o ˷ev@sddlZddlZddlmZddlmZmZddlmZddl m Z ddl m Z ddl mZddlZddlmZdd lmZdd lmZdd lmZmZmZdd lmZmZd dlmZmZd dl m!Z!d dl"m#Z#GdddeZ$edddZ%e&e$Z'e%Z(e&e$Z)dS)N) timedelta)HttpResponseNotAllowedHttpResponseRedirect)reverse)timezone) urlencode) csrf_exempt) get_adapter) SocialToken) OAuth2Error) OAuth2AdapterOAuth2CallbackViewOAuth2LoginView)build_absolute_uriget_request_param)add_apple_sessionpersist_apple_session)AppleOAuth2Client) AppleProviderc@sbeZdZeZejZdZdZ dZ ddZ ddZ dd Z d d Zd d ZddZddZddZdS)AppleOAuth2Adapterz$https://appleid.apple.com/auth/tokenz(https://appleid.apple.com/auth/authorizez#https://appleid.apple.com/auth/keysc Cslt|j}|z|}Wntjy"}ztd|d}~ww|dD] }|d|kr3|Sq'dS)Nz"Error retrieving apple public key.keyskid)requestsgetpublic_key_urlraise_for_statusjsonJSONDecodeErrorr )selfrresponsedataedr$b/var/www/ideatree/venv/lib/python3.10/site-packages/allauth/socialaccount/providers/apple/views.py_get_apple_public_key#s     z(AppleOAuth2Adapter._get_apple_public_keycCs2t|d}|j|d}tjjt|}|S)zT Get the public key which matches the `kid` in the id_token header. r)r)jwtget_unverified_headerr& algorithms RSAAlgorithmfrom_jwkrdumps)rid_tokenrapple_public_key public_keyr$r$r%get_public_key/s z!AppleOAuth2Adapter.get_public_keycCs(tjd|jd}dd|jdDS)N)requestprovidercSsg|]}|qSr$)strip).0audr$r$r% ;sz4AppleOAuth2Adapter.get_client_id..,)r get_app provider_id client_idsplit)rr2appr$r$r% get_client_id9sz AppleOAuth2Adapter.get_client_idc Cs^|}||}z||}tj||dg|dd}|WStjy.}ztd|d}~ww)NRS256zhttps://appleid.apple.com)r)audienceissuerzInvalid id_token) get_providerr=r0r'decode PyJWTErrorr )rr-r2 allowed_audsr/ identity_datar"r$r$r%get_verified_identity_data=s    z-AppleOAuth2Adapter.get_verified_identity_datacCsdt|dd}|dd|_||j}|r"ttt|d|_| |d}i|||_ |S)N access_token)token refresh_token)secondsr-) r r token_secretexpires_in_keyrnowrint expires_atrF user_data)rr!rH expires_inrEr$r$r% parse_tokenOs zAppleOAuth2Adapter.parse_tokencKs:|j}|j||d}|j|jd<t||j|S)N)r1r r-)rQrAsociallogin_from_responsestaterapple_login_sessiondelete)rr1r<rHkwargs extra_dataloginr$r$r%complete_login`s  z!AppleOAuth2Adapter.complete_logincCs4|jdd}zt|WStjyiYSw)NuserrJ)rVrrloadsr)rr1user_scope_datar$r$r%get_user_scope_datans  z&AppleOAuth2Adapter.get_user_scope_datacCs>t|t|d}||}i|||d|jdiS)z8We need to gather the info from the apple specific logincoder-)rrget_access_tokenr_rVr)rr1r<clientr`access_token_datar$r$r%get_access_token_dataws   z(AppleOAuth2Adapter.get_access_token_dataN)__name__ __module__ __qualname__r client_classridr9access_token_url authorize_urlrr&r0r=rFrSr[r_rdr$r$r$r%rs   rapple_finish_callbackc Cs|jdkr tdgt|gd}i}|D]}t||d}|r$|||<qddg}|D] }t||d|j|<q+t|t|}tdj|t |d}t |||S)a Apple uses a `form_post` response type, which due to CORS/Samesite-cookie rules means this request cannot access the request since the session cookie is unavailable. We work around this by storing the apple response in a separate, temporary session and redirecting to a more normal oauth flow. args: finish_endpoint_name (str): The name of a defined URL, which can be overridden in your url configuration if you have more than one callback endpoint. POST)r`rUerrorrJr\r-z {url}?{query})urlquery) methodrrrrVrrrformatrr) r1finish_endpoint_namekeys_to_put_in_url url_paramskeyvaluekeys_to_save_to_sessionror r$r$r%apple_post_callbacks&    ry)rl)*rrdatetimer django.httprr django.urlsr django.utilsrdjango.utils.httprdjango.views.decorators.csrfrr'allauth.socialaccount.adapterr allauth.socialaccount.modelsr -allauth.socialaccount.providers.oauth2.clientr ,allauth.socialaccount.providers.oauth2.viewsr r r allauth.utilsrr apple_sessionrrrbrr2rrry adapter_view oauth2_loginoauth2_callbackoauth2_finish_loginr$r$r$r%s.          j  (