�

([Qh,!���dd
lZ	dd
l
Z
dZdd
lZddlmZmZmZ
ddlm	Z	
dZ
dZejd�
Z
Gd	�d
�Zy
#e$r
dZY�>wxYw
)�NTF)�datetime�	timedelta�timezone)
�TIMEOUT_DEFAULTz	sos-toolsz,urn:ietf:params:oauth:grant-type:device_code�sosc�H�eZ
dZd
Zd�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d	�Zdd�
Zy
)
�DeviceAuthorizationClassz$
    Device Authorization Class
    c�j�d|_d|_
d|_|
|_||_|j�
y�
N)�
_access_token�_access_expires_at�&_DeviceAuthorizationClass__device_code�client_identifier_url�token_endpoint�_use_device_code_grant)�selfrrs   �</usr/lib/python3/dist-packages/sos/policies/auth/__init__.py�__init__z!DeviceAuthorizationClass.__init__!s6��!���"&���!���%:��"�,����#�#�%�c
�t�|j
�
td
|j���

|j�
y)zv
        Start the device auth flow. In the future we will
        store the tokens in an in-memory keyring.

        z<Please visit the following URL to authenticate this device: N)�_request_device_code�print�_verification_uri_complete�poll_for_auth_completion�
rs
 rrz/DeviceAuthorizationClass._use_device_code_grant+s<��	
�!�!�#�
�

��7�7�8�

:�	
�	
�%�%�'rc
�,�d
t��}
ddi
}tstd�
�
	tj|j
|
|t��}|j�
|j�}|jd�
|_
|jd�
|_|jd�
|_|jd	�
|_
|jd
�
|_y
#tj$r*}tjdj �d|���
�
d
}~w
wxYw
)zm
        Initialize new Device Authorization Grant attempt by
        requesting a new device code.

        z
client_id=zcontent-typez!application/x-www-form-urlencoded�Rpython3-requests is not installed and is required for obtaining device auth token.)�data�headers�timeout�	user_code�verification_uri�interval�device_code�verification_uri_completezNHTTP request failed while attempting to acquire the tokens.Error returned was �
 N)�DEVICE_AUTH_CLIENT_ID�REQUESTS_LOADED�	Exception�requests�postrr�raise_for_status�json�get�
_user_code�_verification_uri�	_intervalrr�	HTTPError�status_code)rrr�res�response�
es      rrz-DeviceAuthorizationClass._request_device_code9s
���1�2�3��!�#F�G����
@
�
A
�

A
�	-��-�-��*�*���'�	)�C�

� � �"��x�x�z�H�&�l�l�;�7�D�O�%-�\�\�2D�%E�D�"�%�\�\�*�5�D�N�!)���m�!<�D��.6�l�l�+�
/-�D�+���!�!�	-��$�$�&;�;>�?�?�:K�1�()�s�&,�-�
-��	-�s�B5C�D�)%D�Dc
��tt|jd
�}
tst	d�
�
|j
��t
j|j�

	tj|j|
t��}|j}|dk(r4tjd�

|j!|j#��

|dv
rt	||j$��
|dk(r+|j#�d	d
v
rt	||j$��
|j
�
��yy#tj&j($r"}tj+d|���

Yd}~�Id}~w
wxYw
)z�
        Continuously poll OIDC token endpoint until the user is successfully
        authenticated or an error occurs.

        )�
grant_type�	client_idr$rN�rr ��z$The SSO authentication is successful)r;�
r<�error)�authorization_pending�	slow_downz)Error was found while posting a request: )�GRANT_TYPE_DEVICE_CODEr'rr(r)r�time�sleepr1r*r+rrr3�logger�info�_set_token_datar-�text�
exceptions�RequestExceptionr=)r�
token_data�check_auth_completionr3r6s     rrz1DeviceAuthorizationClass.poll_for_auth_completionXsD
��%;�#8�%)�%7�%7�9�
���
@
�
A
�

A
�� � �(��J�J�t�~�~�&�
N
�(0�
�
�d�6I�6I�;E�>M�)O
�%�4�?�?���#�%��K�K� F�G��(�(�)>�)C�)C�)E�F��j�0�#�K�1F�1K�1K�L�L��#�%�)�.�.�0��9�>�
?�#�K�1F�1K�1K�L�L�#� � �(��$�&�&�7�7�

N
����H���L�M�M��

N
�s�B5D�E�7E�Ec��
�|
j
d
�
|_
tjtj
�
t
|
j
d�
��
z|_|
j
d�
|_|
j
d�
|_	|jdk(rtj|_ytjtj
�
t
|j��
z|_y)a@

        Set the class attributes as per the input token_data received.
        In the future we will persist the token data in a local,
        in-memory keyring, to avoid visting the browser frequently.
        :param token_data: Token data containing access_token, refresh_token
        and their expiry etc.
        �access_token�
expires_in�
�seconds�
refresh_token�refresh_expires_inrN)r.rr�nowr�utcrr
�_refresh_token�_refresh_expires_in�max�_refresh_expires_at)rrIs  rrEz(DeviceAuthorizationClass._set_token_datazs���(�^�^�N�;���"*�,�,�x�|�|�"<��j�n�n�\�:�;�
#<���(�n�n�_�=���#-�>�>�2F�#G�� ��#�#�q�(�'/�|�|�D�$�'/�|�|�H�L�L�'A��$�":�":�;�
(<�D�$rc
���|j
�r|jS|j�r|j�
|jS|j	�
|jS)
zt
        Get the valid access_token at any given time.
        :return: Access_token
        :rtype: string
        )�is_access_token_validr�is_refresh_token_valid�_use_refresh_token_grantrrs
 r�get_access_tokenz)DeviceAuthorizationClass.get_access_token�sX���%�%�'��%�%�%��&�&�(��)�)�+��%�%�%��#�#�%��!�!�!rc
��|jx
rK
|jx
r=
|jtd
��
z
tjt
j�
kDS)z�
        Check the validity of access_token. We are considering it invalid 180
        sec. prior to it's exact expiry time.
        :return: True/False

        �rN)rr
rrrRrrSrs
 rrYz.DeviceAuthorizationClass.is_access_token_valid�sL���!�!�'�d�&=�&=�'��#�#�i��&<�<��L�L����&�

'�	'rc
��|jx
rK
|jx
r=
|jtd
��
z
tjt
j�
kDS)z�
        Check the validity of refresh_token. We are considering it invalid
        180 sec. prior to it's exact expiry time.

        :return: True/False

        r^rN)rTrWrrrRrrSrs
 rrZz/DeviceAuthorizationClass.is_refresh_token_valid�sL���"�"�'�t�'?�'?�'��$�$�y��'=�=��L�L����&�

'�	'rNc�.�tstd
�
�
td|
s|jn
|
d�}t	j
|j|t��}|jdk(r |j|j��

y|jdk(r]d|j�dvrHtjd	|j�d
|j�d�d��

|j�
ytd|j�d
|j�d���
�
)z�
        Fetch the new access_token and refresh_token using the existing
        refresh_token and persist it.
        :param refresh_token: optional param for refresh_token

        rrP)r9r8rPr:r;r<�invalidr=zAProblem while fetching the new tokens from refresh token grant - r&z%. New Device code will be requested !zcSomething went wrong while using the Refresh token grant for fetching tokens: Returned status code z and error N)r(r)r'rTr*r+rrr3rEr-rC�warningr)rrP�refresh_token_data�refresh_token_ress    rr[z1DeviceAuthorizationClass._use_refresh_token_grant�s6
����
@
�
A
�

A
�+@�,;�+�04�/B�/B�1>�@
��
%�M�M�$�*=�*=�/A�2A�C
���(�(�C�/�� � �!2�!7�!7�!9�:�
�
*�
*�c�
1�i�!�&�&�(��1�
72��N�N�
-�->�-J�-J�,K�1�/�4�4�6�w�?�@�
A
B
�B
�
C
�
�'�'�)��)�):�)F�)F�(G��/�4�4�6�w�?�@�B
�C
�
C
rr)
�__name__�
__module__�__qualname__�__doc__rrrrrEr\rYrZr[�rrr	r	s7���&�(�-�> N
�D
<�&"�	'�
'�"C
rr	)�loggingr*r(�ImportErrorrArrr�
sos.utilitiesrr'r@�	getLoggerrCr	rirr�<module>rn
sg�


�
�
���O�
�2�2�)�#��G��	��	�	�5�	!��x
C
�x
C
���

��O�

�s�A
�
A�

A