=hY UdZddlmZddlZddlZddlZddlZddlZddlZddl m Z m Z ddl m Z ddlmZmZmZmZmZmZmZmZddlmZddlmZdd lmZdd lmZdd lmZm Z m!Z!dd l"m#Z#m$Z$dd l%m&Z&er ddl'm(Z(ddl)m*Z*dZ+dZ, ddl-Z.e/e0e1e.jdjgddddk\rdZ,e5gdZ6 GddZ7e dgdZ8 e dgdZ9 e ddgZ: d=dZ;d>d ZdAd#Z?dBd$Z@dCd%ZAdDd&ZBdEd'ZCdEd(ZDdEd)ZEdEd*ZFdEd+ZGeCeFeEeeDeje?d,-eje?d.-eGd/ZId0eJd1<Gd2d3ZKGd4d5eKZLGd6d7eKZMGd8d9eKZNeMejeLd,-ejeLd.-eNejeLd.-d:ZOdeJd;< dF dGd<ZPy#e4$r ddl.Z.n #e4$rdZ+YnwxYwYKwxYw)HzAuthentication helpers.) annotationsN)standard_b64decodestandard_b64encode) namedtuple) TYPE_CHECKINGAnyCallableDictMappingMutableMappingOptionalcast)quote)Binary)SON)_authenticate_aws)_authenticate_oidc_get_authenticator_OIDCProperties)ConfigurationErrorOperationFailure)saslprep)Hello) ConnectionTF.)r) GSSAPI MONGODB-CR MONGODB-OIDC MONGODB-X509 MONGODB-AWSPLAIN SCRAM-SHA-1 SCRAM-SHA-256DEFAULTc@eZdZdZedZddZddZddZd dZ y) _Cachedatacd|_yNr)selfs \/var/www/html/phonemate/phone_mate_backend/venv/lib/python3.12/site-packages/pymongo/auth.py__init__z_Cache.__init__Ts  c0t|trytS)NT isinstancer(NotImplementedr.others r/__eq__z _Cache.__eq__Ws eV $r1c0t|trytS)NFr3r6s r/__ne__z _Cache.__ne__]s eV $r1c|jSr,) _hash_valr-s r/__hash__z_Cache.__hash__bs ~~r1N)returnNone)r7objectr>bool)r>int) __name__ __module__ __qualname__ __slots__hashr<r0r8r:r=r1r/r(r(Os$IXI  r1r(MongoCredential) mechanismsourceusernamepasswordmechanism_propertiescacheGSSAPIProperties service_namecanonicalize_host_name service_realm_AWSPropertiesaws_session_tokenMapping[str, Any]c |dvr|t|d|dk(rw||dk7r td|jdi}|jdd }|jd d }|jd } t||| } t |d||| dS|dk(r/| td||dk7r tdt |d|dddS|dk(r`| | td||dk7r td|jdi}|jd} t | } t |d||| dS|dk(r|jdi}|jd} |jdd}gd}|jd|}| s|dk7r tdt | ||}t |d|||tS|dk(r|xs|xsd}t ||||ddS|xs|xsd }| td!t ||||dtS)"z8Build and return a mechanism specific credentials tuple.)r!r"r Nz requires a username.r $externalz:authentication source must be $external or None for GSSAPIauthmechanismproperties SERVICE_NAMEmongodbCANONICALIZE_HOST_NAMEF SERVICE_REALMrQr!z+Passwords are not supported by MONGODB-X509z@authentication source must be $external or None for MONGODB-X509r"z;username without a password is not supported by MONGODB-AWSz?authentication source must be $external or None for MONGODB-AWSAWS_SESSION_TOKEN)rVr request_token_callback PROVIDER_NAME)z *.mongodb.netz*.mongodb-dev.netz*.mongodb-qa.netz*.mongodbgov.net localhostz 127.0.0.1z::1 allowed_hostsawsziauthentication with MONGODB-OIDC requires providing an request_token_callback or a provider_name of 'aws')r` provider_namerdr#adminzA password is required.)r ValueErrorgetrPrIrUrr()mechrKuserpasswdextradatabase propertiesrR canonicalizerTpropsrV aws_propsr`rfdefault_allowedrd oidc_propssource_databases r/_build_credentials_tuplervwsq BBt| D6)>!?@@ x  &K"7YZ ZYY8"= !~~ni@ !~~&>F "7  %#/'  t[$tLL    $%RS S  &K"7_` `t[$dDII    $%bc c  &K"7$Q YY8"= &NN+>?"5FG t[$ 4PP  YY8"= !+0H!I";  #H %-5*@${ %#9'' t[$ FHUU  ;H; t_dFD$OO 7H7 >$%>? ?t_dFD&(SSr1c djt||Dcgc]\}}t||z gc}}Scc}}w)zXOR two byte strings together.r1)joinzipbytes)firsecxys r/_xorrs7 88C > 1UAE7^ > ??>s< cDtd|jdDS)z-Split a scram response into key, value pairs.c3K|]E}tjtjttf|j ddGyw)=N)typingrTuplerzsplit).0items r/ z(_parse_scram_response..s;(D  FLL. 40CD(sA A ,)dictr)responses r/_parse_scram_responsers% NN4( r1c  |j}|jdjddjdd}tt j d}d|zdz|z}t d d |fd td |zfd dddifg}|||fS)Nutf-8rs=3Drs=2C sn=s,r= saslStartrrJpayloadsn,, autoAuthorizeroptionsskipEmptyExchangeT)rLencodereplacerosurandomrr) credentialsrJrLrknonce first_barecmds r/_authenticate_scram_startrs##H ??7 # + +D& 9 A A$ OD rzz"~ .E&.J  ) $ v 23 4 ,d3 4   C *c !!r1c|j}|dk(r7d}tj}t|jj d}n7d}tj }t||jj d}|j}|j}tj} |j} | rL| jr*>?FFwO   F   E IIE --C s&&(#}---~~)))NNz**!:; !Rz3ll63' ??y>L "< 0FVD\"JDLMM $>@J-d:z.JKKL99m\:;L#E*h $J$Q$Q$STJ  s#34 5 |, -  C ,,vs #C "3y> 2F   vd|Z 8FGG v;#!3'7#89F3K(  ll63'6{"#JK K r1c6t|ts tdt|dk(r t dt|ts tdt j }|d|}|j|jd|jS)z0Get a password digest to use for authentication.z#password must be an instance of strrzpassword can't be emptyz#username must be an instance of strz:mongo:r) r4str TypeErrorlenrhrmd5updater hexdigest)rLrMmd5hashr*s r/rr?s h $=>> 8}233 h $=>>kkmGZwxj )D NN4;;w'(    r1ct||}tj}|||}|j|j d|j S)z*Get an auth key to use for authentication.r)rrrrrr)rrLrMrrr*s r/ _auth_keyrNsO h 1FkkmGWXJvh 'D NN4;;w'(    r1cBtj|dddtjtjd\}}}}} tj|tj }|djS#tj $r|jcYSwxYw)z2Canonicalize hostname following MIT-krb5 behavior.Nr)socket getaddrinfo IPPROTO_TCP AI_CANONNAME getnameinfo NI_NAMEREQDgaierrorlower)hostnameafsocktypeproto canonnamesockaddrnames r/_canonicalize_hostnamerWs06/A/A$1f00&2E2E00 ,B%H!!!(F,>,>? 7==? ??!  !s$A88#BBcts td |j}|j}|j}|j d}|j r t|}|jdz|z}|j|dz|jz}|trOdjt|t|f}tj||tj\}} nrd|vr|j!dd\} } n|d} } tj|tj| | |\}} n(tj|tj\}} |tj"k7r t%d  tj&| d dk7r t%d tj(| } t+d d d| fdg} |j-d| }t/dD]}tj&| t1|d}|dk(r t%d tj(| xsd } t+dd|dfd| fg} |j-d| }|tj"k(sn t%dtj2| t1|ddk7r t%dtj4| tj(| |dk7r t%dtj(| } t+dd|dfd| fg} |j-d| tj6| y#tj6| wxYw#tj8$r}t%t1|dd}~wwxYw)zAuthenticate using GSSAPI.zEThe "kerberos" module must be installed to use GSSAPI authentication.r@N:)gssflagsr)rrkdomainrMz&Kerberos context failed to initialize.rbz*Unknown kerberos failure in step function.r)rJrrrrY rrz+Kerberos authentication failed to complete.z0Unknown kerberos failure during GSS_Unwrap step.z.Unknown kerberos failure during GSS_Wrap step.) HAVE_KERBEROSrrLrMrNaddressrSrrRrT_USE_PRINCIPALrxrkerberosauthGSSClientInitGSS_C_MUTUAL_FLAGrAUTH_GSS_COMPLETErauthGSSClientStepauthGSSClientResponserrrangerauthGSSClientUnwrapauthGSSClientWrapauthGSSClientCleanKrbError)rrrLrMrqhostservice principalresultrrkrrrr_excs r/_authenticate_gssapirfse  S  k3''''00||A  ' ')$/D$$s*T1    *me&9&99G   HHeHouX%GH &88Y1K1K (?#+>>#q#9LD&#+T&D&88%77!%  #44WxGaGabKFC X// /"#KL L@ - ))#r2a7&'STT 44S9G$+(( C||K5H2Y!33CXi=P9QRR<*+WXX"88=C+)84D+EF"G, << S9X777#&''TUU++CXi5H1IJaO&'YZZ))#x/M/Mc/RT\]abb&'WXX44S9G'%x0@'AB(C LLc *  ' ' ,H ' ' ,   3s3x(d23s8E!M5C/L-%B2L-M-MMM4M//M4c|j}|j}|j}d|d|j}t dddt |fdg}|j ||y)z(Authenticate using SASL PLAIN (RFC 4616)r)rJr#rrN)rKrLrMrrrr)rrrKrLrMrrs r/_authenticate_plainr sr   F##H##HhZtH:.668G  " w (   C LLr1c|j}|r|jryt||jj }|j d|y)z Authenticate using MONGODB-X509.NrY)rr _X509Contextrspeculate_commandr)rrrrs r/_authenticate_x509rsC --C s&&( {DLL 1 C C ECLLc"r1c|j}|j}|j}|j|ddi}|d}t |||}t dd|fd|fd|fg}|j||y)zAuthenticate using MONGODB-CR.getnoncerr authenticaterrkkeyN)rKrLrMrrr) rrrKrLrMrrrquerys r/_authenticate_mongo_crrs   F##H##H||FZO4H W E E8X .C $vx&87E:JUTWLY ZELLr1cR|jdk\r|jr |j}nU|j}|j}|dz|jz|d<|j ||dj dg}d|vr t||dSt||dSt||dS)NrsaslSupportedMechsF)publish_eventsr%r$)max_wire_versionnegotiated_mechsrK hello_cmdrLrrir)rrmechsrKrs r/_authenticate_defaultrs !  ))E ''F.."C(. {7K7K(KC$ %LLULCGGH\^`aE e #&{D/J J&{D-H H";mDDr1r$)rJr%)rrr!r"r#r$r%r&z!Mapping[str, Callable[..., None]] _AUTH_MAPcJeZdZddZe ddZd dZd dZd dZy) _AuthContextc.||_d|_||_yr,)rrr)r.rrs r/r0z_AuthContext.__init__$s&EI% r1cttj|j}|rtt|||Syr,)_SPECULATIVE_AUTH_MAPrirJrr!)credsrspec_clss r/from_credentialsz_AuthContext.from_credentials)s2),,U__=  hug&>? ?r1ctr,)NotImplementedErrorr-s r/r z_AuthContext.speculate_command2s!!r1c&|j|_yr,)r)r.hellos r/parse_responsez_AuthContext.parse_response5s(-(F(F%r1c,t|jSr,)rArr-s r/rz _AuthContext.speculate_succeeded8sD1122r1N)rrIrtuple[str, int]r>r?)r%rIrr.r>zOptional[_AuthContext]r>z"Optional[MutableMapping[str, Any]])r+zHello[Mapping[str, Any]]r>r?)r>rA) rCrDrEr0 staticmethodr'r r,rrHr1r/r!r!#sC )8 "G3r1r!c8eZdZ dfd ZddZxZS)rcBt|||d|_||_yr,)superr0rrJ)r.rrrJ __class__s r/r0z_ScramContext.__init__=s" g.9="r1ct|j|j\}}}|jj|d<||f|_|S)Ndb)rrrJrKr)r.rrrs r/r z_ScramContext.speculate_commandDsE!:4;K;KT^^!\z3$$++D  *- r1)rrIrr.rJrr>r?r/)rCrDrEr0r  __classcell__)r4s@r/rr<s-#*#5D#QT# #r1rceZdZddZy)r c~tddg}|jj|jj|d<|S)Nr)rJr!rk)rrrL)r.rs r/r z_X509Context.speculate_commandNs?&(EFG    $ $ 0**33CK r1N)r>zMutableMapping[str, Any]rCrDrEr rHr1r/r r Msr1r ceZdZddZy) _OIDCContextct|j|j}|jd}|y|jj|d<|S)NFr6)rrrauth_start_cmdrK)r. authenticatorrs r/r z_OIDCContext.speculate_commandVsJ*4+;+;T\\J **51 ;$$++D  r1Nr/r:rHr1r/r<r<Usr1r<)r!r$r%r r&r$cf|j}t|}|dk(rt|||y|||y)zAuthenticate connection.r N)rJrr)rrreauthenticaterJ auth_funcs r/rrhs7%%I)$IN";n=+t$r1)rjrrK Optional[str]rkrrlrrmrWrnrCr>rI)r{rzr|rzr>rz)rrzr>zDict[bytes, bytes])rrIrJrr>z-tuple[bytes, bytes, MutableMapping[str, Any]])rrIrrrJrr>r?)rLrrMrr>r)rrrLrrMrr>r)rrr>r)rrIrrr>r?)F)rrIrrrArAr>r?)Q__doc__ __future__r functoolsrrrrrbase64rr collectionsrrrr r r r r r urllib.parser bson.binaryrbson.sonrpymongo.auth_awsrpymongo.auth_oidcrrrpymongo.errorsrrpymongo.saslprepr pymongo.hellor pymongo.poolrrr winkerberosrtuplemaprB __version__r ImportError frozenset MECHANISMSr(rIrPrUrvrrrrrrrrr rrrpartialr__annotations__r!rr r<r$rrHr1r/r[s" 9"   .UU?%#'  " Sh**005bq9 :;vE   :.T?S6,/B.CD:MT MT MT MT  MT  MT  MTMT`@ " "-0"2"(TLn  r3j"#  E$#(&$ $9$$%8MR&Y&&':oV$ 0 , 332L"<<!$9$$]mL&Y&&}P  y  /J ,(LQ %  %(2 %DH %  %a  s64G++H1G65H6H=H?HHH