o cZh;@sdZddlZddlZddlmZmZddlmZddlm Z ddl m Z m Z ddZGd d d eZGd d d ZGd ddeZGdddeZGdddeZGdddeZdS)z+ Provides various authentication policies. N) authenticateget_user_model)CsrfViewMiddleware) gettext_lazy)HTTP_HEADER_ENCODING exceptionscCs&|jdd}t|tr|t}|S)z Return request's 'Authorization:' header, as a bytestring. Hide some test client ickyness where the header can be unicode. ZHTTP_AUTHORIZATION)METAget isinstancestrencoder)requestauthrT/var/www/html/lang_env/lib/python3.10/site-packages/rest_framework/authentication.pyget_authorization_headers  rc@seZdZddZdS) CSRFCheckcCs|SNr)selfrreasonrrr_rejectszCSRFCheck._rejectN)__name__ __module__ __qualname__rrrrrrs rc@ eZdZdZddZddZdS)BaseAuthenticationzF All authentication classes should extend BaseAuthentication. cCstd)zS Authenticate the request and return a two-tuple of (user, token). z#.authenticate() must be overridden.)NotImplementedErrorrrrrrr&szBaseAuthentication.authenticatecCsdS)z Return a string to be used as the value of the `WWW-Authenticate` header in a `401 Unauthenticated` response, or `None` if the authentication scheme should return `403 Permission Denied` responses. Nrrrrrauthenticate_header,sz&BaseAuthentication.authenticate_headerN)rrr__doc__rrrrrrr!s rc@s.eZdZdZdZddZd ddZdd ZdS) BasicAuthenticationz> HTTP Basic authentication against username/password. apic Cst|}|r|ddkrdSt|dkr!td}t|t|dkr0td}t|z'z t|d d}Wnt yPt|d d }Ynw| d }Wnt t t jfyktd }t|w|d|d}}||||S) z Returns a `User` if a correct username and password have been supplied using HTTP Basic authentication. Otherwise returns `None`. rsbasicNz.Invalid basic header. No credentials provided.zCInvalid basic header. Credentials string should not contain spaces.zutf-8zlatin-1:z?Invalid basic header. Credentials not correctly base64 encoded.)rsplitlowerlen_rAuthenticationFailedbase64 b64decodedecodeUnicodeDecodeError partition TypeErrorbinasciiErrorauthenticate_credentials)rrrmsgZ auth_decodedZ auth_partsuseridpasswordrrrr;s,       z BasicAuthentication.authenticateNcCsTtj|d|i}tdd|i|}|durttd|js&ttd|dfS)z Authenticate the userid and password against username and password with optional request for context. r6rNzInvalid username/password.User inactive or deleted.r)rZUSERNAME_FIELDrrr*r) is_active)rr5r6r credentialsuserrrrr3Ysz,BasicAuthentication.authenticate_credentialscCs d|jS)NzBasic realm="%s")www_authenticate_realmrrrrrls z'BasicAuthentication.authenticate_headerr)rrrr r;rr3rrrrrr!5s   r!c@r)SessionAuthenticationz< Use Django's session framework for authentication. cCs.t|jdd}|r |jsdS|||dfS)z{ Returns a `User` if the request session currently has a logged in user. Otherwise returns `None`. r:N)getattr_requestr8 enforce_csrfrrr:rrrrus   z"SessionAuthentication.authenticatecCs@dd}t|}||||ddi}|rtd|dS)zK Enforce CSRF validation for session based authentication. cSsdSrr)rrrrdummy_get_responsesz>SessionAuthentication.enforce_csrf..dummy_get_responseNrzCSRF Failed: %s)rprocess_requestZ process_viewrZPermissionDenied)rrrAcheckrrrrr?s z"SessionAuthentication.enforce_csrfN)rrrr rr?rrrrr<ps r<c@s:eZdZdZdZdZddZ ddZdd Zd d Z dS) TokenAuthenticationa Simple token based authentication. Clients should authenticate by passing the token key in the "Authorization" HTTP header, prepended with the string "Token ". For example: Authorization: Token 401f7ac837da42b97f613d789819ff93537bee6a TokenNcCs |jdur|jSddlm}|S)Nr)rE)modelZrest_framework.authtoken.modelsrE)rrErrr get_models  zTokenAuthentication.get_modelcCst|}|r|d|jkrdSt|dkr&td}t|t|dkr5td}t|z|d }Wnt yMtd}t|w| |S)Nrr#z.Invalid token header. No credentials provided.r$z=Invalid token header. Token string should not contain spaces.zIInvalid token header. Token string should not contain invalid characters.) rr&r'keywordr r(r)rr*r- UnicodeErrorr3)rrrr4tokenrrrrs        z TokenAuthentication.authenticatecCs`|}z |jdj|d}Wn|jyttdw|jj s+ttd|j|fS)Nr:)keyzInvalid token.r7) rGobjectsZselect_relatedr Z DoesNotExistrr*r)r:r8)rrKrFrJrrrr3s z,TokenAuthentication.authenticate_credentialscCs|jSr)rHrrrrrsz'TokenAuthentication.authenticate_header) rrrr rHrFrGrr3rrrrrrDs  rDc@seZdZdZdZddZdS)RemoteUserAuthenticationa REMOTE_USER authentication. To use this, set up your web server to perform authentication, which will set the REMOTE_USER environment variable. You will need to have 'django.contrib.auth.backends.RemoteUserBackend in your AUTHENTICATION_BACKENDS setting Z REMOTE_USERcCs0t||j|jd}|r|jr|dfSdSdS)N)rZ remote_user)rr r headerr8r@rrrrs z%RemoteUserAuthentication.authenticateN)rrrr rNrrrrrrMs rM)r r+r1Zdjango.contrib.authrrZdjango.middleware.csrfrZdjango.utils.translationrr)Zrest_frameworkrrrrrr!r<rDrMrrrrs   ;'?