3 \^ @sddlZddlZddlmZddlmZmZy ddlmZmZm Z m Z m Z Wne k r`YnXddl mZddlmZmZddlmZmZmZdd lmZmZmZmZmZmZmZdd lmZGd d d eZ e Z!e!j"Z"e!j#Z#e!j$Z$e!j%Z%e!j&Z&dS) N)timegm)datetime timedelta)CallableDictListOptionalUnion)PyJWS) Algorithmget_default_algorithms)IterableMapping string_types) DecodeErrorExpiredSignatureErrorImmatureSignatureErrorInvalidAudienceErrorInvalidIssuedAtErrorInvalidIssuerErrorMissingRequiredClaimError) merge_dictcsveZdZdZeddZdfdd Zdfd d Zdd dZddZ ddZ ddZ ddZ ddZ ddZZS)PyJWTZJWTc Csdddddddddd S)NTF) verify_signature verify_exp verify_nbf verify_iat verify_aud verify_iss require_exp require_iat require_nbfr#r#r#,/tmp/pip-build-8app2_gc/PyJWT/jwt/api_jwt.py_get_default_optionsszPyJWT._get_default_optionsHS256Ncsrt|tstdx0d D](}t|j|trt||j||<qWtj|d |dj d}t t |j |||||S) NzJExpecting a mapping object, as JWT only supports JSON objects as payloads.expiatnbf,:) separatorsclszutf-8)r'r(r))r*r+) isinstancer TypeErrorgetrr utctimetuplejsondumpsencodesuperr)selfpayloadkey algorithmheadersZ json_encoderZ time_claimZ json_payload) __class__r#r$r4(s   z PyJWT.encodeTc  s|r| rtjd t|j|\}}}}|dkr:d|i}n |jd|tt|j|f|||d|} ytj | jd}Wn.t k r} zt d| WYdd} ~ XnXt |t st d|rt|j|} |j|| f||S) Nz.It is strongly recommended that you pass in a z;value for the "algorithms" argument when calling decode(). z4This argument will be mandatory in a future version.r)r8 algorithmsoptionszutf-8zInvalid payload string: %sz-Invalid payload string: must be a json objectziIt is strongly recommended that you pass in a value for the "algorithms" argument when calling decode(). zIt is strongly recommended that you pass in a value for the "algorithms" argument when calling decode(). This argument will be mandatory in a future version.)warningswarnDeprecationWarning_load setdefaultr5rdecoder2loads ValueErrorrr.rrr>_validate_claims) r6Zjwtr8verifyr=r>kwargsr7_decodedeZmerged_options)r;r#r$rDDs*      z PyJWT.decodercKsd|kr$|jdd|d<tjdtt|tr6|j}t|ttdt fsRt d|j ||t t jj}d|kr|jdr|j|||d|kr|jd r|j|||d |kr|jdr|j||||jd r|j|||jd r|j||dS) NZverify_expirationTrzXThe verify_expiration parameter is deprecated. Please use verify_exp in options instead.z,audience must be a string, iterable, or Noner(rr)rr'rr)r0r?r@rAr.r total_secondsrtyperr/_validate_required_claimsrrutcnowr1 _validate_iat _validate_nbf _validate_exp _validate_iss _validate_aud)r6r7r>audienceissuerleewayrInowr#r#r$rGls(     zPyJWT._validate_claimscCsd|jdr |jddkr td|jdr@|jddkr@td|jdr`|jddkr`tddS)Nr r'r!r(r"r))r0r)r6r7r>r#r#r$rOs zPyJWT._validate_required_claimsc Cs2yt|dWntk r,tdYnXdS)Nr(z)Issued At claim (iat) must be an integer.)intrFr)r6r7rYrXr#r#r$rQszPyJWT._validate_iatc CsFyt|d}Wntk r,tdYnX|||krBtddS)Nr)z*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))rZrFrr)r6r7rYrXr)r#r#r$rRs  zPyJWT._validate_nbfc CsFyt|d}Wntk r,tdYnX|||krBtddS)Nr'z/Expiration Time claim (exp) must be an integer.zSignature has expired)rZrFrr)r6r7rYrXr'r#r#r$rSs  zPyJWT._validate_expcs|dkrd|krdS|dk r,d|kr,td|dkrDd|krDtd|dttr\gttsntdtddDrtdt|tr|g}tfdd|DstddS)NaudzInvalid audiencezInvalid claim format in tokencss|]}t|t VqdS)N)r.r).0cr#r#r$ sz&PyJWT._validate_aud..c3s|]}|kVqdS)Nr#)r\r[)audience_claimsr#r$r^s)rrr.rlistany)r6r7rVr#)r_r$rUs"   zPyJWT._validate_audcCs4|dkr dSd|krtd|d|kr0tddS)NZisszInvalid issuer)rr)r6r7rWr#r#r$rTs  zPyJWT._validate_iss)r&NN)r<TNN)NNr)__name__ __module__ __qualname__Z header_type staticmethodr%r4rDrGrOrQrRrSrUrT __classcell__r#r#)r;r$rs" # !   r)'r2r?calendarrrrtypingrrrrr ImportErrorZapi_jwsr r=r r compatrrr exceptionsrrrrrrrutilsrrZ_jwt_global_objr4rDZregister_algorithmZunregister_algorithmZget_unverified_headerr#r#r#r$s(   $ D