o eG@sdZddlZddlmZmZddlmZmZmZmZm Z m Z m Z m Z ddl mZddlmZmZmZmZmZmZmZmZmZmZmZmZddlmZdd lmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%dd l&m'Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.Gd d d e/Z0dS) zY flask_login.login_manager ------------------------- The LoginManager class. N)datetime timedelta)_request_ctx_stackabort current_appflashredirecthas_app_contextrequestsession) text_type) COOKIE_NAMECOOKIE_DURATION COOKIE_SECURECOOKIE_HTTPONLY LOGIN_MESSAGELOGIN_MESSAGE_CATEGORYREFRESH_MESSAGEREFRESH_MESSAGE_CATEGORY ID_ATTRIBUTEAUTH_HEADER_NAME SESSION_KEYSUSE_SESSION_FOR_NEXT)AnonymousUserMixin)user_loaded_from_cookieuser_loaded_from_headeruser_loaded_from_requestuser_unauthorizeduser_needs_refresh user_accessedsession_protected) login_url_create_identifier_user_context_processor encode_cookie decode_cookiemake_next_paramexpand_login_viewc@seZdZdZd-ddZd.ddZd.dd Zd d Zd d ZddZ ddZ ddZ ddZ ddZ d/ddZddZddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zed*d+Zejd,d+ZdS)0 LoginManagerzThis object is used to hold the settings used for logging in. Instances of :class:`LoginManager` are *not* bound to specific apps, so you can create one in the main body of your code and then bind it to your app in a factory function. NTcCst|_d|_i|_t|_t|_d|_t |_ t |_ d|_ d|_d|_d|_t|_d|_d|_d|_t|_|dur?|||dSdS)Nbasic)ranonymous_user login_viewblueprint_login_viewsr login_messagerlogin_message_category refresh_viewrneeds_refresh_messagerneeds_refresh_message_categorysession_protectionlocalize_callbackunauthorized_callbackneeds_refresh_callbackr id_attribute_user_callback_header_callback_request_callbackr#_session_identifier_generatorinit_appselfappadd_context_processorrAF/qpanel/venv/lib/python3.10/site-packages/flask_login/login_manager.py__init__#s(zLoginManager.__init__cCstdt|||dS)zl This method has been deprecated. Please use :meth:`LoginManager.init_app` instead. z5Warning setup_app is deprecated. Please use init_app.N)warningswarnDeprecationWarningr<r=rArArB setup_app_szLoginManager.setup_appcCs(||_||j|r|tdSdS)a Configures an application. This registers an `after_request` call, and attaches this `LoginManager` to it as `app.login_manager`. :param app: The :class:`flask.Flask` object to configure. :type app: :class:`flask.Flask` :param add_context_processor: Whether to add a context processor to the app that adds a `current_user` variable to the template. Defaults to ``True``. :type add_context_processor: bool N) login_manager after_request_update_remember_cookiecontext_processorr$r=rArArBr<hs  zLoginManager.init_appcCstt|jr|Stj|jvr|jtj}n|j}|s$t d|j r@|j dur8t | |j |j dnt |j |j dtj}|dtrct|}|td<t|tjtd<t|}t|St|tjd}t|S)a This is called when the user is required to log in. If you register a callback with :meth:`LoginManager.unauthorized_handler`, then it will be called. Otherwise, it will take the following actions: - Flash :attr:`LoginManager.login_message` to the user. - If the app is using blueprints find the login view for the current blueprint using `blueprint_login_views`. If the app is not using blueprints or the login view for the current blueprint is not specified use the value of `login_view`. - Redirect the user to the login view. (The page they were attempting to access will be passed in the ``next`` query string variable, so you can redirect there if present instead of the homepage. Alternatively, it will be added to the session as ``next`` if USE_SESSION_FOR_NEXT is set.) If :attr:`LoginManager.login_view` is not defined, then it will simply raise a HTTP 401 (Unauthorized) error instead. This should be returned from a view or before/after_request function, otherwise the redirect will have no effect. Ncategoryr_idnextnext_url)rsendr_get_current_objectr5r blueprintr-r,rr.r4rr/configgetrr(r;r r'urlmake_login_urlr)r>r,rVr" redirect_urlrArArB unauthorizedzs.     zLoginManager.unauthorizedcC ||_|S)aB This sets the callback for reloading a user from the session. The function you set should take a user ID (a ``unicode``) and return a user object, or ``None`` if the user does not exist. :param callback: The callback for retrieving a user object. :type callback: callable )r8r>callbackrArArB user_loader zLoginManager.user_loadercCstd||_|S)a This function has been deprecated. Please use :meth:`LoginManager.request_loader` instead. This sets the callback for loading a user from a header value. The function you set should take an authentication token and return a user object, or `None` if the user does not exist. :param callback: The callback for retrieving a user object. :type callback: callable zRLoginManager.header_loader is deprecated. Use LoginManager.request_loader instead.)printr9r]rArArB header_loaders zLoginManager.header_loadercCr\)a= This sets the callback for loading a user from a Flask request. The function you set should take Flask request object and return a user object, or `None` if the user does not exist. :param callback: The callback for retrieving a user object. :type callback: callable )r:r]rArArBrequest_loaderr`zLoginManager.request_loadercCr\)ab This will set the callback for the `unauthorized` method, which among other things is used by `login_required`. It takes no arguments, and should return a response to be sent to the user instead of their normal view. :param callback: The callback for unauthorized users. :type callback: callable )r5r]rArArBunauthorized_handler z!LoginManager.unauthorized_handlercCr\)ai This will set the callback for the `needs_refresh` method, which among other things is used by `fresh_login_required`. It takes no arguments, and should return a response to be sent to the user instead of their normal view. :param callback: The callback for unauthorized users. :type callback: callable )r6r]rArArBneeds_refresh_handlerrez"LoginManager.needs_refresh_handlercCstt|jr|S|jstd|jdur&t||j |j dnt|j |j dtj }| dt rSt|j}|td<t|tjtd<t|j}t|S|j}t|tjd}t|S)a This is called when the user is logged in, but they need to be reauthenticated because their session is stale. If you register a callback with `needs_refresh_handler`, then it will be called. Otherwise, it will take the following actions: - Flash :attr:`LoginManager.needs_refresh_message` to the user. - Redirect the user to :attr:`LoginManager.refresh_view`. (The page they were attempting to access will be passed in the ``next`` query string variable, so you can redirect there if present instead of the homepage.) If :attr:`LoginManager.refresh_view` is not defined, then it will simply raise a HTTP 401 (Unauthorized) error instead. This should be returned from a view or before/after_request function, otherwise the redirect will have no effect. rLNrMrrOrPrQ)rrSrrTr6r0rr4rr1r2rVrWrr(r;r r'r rXrYr)r>rVr"rZrArArB needs_refreshs,      zLoginManager.needs_refreshcCs&tj}|dur||_dS||_dS)z!Store the given user as ctx.user.N)rtopr+user)r>rictxrArArB!_update_request_context_with_user$s z.LoginManager._update_request_context_with_userc Cs|jdur|jdurtdtt|r|Sd}t d}|dur2|jdur2||}|durvtj }| dt }| dt }|tjvoPt ddk}|r^tj|}||}n|jrg|t}n|tjvrvtj|}||}||S)z;Loads user from session or remember_me cookie as applicableNznMissing user_loader or request_loader. Refer to http://flask-login.readthedocs.io/#how-it-works for more info._user_idREMEMBER_COOKIE_NAMEr _rememberclear)r8r: Exceptionr rSrrT_session_protection_failedrkr rWrVrrr cookies_load_user_from_remember_cookie_load_user_from_requestheaders_load_user_from_header) r>riuser_idrV cookie_name header_name has_cookiecookieheaderrArArB _load_user*s6             zLoginManager._load_usercCst}|}t}|jd|j}|r|dvrdS|rR||ddkrR|dks-|jr8d|d<t |dS|dkrRt D]}| |dq>d|d <t |d SdS) NSESSION_PROTECTION)r*strongFrOr*_freshrrornT) r rTr;rrVrWr3 permanentr!rSrpop)r>sessidentr?modekrArArBrqRs$   z'LoginManager._session_protection_failedcCsZt|}|dur+|td<dtd<d}|jr||}|dur+t}tj||d|SdS)NrlFrri)r&r r8rrTrrS)r>r{rwrir?rArArBrsms z,LoginManager._load_user_from_remember_cookiecC6|jr||}|durt}tj||d|SdSNr)r9rrTrrS)r>r|rir?rArArBrv{ z#LoginManager._load_user_from_headercCrr)r:rrTrrS)r>r rir?rArArBrtrz$LoginManager._load_user_from_requestcCsddtvrtjdrdtd<dtvr0tdd}|dkr'dtvr'|||S|dkr0|||S)Nrn$REMEMBER_COOKIE_REFRESH_EACH_REQUESTsetrlro)r rrVrWr _set_cookie _clear_cookie)r>response operationrArArBrJs    z$LoginManager._update_remember_cookiec Cstj}|dt}|d}|dd}|dt}|dt}dtvr,ttdd}n|d t}t t td } t |t rDt|d}zt |} Wnty\td d |w|j|| | ||||d dS)NrmREMEMBER_COOKIE_DOMAINREMEMBER_COOKIE_PATH/REMEMBER_COOKIE_SECUREREMEMBER_COOKIE_HTTPONLY_remember_seconds)secondsREMEMBER_COOKIE_DURATIONrlz#REMEMBER_COOKIE_DURATION must be a z$datetime.timedelta, instead got: {0})valueexpiresdomainpathsecurehttponly)rrVrWrrrr rrr%r isinstanceintrutcnow TypeErrorrpformat set_cookie) r>rrVrxrrrrdurationdatarrArArBrs:          zLoginManager._set_cookiecCs<tj}|dt}|d}|dd}|j|||ddS)Nrmrrr)rr)rrVrWr delete_cookie)r>rrVrxrrrArArBrs    zLoginManager._clear_cookiecCstr tjddSdS)z:Legacy property, use app.config['LOGIN_DISABLED'] instead.LOGIN_DISABLEDF)r rrVrW)r>rArArB_login_disabledszLoginManager._login_disabledcCs|tjd<dS)zALegacy property setter, use app.config['LOGIN_DISABLED'] instead.rN)rrV)r>newvaluerArArBrs)NT)T)N)__name__ __module__ __qualname____doc__rCrGr<r[r_rbrcrdrfrgrkr}rqrsrvrtrJrrpropertyrsetterrArArArBr)s2  < 8    /(  % r))1rrDrrflaskrrrrrr r r _compatr rVrrrrrrrrrrrrmixinsrsignalsrrrrrr r!utilsr"rYr#r$r%r&r'r(objectr)rArArArBs( 8 $$