o ^[2h:4@sddlmZddlmZddlmZddlmZddlmZddlm Z ddlm Z dd l m Z dd l m Z dd lmZdd lmZdd lmZGddde ZddZdS))ContinueIteration) deprecate)ClientAuthentication)InvalidScopeError) OAuth2Error)UnsupportedGrantTypeError)UnsupportedResponseTypeError)Hookable)hooked) JsonRequest) OAuth2Request) scope_to_listcseZdZdZd4fdd ZddZddZ    d5d d Zd d Zd6ddZ ddZ ddZ ddZ ddZ defddZdefddZddZd d!Zd4d"d#Zd$d%Zed&d'Zd7d(d)Zd*d+Zd4d,d-Zed8d.d/Zd4d0d1Zd2d3ZZS)9AuthorizationServerzAuthorization server that handles Authorization Endpoint and Token Endpoint. :param scopes_supported: A list of supported scopes by this authorization server. Ncs8t||_i|_d|_g|_g|_i|_g|_dSN) super__init__scopes_supported_token_generators _client_auth_authorization_grants _token_grants _endpoints _extensions)selfr __class__|/home/skpark/git/infrasmart_work/infrasmart/venv/lib/python3.10/site-packages/authlib/oauth2/rfc6749/authorization_server.pyrs  zAuthorizationServer.__init__cCt)zQuery OAuth client by client_id. The client model class MUST implement the methods described by :class:`~authlib.oauth2.rfc6749.ClientMixin`. NotImplementedError)r client_idrrr query_client!sz AuthorizationServer.query_clientcCr)z:Define function to save the generated token into database.r )rtokenrequestrrr save_token(zAuthorizationServer.save_tokenTcCs<|j|}|s|jd}|std|||||||dS)aGenerate the token dict. :param grant_type: current requested grant_type. :param client: the client that making the request. :param user: current authorized user. :param expires_in: if provided, use this value as expires_in. :param scope: current requested scope. :param include_refresh_token: should refresh_token be included. :return: Token dict defaultzNo configured token generator) grant_typeclientuserscope expires_ininclude_refresh_token)rget RuntimeError)rr)r*r+r,r-r.funcrrrgenerate_token,s  z"AuthorizationServer.generate_tokencCs||j|<dS)ayRegister a function as token generator for the given ``grant_type``. Developers MUST register a default token generator with a special ``grant_type=default``:: def generate_bearer_token( grant_type, client, user=None, scope=None, expires_in=None, include_refresh_token=True, ): token = {"token_type": "Bearer", "access_token": ...} if include_refresh_token: token["refresh_token"] = ... ... return token authorization_server.register_token_generator( "default", generate_bearer_token ) If you register a generator for a certain grant type, that generator will only works for the given grant type:: authorization_server.register_token_generator( "client_credentials", generate_bearer_token, ) :param grant_type: string name of the grant type :param func: a function to generate token N)r)rr)r1rrrregister_token_generatorPs#z,AuthorizationServer.register_token_generatorr$cCs*|jdur|jrt|j|_||||S)zAuthenticate client via HTTP request information with the given methods, such as ``client_secret_basic``, ``client_secret_post``. N)rr#r)rr%methodsendpointrrrauthenticate_clientus z'AuthorizationServer.authenticate_clientcCs.|jdur|jrt|j|_|j||dS)atAdd more client auth method. The default methods are: * none: The client is a public client and does not have a client secret * client_secret_post: The client uses the HTTP POST parameters * client_secret_basic: The client uses HTTP Basic :param method: Name of the Auth method :param func: Function to authenticate the client The auth method accept two parameters: ``query_client`` and ``request``, an example for this method:: def authenticate_client_via_custom(query_client, request): client_id = request.headers["X-Client-Id"] client = query_client(client_id) do_some_validation(client) return client authorization_server.register_client_auth_method( "custom", authenticate_client_via_custom ) N)rr#rregister)rmethodr1rrrregister_client_auth_method}s z/AuthorizationServer.register_client_auth_methodcCs|j||dSr)rappend)r extensionrrrregister_extensionsz&AuthorizationServer.register_extensioncCsdS)zFReturn a URI for the given error, framework may implement this method.Nrrr%errorrrr get_error_urisz!AuthorizationServer.get_error_uricOr)z]Framework integration can re-implement this method to support signal system. r )rnameargskwargsrrr send_signalszAuthorizationServer.send_signalreturncCr)zThis method MUST be implemented in framework integrations. It is used to create an OAuth2Request instance. :param request: the "request" instance in framework :return: OAuth2Request instance r rr%rrrcreate_oauth2_requestz)AuthorizationServer.create_oauth2_requestcCr)zThis method MUST be implemented in framework integrations. It is used to create an HttpRequest instance. :param request: the "request" instance in framework :return: HttpRequest instance r rErrrcreate_json_requestrGz'AuthorizationServer.create_json_requestcCr)z=Return HTTP response. Framework MUST implement this function.r )rstatusbodyheadersrrrhandle_responser'z#AuthorizationServer.handle_responsecCs8|r|jrtt|}t|j|stdSdSdS)zValidate if requested scope is supported by Authorization Server. Developers CAN re-write this method to meet your needs. N)rsetr issupersetr)rr,scopesrrrvalidate_requested_scopes  z,AuthorizationServer.validate_requested_scopecCs<t|dr |j||ft|dr|j||fdSdS)aRegister a grant class into the endpoint registry. Developers can implement the grants in ``authlib.oauth2.rfc6749.grants`` and register with this method:: class AuthorizationCodeGrant(grants.AuthorizationCodeGrant): def authenticate_user(self, credential): # ... authorization_server.register_grant(AuthorizationCodeGrant) :param grant_cls: a grant class. :param extensions: extensions for the grant class. check_authorization_endpointcheck_token_endpointN)hasattrrr:r)r grant_cls extensionsrrrregister_grants  z"AuthorizationServer.register_grantcCs8t|tr ||}n||_|j|jg}||dS)zAdd extra endpoint to authorization server. e.g. RevocationEndpoint:: authorization_server.register_endpoint(RevocationEndpoint) :param endpoint_cls: A endpoint class or instance. N) isinstancetypeserverr setdefault ENDPOINT_NAMEr:)rr5 endpointsrrrregister_endpoints  z%AuthorizationServer.register_endpointcCsN|jD]\}}||rt||||Sqtd|jjd|jj|jjd)zFind the authorization grant for current request. :param request: OAuth2Request instance. :return: grant instance zThe response type 'z!' is not supported by the server.) redirect_uri)rrQ _create_grantr payload response_typer^rr%rTrUrrrget_authorization_grants z+AuthorizationServer.get_authorization_grantc CsXz||}||_||}|||W|Sty+}z|jj|_d}~ww)zValidate current HTTP request for authorization page. This page is designed for resource owner to grant or deny the authorization. N)rFr+rc&validate_no_multiple_request_parametervalidate_consent_requestrr`state)rr%end_usergrantr>rrrget_consent_grants     z%AuthorizationServer.get_consent_grantcCs8|jD]\}}||rt||||Sqt|jj)zFind the token grant for current request. :param request: OAuth2Request instance. :return: grant instance )rrRr_rr`r)rbrrrget_token_grants   z#AuthorizationServer.get_token_grantc Cs||jvr td|d|j|}|D]3}||}z |j||WSty.YqtyG}z|||WYd}~Sd}~wwdS)zValidate endpoint request and create endpoint response. :param name: Endpoint name :param request: HTTP request instance. :return: Response z There is no 'z ' endpoint.N)rr0create_endpoint_requestrLrrhandle_error_response)rr@r%r\r5r>rrrcreate_endpoint_responses    z,AuthorizationServer.create_endpoint_responsec Cst|ts ||}|s7tdddz||}Wnty6}z|jj|_|||WYd}~Sd}~wwz| }| ||}|j |}Wnt ye}z|jj|_|||}WYd}~nd}~ww| d||S)zValidate authorization request and create authorization response. :param request: HTTP request instance. :param grant_user: if granted, it is resource owner. If denied, it is None. :returns: Response z,The 'grant' parameter will become mandatory.z1.8)versionNafter_authorization_response)rWr rFrrcr r`rfrlvalidate_authorization_requestcreate_authorization_responserLr execute_hook)rr% grant_userrhr>r^rAresponserrrrq-s,      z1AuthorizationServer.create_authorization_responsec Cs||}z||}Wnty$}z |||WYd}~Sd}~wwz||}|j|WStyK}z |||WYd}~Sd}~ww)ziValidate token request and create token response. :param request: HTTP request instance N)rFrjrrlvalidate_token_requestcreate_token_responserLr)rr%rhr>rArrrrvLs  z)AuthorizationServer.create_token_responsecCs|j||||Sr)rLr?r=rrrrl^sz)AuthorizationServer.handle_error_responser)NNNT)r$)NN)NNN)__name__ __module__ __qualname____doc__rr#r&r2r3r6r9r<r?rCr rFr rHrLrPrVr]r rcrirjrmrqrvrl __classcell__rrrrrs>  $ %        rcCs$|||}|r|D]}||q |Srr)rTrUr%rYrhextrrrr_bs  r_N)authlib.common.errorsrauthlib.deprecaterr6rerrorsrrrr hooksr r requestsr r utilrrr_rrrrs            T