9-eI" LddlZddlZddlZddlZddlZddlZddlmZddlmZddl m Z ddl Z ddl Z ddl Z ddlmZddlmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZeje Z!de"de"de"ddfdZ#de"dee"ddfdZ$de"de"de"de"de"ddf dZ% d*de"deedfde"fdZ&d*deede"fdZ'd*deede"fd Z(ded!e)ddfd"Z*de"de"fd#Z+dede)fd$Z, d+deed!e)d&e)ddfd'Z-d*deeddfd(Z.de)fd)Z/dS),N)Optional)Union) urlencode) __version__) APIConfig) AuthConfig)console)AuthenticationError)InvalidTokenError)TokenNotFoundError)capture_auth_code) JWKClient) TokenInfo access_tokenalgorithm_used expected_hashreturnctj|jj}t j|}||d|}|dt|dz}tj | d d}||krtjdS)zValidate the JWT token. We need to compute the hash of the access token and compare it with the hash that is present in the JWT. This is to ensure that the token is not tampered with. zutf-8N=)jwtget_algorithm_by_namehash_algnamehashlibnewupdateencodedigestlenbase64urlsafe_b64encodedecoderstripInvalidSignatureError)rrrhashlib_alg_namehashrdigest_truncated computed_hashs ;lib/python3.11/site-packages/anaconda_cloud_auth/actions.py_validate_access_tokenr+s0@@IN ;' ( (DKK ##G,,--- [[]]F 2V!123  !12299'BBII#NN %%')))&%id_tokenc|dSt}t|jj}||} t j||j|jj|j }n.#t j j $r}td|d}~wwxYwt j |d}|td t|||ddS#t j$rtdwxYw)N)key algorithmsaudiencezError decoding token: algz!No access token found to validateat_hashz!Access token has an invalid hash.)rroidcjwks_uriget_signing_key_from_jwtrr#r/%id_token_signing_alg_values_supported client_id exceptions PyJWTErrorr get_unverified_headerr r+r%)rr- auth_config jwks_client signing_keyid_infoers r*_validate_token_inforA<s-,,KK,566K66x@@K >* "'M *     > $>>> < < <===> .x88?N !DEEEE|^WY=OPPPPP  $EEE CDDDEs$,A//BBB C""Dr8authorization_endpoint redirect_uristatecode_challengec t|dd|||d}t|}|d|}td|t j|dS)z,Open the authentication flow in the browser.codez#openid email profile offline_accessS256)r8 response_typescoperDrCrEcode_challenge_method?zOpening auth URL: N)dictrloggerdebug webbrowseropen)r8rBrCrDrEparamsencoded_paramsurls r*_send_auth_code_requestrU]s3!%$Fv&&N # 6 6n 6 6C LL+c++,,,OCr, refresh_tokenr<c|t}tj|jjd||jd}||}|d}|S)zRefresh and save the tokens.NrV) grant_typerVr8datar)rrequestspostr4token_endpointr8raise_for_statusjson)rVr<response response_datars r*refresh_access_tokenrbwsy ll }')*$.  H MMOOM 0L r,c |t}|jj}|jj}|j}|j}t tj}tj d\}}t|||||t||}tdtj|t#d||||} | } d| vr;t'd | dd | d | d } | d } t+| | | S)zZDo the browser-based auth flow and return the short-lived access_token and id_token tuple.N)code_verifier_lengthz-Authentication successful! Getting JWT token.authorization_code)rXr8rGrC code_verifierrYerrorzError getting JWT: z - error_descriptionrr-)rr4r]rBr8rCstruuiduuid4pkcegenerate_pkce_pairrUr rNrOr[r\rMr_r getrA) r<r]rBr8rCrDrgrE auth_coder`resultrr-s r* _do_auth_flowrrst ll  %4N(-D%I+L   E$($;QT$U$U$U!M>)< ",66I LL@AAA} +%'       H]]__F&! [&**W"5"5 [ [&**EX:Y:Y [ [   ::n--Lzz*%%Hx000 r,cZtjdtd|t}t jd}t jdd}t j|jj d ||d  }| }| |d }|S) zIPrompt for username and password and log in with the password grant flow.zKBasic login with username/password is deprecated and will be disabled soon.r) stacklevelNzPlease enter your email: zPlease enter your password: T)passwordru)rXusernamerurYr) warningswarn UserWarningrr inputr[r\r4r]r_r^)r<rvrur`rars r*_login_with_usernamer{s MU  ll }899H};dKKKH}'$    HMMOOM  0L r,basicc|rt|}nt|}t|}t||j}|dS)Nr<)api_keydomain)r{rr _get_api_keyrrsave)r<r|rr token_infos r* _do_loginrsd >+ DDD $=== <((G7;3EFFFJOOr,c<t}dd|i}|j}|||d<tjd|jdt ddgdt g | }|jd krtj d t| d S)N AuthorizationzBearer z X-AAU-CLIENTzhttps://z/api/iam/api-keysz cloud:readz cloud:writezanaconda-cloud-auth/v)scopestags)r_headerszError retrieving an API keyr) r aau_tokenr[r\rrMr status_coder printr r_)rconfigrrr`s r*rrs [[F 8, 8 89G I"+}36=333  -07+778    Hs"" 3444!! ==??9 %%r,cl tj|jj }n#t$rd}YnwxYw|S)NF)rloadrexpiredr )r<valids r*_api_key_is_validrsLN;#566>>  Ls " 11Fforcecp|t}|st|st||dSdS)zGLog into Anaconda.cloud and store the token information in the keyring.Nr~)r<r|)rrr)r<r|rs r*loginrsQ ll  8%+>>>8k77777788r,c|t} tj|j}|dS#t $rYdSwxYw)zLog out of Anaconda.cloud.Nr)rrrrdeleter r<rs r*logoutr se ll  ^;+=>>>       s.A AAct} tj|j}n#t$rd}YnwxYw|duS)Nr)rrrrr rs r* is_logged_inrsX,,K^;+=>>>   T !!s + ::)N)NFF)0r!rloggingrkrwrPtypingrr urllib.parserrrmr[anaconda_cloud_authranaconda_cloud_auth.configrranaconda_cloud_auth.consoler anaconda_cloud_auth.exceptionsr r r anaconda_cloud_auth.handlersr anaconda_cloud_auth.jwtranaconda_cloud_auth.tokenr getLogger__name__rNrjr+rArUrbrrr{boolrrrrrrr,r*rs  """""" ++++++000000111111//////>>>>>><<<<<<======::::::------//////  8 $ $**'**;>* ****>EsEhsmEEEEEB      6@D%*:t+;%<*++x 3+s++++\hz&:c8:dt&s&s&&&&.:$RW88*%8598JN8 8888  ,     "d""""""r,