U Vc)@sddlZddlZddlZddlZddlZddlZddlZddlmZddl m Z m Z ddl m Z mZddlmZddlmZddlmZddlmZmZdd lTdd lmZGd d d ejZdS) N)SMTP_SSL)AES PKCS1_OAEP)SHA256SHA1)RSA)get_random_bytes) PKCS1_v1_5)padunpad)*)authcseZdZdZdZeddZeddZddZe d d Z d d Z d dZ e ddZe ddZe ddZe ddZddZddZe ddZe ddZe d*d!d"Ze d#d$Ze d+d&d'Zfd(d)ZZS),CmfAuth cCs |jt|jddS)N$ pass_hashloadbase64 b64decodesplitselfr./modules/auth/models/auth.pykeys z CmfAuth.keycCs |jt|jddS)Nrrrrrrsalts z CmfAuth.saltcCs2t|j}|ttt7}||j7}|SN)secrets token_hex token_lengthstrinttimerhex)rserver_challengerrrgen_server_challenge#s zCmfAuth.gen_server_challengecCsd|jd}}|||}||d}}|||}|t|}}t|||}td||d} t|j} t t t }|| ||} t t j} t | t j| } | t| t j}| |S)Nrrsha256順)r#lenbytesfromhexhashlib pbkdf2_hmacencoder!r"r$r%r&rr block_sizenewMODE_CBCZencryptr r')clsloginpasswordr(startend server_randomserver_timestampZ server_saltZtest_key client_randomZsecretivcipherZencrypted_secretrrrtest_gen_server_challenge_resp)s&    z&CmfAuth.test_gen_server_challenge_respc Csddd}|ddg|jsftjtdrfttd}|}W5QRX|d|_| |j j t t td|jj d }tt|}tt|}|d |S) NZRS256ZJWT)Zalgtypr7scope/custom/org_name:iփ)r7exprB.)Z load_fieldsrBospathexists PROJECT_DIRopenreadstripsaver7valuer$r%r&r b64encodejsondumpsr2decode)rheaderforg_namepayloadrrr create_jwtFs  zCmfAuth.create_jwtcCsT|}ttj}t}||||}t | }|d|}|S)NrF) rXr r4APPZrsa_private_keyrupdater2signrrPrS)rjwtZsignerdigestr[resrrrrsa_sign_pack_jwtYs  zCmfAuth.rsa_sign_pack_jwtcCs|d\}}}t}|d|}||t|}ttj }| ||}|s^dSt| }t| }t |}t |}ttt|dkrtdt|ddS||dS)NrFrEu9Время жизни токена закончилось)rTrW)rrr4rZr2rrr rYZrsa_public_keyZverifyrSrQloadsr%r&gdebug)rjwtrTrWZ signaturer]r\ZverifierZverifiedrrrrsa_verify_unpack_jwtds"     zCmfAuth.rsa_verify_unpack_jwtc Cs|td|stddSz||}Wn2tk r\}ztjdd}W5d}~XYnX|sptddS|dd}|dd|_|dd|_|dd |_ d|_ d|_ d}t j td rttd }|}W5QRX| |_ |j pd d D]T}|r||d r"d|_ |dkrtjjrtd|d|_ d|_ qtd|jd|j d|j |S)Nzfrom_jwt: startzfrom_jwt: warn not jwtzfail unpack jwtz2from_jwt: warn not cls.rsa_verify_unpack_jwt(rjwt)T)emptyrWr7rBrC rDr uCfrom_jwt: Доступ по билету тех поддержки zfrom_jwt: jwt is ok, z, z , is_local=)rarbrd ExceptionrYloggerZ exceptionr7emailrBZjwt_is_supportZjwt_is_match_orgrGrHrIrJrKrLrMr startswithZglobal_settingsZ support_mode)r6rcr\eobjrVrUZpermrrrfrom_jwt~s@      "zCmfAuth.from_jwtcCs|j|d}|sdStjr|St|}dtj}}|||}|t|}}|||}t|j tj |}| |} t | tj} | } d|jd}}| ||} |||jd}}| ||} |||j}}| ||}|t| }}| ||}tt|dkrdS|S)N)r7rr*iQ)getconfigZ FAKE_LOGINr.r/rr3r-r4rr5Zdecryptr rSr# ts_lengthr&r%)r6r7Zchallenge_resprmr9r:r>Zencrypted_messager?Zres0Zres1Zres2r;r=r<rrrget_by_challenge_resps2           zCmfAuth.get_by_challenge_respcCs"|}||_||_||||Sr )r7rj set_pass_hash)r6r7hashrrmrrrnew_from_login_hash_salts  z CmfAuth.new_from_login_hash_saltcCs$t|}t|}|||dSr )r.r/set_pass_hash_bytes)rrtr hash_bytes salt_bytesrrrrss  zCmfAuth.set_pass_hashcCs<|jt|}t|}d|d||_dS)Nzpbkdf2_sha256$100000$r)rrrrPrS)rrwrxZhash_b64Zsalt_b64rrrrvs  zCmfAuth.set_pass_hash_bytescCstjSr )rar )r6rrr current_authszCmfAuth.current_authcCs:g}tdD]}|ttjtjq d|dS)Nrfzutf-8) rangeappendrandomchoicestring ascii_lettersdigitsjoinr2)r6charsirrrgen_salts zCmfAuth.gen_saltTcstjtjdfddt|D}|}td||d}|}||_ ||_ | |||rt| ||nt |d||S)Nrfc3s|]}tVqdSr )r}r~).0rZlettersrr sz)CmfAuth.new_from_login..r+r,rD)rrrrr{rr0r1r2r7rjrv send_passwordprint)r6r7lengthZ send_emailr8rrtrmrrrnew_from_logins"  zCmfAuth.new_from_loginc Cs ddlm}ddl}ddlm}ddlm}dtj}d|g}d |d} |d} || d <tj | d <|| d <|d } | | || } | | z.t tj tjd d} | | tj tjWn6tk r}zt||WYdSd}~XYnX| | d | d | | dS)Nr)SMTP) MIMEMultipart)MIMETextu&Пароль для доступа к u Пароль: ZrelatedZSubjectZFromZToZ alternative)timeout)smtplibr tracebackZemail.mime.multipartrZemail.mime.textrrpZ PROJECT_NAMErZ EMAIL_USERZattachrZEMAIL_HOST_ADDRZ EMAIL_PORTZehlor7ZEMAIL_PASSWORDOSErrorr format_excZsendmailZ as_stringquit)r6r8rjrrrrZsubjectZ msg_contentsZbodyZmsg_rootZmsg_alternativeZplainZsmtprlrrrrs0       zCmfAuth.send_passwordNcCshddlm}|}tj||d}||jtjd|ddd}|jdkrVt d t |j d d S) Nr)session)r7 rg_member_ofz /auth/signupT)r7Zgen_pwd)datau>Не удалось создать учётную запись access_token)r) ZrequestsrZmodelsZ CmfPersonrNZpostrpZAUTH_SERVER_URLZ status_coderhdictZcookiesro)r6r7rrsZpersonrrrr create_person(s   zCmfAuth.create_personcsp|jjrb|jjsb|jjrd|_|jD].}|j|D]}|jd|d|7_q2q$|jj|_tj||S)NrfrgrD)groupsZ is_changedZis_nullrBrOrMsuperrN)rargskwargsrVZgrp_name __class__rrrN>s z CmfAuth.save)rT)N)__name__ __module__ __qualname__r#rqpropertyrrr) classmethodr@rXr_ staticmethodrdrnrrrursrvryrrrrrN __classcell__rrrrrs@      ' '       r)rr0rQr}r!rr&rrZ Crypto.CipherrrZ Crypto.HashrrZCrypto.PublicKeyrZ Crypto.RandomrZCrypto.Signaturer ZCrypto.Util.Paddingr r Z cmf.includeZmodules.auth.fieldsr rrrrrs