o
    ©D®f½  ã                   @   s@   d Z ddlmZ ddlmZmZ G dd„ dƒZG dd„ dƒZdS )	zè
    authlib.oauth2.rfc6749.resource_protector
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Implementation of Accessing Protected Resources per `Section 7`_.

    .. _`Section 7`: https://tools.ietf.org/html/rfc6749#section-7
é   )Úscope_to_list)ÚMissingAuthorizationErrorÚUnsupportedTokenTypeErrorc                   @   sB   e Zd ZdZdZddd„Zedd„ ƒZdd	„ Zd
d„ Z	dd„ Z
dS )ÚTokenValidatorziBase token validator class. Subclass this validator to register
    into ResourceProtector instance.
    ÚbearerNc                 K   s   || _ || _d S ©N)ÚrealmÚextra_attributes)Úselfr   r	   © r   úb/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth2/rfc6749/resource_protector.pyÚ__init__   s   
zTokenValidator.__init__c                 C   sJ   |sdS t | ƒ} | sdS t| ƒ} |D ]}tt |ƒƒ}|  |¡r" dS qdS )NFT)r   ÚsetÚ
issuperset)Útoken_scopesÚrequired_scopesÚscopeÚresource_scopesr   r   r   Úscope_insufficient   s   
ÿz!TokenValidator.scope_insufficientc                 C   ó   t ƒ ‚)a_  A method to query token from database with the given token string.
        Developers MUST re-implement this method. For instance::

            def authenticate_token(self, token_string):
                return get_token_from_database(token_string)

        :param token_string: A string to represent the access_token.
        :return: token
        ©ÚNotImplementedError)r
   Útoken_stringr   r   r   Úauthenticate_token(   s   
z!TokenValidator.authenticate_tokenc                 C   s   dS )a@  A method to validate if the HTTP request is valid or not. Developers MUST
        re-implement this method.  For instance, your server requires a
        "X-Device-Version" in the header::

            def validate_request(self, request):
                if 'X-Device-Version' not in request.headers:
                    raise InvalidRequestError()

        Usually, you don't have to detect if the request is valid or not. If you have
        to, you MUST re-implement this method.

        :param request: instance of HttpRequest
        :raise: InvalidRequestError
        Nr   )r
   Úrequestr   r   r   Úvalidate_request4   s    zTokenValidator.validate_requestc                 C   r   )a4  A method to validate if the authorized token is valid, if it has the
        permission on the given scopes. Developers MUST re-implement this method.
        e.g, check if token is expired, revoked::

            def validate_token(self, token, scopes, request):
                if not token:
                    raise InvalidTokenError()
                if token.is_expired() or token.is_revoked():
                    raise InvalidTokenError()
                if not match_token_scopes(token, scopes):
                    raise InsufficientScopeError()
        r   )r
   ÚtokenÚscopesr   r   r   r   Úvalidate_tokenD   s   zTokenValidator.validate_tokenr   )Ú__name__Ú
__module__Ú__qualname__Ú__doc__Ú
TOKEN_TYPEr   Ústaticmethodr   r   r   r   r   r   r   r   r      s    

r   c                   @   s:   e Zd Zdd„ Zdefdd„Zdd„ Zdd	„ Zd
d„ ZdS )ÚResourceProtectorc                 C   s   i | _ d | _d | _d S r   )Ú_token_validatorsÚ_default_realmÚ_default_auth_type)r
   r   r   r   r   U   s   
zResourceProtector.__init__Ú	validatorc                 C   s6   | j s|j| _|j| _ |j| jvr|| j|j< dS dS )z„Register a token validator for a given Authorization type.
        Authlib has a built-in BearerTokenValidator per rfc6750.
        N)r(   r   r'   r#   r&   )r
   r)   r   r   r   Úregister_token_validatorZ   s   ÿz*ResourceProtector.register_token_validatorc                 C   s&   | j  | ¡ ¡}|st| j| jƒ‚|S )z;Get token validator from registry for the given token type.)r&   ÚgetÚlowerr   r(   r'   )r
   Ú
token_typer)   r   r   r   Úget_token_validatore   s   z%ResourceProtector.get_token_validatorc                 C   s^   |j  d¡}|st| j| jƒ‚| dd¡}t|ƒdkr"t| j| jƒ‚|\}}|  |¡}||fS )aË  Parse the token and token validator from request Authorization header.
        Here is an example of Authorization header::

            Authorization: Bearer a-token-string

        This method will parse this header, if it can find the validator for
        ``Bearer``, it will return the validator and ``a-token-string``.

        :return: validator, token_string
        :raise: MissingAuthorizationError
        :raise: UnsupportedTokenTypeError
        ÚAuthorizationNr   é   )	Úheadersr+   r   r(   r'   ÚsplitÚlenr   r.   )r
   r   ÚauthÚtoken_partsr-   r   r)   r   r   r   Úparse_request_authorizationl   s   
z-ResourceProtector.parse_request_authorizationc                 K   s<   |   |¡\}}| |¡ | |¡}|j|||fi |¤Ž |S )z(Validate the request and return a token.)r6   r   r   r   )r
   r   r   Úkwargsr)   r   r   r   r   r   r   †   s
   

z"ResourceProtector.validate_requestN)	r   r    r!   r   r   r*   r.   r6   r   r   r   r   r   r%   T   s    r%   N)r"   Úutilr   Úerrorsr   r   r   r%   r   r   r   r   Ú<module>   s
    G