U d'@sddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z dd lm Z dd lm Z dd l m Z dd lmZdd lmZddlmZGdddeZeZdS))datetime) timedelta)timezone) JSONEncoder)Iterable)List)Optional)Sequence)Type)Union) current_app)requires_cryptography)get_json_encoder) ExpiresDeltac@seZdZdZeedddZeedddZeedddZ ee edd d Z eedd d Z eedd dZ eedddZeedddZeedddZeedddZeedddZeedddZeedddZeedddZeeddd Zeedd!d"Zeedd#d$Zeedd%d&Zeedd'd(Zeedd)d*Zeedd+d,Zeedd-d.Zeedd/d0Zeeedd1d2Z eedd3d4Z!eedd5d6Z"eedd7d8Z#eedd9d:Z$eedd;d<Z%eedd=d>Z&eedd?d@Z'eeddAdBZ(eeddCdDZ)eeddEdFZ*ee+ddGdHZ,ee+ddIdJZ-eeddKdLZ.ee/eddMdNZ0eeddOdPZ1eeddQdRZ2eeddSdTZ3ee4e5ddUdVZ6eeddWdXZ7eeeddYdZZ8eedd[d\Z9ee:e;dd]d^Zee=eeefddadbZ?eeddcddZ@eeddedfZAee5ddgdhZBeeddidjZCdkS)l_Configa Helper object for accessing and verifying options in this extension. This is meant for internal use of the application; modifying config options should be done with flasks ```app.config```. Default values for the configuration options are set in the jwt_manager object. All of these values are read only. This is simply a loose wrapper with some helper functionality for flasks `app.config`. )returncCs |jtkSN) algorithmr selfr=/tmp/pip-unpacked-wheel-1sqzkeyl/flask_jwt_extended/config.py is_asymmetricsz_Config.is_asymmetriccCs|jr |jS|jSr)r _private_key _secret_keyrrrr encode_key"sz_Config.encode_keycCs|jr |jS|jSr)r _public_keyrrrrr decode_key&sz_Config.decode_keycCsZtjd}t|tr|f}n t|ts0tdn |ssz_Config.jwt_in_cookiescCs d|jkS)Nrr)rrrrjwt_in_headersBsz_Config.jwt_in_headerscCs d|jkS)Nr r)rrrrjwt_in_query_stringFsz_Config.jwt_in_query_stringcCs d|jkS)Nr!r)rrrr jwt_in_jsonJsz_Config.jwt_in_jsoncCstjd}|std|S)NZJWT_HEADER_NAMEz&JWT_ACCESS_HEADER_NAME cannot be empty)r r"r%)rnamerrr header_nameNs z_Config.header_namecCs tjdS)NZJWT_HEADER_TYPEr r"rrrr header_typeUsz_Config.header_typecCs tjdS)NZJWT_QUERY_STRING_NAMEr0rrrrquery_string_nameYsz_Config.query_string_namecCs tjdS)NZJWT_QUERY_STRING_VALUE_PREFIXr0rrrrquery_string_value_prefix]sz!_Config.query_string_value_prefixcCs tjdS)NZJWT_ACCESS_COOKIE_NAMEr0rrrraccess_cookie_nameasz_Config.access_cookie_namecCs tjdS)NZJWT_REFRESH_COOKIE_NAMEr0rrrrrefresh_cookie_nameesz_Config.refresh_cookie_namecCs tjdS)NZJWT_ACCESS_COOKIE_PATHr0rrrraccess_cookie_pathisz_Config.access_cookie_pathcCs tjdS)NZJWT_REFRESH_COOKIE_PATHr0rrrrrefresh_cookie_pathmsz_Config.refresh_cookie_pathcCs tjdS)NZJWT_COOKIE_SECUREr0rrrr cookie_secureqsz_Config.cookie_securecCs tjdS)NZJWT_COOKIE_DOMAINr0rrrr cookie_domainusz_Config.cookie_domaincCs tjdS)NZJWT_SESSION_COOKIEr0rrrrsession_cookieysz_Config.session_cookiecCs tjdS)NZJWT_COOKIE_SAMESITEr0rrrrcookie_samesite}sz_Config.cookie_samesitecCs tjdS)NZ JWT_JSON_KEYr0rrrrjson_keysz_Config.json_keycCs tjdS)NZJWT_REFRESH_JSON_KEYr0rrrrrefresh_json_keysz_Config.refresh_json_keycCs|jotjdS)NZJWT_COOKIE_CSRF_PROTECT)r*r r"rrrr csrf_protectsz_Config.csrf_protectcCs tjdS)NZJWT_CSRF_METHODSr0rrrrcsrf_request_methodssz_Config.csrf_request_methodscCs tjdS)NZJWT_CSRF_IN_COOKIESr0rrrrcsrf_in_cookiessz_Config.csrf_in_cookiescCs tjdS)NZJWT_ACCESS_CSRF_COOKIE_NAMEr0rrrraccess_csrf_cookie_namesz_Config.access_csrf_cookie_namecCs tjdS)NZJWT_REFRESH_CSRF_COOKIE_NAMEr0rrrrrefresh_csrf_cookie_namesz _Config.refresh_csrf_cookie_namecCs tjdS)NZJWT_ACCESS_CSRF_COOKIE_PATHr0rrrraccess_csrf_cookie_pathsz_Config.access_csrf_cookie_pathcCs tjdS)NZJWT_REFRESH_CSRF_COOKIE_PATHr0rrrrrefresh_csrf_cookie_pathsz _Config.refresh_csrf_cookie_pathcCs tjdS)NZJWT_ACCESS_CSRF_HEADER_NAMEr0rrrraccess_csrf_header_namesz_Config.access_csrf_header_namecCs tjdS)NZJWT_REFRESH_CSRF_HEADER_NAMEr0rrrrrefresh_csrf_header_namesz _Config.refresh_csrf_header_namecCs tjdS)NZJWT_CSRF_CHECK_FORMr0rrrrcsrf_check_formsz_Config.csrf_check_formcCs tjdS)NZJWT_ACCESS_CSRF_FIELD_NAMEr0rrrraccess_csrf_field_namesz_Config.access_csrf_field_namecCs tjdS)NZJWT_REFRESH_CSRF_FIELD_NAMEr0rrrrrefresh_csrf_field_namesz_Config.refresh_csrf_field_namec Csrtjd}t|tkr t|d}|dk rnz|ttjWn0t k rl}zd}t ||W5d}~XYnX|S)NZJWT_ACCESS_TOKEN_EXPIRESsecondsFzAmust be able to add JWT_ACCESS_TOKEN_EXPIRES to datetime.datetime r r"typeintrrnowrutc TypeErrorr%rdeltaeerrrrraccess_expiress   z_Config.access_expiresc Csrtjd}t|tkr t|d}|dk rnz|ttjWn0t k rl}zd}t ||W5d}~XYnX|S)NZJWT_REFRESH_TOKEN_EXPIRESrJFzBmust be able to add JWT_REFRESH_TOKEN_EXPIRES to datetime.datetimerLrRrrrrefresh_expiress   z_Config.refresh_expirescCs tjdS)NZ JWT_ALGORITHMr0rrrrrsz_Config.algorithmcCs0tjd}|s|jgS|j|kr,||j|S)NZJWT_DECODE_ALGORITHMS)r r"rappend)rZ algorithmsrrrdecode_algorithmss    z_Config.decode_algorithmscCs4tjd}|s0tjdd}|s0td|j|S)NZJWT_SECRET_KEYZ SECRET_KEYzRJWT_SECRET_KEY or flask SECRET_KEY must be set when using symmetric algorithm "{}")r r"getr%formatrrkeyrrrrs z_Config._secret_keycCs"tjd}|std|j|S)NZJWT_PUBLIC_KEYzHJWT_PUBLIC_KEY must be set to use asymmetric cryptography algorithm "{}"r r"r%r[rr\rrrrs z_Config._public_keycCs"tjd}|std|j|S)NZJWT_PRIVATE_KEYzIJWT_PRIVATE_KEY must be set to use asymmetric cryptography algorithm "{}"r^r\rrrrs z_Config._private_keycCs|jr dSdS)Ni C)r:rrrrcookie_max_age sz_Config.cookie_max_agecCs tjdS)NZJWT_IDENTITY_CLAIMr0rrrridentity_claim_keysz_Config.identity_claim_keycCsdhS)NOPTIONSrrrrrexempt_methodssz_Config.exempt_methodscCs tjdS)NZJWT_ERROR_MESSAGE_KEYr0rrrr error_msg_keysz_Config.error_msg_keycCsttSr)rr rrrr json_encodersz_Config.json_encodercCs tjdS)NZJWT_DECODE_AUDIENCEr0rrrrdecode_audience"sz_Config.decode_audiencecCs tjdS)NZJWT_ENCODE_AUDIENCEr0rrrrencode_audience&sz_Config.encode_audiencecCs tjdS)NZJWT_ENCODE_ISSUERr0rrrr encode_issuer*sz_Config.encode_issuercCs tjdS)NZJWT_DECODE_ISSUERr0rrrr decode_issuer.sz_Config.decode_issuercCs tjdS)NZJWT_DECODE_LEEWAYr0rrrrleeway2sz_Config.leewaycCs tjdS)NZJWT_ENCODE_NBFr0rrrr encode_nbf6sz_Config.encode_nbfN)D__name__ __module__ __qualname____doc__propertyboolrr$rrr r(r*r+r,r-r/r1r2r3r4r5r6r7r8r9r:r;r<r=r>rr?r@rArBrCrDrErFrGrHrIrrVrWrrrYrrrrrNr_r`rbrcr rrdr rerfrgrhrirjrrrrrs    rN)rrrr!rtypingrrrr r r Zflaskr Zjwt.algorithmsr Z!flask_jwt_extended.internal_utilsrZflask_jwt_extended.typingrobjectrr"rrrrs"              *