
    K.h=                         d Z ddlZddlmZ ddlmZ ddlmZ ddlm	Z	m
Z
 ddlmZmZmZmZmZmZ ddlmZ  G d	 d
e          Z G d de          Z G d de          Z G d de          Z G d de          ZdS )z
flask_httpauth
==================

This module provides Basic and Digest HTTP authentication for Flask routes.

:copyright: (C) 2014 by Miguel Grinberg.
:license:   MIT, see LICENSE for more details.
    N)	b64decodewraps)md5)RandomSystemRandom)requestmake_responsesessiongResponsecurrent_app)Authorizationc                   `    e Zd ZddZd Zd Zd Zd Zd Zd Z	d	 Z
d
 ZddZd Zd Zd ZdS )HTTPAuthNc                     || _         |pd| _        || _        d | _        d | _        d | _        d }d }|                     |           |                     |           d S )NzAuthentication Requiredc                     d S N )usernames    `/Users/user/workspace/sujinbaek/cqa-test-app/venv/lib/python3.11/site-packages/flask_httpauth.pydefault_get_passwordz/HTTPAuth.__init__.<locals>.default_get_password   s    4    c                 
    d| fS )NzUnauthorized Accessr   )statuss    r   default_auth_errorz-HTTPAuth.__init__.<locals>.default_auth_error   s    (&00r   )schemerealmheaderget_password_callbackget_user_roles_callbackauth_error_callbackget_passworderror_handler)selfr   r   r   r   r   s         r   __init__zHTTPAuth.__init__   s    77
%)"'+$#' 	 	 		1 	1 	1 	.///-.....r   c                     | j         | j         dk    rU	 t          j                            dd                              d d          \  }}n# t
          $ r Y dS w xY w|| j        k    S | j         |v S )Nr       F)r   r	   headersgetsplit
ValueErrorr   )r%   r*   r   _s       r   is_compatible_authzHTTPAuth.is_compatible_auth%   s    ;$+"@"@#O//DDJJ! 	   uu T[((;'))s   7A 
AAc                     || _         |S r   )r    r%   fs     r   r#   zHTTPAuth.get_password1       %&"r   c                     || _         |S r   )r!   r1   s     r   get_user_roleszHTTPAuth.get_user_roles5       '($r   c                 N     t                     fd            }| _        |S )Nc                  ,                                   | i |}t          |t          t          f           }t	          |          }|r|j        dk    rd|_        d|j                                        vr                                |j        d<   |S )N     zWWW-Authenticate)	ensure_sync
isinstancetupler   r
   status_coder*   keysauthenticate_header)argskwargsrescheck_status_coder2   r%   s       r   	decoratedz)HTTPAuth.error_handler.<locals>.decorated:   s    %$""1%%t6v66C$.sUH4E$F$F F$$C  &S_%;%;"%!)9)9););;;262J2J2L2L./Jr   )r   r"   )r%   r2   rE   s   `` r   r$   zHTTPAuth.error_handler9   sB    	q		 		 		 		 		 
		 $- r   c                 B    d                     | j        | j                  S )Nz{0} realm="{1}")formatr   r   r%   s    r   r@   zHTTPAuth.authenticate_headerH   s     ''TZ@@@r   c                    d }| j         | j         dk    rut          j        }|fdt          j        v rX	 t          j        d                             d d          \  }}t          |          }||_        n[# t          t          f$ r Y nHw xY wnC| j         t          j        v r0t          | j	                  }t          j        | j                  |_        |6|j
                                        | j	                                        k    rd }|S )Nr   r)   )r   r	   authorizationr*   r,   r   tokenr-   KeyErrorr   typelower)r%   auth	auth_typerK   s       r   get_authzHTTPAuth.get_authK   s   ;$+"@"@(D|#w66'.'G'M'Ma(! (!$Iu(33D!&DJJ"H-   D [GO++ !--D 5DJ
 	 1 1T[5F5F5H5H H HDs   ?A2 2BBc                 l    d }|r/|j         r( |                     | j                  |j                   }|S r   )r   r;   r    )r%   rO   passwords      r   get_auth_passwordzHTTPAuth.get_auth_passwordj   sF     	DM 	Ct''(BCC H r   c                    |dS t          |t          t          f          r|}n|g}|du r|}| j        t	          d           |                     | j                  |          }|i }n/t          |t          t          f          s|h}nt          |          }|D ]A}t          |t          t          f          rt          |          }||z  |k    r dS :||v r dS Bd S )NTz&get_user_roles callback is not defined)r<   listr=   r!   r-   r;   set)r%   roleuserrO   roles
user_roless         r   	authorizezHTTPAuth.authorizes   s   <4dT5M** 	EEFE4<<D'/EFFFCT%%d&BCCDII
JJJu66 	)$JJZJ 	 	D$u.. 4yy*$,,44 -##tt $	 	r   c                 ^     |t          d           fd}|r ||          S |S )N2role and optional are the only supported argumentsc                 D     t                      fd            }|S )Nc                     	                                 }t          j        dk    r	                    |          }d }	                    ||          }|dv rd}n	                    ||          sd}s<|r:	 	                    |          S # t          $ r 	                                cY S w xY w|dur|n
|r|j        nd t          _
         	                              | i |S )NOPTIONS)FNr:   i  T)rQ   r	   methodrT   authenticater\   r"   	TypeErrorr   r   flask_httpauth_userr;   )
rA   rB   rO   rS   r   rY   r2   optionalrX   r%   s
         r   rE   zKHTTPAuth.login_required.<locals>.login_required_internal.<locals>.decorated   s    }} >Y..#55d;;H!F,,T8<<D},,!$!^^D$== %!$# > >>#'#;#;F#C#CC( > > >#'#;#;#=#====> 594D4DDD.2<T]] )*t''**D;F;;;s   8B B.-B.r   r2   rE   rf   rX   r%   s   ` r   login_required_internalz8HTTPAuth.login_required.<locals>.login_required_internal   sD    1XX< < < < < < < X<4 r   r-   r%   r2   rX   rf   rh   s   ` `` r   login_requiredzHTTPAuth.login_required   sq    =!X%9DF F F	 	 	 	 	 	 	<  	.**1---&&r   c                 @    |                                  }|sdS |j        S Nr(   )rQ   r   )r%   rO   s     r   r   zHTTPAuth.username   s$    }} 	2}r   c                 H    t          t          d          rt          j        S d S Nre   hasattrr   re   rH   s    r   current_userzHTTPAuth.current_user   (    1+,, 	)((	) 	)r   c                 P    	 t          j        |          S # t          $ r |cY S w xY wr   )r   r;   AttributeErrorr1   s     r   r;   zHTTPAuth.ensure_sync   s<    	*1--- 	 	 	HHH	s    %%NNN)__name__
__module____qualname__r&   r/   r#   r5   r$   r@   rQ   rT   r\   rk   r   rr   r;   r   r   r   r   r      s        / / / /"
* 
* 
*      A A A  >    4&' &' &' &'P  ) ) )    r   r   c                   8     e Zd Zd fd	Zd Zd Zd Zd Z xZS )HTTPBasicAuthNc                 z    t          t          |                               |pd|           d | _        d | _        d S )NBasic)superr{   r&   hash_password_callbackverify_password_callback)r%   r   r   	__class__s      r   r&   zHTTPBasicAuth.__init__   s>    mT""++F,=guEEE&*#(,%%%r   c                     || _         |S r   )r   r1   s     r   hash_passwordzHTTPBasicAuth.hash_password       &'#r   c                     || _         |S r   )r   r1   s     r   verify_passwordzHTTPBasicAuth.verify_password       ()%r   c                 "   | j         pd}|t          j        vrd S t          j        |                             d          }	 |                    dd          \  }}t          |                              dd          \  }}n# t          t          f$ r Y d S w xY w	 |                    d          }|                    d          }n:# t          $ r- |                    d          }|                    d          }Y nw xY wt          |||d          S )Nr   utf-8    r)      :latin1)r   rS   )r   r	   r*   encoder,   r   r-   rd   decodeUnicodeDecodeErrorr   )	r%   r   valuer   credentialsencoded_usernameencoded_passwordr   rS   s	            r   rQ   zHTTPBasicAuth.get_auth   sA    /((4'..w77	"'++dA"6"6FK1:2 2"U4^^ /..I& 	 	 	44		9'..w77H'..w77HH! 	9 	9 	9'..x88H'..x88HHH	9
 x@@B B 	Bs$    ?B   BB*C 4C;:C;c                    |r|j         }|j        }nd}d}| j        r$ |                     | j                  ||          S |sd S | j        rY	  |                     | j                  |          }n4# t
          $ r'  |                     | j                  ||          }Y nw xY w||t          j        ||          r|j         nd S rm   )r   rS   r   r;   r   rd   hmaccompare_digest)r%   rO   stored_passwordr   client_passwords        r   rc   zHTTPBasicAuth.authenticate   s0    	!}H"mOOH O( 	+B4##D$ABB/+ + + 	F& 	LL#1$"2"2/#1 #11@#B #B L L L#1$"2"2/#1 #119?#L #LL !0 ;'AA ( }}GK	Ls   #A1 1.B"!B")NN)	rw   rx   ry   r&   r   r   rQ   rc   __classcell__r   s   @r   r{   r{      s        - - - - - -    B B B0L L L L L L Lr   r{   c                   Z     e Zd Z	 	 d fd	Zd Zd Zd Zd	 Zd
 Zd Z	d Z
d Zd Z xZS )HTTPDigestAuthNFrO   MD5c                 D   
 t          t                                         |pd|           | _        t	          |t
                    r%d |                    d          D              _        n| _        |                                dk    rd _	        n3|                                dk    rd _	        nt          d| d	          t                       _        	  j                                         n## t          $ r t                       _        Y nw xY wd  _        d  _        d  _        d  _         fd


fd}d }
fd}d }	                     |                                |                                |                                |	           d S )NDigestc                 6    g | ]}|                                 S r   )strip).0vs     r   
<listcomp>z+HTTPDigestAuth.__init__.<locals>.<listcomp>  s     :::a		:::r   ,r   r   zmd5-sessMD5-Sessz
Algorithm z is not supportedc                      t          t           j                                                                      d                                                    S )Nr   )r   strrandomr   	hexdigestrH   s   r   _generate_randomz1HTTPDigestAuth.__init__.<locals>._generate_random  sA    s4;--//0077@@AAKKMMMr   c                  B                  t           d<   t           d         S )N
auth_noncer   r   s   r   default_generate_noncez7HTTPDigestAuth.__init__.<locals>.default_generate_nonce"  s!    $4$4$6$6GL!<((r   c                 `    t          j        d          }| |dS t          j        | |          S )Nr   Fr   r+   r   r   )noncesession_nonces     r   default_verify_noncez5HTTPDigestAuth.__init__.<locals>.default_verify_nonce&  s3    #K55M} 5u&um<<<r   c                  B                  t           d<   t           d         S )Nauth_opaquer   r   s   r   default_generate_opaquez8HTTPDigestAuth.__init__.<locals>.default_generate_opaque,  s!    %5%5%7%7GM"=))r   c                 `    t          j        d          }| |dS t          j        | |          S )Nr   Fr   )opaquesession_opaques     r   default_verify_opaquez6HTTPDigestAuth.__init__.<locals>.default_verify_opaque0  s3    $[77N~!7u&v~>>>r   )r~   r   r&   
use_ha1_pwr<   r   r,   qoprN   	algorithmr-   r   r   NotImplementedErrorr   generate_nonce_callbackverify_nonce_callbackgenerate_opaque_callbackverify_opaque_callbackgenerate_noncegenerate_opaqueverify_nonceverify_opaque)r%   r   r   r   r   r   r   r   r   r   r   r   s   `         @r   r&   zHTTPDigestAuth.__init__  s   nd##,,V-?xGGG$c3 	::399S>>:::DHHDH??%%"DNN__*,,'DNNF)FFFGGG"nn	#K    " 	# 	# 	# ((DKKK	# (,$%)"(,%&*#	N 	N 	N 	N 	N	) 	) 	) 	) 	)	= 	= 	=	* 	* 	* 	* 	*	? 	? 	? 	23334555.///011111s   C8 8DDc                     || _         |S r   r   r1   s     r   r   zHTTPDigestAuth.generate_nonce;  r6   r   c                     || _         |S r   )r   r1   s     r   r   zHTTPDigestAuth.verify_nonce?  r3   r   c                     || _         |S r   r   r1   s     r   r   zHTTPDigestAuth.generate_opaqueC  r   r   c                     || _         |S r   )r   r1   s     r   r   zHTTPDigestAuth.verify_opaqueG  r   r   c                 *    |                                  S r   r   rH   s    r   	get_noncezHTTPDigestAuth.get_nonceK  s    ++---r   c                 *    |                                  S r   r   rH   s    r   
get_opaquezHTTPDigestAuth.get_opaqueN  s    ,,...r   c                     |dz   | j         z   dz   |z   }|                    d          }t          |                                          S )N:r   )r   r   r   r   )r%   r   rS   a1s       r   generate_ha1zHTTPDigestAuth.generate_ha1Q  sE    ^dj(3.9YYw2ww  """r   c           
      &   |                                  }|                                 }| j        rAd                    | j        | j        ||| j        d                    | j                            S d                    | j        | j        ||          S )NzB{0} realm="{1}",nonce="{2}",opaque="{3}",algorithm="{4}",qop="{5}"r   z({0} realm="{1}",nonce="{2}",opaque="{3}")r   r   r   rG   r   r   r   join)r%   r   r   s      r   r@   z"HTTPDigestAuth.authenticate_headerV  s      ""8 	!"(&TZ(:(:#< #<<
 >DDTZ  r   c                    |r%|j         r|j        r|j        r|j        r	|j        r|sdS |                     |j                  r|                     |j                  sdS |j        r|j        | j        vrdS | j	        r|}nL|j         dz   |j        z   dz   |z   }t          |                    d                                                    }| j        dk    rJt          |dz   |j        z   dz   |j        z                       d                                                    }t          j        dz   |j        z   }t          |                    d                                                    }|j        dk    r*|dz   |j        z   dz   |j        z   dz   |j        z   dz   |z   }n|dz   |j        z   dz   |z   }t          |                    d                                                    }t%          j        ||j                  S )NFr   r   r   rO   z:auth:)r   r   urir   responser   r   r   r   r   r   r   r   r   cnoncer	   rb   ncr   r   )	r%   rO   stored_password_or_ha1ha1r   a2ha2a3r   s	            r   rc   zHTTPDigestAuth.authenticatec  s    	4= 	
 	$( 	z	)-	-	 5))$*55 	//<<	58 	005? 	6(CC$tz1C7&'Bbii(())3355C>Z''sSy4:-3dkAII   #)++ ^c!DH,"))G$$%%//118vsTZ'#-7#=&'),-BB sTZ'#-3Bryy))**4466"8T];;;r   )NNFrO   r   )rw   rx   ry   r&   r   r   r   r   r   r   r   r@   rc   r   r   s   @r   r   r     s        FL 32 32 32 32 32 32j        . . ./ / /# # #
  < < < < < < <r   r   c                   ,     e Zd Zd fd	Zd Zd Z xZS )HTTPTokenAuthBearerNc                 j    t          t          |                               |||           d | _        d S r   )r~   r   r&   verify_token_callback)r%   r   r   r   r   s       r   r&   zHTTPTokenAuth.__init__  s3    mT""++FE6BBB%)"""r   c                     || _         |S r   )r   r1   s     r   verify_tokenzHTTPTokenAuth.verify_token  r3   r   c                 |    t          |dd          }| j        r# |                     | j                  |          S d S )NrK   r(   )getattrr   r;   )r%   rO   r   rK   s       r   rc   zHTTPTokenAuth.authenticate  sL    gr**% 	G?4##D$>??FFF	G 	Gr   )r   NN)rw   rx   ry   r&   r   rc   r   r   s   @r   r   r     sb        * * * * * *
  G G G G G G Gr   r   c                   "    e Zd Zd ZddZd ZdS )	MultiAuthc                 "    || _         || _        d S r   )	main_authadditional_auth)r%   r   rA   s      r   r&   zMultiAuth.__init__  s    "#r   Nc                 ^     |t          d           fd}|r ||          S |S )Nr^   c                 D     t                      fd            }|S )Nc                      j         }j                             t          j                  s-j        D ]%}|                    t          j                  r|} n&  |                                        | i |S )N)rX   rf   )r   r/   r	   r*   r   rk   )rA   rB   selected_authrO   r2   rf   rX   r%   s       r   rE   zLMultiAuth.login_required.<locals>.login_required_internal.<locals>.decorated  s     $~88II " $ 4 " "227?CC ",0M!E"5 2}33 4 2 2235 56:F>DF F Fr   r   rg   s   ` r   rh   z9MultiAuth.login_required.<locals>.login_required_internal  sL    1XXF F F F F F F XF r   ri   rj   s   ` `` r   rk   zMultiAuth.login_required  sq    =!X%9DF F F	 	 	 	 	 	 	  	.**1---&&r   c                 H    t          t          d          rt          j        S d S ro   rp   rH   s    r   rr   zMultiAuth.current_user  rs   r   rv   )rw   rx   ry   r&   rk   rr   r   r   r   r   r     sF        $ $ $' ' ' '.) ) ) ) )r   r   )__doc__r   base64r   	functoolsr   hashlibr   r   r   r   flaskr	   r
   r   r   r   r   werkzeug.datastructuresr   objectr   r{   r   r   r   r   r   r   <module>r      s                       ' ' ' ' ' ' ' ' K K K K K K K K K K K K K K K K 1 1 1 1 1 1p p p p pv p p pf<L <L <L <L <LH <L <L <L~y< y< y< y< y<X y< y< y<xG G G G GH G G G ) ) ) ) ) ) ) ) ) )r   