관리-도구

편집 파일: init.cpython-39.pyc

����-�_g� ����������������������@���sx���d�dl�Z�zd�dlZdZW�n�ey.���dZY�n0�d�dlZd�dlmZmZ�d�dlmZ�dZ	dZ
e��d�ZG�d	d
��d
�Z
dS�)�����NTF)�datetime�	timedelta)�TIMEOUT_DEFAULTz	sos-toolsz,urn:ietf:params:oauth:grant-type:device_codeZsosc�������������������@���sZ���e�Zd�ZdZdd��Zdd��Zdd��Zdd	��Zd
d��Zdd
��Z	dd��Z
dd��Zddd�ZdS�)�DeviceAuthorizationClassz$
    Device Authorization Class
    c�����������������C���s*���d�|�_�d�|�_d�|�_||�_||�_|�����d�S�)N)�
_access_token�_access_expires_at�&_DeviceAuthorizationClass__device_code�client_identifier_url�token_endpoint�_use_device_code_grant)�selfr	���r
�����r
����>/usr/lib/python3.9/site-packages/sos/policies/auth/__init__.py�__init__!���s����z!DeviceAuthorizationClass.__init__c�����������������C���s$���|������td|�j�����|�����dS�)zv
        Start the device auth flow. In the future we will
        store the tokens in an in-memory keyring.

z<Please visit the following URL to authenticate this device: N)�_request_device_code�print�_verification_uri_complete�poll_for_auth_completion�r���r
���r
���r���r���+���s������z/DeviceAuthorizationClass._use_device_code_grantc��������������
���C���s����dt����}ddi}tstd��zdtj|�j||td�}|����|���}|�	d�|�_
|�	d�|�_|�	d�|�_|�	d	�|�_
|�	d
�|�_W�n>�tjy��}�z$t�d|j��d|�����W�Y�d
}~n
d
}~0�0�d
S�)zm
        Initialize new Device Authorization Grant attempt by
        requesting a new device code.

z
client_id=zcontent-typez!application/x-www-form-urlencoded�Rpython3-requests is not installed and is required for obtaining device auth token.)�data�headers�timeoutZ	user_codeZverification_uri�interval�device_codeZverification_uri_completezNHTTP request failed while attempting to acquire the tokens.Error returned was � N)�DEVICE_AUTH_CLIENT_ID�REQUESTS_LOADED�	Exception�requests�postr	���r���Zraise_for_status�json�getZ
_user_codeZ_verification_uri�	_intervalr���r���Z	HTTPError�status_code)r���r���r����resZresponse�er
���r
���r���r���9���s4����
��
��z-DeviceAuthorizationClass._request_device_codec��������������
���C���s����t�t|�jd�}tstd��|�jdu�r�t�|�j��ztt	j
|�j|td�}|j
}|dkrjt�d��|��|�����|dvr~t||j��|dkr�|���d	�d
vr�t||j��W�q�t	jjy��}�zt�d|�����W�Y�d}~qd}~0�0�qdS�)z�
        Continuously poll OIDC token endpoint until the user is successfully
        authenticated or an error occurs.

)�
grant_type�	client_idr���r���N�r���r��������z$The SSO authentication is successful)r*������r+����error)Zauthorization_pendingZ	slow_downz)Error was found while posting a request: )�GRANT_TYPE_DEVICE_CODEr���r���r���r���r����time�sleepr#���r���r ���r
���r���r$����logger�info�_set_token_datar!����text�
exceptionsZRequestExceptionr,���)r����
token_dataZcheck_auth_completionr$���r&���r
���r
���r���r���X���s6�����
�

��z1DeviceAuthorizationClass.poll_for_auth_completionc�����������������C���sl���|��d�|�_t���t|��d�d��|�_|��d�|�_|��d�|�_|�jdkrRtj|�_	nt���t|�jd��|�_	dS�)a@��
        Set the class attributes as per the input token_data received.
        In the future we will persist the token data in a local,
        in-memory keyring, to avoid visting the browser frequently.
        :param token_data: Token data containing access_token, refresh_token
        and their expiry etc.
        Zaccess_tokenZ
expires_in�Zseconds�
refresh_tokenZrefresh_expires_inr���N)
r"���r���r����utcnowr���r����_refresh_tokenZ_refresh_expires_in�max�_refresh_expires_at)r���r5���r
���r
���r���r2���z���s�����

�z(DeviceAuthorizationClass._set_token_datac�����������������C���s2���|�����r|�jS�|����r$|�����|�jS�|�����|�jS�)zt
        Get the valid access_token at any given time.
        :return: Access_token
        :rtype: string
        )�is_access_token_validr����is_refresh_token_valid�_use_refresh_token_grantr���r���r
���r
���r����get_access_token����s����z)DeviceAuthorizationClass.get_access_tokenc�����������������C���s$���|�j�o"|�jo"|�jtdd��t���kS�)z�
        Check the validity of access_token. We are considering it invalid 180
        sec. prior to it's exact expiry time.
        :return: True/False

����r6���)r���r���r���r���r8���r���r
���r
���r���r<�������s
������z.DeviceAuthorizationClass.is_access_token_validc�����������������C���s$���|�j�o"|�jo"|�jtdd��t���kS�)z�
        Check the validity of refresh_token. We are considering it invalid
        180 sec. prior to it's exact expiry time.

:return: True/False

r@���r6���)r9���r;���r���r���r8���r���r
���r
���r���r=�������s
������z/DeviceAuthorizationClass.is_refresh_token_validNc�����������������C���s����t�std��td|s|�jn|d�}tj|�j|td�}|jdkrN|��	|�
����nd|jdkr�d|�
��d�v�r�t�d	|j��d
|�
��d���d���|��
���ntd|j��d
|�
��d������dS�)z�
        Fetch the new access_token and refresh_token using the existing
        refresh_token and persist it.
        :param refresh_token: optional param for refresh_token

r���r7���)r(���r'���r7���r)���r*���r+���Zinvalidr,���zAProblem while fetching the new tokens from refresh token grant - r���z%. New Device code will be requested !zcSomething went wrong while using the Refresh token grant for fetching tokens: Returned status code z and error N)r���r���r���r9���r���r ���r
���r���r$���r2���r!���r0���Zwarningr���)r���r7���Zrefresh_token_dataZrefresh_token_resr
���r
���r���r>�������s<�������

��
�

�
��z1DeviceAuthorizationClass._use_refresh_token_grant)N)
�__name__�
__module__�__qualname__�__doc__r���r���r���r���r2���r?���r<���r=���r>���r
���r
���r
���r���r������s���
"r���)Zloggingr���r����ImportErrorr.���r���r���Z
sos.utilitiesr���r���r-���Z	getLoggerr0���r���r
���r
���r
���r����<module>���s���

관리-도구

편집 파일: __init__.cpython-39.pyc

편집 파일: init.cpython-39.pyc