U ڲgD@sdZddlmZddlZddlmZddlmZdZGdddZGd d d eZ Gd d d eZ Gd ddZ Gddde Z Gddde Z GdddejZGdddZddZddZddZddZdd ZdS)!z.Firebase auth providers management sub module.)parseN) _auth_utils) _user_mgtdc@s<eZdZdZddZeddZeddZedd Zd S) ProviderConfigz9Parent type for all authentication provider config types.cCs ||_dSN_data)selfdatar B/tmp/pip-unpacked-wheel-p0r7i5ii/firebase_admin/_auth_providers.py__init__szProviderConfig.__init__cCs|jd}|ddS)Nname/)r split)r rr r r provider_id"s zProviderConfig.provider_idcCs |jdS)N displayNamer getr r r r display_name'szProviderConfig.display_namecCs|jddS)NenabledFrrr r r r+szProviderConfig.enabledN) __name__ __module__ __qualname____doc__rpropertyrrrr r r r rs  rc@sLeZdZdZeddZeddZeddZedd Zed d Z d S) OIDCProviderConfigz{Represents the OIDC auth provider configuration. See https://openid.net/specs/openid-connect-core-1_0-final.html. cCs |jdS)Nissuerrrr r r r 6szOIDCProviderConfig.issuercCs |jdS)NclientIdrrr r r client_id:szOIDCProviderConfig.client_idcCs |jdS)N clientSecretrrr r r client_secret>sz OIDCProviderConfig.client_secretcCs|jdiddS)N responseTypeidTokenFrrr r r id_token_response_typeBsz)OIDCProviderConfig.id_token_response_typecCs|jdiddS)Nr%codeFrrr r r code_response_typeFsz%OIDCProviderConfig.code_response_typeN) rrrrrr r"r$r'r)r r r r r0s    rc@sLeZdZdZeddZeddZeddZedd Zed d Z d S) SAMLProviderConfigzRepresents he SAML auth provider configuration. See http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html. cCs|jdidS)N idpConfig idpEntityIdrrr r r idp_entity_idQsz SAMLProviderConfig.idp_entity_idcCs|jdidS)Nr+ssoUrlrrr r r sso_urlUszSAMLProviderConfig.sso_urlcCs |jdid}dd|DS)Nr+idpCertificatescSsg|] }|dqSZx509Certificater ).0cr r r \sz8SAMLProviderConfig.x509_certificates..r)r certsr r r x509_certificatesYsz$SAMLProviderConfig.x509_certificatescCs|jdidS)NspConfig callbackUrirrr r r callback_url^szSAMLProviderConfig.callback_urlcCs|jdidS)Nr7 spEntityIdrrr r r rp_entity_idbszSAMLProviderConfig.rp_entity_idN) rrrrrr-r/r6r9r;r r r r r*Ks    r*c@sLeZdZdZddZeddZeddZedd Zd d Z d d Z dS)ListProviderConfigsPageajRepresents a page of AuthProviderConfig instances retrieved from a Firebase project. Provides methods for traversing the provider configs included in this page, as well as retrieving subsequent pages. The iterator returned by ``iterate_all()`` can be used to iterate through all provider configs in the Firebase project starting from this page. cCs||_||_||||_dSr) _download _max_results_current)r download page_token max_resultsr r r rosz ListProviderConfigsPage.__init__cCstdS)zBA list of ``AuthProviderConfig`` instances available in this page.N)NotImplementedErrorrr r r provider_configstsz(ListProviderConfigsPage.provider_configscCs|jddS)zKPage token string for the next page (empty string indicates no more pages).Z nextPageTokenr?rrr r r next_page_tokenysz'ListProviderConfigsPage.next_page_tokencCs t|jS)z6A boolean indicating whether more pages are available.)boolrGrr r r has_next_page~sz%ListProviderConfigsPage.has_next_pagecCs|jr||j|j|jSdS)zRetrieves the next page of provider configs, if available. Returns: ListProviderConfigsPage: Next page of provider configs, or None if this is the last page. N)rI __class__r=rGr>rr r r get_next_pagesz%ListProviderConfigsPage.get_next_pagecCst|S)aeRetrieves an iterator for provider configs. Returned iterator will iterate through all the provider configs in the Firebase project starting from this page. The iterator will never buffer more than one page of configs in memory at a time. Returns: iterator: An iterator of AuthProviderConfig instances. )_ProviderConfigIteratorrr r r iterate_alls z#ListProviderConfigsPage.iterate_allN) rrrrrrrDrGrIrKrMr r r r r<gs    r<c@seZdZeddZdS)_ListOIDCProviderConfigsPagecCsdd|jdgDS)NcSsg|] }t|qSr )rr2r r r r r4szA_ListOIDCProviderConfigsPage.provider_configs..ZoauthIdpConfigsrFrr r r rDsz-_ListOIDCProviderConfigsPage.provider_configsNrrrrrDr r r r rNsrNc@seZdZeddZdS)_ListSAMLProviderConfigsPagecCsdd|jdgDS)NcSsg|] }t|qSr )r*rOr r r r4szA_ListSAMLProviderConfigsPage.provider_configs..ZinboundSamlConfigsrFrr r r rDsz-_ListSAMLProviderConfigsPage.provider_configsNrPr r r r rQsrQc@seZdZeddZdS)rLcCs|jjSr)Z _current_pagerDrr r r itemssz_ProviderConfigIterator.itemsN)rrrrrRr r r r rLsrLc@seZdZdZdZd"ddZddZd#dd Zd$d d Zd d Z de fddZ de fddZ ddZ d%ddZd&ddZddZde fddZde fddZde fddZd d!ZdS)'ProviderConfigClientz1Client for managing Auth provider configurations.z)https://identitytoolkit.googleapis.com/v2NcCs:||_|p|j}d|||_|r6|jd|7_dS)Nz{0}/projects/{1}z /tenants/{0}) http_clientPROVIDER_CONFIG_URLformatbase_url)r rTZ project_idZ tenant_idZ url_overrideZ url_prefixr r r rs  zProviderConfigClient.__init__cCs"t||dd|}t|S)Nr/oauthIdpConfigs/{0})_validate_oidc_provider_id _make_requestrVrr rbodyr r r get_oidc_provider_configsz-ProviderConfigClient.get_oidc_provider_configc Cst|t|dt|dd} |dk r6t|d| d<|dk rNt|d| d<i} |dkrj|dkrjtd |dk rt|d | d <|dk rt|d | d <|rt|d| d<| r| | d<d|} |jdd| | d} t | S)z=Creates a new OIDC provider config from the given parameters.r"r )r!r NrrrF,At least one response type must be returned.r'r&r)r(r$r#r%zoauthIdpConfigId={0}post/oauthIdpConfigsjsonparams) rY_validate_non_empty_string _validate_urlrvalidate_stringvalidate_boolean ValueErrorrVrZr) r rr"r rrr$r'r)req response_typercr\r r r create_oidc_provider_configs8 z0ProviderConfigClient.create_oidc_provider_configc Cs(t|i} |dk r8|tjkr(d| d<nt|d| d<|dk rPt|d| d<|rbt|d| d<|rtt|d| d<i} |dkr|dkrtd |dk rt|d | d <|dk rt|d | d <|rt|d| d<| r| | d<| stdt | } d d | } d |} |j d| | | d}t |S)zCUpdates an existing OIDC provider config with the given parameters.Nrrrr"r!r Fr^r'r&r)r(r$r#r%4At least one parameter must be specified for update.updateMask={0},rXpatchra)rYrDELETE_ATTRIBUTErrfrgrdrerhbuild_update_maskrVjoinrZr)r rr"r rrr$r'r)rirj update_maskrcurlr\r r r update_oidc_provider_configsH    z0ProviderConfigClient.update_oidc_provider_configcCst||dd|dS)NdeleterX)rYrZrVr rr r r delete_oidc_provider_config sz0ProviderConfigClient.delete_oidc_provider_configcCst|j||Sr)rN_fetch_oidc_provider_configsr rArBr r r list_oidc_provider_configss z/ProviderConfigClient.list_oidc_provider_configscCs|d||S)Nr`_fetch_provider_configsrzr r r rysz1ProviderConfigClient._fetch_oidc_provider_configscCs"t||dd|}t|S)Nr/inboundSamlConfigs/{0})_validate_saml_provider_idrZrVr*r[r r r get_saml_provider_configsz-ProviderConfigClient.get_saml_provider_configc Cst|t|dt|dt|dt|dt|ddd} |dk rTt|d | d <|dk rlt|d | d <d |} |jd d| | d} t | S)z=Creates a new SAML provider config from the given parameters.r-r/)r,r.r0r;r9)r:r8)r+r7NrrrzinboundSamlConfigId={0}r_/inboundSamlConfigsra) rrdre_validate_x509_certificatesrrfrgrVrZr*) r rr-r/r6r;r9rrrircr\r r r create_saml_provider_configs   z0ProviderConfigClient.create_saml_provider_configc Cs&t|i} |dk r"t|d| d<|dk r8t|d| d<|dk rLt|| d<i} |dk rft|d| d<|dk r|t|d | d <i} |dk r|tjkrd| d <nt|d | d <|dk rt|d | d <| r| | d<| r| | d<| st dt | } d d | } d |}|j d|| | d}t|S)zCUpdates an existing SAML provider config with the given parameters.Nr-r,r/r.r0r;r:r9r8rrrr+r7rlrmrnr~rora)rrdrerrrprrfrgrhrqrVrrrZr*)r rr-r/r6r;r9rrZ idp_configZ sp_configrirsrcrtr\r r r update_saml_provider_config4s>     z0ProviderConfigClient.update_saml_provider_configcCst||dd|dS)Nrvr~)rrZrVrwr r r delete_saml_provider_config]sz0ProviderConfigClient.delete_saml_provider_configcCst|j||Sr)rQ_fetch_saml_provider_configsrzr r r list_saml_provider_configsas z/ProviderConfigClient.list_saml_provider_configscCs|d||S)Nrr|rzr r r resz1ProviderConfigClient._fetch_saml_provider_configscCsz|dk rt|tr|stdt|ts0td|dks@|tkrNtdtd|}|rj|d|7}|jd||d S) z'Fetches a page of auth provider configsNz&Page token must be a non-empty string.zMax results must be an integer.zAMax results must be a positive integer less than or equal to {0}.z pageSize={0}z&pageToken={0}r)rc) isinstancestrrhintMAX_LIST_CONFIGS_RESULTSrVrZ)r pathrArBrcr r r r}hs  z,ProviderConfigClient._fetch_provider_configsc KsXd|j|}z|jj||f|WStjjk rR}zt|W5d}~XYnXdS)Nz{0}{1}) rVrWrTr\requests exceptionsRequestExceptionrZhandle_auth_backend_error)r methodrkwargsrterrorr r r rZys z"ProviderConfigClient._make_request)NN)NNNNN)NNNNNNN)NN)NNNNNNN)rrrrrUrr]rkrurxrr{ryrrrrrrr}rZr r r r rSsL  ! *  )rScCs4t|tstd||ds0td||S)NzFInvalid OIDC provider ID: {0}. Provider ID must be a non-empty string.zoidc.zInvalid OIDC provider ID: {0}.rrrhrV startswithrr r r rYs  rYcCs4t|tstd||ds0td||S)NzFInvalid SAML provider ID: {0}. Provider ID must be a non-empty string.zsaml.zInvalid SAML provider ID: {0}.rrr r r rs  rcCs0t|tstd|||s,td||S)z5Validates that the given value is a non-empty string.zInvalid type for {0}: {1}.z{0} must not be empty.)rrrhrV)valuelabelr r r rds  rdcCsnt|tr|std||z&t|}|js@td|||WStk rhtd||YnXdS)z;Validates that the given value is a well-formed URL string.z9Invalid photo URL: "{0}". {1} must be a non-empty string.zMalformed {0}: "{1}".N)rrrhrVrurlparsenetloc Exception)rtrparsedr r r res recCs>t|tr|stdtdd|Ds0tddd|DS)Nz+x509_certificates must be a non-empty list.cSsg|]}t|to|qSr )rrr2certr r r r4sz/_validate_x509_certificates..z6x509_certificates must only contain non-empty strings.cSsg|] }d|iqSr1r rr r r r4s)rlistrhall)r6r r r rs r)rurllibrrZfirebase_adminrrrrrr*r<rNrQZ PageIteratorrLrSrYrrdrerr r r r s&   4R