U bY@sddlZddlZddlmZddlmZmZddlmZmZm Z ddl m Z m Z m Z mZmZmZddlmZddlmZmZmZmZmZmZmZGd d d ZeZejZejZejZdS) N)timegm)IterableMapping)datetime timedeltatimezone)AnyDictListOptionalTypeUnion)api_jws) DecodeErrorExpiredSignatureErrorImmatureSignatureErrorInvalidAudienceErrorInvalidIssuedAtErrorInvalidIssuerErrorMissingRequiredClaimErrorc@seZdZd ddZeeeeee effdddZ d!eee fee ee ee e ejedd d Zd"eee e ee eeee fd d dZd#eee e ee eeee fd ddZd$ddZddZddZddZddZddZddZdS)%PyJWTNcCs|dkr i}|||_dSN)_get_default_optionsoptions)selfrr//tmp/pip-unpacked-wheel-ivybibab/jwt/api_jwt.py__init__szPyJWT.__init__)returncCsddddddgdS)NT)verify_signature verify_exp verify_nbf verify_iat verify_aud verify_issrequirerrrrrrszPyJWT._get_default_optionsHS256)payloadkey algorithmheaders json_encoderrcCspt|tstd|}dD](}t||trt||||<qtj |d|d d}t |||||S)NzJExpecting a mapping object, as JWT only supports JSON objects as payloads.)expiatnbf),:) separatorsclszutf-8) isinstancer TypeErrorcopygetrr utctimetuplejsondumpsencoder)rr(r)r*r+r,Z time_claimZ json_payloadrrrr;&s z PyJWT.encode)jwtr) algorithmsrrc Ks.t|pi}|ddd|kr>|d|dkr>tjdtd|ds|dd|dd|d d|d d|d d|dr|std tj|f|||d |}zt |d}Wn0t k r}ztd|W5d}~XYnXt |tstd|j |} |j || f|||d<|S)Nr TverifyzThe `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. The equivalent is setting `verify_signature` to False in the `options` dictionary. This invocation has a mismatch between the kwarg and the option entry.)categoryr!Fr"r#r$r%z\It is required that you pass in a value for the "algorithms" argument when calling decode().)r)r>rr(zInvalid payload string: z-Invalid payload string: must be a json object)dict setdefaultwarningswarnDeprecationWarningrrdecode_completer9loads ValueErrorr4r_validate_claims) rr=r)r>rkwargsdecodedr(eZmerged_optionsrrrrFBsH           zPyJWT.decode_completecKs|j||||f|}|dS)Nr()rF)rr=r)r>rrJrKrrrdecodeysz PyJWT.decodercKst|tr|}t|tttdtfs0td|||t t j t j d}d|krp|drp||||d|kr|dr||||d|kr|dr|||||d r||||d r|||dS) Nz,audience must be a string, iterable, or None)tzr.r#r/r"r-r!r%r$)r4r total_secondsbytesstrtyperr5_validate_required_claimsrrnowrutcr8 _validate_iat _validate_nbf _validate_exp _validate_iss _validate_aud)rr(raudienceissuerleewayrJrTrrrrIs    zPyJWT._validate_claimscCs(|dD]}||dkrt|qdS)Nr&)r7r)rr(rZclaimrrrrSs zPyJWT._validate_required_claimscCs2zt|dWntk r,tdYnXdS)Nr.z)Issued At claim (iat) must be an integer.)intrHr)rr(rTr]rrrrVszPyJWT._validate_iatcCsFzt|d}Wntk r,tdYnX|||krBtddS)Nr/z*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))r^rHrr)rr(rTr]r/rrrrWs  zPyJWT._validate_nbfcCsFzt|d}Wntk r,tdYnX|||krBtddS)Nr-z/Expiration Time claim (exp) must be an integer.zSignature has expired)r^rHrr)rr(rTr]r-rrrrXs  zPyJWT._validate_expcs|dkr$d|ks|dsdStdd|ks4|dssz&PyJWT._validate_aud..c3s|]}|kVqdSrr)r`r_Zaudience_claimsrrrbs)rrr4rQlistanyall)rr(r[rrcrrZs"   zPyJWT._validate_audcCs4|dkr dSd|krtd|d|kr0tddS)NZisszInvalid issuer)rr)rr(r\rrrrYs  zPyJWT._validate_iss)N)r'NN)r<NN)r<NN)NNr)__name__ __module__ __qualname__r staticmethodr rQr boolr rrr r r9 JSONEncoderr;rFrMrIrSrVrWrXrZrYrrrrrsX $     :    r) r9rCcalendarrcollections.abcrrrrrtypingrr r r r r r<r exceptionsrrrrrrrrZ_jwt_global_objr;rFrMrrrrs   $ Q