관리-도구

편집 파일: __init__.cpython-39.pyc

a ����-�_g� ����������������������@���sx���d�d
l�Z�zd�d
l
Z
dZW�n�ey.
�
�
�dZY�n0�d�d
lZd�dlmZmZ
�d�dlmZ
�dZ dZ e��d�
ZG�d d ��d �Z d
S�)�����NTF)�datetime� timedelta)
�TIMEOUT_DEFAULTz sos-toolsz,urn:ietf:params:oauth:grant-type:device_codeZsosc�������������������@���sZ���e�Z
d�Zd
Zdd��Zdd��Zdd��Zdd ��Zd d��Zdd ��Z dd��Z dd��Zddd�
ZdS�)�DeviceAuthorizationClassz$ Device Authorization Class c�����������������C���s*���d�|�_�d�|�_
d�|�_|
|�_||�_|����
�d�S�)
N)� _access_token�_access_expires_at�&_DeviceAuthorizationClass__device_code�client_identifier_url�token_endpoint�_use_device_code_grant)�selfr ���r �����r ����>/usr/lib/python3.9/site-packages/sos/policies/auth/__init__.py�__init__!���s����



z!DeviceAuthorizationClass.__init__c
�����������
������C���s$���|�����
�t
d
|�j����

�|����
�dS�)zv Start the device auth flow. In the future we will store the tokens in an in-memory keyring. z<Please visit the following URL to authenticate this device: N)�_request_device_code�print�_verification_uri_complete�poll_for_auth_completion�
r���r ���r ���r���r���+���s����


��z/DeviceAuthorizationClass._use_device_code_grantc
�������������� ���C���s����d
t����}
ddi
}t
std�
�
zdtj|�j|
|td�}|���
�|���}|� d�
|�_ |� d�
|�_|� d�
|�_|� d �
|�_ |� d �
|�_W�n>�tjy�
�}
�z$t�d|j��d|����
�
W�Y�d }~n d }~0�0�d S�)zm Initialize new Device Authorization Grant attempt by requesting a new device code. z client_id=zcontent-typez!application/x-www-form-urlencoded�Rpython3-requests is not installed and is required for obtaining device auth token.)�data�headers�timeoutZ user_codeZverification_uri�interval�device_codeZverification_uri_completezNHTTP request failed while attempting to acquire the tokens.Error returned was �
N)�DEVICE_AUTH_CLIENT_ID�REQUESTS_LOADED� Exception�requests�postr ���r���Zraise_for_status�json�getZ _user_codeZ_verification_uri� _intervalr���r���Z HTTPError�status_code)r���r���r����resZresponse�
er ���r ���r���r���9���s4����







�






� 
��z-DeviceAuthorizationClass._request_device_codec
�������������� ���C���s����t�t
|�jd
�}
tstd�
�
|�jdu�r�t�|�j�

�ztt j |�j|
td�}|j }|dkrjt�d�

�|��|����

�|dv
r~t||j��
|dkr�|���d �d v
r�t||j��
W�q�t jjy�
�}
�zt�d|����

�W�Y�d}~qd}~0�0�qdS�)z� Continuously poll OIDC token endpoint until the user is successfully authenticated or an error occurs. )� grant_type� client_idr���r���N�r���r��������z$The SSO authentication is successful)r*����
��r+����error)Zauthorization_pendingZ slow_downz)Error was found while posting a request: )�GRANT_TYPE_DEVICE_CODEr���r���r���r���r����time�sleepr#���r���r ���r ���r���r$����logger�info�_set_token_datar!����text� exceptionsZRequestExceptionr,���)r���� token_dataZcheck_auth_completionr$���r&���r ���r ���r���r���X���s6����

�





�






��

z1DeviceAuthorizationClass.poll_for_auth_completionc�����������������C���sl���|
��d
�
|�_
t���t|
��d�
d�
�|�_|
��d�
|�_|
��d�
|�_|�jdkrRtj|�_ nt���t|�jd�
�|�_ dS�)a@
�� Set the class attributes as per the input token_data received. In the future we will persist the token data in a local, in-memory keyring, to avoid visting the browser frequently. :param token_data: Token data containing access_token, refresh_token and their expiry etc. Zaccess_tokenZ expires_in�
Zseconds� refresh_tokenZrefresh_expires_inr
���N) r"���r���r����utcnowr���r����_refresh_tokenZ_refresh_expires_in�max�_refresh_expires_at)r���r5���r ���r ���r���r2���z���s����

�



�z(DeviceAuthorizationClass._set_token_datac
�����������
������C���s2���|�����r|�j
S�|����r$|����
�|�j
S�|����
�|�j
S�)
zt Get the valid access_token at any given time. :return: Access_token :rtype: string )�is_access_token_validr����is_refresh_token_valid�_use_refresh_token_grantr���r���r ���r ���r����get_access_token����s����





z)DeviceAuthorizationClass.get_access_tokenc
�����������
������C���s$���|�j�o"|�j
o"|�j
td
d�
�t���kS�)z� Check the validity of access_token. We are considering it invalid 180 sec. prior to it's exact expiry time. :return: True/False ����r6���)r���r���r���r���r8���r���r ���r ���r���r<�������s ����

��z.DeviceAuthorizationClass.is_access_token_validc
�����������
������C���s$���|�j�o"|�j
o"|�j
td
d�
�t���kS�)z� Check the validity of refresh_token. We are considering it invalid 180 sec. prior to it's exact expiry time. :return: True/False r@���r6���)r9���r;���r���r���r8���r���r ���r ���r���r=�������s ����

��z/DeviceAuthorizationClass.is_refresh_token_validNc�����������������C���s����t�st
d
�
�
td|
s|�jn|
d�}tj|�j|td�}|jdkrN|�� |� ���

�nd|jdkr�d|� ��d�v�r�t�d |j��d |� ��d���d��

�|�� ��
�nt
d|j��d |� ��d�����
�
dS�)z� Fetch the new access_token and refresh_token using the existing refresh_token and persist it. :param refresh_token: optional param for refresh_token r���r7���)r(���r'���r7���r)���r*���r+���Zinvalidr,���zAProblem while fetching the new tokens from refresh token grant - r���z%. New Device code will be requested !zcSomething went wrong while using the Refresh token grant for fetching tokens: Returned status code z and error N)r���r���r���r9���r���r ���r ���r���r$���r2���r!���r0���Zwarningr���)r���r7���Zrefresh_token_dataZrefresh_token_resr ���r ���r���r>�������s<����

�
�

�

�
� �  
� ��z1DeviceAuthorizationClass._use_refresh_token_grant)
N) �__name__� __module__�__qualname__�__doc__r���r���r���r���r2���r?���r<���r=���r>���r ���r ���r ���r���r������s���
 "r���)Zloggingr���r����ImportErrorr.���r���r���Z sos.utilitiesr���r���r-���Z getLoggerr0���r���r ���r ���r ���r����<module>���s���