o 'hv.@sdZddlmZddlZddlZddlmZmZddlm Z m Z m Z m Z m Z mZddlZddlmZddlmZddlmZmZmZmZmZmZmZmZmZdd lmZm Z dd l!m"Z"e rjdd l#m$Z$dd l%m&Z&d Z'dddZ(eGdddZ)dddZ*dS) z$MONGODB-OIDC Authentication helpers.) annotationsN) dataclassfield) TYPE_CHECKINGAnyMappingMutableMappingOptionalUnion)Binary) remaining) CALLBACK_VERSIONHUMAN_CALLBACK_TIMEOUT_SECONDS MACHINE_CALLBACK_TIMEOUT_SECONDSTIME_BETWEEN_CALLS_SECONDS OIDCCallbackOIDCCallbackContextOIDCCallbackResult OIDCIdPInfo_OIDCProperties)ConfigurationErrorOperationFailure)_AUTHENTICATION_FAILURE_CODE)AsyncConnection)MongoCredentialF credentialsraddresstuple[str, int]return_OIDCAuthenticatorcCs|jjr|jjS|j}|j}|jdurFd}|j}|D]}||dkr%d}q|dr7|d|ddr7d}q|sFtd|dd|t ||d|j_|jjS) NFrTz*.zRefusing to connect to z(, which is not in authOIDCAllowedHosts: )username properties) cachedatar!mechanism_propertieshuman_callback allowed_hosts startswithendswithrr)rrprincipal_namer"foundr'pattr-Z/var/www/html/olx_land/venv/lib/python3.10/site-packages/pymongo/asynchronous/auth_oidc.py_get_authenticator/s&   r/c@seZdZUded<ded<eddZded<eddZded <eddZd ed <ed dZd ed<ee j dZ ded<ed dZ ded<dd d!Zdd5d6ZdDd8d9ZdEd:d;ZdS)Frstrr!rr"N)default Optional[str] refresh_token access_tokenzOptional[OIDCIdPInfo]idp_inforint token_gen_id)default_factoryzthreading.Locklockfloatlast_call_timeconnrrOptional[Mapping[str, Any]]cs4|||jjr||IdHS||IdHS)z(Handle a reauthenticate from the server.N) _invalidater"callback_authenticate_machine_authenticate_human)selfr<r-r-r.reauthenticateWs  z!_OIDCAuthenticator.reauthenticatecsZ|j}|r|r|j}|r|dr|j|_|S|jjr%||IdHS||IdHS)z'Handle an initial authenticate request.doneN) auth_ctxspeculate_succeededspeculative_authenticater7oidc_token_gen_idr"r?r@rA)rBr<ctxrespr-r-r. authenticate`s  z_OIDCAuthenticator.authenticate"Optional[MutableMapping[str, Any]]cCs|jsdS|d|jiS)z-Get the appropriate speculative auth command.Njwt)r4_get_start_command)rBr-r-r.get_spec_auth_cmdrsz$_OIDCAuthenticator.get_spec_auth_cmdMapping[str, Any]c sl|jr.z ||IdHWSty-}z||r(||IdHWYd}~Sd}~ww||IdHSN)r4_sasl_start_jwtr_is_auth_errorr@)rBr<er-r-r.r@xs z(_OIDCAuthenticator._authenticate_machinec s|jr.z ||IdHWSty-}z||r(||IdHWYd}~Sd}~ww|jr^z ||IdHWSty]}z||rXd|_||IdHWYd}~Sd}~ww|d}|||IdH}|||IdHSrQ) r4rRrrSrAr3rN _run_command_sasl_continue_jwt)rBr<rTcmd start_respr-r-r.rAs.    z&_OIDCAuthenticator._authenticate_humanc Csf|j}|jdu}|r|jdurdS|jr|j}|jr|j}|j}|r$|S|dur,|s,dS|s|dur|js|j}||krF|WdSt|j}|tkrXt t|t|_|rit }|jdushJnt t pnt }t|t|j|j|jjd}||} t| tstdt| | j|_| j|_|jd7_Wd|jS1swY|jS)N)timeout_secondsversionr3r5r!z8Callback result must be of type OIDCCallbackResult, not r )r"r&r5r?r4r9timer;rsleeprr6r rrr r3r!fetch isinstancer ValueErrortyper7) rBr"is_humancb prev_token new_tokendeltatimeoutcontextrJr-r-r._get_access_tokens\        ""z$_OIDCAuthenticator._get_access_tokenrWMutableMapping[str, Any]c sJz |jd|ddIdHWSty$}z ||r||d}~ww)Nz $externalT) no_reauth)commandrrSr>)rBr<rWrTr-r-r.rUs  z_OIDCAuthenticator._run_commanderr ExceptionboolcCst|tsdS|jtkS)NF)r^rcoder)rBrlr-r-r.rSs  z!_OIDCAuthenticator._is_auth_errorNonecCs*|jpd}|dur||jkrdSd|_dS)Nr)rHr7r4)rBr<r7r-r-r.r>s  z_OIDCAuthenticator._invalidaterXcsfd|_d|_t|d}d|vrtdi||_|}|j|_| d|i|}| ||IdHS)NpayloadissuerrMr-) r4r3bsondecoderr5rhr7rH_get_continue_commandrU)rBr<rX start_payloadr4rWr-r-r.rVsz%_OIDCAuthenticator._sasl_continue_jwtcs2|}|j|_|d|i}|||IdHS)NrM)rhr7rHrNrU)rBr<r4rWr-r-r.rRs z"_OIDCAuthenticator._sasl_start_jwtrqcCs:|dur|j}|rd|i}ni}tt|}dd|dS)Nnr z MONGODB-OIDC) saslStart mechanismrq)r!r rsencode)rBrqr* bin_payloadr-r-r.rN s  z%_OIDCAuthenticator._get_start_commandcCstt|}d||ddS)Nr conversationId) saslContinuerqr|)r rsrz)rBrqrXr{r-r-r.rus z(_OIDCAuthenticator._get_continue_command)r<rrr=)rrL)r<rrrP)rr2)r<rrWrirrP)rlrmrrn)r<rrrp)r<rrXrPrrP)rqr=rri)rqrPrXrPrri)__name__ __module__ __qualname____annotations__rr3r4r5r7 threadingLockr9r;rCrKrOr@rArhrUrSr>rVrRrNrur-r-r-r.rLs,      ! :    r<rrCrnr=cs2t||j}|r||IdHS||IdHS)z Authenticate using MONGODB-OIDC.N)r/rrCrK)rr<rC authenticatorr-r-r._authenticate_oidc s  r)rrrrrr)rrr<rrCrnrr=)+__doc__ __future__rrr[ dataclassesrrtypingrrrrr r rs bson.binaryr pymongo._csotr pymongo.auth_oidc_sharedr rrrrrrrrpymongo.errorsrrpymongo.helpers_sharedrpymongo.asynchronous.poolrpymongo.auth_sharedr_IS_SYNCr/rrr-r-r-r.s*    ,    T