o iiN@sddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZdd lm Z dd lm Z d d l m Z d d l m Z d dl mZd dl mZd dl mZd dl mZd dl mZd dl mZd dl mZd dl mZd dl mZd dl mZd dl mZd dlmZd dlmZd dlmZd dlmZd dlmZd dlm Z d dlm!Z!d d l"m#Z#d d!l"m$Z$d d"l"m%Z%d d#l"m&Z&d d$l"m'Z'd d%l"m(Z)d d&l"m*Z*Gd'd(d(Z+d)S)*)datetime) timedelta)abort) current_app)flash)g)has_app_context)redirect)request)session)AUTH_HEADER_NAME)COOKIE_DURATION)COOKIE_HTTPONLY) COOKIE_NAME)COOKIE_SAMESITE) COOKIE_SECURE) ID_ATTRIBUTE) LOGIN_MESSAGE)LOGIN_MESSAGE_CATEGORY)REFRESH_MESSAGE)REFRESH_MESSAGE_CATEGORY) SESSION_KEYS)USE_SESSION_FOR_NEXT)AnonymousUserMixin)session_protected) user_accessed)user_loaded_from_cookie)user_loaded_from_request)user_needs_refresh)user_unauthorized)_create_identifier)_user_context_processor) decode_cookie) encode_cookie)expand_login_view) login_url)make_next_paramc@seZdZdZd1ddZd2ddZd2dd Zd d Zd d Ze ddZ ddZ e ddZ ddZ ddZddZddZd3ddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zd*d+Zd,d-Ze d.d/Zejd0d/ZdS)4 LoginManagerzThis object is used to hold the settings used for logging in. Instances of :class:`LoginManager` are *not* bound to specific apps, so you can create one in the main body of your code and then bind it to your app in a factory function. NTcCst|_d|_i|_t|_t|_d|_t |_ t |_ d|_ d|_d|_d|_t|_d|_d|_d|_t|_|dur?|||dSdS)Nbasic)ranonymous_user login_viewblueprint_login_viewsr login_messagerlogin_message_category refresh_viewrneeds_refresh_messagerneeds_refresh_message_categorysession_protectionlocalize_callbackunauthorized_callbackneeds_refresh_callbackr id_attribute_user_callback_header_callback_request_callbackr!_session_identifier_generatorinit_appselfappadd_context_processorr@Y/var/www/html/arapca_proje/venv/lib/python3.10/site-packages/flask_login/login_manager.py__init__1s(zLoginManager.__init__cCs(ddl}|jdtdd|||dS)zl This method has been deprecated. Please use :meth:`LoginManager.init_app` instead. rNzY'setup_app' is deprecated and will be removed in Flask-Login 0.7. Use 'init_app' instead. stacklevel)warningswarnDeprecationWarningr;)r=r>r?rFr@r@rA setup_appmszLoginManager.setup_appcCs(||_||j|r|tdSdS)a Configures an application. This registers an `after_request` call, and attaches this `LoginManager` to it as `app.login_manager`. :param app: The :class:`flask.Flask` object to configure. :type app: :class:`flask.Flask` :param add_context_processor: Whether to add a context processor to the app that adds a `current_user` variable to the template. Defaults to ``True``. :type add_context_processor: bool N) login_manager after_request_update_remember_cookiecontext_processorr"r<r@r@rAr;|s  zLoginManager.init_appcCstt|jr|Stj|jvr|jtj}n|j}|s$t d|j r@|j dur8t | |j |j dnt |j |j dtj}|dtrct|}|td<t|tjtd<t|}t|St|tjd}t|S)a This is called when the user is required to log in. If you register a callback with :meth:`LoginManager.unauthorized_handler`, then it will be called. Otherwise, it will take the following actions: - Flash :attr:`LoginManager.login_message` to the user. - If the app is using blueprints find the login view for the current blueprint using `blueprint_login_views`. If the app is not using blueprints or the login view for the current blueprint is not specified use the value of `login_view`. - Redirect the user to the login view. (The page they were attempting to access will be passed in the ``next`` query string variable, so you can redirect there if present instead of the homepage. Alternatively, it will be added to the session as ``next`` if USE_SESSION_FOR_NEXT is set.) If :attr:`LoginManager.login_view` is not defined, then it will simply raise a HTTP 401 (Unauthorized) error instead. This should be returned from a view or before/after_request function, otherwise the redirect will have no effect. Ncategoryr_idnextnext_url)r sendr_get_current_objectr4r blueprintr,r+rr-r3rr.configgetrr%r:r r'urlmake_login_urlr )r=r+rXr& redirect_urlr@r@rA unauthorizeds0     zLoginManager.unauthorizedcC ||_|jS)a> This sets the callback for reloading a user from the session. The function you set should take a user ID (a ``str``) and return a user object, or ``None`` if the user does not exist. :param callback: The callback for retrieving a user object. :type callback: callable )r7 user_callbackr=callbackr@r@rA user_loader zLoginManager.user_loadercC|jS)z;Gets the user_loader callback set by user_loader decorator.)r7r=r@r@rAr_zLoginManager.user_callbackcCr^)a= This sets the callback for loading a user from a Flask request. The function you set should take Flask request object and return a user object, or `None` if the user does not exist. :param callback: The callback for retrieving a user object. :type callback: callable )r9request_callbackr`r@r@rArequest_loaderrczLoginManager.request_loadercCrd)zAGets the request_loader callback set by request_loader decorator.)r9rer@r@rArgrfzLoginManager.request_callbackcC ||_|S)ab This will set the callback for the `unauthorized` method, which among other things is used by `login_required`. It takes no arguments, and should return a response to be sent to the user instead of their normal view. :param callback: The callback for unauthorized users. :type callback: callable )r4r`r@r@rAunauthorized_handler z!LoginManager.unauthorized_handlercCri)ai This will set the callback for the `needs_refresh` method, which among other things is used by `fresh_login_required`. It takes no arguments, and should return a response to be sent to the user instead of their normal view. :param callback: The callback for unauthorized users. :type callback: callable )r5r`r@r@rAneeds_refresh_handlerrkz"LoginManager.needs_refresh_handlercCstt|jr|S|jstd|jr1|jdur)t ||j|j dnt |j|j dtj }| dt rVt|j}|td<t|tjtd<t|j}t|S|j}t|tjd}t|S)a This is called when the user is logged in, but they need to be reauthenticated because their session is stale. If you register a callback with `needs_refresh_handler`, then it will be called. Otherwise, it will take the following actions: - Flash :attr:`LoginManager.needs_refresh_message` to the user. - Redirect the user to :attr:`LoginManager.refresh_view`. (The page they were attempting to access will be passed in the ``next`` query string variable, so you can redirect there if present instead of the homepage.) If :attr:`LoginManager.refresh_view` is not defined, then it will simply raise a HTTP 401 (Unauthorized) error instead. This should be returned from a view or before/after_request function, otherwise the redirect will have no effect. rNNrOrrQrRrS)rrUrrVr5r/rr0r3rr1rXrYrr%r:r r'r rZr[r )r=rXr&r\r@r@rA needs_refreshs2      zLoginManager.needs_refreshcCs"ddl}|jdtdd||_|S)a This function has been deprecated. Please use :meth:`LoginManager.request_loader` instead. This sets the callback for loading a user from a header value. The function you set should take an authentication token and return a user object, or `None` if the user does not exist. :param callback: The callback for retrieving a user object. :type callback: callable rNzc'header_loader' is deprecated and will be removed in Flask-Login 0.7. Use 'request_loader' instead.rCrD)rFrGrHr8)r=rarFr@r@rA header_loader8s zLoginManager.header_loadercCs|dur|}|t_dS)z!Store the given user as ctx.user.N)r*r _login_user)r=userr@r@rA!_update_request_context_with_userOs z.LoginManager._update_request_context_with_userc Cs|jdur|jdurtdtt|r|Sd}t d}|dur2|jdur2||}|durvtj }| dt }| dt }|tjvoPt ddk}|r^tj|}||}n|jrg|t}n|tjvrvtj|}||}||S)z;Loads user from session or remember_me cookie as applicableNznMissing user_loader or request_loader. Refer to http://flask-login.readthedocs.io/#how-it-works for more info._user_idREMEMBER_COOKIE_NAMEr _rememberclear)r7r9 ExceptionrrUrrV_session_protection_failedrqr rYrXrr r cookies_load_user_from_remember_cookie_load_user_from_requestheaders_load_user_from_header) r=rpuser_idrX cookie_name header_name has_cookiecookieheaderr@r@rA _load_userWs4           zLoginManager._load_usercCst}|}t}|jd|j}|r|dvrdS|rY||ddkrY|dks-|jr?|ddur8d|d<t |dS|dkrYt D]}| |dqEd|d <t |d SdS) NSESSION_PROTECTION)r)strongFrQr)_freshrrurtT) r rVr:rrXrYr2 permanentrrUrpop)r=sessidentr>modekr@r@rArws&   z'LoginManager._session_protection_failedcCsZt|}|dur+|td<dtd<d}|jr||}|dur+t}tj||d|SdS)NrrFrrp)r#r r7rrVrrU)r=rr}rpr>r@r@rArys z,LoginManager._load_user_from_remember_cookiecCsB|jr||}|durt}ddlm}|j||d|SdS)Nr )_user_loaded_from_headerr)r8rrVsignalsrrU)r=rrpr>rr@r@rAr|s  z#LoginManager._load_user_from_headercCs6|jr||}|durt}tj||d|SdS)Nr)r9rrVrrU)r=r rpr>r@r@rArzs z$LoginManager._load_user_from_requestcCsddtvrtjdrdtd<dtvr0tdd}|dkr'dtvr'|||S|dkr0|||S)Nrt$REMEMBER_COOKIE_REFRESH_EACH_REQUESTsetrrru)r rrXrYr _set_cookie _clear_cookie)r=response operationr@r@rArLs   z$LoginManager._update_remember_cookiec Cstj}|dt}|d}|dd}|dt}|dt}|dt}dtvr2ttdd } n|d t } t t td } t | t rJt| d } zt| } Wntyf} ztd | | d} ~ ww|j|| | |||||d dS)NrsREMEMBER_COOKIE_DOMAINREMEMBER_COOKIE_PATH/REMEMBER_COOKIE_SECUREREMEMBER_COOKIE_HTTPONLYREMEMBER_COOKIE_SAMESITE_remember_seconds)secondsREMEMBER_COOKIE_DURATIONrrzDREMEMBER_COOKIE_DURATION must be a datetime.timedelta, instead got: )valueexpiresdomainpathsecurehttponlysamesite)rrXrYrrrrr rrr$str isinstanceintrutcnow TypeErrorrv set_cookie) r=rrXr~rrrrrdurationdatarer@r@rArsF          zLoginManager._set_cookiecCs<tj}|dt}|d}|dd}|j|||ddS)Nrsrrr)rr)rrXrYr delete_cookie)r=rrXr~rrr@r@rArs    zLoginManager._clear_cookiecCs0ddl}|jdtddtrtjddSdS)z:Legacy property, use app.config['LOGIN_DISABLED'] instead.rNu'_login_disabled' is deprecated and will be removed in Flask-Login 0.7. Use 'LOGIN_DISABLED' in 'app.config' instead.rCrDLOGIN_DISABLEDF)rFrGrHrrrXrY)r=rFr@r@rA_login_disabledszLoginManager._login_disabledcCs&ddl}|jdtdd|tjd<dS)zALegacy property setter, use app.config['LOGIN_DISABLED'] instead.rNrrCrDr)rFrGrHrrX)r=newvaluerFr@r@rArs)NT)T)N)__name__ __module__ __qualname____doc__rBrIr;r]rbpropertyr_rhrgrjrlrmrnrqrrwryr|rzrLrrrsetterr@r@r@rAr(*s:  < :    4 *  * r(N),rrflaskrrrrrr r r rXr rrrrrrrrrrrrmixinsrrrrrrrr utilsr!r"r#r$r%r&r[r'r(r@r@r@rAsL