U !diN@sddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZdd lm Z dd lm Z d d l m Z d d l m Z d dl mZd dl mZd dl mZd dl mZd dl mZd dl mZd dl mZd dl mZd dl mZd dl mZd dl mZd dlmZd dlmZd dlmZd dlmZd dlmZd dlm Z d dlm!Z!d d l"m#Z#d d!l"m$Z$d d"l"m%Z%d d#l"m&Z&d d$l"m'Z'd d%l"m(Z)d d&l"m*Z*Gd'd(d(Z+d)S)*)datetime) timedelta)abort) current_app)flash)g)has_app_context)redirect)request)session)AUTH_HEADER_NAME)COOKIE_DURATION)COOKIE_HTTPONLY) COOKIE_NAME)COOKIE_SAMESITE) COOKIE_SECURE) ID_ATTRIBUTE) LOGIN_MESSAGE)LOGIN_MESSAGE_CATEGORY)REFRESH_MESSAGE)REFRESH_MESSAGE_CATEGORY) SESSION_KEYS)USE_SESSION_FOR_NEXT)AnonymousUserMixin)session_protected) user_accessed)user_loaded_from_cookie)user_loaded_from_request)user_needs_refresh)user_unauthorized)_create_identifier)_user_context_processor) decode_cookie) encode_cookie)expand_login_view) login_url)make_next_paramc@seZdZdZd1ddZd2ddZd3dd Zd d Zd d Ze ddZ ddZ e ddZ ddZ ddZddZddZd4ddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zd*d+Zd,d-Ze d.d/Zejd0d/ZdS)5 LoginManagerzThis object is used to hold the settings used for logging in. Instances of :class:`LoginManager` are *not* bound to specific apps, so you can create one in the main body of your code and then bind it to your app in a factory function. NTcCs~t|_d|_i|_t|_t|_d|_t |_ t |_ d|_ d|_d|_d|_t|_d|_d|_d|_t|_|dk rz|||dS)Nbasic)ranonymous_user login_viewblueprint_login_viewsr login_messagerlogin_message_category refresh_viewrneeds_refresh_messagerneeds_refresh_message_categorysession_protectionlocalize_callbackunauthorized_callbackneeds_refresh_callbackrZ id_attribute_user_callback_header_callback_request_callbackr!_session_identifier_generatorinit_appselfappadd_context_processorr?=/tmp/pip-unpacked-wheel-9qbqs8oa/flask_login/login_manager.py__init__1s&zLoginManager.__init__cCs(ddl}|jdtdd|||dS)zl This method has been deprecated. Please use :meth:`LoginManager.init_app` instead. rNzY'setup_app' is deprecated and will be removed in Flask-Login 0.7. Use 'init_app' instead. stacklevel)warningswarnDeprecationWarningr:)r<r=r>rEr?r?r@ setup_appmszLoginManager.setup_appcCs$||_||j|r |tdS)a Configures an application. This registers an `after_request` call, and attaches this `LoginManager` to it as `app.login_manager`. :param app: The :class:`flask.Flask` object to configure. :type app: :class:`flask.Flask` :param add_context_processor: Whether to add a context processor to the app that adds a `current_user` variable to the template. Defaults to ``True``. :type add_context_processor: bool N)Z login_managerZ after_request_update_remember_cookieZcontext_processorr"r;r?r?r@r:|s  zLoginManager.init_appcCstt|jr|Stj|jkr6|jtj}n|j}|sHt d|j r|j dk rpt | |j |j dnt |j |j dtj}|dtrt|}|td<t|tjtd<t|}nt|tjd}t|S)a This is called when the user is required to log in. If you register a callback with :meth:`LoginManager.unauthorized_handler`, then it will be called. Otherwise, it will take the following actions: - Flash :attr:`LoginManager.login_message` to the user. - If the app is using blueprints find the login view for the current blueprint using `blueprint_login_views`. If the app is not using blueprints or the login view for the current blueprint is not specified use the value of `login_view`. - Redirect the user to the login view. (The page they were attempting to access will be passed in the ``next`` query string variable, so you can redirect there if present instead of the homepage. Alternatively, it will be added to the session as ``next`` if USE_SESSION_FOR_NEXT is set.) If :attr:`LoginManager.login_view` is not defined, then it will simply raise a HTTP 401 (Unauthorized) error instead. This should be returned from a view or before/after_request function, otherwise the redirect will have no effect. Ncategoryr_idnextZnext_url)r sendr_get_current_objectr4r Z blueprintr,r+rr-r3rr.configgetrr%r9r r'urlmake_login_urlr )r<r+rRr& redirect_urlr?r?r@ unauthorizeds.      zLoginManager.unauthorizedcCs ||_|jS)a> This sets the callback for reloading a user from the session. The function you set should take a user ID (a ``str``) and return a user object, or ``None`` if the user does not exist. :param callback: The callback for retrieving a user object. :type callback: callable )r6 user_callbackr<callbackr?r?r@ user_loaders zLoginManager.user_loadercCs|jS)z;Gets the user_loader callback set by user_loader decorator.)r6r<r?r?r@rXszLoginManager.user_callbackcCs ||_|jS)a= This sets the callback for loading a user from a Flask request. The function you set should take Flask request object and return a user object, or `None` if the user does not exist. :param callback: The callback for retrieving a user object. :type callback: callable )r8request_callbackrYr?r?r@request_loaders zLoginManager.request_loadercCs|jS)zAGets the request_loader callback set by request_loader decorator.)r8r\r?r?r@r]szLoginManager.request_callbackcCs ||_|S)ab This will set the callback for the `unauthorized` method, which among other things is used by `login_required`. It takes no arguments, and should return a response to be sent to the user instead of their normal view. :param callback: The callback for unauthorized users. :type callback: callable )r4rYr?r?r@unauthorized_handlers z!LoginManager.unauthorized_handlercCs ||_|S)ai This will set the callback for the `needs_refresh` method, which among other things is used by `fresh_login_required`. It takes no arguments, and should return a response to be sent to the user instead of their normal view. :param callback: The callback for unauthorized users. :type callback: callable )r5rYr?r?r@needs_refresh_handlers z"LoginManager.needs_refresh_handlercCstt|jr|S|js*td|jrb|jdk rRt ||j|j dnt |j|j dtj }| dt rt|j}|td<t|tjtd<t|j}n|j}t|tjd}t|S)a This is called when the user is logged in, but they need to be reauthenticated because their session is stale. If you register a callback with `needs_refresh_handler`, then it will be called. Otherwise, it will take the following actions: - Flash :attr:`LoginManager.needs_refresh_message` to the user. - Redirect the user to :attr:`LoginManager.refresh_view`. (The page they were attempting to access will be passed in the ``next`` query string variable, so you can redirect there if present instead of the homepage.) If :attr:`LoginManager.refresh_view` is not defined, then it will simply raise a HTTP 401 (Unauthorized) error instead. This should be returned from a view or before/after_request function, otherwise the redirect will have no effect. rJNrKrrMrNrO)rrPrrQr5r/rr0r3rr1rRrSrr%r9r r'r rTrUr )r<rRr&rVr?r?r@ needs_refreshs0      zLoginManager.needs_refreshcCs"ddl}|jdtdd||_|S)a This function has been deprecated. Please use :meth:`LoginManager.request_loader` instead. This sets the callback for loading a user from a header value. The function you set should take an authentication token and return a user object, or `None` if the user does not exist. :param callback: The callback for retrieving a user object. :type callback: callable rNzc'header_loader' is deprecated and will be removed in Flask-Login 0.7. Use 'request_loader' instead.rBrC)rErFrGr7)r<rZrEr?r?r@ header_loader8s zLoginManager.header_loadercCs|dkr|}|t_dS)z!Store the given user as ctx.user.N)r*rZ _login_user)r<userr?r?r@!_update_request_context_with_userOsz.LoginManager._update_request_context_with_userc Cs|jdkr|jdkrtdtt|r:|Sd}t d}|dk rd|jdk rd||}|dkrtj }| dt }| dt }|tjkot ddk}|rtj|}||}n0|jr|t}n|tjkrtj|}||}||S)z;Loads user from session or remember_me cookie as applicableNznMissing user_loader or request_loader. Refer to http://flask-login.readthedocs.io/#how-it-works for more info._user_idREMEMBER_COOKIE_NAMEr _rememberclear)r6r8 ExceptionrrPrrQ_session_protection_failedrdr rSrRrr r cookies_load_user_from_remember_cookie_load_user_from_requestheaders_load_user_from_header) r<rcuser_idrR cookie_name header_nameZ has_cookiecookieheaderr?r?r@ _load_userWs4          zLoginManager._load_usercCst}|}t}|jd|j}|r4|dkr8dS|r||ddkr|dksZ|jr~|ddk rpd|d<t |dS|dkrt D]}| |dqd|d <t |d SdS) NZSESSION_PROTECTION)r)strongFrMr)_freshrvrhrgT) r rQr9rrRrSr2Z permanentrrPrpop)r<sessidentr=modekr?r?r@rjs&   z'LoginManager._session_protection_failedcCsZt|}|dk rV|td<dtd<d}|jr4||}|dk rVt}tj||d|SdS)NreFrwrc)r#r r6rrQrrP)r<rsrprcr=r?r?r@rls z,LoginManager._load_user_from_remember_cookiecCsB|jr>||}|dk r>t}ddlm}|j||d|SdS)Nr )_user_loaded_from_headerr})r7rrQsignalsr~rP)r<rtrcr=r~r?r?r@ros  z#LoginManager._load_user_from_headercCs6|jr2||}|dk r2t}tj||d|SdS)Nr})r8rrQrrP)r<r rcr=r?r?r@rms z$LoginManager._load_user_from_requestcCsbdtkrtjdrdtd<dtkr^tdd}|dkrLdtkrL||n|dkr^|||S)NrgZ$REMEMBER_COOKIE_REFRESH_EACH_REQUESTsetrerh)r rrRrSrx _set_cookie _clear_cookie)r<responseZ operationr?r?r@rIs   z$LoginManager._update_remember_cookiec Cstj}|dt}|d}|dd}|dt}|dt}|dt}dtkrdttdd } n |d t } t t td } t | t rt| d } zt| } Wn2tk r} ztd | | W5d} ~ XYnX|j|| | |||||d dS)NrfREMEMBER_COOKIE_DOMAINREMEMBER_COOKIE_PATH/ZREMEMBER_COOKIE_SECUREZREMEMBER_COOKIE_HTTPONLYZREMEMBER_COOKIE_SAMESITEZ_remember_seconds)secondsZREMEMBER_COOKIE_DURATIONrezDREMEMBER_COOKIE_DURATION must be a datetime.timedelta, instead got: )valueexpiresdomainpathsecurehttponlysamesite)rrRrSrrrrr rrr$str isinstanceintrutcnow TypeErrorri set_cookie) r<rrRrqrrrrrdurationdatarer?r?r@rs>         zLoginManager._set_cookiecCs<tj}|dt}|d}|dd}|j|||ddS)Nrfrrr)rr)rrRrSrZ delete_cookie)r<rrRrqrrr?r?r@rs    zLoginManager._clear_cookiecCs0ddl}|jdtddtr,tjddSdS)z:Legacy property, use app.config['LOGIN_DISABLED'] instead.rNu'_login_disabled' is deprecated and will be removed in Flask-Login 0.7. Use 'LOGIN_DISABLED' in 'app.config' instead.rBrCLOGIN_DISABLEDF)rErFrGrrrRrS)r<rEr?r?r@_login_disabledszLoginManager._login_disabledcCs&ddl}|jdtdd|tjd<dS)zALegacy property setter, use app.config['LOGIN_DISABLED'] instead.rNrrBrCr)rErFrGrrR)r<ZnewvaluerEr?r?r@rs)NT)T)T)N)__name__ __module__ __qualname____doc__rArHr:rWr[propertyrXr^r]r_r`rarbrdrurjrlrormrIrrrsetterr?r?r?r@r(*s8 <  :      4 *  * r(N),rrZflaskrrrrrr r r rRr rrrrrrrrrrrrZmixinsrrrrrrrr utilsr!r"r#r$r%r&rUr'r(r?r?r?r@sJ