� u��g�J��>�dZddlZddlZddlZddlZddlmZddlZddlZ ddl m Z mZddlm Z mZmZddlmZn'#e$rddlm Z mZddl m Z mZddlmZddlmZYnwxYweje��Zd?d �Zd �Zd�Zd?d�Zd �Zd�Zd�Zd�Z Gd�de��Z!Gd�de e"��Z#Gd�de#��Z$Gd�de"��Z%edk�r�ddl&Z&ddl'Z'ddl(m)Z)ej*ej+��e&j,e&j-edz��xZ.Z/e.�0dd d!�"��e.�0d#d$�%��e.�0d&e1dd'�(��e.�0d)e1d*d+�(��e.�0d,d-d.�/��e.�0d0dd1�/��e/�2��Z3e)d2e3j4ie3j5��Z6e%e3j7�3��5Z8e6�9e3j:re3j:�;��ndd4�<e3j=e8�>��5��6��Z?e@e'jAe8�Be?d7d8d9d:e3jCe?d;�<��d=�>��ddd��dS#1swxYwYdSdS)@a$A one-stop helper for desktop app to acquire an authorization code. It starts a web server to listen redirect_uri, waiting for auth code. It optionally opens a browser window to guide a human user to manually login. After obtaining an auth code, the web server will automatically shut down. �N)�Template)� HTTPServer�BaseHTTPRequestHandler)�urlparse�parse_qs� urlencode��escape)rr)rc��t|��5}|�|d��d��cddd��S#1swxYwYdS)N��portz�<html><body> Open this link to <a href='$auth_uri'>Sign In</a> (You may want to use incognito window) <hr><a href='$abort_uri'>Abort</a> </body></html>)�auth_uri�welcome_template�code)�AuthCodeReceiver�get_auth_response�get)�listen_portr�receivers �g/home/asafur/pinokio/api/open-webui.git/app/env/lib/python3.11/site-packages/msal/oauth2cli/authcode.py�obtain_auth_coders�� {� +� +� +��x��)�)��"�*��c�&�k�k��s�*A�A�Ac�� td��5}|��D]V}|�dd��d��}|��dkrddd��dS�W ddd��n#1swxYwYn#t$rYnwxYwt j�d��S)Nz/proc/1/cgroup�:��/Tz/.dockerenv)�open� readlines�split�strip�IOError�os�path�exists)�f�line�cgroup_paths r�_is_inside_dockerr'*s(�� "� #� #� �q�� "�j�j��a�0�0��3�9�9�;�;��$�$�&�&�#�-�-�� .� � � � � � � � � � � � �� 7�>�>�-�(�(�(sA�B�AB �/B�<B �>B� B�B�B�B� B#�"B#c��ddl}|��}t|d|d��}t|d|d��}|dkod|vS)Nr�system�releaser�linux� microsoft)�platform�uname�getattr�lower)r-r.� platform_namer*s r�is_wslr28ss�� O�O�O��N�N��E��E�8�U�1�X�6�6�<�<�>�>�M��e�Y��a��1�1�7�7�9�9�G��G�#�>��w�(>�>�c�>�ddl}|r)|�|��|��}n|�|��}|sVt��rH ddl}|�dddd�|��g��}|dk}n#t$rYnwxYw|S)zJBrowse uri with named browser. Default browser is customizable by $BROWSERrNzpowershell.exez -NoProfilez-CommandzStart-Process "{}")� webbrowserrrr2� subprocess�call�format�FileNotFoundError)r�browser_namer5�browser_openedr6� exit_codes r�_browser=Ds��3�#��5�5�:�:�8�D�D��$��2�2�� f�h�h� � ��#��!�<��=Q�=X�=X�Ya�=b�=b�c�e�e�I�&�!�^�N�N�� D� ��s�6B � B�Bc�>�d�|��D��S)z;Flatten parse_qs()'s single-item lists into the item itselfc�z�i|]8\}}|t|t��rt|��dkr|dn|��9S)�r)� isinstance�list�len��.0�k�vs r� <dictcomp>z_qs2kv.<locals>.<dictcomp>]sS�� A�q� �z�!�T�*�*�A�s�1�v�v��{�{�q��t�t�� r3��items)�qss r�_qs2kvrL[s+�� H�H�J�J� � � � r3c�,�|�d��S)N�<)� startswith��texts r�_is_htmlrRas��?�?�3��r3c�>�d�|��D��S)Nc�4�i|]\}}|t|��S�r rDs rrHz_escape.<locals>.<dictcomp>fs$��=�=�=�T�Q��A�v�a�y�y�=�=�=r3rI)�key_value_pairss r�_escaperWes"��=�=�_�%:�%:�%<�%<�=�=�=�=r3c�v�t|t��r#|��st|��n|S�N)rA�str�isprintable�reprrPs r� _printifyr]is2��#�D�#�.�.�S�t�7G�7G�7I�7I�S�4��:�:�:�t�Sr3c�"�eZdZd�Zdd�Zd�ZdS)�_AuthCodeHandlerc��tt|j��j��}|�d��s|�d��r�t|��}t�d|��|jj r:|jj |�d��kr|� d��dSd|vr|jjn|jj}t|j��rt|��}n|}|� |jdi|��||j_dS|� |jj��dS)Nr�errorzGot auth response: %s�statezState mismatchrU)rrr"�queryrrL�logger�debug�server� auth_state�_send_full_response�success_template�error_templaterR�templaterW�safe_substitute� auth_response�welcome_page)�selfrKrmrk� safe_datas r�do_GETz_AuthCodeHandler.do_GETosL��h�t�y�)�)�/� 0� 0�� 6�6�&�>�>� ?�R�V�V�G�_�_� ?�"�2�J�J�M��L�L�0�-�@�@�@��{�%� :�$�+�*@�M�DU�DU�V]�D^�D^�*^�*^��(�(�)9�:�:�:�:�:��|�|�!�K�8�8�)-��)C��H�-�.�.�.� '� � 6� 6�I�I� -�I��(�(�)A��)A�)N�)N�I�)N�)N�O�O�O�,9��)�)�)��$�$�T�[�%=�>�>�>�>�>r3Tc��|�|rdnd��t|��rdnd}|�d|��|��|j�|�d��dS)N��i�z text/htmlz text/plainzContent-typezutf-8)� send_responserR�send_header�end_headers�wfile�write�encode)ro�body�is_ok�content_types rrhz$_AuthCodeHandler._send_full_response�s��%�0�3�3�S�1�1�1�&.�t�n�n�F�{�{�,��6�6�6�� W�-�-�.�.�.�.�.r3c�P�tj|gtt|��R�dSrY)rdre�mapr])ror8�argss r�log_messagez_AuthCodeHandler.log_message�s*��V�3�c�)�T�2�2�3�3�3�3�3�3r3N)T)�__name__� __module__�__qualname__rqrhr�rUr3rr_r_nsF��?�?�?�0/�/�/�/�4�4�4�4�4r3r_c�$��eZdZ�fd�Zd�Z�xZS)�_AuthCodeHttpServerc��|\}}|r%tjdkst��rd|_t t |��j|g|�Ri|��dS)N�win32F)�sysr-r2�allow_reuse_address�superr��__init__)ro�server_addressr�kwargs�_r � __class__s �rr�z_AuthCodeHttpServer.__init__�sg�� 4�� -�S�\�W�,�,��,� (-�D�$�1��!�4�(�(�1�.�R�4�R�R�R�6�R�R�R�R�Rr3c� �td��)Nz"Timeout. No auth response arrived.)�RuntimeError�ros r�handle_timeoutz"_AuthCodeHttpServer.handle_timeout�s��?�@�@�@r3)r�r�r�r�r�� __classcell__)r�s@rr�r��sS��S�S�S�S�S�A�A�A�A�A�A�Ar3r�c��eZdZejZdS)�_AuthCodeHttpServer6N)r�r�r��socket�AF_INET6�address_familyrUr3rr�r��s��_�N�N�Nr3r�c�F�eZdZd d�Zd�Zd d�Z dd�Zd�Zd�Zd�Z dS)rNc��t��rdnd}t|pg��|_d|vrtnt}|||pdft ��|_d|_dS)a�Create a Receiver waiting for incoming auth response. :param port: The local web server will listen at http://...:<port> You need to use the same port when you register with your app. If your Identity Provider supports dynamic port, you can use port=0 here. Port 0 means to use an arbitrary unused port, per this official example: https://docs.python.org/2.7/library/socketserver.html#asynchronous-mixins :param scheduled_actions: For example, if the input is ``[(10, lambda: print("Got stuck during sign in? Call 800-000-0000"))]`` then the receiver would call that lambda function after waiting the response for 10 seconds. z0.0.0.0� 127.0.0.1rrFN)r'�sorted�_scheduled_actionsr�r�r_�_server�_closing)ror �scheduled_actions�address�Servers rr�zAuthCodeReceiver.__init__�sn�� 1�2�2�C�)�)��#)�):�)@�b�"A�"A��),��%�%�=P��v�w�� 2�4D�E�E�� r3c�&�|jjdS)z*The port this server actually listening tor@)r�r�r�s r�get_portzAuthCodeReceiver.get_port�s��|�*�1�-�-r3c��i}tj|j|f|��}d|_|��tj��}|rtj��|z |kr�n tjd��|��sn�|jr�tj��|z |jddkrY|j� d��\}}|��|jr+tj��|z |jddk�Y|rtj��|z |k��n��|pdS)a�Wait and return the auth response. Raise RuntimeError when timeout. :param str auth_uri: If provided, this function will try to open a local browser. :param int timeout: In seconds. None means wait indefinitely. :param str state: You may provide the state you used in auth_uri, then we will use it to validate incoming response. :param str welcome_template: If provided, your end user will see it instead of the auth_uri. When present, it shall be a plaintext or html template following `Python Template string syntax <https://docs.python.org/3/library/string.html#template-strings>`_, and include some of these placeholders: $auth_uri and $abort_uri. :param str success_template: The page will be displayed when authentication was largely successful. Placeholders can be any of these: https://tools.ietf.org/html/rfc6749#section-5.1 :param str error_template: The page will be displayed when authentication encountered error. Placeholders can be any of these: https://tools.ietf.org/html/rfc6749#section-5.2 :param callable auth_uri_callback: A function with the shape of lambda auth_uri: ... When a browser was unable to be launch, this function will be called, so that the app could tell user to manually visit the auth_uri. :param str browser_name: If you did ``webbrowser.register("xyz", None, BackgroundBrowser("/path/to/browser"))`` beforehand, you can pass in the name "xyz" to use that browser. The default value ``None`` means using default browser, which is customizable by env var $BROWSER. :return: The auth response of the first leg of Auth Code flow, typically {"code": "...", "state": "..."} or {"error": "...", ...} See https://tools.ietf.org/html/rfc6749#section-4.1.2 and https://openid.net/specs/openid-connect-core-1_0.html#AuthResponse Returns None when the state was mismatched, or when timeout occurred. )�targetrr�Tr@rN) � threading�Thread�_get_auth_response�daemon�start�time�sleep�is_aliver��pop)ro�timeoutr��result�t�beginr��callbacks rrz"AuthCodeReceiver.get_auth_response�sF��j��*�&��6� K� K� K�� 18� �t�y�{�{�U�"�W�,�,�,�,��J�q�M�M�M��:�:�<�<� ��*� �� e�+�d�.E�a�.H��.K�K�K�"�5�9�9�!�<�<��8�� *� �� e�+�d�.E�a�.H��.K�K�K�29� �t�y�{�{�U�"�W�,�,�,�,��~��r3c ��d�|��} d�| ��}t�d|��t |pd��||��|j_|r�|r| n|}t�d|z��d } t|| � ��} n!#t� d��YnxYw| sP|sCt�d�|||�� n||��t |pd��|j_t |pd��|j_ ||j_i|j_||j_|js-|j��|jjrn|j�-|�|jj��dS)Nzhttp://localhost:{p})�pz{loc}?error=abort)�loczAbort by visit %s�)r� abort_uriz*Open a browser on this device to visit: %sF)r:z_browse(...) unsuccessfula�Found no browser in current environment. If this program is being run inside a container which either (1) has access to host network (i.e. started by `docker run --net=host -it ...`), or (2) published port {port} to host network (i.e. started by `docker run -p 127.0.0.1:{port}:{port} -it ...`), you can use browser on host to visit the following link. Otherwise, this auth attempt would either timeout (current timeout setting is {timeout}) or be aborted by CTRL+C. Auth URI: {auth_uri})rr�r z8Authentication completed. You can close this window now.z?Authentication failed. $error: $error_description. ($error_uri))r8r�rdrerrlr�rn�infor=� exception�warningrirjr�rmrgr��handle_request�update)ror�rr�rbrrirj�auth_uri_callbackr:�welcome_urir��_urir;s rr�z#AuthCodeReceiver._get_auth_responses%�� -�3�3�d�m�m�o�o�3�F�F��'�.�.�;�.�?�?� ��(�)�4�4�4�$,�-=�-C��$D�$D�$T�$T��%U�%4�%4��!�� ,�"2�@�;�;��D��K�K�D�t�K�L�L�L�"�N� >�!(��L�!I�!I�!I�� >�� !<�=�=�=�=�=��!� ,�(�,��N�N� H�IO��%)�7��IO�IR�IR�S�S�S�S�&�%�d�+�+�+�(0�1A�2G�F�)H�)H��%�&.�~�0N�M�'O�'O��#� '��%'��"�"'��-� � �L�'�'�)�)�)��|�)� �� -� � � � �d�l�0�1�1�1�1�1s�2C�C"c�F�d|_|j��dS)zGEither call this eventually; or use the entire class as context managerTN)r�r��server_closer�s r�closezAuthCodeReceiver.closePs#�� !�!�#�#�#�#�#r3c��|SrYrUr�s r� __enter__zAuthCodeReceiver.__enter__Us��r3c�.�|��dSrY)r�)ro�exc_type�exc_val�exc_tbs r�__exit__zAuthCodeReceiver.__exit__Xs�� r3)NNrY)NNNNNNNN) r�r�r�r�r�rr�r�r�r�rUr3rrr�s��!�!�!�!�F.�.�.� C�C�C�C�JMQ�IM�"��42�42�42�42�l$�$�$� ��r3r�__main__r@)�Client)�levelz/The auth code received will be shown at stdout.)�formatter_class�descriptionz --endpointzThe auth endpoint for your app.z>https://login.microsoftonline.com/common/oauth2/v2.0/authorize)�help�default� client_idz!The client_id of your application)r�z--portzThe port in redirect_uri)�typer�r�z --timeout�<zTimeout value, in secondz--hostr�zThe host of redirect_uri)r�r�z--scopezThe scope list�authorization_endpointrzhttp://{h}:{p})�hr�)�scope�redirect_urirzA<a href='$auth_uri'>Sign In</a>, or <a href='$abort_uri'>Abort</az<html>Oh no. $error</html>zOh yeah. Got $coderb)rrrjrir�rb�)�indentrY)D�__doc__�loggingr!r�r��stringrr�r��http.serverrr�urllib.parserrr�htmlr �ImportError�BaseHTTPServer�urllib�cgi� getLoggerr�rdrr'r2r=rLrRrWr]r_�objectr�r�r�argparse�json�oauth2r��basicConfig�INFO�ArgumentParser�ArgumentDefaultsHelpFormatterr��parser�add_argument�int� parse_argsr�endpointr��clientr r�initiate_auth_code_flowr�rr8�hostr��flow�print�dumpsrr�rUr3r�<module>r�s�� >�>�>�>�>�>�>�>�:�:�:�:�:�:�:�:�:�:��A�A�A�A�A�A�A�A�+�+�+�+�+�+�+�+� � � � � � �� 8� $� $�� )�)�)� ?� ?� ?��. � � � � � �>�>�>�T�T�T� "4�"4�"4�"4�"4�-�"4�"4�"4�JA�A�A�A�A�*�f�A�A�A�(%�%�%�%�%�.�%�%�%�n�n�n�n�n�v�n�n�n�d�z��G��g�l�+�+�+�+�(��(� �>��O�O�Q�Q�Q�Q�A��N�N��<�P��R�R�R��N�N�;�%H�N�I�I�I��N�N�8�#�q�7Q�N�R�R�R��N�N�;�S�"�;U�N�V�V�V��N�N�8�[�7Q�N�R�R�R��N�N�9�d�1A�N�B�B�B��D� �V�-�t�}�=�t�~� N� N�F� � �t�y� )� )� )� �X��-�-�(,� �<�$�*�"�"�$�$�$��)�0�0�4�9��@Q�@Q�@S�@S�0�T�T�.�� j�d�j��3�3��*�%�S�7�1��L��w�-�4�� #�s"�;�!A�A�B)J�J�J