o ^[2h@sddlZddlZddlmZddlmZddlmZddlmZddlmZddlm Z e d Z e d Z d d Z d d ZddZGdddZdS)N)to_bytes) to_unicode)urlsafe_b64encode)InvalidGrantError)InvalidRequestError) OAuth2Requestz^[a-zA-Z0-9\-._~]{43,128}$cCs tt|d}tt|S)z8Create S256 code_challenge with the given code_verifier.ascii)hashlibsha256rdigestrr) code_verifierdatarq/home/skpark/git/infrasmart_work/infrasmart/venv/lib/python3.10/site-packages/authlib/oauth2/rfc7636/challenge.pycreate_s256_code_challenges rcCs||kSNrr code_challengerrrcompare_plain_code_challengesrcCs t||kSr)rrrrrcompare_s256_code_challenges rc@sXeZdZdZdZddgZeedZdddZ dd Z d d Z d d Z ddZ ddZdS) CodeChallengeaCodeChallenge extension to Authorization Code Grant. It is used to improve the security of Authorization Code flow for public clients by sending extra "code_challenge" and "code_verifier" to the authorization server. The AuthorizationCodeGrant SHOULD save the ``code_challenge`` and ``code_challenge_method`` into database when ``save_authorization_code``. Then register this extension via:: server.register_grant(AuthorizationCodeGrant, [CodeChallenge(required=True)]) plainS256)rrTcCs ||_dSr)required)selfrrrr__init__8s zCodeChallenge.__init__cCs |d|j|d|jdS)N,after_validate_authorization_request_payloadafter_validate_token_request) register_hookvalidate_code_challengevalidate_code_verifier)rgrantrrr__call__;szCodeChallenge.__call__cCs|j}|jjd}|jjd}|s|sdS|stdt|jjdgdkr-tdt|s6td|rA||j vrAtdt|jjdgdkrQtddS) Nrcode_challenge_methodzMissing 'code_challenge'z%Multiple 'code_challenge' in request.zInvalid 'code_challenge'z#Unsupported 'code_challenge_method'z,Multiple 'code_challenge_method' in request.) requestpayloadrgetrlendatalistCODE_CHALLENGE_PATTERNmatchSUPPORTED_CODE_CHALLENGE_METHOD)rr" redirect_urir& challengemethodrrrr Es  z%CodeChallenge.validate_code_challengec Cs|j}|jd}|jr|jdkr|std|j}||}|s%|s%dS|s+tdt |s4td| |}|dur@|j }|j |}|sPt d|d|||sZtdddS) Nr nonezMissing 'code_verifier'zInvalid 'code_verifier'zNo verify method for ''zCode challenge failed.) description)r&formr(r auth_methodrauthorization_code get_authorization_code_challengeCODE_VERIFIER_PATTERNr,'get_authorization_code_challenge_methodDEFAULT_CODE_CHALLENGE_METHODCODE_CHALLENGE_METHODS RuntimeErrorr) rr"resultr&verifierr6r/r0funcrrrr![s*       z$CodeChallenge.validate_code_verifiercC|jS)a[Get "code_challenge" associated with this authorization code. Developers MAY re-implement it in subclass, the default logic:: def get_authorization_code_challenge(self, authorization_code): return authorization_code.code_challenge :param authorization_code: the instance of authorization_code )rrr6rrrr7 z.CodeChallenge.get_authorization_code_challengecCr@)apGet "code_challenge_method" associated with this authorization code. Developers MAY re-implement it in subclass, the default logic:: def get_authorization_code_challenge_method(self, authorization_code): return authorization_code.code_challenge_method :param authorization_code: the instance of authorization_code )r$rArrrr9rBz5CodeChallenge.get_authorization_code_challenge_methodN)T)__name__ __module__ __qualname____doc__r:r-rrr;rr#r r!r7r9rrrrr!s   $ r)r reauthlib.common.encodingrrrrfc6749rrrcompiler8r+rrrrrrrrs