lh-&dZddlmZddlZddlZddlmZmZddlm Z m Z m Z m Z m Z mZddlZddlmZddlmZddlmZmZmZmZmZmZmZmZmZdd lmZm Z dd l!m"Z"e r dd l#m$Z$dd l%m&Z&d Z' ddZ(eGddZ) ddZ*y)z$MONGODB-OIDC Authentication helpers.) annotationsN) dataclassfield) TYPE_CHECKINGAnyMappingMutableMappingOptionalUnion)Binary) remaining) CALLBACK_VERSIONHUMAN_CALLBACK_TIMEOUT_SECONDS MACHINE_CALLBACK_TIMEOUT_SECONDSTIME_BETWEEN_CALLS_SECONDS OIDCCallbackOIDCCallbackContextOIDCCallbackResult OIDCIdPInfo_OIDCProperties)ConfigurationErrorOperationFailure)_AUTHENTICATION_FAILURE_CODE)MongoCredential) ConnectionT_OIDCAuthenticatorc|jjr|jjS|j}|j}|jbd}|j }|D]9}||dk(rd}|j ds |dj|dds8d};|std|dd|t|||j_|jjS) NFrTz*.zRefusing to connect to z(, which is not in authOIDCAllowedHosts: )username properties) cachedatarmechanism_propertieshuman_callback allowed_hosts startswithendswithrr) credentialsaddressprincipal_namer foundr%patts /var/www/html/SchoolMeal/SchoolMeal/pds_admin_SchoolMeal/Backend/venv/lib/python3.12/site-packages/pymongo/synchronous/auth_oidc.py_get_authenticatorr./s  %%%!))N11J  ,"00 ! Dwqz!&71:+>+>tABx+H   $)'!*5]^k]lm  0T^_K    ! !!c^eZdZUded<ded<edZded<edZded <edZd ed <ed Zd ed<ee jZ ded<ed Z ded<d!dZ d!dZd"dZd#dZd!dZd$dZd%dZd&dZd'dZ d(dZd#dZd)dZ d*d Zy)+rstrrrr N)default Optional[str] refresh_token access_tokenzOptional[OIDCIdPInfo]idp_inforint token_gen_id)default_factoryzthreading.Locklockfloatlast_call_timec|j||jjr|j|S|j |S)z(Handle a reauthenticate from the server.) _invalidater callback_authenticate_machine_authenticate_human)selfconns r-reauthenticatez!_OIDCAuthenticator.reauthenticateWsA  ?? # #--d3 3''--r/c|j}|r6|jr&|j}|r|dr|j|_|S|j j r|j|S|j|S)z'Handle an initial authenticate request.done) auth_ctxspeculate_succeededspeculative_authenticater8oidc_token_gen_idr r?r@rA)rBrCctxresps r- authenticatez_OIDCAuthenticator.authenticate`ssmm 3**,//DV )-):):& ?? # #--d3 3''--r/cV|jsy|jd|jiS)z-Get the appropriate speculative auth command.Njwt)r5_get_start_command)rBs r-get_spec_auth_cmdz$_OIDCAuthenticator.get_spec_auth_cmdrs*  &&t/@/@'ABBr/c|jr |j|S|j|S#t$r-}|j|r|j |cYd}~Sd}~wwxYwN)r5_sasl_start_jwtr_is_auth_errorr@)rBrCes r-r@z(_OIDCAuthenticator._authenticate_machinexsj    ++D11 ##D)) $ &&q)55d;; s 0 A&!A!A& A!!A&c|jr |j|S|j r |j|S|j d}|j||}|j||S#t$r-}|j|r|j |cYd}~Sd}~wwxYw#t$r4}|j|rd|_|j |cYd}~Sd}~wwxYwrS) r5rTrrUrAr4rP _run_command_sasl_continue_jwt)rBrCrVcmd start_resps r-rAz&_OIDCAuthenticator._authenticate_humans    ++D11    ++D11%%d+&&tS1 &&tZ88/$ &&q)33D99 $ &&q))-D&33D99  sFA2B+2 B(;!B#B("B##B(+ C(4(C#C("C##C(c |j}|jdu}|r |jy|jr |j}|jr |j}|j}|r|S|sy|s{|x|j 5|j}||k7r |cdddSt j |jz }|tkrt jt|z t j |_|rt}|jJttxst}t|t|j |j|jj"}|j%|} t'| t(st+dt-| | j |_| j|_|xj.dz c_ddd|jS|jS#1swY|jSxYw)N)timeout_secondsversionr4r6rz8Callback result must be of type OIDCCallbackResult, not r)r r$r6r?r5r:timer<rsleeprr7r rrrr4rfetch isinstancer ValueErrortyper8) rBr is_humancb prev_token new_tokendeltatimeoutcontextrLs r-_get_access_tokenz$_OIDCAuthenticator._get_access_tokens__ ,,D8  -   $$B  $ $**B&&   :jbn '!--  *$ ' ' d&9&9955JJ9EAB&*iik#)rBrCrZrVs r-rXz_OIDCAuthenticator._run_commandsK << SD<A A ""1%  &  s A#AAcJt|tsy|jtk(S)NF)rbrcoder)rBerrs r-rUz!_OIDCAuthenticator._is_auth_errors #/0xx777r/cV|jxsd}|||jkryd|_y)Nr)rJr8r5)rBrCr8s r-r>z_OIDCAuthenticator._invalidates2--2  # t7H7H(H  r/cd|_d|_tj|d}d|vrt di||_|j }|j|_|jd|i|}|j||S)NpayloadissuerrO) r5r4bsondecoderr6rlr8rJ_get_continue_commandrX)rBrCr[ start_payloadr5rZs r-rYz%_OIDCAuthenticator._sasl_continue_jwts!!"kk*Y*?@ } $'8-8DM--/ !%!2!2((%)> K  s++r/c|j}|j|_|jd|i}|j ||S)NrO)rlr8rJrPrX)rBrCr5rZs r-rTz"_OIDCAuthenticator._sasl_start_jwtsF--/ !%!2!2%%ul&;<  s++r/cx||j}|rd|i}ni}ttj|}dd|dS)Nnrz MONGODB-OIDC) saslStart mechanismru)rr rxencode)rBrur* bin_payloads r-rPz%_OIDCAuthenticator._get_start_command sB ?!]]N/T[[12 ^ TTr/cPttj|}d||ddS)NrconversationId) saslContinuerur)r rxr)rBrur[rs r-rzz(_OIDCAuthenticator._get_continue_commands0T[[12 "()9:  r/)rCrreturnOptional[Mapping[str, Any]])rz"Optional[MutableMapping[str, Any]])rCrrMapping[str, Any])rr3)rCrrZMutableMapping[str, Any]rr)rr Exceptionrbool)rCrrNone)rCrr[rrr)rurrr)rurr[rrr)__name__ __module__ __qualname____annotations__rr4r5r6r8 threadingLockr:r<rDrMrQr@rArlrXrUr>rYrTrPrzrwr/r-rrLsM#(#6M=6"'"5L-5&+D&9H#9a(L#( @D.@!!,NE,..$C *9B8!t8 ! , ,,= ,  ,, U ( 6G ! r/cvt||j}|r|j|S|j|S)z Authenticate using MONGODB-OIDC.)r.r)rDrM)r(rCrD authenticators r-_authenticate_oidcrs9'{DLLAM++D11))$//r/)r(rr)ztuple[str, int]rr)r(rrCrrDrrr)+__doc__ __future__rrr_ dataclassesrrtypingrrrr r r rx bson.binaryr pymongo._csotr pymongo.auth_oidc_sharedrrrrrrrrrpymongo.errorsrrpymongo.helpers_sharedrpymongo.auth_sharedrpymongo.synchronous.poolr_IS_SYNCr.rrrwr/r-rs+" (OO #   @?33 " "+:"": N N  N b0 0(20DH0 0r/