fddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl m Z ddlmZdd lmZdd lmZdd lmZdd lmZd ZdZdZdZdZdZdZdZy))urlparse)cache)ImproperlyConfigured)Http404)reverse urlencode)OneLogin_Saml2_Auth)OneLogin_Saml2_Constants) OneLogin_Saml2_IdPMetadataParser) get_adapter) SocialApp) SAMLProviderct} |j|tj|S#tj $rt d|wxYw)N)provider client_idz"no SocialApp found with client_id=)r get_appridr DoesNotExistr)requestorganization_slugadapters e/var/www/cs2snipe.com/venv/lib/python3.12/site-packages/allauth/socialaccount/providers/saml/utils.pyget_app_or_404rs_mGP loo9J    ! !P:;L:MNOOPs !."Ac|jrdnd|jd|jd|jj|jjd}|S)Nonoff HTTP_HOST PATH_INFO)https http_host script_nameget_data post_data) is_secureMETAGETcopyPOST)rresults rprepare_django_requestr+sX **,%\\+.||K0KK$$&\\&&( F Mc>|jtd|g}|jtd|g}|jtd|g}|jdi}|jd}|xs||tjd|tj dd}|jd i} | jd | d |d <| jd r| d |d <| jd | d |d<| jd| d|d<|S)Nsaml_acs)argssaml_sls saml_metadatasp entity_id)urlbinding)entityIdassertionConsumerServicesingleLogoutServiceadvancedx509cert x509cert_new x509certNew private_key privateKeyname_id_format NameIDFormat)build_absolute_urirgetr BINDING_HTTP_POSTBINDING_HTTP_REDIRECT) rprovider_configorgacs_urlsls_url metadata_url _sp_config sp_entity_id sp_configavds rbuild_sp_configrN(s2((3%)HIG((3%)HIG--goSE.RSL!$$T2.J>>+.L 0L/AA% /EE I   j" -C wwz& #J * ww~#&~#6 -  ww})"%m"4 , ww ,$'(8$9 .! r,c|d}|d}d|d|}tj|}|Otj|||jdd}tj|||jdd |S) NrIr3zsaml.metadata..metadata_request_timeout )r3timeoutmetadata_cache_timeouti@8)rrBr parse_remoteset) idp_configrIr3 cache_key saml_configs rfetch_metadata_url_configrZLsn-L;'I a {;I))I&K6CC NN#=rB    NN3[ A r,cb|jdi}id|jddd|jdtjd|jddd |jd dd dd |jd tjd|jddd|jddd|jddd|jddd|jddd|jddd|jddd|jddd|jd dd!|jd"dd#|jd$d}|jd%d|d&}|jd'}|r||d(<|jd)}|r||d)<|jd*}| t d+|jd,} | rt |} | d*|d*<n1|d-|d.d/|d0id1|d*<|jd2} | r d/| i|d*d3<t ||||d4<|S)5Nr9authnRequestsSignedauthn_request_signedFdigestAlgorithmdigest_algorithmlogoutRequestSignedlogout_request_signedlogoutResponseSignedlogout_response_signedrequestedAuthnContextsignatureAlgorithmsignature_algorithm signMetadatametadata_signedwantAssertionsEncryptedwant_assertion_encryptedwantAssertionsSignedwant_assertion_signedwantMessagesSignedwant_message_signednameIdEncryptedname_id_encryptedwantNameIdEncryptedwant_name_id_encryptedallowSingleLabelDomainsallow_single_label_domainsrejectDeprecatedAlgorithmreject_deprecated_algorithmT wantNameId want_name_idwantAttributeStatementwant_attribute_statementallowRepeatAttributeNameallow_repeat_attribute_namestrict)r}securitycontact_person contactPerson organizationidpz `idp` missingrIr3r:r4sso_url)r6r:singleSignOnServiceslo_urlr8r2)rBr SHA256 RSA_SHA256rrZrN) rrErFrMsecurity_configrYrrrrI meta_configrs rbuild_saml_configr_s   j" -Csww'=uE377#57O7V7VW sww'>F (@% H    cgg !#;#F#F   159 "377+Eu#M (? G cgg&;UC 377#6> sww'?G "377+G#O $SWW-JD%Q!" cggne4#$ !#''*Dd"K%& #CGG,I4$P'O,''(D)#K %(()9:N'5 O$"&&~6L&2 N#   e $C {"?3377>*L/4 (/ EK(J$)3y>#: E '')$ 9>8HK 4 5'#FK r,c d|i}t|S)Nstater)rparamss rencode_relay_statersu F V r,cd}|rLt|}|js3|js'|jr|jj dr|}|S)zAccording to the spec, RelayState need not be a URL, yet, ``onelogin.saml2` exposes it as ``return_to -- The target URL the user should be redirected to after login``. Also, for an IdP initiated login sometimes a URL is used. N/)rschemenetlocpath startswith) relay_statenext_urlpartss rdecode_relay_statersE H% <<5<rsT!#7'3=O52FP !H&6r r,