U
    6d                     @   s   d Z ddlZddlZddlZddlZddlZddlmZ ddlmZ dZ	dZ
dd ZeejG d	d
 d
eZG dd deZG dd deZG dd deZdd e e e fD ZdS )z" Challenges for reauthentication.
    N)_helpers)
exceptionszhttps://accounts.google.comzFPlease run `gcloud auth login` to complete reauthentication with SAML.c                 C   s
   t  | S )zGet password from user.

    Override this function with a different logic if you are using this library
    outside a CLI.

    Args:
        text (str): message for the password prompt.

    Returns:
        str: password string.
    )getpass)text r   </tmp/pip-unpacked-wheel-h3lf9jv9/google/oauth2/challenges.pyget_user_password#   s    r   c                   @   sB   e Zd ZdZeejdd Zeejdd Zejdd Z	dS )	ReauthChallengez!Base class for reauth challenges.c                 C   s   t ddS )z"Returns the name of the challenge.z!name property must be implementedNNotImplementedErrorselfr   r   r   name6   s    zReauthChallenge.namec                 C   s   t ddS )zAReturns true if a challenge is supported locally on this machine.z0is_locally_eligible property must be implementedNr
   r   r   r   r   is_locally_eligible<   s    z#ReauthChallenge.is_locally_eligiblec                 C   s   t ddS )ac  Performs logic required to obtain credentials and returns it.

        Args:
            metadata (Mapping): challenge metadata returned in the 'challenges' field in
                the initial reauth request. Includes the 'challengeType' field
                and other challenge-specific fields.

        Returns:
            response that will be send to the reauth service as the content of
            the 'proposalResponse' field in the request body. Usually a dict
            with the keys specific to the challenge. For example,
            ``{'credential': password}`` for password challenge.
        z1obtain_challenge_input method must be implementedNr
   r   metadatar   r   r   obtain_challenge_inputB   s    z&ReauthChallenge.obtain_challenge_inputN)
__name__
__module____qualname____doc__propertyabcabstractmethodr   r   r   r   r   r   r   r	   2   s   r	   c                   @   s:   e Zd ZdZedd Zedd Zee	dd Z
dS )	PasswordChallengez(Challenge that asks for user's password.c                 C   s   dS )NZPASSWORDr   r   r   r   r   r   W   s    zPasswordChallenge.namec                 C   s   dS NTr   r   r   r   r   r   [   s    z%PasswordChallenge.is_locally_eligiblec                 C   s   t d}|sd}d|iS )NzPlease enter your password: Z
credential)r   )r   Zunused_metadatapasswdr   r   r   r   _   s    z(PasswordChallenge.obtain_challenge_inputNr   r   r   r   r   r   r   r   Zcopy_docstringr	   r   r   r   r   r   r   T   s   

r   c                   @   s:   e Zd ZdZedd Zedd Zee	dd Z
dS )	SecurityKeyChallengez2Challenge that asks for user's security key touch.c                 C   s   dS )NZSECURITY_KEYr   r   r   r   r   r   j   s    zSecurityKeyChallenge.namec                 C   s   dS r   r   r   r   r   r   r   n   s    z(SecurityKeyChallenge.is_locally_eligiblec              
   C   sp  zdd l }dd l}dd l}W n tk
r:   tdY nX |d }|d }|d }g }|D ]P}|d d}|jt	t
|}	|d d}
t
|
}
||	|
d	 q\z,|jjt}|j||tjjd
}d|iW S  |jjk
rF } zH|j|jjjkrtjd n$|j|jjjkr2tjd n|W 5 d }~X Y n& |jjk
rj   tjd Y nX d S )Nr   zpyu2f dependency is required to use Security key reauth feature. It can be installed via `pip install pyu2f` or `pip install google-auth[reauth]`.ZsecurityKey
challengesZapplicationIdZ	keyHandleascii	challenge)keyr"   )Zprint_callbackzIneligible security key.
z0Timed out while waiting for security key touch.
zNo security key found.
)Zpyu2f.convenience.authenticatorZpyu2f.errorsZpyu2f.modelImportErrorr   ZReauthFailErrorencodemodelZRegisteredKey	bytearraybase64urlsafe_b64decodeappendZconvenienceZauthenticatorZCreateCompositeAuthenticatorREAUTH_ORIGINZAuthenticatesysstderrwriteerrorsZU2FErrorcodeZDEVICE_INELIGIBLETIMEOUTZNoDeviceFoundError)r   r   Zpyu2fskr    Zapp_idZchallenge_datacZkhr#   r"   apiresponseer   r   r   r   r   sJ    

  
z+SecurityKeyChallenge.obtain_challenge_inputNr   r   r   r   r   r   g   s   

r   c                   @   s0   e Zd ZdZedd Zedd Zdd ZdS )	SamlChallengezChallenge that asks the users to browse to their ID Providers.

    Currently SAML challenge is not supported. When obtaining the challenge
    input, exception will be raised to instruct the users to run
    `gcloud auth login` for reauthentication.
    c                 C   s   dS )NZSAMLr   r   r   r   r   r      s    zSamlChallenge.namec                 C   s   dS r   r   r   r   r   r   r      s    z!SamlChallenge.is_locally_eligiblec                 C   s   t td S )N)r   ZReauthSamlChallengeFailErrorSAML_CHALLENGE_MESSAGEr   r   r   r   r      s    z$SamlChallenge.obtain_challenge_inputN)r   r   r   r   r   r   r   r   r   r   r   r   r7      s   

r7   c                 C   s   i | ]}|j |qS r   )r   ).0r"   r   r   r   
<dictcomp>   s    r:   )r   r   r(   r   r,   sixZgoogle.authr   r   r+   r8   r   add_metaclassABCMetaobjectr	   r   r   r7   ZAVAILABLE_CHALLENGESr   r   r   r   <module>   s&   
!6