NwgdZddlZddlZddlmZmZddlmZddlm Z ddl m Z m Z dZGdd eZGd d ZGd d eZGddeZGddeZGddeZy)z+ Provides various authentication policies. N) authenticateget_user_model)CsrfViewMiddleware) gettext_lazy)HTTP_HEADER_ENCODING exceptionsc|jjdd}t|tr|j t }|S)z Return request's 'Authorization:' header, as a bytestring. Hide some test client ickyness where the header can be unicode. HTTP_AUTHORIZATION)METAget isinstancestrencoder)requestauths T/var/www/horilla/myenv/lib/python3.12/site-packages/rest_framework/authentication.pyget_authorization_headerrs9 <<  0# 6D${{/0 Kr ceZdZdZy) CSRFCheckc|SN)selfrreasons r_rejectzCSRFCheck._rejects r N)__name__ __module__ __qualname__rrr rrrsr rceZdZdZdZdZy)BaseAuthenticationzF All authentication classes should extend BaseAuthentication. ctd)zS Authenticate the request and return a two-tuple of (user, token). z#.authenticate() must be overridden.)NotImplementedErrorrrs rrzBaseAuthentication.authenticate&s""GHHr cy)z Return a string to be used as the value of the `WWW-Authenticate` header in a `401 Unauthenticated` response, or `None` if the authentication scheme should return `403 Permission Denied` responses. Nrr$s rauthenticate_headerz&BaseAuthentication.authenticate_header,s r N)rrr__doc__rr&rr rr!r!!sI  r r!c(eZdZdZdZdZddZdZy)BasicAuthenticationz> HTTP Basic authentication against username/password. apict|j}|r|djdk7ryt|dk(r t d}t j |t|dkDr t d}t j | tj|djd}|jd d\}}|j|||S#t$r*tj|djd }YZwxYw#ttttjf$r!t d }t j |wxYw) z Returns a `User` if a correct username and password have been supplied using HTTP Basic authentication. Otherwise returns `None`. rsbasicNz.Invalid basic header. No credentials provided.zCInvalid basic header. Credentials string should not contain spaces.zutf-8zlatin-1:z?Invalid basic header. Credentials not correctly base64 encoded.)rsplitlowerlen_rAuthenticationFailedbase64 b64decodedecodeUnicodeDecodeError TypeError ValueErrorbinasciiErrorauthenticate_credentials)rrrmsg auth_decodeduseridpasswords rrz BasicAuthentication.authenticate;sB (0668tAw}}(2 t9>DEC11#6 6 Y]YZC11#6 6 7 K%//Q8??H  ,11#q9 FH ,,VXwGG& K%//Q8?? J  K:'98>>J 7UVC11#6 6 7s+'C 8D 0DDDDAENctj|d|i}tdd|i|}|tjt d|j stjt d|dfS)z Authenticate the userid and password against username and password with optional request for context. r@rNzInvalid username/password.User inactive or deleted.r)rUSERNAME_FIELDrrr3r2 is_active)rr?r@r credentialsusers rr<z,BasicAuthentication.authenticate_credentialsYsv   + +V  ;G;{; <11!4P2QR R~~11!4O2PQ Qd|r c d|jzS)NzBasic realm="%s")www_authenticate_realmr$s rr&z'BasicAuthentication.authenticate_headerls!D$?$???r r)rrrr'rHrr<r&rr rr)r)5s #H<&@r r)ceZdZdZdZdZy)SessionAuthenticationz< Use Django's session framework for authentication. cxt|jdd}|r |jsy|j||dfS)z{ Returns a `User` if the request session currently has a logged in user. Otherwise returns `None`. rFN)getattr_requestrD enforce_csrfrrrFs rrz"SessionAuthentication.authenticateus@w''64>> '"d|r cd}t|}|j||j|ddi}|rtjd|zy)zK Enforce CSRF validation for session based authentication. cyrr)rs rdummy_get_responsez>SessionAuthentication.enforce_csrf..dummy_get_responsesr NrzCSRF Failed: %s)rprocess_request process_viewrPermissionDenied)rrrRcheckrs rrNz"SessionAuthentication.enforce_csrfsW ,- g&##GT2r: --.?&.HI I r N)rrrr'rrNrr rrJrJps$ Jr rJc2eZdZdZdZdZdZ dZdZdZ y)TokenAuthenticationa Simple token based authentication. Clients should authenticate by passing the token key in the "Authorization" HTTP header, prepended with the string "Token ". For example: Authorization: Token 401f7ac837da42b97f613d789819ff93537bee6a TokenNcB|j |jSddlm}|S)Nr)rY)modelrest_framework.authtoken.modelsrY)rrYs r get_modelzTokenAuthentication.get_models :: !:: 9 r ct|j}|r<|dj|jjj k7ryt |dk(r t d}tj|t |dkDr t d}tj| |dj}|j|S#t$r!t d}tj|wxYw)Nrr,z.Invalid token header. No credentials provided.r-z=Invalid token header. Token string should not contain spaces.zIInvalid token header. Token string should not contain invalid characters.) rr/r0keywordrr1r2rr3r6 UnicodeErrorr<)rrrr=tokens rrz TokenAuthentication.authenticates'0668tAw}}$,,*<*<*>*E*E*GG t9>DEC11#6 6 Y]STC11#6 6 7GNN$E ,,U33  7_`C11#6 6 7s 6C*Dc`|j} |jjdj|}|jjst j td|j|fS#|j$rt j tdwxYw)NrF)keyzInvalid token.rB) r]objectsselect_relatedr DoesNotExistrr3r2rFrD)rrcr[ras rr<z,TokenAuthentication.authenticate_credentialss  GMM008<<<EEzz##11!4O2PQ Q E"" !! G11!4D2EF F Gs +A??.B-c|jSr)r_r$s rr&z'TokenAuthentication.authenticate_headers ||r ) rrrr'r_r[r]rr<r&rr rrXrXs,G E 4* #r rXceZdZdZdZdZy)RemoteUserAuthenticationa REMOTE_USER authentication. To use this, set up your web server to perform authentication, which will set the REMOTE_USER environment variable. You will need to have 'django.contrib.auth.backends.RemoteUserBackend in your AUTHENTICATION_BACKENDS setting REMOTE_USERct||jj|j}|r|jr|dfSyy)N)r remote_user)rr r headerrDrOs rrz%RemoteUserAuthentication.authenticates;G9I9I$++9VW DNN$< #4r N)rrrr'rmrrr rririsF r ri)r'r4r:django.contrib.authrrdjango.middleware.csrfrdjango.utils.translationrr2rest_frameworkrrrrr!r)rJrXrirr rrrsu<56; "   (8@,8@v$J.$JN<,<~ 1 r