. 0hMdZddlZddlZddlZddlZddlmZddlmZddlmZddlm Z ddl Z ddl Z ddl Z ddlmZddlmZdd lmZd Zd Zd Zd ZeejdZeejdZeejdZdZegdZdZdZ dZ!dZ"Gdde j#j$j%Z&GddZ'GddZ(Gd d!e j)Z*Gd"d#Z+Gd$d%Z,Gd&d'ej-Z.Gd(d)ej-Z/Gd*d+ej0Z1Gd,d-ej0Z2Gd.d/ej3Z4Gd0d1e4Z5Gd2d3e4Z6dS)4z1Firebase token minting and validation sub module.N) credentials)iam)jwt) transport) exceptions) _auth_utils) _http_clientzhttps://securetoken.google.com/zXhttps://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.comz$https://session.firebase.google.com/zEhttps://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys)minutes)days)hourszYhttps://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit)acramrat_hashaud auth_timeazpcnfc_hashexpfirebaseiatissjtinbfnoncesubzZhttp://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/emailRS256nonez"firebase-auth-emulator@example.comceZdZdZdZdZdS)_EmulatedSignerNcdSNselfs T/var/www/html/nourish/venv/lib/python3.11/site-packages/firebase_admin/_token_gen.py__init__z_EmulatedSigner.__init__Bs cdS)Nr+r&r(messages r)signz_EmulatedSigner.signEssr+)__name__ __module__ __qualname__key_idr*r/r&r+r)r#r#?s7 F   r+r#ceZdZdZefdZedZedZedZ e dZ e dZ e dZ d S) _SigningProviderz2Stores a reference to a google.auth.crypto.Signer.c0||_||_||_dSr%)_signer _signer_email_alg)r(signer signer_emailalgs r)r*z_SigningProvider.__init__Ls ) r+c|jSr%)r7r's r)r:z_SigningProvider.signerQs |r+c|jSr%)r8r's r)r;z_SigningProvider.signer_emailUs !!r+c|jSr%)r9r's r)r<z_SigningProvider.algYs yr+c6t|j|jSr%)r5r:r;)cls google_creds r)from_credentialz _SigningProvider.from_credential]s 2K4LMMMr+cNtj|||}t||Sr%)rSignerr5)rArequestrBservice_accountr:s r)from_iamz_SigningProvider.from_iamas%G[/BB888r+cPttttSr%)r5r#AUTH_EMULATOR_EMAILALGORITHM_NONE)rAs r) for_emulatorz_SigningProvider.for_emulatorfs 1 13FWWWr+N)r0r1r2__doc__ALGORITHM_RS256r*propertyr:r;r< classmethodrCrHrLr&r+r)r5r5Is<<1@ X""X"XNN[N99[9XX[XXXr+r5cHeZdZdZdZd dZdZedZd dZ dZ dS) TokenGeneratorz,Generates custom tokens and session cookies.z)https://identitytoolkit.googleapis.com/v1Nc||_||_tj|_|p|j}d||j|_ d|_ dS)Nz{0}/projects/{1}) app http_clientrrequestsRequestrFID_TOOLKIT_URLformat project_idbase_url_signing_provider)r(rTrU url_override url_prefixs r)r*zTokenGenerator.__init__ps[& )1133 !8T%8 *11*cnMM !%r+c6tjrtS|jj}t|tj j j rt |S|jj d}|r!t|j||St|t"jrt |S|t&ddi}|jdkr9t+d|j|j}t|j||S)zPInitializes a signing provider by following the go/firebase-admin-sign protocol.serviceAccountIdzMetadata-FlavorGoogle)urlheadersz2Failed to contact the local metadata service: {0}.)r is_emulatedr5rLrT credentialget_credential isinstancegoogleoauth2rG CredentialsrCoptionsgetrHrFrSigningMETADATA_SERVICE_URLstatus ValueErrorrYdatadecode)r(rBrGresps r)_init_signing_providerz%TokenGenerator._init_signing_providerxsa  " $ $ 3#0022 2h)88:: k6=#@#L M M A#33K@@ @(*../ABB  Y#,,T\;XX X k;#6 7 7 A#33K@@ @|| 4?PRZ>[|\\ ;#  DKKDIL\L\L^L^__aa a)**,,(({OTTTr+c|jsR ||_n7#t$r*}d}td||d}~wwxYw|jS)z@Initializes and returns the SigningProvider instance to be used.z@https://firebase.google.com/docs/auth/admin/create-custom-tokenszFailed to determine service account: {0}. Make sure to initialize the SDK with service account credentials or specify a service account ID with iam.serviceAccounts.signBlob permission. Please refer to {1} for more details on creating custom tokens.N)r\ru ExceptionrqrY)r(errorrbs r)signing_providerzTokenGenerator.signing_providers% M M)-)D)D)F)F&& M M MX 9:@s9K9K MMM M%%s# A%AAc~|t|tstdt|t z}|rst |dkr)dd|}n(dd|}t||r(t|trt |dkrtd|j }ttj }|j |j t|||tzd }|r||d <|||d <d |ji} t#j|j|| S#t(jjj$r*} d| } t1| | d} ~ wwxYw)z.Builds and signs a Firebase custom auth token.Nz%developer_claims must be a dictionaryrz:Developer claims {0} are reserved and cannot be specified.z, z8Developer claim {0} is reserved and cannot be specified.z2uid must be a string between 1 and 128 characters.)rrruidrr tenant_idclaimsr<)headerz Failed to sign custom token. {0})rhdictrqsetkeysRESERVED_CLAIMSlenrYjoinstrryinttimer;FIREBASE_AUDIENCEMAX_TOKEN_LIFETIME_SECONDSr<rencoder:riauthrTransportErrorTokenSignError) r(r|developer_claimsr}disallowed_keys error_messagerynowpayloadrrxmsgs r)create_custom_tokenz"TokenGenerator.create_custom_tokens  '.55 J !HIII!"2"7"7"9"9::_LO 0''!++&<> > ?s3 GH)G==Hr%)NN) r0r1r2rMrXr*rurOryrrr&r+r)rRrRks66@N&&&&UUU: & &X &*-*-*-*-Z - - - - -r+rRcNeZdZdZddZedZedZd dZdS) CertificateFetchRequestzyA google-auth transport that supports HTTP cache-control. Also injects a timeout to each outgoing HTTP request. Nctjtj|_t j|j|_||_ dSr%) cachecontrol CacheControlrVSession_sessionrrWsession _delegate_timeout_seconds)r(timeout_secondss r)r*z CertificateFetchRequest.__init__sE$1(2B2D2DEE "+33DLAA /r+c|jSr%)rr's r)rzCertificateFetchRequest.sessions }r+c|jSr%)rr's r)rz'CertificateFetchRequest.timeout_secondss $$r+GETc :|p|j}|j|f||||d|S)N)methodrrctimeout)rr)r(rbrrrcrkwargss r)__call__z CertificateFetchRequest.__call__sI1T1t~ WT7GWWOUWW Wr+r%)rNNN) r0r1r2rMr*rOrrrr&r+r)rrs 0000 X%%X%WWWWWWr+rc(eZdZdZdZddZddZdS) TokenVerifierz'Verifies ID tokens and session cookies.c V|jdtj}t ||_t |jdddtttj t|_ t |jdddttt t"|_dS)N httpTimeoutzID tokenzverify_id_token()zDVDN=S=S UU U  ! !%7"%<%<]*++-- -11%88U##;;u%%++e$$+7 ((.t(?(?  : @ @4? [ [ *,, ( ( (0HII M! D&**U"3"3! Dzz%  G++ 1111"'7;;sB+?+?"?"?#VDND4LMM !C I I$/ Z Z  Dfjj//7::#VDOVZZ5F5FH[\\ M ( (%%+VDOT_h,@BU&W&W M & &%%+VDO_f,@BU&W&W M_Jw$<$<_fT_.ABB M DfT_.ABB M\\C  fT_.ABB   ;++M:: : E >")"(-"8"E"E#!_"m*< #F#>#> &5U%;OE "" "{%4 A A A'E %@@@ @ E E E#e**,,//E %/HHH++CJJe+DD D Es&?AOQ&O;; Q&AQ!!Q&c tj|}tj|d}||fS#t$r)}|t ||d}~wwxYw)NF)rr)r decode_headerrsrqrr)r(rrrrxs r)rz_JWTVerifier._decode_unverifiedsx E&u--Fju555G7? " E E E++CJJe+DD D Es-0 A#$AA#Nr)r0r1r2rMr*rrr&r+r)rr+s]@@ F F F^E^E^E^E@EEEEEr+rceZdZdZdZdS)rz7Unexpected error while signing a Firebase custom token.cHtj|||dSr%r UnknownErrorr*r(r.rs r)r*zTokenSignError.__init__#((w>>>>>r+Nr0r1r2rMr*r&r+r)rrs)AA?????r+rceZdZdZdZdS)rzHFailed to fetch some public key certificates required to verify a token.cHtj|||dSr%rrs r)r*zCertificateFetchError.__init__rr+Nrr&r+r)rrs)RR?????r+rceZdZdZdZdS)rz!The provided ID token is expired.cHtj|||dSr%rrr*rs r)r*zExpiredIdTokenError.__init__s#'00wFFFFFr+Nrr&r+r)rrs.++GGGGGr+rceZdZdZdZdS)RevokedIdTokenErrorz'The provided ID token has been revoked.cFtj||dSr%r r-s r)r*zRevokedIdTokenError.__init__s!'00w?????r+Nrr&r+r)r r s.11@@@@@r+r ceZdZdZddZdS)rz;The provided string is not a valid Firebase session cookie.NcHtj|||dSr%)rInvalidArgumentErrorr*rs r)r*z"InvalidSessionCookieError.__init__s#'00wFFFFFr+r%rr&r+r)rrs4EEGGGGGGr+rceZdZdZdZdS)rz'The provided session cookie is expired.c>t|||dSr%rr*rs r)r*z"ExpiredSessionCookieError.__init__s !**4%@@@@@r+Nrr&r+r)rrs.11AAAAAr+rceZdZdZdZdS)RevokedSessionCookieErrorz-The provided session cookie has been revoked.c<t||dSr%rr-s r)r*z"RevokedSessionCookieError.__init__s!**499999r+Nrr&r+r)rrs)77:::::r+r)7rMrrrrV google.authrrrrgoogle.auth.exceptionsrigoogle.oauth2.id_tokengoogle.oauth2.service_accountfirebase_adminrrr rrrrrrrrrrrrrrorNrKrJrcryptrEr#r5rRrWrrrrrrrrr rrrrr&r+r)rsR87 ######!!!!!!$$$$%%%%%%&&&&&&'''''';>>Y&)c*<(*