o 0i@ @sddlmZddlmZddlmZddlmZm Z ddl Z ddl m Z ddl mZmZddlmZmZdd lmZe eZGd d d eZd ed efddZdeded efddZehdZd efddZ dedBde!ded efddZ"ded efddZ#de$de!d ed edBfd!d"Z%d efd#d$Z& d5de$de!d ed%edBd ef d&d'Z'd6d)ed*e$fd+d,Z(ed-geegd.d/Z)ed0geegd1d2Z*ed0geegd3d4Z+dS)7)get_user_model)check_password)settings) DatabaseError connectionsN)Token)api_viewpermission_classes)AllowAnyIsAuthenticatedResponsec@s eZdZdS)LegacyDbUnavailableN)__name__ __module__ __qualname__rr8/var/www/html/livekitdocker/backend/config/auth_views.pyrsrhash_strreturncCs|dr d|ddS|S)Nz$2y$z$2b$) startswith)rrrr_normalize_bcrypt_hashs r plain_or_hash stored_hashcCs||krdS|drDzddl}Wnty tdYdSwzt|}||d|dWStyCtjdddYdSwt||S) NTz$2rzauth.token bcrypt import failedFzutf-8zauth.token bcrypt check failedexc_info) rbcrypt Exceptionloggerwarningrcheckpwencodedjango_check_password)rrr normalizedrrr_check_bcrypt_passwords"      r%>adminowner superadmin super_admincCs$|durdSt|ddS)N _)strstriplowerreplace)role_valrrr_normalize_role_string4sr2 bia_role_rawlegacyui_hintcCsf|durt|dkrt|pdS|d}|dur)t|dkr)t|p(dS|r1t|p0dSdS)za Prefer cluster `business_id_agents.role`, then legacy `users.role`, then login UI hint. Nr*agentrole)r-r.r2get)r3r4r5lrrrr_coerce_effective_role:s    r: role_normcCs|tvSN) _ADMIN_ROLES)r;rrr_django_is_privilegedHsr> business_id identifierc Cst|dpd}t|pd}|d}|d}g}|dur8t|dkr8|d||gf|durMt|dkrM|d||gf|sQ|rm|d||pX||p[|gf|d ||pf||pi|gfz\td K}|D]>\} } z1|| | |} | r| d durt| d dkrt| d WWdWSWqwt yYqwwWdWdS1swYWdSt yYdSw) z Read dashboard role from cluster `business_id_agents.role` when that column (and identifying columns) exist. Schema may vary; unsupported columns are skipped. emailr*agent_iduser_idNzTSELECT role FROM business_id_agents WHERE business_id = %s AND agent_id = %s LIMIT 1zSSELECT role FROM business_id_agents WHERE business_id = %s AND user_id = %s LIMIT 1z SELECT role FROM business_id_agents WHERE business_id = %s AND LOWER(TRIM(COALESCE(email, ''))) IN (%s, %s) LIMIT 1 z SELECT role FROM business_id_agents WHERE business_id = %s AND LOWER(TRIM(COALESCE(username, ''))) IN (%s, %s) LIMIT 1 clusterr) r-r8r.r/appendrcursorexecutefetchoner) r?r4r@ email_norm ident_normrBrCattemptscursqlparamsrowrrr#_fetch_role_from_business_id_agentsLsb      $    rPc Csd}z?td/}||||g|}|s" WdWdSdd|jD}tt||}Wdn1s;wYWnty[}ztj dddt t ||d}~ww| d pbd }|rm|d vrmdS|S) z Query the legacy master DB `users` table. Expected columns (common Laravel-style): user_id, username, email, password, role, business_id, agent_id, status. z SELECT user_id, username, email, password, role, business_id, agent_id, status, name FROM users WHERE (email = %s OR username = %s) LIMIT 1 defaultNcSsg|]}|dqS)rr).0crrr sz&_fetch_legacy_user..z0legacy master DB unavailable while fetching userTrstatusr*)active1enabled)rrFrGrH descriptiondictziprrerrorrr-r8r/)r@rMrLrOcolnamesdatae status_valrrr_fetch_legacy_users* raeffective_rolec Csddlm}m}t|p|dpd}t|dpd}t|p$d}z-td } | d|g| rG WdWd SWdn1sQwYWn t y`Ynw||\} } } } zXtd G} | d || d |g| s WdWd S|t vr WdWd S| d || d|||g| duWdWS1swYWdSt yYd Sw)a0 Cluster may store agents either in Django's mapping table `business_id_agents` or in per-business tables `{business_id}_agents` (legacy / Laravel-style). Agents logging in via the dashboard should appear in the per-business agents table with the same email when that table is used. r) _table_names_q_identr7r*rArDz?SELECT 1 FROM business_id_agents WHERE business_id = %s LIMIT 1NTzSELECT 1 FROM z WHERE business_id = %s LIMIT 1Fz SELECT 1 FROM z WHERE business_id = %s AND ( LOWER(email) = %s OR LOWER(email) = %s ) LIMIT 1 )apps.cluster.dynamic_tablesrcrdr2r8r-r.r/rrFrGrHrr=) r?r4r@rbrcrd role_lowerrIrJrL agents_tabler,rrr_cluster_acknowledges_businesssV     ( rhmessagerUcCst|g|d|dS)N)non_field_errorsrjrUr )rjrUrrr _auth_errors rmPOSTc Cs~|jdp |jdp d}|jdpd}|jdpd}td||t||r0|s4tdSzt|}Wnoty}zczzLegacy database is not reachable from this backend runtime. Check network/firewall and ensure the running process loaded the correct DB URLs. (default=z ; cluster=z ) (error=)irlNz:auth.token legacy user not found/blocked for identifier=%sz+Unable to log in with provided credentials.zHauth.token password_check identifier=%s password_len=%s stored_prefix=%s z=auth.token password mismatch identifier=%s user_id=%s role=%srCr?z7auth.token missing business_id identifier=%s user_id=%szUser is missing business_id.zInvalid business_id.)rbzGauth.token cluster check failed identifier=%s user_id=%s business_id=%szRNo matching agent configuration in the cluster database for this user or business.)ro)rAis_staff is_superuser) update_fields)usernamerB)idr|rAr7agentIdr? permissions)tokenr{)#r^r8r.rr boolrmrarr DATABASEScopyrtyperlenr%intrPr:rhrr-objects get_or_createset_unusable_passwordrAr>rxrysaverr keyr})requestr@rpr7r4r_dfltclus dflt_hint clus_hintrr?business_id_intr3rf DjangoUserdjango_username django_usercreated privilegedrr,rrr legacy_tokens  &*         ( rGETc Cs,|j}t|ddst|ddrdnd}t|ddp t|ddp d}|r)t|nd}d}d}d}|}|rl|d }|d }|d }|durZzt|}Wn tyYd}Ynw|durdt|||nd} t| |d}t t |put|d dt|ddt|ddt|d ddpt|dd|||gdS)NrxFryr&r6rAror*r?rBrCr} get_full_namecSsdS)Nr*rrrrrszme..)r}rorAr|r7r~r?r) r{getattrr.rar8rrrPr:r r-) rudj_roleidentr4r?rBlegacy_user_idrole_outbiarrrmefsD           rc Cs|j}t|ddpt|ddpd}|rt|nd}|r"|dnd}z |dur-t|nd}Wn ty;d}Ynw|sFtddidd Std  u}z6| d |g| }|sktdd idd WWdSt|d |d|d|ddWWdSt y| d|g| }|stdd idd YWdSt|d |d|dddYWdSw1swYdS)z Return current user's business record fields needed by the dashboard. Source of truth: legacy master DB table `businesses`, column `plans`. rANror*r?rjz$Business not found for current user.irlrQzdSELECT business_id, business_name, plans, ch_language FROM businesses WHERE business_id = %s LIMIT 1zBusiness not found.r)r? business_nameplans ch_languagezWSELECT business_id, business_name, plans FROM businesses WHERE business_id = %s LIMIT 1) r{rr.rar8rrr rrFrGrHr)rrrr4r?rrLrOrrr business_plans`    rr<)ri),django.contrib.authrdjango.contrib.auth.hashersrr# django.confr django.dbrrloggingrest_framework.authtoken.modelsrrest_framework.decoratorsrr rest_framework.permissionsr r rest_framework.responser getLoggerrr RuntimeErrorrr-rrr% frozensetr=r2rZr:r>rrPrarhrmrrrrrrrsR      @# 7 x &