� L�g�8��ddlmZddlZddlZddlmZddlmZmZddl m Z m Z mZddlm Z mZddlmZdd lmZmZmZmZmZmZmZmZmZdd lmZe rddlmZmZddlm Z Gd �d��Z!e!��Z"e"j#Z#e"j$Z$e"j%Z%dS)�)�annotationsN)�timegm)�Iterable�Sequence)�datetime� timedelta�timezone)� TYPE_CHECKING�Any�)�api_jws) �DecodeError�ExpiredSignatureError�ImmatureSignatureError�InvalidAudienceError�InvalidIssuedAtError�InvalidIssuerError�InvalidJTIError�InvalidSubjectError�MissingRequiredClaimError)�RemovedInPyjwt3Warning)�AllowedPrivateKeys�AllowedPublicKeys)�PyJWKc��eZdZd?d@d�ZedAd��Z dBdCd�Z dDdEd�Z dFdGd-�ZdHd/�Z dFdId0�Z dJdKd1�ZdLd2�Zd?dMd3�Z dMd4�ZdNd7�ZdNd8�ZdNd9�Zd:d;�dOd=�ZdPd>�ZdS)Q�PyJWTN�options�dict[str, Any] | None�return�Nonec�H�|�i}i|��|�|_dS�N)�_get_default_optionsr)�selfrs �[/home/asafur/pinokio/api/open-webui.git/app/env/lib/python3.11/site-packages/jwt/api_jwt.py�__init__zPyJWT.__init__s-��?��G�'Q�$�*C�*C�*E�*E�'Q��'Q��dict[str, bool | list[str]]c ��ddddddddgd� S)NT) �verify_signature� verify_exp� verify_nbf� verify_iat� verify_aud� verify_iss� verify_sub� verify_jti�require�r3r'r%r#zPyJWT._get_default_options#s.��!%�� r'T�payload�dict[str, Any]�key�(AllowedPrivateKeys | PyJWK | str | bytes� algorithm� str | None�headers�json_encoder�type[json.JSONEncoder] | None�sort_headers�bool�strc��t|t��std��|��}dD]T}t|�|��t ��r*t ||��||<�U|�|||��}tj ||||||��S)NzGExpecting a dict object, as JWT only supports JSON objects as payloads.)�exp�iat�nbf)r:r;)r=)� isinstance�dict� TypeError�copy�getrr�utctimetuple�_encode_payloadr �encode) r$r4r6r8r:r;r=� time_claim�json_payloads r%rKzPyJWT.encode1s��'�4�(�(� ��,�� ,�,�.�.��/� Q� Q�J��'�+�+�j�1�1�8�<�<� Q�&,�W�Z�-@�-M�-M�-O�-O�&P�&P�� #��+�+��%�,� � ��~��%� � � � r'�bytesc�V�tj|d|��d��S)z� Encode a given payload to the bytes to be signed. This method is intended to be overridden by subclasses that need to encode the payload in a different way, e.g. compress the payload. )�,�:)� separators�clszutf-8)�json�dumpsrK)r$r4r:r;s r%rJzPyJWT._encode_payloadWs3��z��!�� &��/�/� r'�r�jwt�str | bytes�'AllowedPublicKeys | PyJWK | str | bytes� algorithms�Sequence[str] | None�verify�bool | None�detached_payload�bytes | None�audience�str | Iterable[str] | None�issuer�str | Sequence[str] | None�subject�leeway�float | timedelta�kwargsrc��|r>tjdt|��td��t|pi��}|�dd��|�(||dkrtjdtd��|ds�|�dd ��|�d d ��|�dd ��|�dd ��|�d d ��|�dd ��|�dd ��tj |||||��}|� |��} i|j�|�}|�| |||| | ��| |d<|S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: �� stacklevelr*Tz�The `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. The equivalent is setting `verify_signature` to False in the `options` dictionary. This invocation has a mismatch between the kwarg and the option entry.)�categoryrkr+Fr,r-r.r/r0r1)r6rZrr^)r`rbrerdr4) �warnings�warn�tuple�keysrrE� setdefault�DeprecationWarningr �decode_complete�_decode_payloadr�_validate_claims)r$rWr6rZrr\r^r`rbrdrerg�decodedr4�merged_optionss r%rszPyJWT.decode_completeis��&� ��M�>�',�V�[�[�]�]�';�';�>�>�'�� w�}�"�%�%��-�t�4�4�4� ��&�G�4F�,G�"G�"G��M�Y�,�� )�*� 4��|�U�3�3�3��|�U�3�3�3��|�U�3�3�3��|�U�3�3�3��|�U�3�3�3��|�U�3�3�3��|�U�3�3�3��)��!��-� � � ��&�&�w�/�/��4�D�L�4�G�4�� %�� r'rvc�� tj|d��}n%#t$r}td|��|�d}~wwxYwt |t ��std��|S)a Decode the payload from a JWS dictionary (payload, signature, header). This method is intended to be overridden by subclasses that need to decode the payload in a different way, e.g. decompress compressed payloads. r4zInvalid payload string: Nz-Invalid payload string: must be a json object)rT�loads� ValueErrorrrDrE)r$rvr4�es r%rtzPyJWT._decode_payload�s�� E��j��!3�4�4�G�G�� E� E� E��<��<�<�=�=�1�D�� E��'�4�(�(� O��M�N�N�N��s�� ?�:�?c��|r>tjdt|��td��|�||||||||| | �� }|dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: rirj)r\r^r`rdrbrer4)rmrnrorprrs) r$rWr6rZrr\r^r`rdrbrergrvs r%�decodezPyJWT.decode�s��&� ��M�>�',�V�[�[�]�]�';�';�>�>�'�� &�&��-��'� � ��y�!�!r'c�0�t|t��r|��}|�+t|ttf��std��|�||��tjtj ��}d|vr|dr|�|||��d|vr|dr|� |||��d|vr|dr|�|||��|d r|�||��|d r,|�|||�dd�� |dr|�||��|dr|�|��dSdS)Nz+audience must be a string, iterable or None)�tzrBr-rCr,rAr+r/r.� strict_audF��strictr0r1)rDr� total_secondsr?rrF�_validate_required_claimsr�nowr �utc� timestamp� _validate_iat� _validate_nbf� _validate_exp� _validate_iss� _validate_audrH� _validate_sub� _validate_jti)r$r4rr`rbrdrer�s r%ruzPyJWT._validate_claims�s��f�i�(�(� ,��)�)�+�+�F�� 8�c�8�_�(M�(M��I�J�J�J��&�&�w��8�8�8��l�h�l�+�+�+�5�5�7�7��G�� 5��w��V�4�4�4��G�� 5��w��V�4�4�4��G�� 5��w��V�4�4�4��<� � 0��w��/�/�/��<� � ��'�+�+�l�E�*J�*J� � � � ��<� � 1��w��0�0�0��<� � (��w�'�'�'�'�'� (� (r'c�d�|dD]&}|�|��t|��'dS)Nr2)rHr)r$r4r�claims r%r�zPyJWT._validate_required_claimssG�� Y�'� 7� 7�E��{�{�5�!�!�)�/��6�6�6�*� 7� 7r'c��d|vrdSt|dt��std��|�(|�d��|krtd��dSdS)z� Checks whether "sub" if in the payload is valid ot not. This is an Optional claim :param payload(dict): The payload which needs to be validated :param subject(str): The subject of the token �subNzSubject must be a stringzInvalid subject)rDr?rrH)r$r4rds r%r�zPyJWT._validate_subst��F��'�%�.�#�.�.� B�%�&@�A�A�A��{�{�5�!�!�W�,�,�)�*;�<�<�<��,�,r'c��d|vrdSt|�d��t��std��dS)z� Checks whether "jti" if in the payload is valid ot not This is an Optional claim :param payload(dict): The payload which needs to be validated �jtiNzJWT ID must be a string)rDrHr?r)r$r4s r%r�zPyJWT._validate_jti2sK��F��'�+�+�e�,�,�c�2�2� =�!�";�<�<�<� =� =r'r��floatc�� t|d��}n#t$rtd��d�wxYw|||zkrtd��dS)NrBz)Issued At claim (iat) must be an integer.z The token is not yet valid (iat))�intrzrr)r$r4r�rerBs r%r�zPyJWT._validate_iat@su�� g�e�n�%�%�C�C�� &�;�� #��,��(�)K�L�L�L� ��3c�� t|d��}n#t$rtd��d�wxYw|||zkrtd��dS)NrCz*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))r�rzrr)r$r4r�rerCs r%r�zPyJWT._validate_nbfOst�� V��g�e�n�%�%�C�C�� V� V� V��J�K�K�QU�U� V��#��,��(�)K�L�L�L� �r�c�� t|d��}n#t$rtd��d�wxYw|||z krtd��dS)NrAz/Expiration Time claim (exp) must be an integer.zSignature has expired)r�rzrr)r$r4r�rerAs r%r�zPyJWT._validate_exp]su�� g�e�n�%�%�C�C�� A�� 3��<� � �'�(?�@�@�@�!� r�Fr�r�c��|�d|vs|dsdStd��d|vs|dstd��|d�|r_t|t��std��t�t��std��|�krtd��dSt�t��r�g�t�t��std��td��D��rtd��t|t��r|g}t �fd�|D��rtd ��dS) N�audzInvalid audiencezInvalid audience (strict)z&Invalid claim format in token (strict)zAudience doesn't match (strict)zInvalid claim format in tokenc3�BK�|]}t|t��V��dSr")rDr?)�.0�cs r%� <genexpr>z&PyJWT._validate_aud.<locals>.<genexpr>�s/��?�?�!�:�a��%�%�%�?�?�?�?�?�?r'c3� �K�|]}|�vV�� dSr"r3)r�r��audience_claimss �r%r�z&PyJWT._validate_aud.<locals>.<genexpr>�s(��>�>�c�s�/�)�>�>�>�>�>�>r'zAudience doesn't match)rrrDr?�list�any�all)r$r4r`r�r�s @r%r�zPyJWT._validate_audms��G�#�#�7�5�>�#��'�'9�:�:�:��w�u�~��,�E�2�2�2�!�%�.�� h��,�,� H�*�+F�G�G�G��o�s�3�3� U�*�+S�T�T�T��?�*�*�*�+L�M�M�M��F��o�s�+�+� 0�.�/�O��/�4�0�0� H�&�'F�G�G�G��?�?��?�?�?�?�?� H�&�'F�G�G�G��h��$�$� "� �z�H��>�>�>�>�X�>�>�>�>�>� A�&�'?�@�@�@� A� Ar'c��|�dSd|vrtd��t|t��r|d|krtd��dS|d|vrtd��dS)N�isszInvalid issuer)rrDr?r)r$r4rbs r%r�zPyJWT._validate_iss�s��>��F��+�E�2�2�2��f�c�"�"� ;��u�~��'�'�(�)9�:�:�:�(�'��u�~�V�+�+�(�)9�:�:�:�,�+r'r")rrrr )rr()NNNT)r4r5r6r7r8r9r:rr;r<r=r>rr?)NN)r4r5r:rr;r<rrN) rVNNNNNNNr)rWrXr6rYrZr[rrr\r]r^r_r`rarbrcrdr9rerfrgrrr5)rvr5rr)rWrXr6rYrZr[rrr\r]r^r_r`rardr9rbrcrerfrgrrr)NNNr) r4r5rr5rdr9rerfrr )r4r5rr5rr )r4r5rr )r4r5r�r�rer�rr )r4r5r`rar�r>rr )r4r5rbrrr )�__name__� __module__�__qualname__r&�staticmethodr#rKrJrsrtr}rur�r�r�r�r�r�r�r�r3r'r%rrs��R�R�R�R�R� � � � ��\� �"!%�)-�6:�!�$ �$ �$ �$ �$ �R*.�6:� ��*8:�+/�)-�"�)-�04�-1�"�$%�H�H�H�H�H�T��&8:�+/�)-�"�)-�04�"�-1�$%�'"�'"�'"�'"�'"�Z��"�$%�((�((�((�((�((�T7�7�7�7�=�=�=�=�=�&=�=�=�=� M� M� M� M�M�M�M�M�A�A�A�A�*�0A�0A�0A�0A�0A�0A�d;�;�;�;�;�;r'r)&� __future__rrTrm�calendarr�collections.abcrrrrr �typingr rrVr � exceptionsrrrrrrrrrrrZrr�api_jwkrr�_jwt_global_objrKrsr}r3r'r%�<module>r�s��"�"�"�"�"�"��.�.�.�.�.�.�.�.�2�2�2�2�2�2�2�2�2�2�%�%�%�%�%�%�%�%�� -�,�,�,�,�,��A�A�A�A�A�A�A�A��N;�N;�N;�N;�N;�N;�N;�N;�b�%�'�'�� !�1�� r'