o 3a@sddlZddlZddlmZddlmZddlmZm Z ddl m Z ddl m Z ddlmZddlmZd d lmZmZmZd Zd Zd ZdZddZd)ddZddZedddZddZedd*ddZd*ddZ dd Z!d!d"Z"d#d$Z#d%d&Z$d'd(Z%dS)+N)apps)settings)ImproperlyConfiguredPermissionDenied) rotate_token)constant_time_compare import_string)sensitive_variables)user_logged_inuser_logged_outuser_login_failed _auth_user_id_auth_user_backend_auth_user_hashnextcCs t|SNr)pathr>/usr/lib/python3/dist-packages/django/contrib/auth/__init__.py load_backend rFcCs>g}tjD]}t|}||r||fn|q|std|S)Nz\No authentication backends have been defined. Does AUTHENTICATION_BACKENDS contain anything?)rAUTHENTICATION_BACKENDSrappendr) return_tuplesbackends backend_pathbackendrrr _get_backendss rcCs tddS)NFr)rrrrr get_backends%rr! credentialscCs2tdtj}d}|D] }||r|||<q |S)z Clean a dictionary of credentials of potentially sensitive info before sending to less secure functions. Not comprehensive - intended for user_login_failed signal z'api|token|key|secret|password|signaturez********************)recompileIsearch)r"SENSITIVE_CREDENTIALSCLEANSED_SUBSTITUTEkeyrrr_clean_credentials)s r*cCstjj|jtSr)get_user_model_metapk to_pythonsession SESSION_KEY)requestrrr_get_user_session_key9sr2c KstddD]@\}}t|j}z |j|fi|Wn ty#Yqwz |j|fi|}Wn ty9Yn w|dur?q||_|Stj t t ||ddS)zC If the given credentials are valid, return a User object. Tr N)senderr"r1) rinspect signature authenticatebind TypeErrorrrrsend__name__r*)r1r"rrbackend_signatureuserrrrr6?s"   r6cCs$d}|dur |j}t|dr|}t|jvr0t||jks*|r/t|jt d|s/|j n|j z|p:|j }Wnt y[tdd}t|dkrU|d\}}ntdYn wt|tsgtd ||jj||jt<||jt<||jt <t|d r||_t|tj|j||d dS) z Persist a user id and a backend in the request. This way a user doesn't have to reauthenticate on every request. Note that data set during the anonymous session is retained when the user logs in. Nget_session_auth_hashTr r rzYou have multiple authentication backends configured and therefore must provide the `backend` argument or set the `backend` attribute on the user.z5backend must be a dotted import path string (got %r).r<r3r1r<)r<hasattrr>r0r/r2r-rgetHASH_SESSION_KEYflush cycle_keyrAttributeErrorrlen ValueError isinstancestrr8r,value_to_stringBACKEND_SESSION_KEYrr r9 __class__)r1r<rsession_auth_hashr_rrrloginZsD           rOcCs^t|dd}t|ddsd}tj|j||d|jt|dr-ddlm}||_ dSdS)z_ Remove the authenticated user's ID from the request and flush their session data. r<Nis_authenticatedTr?r AnonymousUser) getattrr r9rLr/rCr@django.contrib.auth.modelsrRr<)r1r<rRrrrlogouts      rUcCsDz tjtjddWStytdty!tdtjw)z? Return the User model that is active in this project. F) require_readyz:AUTH_USER_MODEL must be of the form 'app_label.model_name'z@AUTH_USER_MODEL refers to model '%s' that has not been installed) django_apps get_modelrAUTH_USER_MODELrGr LookupErrorrrrrr+s  r+cCsddlm}d}z t|}|jt}Wn tyYn:w|tjvrVt|}| |}t |drV|j t }|o>t ||}|sV|rOt |drOt ||sV|jd}|pZ|S)z Return the user model instance associated with the given request session. If no user is retrieved, return an instance of `AnonymousUser`. r rQNr>_legacy_get_session_auth_hash)modelsrRr2r/rKKeyErrorrrrget_userr@rArBrr>r[rC)r1rRr<user_idrr session_hashsession_hash_verifiedrrrr^s6         r^cCsd||jfS)zI Return the codename of the permission for the specified action. z%s_%s) model_name)actionoptsrrrget_permission_codenamesrecCs8|jt|dr|j|kr||jt<dSdSdS)aG Updating a user's password logs out all sessions for the user. Take the current request and the updated user object from which the new session hash will be derived and update the session hash appropriately to prevent a password change from logging out the session from which the password was changed. r>N)r/rDr@r<r>rB)r1r<rrrupdate_session_auth_hashs rf)Fr)&r4r# django.appsrrW django.confrdjango.core.exceptionsrrdjango.middleware.csrfrdjango.utils.cryptordjango.utils.module_loadingr django.views.decorators.debugr signalsr r rr0rKrBREDIRECT_FIELD_NAMErrr!r*r2r6rOrUr+r^rerfrrrrs8           0#