qi7]SrSSKrSSKrSSKrSSKrSSKrSSKJr SSKJ r SSK J r SSK J r Jr SSKJr SSKJr SS KJrJrJr S r\ R0"\5rS r"S S \5rg)a: WSGI middleware for HTTP basic and digest authentication. Usage:: from http_authenticator import HTTPAuthenticator WSGIApp = HTTPAuthenticator(ProtectedWSGIApp, domain_controller, accept_basic, accept_digest, default_to_digest) where: ProtectedWSGIApp is the application requiring authenticated access domain_controller is a domain controller object meeting specific requirements (below) accept_basic is a boolean indicating whether to accept requests using the basic authentication scheme (default = True) accept_digest is a boolean indicating whether to accept requests using the digest authentication scheme (default = True) default_to_digest is a boolean. if True, an unauthenticated request will be sent a digest authentication required response, else the unauthenticated request will be sent a basic authentication required response (default = True) The HTTPAuthenticator will put the following authenticated information in the environ dictionary:: environ["wsgidav.auth.realm"] = realm name environ["wsgidav.auth.user_name"] = user_name environ["wsgidav.auth.roles"] = (optional) environ["wsgidav.auth.permissions"] = (optional) **Domain Controllers** The HTTP basic and digest authentication schemes are based on the following concept: Each requested relative URI can be resolved to a realm for authentication, for example: /fac_eng/courses/ee5903/timetable.pdf -> might resolve to realm 'Engineering General' /fac_eng/examsolns/ee5903/thisyearssolns.pdf -> might resolve to realm 'Engineering Lecturers' /med_sci/courses/m500/surgery.htm -> might resolve to realm 'Medical Sciences General' and each realm would have a set of user_name and password pairs that would allow access to the resource. A domain controller provides this information to the HTTPAuthenticator. This allows developers to write their own domain controllers, that might, for example, interface with their own user database. for simple applications, a SimpleDomainController is provided that will take in a single realm name (for display) and a single dictionary of user_name (key) and password (value) string pairs Usage:: from wsgidav.dc.simple_dc import SimpleDomainController users = dict(({'John Smith': 'YouNeverGuessMe', 'Dan Brown': 'DontGuessMeEither'}) realm = 'Sample Realm' domain_controller = SimpleDomainController(users, realm) Domain Controllers must provide the methods as described in ``wsgidav.interfaces.domaincontrollerinterface`` (interface_) .. _interface : interfaces/domaincontrollerinterface.py The environ variable here is the WSGI 'environ' dictionary. It is passed to all methods of the domain controller as a means for developers to pass information from previous middleware or server config (if required). N)md5)dedent)util)HTTP_NOT_FOUNDDAVError)SimpleDomainController)BaseMiddleware) calc_base64calc_hexdigestdynamic_import_classreStructuredTextc.[R"USSS9nURS5nUnUSLdU(d[nO&[R"U5(a [ U5n[ R"U5(a U"X5nU$[SUS35e)Nhttp_authenticatorTas_dictdomain_controllerz/Could not resolve domain controller class (got )) rget_dict_valuegetr is_basestringr inspectisclass RuntimeError) wsgidav_appconfig auth_confdcorg_dcs O/home/kali/flask_env/lib/python3.13/site-packages/wsgidav/http_authenticator.pymake_domain_controllerr bs##F,@$OI * +B F Tz #  B   !" %r  $ ILVHTUVWWcl^\rSrSrSr\"S5rU4SjrSrSr Sr Sr S r S r S rS rS rU=r$)HTTPAuthenticatoryz4WSGI Middleware for basic and digest authentication.z 401 Access not authorized

401 Access not authorized

c>[TU]XU5 URSS5UlX0l[ X5nX@l[R"USSS9nURSS5Ul URSS5Ul [R"US SS9nURS S5Ul URS S5Ul URS S5Ul URS S5UlUR5(dUUR(d"UR(dUR(d"[!UR"R$S35e['/5Ul[*R,"S5Ul[*R,"S5Ul[*R,"S5Ulg)NverbosehotfixesTrwinxp_accept_root_share_loginFwin_accept_anonymous_optionsr accept_basic accept_digestdefault_to_digesttrusted_auth_headerzl does not support digest authentication. Set accept_basic=True, accept_digest=False, default_to_digest=Falsez([\w]+)=([^,]*),z([\w]+)=("[^"]*,[^"]*"),z^([\w]+))super__init__r_verboserr rrrr)r*r+r,r-r.supports_http_digest_authr __class____name__dict _nonce_dictrecompile_header_parser_header_fix_parser_header_method)selfrnext_apprrr(rr3s rr0HTTPAuthenticator.__init__sx 7 9a0  #K 8!#&&vz4H .6\\ +U. *-5LL *E- )''0DdS %MM.$?&]]?DA!*/BD!I#,==1F#M ++--   $"8"8@Q@Q<<(()*VV   8 jj)<=#%**-H"I jj5r!cUR$N)r)r<s rget_domain_controller'HTTPAuthenticator.get_domain_controllers%%%r!cDURRUS5(+$r@)rrequire_authentication)r<shares rallow_anonymous_access(HTTPAuthenticator.allow_anonymous_accesss))@@MMMr!cURRUSU5nX1S'SUS'SUS'SUS'SnSURS S5;aS n[R S 5 SnUR (a US S :Xa[R S5 S nU(d URR X15(dURX5$UR(aURUR5(ar[RSURSURUR5<SU<35 URUR5US'URX5$SU;GaXU(GdPUSnURRU5nSnU(aURS5R5nUS:Xa"UR(aURX5$US:Xa"UR (aUR#X5$US:Xa"UR (aUR%X5$UR&(a"UR(aUR)X5$UR (aUR#X5$[R SU35 U"SSS[*R,"54/5 S/$UR&(aUR)X5$UR#X5$)N PATH_INFOwsgidav.auth.realmwsgidav.auth.user_namezwsgidav.auth.roleszwsgidav.auth.permissionsFlogout QUERY_STRINGTz Force logoutREQUEST_METHODOPTIONSz,No authorization required for OPTIONS methodzAccept trusted user_name =z for realm HTTP_AUTHORIZATIONNonedigestbasicz>HTTPAuthenticator: respond with 400 Bad request; Auth-Method: z400 Bad Request)Content-Length0Date)rget_domain_realmr_loggerwarningr*rDr=r.debugr;searchgrouplowerr,handle_digest_auth_requestr+send_basic_auth_responsehandle_basic_auth_requestr-send_digest_auth_responserget_rfc1123_time) r<environstart_responserealm force_logout force_allow auth_header auth_match auth_methods r__call__HTTPAuthenticator.__call__s&&77 8LgV(-$%,.())-$%.2*+ w{{>26 6L OON +  , ,9I1Ji1W OOJ KK d44KK   ==9 9  # # D4L4L(M(M MM+D,D,D+EQw{{SWSkSkGlFooyzzCD 18 D->44WMM'D,=,=55gNN''D,>,>55gNN""44WMM OOPQ\P]^  !(643H3H3J*KL 4K  ! !11'J J,,WEEr!c 6URRUSU5n[RSU<S35 SUS3n[R "UR 5nU"SSU4SS [[U554S [R"54/5 U/$) NrI401 Not Authorized for realm z (basic)z Basic realm=""401 Not AuthorizedWWW-Authenticatez Content-Typeztext/html; charset=utf-8rWrY) rrZr[r]rto_byteserror_message_401strlenre)r<rfrgrhwwwauthheadersbodys rrb*HTTPAuthenticator.send_basic_auth_response s&&77 8LgV 5eYhGH(q1}}T334 #^4<!3s4y>2..01   v r!c&URRUSU5nUSnSnU[S5SR5n[ R "[R"U55n[R"U5nURSS5upgURRX6Xq5(aX1S'XaS'URX5$[RS U<S U<S 35 URX5$![a SnNf=f) NrIrRrKzBasic :rTrJrLz'Authentication (basic) failed for user , realm .)rrZrystrip Exceptionbase64 decodebytesrrvto_strsplitbasic_auth_userr=r[r\rb)r<rfrgrhrk auth_value user_namepasswords rrc+HTTPAuthenticator.handle_basic_auth_requests &&77 8LgV23   $S]_5;;=J'' j(AB [[, (..sA6  ! ! 1 1%H V V,1( )09, -==9 95i](5)ST U ,,WEE J sD DDc PURRUSU5n[R"5 [ [R "S55SSn[ US5n[[R"55nU[ US-U-S-U-5-n[U5nSUSUS3n [RSU<S U 35 [R"UR5n U"S S U 4S S [[U 554S[R "54/5 U /$)NrI r~zDigest realm="z ", nonce="z", algorithm=MD5, qop="auth"rqz (digest): rsrtrurWrY)rrZrandomseedhex getrandbitsr rxtimer r[r]rrvrwryre) r<rfrgrh serverkeyetagkeytimekey nonce_sourcenoncerzr{s rrd+HTTPAuthenticator.send_digest_auth_response1s(&&77 8LgV **2./3  !56diik" cMG #c )I 5"  L)UG:eW4P Q   +E9K?O P }}T334 #^4<!3s4y>2..01   v r!c , URRUSU5nU(d[[SUS3S9eSn/n0nUSS-nUR 5R 5R S5(dSnURS U35 URRU5nURRU5n U (a[RS US U 35 X- nUH.n U S n U S R 5R S5n XU 'M0 Sn SU;a\USn U (dSnURSU <35 OKSU ;a1U nU RSS5n [RSU<SU <35 OSnURS5 SU;alUSR5UR5:waGUR(aUSS:Xa[RS5 OSnURSU<35 SU;a*USR5S:waSnURS5 UR!S5nSU;aUSnOSnURS5 SnS U;a/SnUS nUR 5S!:waSnURS"5 OSnS#U;aUS#nOSnU(aSnURS$5 S%U;aUS%nOSnU(aSnURS&5 S'U;aUS'nOSnURS(5 U(dUS)nUR#UU UUWUUUU5 nU(dSnURS*U<S+U <S,35 OUW:waS-U<S+U <S.US/U3nUR(aWUS:waQUR#SU UUUUUUU5 nUU:Xa[R%S0U<S135 O,SnURUS2-5 OSnURU5 OU(aURS3U35 UR&S4:a5[R%S5R)XS6R+U555 O[R%S7U <S8U<S135 UR-X5$X1S9'XS:'UR/X5$);NrIzCould not resolve realm for ) context_infoFrR,rUTz-HTTP_AUTHORIZATION must start with 'digest': z)Fixing auth_header comma-parsing: extend z with rrTrrusernamez`username` is empty: z\\\z+Fixing Windows name with double backslash: z --> zMissing 'username' in headersrh/r)zRealm mismatch: algorithmMD5z"Unsupported 'algorithm' in headersurirzExpected 'nonce' in headersqopauthzExpected 'qop' == 'auth'cnoncez-Expected 'cnonce' in headers if qop is passedncz)Expected 'nc' in headers if qop is passedresponsezExpected 'response' in headersrOz Rejected by DC.digest_auth_user(z, rz_compute_digest_response(z, ...): z != zAuthentication (digest) failed for user {!r}, realm {!r}: {}z z(Authentication (digest) failed for user rrJrL)rrZrrr`r startswithappendr9findallr:r[inforeplaceupperr)r_compute_digest_responser\r1formatjoinrdr=)r<rfrgrhis_invalid_reqinvalid_req_reasonsauth_header_dict auth_headersauth_header_listauth_header_fixlistrkauth_header_keyauth_header_value req_usernamereq_username_orgreq_uri req_nonce req_has_qopreq_qop req_cnoncereq_nc req_response req_methodrequired_digest warning_msg root_digests rra,HTTPAuthenticator.handle_digest_auth_requestOsE&&77 8LgV;GK|>NhW\V__`a11'J J(-$%,8()}}W55r!c ^SmU4Sjn URRXU 5n U (dgUS-U-n U(a(U "XS-U-S-U-S-U-S-T"U 5-5n U $U "XS-T"U 5-5n U $)aComputes digest hash. Calculation of the A1 (HA1) part is delegated to the dc interface method `digest_auth_user()`. Args: realm (str): user_name (str): method (str): WebDAV Request Method uri (str): nonce (str): server generated nonce value cnonce (str): client generated cnonce value qop (str): quality of protection nc (str) (number), nonce counter incremented by client Returns: MD5 hash string or False if user rejected by domain controller c\[[R"U55R5$r@)rrrv hexdigest)datas rmd5h8HTTPAuthenticator._compute_digest_response..md5h4st}}T*+557 7r!c >T"US-U-5$)Nr~)secretrrs rmd5kd9HTTPAuthenticator._compute_digest_response..md5kd7s t+, ,r!Fr~)rdigest_auth_user)r<rhrmethodrrrrrrfrA1A2resrs @rr*HTTPAuthenticator._compute_digest_responses, 8 - # # 4 4Uw O c\C  CK"$s*V3c9C?#ERPC  CK$r(23C r!) r:r;r9r6r1r+r,rr-rr.r*r))r4 __module__ __qualname____firstlineno____doc__rrwr0rArFrnrbrcrdrar__static_attributes__ __classcell__)r3s@rr#r#ysP>  -6^&NKFZ"F.rs] IT 67-JJ"   *.NNr!