]j@(ddlZddlmZddlmZmZddlmZddlmZddl m Z ddl m Z m Z ddlmZmZmZmZmZdd lmZmZdd lmZdd lmZdd lmZdd lmZddlm Z ddl!m"Z"ddl#m$Z$m%Z%ddl&m'Z'm(Z(ddl)m*Z*m+Z+ejXe-Z.GddeZ/ededgdddddgdededgdd dd!dgdGd"d#eZ0Gd$d%e*Z1ededgd&d'ejdeid(d)dgd*ededgd+d,ejfeid(d-dgd*Gd.d/ejhZ5Gd0d1e+Z6Gd2d3e+Z7y)4N)datetime)ViewClassPermissionall_permissions)method_decorator) extend_schema)TokenAuthenticationPhaseout) LSAPITokenTruncatedLSAPIToken)JWTSettingsSerializerLSAPITokenCreateSerializerLSAPITokenListSerializerTokenRefreshResponseSerializerTokenRotateResponseSerializer)genericsstatus)SessionAuthentication) APIException) CreateAPIView)Response) api_settings)JWTAuthentication)TokenBackendError TokenError)BlacklistedTokenOutstandingToken)TokenRefreshView TokenViewBasec,eZdZejZdZdZy)TokenExistsErrorzKYou already have a valid token. Please revoke it before creating a new one. token_existsN)__name__ __module__ __qualname__rHTTP_409_CONFLICT status_codedefault_detail default_codeE/root/env/lib/python3.12/site-packages/label_studio/jwt_auth/views.pyrrs**KbN!Lr)rgetJWTzRetrieve JWT Settingszargskwargsr-s r*r+zJWTSettingsAPI.getJs*( ++L9>>??r)c|j}|j|j|}|jd|j t |jS)N)rGinstanceTraise_exception)rDrFrGis_validsaver)rCr>rHrIr- serializers r*r6zJWTSettingsAPI.postNsQ( ((gll\(R D1 ((r)N) r!r"r#r serializer_classrrorganizations_vieworganizations_changepermission_requiredrDr+r6r(r)r*r9r9$s76--  . .  1 1  @)r)r9c beZdZedgddej eidddgdfd ZxZS) DecoratedTokenRefreshViewr,zRefresh JWT tokenz.Get a new access token, using a refresh token.tokensrefreshr.r/r0r1r2 responsesr3c*t||g|i|Sr=)superr6)rCr>rHrI __class__s r*r6zDecoratedTokenRefreshView.postWsw|G5d5f55r)) r!r"r#rr HTTP_200_OKrr6 __classcell__)r]s@r*rVrVVsHW#D    > &.&/!)   6 6r)rVzList API tokensz)List all API tokens for the current user.rWlistrYzCreate API tokenz,Create a new API token for the current user.createc@eZdZejZeZdZdZ dZ dZ y)LSAPITokenViewcJtjjtjj dd}t jj|jjjtjj|S)zReturns all non-expired non-blacklisted tokens for the current user. The `list` method handles filtering for refresh tokens (as opposed to access tokens), since simple-jwt makes it hard to do this at the DB level.)token__expires_at__gttoken_idT)flat)user_idexpires_at__gt)id__in) robjectsfilterrnow values_listrr>r?idexclude)rCcurrent_blacklisted_tokenss r* get_querysetzLSAPITokenView.get_querysets&6%=%=%D%D[c[g[g[i%D%j%v%v T&w& " ''..t||7H7H7K7K\d\h\h\j.kss-t  r)c  |j}dtfd}ttd|Dcgc] }|| c}}|Dcgc] }|ddk(s |} }|j | d} | j } t | Scc}wcc}w)Ntokenc tt|jS#ttf$r }t j d|Yd}~yd}~wwxYw)Nz#JWT API token validation failed: %s)r strrtrrloggerdebug)rtes r*_maybe_get_tokenz-LSAPITokenView.list.._maybe_get_tokensC *3u{{+;<< 12  BAF s AA  A token_typerXT)many)rrrr`rlrFrGr) rCr>rHrI all_tokensrzrt token_objectstokrefresh_tokensrPrGs r*r`zLSAPITokenView.lists&&(  $4 VDPZ*[u+;E+B*[\] )6Y##l:Ky:X#YY((d(C ~ +\YsB B B cL|jjdk(rtStS)Nr;)r>methodr r )rCs r*get_serializer_classz#LSAPITokenView.get_serializer_classs <<  & (- -''r)c|j}|jr t|jj |j j }||_yr=)rrexistsr token_classfor_userr>r?rK)rCrPexisting_tokensrts r*perform_createzLSAPITokenView.perform_createsM++-  ! ! #"$ $  ))$,,*;*;<# r)N) r!r"r#rusers_token_anyrTr rrrr`rrr(r)r*rcrchs*B*99K $&( $r)rcc reZdZdZedgddej dejdiddd gd  d Zy )LSTokenBlacklistViewz2jwt_auth.serializers.LSAPITokenBlacklistSerializerr,zBlacklist a JWT refresh tokenzeAdds a JWT refresh token to the blacklist, preventing it from being used to obtain new access tokens.z"Token was successfully blacklistedzToken is already blacklistedrW blacklistr.r/rYc<|j|j} |jdttjS#t$rH}tj dt |dtdditjcYd}~Sd}~wwxYw) NrGTrLz:Token error occurred while trying to blacklist a token: %s)exc_infodetail(Token is invalid or already blacklisted.r) rFrGrNrrwerrorrvrrHTTP_404_NOT_FOUNDHTTP_204_NO_CONTENT)rCr>rHrIrPrys r*r6zLSTokenBlacklistView.posts((gll(;  v     5 v99::  v LLUWZ[\W]hlL mX'QR[a[t[tu u vsA B=BBBN) r!r"r#_serializer_classrrrrr6r(r)r*rrsYLW/{  & &(L  % %'E &.&1!)    ;  ;r)rc eZdZeeegZejZ e jZ dZ eZedgddej$eej(didddgd  d Zd Zy )LSAPITokenRotateViewz/jwt_auth.serializers.LSAPITokenRotateSerializerr,zRotate JWT refresh tokenz?Creates a new JWT refresh token and blacklists the current one.z*Invalid token or token already blacklistedrWrotater.r/rYc|j|j}|jd|jd} |j |j|j}t d|jitjS#t $r t dditjcYSwxYw)NrTrLrXrrr) rFrGrNvalidated_datarrrrHTTP_400_BAD_REQUEST create_tokenr? get_full_jwtr^)rCr>rHrIrP current_token new_tokens r*r6zLSAPITokenRotateView.posts((gll(; D1"11)<  x  # # % %%gll3 I$:$:$<=fFXFXYY  xX'QR[a[v[vw w xsB&B>=B>c8|jj|S)zcCreate a new token for the user. Can be overridden by child classes to use different token classes.)rr)rCr?s r*rz!LSAPITokenRotateView.create_tokens((..r)N)r!r"r#rrrauthentication_classesrDEFAULT_PERMISSION_CLASSESpermission_classesrrrTrr rrrr^rrr6rr(r)r*rrs01LNcd%@@)99IKW*U    =  ' ')U &.&.!)    Z  Z/r)r)8loggingrcore.permissionsrrdjango.utils.decoratorsrdrf_spectacular.utilsr jwt_auth.authrjwt_auth.modelsr r jwt_auth.serializersr r r rrrest_frameworkrrrest_framework.authenticationrrest_framework.exceptionsrrest_framework.genericsrrest_framework.responserrest_framework.settingsr'rest_framework_simplejwt.authenticationr#rest_framework_simplejwt.exceptionsrr/rest_framework_simplejwt.token_blacklist.modelsrrrest_framework_simplejwt.viewsrr getLoggerr!rwrr9rVr^HTTP_201_CREATEDListCreateAPIViewrcrrr(r)r*rsA4/5;,?21,0EM^J   8 $"|"  W'R%3&+!)    W%P%3&.!)   )])  4)06 06$ W!?    8 &.&,!)     W"B  # #%? &.&.!)    5$X//5$!!@5$p;=;<(/=(/r)