ó O'—^c@s’ddlmZddlmZddlmZddlmZmZddl m Z ddl m Z ddlmZddlmZd d lmZd d lmZmZmZmZd d lmZmZd d lmZedejfd„ƒYƒZdefd„ƒYZ de j!_"edejfd„ƒYƒZ#edejfd„ƒYƒZ$edejfd„ƒYƒZ%d„Z&d„Z'dS(iÿÿÿÿ(tunicode_literals(t timedelta(treverse(tmodelst transaction(ttimezone(t ugettext_lazy(tpython_2_unicode_compatible(tImproperlyConfiguredi(toauth2_settings(tAUTH_USER_MODELt parse_qslturlparset get_model(tgenerate_client_secrettgenerate_client_id(t validate_uristAbstractApplicationc BsÂeZdZdZdZeedƒfeedƒffZdZdZdZ dZ eed ƒfeed ƒfe ed ƒfe ed ƒffZ e j d ddededeƒZe jeddƒZedƒZe jdedegdeƒZe j d ddeƒZe j d dde ƒZe j d ddededeƒZe j d ddeƒZe jdeƒZdd"d„ƒYZ e!d„ƒZ"d„Z#d„Z$d „Z%d!„Z&RS(#uµ An Application instance represents a Client on the Authorization server. Usually an Application is created manually by client's developers after logging in on an Authorization Server. Fields: * :attr:`client_id` The client identifier issued to the client during the registration process as described in :rfc:`2.2` * :attr:`user` ref to a Django user * :attr:`redirect_uris` The list of allowed redirect uri. The string consists of valid URLs separated by space * :attr:`client_type` Client type as described in :rfc:`2.1` * :attr:`authorization_grant_type` Authorization flows available to the Application * :attr:`client_secret` Confidential secret issued to the client during the registration process as described in :rfc:`2.2` * :attr:`name` Friendly name for the Application u confidentialupublicu ConfidentialuPublicuauthorization-codeuimplicitupassworduclient-credentialsuAuthorization codeuImplicituResource owner password-baseduClient credentialst max_lengthidtuniquetdefaulttdb_indext related_nameu%(app_label)s_%(class)su"Allowed URIs list, space separatedt help_textt validatorstblanki tchoicesiÿtMetacBseZeZRS((t__name__t __module__tTruetabstract(((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyRHscCs5|jr|jjƒjdƒSts1tdƒ‚dS(uz Returns the default redirect_uri extracting the first item from the :attr:`redirect_uris` string iu„If you are using implicit, authorization_codeor all-in-one grant_type, you must define redirect_uris field in your Application modelN(t redirect_uristsplittpoptFalsetAssertionError(tself((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pytdefault_redirect_uriKs cCs¬x¥|jjƒD]”}t|ƒ}t|ƒ}|j|jkr|j|jkr|j|jkrtt|jƒƒ}tt|jƒƒ}|j |ƒr¤t SqqWt S(u{ Checks if given url is one of the items in :attr:`redirect_uris` string :param uri: Url to check ( R R!R tschemetnetloctpathtsetR tquerytissubsetRR#(R%turit allowed_uritparsed_allowed_urit parsed_uritaqs_settuqs_set((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pytredirect_uri_allowedXs   cCs`ddlm}|j r\|jtjtjfkr\tdƒ}||j|jƒƒ‚ndS(Niÿÿÿÿ(tValidationErroru4Redirect_uris could not be empty with {0} grant_type( tdjango.core.exceptionsR4R tauthorization_grant_typeRtGRANT_AUTHORIZATION_CODEtGRANT_IMPLICITt_tformat(R%R4terror((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pytcleanns  cCstddt|jƒgƒS(Nuoauth2_provider:detailtargs(Rtstrtid(R%((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pytget_absolute_urlwscCs|jp|jS(N(tnamet client_id(R%((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyt__str__zs(('RRt__doc__tCLIENT_CONFIDENTIALt CLIENT_PUBLICR9t CLIENT_TYPESR7R8tGRANT_PASSWORDtGRANT_CLIENT_CREDENTIALSt GRANT_TYPESRt CharFieldRRRBt ForeignKeyR tuserRt TextFieldRR t client_typeR6Rt client_secretRAt BooleanFieldR#tskip_authorizationRtpropertyR&R3R<R@RC(((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyRs@    t ApplicationcBseZRS((RR(((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyRT~su!OAUTH2_PROVIDER_APPLICATION_MODELtGrantcBs’eZdZejeƒZejdddeƒZ eje j ƒZ ej ƒZejddƒZejdeƒZd„Zd„Zd„ZRS(uI A Grant instance represents a token with a short lifetime that can be swapped for an access token, as described in :rfc:`4.1.2` Fields: * :attr:`user` The Django user who requested the grant * :attr:`code` The authorization code generated by the authorization server * :attr:`application` Application instance this grant was asked for * :attr:`expires` Expire time in seconds, defaults to :data:`settings.AUTHORIZATION_CODE_EXPIRE_SECONDS` * :attr:`redirect_uri` Self explained * :attr:`scope` Required scopes, optional RiÿRRcCs |js tStjƒ|jkS(u@ Check token expiration with timezone awareness (texpiresRRtnow(R%((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyt is_expiredœs cCs ||jkS(N(t redirect_uri(R%R-((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyR3¥scCs|jS(N(tcode(R%((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyRC¨s(RRRDRRLR RMRKRRZR tAPPLICATION_MODELt applicationt DateTimeFieldRVRYRNtscopeRXR3RC(((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyRU…s  t AccessTokencBs°eZdZejededeƒZejdddeƒZ eje j ƒZ ej ƒZejdeƒZd d„Zd„Zd„Zd „Zed „ƒZd „ZRS( u‚ An AccessToken instance represents the actual access token to access user's resources, as in :rfc:`5`. Fields: * :attr:`user` The Django user representing resources' owner * :attr:`token` Access token * :attr:`application` Application instance * :attr:`expires` Date and time of token expiration, in DateTime format * :attr:`scope` Allowed scopes RtnullRiÿRcCs|jƒ o|j|ƒS(u Checks if the access token is valid. :param scopes: An iterable containing the scopes to check or None (RXt allow_scopes(R%tscopes((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pytis_validÀscCs |js tStjƒ|jkS(u@ Check token expiration with timezone awareness (RVRRRW(R%((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyRXÈs cCs8|s tSt|jjƒƒ}t|ƒ}|j|ƒS(u‚ Check if the token allows the provided scopes :param scopes: An iterable containing the scopes to check (RR*R^R!R,(R%Rbtprovided_scopestresource_scopes((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyRaÑs  cCs|jƒdS(u” Convenience method to uniform tokens' interface, for now simply remove this token from the database in order to revoke it. N(tdelete(R%((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pytrevokeßscs‡fd†tjjƒDƒS(uk Returns a dictionary of allowed scope names (as keys) with their descriptions (as values) cs4i|]*\}}|ˆjjƒkr||“qS((R^R!(t.0RAtdesc(R%(s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pys ës (R tSCOPEStitems(R%((R%s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyRbæscCs|jS(N(ttoken(R%((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyRCísN(RRRDRRLR RRMRKRlR R[R\R]RVRNR^tNoneRcRXRaRgRSRbRC(((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyR_¬s     t RefreshTokencBsneZdZejeƒZejdddeƒZ eje j ƒZ ej eddƒZd„Zd„ZRS(u~ A RefreshToken instance represents a token that can be swapped for a new access token when it expires. Fields: * :attr:`user` The Django user representing resources' owner * :attr:`token` Token value * :attr:`application` Application instance * :attr:`access_token` AccessToken instance this refresh token is bounded to RiÿRRu refresh_tokencCs-tjjd|jjƒjƒ|jƒdS(uK Delete this refresh token along with related access token R?N(R_tobjectstgett access_tokenR?RgRf(R%((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyRgscCs|jS(N(Rl(R%((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyRC s(RRRDRRLR RMRKRRlR R[R\t OneToOneFieldR_RqRgRC(((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyRnñs    cCs‚ytjjdƒ\}}Wn#tk rAd}t|ƒ‚nXt||ƒ}|dkr~d}t|jtjƒƒ‚n|S(u> Return the Application model that is active in this project. u.u<APPLICATION_MODEL must be of the form 'app_label.model_name'uAAPPLICATION_MODEL refers to model {0} that has not been installedN(R R[R!t ValueErrorRR RmR:(t app_labelt model_nametet app_model((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pytget_application_models  c Csêtjƒ}d}tj}|ryt|tƒslytd|ƒ}Wqltk rhd}t|ƒ‚qlXn||}nt j ƒ_|r¨t j j d|ƒjƒntj j dtd|ƒjƒtj j d|ƒjƒWdQXdS(NtsecondsuBREFRESH_TOKEN_EXPIRE_SECONDS must be either a timedelta or secondstaccess_token__expires__lttrefresh_token__isnullt expires__lt(RRWRmR tREFRESH_TOKEN_EXPIRE_SECONDSt isinstanceRt TypeErrorRRtatomicRnRotfilterRfR_RRU(RWtrefresh_expire_atR}Rv((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyt clear_expireds      N((t __future__RtdatetimeRtdjango.core.urlresolversRt django.dbRRt django.utilsRtdjango.utils.translationRR9tdjango.utils.encodingRR5RtsettingsR tcompatR R R R t generatorsRRRRtModelRRTt_metat swappableRUR_RnRxRƒ(((s8/tmp/pip-unpacked-wheel-ndW12l/oauth2_provider/models.pyts."j &D