)JflddlmZddlmZddlmZmZGddeZGddeZegZ dS) )reverse) urlencode)ProviderProviderAccountceZdZfdZxZS) SAMLAccountcDtSN)superto_str)self __class__s p/home/alex/cs2snipeproduction/venv/lib/python3.11/site-packages/allauth/socialaccount/providers/saml/provider.pyr zSAMLAccount.to_strsww~~)__name__ __module__ __qualname__r __classcell__rs@rrrs8         rrcjeZdZdZdZeZdgddgdgddgd gd gd Zfd Zd Z dZ dZ dZ dZ xZS) SAMLProvidersamlSAMLz,urn:oasis:names:tc:SAML:attribute:subject-idz!urn:oid:0.9.2342.19200300.100.1.3zBhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressz'http://schemas.auth0.com/email_verifiedz?http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennamezurn:oid:2.5.4.42zurn:oid:2.5.4.4z!http://schemas.auth0.com/nickname)uidemailemail_verified first_name last_nameusernamectj|i||jjp|jjp|j|_dSr )r __init__appname client_id)r argskwargsrs rr!zSAMLProvider.__init__'s?$)&)))HMDTX%7D49 rc ntdd|jji}|r|dzt|z}|S)N saml_loginorganization_slug)r&?)rr"r$r)r requestr&urls r get_login_urlzSAMLProvider.get_login_url+sBl,?AS+TUUU  0)i///C rc*|Sr )get_attributes)r datas rextract_extra_datazSAMLProvider.extract_extra_data1s""$$$rc||d}||}|S)uhttp://docs.oasis-open.org/security/saml-subject-id-attr/v1.0/csprd01/saml-subject-id-attr-v1.0-csprd01.html Quotes: "While the Attributes defined in this profile have as a goal the explicit replacement of the element as a means of subject identification, it is certainly possible to compose them with existing NameID usage provided the same subject is being identified. This can also serve as a migration strategy for existing applications." "SAML does not define an identifier that meets all of these requirements well. It does standardize a kind of NameID termed “persistent” that meets some of them in the particular case of so-called “pairwise” identification, where an identifier varies by relying party. It has seen minimal adoption outside of a few contexts, and fails at the “compact” and “simple to handle” criteria above, on top of the disadvantages inherent with all NameID usage." Overall, our strategy is to prefer a uid resulting from explicit attribute mappings, and only if there is no such uid fallback to the NameID. r)_extractget get_nameid)r r0rs r extract_uidzSAMLProvider.extract_uid4s<0mmD!!%%e,, ;//##C rc\||}|dd|S)Nr)r3pop)r r0rets rextract_common_fieldsz"SAMLProvider.extract_common_fieldsQs,mmD!! t rcJ|jj}|}i}|d|j}|D]Z\}}t |tr|g}|D]:}||d} | t| dkr | d||<n;[|d} | r| dv} | |d<|ds/| dkr| |d<|S)Nattribute_mappingrr)true1tyyesrz6urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress) r"settingsr/r4default_attribute_mappingitems isinstancestrlenlowerget_nameid_formatr5) r r0provider_configraw_attributes attributesr<key provider_keys provider_keyattribute_listrs rr3zSAMLProvider._extractVsX(+,,.. +// !?  #4"9"9";";   C--- 0!. -   !/!3!3L$!G!G!-#n2E2E2I2I&4Q&7JsOE#(899  :+11337UUN+9J' (w'' 4&&((GHH#'//"3"3Jw r)rrridr#r account_classrCr!r-r1r6r:r3rrs@rrr s B DM ;  0 P 6  N    0 %!!.EEEEE %%%: rrN) django.urlsrdjango.utils.httpr$allauth.socialaccount.providers.baserrrrprovider_classesrrrXs''''''JJJJJJJJ     /   ggggg8gggT!>r