3fiΉxddlmZddlZddlZddlZddlZddlmZddl m Z m Z m Z m Z ddlmZe rddlmZej$eZhdZGdd e ZGd d eZGd d eZGddeZGddeZGddeZGddeZGddeZGddeZGddeZy)) annotationsN)Path)OptionalProtocolUnion TYPE_CHECKING) TokenCache) Connection>openidprofileoffline_accessc eZdZdZddZddZy)CryptographyManagerTypezAbstract cryptography managercyNselfdatas N/var/www/auto_recruiter/arenv/lib/python3.12/site-packages/O365/utils/token.pyencryptzCryptographyManagerType.encryptcyrrrs rdecryptzCryptographyManagerType.decryptrrN)rstrreturnbytes)rrrr)__name__ __module__ __qualname____doc__rrrrrrrs '..rrc@eZdZdZeZfdZeddZdd ddZ ddddZ ddddZ d d Z d!d Z ddd  d"d Zddd#d Zddd#dZddd#dZddd d$dZd%dZd&fd Zd'd&fd Zd(dZd)dZddZd*ddZddZddZd'dd d+dZxZS),BaseTokenBackendzA base token storage classc>t|d|_d|_y)NF)super__init___has_state_changedcryptography_manager)r __class__s rr'zBaseTokenBackend.__init__"s (-GK!rc,t|jS)z$Does the token backend contain data.)bool_cachers rhas_datazBaseTokenBackend.has_data(sDKK  rNusernamec|j|}|y|jd}|yt|}tjj |S)a' Returns the current access token expiration datetime If the refresh token is present, then the expiration datetime is extended by 3 months :param str username: The username from which check the tokens :return dt.datetime or None: The expiration datetime r0N expires_on)get_access_tokengetintdtdatetime fromtimestamp)rr1 access_tokenr3s rtoken_expiration_datetimez*BaseTokenBackend.token_expiration_datetime-sW,,h,?  !%%l3  ZJ;;,,Z8 8rcn|j|}|ytjj|kDS)z Checks whether the current access token is expired :param str username: The username from which check the tokens :return bool: True if the token is expired, False otherwise r0T)r;r7r8now)rr1r;s rtoken_is_expiredz!BaseTokenBackend.token_is_expiredBs8 %)$B$BH$B$U! $ ,;;??$'@@ @rc*|j|duS)z0Returns if the token backend has a refresh tokenr0N)get_refresh_token)rr1s rtoken_is_long_livedz$BaseTokenBackend.token_is_long_livedNs%%x%8DDrct|jtjjd|i}|r|dj dSt jd|y)zQGets the home_account_id string from the ACCOUNT cache for the specified usernamer1queryrhome_account_idzNo account found for username: N)listsearchr CredentialTypeACCOUNTr5logdebug)rr1results r_get_home_account_idz%BaseTokenBackend._get_home_account_idRs_ KK 1199*hAWK X  !9==!23 3 II7zB Crcft|jtjjS)z9Returns a list of all accounts present in the token cache)rFrGr rHrIr.s rget_all_accountsz!BaseTokenBackend.get_all_accounts^s"DKK 9 9 A ABCCr)r1rEc|r |r tdd}|d|i}|d|i}t|jtjj |}|r|dSy)zEGets the account object for the specified username or home_account_idzTProvide nothing or either username or home_account_id to "get_account", but not bothNr1rErCr) ValueErrorrFrGr rHrI)rr1rErDrLs r get_accountzBaseTokenBackend.get_accountbss f   *E  &&8Edkk*";";"C"C5kQR !9 rcd}||j|}|rd|i}nyt|jtjj |}|r|dSdS)z Retrieve the stored access token If username is None, then the first access token will be retrieved :param str username: The username from which retrieve the access token NrErCr)rMrFrGr rH ACCESS_TOKENrr1rDrEresultss rr4z!BaseTokenBackend.get_access_tokenxsd   "77AO*O<t{{:#<#<#I#IQV{WX$wqz.$.rcd}||j|}|rd|i}nyt|jtjj |}|r|dSdS)zRetrieve the stored refresh token If username is None, then the first access token will be retrieved :param str username: The username from which retrieve the refresh token NrErCr)rMrFrGr rH REFRESH_TOKENrUs rr@z"BaseTokenBackend.get_refresh_tokensh   "77AO*O< KK 11??uK M %wqz.$.rcd}||j|}|rd|i}nyt|jtjj |}|r|dSdS)zRetrieve the stored id token If username is None, then the first id token will be retrieved :param str username: The username from which retrieve the id token NrErCr)rMrFrGr rHID_TOKENrUs r get_id_tokenzBaseTokenBackend.get_id_tokensc   "77AO*O<t{{:#<#<#E#EU{ST$wqz.$.rF)r1remove_reservedc|j|xs|j|}|r@|jd}|r-|jd}|r|Dcgc] }|tvs |}}|Sycc}w)a  Retrieve the scopes the token (refresh first then access) has permissions on :param str username: The username from which retrieve the refresh token :param bool remove_reserved: if True RESERVED_SCOPES will be removed from the list r0target N)r@r4r5splitRESERVED_SCOPES)rr1r\token scopes_strscopesscopes rget_token_scopesz!BaseTokenBackend.get_token_scopess&&&9 T=R=R>S>  8,J#))#."17X5;WeXFX Ys  A*!A*c|j|}|syd|i}t|jtjj |}|D]}|j |t|jtjj|}|D]}|j|t|jtjj|}|D]}|j|t|jtjj|}|D]}|j|d|_ y)z Removes all tokens and all related data from the token cache for the specified username. Returns success or failure. :param str username: The username from which remove the tokens and related data FrErCT)rMrFrGr rHrZ remove_idtrT remove_atrX remove_rtrIremove_accountr() rr1rErDrVid_tokenr: refresh_tokenaccounts r remove_datazBaseTokenBackend.remove_datas9 33H="O4t{{:#<#<#E#EU{ST &H OOH % &t{{:#<#<#I#IQV{WX# )L NN< ( ) KK 11??uK M % *M NN= ) *t{{:#<#<#D#DE{RS )G    ( )#'rc 4t||fi|d|_y)zAdd to the current cache.TN)r&addr()reventkwargsr*s rrqzBaseTokenBackend.adds  E$V$"&rc6t||||d|_y)zModify content in the cache.TN)r&modifyr()rcredential_type old_entrynew_key_value_pairsr*s rruzBaseTokenBackend.modifys  3FG"&rc|j5d|_|jj|jd}|j |j j |}|cdddS#1swYyxYw)z0Serialize the current cache state into a string.F)indentN)_lockr( serializerdumpsr-r)r)r token_strs r serializezBaseTokenBackend.serializesh ZZ &+D #--dkk!-DI((4 55==iH     s AA..A7c|j5d|_|j|jj|}|r|jj |nicdddS#1swYyxYw)zEDeserialize the cache from a state previously obtained by serialize()FN)r|r(r)rr}loads)rtoken_cache_states r deserializezBaseTokenBackend.deserializesf ZZ Y&+D #((4$($=$=$E$EFW$X!?P4??(():;VX  Y Y Ys A A$$A-ct)z Abstract method that will retrieve the token data from the backend This MUST be implemented in subclasses NotImplementedErrorr.s r load_tokenzBaseTokenBackend.load_token "!rct)z Abstract method that will save the token data into the backend This MUST be implemented in subclasses rrforces r save_tokenzBaseTokenBackend.save_tokenrrct)z=Optional Abstract method to delete the token from the backendrr.s r delete_tokenzBaseTokenBackend.delete_token !!rct)zHOptional Abstract method to check for the token existence in the backendrr.s r check_tokenzBaseTokenBackend.check_tokenrrcy)a This method is intended to be implemented for environments where multiple Connection instances are running on parallel. This method should check if it's time to refresh the token or not. The chosen backend can store a flag somewhere to answer this question. This can avoid race conditions between different instances trying to refresh the token at once, when only one should make the refresh. This is an example of how to achieve this: 1. Along with the token store a Flag 2. The first to see the Flag as True must transactional update it to False. This method then returns True and therefore the connection will refresh the token. 3. The save_token method should be rewritten to also update the flag back to True always. 4. Meanwhile between steps 2 and 3, any other token backend checking for this method should get the flag with a False value. | This method should then wait and check again the flag. | This can be implemented as a call with an incremental backoff factor to avoid too many calls to the database. | At a given point in time, the flag will return True. | Then this method should load the token and finally return False signaling there is no need to refresh the token. | If this returns True, then the Connection will refresh the token. | If this returns False, then the Connection will NOT refresh the token as it was refreshed by another instance or thread. | If this returns None, then this method has already executed the refresh and also updated the access token into the connection session and therefore the Connection does not have to. By default, this always returns True There is an example of this in the example's folder. :param con: the Connection instance passed by the caller. This is passed because maybe the locking mechanism needs to refresh the token within the lock applied in this method. :param username: The username from which retrieve the refresh token :return: | True if the Connection should refresh the token | False if the Connection should not refresh the token as it was refreshed by another instance | None if the token was refreshed by this method and therefore the Connection should do nothing. Tr)rconr1s rshould_refresh_tokenz%BaseTokenBackend.should_refresh_tokens`rrr,)r1 Optional[str]rzOptional[dt.datetime])r1rrr,)r1rrr)rz list[dict])r1rrErrOptional[dict])r1rrr)r1rr\r,rzOptional[list])r1rrr,)rNoner)rUnion[bytes, str])rrrdictF)rzOptional[Connection]r1rrzOptional[bool])rr r!r"jsonr}r'propertyr/r;r>rArMrOrRr4r@r[rfrorqrurrrrrrr __classcell__r*s@rr$r$s$JL !! ,09(9 9*=A A@DE D ,0RV(BO ,=A/">B/$9=/",0(BF (#J' ' Y""""07;0'40@N0rr$cLeZdZdZdfd ZdZd dZd d dZd dZd dZ xZ S) FileSystemTokenBackendz0A token backend based on files on the filesystemct|t|ts|r t|n t}|j r||_y|xsd}||z |_y)z Init Backend :param str or Path token_path: the path where to store the token :param str token_filename: the name of the token file zo365_token.txtN)r&r' isinstanceris_file token_path)rrtoken_filenamer*s rr'zFileSystemTokenBackend.__init__KsT *d+-7j)TVJ    (DO+?/?N(>9DOrc,t|jSr)rrr.s r__repr__zFileSystemTokenBackend.__repr__\s4??##rcH|jjr||jjd5}|j|j }d|vr t d||_tjd|jdddyy#1swYyxYw)z} Retrieves the token from the File System and stores it in the cache :return bool: Success / Failure rr:zqThe token you are trying to load is not valid anymore. Please delete the token and proceed to authenticate again.zToken loaded from NTF) rexistsopenrreadrQr-rJrK)r token_file token_dicts rrz!FileSystemTokenBackend.load_token_s ?? ! ! #%%c* Bj!--joo.?@ !Z/$U)  .t.?@A B Bs ABB!c|jsy|dur|jdury |jjj s&|jjj d|jjd5}|j|jdddy#t $r"}tjd|Yd}~yd}~wwxYw#1swYyxYw)z Saves the token cache dict in the specified file Will create the folder if it doesn't exist :param bool force: Force save even when state has not changed :return bool: Success / Failure FT)parentsToken could not be saved: Nw) r-r(rparentrmkdir ExceptionrJerrorrwriter)rrers rrz!FileSystemTokenBackend.save_tokenqs{{ E>d55> ??))002&&,,T,: __ ! !# & /*   T^^- . /   II21#6 7  /s$A B0 C0 C9CCC'cn|jjr|jjyy)zP Deletes the token file :return bool: Success / Failure TF)rrunlinkr.s rrz#FileSystemTokenBackend.delete_tokens* ?? ! ! # OO " " $rc6|jjS)zt Checks if the token exists in the filesystem :return bool: True if exists, False otherwise )rrr.s rrz"FileSystemTokenBackend.check_tokens %%''r)NNrr rr r!r"r'rrrrrrrs@rrrHs$::"$$0(rrc(eZdZdZdZddZdddZy)MemoryTokenBackendz!A token backend stored in memory.cy)Nrrr.s rrzMemoryTokenBackend.__repr__#rcyNTrr.s rrzMemoryTokenBackend.load_tokenrcyrrrs rrzMemoryTokenBackend.save_tokenrrNrr)rr r!r"rrrrrrrrs+$rrcLeZdZdZdfd ZdZd dZd d dZd dZd dZ xZ S) EnvTokenBackendz0A token backend based on environmental variable.cDt||r||_yd|_y)z Init Backend :param str token_env_name: the name of the environmental variable that will hold the token O365TOKENN)r&r'token_env_name)rrr*s rr'zEnvTokenBackend.__init__s# 1?nKrc,t|jSr)rrr.s rrzEnvTokenBackend.__repr__s4&&''rc|jtjvr>|jtjj |j|_yy)zm Retrieves the token from the environmental variable :return bool: Success / Failure TF)rosenvironrr5r-r.s rrzEnvTokenBackend.load_tokensA   "** ,**2::>>$:M:M+NODKrc|jsy|dur|jdury|jtj|j <y)z Saves the token dict in the specified environmental variable :param bool force: Force save even when state has not changed :return bool: Success / Failure FT)r-r(rrrrrs rrzEnvTokenBackend.save_tokensC {{ E>d55>*...*: 4&&'rct|jtjvrtj|j=yy)zb Deletes the token environmental variable :return bool: Success / Failure TFrrrr.s rrzEnvTokenBackend.delete_tokens.   "** , 4../rc:|jtjvS)z Checks if the token exists in the environmental variables :return bool: True if exists, False otherwise rr.s rrzEnvTokenBackend.check_tokens ""bjj00rrrrrrs@rrrs%:P( 1rrcLeZdZdZdfd ZdZd dZd d dZd dZd dZ xZ S) FirestoreBackendz3A Google Firestore database backend to store tokensct|||_||_||_|j|j ||_||_y)ax Init Backend :param firestore.Client client: the firestore Client instance :param str collection: the firestore collection where to store tokens (can be a field_path) :param str doc_id: # the key of the token document. Must be unique per-case. :param str field_name: the name of the field that stores the token in the document N)r&r'client collectiondoc_iddocumentdoc_ref field_name)rrrrrr*s rr'zFirestoreBackend.__init__sI  $ ((4==fE $rc:d|jd|jS)Nz Collection: z . Doc Id: )rrr.s rrzFirestoreBackend.__repr__sdoo.j FFrc R |jj}|r@|jr4|j|j}|r|j||_ yy#t$r>}tj d|j d|j d|d}Yd}~d}~wwxYw)\ Retrieves the token from the store :return bool: Success / Failure Token (collection: , doc_id: +) could not be retrieved from the backend: NTF) rr5rrJrrrrrrr-)rdocrrs rrzFirestoreBackend.load_tokens  ,,""$C 3::0I"..y9   II%doo%6j N<<=3@ C  sA B&(4B!!B&c |jsy|dur|jdury |jj|j|j iy#t $r"}tjd|Yd}~yd}~wwxYw) Saves the token dict in the store :param bool force: Force save even when state has not changed :return bool: Success / Failure FTrN) r-r(rsetrrrrJrrrrs rrzFirestoreBackend.save_tokensz {{ E>d55>  LL  doot~~/?@ A    II21#6 7 s5A B!A>>Bc |jjy#t$r/}tj d|j d|Yd}~yd}~wwxYw)Z Deletes the token from the store :return bool: Success / Failure z!Could not delete the token (key: z): NFT)rdeleterrJrr)rrs rrzFirestoreBackend.delete_token'sS   LL   !    II3DKK=A3G   s A%AAc  |jj}|xr |jS#t$r>}tj d|j d|j d|d}Yd}~Rd}~wwxYw)a Checks if the token exists :return bool: True if it exists on the store rrrN)rr5rrJrrrr)rrrs rrzFirestoreBackend.check_token5sv  ,,""$C!szz!   II%doo%67KK= KA3P C  s, A34A..A3rbrrrrs@rrrs%=%(G(*  "rrcJeZdZdZfdZdZddZd ddZddZddZ xZ S) AWSS3Backendz!An AWS S3 backend to store tokensc ddl}t|||_||_|jd|_y#t$r}td|d}~wwxYw)z Init Backend :param str bucket_name: Name of the S3 bucket :param str filename: Name of the S3 file rN;Please install the boto3 package to use this token backend.s3) boto3ModuleNotFoundErrorrr&r' bucket_namefilenamer_client)rrrrrr*s rr'zAWSS3Backend.__init__Hs\    &  ||D) # M  s: A AAc<d|jd|jdS)NzAWSS3Backend('', ''))rrr.s rrzAWSS3Backend.__repr__[s" 0 01dmm_BGGrc, |jj|j|j}|j |dj |_y#t$r/}tjd|jd|Yd}~yd}~wwxYw)z] Retrieves the token from the store :return bool: Success / Failure BucketKeyBodyzToken (rNFT) r get_objectrrrrr-rrJr)r token_objectrs rrzAWSS3Backend.load_token^s <<22''T]]3L**<+?+D+D+FGDK    II$--(STUSVW   sAA B$%BBc4|jsy|dur|jdurytj|j }|j r4 |j j|j|j|}y |j jd|j|j|d}y#t$r"}tjd|Yd}~yd}~wwxYw#t$r"}tjd |Yd}~yd}~wwxYw) rFT)rrrzToken file could not be saved: Nprivatez text/plain)ACLrrr ContentTypez!Token file could not be created: ) r-r(rencoderrr put_objectrrrrJr)rrr_rrs rrzAWSS3Backend.save_tokenos {{ E>d55>JJt~~/0     LL++++Y,& LL++!++ " , ,!  ;A3?@   =aSAB s02B> 4C,> C)C$$C), D5DDc$ |jj|j|j}tj d|jd|jdy#t $r"}tjd|Yd}~yd}~wwxYw) rrzDeleted token file z in bucket .Tz!Token file could not be deleted: NF)r delete_objectrrrJwarningrrrrrs rrzAWSS3Backend.delete_tokens  **$2B2B *VA KK%dmm_K@P@P?QQRS   II9!= > s1A$$ B-B  Bcv |jj|j|j}y#YyxYw)rrTF)r head_objectrrrrs rrzAWSS3Backend.check_tokens9   ((0@0@dmm(TA s148rrrrs@rrrEs&+*&H""H rrcJeZdZdZfdZdZddZd ddZddZddZ xZ S) AWSSecretsBackendz.An AWS Secrets Manager backend to store tokensc ddl}t|||_||_|jd||_y#t$r}td|d}~wwxYw)z Init Backend :param str secret_name: Name of the secret stored in Secrets Manager :param str region_name: AWS region hosting the secret (for example, 'us-east-2') rNrsecretsmanager) region_name) rrrr&r' secret_namerrr)rrrrrr*s rr'zAWSSecretsBackend.__init__sb    &&||$4+|N # M  s< A AAc<d|jd|jdS)NzAWSSecretsBackend('rr)rrr.s rrzAWSSecretsBackend.__repr__s%$T%5%5$6d4;K;K:LBOOrc |jj|j}|d}|j||_y#t $r/}t jd|jd|Yd}~yd}~wwxYw)rSecretId SecretStringzToken (secret: rNFT)rget_secret_valuerrr-rrJr)rget_secret_value_responserrs rrzAWSSecretsBackend.load_tokens (, (E(E)))F) %2.AI**95DK   II!$"2"2!33^_`^ab   sAA A< %A77A<c<|jsy|dur|jdury|jr7 |jj |j |j }y |jj|j d|j }tjd|d d |d d y#t$r"}tjd|Yd}~yd}~wwxYw#t$r"}tjd |Yd}~yd}~wwxYw)rFT)rrz!Token secret could not be saved: NzLToken generated by the O365 python package (https://pypi.org/project/O365/).)Name Descriptionrz Created secret r (ARNz). Note: using AWS Secrets Manager incurs charges, please see https://aws.amazon.com/secrets-manager/pricing/ for pricing details. z#Token secret could not be created: ) r-r(rr update_secretrrrrJr create_secretr )rrrrrs rrzAWSSecretsBackend.save_tokens {{ E>d55>     LL..!--DNN>Bc|j td|jsy|dur|jdury|jj j |jj|jj|jj|jj|j|jjgy)z Saves the token dict in Bitwarden Secrets Manager :param bool force: Force save even when state has not changed :return bool: Success / Failure z)You have to set "self.secret" data first.FT) r2rQr-r(rr5updateidkeynoteorganization_idr project_idrs rrz)BitwardenSecretsManagerBackend.save_tokenMs ;; HI I{{ E>d55> $$ KKNN KKOO KK   KK ' ' NN  [[ # # $  r)r:rr1rrr) rr r!r"r'rrrrrs@rr+r+s =,E$rr+cLeZdZdZdfd ZdZd dZd d dZd dZd dZ xZ S) DjangoTokenBackenda A Django database token backend to store tokens. To use this backend add the `TokenModel` model below into your Django application. .. code-block:: python class TokenModel(models.Model): token = models.JSONField() created_at = models.DateTimeField(auto_now_add=True) updated_at = models.DateTimeField(auto_now=True) def __str__(self): return f"Token for {self.token.get('client_id', 'unknown')}" Example usage: .. code-block:: python from O365.utils import DjangoTokenBackend from models import TokenModel token_backend = DjangoTokenBackend(token_model=TokenModel) account = Account(credentials, token_backend=token_backend) c0t|||_y)z Initializes the DjangoTokenBackend. :param token_model: The Django model class to use for storing and retrieving tokens (defaults to TokenModel). N)r&r' token_model)rrDr*s rr'zDjangoTokenBackend.__init__s 'rcy)NrBrr.s rrzDjangoTokenBackend.__repr__rrc |jjjd}|j|j|_y#t $r"}tjd|Yd}~yd}~wwxYw)zm Retrieves the latest token from the Django database :return bool: Success / Failure created_atz4No token found in the database, creating a new one: NFT) rDobjectslatestrrbr-rrJr r token_recordrs rrzDjangoTokenBackend.load_tokensi  ++33::<HL**<+=+=>DK    KKNqcR S sAA A3A..A3c |jsy|dur|jdury |jjj |j y#t $r"}tjd|Yd}~yd}~wwxYw)z Saves the token dict in the Django database :param bool force: Force save even when state has not changed :return bool: Success / Failure FTrrN) r-r(rDrHcreaterrrJrrs rrzDjangoTokenBackend.save_tokens| {{ E>d55>     $ $ + +$..2B + C    II21#6 7 s4A B A==Bc |jjjd}|jy#t$r"}t j d|Yd}~yd}~wwxYw)zk Deletes the latest token from the Django database :return bool: Success / Failure rGzCould not delete token: NFT)rDrHrIrrrJrrJs rrzDjangoTokenBackend.delete_tokens]  ++33::<HL    !  II04 5 s58 A#AA#cJ|jjjS)z| Checks if any token exists in the Django database :return bool: True if it exists, False otherwise )rDrHrr.s rrzDjangoTokenBackend.check_tokens ''..00rrrrrrs@rrBrBgs&2 '$ * 1rrB) __future__rr8r7rr8rpathlibrtypingrrrrmsal.token_cacher O365.connectionr getLoggerrrJrarr$rrrrrrr+rBrrrrVs"  ;;'*g!:/h/hzhV P(-P(f ) 91&91x^"'^"Bh#hVl(l^E%5EP`1)`1r