U ^4I@sdZddlZddlmZmZddlmZmZmZmZm Z m Z m Z ddl m Z ddlmZmZmZmZmZmZmZmZmZmZmZmZddlmZdd lmZmZm Z m!Z!m"Z"m#Z#m$Z$dd l%m&Z&m'Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.Gd d d e/Z0dS) zY flask_login.login_manager ------------------------- The LoginManager class. N)datetime timedelta)_request_ctx_stackabort current_appflashredirectrequestsession) text_type) COOKIE_NAMECOOKIE_DURATION COOKIE_SECURECOOKIE_HTTPONLY LOGIN_MESSAGELOGIN_MESSAGE_CATEGORYREFRESH_MESSAGEREFRESH_MESSAGE_CATEGORY ID_ATTRIBUTEAUTH_HEADER_NAME SESSION_KEYSUSE_SESSION_FOR_NEXT)AnonymousUserMixin)user_loaded_from_cookieuser_loaded_from_headeruser_loaded_from_requestuser_unauthorizeduser_needs_refresh user_accessedsession_protected) _get_user login_url_create_identifier_user_context_processor encode_cookie decode_cookiemake_next_paramexpand_login_viewc@seZdZdZd*ddZd+ddZd,dd Zd d Zd d ZddZ ddZ ddZ ddZ ddZ d-ddZddZddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)ZdS). LoginManagerzThis object is used to hold the settings used for logging in. Instances of :class:`LoginManager` are *not* bound to specific apps, so you can create one in the main body of your code and then bind it to your app in a factory function. NTcCs~t|_d|_i|_t|_t|_d|_t |_ t |_ d|_ d|_d|_d|_d|_t|_d|_d|_t|_|dk rz|||dS)Nbasic)ranonymous_user login_viewblueprint_login_viewsr login_messagerlogin_message_category refresh_viewrneeds_refresh_messagerneeds_refresh_message_categorysession_protectionlocalize_callback user_callbackunauthorized_callbackneeds_refresh_callbackrZ id_attributeheader_callbackrequest_callbackr#_session_identifier_generatorinit_appselfappZadd_context_processorr?B/tmp/pip-install-hrdtmzsb/flask-login/flask_login/login_manager.py__init__#s&zLoginManager.__init__cCstdt|||dS)zl This method has been deprecated. Please use :meth:`LoginManager.init_app` instead. z5Warning setup_app is deprecated. Please use init_app.N)warningswarnDeprecationWarningr;r<r?r?r@ setup_app_szLoginManager.setup_appcCs4||_||j|jdd|_|r0|tdS)a Configures an application. This registers an `after_request` call, and attaches this `LoginManager` to it as `app.login_manager`. :param app: The :class:`flask.Flask` object to configure. :type app: :class:`flask.Flask` :param add_context_processor: Whether to add a context processor to the app that adds a `current_user` variable to the template. Defaults to ``True``. :type add_context_processor: bool ZLOGIN_DISABLEDFN)Z login_managerZ after_request_update_remember_cookieconfiggetZ_login_disabledZcontext_processorr$r<r?r?r@r;hs  zLoginManager.init_appcCstt|jr|Stj|jkr6|jtj}n|j}|sHt d|j r|j dk rpt | |j |j dnt |j |j dtj}|dtrt|}t|tjtd<t|}nt|tjd}t|S)a This is called when the user is required to log in. If you register a callback with :meth:`LoginManager.unauthorized_handler`, then it will be called. Otherwise, it will take the following actions: - Flash :attr:`LoginManager.login_message` to the user. - If the app is using blueprints find the login view for the current blueprint using `blueprint_login_views`. If the app is not using blueprints or the login view for the current blueprint is not specified use the value of `login_view`. - Redirect the user to the login view. (The page they were attempting to access will be passed in the ``next`` query string variable, so you can redirect there if present instead of the homepage. Alternatively, it will be added to the session as ``next`` if USE_SESSION_FOR_NEXT is set.) If :attr:`LoginManager.login_view` is not defined, then it will simply raise a HTTP 401 (Unauthorized) error instead. This should be returned from a view or before/after_request function, otherwise the redirect will have no effect. NcategoryrnextZnext_url)rsendr_get_current_objectr6r Z blueprintr-r,rr.r4rr/rGrHrr(r'urlr make_login_urlr)r=r,rGr" redirect_urlr?r?r@ unauthorized|s*     zLoginManager.unauthorizedcCs ||_|S)aB This sets the callback for reloading a user from the session. The function you set should take a user ID (a ``unicode``) and return a user object, or ``None`` if the user does not exist. :param callback: The callback for retrieving a user object. :type callback: callable )r5r=callbackr?r?r@ user_loaders zLoginManager.user_loadercCs ||_|S)a This function has been deprecated. Please use :meth:`LoginManager.request_loader` instead. This sets the callback for loading a user from a header value. The function you set should take an authentication token and return a user object, or `None` if the user does not exist. :param callback: The callback for retrieving a user object. :type callback: callable )r8rTr?r?r@ header_loaders zLoginManager.header_loadercCs ||_|S)a= This sets the callback for loading a user from a Flask request. The function you set should take Flask request object and return a user object, or `None` if the user does not exist. :param callback: The callback for retrieving a user object. :type callback: callable )r9rTr?r?r@request_loaders zLoginManager.request_loadercCs ||_|S)ab This will set the callback for the `unauthorized` method, which among other things is used by `login_required`. It takes no arguments, and should return a response to be sent to the user instead of their normal view. :param callback: The callback for unauthorized users. :type callback: callable )r6rTr?r?r@unauthorized_handlers z!LoginManager.unauthorized_handlercCs ||_|S)ai This will set the callback for the `needs_refresh` method, which among other things is used by `fresh_login_required`. It takes no arguments, and should return a response to be sent to the user instead of their normal view. :param callback: The callback for unauthorized users. :type callback: callable )r7rTr?r?r@needs_refresh_handlers z"LoginManager.needs_refresh_handlercCstt|jr|S|js*td|jdk rLt||j |j dnt|j |j dtj }| dt rt|j}t|tjtd<t|j}n|j}t|tjd}t|S)a This is called when the user is logged in, but they need to be reauthenticated because their session is stale. If you register a callback with `needs_refresh_handler`, then it will be called. Otherwise, it will take the following actions: - Flash :attr:`LoginManager.needs_refresh_message` to the user. - Redirect the user to :attr:`LoginManager.refresh_view`. (The page they were attempting to access will be passed in the ``next`` query string variable, so you can redirect there if present instead of the homepage.) If :attr:`LoginManager.refresh_view` is not defined, then it will simply raise a HTTP 401 (Unauthorized) error instead. This should be returned from a view or before/after_request function, otherwise the redirect will have no effect. rINrJrrLrM)rrNrrOr7r0rr4rr1r2rGrHrr(r'r rPr rQr)r=rGr"rRr?r?r@ needs_refreshs(     zLoginManager.needs_refreshcCsntj}|dkrdtd}|dkr,||_qj|jdkr>td||}|dkr\||_qj||_n||_dS)a This set the ctx.user with the user object loaded by your customized user_loader callback function, which should retrieved the user object with the user_id got from session. Syntax example: from flask_login import LoginManager @login_manager.user_loader def any_valid_func_name(user_id): # get your user object using the given user_id, # if you use SQLAlchemy, for example: user_obj = User.query.get(int(user_id)) return user_obj Reason to let YOU define this self.user_callback: Because we won't know how/where you will load you user object. Nuser_idzNo user_loader has been installed for this LoginManager. Refer tohttps://flask-login.readthedocs.io/en/latest/#how-it-works for more info.)rtopr rHr+userr5 Exception)r=r^ctxr\r?r?r@ reload_user"s     zLoginManager.reload_usercCstttj}|d|jr6|}|r6|Sdt k}|r|dt }|dt }|t j kopt ddk}|r|t j |S|jr|t S|t jkr|t j|S|S)z;Loads user from session or remember_me cookie as applicableSESSION_PROTECTIONr\REMEMBER_COOKIE_NAMErrememberclear)rrNrrOrGrHr3_session_protectionrar r rr cookies_load_from_cookier9_load_from_requestheaders_load_from_header)r=rGZdeletedZis_missing_user_id cookie_name header_nameZ has_cookier?r?r@ _load_userIs(      zLoginManager._load_usercCst}|}t}|jd|j}|r||ddkr|dksJ|jr`d|d<t |dS|dkrt D]}| |dqld|d<t |d SdS) NrbZ_idr*F_freshstrongrerdT) r rOr:rrGrHr3Z permanentr rNrpop)r=sessidentr>modekr?r?r@rfis   z LoginManager._session_protectioncCsPt|}|dk r |td<dtd<|tjjdk rLt}tj |t ddS)Nr\Fror^) r&r rarr]r^rrOrrNr!)r=cookier\r>r?r?r@rhs zLoginManager._load_from_cookiecCsNd}|jr||}|dk rB|j|dt}tj|tdn|dSNrv)r8rarrOrrNr!)r=headerr^r>r?r?r@rks  zLoginManager._load_from_headercCsNd}|jr||}|dk rB|j|dt}tj|tdn|dSrx)r9rarrOrrNr!)r=r r^r>r?r?r@ris  zLoginManager._load_from_requestcCsbdtkrtjdrdtd<dtkr^tdd}|dkrLdtkrL||n|dkr^|||S)NrdZ$REMEMBER_COOKIE_REFRESH_EACH_REQUESTsetr\re)r rrGrHrq _set_cookie _clear_cookie)r=responseZ operationr?r?r@rFs    z$LoginManager._update_remember_cookiec Cstj}|dt}|d}|dd}|dt}|dt}dtkrXttdd}n |d t}t t td } t |t rt|d}zt |} Wn&tk rtd d |YnX|j|| | ||||d dS)NrcREMEMBER_COOKIE_DOMAINREMEMBER_COOKIE_PATH/ZREMEMBER_COOKIE_SECUREZREMEMBER_COOKIE_HTTPONLYZremember_seconds)secondsZREMEMBER_COOKIE_DURATIONr\z#REMEMBER_COOKIE_DURATION must be a z$datetime.timedelta, instead got: {0})valueexpiresdomainpathsecurehttponly)rrGrHr rrr rrr%r isinstanceintrutcnow TypeErrorr_format set_cookie) r=r}rGrlrrrrdurationdatarr?r?r@r{s8         zLoginManager._set_cookiecCs<tj}|dt}|d}|dd}|j|||ddS)Nrcr~rr)rr)rrGrHr Z delete_cookie)r=r}rGrlrrr?r?r@r|s    zLoginManager._clear_cookie)NT)T)T)N)__name__ __module__ __qualname____doc__rArEr;rSrVrWrXrYrZr[rarnrfrhrkrirFr{r|r?r?r?r@r)s( < 7    . '    %r))1rrBrrZflaskrrrrrr r _compatr rGr rrrrrrrrrrrZmixinsrZsignalsrrrrrrr utilsr!r"rQr#r$r%r&r'r(objectr)r?r?r?r@s$ 8 $(