ɯeiN-&ddlmZddlZddlZddlZddlmZddlmZm Z m Z ddl m Z m Z mZddlmZmZmZmZddlmZmZdd lmZmZmZdd lmZmZdd lmZd d l m!Z!d dl"m#Z#m$Z$erddl m%Z%ejLe'Z(dZ)dZ*Gdde#Z+y)) annotationsN)partial) TYPE_CHECKINGAnyCallable)unescape urlencodeurlsplit)HTTP_HEADER_ACCEPTHTTP_HEADER_CONTENT_TYPEHTTP_HEADER_SERVICE_NAMEHTTP_HEADER_USER_AGENT)ER_IDP_CONNECTION_ERRORER_INCORRECT_DESTINATION) DatabaseErrorErrorRefreshTokenError)CONTENT_TYPE_APPLICATION_JSONPYTHON_CONNECTOR_USER_AGENT)'SQLSTATE_CONNECTION_WAS_NOT_ESTABLISHED)Auth) AuthByPluginAuthType)SnowflakeConnectionc t|}t|}|j}|s|jdk(rd}|j}|s|jdk(rd}|j|jk(xr ||k(xr|j|jk(S)zChecks if URL prefixes are identical. The scheme, hostname and port number are compared. If the port number is not specified and the scheme is https, the port number is assumed to be 443. https443)r portschemehostname)url1url2 parsed_url1 parsed_url2port1port2s _/var/www/html/glpi_dashboard/venv/lib/python3.12/site-packages/snowflake/connector/auth/okta.py_is_prefix_equalr*s 4.K4.K   E [''72   E [''72  4 44 5 UN 5   +"4"4 4ctj||jd}|jd|}|jd|dz}t||dz|S)zGets the post back URL. Since the HTML is not well-formed, minidom cannot be used to convert to DOM. The first discovered form is assumed to be the form to post back and the URL is taken from action attributes. z1JJ&COL499;$>TX! $ -#4 $+/!0! }% K IJ K+"diikL&@s#A CC)(C)c tjdt|}dj|jj |jj |jj}t|ddsYt||sMtj|jjdtdj||ttd||_y) Nz4step 5: validate post_back_url matches Snowflake URLz{protocol}://{host}:{port})protocolhostr _disable_saml_url_checkFzThe specified authenticator and destination URL in the SAML assertion do not match: expected: {url}, post back: {post_back_url})r post_back_urlr)r/r0r6rry _protocol_host_portgetattrr*rrr}rrrr=)r?rXrarfull_urls r)rWzAuthByOkta._step52s  KL4]C /66ZZ))!!!!7  t6>GW 8H   & & &&56rsr"  //22 J<<P>-&   8 $. 3O,O,r+