o g2@sdZddlmZdgZddlmZmZmZmZddl m Z m Z m Z ddl mZmZmZmZmZmZmZddlmZd d lmZd d lmZmZd d l mZerUd d lmZGdddZdS)z6Implementing support for MySQL Authentication Plugins.) annotationsMySQLAuthenticator) TYPE_CHECKINGAnyDictOptional)InterfaceErrorNotSupportedError get_exception)AUTH_SWITCH_STATUSDEFAULT_CHARSET_IDDEFAULT_MAX_ALLOWED_PACKET ERR_STATUSEXCHANGE_FURTHER_STATUS MFA_STATUS OK_STATUS) HandShakeType)logger)MySQLAuthPluginget_auth_plugin) MySQLProtocol) MySQLSocketc@seZdZdZd:ddZed;ddZedd?ddZ d@dd Z d@d!d"Z d#d#d#d#de d$d%e dddd%ddfdAd8d9ZdS)Brz$Implements the authentication phase.returnNonecCs(d|_i|_i|_d|_d|_d|_dS)z Constructor.FN) _username _passwords_plugin_config _ssl_enabled_auth_strategy_auth_plugin_classselfr%\/var/www/html/api-tag/env/lib/python3.10/site-packages/mysql/connector/aio/authentication.py__init__;s  zMySQLAuthenticator.__init__boolcC|jS)z&Signals whether or not SSL is enabled.)r r#r%r%r& ssl_enabledDszMySQLAuthenticator.ssl_enabledDict[str, Any]cCr))aCustom arguments that are being provided to the authentication plugin. The parameters defined here will override the ones defined in the auth plugin itself. The plugin config is a read-only property - the plugin configuration provided when invoking `authenticate()` is recorded and can be queried by accessing this property. Returns: dict: The latest plugin configuration provided when invoking `authenticate()`. )rr#r%r%r& plugin_configIsz MySQLAuthenticator.plugin_configconfigcCs|j|dS)z,Update the 'plugin_config' instance variableN)rupdate)r$r-r%r%r&update_plugin_configZsz'MySQLAuthenticator.update_plugin_configNrnew_strategy_namestrstrategy_class Optional[str]usernamepassword_factorintcCsP|dur|j}|dur|j}td|t||d||j|d|jd|_dS)aSwitch the authorization plugin. Args: new_strategy_name: New authorization plugin name to switch to. strategy_class: New authorization plugin class to switch to (has higher precedence than the authorization plugin name). username: Username to be used - if not defined, the username provided when `authentication()` was invoked is used. password_factor: Up to three levels of authentication (MFA) are allowed, hence you can choose the password corresponding to the 1st, 2nd, or 3rd factor - 1st is the default. NzSwitching to strategy %s) plugin_nameauth_plugin_classr)r*) rr"rdebugrrgetr*r!)r$r0r2r4r5r%r%r&_switch_auth_strategy^s   z(MySQLAuthenticator._switch_auth_strategysockrpktbytesOptional[bytes]csd}|dtkrs||jvrtdt|\}}|j||dtd||jj |jj ||fi|j IdH}|dt krRt |}|jj||fi|j IdH}|dtkr_td|S|dtkrit||d7}|dtks td dS) a Handle MFA (Multi-Factor Authentication) response. Up to three levels of authentication (MFA) are allowed. Args: sock: Pointer to the socket connection. pkt: MFA response. Returns: ok_packet: If last server's response is an OK packet. None: If last server's response isn't an OK packet and no ERROR was raised. Raises: InterfaceError: If got an invalid N factor. errors.ErrorTypes: If got an ERROR response. rz5Failed Multi Factor Authentication (invalid N factor))r5zMFA %i factor %sNzMFA completed succesfullyrz"MFA terminated with a no ok packet)rrr rparse_auth_next_factorr;rr9r!nameauth_switch_responserrparse_auth_more_dataauth_more_responserrr warning)r$r<r=n_factorr0 auth_datar%r%r& _mfa_n_factors>        z MySQLAuthenticator._mfa_n_factorcs|dtkrt|dkrtd|dtkr7tdt|\}}|||jj ||fi|j IdH}|dt krVtdt |}|jj ||fi|j IdH}|dtkrftd|jj|S|dtkrtdtd |jj|||IdHS|dtkrt|dS) aHandle server's response. Args: sock: Pointer to the socket connection. pkt: Server's response after completing the `HandShakeResponse`. Returns: ok_packet: If last server's response is an OK packet. None: If last server's response isn't an OK packet and no ERROR was raised. Raises: errors.ErrorTypes: If got an ERROR response. NotSupportedError: If got Authentication with old (insecure) passwords. r@zAuthentication with old (insecure) passwords is not supported. For more information, lookup Password Hashing in the latest MySQL manualz+Server's response is an auth switch requestNzExchanging further packetsz%s completed succesfullyz$Starting multi-factor authenticationzMFA 1 factor %s)r lenr rr9rparse_auth_switch_requestr;r!rCrrrDrErrBrrIrr )r$r<r=r0rHr%r%r&_handle_server_responses@          z*MySQLAuthenticator._handle_server_responserrF handshaker password1 password2 password3databasecharset client_flagsr*max_allowed_packet auth_pluginr8 conn_attrsOptional[Dict[str, str]]is_change_user_request read_timeout Optional[int] write_timeoutcs||_|||d|_| |_| |_tj|||||| | | | |||j|jd \}|_|r/dd|fndd|f}|j |g|RIdHt | |IdH}| ||IdH}|dur\t dd|S)aPerform the authentication phase. During re-authentication you must set `is_change_user_request` to True. Args: sock: Pointer to the socket connection. handshake: Initial handshake. username: Account's username. password1: Account's password factor 1. password2: Account's password factor 2. password3: Account's password factor 3. database: Initial database name for the connection. charset: Client charset (see [1]), only the lower 8-bits. client_flags: Integer representing client capabilities flags. ssl_enabled: Boolean indicating whether SSL is enabled, max_allowed_packet: Maximum packet size. auth_plugin: Authorization plugin name. auth_plugin_class: Authorization plugin class (has higher precedence than the authorization plugin name). conn_attrs: Connection attributes. is_change_user_request: Whether is a `change user request` operation or not. read_timeout: Timeout in seconds upto which the connector should wait for the server to reply back before raising an ReadTimeoutError. write_timeout: Timeout in seconds upto which the connector should spend to send data to the server before raising an WriteTimeoutError. Returns: ok_packet: OK packet. Raises: InterfaceError: If OK packet is NULL. ReadTimeoutError: If the time taken for the server to reply back exceeds 'read_timeout' (if set). WriteTimeoutError: If the time taken to send data packets to the server exceeds 'write_timeout' (if set). References: [1]: https://dev.mysql.com/doc/dev/mysql-server/latest/ page_protocol_basic_character_set.html#a_protocol_character_set )rr) rNr4passwordrRrSrTrUrVr8rWrYr*r,rNzGot a NULL ok_pkt)rrr r"r make_authr*r,r!writer>readrMr )r$r<rNr4rOrPrQrRrSrTr*rUrVr8rWrYrZr\response_payload send_argsr=ok_pktr%r%r& authenticates<=   zMySQLAuthenticator.authenticate)rr)rr()rr+)r-r+rr)NNr) r0r1r2r3r4r3r5r6rr)r<rr=r>rr?)$r<rrNrr4r1rOr1rPr1rQr1rRr3rSr6rTr6r*r(rUr6rVr3r8r3rWrXrYr(rZr[r\r[rr>)__name__ __module__ __qualname____doc__r'propertyr*r,r/r;rIrMr rrer%r%r%r&r8s<     " 6;N)ri __future__r__all__typingrrrrerrorsr r r protocolr r rrrrrtypesrrpluginsrrrnetworkrrr%r%r%r&s $