o g=@sdZddlZddlmZddlmZddlmZddlm Z m Z ddl m Z m Z mZmZmZmZddlmZGd d d eZGd d d eZGd ddeZGdddeZGdddeZdS)z flask_httpauth ================== This module provides Basic and Digest HTTP authentication for Flask routes. :copyright: (C) 2014 by Miguel Grinberg. :license: MIT, see LICENSE for more details. N) b64decodewraps)md5)Random SystemRandom)request make_responsesessiongResponse current_app) Authorizationc@sxeZdZdddZddZddZdd Zd d Zd d ZddZ ddZ ddZ dddZ ddZ ddZddZdS)HTTPAuthNcCsP||_|pd|_||_d|_d|_d|_dd}dd}||||dS)NzAuthentication RequiredcSsdSN)usernamerrc/var/www/primordialfields.com/dashboard_backend/venv/lib/python3.10/site-packages/flask_httpauth.pydefault_get_passwordsz/HTTPAuth.__init__..default_get_passwordcSsd|fS)NzUnauthorized Accessr)statusrrrdefault_auth_errorz-HTTPAuth.__init__..default_auth_error)schemerealmheaderget_password_callbackget_user_roles_callbackauth_error_callback get_password error_handler)selfrrrrrrrr__init__s  zHTTPAuth.__init__cCs\|jdus |jdkr)ztjdddd\}}Wn ty#YdSw||jkS|j|vS)NrF)rrheadersgetsplit ValueErrorr)r r$r_rrris_compatible_auth%s   zHTTPAuth.is_compatible_authcC ||_|Sr)rr frrrr1zHTTPAuth.get_passwordcCr*r)rr+rrrget_user_roles5r-zHTTPAuth.get_user_rolescs tfdd}|_|S)Ncs`|i|}t|ttf }t|}|r |jdkr d|_d|jvr.|jd<|S)NzWWW-Authenticate) ensure_sync isinstancetupler r status_coder$keysauthenticate_header)argskwargsrescheck_status_coder,r rr decorated:sz)HTTPAuth.error_handler..decorated)rr)r r,r<rr;rr9s zHTTPAuth.error_handlercCsd|j|jS)Nz{0} realm="{1}")formatrrr rrrr6HszHTTPAuth.authenticate_headerc Csd}|jdus |jdkr9tj}|dur8dtjvr8ztjddd\}}t|}||_Wnttfy7Ynwn|jtjvrKt|j }tj|j|_|dur[|j |j kr[d}|S)Nrr#) rr authorizationr$r&rtokenr'KeyErrorrtypelower)r auth auth_typer@rrrget_authKs*     zHTTPAuth.get_authcCs$d}|r|jr||j|j}|Sr)rr1r)r rDpasswordrrrget_auth_passwordjs   zHTTPAuth.get_auth_passwordcCs|durdSt|ttfr|}n|g}|dur|}|jdur"td||j|}|dur1i}nt|ttfs<|h}nt|}|D]}t|ttfrYt|}||@|krXdSqB||vr`dSqBdS)NTz&get_user_roles callback is not defined)r2listr3rr'r1set)r roleuserrDroles user_rolesrrr authorizess2  zHTTPAuth.authorizec@|durdus durtdfdd}|r||S|S)N2role and optional are the only supported argumentsctfdd}|S)Ncs}tjdkrL|}d}||}|dvrd}n ||s&d}s>|r>z|WSty=YSw|durD|n|rI|jndt _  |i|S)NOPTIONS)FNr0iT) rFrmethodrH authenticaterOr TypeErrorrr flask_httpauth_userr1)r7r8rDrGrrLr,optionalrKr rrr<s&        zKHTTPAuth.login_required..login_required_internal..decoratedrr,r<rYrKr r,rlogin_required_internalsz8HTTPAuth.login_required..login_required_internalr'r r,rKrYr]rr[rlogin_requiredszHTTPAuth.login_requiredcCs|}|sdS|jSNr")rFr)r rDrrrrszHTTPAuth.usernamecCttdrtjSdSNrWhasattrr rWr>rrr current_user zHTTPAuth.current_usercCs$zt|WSty|YSwr)r r1AttributeErrorr+rrrr1s   zHTTPAuth.ensure_syncNNN)__name__ __module__ __qualname__r!r)rr.rr6rFrHrOr`rrfr1rrrrrs   ( rcs>eZdZd fdd ZddZddZdd Zd d ZZS) HTTPBasicAuthNcs&tt||pd|d|_d|_dS)NBasic)superrmr!hash_password_callbackverify_password_callback)r rr __class__rrr!s zHTTPBasicAuth.__init__cCr*r)rpr+rrr hash_passwordr-zHTTPBasicAuth.hash_passwordcCr*r)rqr+rrrverify_passwordr-zHTTPBasicAuth.verify_passwordc Cs|jpd}|tjvr dStj|d}z|dd\}}t|dd\}}Wn ttfy4YdSwz |d}|d}Wnt yT|d}|d}Ynwt |||dS)Nrutf-8 r#:latin1)rrG) rrr$encoder&rr'rVdecodeUnicodeDecodeErrorr) r rvaluer credentialsencoded_usernameencoded_passwordrrGrrrrFs0       zHTTPBasicAuth.get_authcCs|r |j}|j}nd}d}|jr||j||S|sdS|jr=z ||j|}Wnty<||j||}Ynw|durN|durNt||rN|jSdSra)rrGrqr1rprVhmaccompare_digest)r rDstored_passwordrclient_passwordrrrrUs@   zHTTPBasicAuth.authenticate)NN) rjrkrlr!rtrurFrU __classcell__rrrrrrms rmcsjeZdZ  dfdd ZddZd d Zd d Zd dZddZddZ ddZ ddZ ddZ Z S)HTTPDigestAuthNFrDMD5c s&tt|pd||_t|trdd|dD_n|_|dkr,d_ n|dkr6d_ nt d |d t _ zj Wn t yVt_ Ynwd_d_d_d_fd d fd d}dd}fdd}dd} |||| dS)NDigestcSsg|]}|qSr)strip).0vrrr sz+HTTPDigestAuth.__init__..,rrzmd5-sessMD5-Sessz Algorithm z is not supportedcsttjdS)Nrv)rstrrandomrz hexdigestrr>rr_generate_randomsz1HTTPDigestAuth.__init__.._generate_randomctd<tdS)N auth_noncer rrrrdefault_generate_nonce" z7HTTPDigestAuth.__init__..default_generate_noncecS*td}|dus |durdSt||S)NrFr r%rr)nonce session_noncerrrdefault_verify_nonce&  z5HTTPDigestAuth.__init__..default_verify_noncecr)N auth_opaquerrrrrdefault_generate_opaque,rz8HTTPDigestAuth.__init__..default_generate_opaquecSr)NrFr)opaquesession_opaquerrrdefault_verify_opaque0rz6HTTPDigestAuth.__init__..default_verify_opaque)rorr! use_ha1_pwr2rr&qoprC algorithmr'rrNotImplementedErrorrgenerate_nonce_callbackverify_nonce_callbackgenerate_opaque_callbackverify_opaque_callbackgenerate_noncegenerate_opaque verify_nonce verify_opaque) r rrrrrrrrrrr)rr rr!s:           zHTTPDigestAuth.__init__cCr*rrr+rrrr;r-zHTTPDigestAuth.generate_noncecCr*r)rr+rrrr?r-zHTTPDigestAuth.verify_noncecCr*rrr+rrrrCr-zHTTPDigestAuth.generate_opaquecCr*r)rr+rrrrGr-zHTTPDigestAuth.verify_opaquecC|Srrr>rrr get_nonceKrzHTTPDigestAuth.get_noncecCrrrr>rrr get_opaqueNrzHTTPDigestAuth.get_opaquecCs,|d|jd|}|d}t|S)N:rv)rrzrr)r rrGa1rrr generate_ha1Qs  zHTTPDigestAuth.generate_ha1c CsL|}|}|jrd|j|j|||jd|jSd|j|j||S)NzB{0} realm="{1}",nonce="{2}",opaque="{3}",algorithm="{4}",qop="{5}"rz({0} realm="{1}",nonce="{2}",opaque="{3}")rrrr=rrrjoin)r rrrrrr6Vs  z"HTTPDigestAuth.authenticate_headerc CsP|r|jr|jr|jr|jr|jr|sdS||jr!||js#dS|jr.|j|jvr.dS|j r4|}n|jd|jd|}t | d }|j dkrat |d|jd|j d }tjd|j}t | d }|jdkr|d|jd|jd|jd|}n |d|jd|}t | d }t||jS)NFrrvrrDz:auth:)rrurirresponserrrrrrrzrrcnoncerrTncrr) r rDstored_password_or_ha1ha1ra2ha2a3rrrrrUcsN    zHTTPDigestAuth.authenticate)NNFrDr)rjrkrlr!rrrrrrrr6rUrrrrrrrs5 rcs.eZdZd fdd ZddZddZZS) HTTPTokenAuthBearerNcstt||||d|_dSr)rorr!verify_token_callback)r rrrrrrrr!s zHTTPTokenAuth.__init__cCr*r)rr+rrr verify_tokenr-zHTTPTokenAuth.verify_tokencCs&t|dd}|jr||j|SdS)Nr@r")getattrrr1)r rDrr@rrrrUs zHTTPTokenAuth.authenticate)rNN)rjrkrlr!rrUrrrrrrrsrc@s&eZdZddZdddZddZdS) MultiAuthcGs||_||_dSr) main_authadditional_auth)r rr7rrrr!s zMultiAuth.__init__NcrP)NrQcrR)NcsPj}jtjsjD] }|tjr|}nq |jd|i|S)N)rKrY)rr)rr$rr`)r7r8 selected_authrDrXrrr<s   zLMultiAuth.login_required..login_required_internal..decoratedrrZr[r\rr]s z9MultiAuth.login_required..login_required_internalr^r_rr[rr`s zMultiAuth.login_requiredcCrbrcrdr>rrrrfrgzMultiAuth.current_userri)rjrkrlr!r`rfrrrrrs  r)__doc__rbase64r functoolsrhashlibrrrrflaskrr r r r r werkzeug.datastructuresrobjectrrmrrrrrrrs     4?|