3 Ah`*@sdZddlZddlZddlmZmZddlmZddlm Z ddl m Z m Z ddZGd d d eZGd d d ZGd ddeZGdddeZGdddeZGdddeZdS)z+ Provides various authentication policies. N) authenticateget_user_model)CsrfViewMiddleware) gettext_lazy)HTTP_HEADER_ENCODING exceptionscCs&|jjdd}t|tr"|jt}|S)z Return request's 'Authorization:' header, as a bytestring. Hide some test client ickyness where the header can be unicode. ZHTTP_AUTHORIZATION)METAget isinstancestrencoder)requestauthrL/tmp/pip-build-9m32_hle/djangorestframework/rest_framework/authentication.pyget_authorization_headers  rc@seZdZddZdS) CSRFCheckcCs|S)Nr)selfrreasonrrr_rejectszCSRFCheck._rejectN)__name__ __module__ __qualname__rrrrrrsrc@s eZdZdZddZddZdS)BaseAuthenticationzF All authentication classes should extend BaseAuthentication. cCs tddS)zS Authenticate the request and return a two-tuple of (user, token). z#.authenticate() must be overridden.N)NotImplementedError)rrrrrr&szBaseAuthentication.authenticatecCsdS)z Return a string to be used as the value of the `WWW-Authenticate` header in a `401 Unauthenticated` response, or `None` if the authentication scheme should return `403 Permission Denied` responses. Nr)rrrrrauthenticate_header,sz&BaseAuthentication.authenticate_headerN)rrr__doc__rrrrrrr!src@s.eZdZdZdZddZd ddZdd ZdS) BasicAuthenticationz> HTTP Basic authentication against username/password. apicCst|j}| s"|djdkr&dSt|dkrFtd}tj|nt|dkrdtd}tj|yPytj|dj d}Wn(t k rtj|dj d }YnX|j d }Wn.t t t jfk rtd }tj|YnX|d|d}}|j|||S) z Returns a `User` if a correct username and password have been supplied using HTTP Basic authentication. Otherwise returns `None`. rsbasicNz.Invalid basic header. No credentials provided.zCInvalid basic header. Credentials string should not contain spaces.zutf-8zlatin-1:z?Invalid basic header. Credentials not correctly base64 encoded.)rsplitlowerlen_rAuthenticationFailedbase64 b64decodedecodeUnicodeDecodeError partition TypeErrorbinasciiErrorauthenticate_credentials)rrrmsgZ auth_decodedZ auth_partsuseridpasswordrrrr;s(     z BasicAuthentication.authenticateNcCsTtj|d|i}tfd|i|}|dkr8tjtd|jsLtjtd|dfS)z Authenticate the userid and password against username and password with optional request for context. r3rNzInvalid username/password.zUser inactive or deleted.)rZUSERNAME_FIELDrrr'r& is_active)rr2r3r credentialsuserrrrr0Ysz,BasicAuthentication.authenticate_credentialscCs d|jS)NzBasic realm="%s")www_authenticate_realm)rrrrrrlsz'BasicAuthentication.authenticate_header)N)rrrrr7rr0rrrrrr5s  rc@s eZdZdZddZddZdS)SessionAuthenticationz< Use Django's session framework for authentication. cCs2t|jdd}| s|j r dS|j||dfS)z{ Returns a `User` if the request session currently has a logged in user. Otherwise returns `None`. r6N)getattr_requestr4 enforce_csrf)rrr6rrrrus  z"SessionAuthentication.authenticatecCs@dd}t|}|j||j|dfi}|rSessionAuthentication.enforce_csrf..dummy_get_responseNzCSRF Failed: %s)rprocess_requestZ process_viewrZPermissionDenied)rrr<checkrrrrr;s  z"SessionAuthentication.enforce_csrfN)rrrrrr;rrrrr8psr8c@s8eZdZdZdZdZddZddZdd Zd d Z dS) TokenAuthenticationa Simple token based authentication. Clients should authenticate by passing the token key in the "Authorization" HTTP header, prepended with the string "Token ". For example: Authorization: Token 401f7ac837da42b97f613d789819ff93537bee6a TokenNcCs |jdk r|jSddlm}|S)Nr)r@)modelZrest_framework.authtoken.modelsr@)rr@rrr get_models  zTokenAuthentication.get_modelc Cst|j}| s,|dj|jjjkr0dSt|dkrPtd}tj|nt|dkrntd}tj|y|dj }Wn&t k rtd}tj|YnX|j |S)Nrr z.Invalid token header. No credentials provided.r!z=Invalid token header. Token string should not contain spaces.zIInvalid token header. Token string should not contain invalid characters.) rr#r$keywordr r%r&rr'r* UnicodeErrorr0)rrrr1tokenrrrrs      z TokenAuthentication.authenticatec Csf|j}y|jjdj|d}Wn$|jk rDtjtdYnX|jj s\tjtd|j|fS)Nr6)keyzInvalid token.zUser inactive or deleted.) rBZobjectsZselect_relatedr Z DoesNotExistrr'r&r6r4)rrFrArErrrr0sz,TokenAuthentication.authenticate_credentialscCs|jS)N)rC)rrrrrrsz'TokenAuthentication.authenticate_header) rrrrrCrArBrr0rrrrrr?s  r?c@seZdZdZdZddZdS)RemoteUserAuthenticationa REMOTE_USER authentication. To use this, set up your web server to perform authentication, which will set the REMOTE_USER environment variable. You will need to have 'django.contrib.auth.backends.RemoteUserBackend in your AUTHENTICATION_BACKENDS setting Z REMOTE_USERcCs*t|jj|jd}|r&|jr&|dfSdS)N)Z remote_user)rr r headerr4)rrr6rrrrs z%RemoteUserAuthentication.authenticateN)rrrrrHrrrrrrGsrG)rr(r.Zdjango.contrib.authrrZdjango.middleware.csrfrZdjango.utils.translationrr&Zrest_frameworkrrrrrrr8r?rGrrrrs   ;'?