9iJdZddlZddlZddlZddlZddlmZddlZddlZ ddl m Z m Z ddl m Z mZmZddlmZej,eZd?d Zd Zd Zd?d Zd ZdZdZdZ Gdde Z!Gdde e"Z#Gdde#Z$Gdde"Z%edk(rddl&Z&ddl'Z'ddl(m)Z)ejTejVe&jXe&jZedzxZ.Z/e.jadd d!"e.jad#d$%e.jad&e1dd'(e.jad)e1d*d+(e.jad,d-d./e.jad0dd1/e/jeZ3e)d2e3jhie3jjZ6e%e3jn35Z8e6jse3jtre3jtjwndd4jye3jze8j}56Z?e@e'je8je?d7d8d9d:e3je?d;<d=>dddyy#e$r ddlm Z m Z ddl m Z mZddlmZddlmZY8wxYw#1swYyxYw)@a$A one-stop helper for desktop app to acquire an authorization code. It starts a web server to listen redirect_uri, waiting for auth code. It optionally opens a browser window to guide a human user to manually login. After obtaining an auth code, the web server will automatically shut down. N)Template) HTTPServerBaseHTTPRequestHandler)urlparseparse_qs urlencode)escape)rr)rct|5}|j|djdcdddS#1swYyxYw)Nportz Open this link to Sign In (You may want to use incognito window)
Abort )auth_uriwelcome_templatecode)AuthCodeReceiverget_auth_responseget) listen_portr receivers J/var/www/html/venv/lib/python3.12/site-packages/msal/oauth2cli/authcode.pyobtain_auth_codersG { +x))"*c&ks "9AcL td5}|jD]B}|jdddj}|jdk7s:dddy dddt j jdS#1swY(xYw#t$rY6wxYw)Nz/proc/1/cgroup:/Tz /.dockerenv)open readlinessplitstripIOErrorospathexists)fline cgroup_paths r_is_inside_dockerr&*s  " # q  "jja0399; $$&#-      77>>- ((      s; BA B B B"B $B BB B#"B#cddl}|j}t|d|dj}t|d|dj}|dk(xrd|vS)Nrsystemreleaserlinux microsoft)platformunamegetattrlower)r,r- platform_namer)s ris_wslr18s^  NN EE8U1X6<<>MeYa1779G G # > w(>>cddl}|r!|j|j|}n|j|}|s:tr0 ddl}|j ddddj |g}|dk(}|S|S#t$rY|SwxYw)zJBrowse uri with named browser. Default browser is customizable by $BROWSERrNzpowershell.exez -NoProfilez-CommandzStart-Process "{}") webbrowserrrr1 subprocesscallformatFileNotFoundError)r browser_namer4browser_openedr5 exit_codes r_browser<Ds# 5::8D$2 fh  #!<=Q=X=XYa=bceI&!^N >!    s-A77 BBc |jDcic]+\}}|t|trt|dk(r|dn|-c}}Scc}}w)z;Flatten parse_qs()'s single-item lists into the item itselfr)items isinstancelistlen)qskvs r_qs2kvrF[sLHHJ Aq z!T*s1v{qt A   s0Ac$|jdS)N<) startswithtexts r_is_htmlrLas ??3 r2ch|jDcic]\}}|t|c}}Scc}}wN)r?r )key_value_pairsrDrEs r_escaperPes+%4%:%:%< =TQAvayL == =s.c\t|tr|js t|S|SrN)r@str isprintablereprrJs r _printifyrUis%#D#.t7G7G7I4:StSr2c eZdZdZddZdZy)_AuthCodeHandlerctt|jj}|j ds|j drt |}t jd||jjr:|jj|j dk7r|jdyd|vr|jjn|jj}t|jr t|}n|}|j|j di|||j_y|j|jj$y)NrerrorzGot auth response: %sstatezState mismatch)rrr!queryrrFloggerdebugserver auth_state_send_full_responsesuccess_templateerror_templaterLtemplaterPsafe_substitute auth_response welcome_page)selfrCrfrd safe_datas rdo_GETz_AuthCodeHandler.do_GEToshtyy)// 0 66&>RVVG_"2JM LL0- @{{%%$++*@*@MDUDUV]D^*^(()9:|!KK88)-)C)CH--. ' 6I -I(()A)A)A)NI)NO,9 )  $ $T[[%=%= >r2c|j|rdndt|rdnd}|jd||j|jj |j dy)Niz text/htmlz text/plainz Content-typezutf-8) send_responserL send_header end_headerswfilewriteencode)rhbodyis_ok content_types rraz$_AuthCodeHandler._send_full_responsesX %3S1&.tn{,  6  W-.r2cLtj|gtt|yrN)r]r^maprU)rhr7argss r log_messagez_AuthCodeHandler.log_messages V3c)T23r2N)T)__name__ __module__ __qualname__rjraryr[r2rrWrWns?0/4r2rWc$eZdZfdZdZxZS)_AuthCodeHttpServerc|\}}|r$tjdk(s trd|_t t ||g|i|y)Nwin32F)sysr,r1allow_reuse_addresssuperr~__init__)rhserver_addressrxkwargs_r __class__s rrz_AuthCodeHttpServer.__init__sB 4 S\\W, (-D $ !41.R4R6Rr2ctd)Nz"Timeout. No auth response arrived.) RuntimeErrorrhs rhandle_timeoutz"_AuthCodeHttpServer.handle_timeouts?@@r2)rzr{r|rr __classcell__)rs@rr~r~sSAr2r~c$eZdZejZy)_AuthCodeHttpServer6N)rzr{r|socketAF_INET6address_familyr[r2rrrs __Nr2rcDeZdZd dZdZd dZ d dZdZdZdZ y) rNctrdnd}t|xsg|_d|vrtnt}|||xsdft |_d|_y)aCreate a Receiver waiting for incoming auth response. :param port: The local web server will listen at http://...: You need to use the same port when you register with your app. If your Identity Provider supports dynamic port, you can use port=0 here. Port 0 means to use an arbitrary unused port, per this official example: https://docs.python.org/2.7/library/socketserver.html#asynchronous-mixins :param scheduled_actions: For example, if the input is ``[(10, lambda: print("Got stuck during sign in? Call 800-000-0000"))]`` then the receiver would call that lambda function after waiting the response for 10 seconds. z0.0.0.0 127.0.0.1rrFN)r&sorted_scheduled_actionsrr~rW_server_closing)rhr scheduled_actionsaddressServers rrzAuthCodeReceiver.__init__sU 12) #)):)@b"A),%=Pw 24DE  r2c4|jjdS)z*The port this server actually listening tor>)rrrs rget_portzAuthCodeReceiver.get_ports||**1--r2c i}tj|j|f|}d|_|j t j }|rt j |z |krn t j d|jsn|jrt j |z |jddkDr\|jjd\}}||jr+t j |z |jddkDr\|rt j |z |krn|xsdS)aWait and return the auth response. Raise RuntimeError when timeout. :param str auth_uri: If provided, this function will try to open a local browser. :param int timeout: In seconds. None means wait indefinitely. :param str state: You may provide the state you used in auth_uri, then we will use it to validate incoming response. :param str welcome_template: If provided, your end user will see it instead of the auth_uri. When present, it shall be a plaintext or html template following `Python Template string syntax `_, and include some of these placeholders: $auth_uri and $abort_uri. :param str success_template: The page will be displayed when authentication was largely successful. Placeholders can be any of these: https://tools.ietf.org/html/rfc6749#section-5.1 :param str error_template: The page will be displayed when authentication encountered error. Placeholders can be any of these: https://tools.ietf.org/html/rfc6749#section-5.2 :param callable auth_uri_callback: A function with the shape of lambda auth_uri: ... When a browser was unable to be launch, this function will be called, so that the app could tell user to manually visit the auth_uri. :param str browser_name: If you did ``webbrowser.register("xyz", None, BackgroundBrowser("/path/to/browser"))`` beforehand, you can pass in the name "xyz" to use that browser. The default value ``None`` means using default browser, which is customizable by env var $BROWSER. :return: The auth response of the first leg of Auth Code flow, typically {"code": "...", "state": "..."} or {"error": "...", ...} See https://tools.ietf.org/html/rfc6749#section-4.1.2 and https://openid.net/specs/openid-connect-core-1_0.html#AuthResponse Returns None when the state was mismatched, or when timeout occurred. )targetrxrTr>rN) threadingThread_get_auth_responsedaemonstarttimesleepis_aliverpop)rhtimeoutrresulttbeginrcallbacks rrz"AuthCodeReceiver.get_auth_responsesj   **&6 K   18tyy{U"W,d JJqM::<** e+d.E.Ea.H.KK"5599!< 8 ** e+d.E.Ea.H.KK 29tyy{U"W,d~r2c dj|j} dj| } tjd| t |xsdj || |j _|rp|r| n|} tjd| zd } t| | } | s@|s6tjd j| ||j n|| t |xsd|j _ t |xsd|j _ ||j _i|j _||j _|j"s>|j j%|j jrn |j"s>|j'|j jy#tjd Y;xYw)Nzhttp://localhost:{p})pz{loc}?error=abort)loczAbort by visit %s)r abort_uriz*Open a browser on this device to visit: %sF)r9z_browse(...) unsuccessfulaFound no browser in current environment. If this program is being run inside a container which either (1) has access to host network (i.e. started by `docker run --net=host -it ...`), or (2) published port {port} to host network (i.e. started by `docker run -p 127.0.0.1:{port}:{port} -it ...`), you can use browser on host to visit the following link. Otherwise, this auth attempt would either timeout (current timeout setting is {timeout}) or be aborted by CTRL+C. Auth URI: {auth_uri})r rr z8Authentication completed. You can close this window now.z?Authentication failed. $error: $error_description. ($error_uri))r7rr]r^rrerrginfor< exceptionwarningrbrcrrfr`rhandle_requestupdate)rhrr rrZrrbrcauth_uri_callbackr9 welcome_urir_urir:s rrz#AuthCodeReceiver._get_auth_responses -33dmmo3F '..;.?  ()4$,-=-C$D$T$T%U%4 ! "2;D KKDtK L"N >!(L!I "(NN HIO%)7IOIR S&d+(01A2G F)H %&.~0N M'O # ' %' ""' -- LL ' ' )||)) --  dll001I >  !<=s  G G#cFd|_|jjy)zGEither call this eventually; or use the entire class as context managerTN)rr server_closers rclosezAuthCodeReceiver.closePs  !!#r2c|SrNr[rs r __enter__zAuthCodeReceiver.__enter__Us r2c$|jyrN)r)rhexc_typeexc_valexc_tbs r__exit__zAuthCodeReceiver.__exit__Xs  r2)NNrN)NNNNNNNN) rzr{r|rrrrrrrr[r2rrrs9!F. CJMQIM"42l$ r2r__main__r>)Client)levelz/The auth code received will be shown at stdout.)formatter_class descriptionz --endpointzThe auth endpoint for your app.z>https://login.microsoftonline.com/common/oauth2/v2.0/authorize)helpdefault client_idz!The client_id of your application)rz--portzThe port in redirect_uri)typerrz --timeout<zTimeout value, in secondz--hostrzThe host of redirect_uri)rrz--scopezThe scope listauthorization_endpointr zhttp://{h}:{p})hr)scope redirect_urir zASign In, or AbortOh no. $errorzOh yeah. Got $coderZ)r rrcrbrrZ)indentrN)D__doc__loggingr rrstringrrr http.serverrr urllib.parserrrhtmlr ImportErrorBaseHTTPServerurllibcgi getLoggerrzr]rr&r1r<rFrLrPrUrWobjectr~rrargparsejsonoauth2r basicConfigINFOArgumentParserArgumentDefaultsHelpFormatterrparser add_argumentint parse_argsrxendpointrclientr rinitiate_auth_code_flowrrr7hostrflowprintdumpsrrr[r2rrs   >::   8 $  ) ?.  >T "4-"4JA*fA(%.%nvnd zGgll+((( >>OOQQANN<PRNN;%HNINN8#q7QNRNN;S";UNVNN8[7QNRNN9d1ANB    D -t}}=t~~ NF tyy ) X--(, $**""$)00499@Q@Q@S0T. jdjj33*%S71LLw-4   #S A+  t  sI"B"I6!I32I36I?