U ڲgH@sdZddlZddlZddlZddlmZddlmZddlmZdZ dZ e dd d d d d ddddddddddgZ e dddgZ GdddZddZdd Zdjd"d#Zdkd$d%Zdld&d'Zdmd(d)Zdnd*d+Zdod,d-Zdpd/d0Zdqd1d2Zdrd3d4Zdsd5d6Zdtd7d8Zd9d:Zd;d<Zdud=d>Zd?d@ZdvdAdBZ dCdDZ!GdEdFdFej"Z#GdGdHdHej"Z$GdIdJdJej%Z&GdKdLdLej'Z(GdMdNdNej'Z)GdOdPdPej"Z*GdQdRdRej+Z,GdSdTdTej-Z.GdUdVdVej-Z/GdWdXdXej-Z0GdYdZdZej'Z1Gd[d\d\ej-Z2Gd]d^d^ej'Z3Gd_d`d`ej4Z5Gdadbdbej4Z6e2e$e#e$e/e&e(e)e*e0e.e5e6dc Z7dddeZ8dfdgZ9dhdiZ:dS)wzFirebase auth utils.N)parse) exceptions)_utilsZFIREBASE_AUTH_EMULATOR_HOSTiZacrZamrZat_hashZaudZ auth_timeZazpZcnfZc_hashexpZiatZissZjtiZnbfnoncesubZfirebaseZ VERIFY_EMAILZ EMAIL_SIGNINZPASSWORD_RESETc@s4eZdZdZddZddZddZedd Zd S) PageIteratora(An iterator that allows iterating over a sequence of items, one at a time. This implementation loads a page of items into memory, and iterates on them. When the whole page has been traversed, it loads another page. This class never keeps more than one page of entries in memory. cCs|s td||_d|_dS)NzCurrent page must not be None.) ValueError _current_page_iter)selfZ current_pager >/tmp/pip-unpacked-wheel-p0r7i5ii/firebase_admin/_auth_utils.py__init__+szPageIterator.__init__cCsl|jdkrt|j|_z t|jWStk rf|jjr`|j|_t|j|_t|jYSYnXdSN)r iteritemsnext StopIterationr Z has_next_pageZ get_next_pager r r r__next__2s     zPageIterator.__next__cCs|Srr rr r r__iter__AszPageIterator.__iter__cCstdSr)NotImplementedErrorrr r rrDszPageIterator.itemsN) __name__ __module__ __qualname____doc__rrrpropertyrr r r rr#s rcCs,ttd}|r(d|kr(tdt||S)Nz//z6Invalid {0}: "{1}". It must follow format "host:port".)osgetenvEMULATOR_HOST_ENV_VARr format)Z emulator_hostr r rget_emulator_hostIs  r#cCs tdkS)Nr)r#r r r r is_emulatedRsr$FcCs<|dkr|sdSt|tr*|r*t|dkr8td||S)NzXInvalid uid: "{0}". The uid must be a non-empty string with no more than 128 characters.) isinstancestrlenr r")uidrequiredr r r validate_uidVs r+cCsd|dkr|sdSt|tr|s,td||d}t|dksR|drR|ds`td||S)Nz7Invalid email: "{0}". Email must be a non-empty string.@rz&Malformed email address string: "{0}".)r&r'r r"splitr()emailr*partsr r rvalidate_email_s  r2cCsT|dkr|sdSt|tr|s,td||drBtd|sPtd||S)a Validates the specified phone number. Phone number vlidation is very lax here. Backend will enforce E.164 spec compliance, and normalize accordingly. Here we check if the number starts with + sign, and contains at least one alphanumeric character. NzEInvalid phone number: "{0}". Phone number must be a non-empty string.+z [a-zA-Z0-9]zVInvalid phone number: "{0}". Phone number must be a valid, E.164 compliant identifier.)r&r'r r" startswithresearch)Zphoner*r r rvalidate_phonejs r7cCs2|dkr|sdSt|tr&t|dkr.td|S)NzNInvalid password string. Password must be a string at least 6 characters long.)r&r'r(r )passwordr*r r rvalidate_password{s r:cCs0|dkr|sdSt|tr|s,td||S)Nz&{0} must be a non-empty byte sequence.)r&bytesr r")valuelabelr*r r rvalidate_bytess  r>cCs0|dkr|sdSt|tr|s,td||S)NzEInvalid display name: "{0}". Display name must be a non-empty string.r&r'r r")Z display_namer*r r rvalidate_display_names r@TcCs0|dkr|sdSt|tr|s,td||S)NzCInvalid provider ID: "{0}". Provider ID must be a non-empty string.r?) provider_idr*r r rvalidate_provider_ids rBcCs0|dkr|sdSt|tr|s,td||S)NzEInvalid provider UID: "{0}". Provider UID must be a non-empty string.r?)Z provider_uidr*r r rvalidate_provider_uids rCcCsx|dkr|sdSt|tr|s,td|z$t|}|jsLtd||WStk rrtd|YnXdS)z*Parses and validates the given URL string.Nz?Invalid photo URL: "{0}". Photo URL must be a non-empty string.zMalformed photo URL: "{0}".)r&r'r r"rurlparsenetloc Exception)Z photo_urlr*parsedr r rvalidate_photo_urls  rHcCs|dkr|sdSt|tr"tdz t|}Wn"tk rPtd|Yn2X||krhtd||dkr~td||SdS)zJValidates the given timestamp value. Timestamps must be positive integers.Nz%Boolean value specified as timestamp.z&Invalid type for timestamp value: {0}./{0} must be a numeric value and a whole number.rz*{0} timestamp must be a positive interger.)r&boolr int TypeErrorr") timestampr=r*Z timestamp_intr r rvalidate_timestamps   rNcCs|dkst|tr td|z t|}Wn"tk rNtd|Yn\X||krftd||dk r||krtd|||dk r||krtd|||SdS)auValidates that the given value represents an integer. There are several ways to represent an integer in Python (e.g. 2, 2L, 2.0). This method allows for all such representations except for booleans. Booleans also behave like integers, but always translate to 1 and 0. Passing a boolean to an API that expects integers is most likely a developer error. Nz$Invalid type for integer value: {0}.rIz!{0} must not be smaller than {1}.z {0} must not be larger than {1}.)r&rJr r"rKrL)r<r=lowhighZval_intr r r validate_ints rQcCst|tstd|||S)z+Validates that the given value is a string.Invalid type for {0}: {1}.r?r<r=r r rvalidate_strings rTcCst|tstd|||S)z,Validates that the given value is a boolean.rR)r&rJr r"rSr r rvalidate_booleans rUcCs|dkr|sdSt|}t|tkr2tdtzt|}Wntk r\tdYnXt|t sptdt t | }t|dkrdt|}td|t|dkrtd||S) zValidates the specified custom claims. Custom claims must be specified as a JSON string. The string must not exceed 1000 characters, and the parsed JSON payload must not contain reserved JWT claims. Nz5Custom claims payload must not exceed {0} characters.z-Failed to parse custom claims string as JSON.z1Custom claims must be parseable as a JSON object.r., z/Claims "{0}" are reserved, and must not be set.z-Claim "{0}" is reserved, and must not be set.)r'r(MAX_CLAIMS_PAYLOAD_SIZEr r"jsonloadsrFr&dictRESERVED_CLAIMS intersectionsetkeysjoinsortedpop)Z custom_claimsr*Z claims_strrGZinvalid_claimsZjoinedr r rvalidate_custom_claimss0      rbcCs"|tkrtd|dt|S)NzOInvalid action type provided action_type: {0}. Valid values are {1}rV)VALID_EMAIL_ACTION_TYPESr r"r_)Z action_typer r rvalidate_action_types rdcCs,|s|rtdgS|D]}t|dq|S)Nz5Invalid provider IDs. Provider ids should be providedT)r rB)Z provider_idsr*rAr r rvalidate_provider_ids s recCsXg}|D]B\}}t|trDt|}|D]}|d||q*q ||q t|S)z6Creates an update mask list from the given dictionary.z{0}.{1})rr&rZbuild_update_maskappendr"r`)paramsmaskkeyr<Z child_maskchildr r rrfs  rfc@seZdZdZdZddZdS)UidAlreadyExistsErrorz.The user with the provided uid already exists.z-The user with the provided uid already existscCstj||||dSrrAlreadyExistsErrorrr messagecause http_responser r rr)szUidAlreadyExistsError.__init__Nrrrrdefault_messagerr r r rrl$srlc@seZdZdZdZddZdS)EmailAlreadyExistsErrorz0The user with the provided email already exists.z/The user with the provided email already existscCstj||||dSrrmror r rr2sz EmailAlreadyExistsError.__init__Nrsr r r rru-sruc@seZdZdZdZddZdS)InsufficientPermissionErrorzEThe credential used to initialize the SDK lacks required permissions.zThe credential used to initialize the SDK has insufficient permissions to perform the requested operation. See https://firebase.google.com/docs/admin/setup for details on how to initialize the Admin SDK with appropriate permissionscCstj||||dSr)rPermissionDeniedErrorrror r rr>sz$InsufficientPermissionError.__init__Nrsr r r rrv6srvc@seZdZdZdZddZdS)InvalidDynamicLinkDomainErrorzr@rBrCrHrNrQrTrUrbrdrerfrnrlrurwrvrzrxr{r|r~r}rrrrrrrrrrrrrrr r r rs   &