a Tf=@sdZddlZddlmZddlmZddlmZddlm Z m Z ddl m Z m Z mZmZmZmZddlmZGd d d eZGd d d eZGd ddeZGdddeZGdddeZdS)z flask_httpauth ================== This module provides Basic and Digest HTTP authentication for Flask routes. :copyright: (C) 2014 by Miguel Grinberg. :license: MIT, see LICENSE for more details. N) b64decodewraps)md5)Random SystemRandom)request make_responsesessiongResponse current_app) Authorizationc@sxeZdZdddZddZddZdd Zd d Zd d ZddZ ddZ ddZ dddZ ddZ ddZddZdS)HTTPAuthNcCsP||_|p d|_||_d|_d|_d|_dd}dd}||||dS)NzAuthentication RequiredcSsdSN)usernamerrG/var/www/ai-form-bot/venv/lib/python3.9/site-packages/flask_httpauth.pydefault_get_passwordsz/HTTPAuth.__init__..default_get_passwordcSsd|fS)NzUnauthorized Accessr)statusrrrdefault_auth_errorsz-HTTPAuth.__init__..default_auth_error)schemerealmheaderget_password_callbackget_user_roles_callbackauth_error_callback get_password error_handler)selfrrrrrrrr__init__s  zHTTPAuth.__init__cCs`|jdus|jdkrRztjdddd\}}WntyFYdS0||jkS|j|vSdS)NrF)rrheadersgetsplit ValueErrorr)rr#r_rrris_compatible_auth%s   zHTTPAuth.is_compatible_authcCs ||_|Sr)rrfrrrr1szHTTPAuth.get_passwordcCs ||_|Sr)rr)rrrget_user_roles5szHTTPAuth.get_user_rolescs tfdd}|_|S)Ncs`|i|}t|ttf }t|}|r@|jdkr@d|_d|jvr\|jd<|S)NzWWW-Authenticate) ensure_sync isinstancetupler r status_coder#keysauthenticate_header)argskwargsresZcheck_status_coder*rrr decorated:sz)HTTPAuth.error_handler..decorated)rr)rr*r8rr7rr9s zHTTPAuth.error_handlercCsd|j|jS)Nz{0} realm="{1}")formatrrrrrrr3HszHTTPAuth.authenticate_headerc Csd}|jdus|jdkrrtj}|durdtjvrz(tjddd\}}t|}||_WqttfynYq0n$|jtjvrt|j }tj|j|_|dur|j |j krd}|S)Nrr") rr authorizationr#r%rtokenr&KeyErrorrtypelower)rauthZ auth_typer<rrrget_authKs(    zHTTPAuth.get_authcCs$d}|r |jr ||j|j}|Sr)rr.r)rr@passwordrrrget_auth_passwordjs   zHTTPAuth.get_auth_passwordcCs|dur dSt|ttfr |}n|g}|dur2|}|jdurDtd||j|}|durbi}nt|ttfsx|h}nt|}|D]<}t|ttfrt|}||@|krdSq||vrdSqdS)NTz&get_user_roles callback is not defined)r/listr0rr&r.set)rroleuserr@ZrolesZ user_rolesrrr authorizess,  zHTTPAuth.authorizecs@|dur dusdur tdfdd}|r<||S|S)N2role and optional are the only supported argumentscstfdd}|S)Ncs}tjdkr|}d}||}|dvr:d}n||sLd}s||r|z |WStyzYS0|dur|n |r|jndt _  |i|S)NOPTIONS)FNr-iT) rArmethodrC authenticaterHr TypeErrorrr flask_httpauth_userr.)r4r5r@rBrrGr*optionalrFrrrr8s$       zKHTTPAuth.login_required..login_required_internal..decoratedrr*r8rPrFrr*rlogin_required_internalsz8HTTPAuth.login_required..login_required_internalr&rr*rFrPrTrrRrlogin_requiredszHTTPAuth.login_requiredcCs|}|sdS|jSNr!)rAr)rr@rrrrszHTTPAuth.usernamecCsttdrtjSdSNrNhasattrr rNr:rrr current_users zHTTPAuth.current_usercCs(z t|WSty"|YS0dSr)r r.AttributeErrorr)rrrr.s  zHTTPAuth.ensure_sync)NNN)NNN)__name__ __module__ __qualname__r r(rr+rr3rArCrHrWrr\r.rrrrrs    (rcs>eZdZd fdd ZddZddZdd Zd d ZZS) HTTPBasicAuthNcs&tt||pd|d|_d|_dS)NZBasic)superrar hash_password_callbackverify_password_callback)rrr __class__rrr szHTTPBasicAuth.__init__cCs ||_|Sr)rcr)rrr hash_passwordszHTTPBasicAuth.hash_passwordcCs ||_|Sr)rdr)rrrverify_passwordszHTTPBasicAuth.verify_passwordc Cs|jpd}|tjvrdStj|d}z(|dd\}}t|dd\}}WnttfyhYdS0z|d}|d}Wn&t y|d}|d}Yn0t |||dS)Nrutf-8 r":latin1)rrB) rrr#encoder%rr&rMdecodeUnicodeDecodeErrorr) rrvaluer credentialsZencoded_usernameZencoded_passwordrrBrrrrAs,       zHTTPBasicAuth.get_authcCs|r|j}|j}nd}d}|jr2||j||S|s:dS|jrzz||j|}Wn$tyx||j||}Yn0|dur|durt||r|jSdSrX)rrBrdr.rcrMhmaccompare_digest)rr@stored_passwordrZclient_passwordrrrrLs>    zHTTPBasicAuth.authenticate)NN) r^r_r`r rgrhrArL __classcell__rrrerras racsfeZdZdfdd ZddZd d Zd d Zd dZddZddZ ddZ ddZ ddZ Z S)HTTPDigestAuthNFr@MD5c s&tt|pd||_t|tr>dd|dD_n|_|dkrXd_ n$|dkrld_ nt d |d t _ zj Wnt yt_ Yn0d_d_d_d_fd d fd d}dd}fdd}dd} |||| dS)NDigestcSsg|] }|qSr)strip).0vrrr z+HTTPDigestAuth.__init__..,rrwzmd5-sessMD5-Sessz Algorithm z is not supportedcsttjdS)Nri)rstrrandomrm hexdigestrr:rr_generate_randomsz1HTTPDigestAuth.__init__.._generate_randomcstd<tdS)N auth_noncer rrrrdefault_generate_nonce"s z7HTTPDigestAuth.__init__..default_generate_noncecSs*td}|dus|durdSt||S)NrFr r$rrrs)nonceZ session_noncerrrdefault_verify_nonce&s z5HTTPDigestAuth.__init__..default_verify_noncecstd<tdS)N auth_opaquerrrrrdefault_generate_opaque,s z8HTTPDigestAuth.__init__..default_generate_opaquecSs*td}|dus|durdSt||S)NrFr)opaqueZsession_opaquerrrdefault_verify_opaque0s z6HTTPDigestAuth.__init__..default_verify_opaque)rbrvr use_ha1_pwr/rr%qopr? algorithmr&rrNotImplementedErrorrgenerate_nonce_callbackverify_nonce_callbackgenerate_opaque_callbackverify_opaque_callbackgenerate_noncegenerate_opaque verify_nonce verify_opaque) rrrrrrrrrrre)rrrr s8          zHTTPDigestAuth.__init__cCs ||_|Srrr)rrrr;szHTTPDigestAuth.generate_noncecCs ||_|Sr)rr)rrrr?szHTTPDigestAuth.verify_noncecCs ||_|Srrr)rrrrCszHTTPDigestAuth.generate_opaquecCs ||_|Sr)rr)rrrrGszHTTPDigestAuth.verify_opaquecCs|Srrr:rrr get_nonceKszHTTPDigestAuth.get_noncecCs|Srrr:rrr get_opaqueNszHTTPDigestAuth.get_opaquecCs,|d|jd|}|d}t|S)N:ri)rrmrr)rrrBa1rrr generate_ha1Qs zHTTPDigestAuth.generate_ha1c CsP|}|}|jr8d|j|j|||jd|jSd|j|j||SdS)NzB{0} realm="{1}",nonce="{2}",opaque="{3}",algorithm="{4}",qop="{5}"r~z({0} realm="{1}",nonce="{2}",opaque="{3}")rrrr9rrrjoin)rrrrrrr3Vs  z"HTTPDigestAuth.authenticate_headerc CsR|r&|jr&|jr&|jr&|jr&|jr&|s*dS||jrB||jsFdS|jr\|j|jvr\dS|j rh|}n*|jd|jd|}t | d }|j dkrt |d|jd|j d }tjd|j}t | d }|jdkr|d|jd|jd|jd|}n|d|jd|}t | d }t||jS)NFrrirr@z:auth:)rrurirresponserrrrrrrmrrcnoncerrKncrrrs) rr@Zstored_password_or_ha1Zha1rZa2Zha2a3rrrrrLcsJ     zHTTPDigestAuth.authenticate)NNFr@rw)r^r_r`r rrrrrrrr3rLrurrrerrvs5 rvcs.eZdZd fdd ZddZddZZS) HTTPTokenAuthBearerNcstt||||d|_dSr)rbrr verify_token_callback)rrrrrerrr szHTTPTokenAuth.__init__cCs ||_|Sr)rr)rrr verify_tokenszHTTPTokenAuth.verify_tokencCs&t|dd}|jr"||j|SdS)Nr<r!)getattrrr.)rr@rtr<rrrrLs zHTTPTokenAuth.authenticate)rNN)r^r_r`r rrLrurrrerrsrc@s&eZdZddZdddZddZdS) MultiAuthcGs||_||_dSr) main_authadditional_auth)rrr4rrrr szMultiAuth.__init__Ncs@|dur dusdur tdfdd}|r<||S|S)NrIcstfdd}|S)NcsPj}jtjs4jD]}|tjr|}q4q|jd|i|S)N)rFrP)rr(rr#rrW)r4r5Z selected_authr@rOrrr8s  zLMultiAuth.login_required..login_required_internal..decoratedrrQrRrSrrTs z9MultiAuth.login_required..login_required_internalrUrVrrRrrWs zMultiAuth.login_requiredcCsttdrtjSdSrYrZr:rrrr\s zMultiAuth.current_user)NNN)r^r_r`r rWr\rrrrrs r)__doc__rrbase64r functoolsrhashlibrrrrZflaskrr r r r r Zwerkzeug.datastructuresrobjectrrarvrrrrrrs      4?|