U ÔÉ>i÷ã@sÎddlmZddlmZddlmZddlmZddlm Z m Z ddl m ZddlmZddlmZmZmZmZdd lmZdd lmZddlm Z dd lmZdd lmZGd d„deƒZ e dœdd„ZdS)é)ÚBytesIO)ÚDict)Úquote)Ú urlencode)ÚgettextÚ gettext_lazy)Ú app_settings)Ú get_adapter)Ú user_displayÚ user_emailÚuser_pk_to_url_strÚ user_username)Úcontext)Ú BaseAdapter)Ú Authenticator)Úimport_attributec@s eZdZdZedƒedƒedƒedƒedƒdœZedœd d „Zedœd d „Zedœd d„Z eedœdd„Z eedœdd„Z edœdd„Z eedœdd„Z eedœdd„Zeedœdd„Zd d!„Zd,edœd#d$„Zejed%œd&d'„Zeeefdœd(d)„Zedœd*d+„Zd"S)-ÚDefaultMFAAdaptera4The adapter class allows you to override various functionality of the ``allauth.mfa`` app. To do so, point ``settings.MFA_ADAPTER`` to your own class that derives from ``DefaultMFAAdapter`` and override the behavior by altering the implementation of the methods according to your own needs. zUYou cannot add an email address to an account protected by two-factor authentication.z0You cannot deactivate two-factor authentication.zTYou cannot generate recovery codes without having two-factor authentication enabled.zIncorrect code.zYYou cannot activate two-factor authentication until you have verified your email address.)Zadd_email_blockedZcannot_delete_authenticatorZcannot_generate_recovery_codesZincorrect_codeZunverified_email©ÚreturncCs | |¡S)zZReturns the label used for representing the given user in a TOTP QR code. )Ú_get_user_identifier©ÚselfÚuser©rú7/tmp/pip-unpacked-wheel-upujnpc2/allauth/mfa/adapter.pyÚget_totp_label/sz DefaultMFAAdapter.get_totp_labelcCs$t|ƒ}|st|ƒ}|s t|ƒ}|S)z`Human-palatable identifier for a user account. It is intended only for display. )r r Ústr)rrÚlabelrrrr5s z&DefaultMFAAdapter._get_user_identifiercCstj}|s| ¡}|S)zYReturns the TOTP issuer name that will be contained in the TOTP QR code. )rZ TOTP_ISSUERÚ_get_site_name)rÚissuerrrrÚget_totp_issuer@sz!DefaultMFAAdapter.get_totp_issuer)ÚsecretrcCs\| |¡}| ¡}||dœ}tjdkr0tj|d<tjdkrDtj|d<dt|ƒ›dt|ƒ›S)N)r!réÚdigitséZperiodzotpauth://totp/ú?)rr rZ TOTP_DIGITSZ TOTP_PERIODrr)rrr!rrÚparamsrrrÚbuild_totp_urlIs ü    z DefaultMFAAdapter.build_totp_url)ÚurlrcCs@ddl}ddlm}|j||d}tƒ}| |¡| ¡ d¡S)Nr)Ú SvgPathImage)Z image_factoryÚutf8)ÚqrcodeZqrcode.image.svgr)ÚmakerÚsaveÚgetvalueÚdecode)rr(r+r)ÚimgÚbufrrrÚbuild_totp_svgXs   z DefaultMFAAdapter.build_totp_svgcCs0tjr"ddlm}|j tj¡jStj  ¡SdS)Nr)ÚSite) Úallauth_settingsZ SITES_ENABLEDZdjango.contrib.sites.modelsr3ÚobjectsZ get_currentrÚrequestÚnameÚget_host)rr3rrrras z DefaultMFAAdapter._get_site_name)ÚtextrcCs|S)z³Secrets such as the TOTP key are stored in the database. This hook can be used to encrypt those so that they are not stored in the clear in the database. r)rr9rrrÚencryptiszDefaultMFAAdapter.encrypt)Úencrypted_textrcCs|}|S)zCounter part of ``encrypt()``.r)rr;r9rrrÚdecryptpszDefaultMFAAdapter.decrypt)Ú authenticatorrcCsdS)NTr)rr=rrrÚcan_delete_authenticatorusz*DefaultMFAAdapter.can_delete_authenticatorcOstƒj||ŽS©N)Úget_account_adapterÚsend_notification_mail)rÚargsÚkwargsrrrrAxsz(DefaultMFAAdapter.send_notification_mailNcCs4|jr dStjj|d}|dk r,|j|d}| ¡S)zM Returns ``True`` if (and only if) the user has 2FA enabled. F)rN)Ztype__in)Z is_anonymousrr5ÚfilterÚexists)rrÚtypesÚqsrrrÚis_mfa_enabled{s  z DefaultMFAAdapter.is_mfa_enabled)ÚtypercCsHtjj||d ¡}|dkr$tdƒS|dkr4tdƒStdƒj|ddS)zi Generate a human friendly name for the key. Used to prefill the "Add key" form. )rrIrz Master keyéz Backup keyzKey nr. {number})Únumber)rr5rDÚcountrÚformat)rrrIÚnrrrÚgenerate_authenticator_name†s z-DefaultMFAAdapter.generate_authenticator_namecCs"| ¡}tj ¡ d¡d|dœS)Nú:r)Úidr7)rrr6r8Ú partition)rr7rrrÚ#get_public_key_credential_rp_entity’sþz5DefaultMFAAdapter.get_public_key_credential_rp_entitycCs t|ƒ d¡t|ƒ| |¡dœS)Nr*)rQZ display_namer7)r Úencoder rrrrrÚ%get_public_key_credential_user_entity™s ýz7DefaultMFAAdapter.get_public_key_credential_user_entity)N)Ú__name__Ú __module__Ú __qualname__Ú__doc__Ú_Zerror_messagesrrrr r'r2rr:r<rÚboolr>rArHÚTyperOrrSÚdictrUrrrrrs:ÿÿÿÿõ     rrcCs ttjƒƒSr?)rrZADAPTERrrrrr ¡sr N)!ÚiorÚtypingrÚ urllib.parserZdjango.utils.httprZdjango.utils.translationrrrZZallauthrr4Zallauth.account.adapterr r@Zallauth.account.utilsr r r r Z allauth.corerZallauth.core.internal.adapterrZ allauth.mfaZallauth.mfa.modelsrZ allauth.utilsrrrrrrÚs