U 7gd{&@s6ddlmZddlTddlmZGdddejZdS))fields)*)cmf_auth_openid_plugincseZdZejjdZdZeddZddZ fddZ fd d Z e d d d Z ee dddZedddZddZeddZddZZS)CmfAuthOpenIdPlugin)loggerNcCsB|jsСервер авторизации вернул ошибку Z AuthorizationzBearer Zuserinfo_endpoint)r8r0uПолучили токен )requests load_fieldsr'client_keycloaktokenrvalueZuserinfogetrrrrr verify_ssljsondict ext_client_id ext_secretdecryptpostraise_for_statusrinfo) rr&r:r= openid_confparamsr8resZuserinfo_responserrr get_token$s6      zCmfAuthOpenIdPlugin.get_token)r,cCs6ddl}ddl}||ddd}||}|S)Nr.==)base64rAZ b64decodesplitloads)r,rPrAZ decoded_tokenZ token_inforrr unpack_tokenAs  z CmfAuthOpenIdPlugin.unpack_token)jwtcCs(||d}|jd||d|jj}dddddg}tjj||d }|dd}|dd}|dd }|dd } |dd } |s|rtjjd d|g|d}|sF|jr>d} t | |r|} n|d|j } tj|| |||| d}tj g|_|| rFt| } | jdkrF|| jntd||_|jr||_||_||_| |_| rt| } | jdkr|| j|jr|tj||d}|j|j|j |_!||_"|j#|_$|d|_%|d|_&|d|_'|d|_(tj)rtj)d|_*||S)Nr,u.Создаем сессию по access_token r- ext_loginname first_name last_nameemail)rUrZ given_nameZ family_nameZpictureloginrO)filterrz0^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$@)rUrZrYrVrWrXu1Пользователя нет в системе)rTr refresh_tokenrefresh_expires_inscope expires_inr)+rSrrHr?Zusername_claimr>r!Z CmfPersonZcreate_new_userrematchdomainZCmfPersonGroupZ user_groupZ rg_member_ofr"requestZ status_codeZ set_avatarZcontent ExceptionrUZ update_userrVrYrWrXrZ CmfSessionZ auth_dateset_now reauth_daterZZ user_loginZ user_emailidZuser_idr^lifetimer`access_token_expires_inZ access_routeZ client_ip)rrTZpayloadrU_fieldsZpersonrYrVrWrXZ picture_urlpatternZ cmf_loginrKsessionrrr get_sessionMsp              zCmfAuthOpenIdPlugin.get_sessioncCsJddl}z|jd|jj|ddg|jr:t|jdkrV|j |j j}n~|j t j |jjjd|jjjd}t|j jd|jjj|jjd }d d i}|j|d |||jjjd }||}|r|j|d|_|d|_ |d|_||WSWn2|jd|jjd|_|YdSXdS)Nru Обновляем сессию disabledr(r)r.r/r^)r^r*r1r2r3r4r5r6r_rauAОшибка обновления сессии по токену T) r:rrHrir>r;rpAssertionErrorr'r<r^r?rrrrrr@rArBrCrDrErFrGrhrgrjrkr" exceptionZexpired)rrnr:rTrIrJr8rKrrrr^sB         z!CmfAuthOpenIdPlugin.refresh_tokencCsJddlm}|dg||jjj|jjj|jjj|jj |jj jdS)Nr)KeycloakOpenIDr()Z server_urlr1Z realm_nameZclient_secret_keyr0) r)rsr;rrr>rCZext_realm_namerDrEr@)rrsrrrr<s    z#CmfAuthOpenIdPlugin.client_keycloakcCsddlm}ddl}|dgztdtji}|jdkrX|j j |j j |j j |d}n|jtj|jjj d|jjj d}t}|jjj |d <|j j |d <d |d <|j j |d <tdtji|d<||}|dd|}|jd|t|WS|jdYnXdS)Nr) urlencoder(Znext_urlr))r+r`stater.r/r1r+r&Z response_typer`ruZauthorization_endpoint?u\Редиректим пользователя на страницу авторизации: u#Ошибка SSO редиректа)Z urllib.parsertr:r;rAdumpsreZurlr'r<Zauth_urlrr>r`r?rrrrrr@rBrCrrHZredirectrr)rrtr:Z state_paramsZ login_urlrIrJZqsrrrlogin_redirects2        z"CmfAuthOpenIdPlugin.login_redirect)__name__ __module__ __qualname__rrZ ui_meta_skipr propertyrrrr"strrL staticmethodrSrBror^r<rx __classcell__rrrrrs     <! rN)ZcmfrZ cmf.includerrrrrrs