U ڲg@sdZddlZddlZddlmZmZddlmZddlm Z ddl m Z m Z ddZGd d d eZGd d d ZGd ddeZGdddeZGdddeZGdddeZdS)z+ Provides various authentication policies. N) authenticateget_user_model)CsrfViewMiddleware) gettext_lazy)HTTP_HEADER_ENCODING exceptionscCs&|jdd}t|tr"|t}|S)z Return request's 'Authorization:' header, as a bytestring. Hide some test client ickyness where the header can be unicode. ZHTTP_AUTHORIZATION)METAget isinstancestrencoder)requestauthrA/tmp/pip-unpacked-wheel-11h17kvo/rest_framework/authentication.pyget_authorization_headers  rc@seZdZddZdS) CSRFCheckcCs|SNr)selfrreasonrrr_rejectszCSRFCheck._rejectN)__name__ __module__ __qualname__rrrrrrsrc@s eZdZdZddZddZdS)BaseAuthenticationzF All authentication classes should extend BaseAuthentication. cCs tddS)zS Authenticate the request and return a two-tuple of (user, token). z#.authenticate() must be overridden.N)NotImplementedErrorrrrrrr&szBaseAuthentication.authenticatecCsdS)z Return a string to be used as the value of the `WWW-Authenticate` header in a `401 Unauthenticated` response, or `None` if the authentication scheme should return `403 Permission Denied` responses. Nrrrrrauthenticate_header,sz&BaseAuthentication.authenticate_headerN)rrr__doc__rrrrrrr!src@s.eZdZdZdZddZd ddZdd ZdS) BasicAuthenticationz> HTTP Basic authentication against username/password. apic Cst|}|r |ddkr$dSt|dkrDtd}t|nt|dkrbtd}t|zVzt|d d}Wn(t k rt|d d }YnX|d d\}}Wn0t t t t jfk rtd }t|YnX||||S) z Returns a `User` if a correct username and password have been supplied using HTTP Basic authentication. Otherwise returns `None`. rsbasicNz.Invalid basic header. No credentials provided.zCInvalid basic header. Credentials string should not contain spaces.zutf-8zlatin-1:z?Invalid basic header. Credentials not correctly base64 encoded.)rsplitlowerlen_rAuthenticationFailedbase64 b64decodedecodeUnicodeDecodeError TypeError ValueErrorbinasciiErrorauthenticate_credentials)rrrmsgZ auth_decodeduseridpasswordrrrr;s&     z BasicAuthentication.authenticateNcCsTtj|d|i}tfd|i|}|dkr8ttd|jsLttd|dfS)z Authenticate the userid and password against username and password with optional request for context. r5rNzInvalid username/password.User inactive or deleted.)rZUSERNAME_FIELDrrr)r( is_active)rr4r5r credentialsuserrrrr2Ysz,BasicAuthentication.authenticate_credentialscCs d|jS)NzBasic realm="%s")www_authenticate_realmrrrrrlsz'BasicAuthentication.authenticate_header)N)rrrrr:rr2rrrrrr 5s  r c@s eZdZdZddZddZdS)SessionAuthenticationz< Use Django's session framework for authentication. cCs.t|jdd}|r|jsdS|||dfS)z{ Returns a `User` if the request session currently has a logged in user. Otherwise returns `None`. r9N)getattr_requestr7 enforce_csrfrrr9rrrrus   z"SessionAuthentication.authenticatecCs@dd}t|}||||ddi}|rSessionAuthentication.enforce_csrf..dummy_get_responseNrzCSRF Failed: %s)rprocess_requestZ process_viewrZPermissionDenied)rrr@checkrrrrr>s  z"SessionAuthentication.enforce_csrfN)rrrrrr>rrrrr;psr;c@s8eZdZdZdZdZddZddZdd Zd d Z dS) TokenAuthenticationa Simple token based authentication. Clients should authenticate by passing the token key in the "Authorization" HTTP header, prepended with the string "Token ". For example: Authorization: Token 401f7ac837da42b97f613d789819ff93537bee6a TokenNcCs |jdk r|jSddlm}|S)Nr)rD)modelZrest_framework.authtoken.modelsrD)rrDrrr get_models  zTokenAuthentication.get_modelcCst|}|r*|d|jkr.dSt|dkrNtd}t|nt|dkrltd}t|z|d }Wn&t k rtd}t|YnX| |S)Nrr"z.Invalid token header. No credentials provided.r#z=Invalid token header. Token string should not contain spaces.zIInvalid token header. Token string should not contain invalid characters.) rr%r&keywordr r'r(rr)r, UnicodeErrorr2)rrrr3tokenrrrrs     z TokenAuthentication.authenticatecCsf|}z|jdj|d}Wn$|jk rDttdYnX|jj s\ttd|j|fS)Nr9)keyzInvalid token.r6) rFZobjectsZselect_relatedr Z DoesNotExistrr)r(r9r7)rrJrErIrrrr2sz,TokenAuthentication.authenticate_credentialscCs|jSr)rGrrrrrsz'TokenAuthentication.authenticate_header) rrrrrGrErFrr2rrrrrrCs   rCc@seZdZdZdZddZdS)RemoteUserAuthenticationa REMOTE_USER authentication. To use this, set up your web server to perform authentication, which will set the REMOTE_USER environment variable. You will need to have 'django.contrib.auth.backends.RemoteUserBackend in your AUTHENTICATION_BACKENDS setting Z REMOTE_USERcCs,t||j|jd}|r(|jr(|dfSdS)N)rZ remote_user)rr r headerr7r?rrrrs z%RemoteUserAuthentication.authenticateN)rrrrrLrrrrrrKs rK)rr*r0Zdjango.contrib.authrrZdjango.middleware.csrfrZdjango.utils.translationrr(Zrest_frameworkrrrrrr r;rCrKrrrrs   ;'?