2iXdZddlmZddlZddlZddlZddlZddlmZddl Z ddl Z ddl m Z m Z ddlmZmZmZddlmZej0eZd@d Zd Zd Zd@d ZdZdZ dZ!dZ"Gdde Z#Gdde e$Z%Gdde%Z&Gdde$Z'edk(rddl(Z(ddl)Z)ddl*m+Z+ejXejZe(j\e(j^edzxZ0Z1e0jed d!d"#e0jed$d%&e0jed'e3dd()e0jed*e3d+d,)e0jed-d.d/0e0jed1dd20e1jiZ5e+d3e5jlie5jnZ8e'e5jr45Z:e8jwe5jxre5jxj{ndd5j}e5j~e:j67ZAeBe)je:jeAd8d9d:d;e5jeAd<=d>?dddyy#e$r ddlm Z m Z ddlmZmZdd lmZddlmZY8wxYw#1swYyxYw)Aa$A one-stop helper for desktop app to acquire an authorization code. It starts a web server to listen redirect_uri, waiting for auth code. It optionally opens a browser window to guide a human user to manually login. After obtaining an auth code, the web server will automatically shut down. ) defaultdictN)Template) HTTPServerBaseHTTPRequestHandler)urlparseparse_qs urlencode)escape)rr)r ct|5}|j|djdcdddS#1swYyxYw)Nportz Open this link to Sign In (You may want to use incognito window)
Abort )auth_uriwelcome_templatecode)AuthCodeReceiverget_auth_responseget) listen_portrreceivers M/var/www/html/qr/venv/lib/python3.12/site-packages/msal/oauth2cli/authcode.pyobtain_auth_codersG { +x))"*c&ks "9AcL td5}|jD]B}|jdddj}|jdk7s:dddy dddt j jdS#1swY(xYw#t$rY6wxYw)Nz/proc/1/cgroup:/Tz /.dockerenv)open readlinessplitstripIOErrorospathexists)fline cgroup_paths r_is_inside_dockerr'+s  " # q  "jja0399; $$&#-      77>>- ((      s; BA B B B"B $B BB B#"B#cddl}|j}t|d|dj}t|d|dj}|dk(xrd|vS)Nrsystemreleaserlinux microsoft)platformunamegetattrlower)r-r. platform_namer*s ris_wslr29s^  NN EE8U1X6<<>MeYa1779G G # > w(>>cV t}|jdvr!tjd|jy t fddDrtjdydd l}|r!|j|j}n|j}|sCtr9dd l } |jd g}|dk(}|s |jd g}|d v}|S|S#t$rtjdYywxYw#t$rYNwxYw#t$rY|SwxYw) zJBrowse uri with named browser. Default browser is customizable by $BROWSER)httphttpsz"Invalid URI scheme for browser: %sFzInvalid URI: %sc3&K|]}|v ywN).0crs r z_browse..Os +Q1= +sz zInvalid characters in URIrNwslviewz explorer.exe)r) rschemeloggerwarning ValueErrorany webbrowserrrr2 subprocesscallFileNotFoundError)r browser_name parsed_urirDbrowser_openedrE exit_codes` r_browserLEs?h'   $5 5 NN?ARAR S 6  +( ++23# 5::8D$2 fh "H(=>I&!^N 'OO^X,FG !*f!4 >? ((3*!   %   s59C'1D D'D D  DD D('D(c |jDcic]+\}}|t|trt|dk(r|dn|-c}}Scc}}w)z;Flatten parse_qs()'s single-item lists into the item itselfr>r)items isinstancelistlen)qskvs r_qs2kvrUnsLHHJ Aq z!T*s1v{qt A   s0Ac$|jdS)N<) startswithtexts r_is_htmlr[ts ??3 r3ch|jDcic]\}}|t|c}}Scc}}wr8)rNr )key_value_pairsrSrTs r_escaper^xs+%4%:%:%< =TQAvayL == =s.c\t|tr|js t|S|Sr8)rOstr isprintablereprrYs r _printifyrc{s%#D#.t7G7G7I4:StSr3c,eZdZdZdZdZddZdZy)_AuthCodeHandlerctt|jj}|j ddgd}|j ddgd}|dk(r&|j |j jy|dk(r|j ddy|r|j d dy|j d dy) NwelcomererrortrueabortzAuthentication abortedFis_okzresponse_mode=query is not supported for authentication responses. This application operates in response_mode=form_post mode only.z_Authentication could not be completed. You can close this window and return to the application.)rrr"queryr_send_full_responseserver welcome_page)selfrR welcome_param error_params rdo_GETz_AuthCodeHandler.do_GETs htyy)// 0y4&1!4 ffWtf-a0 F "  $ $T[[%=%= > G #  $ $%=U $ K   $ $R %   $ $q % r3cXt|jjdd}|jj |j d}t |}|jds|jdr|jt|y|jddy) NzContent-Lengthrutf-8rrhzInvalid POST requestFrk) intheadersrrfilereaddecoder_process_auth_responserUrn)rqcontent_length post_datarRs rdo_POSTz_AuthCodeHandler.do_POSTsT\\--.>BCJJOON3::7C i  66&>RVVG_  ' 'r 3  $ $%;5 $ Ir3ctjd||jjr<|jj|j dk7r|j ddyd|vr|jj n|jj}t|jr t|}n|}tt|}|j |jdi|||j_y) z:Process the auth response from either GET or POST request.zGot auth response: %sstatez>State mismatch. Waiting for next response... or you may abort.FrkrNr9)r@debugro auth_staterrnsuccess_templateerror_templater[templater^rr`safe_substitute auth_response)rqrr safe_data filled_datas rr|z'_AuthCodeHandler._process_auth_responses ,m< ;; ! !dkk&<&< @Q@QRY@Z&Z  $ $PX] % _]* 4404 0J0J ))*#M2 ) %c95K  $ $%=X%=%=%L %L M(5DKK %r3c|j|rdndt|rdnd}|jd||j|jj |j dy)Niz text/htmlz text/plainz Content-typerv) send_responser[ send_header end_headerswfilewriteencode)rqbodyrl content_types rrnz$_AuthCodeHandler._send_full_responsesX %3S1&.tn{,  6  W-.r3cLtj|gtt|yr8)r@rmaprc)rqformatargss r log_messagez_AuthCodeHandler.log_messages V3c)T23r3N)T)__name__ __module__ __qualname__rtrr|rnrr9r3rreres* J6&/4r3rec$eZdZfdZdZxZS)_AuthCodeHttpServerc|\}}|r$tjdk(s trd|_t t ||g|i|y)Nwin32F)sysr-r2allow_reuse_addresssuperr__init__)rqserver_addressrkwargs_r __class__s rrz_AuthCodeHttpServer.__init__sB 4 S\\W, (-D $ !41.R4R6Rr3ctd)Nz"Timeout. No auth response arrived.) RuntimeErrorrqs rhandle_timeoutz"_AuthCodeHttpServer.handle_timeouts?@@r3)rrrrr __classcell__)rs@rrrsSAr3rc$eZdZejZy)_AuthCodeHttpServer6N)rrrsocketAF_INET6address_familyr9r3rrrs __Nr3rcDeZdZd dZdZd dZ d dZdZdZdZ y) rNctrdnd}t|xsg|_d|vrtnt}|||xsdft |_d|_y)aCreate a Receiver waiting for incoming auth response. :param port: The local web server will listen at http://...: You need to use the same port when you register with your app. If your Identity Provider supports dynamic port, you can use port=0 here. Port 0 means to use an arbitrary unused port, per this official example: https://docs.python.org/2.7/library/socketserver.html#asynchronous-mixins :param scheduled_actions: For example, if the input is ``[(10, lambda: print("Got stuck during sign in? Call 800-000-0000"))]`` then the receiver would call that lambda function after waiting the response for 10 seconds. z0.0.0.0 127.0.0.1rrFN)r'sorted_scheduled_actionsrrre_server_closing)rqr scheduled_actionsaddressServers rrzAuthCodeReceiver.__init__sU 12) #)):)@b"A),%=Pw 24DE  r3c4|jjdS)z*The port this server actually listening tor>)rrrs rget_portzAuthCodeReceiver.get_ports||**1--r3c i}tj|j|f|}d|_|j t j }|rt j |z |krn t j d|jsn|jrt j |z |jddkDr\|jjd\}}||jr+t j |z |jddkDr\|rt j |z |krn|xsdS)a Wait and return the auth response. Raise RuntimeError when timeout. :param str auth_uri: If provided, this function will try to open a local browser. Starting from 2026, the built-in http server will require response_mode=form_post. :param int timeout: In seconds. None means wait indefinitely. :param str state: You may provide the state you used in auth_uri, then we will use it to validate incoming response. :param str welcome_template: If provided, your end user will see it instead of the auth_uri. When present, it shall be a plaintext or html template following `Python Template string syntax `_, and include some of these placeholders: $auth_uri and $abort_uri. :param str success_template: The page will be displayed when authentication was largely successful. Placeholders can be any of these: https://tools.ietf.org/html/rfc6749#section-5.1 :param str error_template: The page will be displayed when authentication encountered error. Placeholders can be any of these: https://tools.ietf.org/html/rfc6749#section-5.2 :param callable auth_uri_callback: A function with the shape of lambda auth_uri: ... When a browser was unable to be launch, this function will be called, so that the app could tell user to manually visit the auth_uri. :param str browser_name: If you did ``webbrowser.register("xyz", None, BackgroundBrowser("/path/to/browser"))`` beforehand, you can pass in the name "xyz" to use that browser. The default value ``None`` means using default browser, which is customizable by env var $BROWSER. :return: The auth response of the first leg of Auth Code flow, typically {"code": "...", "state": "..."} or {"error": "...", ...} See https://tools.ietf.org/html/rfc6749#section-4.1.2 and https://openid.net/specs/openid-connect-core-1_0.html#AuthResponse Returns None when the state was mismatched, or when timeout occurred. )targetrrTr>rN) threadingThread_get_auth_responsedaemonstarttimesleepis_aliverpop)rqtimeoutrresulttbeginrcallbacks rrz"AuthCodeReceiver.get_auth_responsesl   **&6 K   18tyy{U"W,d JJqM::<** e+d.E.Ea.H.KK"5599!< 8 ** e+d.E.Ea.H.KK 29tyy{U"W,d~r3c bdj|j} dj| } tjd| |r>t t |j } | jddgddk(sJd t|xsd j|| |j_ |rs|r| d zn|} tjd | zd} t| | }|s@|s6tjdj| ||jn|| d}t|xsd|z|j_t|xsd|z|j_||j_i|j_||j_|j*s>|jj-|jj&rn |j*s>|j/|jj&y#tjdYCxYw)Nzhttp://localhost:{p})pz{loc}?error=abort)loczAbort by visit %s response_moder form_postziThe built-in http server supports HTTP POST only. The auth_uri must be built with response_mode=form_post)r abort_uriz ?welcome=truez*Open a browser on this device to visit: %sF)rHz_browse(...) unsuccessfulaFound no browser in current environment. If this program is being run inside a container which either (1) has access to host network (i.e. started by `docker run --net=host -it ...`), or (2) published port {port} to host network (i.e. started by `docker run -p 127.0.0.1:{port}:{port} -it ...`), you can use browser on host to visit the following link. Otherwise, this auth attempt would either timeout (current timeout setting is {timeout}) or be aborted by CTRL+C. Auth URI: {auth_uri})rrr z`For your security: Do not share the contents of this page, the address bar, or take screenshots.z\Authentication complete. You can return to the application. Please close this browser tab. zBAuthentication failed. $error: $error_description. ($error_uri). )rrr@rrrrmrrrrrpinforL exceptionrArrrrrrhandle_requestupdate)rqrrrrrrrauth_uri_callbackrHnetlocrparams_urirJrecommendations rrz#AuthCodeReceiver._get_auth_responseHs (...A'..6.:  ()4 hx0667F::ov6q9[H KJ KH%--=-C$D$T$T%U%4 ! 1AF_,xD KKDtK L"N >!(L!I "(NN HIO%)7IOIR S&d+{(01A2~ lo} }) %&.~0d SUc c 'e # ' %' ""' -- LL ' ' )||)) --  dll001Q >  !<=s  HH.cFd|_|jjy)zGEither call this eventually; or use the entire class as context managerTN)rr server_closers rclosezAuthCodeReceiver.closes  !!#r3c|Sr8r9rs r __enter__zAuthCodeReceiver.__enter__s r3c$|jyr8)r)rqexc_typeexc_valexc_tbs r__exit__zAuthCodeReceiver.__exit__s  r3)NNr8)NNNNNNNN) rrrrrrrrrrr9r3rrrs:!F. DLMQIM"B2H$ r3r__main__r>)Client)levelz/The auth code received will be shown at stdout.)formatter_class descriptionz --endpointzThe auth endpoint for your app.z>https://login.microsoftonline.com/common/oauth2/v2.0/authorize)helpdefault client_idz!The client_id of your application)rz--portzThe port in redirect_uri)typerrz --timeout<zTimeout value, in secondz--hostrzThe host of redirect_uri)rrz--scopezThe scope listauthorization_endpointr zhttp://{h}:{p})hr)scope redirect_urirzBSign In, or AbortzOh no. $errorzOh yeah. Got $coder)rrrrrr)indentr8)F__doc__ collectionsrloggingr!rrstringrrr http.serverrr urllib.parserrr htmlr ImportErrorBaseHTTPServerurllibcgi getLoggerrr@rr'r2rLrUr[r^rcreobjectrrrargparsejsonoauth2r basicConfigINFOArgumentParserArgumentDefaultsHelpFormatterrparser add_argumentrw parse_argsrendpointrclientr rinitiate_auth_code_flowrrrhostrflowprintdumpsrrr9r3rrs $  >::   8 $  ) ?&R  >T>4->4BA*fA(%.%}v}B zGgll+((( >>OOQQANN<PRNN;%HNINN8#q7QNRNN;S";UNVNN8[7QNRNN9d1ANB    D -t}}=t~~ NF tyy ) X--(, $**""$)00499@Q@Q@S0T. jdjj33*%T71LLw-4   #I A+  j  sI(B"I<!I98I9<J