U TFdQ#@s6ddlmZddlTddlmZGdddejZdS))fields)*)cmf_auth_openid_plugincseZdZejjdZdZeddZddZ fddZ fd d Z e d d d Z ee dddZedddZddZeddZddZZS)CmfAuthOpenIdPlugin)loggerNcCsB|jsСервер авторизации вернул ошибку uПолучили токен )requests load_fieldsr'client_keycloaktokenrvaluegetrrrrr verify_ssljsondict ext_client_id ext_secretpostraise_for_statusrinfo)rr&r8r; openid_confparamsr6resrrr get_token$s,     zCmfAuthOpenIdPlugin.get_token) access_tokencCs6ddl}ddl}||ddd}||}|S)Nr.==)base64r?Z b64decodesplitloads)rJrNr?Z decoded_tokenZ token_inforrr unpack_tokenAs  z CmfAuthOpenIdPlugin.unpack_token)jwtc Cs||d}|jd|||jj}dddddg}tjj||d}|sv|drvtjjd d |dg|d }|s|jrd }t ||r|}n|d |j }tj|||d|d|d|dd}tj g|_ntd||_|jr|tj||d}|j|j|j|_|d|_|j|_|d|_|d|_|d|_|d|_t j!r|t j!d|_"||S)NrJu.Создаем сессию по access_token ext_loginname first_name last_nameemail)rSrloginrM)filterrz0^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$@Z given_nameZ family_name)rSrXrWrTrUrVu1Пользователя нет в системе)rRr refresh_tokenrefresh_expires_inscope expires_inr)#rQrrEr=Zusername_claimr<r!Z CmfPersonZcreate_new_userrematchdomainZCmfPersonGroupZ user_groupZ rg_member_of ExceptionrSrr"Z CmfSessionZ auth_dateset_now reauth_daterXZ user_loginZ user_emailidZuser_idr[lifetimer]access_token_expires_inrequestZ access_routeZ client_ip) rrRZpayloadrS_fieldsZpersonpatternZ cmf_loginsessionrrr get_sessionMsJ         zCmfAuthOpenIdPlugin.get_sessioncCsHddl}z|jd|jj|ddg|jr:t|jdkrV|j |j j}n||j t j |jjjd|jjjd}t|j jd|jjj|jjjd }d d i}|j|d |||jjjd }||}|r|j|d|_|d|_ |d|_||WSWn2|jd|jjd|_|YdSXdS)Nru Обновляем сессию disabledr(r)r,r-r[)r[r*r/r0r1r2r3r4r\r^uAОшибка обновления сессии по токену T)r8rrErer<r9rmAssertionErrorr'r:r[r=rrrrrr>r?r@rArBrCrDrdrcrfrgr" exceptionZexpired)rrkr8rRrFrGr6rHrrrr[usB        z!CmfAuthOpenIdPlugin.refresh_tokencCsHddlm}|dg||jjj|jjj|jjj|jjj|jj jdS)Nr)KeycloakOpenIDr()Z server_urlr/Z realm_nameZclient_secret_keyr.) r)rpr9rrr<rAZext_realm_namerBr>)rrprrrr:s   z#CmfAuthOpenIdPlugin.client_keycloakcCs ddlm}ddl}|dgztdtji}|jdkrX|j j |j j |j j |d}n|jtj|jjj d|jjj d}t}|jjj |d <|j j |d <d |d <|j j |d <tdtji|d<||}tj|dd|}|jd|t|WS|jdYnXdS)Nr) urlencoder(Znext_urlr))r+r]stater,r-r/r+r&Z response_typer]rrZauthorization_endpoint?u\Редиректим пользователя на страницу авторизации: u#Ошибка SSO редиректа)Z urllib.parserqr8r9r?dumpsrhZurlr'r:Zauth_urlrr<r]r=rrrrrr>r@rArrEZredirectro)rrqr8Z state_paramsZ login_urlrFrGZqsrrrlogin_redirects2        z"CmfAuthOpenIdPlugin.login_redirect)__name__ __module__ __qualname__rrZ ui_meta_skipr propertyrrrr"strrI staticmethodrQr@rlr[r:ru __classcell__rrrrrs     (! rN)ZcmfrZ cmf.includerrrrrrs