o h@sddlZddlmZddlmZmZddlmZddlm Z ddl m Z ddl m Z ddlmZdd lmZmZdd lmZdd lmZdd lmZmZmZeed ididdZeed ididdZeed ididdZeed ididdZ eed ididdZ!eed ididdZ"d"ddZ#GdddeZ$e%e$Z&e%e$Z'Gd d!d!e Z(e e()Z*dS)#N)settings)PermissionDeniedValidationError)method_decorator) csrf_exempt)View)login_not_required) get_adapter)complete_social_loginrender_authentication_error)jwtkit) OAuth2Error) OAuth2AdapterOAuth2CallbackViewOAuth2LoginViewSOCIALACCOUNT_PROVIDERSgoogle CERTS_URLz*https://www.googleapis.com/oauth2/v1/certs IDENTITY_URLz-https://www.googleapis.com/oauth2/v2/userinfoACCESS_TOKEN_URLz#https://oauth2.googleapis.com/token AUTHORIZE_URLz,https://accounts.google.com/o/oauth2/v2/authID_TOKEN_ISSUERzhttps://accounts.google.comFETCH_USERINFOFTcCstj|tt|jtj|dS)N) credentialkeys_urlissueraudience lookup_kidverify_signature)r verify_and_decoderr client_idlookup_kid_pem_x509_certificate)apprrr#c/var/www/html/pos/venv/lib/python3.10/site-packages/allauth/socialaccount/providers/google/views.py_verify_and_decode=sr%c@s<eZdZdZeZeZeZ e Z e Z ddZddZddZdS) GoogleOAuth2Adapterrc Kspd}|d}|r(|||}|jr'd|vr'||j}|d} | r'| |d<n||j}|||} | S)Nid_tokenpicture)get_decode_id_tokenfetch_userinfo_fetch_user_infotoken get_providersociallogin_from_response) selfrequestr"r-responsekwargsdatar'infor(loginr#r#r$complete_loginPs     z"GoogleOAuth2Adapter.complete_logincCs|j }t|||dS)aB If the token was received by direct communication protected by TLS between this library and Google, we are allowed to skip checking the token signature according to the OpenID Connect Core 1.0 specification. https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation )r)did_fetch_access_tokenr%)r0r"r'rr#r#r$r*_sz$GoogleOAuth2Adapter._decode_id_tokencCs6tj|jdd|id}|jstd|S)N Authorizationz Bearer {})headerszRequest to user info failed)r get_requests_sessionr) identity_urlformatokr json)r0 access_tokenrespr#r#r$r,js z$GoogleOAuth2Adapter._fetch_user_infoN)__name__ __module__ __qualname__ provider_idraccess_token_urlr authorize_urlrid_token_issuerrr<rr+r7r*r,r#r#r#r$r&Hs r&cs<eZdZeefddZddZddZddZZ S) LoginByTokenViewc sht|_|j|tj|_zt|WStt j t t fy3}zt ||j|dWYd}~Sd}~ww)N) exception)r adapterr.r&rEprovidersuperdispatchr requestsRequestExceptionrrr )r0r1exc __class__r#r$rN}s zLoginByTokenView.dispatchcCstd)N405)r)r0r1r#r#r$r)szLoginByTokenView.getcOs2|||jd}|j|d|i}t||S)Nrr') check_csrfPOSTr)rL verify_tokenr )r0r1argsr3rr6r#r#r$posts   zLoginByTokenView.postcCsD|jd}|s td|jd}|std||kr tddS)N g_csrf_tokenzNo CSRF token in Cookie.zNo CSRF token in post body.z&Failed to verify double submit cookie.)COOKIESr)rrV)r0r1csrf_token_cookiecsrf_token_bodyr#r#r$rUs  zLoginByTokenView.check_csrf) rBrCrDrrrNr)rYrU __classcell__r#r#rRr$rI|s rI)T)+rO django.confrdjango.core.exceptionsrrdjango.utils.decoratorsrdjango.views.decorators.csrfrdjango.views.genericr#allauth.account.internal.decoratorsrallauth.socialaccount.adapterr allauth.socialaccount.helpersr r allauth.socialaccount.internalr -allauth.socialaccount.providers.oauth2.clientr ,allauth.socialaccount.providers.oauth2.viewsrrrgetattrr)rrrrrrr%r& adapter_view oauth2_loginoauth2_callbackrIas_viewlogin_by_tokenr#r#r#r$sT                0 (