o Lf@sRddlmZddlmZddlmZmZGdddeZGdddeZegZ dS) )reverse) urlencode)ProviderProviderAccountcseZdZfddZZS) SAMLAccountcs tSN)superto_str)self __class__n/var/www/html/humari/django-venv/lib/python3.10/site-packages/allauth/socialaccount/providers/saml/provider.pyr s zSAMLAccount.to_str)__name__ __module__ __qualname__r __classcell__r r r rrsrcsreZdZdZdZeZdgddgdgddgd gd gd Zfd d ZddZ ddZ ddZ ddZ ddZ ZS) SAMLProvidersamlSAMLz,urn:oasis:names:tc:SAML:attribute:subject-idz!urn:oid:0.9.2342.19200300.100.1.3zBhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressz'http://schemas.auth0.com/email_verifiedz?http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennamezurn:oid:2.5.4.42zurn:oid:2.5.4.4z!http://schemas.auth0.com/nickname)uidemailemail_verified first_name last_nameusernamecs.tj|i||jjp|jjp|j|_dSr)r__init__appname client_id)r argskwargsr r rr'szSAMLProvider.__init__cKs,tdd|jjid}|r|dt|}|S)N saml_loginorganization_slug)r!?)rrrr)r requestr!urlr r r get_login_url+szSAMLProvider.get_login_urlcCs|Sr)get_attributes)r datar r rextract_extra_data1szSAMLProvider.extract_extra_datacCs$||d}|dur|}|S)uhttp://docs.oasis-open.org/security/saml-subject-id-attr/v1.0/csprd01/saml-subject-id-attr-v1.0-csprd01.html Quotes: "While the Attributes defined in this profile have as a goal the explicit replacement of the element as a means of subject identification, it is certainly possible to compose them with existing NameID usage provided the same subject is being identified. This can also serve as a migration strategy for existing applications." "SAML does not define an identifier that meets all of these requirements well. It does standardize a kind of NameID termed “persistent” that meets some of them in the particular case of so-called “pairwise” identification, where an identifier varies by relying party. It has seen minimal adoption outside of a few contexts, and fails at the “compact” and “simple to handle” criteria above, on top of the disadvantages inherent with all NameID usage." Overall, our strategy is to prefer a uid resulting from explicit attribute mappings, and only if there is no such uid fallback to the NameID. rN)_extractget get_nameid)r r)rr r r extract_uid4szSAMLProvider.extract_uidcCs||}|dd|S)Nr)r+pop)r r)retr r rextract_common_fieldsQs  z"SAMLProvider.extract_common_fieldsc Cs|jj}|}i}|d|j}|D])\}}t|tr!|g}|D]}||d} | dur=t| dkr=| d||<nq#q|d} | rP| dv} | |d<|dsa| dkra| |d<|S)Nattribute_mappingrr)true1tyyesrz6urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress) rsettingsr(r,default_attribute_mappingitems isinstancestrlenlowerget_nameid_formatr-) r r)provider_configraw_attributes attributesr2key provider_keys provider_keyattribute_listrr r rr+Vs4      zSAMLProvider._extract)rrridrr account_classr9rr'r*r.r1r+rr r r rr s2 rN) django.urlsrdjango.utils.httpr$allauth.socialaccount.providers.baserrrrprovider_classesr r r rs  j