o h1@sddlmZddlZddlmZddlmZddlZddl m Z m Z m Z m Z ddlmZddlmZddlmZmZdd lmZe ZdddZGdddejjZGdddeejjZGdddeejjZGdddeejjZdS)) annotationsN)Any)urlparse) AuthCachedecode_provider_token!generate_default_provider_sectionget_secrets_auth_section)StreamlitAuthError) make_url_path) TornadoOAuthTornadoOAuth2App)AUTH_COOKIE_NAMEproviderstrreturntuple[TornadoOAuth2App, str]cCst}|r|dd}|}ni}d}||i}|s(|dkr(t|}||d<|di}d|vr6d|d<d|vr>d |d<t|td }|||||fS) zRCreate an OAuth client for the given provider based on secrets.toml configuration. redirect_uriN/default client_kwargsscopezopenid email profilepromptselect_account)cache) rgetto_dict setdefaultrr auth_cacheregister create_client)r auth_sectionrconfigprovider_sectionprovider_client_kwargsoauthr%]/var/www/vscode/kcb/lib/python3.10/site-packages/streamlit/web/server/oauth_authlib_routes.pycreate_oauth_client$s$       r'c@s8eZdZdZdddZddd Zdd d ZdddZdS)AuthHandlerMixinzNMixin for handling auth cookies. Added for compatibility with Tornado < 6.3.0.base_urlrrNonecCs ||_dSN)r))selfr)r%r%r& initializeBs zAuthHandlerMixin.initializecCs|t|jddS)Nr)redirectr r)r,r%r%r&redirect_to_baseEsz!AuthHandlerMixin.redirect_to_base user_infodict[str, Any]cCsFt|}z |jt|ddWdSty"|jt|ddYdSw)NT)httpOnly)httponly)jsondumpsset_signed_cookier AttributeErrorset_secure_cookie)r,r1serialized_cookie_valuer%r%r&set_auth_cookieHs   z AuthHandlerMixin.set_auth_cookiecCs|tdSr+) clear_cookier r/r%r%r&clear_auth_cookieZsz"AuthHandlerMixin.clear_auth_cookieN)r)rrr*)rr*)r1r2rr*)__name__ __module__ __qualname____doc__r-r0r;r=r%r%r%r&r(?s    r(c@seZdZddZdddZdS) AuthLoginHandlerc sv|}|dur|dSt|\}}z |||WdSty:}z|jdt|dWYd}~dSd}~ww)z*Redirect to the OAuth provider login page.Ni)reason)_parse_provider_tokenr0r'authorize_redirect Exception send_errorr)r,rclientrer%r%r&r_s  zAuthLoginHandler.getr str | NonecCsD|dd}z|durtdt|}W|dSty!YdSw)NrzMissing provider token) get_argumentr r)r,provider_tokenpayloadr%r%r&rDls   z&AuthLoginHandler._parse_provider_tokenNrrJ)r>r?r@rrDr%r%r%r&rB^s rBc@seZdZddZdS)AuthLogoutHandlercCs||dSr+)r=r0r/r%r%r&rys zAuthLogoutHandler.getN)r>r?r@rr%r%r%r&rOxs rOc@s(eZdZddZd ddZd ddZd S) AuthCallbackHandlerc s|}|}|dur|dS|dd}|r!|dS|dur+|dSt|\}}||}|d}t||dd}|rI|||dS)NerroruserinfoT)origin is_logged_in) _get_provider_by_state_get_origin_from_secretsr0rKr'authorize_access_tokenrdictr;) r,rrSrQrH_tokenuser cookie_valuer%r%r&rs(      zAuthCallbackHandler.getrrJc CsR|d}tt}i}|D]}|d\}}}}|||<q||d}|S)NstaterY)rKlistrget_dictkeyssplitr) r,state_code_from_urlcurrent_cache_keysstate_provider_mappingkeyrYrecorded_providercoderr%r%r&rUs   z*AuthCallbackHandler._get_provider_by_statecCs>d}t}|r |dd}|sdSt|}|jd|j}|S)Nrz://)rrrschemenetloc)r,rr redirect_uri_parsedorigin_from_redirect_urir%r%r&rVs z,AuthCallbackHandler._get_origin_from_secretsNrN)r>r?r@rrUrVr%r%r%r&rP~s  rP)rrrr) __future__rr5typingr urllib.parser tornado.webtornadostreamlit.auth_utilrrrrstreamlit.errorsr streamlit.url_utilr streamlit.web.server.oidc_mixinr r streamlit.web.server.server_utilr rr'webRequestHandlerr(rBrOrPr%r%r%r&s