o &zh@sddlZddlmZddlmZmZddlmZddlm Z ddl m Z ddl m Z ddlmZdd lmZdd lmZdd lmZmZmZdd lmZmZd dlmZd dlmZGdddeZe edddZ e!eZ"e Z#e!eZ$dS)N) timedelta)HttpResponseNotAllowedHttpResponseRedirect)reverse)timezone) urlencode) csrf_exempt)login_not_required)jwtkit) SocialToken) OAuth2AdapterOAuth2CallbackViewOAuth2LoginView)build_absolute_uriget_request_param)get_apple_session)AppleOAuth2Clientc@sNeZdZeZdZdZdZdZe ddZ ddZ d d Z d d Z dddZd S)AppleOAuth2Adapterapplez$https://appleid.apple.com/auth/tokenz(https://appleid.apple.com/auth/authorizez#https://appleid.apple.com/auth/keyscCs tj||jd|tjd}|S)Nzhttps://appleid.apple.com) credentialkeys_urlissueraudience lookup_kid)r verify_and_decodepublic_key_urlget_audslookup_kid_jwk)clsproviderid_tokendatar#f/var/www/html/kangema/venv/lib/python3.10/site-packages/allauth/socialaccount/providers/apple/views.pyget_verified_identity_datasz-AppleOAuth2Adapter.get_verified_identity_datacCsjt|dd}|dd|_||j}|r"ttt|d|_t | |d}i|||_ |S)N access_token)token refresh_token)secondsr!) r get token_secretexpires_in_keyrnowrint expires_atrr% get_provider user_data)selfr"r' expires_in identity_datar#r#r$ parse_token*s  zAppleOAuth2Adapter.parse_tokencKs4|j}|j||d}|j|jd<t||S)N)requestresponser!)r2r1sociallogin_from_responsestaterdelete)r3r7appr'kwargs extra_dataloginr#r#r$complete_login=s  z!AppleOAuth2Adapter.complete_logincCs4|jdd}zt|WStjyiYSw)Nuserr))apple_login_sessionr+jsonloadsJSONDecodeError)r3r7user_scope_datar#r#r$get_user_scope_dataIs  z&AppleOAuth2Adapter.get_user_scope_dataNc CsZt|}t|d}|j||d}|dd}|dur |jd}i|||d|iS)z8We need to gather the info from the apple specific logincode)pkce_code_verifierr!N)rrget_access_tokenr+storerG) r3r7r<clientrI apple_sessionrHaccess_token_datar!r#r#r$get_access_token_dataRs   z(AppleOAuth2Adapter.get_access_token_data)N)__name__ __module__ __qualname__r client_class provider_idaccess_token_url authorize_urlr classmethodr%r6r@rGrOr#r#r#r$rs    rapple_finish_callbackc Cs|jdkr tdgSt|}gd}i}|D]}t||d}|r$|||<qddg}|D] }t||d|j|<q+t|t|}tdj|t |d} | | | S)a Apple uses a `form_post` response type, which due to CORS/Samesite-cookie rules means this request cannot access the request since the session cookie is unavailable. We work around this by storing the apple response in a separate, temporary session and redirecting to a more normal oauth flow. args: finish_endpoint_name (str): The name of a defined URL, which can be overridden in your url configuration if you have more than one callback endpoint. POST)rHr:errorr)rAr!z {url}?{query})urlquery) methodrrrrKrrrformatrsave) r7finish_endpoint_namerMkeys_to_put_in_url url_paramskeyvaluekeys_to_save_to_sessionr[r8r#r#r$apple_post_callbackhs&    rf)rX)%rCdatetimer django.httprr django.urlsr django.utilsrdjango.utils.httprdjango.views.decorators.csrfr#allauth.account.internal.decoratorsr allauth.socialaccount.internalr allauth.socialaccount.modelsr ,allauth.socialaccount.providers.oauth2.viewsr r r allauth.utilsrrrMrrLrrrf adapter_view oauth2_loginoauth2_callbackoauth2_finish_loginr#r#r#r$s*          P (