o RDi"B@sddlmZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z mZddlmZmZmZddlmZddlmZmZmZmZmZddlmZmZdd lmZd d l m!Z!d d l"m#Z#e rrdd l$m%Z%e&e'Z(dZ)dddZ*Gddde#Z+dS)) annotationsN) TYPE_CHECKINGAny)parse_qsurlparseurlsplitOAUTH_TYPE_AUTHORIZATION_CODE)ER_INVALID_VALUEER_OAUTH_CALLBACK_ERRORER_OAUTH_SERVER_TIMEOUTER_OAUTH_STATE_CHANGEDER_UNABLE_TO_OPEN_BROWSER)ErrorProgrammingError) TokenCache)AuthHttpServer)AuthByOAuthBase)SnowflakeConnectioni@urlstrreturndict[str, list[str]]cCstt|j}|SNrrquery)rparsedr\/var/www/Datamplify/venv/lib/python3.10/site-packages/snowflake/connector/auth/oauth_code.py_get_query_params(sr!cseZdZdZdZ       d^d_fdd Zd`dd Zdad*d+Zdbd/d0Zdcd6d7Z ddd9d:Z ded;d<Z e dfd>d?Z e dgd@dAZdhdBdCZdidFdGZdjdIdJZdkdLdMZdldOdPZdmdQdRZe dndSdTZdodVdWZdpdYdZZe dqd\d]ZZS)rAuthByOauthCodez&Authenticates user by OAuth code flow.LOCAL_APPLICATIONTNF applicationr client_id client_secretauthentication_urltoken_request_url redirect_uriscopehost pkce_enabledbool token_cacheTokenCache | Nonerefresh_token_enabledexternal_browser_timeout int | None enable_single_use_refresh_tokens connectionSnowflakeConnection | Noneuri str | NonerNonec s||||\}}|||||||\}}tjd ||||| | d|||_d|_||_||_||_t d|_ t dddd|j Dd|_| |_| rVt dd|_| |_| |_dS) N)r%r&r(r*r.r0+zchose oauth state: %scss|]}dVqdS)*Nr).0_rrr bsz+AuthByOauthCode.__init__..httpzoauth pkce is going to be usedr)_validate_oauth_code_uris*_validate_client_credentials_with_defaultssuper__init__ _application_origin_authentication_url _redirect_uri_urisecrets token_urlsafe_stateloggerdebugjoin _protocol _pkce_enabled _verifier_external_browser_timeout!_enable_single_use_refresh_tokens)selfr$r%r&r'r(r)r*r+r,r.r0r1r3r4r6kwargs __class__rr rC4sF     zAuthByOauthCode.__init__cCstSrr )rTrrr _get_oauth_type_idksz"AuthByOauthCode._get_oauth_type_idconnr authenticator service_nameaccountuserrUr(str | None, str | None)c Ks^tdt|j|jp |jd}|||}||||WdS1s(wYdS)z!Web Browser based Authentication.z1authenticating with OAuth authorization code flow)r)r6N)rLrMrrGrH_do_authorization_request_do_token_request) rTrYrZr[r\r]rUcallback_servercoderrr _request_tokensns    $zAuthByOauthCode._request_tokensdata list[str]#tuple[str, str] | tuple[None, None]cCsd}d}d}|D]}|dr|}q|dr|}q|dr!|}q|r3|r3|r3|dddkr5dS|ddd|dddfS)NzAccess-Control-Request-Method:zAccess-Control-Request-Headers:zOrigin::rPOSTNN) startswithsplitstriprN)rTrd request_line header_line origin_linelinerrr _check_post_requesteds,   z%AuthByOauthCode._check_post_requested socket_client socket.sockethostnameportintc Cs|D] }|dr nqdS||\}}|dus|durdS||||s(dS||_ddtdtdd|d d |jd d g}|d | d dS)z'Allows JS Ajax access to this endpoint.zOPTIONS FNHTTP/1.1 200 OKzDate: {}z%a, %d %b %Y %H:%M:%S GMTz'Access-Control-Allow-Methods: POST, GETzAccess-Control-Allow-Headers: zAccess-Control-Max-Age: 86400Access-Control-Allow-Origin: r: utf-8T) rjrq_validate_originrEformattimestrftimegmtimesendallrNencode) rTrdrrrtrurprequested_headersrequested_origincontentrrr _process_optionss0   z AuthByOauthCode._process_optionsrcCs^t|}|jd}|d}t|dkr|dn|jdkrdnd}|j|jko.||ko.||kS)NrgrrhttpsiP)rnetlocrklenrOscheme)rTrrtruretrhost_gotport_gotrrr r{s $z AuthByOauthCode._validate_origincCs||sdSddg}|jr%td|ji}|d|j|dnd|jd}|dt||d |||d | d dS) NrwzContent-Type: text/htmlconsentrxzVary: Accept-Encoding, Originz OAuth Response for Snowflake Your identity was confirmed and propagated to Snowflake zR. You can close this window now and go back where you started from. zContent-Length: r:ryrz) _is_request_getrEjsondumpsconsent_cache_id_tokenappendrDrrrNr)rTrdrrresponsemsgrrr _send_responses    zAuthByOauthCode._send_responsercCsdtt|jvS)Nrbr)rrrr _has_codeszAuthByOauthCode._has_codecCstdd|DS)z!Whether an HTTP request is a GET.css|]}|dVqdS)zGET N)rj)r<rprrr r>sz2AuthByOauthCode._is_request_get..)any)rdrrr rszAuthByOauthCode._is_request_getcCsd|j||jd}|jr|j|d<|jr6td|_tt |j d  dd}||d<d|d <tj|}|jd |}|S) Nrb) response_typer%r)stater*r9rz=code_challengeS256code_challenge_method?) _client_idrK_scoperPrIrJrQbase64urlsafe_b64encodehashlibsha256rdigestdecoderstripurllibparse urlencoderF)rTr)params challenge url_paramsrrrr _construct_authorization_requests(   z0AuthByOauthCode._construct_authorization_requestrarcCs||j}tdtdt|r|||n|||\}}|s0|j |t ddddS||j krP|j |t dddtddt |dt |dS|S) Nz'step 1: going to open authorization URLzInitiating login request with your identity provider. A browser window should have opened for you to complete the login. If you can't see it, check existing browser windows, or your OS settings. Press CTRL+C to abort and try again...z[Unable to open a browser in this environment and OAuth URL contained no authorization code.rbmessagerYrz#State changed during OAuth process.z%received oauth code: %s and state: %sr;)rr)rLrMprint webbrowseropen_receive_authorization_callback%_ask_authorization_callback_from_user_handle_failurerrKrr)rTrar4authorization_requestrbrrrr r_sF     z)AuthByOauthCode._do_authorization_requestrbcCsPtdd||jd}|jrd|d<|jr"|jdusJ|j|d<|||S)Nz1step 2: received OAuth callback, requesting tokenauthorization_code) grant_typerbr)truer3 code_verifier)rLrMr)rSrPrQ_get_request_token_response)rTrbrar4fieldsrrr r`9s   z!AuthByOauthCode._do_token_request http_servercCstd|j|jd\}}|dur|j|tddddSz(z||||j|js0| ||| t j Wn t y@YnwW|n|w||djdd d |S) Nz.trying to receive authorization redirected uri)timeoutzhUnable to receive the OAuth message within a given timeout. Please check the redirect URI and try again.rrrirr)maxsplitr)rLrM receive_blockrRrr rrtrurshutdownsocket SHUT_RDWROSErrorclose'_parse_authorization_redirected_requestrk)rTrr4rdsocket_connectionrrr rLs6     z/AuthByOauthCode._receive_authorization_callbackrcCsPtdtd|td}|||\}}|s$|j|tddd||fS)Nz1requesting authorization redirected url from userzWe were unable to open a browser window for you, please open the URL manually then paste the URL you are redirected to into the terminal: z0Enter the URL the OAuth flow redirected you to: zLUnable to open a browser in this environment and OAuth URL contained no coderr)rLrMrinputrrr)rTrr4received_redirected_requestrbrrrr rms*  z5AuthByOauthCode._ask_authorization_callback_from_userc Csztt|j}d|vr+|j|td|dddd|vr#d|ddnddd |d dgd|d dgdfS) NerrorzOauth callback returned an rz errorerror_descriptionz: .rrrbr)rrrrr get)rTrrYrrrr rs.$z7AuthByOauthCode._parse_authorization_redirected_requestcCs |dks||vo|dkp||vSNr:r)r'r(r+rrr _is_snowflake_as_idpsz$AuthByOauthCode._is_snowflake_as_idpauthorization_urlcCs0|dks|duo|dkp|duo|j|||Sr)rWr)rTr%r&rr(r+rrr (_eligible_for_default_client_credentialss z8AuthByOauthCode._eligible_for_default_client_credentialstuple[str, str] | NonecCs8||||||r|jj|jjfS||||||fSr)rrW%_LOCAL_APPLICATION_CLIENT_CREDENTIALS$_validate_client_credentials_present)rTr%r&rr(r+r4rrr rAs z:AuthByOauthCode._validate_client_credentials_with_defaultstuple[str, str]cCsZ|r|dst|dtdtd|r)|ds)|ds)t|dtdtd||fS)Nzhttps://z>OAuth supports only authorization urls that use 'https' scheme)rerrnozhttp://z@OAuth supports only authorization urls that use 'http(s)' scheme)rjrerrorhandler_wrapperrr )rr)r4rrr r@s.  z)AuthByOauthCode._validate_oauth_code_uris)TNFNFNN) r$rr%rr&rr'rr(rr)rr*rr+rr,r-r.r/r0r-r1r2r3r-r4r5r6r7rr8)rr)rYrrZrr[r7r\rr]rrUrrr^)rdrerrf) rdrerrrsrtrrurvrr-)rrrtrrurvrr-)rdrerrrsrr8)rrrr-)rdrerr-)r)rrr)rarr4rrr7)rbrrarr4rrr^)rrr4rrr^)rrr4rrr^)rrrYrrr^)r'rr(rr+rrr-) r%rr&rrrr(rr+rrr-)r%rr&rrrr(rr+rr4rrr)rrr)rr4rrr)__name__ __module__ __qualname____doc__rrCrXrcrqrr{r staticmethodrrrr_r`rrrrrrAr@ __classcell__rrrVr r"/sB  7    !      3  !    r")rrrr), __future__rrrrloggingrIrr} urllib.parserrtypingrrcompatrrr constantsr errorcoder r r rrerrorsrrr.r _http_serverr _oauth_baserr:r getLoggerrrLBUF_SIZEr!r"rrrr s0