o
    ©D®fÃ  ã                   @   sF   d dl mZ d dlmZ d dlmZ G dd„ dƒZdd„ Zdd	„ Zd
S )é    )Údefault_json_headers©Úgenerate_token)Úadd_params_to_uric                   @   sp   e Zd ZdZdZg d¢ZdZdZdZdd„ Z	d	d
„ Z
dd„ Zdd„ Zdd„ Zdd„ Zdd„ Zdd„ Zdd„ ZdS )ÚDeviceAuthorizationEndpointaY	  This OAuth 2.0 [RFC6749] protocol extension enables OAuth clients to
    request user authorization from applications on devices that have
    limited input capabilities or lack a suitable browser.  Such devices
    include smart TVs, media consoles, picture frames, and printers,
    which lack an easy input method or a suitable browser required for
    traditional OAuth interactions. Here is the authorization flow::

        +----------+                                +----------------+
        |          |>---(A)-- Client Identifier --->|                |
        |          |                                |                |
        |          |<---(B)-- Device Code,      ---<|                |
        |          |          User Code,            |                |
        |  Device  |          & Verification URI    |                |
        |  Client  |                                |                |
        |          |  [polling]                     |                |
        |          |>---(E)-- Device Code       --->|                |
        |          |          & Client Identifier   |                |
        |          |                                |  Authorization |
        |          |<---(F)-- Access Token      ---<|     Server     |
        +----------+   (& Optional Refresh Token)   |                |
              v                                     |                |
              :                                     |                |
             (C) User Code & Verification URI       |                |
              :                                     |                |
              v                                     |                |
        +----------+                                |                |
        | End User |                                |                |
        |    at    |<---(D)-- End user reviews  --->|                |
        |  Browser |          authorization request |                |
        +----------+                                +----------------+

    This DeviceAuthorizationEndpoint is the implementation of step (A) and (B).

    (A) The client requests access from the authorization server and
        includes its client identifier in the request.

    (B) The authorization server issues a device code and an end-user
        code and provides the end-user verification URI.
    Údevice_authorization)Úclient_secret_basicÚclient_secret_postÚnoneÚstringi  é   c                 C   s
   || _ d S ©N)Úserver)Úselfr   © r   úX/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth2/rfc8628/endpoint.pyÚ__init__<   s   
z$DeviceAuthorizationEndpoint.__init__c                 C   s
   |   |¡S r   )Úcreate_endpoint_response©r   Úrequestr   r   r   Ú__call__?   s   
z$DeviceAuthorizationEndpoint.__call__c                 C   s   | j  |¡S r   )r   Úcreate_oauth2_requestr   r   r   r   Úcreate_endpoint_requestD   s   z3DeviceAuthorizationEndpoint.create_endpoint_requestc                 C   s   | j  || j| j¡}||_|S )a—  client_id is REQUIRED **if the client is not** authenticating with the
        authorization server as described in Section 3.2.1. of [RFC6749].

        This means the endpoint support "none" authentication method. In this case,
        this endpoint's auth methods are:

        - client_secret_basic
        - client_secret_post
        - none

        Developers change the value of ``CLIENT_AUTH_METHODS`` in subclass. For
        instance::

            class MyDeviceAuthorizationEndpoint(DeviceAuthorizationEndpoint):
                # only support ``client_secret_basic`` auth method
                CLIENT_AUTH_METHODS = ['client_secret_basic']
        )r   Úauthenticate_clientÚCLIENT_AUTH_METHODSÚENDPOINT_NAMEÚclient)r   r   r   r   r   r   r   G   s
   
ÿz/DeviceAuthorizationEndpoint.authenticate_clientc                 C   sr   |   |¡ | j |j¡ |  ¡ }|  ¡ }|  ¡ }t|d|fgƒ}||||| j| j	dœ}|  
|j|j|¡ d|tfS )NÚ	user_code)Údevice_coder   Úverification_uriÚverification_uri_completeÚ
expires_inÚintervaléÈ   )r   r   Úvalidate_requested_scopeÚscopeÚgenerate_device_codeÚgenerate_user_codeÚget_verification_urir   Ú
EXPIRES_INÚINTERVALÚsave_device_credentialÚ	client_idr   )r   r   r   r   r   r    Údatar   r   r   r   ^   s"   

ÿú	
z4DeviceAuthorizationEndpoint.create_endpoint_responsec                 C   s   | j dkrtƒ S tƒ S )zåA method to generate ``user_code`` value for device authorization
        endpoint. This method will generate a random string like MQNA-JPOZ.
        Developers can rewrite this  method to create their own ``user_code``.
        Údigital)ÚUSER_CODE_TYPEÚcreate_digital_user_codeÚcreate_string_user_code©r   r   r   r   r'   v   s   
z.DeviceAuthorizationEndpoint.generate_user_codec                 C   s   t dƒS )zêA method to generate ``device_code`` value for device authorization
        endpoint. This method will generate a random string of 42 characters.
        Developers can rewrite this method to create their own ``device_code``.
        é*   r   r2   r   r   r   r&   €   s   z0DeviceAuthorizationEndpoint.generate_device_codec                 C   ó   t ƒ ‚)zìDefine the ``verification_uri`` of device authorization endpoint.
        Developers MUST implement this method in subclass::

            def get_verification_uri(self):
                return 'https://your-company.com/active'
        ©ÚNotImplementedErrorr2   r   r   r   r(   ‡   s   z0DeviceAuthorizationEndpoint.get_verification_uric                 C   r4   )av  Save device token into database for later use. Developers MUST
        implement this method in subclass::

            def save_device_credential(self, client_id, scope, data):
                item = DeviceCredential(
                    client_id=client_id,
                    scope=scope,
                    **data
                )
                item.save()
        r5   )r   r,   r%   r-   r   r   r   r+      s   z2DeviceAuthorizationEndpoint.save_device_credentialN)Ú__name__Ú
__module__Ú__qualname__Ú__doc__r   r   r/   r)   r*   r   r   r   r   r   r'   r&   r(   r+   r   r   r   r   r      s     (
	r   c                  C   s   d} d  td| ƒtd| ƒg¡S )NÚBCDFGHJKLMNPQRSTVWXZú-é   ©Újoinr   ©Úbaser   r   r   r1   Ÿ   s   r1   c                  C   s&   d} d  td| ƒtd| ƒtd| ƒg¡S )NÚ
0123456789r<   é   r>   r@   r   r   r   r0   ¤   s   ýr0   N)	Úauthlib.constsr   Úauthlib.common.securityr   Úauthlib.common.urlsr   r   r1   r0   r   r   r   r   Ú<module>   s     