5i1UddlmZddlZddlmZmZmZddlmZm Z ddl Z ddl m Z mZmZmZmZmZmZmZddlmZddlmZddlmZdd lmZmZdd lmZm Z ee!Z"d e#d <e Z$dd Z%Gdde jLjNZ(Gdde(e jLjNZ)Gdde(e jLjNZ*Gdde(e jLjNZ+y)) annotationsN)AnyFinalcast) urlencodeurlparse) AuthCacheclear_cookie_and_chunksdecode_provider_token!generate_default_provider_sectionget_cookie_with_chunksget_redirect_uriget_secrets_auth_sectionset_cookie_with_chunks)StreamlitAuthError) get_logger) make_url_path) TornadoOAuthTornadoOAuth2App)AUTH_COOKIE_NAMETOKENS_COOKIE_NAMEr_LOGGERcft}|r t|xsd}|j}ni}d}|j|i}|s|dk(rt |}||d<|jdi}d|vrd|d<d|vrd|d<t |t }|j||j||fS) zRCreate an OAuth client for the given provider based on secrets.toml configuration./default client_kwargsscopezopenid email profilepromptselect_account)cache) rrto_dict setdefaultr r auth_cacheregister create_client)provider auth_section redirect_uriconfigprovider_sectionprovider_client_kwargsoauths s/home/obispo/Crisostomo_bridge/mision_env/lib/python3.12/site-packages/streamlit/web/server/oauth_authlib_routes.pycreate_oauth_clientr.+s+-L' 5< %%' ((26 I 5<\J,y-88"M,,*@w'--+;x( z 2E NN8   x (, 66cTeZdZdZd dZd dZ d dZd dZddZddZ d dZ y )AuthHandlerMixinzNMixin for handling auth cookies. Added for compatibility with Tornado < 6.3.0.c||_yN)base_url)selfr4s r- initializezAuthHandlerMixin.initializeIs   r/cN|jt|jdy)Nr)redirectrr4r5s r-redirect_to_basez!AuthHandlerMixin.redirect_to_baseLs mDMM378r/ct|j|jt|t|j|jt|yr3)r_set_single_cookie_create_signed_valuerr)r5 user_infotokenss r-set_auth_cookiez AuthHandlerMixin.set_auth_cookieOsF   # #  % %      # #  % %    r/ct |j||dy#t$r|j||dYywxYw)zSet a single cookie.T)httpOnly)httponlyN)set_signed_cookieAttributeErrorset_secure_cookier5 cookie_namevalues r-r<z#AuthHandlerMixin._set_single_cookie_sR   " " #     " " #  s 77c~ |j||S#t$rtd|j||cYSwxYw)zCreate a signed cookie value.bytes)create_signed_valuerErcreate_secure_cookie_valuerGs r-r=z%AuthHandlerMixin._create_signed_valueqsF V++K? ? V!@!@e!TU U Vs %<<c td|j|S#t$rtd|j|cYSt$rYywxYw)zGet a signed cookie.rKN)rget_signed_cookierEget_secure_cookie Exception)r5rHs r-_get_signed_cookiez#AuthHandlerMixin._get_signed_cookieysR !7!7 !DE E F!7!7 !DE E  s$AA Act|j|jtt|j|jty)z6Clear auth cookies, including any split cookie chunks.N)r rR clear_cookierrr9s r-clear_auth_cookiez"AuthHandlerMixin.clear_auth_cookies>  # #      # #     r/N)r4strreturnNonerWrX)r>dict[str, Any]r?rZrWrX)rHrVrIrVrWrX)rHrVrIrVrWrK)rHrVrWz bytes | None) __name__ __module__ __qualname____doc__r6r:r@r<r=rRrUr/r-r1r1FsAX!9 ' 1?  $V   r/r1ceZdZddZddZy)AuthLoginHandlercK|j}||jyt|\}} |j||y#t$r&}|j dt |Yd}~yd}~wwxYww)z*Redirect to the OAuth provider login page.Ni)reason)_parse_provider_tokenr:r.authorize_redirectrQ send_errorrV)r5r&clientr(es r-getzAuthLoginHandler.getss--/    ! ! # 28<  0  % %dL 9 0 OOCAO / / 0s.2A:AA: A7A2-A:2A77A:cl|jdd}|y t|}|dS#t$rYywxYw)Nr&) get_argumentr r)r5provider_tokenpayloads r-rdz&AuthLoginHandler._parse_provider_tokensM**:t<  ! +N;Gz"""  s ' 33NrYrWz str | None)r[r\r]rirdr_r/r-raras  0 #r/rac$eZdZddZddZddZy)AuthLogoutHandlerc|j|j}|r|j|y|jyr3)rU_get_provider_logout_urlr8r:)r5provider_logout_urls r-rizAuthLogoutHandler.gets9  ";;=  MM- .  ! ! #r/ct}|syt|}|sy|jdstj dy|S)Nz/oauth2callbackz.Redirect URI does not end with /oauth2callback)rrendswithrwarning)r5r'r(s r-_get_redirect_uriz#AuthLogoutHandler._get_redirect_urisE/1 ' 5 $$%67 OOL Mr/ct|jt}|sy tj|}|j d}|syt |\}}|j}|j d}|stjd|y|j}|tjdy|j|d} t|jt} | r. tj| } | j d} | r| | d<|d t!| S#tjtf$rtjd YywxYw#t"$r } tj%d | Yd} ~ yd} ~ wwxYw) z7Get the OAuth provider's logout URL from OIDC metadata.Nr&end_session_endpointz-No end_session_endpoint found for provider %sz$Redirect url could not be determined) client_idpost_logout_redirect_uriid_token id_token_hintz#Error, invalid tokens cookie value.?z%Failed to get provider logout URL: %s)r rRrjsonloadsrir.load_server_metadatarinforwrzrJSONDecodeError TypeError exceptionrrQrv)r5 cookie_valuer>r&rg_metadataryr( logout_paramstokens_cookie_valuer?r|rhs r-rrz*AuthLogoutHandler._get_provider_logout_urlsz-d.E.EGWX 0  <0I }}Z0H+H5IFA224H#+<<0F#G ' LhW  113L# CD$--,8M #9'');# #  !ZZ(;E99E>NrYrn)r[r\r]rirwrrr_r/r-rprps$ 7r/rpc$eZdZddZddZddZy)AuthCallbackHandlerc.K|j}||jy|j}|&tj d|jy|j dd}|r|j dd}|j ddj dd}|r"|j ddj ddnd}tj d|||jyt|\}}|j|} td| jd } t| |d | } d D cic] } | | vs| | | } } | r|j| | ntj d |jycc} ww)Nz:Error, misconfigured origin for `redirect_uri` in secrets.errorerror_description  z6Error during authentication: %s. Error description: %srZuserinfoT)origin is_logged_inr&)r| access_tokenzError, missing user info.) _get_provider_by_stater:_get_origin_from_secretsrrrkreplacer.authorize_access_tokenrridictr@)r5r&rrrsanitized_errorsanitized_error_descriptionrgrtokenuserrkr?s r-rizAuthCallbackHandler.gets..0    ! ! # ..0 > MML   ! ! # !!'40  $ 1 12Et L #mmD"5==dBGO%"))$3;;D"E ( MMH+   ! ! # '1 --d3$eii &;<DdXV 'CR!qEz!U1X+RR   v 6 MM5 6 SsD?F F FAFc|jdd}|yttjj }i}|D]} |j d\}}}}|||< |j|}|S#t $rY?wxYw)Nstater)rklistr#get_dictkeyssplit ValueErrorri) r5state_code_from_urlcurrent_cache_keysstate_provider_mappingkeyrrecorded_providercoder&s r-rz*AuthCallbackHandler._get_provider_by_state/s"//>  &!*"5"5"7"<"<">?!#% =C 03 #-1',= "4 ( = 699:MN   s A99 BBcd}t}|r t|}|syt|}|jdz|jz}|S)Nz://)rrrschemenetloc)r5r(r'redirect_uri_parsedorigin_from_redirect_uris r-rz,AuthCallbackHandler._get_origin_from_secretsIsT /1 +L9L&|4  & & .1D1K1K K !('r/NrYrn)r[r\r]rirrr_r/r-rrs- ^4 (r/r)r&rVrWztuple[TornadoOAuth2App, str]), __future__rrtypingrrr urllib.parserr tornado.webtornadostreamlit.auth_utilr r r r r rrrstreamlit.errorsrstreamlit.loggerrstreamlit.url_utilrstreamlit.web.server.oidc_mixinrr streamlit.web.server.server_utilrrr[r__annotations__r#r.webRequestHandlerr1rarprr_r/r-rs# ##,   0',JQH%% [ 76I w{{11I X#')C)C#4P('++*D*DPfW(*GKK,F,FW(r/