]j"ddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl mZddlmZdd lmZdd lmZGd d ej*ZGd deZGddeZGddeZy)) timedelta)Any)AutoOneToOneField)models) gettext_lazy) Organization) TokenBackend) TokenError) RefreshToken) api_settingscLeZdZdZeeddejZeje dddZ eje dd d Z eje d d d Zeje ddZeje ddZdZy) JWTSettingsz5Organization-specific JWT settings for authenticationjwtT) related_name primary_key on_deletezJWT API tokens enabledz9Enable JWT API token authentication for this organization)default help_textz!JWT API token time to live (days)(z+Number of days before JWT API tokens expirezlegacy API tokens enabledFzsw~g&&r) rr r!r"dictstrrr5r< __classcell__r:s@rr/r/)sC +d38n + + '4S> 'c ' 'rr/c eZdZdZedZeejejejejejejejejZdefdZfdZxZS) LSAPITokena=API token that utilizes JWT, but stores a truncated version and expires based on user settings This token class extends RefreshToken to provide organization-specific token lifetimes and support for truncated tokens. It uses the LSTokenBackend to securely store the token (without the signature). r)daysr1cT|jj|jS)zGet the complete JWT token string (including the signature). Returns: The full JWT token string with header, payload and signature )get_token_backendr<r0)rs r get_full_jwtzLSAPIToken.get_full_jwt`s" %%'33DLLAArc@|jt| S)zBlacklist this token. Raises: rest_framework_simplejwt.exceptions.TokenError: If the token is already blacklisted. )check_blacklistr4 blacklist)rr:s rrIzLSAPIToken.blacklisths w ""r)rr r!r"rlifetimer/simple_jwt_settings ALGORITHM SIGNING_KEY VERIFYING_KEYAUDIENCEISSUERJWK_URLLEEWAY JSON_ENCODER_token_backendr>rFrIr?r@s@rrBrBJs~i(H#%%''))$$""##""(( NBcB##rrBc"eZdZdZfdZxZS)TruncatedLSAPITokenzHandles JWT tokens that contain only header and payload (no signature). Used when frontend has access to truncated refresh tokens only.c|jd}t|dkDrdj|dd}nt|dkr td|dzdz}t ||g|ddi|y)z^Initialize a truncated token, ensuring it has exactly 2 parts before adding a dummy signature.r3NzInvalid Label Studio token+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxverifyF)r6lenr7r r4__init__)rtokenargskwargspartsr:s rr\zTruncatedLSAPIToken.__init__vsu C  u:>HHU2AY'E Z!^9: : x( >t>u>v>r)rr r!r"r\r?r@s@rrVrVrsG ? ?rrVN)datetimertypingrannoying.fieldsr django.dbrdjango.utils.translationrr%organizations.modelsr!rest_framework_simplejwt.backendsr #rest_framework_simplejwt.exceptionsr rest_framework_simplejwt.tokensr r rKModelrr/rBrVr-rrrksY-6-::8O6&,,66'\'B%#%#P?*?r