�

-�_g� ���dd
lZ	dd
l
Z
dZdd
lZddlmZmZ
ddlmZ
dZ	dZ
ejd�
ZGd	�d
�Z
y
#e$r
dZY�<wxYw
)�NTF)�datetime�	timedelta)
�TIMEOUT_DEFAULTz	sos-toolsz,urn:ietf:params:oauth:grant-type:device_code�sosc�H�eZ
dZd
Zd�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d	�Zdd�
Zy
)
�DeviceAuthorizationClassz$
    Device Authorization Class
    c�j�d|_d|_
d|_|
|_||_|j�
y�
N)�
_access_token�_access_expires_at�&_DeviceAuthorizationClass__device_code�client_identifier_url�token_endpoint�_use_device_code_grant)�selfrrs   �</usr/lib/python3/dist-packages/sos/policies/auth/__init__.py�__init__z!DeviceAuthorizationClass.__init__!s6��!���"&���!���%:��"�,����#�#�%�c
�t�|j
�
td
|j���

|j�
y)zv
        Start the device auth flow. In the future we will
        store the tokens in an in-memory keyring.

        z<Please visit the following URL to authenticate this device: N)�_request_device_code�print�_verification_uri_complete�poll_for_auth_completion�
rs
 rrz/DeviceAuthorizationClass._use_device_code_grant+s<��	
�!�!�#�
�

��7�7�8�

:�	
�	
�%�%�'rc
�,�d
t��}
ddi
}tstd�
�
	tj|j
|
|t��}|j�
|j�}|jd�
|_
|jd�
|_|jd�
|_|jd	�
|_
|jd
�
|_y
#tj$r*}tjdj �d|���
�
d
}~w
wxYw
)zm
        Initialize new Device Authorization Grant attempt by
        requesting a new device code.

        z
client_id=zcontent-typez!application/x-www-form-urlencoded�Rpython3-requests is not installed and is required for obtaining device auth token.)�data�headers�timeout�	user_code�verification_uri�interval�device_code�verification_uri_completezNHTTP request failed while attempting to acquire the tokens.Error returned was �
 N)�DEVICE_AUTH_CLIENT_ID�REQUESTS_LOADED�	Exception�requests�postrr�raise_for_status�json�get�
_user_code�_verification_uri�	_intervalr
r�	HTTPError�status_code)rrr�res�response�
es      rrz-DeviceAuthorizationClass._request_device_code9s
���1�2�3��!�#F�G����
@
�
A
�

A
�	-��-�-��*�*���'�	)�C�

� � �"��x�x�z�H�&�l�l�;�7�D�O�%-�\�\�2D�%E�D�"�%�\�\�*�5�D�N�!)���m�!<�D��.6�l�l�+�
/-�D�+���!�!�	-��$�$�&;�;>�?�?�:K�1�()�s�&,�-�
-��	-�s�B5C�D�)%D�Dc
��tt|jd
�}
tst	d�
�
|j
��t
j|j�

	tj|j|
t��}|j}|dk(r4tjd�

|j!|j#��

|dv
rt	||j$��
|dk(r+|j#�d	d
v
rt	||j$��
|j
�
��yy#tj&j($r"}tj+d|���

Yd}~�Id}~w
wxYw
)z�
        Continuously poll OIDC token endpoint until the user is successfully
        authenticated or an error occurs.

        )�
grant_type�	client_idr#rN�rr��z$The SSO authentication is successful)r:�
r;�error)�authorization_pending�	slow_downz)Error was found while posting a request: )�GRANT_TYPE_DEVICE_CODEr&r
r'r(r�time�sleepr0r)r*rrr2�logger�info�_set_token_datar,�text�
exceptions�RequestExceptionr<)r�
token_data�check_auth_completionr2r5s     rrz1DeviceAuthorizationClass.poll_for_auth_completionXsD
��%;�#8�%)�%7�%7�9�
���
@
�
A
�

A
�� � �(��J�J�t�~�~�&�
N
�(0�
�
�d�6I�6I�;E�>M�)O
�%�4�?�?���#�%��K�K� F�G��(�(�)>�)C�)C�)E�F��j�0�#�K�1F�1K�1K�L�L��#�%�)�.�.�0��9�>�
?�#�K�1F�1K�1K�L�L�#� � �(��$�&�&�7�7�

N
����H���L�M�M��

N
�s�B5D�E�7E�Ec�
�|
j
d
�
|_
tj�t	|
j
d�
��
z|_|
j
d�
|_|
j
d�
|_|jdk(rtj|_	ytj�t	|j��
z|_	y)a@

        Set the class attributes as per the input token_data received.
        In the future we will persist the token data in a local,
        in-memory keyring, to avoid visting the browser frequently.
        :param token_data: Token data containing access_token, refresh_token
        and their expiry etc.
        �access_token�
expires_in�
�seconds�
refresh_token�refresh_expires_inrN)
r-rr�utcnowrr�_refresh_token�_refresh_expires_in�max�_refresh_expires_at)rrHs  rrDz(DeviceAuthorizationClass._set_token_datazs���(�^�^�N�;���"*�/�/�"3��j�n�n�\�:�;�
#<���(�n�n�_�=���#-�>�>�2F�#G�� ��#�#�q�(�'/�|�|�D�$�'/���'8��$�":�":�;�
(<�D�$rc
���|j
�r|jS|j�r|j�
|jS|j	�
|jS)
zt
        Get the valid access_token at any given time.
        :return: Access_token
        :rtype: string
        )�is_access_token_validr�is_refresh_token_valid�_use_refresh_token_grantrrs
 r�get_access_tokenz)DeviceAuthorizationClass.get_access_token�sX���%�%�'��%�%�%��&�&�(��)�)�+��%�%�%��#�#�%��!�!�!rc
��|jx
r<
|jx
r.
|jtd
��
z
tj�kDS)z�
        Check the validity of access_token. We are considering it invalid 180
        sec. prior to it's exact expiry time.
        :return: True/False

        �rM)rrrrrQrs
 rrWz.DeviceAuthorizationClass.is_access_token_valid�sF���!�!��d�&=�&=���#�#�i��&<�<��O�O��

�	rc
��|jx
r<
|jx
r.
|jtd
��
z
tj�kDS)z�
        Check the validity of refresh_token. We are considering it invalid
        180 sec. prior to it's exact expiry time.

        :return: True/False

        r\rM)rRrUrrrQrs
 rrXz/DeviceAuthorizationClass.is_refresh_token_valid�sF���"�"��t�'?�'?���$�$�y��'=�=��O�O��

�	rNc�.�tstd
�
�
td|
s|jn
|
d�}t	j
|j|t��}|jdk(r |j|j��

y|jdk(r]d|j�dvrHtjd	|j�d
|j�d�d��

|j�
ytd|j�d
|j�d���
�
)z�
        Fetch the new access_token and refresh_token using the existing
        refresh_token and persist it.
        :param refresh_token: optional param for refresh_token

        rrO)r8r7rOr9r:r;�invalidr<zAProblem while fetching the new tokens from refresh token grant - r%z%. New Device code will be requested !zcSomething went wrong while using the Refresh token grant for fetching tokens: Returned status code z and error N)r'r(r&rRr)r*rrr2rDr,rB�warningr)rrO�refresh_token_data�refresh_token_ress    rrYz1DeviceAuthorizationClass._use_refresh_token_grant�s6
����
@
�
A
�

A
�+@�,;�+�04�/B�/B�1>�@
��
%�M�M�$�*=�*=�/A�2A�C
���(�(�C�/�� � �!2�!7�!7�!9�:�
�
*�
*�c�
1�i�!�&�&�(��1�
72��N�N�
-�->�-J�-J�,K�1�/�4�4�6�w�?�@�
A
B
�B
�
C
�
�'�'�)��)�):�)F�)F�(G��/�4�4�6�w�?�@�B
�C
�
C
rr
)
�__name__�
__module__�__qualname__�__doc__rrrrrDrZrWrXrY�rrrrs7���&�(�-�> N
�D
<�&"�	�
�"C
rr)�loggingr)r'�ImportErrorr@rr�
sos.utilitiesrr&r?�	getLoggerrBrrgrr�<module>rl
sd�


�
�
���O�
�(�)�#��G��	��	�	�5�	!��x
C
�x
C
���

��O�

�s�?�A	�
A