&`Tc@sMdZdddfZdjeZdZdZdZdgZd d lm Z m Z m Z m Z m Z mZmZmZmZd d lmZd d lmZd d lmZd dlmZmZd dlmZmZd dlmZd dlm Z m!Z!d dl"Z"d dl#Z#d dl$Z$e$j%dkrMd dl&m&Z&m'Z'nd dl(m&Z&m'Z'e)Z*eZ+edZ,dZ-eddZ.e/Z0e1Z2dZ3dZ4dZ5dZ6dZ7dZ8de9fdYZ:de9fd YZ;d!e9fd"YZ<d#Z=d$Z>d%Z?e/d&d'Z@d(ZAd)ZBe1e1d*ZCd+ZDd,ZEd-ZFd.ZGd/ZHe/d0ZId1ZJd2ZKd3ZLe/d4ZMe+jNd5ZOe+jNd6ZPe+jNd7ZQe+jNd8ZRe+jNd9ZSe+jNd:ZTe+jNd;ZUe+jNd<ZVe+jNd=ZWe+jNd>ZXdS(?s flask.ext.login --------------- This module provides user session management for Flask. It lets you log your users in and out in a database-independent manner. :copyright: (c) 2011 by Matthew Frazier. :license: MIT/X11, see LICENSE for more details. t0t2t11t.sMatthew FraziersMIT/X11s(c) 2011 by Matthew Fraziert LoginManageri( t_request_ctx_stacktabortt current_apptflashtredirecttrequesttsessionturl_forthas_request_context(t Namespace(t LocalProxy(t safe_str_cmp(t url_decodet url_encode(tdatetimet timedelta(twraps(tsha1tmd5Nt3(turlparset urlunparsecCstS(N(t _get_user(((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt.stremember_tokentdaysimu"Please log in to access this page.tmessageu*Please reauthenticate to access this page.tget_idt AuthorizationcBseZdZdedZedZedZdZdZ dZ dZ dZ d Z d Zd Zdd Zd ZdZdZdZdZdZdZdZRS(s This object is used to hold the settings used for logging in. Instances of :class:`LoginManager` are *not* bound to specific apps, so you can create one in the main body of your code and then bind it to your app in a factory function. cCst|_d|_t|_t|_d|_t |_ t |_ d|_ d|_d|_d|_d|_d|_t|_d|_d|_|dk r|j||ndS(Ntbasic(tAnonymousUserMixintanonymous_usertNonet login_viewt LOGIN_MESSAGEt login_messagetLOGIN_MESSAGE_CATEGORYtlogin_message_categoryt refresh_viewtREFRESH_MESSAGEtneeds_refresh_messagetREFRESH_MESSAGE_CATEGORYtneeds_refresh_message_categorytsession_protectiontlocalize_callbackttoken_callbackt user_callbacktunauthorized_callbacktneeds_refresh_callbackt ID_ATTRIBUTEt id_attributetheader_callbacktrequest_callbacktinit_app(tselftapptadd_context_processor((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt__init__Ws$                 cCs$tjdt|j||dS(sl This method has been deprecated. Please use :meth:`LoginManager.init_app` instead. s5Warning setup_app is deprecated. Please use init_app.N(twarningstwarntDeprecationWarningR:(R;R<R=((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt setup_apps cCsZ||_|j|j|jjd|jjdt|_|rV|jtndS(s Configures an application. This registers an `after_request` call, and attaches this `LoginManager` to it as `app.login_manager`. :param app: The :class:`flask.Flask` object to configure. :type app: :class:`flask.Flask` :param add_context_processor: Whether to add a context processor to the app that adds a `current_user` variable to the template. Defaults to ``True``. :type add_context_processor: bool tLOGIN_DISABLEDtTESTINGN( t login_managert after_requestt_update_remember_cookietconfigtgettFalset_login_disabledtcontext_processort_user_context_processor(R;R<R=((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyR:s  cCstjtj|jr&|jS|js<tdn|jr|jdk rvt |j|jd|j qt |jd|j nt t |jtjS(s" This is called when the user is required to log in. If you register a callback with :meth:`LoginManager.unauthorized_handler`, then it will be called. Otherwise, it will take the following actions: - Flash :attr:`LoginManager.login_message` to the user. - Redirect the user to `login_view`. (The page they were attempting to access will be passed in the ``next`` query string variable, so you can redirect there if present instead of the homepage.) If :attr:`LoginManager.login_view` is not defined, then it will simply raise a HTTP 401 (Unauthorized) error instead. This should be returned from a view or before/after_request function, otherwise the redirect will have no effect. itcategoryN(tuser_unauthorizedtsendRt_get_current_objectR4R&RR(R1R%RR*R t login_urlR turl(R;((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt unauthorizeds      cCs ||_|S(sA This sets the callback for reloading a user from the session. The function you set should take a user ID (a ``unicode``) and return a user object, or ``None`` if the user does not exist. :param callback: The callback for retrieving a user object. :type callback: unicode (R3(R;tcallback((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt user_loaders cCs ||_|S(s This sets the callback for loading a user from a header value. The function you set should take an authentication token and return a user object, or `None` if the user does not exist. :param callback: The callback for retrieving a user object. (R8(R;RU((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt header_loaders cCs ||_|S(s This sets the callback for loading a user from a Flask request. The function you set should take Flask request object and return a user object, or `None` if the user does not exist. :param callback: The callback for retrieving a user object. (R9(R;RU((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pytrequest_loaders cCs ||_|S(s This sets the callback for loading a user from an authentication token. The function you set should take an authentication token (a ``unicode``, as returned by a user's `get_auth_token` method) and return a user object, or ``None`` if the user does not exist. :param callback: The callback for retrieving a user object. :type callback: unicode (R2(R;RU((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt token_loaders cCs ||_|S(sb This will set the callback for the `unauthorized` method, which among other things is used by `login_required`. It takes no arguments, and should return a response to be sent to the user instead of their normal view. :param callback: The callback for unauthorized users. :type callback: function (R4(R;RU((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pytunauthorized_handlers cCs ||_|S(si This will set the callback for the `needs_refresh` method, which among other things is used by `fresh_login_required`. It takes no arguments, and should return a response to be sent to the user instead of their normal view. :param callback: The callback for unauthorized users. :type callback: function (R5(R;RU((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pytneeds_refresh_handler s cCstjtj|jr&|jS|js<tdn|jdk rmt |j|j d|j nt |j d|j t t |jtjS(s} This is called when the user is logged in, but they need to be reauthenticated because their session is stale. If you register a callback with `needs_refresh_handler`, then it will be called. Otherwise, it will take the following actions: - Flash :attr:`LoginManager.needs_refresh_message` to the user. - Redirect the user to :attr:`LoginManager.refresh_view`. (The page they were attempting to access will be passed in the ``next`` query string variable, so you can redirect there if present instead of the homepage.) If :attr:`LoginManager.refresh_view` is not defined, then it will simply raise a HTTP 403 (Forbidden) error instead. This should be returned from a view or before/after_request function, otherwise the redirect will have no effect. iRNN(tuser_needs_refreshRPRRQR5R+RR1R%RR-R/R RRR RS(R;((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt needs_refreshs       cCstj}|dkrstjd}|dkrB|j|_q||j|}|dkrgtq|||_n ||_dS(Ntuser_id( RttopR%R RIR$tuserR3t logout_user(R;R`tctxR^((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt reload_user=s      cCs tjtjtj}|jd|jrP|j}|rP|jSndt k}|r|jdt }|jdt }|t j kot jddk}|r|jt j |S|jr|jt S|t jkr|jt j|Sn|jS(s;Loads user from session or remember_me cookie as applicabletSESSION_PROTECTIONR^tREMEMBER_COOKIE_NAMEtAUTH_HEADER_NAMEtremembertclear(t user_accessedRPRRQRHRIR0t_session_protectionRcR t COOKIE_NAMERfR tcookiest_load_from_cookieR9t_load_from_requesttheaderst_load_from_header(R;RHtdeletedtis_missing_user_idt cookie_namet header_namet has_cookie((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt _load_userMs&      cCstj}t}tj}|jjd|j}d|krR||dRBR:RTRVRWRXRYRZR[R]RcRvRjRmRpRnRGRR(((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyRPs*7  # %    t UserMixincBsceZdZdZdZdZdZdZdZe j ddkrae j Z nRS( sr This provides default implementations for the methods that Flask-Login expects user objects to have. cCstS(N(R}(R;((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt is_activescCstS(N(R}(R;((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pytis_authenticatedscCstS(N(RJ(R;((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt is_anonymousscCs5yt|jSWntk r0tdnXdS(Ns%No `id` attribute - override `get_id`(tunicodetidtAttributeErrortNotImplementedError(R;((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyR s cCs)t|tr%|j|jkStS(sP Checks the equality of two `UserMixin` objects using `get_id`. (t isinstanceRR tNotImplemented(R;tother((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt__eq__scCs$|j|}|tkrtS| S(sR Checks the inequality of two `UserMixin` objects using `get_id`. (RR(R;Rtequal((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt__ne__s ii( RRRRRRR RRtsyst version_infotobjectt__hash__(((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyRs      R#cBs2eZdZdZdZdZdZRS(sH This is the default object for representing an anonymous user. cCstS(N(RJ(R;((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyRscCstS(N(RJ(R;((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyRscCstS(N(R}(R;((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyRscCsdS(N((R;((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyR s(RRRRRRR (((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyR# s    cCsdj|t|S(s This will encode a ``unicode`` value into a cookie, and sign that cookie with the app's secret key. :param payload: The value to encode, as `unicode`. :type payload: unicode u{0}|{1}(tformatt_cookie_digest(tpayload((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyRscCsoy=|jdd\}}t|dr<|jd}nWntk rQdSXtt||rk|SdS(s This decodes a cookie given by `encode_cookie`. If verification of the cookie fails, ``None`` will be implicitly returned. :param cookie: An encoded cookie. :type cookie: str u|itdecodetasciiN(trsplitthasattrRt ValueErrorRR(RRtdigest((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyR(s c Csyt|}t|}|j s4|j|jkru|j sP|j|jkrutdd|j|j|jdfS|S(s Reduces the scheme and host from a given URL so it can be passed to the given `login` URL more efficiently. :param login_url: The login URL being redirected to. :type login_url: str :param current_url: The URL to reduce. :type current_url: str t(RtschemetnetlocRtpathtparamstquery(RRt current_urltltc((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pytmake_next_param;s  %tnextcCs|jdr|}n t|}|dkr4|Stt|}t|d}t|||| This returns ``True`` if the current login is fresh. Ry(R RIRJ(((sQ/var/www/send.findwatt.com/datamanager/lib/python2.7/site-packages/flask_login.pyt login_freshscCs| r|j rtSt|tjj}|td s @    +    "  &