Aah8ddlmZddlZddlZddlmZddlmZmZddl m Z m Z m Z ddl m Z mZddlmZdd lmZmZmZmZmZmZmZmZmZdd lmZe rdd lmZmZdd lm Z Gd dZ!e!Z"e"j#Z#e"j$Z$e"j%Z%dS)) annotationsN)timegm)IterableSequence)datetime timedeltatimezone) TYPE_CHECKINGAny)api_jws) DecodeErrorExpiredSignatureErrorImmatureSignatureErrorInvalidAudienceErrorInvalidIssuedAtErrorInvalidIssuerErrorInvalidJTIErrorInvalidSubjectErrorMissingRequiredClaimError)RemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeys)PyJWKceZdZd?d@dZedAdZ dBdCdZ dDdEdZ dFdGd-ZdHd/Z dFdId0Z dJdKd1Z dLd2Z d?dMd3Z dMd4ZdNd7ZdNd8ZdNd9Zd:d;dOd=ZdPd>ZdS)QPyJWTNoptionsdict[str, Any] | NonereturnNonecH|i}i|||_dSN)_get_default_optionsr)selfrs =/var/www/lms/venv/lib/python3.11/site-packages/jwt/api_jwt.py__init__zPyJWT.__init__s- ?G'Q$*C*C*E*E'Q'Q dict[str, bool | list[str]]c ddddddddgd S)NT) verify_signature verify_exp verify_nbf verify_iat verify_aud verify_iss verify_sub verify_jtirequirer3r'r%r#zPyJWT._get_default_options#s.!%   r'Tpayloaddict[str, Any]key(AllowedPrivateKeys | PyJWK | str | bytes algorithm str | Noneheaders json_encodertype[json.JSONEncoder] | None sort_headersboolstrct|tstd|}dD]T}t||t r*t ||||<U||||}tj ||||||S)NzGExpecting a dict object, as JWT only supports JSON objects as payloads.)expiatnbf)r:r;)r=) isinstancedict TypeErrorcopygetrr utctimetuple_encode_payloadr encode) r$r4r6r8r:r;r= time_claim json_payloads r%rKz PyJWT.encode1s'4(( ,  ,,../ Q QJ'++j118<< Q&,WZ-@-M-M-O-O&P&P #++ %,  ~     %     r'bytescVtj|d|dS)z Encode a given payload to the bytes to be signed. This method is intended to be overridden by subclasses that need to encode the payload in a different way, e.g. compress the payload. ),:) separatorsclszutf-8)jsondumpsrK)r$r4r:r;s r%rJzPyJWT._encode_payloadWs3z !    &//  r'rjwt str | bytes'AllowedPublicKeys | PyJWK | str | bytes algorithmsSequence[str] | Noneverify bool | Nonedetached_payload bytes | Noneaudiencestr | Iterable[str] | Noneissuerstr | Sequence[str] | Nonesubjectleewayfloat | timedeltakwargsr c  | r>tjdt| tdt |pi}|dd|(||dkrtjdtd|ds|dd |d d |d d |d d |d d |dd |dd tj |||||} | | } i|j |}| | |||| | | | d<| S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs:  stacklevelr*TzThe `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. The equivalent is setting `verify_signature` to False in the `options` dictionary. This invocation has a mismatch between the kwarg and the option entry.)categoryrkr+Fr,r-r.r/r0r1)r6rZrr^)r`rbrerdr4) warningswarntuplekeysrrE setdefaultDeprecationWarningr decode_complete_decode_payloadr_validate_claims)r$rWr6rZrr\r^r`rbrdrergdecodedr4merged_optionss r%rszPyJWT.decode_completeis&   M>',V[[]]';';>>'     w}"%%-t444  &G4F,G"G"G MY,     )* 4   |U 3 3 3   |U 3 3 3   |U 3 3 3   |U 3 3 3   |U 3 3 3   |U 3 3 3   |U 3 3 3) !-    &&w//4DL4G4       % r'rvc tj|d}n%#t$r}td||d}~wwxYwt |t std|S)a Decode the payload from a JWS dictionary (payload, signature, header). This method is intended to be overridden by subclasses that need to decode the payload in a different way, e.g. decompress compressed payloads. r4zInvalid payload string: Nz-Invalid payload string: must be a json object)rTloads ValueErrorrrDrE)r$rvr4es r%rtzPyJWT._decode_payloads Ej!344GG E E E<<<==1 D E'4(( OMNN Ns ?:?c | r>tjdt| td|||||||||| |  } | dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: rirj)r\r^r`rdrbrer4)rmrnrorprrs) r$rWr6rZrr\r^r`rdrbrergrvs r%decodez PyJWT.decodes&   M>',V[[]]';';>>'     &&    -'   y!!r'c0t|tr|}|+t|ttfst d|||tjtj  }d|vr|dr| |||d|vr|dr| |||d|vr|dr|||||d r||||d r,||||d d  |dr||||dr||dSdS)Nz+audience must be a string, iterable or None)tzrBr-rCr,rAr+r/r. strict_audFstrictr0r1)rDr total_secondsr?rrF_validate_required_claimsrnowr utc timestamp _validate_iat _validate_nbf _validate_exp _validate_iss _validate_audrH _validate_sub _validate_jti)r$r4rr`rbrdrers r%ruzPyJWT._validate_claimss fi ( ( ,))++F   8c8_(M(M IJJ J &&w888lhl+++5577 G   5    wV 4 4 4 G   5    wV 4 4 4 G   5    wV 4 4 4 <  0   w / / / <     '++lE*J*J     <  1   w 0 0 0 <  (   w ' ' ' ' ' ( (r'cd|dD]&}||t|'dS)Nr2)rHr)r$r4rclaims r%rzPyJWT._validate_required_claimssG Y' 7 7E{{5!!)/666* 7 7r'cd|vrdSt|dtstd|(|d|krtddSdS)z Checks whether "sub" if in the payload is valid ot not. This is an Optional claim :param payload(dict): The payload which needs to be validated :param subject(str): The subject of the token subNzSubject must be a stringzInvalid subject)rDr?rrH)r$r4rds r%rzPyJWT._validate_subst    F'%.#.. B%&@AA A  {{5!!W,,)*;<<<  ,,r'cd|vrdSt|dtstddS)z Checks whether "jti" if in the payload is valid ot not This is an Optional claim :param payload(dict): The payload which needs to be validated jtiNzJWT ID must be a string)rDrHr?r)r$r4s r%rzPyJWT._validate_jti2sK    F'++e,,c22 =!";<< < = =r'rfloatc t|d}n#t$rtddwxYw|||zkrtddS)NrBz)Issued At claim (iat) must be an integer.z The token is not yet valid (iat))intrzrr)r$r4rrerBs r%rzPyJWT._validate_iat@su  gen%%CC   &;   #,  ()KLL L 3c t|d}n#t$rtddwxYw|||zkrtddS)NrCz*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))rrzrr)r$r4rrerCs r%rzPyJWT._validate_nbfOst  Vgen%%CC V V VJKKQU U V #,  ()KLL L rc t|d}n#t$rtddwxYw|||z krtddS)NrAz/Expiration Time claim (exp) must be an integer.zSignature has expired)rrzrr)r$r4rrerAs r%rzPyJWT._validate_exp]su  gen%%CC   A   3< '(?@@ @ ! rFrrc|d|vs|dsdStdd|vs|dstd|d|r_t|tstdttstd|krtddSttrgttstdt dDrtdt|tr|g}t fd|Drtd dS) NaudzInvalid audiencezInvalid audience (strict)z&Invalid claim format in token (strict)zAudience doesn't match (strict)zInvalid claim format in tokenc3BK|]}t|t VdSr")rDr?).0cs r% z&PyJWT._validate_aud..s/??!:a%%%??????r'c3 K|]}|vV dSr"r3)rraudience_claimss r%rz&PyJWT._validate_aud..s(>>cs/)>>>>>>r'zAudience doesn't match)rrrDr?listanyall)r$r4r`rrs @r%rzPyJWT._validate_audms  G##75>#''9:: :   wu~ ,E22 2!%.  h,, H*+FGGGos33 U*+STTT?***+LMMM F os + + 0./O/400 H&'FGG G ????? ? ? H&'FGG G h $ $ " zH >>>>X>>> > > A&'?@@ @ A Ar'c|dSd|vrtdt|tr|d|krtddS|d|vrtddS)NisszInvalid issuer)rrDr?r)r$r4rbs r%rzPyJWT._validate_isss > F   +E22 2 fc " " ;u~''()9:::('u~V++()9:::,+r'r")rrrr )rr()NNNT)r4r5r6r7r8r9r:rr;r<r=r>rr?)NN)r4r5r:rr;r<rrN) rVNNNNNNNr)rWrXr6rYrZr[rrr\r]r^r_r`rarbrcrdr9rerfrgr rr5)rvr5rr )rWrXr6rYrZr[rrr\r]r^r_r`rardr9rbrcrerfrgr rr )NNNr) r4r5rr5rdr9rerfrr )r4r5rr5rr )r4r5rr )r4r5rrrerrr )r4r5r`rarr>rr )r4r5rbr rr )__name__ __module__ __qualname__r& staticmethodr#rKrJrsrtr}rurrrrrrrrr3r'r%rrsRRRRR     \  "!%)-6:!$ $ $ $ $ R*.6: *8:+/)-")-04-1"$%HHHHHT&8:+/)-")-04"-1$%'"'"'"'"'"Z"$%((((((((((T7777=====& = = = = M M M M M M M MAAAA* 0A0A0A0A0A0Ad ; ; ; ; ; ;r'r)& __future__rrTrmcalendarrcollections.abcrrrrr typingr r rVr exceptionsrrrrrrrrrrrZrrapi_jwkrr_jwt_global_objrKrsr}r3r'r%rs"""""" ........2222222222%%%%%%%%                      -,,,,,AAAAAAAAN;N;N;N;N;N;N;N;b %''  !1  r'