=hC%dZddlmZddlZddlmZmZddlmZm Z m Z m Z m Z m Z ddlZddlmZddlmZddlmZmZer dd lmZdd lmZeGd d Z d ZdZdZ ddZeGddZ ddZ y)z$MONGODB-OIDC Authentication helpers.) annotationsN) dataclassfield) TYPE_CHECKINGAnyCallableMappingMutableMappingOptional)Binary)SON)ConfigurationErrorOperationFailure)MongoCredential) Connectionc,eZdZUded<ded<ded<y)_OIDCPropertieszOptional[Callable[..., dict]]request_token_callback Optional[str] provider_namez list[str] allowed_hostsN)__name__ __module__ __qualname____annotations__a/var/www/html/phonemate/phone_mate_backend/venv/lib/python3.12/site-packages/pymongo/auth_oidc.pyrr s99  rri,_OIDCAuthenticatorc|jjr|jjS|j}|j}|jsbd}|j }|D]9}||dk(rd}|j ds |dj|dds8d};|std|dd|t|||j_|jjS) NFrTz*.r zRefusing to connect to z(, which is not in authOIDCAllowedHosts: )username properties) cachedatar#mechanism_propertiesrr startswithendswithrr!) credentialsaddressprincipal_namer$foundrpatts r_get_authenticatorr/.s  %%%!))N11J  # #"00 !Dwqz!&71:+>+>tABx+H " $)'!*5]^k]lm  0T^_K    ! !!rceZdZUded<ded<edZded<edZded <edZd ed <ed Zd ed<ee jZ ded<dddZ ddZ ddZdddZ ddZd dZd dZ d!dZy)"r!strr#rr$N)defaultr refresh_token access_tokenzOptional[dict]idp_inforint token_gen_id)default_factoryzthreading.Locklockc|j}|r |jnd}d}|j}|r|S|s|sy|s||j5|j}||k7r |cdddS|dk(r!!Q&!%(   t   )(   sC!ACC+ct|ts tdd|vr tdgd}|D]}||vstd|d|d|_|j d|_y)Nz%OIDC callback returned invalid resultr4z,OIDC callback did not return an access_token)r4r3expires_in_secondsz%Unexpected field in callback result ""r3) isinstancedict ValueErrorr4getr3)rArHexpectedkeys rr@z2_OIDCAuthenticator.validate_request_token_responsezsx$%DE E  %KL LJC(" #HQ!OPP!0!XXo6rc i}|j}|r||d<tdddttj|fdgS)z8Get a SASL start command with an optional principal namen saslStartr  mechanismz MONGODB-OIDCpayload) autoAuthorizer )r#r r bsonencode)rArYr,s rprincipal_step_cmdz%_OIDCAuthenticator.principal_step_cmdsO )GCL -F4;;w#789$    rc|j|jS|j|}|sytt j d|i}t ddd|fgS)NjwtrUrWrY)r5r]rIr r[r\r )rArBtoken bin_payloads rauth_start_cmdz!_OIDCAuthenticator.auth_start_cmdsh == **, ,&&|4T[[%89  -K(   rcV |jd|dS#t$r d|_wxYw)Nz $externalT) no_reauth)commandrr4)rAconncmds r run_commandz_OIDCAuthenticator.run_commands6 << SD<A A  $D   s(cJ|jxsd}||jkr|jr |j|Sd|_|j }d|_|j }|j||}|Jtj|d}d|vr||_|j |k7rd|_d|_ |jr |j||S|j||S#t$rYwxYw#t$rd|_ |j|cYSwxYw)z(Handle a reauthenticate from the server.rNrYissuer) oidc_token_gen_idr7r4 authenticaterr5r]rhr[decoder3 finish_auth)rArfprev_id prev_idp_inforgrH server_resps rreauthenticatez!_OIDCAuthenticator.reauthenticates=((-A d'' 'T->-> ((..!   %%'c* KKY8 { "'DM ==M ) $D !%D     /''d33d++C$  6$ /%)"((.. /s#C/ C>/ C;:C;>!D"!D"cH|j}d}|r|jr |j}n&|j}|J|j ||}|J|dr|j |_ytj|d}d|vr||_ |j||S)NdonerYrj) auth_ctxspeculate_succeededspeculative_authenticaterbrhr7rkr[rmr5rn)rArfctxrgrHrqs rrlz_OIDCAuthenticator.authenticatesmm 3**,//D%%'C? "?##D#.D <%)%6%6D " KKY8 { "'DMd++rc|d}|j}|j|_tt j d|i}t dd|fd|fg}|j||}|J|ds td|S)NconversationIdr_) saslContinuer rYrtz%SASL conversation failed to complete.) rIr7rkr r[r\r rhr)rA orig_resprfconversation_idr`rargrHs rrnz_OIDCAuthenticator.finish_auths$$45&&(!%!2!2T[[%89 #!?3K(  c*F|"#JK K r)T)rBboolreturnr)rHMapping[str, Any]rNone)rz SON[str, Any])rBr~rzOptional[SON[str, Any]])rfrrgzMutableMapping[str, Any]rOptional[Mapping[str, Any]])rfrrr)r|rrfrrr)rrrrrr3r4r5r7 threadingLockr9rIr@r]rbrhrrrlrnrrrr!r!KsM#(#6M=6"'"5L-5$T2Hn2a(L#( @D.@#!J7  $ "%= $),V,,*2< $rcvt||j}|r|j|S|j|S)z Authenticate using MONGODB-OIDC.)r/r+rrrl)r*rfrr authenticators r_authenticate_oidcr s9'{DLLAM++D11))$//r)r*rr+ztuple[str, int]rr!)r*rrfrrrr~rr)!__doc__ __future__rr dataclassesrrtypingrrrr r r r[ bson.binaryr bson.sonr pymongo.errorsrr pymongo.authr pymongo.poolrrTOKEN_BUFFER_MINUTESr>r?r/r!rrrrrs+"(RR ?,'   <!" "+:"": }} }@0 0(20DH0 0r