o Lf@sddlmZmZddlmZddlmZddlmZddl m Z ddl m Z ddl mZddlmZdd lmZdd lmZd d lmZd dZddZddZddZddZdddZddZdS)) parse_qslurlparse)cache)ImproperlyConfigured)Http404)reverse urlencode)OneLogin_Saml2_Constants) OneLogin_Saml2_IdPMetadataParser) get_adapter) SocialApp) SAMLProvidercCs:t}z |j|tj|dWStjytd|w)N)provider client_idz"no SocialApp found with client_id=)r get_appridr DoesNotExistr)requestorganization_slugadapterrk/var/www/html/humari/django-venv/lib/python3.10/site-packages/allauth/socialaccount/providers/saml/utils.pyget_app_or_404srcCs8|rdnd|jd|jd|j|jd}|S)Nonoff HTTP_HOST PATH_INFO)https http_host script_nameget_data post_data) is_secureMETAGETcopyPOST)rresultrrrprepare_django_requestsr*cCs|td|gd}|td|gd}|td|gd}||tjd|tjdd}|di}|ddur?|d|d<|d rJ|d |d <|d durW|d |d <|d durd|d |d<|S)Nsaml_acs)argssaml_sls saml_metadata)urlbinding)entityIdassertionConsumerServicesingleLogoutServiceadvancedx509cert x509cert_new x509certNew private_key privateKeyname_id_format NameIDFormat)build_absolute_urirr BINDING_HTTP_POSTBINDING_HTTP_REDIRECTget)rprovider_configorgacs_urlsls_url metadata_url sp_configavdrrrbuild_sp_config(s*      rGcCsd|d}|d}d|d|}t|}|dur0tj|||ddd}t|||dd |S) NrD entity_idzsaml.metadata..metadata_request_timeout )rHtimeoutmetadata_cache_timeouti@8)rr?r parse_remoteset) idp_configrDrH cache_key saml_configrrrfetch_metadata_url_configGs    rSc Cs|di}id|ddd|dtjd|ddd |d dd dd |d tjd|ddd|ddd|ddd|ddd|ddd|ddd|ddd|ddd|d dd!|d"dd#|d$d}|d%d|d&}|d'}|r||d(<|d)}|r||d)<|d*}|durtd+|d,} | rt|} | d*|d*<n|d-|d.d/|d0id1|d*<|d2} | rd/| i|d*d3<t||||d4<|S)5Nr4authnRequestsSignedauthn_request_signedFdigestAlgorithmdigest_algorithmlogoutRequestSignedlogout_request_signedlogoutResponseSignedlogout_response_signedrequestedAuthnContextsignatureAlgorithmsignature_algorithm signMetadatametadata_signedwantAssertionsEncryptedwant_assertion_encryptedwantAssertionsSignedwant_assertion_signedwantMessagesSignedwant_message_signednameIdEncryptedname_id_encryptedwantNameIdEncryptedwant_name_id_encryptedallowSingleLabelDomainsallow_single_label_domainsrejectDeprecatedAlgorithmreject_deprecated_algorithmT wantNameId want_name_idwantAttributeStatementwant_attribute_statementallowRepeatAttributeNameallow_repeat_attribute_namestrict)rusecuritycontact_person contactPerson organizationidpz `idp` missingrDrHr5r/sso_url)r1r5singleSignOnServiceslo_urlr3sp)r?r SHA256 RSA_SHA256rrSrG) rr@rArFsecurity_configrRrwryrzrD meta_configr}rrrbuild_saml_configZs~                      rNcCs$i}|r||d<|r||d<t|S)Nprocessnextr)rnext_urlparamsrrrencode_relay_states rcCsJi}|r#t|}|js|js|jr|jdr||d<|Stt|}|S)zAccording to the spec, RelayState need not be a URL, yet, ``onelogin.saml2` exposes it as ``return_to -- The target URL the user should be redirected to after login``. Also, for an IdP initiated login sometimes a URL is used. /r)rschemenetlocpath startswithdictr) relay_stateretpartsrrrdecode_relay_states r)NN) urllib.parserrdjango.core.cacherdjango.core.exceptionsr django.httpr django.urlsrdjango.utils.httpr onelogin.saml2.constantsr "onelogin.saml2.idp_metadata_parserr allauth.socialaccount.adapterr allauth.socialaccount.modelsr rrrr*rGrSrrrrrrrs$             9