3 =^@sdZddlmZddlZddlZddlmZmZddlm Z ddl m Z ddl m ZddlmZmZd d ZGd d d e ZGd ddeZGdddeZGdddeZGdddeZGdddeZdS)z+ Provides various authentication policies. )unicode_literalsN) authenticateget_user_model)CsrfViewMiddleware) text_type) ugettext_lazy)HTTP_HEADER_ENCODING exceptionscCs&|jjdd}t|tr"|jt}|S)z Return request's 'Authorization:' header, as a bytestring. Hide some test client ickyness where the header can be unicode. ZHTTP_AUTHORIZATION)METAget isinstancerencoder)requestauthrL/tmp/pip-build-8app2_gc/djangorestframework/rest_framework/authentication.pyget_authorization_headers  rc@seZdZddZdS) CSRFCheckcCs|S)Nr)selfrreasonrrr_rejectszCSRFCheck._rejectN)__name__ __module__ __qualname__rrrrrrsrc@s eZdZdZddZddZdS)BaseAuthenticationzF All authentication classes should extend BaseAuthentication. cCs tddS)zS Authenticate the request and return a two-tuple of (user, token). z#.authenticate() must be overridden.N)NotImplementedError)rrrrrr)szBaseAuthentication.authenticatecCsdS)z Return a string to be used as the value of the `WWW-Authenticate` header in a `401 Unauthenticated` response, or `None` if the authentication scheme should return `403 Permission Denied` responses. Nr)rrrrrauthenticate_header/sz&BaseAuthentication.authenticate_headerN)rrr__doc__rrrrrrr$src@s.eZdZdZdZddZd ddZdd ZdS) BasicAuthenticationz> HTTP Basic authentication against username/password. apic Cst|j}| s"|djdkr&dSt|dkrFtd}tj|nt|dkrdtd}tj|ytj|dj t j d}Wn.t t tjfk rtd }tj|YnX|d|d}}|j|||S) z Returns a `User` if a correct username and password have been supplied using HTTP Basic authentication. Otherwise returns `None`. rsbasicNz.Invalid basic header. No credentials provided.zCInvalid basic header. Credentials string should not contain spaces.:z?Invalid basic header. Credentials not correctly base64 encoded.)rsplitlowerlen_r AuthenticationFailedbase64 b64decodedecoder partition TypeErrorUnicodeDecodeErrorbinasciiErrorauthenticate_credentials)rrrmsgZ auth_partsuseridpasswordrrrr>s      z BasicAuthentication.authenticateNcCsTtj|d|i}tfd|i|}|dkr8tjtd|jsLtjtd|dfS)z Authenticate the userid and password against username and password with optional request for context. r4rNzInvalid username/password.zUser inactive or deleted.)rZUSERNAME_FIELDrr r(r' is_active)rr3r4r credentialsuserrrrr1Xsz,BasicAuthentication.authenticate_credentialscCs d|jS)NzBasic realm="%s")www_authenticate_realm)rrrrrrksz'BasicAuthentication.authenticate_header)N)rrrrr8rr1rrrrrr8s  rc@s eZdZdZddZddZdS)SessionAuthenticationz< Use Django's session framework for authentication. cCs2t|jdd}| s|j r dS|j||dfS)z{ Returns a `User` if the request session currently has a logged in user. Otherwise returns `None`. r7N)getattr_requestr5 enforce_csrf)rrr7rrrrts  z"SessionAuthentication.authenticatecCs6t}|j||j|dfi}|r2tjd|dS)zK Enforce CSRF validation for session based authentication. NzCSRF Failed: %s)rprocess_requestZ process_viewr ZPermissionDenied)rrcheckrrrrr<s  z"SessionAuthentication.enforce_csrfN)rrrrrr<rrrrr9osr9c@s8eZdZdZdZdZddZddZdd Zd d Z dS) TokenAuthenticationa Simple token based authentication. Clients should authenticate by passing the token key in the "Authorization" HTTP header, prepended with the string "Token ". For example: Authorization: Token 401f7ac837da42b97f613d789819ff93537bee6a TokenNcCs |jdk r|jSddlm}|S)Nr)r@)modelZrest_framework.authtoken.modelsr@)rr@rrr get_models  zTokenAuthentication.get_modelc Cst|j}| s,|dj|jjjkr0dSt|dkrPtd}tj|nt|dkrntd}tj|y|dj }Wn&t k rtd}tj|YnX|j |S)Nrr!z.Invalid token header. No credentials provided.r"z=Invalid token header. Token string should not contain spaces.zIInvalid token header. Token string should not contain invalid characters.) rr$r%keywordrr&r'r r(r+ UnicodeErrorr1)rrrr2tokenrrrrs      z TokenAuthentication.authenticatec Csf|j}y|jjdj|d}Wn$|jk rDtjtdYnX|jj s\tjtd|j|fS)Nr7)keyzInvalid token.zUser inactive or deleted.) rBobjectsZselect_relatedr Z DoesNotExistr r(r'r7r5)rrFrArErrrr1sz,TokenAuthentication.authenticate_credentialscCs|jS)N)rC)rrrrrrsz'TokenAuthentication.authenticate_header) rrrrrCrArBrr1rrrrrr?s  r?c@seZdZdZdZddZdS)RemoteUserAuthenticationa REMOTE_USER authentication. To use this, set up your web server to perform authentication, which will set the REMOTE_USER environment variable. You will need to have 'django.contrib.auth.backends.RemoteUserBackend in your AUTHENTICATION_BACKENDS setting Z REMOTE_USERcCs*t|jj|jd}|r&|jr&|dfSdS)N)Z remote_user)rr r headerr5)rrr7rrrrs z%RemoteUserAuthentication.authenticateN)rrrrrIrrrrrrHsrH)r __future__rr)r/Zdjango.contrib.authrrZdjango.middleware.csrfrZdjango.utils.sixrZdjango.utils.translationrr'Zrest_frameworkrr rrobjectrrr9r?rHrrrrs     7$?