U BdR'@s6ddlmZddlTddlmZGdddejZdS))fields)*)cmf_auth_openid_plugincseZdZejjdZdZeddZddZ fddZ fd d Z e d d d Z ee dddZedddZddZeddZdddZZS)CmfAuthOpenIdPlugin)loggerNcCsB|jsСервер авторизации вернул ошибку Z AuthorizationzBearer Zuserinfo_endpoint)r8r0uПолучили токен )requests load_fieldsr'client_keycloaktokenrvalueZuserinfogetrrrrr verify_ssljsondict ext_client_idcmfutil disable_acl ext_secretdecryptpostraise_for_statusrinfo) rr&r:r= openid_confparamsr8resZuserinfo_responserrr get_token$s8        zCmfAuthOpenIdPlugin.get_token)r,cCs6ddl}ddl}||ddd}||}|S)Nr.==)base64rAZ b64decodesplitloads)r,rRrAZ decoded_tokenZ token_inforrr unpack_tokenBs  z CmfAuthOpenIdPlugin.unpack_token)jwtcCs(||d}|jd||d|jj}dddddg}tjj||d }|dd}|dd}|dd }|dd } |dd } |s|rtjjd d|g|d}|sF|jr>d} t | |r|} n|d|j } tj|| |||| d}tj g|_|| rFt| } | jdkrF|| jntd||_|jr||_||_||_| |_| rt| } | jdkr|| j|jr|tj||d}|j|j|j |_!||_"|j#|_$|d|_%|d|_&|d|_'|d|_(tj)rtj)d|_*||S)Nr,u.Создаем сессию по access_token r- ext_loginname first_name last_nameemail)rWrZ given_nameZ family_nameZpictureloginrQ)filterrz0^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$@)rWr\r[rXrYrZu1Пользователя нет в системе)rVr refresh_tokenrefresh_expires_inscope expires_inr)+rUrrJr?Zusername_claimr>r!Z CmfPersonZcreate_new_userrematchdomainZCmfPersonGroupZ user_groupZ rg_member_ofr"requestZ status_codeZ set_avatarZcontent ExceptionrWZ update_userrXr[rYrZrZ CmfSessionZ auth_dateset_now reauth_dater\Z user_loginZ user_emailidZuser_idr`lifetimerbaccess_token_expires_inZ access_routeZ client_ip)rrVZpayloadrW_fieldsZpersonr[rXrYrZZ picture_urlpatternZ cmf_loginrMsessionrrr get_sessionNsp              zCmfAuthOpenIdPlugin.get_sessionc Cs^ddl}z|jd|jj|ddg|jr:t|jdkrV|j |j j}n|j t j |jjjd|jjjd}t(t|j jd|jjj|jjd }W5QRXd d i}|j|d |||jjjd }||}|r$|j|d|_|d|_ |d|_||WSWn2|j d|jjd|_!|YdSXdS)Nru Обновляем сессию disabledr(r)r.r/r`)r`r*r1r2r3r4r5r6rarcuAОшибка обновления сессии по токену T)"r:rrJrkr>r;rrAssertionErrorr'r<r`r?rrrrrr@rArDrErBrCrFrGrHrIrjrirlrmr" exceptionZexpired)rrpr:rVrKrLr8rMrrrr`sD          z!CmfAuthOpenIdPlugin.refresh_tokenc Csjddlm}|dgt@||jjj|jjj|jj j|jj |jj jdW5QRSQRXdS)Nr)KeycloakOpenIDr()Z server_urlr1Z realm_nameZclient_secret_keyr0) r)rur;rDrErrr>rCZext_realm_namerFrGr@)rrurrrr<s     z#CmfAuthOpenIdPlugin.client_keycloakc Cs ddlm}ddl}|stj}|dgztd|i}|jdkr`|j j |j j |j j |d}n|jtj|jjj d|jjj d}t}|jjj |d <|j j |d <d |d <|j j |d <td|i|d<||}|dd|}|jd|t|WS|jdYnXdS)Nr) urlencoder(next_urlr))r+rbstater.r/r1r+r&Z response_typerbrxZauthorization_endpoint?u\Редиректим пользователя на страницу авторизации: u#Ошибка SSO редиректа)Z urllib.parservr:rgZurlr;rAdumpsr'r<Zauth_urlrr>rbr?rrrrrr@rBrCrrJZredirectrt) rrwrvr:Z state_paramsZ login_urlrKrLZqsrrrlogin_redirects6        z"CmfAuthOpenIdPlugin.login_redirect)N)__name__ __module__ __qualname__rrZ ui_meta_skipr propertyrrrr"strrN staticmethodrUrBrqr`r<r{ __classcell__rrrrrs     <" rN)ZcmfrZ cmf.includerrrrrrs