G)fD/dZddlmZdgZddlZddlmZmZmZm Z ddl m Z m Z m Z ddlmZmZmZmZmZmZmZdd lmZd d lmZd d lmZmZd d lmZerd dlmZGddZy)z6Implementing support for MySQL Authentication Plugins.) annotationsMySQLAuthenticatorN) TYPE_CHECKINGAnyDictOptional)InterfaceErrorNotSupportedError get_exception)AUTH_SWITCH_STATUSDEFAULT_CHARSET_IDDEFAULT_MAX_ALLOWED_PACKET ERR_STATUSEXCHANGE_FURTHER_STATUS MFA_STATUS OK_STATUS) HandShakeType)logger)MySQLAuthPluginget_auth_plugin) MySQLProtocol) MySQLSocketc eZdZdZd dZeddZeddZ d ddZ ddZ ddZ d d d d de d e dddd f dd Z y)rz$Implements the authentication phase.cXd|_i|_i|_d|_d|_d|_y)z Constructor.FN) _username _passwords_plugin_config _ssl_enabled_auth_strategy_auth_plugin_classselfs _/var/www/html/flask-app/venv/lib/python3.12/site-packages/mysql/connector/aio/authentication.py__init__zMySQLAuthenticator.__init__=s0 *,.0"'9=15c|jS)z&Signals whether or not SSL is enabled.)r!r$s r& ssl_enabledzMySQLAuthenticator.ssl_enabledFs   r(c|jS)aCustom arguments that are being provided to the authentication plugin. The parameters defined here will override the ones defined in the auth plugin itself. The plugin config is a read-only property - the plugin configuration provided when invoking `authenticate()` is recorded and can be queried by accessing this property. Returns: dict: The latest plugin configuration provided when invoking `authenticate()`. )r r$s r& plugin_configz MySQLAuthenticator.plugin_configKs"""r(Nc| |j}| |j}tjd|t ||||j j |d|j|_y)aSwitch the authorization plugin. Args: new_strategy_name: New authorization plugin name to switch to. strategy_class: New authorization plugin class to switch to (has higher precedence than the authorization plugin name). username: Username to be used - if not defined, the username provided when `authentication()` was invoked is used. password_factor: Up to three levels of authentication (MFA) are allowed, hence you can choose the password corresponding to the 1st, 2nd, or 3rd factor - 1st is the default. NzSwitching to strategy %s) plugin_nameauth_plugin_classr)r*) rr#rdebugrrgetr*r")r%new_strategy_namestrategy_classusernamepassword_factors r&_switch_auth_strategyz(MySQLAuthenticator._switch_auth_strategy\sq&  ~~H  !!44N /1BC o)^   OO   4((  r(cKd}|dtk(r=||jvr tdtj|\}}|j ||t jd||jj|jj||fi|jd{}|dtk(rEtj|}|jj||fi|jd{}|dtk(rt jd|S|dt k(r t#||dz }|dtk(r=t j$d y77iw) a Handle MFA (Multi-Factor Authentication) response. Up to three levels of authentication (MFA) are allowed. Args: sock: Pointer to the socket connection. pkt: MFA response. Returns: ok_packet: If last server's response is an OK packet. None: If last server's response isn't an OK packet and no ERROR was raised. Raises: InterfaceError: If got an invalid N factor. errors.ErrorTypes: If got an ERROR response. r z5Failed Multi Factor Authentication (invalid N factor))r5zMFA %i factor %sNzMFA completed succesfullyrz"MFA terminated with a no ok packet)rrr rparse_auth_next_factorr6rr0r"nameauth_switch_responser rparse_auth_more_dataauth_more_responserrr warning)r%sockpktn_factorr2 auth_datas r& _mfa_n_factorz MySQLAuthenticator._mfa_n_factor~si*!f "t.$K,9+O+OPS+T ( y  & &'8( & S LL+Xt7J7J7O7O P@++@@i#'#6#6C1v00)>>sC BD//BB)'+':':1v" 89 1v##C(( MH7!f ": ;<) s,B*E),E%-AE)=E'>AE)E)'E)cK|dtk(rt|dk(r td|dtk(rntjdt j |\}}|j||jj||fi|jd{}|dtk(rZtjdt j|}|jj||fi|jd{}|dtk(r,tjd|jj|S|dt k(rYtjdtjd |jj|j#||d{S|dt$k(r t'|y7 77!w) aHandle server's response. Args: sock: Pointer to the socket connection. pkt: Server's response after completing the `HandShakeResponse`. Returns: ok_packet: If last server's response is an OK packet. None: If last server's response isn't an OK packet and no ERROR was raised. Raises: errors.ErrorTypes: If got an ERROR response. NotSupportedError: If got Authentication with old (insecure) passwords. r8zAuthentication with old (insecure) passwords is not supported. For more information, lookup Password Hashing in the latest MySQL manualz+Server's response is an auth switch requestNzExchanging further packetsz%s completed succesfullyz$Starting multi-factor authenticationzMFA 1 factor %s)r lenr rr0rparse_auth_switch_requestr6r"r;r rr<r=rr:rrCrr )r%r?r@r2rBs r&_handle_server_responsez*MySQLAuthenticator._handle_server_responses& q6' 'CHM#>  q6' ' LLF G+8+R+RSV+W ( y  & &'8 9@++@@i#'#6#6C q6, , LL5 6%::3?I>++>>i#'#6#6C q6Y  LL3T5H5H5M5M NJ q6Z  LL? @ LL*D,?,?,D,D E++D#66 6 q6Z $ $/7s8BGF=A%GGBG G!GGGrrFcK||_|||d|_tj||_| |_t j|||||| | | | | ||j|j \}|_ |rdnd}|j|g|d{t|jd{}|j||d{}| tdd|S7O747w)a Perform the authentication phase. During re-authentication you must set `is_change_user_request` to True. Args: sock: Pointer to the socket connection. handshake: Initial handshake. username: Account's username. password1: Account's password factor 1. password2: Account's password factor 2. password3: Account's password factor 3. database: Initial database name for the connection. charset: Client charset (see [1]), only the lower 8-bits. client_flags: Integer representing client capabilities flags. max_allowed_packet: Maximum packet size. auth_plugin: Authorization plugin name. auth_plugin_class: Authorization plugin class (has higher precedence than the authorization plugin name). conn_attrs: Connection attributes. is_change_user_request: Whether is a `change user request` operation or not. plugin_config: Custom configuration to be passed to the auth plugin when invoked. The parameters defined here will override the ones defined in the auth plugin itself. Returns: ok_packet: OK packet. Raises: InterfaceError: If OK packet is NULL. References: [1]: https://dev.mysql.com/doc/dev/mysql-server/latest/ page_protocol_basic_character_set.html#a_protocol_character_set )rr ) handshaker4passworddatabasecharset client_flagsmax_allowed_packet auth_pluginr/ conn_attrsis_change_user_requestr*r,)rr)NNNzGot a NULL ok_pkt)rrcopydeepcopyr r#r make_authr*r,r"writebytesreadrHr )r%r?rKr4 password1 password2 password3rMrNrOrPrQr/rRrSr,response_payload send_argsr@ok_pkts r& authenticatezMySQLAuthenticator.authenticatesj"'I)D"mmM:"31>0G0G%1#/!#9((,,1 -$-"5F, djj)6I666$))+%&33D#>> > !454 ?  7&>s6BC&C C&-C".C& C$ C&"C&$C&)returnNone)rabool)razDict[str, Any])NNr) r2strr3 Optional[str]r4rer5intrarb)r?rr@rXrazOptional[bytes]) r?rrKrr4rdrZrdr[rdr\rdrMrerNrfrOrfrPrfrQrer/rerRzOptional[Dict[str, str]]rSrcr,rrarX)__name__ __module__ __qualname____doc__r'propertyr*r,r6rCrHrrr`r(r&rr:s.6!!##&)-"&    &        D444  4l555  5v"&)"<%)+//3',VV!V V  V  VV VVV V#V)V-V!%V !V" #Vr() rj __future__r__all__rTtypingrrrrerrorsr r r protocolr rrrrrrtypesrrpluginsrrrnetworkrrrlr(r&rusS:="   55EE"5#$GGr(