ɯeiGVddlmZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ddl mZmZddlmZmZmZmZmZddlmZmZmZmZddlmZmZmZmZdd l m!Z!dd l"m#Z#m$Z$m%Z%dd l&m'Z'd d l(m)Z)d dl*m+Z+m,Z,erddl(m-Z-ej\e/Z0dZ1Gdde+Z2y)) annotationsN) ModuleType) TYPE_CHECKINGAny) IS_WINDOWSparse_qs urlencodeurlparseurlsplit)HTTP_HEADER_ACCEPTHTTP_HEADER_CONTENT_TYPEHTTP_HEADER_SERVICE_NAMEHTTP_HEADER_USER_AGENT)ER_IDP_CONNECTION_ERRORER_INVALID_VALUEER_NO_HOSTNAME_FOUNDER_UNABLE_TO_OPEN_BROWSER)OperationalError)CONTENT_TYPE_APPLICATION_JSONEXTERNAL_BROWSER_AUTHENTICATORPYTHON_CONNECTOR_USER_AGENT) is_valid_url)Auth) AuthByPluginAuthType)SnowflakeConnectioni@cJeZdZdZ d dfd ZddZeddZeddZddZ ddZ ddZ dd Z dd Z dd Z dd Zd d Zd!dZd"dZd#dZd$dZ d%dZ d&dZxZS)'AuthByWebBrowserzKAuthenticates user by web browser. Only used for SAML based authentication.c t|di|d|_d|_||_d|_|t n||_|tjn||_ ||_ ||_ ||_ d|_ y)NT)super__init__consent_cache_id_token_token _application _proof_key webbrowser _webbrowsersocket_socket _protocol_host_port_origin) self applicationwebbrowser_pkg socket_pkgprotocolhostportkwargs __class__s e/var/www/html/glpi_dashboard/venv/lib/python3.12/site-packages/snowflake/connector/auth/webbrowser.pyr$zAuthByWebBrowser.__init__6sz "6"&*#"& '(0Jn (/FMMZ "   cd|_yNr&r1s r: reset_secretszAuthByWebBrowser.reset_secretsPs  r;c"tjSr=)rEXTERNAL_BROWSERr?s r:type_zAuthByWebBrowser.type_Ss(((r;c|jS)zReturns the token.r>r?s r:assertion_contentz"AuthByWebBrowser.assertion_contentWs{{r;cdt|dd<|j|dd<|j|dd<y)zUsed by Auth to update the request that gets sent to /v1/login-request. Args: body: existing request dictionary data AUTHENTICATORTOKEN PROOF_KEYN)rr&r()r1bodys r: update_bodyzAuthByWebBrowser.update_body\s7 )GV _% $ V W$(OOV [!r;c tjd|jtjtj }t jddjdk(rKtrtjdn/|jtjtjd t jdd} |j|tt jd d f|j+d |j-d} |j.r,tjd|j1||||| |} n(tjd|j3|| |} tjdt5| s0|j7|t8d| dd |j;yt=dtjdt=d| d|j>jA| } | r t=d| s't jddjdk(r(tjd|jC||n_t=dtEd} |jG| |jHs,|j7|tJdd |j;y|j;y#tj $r>} | j"d tj$k(rt'|d |d t( | d} ~ wwxYw#|j;wxYw) z!Web Browser based Authentication.zauthenticating by Web Browser SNOWFLAKE_AUTH_SOCKET_REUSE_PORTFalsetruezUConfiguration SNOWFLAKE_AUTH_SOCKET_REUSE_PORT is not available in Windows. Ignoring.rSF_AUTH_SOCKET_ADDR localhostSF_AUTH_SOCKET_PORTrz% is not found. Ensure /etc/hosts has z entry.)msgerrnoNz"step 1: query GS to obtain SSO urlz&step 1: constructing console login urlzValidate SSO URLzThe SSO URL provided z is invalidcodemessageconnretz\Initiating login request with your identity provider. Press CTRL+C to abort and try again...zstep 2: open a browserzGoing to open: z to authenticate...zA browser window should have opened for you to complete the login. If you can't see it, check existing browser windows, or your OS settings.SNOWFLAKE_AUTH_FORCE_SERVERzstep 3: accept SAML tokenzWe were unable to open a browser window for you, please open the url above manually then paste the URL you are redirected to into the terminal.z-Enter the URL the SSO URL redirected you to: zKUnable to open a browser in this environment and SSO URL contained no token)&loggerdebugr,r+AF_INET SOCK_STREAMosgetenvlowerrwarning setsockopt SOL_SOCKET SO_REUSEPORTbindintgaierrorargs EAI_NONAMErrlisten getsockname_disable_console_login _get_sso_url_get_console_login_urlr_handle_failurercloseprintr*open_new_receive_saml_tokeninput_process_get_urlr&r)r1rZ authenticator service_nameaccountuserr8socket_connectionhostnameex callback_portsso_urlbrowser_openedurls r:preparezAuthByWebBrowser.preparefs  45!LL9K9KL 997 A G G IV Sk",,V->->@S@SUVWT &yy!6 DH !&& BII&;Q?@  $ $Q '-99;A>M** AB++-w t EF55dM4P LL+ ,($$ 0&;G9K$P%Z  # # %W n  LL1 2 OG9,?@ A!--66w?N+99:GDJJLPVV 89((/@AC KL%%c*{{((!$=!=)   # # %  # # %W?? 771:!2!22*'j(M#*G-2 H V  # # %s87L>0K*>CL>C5L>*L;=9L66L;;L>>Mc ,|j|ddiS)NsuccessT)authenticate_with_retry)r1rZr8s r:reauthenticatezAuthByWebBrowser.reauthenticates $$T*4  r;c d}t}d}d}tjddjdk(}tr|rt j dd}t|dk(r||kr|d z }tj|ggg\}} } |de|j\}} |r:t jd |jttj}n|jt}t|dk(r||kr|j%dj'd} |j)| |sD|j+|| | |j-tj.|j1y |j-tj.|j1#t$rdt jd ||kr1d } t jd | dt!j"| nt jdY(wxYw#j-tj.|j1wxYw)z%Receives SAML token from web browser.rN"SNOWFLAKE_AUTH_SOCKET_MSG_DONTWAITfalserPzWConfiguration SNOWFLAKE_AUTH_SOCKET_MSG_DONTWAIT is not available in Windows. Ignoring.FrzcCalling socket_client.recv with MSG_DONTWAIT flag due to SNOWFLAKE_AUTH_SOCKET_MSG_DONTWAIT env varz[BlockingIOError raised from socket.recv while attempting to retrieve callback token requestg?zWaiting z seconds before trying againzExceeded retry countutf-8 ) bytearrayrarbrcrr]rdlenselectacceptr^recvBUF_SIZEr+ MSG_DONTWAITBlockingIOErrortimesleepdecodesplit_process_options_process_receive_saml_tokenshutdown SHUT_RDWRrs)r1rZr}attemptsraw_data socket_client max_attempts msg_dont_wait read_sockets_write_sockets_exception_sockets_ sleep_timerGs r:rvz$AuthByWebBrowser._receive_saml_tokens@@ &$; $ ! IIBGLRRT$u%*M(mq(X -DMHGM}}*+RHDL.2D$A2+<+C+C+E( qE,!' %J!",9+=+=$,f.A.A,",9+=+=h+G-(mq(X -DJ w/55f=,,T=A44T4O&&v'7'78##% B &&v'7'78##%CX / E"LL } (,6-1 & &.zl:V$W!"!% : 6 & -C D E(&&v'7'78##%s9B"H#&AF37H# AH#3A)H H#H  H##1Ic|D]}|jdsny|j||j|\}}|sy|j|sy||_ddj t jdt jdd|dd |jd d g}|jd j|jd y )z'Allows JS Ajax access to this endpoint.zOPTIONS FHTTP/1.1 200 OKzDate: {}z%a, %d %b %Y %H:%M:%S GMTz'Access-Control-Allow-Methods: POST, GETzAccess-Control-Allow-Headers: zAccess-Control-Max-Age: 86400Access-Control-Allow-Origin: rrT) startswith_get_user_agent_check_post_requested_validate_originr0formatrstrftimegmtimesendalljoinencode)r1rGrlinerequested_headersrequested_origincontents r:rz!AuthByWebBrowser._process_options"s Dz*  T".2.H.H.N++ $$%56'     94;;=I  6,->,? @ ++DLL> :     fkk'299'BCr;ct|}|jjd}|d}t|dkDr|dn|jdk(rdnd}|j |jk(xr ||j k(xr||jk(S)N:rrhttpsiP)r netlocrrr-schemer.r/)r1rr[rhost_gotport_gots r:rz!AuthByWebBrowser._validate_originCs'(!!#&!9VqF1Idnn6OsUW  JJ$.. ( 'DJJ& 'DJJ& r;c|j|s|j||syddg}|jrSd|ji}t j |}|j d|j|j dnd|jd}|j dt||j d |j ||jd j|jd y) NrzContent-Type: text/htmlconsentrzVary: Accept-Encoding, Originz SAML Response for Snowflake Your identity was confirmed and propagated to Snowflake zR. You can close this window now and go back where you started from. zContent-Length: rrr) _process_get _process_postr0r%jsondumpsappendr'rrrr)r1rZrGrrrTs r:rz,AuthByWebBrowser._process_receive_saml_tokenQs  &t/A/A$/M   %  <<t::;D**T"C NN:4<<.I J NN: ;9 :>9J9J8KL C )#c(45rsfkk'299'BCr;cd}d}d}|D]>}|jdr|}|jdr|}+|jds=|}@|r)|r'|r%|jddjdk7ry|jddjdj|jdddjfS)NzAccess-Control-Request-Method:zAccess-Control-Request-Headers:zOrigin:rrPOST)NN)rrstripr)r1rG request_line header_line origin_liners r:rz&AuthByWebBrowser._check_post_requestedos    #D?@# !BC" +"  #!!#&q)//1V;   c "1 % + + - HH[&&s+AB/ 0 6 6 8  r;cttt|j}d|vs|ddsy|dd|_y)Ntokenr)r r queryr&)r1rparseds r:rxz!AuthByWebBrowser._process_get_urls<(3---. & w(: Woa( r;c|D]}|jds|}ny|j||j\}}}|j|y)NzGET FT)rrrrx)r1rGr target_linerrs r:rzAuthByWebBrowser._process_gets] Dv&"    T"%%' 3 c"r;cl|D]}|jdsn|j|tddy|j| t j |d}|j d|_|j dd |_y #t$rt|ddd |_Yy wxYw) NzPOST zLInvalid HTTP request from web browser. Idp authentication could have failed.rVrYFrrTr) rrrrrrloadsgetr&r% Exceptionr )r1rZrGrpayloads r:rzAuthByWebBrowser._process_posts Dw'   3 8 !  T" 9jjb*G!++g.DK*1++i*FD ' 9"48,W5a8DK 9sAB"B32B3c|D]8}|jjds#tj|ytjdy)Nz user-agentz No User-Agent)rcrr]r^)r1rGrs r:rz AuthByWebBrowser._get_user_agentsB *Dzz|&&|4 T" * LL )r;c>tttttti}|r ||t <d}t j|||j|j|j|j|j|j|j|j|j |j"j$j'd } || dd<t)|| dd<t*j-d||||j.j1||t3j4| |j.j6j|j.j6j } | d s|j9|| | d} | d } | d |_| S)zGets SSO URL from Snowflake.z/session/authenticator-requestF) use_pooling)session_managerrGrHBROWSER_MODE_REDIRECT_PORTz%account=%s, authenticator=%s, user=%s)timeoutsocket_timeoutrrYssoUrlproofKey)rrr rrrrbase_auth_datar2_internal_application_name_internal_application_version _ocsp_modecert_revocation_check_mode login_timeoutnetwork_timeoutr"platform_detection_timeout_secondsrestrclonestrr]r^_rest _post_requestrr _connectionrrr() r1rZryrzr{rr|headersrrKr[rGrs r:rpzAuthByWebBrowser._get_sso_urls %&C  = "$?  0+>r+BCJJ7S JJ ! ! "&26!%    +C512 r;)NNNNN)r2rr3zModuleType | Noner4ztype[socket.socket] | Noner5 str | Noner6rr7rreturnNone)rr)rr)rr)rKzdict[Any, Any]rr)rZrryrrzrr{rr|rr8rrr)rZrr8rrzdict[str, bool])rZrrr)rG list[str]r socket.socketrbool)rrrr)rZrrGrrrrr)rGrrztuple[str | None, str | None])rrrr)rGrrr)rZrrGrrr)rGrrr)rZrryrrzrr{rrrir|rrr)rZrr7rir|rrr)__name__ __module__ __qualname____doc__r$r@propertyrCrErLrrrvrrrrrxrrrrprq __classcell__)r9s@r:r r 3sU -115#*/      4))4l&"l& l& ! l&  l&l&l& l&\!"! !  !C&JB  D'D/8DIVD D< 2) 4*3!33! 3  3  33 3j'/2:= r;r )3 __future__rrrloggingrarrr+rr)typesrtypingrrcompatrr r r r constantsr rrr errorcoderrrrerrorsrnetworkrrrurl_utilrrr by_pluginrrr getLoggerrr]rr r"r;r:rs"   %HH  & $-&   8 $ O|Or;