a >h,!@s|ddlZzddlZdZWney.dZYn0ddlZddlmZmZmZddlm Z dZ dZ e dZ Gd d d ZdS) NTF)datetime timedeltatimezone)TIMEOUT_DEFAULTz sos-toolsz,urn:ietf:params:oauth:grant-type:device_codeZsosc@sZeZdZdZddZddZddZdd Zd d Zd d Z ddZ ddZ dddZ dS)DeviceAuthorizationClassz$ Device Authorization Class cCs*d|_d|_d|_||_||_|dS)N) _access_token_access_expires_at&_DeviceAuthorizationClass__device_codeclient_identifier_urltoken_endpoint_use_device_code_grant)selfr r r>/usr/lib/python3.9/site-packages/sos/policies/auth/__init__.py__init__!s z!DeviceAuthorizationClass.__init__cCs$|td|j|dS)zv Start the device auth flow. In the future we will store the tokens in an in-memory keyring. ztjy}z$td |jd |WYd }~n d }~00d S)zm Initialize new Device Authorization Grant attempt by requesting a new device code. z client_id=z content-typez!application/x-www-form-urlencodedRpython3-requests is not installed and is required for obtaining device auth token.)dataheaderstimeoutZ user_codeZverification_uriinterval device_codeZverification_uri_completezNHTTP request failed while attempting to acquire the tokens.Error returned was  N)DEVICE_AUTH_CLIENT_IDREQUESTS_LOADED Exceptionrequestspostr rZraise_for_statusjsongetZ _user_codeZ_verification_uri _intervalr rZ HTTPError status_code)r rrresZresponseerrrr9s4      z-DeviceAuthorizationClass._request_device_codec Cstt|jd}tstd|jdurt|jztt j |j |t d}|j }|dkrjtd|||dvr~t||j|dkr|d d vrt||jWqt jjy}ztd |WYd}~qd}~00qdS) z Continuously poll OIDC token endpoint until the user is successfully authenticated or an error occurs. ) grant_type client_idrrNrrz$The SSO authentication is successful)r+r,error)Zauthorization_pendingZ slow_downz)Error was found while posting a request: )GRANT_TYPE_DEVICE_CODErr rrrtimesleepr$r r!r rr%loggerinfo_set_token_datar"text exceptionsZRequestExceptionr-)r token_dataZcheck_auth_completionr%r'rrrrXs6     z1DeviceAuthorizationClass.poll_for_auth_completioncCst|d|_ttjt|dd|_|d|_|d|_ |j dkrVtj |_ nttjt|j d|_ dS)a@ Set the class attributes as per the input token_data received. In the future we will persist the token data in a local, in-memory keyring, to avoid visting the browser frequently. :param token_data: Token data containing access_token, refresh_token and their expiry etc. Z access_tokenZ expires_inZseconds refresh_tokenZrefresh_expires_inrN) r#rrnowrutcrr_refresh_tokenZ_refresh_expires_inmax_refresh_expires_at)r r6rrrr3zs        z(DeviceAuthorizationClass._set_token_datacCs2|r|jS|r$||jS||jS)zt Get the valid access_token at any given time. :return: Access_token :rtype: string )is_access_token_validris_refresh_token_valid_use_refresh_token_grantr rrrrget_access_tokensz)DeviceAuthorizationClass.get_access_tokencCs(|jo&|jo&|jtddttjkS)z Check the validity of access_token. We are considering it invalid 180 sec. prior to it's exact expiry time. :return: True/False r7)rrrrr9rr:rrrrr>s   z.DeviceAuthorizationClass.is_access_token_validcCs(|jo&|jo&|jtddttjkS)z Check the validity of refresh_token. We are considering it invalid 180 sec. prior to it's exact expiry time. :return: True/False rBr7)r;r=rrr9rr:rrrrr?s   z/DeviceAuthorizationClass.is_refresh_token_validNcCsts tdtd|s|jn|d}tj|j|td}|jdkrN| | nd|jdkrd| dvrt d |jd | dd | ntd |jd | ddS)z Fetch the new access_token and refresh_token using the existing refresh_token and persist it. :param refresh_token: optional param for refresh_token rr8)r)r(r8r*r+r,Zinvalidr-zAProblem while fetching the new tokens from refresh token grant - rz%. New Device code will be requested !zcSomething went wrong while using the Refresh token grant for fetching tokens: Returned status code z and error N)rrrr;r r!r rr%r3r"r1Zwarningr )r r8Zrefresh_token_dataZrefresh_token_resrrrr@s<      z1DeviceAuthorizationClass._use_refresh_token_grant)N) __name__ __module__ __qualname____doc__rr rrr3rAr>r?r@rrrrrs "  r)Zloggingr r ImportErrorr/rrrZ sos.utilitiesrrr.Z getLoggerr1rrrrr s