|
Server : LiteSpeed System : Linux server51.dnsbootclub.com 4.18.0-553.62.1.lve.el8.x86_64 #1 SMP Mon Jul 21 17:50:35 UTC 2025 x86_64 User : nandedex ( 1060) PHP Version : 8.1.33 Disable Function : NONE Directory : /opt/cppython/lib/python3.8/site-packages/google/oauth2/__pycache__/ |
U
����O��g-2����������������������@���s����d�Z�ddlZddlmZ�ddlmZ�ddlmZ�ddlmZ�dZdZ d Z
d
Z
d
Z
d
Z
d
ZdZdZdd��Zd dd�Zdd��Zdd��Zdd��Zd dd�Zd!d
d
�ZdS�)"a���A module that provides functions for handling rapt authentication.
Reauth is a process of obtaining additional authentication (such as password,
security token, etc.) while refreshing OAuth 2.0 credentials for a user.
Credentials that use the Reauth flow must have the reauth scope,
``https://www.googleapis.com/auth/accounts.reauth``.
This module provides a high-level function for executing the Reauth process,
:func:`refresh_grant`, and lower-level helpers for doing the individual
steps of the reauth process.
Those steps are:
1. Obtaining a list of challenges from the reauth server.
2. Running through each challenge and sending the result back to the reauth
server.
3. Refreshing the access token using the returned rapt token.
�����N)�
exceptions)�metrics)�_client)�
challengesz/https://www.googleapis.com/auth/accounts.reauthz)https://reauth.googleapis.com/v2/sessionsZ
invalid_grantZ
invalid_raptZ
rapt_requiredZ
AUTHENTICATEDZCHALLENGE_REQUIREDZCHALLENGE_PENDING����c�������������������C���s
���t�j���S�)a���Check if we are in an interractive environment.
Override this function with a different logic if you are using this library
outside a CLI.
If the rapt token needs refreshing, the user needs to answer the challenges.
If the user is not in an interractive environment, the challenges can not
be answered and we just wait for timeout for no reason.
Returns:
bool: True if is interactive environment, False otherwise.
)�sys�stdin�isatty��r
���r
����A/opt/cppython/lib/python3.8/site-packages/google/oauth2/reauth.py�is_interactive<���s����r
���c�����������������C���s<���d|i}|r||d<�t�jt����i}tj|�td�||d|d�S�)a���Does initial request to reauth API to get the challenges.
Args:
request (google.auth.transport.Request): A callable used to make
HTTP requests.
supported_challenge_types (Sequence[str]): list of challenge names
supported by the manager.
access_token (str): Access token with reauth scopes.
requested_scopes (Optional(Sequence[str])): Authorized scopes for the credentials.
Returns:
dict: The response from the reauth API.
ZsupportedChallengeTypesZ oauthScopesForDomainPolicyLookupz:startT��
access_tokenZuse_json�headers)r����API_CLIENT_HEADERZ
reauth_startr����_token_endpoint_request�
_REAUTH_API)�requestZsupported_challenge_typesr����requested_scopes�body�metrics_headerr
���r
���r
����_get_challengesM���s�����r���c�����������������C���s<���||d|d�}t�jt����i}tj|�td�|��||d|d�S�)aY��Attempt to refresh access token by sending next challenge result.
Args:
request (google.auth.transport.Request): A callable used to make
HTTP requests.
session_id (str): session id returned by the initial reauth call.
challenge_id (str): challenge id returned by the initial reauth call.
client_input: dict with a challenge-specific client input. For example:
``{'credential': password}`` for password challenge.
access_token (str): Access token with reauth scopes.
Returns:
dict: The response from the reauth API.
ZRESPOND)� sessionId�
challengeId�actionZproposalResponsez
/{}:continueTr
���)r���r���Zreauth_continuer���r���r����format)r���Z
session_idZ
challenge_id�
client_inputr���r���r���r
���r
���r
����_send_challenge_resultl���s
�����
�r
���c��������������
���C���s����|�d�D�]�}|d�dkrqt�j�|d�d�}|sVt�d�|d�d�tt�j��������|j spt�d�|d����|�
|�}|s��dS�t
||�d �|d
�||���S�dS�)
ag��Get the next challenge from msg and run it.
Args:
msg (dict): Reauth API response body (either from the initial request to
https://reauth.googleapis.com/v2/sessions:start or from sending the
previous challenge response to
https://reauth.googleapis.com/v2/sessions/id:continue)
request (google.auth.transport.Request): A callable used to make
HTTP requests.
access_token (str): reauth access token
Returns:
dict: The response from the reauth API.
Raises:
google.auth.exceptions.ReauthError: if reauth failed.
r����statusZREADYZ
challengeTypeNz4Unsupported challenge type {0}. Supported types: {1}�,z%Challenge {0} is not locally eligibler���r���)
r����AVAILABLE_CHALLENGES�getr����ReauthFailErrorr����join�list�keysZis_locally_eligibleZobtain_challenge_inputr
���)�msgr���r���� challenge�cr
���r
���r
���r
����_run_next_challenge����s8����
����
�r)���c�����������������C���s����t�|�ttj����||�}|d�tkr,|d�S�tdt�D�]r}|d�tksf|d�t ksft
�
d�
|d����t
��svt
�
d��t||�|�}|s�t
�
d��|d�tkr6|d���S�q6t
�
d��dS�)a���Given an http request method and reauth access token, get rapt token.
Args:
request (google.auth.transport.Request): A callable used to make
HTTP requests.
access_token (str): reauth access token
requested_scopes (Sequence[str]): scopes required by the client application
Returns:
str: The rapt token.
Raises:
google.auth.exceptions.ReauthError: if reauth failed
r
���ZencodedProofOfReauthTokenr���z6Reauthentication challenge failed due to API error: {}z_Reauthentication challenge could not be answered because you are not in an interactive session.z
Failed to obtain rapt token.N)r���r$���r���r ���r%����_AUTHENTICATED�range�RUN_CHALLENGE_RETRY_LIMIT�_CHALLENGE_REQUIRED�_CHALLENGE_PENDINGr���r"���r���r
���r)���)r���r���r���r&����_r
���r
���r
����
_obtain_rapt����s8����
�
�
����
r0���c����������� ������C���sJ���t�j�d��tj|�||||tgd�\}}}}t|�||d�}t�j�d��|S�)a{��Given an http request method and refresh_token, get rapt token.
Args:
request (google.auth.transport.Request): A callable used to make
HTTP requests.
client_id (str): client id to get access token for reauth scope.
client_secret (str): client secret for the client_id
refresh_token (str): refresh token to refresh access token
token_uri (str): uri to refresh access token
scopes (Optional(Sequence[str])): scopes required by the client application
Returns:
str: The rapt token.
Raises:
google.auth.exceptions.RefreshError: If reauth failed.
zReauthentication required.
)r���� client_id�
client_secret�
refresh_token� token_uri�scopes)r���z
Reauthentication successful.
)r����stderr�writer����
refresh_grant�
_REAUTH_SCOPEr0���) r���r1���r2���r3���r4���r5���r���r/����
rapt_tokenr
���r
���r
����get_rapt_token����s����
�
r;���Fc�����������
������C���s��t�j|||d�}|r"d�|�|d<�|r.||d<�tjt���i} t�j|�||| d�\}
}
}
|
spt|
t�rpt j
|
dd��|
s�|
�
d�t
kr�|
�
d �t
ks�|
�
d �tkr�|s�t �
d
��t|�|||||d
�}||d<�t�j|�||| d�\}
}
}
|
s�t��|
|
��t��|
|�|f�S�)
aU��Implements the reauthentication flow.
Args:
request (google.auth.transport.Request): A callable used to make
HTTP requests.
token_uri (str): The OAuth 2.0 authorizations server's token endpoint
URI.
refresh_token (str): The refresh token to use to get a new access
token.
client_id (str): The OAuth 2.0 application's client ID.
client_secret (str): The Oauth 2.0 appliaction's client secret.
scopes (Optional(Sequence[str])): Scopes to request. If present, all
scopes must be authorized for the refresh token. Useful if refresh
token has a wild card scope (e.g.
'https://www.googleapis.com/auth/any-api').
rapt_token (Optional(str)): The rapt token for reauth.
enable_reauth_refresh (Optional[bool]): Whether reauth refresh flow
should be used. The default value is False. This option is for
gcloud only, other users should use the default value.
Returns:
Tuple[str, Optional[str], Optional[datetime], Mapping[str, str], str]: The
access token, new refresh token, expiration, the additional data
returned by the token endpoint, and the rapt token.
Raises:
google.auth.exceptions.RefreshError: If the token endpoint returned
an error.
)Z
grant_typer1���r2���r3���� �scopeZrapt)r���F)Z retryable�errorZ
error_subtypezaReauthentication is needed. Please run `gcloud auth application-default login` to reauthenticate.)r5���)r���Z_REFRESH_GRANT_TYPEr#���r���r���Ztoken_request_userZ _token_endpoint_request_no_throw�
isinstance�strr���Z
RefreshErrorr!����_REAUTH_NEEDED_ERROR�!_REAUTH_NEEDED_ERROR_INVALID_RAPT�"_REAUTH_NEEDED_ERROR_RAPT_REQUIREDr;���Z_handle_error_responseZ
_handle_refresh_grant_response)
r���r4���r3���r1���r2���r5���r:���Zenable_reauth_refreshr���r���Zresponse_status_okZ
response_dataZretryable_errorr
���r
���r
���r8�����sl����(�����
�
�
�
�������������
�r8���)N)N)NNF)�__doc__r���Z
google.authr���r���Z
google.oauth2r���r���r9���r���rA���rB���rC���r*���r-���r.���r,���r
���r���r
���r)���r0���r;���r8���r
���r
���r
���r
����<module>���s4���
��
#15��
,����