[ix.UddlmZddlZddlmZmZmZddlZddl m Z m Z m Z m Z mZmZmZmZmZmZmZddlmZddlmZddlmZddlmZmZdd lmZm Z ee!Z"d e#d <e Z$dd Z%Gd dejLjNZ(Gdde(ejLjNZ)Gdde(ejLjNZ*Gdde(ejLjNZ+y)) annotationsN)AnyFinalcast) AuthCachebuild_logout_urlclear_cookie_and_chunksdecode_provider_token!generate_default_provider_sectionget_cookie_with_chunksget_origin_from_redirect_uriget_redirect_uriget_secrets_auth_sectionget_validated_redirect_uriset_cookie_with_chunks)StreamlitAuthError) get_logger) make_url_path) TornadoOAuthTornadoOAuth2App)AUTH_COOKIE_NAMETOKENS_COOKIE_NAMEr_LOGGERcft}|r t|xsd}|j}ni}d}|j|i}|s|dk(rt |}||d<|jdi}d|vrd|d<d|vrd|d<t |t }|j||j||fS) zRCreate an OAuth client for the given provider based on secrets.toml configuration./default client_kwargsscopezopenid email profilepromptselect_account)cache) rrto_dict setdefaultr r auth_cacheregister create_client)provider auth_section redirect_uriconfigprovider_sectionprovider_client_kwargsoauths z/var/www/html/userprofiledev.eatanceapp.com/venv/lib/python3.12/site-packages/streamlit/web/server/oauth_authlib_routes.pycreate_oauth_clientr/-s+-L' 5< %%' ((26 I 5<\J,y-88"M,,*@w'--+;x( z 2E NN8   x (, 66cTeZdZdZd dZd dZ d dZd dZddZddZ d dZ y )AuthHandlerMixinzNMixin for handling auth cookies. Added for compatibility with Tornado < 6.3.0.c||_yN)base_url)selfr5s r. initializezAuthHandlerMixin.initializeKs   r0cN|jt|jdy)Nr)redirectrr5r6s r.redirect_to_basez!AuthHandlerMixin.redirect_to_baseNs mDMM378r0ct|j|jt|t|j|jt|yr4)r_set_single_cookie_create_signed_valuerr)r6 user_infotokenss r.set_auth_cookiez AuthHandlerMixin.set_auth_cookieQsF   # #  % %      # #  % %    r0ct |j||dy#t$r|j||dYywxYw)zSet a single cookie.T)httpOnly)httponlyN)set_signed_cookieAttributeErrorset_secure_cookier6 cookie_namevalues r.r=z#AuthHandlerMixin._set_single_cookieasR   " " #     " " #  s 77c~ |j||S#t$rtd|j||cYSwxYw)zCreate a signed cookie value.bytes)create_signed_valuerFrcreate_secure_cookie_valuerHs r.r>z%AuthHandlerMixin._create_signed_valuessF V++K? ? V!@!@e!TU U Vs %<<c td|j|S#t$rtd|j|cYSt$rYywxYw)zGet a signed cookie.rLN)rget_signed_cookierFget_secure_cookie Exception)r6rIs r._get_signed_cookiez#AuthHandlerMixin._get_signed_cookie{sR !7!7 !DE E F!7!7 !DE E  s$AA Act|j|jtt|j|jty)z6Clear auth cookies, including any split cookie chunks.N)r rS clear_cookierrr:s r.clear_auth_cookiez"AuthHandlerMixin.clear_auth_cookies>  # #      # #     r0N)r5strreturnNonerXrY)r?dict[str, Any]r@r[rXrY)rIrWrJrWrXrY)rIrWrJrWrXrL)rIrWrXz bytes | None) __name__ __module__ __qualname____doc__r7r;rAr=r>rSrVr0r.r2r2HsAX!9 ' 1?  $V   r0r2ceZdZddZddZy)AuthLoginHandlercK|j}||jyt|\}} |j||y#t$r&}|j dt |Yd}~yd}~wwxYww)z*Redirect to the OAuth provider login page.Ni)reason)_parse_provider_tokenr;r/authorize_redirectrR send_errorrW)r6r'clientr)es r.getzAuthLoginHandler.getss--/    ! ! # 28<  0  % %dL 9 0 OOCAO / / 0s.2A:AA: A7A2-A:2A77A:cl|jdd}|y t|}|dS#t$rYywxYw)Nr') get_argumentr r)r6provider_tokenpayloads r.rez&AuthLoginHandler._parse_provider_tokensM**:t<  ! +N;Gz"""  s ' 33NrZrXz str | None)r\r]r^rjrer`r0r.rbrbs  0 #r0rbceZdZddZddZy)AuthLogoutHandlerc|j|j}|r|j|y|jyr4)rV_get_provider_logout_urlr9r;)r6provider_logout_urls r.rjzAuthLogoutHandler.gets9  ";;=  MM- .  ! ! #r0ct|jt}|sy tj|}|j d}|syt |\}}|j}|j d}|stjd|yt}|tjdyd} t|jt} | r' tj| } | j d} t||j || S#tjtf$rtjdYywxYw#t"$r } tj%d | Yd} ~ yd} ~ wwxYw) z7Get the OAuth provider's logout URL from OIDC metadata.Nr'end_session_endpointz-No end_session_endpoint found for provider %sz$Redirect url could not be determinedid_tokenz#Error, invalid tokens cookie value.)rv client_idpost_logout_redirect_urirwz%Failed to get provider logout URL: %s)r rSrjsonloadsrjr/load_server_metadatarinforrJSONDecodeError TypeError exceptionrrxrRwarning) r6 cookie_valuer?r'rh_metadatarvr)rwtokens_cookie_valuer@ris r.rsz*AuthLogoutHandler._get_provider_logout_urlsZ-d.E.EGWX -  <0I }}Z0H+H5IFA224H#+<<0F#G ' LhW 67L# CD$(H"8'');# # !ZZ(;EEE E- E((E-NrZro)r\r]r^rjrsr`r0r.rqrqs $4r0rqc$eZdZddZddZddZy)AuthCallbackHandlerc.K|j}||jy|j}|&tj d|jy|j dd}|r|j dd}|j ddj dd}|r"|j ddj ddnd}tj d|||jyt|\}}|j|} td| jd } t| |d | } d D cic] } | | vs| | | } } | r|j| | ntj d |jycc} ww)Nz:Error, misconfigured origin for `redirect_uri` in secrets.errorerror_description  z6Error during authentication: %s. Error description: %sr[userinfoT)origin is_logged_inr')rw access_tokenzError, missing user info.) _get_provider_by_stater;_get_origin_from_secretsrrrlreplacer/authorize_access_tokenrrjdictrA)r6r'rrrsanitized_errorsanitized_error_descriptionrhrtokenuserrkr@s r.rjzAuthCallbackHandler.gets..0    ! ! # ..0 > MML   ! ! # !!'40  $ 1 12Et L #mmD"5==dBGO%"))$3;;D"E ( MMH+   ! ! # '1 --d3$eii &;<DdXV 'CR'C!qEz!U1X+'CR   v 6 MM5 6 SsD?F F FAFc|jdd}|yttjj }i}|D]} |j d\}}}}|||< |j|}|S#t $rY?wxYw)Nstater)rllistr$get_dictkeyssplit ValueErrorrj) r6state_code_from_urlcurrent_cache_keysstate_provider_mappingkeyrrecorded_providercoder's r.rz*AuthCallbackHandler._get_provider_by_states"//>  &!*"5"5"7"<"<">?!#%C 03 #-1',= "4 (& 699:MN   s A99 BBctSr4)r r:s r.rz,AuthCallbackHandler._get_origin_from_secrets9s +--r0NrZro)r\r]r^rjrrr`r0r.rrs- ^4.r0r)r'rWrXztuple[TornadoOAuth2App, str]), __future__rrztypingrrr tornado.webtornadostreamlit.auth_utilrrr r r r r rrrrstreamlit.errorsrstreamlit.loggerrstreamlit.url_utilrstreamlit.web.server.oidc_mixinrr streamlit.web.server.server_utilrrr\r__annotations__r$r/webRequestHandlerr2rbrqrr`r0r.rs# ##    0',JQH%% [ 76I w{{11I X#')C)C#4>('++*D*D>BK.*GKK,F,FK.r0