o {gK-@sdZddlmZddlZddlZddlmZmZddlm Z m Z m Z m Z m Z mZddlZddlmZddlmZddlmZmZmZmZmZmZmZmZmZdd lmZm Z dd l!m"Z"e rjdd l#m$Z$dd l%m&Z&d Z'dddZ(eGdddZ)dddZ*dS) z$MONGODB-OIDC Authentication helpers.) annotationsN) dataclassfield) TYPE_CHECKINGAnyMappingMutableMappingOptionalUnion)Binary) remaining) CALLBACK_VERSIONHUMAN_CALLBACK_TIMEOUT_SECONDS MACHINE_CALLBACK_TIMEOUT_SECONDSTIME_BETWEEN_CALLS_SECONDS OIDCCallbackOIDCCallbackContextOIDCCallbackResult OIDCIdPInfo_OIDCProperties)ConfigurationErrorOperationFailure)_AUTHENTICATION_FAILURE_CODE)MongoCredential) ConnectionT credentialsraddresstuple[str, int]return_OIDCAuthenticatorcCs|jjr|jjS|j}|j}|jsDd}|j}|D]}||dkr#d}q|dr5|d|ddr5d}q|sDtd|dd|t ||d|j_|jjS) NFrTz*.zRefusing to connect to z(, which is not in authOIDCAllowedHosts: )username properties) cachedatar!mechanism_properties environment allowed_hosts startswithendswithrr)rrprincipal_namer"foundr'pattr-z/var/www/bot.gig.net.ua/public_html/telegram/P1/HellBot/venv/lib/python3.10/site-packages/pymongo/synchronous/auth_oidc.py_get_authenticator/s&  r/c@seZdZUded<ded<eddZded<eddZded <eddZd ed <ed dZd ed<ee j dZ ded<ed dZ ded<dd d!Zdd5d6ZdDd8d9ZdEd:d;ZdS)Frstrr!rr"N)default Optional[str] refresh_token access_tokenzOptional[OIDCIdPInfo]idp_inforint token_gen_id)default_factoryzthreading.Locklockfloatlast_call_timeconnrrOptional[Mapping[str, Any]]cCs&|||jjr||S||S)z(Handle a reauthenticate from the server.) _invalidater"callback_authenticate_machine_authenticate_human)selfr<r-r-r.reauthenticateWs   z!_OIDCAuthenticator.reauthenticatecCsL|j}|r|r|j}|r|dr|j|_|S|jjr!||S||S)z'Handle an initial authenticate request.done) auth_ctxspeculate_succeededspeculative_authenticater7oidc_token_gen_idr"r?r@rA)rBr<ctxrespr-r-r. authenticate`s    z_OIDCAuthenticator.authenticate"Optional[MutableMapping[str, Any]]cCs|jsdS|d|jiS)z-Get the appropriate speculative auth command.Njwt)r4_get_start_command)rBr-r-r.get_spec_auth_cmdrsz$_OIDCAuthenticator.get_spec_auth_cmdMapping[str, Any]c CsX|jr'z||WSty&}z||r!||WYd}~Sd}~ww||SN)r4_sasl_start_jwtr_is_auth_errorr@)rBr<er-r-r.r@xs   z(_OIDCAuthenticator._authenticate_machinec Cs|jr'z||WSty&}z||r!||WYd}~Sd}~ww|jrQz||WStyP}z||rKd|_||WYd}~Sd}~ww|d}|||}|||SrQ) r4rRrrSrAr3rN _run_command_sasl_continue_jwt)rBr<rTcmd start_respr-r-r.rAs,        z&_OIDCAuthenticator._authenticate_humanc Cs\|j}|jdu}|r|jdurdS|jr|j}|jr|j}|j}|r$|S|dur,|s,dS|s|dur|jn|j}||krF|WdSt|j}|tkrXt t|t|_|rit }|jdushJnt t pnt }t|t|j|j|jjd}||} t| tstd| j|_| j|_|jd7_Wd|jS1swY|jS)N)timeout_secondsversionr3r5r!z2Callback result must be of type OIDCCallbackResultr )r"human_callbackr5r?r4r9timer;rsleeprr6r rrr r3r!fetch isinstancer ValueErrorr7) rBr"is_humancb prev_token new_tokendeltatimeoutcontextrJr-r-r._get_access_tokensX         z$_OIDCAuthenticator._get_access_tokenrWMutableMapping[str, Any]c CsBz |jd|ddWSty }z ||r||d}~ww)Nz $externalT) no_reauth)commandrrSr>)rBr<rWrTr-r-r.rUs  z_OIDCAuthenticator._run_commanderr ExceptionboolcCst|tsdS|jtkS)NF)r_rcoder)rBrlr-r-r.rSs  z!_OIDCAuthenticator._is_auth_errorNonecCs*|jpd}|dur||jkrdSd|_dS)Nr)rHr7r4)rBr<r7r-r-r.r>s  z_OIDCAuthenticator._invalidaterXcCs^d|_d|_t|d}d|vrtdi||_|}|j|_| d|i|}| ||S)NpayloadissuerrMr-) r4r3bsondecoderr5rhr7rH_get_continue_commandrU)rBr<rX start_payloadr4rWr-r-r.rVs z%_OIDCAuthenticator._sasl_continue_jwtcCs*|}|j|_|d|i}|||S)NrM)rhr7rHrNrU)rBr<r4rWr-r-r.rRs z"_OIDCAuthenticator._sasl_start_jwtrqcCs:|dur|j}|rd|i}ni}tt|}dd|dS)Nnr z MONGODB-OIDC) saslStart mechanismrq)r!r rsencode)rBrqr* bin_payloadr-r-r.rNs  z%_OIDCAuthenticator._get_start_commandcCstt|}d||ddS)Nr conversationId) saslContinuerqr|)r rsrz)rBrqrXr{r-r-r.rus z(_OIDCAuthenticator._get_continue_command)r<rrr=)rrL)r<rrrP)rr2)r<rrWrirrP)rlrmrrn)r<rrrp)r<rrXrPrrP)rqr=rri)rqrPrXrPrri)__name__ __module__ __qualname____annotations__rr3r4r5r7 threadingLockr9r;rCrKrOr@rArhrUrSr>rVrRrNrur-r-r-r.rLs,      ! 8     r<rrCrnr=cCs$t||j}|r ||S||S)z Authenticate using MONGODB-OIDC.)r/rrCrK)rr<rC authenticatorr-r-r._authenticate_oidcs   r)rrrrrr)rrr<rrCrnrr=)+__doc__ __future__rrr\ dataclassesrrtypingrrrrr r rs bson.binaryr pymongo._csotr pymongo.auth_oidc_sharedr rrrrrrrrpymongo.errorsrrpymongo.helpers_sharedrpymongo.auth_sharedrpymongo.synchronous.poolr_IS_SYNCr/rrr-r-r-r.s*    ,    P