dbfdg <!--w1suD5cF-->
3
“k®ZÔ  ã               @   sÌ   d dl Z d dlZd dlmZ d dlmZmZ d dlmZmZ ddl	m
Z
 ddlmZmZ ddlmZ dd	lmZmZmZmZmZmZmZ dd
lmZ G dd„ de
ƒZeƒ ZejZejZejZejZej Z dS )é    N)Útimegm)ÚIterableÚMapping)ÚdatetimeÚ	timedeltaé   )ÚPyJWS)Ú	AlgorithmÚget_default_algorithms)Ústring_types)ÚDecodeErrorÚExpiredSignatureErrorÚImmatureSignatureErrorÚInvalidAudienceErrorÚInvalidIssuedAtErrorÚInvalidIssuerErrorÚMissingRequiredClaimError)Ú
merge_dictc                   sv   e Zd ZdZedd„ ƒZd‡ fdd„	Zd‡ fd
d„	Zddd„Zdd„ Z	dd„ Z
dd„ Zdd„ Zdd„ Zdd„ Z‡  ZS )ÚPyJWTZJWTc            
   C   s   ddddddddddœ	S )NTF)	Úverify_signatureÚ
verify_expÚ
verify_nbfÚ
verify_iatÚ
verify_audÚ
verify_issÚrequire_expÚrequire_iatÚrequire_nbf© r   r   r   ú/usr/lib/python3.6/api_jwt.pyÚ_get_default_options   s    zPyJWT._get_default_optionsÚHS256Nc                sr   t |tƒstdƒ‚x0d	D ](}t |j|ƒtƒrt|| jƒ ƒ||< qW tj|d
|dj	dƒ}t
t| ƒj	|||||ƒS )NzJExpecting a mapping object, as JWT only supports JSON objects as payloads.ÚexpÚiatÚnbfú,ú:)Z
separatorsÚclszutf-8)r"   r#   r$   )r%   r&   )Ú
isinstancer   Ú	TypeErrorÚgetr   r   ÚutctimetupleÚjsonÚdumpsÚencodeÚsuperr   )ÚselfÚpayloadÚkeyÚ	algorithmZheadersZjson_encoderZ
time_claimZjson_payload)Ú	__class__r   r   r.   #   s    


zPyJWT.encodeÚ Tc                sà   |r| rt jd
tƒ | j|ƒ\}}}	}
|d kr:d|i}n|jd|ƒ tt| ƒj|f|||dœ|—Ž}ytj	|jdƒƒ}W n. t
k
r¨ } ztd| ƒ‚W Y d d }~X nX t|tƒs¼tdƒ‚|rÜt| j|ƒ}| j||f|Ž |S )Nz.It is strongly recommended that you pass in a z;value for the "algorithms" argument when calling decode(). z4This argument will be mandatory in a future version.r   )r2   Ú
algorithmsÚoptionszutf-8zInvalid payload string: %sz-Invalid payload string: must be a json objectziIt is strongly recommended that you pass in a value for the "algorithms" argument when calling decode(). zIt is strongly recommended that you pass in a value for the "algorithms" argument when calling decode(). This argument will be mandatory in a future version.)ÚwarningsÚwarnÚDeprecationWarningÚ_loadÚ
setdefaultr/   r   Údecoder,   ÚloadsÚ
ValueErrorr   r(   r   r   r7   Ú_validate_claims)r0   Zjwtr2   Zverifyr6   r7   Úkwargsr1   Zsigning_inputÚheaderZ	signatureZdecodedÚeZmerged_options)r4   r   r   r=   :   s*    
 


zPyJWT.decoder   c             K   sþ   d|kr$|j ddƒ|d< tjdtƒ t|tƒr6|jƒ }t|ttd ƒt	fƒsRt
dƒ‚| j||ƒ ttjƒ jƒ ƒ}d|krŽ|j dƒrŽ| j|||ƒ d|kr®|j d	ƒr®| j|||ƒ d
|krÎ|j dƒrÎ| j|||ƒ |j dƒrä| j||ƒ |j dƒrú| j||ƒ d S )NZverify_expirationTr   zXThe verify_expiration parameter is deprecated. Please use verify_exp in options instead.z,audience must be a string, iterable, or Noner#   r   r$   r   r"   r   r   )r*   r8   r9   r:   r(   r   Ztotal_secondsr   Útyper   r)   Ú_validate_required_claimsr   r   Zutcnowr+   Ú_validate_iatÚ_validate_nbfÚ_validate_expÚ_validate_issÚ_validate_aud)r0   r1   r7   ÚaudienceÚissuerÚleewayrA   Únowr   r   r   r@   ]   s(    


zPyJWT._validate_claimsc             C   sd   |j dƒr |j dƒd kr tdƒ‚|j dƒr@|j dƒd kr@tdƒ‚|j dƒr`|j dƒd kr`tdƒ‚d S )Nr   r"   r   r#   r   r$   )r*   r   )r0   r1   r7   r   r   r   rE      s    zPyJWT._validate_required_claimsc             C   s2   yt |d ƒ W n tk
r,   tdƒ‚Y nX d S )Nr#   z)Issued At claim (iat) must be an integer.)Úintr?   r   )r0   r1   rN   rM   r   r   r   rF   ‰   s    zPyJWT._validate_iatc             C   sF   yt |d ƒ}W n tk
r,   tdƒ‚Y nX ||| krBtdƒ‚d S )Nr$   z*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))rO   r?   r   r   )r0   r1   rN   rM   r$   r   r   r   rG      s    zPyJWT._validate_nbfc             C   sF   yt |d ƒ}W n tk
r,   tdƒ‚Y nX ||| k rBtdƒ‚d S )Nr"   z/Expiration Time claim (exp) must be an integer.zSignature has expired)rO   r?   r   r   )r0   r1   rN   rM   r"   r   r   r   rH   ˜   s    zPyJWT._validate_expc                sº   |d krd|krd S |d k	r,d|kr,t dƒ‚|d krDd|krDtdƒ‚|d ‰ tˆ tƒr\ˆ g‰ tˆ tƒsntdƒ‚tdd„ ˆ D ƒƒrˆtdƒ‚t|tƒr˜|g}t‡ fdd„|D ƒƒs¶tdƒ‚d S )NÚaudzInvalid audiencezInvalid claim format in tokenc             s   s   | ]}t |tƒ V  qd S )N)r(   r   )Ú.0Úcr   r   r   ú	<genexpr>¶   s    z&PyJWT._validate_aud.<locals>.<genexpr>c             3   s   | ]}|ˆ kV  qd S )Nr   )rQ   rP   )Úaudience_claimsr   r   rS   ¼   s    )r   r   r(   r   ÚlistÚany)r0   r1   rK   r   )rT   r   rJ   ¢   s"    


zPyJWT._validate_audc             C   s4   |d krd S d|krt dƒ‚|d |kr0tdƒ‚d S )NZisszInvalid issuer)r   r   )r0   r1   rL   r   r   r   rI   ¿   s    zPyJWT._validate_iss)r!   NN)r5   TNN)NNr   )Ú__name__Ú
__module__Ú__qualname__Zheader_typeÚstaticmethodr    r.   r=   r@   rE   rF   rG   rH   rJ   rI   Ú__classcell__r   r   )r4   r   r      s    # 
!
	
r   )!r,   r8   Zcalendarr   Úcollectionsr   r   r   r   Zapi_jwsr   r6   r	   r
   Úcompatr   Ú
exceptionsr   r   r   r   r   r   r   Zutilsr   r   Z_jwt_global_objr.   r=   Zregister_algorithmZunregister_algorithmZget_unverified_headerr   r   r   r   Ú<module>   s"   $ 9