o
    ©D®fÝ  ã                   @   s<   d dl mZ ddlmZ ddlmZmZ G dd„ deƒZdS )é    )Údefault_json_headersé   )ÚTokenEndpoint)ÚInvalidRequestErrorÚUnsupportedTokenTypeErrorc                   @   s<   e Zd ZdZdZdd„ Zdd„ Zdd„ Zd	d
„ Zdd„ Z	dS )ÚRevocationEndpointz†Implementation of revocation endpoint which is described in
    `RFC7009`_.

    .. _RFC7009: https://tools.ietf.org/html/rfc7009
    Ú
revocationc                 C   s@   |   ||¡ |  |jd |j d¡¡}|r| |¡r|S dS dS )a…  The client constructs the request by including the following
        parameters using the "application/x-www-form-urlencoded" format in
        the HTTP request entity-body:

        token
            REQUIRED.  The token that the client wants to get revoked.

        token_type_hint
            OPTIONAL.  A hint about the type of the token submitted for
            revocation.
        ÚtokenÚtoken_type_hintN)Úcheck_paramsÚquery_tokenÚformÚgetÚcheck_client©ÚselfÚrequestÚclientr	   © r   úZ/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth2/rfc7009/revocation.pyÚauthenticate_token   s
   ÿz%RevocationEndpoint.authenticate_tokenc                 C   s8   d|j vrtƒ ‚|j  d¡}|r|| jvrtƒ ‚d S d S )Nr	   r
   )r   r   r   ÚSUPPORTED_TOKEN_TYPESr   )r   r   r   Úhintr   r   r   r   #   s   
ÿzRevocationEndpoint.check_paramsc                 C   sB   |   |¡}|  ||¡}|r|  ||¡ | jjd||d di tfS )aõ  Validate revocation request and create the response for revocation.
        For example, a client may request the revocation of a refresh token
        with the following request::

            POST /revoke HTTP/1.1
            Host: server.example.com
            Content-Type: application/x-www-form-urlencoded
            Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW

            token=45ghiukldjahdnhzdauz&token_type_hint=refresh_token

        :returns: (status_code, body, headers)
        Úafter_revoke_token)r	   r   éÈ   )Úauthenticate_endpoint_clientr   Úrevoke_tokenÚserverÚsend_signalr   r   r   r   r   Úcreate_endpoint_response+   s   
ý
z+RevocationEndpoint.create_endpoint_responsec                 C   ó   t ƒ ‚)a7  Get the token from database/storage by the given token string.
        Developers should implement this method::

            def query_token(self, token_string, token_type_hint):
                if token_type_hint == 'access_token':
                    return Token.query_by_access_token(token_string)
                if token_type_hint == 'refresh_token':
                    return Token.query_by_refresh_token(token_string)
                return Token.query_by_access_token(token_string) or                     Token.query_by_refresh_token(token_string)
        ©ÚNotImplementedError)r   Útoken_stringr
   r   r   r   r   J   s   zRevocationEndpoint.query_tokenc                 C   r    )aÚ  Mark token as revoked. Since token MUST be unique, it would be
        dangerous to delete it. Consider this situation:

        1. Jane obtained a token XYZ
        2. Jane revoked (deleted) token XYZ
        3. Bob generated a new token XYZ
        4. Jane can use XYZ to access Bob's resource

        It would be secure to mark a token as revoked::

            def revoke_token(self, token, request):
                hint = request.form.get('token_type_hint')
                if hint == 'access_token':
                    token.access_token_revoked = True
                else:
                    token.access_token_revoked = True
                    token.refresh_token_revoked = True
                token.save()
        r!   )r   r	   r   r   r   r   r   X   s   zRevocationEndpoint.revoke_tokenN)
Ú__name__Ú
__module__Ú__qualname__Ú__doc__ÚENDPOINT_NAMEr   r   r   r   r   r   r   r   r   r   	   s    r   N)Úauthlib.constsr   Úrfc6749r   r   r   r   r   r   r   r   Ú<module>   s    