+\hD/>dZddlmZddlZddlZddlZddlmZmZddl m Z m Z m Z m Z mZmZddlZddlmZddlmZddlmZmZmZmZmZmZmZmZmZdd lm Z m!Z!dd l"m#Z#dd l$m%Z%m&Z&e r dd l'm(Z(dd l)m*Z*dZ+ ddZ,eGddZ- ddZ.y)z$MONGODB-OIDC Authentication helpers.) annotationsN) dataclassfield) TYPE_CHECKINGAnyMappingMutableMappingOptionalUnion)Binary) remaining) CALLBACK_VERSIONHUMAN_CALLBACK_TIMEOUT_SECONDS MACHINE_CALLBACK_TIMEOUT_SECONDSTIME_BETWEEN_CALLS_SECONDS OIDCCallbackOIDCCallbackContextOIDCCallbackResult OIDCIdPInfo_OIDCProperties)ConfigurationErrorOperationFailure)_AUTHENTICATION_FAILURE_CODE)Lock _create_lock)MongoCredential) ConnectionT_OIDCAuthenticatorc|jjr|jjS|j}|j}|jbd}|j }|D]9}||dk(rd}|j ds |dj|dds8d};|std|dd|t|||j_|jjS) NFrTz*.zRefusing to connect to z(, which is not in authOIDCAllowedHosts: )username properties) cachedatar!mechanism_propertieshuman_callback allowed_hosts startswithendswithrr) credentialsaddressprincipal_namer"foundr'patts `/root/niggaflix-v3/playground/venv/lib/python3.12/site-packages/pymongo/synchronous/auth_oidc.py_get_authenticatorr01s  %%%!))N11J  ,"00 ! Dwqz!&71:+>+>tABx+H   $)'!*5]^k]lm  0T^_K    ! !!cleZdZUded<ded<edZded<edZded <edZd ed <ed Zd ed<e see Z ded<nee Z ded<ed Z ded<d"dZ d"dZd#dZd$dZd"dZd%dZd&dZd'dZd(dZ d)dZd$dZd*d Z d+d!Zy),rstrr!rr"N)default Optional[str] refresh_token access_tokenzOptional[OIDCIdPInfo]idp_inforint token_gen_id)default_factoryrlockzthreading.Lockfloatlast_call_timec|j||jjr|j|S|j |S)z(Handle a reauthenticate from the server.) _invalidater"callback_authenticate_machine_authenticate_human)selfconns r/reauthenticatez!_OIDCAuthenticator.reauthenticate]sA  ?? # #--d3 3''--r1c|j}|r6|jr&|j}|r|dr|j|_|S|j j r|j|S|j|S)z'Handle an initial authenticate request.done) auth_ctxspeculate_succeededspeculative_authenticater:oidc_token_gen_idr"rArBrC)rDrEctxresps r/ authenticatez_OIDCAuthenticator.authenticatefssmm 3**,//DV )-):):& ?? # #--d3 3''--r1cV|jsy|jd|jiS)z-Get the appropriate speculative auth command.Njwt)r7_get_start_command)rDs r/get_spec_auth_cmdz$_OIDCAuthenticator.get_spec_auth_cmdxs*  &&t/@/@'ABBr1c|jr |j|S|j|S#t$r-}|j|r|j |cYd}~Sd}~wwxYwN)r7_sasl_start_jwtr_is_auth_errorrB)rDrEes r/rBz(_OIDCAuthenticator._authenticate_machine~sj    ++D11 ##D)) $ &&q)55d;; s 0 A&!A!A& A!!A&c|jr |j|S|j r |j|S|j d}|j||}|j||S#t$r-}|j|r|j |cYd}~Sd}~wwxYw#t$r4}|j|rd|_|j |cYd}~Sd}~wwxYwrU) r7rVrrWrCr6rR _run_command_sasl_continue_jwt)rDrErXcmd start_resps r/rCz&_OIDCAuthenticator._authenticate_humans    ++D11    ++D11%%d+&&tS1 &&tZ88/$ &&q)33D99 $ &&q))-D&33D99  sFA2B+2 B(;!B#B("B##B(+ C(4(C#C("C##C(c|j}|jdu}|r |jy|jr |j}|jr |j}|j}|r|S|sy|s||j 5|j}||k7r |cdddSt j |jz }|tkrt jt|z t j |_|rt}|jJttxst}t|t|j |j|jj"}t$s0t'j(j+d|j,|} n|j-|} t/| t0st3dt5| | j |_| j|_|xj6dz c_ddd|jS|jS#1swY|jSxYw)N)timeout_secondsversionr6r8r!z8Callback result must be of type OIDCCallbackResult, not r )r"r&r8rAr7r<timer>rsleeprr9r rrrr6r!_IS_SYNCasyncioget_running_looprun_in_executorfetch isinstancer ValueErrortyper:) rDr"is_humancb prev_token new_tokendeltatimeoutcontextrNs r/_get_access_tokenz$_OIDCAuthenticator._get_access_tokens__ ,,D8  -   $$B  $ $**B&&   :jbn# '!--  *$ # '# ' d&9&9955JJ9EAB&*iik# K  s++r1c|j}|j|_|jd|i}|j ||S)NrQ)rrr:rLrRrZ)rDrEr7r\s r/rVz"_OIDCAuthenticator._sasl_start_jwt sF--/ !%!2!2%%ul&;<  s++r1cx||j}|rd|i}ni}ttj|}dd|dS)Nnr z MONGODB-OIDC) saslStart mechanismr{)r!r r~encode)rDr{r, bin_payloads r/rRz%_OIDCAuthenticator._get_start_commandsB ?!]]N/T[[12 ^ TTr1cPttj|}d||ddS)Nr conversationId) saslContinuer{r)r r~r)rDr{r]rs r/rz(_OIDCAuthenticator._get_continue_commands0T[[12 "()9:  r1)rErreturnOptional[Mapping[str, Any]])rz"Optional[MutableMapping[str, Any]])rErrMapping[str, Any])rr5)rErr\MutableMapping[str, Any]rr)rx Exceptionrbool)rErrNone)rErr]rrr)r{rrr)r{rr]rrr)__name__ __module__ __qualname____annotations__rr6r7r8r:rcrr<r>rFrOrSrBrCrrrZrWr@r[rVrRrr}r1r/rrNsM#(#6M=6"'"5L-5&+D&9H#9a(L#( <8d8$\BnB!!,NE,..$C *9B;!z8 ! , ,,= ,  ,, U ( 6G ! r1cvt||j}|r|j|S|j|S)z Authenticate using MONGODB-OIDC.)r0r+rFrO)r*rErF authenticators r/_authenticate_oidcr's9'{DLLAM++D11))$//r1)r*rr+ztuple[str, int]rr)r*rrErrFrrr)/__doc__ __future__rrd threadingra dataclassesrrtypingrrrr r r r~ bson.binaryr pymongo._csotr pymongo.auth_oidc_sharedrrrrrrrrrpymongo.errorsrrpymongo.helpers_sharedr pymongo.lockrrpymongo.auth_sharedrpymongo.synchronous.poolrrcr0rrr}r1r/rs+" (OO #   @?+33 " "+:"": U U  U p0 0(20DH0 0r1