o "7h@sdZddlZddlZddlmZmZddlmZddlm Z ddl m Z m Z ddZGd d d eZGd d d ZGd ddeZGdddeZGdddeZGdddeZdS)z+ Provides various authentication policies. N) authenticateget_user_model)CsrfViewMiddleware) gettext_lazy)HTTP_HEADER_ENCODING exceptionscCs&|jdd}t|tr|t}|S)z Return request's 'Authorization:' header, as a bytestring. Hide some test client ickyness where the header can be unicode. HTTP_AUTHORIZATION)METAget isinstancestrencoder)requestauthrr/var/www/epreuve.sigeris.cm/public_html/epreuve/venv/lib/python3.10/site-packages/rest_framework/authentication.pyget_authorization_headers  rc@seZdZddZdS) CSRFCheckcCs|SNr)selfrreasonrrr_rejectszCSRFCheck._rejectN)__name__ __module__ __qualname__rrrrrrs rc@ eZdZdZddZddZdS)BaseAuthenticationzF All authentication classes should extend BaseAuthentication. cCstd)zS Authenticate the request and return a two-tuple of (user, token). z#.authenticate() must be overridden.)NotImplementedErrorrrrrrr&szBaseAuthentication.authenticatecCsdS)z Return a string to be used as the value of the `WWW-Authenticate` header in a `401 Unauthenticated` response, or `None` if the authentication scheme should return `403 Permission Denied` responses. Nrrrrrauthenticate_header,sz&BaseAuthentication.authenticate_headerN)rrr__doc__rr rrrrr!s rc@s.eZdZdZdZddZd ddZdd ZdS) BasicAuthenticationz> HTTP Basic authentication against username/password. apic Cst|}|r|ddkrdSt|dkr!td}t|t|dkr0td}t|z*z t|d d}Wnt yPt|d d }Ynw|d d\}}Wnt t t t jfyotd }t|w||||S) z Returns a `User` if a correct username and password have been supplied using HTTP Basic authentication. Otherwise returns `None`. rsbasicNz.Invalid basic header. No credentials provided.zCInvalid basic header. Credentials string should not contain spaces.zutf-8zlatin-1:z?Invalid basic header. Credentials not correctly base64 encoded.)rsplitlowerlen_rAuthenticationFailedbase64 b64decodedecodeUnicodeDecodeError TypeError ValueErrorbinasciiErrorauthenticate_credentials)rrrmsg auth_decodeduseridpasswordrrrr;s*       z BasicAuthentication.authenticateNcCsTtj|d|i}tdd|i|}|durttd|js&ttd|dfS)z Authenticate the userid and password against username and password with optional request for context. r8rNzInvalid username/password.User inactive or deleted.r)rUSERNAME_FIELDrrr+r* is_active)rr7r8r credentialsuserrrrr4Ysz,BasicAuthentication.authenticate_credentialscCs d|jS)NzBasic realm="%s")www_authenticate_realmrrrrr ls z'BasicAuthentication.authenticate_headerr)rrrr!r>rr4r rrrrr"5s   r"c@r)SessionAuthenticationz< Use Django's session framework for authentication. cCs.t|jdd}|r |jsdS|||dfS)z{ Returns a `User` if the request session currently has a logged in user. Otherwise returns `None`. r=N)getattr_requestr; enforce_csrfrrr=rrrrus   z"SessionAuthentication.authenticatecCs@dd}t|}||||ddi}|rtd|dS)zK Enforce CSRF validation for session based authentication. cSsdSrr)rrrrdummy_get_responsesz>SessionAuthentication.enforce_csrf..dummy_get_responseNrzCSRF Failed: %s)rprocess_request process_viewrPermissionDenied)rrrDcheckrrrrrBs z"SessionAuthentication.enforce_csrfN)rrrr!rrBrrrrr?ps r?c@s:eZdZdZdZdZddZ ddZdd Zd d Z dS) TokenAuthenticationa Simple token based authentication. Clients should authenticate by passing the token key in the "Authorization" HTTP header, prepended with the string "Token ". For example: Authorization: Token 401f7ac837da42b97f613d789819ff93537bee6a TokenNcCs |jdur|jSddlm}|S)Nr)rJ)modelrest_framework.authtoken.modelsrJ)rrJrrr get_models  zTokenAuthentication.get_modelcCst|}|r|d|jkrdSt|dkr&td}t|t|dkr5td}t|z|d }Wnt yMtd}t|w| |S)Nrr$z.Invalid token header. No credentials provided.r%z=Invalid token header. Token string should not contain spaces.zIInvalid token header. Token string should not contain invalid characters.) rr'r(keywordrr)r*rr+r. UnicodeErrorr4)rrrr5tokenrrrrs        z TokenAuthentication.authenticatecCs`|}z |jdj|d}Wn|jyttdw|jj s+ttd|j|fS)Nr=)keyzInvalid token.r9) rMobjectsselect_relatedr DoesNotExistrr+r*r=r;)rrQrKrPrrrr4s z,TokenAuthentication.authenticate_credentialscCs|jSr)rNrrrrr sz'TokenAuthentication.authenticate_header) rrrr!rNrKrMrr4r rrrrrIs  rIc@seZdZdZdZddZdS)RemoteUserAuthenticationa REMOTE_USER authentication. To use this, set up your web server to perform authentication, which will set the REMOTE_USER environment variable. You will need to have 'django.contrib.auth.backends.RemoteUserBackend in your AUTHENTICATION_BACKENDS setting REMOTE_USERcCs0t||j|jd}|r|jr|dfSdSdS)N)r remote_user)rr r headerr;rCrrrrs z%RemoteUserAuthentication.authenticateN)rrrr!rXrrrrrrUs rU)r!r,r2django.contrib.authrrdjango.middleware.csrfrdjango.utils.translationrr*rest_frameworkrrrrrr"r?rIrUrrrrs   ;'?