g2dZddlmZdgZddlmZmZmZmZddl m Z m Z m Z ddl mZmZmZmZmZmZmZddlmZd d lmZd d lmZmZd d l mZerd d lmZGddZdS)z6Implementing support for MySQL Authentication Plugins.) annotationsMySQLAuthenticator) TYPE_CHECKINGAnyDictOptional)InterfaceErrorNotSupportedError get_exception)AUTH_SWITCH_STATUSDEFAULT_CHARSET_IDDEFAULT_MAX_ALLOWED_PACKET ERR_STATUSEXCHANGE_FURTHER_STATUS MFA_STATUS OK_STATUS) HandShakeType)logger)MySQLAuthPluginget_auth_plugin) MySQLProtocol) MySQLSocketceZdZdZd2dZed3dZed4dZd5d Z d6d7dZ d8dZ d8dZ ddddd e dde d d d dd d fd9d1Zd S):rz$Implements the authentication phase.returnNonecZd|_i|_i|_d|_d|_d|_dS)z Constructor.FN) _username _passwords_plugin_config _ssl_enabled_auth_strategy_auth_plugin_classselfs n/var/www/html/nodeJS/PythonScripts/venv3.11/lib/python3.11/site-packages/mysql/connector/aio/authentication.py__init__zMySQLAuthenticator.__init__;s6 *,.0"'9=15boolc|jS)z&Signals whether or not SSL is enabled.)r#r&s r( ssl_enabledzMySQLAuthenticator.ssl_enabledDs   r*Dict[str, Any]c|jS)aCustom arguments that are being provided to the authentication plugin. The parameters defined here will override the ones defined in the auth plugin itself. The plugin config is a read-only property - the plugin configuration provided when invoking `authenticate()` is recorded and can be queried by accessing this property. Returns: dict: The latest plugin configuration provided when invoking `authenticate()`. )r"r&s r( plugin_configz MySQLAuthenticator.plugin_configIs ""r*configc:|j|dS)z,Update the 'plugin_config' instance variableN)r"update)r'r1s r(update_plugin_configz'MySQLAuthenticator.update_plugin_configZs ""6*****r*Nrnew_strategy_namestrstrategy_class Optional[str]usernamepassword_factorintc||j}||j}tjd|t ||||j|d|j|_dS)aSwitch the authorization plugin. Args: new_strategy_name: New authorization plugin name to switch to. strategy_class: New authorization plugin class to switch to (has higher precedence than the authorization plugin name). username: Username to be used - if not defined, the username provided when `authentication()` was invoked is used. password_factor: Up to three levels of authentication (MFA) are allowed, hence you can choose the password corresponding to the 1st, 2nd, or 3rd factor - 1st is the default. NzSwitching to strategy %s) plugin_nameauth_plugin_classr)r-) r r%rdebugrr!getr-r$)r'r5r7r9r:s r(_switch_auth_strategyz(MySQLAuthenticator._switch_auth_strategy^s&  ~H  !!4N /1BCCC o)^     O   4 4(    r*sockrpktbytesOptional[bytes]cKd}|dtkr'||jvrtdtj|\}}|||t jd||jj |jj ||fi|j d{V}|dtkr3tj |}|jj||fi|j d{V}|dtkrt jd|S|dt krt#||dz }|dtk't jd dS) a Handle MFA (Multi-Factor Authentication) response. Up to three levels of authentication (MFA) are allowed. Args: sock: Pointer to the socket connection. pkt: MFA response. Returns: ok_packet: If last server's response is an OK packet. None: If last server's response isn't an OK packet and no ERROR was raised. Raises: InterfaceError: If got an invalid N factor. errors.ErrorTypes: If got an ERROR response. r z5Failed Multi Factor Authentication (invalid N factor))r:zMFA %i factor %sNzMFA completed succesfullyrz"MFA terminated with a no ok packet)rr!r rparse_auth_next_factorrArr?r$nameauth_switch_responser"rparse_auth_more_dataauth_more_responserrr warning)r'rBrCn_factorr5 auth_datas r( _mfa_n_factorz MySQLAuthenticator._mfa_n_factors*!f ""t..$K,9+OPS+T+T ( y  & &'8( & S S S L+Xt7J7O P P P@+@i#'#6C1v000)>sCC BD/B)'+':1v"" 8999 1v###C((( MH7!f "": ;<<<tr*cdK|dtkr"t|dkrtd|dtkr_tjdt j|\}}|||jj ||fi|j d{V}|dtkrGtjdt j |}|jj ||fi|j d{V}|dtkr!tjd|jj|S|dt krOtjdtjd |jj|||d{VS|dt$krt'|dS) aHandle server's response. Args: sock: Pointer to the socket connection. pkt: Server's response after completing the `HandShakeResponse`. Returns: ok_packet: If last server's response is an OK packet. None: If last server's response isn't an OK packet and no ERROR was raised. Raises: errors.ErrorTypes: If got an ERROR response. NotSupportedError: If got Authentication with old (insecure) passwords. rGzAuthentication with old (insecure) passwords is not supported. For more information, lookup Password Hashing in the latest MySQL manualz+Server's response is an auth switch requestNzExchanging further packetsz%s completed succesfullyz$Starting multi-factor authenticationzMFA 1 factor %s)r lenr rr?rparse_auth_switch_requestrAr$rJr"rrKrLrrIrrPrr )r'rBrCr5rOs r(_handle_server_responsez*MySQLAuthenticator._handle_server_responses& q6' ' 'CHHMM#>  q6' ' ' LF G G G+8+RSV+W+W ( y  & &'8 9 9 9@+@i#'#6C q6, , , L5 6 6 6%:3??I>+>i#'#6C q6Y   L3T5H5M N N NJ q6Z   L? @ @ @ L*D,?,D E E E++D#66666666 6 q6Z  $$ $tr*rrF handshaker password1 password2 password3databasecharset client_flagsr-max_allowed_packet auth_pluginr> conn_attrsOptional[Dict[str, str]]is_change_user_request read_timeout Optional[int] write_timeoutcK||_|||d|_| |_| |_t j|||||| | | | |||j|j \}|_|rdd|fndd|f}|j |g|Rd{Vt| |d{V}| ||d{V}|tdd|S)aPerform the authentication phase. During re-authentication you must set `is_change_user_request` to True. Args: sock: Pointer to the socket connection. handshake: Initial handshake. username: Account's username. password1: Account's password factor 1. password2: Account's password factor 2. password3: Account's password factor 3. database: Initial database name for the connection. charset: Client charset (see [1]), only the lower 8-bits. client_flags: Integer representing client capabilities flags. ssl_enabled: Boolean indicating whether SSL is enabled, max_allowed_packet: Maximum packet size. auth_plugin: Authorization plugin name. auth_plugin_class: Authorization plugin class (has higher precedence than the authorization plugin name). conn_attrs: Connection attributes. is_change_user_request: Whether is a `change user request` operation or not. read_timeout: Timeout in seconds upto which the connector should wait for the server to reply back before raising an ReadTimeoutError. write_timeout: Timeout in seconds upto which the connector should spend to send data to the server before raising an WriteTimeoutError. Returns: ok_packet: OK packet. Raises: InterfaceError: If OK packet is NULL. ReadTimeoutError: If the time taken for the server to reply back exceeds 'read_timeout' (if set). WriteTimeoutError: If the time taken to send data packets to the server exceeds 'write_timeout' (if set). References: [1]: https://dev.mysql.com/doc/dev/mysql-server/latest/ page_protocol_basic_character_set.html#a_protocol_character_set )rr ) rVr9passwordrZr[r\r]r^r>r_rar-r0rNzGot a NULL ok_pkt)r r!r#r%r make_authr-r0r$writerDreadrUr )r'rBrVr9rWrXrYrZr[r\r-r]r^r>r_rarbrdresponse_payload send_argsrCok_pkts r( authenticatezMySQLAuthenticator.authenticatesCz"'I)DD'"31>0G%1#/!#9(,1 1 1 -$-&& -Q= ! !m,  dj)6I6666666666$))L111111112233D#>>>>>>>> > !4554 ? r*)rr)rr+)rr.)r1r.rr)NNr) r5r6r7r8r9r8r:r;rr)rBrrCrDrrE)$rBrrVrr9r6rWr6rXr6rYr6rZr8r[r;r\r;r-r+r]r;r^r8r>r8r_r`rar+rbrcrdrcrrD)__name__ __module__ __qualname____doc__r)propertyr-r0r4rArPrUrrrnr*r(rr8s ..6666!!!X!###X# ++++)-"&      D4444l5555v"&)!"<%)+//3',&*'+%bbbbbbbr*N)rr __future__r__all__typingrrrrerrorsr r r protocolr rrrrrrtypesrrpluginsrrrnetworkrrrtr*r(r}si:=<""""""  555555555555EEEEEEEEEE"!!!!!55555555######%$$$$$$WWWWWWWWWWr*