o Dfz.@sfddlmZddlmZddlmZmZddlmZm Z m Z m Z ddl m Z GdddZd d Zd S) )ContinueIteration)ClientAuthentication) OAuth2Request JsonRequest) OAuth2ErrorInvalidScopeErrorUnsupportedResponseTypeErrorUnsupportedGrantTypeError) scope_to_listc@seZdZdZd2ddZddZddZ  d3d d Zd d Zd4ddZ ddZ ddZ ddZ de fddZdefddZddZd2ddZd2d d!Zd"d#Zd$d%Zd5d&d'Zd(d)Zd2d*d+Zd5d,d-Zd2d.d/Zd0d1ZdS)6AuthorizationServerzAuthorization server that handles Authorization Endpoint and Token Endpoint. :param scopes_supported: A list of supported scopes by this authorization server. NcCs(||_i|_d|_g|_g|_i|_dSN)scopes_supported_token_generators _client_auth_authorization_grants _token_grants _endpoints)selfrrd/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth2/rfc6749/authorization_server.py__init__s  zAuthorizationServer.__init__cCt)zQuery OAuth client by client_id. The client model class MUST implement the methods described by :class:`~authlib.oauth2.rfc6749.ClientMixin`. NotImplementedError)r client_idrrr query_clientsz AuthorizationServer.query_clientcCr)z:Define function to save the generated token into database.r)rtokenrequestrrr save_token"zAuthorizationServer.save_tokenTcCs<|j|}|s|jd}|std|||||||dS)aGenerate the token dict. :param grant_type: current requested grant_type. :param client: the client that making the request. :param user: current authorized user. :param expires_in: if provided, use this value as expires_in. :param scope: current requested scope. :param include_refresh_token: should refresh_token be included. :return: Token dict defaultzNo configured token generator) grant_typeclientuserscope expires_ininclude_refresh_token)rget RuntimeError)rr"r#r$r%r&r'funcrrrgenerate_token&s  z"AuthorizationServer.generate_tokencCs||j|<dS)aRegister a function as token generator for the given ``grant_type``. Developers MUST register a default token generator with a special ``grant_type=default``:: def generate_bearer_token(grant_type, client, user=None, scope=None, expires_in=None, include_refresh_token=True): token = {'token_type': 'Bearer', 'access_token': ...} if include_refresh_token: token['refresh_token'] = ... ... return token authorization_server.register_token_generator('default', generate_bearer_token) If you register a generator for a certain grant type, that generator will only works for the given grant type:: authorization_server.register_token_generator('client_credentials', generate_bearer_token) :param grant_type: string name of the grant type :param func: a function to generate token N)r)rr"r*rrrregister_token_generator>sz,AuthorizationServer.register_token_generatorrcCs*|jdur|jrt|j|_||||S)zAuthenticate client via HTTP request information with the given methods, such as ``client_secret_basic``, ``client_secret_post``. N)rrr)rrmethodsendpointrrrauthenticate_clientWs z'AuthorizationServer.authenticate_clientcCs.|jdur|jrt|j|_|j||dS)afAdd more client auth method. The default methods are: * none: The client is a public client and does not have a client secret * client_secret_post: The client uses the HTTP POST parameters * client_secret_basic: The client uses HTTP Basic :param method: Name of the Auth method :param func: Function to authenticate the client The auth method accept two parameters: ``query_client`` and ``request``, an example for this method:: def authenticate_client_via_custom(query_client, request): client_id = request.headers['X-Client-Id'] client = query_client(client_id) do_some_validation(client) return client authorization_server.register_client_auth_method( 'custom', authenticate_client_via_custom) N)rrrregister)rmethodr*rrrregister_client_auth_method_s z/AuthorizationServer.register_client_auth_methodcCsdS)zFReturn a URI for the given error, framework may implement this method.Nrrrerrorrrr get_error_urizsz!AuthorizationServer.get_error_uricOr)z]Framework integration can re-implement this method to support signal system. r)rnameargskwargsrrr send_signal~szAuthorizationServer.send_signalreturncCr)zThis method MUST be implemented in framework integrations. It is used to create an OAuth2Request instance. :param request: the "request" instance in framework :return: OAuth2Request instance rrrrrrcreate_oauth2_requestz)AuthorizationServer.create_oauth2_requestcCr)zThis method MUST be implemented in framework integrations. It is used to create an HttpRequest instance. :param request: the "request" instance in framework :return: HttpRequest instance rr;rrrcreate_json_requestr=z'AuthorizationServer.create_json_requestcCr)z=Return HTTP response. Framework MUST implement this function.r)rstatusbodyheadersrrrhandle_responser z#AuthorizationServer.handle_responsecCs<|r|jrtt|}t|j|st|ddSdSdS)zValidate if requested scope is supported by Authorization Server. Developers CAN re-write this method to meet your needs. )stateN)rsetr issupersetr)rr%rCscopesrrrvalidate_requested_scopes   z,AuthorizationServer.validate_requested_scopecCs<t|dr |j||ft|dr|j||fdSdS)aRegister a grant class into the endpoint registry. Developers can implement the grants in ``authlib.oauth2.rfc6749.grants`` and register with this method:: class AuthorizationCodeGrant(grants.AuthorizationCodeGrant): def authenticate_user(self, credential): # ... authorization_server.register_grant(AuthorizationCodeGrant) :param grant_cls: a grant class. :param extensions: extensions for the grant class. check_authorization_endpointcheck_token_endpointN)hasattrrappendr)r grant_cls extensionsrrrregister_grants  z"AuthorizationServer.register_grantcCs8t|tr ||}n||_|j|jg}||dS)zAdd extra endpoint to authorization server. e.g. RevocationEndpoint:: authorization_server.register_endpoint(RevocationEndpoint) :param endpoint_cls: A endpoint class or instance. N) isinstancetypeserverr setdefault ENDPOINT_NAMErK)rr. endpointsrrrregister_endpoints  z%AuthorizationServer.register_endpointcC6|jD]\}}||rt||||Sqt|j)zFind the authorization grant for current request. :param request: OAuth2Request instance. :return: grant instance )rrH _create_grantr response_typerrrLrMrrrget_authorization_grant   z+AuthorizationServer.get_authorization_grantcCs&||}||_||}||S)zValidate current HTTP request for authorization page. This page is designed for resource owner to grant or deny the authorization. )r<r$rZvalidate_consent_request)rrend_usergrantrrrget_consent_grants  z%AuthorizationServer.get_consent_grantcCrV)zFind the token grant for current request. :param request: OAuth2Request instance. :return: grant instance )rrIrWr r"rYrrrget_token_grantr[z#AuthorizationServer.get_token_grantc Cs||jvr td|d|j|}|D]3}||}z |j||WSty.YqtyG}z|||WYd}~Sd}~wwdS)zValidate endpoint request and create endpoint response. :param name: Endpoint name :param request: HTTP request instance. :return: Response z There is no "z " endpoint.N)rr)create_endpoint_requestrBrrhandle_error_response)rr6rrTr.r4rrrcreate_endpoint_responses    z,AuthorizationServer.create_endpoint_responsec Cst|ts ||}z||}Wnty)}z |||WYd}~Sd}~wwz|}|||}|j|WSt yR}z |||WYd}~Sd}~ww)zValidate authorization request and create authorization response. :param request: HTTP request instance. :param grant_user: if granted, it is resource owner. If denied, it is None. :returns: Response N) rOrr<rZr rbvalidate_authorization_requestcreate_authorization_responserBr)rr grant_userr^r4 redirect_urir7rrrres    z1AuthorizationServer.create_authorization_responsec Cs||}z||}Wnty$}z |||WYd}~Sd}~wwz||}|j|WStyK}z |||WYd}~Sd}~ww)ziValidate token request and create token response. :param request: HTTP request instance N)r<r`r rbvalidate_token_requestcreate_token_responserBr)rrr^r4r7rrrris  z)AuthorizationServer.create_token_responsecCs|j||||Sr )rBr5r3rrrrb$sz)AuthorizationServer.handle_error_responser )NNNT)r)NN)__name__ __module__ __qualname____doc__rrrr+r,r/r2r5r9rr<rr>rBrGrNrUrZr_r`rcrerirbrrrrr s4          r cCs$|||}|r|D]}||q |Sr r)rLrMrrQr^extrrrrW(s  rWN)authlib.common.errorsrr/rrequestsrrerrorsrrr r utilr r rWrrrrs