o ^[2hT"@srddlmZddlmZddlmZddlmZddlmZddlmZddl m Z dd l m Z Gd d d Z d S) )default_json_headers) JoseError)AccessDeniedError)InvalidClientError)InvalidRequestError)UnauthorizedClientError)InvalidClientMetadataError)ClientMetadataClaimsc@seZdZdZd%ddZddZddZd d Zd d Zd dZ ddZ ddZ ddZ ddZ ddZddZddZddZdd Zd!d"Zd#d$ZdS)&ClientConfigurationEndpointclient_configurationNcCs||_|ptg|_dSN)serverr claims_classes)selfrrrp/home/skpark/git/infrasmart_work/infrasmart/venv/lib/python3.10/site-packages/authlib/oauth2/rfc7592/endpoint.py__init__sz$ClientConfigurationEndpoint.__init__cCs ||Sr )create_configuration_responserrequestrrr__call__s z$ClientConfigurationEndpoint.__call__cCs||}|s t||_||}|s |||tddd|||s,tddd||_|j dkr:| ||S|j dkrE| ||S|j dkrP| ||SdS) Niz)The client does not exist on this server.) status_code descriptioniz7The client does not have permission to read its record.GETDELETEPUT) authenticate_tokenr credentialauthenticate_clientrevoke_access_tokenrcheck_permissionrclientmethodcreate_read_client_responsecreate_delete_client_responsecreate_update_client_response)rrtokenr"rrrrs.          z9ClientConfigurationEndpoint.create_configuration_responsecCs |j|Sr )rcreate_json_requestrrrrcreate_endpoint_request:s z3ClientConfigurationEndpoint.create_endpoint_requestcCs&||}||||d|tfS)N)introspect_clientupdate!generate_client_registration_infor)rr"rbodyrrrr$=s  z7ClientConfigurationEndpoint.create_read_client_responsecCs|||ddg}dd|fS)N)z Cache-Controlzno-store)Pragmazno-cache) delete_client)rr"rheadersrrrr%Bs  z9ClientConfigurationEndpoint.create_delete_client_responsecCsd}|D] }||jjvrtq|jjd}|st||kr%td|jjvr7||jjds7t||}||||}|||S)N)registration_access_tokenregistration_client_uriclient_secret_expires_atclient_id_issued_at client_id client_secret) payloaddatarget get_client_idcheck_client_secretextract_client_metadata update_clientr$)rr"rmust_not_includekr8client_metadatarrrr&Js      z9ClientConfigurationEndpoint.create_update_client_responsec Cs|jj}i}|}|jD]:}t|dr|r||ni}||i||}z|Wnty>}zt |j |d}~ww|j di| q|S)Nget_claims_optionsr) r:r;copyget_server_metadatarhasattrrDvalidaterr rr,get_registered_claims) rr json_datarCserver_metadata claims_classoptionsclaimserrorrrrr?js&     z3ClientConfigurationEndpoint.extract_client_metadatacCsi|j|jSr ) client_inforC)rr"rrrr+}sz-ClientConfigurationEndpoint.introspect_clientcCt)aGenerate ```registration_client_uri`` and ``registration_access_token`` for RFC7592. By default this method returns the values sent in the current request. Developers MUST rewrite this method to return different registration information.:: def generate_client_registration_info(self, client, request):{ access_token = request.headers['Authorization'].split(' ')[1] return { 'registration_client_uri': request.uri, 'registration_access_token': access_token, } :param client: the instance of OAuth client :param request: formatted request instance NotImplementedErrorrr"rrrrr-z=ClientConfigurationEndpoint.generate_client_registration_infocCrQ)aLAuthenticate current credential who is requesting to register a client. Developers MUST implement this method in subclass:: def authenticate_token(self, request): auth = request.headers.get("Authorization") return get_token_by_auth(auth) :return: token instance rRrrrrr z.ClientConfigurationEndpoint.authenticate_tokencCrQ)a<Read a client from the request payload. Developers MUST implement this method in subclass:: def authenticate_client(self, request): client_id = request.payload.data.get("client_id") return Client.get(client_id=client_id) :return: client instance rRrrrrrrVz/ClientConfigurationEndpoint.authenticate_clientcCrQ)aRevoke a token access in case an invalid client has been requested. Developers MUST implement this method in subclass:: def revoke_access_token(self, token, request): token.revoked = True token.save() rR)rr'rrrrr  z/ClientConfigurationEndpoint.revoke_access_tokencCrQ)a Checks whether the current client is allowed to be accessed, edited or deleted. Developers MUST implement it in subclass, e.g.:: def check_permission(self, client, request): return client.editable :return: boolean rRrTrrrr!rWz,ClientConfigurationEndpoint.check_permissioncCrQ)a2Delete authorization code from database or cache. Developers MUST implement it in subclass, e.g.:: def delete_client(self, client, request): client.delete() :param client: the instance of OAuth client :param request: formatted request instance rRrTrrrr2rVz)ClientConfigurationEndpoint.delete_clientcCrQ)a:Update the client in the database. Developers MUST implement this method in subclass:: def update_client(self, client, client_metadata, request): client.set_client_metadata( {**client.client_metadata, **client_metadata} ) client.save() return client :param client: the instance of OAuth client :param client_metadata: a dict of the client claims to update :param request: formatted request instance :return: client instance rR)rr"rCrrrrr@rUz)ClientConfigurationEndpoint.update_clientcCrQ)zeReturn server metadata which includes supported grant types, response types and etc. rR)rrrrrFsz/ClientConfigurationEndpoint.get_server_metadata)NN)__name__ __module__ __qualname__ ENDPOINT_NAMErrrr)r$r%r&r?r+r-rrr r!r2r@rFrrrrr s& $      r N)authlib.constsr authlib.joserrfc6749rrrrrfc7591r rfc7591.claimsr r rrrrs