U gs.@sddlmZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZmZmZddlmZmZmZejrdd lmZd d d d gZGdd d ZGdddeZGdd d eZGdd d eZGdd d eZGdddejZdS)) annotationsN) b64encode)parse_http_list) ProtocolError)CookiesRequestResponse)to_bytesto_strunquote)_HashAuth BasicAuth DigestAuth NetRCAuthc@sHeZdZdZdZdZdddddZddddd Zdd dd d Zd S)ra Base class for all authentication schemes. To implement a custom authentication scheme, subclass `Auth` and override the `.auth_flow()` method. If the authentication scheme does I/O such as disk access or network calls, or uses synchronization primitives such as locks, you should override `.sync_auth_flow()` and/or `.async_auth_flow()` instead of `.auth_flow()` to provide specialized implementations that will be used by `Client` and `AsyncClient` respectively. Fr)typing.Generator[Request, Response, None]requestreturnccs |VdS)a Execute the authentication flow. To dispatch a request, `yield` it: ``` yield request ``` The client will `.send()` the response back into the flow generator. You can access it like so: ``` response = yield request ``` A `return` (or reaching the end of the generator) will result in the client returning the last response obtained from the server. You can dispatch as many requests as is necessary. Nselfrrr//tmp/pip-unpacked-wheel-ql4n0x43/httpx/_auth.py auth_flow&szAuth.auth_flowccsb|jr|||}t|}|V}|jr4|z||}Wq tk rZYq^Yq Xq dS)z Execute the authentication flow synchronously. By default, this defers to `.auth_flow()`. You should override this method when the authentication scheme does I/O and/or uses concurrency primitives. N)requires_request_bodyreadrnextrequires_response_bodysend StopIterationrrZflowresponserrrsync_auth_flow>s  zAuth.sync_auth_flowz(typing.AsyncGenerator[Request, Response]cCsn|jr|IdH||}t|}|V}|jr@|IdHz||}Wq&tk rfYqjYq&Xq&dS)z Execute the authentication flow asynchronously. By default, this defers to `.auth_flow()`. You should override this method when the authentication scheme does I/O and/or uses concurrency primitives. N)rZareadrrrrr r!rrrasync_auth_flowWs  zAuth.async_auth_flowN) __name__ __module__ __qualname____doc__rrrr#r$rrrrrs  c@s0eZdZdZdddddZddd d d Zd S) FunctionAuthz Allows the 'auth' argument to be passed as a simple callable function, that takes the request, and returns a new, modified request. z#typing.Callable[[Request], Request]None)funcrcCs ||_dSNZ_func)rr+rrr__init__wszFunctionAuth.__init__rrrccs||VdSr,r-rrrrrzszFunctionAuth.auth_flowN)r%r&r'r(r.rrrrrr)qsr)c@sDeZdZdZddddddZddd d d Zddd dd dZdS)rzy Allows the 'auth' argument to be passed as a (username, password) pair, and uses HTTP Basic authentication. str | bytesr*usernamepasswordrcCs||||_dSr,)_build_auth_header _auth_headerrr1r2rrrr.szBasicAuth.__init__rrrccs|j|jd<|VdS)N Authorization)r4headersrrrrrs zBasicAuth.auth_flowstrcCs,dt|t|f}t|}d|SN:zBasic joinr rdecoderr1r2Zuserpasstokenrrrr3s zBasicAuth._build_auth_headerNr%r&r'r(r.rr3rrrrr~sc@sDeZdZdZddddddZdd d d d Zd d ddddZdS)rzT Use a 'netrc' file to lookup basic auth credentials based on the url host. Nz str | Noner*)filercCsddl}|||_dS)Nr)netrc _netrc_info)rrArBrrrr.szNetRCAuth.__init__rrrccsN|j|jj}|dks |ds(|Vn"|j|d|dd|jd<|VdS)Nr)r1r2r6)rCauthenticatorsurlhostr3r7)rrZ auth_inforrrrs zNetRCAuth.auth_flowr/r8r0cCs,dt|t|f}t|}d|Sr9r;r>rrrr3s zNetRCAuth._build_auth_header)Nr@rrrrrs c @seZdZUejejejejejejejejdZde d<ddddddZ d d d d d Z d ddddddZ d dddddZ ddddddZdddddZd d d d!d"d#Zd$S)%r)MD5zMD5-SESSSHAzSHA-SESSzSHA-256z SHA-256-SESSzSHA-512z SHA-512-SESSz*dict[str, typing.Callable[[bytes], _Hash]]_ALGORITHM_TO_HASH_FUNCTIONr/r*r0cCs$t||_t||_d|_d|_dS)Nr)r _username _password_last_challenge _nonce_countr5rrrr.s  zDigestAuth.__init__rrrccs|jr|||j|jd<|V}|jdks4d|jkr8dS|jdD]}|drDq`qDdS|||||_d|_|||j|jd<|j rt |j j |d|VdS)Nr6izwww-authenticatezdigest rr) rMr3r7 status_codeZget_listlower startswith_parse_challengerNcookiesrZset_cookie_header)rrr" auth_headerrrrrs*  zDigestAuth.auth_flowr r8_DigestAuthChallenge)rr"rUrc Cs|d\}}}|dks ti}t|D]$}|dd\} } t| || <q,zh|d} |d} |dd} d |kr|d nd }d |kr|d nd }t | | | ||d WSt k r}zd }t ||d|W5d }~XYnXd S)z Returns a challenge from a Digest WWW-Authenticate header. These take the form of: `Digest realm="realm@host.com",qop="auth,auth-int",nonce="abc",opaque="xyz"`  digest=rrealmnonce algorithmrHopaqueNqop)rZr[r\r]r^z(Malformed Digest WWW-Authenticate headerrO) partitionrQAssertionErrorrstripsplitr encodegetrVKeyErrorr)rrr"rUscheme_fieldsZ header_dictfieldkeyvaluerZr[r\r]r^excmessagerrrrSs,    zDigestAuth._parse_challenge)r challengercsR|j|jdddfdd }d|j|j|jf}|jj}d|j |f}||}d|j }| |j |j } |j d7_ ||} |jdr|d| |j | f} |j|j|d } | dkr| |j |g} n| |j || | |g} |j|j|j ||d| |j d } |jr&|j| d <| rDd | d <|| d<| | d<d|| S)Nbytes)datarcs|Sr,) hexdigestrc)rpZ hash_funcrrrXsz-DigestAuth._build_auth_header..digestr:s%08xrz-sessrO)r1rZr[urir"r\r]authr^nccnoncezDigest )rJr\upperr<rKrZrLrFraw_pathmethodrcrN_get_client_noncer[rQendswith _resolve_qopr^r]_get_header_value)rrrnrXA1pathA2HA2Znc_valuervHA1r^Z digest_dataZ format_argsrrrrr3s<   zDigestAuth._build_auth_headerintro) nonce_countr[rcCsLt|}||7}|t7}|td7}t|ddS)N) r8rctimectimeosurandomhashlibsha1rq)rrr[srrrrz/s  zDigestAuth._get_client_noncezdict[str, bytes]) header_fieldsrc Csbd}d}d}d}t|D]@\}\}}|dkr8|d7}||krD|n|} || |t|7}q|S)N)r\r^ruz{}="{}"z{}={}rz, ) enumerateitemsformatr ) rrZNON_QUOTED_FIELDSZQUOTED_TEMPLATEZNON_QUOTED_TEMPLATE header_valueirirktemplaterrrr}7szDigestAuth._get_header_value bytes | None)r^rrcCsR|dkr dStd|}d|kr$dS|dgkr6tdd|d}t||ddS)Ns, ?rtsauth-intz.Digest auth-int support is not yet implementedzUnexpected qop value "z" in digest authrO)rerbNotImplementedErrorr)rr^rZqopsrmrrrr|Is   zDigestAuth._resolve_qopN)r%r&r'rmd5rsha256sha512rJ__annotations__r.rrSr3rzr}r|rrrrrs  0c@s6eZdZUded<ded<ded<ded<ded<d S) rVrorZr[r8r\rr]r^N)r%r&r'rrrrrrVWs rV) __future__rrrrrtypingbase64rurllib.requestr _exceptionsrZ_modelsrrr _utilsr r r TYPE_CHECKINGr __all__rr)rrr NamedTuplerVrrrrs(      [ )