a "h8@sddlmZddlZddlZddlmZddlmZmZddl m Z m Z m Z ddl m Z mZddlmZdd lmZmZmZmZmZmZmZmZmZdd lmZe rdd lmZmZdd lm Z Gd ddZ!e!Z"e"j#Z#e"j$Z$e"j%Z%dS)) annotationsN)timegm)IterableSequence)datetime timedeltatimezone) TYPE_CHECKINGAny)api_jws) DecodeErrorExpiredSignatureErrorImmatureSignatureErrorInvalidAudienceErrorInvalidIssuedAtErrorInvalidIssuerErrorInvalidJTIErrorInvalidSubjectErrorMissingRequiredClaimError)RemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeys)PyJWKc@sreZdZdHdddddZeddd d ZdId d ddddddddZdJd ddddddZdKddddddd d!dd"d#d d$ d%d&Zd d#d'd(d)Z dLddddddd dd!d"d#d#d* d+d,Z dMd d dd"dd-d.d/Z d d dd0d1d2Z dNd dd3d4d5Z d dd3d6d7Zd d8d8dd9d:d;Zd d8d8dd9dd?Zd@dAd d dddBdCdDZd d#ddEdFdGZdS)OPyJWTNzdict[str, Any] | NoneNone)optionsreturncCs"|dur i}i|||_dSN)_get_default_optionsr)selfrr!G/var/www/html/requester/venv/lib/python3.9/site-packages/jwt/api_jwt.py__init__szPyJWT.__init__zdict[str, bool | list[str]])rc Csddddddddgd S)NT) verify_signature verify_exp verify_nbf verify_iat verify_aud verify_iss verify_sub verify_jtirequirer!r!r!r!r"r#szPyJWT._get_default_optionsTzdict[str, Any]z(AllowedPrivateKeys | PyJWK | str | bytesz str | Noneztype[json.JSONEncoder] | Noneboolstr)payloadkey algorithmheaders json_encoder sort_headersrc Csnt|tstd|}dD](}t||trt||||<q|j|||d}t j ||||||dS)NzGExpecting a dict object, as JWT only supports JSON objects as payloads.)expiatnbf)r2r3)r4) isinstancedict TypeErrorcopygetrr utctimetuple_encode_payloadr encode) r r/r0r1r2r3r4Z time_claimZ json_payloadr!r!r"r?1s* z PyJWT.encodebytes)r/r2r3rcCstj|d|ddS)z Encode a given payload to the bytes to be signed. This method is intended to be overridden by subclasses that need to encode the payload in a different way, e.g. compress the payload. ),:) separatorsclszutf-8)jsondumpsr?)r r/r2r3r!r!r"r>Ws zPyJWT._encode_payloadrz str | bytesz'AllowedPublicKeys | PyJWK | str | byteszSequence[str] | Nonez bool | Nonez bytes | Nonezstr | Iterable[str] | Nonezstr | Sequence[str] | Nonezfloat | timedeltar ) jwtr0 algorithmsrverifydetached_payloadaudienceissuersubjectleewaykwargsrc Ks| r"tjdt| tddt|p*i}|dd|dur^||dkr^tjdtdd|ds|dd |d d |d d |d d |d d |dd |dd tj |||||d} | | } i|j |}|j | |||| | d| | d<| S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs:  stacklevelr$TzThe `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. The equivalent is setting `verify_signature` to False in the `options` dictionary. This invocation has a mismatch between the kwarg and the option entry.)categoryrSr%Fr&r'r(r)r*r+)r0rIrrK)rLrMrOrNr/) warningswarntuplekeysrr9 setdefaultDeprecationWarningr decode_complete_decode_payloadr_validate_claims)r rHr0rIrrJrKrLrMrNrOrPdecodedr/Zmerged_optionsr!r!r"r[isV            zPyJWT.decode_complete)r^rc Cs^zt|d}Wn4tyF}ztd||WYd}~n d}~00t|tsZtd|S)a Decode the payload from a JWS dictionary (payload, signature, header). This method is intended to be overridden by subclasses that need to decode the payload in a different way, e.g. decompress compressed payloads. r/zInvalid payload string: Nz-Invalid payload string: must be a json object)rEloads ValueErrorr r8r9)r r^r/er!r!r"r\s& zPyJWT._decode_payload) rHr0rIrrJrKrLrNrMrOrPrc KsH| r"tjdt| tdd|j||||||||| | d } | dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: rQrR)rJrKrLrNrMrOr/)rUrVrWrXrr[) r rHr0rIrrJrKrLrNrMrOrPr^r!r!r"decodes*  z PyJWT.decode)r/rrNrOrcCst|tr|}|dur0t|ttfs0td|||tjt j d }d|vrl|drl| |||d|vr|dr| |||d|vr|dr|||||d r||||d r|j|||d d d |dr||||dr||dS)Nz+audience must be a string, iterable or None)tzr6r'r7r&r5r%r)r(Z strict_audFstrictr*r+)r8r total_secondsr.rr:_validate_required_claimsrnowrutc timestamp _validate_iat _validate_nbf _validate_exp _validate_iss _validate_audr< _validate_sub _validate_jti)r r/rrLrMrNrOrhr!r!r"r]s,     zPyJWT._validate_claims)r/rrcCs(|dD]}||durt|qdS)Nr,)r<r)r r/rZclaimr!r!r"rgs zPyJWT._validate_required_claims)r/rcCsDd|vr dSt|dts"td|dur@|d|kr@tddS)z Checks whether "sub" if in the payload is valid ot not. This is an Optional claim :param payload(dict): The payload which needs to be validated :param subject(str): The subject of the token subNzSubject must be a stringzInvalid subject)r8r.rr<)r r/rNr!r!r"rps zPyJWT._validate_subcCs(d|vr dSt|dts$tddS)z Checks whether "jti" if in the payload is valid ot not This is an Optional claim :param payload(dict): The payload which needs to be validated ZjtiNzJWT ID must be a string)r8r<r.r)r r/r!r!r"rq2szPyJWT._validate_jtifloat)r/rhrOrcCsFzt|d}Wnty,tddYn0|||krBtddS)Nr6z)Issued At claim (iat) must be an integer.z The token is not yet valid (iat))intr`rr)r r/rhrOr6r!r!r"rk@s  zPyJWT._validate_iatcCsFzt|d}Wnty,tddYn0|||krBtddS)Nr7z*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))rtr`r r)r r/rhrOr7r!r!r"rlOs   zPyJWT._validate_nbfcCsFzt|d}Wnty,tddYn0|||krBtddS)Nr5z/Expiration Time claim (exp) must be an integer.zSignature has expired)rtr`r r)r r/rhrOr5r!r!r"rm]s  zPyJWT._validate_expFrd)r/rLrercs|dur$d|vs|dsdStdd|vs4|dsz&PyJWT._validate_aud..c3s|]}|vVqdSrr!)rvruZaudience_claimsr!r"rxryzAudience doesn't match)rrr8r.listanyall)r r/rLrer!rzr"roms2     zPyJWT._validate_aud)r/rMrcCsT|dur dSd|vrtdt|tr<|d|krPtdn|d|vrPtddS)NZisszInvalid issuer)rr8r.r)r r/rMr!r!r"rns    zPyJWT._validate_iss)N)NNNT)NN) rGNNNNNNNr) rGNNNNNNNr)NNNr)N)__name__ __module__ __qualname__r# staticmethodrr?r>r[r\rbr]rgrprqrkrlrmrornr!r!r!r"rs\)&J&-* 2r)& __future__rrErUcalendarrcollections.abcrrrrrtypingr r rGr exceptionsr rrrrrrrrrrIrrZapi_jwkrrZ_jwt_global_objr?r[rbr!r!r!r"s(   ,