o iX @sdZddlmZddlZddlZddlZddlZddlmZddl Z ddl Z zddl m Z m Z ddlmZmZmZddlmZWn%eyeddlm Z m Z ddlmZmZdd lmZddlmZYnweeZdHd d Zd d ZddZdHddZddZddZ ddZ!ddZ"Gddde Z#Gddde e$Z%Gddde%Z&Gd d!d!e$Z'ed"kr[ddl(Z(ddl)Z)d#d$l*m+Z+ej,ej-d%e(j.e(j/ed&d'Z0Z1e0j2d(d)d*d+e0j2d,d-d.e0j2d/e3dd0d1e0j2d2e3d3d4d1e0j2d5d6d7d8e0j2d9dd:d8e14Z5e+d;e5j6ie5j7Z8e'e5j9d<8Z:e8j;e5j<r$e5j<=ndd=j>e5j?e:@d>d?ZAeBe)jCe:jDeAd@dAdBdCe5jEeAdDdEdFdGWddS1sTwYdSdS)Ia$A one-stop helper for desktop app to acquire an authorization code. It starts a web server to listen redirect_uri, waiting for auth code. It optionally opens a browser window to guide a human user to manually login. After obtaining an auth code, the web server will automatically shut down. ) defaultdictN)Template) HTTPServerBaseHTTPRequestHandler)urlparseparse_qs urlencodeescape)rr)rcCsBt|d}|j|dddWdS1swYdS)Nportz Open this link to Sign In (You may want to use incognito window)
Abort )auth_uriwelcome_templatecode)AuthCodeReceiverget_auth_responseget)Z listen_portr receiverrN/home/app/Keep/.python/lib/python3.10/site-packages/msal/oauth2cli/authcode.pyobtain_auth_codes $rcCsz7td)}|D]}|ddd}|dkr&WdWdSq Wdn1s1wYWn ty@YnwtjdS)Nz/proc/1/cgroup:/Tz /.dockerenv)open readlinessplitstripIOErrorospathexists)flineZ cgroup_pathrrr_is_inside_docker+s     r$cCsHddl}|}t|d|d}t|d|d}|dko#d|vS)NrsystemreleaserlinuxZ microsoft)platformunamegetattrlower)r(r)Z platform_namer&rrris_wsl9s r,cszt}|jdvrtd|jWdSWnty%tdYdSwtfdddDr8tddSd d l}|rG||}n|}|st rd d l }z | d g}|d k}Wn t ykYnw|sz| d g}|d v}W|St yY|Sw|S)zJBrowse uri with named browser. Default browser is customizable by $BROWSER)httphttpsz"Invalid URI scheme for browser: %sFzInvalid URI: %sc3s|]}|vVqdSNr).0cr rr Osz_browse..z zInvalid characters in URIrNZwslviewz explorer.exe)r) rschemeloggerwarning ValueErrorany webbrowserrrr, subprocesscallFileNotFoundError)r browser_nameZ parsed_urir:browser_openedr; exit_coderr2r_browseEsF          rAcCdd|DS)z;Flatten parse_qs()'s single-item lists into the item itselfcSs4i|]\}}|t|trt|dkr|dn|qS)r4r) isinstancelistlenr0kvrrr ps(z_qs2kv..items)qsrrr_qs2kvnsrMcCs |dS)N<) startswithtextrrr_is_htmlts rRcCrB)NcSsi|] \}}|t|qSrr rFrrrrIysz_escape..rJ)Zkey_value_pairsrrr_escapexsrScCst|tr |s t|S|Sr/)rCstr isprintablereprrPrrr _printify{srWc@s6eZdZddZddZddZd dd Zd d Zd S)_AuthCodeHandlercCstt|jj}|ddgd}|ddgd}|dkr'||jjdS|dkr4|jddddS|r?|jd dddS|jd dddS) NZwelcomererrortrueabortzAuthentication abortedFis_okzresponse_mode=query is not supported for authentication responses. This application operates in response_mode=form_post mode only.z_Authentication could not be completed. You can close this window and return to the application.)rrr queryr_send_full_responseserver welcome_page)selfrLZ welcome_paramZ error_paramrrrdo_GETs   z_AuthCodeHandler.do_GETcCsdt|jdd}|j|d}t|}|ds |dr)|t|dS|j ddddS) NzContent-Lengthrutf-8rrYzInvalid POST requestFr\) intheadersrrfilereaddecoder_process_auth_responserMr_)rbcontent_lengthZ post_datarLrrrdo_POSTs z_AuthCodeHandler.do_POSTcCstd||jjr|jj|dkr|jddddSd|vr$|jjn|jj}t|j r2t |}n|}t t |}||j di|||j_dS) z:Process the auth response from either GET or POST request.zGot auth response: %sstatez>State mismatch. Waiting for next response... or you may abort.Fr\rNr)r6debugr` auth_staterr_success_templateerror_templaterRtemplaterSrrTsafe_substitute auth_response)rbrtrrZ safe_dataZ filled_datarrrrjs      z'_AuthCodeHandler._process_auth_responseTcCsL||rdndt|rdnd}|d|||j|ddS)Niz text/htmlz text/plainz Content-typerd)Z send_responserRZ send_headerZ end_headerswfilewriteencode)rbbodyr] content_typerrrr_s  z$_AuthCodeHandler._send_full_responsecGstj|gtt|RdSr/)r6rnmaprW)rbformatargsrrr log_messagesz_AuthCodeHandler.log_messageN)T)__name__ __module__ __qualname__rcrlrjr_r~rrrrrXs   rXcs$eZdZfddZddZZS)_AuthCodeHttpServercsD|\}}|rtjdkstrd|_tt|j|g|Ri|dS)Nwin32F)sysr(r,allow_reuse_addresssuperr__init__)rbserver_addressr}kwargs_r  __class__rrrs"z_AuthCodeHttpServer.__init__cCstd)Nz"Timeout. No auth response arrived.) RuntimeErrorrbrrrhandle_timeoutsz"_AuthCodeHttpServer.handle_timeout)rrrrr __classcell__rrrrrs  rc@seZdZejZdS)_AuthCodeHttpServer6N)rrrsocketAF_INET6address_familyrrrrrs rc@sReZdZdddZddZdddZ    ddd Zd d Zd d ZddZ dS)rNcCsJtrdnd}t|p g|_d|vrtnt}|||pdft|_d|_dS)aCreate a Receiver waiting for incoming auth response. :param port: The local web server will listen at http://...: You need to use the same port when you register with your app. If your Identity Provider supports dynamic port, you can use port=0 here. Port 0 means to use an arbitrary unused port, per this official example: https://docs.python.org/2.7/library/socketserver.html#asynchronous-mixins :param scheduled_actions: For example, if the input is ``[(10, lambda: print("Got stuck during sign in? Call 800-000-0000"))]`` then the receiver would call that lambda function after waiting the response for 10 seconds. z0.0.0.0 127.0.0.1rrFN)r$sorted_scheduled_actionsrrrX_server_closing)rbr Zscheduled_actionsaddressServerrrrrs   zAuthCodeReceiver.__init__cCs |jjdS)z*The port this server actually listening tor4)rrrrrrget_ports zAuthCodeReceiver.get_portcKsi}tj|j|f|d}d|_|t}|r"t||krdn td|s-n7|jrXt||jddkrX|j d\}}||jrXt||jddks=|rct||ks#nq#|pgdS)a Wait and return the auth response. Raise RuntimeError when timeout. :param str auth_uri: If provided, this function will try to open a local browser. Starting from 2026, the built-in http server will require response_mode=form_post. :param int timeout: In seconds. None means wait indefinitely. :param str state: You may provide the state you used in auth_uri, then we will use it to validate incoming response. :param str welcome_template: If provided, your end user will see it instead of the auth_uri. When present, it shall be a plaintext or html template following `Python Template string syntax `_, and include some of these placeholders: $auth_uri and $abort_uri. :param str success_template: The page will be displayed when authentication was largely successful. Placeholders can be any of these: https://tools.ietf.org/html/rfc6749#section-5.1 :param str error_template: The page will be displayed when authentication encountered error. Placeholders can be any of these: https://tools.ietf.org/html/rfc6749#section-5.2 :param callable auth_uri_callback: A function with the shape of lambda auth_uri: ... When a browser was unable to be launch, this function will be called, so that the app could tell user to manually visit the auth_uri. :param str browser_name: If you did ``webbrowser.register("xyz", None, BackgroundBrowser("/path/to/browser"))`` beforehand, you can pass in the name "xyz" to use that browser. The default value ``None`` means using default browser, which is customizable by env var $BROWSER. :return: The auth response of the first leg of Auth Code flow, typically {"code": "...", "state": "..."} or {"error": "...", ...} See https://tools.ietf.org/html/rfc6749#section-4.1.2 and https://openid.net/specs/openid-connect-core-1_0.html#AuthResponse Returns None when the state was mismatched, or when timeout occurred. )targetr}rTr4rN) threadingThread_get_auth_responsedaemonstarttimesleepis_aliverpop)rbtimeoutrresulttbeginrcallbackrrrrs&6  z"AuthCodeReceiver.get_auth_responsec Cs^dj|d} dj| d} td| |r,tt|j} | ddgddks,Jd t|p0d j || d |j _ |rt|rA| d n|} t d | d}zt | | d}Wn tdY|st|sptdj| ||dn|| d}t|p|d||j _t|pd||j _||j _i|j _||j _|js|j |j jrn|jr||j jdS)Nzhttp://localhost:{p})pz{loc}?error=abort)loczAbort by visit %sZ response_moderZ form_postziThe built-in http server supports HTTP POST only. The auth_uri must be built with response_mode=form_post)r abort_uriz ?welcome=truez*Open a browser on this device to visit: %sF)r>z_browse(...) unsuccessfulaFound no browser in current environment. If this program is being run inside a container which either (1) has access to host network (i.e. started by `docker run --net=host -it ...`), or (2) published port {port} to host network (i.e. started by `docker run -p 127.0.0.1:{port}:{port} -it ...`), you can use browser on host to visit the following link. Otherwise, this auth attempt would either timeout (current timeout setting is {timeout}) or be aborted by CTRL+C. Auth URI: {auth_uri})r rr z`For your security: Do not share the contents of this page, the address bar, or take screenshots.z\Authentication complete. You can return to the application. Please close this browser tab. zBAuthentication failed. $error: $error_description. ($error_uri). )r|rr6rnrrr^rrrsrrainforA exceptionr7rprqrrtrorhandle_requestupdate)rbrr rrmrrprqZauth_uri_callbackr>netlocrparamsZ_urir?ZrecommendationrrrrHsX        z#AuthCodeReceiver._get_auth_responsecCsd|_|jdS)zGEither call this eventually; or use the entire class as context managerTN)rr server_closerrrrcloseszAuthCodeReceiver.closecCs|Sr/rrrrr __enter__szAuthCodeReceiver.__enter__cCs |dSr/)r)rbexc_typeexc_valexc_tbrrr__exit__s zAuthCodeReceiver.__exit__)NNr/)NNNNNNNN) rrrrrrrrrrrrrrrs # F D r__main__r4)Client)levelz/The auth code received will be shown at stdout.)formatter_class descriptionz --endpointzThe auth endpoint for your app.z>https://login.microsoftonline.com/common/oauth2/v2.0/authorize)helpdefault client_idz!The client_id of your application)rz--portzThe port in redirect_uri)typerrz --timeout<zTimeout value, in secondz--hostrzThe host of redirect_uri)rrz--scopezThe scope listZauthorization_endpointr zhttp://{h}:{p})hr)scopeZ redirect_urir zBSign In, or AbortzOh no. $errorzOh yeah. Got $coderm)r rrqrprrm)indentr/)F__doc__ collectionsrloggingrrrstringrrrZ http.serverrr urllib.parserrrhtmlr ImportErrorBaseHTTPServerurllibZcgi getLoggerrr6rr$r,rArMrRrSrWrXobjectrrrargparsejsonZoauth2r basicConfigINFOArgumentParserArgumentDefaultsHelpFormatterrparser add_argumentre parse_argsr}Zendpointrclientr rZinitiate_auth_code_flowrrr|hostrZflowprintdumpsrrrrrrs        )A B    $