^f;dZddlZddlZddlmZmZddlmZddlm Z ddl m Z m Z dZGdd eZGd d ZGd d eZGddeZGddeZGddeZdS)z+ Provides various authentication policies. N) authenticateget_user_model)CsrfViewMiddleware) gettext_lazy)HTTP_HEADER_ENCODING exceptionsc|jdd}t|tr|t }|S)z Return request's 'Authorization:' header, as a bytestring. Hide some test client ickyness where the header can be unicode. HTTP_AUTHORIZATION)METAget isinstancestrencoder)requestauths O/var/www/html/env/lib/python3.11/site-packages/rest_framework/authentication.pyget_authorization_headerrsE <  0# 6 6D$1{{/00 Kr ceZdZdZdS) CSRFCheckc|SN)selfrreasons r_rejectzCSRFCheck._rejects r N)__name__ __module__ __qualname__rrr rrrs#r rceZdZdZdZdZdS)BaseAuthenticationzF All authentication classes should extend BaseAuthentication. c td)zS Authenticate the request and return a two-tuple of (user, token). z#.authenticate() must be overridden.)NotImplementedErrorrrs rrzBaseAuthentication.authenticate&s""GHHHr cdS)z Return a string to be used as the value of the `WWW-Authenticate` header in a `401 Unauthenticated` response, or `None` if the authentication scheme should return `403 Permission Denied` responses. Nrr$s rauthenticate_headerz&BaseAuthentication.authenticate_header,s r N)rrr__doc__rr&rr rr!r!!s?III      r r!c*eZdZdZdZdZddZdZdS)BasicAuthenticationz> HTTP Basic authentication against username/password. apic:t|}|r|ddkrdSt|dkr#t d}t j|t|dkr#t d}t j| tj|d d}n=#t$r0tj|d d }YnwxYw| d }nC#tttjf$r$t d }t j|wxYw|d|d}}||||S) z Returns a `User` if a correct username and password have been supplied using HTTP Basic authentication. Otherwise returns `None`. rsbasicNz.Invalid basic header. No credentials provided.zCInvalid basic header. Credentials string should not contain spaces.zutf-8zlatin-1:z?Invalid basic header. Credentials not correctly base64 encoded.)rsplitlowerlen_rAuthenticationFailedbase64 b64decodedecodeUnicodeDecodeError partition TypeErrorbinasciiErrorauthenticate_credentials)rrrmsg auth_decoded auth_partsuseridpasswords rrz BasicAuthentication.authenticate;s (006688 tAw}}(224 t99>>DEEC1#66 6 YY]]YZZC1#66 6 7 K%/Q88??HH % K K K%/Q88?? JJ  K%//44JJ-x~> 7 7 7UVVC1#66 6 7&a=*Q-,,VXwGGGs+2-C D3 7DD3DD33AE3Nctj|d|i}tdd|i|}|!tjt d|js!tjt d|dfS)z Authenticate the userid and password against username and password with optional request for context. rArNzInvalid username/password.User inactive or deleted.r)rUSERNAME_FIELDrrr3r2 is_active)rr@rAr credentialsusers rr<z,BasicAuthentication.authenticate_credentialsYs    +V  ;;G;{;; <1!4P2Q2QRR R~ R1!4O2P2PQQ Qd|r cd|jzS)NzBasic realm="%s")www_authenticate_realmr$s rr&z'BasicAuthentication.authenticate_headerls!D$???r r)rrrr'rIrr<r&rr rr)r)5s`#HHH<&@@@@@r r)ceZdZdZdZdZdS)SessionAuthenticationz< Use Django's session framework for authentication. cvt|jdd}|r|jsdS|||dfS)z{ Returns a `User` if the request session currently has a logged in user. Otherwise returns `None`. rGN)getattr_requestrE enforce_csrfrrrGs rrz"SessionAuthentication.authenticateusPw'66 4> 4 '"""d|r cd}t|}||||ddi}|rtjd|zdS)zK Enforce CSRF validation for session based authentication. cdSrr)rs rdummy_get_responsez>SessionAuthentication.enforce_csrf..dummy_get_responses4r NrzCSRF Failed: %s)rprocess_request process_viewrPermissionDenied)rrrScheckrs rrOz"SessionAuthentication.enforce_csrfsz   ,-- g&&&##GT2r::  J-.?&.HII I J Jr N)rrrr'rrOrr rrKrKpsA$ J J J J Jr rKc4eZdZdZdZdZdZ dZdZdZ dS)TokenAuthenticationa Simple token based authentication. Clients should authenticate by passing the token key in the "Authorization" HTTP header, prepended with the string "Token ". For example: Authorization: Token 401f7ac837da42b97f613d789819ff93537bee6a TokenNc.|j|jSddlm}|S)Nr)rZ)modelrest_framework.authtoken.modelsrZ)rrZs r get_modelzTokenAuthentication.get_models) : !: 999999 r cvt|}|rG|d|jkrdSt |dkr#t d}tj|t |dkr#t d}tj| |d }n1#t$r$t d}tj|wxYw| |S)Nrr,z.Invalid token header. No credentials provided.r-z=Invalid token header. Token string should not contain spaces.zIInvalid token header. Token string should not contain invalid characters.) rr/r0keywordrr1r2rr3r6 UnicodeErrorr<)rrrr=tokens rrz TokenAuthentication.authenticates'006688 tAw}}$,*<*<*>*>*E*E*G*GGG4 t99>>DEEC1#66 6 YY]]STTC1#66 6 7GNN$$EE 7 7 7_``C1#66 6 7,,U333s C55.D#cT|} |jd|}n/#|j$r"t jtdwxYw|jj s!t jtd|j|fS)NrG)keyzInvalid token.rC) r^objectsselect_relatedr DoesNotExistrr3r2rGrE)rrdr\rbs rr<z,TokenAuthentication.authenticate_credentialss   GM0088<<<EEEE! G G G1!4D2E2EFF F Gz# R1!4O2P2PQQ Q E""s .A,A1c|jSr)r`r$s rr&z'TokenAuthentication.authenticate_headers |r ) rrrr'r`r\r^rr<r&rr rrYrYskG E 444* # # #r rYceZdZdZdZdZdS)RemoteUserAuthenticationa REMOTE_USER authentication. To use this, set up your web server to perform authentication, which will set the REMOTE_USER environment variable. You will need to have 'django.contrib.auth.backends.RemoteUserBackend in your AUTHENTICATION_BACKENDS setting REMOTE_USERct||j|j}|r |jr|dfSdSdS)N)r remote_user)rr r headerrErPs rrz%RemoteUserAuthentication.authenticatesUG9I9I$+9V9VWWW  DN $<     r N)rrrr'rnrrr rrjrjs4F     r rj)r'r4r:django.contrib.authrrdjango.middleware.csrfrdjango.utils.translationrr2rest_frameworkrrrrr!r)rKrYrjrr rrss <<<<<<<<555555666666;;;;;;;;   "         (8@8@8@8@8@,8@8@8@v$J$J$J$J$J.$J$J$JN<<<<<,<<<~     1     r