o s h8@sddlmZddlZddlZddlmZddlmZmZddl m Z m Z m Z ddl m Z mZddlmZdd lmZmZmZmZmZmZmZmZmZdd lmZe r`dd lmZmZdd lm Z Gd ddZ!e!Z"e"j#Z#e"j$Z$e"j%Z%dS)) annotationsN)timegm)IterableSequence)datetime timedeltatimezone) TYPE_CHECKINGAny)api_jws) DecodeErrorExpiredSignatureErrorImmatureSignatureErrorInvalidAudienceErrorInvalidIssuedAtErrorInvalidIssuerErrorInvalidJTIErrorInvalidSubjectErrorMissingRequiredClaimError)RemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeys)PyJWKc@seZdZdOdPddZedQd d Z    dRdSddZ  dTdUddZ         dVdWd1d2ZdXd4d5Z         dVdYd6d7Z    dZd[d8d9Z d\d:d;Z dOd]dd?Zd^dBdCZd^dDdEZd^dFdGZdHdId_dKdLZd`dMdNZdS)aPyJWTNoptionsdict[str, Any] | NonereturnNonecCs"|duri}i|||_dSN)_get_default_optionsr)selfrr"_/var/www/html/construction_image-detection-poc/venv/lib/python3.10/site-packages/jwt/api_jwt.py__init__szPyJWT.__init__dict[str, bool | list[str]]c Csddddddddgd S)NT) verify_signature verify_exp verify_nbf verify_iat verify_aud verify_iss verify_sub verify_jtirequirer"r"r"r"r#r #szPyJWT._get_default_optionsTpayloaddict[str, Any]key(AllowedPrivateKeys | PyJWK | str | bytes algorithm str | Noneheaders json_encodertype[json.JSONEncoder] | None sort_headersboolstrc Csnt|ts td|}dD]}t||tr#t||||<q|j|||d}t j ||||||dS)NzGExpecting a dict object, as JWT only supports JSON objects as payloads.)expiatnbf)r5r6)r8) isinstancedict TypeErrorcopygetrr utctimetuple_encode_payloadr encode) r!r/r1r3r5r6r8 time_claim json_payloadr"r"r#rE1s, z PyJWT.encodebytescCstj|d|ddS)z Encode a given payload to the bytes to be signed. This method is intended to be overridden by subclasses that need to encode the payload in a different way, e.g. compress the payload. ),:) separatorsclszutf-8)jsondumpsrE)r!r/r5r6r"r"r#rDWs zPyJWT._encode_payloadrjwt str | bytes'AllowedPublicKeys | PyJWK | str | bytes algorithmsSequence[str] | Noneverify bool | Nonedetached_payload bytes | Noneaudiencestr | Iterable[str] | Noneissuerstr | Sequence[str] | Nonesubjectleewayfloat | timedeltakwargsr c Ks| rtjdt| tddt|pi}|dd|dur/||dkr/tjdtdd|ds]|dd |d d |d d |d d |d d |dd |dd tj |||||d} | | } i|j |}|j | |||| | d| | d<| S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs:  stacklevelr&TzThe `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. The equivalent is setting `verify_signature` to False in the `options` dictionary. This invocation has a mismatch between the kwarg and the option entry.)categoryrcr'Fr(r)r*r+r,r-)r1rSrrW)rYr[r^r]r/) warningswarntuplekeysrr? setdefaultDeprecationWarningr decode_complete_decode_payloadr_validate_claims)r!rPr1rSrrUrWrYr[r]r^r`decodedr/merged_optionsr"r"r#rkisV            zPyJWT.decode_completernc CsRz t|d}Wnty}ztd||d}~wwt|ts'td|S)a Decode the payload from a JWS dictionary (payload, signature, header). This method is intended to be overridden by subclasses that need to decode the payload in a different way, e.g. decompress compressed payloads. r/zInvalid payload string: Nz-Invalid payload string: must be a json object)rMloads ValueErrorr r>r?)r!rnr/er"r"r#rls zPyJWT._decode_payloadc KsH| rtjdt| tdd|j||||||||| | d } | dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: rarb)rUrWrYr]r[r^r/)rerfrgrhrrk) r!rPr1rSrrUrWrYr]r[r^r`rnr"r"r#decodes*  z PyJWT.decodecCs t|tr |}|durt|ttfstd|||tjt j d }d|vr6|dr6| |||d|vrE|drE| |||d|vrT|drT|||||d r^||||d rn|j|||d d d |drx||||dr||dSdS)Nz+audience must be a string, iterable or None)tzr<r)r=r(r;r'r+r* strict_audFstrictr,r-)r>r total_secondsr:rr@_validate_required_claimsrnowrutc timestamp _validate_iat _validate_nbf _validate_exp _validate_iss _validate_audrB _validate_sub _validate_jti)r!r/rrYr[r]r^rzr"r"r#rms.    zPyJWT._validate_claimscCs(|dD] }||durt|qdS)Nr.)rBr)r!r/rclaimr"r"r#rys zPyJWT._validate_required_claimscCsHd|vrdSt|dtstd|dur |d|kr"tddSdS)z Checks whether "sub" if in the payload is valid ot not. This is an Optional claim :param payload(dict): The payload which needs to be validated :param subject(str): The subject of the token subNzSubject must be a stringzInvalid subject)r>r:rrB)r!r/r]r"r"r#rs zPyJWT._validate_subcCs(d|vrdSt|dtstddS)z Checks whether "jti" if in the payload is valid ot not This is an Optional claim :param payload(dict): The payload which needs to be validated jtiNzJWT ID must be a string)r>rBr:r)r!r/r"r"r#r2s zPyJWT._validate_jtirzfloatcCBzt|d}Wn tytddw|||krtddS)Nr<z)Issued At claim (iat) must be an integer.z The token is not yet valid (iat))intrqrr)r!r/rzr^r<r"r"r#r}@s  zPyJWT._validate_iatcCr)Nr=z*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))rrqr r)r!r/rzr^r=r"r"r#r~Os   zPyJWT._validate_nbfcCsBzt|d}Wn tytddw|||krtddS)Nr;z/Expiration Time claim (exp) must be an integer.zSignature has expired)rrqr r)r!r/rzr^r;r"r"r#r]s  zPyJWT._validate_expFrvrwcs|durd|vs |dsdStdd|vs|dstd|d|r@t|ts-tdtts6td|kr>tddSttrHgttsQtdtddDr^tdt|trf|g}tfd d|Drutd dS) NaudzInvalid audiencezInvalid audience (strict)z&Invalid claim format in token (strict)zAudience doesn't match (strict)zInvalid claim format in tokencss|] }t|t VqdSr)r>r:).0cr"r"r# sz&PyJWT._validate_aud..c3s|]}|vVqdSrr")rraudience_claimsr"r#rszAudience doesn't match)rrr>r:listanyall)r!r/rYrwr"rr#rms4     zPyJWT._validate_audcCsV|durdSd|vrtdt|tr|d|krtddS|d|vr)tddS)NisszInvalid issuer)rr>r:r)r!r/r[r"r"r#rs   zPyJWT._validate_issr)rrrr)rr%)NNNT)r/r0r1r2r3r4r5rr6r7r8r9rr:)NN)r/r0r5rr6r7rrH) rONNNNNNNr)rPrQr1rRrSrTrrrUrVrWrXrYrZr[r\r]r4r^r_r`r rr0)rnr0rr )rPrQr1rRrSrTrrrUrVrWrXrYrZr]r4r[r\r^r_r`r rr )NNNr) r/r0rr0r]r4r^r_rr)r/r0rr0rr)r/r0rr)r/r0rzrr^rrr)r/r0rYrZrwr9rr)r/r0r[r rr)__name__ __module__ __qualname__r$ staticmethodr rErDrkrlrsrmryrrr}r~rrrr"r"r"r#rs^   )  J - *    2r)& __future__rrMrecalendarrcollections.abcrrrrrtypingr r rOr exceptionsr rrrrrrrrrrSrrapi_jwkrr_jwt_global_objrErkrsr"r"r"r#s*   ,