i[f&ddlmZddlmZddlmZddlmZddlmZddlm Z ddlm Z dd lm Z dd l m Z Gd d Zd S))default_json_headers) JoseError)ClientMetadataClaims) scope_to_list)AccessDeniedError)InvalidClientError)InvalidRequestError)UnauthorizedClientError)InvalidClientMetadataErrorceZdZdZeZdZdZdZdZ dZ dZ dZ d Z d Zd Zd Zd ZdZdZdZdZdZdZdS)ClientConfigurationEndpointclient_configurationc||_dSN)server)selfrs S/var/www/piapp/venv/lib/python3.11/site-packages/authlib/oauth2/rfc7592/endpoint.py__init__z$ClientConfigurationEndpoint.__init__s  c,||Sr)create_configuration_responserrequests r__call__z$ClientConfigurationEndpoint.__call__s11':::rc||}|st||_||}|s&|||t d|||std||_|j dkr| ||S|j dkr| ||S|j dkr| ||SdS)Ni) status_codeiGETDELETEPUT) authenticate_tokenr credentialauthenticate_clientrevoke_access_tokenr check_permissionr clientmethodcreate_read_client_responsecreate_delete_client_responsecreate_update_client_response)rrtokenr&s rrz9ClientConfigurationEndpoint.create_configuration_responses''00 &#%% %"))'22 6  $ $We 4 4 4$555 5$$VW55 ;*c::: : >U " "33FGDD D ^x ' '55fgFF F ^u $ $55fgFF F% $rc6|j|Sr)rcreate_json_requestrs rcreate_endpoint_requestz3ClientConfigurationEndpoint.create_endpoint_request7s{..w777rc||}||||d|tfS)N)introspect_clientupdate!generate_client_registration_infor)rr&rbodys rr(z7ClientConfigurationEndpoint.create_read_client_response:sE%%f-- D::67KKLLLD...rc@|||ddg}dd|fS)N)z Cache-Controlzno-store)Pragmazno-cache) delete_client)rr&rheaderss rr)z9ClientConfigurationEndpoint.create_delete_client_response?s4 67+++ ) " Brcd}|D]}||jvrt|jd}|st||krtd|jvr.||jdst||}||||}|||S)N)registration_access_tokenregistration_client_uriclient_secret_expires_atclient_id_issued_at client_id client_secret)datar get get_client_idcheck_client_secretextract_client_metadata update_clientr()rr&rmust_not_includekr@client_metadatas rr*z9ClientConfigurationEndpoint.create_update_client_responseGs  " , ,AGL  )+++!L$$[11  (%'' ' ,,.. . .%'' ' gl * *--gl?.KLL ,)+++66w??##FOWEE//@@@rcP|j}|}||i||} |n&#t $r}t|jd}~wwxYw| Sr) rBcopyget_claims_options claims_classget_server_metadatavalidaterr descriptionget_registered_claims)rr json_dataoptionsclaimserrors rrFz3ClientConfigurationEndpoint.extract_client_metadatagsL%%'' ))++""9b'4;S;S;U;UVV @ OO     @ @ @,U->?? ? @++---sA.. B8B  Bc |}|siS|d |d|d|d}i} t  fd}d|i|d<tfd}d|i|d <tfd }d|i|d <|d |i|d <|S)Nscopes_supportedresponse_types_supportedgrant_types_supported%token_endpoint_auth_methods_supportedcn|sdStt|}|S)NT)setr issuperset)rUvaluescopesrXs r_validate_scopezGClientConfigurationEndpoint.get_claims_options.._validate_scopes9 4]51122'226:::rrPscopecHt|Srr^r])rUr_rYs r_validate_response_typeszPClientConfigurationEndpoint.get_claims_options.._validate_response_typess/::3u::FFFrresponse_typescHt|Srrd)rUr_rZs r_validate_grant_typeszMClientConfigurationEndpoint.get_claims_options.._validate_grant_typess,77E CCCr grant_typesvaluestoken_endpoint_auth_method)rOrCr]) rmetadataauth_methods_supportedrTrarerhrZrYrXs @@@rrMz.ClientConfigurationEndpoint.get_claims_optionsrsZ++-- I#<<(:;;#+<<0J#K#K ( -D E E!).U!V!V  '"#344  ; ; ; ; ; !+O$> ! D D D D D'12G%HGM " ! -5=?U4VG0 1rc"i|j|jSr) client_inforJ)rr&s rr1z-ClientConfigurationEndpoint.introspect_clients?&$?(>??rct)aGenerate ```registration_client_uri`` and ``registration_access_token`` for RFC7592. By default this method returns the values sent in the current request. Developers MUST rewrite this method to return different registration information.:: def generate_client_registration_info(self, client, request):{ access_token = request.headers['Authorization'].split(' ')[1] return { 'registration_client_uri': request.uri, 'registration_access_token': access_token, } :param client: the instance of OAuth client :param request: formatted request instance NotImplementedErrorrr&rs rr3z=ClientConfigurationEndpoint.generate_client_registration_infos "###rct)aLAuthenticate current credential who is requesting to register a client. Developers MUST implement this method in subclass:: def authenticate_token(self, request): auth = request.headers.get('Authorization') return get_token_by_auth(auth) :return: token instance rqrs rr!z.ClientConfigurationEndpoint.authenticate_token"###rct)a4Read a client from the request payload. Developers MUST implement this method in subclass:: def authenticate_client(self, request): client_id = request.data.get('client_id') return Client.get(client_id=client_id) :return: client instance rqrs rr#z/ClientConfigurationEndpoint.authenticate_clientrurct)aRevoke a token access in case an invalid client has been requested. Developers MUST implement this method in subclass:: def revoke_access_token(self, token, request): token.revoked = True token.save() rq)rr+rs rr$z/ClientConfigurationEndpoint.revoke_access_token"###rct)a Checks wether the current client is allowed to be accessed, edited or deleted. Developers MUST implement it in subclass, e.g.:: def check_permission(self, client, request): return client.editable :return: boolean rqrss rr%z,ClientConfigurationEndpoint.check_permissionrxrct)a2Delete authorization code from database or cache. Developers MUST implement it in subclass, e.g.:: def delete_client(self, client, request): client.delete() :param client: the instance of OAuth client :param request: formatted request instance rqrss rr9z)ClientConfigurationEndpoint.delete_clientrurct)aUpdate the client in the database. Developers MUST implement this method in subclass:: def update_client(self, client, client_metadata, request): client.set_client_metadata({**client.client_metadata, **client_metadata}) client.save() return client :param client: the instance of OAuth client :param client_metadata: a dict of the client claims to update :param request: formatted request instance :return: client instance rq)rr&rJrs rrGz)ClientConfigurationEndpoint.update_clients"###rct)zeReturn server metadata which includes supported grant types, response types and etc. rq)rs rrOz/ClientConfigurationEndpoint.get_server_metadatas"###rN)__name__ __module__ __qualname__ ENDPOINT_NAMErrNrrrr.r(r)r*rFrMr1r3r!r#r$r%r9rGrOrrrr s9*M(L;;;GGG>888///    AAA@ . . .(((T@@@$$$$ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $$$$"$$$$$rrN)authlib.constsr authlib.joserrfc7591.claimsrrfc6749rrr r r rfc7591r rrrrrs//////""""""111111######''''''(((((())))))------000000t$t$t$t$t$t$t$t$t$t$r