o hv.@sdZddlmZddlZddlZddlmZmZddlm Z m Z m Z m Z m Z mZddlZddlmZddlmZddlmZmZmZmZmZmZmZmZmZdd lmZm Z dd l!m"Z"e rjdd l#m$Z$dd l%m&Z&d Z'dddZ(eGdddZ)dddZ*dS) z$MONGODB-OIDC Authentication helpers.) annotationsN) dataclassfield) TYPE_CHECKINGAnyMappingMutableMappingOptionalUnion)Binary) remaining) CALLBACK_VERSIONHUMAN_CALLBACK_TIMEOUT_SECONDS MACHINE_CALLBACK_TIMEOUT_SECONDSTIME_BETWEEN_CALLS_SECONDS OIDCCallbackOIDCCallbackContextOIDCCallbackResult OIDCIdPInfo_OIDCProperties)ConfigurationErrorOperationFailure)_AUTHENTICATION_FAILURE_CODE)AsyncConnection)MongoCredentialF credentialsraddresstuple[str, int]return_OIDCAuthenticatorcCs|jjr|jjS|j}|j}|jdurFd}|j}|D]}||dkr%d}q|dr7|d|ddr7d}q|sFtd|dd|t ||d|j_|jjS) NFrTz*.zRefusing to connect to z(, which is not in authOIDCAllowedHosts: )username properties) cachedatar!Zmechanism_propertieshuman_callback allowed_hosts startswithendswithrr)rrprincipal_namer"foundr&pattr,Q/var/www/html/venv/lib/python3.10/site-packages/pymongo/asynchronous/auth_oidc.py_get_authenticator/s&   r.c@seZdZUded<ded<eddZded<eddZded <eddZd ed <ed dZd ed<ee j dZ ded<ed dZ ded<dd d!Zdd5d6ZdDd8d9ZdEd:d;ZdS)Frstrr!rr"N)default Optional[str] refresh_token access_tokenzOptional[OIDCIdPInfo]idp_inforint token_gen_id)default_factoryzthreading.Locklockfloatlast_call_timeconnrrOptional[Mapping[str, Any]]cs4|||jjr||IdHS||IdHS)z(Handle a reauthenticate from the server.N) _invalidater"callback_authenticate_machine_authenticate_human)selfr;r,r,r-reauthenticateWs  z!_OIDCAuthenticator.reauthenticatecsZ|j}|r|r|j}|r|dr|j|_|S|jjr%||IdHS||IdHS)z'Handle an initial authenticate request.doneN) Zauth_ctxZspeculate_succeededZspeculative_authenticater6oidc_token_gen_idr"r>r?r@)rAr;ctxrespr,r,r- authenticate`s  z_OIDCAuthenticator.authenticate"Optional[MutableMapping[str, Any]]cCs|jsdS|d|jiS)z-Get the appropriate speculative auth command.Njwt)r3_get_start_command)rAr,r,r-get_spec_auth_cmdrsz$_OIDCAuthenticator.get_spec_auth_cmdMapping[str, Any]c sl|jr.z ||IdHWSty-}z||r(||IdHWYd}~Sd}~ww||IdHSN)r3_sasl_start_jwtr_is_auth_errorr?)rAr;er,r,r-r?xs z(_OIDCAuthenticator._authenticate_machinec s|jr.z ||IdHWSty-}z||r(||IdHWYd}~Sd}~ww|jr^z ||IdHWSty]}z||rXd|_||IdHWYd}~Sd}~ww|d}|||IdH}|||IdHSrM) r3rNrrOr@r2rJ _run_command_sasl_continue_jwt)rAr;rPcmd start_respr,r,r-r@s.    z&_OIDCAuthenticator._authenticate_humanc Csf|j}|jdu}|r|jdurdS|jr|j}|jr|j}|j}|r$|S|dur,|s,dS|s|dur|js|j}||krF|WdSt|j}|tkrXt t|t|_|rit }|jdushJnt t pnt }t|t|j|j|jjd}||} t| tstdt| | j|_| j|_|jd7_Wd|jS1swY|jS)N)Ztimeout_secondsversionr2r4r!z8Callback result must be of type OIDCCallbackResult, not r )r"r%r4r>r3r8timer:rsleeprr5r rrr r2r!fetch isinstancer ValueErrortyper6) rAr"Zis_humancbZ prev_tokenZ new_tokendeltatimeoutcontextrFr,r,r-_get_access_tokens\        ""z$_OIDCAuthenticator._get_access_tokenrSMutableMapping[str, Any]c sJz |jd|ddIdHWSty$}z ||r||d}~ww)Nz $externalT)Z no_reauth)commandrrOr=)rAr;rSrPr,r,r-rQs  z_OIDCAuthenticator._run_commanderr ExceptionboolcCst|tsdS|jtkS)NF)rYrcoder)rArcr,r,r-rOs  z!_OIDCAuthenticator._is_auth_errorNonecCs*|jpd}|dur||jkrdSd|_dS)Nr)rDr6r3)rAr;r6r,r,r-r=s  z_OIDCAuthenticator._invalidaterTcsfd|_d|_t|d}d|vrtdi||_|}|j|_| d|i|}| ||IdHS)NpayloadZissuerrIr,) r3r2bsondecoderr4r`r6rD_get_continue_commandrQ)rAr;rTZ start_payloadr3rSr,r,r-rRsz%_OIDCAuthenticator._sasl_continue_jwtcs2|}|j|_|d|i}|||IdHS)NrI)r`r6rDrJrQ)rAr;r3rSr,r,r-rNs z"_OIDCAuthenticator._sasl_start_jwtrhcCs:|dur|j}|rd|i}ni}tt|}dd|dS)Nnr z MONGODB-OIDC)Z saslStartZ mechanismrh)r!r riencode)rArhr) bin_payloadr,r,r-rJ s  z%_OIDCAuthenticator._get_start_commandcCstt|}d||ddS)Nr conversationId)Z saslContinuerhro)r rirm)rArhrTrnr,r,r-rks z(_OIDCAuthenticator._get_continue_command)r;rrr<)rrH)r;rrrL)rr1)r;rrSrarrL)rcrdrre)r;rrrg)r;rrTrLrrL)rhr<rra)rhrLrTrLrra)__name__ __module__ __qualname____annotations__rr2r3r4r6 threadingLockr8r:rBrGrKr?r@r`rQrOr=rRrNrJrkr,r,r,r-rLs,      ! :    r;rrBrer<cs2t||j}|r||IdHS||IdHS)z Authenticate using MONGODB-OIDC.N)r.rrBrG)rr;rBZ authenticatorr,r,r-_authenticate_oidc s  rv)rrrrrr)rrr;rrBrerr<)+__doc__ __future__rrtrV dataclassesrrtypingrrrrr r riZ bson.binaryr Z pymongo._csotr Zpymongo.auth_oidc_sharedr rrrrrrrrZpymongo.errorsrrZpymongo.helpers_sharedrZpymongo.asynchronous.poolrZpymongo.auth_sharedrZ_IS_SYNCr.rrvr,r,r,r-s*    ,    T