a $`@sddlZddlZddlmZddlmZmZddlmZddl m Z ddl m Z ddl mZddlZddlmZdd lmZdd lmZdd lmZmZmZdd lmZmZd dlmZmZd dl m!Z!d dl"m#Z#GdddeZ$edddZ%e&e$Z'e%Z(e&e$Z)dS)N) timedelta)HttpResponseNotAllowedHttpResponseRedirect)reverse)timezone) urlencode) csrf_exempt) get_adapter) SocialToken) OAuth2Error) OAuth2AdapterOAuth2CallbackViewOAuth2LoginView)build_absolute_uriget_request_param)add_apple_sessionpersist_apple_session)AppleOAuth2Client) AppleProviderc@sbeZdZeZejZdZdZ dZ ddZ ddZ dd Z d d Zd d ZddZddZddZdS)AppleOAuth2Adapterz$https://appleid.apple.com/auth/tokenz(https://appleid.apple.com/auth/authorizez#https://appleid.apple.com/auth/keysc Csxt|j}|z |}Wn0tjyP}ztd|WYd}~n d}~00|dD]}|d|krZ|SqZdS)Nz"Error retrieving apple public key.keyskid)requestsgetpublic_key_urlZraise_for_statusjsonJSONDecodeErrorr )selfrresponsedataedr#c/var/www/html/Ranjet/env/lib/python3.9/site-packages/allauth/socialaccount/providers/apple/views.py_get_apple_public_key#s     z(AppleOAuth2Adapter._get_apple_public_keycCs2t|d}|j|d}tjjt|}|S)zT Get the public key which matches the `kid` in the id_token header. r)r)jwtZget_unverified_headerr% algorithmsZ RSAAlgorithmZfrom_jwkrdumps)rid_tokenrZapple_public_key public_keyr#r#r$get_public_key/s z!AppleOAuth2Adapter.get_public_keycCs(tjd|jd}dd|jdDS)N)requestprovidercSsg|] }|qSr#)strip).0Zaudr#r#r$ ;z4AppleOAuth2Adapter.get_client_id..,)r Zget_app provider_idZ client_idsplit)rr-appr#r#r$ get_client_id9sz AppleOAuth2Adapter.get_client_idc Csp|}||}z(||}tj||dgd|dd}|WStjyj}ztd|WYd}~n d}~00dS)NZRS256Tzhttps://appleid.apple.com)r'ZverifyZaudienceZissuerzInvalid id_token) get_providerr6r+r&decodeZ PyJWTErrorr )rr)r-Z allowed_audsr* identity_datar!r#r#r$get_verified_identity_data=s  z-AppleOAuth2Adapter.get_verified_identity_datacCsdt|dd}|dd|_||j}|rDttt|d|_| |d}i|||_ |S)NZ access_token)tokenZ refresh_token)secondsr)) r rZ token_secretZexpires_in_keyrnowrintZ expires_atr: user_data)rr r;Z expires_inr9r#r#r$ parse_tokenPs zAppleOAuth2Adapter.parse_tokencKs:|j}|j||d}|j|jd<t||j|S)N)r,rr))r@r7Zsociallogin_from_responsestaterapple_login_sessiondelete)rr,r5r;kwargs extra_dataZloginr#r#r$complete_loginas  z!AppleOAuth2Adapter.complete_logincCs8|jdd}z t|WStjy2iYS0dS)Nuserr<)rCrrloadsr)rr,Zuser_scope_datar#r#r$get_user_scope_dataos  z&AppleOAuth2Adapter.get_user_scope_datacCs>t|t|d}||}i|||d|jdiS)z8We need to gather the info from the apple specific logincoder))rrZget_access_tokenrJrCr)rr,r5clientrKZaccess_token_datar#r#r$get_access_token_dataxs   z(AppleOAuth2Adapter.get_access_token_dataN)__name__ __module__ __qualname__rZ client_classridr3Zaccess_token_urlZ authorize_urlrr%r+r6r:rArGrJrMr#r#r#r$rs   rapple_finish_callbackc Cs|jdkrtdgt|gd}i}|D]}t||d}|r,|||<q,ddg}|D]}t||d|j|<qVt|t|}tdj|t |d}t |||S)a Apple uses a `form_post` response type, which due to CORS/Samesite-cookie rules means this request cannot access the request since the session cookie is unavailable. We work around this by storing the apple response in a separate, temporary session and redirecting to a more normal oauth flow. args: finish_endpoint_name (str): The name of a defined URL, which can be overridden in your url configuration if you have more than one callback endpoint. ZPOST)rKrBerrorr<rHr)z {url}?{query})urlquery) methodrrrrCrrrformatrr) r,Zfinish_endpoint_nameZkeys_to_put_in_urlZ url_paramskeyvalueZkeys_to_save_to_sessionrTrr#r#r$apple_post_callbacks$     rZ)rR)*rrdatetimerZ django.httprrZ django.urlsrZ django.utilsrZdjango.utils.httprZdjango.views.decorators.csrfrr&Zallauth.socialaccount.adapterr Zallauth.socialaccount.modelsr Z-allauth.socialaccount.providers.oauth2.clientr Z,allauth.socialaccount.providers.oauth2.viewsr r rZ allauth.utilsrrZ apple_sessionrrrLrr-rrrZZ adapter_viewZ oauth2_loginZoauth2_callbackZoauth2_finish_loginr#r#r#r$s,          k (