Vwgt0ddlmZmZddlmZmZmZmZmZmZm Z ddl m Z ddl m Z ddlmZddlmZddlmZdd lmZmZdd lmZdd l mZdd lmZmZdd lmZm Z m!Z!m"Z"m#Z#erddl$m%Z%e ddZ&e deeZ'GddZ(Gddee&Z)Gdde)de(Z*Gdde(Z+Gdde)de(Z,Gdde(Z-y))datetime timedelta) TYPE_CHECKINGAnyDictGenericOptionalTypeTypeVar)uuid4)settings)AbstractBaseUser) import_string) gettext_lazy)TokenBackendError TokenError) TokenUser) api_settings)BlacklistedTokenOutstandingToken) aware_utcnowdatetime_from_epochdatetime_to_epoch format_lazyget_md5_hash_password) TokenBackendTToken)boundAuthUserc eZdZUdZdZeeed<dZee ed<d$dedde ddfdZ defd Z d efd Z d ed eddfd Zd eddfdZd edefdZd%d edeedefdZdefdZd&dZd&dZd&dZ d'dedeedee ddfdZd(dedeeddfdZ d)dedeeddfdZedeededefdZdZ ed ed!<e!d*d"Z"d*d#Z#y)+rzb A class which validates and wraps an existing JWT or can be used to build a new JWT. N token_typelifetimetokenverifyreturnc0|j |jttd||_t |_|=|j} |j|||_ |r|jyytj|ji|_ |j|j |j|j|j |j!y#t$rttdwxYw)z !!!! IMPORTANT !!!! MUST raise a TokenError with a user-facing error message if the given token is invalid, expired, or otherwise not safe to use. Nz,Cannot create token with no type or lifetime)r&zToken is invalid or expired from_timer$)at_time)r#r$r_r%r current_timeget_token_backenddecodepayloadrr&rTOKEN_TYPE_CLAIMset_expset_iatset_jti)selfr%r& token_backends V/var/www/horilla/myenv/lib/python3.12/site-packages/rest_framework_simplejwt/tokens.py__init__zToken.__init__'s ?? "dmm&;QMNO O (N   224M C,33E&3I  )994??KDL LL4#4#4t}}L M LL!2!2L 3 LLN% C #@!ABB Cs C77Dc,t|jSN)reprr0r5s r7__repr__zToken.__repr__KsDLL!!keyc |j|Sr:r0r5r?s r7 __getitem__zToken.__getitem__Ns||C  r>valuec"||j|<yr:rA)r5r?rDs r7 __setitem__zToken.__setitem__Qs! Sr>c|j|=yr:rArBs r7 __delitem__zToken.__delitem__Ts LL r>c||jvSr:rArBs r7 __contains__zToken.__contains__Wsdll""r>defaultc:|jj||Sr:)r0get)r5r?rKs r7rMz Token.getZs||W--r>cT|jj|jS)zG Signs and returns a token as a base64 encoded string. )r.encoder0r<s r7__str__z Token.__str__]s"%%'..t||<c|jtj0tj|jvrt t dtj |jyy)z Performs additional validation steps which were not performed when this token was decoded. This method is part of the "public" API to indicate the intention that it may be overridden in subclasses. NzToken has no id) check_expr JTI_CLAIMr0rr,r1verify_token_typer<s r7r&z Token.verifycs\   " " .&&dll:Q012 2  ( ( 4  " " $ 5r>c |jtj}|j |k7rt t dy#t$rt t dwxYw)zY Ensures that the token type claim is present and has the correct value. zToken has no typezToken has wrong typeN)r0rr1KeyErrorrr,r#)r5r#s r7rTzToken.verify_token_type{sa 5l&C&CDJ ??j (Q567 7 ) 5Q234 4 5s AA!cbtj|jtj<y)a Populates the configured jti claim of a token with a string where there is a negligible probability that the same string will be chosen at a later time. See here: https://tools.ietf.org/html/rfc7519#section-4.1.7 N)r hexr0rrSr<s r7r4z Token.set_jtis05w{{ \++,r>claimr*cr| |j}| |j}t||z|j|<y)z Updates the expiration time of a token. See here: https://tools.ietf.org/html/rfc7519#section-4.1.4 N)r-r$rr0)r5rYr*r$s r7r2z Token.set_exps<  ))I  }}H/ H0DE Ur>r+cP| |j}t||j|<y)z Updates the time at which the token was issued. See here: https://tools.ietf.org/html/rfc7519#section-4.1.6 N)r-rr0)r5rYr+s r7r3z Token.set_iats' ?''G/8 Ur>r-c4| |j} |j|}t |}|jj}|||z krtt t d|y#t$rtt t d|wxYw)z Checks whether a timestamp value in the given claim has passed (since the given datetime value in `current_time`). Raises a TokenError with a user-facing error message if so. NzToken has no '{}' claimzToken '{}' claim has expired) r-r0rVrrr,rr. get_leeway)r5rYr- claim_value claim_timeleeways r7rRzToken.check_exps  ,,L O,,u-K)5 '')446 . .[+I)JERS S /  O[+D)EuMN N Os A//(Bclsuserct|tj}t|ts t |}|}||tj <tjr&t|j|tj<|S)z Returns an authorization token for the given user that will be provided after authenticating the user's credentials. ) getattrr USER_ID_FIELD isinstanceintstr USER_ID_CLAIMCHECK_REVOKE_TOKENrpasswordREVOKE_TOKEN_CLAIM)rarbuser_idr%s r7for_userzToken.for_usersl $ : :;'3''lG,3l(()  * *5J 6E,11 2 r>r_token_backendcR|jtd|_|jS)Nz,rest_framework_simplejwt.state.token_backend)rorr<s r7r6zToken.token_backends,    &"/>#D """r>c|jSr:)r6r<s r7r.zToken.get_token_backends!!!r>)NTr:r'N)expNN)iatN)rsN)r'r)$__name__ __module__ __qualname____doc__r#r rh__annotations__r$rboolr8r=rCrrFrHrJrMrPr&rTr4rr2r3rR classmethodr rr!rnropropertyr6r.r>r7rrs !%J $$(Hhy!("hw/""PT"H"#"!s!"s"3"4"st###.s.Xc].c.== %0 8 ;(,(, FFH%F9% F  F( 9S 98H3E 9QU 9FJTT080BT T*d1gX!&04NH^,3 ##"r>ceZdZUdZeeefed<dejvr(d fd Z d dZ de fdZ edeed edeffd ZxZSxZS) BlacklistMixina If the `rest_framework_simplejwt.token_blacklist` app was configured to be used, tokens created from `BlacklistMixin` subclasses will insert themselves into an outstanding token list and also check for their membership in a token blacklist. r0z(rest_framework_simplejwt.token_blacklistr'cD|jt||i|yr:)check_blacklistsuperr&r5argskwargs __class__s r7r&zBlacklistMixin.verifys  " GND +F +r>c|jtj}tjj |j rttdy)zy Checks if this token is present in the token blacklist. Raises `TokenError` if so. ) token__jtizToken is blacklistedN) r0rrSrobjectsfilterexistsrr,)r5jtis r7rzBlacklistMixin.check_blacklistsO ,,|556C''..#.>EEG #9!:;;Hr>c v|jtj}|jd}|jjtj}t j j|||jt|t|d\}}tj j|S)z Ensures this token is included in the outstanding token list and adds it to the blacklist. rs)rm created_atr% expires_at)rdefaults)r%) r0rrSrMrirr get_or_creater-rhrr)r5rrsrmr%r,s r7 blacklistzBlacklistMixin.blacklists ,,|556C,,u%Cll&&|'A'ABG(//==&"&"3"3 Y"5c": >HE1$++999F Fr>rarbc t||}|tj}|d}tj j ||t||jt||S)zH Adds this token to the outstanding token list. rs)rbrr%rr) rrnrrSrrcreaterhr-r)rarbr%rrsrs r7rnzBlacklistMixin.for_usersk G$T*E ../C,C  $ $ + +%j --.s3 , Lr>rr)rurvrwrxrrhrryr INSTALLED_APPSr&rrrr{r rr!rn __classcell__rs@r7rrss#s(^1X5L5LL ,  < G/ G,  $q'  a   QMr>rc<eZdZdZej Zdfd ZxZS) SlidingTokenslidingct||i||j;|jtj |j tjyy)Nr))rr8r%r2rSLIDING_TOKEN_REFRESH_EXP_CLAIMr-SLIDING_TOKEN_REFRESH_LIFETIMErs r7r8zSlidingToken.__init__4sP $)&) ::  LL<<++%DD   r>rr) rurvrwr#rSLIDING_TOKEN_LIFETIMEr$r8rrs@r7rr0sJ22H  r>rc(eZdZdZej Zy) AccessTokenaccessN)rurvrwr#rACCESS_TOKEN_LIFETIMEr$r}r>r7rr@sJ11Hr>rcveZdZdZej ZejdejdfZ e Z e de fdZ y) RefreshTokenrefreshrsrr'c|j}|j|j|j}|jj D]\}}||vr |||<|S)z Returns an access token created from this refresh token. Copies all claims present in this refresh token to the new access token except those claims listed in the `no_copy_claims` attribute. )r*)access_token_classr2r-no_copy_claimsr0items)r5rno_copyrYrDs r7 access_tokenzRefreshToken.access_tokenTsn((* !2!23%% LL..0 "LE5!F5M "  r>N)rurvrwr#rREFRESH_TOKEN_LIFETIMEr$r1rSrrrr|rr}r>r7rrEsTJ22H%%   N% kr>rc*eZdZdZedZddZy) UntypedTokenuntypedr)secondsNcy)z Untyped tokens do not verify the "token_type" claim. This is useful when performing general validation of a token's signature and other properties which do not relate to the token's intended use. Nr}r<s r7rTzUntypedToken.verify_token_typeps r>rr)rurvrwr#rr$rTr}r>r7rrlsJ#H r>rN).rrtypingrrrrr r r uuidr django.confr django.contrib.auth.modelsrdjango.utils.module_loadingrdjango.utils.translationrr, exceptionsrrmodelsrrtoken_blacklist.modelsrrutilsrrrrrbackendsrrr!rrrrrrr}r>r7rs(MMM 7565"F& Cw :/ ;I"I"XCWQZCL >.15  2%2 $>.15$N  5  r>