��
u��ec�@s�dd�lZy�dd�l�Z�e�Z�Wn��e�k
r;���e�Z�n�Xdd�l�Z�dd�l�m�Z�m�Z��d�Z d�Z
ej�d���Z�d�d�d���YZ
d�S( i����N(�t�datetimet timedeltas sos-toolss,urn:ietf:params:oauth:grant-type:device_codet�sost�DeviceAuthorizationClassc�BsbeZ�dZ�d��Z�d��Z�d��Z�d��Z�d��Z�d��Z�d��Z d��Z
d
d ��Z�RS(�s$
Device Authorization Class
c���Cs;d|_�d|_�d|_�|�|_�|�|_�|j���dS(�N(�t�Nonet
_access_tokent�_access_expires_att&_DeviceAuthorizationClass__device_codet�client_identifier_urlt�token_endpointt�_use_device_code_grant(�t�selfR�R ((s>/usr/lib/python2.7/site-packages/sos/policies/auth/__init__.pyt�__init__�s�� � � � � �c���Cs)|j��d�j�|j���GH|j���d�S(�su
Start the device auth flow. In the future we will
store the tokens in an in-memory keyring.
s>Please visit the following URL to authenticate this device: {}N(�t�_request_device_codet�formatt�_verification_uri_completet�poll_for_auth_completion(�R�((s>/usr/lib/python2.7/site-packages/sos/policies/auth/__init__.pyR
)s��
�����c���Cs�d�jt���}�i�d�d�6}�t�s1t�d�����ny�t�j�|j�d�|�d�|����}�|�j���|�j��}�|�j d���|_
|�j d���|_�|�j d ��|_�|�j d
��|_
|�j d���|_�Wn1�t�j�k
r��}��t�j�d�j|�j�������n�Xd
S(�sl
Initialize new Device Authorization Grant attempt by
requesting a new device code.
s�client_id={}s!application/x-www-form-urlencodeds�content-typesRpython3-requests is not installed and is required for obtaining device auth token.t�datat�headerst user_codet�verification_urit�intervalt�device_codet�verification_uri_completesQHTTP request failed while attempting to acquire the tokens. Error returned was {}N(�R�t�DEVICE_AUTH_CLIENT_IDt�REQUESTS_LOADEDt Exceptiont�requestst�postR�t�raise_for_statust�jsont�gett
_user_codet�_verification_urit _intervalR�R�t HTTPErrort�status_code(�R�R�R�t�rest�responset�e((s>/usr/lib/python2.7/site-packages/sos/policies/auth/__init__.pyR
6s*���
��������� ��� �
���������������������c���Cs;�i�td�6t�d�6|j�d�6}�t�s3t�d�����nx��|j�d
k�r6�t�j�|j ���y�t
j�|j�d�|����}�|�j
}�|�d�k�r�t�j�d����|j�|�j�����n|�d�k�r�t�|�|�j�����n|�d�k�r�|�j��d �d�k�r�t�|�|�j�����nWq6�t
j�j�k
r2��}��t�j�d�j�|������q6Xq6Wd
S(�s�
Continuously poll OIDC token endpoint until the user is successfully
authenticated or an error occurs.
t
grant_typet client_idR�sRpython3-requests is not installed and is required for obtaining device auth token.R�i�s$The SSO authentication is successfuli��t�errort�authorization_pendingt slow_downs+Error was found while posting a request: {}N(�i�i��(�R+R,(�t�GRANT_TYPE_DEVICE_CODER�R�R�R�R�R�t�timet�sleepR"R�R�R R$t�loggert�infot�_set_token_dataR�t�textt
exceptionst�RequestExceptionR*R�(�R�t
token_datat�check_auth_completionR$R'((s>/usr/lib/python2.7/site-packages/sos/policies/auth/__init__.pyR�Ss.�
���
������������� � ���
���������
� �������c���Cs�|�jd���|_�t�j��t�d�|�jd������|_�|�jd���|_�|�jd���|_�|j�d�k�ryt�j�|_ n�t�j��t�d�|j����|_ d�S(�s@�
Set the class attributes as per the input token_data received.
In the future we will persist the token data in a local,
in-memory keyring, to avoid visting the browser frequently.
:param token_data: Token data containing access_token, refresh_token
and their expiry etc.
t�access_tokent�secondst
expires_int
refresh_tokent�refresh_expires_iniN(
R�R�Rt�utcnowR�R�t�_refresh_tokent�_refresh_expires_int�maxt�_refresh_expires_at(�R�R6((s>/usr/lib/python2.7/site-packages/sos/policies/auth/__init__.pyR2ts���� ����������� �c���CsE|j�r�|j�S|j��r0|j���|j�S|j���|j�Sd�S(�st
Get the valid access_token at any given time.
:return: Access_token
:rtype: string
N(�t�is_access_token_validR�t�is_refresh_token_validt�_use_refresh_token_grantR
(�R�((s>/usr/lib/python2.7/site-packages/sos/policies/auth/__init__.pyt�get_access_token�s��������
���
�c���Cs2|jo1|j�o1|j�t�d�d����t�j��k�S(�s�
Check the validity of access_token. We are considering it invalid 180
sec. prior to it's exact expiry time.
:return: True/False
R9i�(�R�R�R�RR=(�R�((s>/usr/lib/python2.7/site-packages/sos/policies/auth/__init__.pyRB�s������c���Cs2|jo1|j�o1|j�t�d�d����t�j��k�S(�s�
Check the validity of refresh_token. We are considering it invalid
180 sec. prior to it's exact expiry time.
:return: True/False
R9i�(�R>RAR�RR=(�R�((s>/usr/lib/python2.7/site-packages/sos/policies/auth/__init__.pyRC�s������c���Cs�ts�t�d�����ni�t�d�6d�d�6|�s5|j�n�|�d�6}�t�j�|j�d�|����}�|�j�d�k�r||j�|�j ����n}|�j�d�k�r�d�|�j �d �k�r�t
j�d
j�|�j�|�j �d ������|j
��n%t�d�j�|�j�|�j �d �������d�S(
s�
Fetch the new access_token and refresh_token using the existing
refresh_token and persist it.
:param refresh_token: optional param for refresh_token
sRpython3-requests is not installed and is required for obtaining device auth token.R)R;R(R�i�i��t�invalidR*skProblem while fetching the new tokens from refresh token grant - {} {}. New Device code will be requested !ssSomething went wrong while using the Refresh token grant for fetching tokens:Returned status code {0} and error {1}N(�R�R�R�R>R�R�R R$R2R�R0t�warningR�R
(�R�R;t�refresh_token_datat�refresh_token_res((s>/usr/lib/python2.7/site-packages/sos/policies/auth/__init__.pyRD�s&�����
������� ���������������
�������N(
t�__name__t
__module__t�__doc__R�R
R
R�R2RERBRCR�RD(((s>/usr/lib/python2.7/site-packages/sos/policies/auth/__init__.pyR��s�����
� ! � �
((�t�loggingR�t�TrueR�t�ImportErrort�FalseR.RR�R�R-t getLoggerR0R�(((s>/usr/lib/python2.7/site-packages/sos/policies/auth/__init__.pyt�<module>�s�������
�
�
����������� |