o
    ˷e%                     @   sj   d Z g dZddlmZ ddlZdZdZdZdZe	d	Z
G d
d deZee_G dd deZee_dS )zAn implementation of the OpenID Provider Authentication Policy
Extension 1.0

@see: http://openid.net/developers/specs/

@since: 2.1.0
)RequestResponsens_uriAUTH_PHISHING_RESISTANTAUTH_MULTI_FACTORAUTH_MULTI_FACTOR_PHYSICAL    )	ExtensionNz+http://specs.openid.net/extensions/pape/1.0zEhttp://schemas.openid.net/pape/policies/2007/06/multi-factor-physicalz<http://schemas.openid.net/pape/policies/2007/06/multi-factorzBhttp://schemas.openid.net/pape/policies/2007/06/phishing-resistantz$^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$c                       s^   e Zd ZdZdZd fdd	Zdd Zdd	 Zd
d Zdd Z	e
e	Z	dd Zdd Z  ZS )r   a  A Provider Authentication Policy request, sent from a relying
    party to a provider

    @ivar preferred_auth_policies: The authentication policies that
        the relying party prefers
    @type preferred_auth_policies: [str]

    @ivar max_auth_age: The maximum time, in seconds, that the relying
        party wants to allow to have elapsed before the user must
        re-authenticate
    @type max_auth_age: int or NoneType
    papeNc                    s&   t t|   |sg }|| _|| _d S N)superr   __init__preferred_auth_policiesmax_auth_age)selfr   r   	__class__ T/var/www/ideatree/venv/lib/python3.10/site-packages/openid/extensions/draft/pape2.pyr   1   s
   
zRequest.__init__c                 C   s   t | jp| jd uS r
   )boolr   r   )r   r   r   r   __bool__9   s   zRequest.__bool__c                 C      || j vr| j | dS dS )a  Add an acceptable authentication policy URI to this request

        This method is intended to be used by the relying party to add
        acceptable authentication types to the request.

        @param policy_uri: The identifier for the preferred type of
            authentication.
        @see: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html#auth_policies
        N)r   appendr   
policy_urir   r   r   addPolicyURI=      

zRequest.addPolicyURIc                 C   s,   dd | ji}| jdurt| j|d< |S )/@see: C{L{Extension.getExtensionArgs}}
        r    Nr   )joinr   r   strr   ns_argsr   r   r   getExtensionArgsJ   s
   
zRequest.getExtensionArgsc                 C   s.   |  }|j |j}|i krdS || |S )zaInstantiate a Request object from the arguments in a
        C{checkid_*} OpenID message
        N)messagegetArgsr   parseExtensionArgs)clsrequestr   argsr   r   r   fromOpenIDRequestV   s   
zRequest.fromOpenIDRequestc                 C   s   g | _ |d}|r(t|trt|dd}|dD ]}|| j vr'| j | q|d}d| _|rEzt|| _W dS  t	yD   Y dS w dS )a  Set the state of this request to be that expressed in these
        PAPE arguments

        @param args: The PAPE arguments without a namespace

        @rtype: None

        @raises ValueError: When the max_auth_age is not parseable as
            an integer
        r   zutf-8)encodingr   r   N)
r   get
isinstancebytesr   splitr   r   int
ValueError)r   r(   policies_strurimax_auth_age_strr   r   r   r%   e   s$   



zRequest.parseExtensionArgsc                 C   s   t t| jj|S )a  Given a list of authentication policy URIs that a provider
        supports, this method returns the subsequence of those types
        that are preferred by the relying party.

        @param supported_types: A sequence of authentication policy
            type URIs that are supported by a provider

        @returns: The sub-sequence of the supported types that are
            preferred by the relying party. This list will be ordered
            in the order that the types appear in the supported_types
            sequence, and may be empty if the provider does not prefer
            any of the supported authentication types.

        @returntype: [str]
        )listfilterr   __contains__)r   supported_typesr   r   r   preferredTypes   s   zRequest.preferredTypes)NN)__name__
__module____qualname____doc__ns_aliasr   r   r   r"   r)   classmethodr%   r8   __classcell__r   r   r   r   r   !   s    !r   c                       sV   e Zd ZdZdZ			d fdd	Zdd Zdd	 ZdddZe	eZdd Z
  ZS )r   z[A Provider Authentication Policy response, sent from a provider
    to a relying party
    r	   Nc                    s0   t t|   |r|| _ng | _|| _|| _d S r
   )r   r   r   auth_policies	auth_timenist_auth_level)r   r@   rA   rB   r   r   r   r      s   
zResponse.__init__c                 C   r   )a  Add a authentication policy to this response

        This method is intended to be used by the provider to add a
        policy that the provider conformed to when authenticating the user.

        @param policy_uri: The identifier for the preferred type of
            authentication.
        @see: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html#auth_policies
        N)r@   r   r   r   r   r   r      r   zResponse.addPolicyURIc                 C   s,   |  }| |j}|dur|| |S dS )a9  Create a C{L{Response}} object from a successful OpenID
        library response
        (C{L{openid.consumer.consumer.SuccessResponse}}) response
        message

        @param success_response: A SuccessResponse from consumer.complete()
        @type success_response: C{L{openid.consumer.consumer.SuccessResponse}}

        @rtype: Response or None
        @returns: A provider authentication policy response from the
            data that was supplied with the C{id_res} response or None
            if the provider sent no signed PAPE response arguments.
        N)getSignedNSr   r%   )r&   success_responser   r(   r   r   r   fromSuccessResponse   s   
zResponse.fromSuccessResponseFc                 C   s   | d}|r|dkr|d| _| d}|r@zt|}W n ty0   |r+tdd| _Y nw d|  kr;dk r@n n|| _| d	}|rWt|rQ|| _dS |rYtd
dS dS )a  Parse the provider authentication policy arguments into the
        internal state of this object

        @param args: unqualified provider authentication policy
            arguments

        @param strict: Whether to raise an exception when bad data is
            encountered

        @returns: None. The data is parsed into the internal fields of
            this object.
        r@   noner   rB   Cnist_auth_level must be an integer between zero and four, inclusiveNr      rA   #auth_time must be in RFC3339 format)	r+   r.   r@   r/   r0   rB   TIME_VALIDATORmatchrA   )r   r(   strictr1   nist_level_str
nist_levelrA   r   r   r   r%      s0   





zResponse.parseExtensionArgsc                 C   s   t | jdkrddi}ndd| ji}| jdur.| jttddvr'tdt| j|d< | jdurBt	
| js=td	| j|d
< |S )r   r   r@   rF   r   NrH   rG   rB   rI   rA   )lenr@   r   rB   r4   ranger0   r   rA   rJ   rK   r    r   r   r   r"     s   


zResponse.getExtensionArgs)NNN)F)r9   r:   r;   r<   r=   r   r   rE   r%   r>   r"   r?   r   r   r   r   r      s    
'r   )r<   __all__openid.extensionr   rer   r   r   r   compilerJ   r   r   r   r   r   r   <module>   s"    	
y 
