U g@sddlmZddlZddlZddlZddlmZmZmZm Z m Z m Z ddl m Z ddlmZddlmZmZdd lmZmZd d gZe eefZd d dddZGdd d eZddddddddd ZdS)) annotationsN)Any AwaitableCallableIterableTuplecast)Headers) InvalidHeader)build_www_authenticate_basicparse_authorization_basic) HTTPResponseWebSocketServerProtocol BasicAuthWebSocketServerProtocolbasic_auth_protocol_factoryrbool)valuereturnc Cs@z |\}}Wnttfk r&YdSXt|to:t|tSdSNF) TypeError ValueError isinstancestr)rusernamepasswordr:/tmp/pip-unpacked-wheel-dx_q7dq3/websockets/legacy/auth.pyis_credentialss  rcsxeZdZUdZdZded<dZded<dddd dd d d d fd dZddddddZddddfdd Z Z S)rzC WebSocket server protocol that enforces HTTP Basic Auth. rrealmN str | Nonerr!check_credentialsr,Callable[[str, str], Awaitable[bool]] | NoneNone)argsr!r$kwargsrcs&|dk r||_||_tj||dSN)r!_check_credentialssuper__init__)selfr!r$r'r( __class__rrr,.sz)BasicAuthWebSocketServerProtocol.__init__rrrrcs |jdk r|||IdHSdS)a Check whether credentials are authorized. This coroutine may be overridden in a subclass, for example to authenticate against a database or an external service. Args: username: HTTP Basic Auth username. password: HTTP Basic Auth password. Returns: :obj:`True` if the handshake should continue; :obj:`False` if it should fail with an HTTP 401 error. NF)r*)r-rrrrrr$:s z2BasicAuthWebSocketServerProtocol.check_credentialsr zHTTPResponse | None)pathrequest_headersrcsz |d}Wn.tk r:tjjdt|jfgdfYSXzt|\}}Wn.tk rztjjdt|jfgdfYSX|||IdHstjjdt|jfgdfS||_ t ||IdHS)zS Check HTTP Basic Auth and return an HTTP 401 response if needed. AuthorizationzWWW-AuthenticatesMissing credentials sUnsupported credentials NsInvalid credentials ) KeyErrorhttp HTTPStatus UNAUTHORIZEDr r!r r r$rr+process_request)r-r1r2 authorizationrrr.rrr8Os*    z0BasicAuthWebSocketServerProtocol.process_request) __name__ __module__ __qualname____doc__r!__annotations__rr,r$r8 __classcell__rrr.rrs    r"z*Credentials | Iterable[Credentials] | Noner%z6Callable[..., BasicAuthWebSocketServerProtocol] | Nonez/Callable[..., BasicAuthWebSocketServerProtocol])r! credentialsr$create_protocolrcs|dk|dkkrtd|dk rt|r6tt|g}nLt|trttttt|}tdd|Dstd|ntd|t|ddddfd d }|dkrt }tt d t f|}t j |||d S) a Protocol factory that enforces HTTP Basic Auth. :func:`basic_auth_protocol_factory` is designed to integrate with :func:`~websockets.legacy.server.serve` like this:: serve( ..., create_protocol=basic_auth_protocol_factory( realm="my dev server", credentials=("hello", "iloveyou"), ) ) Args: realm: Scope of protection. It should contain only ASCII characters because the encoding of non-ASCII characters is undefined. Refer to section 2.2 of :rfc:`7235` for details. credentials: Hard coded authorized credentials. It can be a ``(username, password)`` pair or a list of such pairs. check_credentials: Coroutine that verifies credentials. It receives ``username`` and ``password`` arguments and returns a :class:`bool`. One of ``credentials`` or ``check_credentials`` must be provided but not both. create_protocol: Factory that creates the protocol. By default, this is :class:`BasicAuthWebSocketServerProtocol`. It can be replaced by a subclass. Raises: TypeError: If the ``credentials`` or ``check_credentials`` argument is wrong. Nz/provide either credentials or check_credentialscss|]}t|VqdSr))r).0itemrrr sz.basic_auth_protocol_factory..zinvalid credentials argument: rrr0cs0z |}Wntk r"YdSXt||Sr)r4hmaccompare_digest)rrZexpected_passwordZcredentials_dictrrr$s  z6basic_auth_protocol_factory..check_credentials.r#) rrr Credentialsrrlistalldictrr functoolspartial)r!r@r$rAZcredentials_listrrGrrvs.&  )NNNN) __future__rrLrEr5typingrrrrrrZdatastructuresr exceptionsr headersr r serverrr__all__rrHrrrrrrrs"      Z