U !d6@sddlZddlmZddlmZddlmZddlmZddlm Z ddlm Z ddlm Z dd lm Z dd lm Z dd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZddlmZeddZd@ddZdAddZddZddZdBd d!Z d"d#Z!d$d%Z"dCd(d)Z#d*d+Z$d,d-Z%d.d/Z&d0d1Z'dDd2d3Z(d4d5Z)dEd6d7Z*d8d9Z+d:d;Z,dd?Z.dS)GNwraps)sha512)urlparse) urlunparse) current_app)g)has_request_context)request)session)url_for) LocalProxy) url_decode) url_encode) COOKIE_NAME)EXEMPT_METHODS)user_logged_in)user_logged_out)user_login_confirmedcCstS)N) _get_userrr5/tmp/pip-unpacked-wheel-9qbqs8oa/flask_login/utils.pyrcCs|dt||dS)aa This will encode a ``str`` value into a cookie, and sign that cookie with the app's secret key. :param payload: The value to encode, as `str`. :type payload: str :param key: The key to use when creating the cookie digest. If not specified, the SECRET_KEY value from app config will be used. :type key: str |key)_cookie_digestpayloadrrrr encode_cookies r!cCs\z(|dd\}}t|dr&|d}Wntk r>YdSXtt||d|rX|SdS)an This decodes a cookie given by `encode_cookie`. If verification of the cookie fails, ``None`` will be implicitly returned. :param cookie: An encoded cookie. :type cookie: str :param key: The key to use when creating the cookie digest. If not specified, the SECRET_KEY value from app config will be used. :type key: str rrdecodeasciiNr)rsplithasattrr" ValueErrorhmaccompare_digestr)cookierr digestrrr decode_cookie+s  r+cCsRt|}t|}|jr"|j|jkrN|jr4|j|jkrNtdd|j|j|jdfS|S)a Reduces the scheme and host from a given URL so it can be passed to the given `login` URL more efficiently. :param login_url: The login URL being redirected to. :type login_url: str :param current_url: The URL to reduce. :type current_url: str )rschemenetlocrpathparamsquery) login_urlZ current_urlZl_urlZc_urlrrrmake_next_paramBs  r3cCs|dr|St|S)z Returns the url for the login view, expanding the view name to a url if needed. :param login_view: The name of the login view or a URL for the login view. :type login_view: str )zhttps://zhttp:///) startswithr ) login_viewrrrexpand_login_viewVs r7nextcCsdt|}|dkr|St|}t|j}t||||<tjdpD|j}|j |t |ddd}t |S)a Creates a URL for redirecting to a login page. If only `login_view` is provided, this will just return the URL for it. If `next_url` is provided, however, this will append a ``next=URL`` parameter to the query string so that the login view can redirect back to that URL. Flask-Login's default unauthorized handler uses this function when redirecting to your login url. To force the host name used, set `FORCE_HOST_FOR_REDIRECTS` to a host. This prevents from redirecting to external sites if request headers Host or X-Forwarded-For are present. :param login_view: The name of the login view. (Alternately, the actual URL to the login view.) :type login_view: str :param next_url: The URL to give the login view for redirection. :type next_url: str :param next_field: What field to store the next URL in. (It defaults to ``next``.) :type next_field: str NZFORCE_HOST_FOR_REDIRECTST)sort)r.r1) r7rrr1r3rconfiggetr._replacerr)r6Znext_urlZ next_fieldbase parsed_resultZmdr.rrrr2ds  r2cCs tddS)z> This returns ``True`` if the current login is fresh. _freshF)r r;rrrr login_freshsr@cCsLtj}|dt}|tjko(tddk}|rHtj|}t|}|dk SdS)zS This returns ``True`` if the current login is remembered across sessions. REMEMBER_COOKIE_NAME _rememberclearNF)rr:r;rr cookiesr r+)r: cookie_nameZ has_cookier)user_idrrrlogin_remembereds  rGFTc Cs|s|jsdSt|tjj}|td<|td<tjtd<|rdtd<|dk rz*|j|j|j dd d d td <Wn2t k r}zt d ||W5d}~XYnXtj |t jttddS)a Logs a user in. You should pass the actual user object to this. If the user's `is_active` property is ``False``, they will not be logged in unless `force` is ``True``. This will return ``True`` if the log in attempt succeeds, and ``False`` if it fails (i.e. because the user is inactive). :param user: The user object to log in. :type user: object :param remember: Whether to remember the user after their session expires. Defaults to ``False``. :type remember: bool :param duration: The amount of time before the remember cookie expires. If ``None`` the value set in the settings is used. Defaults to ``None``. :type duration: :class:`datetime.timedelta` :param force: If the user is inactive, setting this to ``True`` will log them in regardless. Defaults to ``False``. :type force: bool :param fresh: setting this to ``False`` will log in the user with a session marked as not "fresh". Defaults to ``True``. :type fresh: bool F_user_idr?_idsetrBNii@Bg.A_remember_secondsz4duration must be a datetime.timedelta, instead got: userT)Z is_activegetattrr login_managerZ id_attributer _session_identifier_generator microsecondssecondsdaysAttributeError Exception!_update_request_context_with_userrsend_get_current_objectr)rNZrememberdurationforceZfreshrFerrr login_users0   r]cCst}dtkrtddtkr*tddtkr`_, HTTP ``OPTIONS`` requests are exempt from login checks. :param func: The view function to decorate. :type func: function csRtjtks(tjdrntjs(tj St t tddrHt ||S||S)NLOGIN_DISABLED ensure_sync) r methodrrr:r; current_useris_authenticatedrP unauthorizedcallablerOrbargskwargsfuncrrdecorated_views z&login_required..decorated_viewrrlrmrrkrlogin_requireds" rocstfdd}|S)a If you decorate a view with this, it will ensure that the current user's login is fresh - i.e. their session was not restored from a 'remember me' cookie. Sensitive operations, like changing a password or e-mail, should be protected with this, to impede the efforts of cookie thieves. If the user is not authenticated, :meth:`LoginManager.unauthorized` is called as normal. If they are authenticated, but their session is not fresh, it will call :meth:`LoginManager.needs_refresh` instead. (In that case, you will need to provide a :attr:`LoginManager.refresh_view`.) Behaves identically to the :func:`login_required` decorator with respect to configuration variables. .. Note :: Per `W3 guidelines for CORS preflight requests `_, HTTP ``OPTIONS`` requests are exempt from login checks. :param func: The view function to decorate. :type func: function csntjtks8tjdrn tjs(tj St s8tj Szt ||WSt k rh||YSXdS)Nra)r rcrrr:r;rdrerPrfr@Z needs_refreshrbrUrhrkrrrmAs  z,fresh_login_required..decorated_viewrrnrrkrfresh_login_required(s rpcCshttjj}|dk s|dkr\|tjj|j<tjjdk rRdtjjkrRtjjtjjd<dtj_n|tj_dS)ao Sets the login view for the app or blueprint. If a blueprint is passed, the login view is set for this blueprint on ``blueprint_login_views``. :param login_view: The user object to log in. :type login_view: str :param blueprint: The blueprint which this login view should be set on. Defaults to ``None``. :type blueprint: object Nr)lenrrPZblueprint_login_viewsnamer6)r6Z blueprintZnum_login_viewsrrrset_login_viewRs     rscCs"trdtkrtjtjSdS)N _login_user)r rrrPZ _load_userrtrrrrrqs  rcCs t|}t||dtS)Nutf-8) _secret_keyr'newencoder hexdigestrrrrr{srcCs4tjdtj}|dk r0|ddd}|S)NzX-Forwarded-Forru,r)r headersr;Z remote_addrrxsplitstrip)addressrrr_get_remote_addrsrcCsbtjd}|dk r|d}td|}ttkrDt|ddd}t}||d| S)Nz User-Agentrurreplace)errorsutf8) r r{r;rxrstrbytesrupdatery) user_agentr=hrrr_create_identifiers  rcCs ttdS)N)rd)dictrrrrr_user_context_processorsrcCs*|dkrtjd}t|tr&|d}|S)NZ SECRET_KEYlatin1)rr: isinstancerrxrrrrrvs    rv)N)N)Nr8)FNFT)N)N)N)/r' functoolsrhashlibr urllib.parserrZflaskrrr r r r Zwerkzeug.localr Z werkzeug.urlsrrr:rrZsignalsrrrrdr!r+r3r7r2r@rGr]r_r`rorprsrrrrrrvrrrrsL                      # 3 2*