՟f=dZddlZddlmZddlmZddlmZddlm Z m Z ddl m Z m Z mZmZmZmZddlmZGd d eZGd d eZGd deZGddeZGddeZy)z flask_httpauth ================== This module provides Basic and Digest HTTP authentication for Flask routes. :copyright: (C) 2014 by Miguel Grinberg. :license: MIT, see LICENSE for more details. N) b64decodewraps)md5)Random SystemRandom)request make_responsesessiongResponse current_app) Authorizationc^eZdZddZdZdZdZdZdZdZ d Z d Z dd Z d Z d ZdZy)HTTPAuthNc||_|xsd|_||_d|_d|_d|_d}d}|j ||j|y)NzAuthentication RequiredcyN)usernames I/var/www/cvtools/html/venv/lib/python3.12/site-packages/flask_httpauth.pydefault_get_passwordz/HTTPAuth.__init__..default_get_passwordsc d|fS)NzUnauthorized Accessr)statuss rdefault_auth_errorz-HTTPAuth.__init__..default_auth_errors (&0 0r)schemerealmheaderget_password_callbackget_user_roles_callbackauth_error_callback get_password error_handler)selfrrrrrs r__init__zHTTPAuth.__init__s_ 77  %)"'+$#'   1 ./ -.rc|j|jdk(rC tjjddj dd\}}||j k(S|j|vS#t $rYywxYw)NrF)rr headersgetsplit ValueErrorr)r%r*r_s ris_compatible_authzHTTPAuth.is_compatible_auth%sz ;; $++"@ #OO//DJJ!  T[[( (;;') )   s3A-- A98A9c||_|Sr)r r%fs rr#zHTTPAuth.get_password1%&"rc||_|Sr)r!r1s rget_user_roleszHTTPAuth.get_user_roles5'($rc@tfd}|_|S)Ncj|i|}t|ttf }t |}|r|j dk(rd|_d|j jvrj|j d<|S)NzWWW-Authenticate) ensure_sync isinstancetupler r status_coder*keysauthenticate_header)argskwargsrescheck_status_coder2r%s r decoratedz)HTTPAuth.error_handler..decorated:s%$""1%t6v6C$.sUH4E$F F $C S__%;"%!)9)9);;262J2J2L ./Jr)rr")r%r2rEs`` rr$zHTTPAuth.error_handler9s) q   $- rcNdj|j|jS)Nz{0} realm="{1}")formatrrr%s rr@zHTTPAuth.authenticate_headerHs '' TZZ@@rc>d}|j|jdk(r^tj}|dtjvr tjdj dd\}}t |}||_nS|jtjvr7t |j}tj|j|_|7|jj|jjk7rd}|S#ttf$rYLwxYw)Nrr)) rr authorizationr*r,rtokenr-KeyErrorrtypelower)r%auth auth_typerKs rget_authzHTTPAuth.get_authKs ;; $++"@((D|#w6'.'G'M'Ma(!$Iu(3D!&DJ[[GOO +!-D 5DJ    1T[[5F5F5H HD #H-s8D DDc|d}|r7|jr+|j|j|j}|Sr)rr;r )r%rOpasswords rget_auth_passwordzHTTPAuth.get_auth_passwordjs; DMMCt''(B(BC Hrc|yt|ttfr|}n|g}|dur|}|j t d|j |j|}|i}n%t|ttfs|h}n t |}|D]4}t|ttfrt |}||z|k(s-y||vs4yy)NTz&get_user_roles callback is not defined)r<listr=r!r-r;set)r%roleuserrOroles user_roless r authorizezHTTPAuth.authorizess < dT5M *EFE 4<D  ' ' /EF FCT%%d&B&BCDI  JJu 6$JZJ D$u .4y*$,#  rcP| tdfd}|r||S|S)N2role and optional are the only supported argumentsc6tfd}|S)Nc j}tjdk7rv j|}d} j ||}|dvrd}n j ||sd}s|r j |S|dur|n|r |jndt_  j|i|S#t$r j cYSwxYw)NOPTIONS)FNr:iT) rQr methodrT authenticater\r" TypeErrorrr flask_httpauth_userr;) rArBrOrSrrYr2optionalrXr%s rrEzKHTTPAuth.login_required..login_required_internal..decorateds}}>>Y.#55d;H!F,,T8#'#;#;F#CC594DD.2T]])*t''*D;F;; )>#'#;#;#==>s+B22C Crr2rErfrXr%s` rlogin_required_internalz8HTTPAuth.login_required..login_required_internals! 1X < <4 rr-r%r2rXrfrhs` `` rlogin_requiredzHTTPAuth.login_requireds@ =!X%9DF F < *1- -&&rc@|j}|sy|jSNr()rQr)r%rOs rrzHTTPAuth.usernames}}}}rcDttdrtjSyNrehasattrr rerHs r current_userzHTTPAuth.current_user 1+ ,(( ( -rcP tj|S#t$r|cYSwxYwr)rr;AttributeErrorr1s rr;zHTTPAuth.ensure_syncs, **1- - H s  %%NNN)__name__ __module__ __qualname__r&r/r#r5r$r@rQrTr\rkrrrr;rrrrrsE/" * A>4&'P )rrc8eZdZdfd ZdZdZdZdZxZS) HTTPBasicAuthcRtt| |xsd|d|_d|_y)NBasic)superr{r&hash_password_callbackverify_password_callback)r%rr __class__s rr&zHTTPBasicAuth.__init__s) mT+F,=guE&*#(,%rc||_|Sr)rr1s r hash_passwordzHTTPBasicAuth.hash_password&'#rc||_|Sr)rr1s rverify_passwordzHTTPBasicAuth.verify_password()%rc|jxsd}|tjvrytj|jd} |j dd\}}t |j dd\}} |jd}|jd}t|||dS#t tf$rYywxYw#t$r%|jd}|jd}YQwxYw)Nrutf-8 r):latin1)rrS) rr r*encoder,rr-rddecodeUnicodeDecodeErrorr) r%rvaluer credentialsencoded_usernameencoded_passwordrrSs rrQzHTTPBasicAuth.get_auths/  ('..w7 "'++dA"6 FK1:2"U4^ / . 9'..w7H'..w7H  x@B BI&   " 9'..x8H'..x8H 9s$3B,;"C,B>=B>+C/.C/c|r|j}|j}nd}d}|jr"|j|j||S|sy|jr" |j|j|}|$|"t j||r |jSdS#t $r%|j|j||}YUwxYwrm)rrSrr;rrdhmaccompare_digest)r%rOstored_passwordrclient_passwords rrczHTTPBasicAuth.authenticates }}H"mmOH O  ( (B4##D$A$AB/+ +   & & L#1$"2"2//#11@#B !0 ;  '    A}} LGK L L#1$"2"2//#119?#L Ls!B''+CC)NN) rwrxryr&rrrQrc __classcell__rs@rr{r{s- B0Lrr{cZeZdZ d fd ZdZdZdZdZdZdZ dZ d Z d Z xZ S) HTTPDigestAuthc tt |xsd||_t |t r3|j dDcgc]}|jc}_n|_|jdk(rd_ n*|jdk(rd_ ntd|dt_ jjd_d_d_d_fd  fd }d } fd } d } j)|j+| j-|j/| ycc}w#t$rt_ YwxYw)NDigest,rMD5zmd5-sessMD5-Sessz Algorithm z is not supportedcttjjjdj S)Nr)rstrrandomr hexdigestrHsr_generate_randomz1HTTPDigestAuth.__init__.._generate_randoms4s4;;--/077@AKKM Mrc2td<tdS)N auth_noncer rsrdefault_generate_noncez7HTTPDigestAuth.__init__..default_generate_nonce"s$4$6GL !<( (rcbtjd}||ytj||S)NrFr r+rr)nonce session_nonces rdefault_verify_noncez5HTTPDigestAuth.__init__..default_verify_nonce&s0#KK 5M} 5&&um< .default_generate_opaque,s%5%7GM "=) )rcbtjd}||ytj||S)NrFr)opaquesession_opaques rdefault_verify_opaquez6HTTPDigestAuth.__init__..default_verify_opaque0s0$[[7N~!7&&v~> >r)r~rr& use_ha1_pwr<rr,stripqoprN algorithmr-rrNotImplementedErrorrgenerate_nonce_callbackverify_nonce_callbackgenerate_opaque_callbackverify_opaque_callbackgenerate_noncegenerate_opaque verify_nonce verify_opaque) r%rrrrrvrrrrrrs ` @rr&zHTTPDigestAuth.__init__sJ nd,V-?xG$ c3 +.99S>:a :DHDH ??  %"DN __ * ,'DNz)4EFG G"n  # KK   (,$%)"(,%&*# N ) =  * ? 23 45 ./ 01];# # (DK #sEEE21E2c||_|Srrr1s rrzHTTPDigestAuth.generate_nonce;r6rc||_|Sr)rr1s rrzHTTPDigestAuth.verify_nonce?r3rc||_|Srrr1s rrzHTTPDigestAuth.generate_opaqueCrrc||_|Sr)rr1s rrzHTTPDigestAuth.verify_opaqueGrrc"|jSrrrHs r get_noncezHTTPDigestAuth.get_nonceKs++--rc"|jSrrrHs r get_opaquezHTTPDigestAuth.get_opaqueNs,,..rc|dz|jzdz|z}|jd}t|jS)N:r)rrrr)r%rrSa1s r generate_ha1zHTTPDigestAuth.generate_ha1Qs? ^djj (3 . 9 YYw 2w  ""rc D|j}|j}|jrMdj|j|j |||j dj|jSdj|j|j ||S)NzB{0} realm="{1}",nonce="{2}",opaque="{3}",algorithm="{4}",qop="{5}"rz({0} realm="{1}",nonce="{2}",opaque="{3}")rrrrGrrrjoin)r%rrs rr@z"HTTPDigestAuth.authenticate_headerVs " 88!"(& TZZ(:#< < >DD TZZ rc||r>|jr2|jr&|jr|jr|jr|sy|j |jr|j |jsy|jr|j|jvry|jr|}nJ|jdz|jzdz|z}t|jdj}|jdk(rHt|dz|jzdz|jzjdj}tj dz|jz}t|jdj}|jdk(r9|dz|jzdz|j"zdz|jzdz|z}n|dz|jzdz|z}t|jdj}t%j&||jS)NFrrrrOz:auth:)rrurirresponserrrrrrrrrcnoncer rbncrr) r%rOstored_password_or_ha1ha1ra2ha2a3rs rrczHTTPDigestAuth.authenticatecs4== $((zz-))$**5// < 880 ??(C$tzz1C7&'Bbii()335C >>Z 'sSy4::-3dkkAII#)+  ^^c !DHH ,"))G$%//1 88v sTZZ'#-7#= &'),-BsTZZ'#-3Bryy)*446""8T]];;r)NNFrOr)rwrxryr&rrrrrrrr@rcrrs@rrrs<FL 32j./# tt| |||d|_yr)r~rr&verify_token_callback)r%rrrrs rr&zHTTPTokenAuth.__init__s mT+FE6B%)"rc||_|Sr)rr1s r verify_tokenzHTTPTokenAuth.verify_tokenr3rcxt|dd}|jr!|j|j|Sy)NrKr()getattrrr;)r%rOrrKs rrczHTTPTokenAuth.authenticates<gr*  % %?4##D$>$>?F F &r)BearerNN)rwrxryr&rrcrrs@rrrs* Grrc eZdZdZddZdZy) MultiAuthc ||_||_yr) main_authadditional_auth)r%rrAs rr&zMultiAuth.__init__s"#rNcP| tdfd}|r||S|S)Nr^c6tfd}|S)Ncj}jjtjs4jD]%}|jtjs#|}n|j |i|S)N)rXrf)rr/r r*rrk)rArB selected_authrOr2rfrXr%s rrEzLMultiAuth.login_required..login_required_internal..decorateds $ ~~88I $ 4 4"227??C,0M!"52}33422356:F>DFFrrrgs` rrhz9MultiAuth.login_required..login_required_internals# 1X F F rrirjs` `` rrkzMultiAuth.login_requireds@ =!X%9DF F  *1- -&&rcDttdrtjSyrorprHs rrrzMultiAuth.current_userrsrrv)rwrxryr&rkrrrrrrrs$'.)rr)__doc__rbase64r functoolsrhashlibrrrrflaskr r r r r rwerkzeug.datastructuresrobjectrr{rrrrrrrsk 'KK1pvpf<LH<L~y