o "4g"@sddlmZmZmZmZddlmZddlZddl m Z ddl m Z ddl mZmZmZmZmZmZmZmZddlmZddlmZdd lmZdd lmZdd lmZd ej j!_"d Z#dd iZ$defddZ%deefddZ&deddfddZ'd3ddZ(de fddZ)dedefddZ*de+defdd Z,d!edefd"d#Z-deefd$d%Z.d&e/deefd'd(Z0dedefd)d*Z1d4defd+d,Z2defd-d.Z3dedefd/d0Z4Gd1d2d2Z5dS)5)AnyDictListOptional)get_user_modelN) Fido2Server)websafe_decode)AttestedCredentialDataAuthenticationResponseAuthenticatorDataPublicKeyCredentialRpEntityPublicKeyCredentialUserEntityRegistrationResponseResidentKeyRequirementUserVerificationRequirement)url_str_to_user_pk)context) app_settings) get_adapter) AuthenticatorTzmfa.webauthn.state credPropsreturncCst|}tdi|S)N)r%get_public_key_credential_user_entityr )userkwargsrrk/var/www/html/authentication-server/venv/lib/python3.10/site-packages/allauth/mfa/webauthn/internal/auth.pybuild_user_payload!s rcCstjjtSN)rrequestsessiongetSTATE_SESSION_KEYrrrr get_state&sr#statecCs|tjjt<dSr)rrr r")r$rrr set_state*sr%cCstjjtddSr)rrr popr"rrrr clear_state.sr'cCs:t}tdi|}d}tjrdd}t||d}|S)NcSsdS)NTr)orrr7szget_server..) verify_originr)r#get_public_key_credential_rp_entityr rWEBAUTHN_ALLOW_INSECURE_ORIGINr) rp_kwargsrpr*serverrrr get_server2s  r0responsecCs(zt|WStytdwNincorrect_code)r from_dict TypeErrorrvalidation_errorr1rrrparse_registration_response<s    r8 passwordlesscCsRt}t|}|jt|||rtjntj|rtjntjtd\}}t |t |S)N)r credentialsresident_key_requirementuser_verification extensions) r0get_credentialsregister_beginrrREQUIRED DISCOURAGEDr EXTENSIONSr%dict)rr9r/r:registration_datar$rrrbegin_registrationCs rE credentialcCsRt}t}|stdz|||}Wn ty#tdwt|Sr2)r0r#rr6register_complete ValueErrorr')rFr/r$bindingrrrcomplete_registrationYs   rJcCsHg}tjj|tjjd}|D]}|jj}|r!||jjq|SN)rtype) robjectsfilterTypeWEBAUTHNwrapauthenticator_datacredential_dataappend)rr:authenticators authenticatorrSrrrr>gs r> credential_idcCs<tjj|tjjd}|D]}||jjjkr|Sq dSrK) rrMrNrOrPrQrRrSrW)rrWrUrVrrr"get_authenticator_by_credential_idss rXc Cs,zt|WSttfytdwr2)r r4r5rHrr6r7rrrparse_authentication_responses   rYcCs6t}|j|r t|ngtjd\}}t|t|S)N)r:r<)r0authenticate_beginr>r PREFERREDr%rC)rr/request_optionsr$rrrbegin_authentications r]c Csrz|did}tt|d}Wntttfy$tdwt j j |d }|s7td|S)Nr1 userHandleutf8r3)pk) r!rrdecoderHr5KeyErrorrr6rrMrNfirst)r1 user_handleuser_pkrrrrextract_user_from_responses  rfc Cst|}t}t}|stdz ||||}Wnty.}ztd|d}~wwtt||j }|s@td|Sr2) r>r0r#rr6authenticate_completerHr'rXrW)rr1r:r/r$rIerVrrrcomplete_authentications    ric@s|eZdZddZedededdfddZedefdd Z e j defd d Z ede fd d Z ede efd dZdS)WebAuthncCs ||_dSr)instance)selfrkrrr__init__s zWebAuthn.__init__namerFrcCs(t|tjj||dd}|||S)N)rnrF)rrLdata)rrOrPsave)clsrrnrFrkrrraddsz WebAuthn.addcCs |jjdSNrnrkrorlrrrrns z WebAuthn.namecCs||jjd<dSrsrt)rlrnrrrrnscCst|jjdjjjS)NrF)r8rkror1attestation_object auth_datarurrrrRs  zWebAuthn.authenticator_datacCs&|jjdidididS)NrFclientExtensionResultsrrk)rkror!rurrris_passwordlesss zWebAuthn.is_passwordlessN)__name__ __module__ __qualname__rm classmethodstrrCrrpropertyrnsetterr rRrboolrzrrrrrjs rj)rNr)6typingrrrrdjango.contrib.authrfido2.featuresfido2 fido2.serverr fido2.utilsrfido2.webauthnr r r r r rrrallauth.account.utilsr allauth.corer allauth.mfarallauth.mfa.adapterrallauth.mfa.modelsrfeatureswebauthn_json_mappingenabledr"rBrr#r%r'r0r8rrErJr>bytesrXrYr]rfrirjrrrrsB   (