o RDiG@s6ddlmZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ddl mZmZddlmZmZmZmZmZddlmZmZmZmZddlmZmZmZmZdd l m!Z!dd l"m#Z#m$Z$m%Z%dd l&m'Z'd d l(m)Z)d dl*m+Z+m,Z,erddl(m-Z-e.e/Z0dZ1Gddde+Z2dS)) annotationsN) ModuleType) TYPE_CHECKINGAny) IS_WINDOWSparse_qs urlencodeurlparseurlsplit)HTTP_HEADER_ACCEPTHTTP_HEADER_CONTENT_TYPEHTTP_HEADER_SERVICE_NAMEHTTP_HEADER_USER_AGENT)ER_IDP_CONNECTION_ERRORER_INVALID_VALUEER_NO_HOSTNAME_FOUNDER_UNABLE_TO_OPEN_BROWSER)OperationalError)CONTENT_TYPE_APPLICATION_JSONEXTERNAL_BROWSER_AUTHENTICATORPYTHON_CONNECTOR_USER_AGENT) is_valid_url)Auth) AuthByPluginAuthType)SnowflakeConnectioni@cseZdZdZ     dIdJfdd ZdKddZedLddZedMddZdNddZ dOd$d%Z dPd'd(Z dQd)d*Z dRd0d1Z dSd3d4ZdTd5d6ZdUd8d9ZdVd;d<ZdWd=d>ZdXd?d@ZdYdAdBZdZdEdFZd[dGdHZZS)\AuthByWebBrowserzKAuthenticates user by web browser. Only used for SAML based authentication.N applicationstrwebbrowser_pkgModuleType | None socket_pkgtype[socket.socket] | Noneprotocol str | NonehostportreturnNonec sltjdi|d|_d|_||_d|_|durtn||_|dur%tjn||_ ||_ ||_ ||_ d|_ dS)NT)super__init__consent_cache_id_token_token _application _proof_key webbrowser _webbrowsersocket_socket _protocol_host_port_origin)selfrr!r#r%r'r(kwargs __class__r+\/var/www/Datamplify/venv/lib/python3.10/site-packages/snowflake/connector/auth/webbrowser.pyr-6s  zAuthByWebBrowser.__init__cCs d|_dSNr/r:r+r+r> reset_secretsPs zAuthByWebBrowser.reset_secretsrcCstjSr?)rEXTERNAL_BROWSERrAr+r+r>type_SszAuthByWebBrowser.type_cCs|jS)zReturns the token.r@rAr+r+r>assertion_contentWsz"AuthByWebBrowser.assertion_contentbodydict[Any, Any]cCs,t|dd<|j|dd<|j|dd<dS)zUsed by Auth to update the request that gets sent to /v1/login-request. Args: body: existing request dictionary data AUTHENTICATORTOKEN PROOF_KEYN)rr/r1)r:rFr+r+r> update_body\s zAuthByWebBrowser.update_bodyconnr authenticator service_nameaccountuserr;rc Ks(td|tjtj}tdddkr(t rt dn | tj tj dztdd}z||ttd d fWn#tjya} z| jd tjkr[t|d |d td | d} ~ ww|d |d} |jrtd|||||| |} n td||| |} tdt| s|j|td| dddW|dStdtdtd| d|j | } | rtd| stdddkrtd|!||n)tdt"d} |#| |j$s|j|t%dddW|dSW|dSW|dS|w) z!Web Browser based Authentication.zauthenticating by Web Browser SNOWFLAKE_AUTH_SOCKET_REUSE_PORTFalsetruezUConfiguration SNOWFLAKE_AUTH_SOCKET_REUSE_PORT is not available in Windows. Ignoring.rSF_AUTH_SOCKET_ADDR localhostSF_AUTH_SOCKET_PORTrz% is not found. Ensure /etc/hosts has z entry.)msgerrnoNz"step 1: query GS to obtain SSO urlz&step 1: constructing console login urlzValidate SSO URLzThe SSO URL provided z is invalidcodemessagerMretz\Initiating login request with your identity provider. Press CTRL+C to abort and try again...zstep 2: open a browserzGoing to open: z to authenticate...zA browser window should have opened for you to complete the login. If you can't see it, check existing browser windows, or your OS settings.SNOWFLAKE_AUTH_FORCE_SERVERzstep 3: accept SAML tokenzWe were unable to open a browser window for you, please open the url above manually then paste the URL you are redirected to into the terminal.z-Enter the URL the SSO URL redirected you to: zKUnable to open a browser in this environment and SSO URL contained no token)&loggerdebugr5r4AF_INET SOCK_STREAMosgetenvlowerrwarning setsockopt SOL_SOCKET SO_REUSEPORTbindintgaierrorargs EAI_NONAMErrlisten getsockname_disable_console_login _get_sso_url_get_console_login_urlr_handle_failurercloseprintr3open_new_receive_saml_tokeninput_process_get_urlr/r)r:rMrNrOrPrQr;socket_connectionhostnameex callback_portsso_urlbrowser_openedurlr+r+r>preparefs         -      zAuthByWebBrowser.preparedict[str, bool]cKs||ddiS)NsuccessT)authenticate_with_retry)r:rMr;r+r+r>reauthenticates zAuthByWebBrowser.reauthenticatec Cs zd}t}d}d}tdddk}tr |rtdd }t|dkr||kr|d 7}t|ggg\}} } |ddur| \}} z|rUt d | t t j}n| t }Wn(tyt d ||kr|d } t d| dt| nt dYnwt|dkr||ks*|dd} || |s||| |W|t j|dSW|t j|n |t j|wq)z%Receives SAML token from web browser.TrN"SNOWFLAKE_AUTH_SOCKET_MSG_DONTWAITfalserTzWConfiguration SNOWFLAKE_AUTH_SOCKET_MSG_DONTWAIT is not available in Windows. Ignoring.FrzcCalling socket_client.recv with MSG_DONTWAIT flag due to SNOWFLAKE_AUTH_SOCKET_MSG_DONTWAIT env varz[BlockingIOError raised from socket.recv while attempting to retrieve callback token requestg?zWaiting z seconds before trying againzExceeded retry countutf-8 ) bytearrayrdrerfrr`rglenselectacceptrarecvBUF_SIZEr4 MSG_DONTWAITBlockingIOErrortimesleepdecodesplit_process_options_process_receive_saml_tokenshutdown SHUT_RDWRrv)r:rMr|attemptsraw_data socket_client max_attempts msg_dont_wait read_sockets_write_sockets_exception_sockets_ sleep_timerHr+r+r>rysv       %      z$AuthByWebBrowser._receive_saml_tokenrH list[str]r socket.socketboolcCs|D] }|dr nqdS||||\}}|sdS||s%dS||_ddtdtdd|dd |jd d g}| d | d d S)z'Allows JS Ajax access to this endpoint.zOPTIONS FHTTP/1.1 200 OKzDate: {}z%a, %d %b %Y %H:%M:%S GMTz'Access-Control-Allow-Methods: POST, GETzAccess-Control-Allow-Headers: zAccess-Control-Max-Age: 86400Access-Control-Allow-Origin: rrT) startswith_get_user_agent_check_post_requested_validate_originr9formatrstrftimegmtimesendalljoinencode)r:rHrlinerequested_headersrequested_origincontentr+r+r>r"s2     z!AuthByWebBrowser._process_optionsrcCsbt|}|jd}|d}t|dkr|dn|jdkrdnd}|j|jko0||jko0||jkS)N:rrhttpsiP)r netlocrrr6schemer7r8)r:rr^rhost_gotport_gotr+r+r>rCs $ z!AuthByWebBrowser._validate_origincCs||s |||s dSddg}|jr-d|ji}t|}|d|j|dnd|jd}|dt||d ||| d | d dS) NrzContent-Type: text/htmlconsentrzVary: Accept-Encoding, Originz SAML Response for Snowflake Your identity was confirmed and propagated to Snowflake zR. You can close this window now and go back where you started from. zContent-Length: rrr) _process_get _process_postr9r.jsondumpsappendr0rrrr)r:rMrHrrrXr+r+r>rQs"     z,AuthByWebBrowser._process_receive_saml_tokentuple[str | None, str | None]cCsd}d}d}|D]}|dr|}q|dr|}q|dr!|}q|r3|r3|r3|dddkr5dS|ddd|dddfS)NzAccess-Control-Request-Method:zAccess-Control-Request-Headers:zOrigin:rrPOST)NN)rrstripr)r:rH request_line header_line origin_linerr+r+r>ros,   z&AuthByWebBrowser._check_post_requestedrcCs8tt|j}d|vs|ddsdS|dd|_dS)Ntokenr)rr queryr/)r:rparsedr+r+r>r{sz!AuthByWebBrowser._process_get_urlcCsF|D] }|dr |}nqdS|||\}}}||dS)NzGET FT)rrrr{)r:rHr target_linerrr+r+r>rs   zAuthByWebBrowser._process_getcCs|D] }|dr n q|j|tddddS||zt|d}|d|_|dd |_Wd St yIt |ddd |_Yd Sw) NzPOST zLInvalid HTTP request from web browser. Idp authentication could have failed.rZr]FrrTr) rrurrrloadsgetr/r. Exceptionr)r:rMrHrpayloadr+r+r>rs*    zAuthByWebBrowser._process_postcCs6|D]}|drt|dSqtddS)Nz user-agentz No User-Agent)rfrr`ra)r:rHrr+r+r>rs  z AuthByWebBrowser._get_user_agentrrlc Cstttttti}|r||t<d}tj|||j|j |j | |j |j |j|j|j|jjjddd } || dd<t|| dd<td||||jj||t| |jjj |jjj d } | d sf|j|| d | d} | d } | d |_| S)zGets SSO URL from Snowflake.z/session/authenticator-requestF) use_pooling)session_managerrHrIBROWSER_MODE_REDIRECT_PORTz%account=%s, authenticator=%s, user=%s)timeoutsocket_timeoutrr]ssoUrlproofKey)r rr rrrrbase_auth_datar_internal_application_name_internal_application_version _ocsp_modecert_revocation_check_mode login_timeoutnetwork_timeoutr"platform_detection_timeout_secondsrestrcloner r`ra_rest _post_requestrr _connectionrur1) r:rMrNrOrPrrQheadersrrFr^rHrr+r+r>rssN   zAuthByWebBrowser._get_sso_urlcCsJttdd|_|jjdt|||jd}t d||S)N asciiz/console/login?) login_namebrowser_mode_redirect_port proof_keyzConsole Log In URL: ) base64 b64encodesecrets token_bytesrr1r server_urlr r`ra)r:rMr(rQrr+r+r>rts z'AuthByWebBrowser._get_console_login_url)NNNNN)rr r!r"r#r$r%r&r'r&r(r&r)r*)r)r*)r)r)r)r )rFrGr)r*)rMrrNr rOr&rPr rQr r;rr)r*)rMrr;rr)r)rMrr)r*)rHrrrr)r)rr r)r)rMrrHrrrr)r*)rHrr)r)rr r)r*)rHrr)r)rMrrHrr)r)rHrr)r*)rMrrNr rOr&rPr rrlrQr r)r )rMrr(rlrQr r)r )__name__ __module__ __qualname____doc__r-rBpropertyrDrErLrrryrrrrr{rrrrsrt __classcell__r+r+r<r>r3s6     n E !      5r)3 __future__rrrloggingrdrrr4rr2typesrtypingrrcompatrrr r r constantsr r rr errorcoderrrrerrorsrnetworkrrrurl_utilrrr by_pluginrrr getLoggerrr`rrr+r+r+r>s2