U ڲgK2@sddlmZddlZddlZddlmZddlmZddlmZm Z m Z ddl m Z m Z mZddlmZdd lmZmZmZmZmZmZmZdd lmZe rdd lmZmZdd lmZGd ddZeZ e j!Z!e j"Z"e j#Z#dS)) annotationsN)timegm)Iterable)datetime timedeltatimezone) TYPE_CHECKINGAnyList)api_jws) DecodeErrorExpiredSignatureErrorImmatureSignatureErrorInvalidAudienceErrorInvalidIssuedAtErrorInvalidIssuerErrorMissingRequiredClaimError)RemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeys)PyJWKc @sJeZdZdCdddddZeddd d ZdDd dddddddddZdEd ddddddZdFdddddd d!d"d#d$d d% d&d'Zd d$d(d)d*Z dGdddddd d!d"d#d$d$d% d+d,Z dHd d d#dd-d.d/Z d d dd0d1d2Z d d3d3dd4d5d6Z d d3d3dd4d7d8Zd d3d3dd4d9d:Zd;d<d d!ddd=d>d?Zd d$dd@dAdBZdS)IPyJWTNzdict[str, Any] | NoneNone)optionsreturncCs|dkr i}|||_dSN)_get_default_optionsr)selfrr//tmp/pip-unpacked-wheel-ecrjo5d0/jwt/api_jwt.py__init__szPyJWT.__init__zdict[str, bool | list[str]])rcCsddddddgdS)NT)verify_signature verify_exp verify_nbf verify_iat verify_aud verify_issrequirerrrrr r!szPyJWT._get_default_optionsHS256Tzdict[str, Any]z AllowedPrivateKeys | str | bytesz str | Noneztype[json.JSONEncoder] | Noneboolstr)payloadkey algorithmheaders json_encoder sort_headersrc Csnt|tstd|}dD](}t||trt||||<q|j|||d}t j ||||||dS)NzGExpecting a dict object, as JWT only supports JSON objects as payloads.)expiatnbf)r/r0)r1) isinstancedict TypeErrorcopygetrr utctimetuple_encode_payloadr encode) rr,r-r.r/r0r1Z time_claimZ json_payloadrrr r<-s* z PyJWT.encodebytes)r,r/r0rcCstj|d|ddS)z Encode a given payload to the bytes to be signed. This method is intended to be overridden by subclasses that need to encode the payload in a different way, e.g. compress the payload. ),:) separatorsclszutf-8)jsondumpsr<)rr,r/r0rrr r;Ss zPyJWT._encode_payloadrz str | bytesz'AllowedPublicKeys | PyJWK | str | byteszlist[str] | Nonez bool | Nonez bytes | Nonezstr | Iterable[str] | Nonezstr | List[str] | Nonezfloat | timedeltar ) jwtr- algorithmsrverifydetached_payloadaudienceissuerleewaykwargsrc Ks| rtdt| tt|p&i}|dd|dk rX||dkrXtjdtd|ds|dd|dd|d d|d d|d d|dr|std t j |||||d } | | } |j |} |j | | ||| d| | d<| S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: r"TzThe `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. The equivalent is setting `verify_signature` to False in the `options` dictionary. This invocation has a mismatch between the kwarg and the option entry.)categoryr#Fr$r%r&r'z\It is required that you pass in a value for the "algorithms" argument when calling decode().)r-rFrrH)rIrJrKr,)warningswarntuplekeysrr6 setdefaultDeprecationWarningr r decode_complete_decode_payloadr_validate_claims)rrEr-rFrrGrHrIrJrKrLdecodedr,Zmerged_optionsrrr rTesP          zPyJWT.decode_complete)rWrc CsZzt|d}Wn0tk rB}ztd|W5d}~XYnXt|tsVtd|S)a Decode the payload from a JWS dictionary (payload, signature, header). This method is intended to be overridden by subclasses that need to decode the payload in a different way, e.g. decompress compressed payloads. r,zInvalid payload string: Nz-Invalid payload string: must be a json object)rBloads ValueErrorr r5r6)rrWr,errr rUs  zPyJWT._decode_payloadc KsB| rtdt| t|j||||||||| d } | dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: )rGrHrIrJrKr,)rNrOrPrQrrT) rrEr-rFrrGrHrIrJrKrLrWrrr decodes" z PyJWT.decode)r,rrKrcCst|tr|}|dk r0t|ttfs0td|||tjt j d }d|krl|drl| |||d|kr|dr| |||d|kr|dr|||||d r||||d r|j|||d d d dS)Nz+audience must be a string, iterable or None)tzr3r%r4r$r2r#r'r&Z strict_audFstrict)r5r total_secondsr+rr7_validate_required_claimsrnowrutc timestamp _validate_iat _validate_nbf _validate_exp _validate_iss _validate_audr9)rr,rrIrJrKrarrr rVs(    zPyJWT._validate_claims)r,rrcCs(|dD]}||dkrt|qdS)Nr()r9r)rr,rZclaimrrr r`s zPyJWT._validate_required_claimsfloat)r,rarKrcCsFzt|d}Wntk r,tdYnX|||krBtddS)Nr3z)Issued At claim (iat) must be an integer.z The token is not yet valid (iat))intrYrr)rr,rarKr3rrr rd s  zPyJWT._validate_iatcCsFzt|d}Wntk r,tdYnX|||krBtddS)Nr4z*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))rjrYr r)rr,rarKr4rrr res  zPyJWT._validate_nbfcCsFzt|d}Wntk r,tdYnX|||krBtddS)Nr2z/Expiration Time claim (exp) must be an integer.zSignature has expired)rjrYr r)rr,rarKr2rrr rf's  zPyJWT._validate_expFr])r,rIr^rcs|dkr$d|ks|dsdStdd|ks4|ds^sz&PyJWT._validate_aud..c3s|]}|kVqdSrr)rlrkZaudience_claimsrr rndszAudience doesn't match)rrr5r+listanyall)rr,rIr^rror rh5s2     zPyJWT._validate_aud)r,rJrcCsT|dkr dSd|krtdt|tr<|d|krPtdn|d|krPtddS)NZisszInvalid issuer)rr5rpr)rr,rJrrr rggs    zPyJWT._validate_iss)N)r)NNT)NN)rDNNNNNNr)rDNNNNNNr)NNr)__name__ __module__ __qualname__r! staticmethodrr<r;rTrUr[rVr`rdrerfrhrgrrrr rsR)$E$*#  2r)$ __future__rrBrNcalendarrcollections.abcrrrrtypingrr r rDr exceptionsr rrrrrrrrFrrZapi_jwkrrZ_jwt_global_objr<rTr[rrrr s&    $  ]