)JfddlmZmZddlmZddlmZddlmZddl m Z ddl m Z ddl mZddlmZdd lmZdd lmZd d lmZd ZdZdZdZdZddZdZdS)) parse_qslurlparse)cache)ImproperlyConfigured)Http404)reverse urlencode)OneLogin_Saml2_Constants) OneLogin_Saml2_IdPMetadataParser) get_adapter) SocialApp) SAMLProviderct} ||tj|S#tj$rt d|wxYw)N)provider client_idz"no SocialApp found with client_id=)r get_appridr DoesNotExistr)requestorganization_slugadapters m/home/alex/cs2snipeproduction/venv/lib/python3.11/site-packages/allauth/socialaccount/providers/saml/utils.pyget_app_or_404rsrmmGP lo9J     !PPPN;LNNOOOPs !2"Ac|rdnd|jd|jd|j|jd}|S)Nonoff HTTP_HOST PATH_INFO)https http_host script_nameget_data post_data) is_secureMETAGETcopyPOST)rresults rprepare_django_requestr,sc **,,7%\+.|K0K$$&&\&&(( F McP|td|g}|td|g}|td|g}||tjd|tjdd}|di}|d |d|d<|d r |d |d <|d  |d |d <|d  |d |d<|S)Nsaml_acs)argssaml_sls saml_metadata)urlbinding)entityIdassertionConsumerServicesingleLogoutServiceadvancedx509cert x509cert_new x509certNew private_key privateKeyname_id_format NameIDFormat)build_absolute_urirr BINDING_HTTP_POSTBINDING_HTTP_REDIRECTget)rprovider_configorgacs_urlsls_url metadata_url sp_configavds rbuild_sp_configrK(sC((3%)H)H)HIIG((3%)H)H)HIIG--goSE.R.R.RSSL /A% % /E   I   j" - -C wwz& #J * ww~7#&~#6 -  ww})"%m"4 , ww  ,$'(8$9 .! r-c |d}|d}d|d|}tj|}|Utj|||dd}tj|||dd |S) NrH entity_idzsaml.metadata..metadata_request_timeout )rMtimeoutmetadata_cache_timeouti@8)rrCr parse_remoteset) idp_configrHrM cache_key saml_configs rfetch_metadata_url_configrXGsn-L;'I;;; ;;I)I&&K6C NN#=rBB      NN3[ A A   r-c@|di}id|ddd|dtjd|ddd |d dd dd |d tjd|ddd|ddd|ddd|ddd|ddd|ddd|ddd|ddd|d dd!|d"dd#|d$d}|d%d|d&}|d'}|r||d(<|d)}|r||d)<|d*}|t d+|d,} | rt |} | d*|d*<nA|d-|d.d/|d0id1|d*<|d2} | r d/| i|d*d3<t ||||d4<|S)5Nr8authnRequestsSignedauthn_request_signedFdigestAlgorithmdigest_algorithmlogoutRequestSignedlogout_request_signedlogoutResponseSignedlogout_response_signedrequestedAuthnContextsignatureAlgorithmsignature_algorithm signMetadatametadata_signedwantAssertionsEncryptedwant_assertion_encryptedwantAssertionsSignedwant_assertion_signedwantMessagesSignedwant_message_signednameIdEncryptedname_id_encryptedwantNameIdEncryptedwant_name_id_encryptedallowSingleLabelDomainsallow_single_label_domainsrejectDeprecatedAlgorithmreject_deprecated_algorithmT wantNameId want_name_idwantAttributeStatementwant_attribute_statementallowRepeatAttributeNameallow_repeat_attribute_namestrict)r{securitycontact_person contactPerson organizationidpz `idp` missingrHrMr9r3sso_url)r5r9singleSignOnServiceslo_urlr7sp)rCr SHA256 RSA_SHA256rrXrK) rrDrErJsecurity_configrWr}rrrH meta_configrs rbuild_saml_configrZs*   j" - -Csww'=uEE377#57O7VWW sww'>FF (@% H H    cgg !#;#F    1599 "377+Eu#M#M (? G G cgg&;UCC 377#6>> sww'?GG "377+G#O#O $SWW-JD%Q%Q!" cggne44#$ !#''*Dd"K"K%& #CGG,I4$P$P'O,''(D))#K %(()9::N6'5 O$"&&~66L3&2 N#   e $ $C {"?33377>**L I/44 (/ EK(J$)3y>#:  E '')$$  I9>8HK 4 5'#FFK r-Nc@i}|r||d<|r||d<t|S)Nprocessnextr )rnext_urlparamss rencode_relay_staters8 F$#y"!v V  r-ci}|r`t|}|js(|js!|jr |jdr||d<nt t |}|S)zAccording to the spec, RelayState need not be a URL, yet, ``onelogin.saml2` exposes it as ``return_to -- The target URL the user should be redirected to after login``. Also, for an IdP initiated login sometimes a URL is used. /r)rschemenetlocpath startswithdictr) relay_stateretpartss rdecode_relay_statersw C/%% < /5< /EJ /5:;P;PQT;U;U /%CKKy--..C Jr-)NN) urllib.parserrdjango.core.cacherdjango.core.exceptionsr django.httpr django.urlsrdjango.utils.httpr onelogin.saml2.constantsr "onelogin.saml2.idp_metadata_parserr allauth.socialaccount.adapterr allauth.socialaccount.modelsrrrrr,rKrXrrrr-rrsM,,,,,,,,######777777''''''======OOOOOO555555222222""""""PPP   >&666r     r-