Ë
    -Ø_gþ   ã                   ó˜   — d dl Z 	 d dlZdZd dlZd dlmZmZ d dlmZ dZ	dZ
 e j                  d«      Z G d	„ d
«      Zy# e$ r dZY Œ<w xY w)é    NTF)ÚdatetimeÚ	timedelta)ÚTIMEOUT_DEFAULTz	sos-toolsz,urn:ietf:params:oauth:grant-type:device_codeÚsosc                   óH   — e Zd ZdZd„ Zd„ Zd„ Zd„ Zd„ Zd„ Z	d„ Z
d	„ Zdd„Zy
)ÚDeviceAuthorizationClassz$
    Device Authorization Class
    c                 ój   — d | _         d | _        d | _        || _        || _        | j                  «        y ©N)Ú_access_tokenÚ_access_expires_atÚ&_DeviceAuthorizationClass__device_codeÚclient_identifier_urlÚtoken_endpointÚ_use_device_code_grant)Úselfr   r   s      ú</usr/lib/python3/dist-packages/sos/policies/auth/__init__.pyÚ__init__z!DeviceAuthorizationClass.__init__!   s6   € à!ˆÔØ"&ˆÔØ!ˆÔà%:ˆÔ"Ø,ˆÔØ×#Ñ#Õ%ó    c                 ót   — | j                  «        t        d| j                  › «       | j                  «        y)zv
        Start the device auth flow. In the future we will
        store the tokens in an in-memory keyring.

        z<Please visit the following URL to authenticate this device: N)Ú_request_device_codeÚprintÚ_verification_uri_completeÚpoll_for_auth_completion©r   s    r   r   z/DeviceAuthorizationClass._use_device_code_grant+   s<   € ð 	×!Ñ!Ô#ÜðØ×7Ñ7Ð8ð:ô	
ð 	×%Ñ%Õ'r   c                 ó,  — dt         › }ddi}t        st        d«      ‚	 t        j                  | j
                  ||t        ¬«      }|j                  «        |j                  «       }|j                  d«      | _
        |j                  d«      | _        |j                  d«      | _        |j                  d	«      | _        |j                  d
«      | _        y# t        j                  $ r*}t        j                  dj                   › d|› «      ‚d}~ww xY w)zm
        Initialize new Device Authorization Grant attempt by
        requesting a new device code.

        z
client_id=zcontent-typez!application/x-www-form-urlencodedúRpython3-requests is not installed and is required for obtaining device auth token.)ÚdataÚheadersÚtimeoutÚ	user_codeÚverification_uriÚintervalÚdevice_codeÚverification_uri_completezNHTTP request failed while attempting to acquire the tokens.Error returned was ú N)ÚDEVICE_AUTH_CLIENT_IDÚREQUESTS_LOADEDÚ	ExceptionÚrequestsÚpostr   r   Úraise_for_statusÚjsonÚgetÚ
_user_codeÚ_verification_uriÚ	_intervalr   r   Ú	HTTPErrorÚstatus_code)r   r   r   ÚresÚresponseÚes         r   r   z-DeviceAuthorizationClass._request_device_code9   s  € ð Ô1Ð2Ð3ˆØ!Ð#FÐGˆÝÜð @ó Að Að	-Ü—-‘-Ø×*Ñ*ØØÜ'ô	)ˆCð
 × Ñ Ô"Ø—x‘x“zˆHØ&Ÿl™l¨;Ó7ˆDŒOØ%-§\¡\Ð2DÓ%EˆDÔ"Ø%Ÿ\™\¨*Ó5ˆDŒNØ!)§¡¨mÓ!<ˆDÔØ.6¯l©lØ+ó/-ˆDÕ+øä×!Ñ!ò 	-Ü×$Ñ$ð &;à;>¿?¹?Ð:KÈ1Ø() sð&,ó -ð -ûð	-ús    B5C ÃDÃ)%DÄDc                 ó¸  — t         t        | j                  dœ}t        st	        d«      ‚| j
                  €ãt        j                  | j                  «       	 t        j                  | j                  |t        ¬«      }|j                  }|dk(  r4t        j                  d«       | j!                  |j#                  «       «       |dvrt	        ||j$                  «      ‚|dk(  r+|j#                  «       d	   d
vrt	        ||j$                  «      ‚| j
                  €Œâyy# t        j&                  j(                  $ r"}t        j+                  d|› «       Y d}~ŒId}~ww xY w)z
        Continuously poll OIDC token endpoint until the user is successfully
        authenticated or an error occurs.

        )Ú
grant_typeÚ	client_idr#   r   N©r   r   éÈ   z$The SSO authentication is successful)r:   é  r;   Úerror)Úauthorization_pendingÚ	slow_downz)Error was found while posting a request: )ÚGRANT_TYPE_DEVICE_CODEr&   r   r'   r(   r   ÚtimeÚsleepr0   r)   r*   r   r   r2   ÚloggerÚinfoÚ_set_token_datar,   ÚtextÚ
exceptionsÚRequestExceptionr<   )r   Ú
token_dataÚcheck_auth_completionr2   r5   s        r   r   z1DeviceAuthorizationClass.poll_for_auth_completionX   sD  € ô %;Ü#8Ø%)×%7Ñ%7ñ9ˆ
õ Üð @ó Að Aà× Ñ Ð(ÜJ‰Jt—~‘~Ô&ðNÜ(0¯©°d×6IÑ6IØ;EÜ>Mô)OÐ%ð 4×?Ñ?à #Ò%Ü—K‘KÐ FÔGØ×(Ñ(Ð)>×)CÑ)CÓ)EÔFØ jÑ0Ü# KÐ1F×1KÑ1KÓLÐLØ #Ò%Ø)×.Ñ.Ó0°Ñ9Ø>ñ?ä# KÐ1F×1KÑ1KÓLÐLð# × Ñ Ó(øô$ ×&Ñ&×7Ñ7ò NÜ—‘ÐHÈÈÐL×MÑMûðNús   ÁB5D ÄEÄ7EÅEc                 óœ  — |j                  d«      | _        t        j                  «       t	        |j                  d«      ¬«      z   | _        |j                  d«      | _        |j                  d«      | _        | j                  dk(  rt        j                  | _	        yt        j                  «       t	        | j                  ¬«      z   | _	        y)a@  
        Set the class attributes as per the input token_data received.
        In the future we will persist the token data in a local,
        in-memory keyring, to avoid visting the browser frequently.
        :param token_data: Token data containing access_token, refresh_token
        and their expiry etc.
        Úaccess_tokenÚ
expires_in©ÚsecondsÚrefresh_tokenÚrefresh_expires_inr   N)
r-   r   r   Úutcnowr   r   Ú_refresh_tokenÚ_refresh_expires_inÚmaxÚ_refresh_expires_at)r   rH   s     r   rD   z(DeviceAuthorizationClass._set_token_dataz   s™   € ð (Ÿ^™^¨NÓ;ˆÔÜ"*§/¡/Ó"3Ü˜jŸn™n¨\Ó:Ô;ñ#<ˆÔà(Ÿn™n¨_Ó=ˆÔØ#-§>¡>Ð2FÓ#GˆÔ Ø×#Ñ# qÒ(Ü'/§|¡|ˆDÕ$ä'/§¡Ó'8Ü $×":Ñ":Ô;ñ(<ˆDÕ$r   c                 óÊ   — | j                  «       r| j                  S | j                  «       r| j                  «        | j                  S | j	                  «        | j                  S )zt
        Get the valid access_token at any given time.
        :return: Access_token
        :rtype: string
        )Úis_access_token_validr   Úis_refresh_token_validÚ_use_refresh_token_grantr   r   s    r   Úget_access_tokenz)DeviceAuthorizationClass.get_access_token   sX   € ð ×%Ñ%Ô'Ø×%Ñ%Ð%Ø×&Ñ&Ô(Ø×)Ñ)Ô+Ø×%Ñ%Ð%Ø×#Ñ#Ô%Ø×!Ñ!Ð!r   c                 ó–   — | j                   xr< | j                  xr. | j                  t        d¬«      z
  t        j                  «       kD  S )z¢
        Check the validity of access_token. We are considering it invalid 180
        sec. prior to it's exact expiry time.
        :return: True/False

        é´   rM   )r   r   r   r   rQ   r   s    r   rW   z.DeviceAuthorizationClass.is_access_token_valid›   sF   € ð ×!Ñ!ò  d×&=Ñ&=ò Ø×#Ñ#¤i¸Ô&<Ñ<ÜO‰OÓñð	r   c                 ó–   — | j                   xr< | j                  xr. | j                  t        d¬«      z
  t        j                  «       kD  S )z¤
        Check the validity of refresh_token. We are considering it invalid
        180 sec. prior to it's exact expiry time.

        :return: True/False

        r\   rM   )rR   rU   r   r   rQ   r   s    r   rX   z/DeviceAuthorizationClass.is_refresh_token_valid¦   sF   € ð ×"Ñ"ò  t×'?Ñ'?ò Ø×$Ñ$¤y¸Ô'=Ñ=ÜO‰OÓñð	r   Nc                 ó.  — t         st        d«      ‚t        d|s| j                  n|dœ}t	        j
                  | j                  |t        ¬«      }|j                  dk(  r | j                  |j                  «       «       y|j                  dk(  r]d|j                  «       d   v rHt        j                  d	|j                  › d
|j                  «       d   › d«       | j                  «        yt        d|j                  › d|j                  «       d   › «      ‚)z·
        Fetch the new access_token and refresh_token using the existing
        refresh_token and persist it.
        :param refresh_token: optional param for refresh_token

        r   rO   )r8   r7   rO   r9   r:   r;   Úinvalidr<   zAProblem while fetching the new tokens from refresh token grant - r%   z%. New Device code will be requested !zcSomething went wrong while using the Refresh token grant for fetching tokens: Returned status code z and error N)r'   r(   r&   rR   r)   r*   r   r   r2   rD   r,   rB   Úwarningr   )r   rO   Úrefresh_token_dataÚrefresh_token_ress       r   rY   z1DeviceAuthorizationClass._use_refresh_token_grant²   s6  € õ Üð @ó Að Aä+@Ø,;á+ð 04×/BÒ/BØ1>ñ@Ðô
 %ŸM™M¨$×*=Ñ*=Ø/AÜ2AôCÐð ×(Ñ(¨CÒ/Ø× Ñ Ð!2×!7Ñ!7Ó!9Õ:à×*Ñ*¨cÒ1°iØ!×&Ñ&Ó(¨Ñ1ñ72äN‰Nð -Ø->×-JÑ-JÐ,KÈ1Ø/×4Ñ4Ó6°wÑ?Ð@ð ABðBô Cð ×'Ñ'Õ)äð)à):×)FÑ)FÐ(GØÐ/×4Ñ4Ó6°wÑ?Ð@ðBóCð Cr   r
   )Ú__name__Ú
__module__Ú__qualname__Ú__doc__r   r   r   r   rD   rZ   rW   rX   rY   © r   r   r   r      s7   „ ñò&ò(ò-ò> NòD<ò&"ò	ò
ô"Cr   r   )Úloggingr)   r'   ÚImportErrorr@   r   r   Úsos.utilitiesr   r&   r?   Ú	getLoggerrB   r   rg   r   r   ú<module>rl      sd   ðó ðÛØ€Oó ß (å )à#Ð ØGÐ à	ˆ×	Ñ	˜5Ó	!€÷xCò xCøð ò Ø‚Oðús   †? ¿A	ÁA