Gd&d'd'e"ZTeTPZUee&d d!ee d d!Gd(d)d)e"ZVeVPZWee&d d!ee2d d!Gd*d+d+e"ZXeXPZYee2d d!Gd,d-d-e"ZZeZPZ[ee2d d!Gd.d/d/e"Z\e\PZ]ee&d d!ee2d d!Gd0d1d1e"Z^e^PZ_d2S)3) HTTPStatus)ListOptional)REDIRECT_FIELD_NAMEget_user_model)login_required)get_current_site)PermissionDenied) BadSignatureSigner) HttpRequest HttpResponseHttpResponseForbiddenHttpResponseRedirect JsonResponse)CsrfViewMiddleware)render)reverse)method_decorator) urlencode)View)xframe_options_deny) csrf_exempt)FormView)errors)InvalidScopeError OAuth2Error) app_settings)login_not_required)str_to_user_id)jwkkit)add_query_paramsdel_query_params) get_adapter)AuthorizationFormConfirmCodeFormDeviceAuthorizationForm) device_codes)get_device_server get_server)convert_responseextract_paramsrespond_html_errorrespond_json_error)Client)build_absolute_uridispatch)namec@s&eZdZddZdeefddZdS)ConfigurationViewc Csxt|tdt|tdt|tdt|tdt|tdt|tdt|dgdgd }t|}d |d <|S) Nidp:oidc:authorizationzidp:oidc:device_codezidp:oidc:revokezidp:oidc:tokenzidp:oidc:userinfoz idp:oidc:jwkspublicRS256) authorization_endpointdevice_authorization_endpointrevocation_endpointtoken_endpointuserinfo_endpointjwks_uriissuerresponse_types_supportedsubject_types_supported%id_token_signing_alg_values_supported*Access-Control-Allow-Origin)r/rr# get_issuer_get_response_types_supportedr)selfrequestdataresponserHQ/var/www/html/kangema/venv/lib/python3.10/site-packages/allauth/idp/oidc/views.pyget7s,  zConfigurationView.getreturncCs6t}tjdD] }||q tt|S)Nresponse_types) setr.objectsonlyiteratorupdateget_response_typeslistsorted)rDrLclientrHrHrIrCPs z/ConfigurationView._get_response_types_supportedN)__name__ __module__ __qualname__rJrstrrCrHrHrHrIr25sr2cseZdZeZdejZfddZfddZ de e fddZ d e d eede fd d Zd dZddZdeffdd ZddZddZfddZZS)AuthorizationViewzidp/oidc/authorization_form.c s||}|r |St|j}z%t}|j|\|_|_d|jddvr2|j|d|ji}t |WSWn2t j yK}z t ||WYd}~Sd}~wt j ye}zt||jWYd}~Sd}~ww|jdjjrq|Stj|g|Ri|S)NnonepromptrHscopesrE)_login_requiredr+rEr)validate_authorization_request_scopes _request_inforJcreate_authorization_responser*rFatalClientErrorr,rrin_uri redirect_urirU skip_consent _skip_consentsuper) rDrEargskwargsrGorequestserver oresponsee __class__rHrIrJas6    zAuthorizationView.getcs|jd}|sttdd|jS||}|r|Stddd|ddi}|r4td|Szt }| |\|_ |_ Wn t yKtw|jd d krX|Stj|g|Ri|S) NrEr3?cSsdSNrH)reqrHrHrIsz(AuthorizationView.post..) get_responserHz CSRF Failed: actiongrant)POSTrJrrrr^r process_viewrr unsign_objectr`rar r _respond_with_access_deniedrhpost)rDrErirjsigned_request_inforGreasonsignerrorHrIr|zs,   zAuthorizationView.postrKcCsVg}|jd}|r|}d|vr|||Sd|vrdS|jjr$dStd|S)Nr\loginr[)GETrJsplit_handle_login_promptuseris_authenticatedr)rDrEpromptsr\rHrHrIr^s  z!AuthorizationView._login_requiredrErcCsd|d|}|rt|dd|i}nt|d}i}||t<t|jjr(dnd}t t||S)Nrr\ account_reauthenticate account_login) remove get_full_pathr!joinr"rrrrr)rDrErnext_urlparamspathrHrHrIrs  z&AuthorizationView._handle_login_promptcCsJ|jdj}|}|dd|d<|jdi|}|s t||S)NrEznot-relevant-for-skip-consent)r]rErFrH)rar]get_form_kwargs form_classis_validr form_valid)rDr] form_kwargsformrHrHrIrgs   zAuthorizationView._skip_consentcCs:|jd}|jd}ddi}|r||d<tt||S)Nrestateerror access_denied)rarJrr!)rDrerrrHrHrIr{s  z-AuthorizationView._respond_with_access_deniedcs$t}||j|jjd|S)N)requested_scopesr)rhrrQr`rEr)rDretrorHrIrs z!AuthorizationView.get_form_kwargscCsTt}i}|j}|dd|d}t|trt||d<||j|f|d<|S)NrEr\) r rapoprJ isinstancerMrS sign_objectr`)rDrr request_infor\rHrHrI get_initials    zAuthorizationView.get_initialc Cst|j}|jd}d|jji}||jz|jd}|r#||d<tj|||d}t |WSt j yJ}z t |j|WYd}~Sd}~ww)Nr]remail)r] credentials) r+rE cleaned_datarrQrarJr)rbr*rrcr,)rDrrkr]rrrmrnrHrHrIrs      zAuthorizationView.form_validc s<tjdi|}|tjj|jddt|jd|S)N client_idid)rUsiterH) rhget_context_datarQr.rNrJrarrE)rDrjrrorHrIrsz"AuthorizationView.get_context_data)rVrWrXr$raccount_settingsTEMPLATE_EXTENSION template_namerJr|rr r^r rrYrrgr{dictrrrr __classcell__rHrHrorIrZZs&       rZc@seZdZdedefddZdS)DeviceCodeViewrErKc Ost|}z?tj|\}}}|tjkrB|jd}d} d|jvr;|jd} tjj |d} t |  t | s;t t|| |Wnty^} zt| jd| jdWYd} ~ Sd} ~ wwt|||S)Nrscoperapplication/json content_typestatus)r+r($create_device_authorization_responserOKrxrr.rNrJrMissubset get_scopesrr'createrr json status_coder*) rDrErirjrkheadersrFrrrrUrnrHrHrIr|s*      zDeviceCodeView.postN)rVrWrXr r r|rHrHrHrIrsrc@s*eZdZddZdededefddZdS) DeviceAuthorizationViewcOs^d|jvrt|j}|r|||jd|j|jSnt}|tdd}t|dt j |S)Ncodeidp:oidc:device_authorization)rautorization_urlz(idp/oidc/device_authorization_code_form.) rr%r_dispatch_authorizationr device_coderUrrrr)rDrErirjrcontextrHrHrIr0s*  z DeviceAuthorizationView.dispatch user_coderrUc Cs||d}|jdkr4t|j}|r3|jddk}tj|j||d|r(d}nd}t||t j |Snt}t dd t d |i|d <t|d t j |S) N)rrUrxrvconfirm)rz(idp/oidc/device_authorization_confirmed.z%idp/oidc/device_authorization_denied.rrqrrz+idp/oidc/device_authorization_confirm_form.) methodr&rxrrr'confirm_or_deny_device_coderrrrrr) rDrErrrUrrrrrHrHrIr.s>    z/DeviceAuthorizationView._dispatch_authorizationN)rVrWrXr0rYr.rrHrHrHrIrsrc@sBeZdZddZd deefddZdeefddZd d ZdS) TokenViewcCs(|jdtjjkr||S||S)N grant_type)rxrJr. GrantType DEVICE_CODE_post_device_token_create_token_response)rDrErHrHrIr|Ys  zTokenView.postNrFcs,t|}tfddgdj|}t|S)Ncs |Srr) _pre_token)rkrFrDrHrIrtas z2TokenView._create_token_response..) pre_token)r+r)create_token_responser*)rDrErFrkrmrHrrIr^sz TokenView._create_token_responsecCsP|jtjjkr&|dus J|d}r||_tjjt|dd|_ dSdS)Nrr)pk) rr.rrrJrrrNrr)rDrkrFrrHrHrIres   zTokenView._pre_tokenc CsRzt|}Wnty"}zt|jd|jdWYd}~Sd}~ww|||S)Nrr)r'poll_device_coderr rrr)rDrErFrnrHrHrIrns  zTokenView._post_device_tokenrr) rVrWrXr|rrrrrrHrHrHrIrUs  rc@eZdZddZdS) UserInfoViewc CsNt|}z tj|}t|WSty&}z t||WYd}~Sd}~wwrr)r+r)create_userinfo_responser*rr-)rDrErkrmrnrHrHrIrJs  zUserInfoView.getNrVrWrXrJrHrHrHrIr| rc@r)JwksViewc OsBg}tjfD]}t|\}}||qtd|i}d|d<|S)Nkeysr@rA)r PRIVATE_KEYr load_jwk_from_pemappendr) rDrErirjrpemjwk_rGrHrHrIrJs   z JwksView.getNrrHrHrHrIrs rc@r) RevokeViewcOst|}tj|}t|Srr)r+r)create_revocation_responser*)rDrErirjrkrmrHrHrIr|s zRevokeView.postN)rVrWrXr|rHrHrHrIrrrN)`httprtypingrrdjango.contrib.authrrdjango.contrib.auth.decoratorsrdjango.contrib.sites.shortcutsrdjango.core.exceptionsr django.core.signingr r django.httpr r rrrdjango.middleware.csrfrdjango.shortcutsr django.urlsrdjango.utils.decoratorsrdjango.utils.httpr django.viewsr$django.views.decorators.clickjackingrdjango.views.decorators.csrfrdjango.views.generic.editroauthlib.oauth2.rfc6749roauthlib.oauth2.rfc6749.errorsrrallauth.accountrr#allauth.account.internal.decoratorsr allauth.account.internal.userkitrallauth.core.internalr allauth.core.internal.httpkitr!r"allauth.idp.oidcallauth.idp.oidc.adapterr#allauth.idp.oidc.formsr$r%r&"allauth.idp.oidc.internal.oauthlibr')allauth.idp.oidc.internal.oauthlib.serverr(r)(allauth.idp.oidc.internal.oauthlib.utilsr*r+r,r-allauth.idp.oidc.modelsr. allauth.utilsr/r2as_view configurationrZ authorizationrrrdevice_authorizationrtokenr user_inforjwksrrevokerHrHrHrIs~                        !       <  "