hSrSSKrSSKrSSKJrJr SSKJr SSKJ r SSK J r J r Sr"SS \5r"S S 5r"S S \5r"SS\5r"SS\5r"SS\5rg)z+ Provides various authentication policies. N) authenticateget_user_model)CsrfViewMiddleware) gettext_lazy)HTTP_HEADER_ENCODING exceptionscURRSS5n[U[5(aUR [ 5nU$)z} Return request's 'Authorization:' header, as a bytestring. Hide some test client ickyness where the header can be unicode. HTTP_AUTHORIZATION)METAget isinstancestrencoder)requestauths O/var/www/html/env/lib/python3.13/site-packages/rest_framework/authentication.pyget_authorization_headerrs< <<  0# 6D${{/0 Kr c\rSrSrSrSrg) CSRFCheckcU$N)selfrreasons r_rejectCSRFCheck._rejects r rN)__name__ __module__ __qualname____firstlineno__r__static_attributes__rr rrrsr rc$\rSrSrSrSrSrSrg)BaseAuthentication!z> All authentication classes should extend BaseAuthentication. c[S5e)zC Authenticate the request and return a two-tuple of (user, token). z#.authenticate() must be overridden.)NotImplementedErrorrrs rrBaseAuthentication.authenticate&s""GHHr cg)z Return a string to be used as the value of the `WWW-Authenticate` header in a `401 Unauthenticated` response, or `None` if the authentication scheme should return `403 Permission Denied` responses. Nrr)s rauthenticate_header&BaseAuthentication.authenticate_header,s r rN)rr r!r"__doc__rr,r#rr rr%r%!sI  r r%c2\rSrSrSrSrSrS SjrSrSr g) BasicAuthentication5z6 HTTP Basic authentication against username/password. apic[U5R5nU(aUSR5S:wag[U5S:Xa![ S5n[ R "U5e[U5S:a![ S5n[ R "U5e[R"US5RS5nURS S5upVURXVU5$![a+ [R"US5RS 5nNZf=f![[[[R4a" [ S 5n[ R "U5ef=f) z Returns a `User` if a correct username and password have been supplied using HTTP Basic authentication. Otherwise returns `None`. rsbasicNz.Invalid basic header. No credentials provided.zCInvalid basic header. Credentials string should not contain spaces.zutf-8zlatin-1:z?Invalid basic header. Credentials not correctly base64 encoded.)rsplitlowerlen_rAuthenticationFailedbase64 b64decodedecodeUnicodeDecodeError TypeError ValueErrorbinasciiErrorauthenticate_credentials)rrrmsg auth_decodeduseridpasswords rr BasicAuthentication.authenticate;s> (0668tAw}}(2 t9>DEC11#6 6 Y]YZC11#6 6 7 K%//Q8??H  ,11#q9 F ,,VwGG& K%//Q8?? J  K:'98>>J 7UVC11#6 6 7s+(C)D!)2DD!DD!!AE'Nc[5RUSU0n[SSU0UD6nUc[R"[ S55eUR (d[R"[ S55eUS4$)zg Authenticate the userid and password against username and password with optional request for context. rHrNzInvalid username/password.User inactive or deleted.r)rUSERNAME_FIELDrrr;r: is_active)rrGrHr credentialsusers rrD,BasicAuthentication.authenticate_credentialsYsv   + +V  ;G;{; <11!4P2QR R~~11!4O2PQ Qd|r c SUR-$)NzBasic realm="%s")www_authenticate_realmr)s rr,'BasicAuthentication.authenticate_headerls!D$?$???r rr) rr r!r"r.rRrrDr,r#rr rr0r05s #H<&@r r0c$\rSrSrSrSrSrSrg)SessionAuthenticationpz4 Use Django's session framework for authentication. c[URSS5nU(aUR(dgURU5 US4$)zc Returns a `User` if the request session currently has a logged in user. Otherwise returns `None`. rON)getattr_requestrM enforce_csrfrrrOs rr"SessionAuthentication.authenticateus@w''64>> '"d|r cSn[U5nURU5 URUSS05nU(a[R"SU-5eg)z; Enforce CSRF validation for session based authentication. cgrr)rs rdummy_get_response>SessionAuthentication.enforce_csrf..dummy_get_responsesr NrzCSRF Failed: %s)rprocess_request process_viewrPermissionDenied)rrr_checkrs rrZ"SessionAuthentication.enforce_csrfsW ,- g&##GT2r: --.?&.HI I r rN)rr r!r"r.rrZr#rr rrUrUps$ Jr rUc:\rSrSrSrSrSrSrSrSr Sr S r g) TokenAuthenticationz Simple token based authentication. Clients should authenticate by passing the token key in the "Authorization" HTTP header, prepended with the string "Token ". For example: Authorization: Token 401f7ac837da42b97f613d789819ff93537bee6a TokenNcDURb UR$SSKJn U$)Nr)ri)modelrest_framework.authtoken.modelsri)rris r get_modelTokenAuthentication.get_models :: !:: 9 r c&[U5R5nU(a=USR5URR5R 5:wag[ U5S:Xa![ S5n[R"U5e[ U5S:a![ S5n[R"U5eUSR5nURU5$![a" [ S5n[R"U5ef=f)Nrr4z.Invalid token header. No credentials provided.r5z=Invalid token header. Token string should not contain spaces.zIInvalid token header. Token string should not contain invalid characters.) rr7r8keywordrr9r:rr;r> UnicodeErrorrD)rrrrEtokens rr TokenAuthentication.authenticates'0668tAw}}$,,*<*<*>*E*E*GG t9>DEC11#6 6 Y]STC11#6 6 7GNN$E ,,U33  7_`C11#6 6 7s C$$,DcjUR5nURRS5RUS9nURR(d[ R "[S55eURU4$!URa [ R "[S55ef=f)NrO)keyzInvalid token.rK) rmobjectsselect_relatedr DoesNotExistrr;r:rOrM)rrurkrrs rrD,TokenAuthentication.authenticate_credentialss  GMM008<<<EEzz##11!4O2PQ Q E"" !! G11!4D2EF F Gs (B0B2cUR$r)rpr)s rr,'TokenAuthentication.authenticate_headers ||r r) rr r!r"r.rprkrmrrDr,r#rr rrgrgs,G E 4* #r rgc"\rSrSrSrSrSrSrg)RemoteUserAuthenticationa REMOTE_USER authentication. To use this, set up your web server to perform authentication, which will set the REMOTE_USER environment variable. You will need to have 'django.contrib.auth.backends.RemoteUserBackend in your AUTHENTICATION_BACKENDS setting REMOTE_USERc[XRRUR5S9nU(aUR(aUS4$gg)N)r remote_user)rr r headerrMr[s rr%RemoteUserAuthentication.authenticates9G9I9I$++9VW DNN$< #4r rN)rr r!r"r.rrr#rr rr}r}sF r r})r.r<rBdjango.contrib.authrrdjango.middleware.csrfrdjango.utils.translationrr:rest_frameworkrrrrr%r0rUrgr}rr rrsu<56; "   (8@,8@v$J.$JN<,<~ 1 r