FCf6$dZddlmZddlZddlZddlZddlZddlmZm Z ddl m Z m Z m Z mZmZmZddlmZddlZddlmZddlmZdd lmZdd lmZdd lmZmZdd lm Z e r dd l!m"Z"ddl#m$Z$eGddZ%eGddZ&eGddZ'GddejPZ)eGddZ* dZ+dZ,dZ-dZ.dZ/ d(dZ0Gd d!e)Z1Gd"d#e)Z2Gd$d%e)Z3eGd&dZ4 d)d'Z5y)*z$MONGODB-OIDC Authentication helpers.) annotationsN) dataclassfield) TYPE_CHECKINGAnyMappingMutableMappingOptionalUnion)quote)Binary)_get_azure_response) remaining)_get_gcp_response)ConfigurationErrorOperationFailure)_AUTHENTICATION_FAILURE_CODE)MongoCredential) ConnectioncPeZdZUded<edZded<edZded<y) OIDCIdPInfostrissuerNdefault Optional[str]clientIdzOptional[list[str]] requestScopes)__name__ __module__ __qualname____annotations__rrrQ/var/www/highfloat_scraper/venv/lib/python3.12/site-packages/pymongo/auth_oidc.pyrr's& K#D1Hm1).t)s3>>r$r5ceZdZUedZded<edZded<edZded<eeZ d ed <edZ ded <d Z d ed<y)_OIDCPropertiesNrzOptional[OIDCCallback]callbackhuman_callbackr environmentdefault_factoryz list[str] allowed_hoststoken_resourcerr*) rr r!rrAr"rBrClistrFrGr*r#r$r%r@r@FsY',T':H$:-24-@N*@!&t!4K4$T:M9:$)$$7NM7Hcr$r@i,<g?_OIDCAuthenticatorc|jjr|jjS|j}|j}|jsbd}|j }|D]9}||dk(rd}|j ds |dj|dds8d};|std|dd|t|||j_|jjS) NFrTz*.rKzRefusing to connect to z(, which is not in authOIDCAllowedHosts: )r* properties) cachedatar*mechanism_propertiesrCrF startswithendswithrrM) credentialsaddressprincipal_namerOfoundrFpatts r%_get_authenticatorrZYs  %%%!))N11J  ! !"00 ! Dwqz!&71:+>+>tABx+H   $)'!*5]^k]lm  0T^_K    ! !!r$ceZdZddZy)_OIDCTestCallbackctjjd}|s tdt |5}t |j jcdddS#1swYyxYw)NOIDC_TOKEN_FILEzIMONGODB-OIDC with an "test" provider requires "OIDC_TOKEN_FILE" to be setr2)osenvironget RuntimeErroropenr1readstrip)r7r8 token_filefids r%r9z_OIDCTestCallback.fetchwsdZZ^^$56 [ *  G%388:3C3C3EF G G Gs (A**A3Nr:)rr r!r9r#r$r%r\r\vsGr$r\ceZdZddZddZy)_OIDCAzureCallbackc$t||_yNr rGr7rGs r%__init__z_OIDCAzureCallback.__init__#N3r$c~t|j|j|j}t |d|dS)Nr2 expires_in)r2r3)rrGr*r)r1r7r8resps r%r9z_OIDCAzureCallback.fetchs>"4#6#68H8H'JaJab!n-$|BT  r$NrGrr;Noner:rr r!ror9r#r$r%rjrjs 4 r$rjceZdZddZddZy)_OIDCGCPCallbackc$t||_yrlrmrns r%roz_OIDCGCPCallback.__init__rpr$c`t|j|j}t|dS)Nr2r_)rrGr)r1rss r%r9z_OIDCGCPCallback.fetchs* !4!4g6M6MN!tN/CDDr$Nrur:rwr#r$r%ryrys 4Er$ryc^eZdZUded<ded<edZded<edZded <edZd ed <ed Zd ed<ee jZ ded<ed Z ded<d!dZ d!dZd"dZd#dZd!dZd$dZd%dZd&dZd'dZ d(dZd#dZd)dZ d*d Zy)+rMrr*r@rONrrr-r2r.r/rr+ token_gen_idrDzthreading.Locklockr(last_call_timec|j||jjr|j|S|j |S)z(Handle a reauthenticate from the server.) _invalidaterOrA_authenticate_machine_authenticate_human)r7conns r%reauthenticatez!_OIDCAuthenticator.reauthenticatesA  ?? # #--d3 3''--r$c|j}|r6|jr&|j}|r|dr|j|_|S|j j r|j|S|j|S)z'Handle an initial authenticate request.done) auth_ctxspeculate_succeededspeculative_authenticater}oidc_token_gen_idrOrArr)r7rctxrts r% authenticatez_OIDCAuthenticator.authenticatessmm 3**,//DV )-):):& ?? # #--d3 3''--r$cV|jsy|jd|jiS)z-Get the appropriate speculative auth command.Njwt)r2_get_start_command)r7s r%get_spec_auth_cmdz$_OIDCAuthenticator.get_spec_auth_cmds*  &&t/@/@'ABBr$c|jr |j|S|j|S#t$r-}|j|r|j |cYd}~Sd}~wwxYwrl)r2_sasl_start_jwtr_is_auth_errorr)r7res r%rz(_OIDCAuthenticator._authenticate_machinesj    ++D11 ##D)) $ &&q)55d;; s 0 A&!A!A& A!!A&c|jr |j|S|j r |j|S|j d}|j||}|j||S#t$r-}|j|r|j |cYd}~Sd}~wwxYw#t$r4}|j|rd|_|j |cYd}~Sd}~wwxYwrl) r2rrrrr-r _run_command_sasl_continue_jwt)r7rrcmd start_resps r%rz&_OIDCAuthenticator._authenticate_humans    ++D11    ++D11%%d+&&tS1 &&tZ88/$ &&q)33D99 $ &&q))-D&33D99  sFA2B+2 B(;!B#B("B##B(+ C(4(C#C("C##C(c|j}|jdu}|r |jy|jr |j}|jr |j}|j}|r|S|sy|so|l|j 5|j}||k7r |cdddSt j |jz }|tkrt jt|z t j |_|rt}|jJttxst}t|t|j |j|jj"}|j%|} t'| t(s t+d| j |_| j|_|xj,dz c_ddd|jS|jS#1swY|jSxYw)N)r)r,r-r/r*z2Callback result must be of type OIDCCallbackResultrK)rOrBr/rAr2r~timerTIME_BETWEEN_CALLS_SECONDSsleepHUMAN_CALLBACK_TIMEOUT_SECONDSr+r MACHINE_CALLBACK_TIMEOUT_SECONDSr'CALLBACK_VERSIONr-r*r9 isinstancer1 ValueErrorr}) r7rOis_humancb prev_token new_tokendeltatimeoutr8rts r%_get_access_tokenz$_OIDCAuthenticator._get_access_tokens__ ,,D8  -   $$B  $ $**B&&   :jbn '!--  *$  ' ' d&9&9955JJ9EAB&*iik# K  s++r$c|j}|j|_|jd|i}|j ||S)Nr)rr}rrr)r7rr2rs r%rz"_OIDCAuthenticator._sasl_start_jwtJsF--/ !%!2!2%%ul&;<  s++r$cx||j}|rd|i}ni}ttj|}dd|dS)NnrKz MONGODB-OIDC) saslStart mechanismr)r*r rencode)r7rrW bin_payloads r%rz%_OIDCAuthenticator._get_start_commandPsB ?!]]N/T[[12 ^ TTr$cPttj|}d||ddS)NrKconversationId) saslContinuerr)r rr)r7rrrs r%rz(_OIDCAuthenticator._get_continue_commandZs0T[[12 "()9:  r$)rrr;Optional[Mapping[str, Any]])r;z"Optional[MutableMapping[str, Any]])rrr;Mapping[str, Any])r;r)rrrMutableMapping[str, Any]r;r)r Exceptionr;bool)rrr;rv)rrrrr;r)rrr;r)rrrrr;r)rr r!r"rr-r2r/r} threadingLockr~rrrrrrrrrrrrrrr#r$r%rMrMsM#(#6M=6"'"5L-5&+D&9H#9a(L#( @D.@!!,NE,..$C *9B6!p8 ! , ,,= ,  ,, U ( 6G ! r$cvt||j}|r|j|S|j|S)z Authenticate using MONGODB-OIDC.)rZrVrr)rUrr authenticators r%_authenticate_oidcres9'{DLLAM++D11))$//r$)rUrrVztuple[str, int]r;rM)rUrrrrrr;r)6r< __future__rr=r`rr dataclassesrrtypingrrrr r r urllib.parser r bson.binaryr pymongo._azure_helpersr pymongo._csotrpymongo._gcp_helpersrpymongo.errorsrrpymongo.helpersr pymongo.authr pymongo.poolrrr'r1ABCr5r@TOKEN_BUFFER_MINUTESrrrrrZr\rjryrMrr#r$r%rsa+"  (OO 6#2?8,' == =  :: : 77 7 >377>  <!'#%  " "+:"":G G  E|E L L  L ^0 0(20DH0 0r$