o sDiN/@sdZddlmZddlZddlZddlZddlmZmZddl m Z m Z m Z m Z mZmZddlZddlmZddlmZddlmZmZmZmZmZmZmZmZmZdd lm Z m!Z!dd l"m#Z#dd l$m%Z%m&Z&e rvdd l'm(Z(dd l)m*Z*dZ+dddZ,eGdddZ-d ddZ.dS)!z$MONGODB-OIDC Authentication helpers.) annotationsN) dataclassfield) TYPE_CHECKINGAnyMappingMutableMappingOptionalUnion)Binary) remaining) CALLBACK_VERSIONHUMAN_CALLBACK_TIMEOUT_SECONDS MACHINE_CALLBACK_TIMEOUT_SECONDSTIME_BETWEEN_CALLS_SECONDS OIDCCallbackOIDCCallbackContextOIDCCallbackResult OIDCIdPInfo_OIDCProperties)ConfigurationErrorOperationFailure)_AUTHENTICATION_FAILURE_CODE)Lock _create_lock)MongoCredential) ConnectionT credentialsraddresstuple[str, int]return_OIDCAuthenticatorcCs|jjr|jjS|j}|j}|jdurFd}|j}|D]}||dkr%d}q|dr7|d|ddr7d}q|sFtd|dd|t ||d|j_|jjS) NFrTz*.zRefusing to connect to z(, which is not in authOIDCAllowedHosts: )username properties) cachedatar#mechanism_propertieshuman_callback allowed_hosts startswithendswithrr!)rrprincipal_namer$foundr)pattr/[/home/alumno/antzosa8961/venv/lib/python3.10/site-packages/pymongo/synchronous/auth_oidc.py_get_authenticator1s&   r1c@s$eZdZUded<ded<eddZded<eddZded <eddZd ed <ed dZd ed<e s=ee dZ ded<n ee dZ ded<ed dZ ded<d=ddZ d=ddZd>ddZd?d!d"Zd=d#d$Zd@d%d&ZdAd)d*ZdBd.d/ZdCd1d2ZdDd4d5Zd?d6d7ZdEd9d:ZdFd;d<ZdS)Gr!strr#rr$N)default Optional[str] refresh_token access_tokenzOptional[OIDCIdPInfo]idp_inforint token_gen_id)default_factoryrlockzthreading.Lockfloatlast_call_timeconnrr Optional[Mapping[str, Any]]cCs&|||jjr||S||S)z(Handle a reauthenticate from the server.) _invalidater$callback_authenticate_machine_authenticate_human)selfr>r/r/r0reauthenticate]s   z!_OIDCAuthenticator.reauthenticatecCsL|j}|r|r|j}|r|dr|j|_|S|jjr!||S||S)z'Handle an initial authenticate request.done) auth_ctxspeculate_succeededspeculative_authenticater9oidc_token_gen_idr$rArBrC)rDr>ctxrespr/r/r0 authenticatefs    z_OIDCAuthenticator.authenticate"Optional[MutableMapping[str, Any]]cCs|jsdS|d|jiS)z-Get the appropriate speculative auth command.Njwt)r6_get_start_command)rDr/r/r0get_spec_auth_cmdxsz$_OIDCAuthenticator.get_spec_auth_cmdMapping[str, Any]c CsX|jr'z||WSty&}z||r!||WYd}~Sd}~ww||SN)r6_sasl_start_jwtr_is_auth_errorrB)rDr>er/r/r0rB~s   z(_OIDCAuthenticator._authenticate_machinec Cs|jr'z||WSty&}z||r!||WYd}~Sd}~ww|jrQz||WStyP}z||rKd|_||WYd}~Sd}~ww|d}|||}|||SrS) r6rTrrUrCr5rP _run_command_sasl_continue_jwt)rDr>rVcmd start_respr/r/r0rCs,        z&_OIDCAuthenticator._authenticate_humanc Cs|j}|jdu}|r|jdurdS|jr|j}|jr|j}|j}|r$|S|dur,|s,dS|s|dur|j|j}||krF|WdSt|j}|tkrXt t|t|_|rit }|jdushJnt t pnt }t|t|j|j|jjd}tstd|j|} n||} t| tstdt| | j|_| j|_|jd7_Wd|jS1swY|jS)N)timeout_secondsversionr5r7r#z8Callback result must be of type OIDCCallbackResult, not r")r$r(r7rAr6r;timer=rsleeprr8r rrr r5r#_IS_SYNCasyncioget_running_looprun_in_executorfetch isinstancer ValueErrortyper9) rDr$is_humancb prev_token new_tokendeltatimeoutcontextrLr/r/r0_get_access_tokens`        %%z$_OIDCAuthenticator._get_access_tokenrYMutableMapping[str, Any]c CsBz |jd|ddWSty }z ||r||d}~ww)Nz $externalT) no_reauth)commandrrUr@)rDr>rYrVr/r/r0rWs  z_OIDCAuthenticator._run_commanderr ExceptionboolcCst|tsdS|jtkS)NF)rdrcoder)rDrrr/r/r0rUs  z!_OIDCAuthenticator._is_auth_errorNonecCs*|jpd}|dur||jkrdSd|_dS)Nr)rJr9r6)rDr>r9r/r/r0r@s  z_OIDCAuthenticator._invalidaterZcCs^d|_d|_t|d}d|vrtdi||_|}|j|_| d|i|}| ||S)NpayloadissuerrOr/) r6r5bsondecoderr7rnr9rJ_get_continue_commandrW)rDr>rZ start_payloadr6rYr/r/r0rXs z%_OIDCAuthenticator._sasl_continue_jwtcCs*|}|j|_|d|i}|||S)NrO)rnr9rJrPrW)rDr>r6rYr/r/r0rT s z"_OIDCAuthenticator._sasl_start_jwtrwcCs:|dur|j}|rd|i}ni}tt|}dd|dS)Nnr"z MONGODB-OIDC) saslStart mechanismrw)r#r ryencode)rDrwr, bin_payloadr/r/r0rPs  z%_OIDCAuthenticator._get_start_commandcCstt|}d||ddS)Nr"conversationId) saslContinuerwr)r ryr)rDrwrZrr/r/r0r{s z(_OIDCAuthenticator._get_continue_command)r>rr r?)r rN)r>rr rR)r r4)r>rrYror rR)rrrsr rt)r>rr rv)r>rrZrRr rR)rwr?r ro)rwrRrZrRr ro)__name__ __module__ __qualname____annotations__rr5r6r7r9r_rr;r=rErMrQrBrCrnrWrUr@rXrTrPr{r/r/r/r0r!Ns0      ! =     r>rrErtr?cCs$t||j}|r ||S||S)z Authenticate using MONGODB-OIDC.)r1rrErM)rr>rE authenticatorr/r/r0_authenticate_oidc's   r)rrrrr r!)rrr>rrErtr r?)/__doc__ __future__rr` threadingr] dataclassesrrtypingrrrrr r ry bson.binaryr pymongo._csotr pymongo.auth_oidc_sharedr rrrrrrrrpymongo.errorsrrpymongo.helpers_sharedr pymongo.lockrrpymongo.auth_sharedrpymongo.synchronous.poolrr_r1r!rr/r/r/r0s.    ,    Y