o
    Df                     @   s<   d dl mZ ddlmZ ddlmZmZ G dd deZdS )    )default_json_headers   )TokenEndpoint)InvalidRequestErrorUnsupportedTokenTypeErrorc                   @   s<   e Zd ZdZdZdd Zdd Zdd Zd	d
 Zdd Z	dS )RevocationEndpointzImplementation of revocation endpoint which is described in
    `RFC7009`_.

    .. _RFC7009: https://tools.ietf.org/html/rfc7009
    
revocationc                 C   s@   |  || | |jd |jd}|r||r|S dS dS )a  The client constructs the request by including the following
        parameters using the "application/x-www-form-urlencoded" format in
        the HTTP request entity-body:

        token
            REQUIRED.  The token that the client wants to get revoked.

        token_type_hint
            OPTIONAL.  A hint about the type of the token submitted for
            revocation.
        tokentoken_type_hintN)check_paramsquery_tokenformgetcheck_clientselfrequestclientr	    r   Z/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth2/rfc7009/revocation.pyauthenticate_token   s
   z%RevocationEndpoint.authenticate_tokenc                 C   s8   d|j vrt |j d}|r|| jvrt d S d S )Nr	   r
   )r   r   r   SUPPORTED_TOKEN_TYPESr   )r   r   r   hintr   r   r   r   #   s   
zRevocationEndpoint.check_paramsc                 C   sB   |  |}| ||}|r| || | jjd||d di tfS )a  Validate revocation request and create the response for revocation.
        For example, a client may request the revocation of a refresh token
        with the following request::

            POST /revoke HTTP/1.1
            Host: server.example.com
            Content-Type: application/x-www-form-urlencoded
            Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW

            token=45ghiukldjahdnhzdauz&token_type_hint=refresh_token

        :returns: (status_code, body, headers)
        after_revoke_token)r	   r      )authenticate_endpoint_clientr   revoke_tokenserversend_signalr   r   r   r   r   create_endpoint_response+   s   

z+RevocationEndpoint.create_endpoint_responsec                 C      t  )a7  Get the token from database/storage by the given token string.
        Developers should implement this method::

            def query_token(self, token_string, token_type_hint):
                if token_type_hint == 'access_token':
                    return Token.query_by_access_token(token_string)
                if token_type_hint == 'refresh_token':
                    return Token.query_by_refresh_token(token_string)
                return Token.query_by_access_token(token_string) or                     Token.query_by_refresh_token(token_string)
        NotImplementedError)r   token_stringr
   r   r   r   r   J   s   zRevocationEndpoint.query_tokenc                 C   r    )a  Mark token as revoked. Since token MUST be unique, it would be
        dangerous to delete it. Consider this situation:

        1. Jane obtained a token XYZ
        2. Jane revoked (deleted) token XYZ
        3. Bob generated a new token XYZ
        4. Jane can use XYZ to access Bob's resource

        It would be secure to mark a token as revoked::

            def revoke_token(self, token, request):
                hint = request.form.get('token_type_hint')
                if hint == 'access_token':
                    token.access_token_revoked = True
                else:
                    token.access_token_revoked = True
                    token.refresh_token_revoked = True
                token.save()
        r!   )r   r	   r   r   r   r   r   X   s   zRevocationEndpoint.revoke_tokenN)
__name__
__module____qualname____doc__ENDPOINT_NAMEr   r   r   r   r   r   r   r   r   r   	   s    r   N)authlib.constsr   rfc6749r   r   r   r   r   r   r   r   <module>   s    