U ‰d;ã@s¶dZddlZddlZddlmZmZddlmZddlm Z ddl m Z m Z dd„ZGd d „d eƒZGd d „d ƒZGd d„deƒZGdd„deƒZGdd„deƒZGdd„deƒZdS)z+ Provides various authentication policies. éN)Ú authenticateÚget_user_model)ÚCsrfViewMiddleware)Ú gettext_lazy)ÚHTTP_HEADER_ENCODINGÚ exceptionscCs&|j dd¡}t|tƒr"| t¡}|S)z‰ Return request's 'Authorization:' header, as a bytestring. Hide some test client ickyness where the header can be unicode. ZHTTP_AUTHORIZATIONó)ÚMETAÚgetÚ isinstanceÚstrÚencoder)ÚrequestÚauth©rúA/tmp/pip-unpacked-wheel-quko9yh2/rest_framework/authentication.pyÚget_authorization_headers  rc@seZdZdd„ZdS)Ú CSRFCheckcCs|S©Nr)ÚselfrÚreasonrrrÚ_rejectszCSRFCheck._rejectN)Ú__name__Ú __module__Ú __qualname__rrrrrrsrc@s eZdZdZdd„Zdd„ZdS)ÚBaseAuthenticationzF All authentication classes should extend BaseAuthentication. cCs tdƒ‚dS)zS Authenticate the request and return a two-tuple of (user, token). z#.authenticate() must be overridden.N)ÚNotImplementedError©rrrrrr&szBaseAuthentication.authenticatecCsdS)zç Return a string to be used as the value of the `WWW-Authenticate` header in a `401 Unauthenticated` response, or `None` if the authentication scheme should return `403 Permission Denied` responses. NrrrrrÚauthenticate_header,sz&BaseAuthentication.authenticate_headerN)rrrÚ__doc__rrrrrrr!src@s.eZdZdZdZdd„Zd dd„Zdd „ZdS) ÚBasicAuthenticationz> HTTP Basic authentication against username/password. Úapic Cst|ƒ ¡}|r |d ¡dkr$dSt|ƒdkrDtdƒ}t |¡‚nt|ƒdkrbtdƒ}t |¡‚zPzt |d¡  d¡}Wn(t k r¤t |d¡  d ¡}YnX|  d ¡}Wn.t t t jfk ràtd ƒ}t |¡‚YnX|d|d}}| |||¡S) zœ Returns a `User` if a correct username and password have been supplied using HTTP Basic authentication. Otherwise returns `None`. rsbasicNéz.Invalid basic header. No credentials provided.ézCInvalid basic header. Credentials string should not contain spaces.zutf-8zlatin-1ú:z?Invalid basic header. Credentials not correctly base64 encoded.)rÚsplitÚlowerÚlenÚ_rÚAuthenticationFailedÚbase64Ú b64decodeÚdecodeÚUnicodeDecodeErrorÚ partitionÚ TypeErrorÚbinasciiÚErrorÚauthenticate_credentials)rrrÚmsgZ auth_decodedZ auth_partsÚuseridÚpasswordrrrr;s(     z BasicAuthentication.authenticateNcCsTtƒj|d|i}tfd|i|—Ž}|dkr8t tdƒ¡‚|jsLt tdƒ¡‚|dfS)z Authenticate the userid and password against username and password with optional request for context. r5rNzInvalid username/password.úUser inactive or deleted.)rZUSERNAME_FIELDrrr)r(Ú is_active)rr4r5rÚ credentialsÚuserrrrr2Ysþz,BasicAuthentication.authenticate_credentialscCs d|jS)NzBasic realm="%s")Úwww_authenticate_realmrrrrrlsz'BasicAuthentication.authenticate_header)N)rrrrr:rr2rrrrrr 5s  r c@s eZdZdZdd„Zdd„ZdS)ÚSessionAuthenticationz< Use Django's session framework for authentication. cCs.t|jddƒ}|r|jsdS| |¡|dfS)z{ Returns a `User` if the request session currently has a logged in user. Otherwise returns `None`. r9N)ÚgetattrÚ_requestr7Ú enforce_csrf©rrr9rrrrus   z"SessionAuthentication.authenticatecCs@dd„}t|ƒ}| |¡| |ddi¡}|rSessionAuthentication.enforce_csrf..dummy_get_responseNrzCSRF Failed: %s)rÚprocess_requestZ process_viewrZPermissionDenied)rrr@Úcheckrrrrr>‡s  z"SessionAuthentication.enforce_csrfN)rrrrrr>rrrrr;psr;c@s8eZdZdZdZdZdd„Zdd„Zdd „Zd d „Z dS) ÚTokenAuthenticationa Simple token based authentication. Clients should authenticate by passing the token key in the "Authorization" HTTP header, prepended with the string "Token ". For example: Authorization: Token 401f7ac837da42b97f613d789819ff93537bee6a ÚTokenNcCs |jdk r|jSddlm}|S)Nr)rD)ÚmodelZrest_framework.authtoken.modelsrD)rrDrrrÚ get_model¤s  zTokenAuthentication.get_modelcCs®t|ƒ ¡}|r*|d ¡|j ¡ ¡kr.dSt|ƒdkrNtdƒ}t |¡‚nt|ƒdkrltdƒ}t |¡‚z|d  ¡}Wn&t k r¢tdƒ}t |¡‚YnX|  |¡S)Nrr"z.Invalid token header. No credentials provided.r#z=Invalid token header. Token string should not contain spaces.zIInvalid token header. Token string should not contain invalid characters.) rr%r&Úkeywordr r'r(rr)r,Ú UnicodeErrorr2)rrrr3Útokenrrrr±s     z TokenAuthentication.authenticatecCsf| ¡}z|j d¡j|d}Wn$|jk rDt tdƒ¡‚YnX|jj s\t tdƒ¡‚|j|fS)Nr9)ÚkeyzInvalid token.r6) rFZobjectsZselect_relatedr Z DoesNotExistrr)r(r9r7)rrJrErIrrrr2Æsz,TokenAuthentication.authenticate_credentialscCs|jSr)rGrrrrrÒsz'TokenAuthentication.authenticate_header) rrrrrGrErFrr2rrrrrrC—s   rCc@seZdZdZdZdd„ZdS)ÚRemoteUserAuthenticationa REMOTE_USER authentication. To use this, set up your web server to perform authentication, which will set the REMOTE_USER environment variable. You will need to have 'django.contrib.auth.backends.RemoteUserBackend in your AUTHENTICATION_BACKENDS setting Z REMOTE_USERcCs,t||j |j¡d}|r(|jr(|dfSdS)N)rZ remote_user)rr r Úheaderr7r?rrrrås z%RemoteUserAuthentication.authenticateN)rrrrrLrrrrrrKÖs rK)rr*r0Zdjango.contrib.authrrZdjango.middleware.csrfrZdjango.utils.translationrr(Zrest_frameworkrrrrrr r;rCrKrrrrÚs   ;'?