o "4gt@sddlZddlZddlZddlZddlmZddlmZddlm Z ddl m Z m Z m Z mZmZddlmZddlmZmZddlmZdd lmZdd lmZmZdd lmZm Z dd l!m"Z"dd l#m$Z$ddl%m&Z&ddl'm(Z(ddl)m*Z*ddl+m,Z,ddl-m.Z.ddl/m0Z1ddl2m3Z4ddl5m3Z3m6Z6ddl7m8Z8m9Z9ddl:m;Z;ddlm?Z?m@Z@Gddde;ZAdddZBdS)N)urlparse)settings)messages) authenticate get_backendsget_user_modelloginlogout) AbstractUser)MinimumLengthValidatorvalidate_password)get_current_site)FieldDoesNotExist) EmailMessageEmailMultiAlternatives) HttpResponseHttpResponseRedirect) resolve_url)TemplateDoesNotExist)render_to_stringreverse)timezone)get_random_string force_str) gettext_lazy app_settings)rsignals)context ratelimit) BaseAdapterheaded_redirect_response)generate_unique_usernameimport_attributec@seZdZdZideddeddedded d ed d ed deddeddeddeddeddeddeddeddedd ed!d"ejd#jd$Zd%d&Z d'd(Z d)d*Z d+e fd,d-Z d+efd.d/Zd0d1Zdd3d4Zd5d6Zd7d8Zd9d:Zd;d<Zd=d>Zd?d@ZdAdBZdCdDZdEdFZddGdHZddJdKZddMdNZdOdPZddQdRZdSdTZ 2 2 U 2ddVdWZ!ddXdYZ"dZd[Z#d\d]Z$d^d_Z%d`daZ&dbdcZ'dddeZ(ddfdgZ)dhdiZ*djdkZ+dldmZ,dndoZ-dpdqZ.d+e fdrdsZ/dtduZ0dvdwZ1dxdyZ2dzd{Z3d|d}Z4d~dZ5ddZ6ddZ7ddZ8ddZ9ddZ:ddZ;ddZddZ?dddZ@d+efddZAd+efddZBddZCd+e fddZDd2S)DefaultAccountAdapteraDThe adapter class allows you to override various functionality of the ``allauth.account`` app. To do so, point ``settings.ACCOUNT_ADAPTER`` to your own class that derives from ``DefaultAccountAdapter`` and override the behavior by altering the implementation of the methods according to your own needs. account_inactivez#This account is currently inactive.cannot_remove_primary_emailz-You cannot remove your primary email address.duplicate_emailz;This email address is already associated with this account.email_password_mismatchz@The email address and/or password you specified are not correct. email_takenz5A user is already registered with this email address.enter_current_passwordz"Please type your current password.incorrect_codezIncorrect code.incorrect_passwordzIncorrect password.invalid_or_expired_keyzInvalid or expired key.invalid_password_resetz%The password reset token was invalid.max_email_addressesz,You cannot add more than %d email addresses.too_many_login_attemptsz0Too many failed login attempts. Try again later. unknown_emailz5The email address is not assigned to any user accountunverified_primary_emailz,Your primary email address must be verified.username_blacklistedz4Username can not be used. Please use other username.username_password_mismatchz;The username and/or password you specified are not correct.username_takenusernameuniquecCs||jd<dSNaccount_verified_email)session)selfrequestemailrA`/var/www/html/authentication-server/venv/lib/python3.10/site-packages/allauth/account/adapter.pystash_verified_emailTz*DefaultAccountAdapter.stash_verified_emailcCs|jd}d|jd<|Sr;)r=get)r>r?retrArArBunstash_verified_emailWs  z,DefaultAccountAdapter.unstash_verified_emailcCs(d}|jd}|r||k}|S)z Checks whether or not the email address is already verified beyond allauth scope, for example, by having accepted an invitation before signing up. Fr<)r=rElower)r>r?r@rFverified_emailrArArBis_email_verified\s  z'DefaultAccountAdapter.is_email_verifiedreturncCsfddlm}|jj|jdj|jd}tj tj j k}|j r)|r#dS|r'dSdS|r-dS|r1dSdS)zP Returns whether or not the given email address can be deleted. r EmailAddress)user_id)pkFT) allauth.account.modelsrMobjectsfilterrNexcluderOexistsrAUTHENTICATION_METHODAuthenticationMethodEMAILprimary)r> email_addressrM has_otherlogin_by_emailrArArBcan_delete_emailhs* z&DefaultAccountAdapter.can_delete_emailcCs2tj}|durttj}dj|jd}|t|S)z2 Formats the given email subject. Nz [{name}] )name)rEMAIL_SUBJECT_PREFIXr r r?formatr]r)r>subjectprefixsiterArArBformat_email_subjects   z*DefaultAccountAdapter.format_email_subjectcCstjS)z This is a hook that can be overridden to programmatically set the 'from' email address for sending emails )rDEFAULT_FROM_EMAILr>rArArBget_from_emailsz$DefaultAccountAdapter.get_from_emailNc Cst|tr|gn|}td||}d|}||}|}i}t j } | dfD](} zd|| } t| |t dj || <Wq-t yU| dkrS|sSYq-wd|vrst||d|||d} | |vrq| || d| St||| |||d} d| _| S) z Renders an email to `email`. `template_prefix` identifies the email that is to be sent, e.g. "account/email/email_confirmation" z{0}_subject.txt txtz{0}_message.{1}r )headersz text/htmlhtml) isinstancestrrr_join splitlinesstriprcrfrTEMPLATE_EXTENSIONglobalsr?rrattach_alternativercontent_subtype) r>template_prefixr@r ritor` from_emailbodieshtml_extext template_namemsgrArArB render_mailsD      z!DefaultAccountAdapter.render_mailcCs:|ttdjd}||||||}|dS)Nr )r@ current_site)r rqr?updater|send)r>rtr@r ctxr{rArArB send_mails   zDefaultAccountAdapter.send_mailcC ttjSN)rrSIGNUP_REDIRECT_URLr>r?rArArBget_signup_redirect_url z-DefaultAccountAdapter.get_signup_redirect_urlcCs>|jjsJttdd}|rtdtt|Stj}t|S)z Returns the default URL to redirect to after logging in. Note that URLs passed explicitly (e.g. by passing along a `next` GET parameter) take precedence over the value returned here. LOGIN_REDIRECT_URLNAMENzSLOGIN_REDIRECT_URLNAME is deprecated, simply use LOGIN_REDIRECT_URL with a URL name) useris_authenticatedgetattrrwarningswarnDeprecationWarningLOGIN_REDIRECT_URLr)r>r?urlrArArBget_login_redirect_urls  z,DefaultAccountAdapter.get_login_redirect_urlcCr)a Returns the URL to redirect to after the user logs out. Note that this method is also invoked if you attempt to log out while no users is logged in. Therefore, request.user is not guaranteed to be an authenticated user. )rrLOGOUT_REDIRECT_URLrrArArBget_logout_redirect_urls z-DefaultAccountAdapter.get_logout_redirect_urlcCsBt|dd}|r ||jS|jjjrtjrtjS||jStjS)z@ The URL to return to after email verification. #get_email_confirmation_redirect_urlN)rr?rrr-EMAIL_CONFIRMATION_AUTHENTICATED_REDIRECT_URLr)EMAIL_CONFIRMATION_ANONYMOUS_REDIRECT_URL)r>rYget_urlrArArB#get_email_verification_redirect_urls    z9DefaultAccountAdapter.get_email_verification_redirect_urlcCtdS)z The URL to redirect to after a successful password change/set. NOTE: Not called during the password reset flow. account_change_passwordrrrArArB get_password_change_redirect_urlsz6DefaultAccountAdapter.get_password_change_redirect_urlcCdS)z Checks whether or not the site is open for signups. Next to simply returning True/False you can also intervene the regular flow by raising an ImmediateHttpResponse TrArrArArBis_open_for_signupsz(DefaultAccountAdapter.is_open_for_signupcCs t}|S)z3 Instantiates a new User instance. )rr>r?rrArArBnew_user szDefaultAccountAdapter.new_userc Csdddlm}m}m}||d}||d}||}||} tjr0||| p,||||| dgdSdS)z Fills in a valid username, if required and missing. If the username is already present it is assumed to be valid (unique).  user_email user_field user_username first_name last_namerN)utilsrrrrUSER_MODEL_USERNAME_FIELDr%) r>r?rrrrrrr@r9rArArBpopulate_usernames   z'DefaultAccountAdapter.populate_usernamecCs t||Sr)r%)r>txtsregexrArArBr%'rz.DefaultAccountAdapter.generate_unique_usernameTc Csddlm}m}m}|j}|d} |d} |d} |d} ||| ||| | r3||d| | r;||d| d|vrG||dnd|vrS||dn|||||rc| |S) zd Saves a new `User` instance using information provided in the signup form. rrrrr@r9 password1password) rrrr cleaned_datarE set_passwordset_unusable_passwordrsave) r>r?rformcommitrrrdatarrr@r9rArArB save_user*s*         zDefaultAccountAdapter.save_userFcCsdtjD]}||qddtjD}||vr|d|s0ddlm}||r0|d|S)z Validates the username. You can hook into this if you want to (dynamically) restrict what usernames can be chosen. cSsg|]}|qSrA)rH).0ubrArArB Rsz8DefaultAccountAdapter.clean_username..r6r)filter_users_by_usernamer8)rUSERNAME_VALIDATORSUSERNAME_BLACKLISTrHvalidation_errorrrrT)r>r9shallow validatorusername_blacklist_lowerrrArArBclean_usernameIs       z$DefaultAccountAdapter.clean_usernamecC|S)z Validates an email value. You can hook into this if you want to (dynamically) restrict what email addresses can be chosen. rAr>r@rArArB clean_email`sz!DefaultAccountAdapter.clean_emailcCs&tj}|r t||t|||S)z{ Validates a password. You can hook into this if you want to restric the allowed password choices. )rPASSWORD_MIN_LENGTHr validater )r>rr min_lengthrArArBclean_passwordgs  z$DefaultAccountAdapter.clean_passwordcCrrrArrArArBvalidate_unique_emailrz+DefaultAccountAdapter.validate_unique_emailcCstt|ddddr dSdtjvrN|rtj||||ddSz%|dur%i}t||tj}|rAt |}tj||||dWdSWdSt yMYdSwdS)zx Wrapper of `django.contrib.messages.add_message`, that reads the message text from a template. allauthNheadlesszdjango.contrib.messages) extra_tags) rrINSTALLED_APPSr add_messagerr r?rorjunescaper)r>r?levelmessage_templatemessage_contextrmessageescaped_messagerArArBrus0    z!DefaultAccountAdapter.add_messagecCsi}|j}|r d}||d<|r8|jdkr|rd}nd}nd}|||d<t|dr0||jd|d<|dur@||d <tt ||d d S) NlocationPOSTirrenderutf8rjrapplication/json)status content_type) status_codemethodis_validajax_response_formhasattrrcontentdecoderjsondumps)r>r?response redirect_torrresprrArArB ajax_responses(   z#DefaultAccountAdapter.ajax_responsec Csig|d}|D]3}t|j|t|jdd|jDddd|jjj Did}||d|j <|d  |j q |S) N)fields field_ordererrorscSsg|]}t|qSrAr)rerArArBrsz.attrscSsi|] \}}|t|qSrAr)rkvrArArB sz.)labelvalue help_textrwidgetrr) non_field_errorsrrrrrfieldrritems html_nameappend)r>r form_specr field_specrArArBrs"  z(DefaultAccountAdapter.ajax_response_formcCs|js |||SdSr) is_activerespond_user_inactive)r>r?remail_verification signal_kwargsr@signup redirect_urlrArArB pre_logins zDefaultAccountAdapter.pre_loginc Csbddlm}t||||d} |duri}tjjd|j|| |d|||tj dd|i| S)Nr)r)r)senderr?rrzaccount/messages/logged_in.txtrrA) rrrruser_logged_inr __class__rrSUCCESS) r>r?rrrr@rrrrrArArB post_logins*  z DefaultAccountAdapter.post_logincCsvt|ds4ddlm}t}d}|D]}t||r|}n |s&t|dr&|}qd|j|jjg}||_ t ||dS)NbackendrAuthenticationBackendget_user.) r auth_backendsr rrkrm __module__r__name__r  django_login)r>r?rr backendsr b backend_pathrArArBrs   zDefaultAccountAdapter.logincCs t|dSr) django_logoutrrArArBr s zDefaultAccountAdapter.logoutcCsddlm}|||S)z@ Marks the email address as confirmed on the db r)r)allauth.account.internal.flowsr verify_email)r>r?rYrrArArB confirm_email s  z#DefaultAccountAdapter.confirm_emailcCs|||dS)z1 Sets the password for the user. N)rr)r>rrrArArBrs  z"DefaultAccountAdapter.set_passwordc CsRg}t}tjdddg}|D]}z |j|||Wqty&Yqw|S)Nrrr@)rrr_meta get_fieldrr)r>rFUser candidates candidaterArArBget_user_search_fieldss  z,DefaultAccountAdapter.get_user_search_fieldscCsZddlm}tjhttjB}d|vr't|j }|r|hnd}|||dS|||dS)Nr)url_has_allowed_host_and_scheme*) allowed_hosts) django.utils.httpr r r?get_hostsetr ALLOWED_HOSTSrnetloc)r>rr r" parsed_host allowed_hostrArArB is_safe_url,s    z!DefaultAccountAdapter.is_safe_urlcCs|d||S)a_ Method intended to be overridden in case you need to customize the logic used to determine whether a user is permitted to request a password reset. For example, if you are enforcing something like "social only" authentication in your app, you may want to intervene here by checking `user.has_usable_password` z account/email/password_reset_key)r)r>rr@r rArArBsend_password_reset_mail9sz.DefaultAccountAdapter.send_password_reset_mailcCsddlm}|j|j|S)zq Method intended to be overridden in case the password reset email needs to be adjusted. rflows)allauth.account.internalr-password_resetget_reset_password_from_key_urlr?)r>keyr-rArArBr0Cs z5DefaultAccountAdapter.get_reset_password_from_key_urlcCsddlm}|j||S)zConstructs the email confirmation (activation) url. Note that if you have architected your system such that email confirmations are sent outside of the request context `request` can be `None` here. rr,)r.r-rget_email_verification_url)r>r?emailconfirmationr-rArArBget_email_confirmation_urlLs z0DefaultAccountAdapter.get_email_confirmation_urlcCr)NTrA)r>r?rYrrArArBshould_send_confirmation_mailYrz3DefaultAccountAdapter.should_send_confirmation_mailcCsHddlm}|jtj}|jtj}tj||d}|d||dS)Nrr,)r? signup_urlpassword_reset_urlz$account/email/account_already_exists) r.r-rget_signup_urlr r?r/get_reset_password_urlr)r>r@r-r6r7rrArArB send_account_already_exists_mail\s z6DefaultAccountAdapter.send_account_already_exists_mailcCsbd|jji}tjr|d|jin ||j|||d|r$d}nd}|||jj|dS)Nrcode)r1 activate_urlz'account/email/email_confirmation_signupz account/email/email_confirmation) rYrr"EMAIL_VERIFICATION_BY_CODE_ENABLEDr~r1r4rr@)r>r?r3rremail_templaterArArBsend_confirmation_mailjsz,DefaultAccountAdapter.send_confirmation_mailcCr)Nr(r#rrArArBrz+DefaultAccountAdapter.respond_user_inactivecCr)Naccount_email_verification_sentr#rrArArBrespond_email_verification_sentr@z5DefaultAccountAdapter.respond_email_verification_sentcKs0t|}|d|dd}dj|j|dS)Nr@r9rz{site}:{login})rbr)r rErHr_domain)r>r? credentialsrbrrArArB_get_login_attempts_cache_keysz3DefaultAccountAdapter._get_login_attempts_cache_keycKs&|j|fi|}tj|d|ddS)N login_failedactionr1)rEr!clearr>r?rD cache_keyrArArB#_delete_login_attempts_cached_emailsz9DefaultAccountAdapter._delete_login_attempts_cached_emailcKs0|j|fi|}tj|d|ds|ddS)NrFrGr3)rEr!consumerrJrArArBpre_authenticates z&DefaultAccountAdapter.pre_authenticatecKsvddlm}|j|fi||t|fi|}|}|p"|}|r0|j|fi||S|j|fi||S)z8Only authenticates, does not actually login. See `login`rr )allauth.account.auth_backendsr rNunstash_authenticated_userrrLauthentication_failed)r>r?rDr ralt_userrArArBrs z"DefaultAccountAdapter.authenticatecKsdSrrA)r>r?rDrArArBrQrz+DefaultAccountAdapter.authentication_failedc Cstddlm}ddlm}d|i}||}|r||d<|j|}|r&||d<|jtjfi|}|duo9|j |j kS)NrrL)rrr9r@) rPrMallauth.account.utilsrrQget_primary_emailrr r?rO) r>rrrMrrDr9r@ reauth_userrArArBreauthenticates   z$DefaultAccountAdapter.reauthenticatecCs,t|jddk|jdk|jddkgS)NHTTP_X_REQUESTED_WITHXMLHttpRequestr HTTP_ACCEPT)anyMETArErrrArArBis_ajaxs zDefaultAccountAdapter.is_ajaxcCs2|jd}|r|dd}|S|jd}|S)NHTTP_X_FORWARDED_FOR,r REMOTE_ADDR)r[rEsplit)r>r?x_forwarded_foriprArArB get_client_ips  z#DefaultAccountAdapter.get_client_ipcCs|jddS)NHTTP_USER_AGENT Unspecified)r[rErrArArBget_http_user_agentrDz)DefaultAccountAdapter.get_http_user_agentcCstd}|S)N@)rrH)r>r@r1rArArBgenerate_emailconfirmation_keys z4DefaultAccountAdapter.generate_emailconfirmation_keycCsHg}|d|dtjr"ddlm}|d|jr"|d|S)Nz'allauth.account.stages.LoginByCodeStagez-allauth.account.stages.EmailVerificationStagerrz$allauth.mfa.stages.AuthenticateStagez.allauth.mfa.webauthn.stages.PasskeySignupStage)rallauth_app_settings MFA_ENABLED allauth.mfarPASSKEY_SIGNUP_ENABLED)r>rF mfa_settingsrArArBget_login_stagess     z&DefaultAccountAdapter.get_login_stagescCsddlm}dd||D}g}d|vr$dtdtdd}||d |vrX|d d }d |vs6d |vrEd td td d}||d|vrXdtdtdd}|||S)zThe order of the methods returned matters. The first method is the default when using the `@reauthentication_required` decorator. r)get_reauthentication_flowscSsi|]}|d|qS)idrA)rfrArArBrszFDefaultAccountAdapter.get_reauthentication_methods..rVzUse your passwordaccount_reauthenticate)rp descriptionrmfa_reauthenticatetypesrecovery_codestotpzUse authenticator app or codewebauthnzmfa_reauthenticate:webauthnzUse a security keymfa_reauthenticate_webauthn)/allauth.account.internal.flows.reauthenticationro_rr)r>rro flow_by_idrFentryrurArArBget_reauthentication_methodss0     z2DefaultAccountAdapter.get_reauthentication_methodscCsnddlm}tjs dS|s|j|}|sdSt||j | |j d}|r.| || |||dS)NrrL) timestamprb user_agent) rPrMrEMAIL_NOTIFICATIONSrQrTrnowrcr?rfr~r)r>rtrr r@rMrrArArBsend_notification_mails     z,DefaultAccountAdapter.send_notification_mailcC|S)z- Generates a new login code. _generate_codererArArBgenerate_login_codez)DefaultAccountAdapter.generate_login_codecCr)z: Generates a new email verification code. rrerArArB generate_email_verification_coderz6DefaultAccountAdapter.generate_email_verification_codecCs2d}tjtj}|D]}||d}q td|dS)N 0OI18B2ZAEUr)length allowed_chars)stringascii_uppercasedigitsreplacer)r>forbidden_charsrchrArArBrs   z$DefaultAccountAdapter._generate_codecCsdddlm}d}||j}|r|dd}|dkrdStj}t|tr&|S|s*dS|dup1||vS)z_ Returns whether or not login-by-code is required for the given login. r)authenticationNrr;F)allauth.accountrget_authentication_recordsr?rLOGIN_BY_CODE_REQUIREDrkbool)r>rrrrecordsrrArArBis_login_by_code_required$s    z/DefaultAccountAdapter.is_login_by_code_requiredr)T)F)NNrN)NNN)rKN)NN)Err __qualname____doc__r{r rrerror_messagesrCrGrJrr\rlrcrfr|rrrrrrrrrr%rrrrrrrrrr rr rrrr*r+r0r4r5r:r?rrBrErLrNrrQrVr\rcrfrhrnr~rrrrrrArArArBr'*s   " ! (         !"        #r'cCsttj|Sr)r&rADAPTER)r?rArArB get_adapter9rDrr)Crjrrr urllib.parser django.confrdjango.contribrdjango.contrib.authrrrrrr rdjango.contrib.auth.modelsr 'django.contrib.auth.password_validationr r django.contrib.sites.shortcutsr django.core.exceptionsrdjango.core.mailrr django.httprrdjango.shortcutsrdjango.templaterdjango.template.loaderr django.urlsr django.utilsrdjango.utils.cryptordjango.utils.encodingrdjango.utils.translationrr{rrrirr allauth.corer r!allauth.core.internal.adapterr"allauth.core.internal.httpkitr$ allauth.utilsr%r&r'rrArArArBsH