o gfV' @sdZddlmZddlmZddlmZzddlZWne y9zddlZWne y6ddl mZYnwYnwddl m Z m Z ddlmZmZmZmZmZddlmZd Zd Zd Zd Zd ZdZdgZddgZdZdZdZ GdddeZ!Gddde!Z"GdddeZ#GdddeZ$GdddeZ%Gdd d e%Z&e d!rd!pd"Z'Gd#d$d$eZ(d%d&Z)d'd(Z*d)d*Z+e$e&e(d+Z,dS),a Google OpenID and OAuth support OAuth works straightforward using anonymous configurations, username is generated by requesting email to the not documented, googleapis.com service. Registered applications can define settings GOOGLE_CONSUMER_KEY and GOOGLE_CONSUMER_SECRET and they will be used in the auth process. Setting GOOGLE_OAUTH_EXTRA_SCOPE can be used to access different user related data, like calendar, contacts, docs, etc. OAuth2 works similar to OAuth but application must be defined on Google APIs console https://code.google.com/apis/console/ Identity option. OpenID also works straightforward, it doesn't need further configurations. ) urlencode)RequestN) simplejson)setting dsa_urlopen) OpenIdAuthConsumerBasedOAuth BaseOAuth2 OAuthBackend OpenIDBackend) AuthFailedzwww.google.comz3https://www.google.com/accounts/OAuthAuthorizeTokenz4https://www.google.com/accounts/OAuthGetRequestTokenz3https://www.google.com/accounts/OAuthGetAccessTokenzaccounts.google.com)https://accounts.google.com/o/oauth2/authz.https://www.googleapis.com/auth/userinfo#emailz.https://www.googleapis.com/auth/userinfo.emailz0https://www.googleapis.com/auth/userinfo.profilez)https://www.googleapis.com/userinfo/emailz-https://www.googleapis.com/oauth2/v1/userinfoz%https://www.google.com/accounts/o8/idc@s$eZdZdZdZddZddZdS)GoogleOAuthBackendz#Google OAuth authentication backend google-oauthcCt||d|dS)zUse google email as unique idemailvalidate_whitelistsselfdetailsresponser\/var/www/html/humari/django-venv/lib/python3.10/site-packages/social_auth/backends/google.py get_user_id<szGoogleOAuthBackend.get_user_idcCs(|dd}|ddd|ddddS)z&Return user details from Orkut accountr@rusernamerfullname first_name last_namegetsplitrrrrrrget_user_detailsAs z#GoogleOAuthBackend.get_user_detailsN)__name__ __module__ __qualname____doc__namerr'rrrrr8s  rcs4eZdZdZdZgdZfddZddZZS)GoogleOAuth2Backendz$Google OAuth2 authentication backend google-oauth2)) refresh_tokenr/T) expires_inexpires) token_typer2Tcs(tt|||}tddr|dS|S)z#Use google email or id as unique id GOOGLE_OAUTH2_USE_UNIQUE_USER_IDFid)superr-rr)rrruser_id __class__rrrTs  zGoogleOAuth2Backend.get_user_idcCs@|dd}|ddd||dd|dd|ddd S) Nrrrrrr, given_name family_namerr#r&rrrr'\s    z$GoogleOAuth2Backend.get_user_details) r(r)r*r+r, EXTRA_DATArr' __classcell__rrr7rr-Ks  r-c@seZdZdZdZddZdS) GoogleBackendz$Google OpenID authentication backendgooglecCr)z Return user unique id provided by service. For google user email is unique enought to flag a single user. Email comes from schema: http://axschema.org/contact/email rrrrrrriszGoogleBackend.get_user_idN)r(r)r*r+r,rrrrrr=e r=c@seZdZdZeZddZdS) GoogleAuthzGoogle OpenID authenticationcCstS)z Return Google OpenID service url)GOOGLE_OPENID_URLrrrr openid_urlyszGoogleAuth.openid_urlN)r(r)r*r+r= AUTH_BACKENDrCrrrrr@ur?r@c@s$eZdZdZeZeZeZddZdS)BaseGoogleOAuthz%Base class for Google OAuth mechanismcOstd)zLoads user data from G servicezImplement in subclass)NotImplementedErrorr access_tokenargskwargsrrr user_datazBaseGoogleOAuth.user_dataN)r(r)r*r+AUTHORIZATION_URLREQUEST_TOKEN_URLACCESS_TOKEN_URLrKrrrrrE~s  rEcsbeZdZdZeZdZdZddZddZ dfd d Z e fd d Z e d dZ ddZZS) GoogleOAuthz$Google OAuth authorization mechanismGOOGLE_CONSUMER_KEYGOOGLE_CONSUMER_SECRETcOs0||tddi}|dd\}}t||S) Return user data from Google APIaltjson?r) oauth_requestGOOGLEAPIS_EMAILto_urlr%googleapis_email)rrHrIrJrequesturlparamsrrrrKs  zGoogleOAuth.user_datacCstj|j||jdS)z*Generate OAuth request to authorize token.)tokenhttp_url) OAuthRequestfrom_consumer_and_tokenconsumerrM)rr^rrroauth_authorization_requestsz'GoogleOAuth.oauth_authorization_requestNcsX|pi}ttdg}|dd|i|s"tdd}||d<tt||||S)NGOOGLE_OAUTH_EXTRA_SCOPEscope GOOGLE_DISPLAY_NAMEz Social Authxoauth_displayname)GOOGLE_OAUTH_SCOPErupdatejoin registeredr5rPrW)rr^r\ extra_paramsrerhr7rrrWs  zGoogleOAuth.oauth_requestcs&ztt|WStyYdSw)a.Return Google OAuth Consumer Key and Consumer Secret pair, uses anonymous by default, beware that this marks the application as not registered and a security badge is displayed on authorization page. http://code.google.com/apis/accounts/docs/OAuth_ref.html#SigningOAuth  anonymousro)r5rPget_key_and_secretAttributeErrorclsr7rrrps  zGoogleOAuth.get_key_and_secretcCsdS)z:Google OAuth is always enabled because of anonymous accessTrrrrrrenabledszGoogleOAuth.enabledcCs |dkS)z>Check if Google OAuth Consumer Key and Consumer Secret are setrn)rprBrrrrls zGoogleOAuth.registered)N)r(r)r*r+rrDSETTINGS_KEY_NAMESETTINGS_SECRET_NAMErKrcrW classmethodrprtrlr<rrr7rrPs  rPGOOGLE_OAUTH2_CLIENT_IDGOOGLE_OAUTH2_CLIENT_KEYc@sXeZdZdZeZdZdZdZdZ e Z dZ dZ eZdZd d Zed d Zed dZdS) GoogleOAuth2zGoogle OAuth2 supportr z*https://accounts.google.com/o/oauth2/tokenz+https://accounts.google.com/o/oauth2/revokeGETGOOGLE_OAUTH2_CLIENT_SECRETrdFcOs tt|S)rS)googleapis_profileGOOGLEAPIS_PROFILErGrrrrKs zGoogleOAuth2.user_datacCsd|iS)Nr^rrsr^uidrrrrevoke_token_paramsrLz GoogleOAuth2.revoke_token_paramscCsddiS)Nz Content-typezapplication/jsonrrrrrrevoke_token_headersrLz!GoogleOAuth2.revoke_token_headersN)r(r)r*r+r-rDrMrOREVOKE_TOKEN_URLREVOKE_TOKEN_METHOD_OAUTH2_KEY_NAMErurvSCOPE_VAR_NAMEGOOGLE_OAUTH2_SCOPE DEFAULT_SCOPEREDIRECT_STATErKrwrrrrrrrzs" rzc CsLt|d|d|id}z tt|dWStttfy%YdSw)aLoads user data from googleapis service, only email so far as it's described in http://sites.google.com/site/oauthgoog/Home/emaildisplayscope Parameters must be passed in queryset and Authorization header as described on Google OAuth documentation at: http://groups.google.com/group/oauth/browse_thread/thread/d15add9beb418ebc and: http://code.google.com/apis/accounts/docs/OAuth2.html#CallingAnAPI rV Authorization)headersdataN)rrloadsrread ValueErrorKeyErrorIOError)r\r]r[rrrrZs  rZc CsN|dd}t|dt|}z tt|WStttfy&YdSw)z Loads user data from googleapis service, such as name, given_name, family_name, etc. as it's described in: https://developers.google.com/accounts/docs/OAuth2Login rU)rHrTrVN) rrrrrrrrr)r\rHrr[rrrr}s r}cCsVtdg}tdg}|s|sdS|t|vrdS|dddt|vr&dSt|d)z Validates allowed domains and emails against the following settings: GOOGLE_WHITE_LISTED_DOMAINS GOOGLE_WHITE_LISTED_EMAILS All domains and emails are allowed if setting is an empty list. GOOGLE_WHITE_LISTED_EMAILSGOOGLE_WHITE_LISTED_DOMAINSTrrzUser not allowed)rsetr%r )backendremailsdomainsrrrrs    r)r>rr.)-r+urllibrurllib2roauth2r`rUr ImportError django.utilssocial_auth.utilsrrsocial_auth.backendsrrr r r social_auth.exceptionsr GOOGLE_OAUTH_SERVERrMrNrOGOOGLE_OAUTH2_SERVERGOOGLE_OATUH2_AUTHORIZATION_URLrirrXr~rArr-r=r@rErPrrzrZr}rBACKENDSrrrrsb          5