o &zh,@sddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl m Z ddlmZdd lmZdd lmZdd lmZdd lmZd dZddZddZddZddZddZddZddZdS))urlparse)cache)ImproperlyConfigured)Http404)reverse urlencode)OneLogin_Saml2_Auth)OneLogin_Saml2_Constants) OneLogin_Saml2_IdPMetadataParser) get_adapter) SocialApp) SAMLProvidercCs:t}z |j|tj|dWStjytd|w)N)provider client_idz"no SocialApp found with client_id=)r get_appridr DoesNotExistr)requestorganization_slugadapterre/var/www/html/kangema/venv/lib/python3.10/site-packages/allauth/socialaccount/providers/saml/utils.pyget_app_or_404srcCs8|rdnd|jd|jd|j|jd}|S)Nonoff HTTP_HOST PATH_INFO)https http_host script_nameget_data post_data) is_secureMETAGETcopyPOST)rresultrrrprepare_django_requestsr)c Cs|td|gd}|td|gd}|td|gd}|di}|d}|p,||tjd|tjdd}|d i} | d durL| d |d <| d rW| d |d <| d durd| d |d<| ddurq| d|d<|S)Nsaml_acs)argssaml_sls saml_metadatasp entity_id)urlbinding)entityIdassertionConsumerServicesingleLogoutServiceadvancedx509cert x509cert_new x509certNew private_key privateKeyname_id_format NameIDFormat)build_absolute_urirgetr BINDING_HTTP_POSTBINDING_HTTP_REDIRECT) rprovider_configorgacs_urlsls_url metadata_url _sp_config sp_entity_id sp_configavdrrrbuild_sp_config(s.        rJcCsd|d}|d}d|d|}t|}|dur0tj|||ddd}t|||dd |S) NrEr/zsaml.metadata..metadata_request_timeout )r/timeoutmetadata_cache_timeouti@8)rr>r parse_remoteset) idp_configrEr/ cache_key saml_configrrrfetch_metadata_url_configLs    rUc Cs|di}id|ddd|dtjd|ddd |d dd dd |d tjd|ddd|ddd|ddd|ddd|ddd|ddd|ddd|ddd|d dd!|d"dd#|d$d|d%d|d&dd'}|d(d|d)}|d*}|r||d+<|d,}|r||d,<|d-}|durtd.|d/} | rt|} | d-|d-<n|d0|d1d2|d3id4|d-<|d5} | rd2| i|d-d6<t||||d7<|S)8Nr5authnRequestsSignedauthn_request_signedFdigestAlgorithmdigest_algorithmlogoutRequestSignedlogout_request_signedlogoutResponseSignedlogout_response_signedrequestedAuthnContextsignatureAlgorithmsignature_algorithm signMetadatametadata_signedwantAssertionsEncryptedwant_assertion_encryptedwantAssertionsSignedwant_assertion_signedwantMessagesSignedwant_message_signednameIdEncryptedname_id_encryptedwantNameIdEncryptedwant_name_id_encryptedallowSingleLabelDomainsallow_single_label_domainsrejectDeprecatedAlgorithmreject_deprecated_algorithmT wantNameId want_name_idwantAttributeStatementwant_attribute_statementallowRepeatAttributeNameallow_repeat_attribute_namemetadata_valid_untilmetadata_cache_duration)metadataValidUntilmetadataCacheDurationstrict)r{securitycontact_person contactPerson organizationidpz `idp` missingrEr/r6r0sso_url)r2r6singleSignOnServiceslo_urlr4r.)r>r SHA256 RSA_SHA256rrUrJ) rrArBrIsecurity_configrTr}rrrE meta_configrrrrbuild_saml_config_s                        rcCsd|i}t|S)Nstater)rparamsrrrencode_relay_statesrcCs6d}|rt|}|js|js|jr|jdr|}|S)zAccording to the spec, RelayState need not be a URL, yet, ``onelogin.saml2` exposes it as ``return_to -- The target URL the user should be redirected to after login``. Also, for an IdP initiated login sometimes a URL is used. N/)rschemenetlocpath startswith) relay_statenext_urlpartsrrrdecode_relay_states rcCs*t|}t||jj|jj}t||}|S)N)r)rappsettingsrr )rrreqconfigauthrrr build_auths rN) urllib.parserdjango.core.cacherdjango.core.exceptionsr django.httpr django.urlsrdjango.utils.httpronelogin.saml2.authr onelogin.saml2.constantsr "onelogin.saml2.idp_metadata_parserr allauth.socialaccount.adapterr allauth.socialaccount.modelsr -allauth.socialaccount.providers.saml.providerrrr)rJrUrrrrrrrrs(             $;