a ϑ`_@sddlmZddlmZmZddlZddlZddlZddlZddl m Z m Z m Z ddl mZddlZddlmZedZeZed Zed gd ZGd d d eZGdddZdS))partial) HTTPServerBaseHTTPRequestHandlerN)urlparseparse_qs urlencode) namedtuple) get_configZrepo_cli verify_sslConfig) client_idport authorize_url token_url redirect_uriservercsDeZdZfddZddZddZddZd d Zd d ZZ S) RequestHandlercs||_tj|i|dSN)configsuper__init__)selfrargskwargs __class__?lib/python3.9/site-packages/repo_cli/utils/local_auth_server.pyrszRequestHandler.__init__cCs~d|jvr>t|jjd|jjd}dj|jj|d}||Sd|jvrntt |jj }|dd}| |S| dd d S) a  The main handler for the auth server. To initiate the flow, we are openining the browser at http://localhost:PORT/get_token, which generates the redirect header to the OpenID Connect Provider/ Once user is logged in on OpenID Connect provider, it's redirected back to the http://localhost:PORT/?code=CODE&.... location, query string contains the authorization code in `code` parameter. Next we need to exchange the code for a jwt token, calling the token endpoint. /get_tokencode)r Z response_typerz{authorize_url}?{qs})rqszcode=riz Not FoundN) pathrrr rformatrredirectrrquery process_coderesponse)rr!Z redirect_urlr rrrdo_GETs     zRequestHandler.do_GETcCs|jj}d||jj|jjd}tj||td}|dd|jdkrf| d}||jj _ t dnt d|||jtd S) aK Exchanges the authorization code, send back by OpenID Connect provider for the token, calling the token endpoint with the proper client_id and redirect_uri. Args: code (str): authorization_code string Returns: None, stops the webserver by exiting and stopping the thread. Zauthorization_code)Z grant_typer r rZverifyzToken received access_tokenzReceived access_tokenz$Accessed %s with %s and got error %sN)rrr rrequestsZpostr r'Z status_codejsonrr+loggerinfoerrortextsysexit)rr rdatarr+rrrr&=s      zRequestHandler.process_codecCs"|d|d||dS)Ni.ZLocation) send_response send_header end_headers)rlocationrrrr$[s  zRequestHandler.redirectcCs2|||dd||j|dS)Nz Content-Typez text/html)r6r7r8Zwfilewriteencode)rstatusr4rrrr'`s  zRequestHandler.responsecGsdSrr)rr#rrrr log_messagefszRequestHandler.log_message) __name__ __module__ __qualname__rr(r&r$r'r= __classcell__rrrrrs  rc@sJeZdZdddZeddZejddZddZd d Zdd d Z dS) WebServerNcCsP||_tj|td}|d|_|d|_|dur<||_n ||_d|_ dS)Nr)Zauthorization_endpointZtoken_endpoint) r r,getr r-rrrfind_unused_port _access_token)rr Zopenid_configuration_urlrZ openid_confrrrrks   zWebServer.__init__cCs|jSrrE)rrrrr+vszWebServer.access_tokencCs|r ||_dSrrF)rvaluerrrr+zscCsXd|jf}t|j|j|j|j|d|d}tt|}t||}t j |j d}d|_ |S)N/)rr rrrr)targetT) rr r rr localhost_urlrrr threadingThreadZ serve_foreverdaemon)rZserver_addressrZhandlerrthreadrrrstarts   zWebServer.startcCsJttjtj&}|d|dWdS1s<0YdS)zN Returns an unused port number on localhost. Will be used for webserver port. )z 127.0.0.1rr N)socketZAF_INETZ SOCK_STREAMZbindZ getsockname)rsrrrrDs zWebServer.find_unused_portrcCsdj|j|dS)Nzhttp://localhost:{port}{path})rr")r#r)rr"rrrrKszWebServer.localhost_url)N)r) r>r?r@rpropertyr+setterrPrDrKrrrrrBjs   rB) functoolsrZ http.serverrrloggingr,rQrL urllib.parserrr collectionsrr2rr Z getLoggerr.Zdefault_configrCr r rrBrrrrs$     P