U v^Hx@sddlmZeZdddddddgZzdd lmZWn ek rRdd lmZYnXdd l Z dd l Z dd l m Z dd l Z dd l mZdd lZzdd lmZWn ek rdd lmZYnXzddlmZWn ek rddlmZYnXdd lZddlmZmZz dd lZWnek r2dd lZYnXddlmZeekrPeZ neZ ddl!m"Z"ddl#m$Z%m&Z&m'Z'm(Z(ddl)m*Z*dZ+dZ,dZ-dZ.dZ/e0e1e2fZ3ddZ4ddZ5Gddde'Z6Gddde%Z$Gddde%Z7Gd dde8Z9Gd!d"d"e9Z:Gd#d$d$e9Z;Gd%d&d&e9ZGd*dde>Z?Gd+d,d,e@ZAGd-d.d.eAZBGd/d0d0eAZCGd1d2d2eCZDGd3d4d4eCZEGd5d6d6eEZFGd7d8d8eAZGGd9d:d:eAZHGd;d<dd>eAZJd S)?)print_function AccessTokenAnonymousAccessToken AuthorizeRequestTokenWithBrowserCredentialStoreRequestTokenAuthorizationEngineConsumer Credentials)StringION)select)stdin) urlencode)urljoin) b64decode b64encode)parse_qs) HTTPError)rrOAuthAuthorizerSystemWideConsumer)urisz+request-tokenz +access-tokenz+authorize-tokenicCsttjddS)zWhether the user has disabled SSL certificate connection. Some testing servers have broken certificates. Rather than raising an error, we allow an environment variable, ``LP_DISABLE_SSL_CERTIFICATE_VALIDATION`` to disable the check. Z%LP_DISABLE_SSL_CERTIFICATE_VALIDATIONF)boolosenvirongetrr:/usr/lib/python3/dist-packages/launchpadlib/credentials.py$_ssl_certificate_validation_disabledYs  rcCsDt}tj|dj|d|t|d\}}|jdkr cCs0t}|||}t|tr,|d}|S)zeTurn this object into a string. This should probably be moved into OAuthAuthorizer. utf-8)r savegetvalue isinstance unicode_typeencode)selfZsio serializedrrr serializes    zCredentials.serializecCs,|}t|ts|d}|t||S)z}Create a `Credentials` object from a serialized string. This should probably be moved into OAuthAuthorizer. r*)r-r.decodeloadr )clsvalue credentialsrrr from_strings   zCredentials.from_stringc Cs|jdk std|jdks$tdt|}t|jjddd}|t}d|i}||jkrbd|d <t |||\}}t |t r| d }||jkrt |}|dk r||d <t||_|St||_d |t|jjf}|dk r||j_|d |7}|SdS)aRequest an OAuth token to Launchpad. Also store the token in self._request_token. This method must not be called on an object with no consumer specified or if an access token has already been obtained. :param context: The context of this token, that is, its scope of validity within Launchpad. :param web_root: The URL of the website on which the token should be requested. :token_format: How the token should be presented. URI_TOKEN_FORMAT means just return the URL to the page that authorizes the token. DICT_TOKEN_FORMAT means return a dictionary describing the token and the site's authentication policy. :return: If token_format is URI_TOKEN_FORMAT, the URL for the user to authorize the `AccessToken` provided by Launchpad. If token_format is DICT_TOKEN_FORMAT, a dict of information about the new access token. NzConsumer not specified.zAccess token already obtained. PLAINTEXT&)oauth_consumer_keyoauth_signature_methodoauth_signatureRefererzapplication/jsonZAcceptr* lp.contextz%s%s?oauth_token=%sz&lp.context=%s)consumerAssertionError access_tokenrlookup_web_rootr(keyrequest_token_pageDICT_TOKEN_FORMATr'r-bytesr3jsonloadsr from_params_request_tokenr8authorize_token_pagecontext) r0rMweb_root token_formatr$r#rr%r&rrrget_request_tokens:         zCredentials.get_request_tokencCsl|jdk stdt|}t|jjd|jjd|jjd}|t}d|i}t |||\}}t ||_ dS)adExchange the previously obtained request token for an access token. This method must not be called unless get_request_token() has been called and completed successfully. The access token will be stored as self.access_token. :param web_root: The base URL of the website that granted the request token. Nz5get_request_token() doesn't seem to have been called.r9z&%s)r;r< oauth_tokenr=r>) rKrArrCr(r@rDsecretaccess_token_pager'rr8rB)r0rNr$r#rr%r&rrr'exchange_request_token_for_access_tokens   z3Credentials.exchange_request_token_for_access_token)__name__ __module__ __qualname____doc__rKZURI_TOKEN_FORMATrFZITEM_SEPARATORNEWLINEr2 classmethodr8rZSTAGING_WEB_ROOTrPrTrrrrr vs   6c@s(eZdZdZeddZeddZdS)rzAn OAuth access token.cCs&|d}|d}|d}||||S)z:Create and return a new `AccessToken` from the given dict.rQoauth_token_secretr?)r)r5r$rDrRrMrrrrJs zAccessToken.from_paramscCst|ts|d}t|dd}|d}t|dksNFcs(tt||d|_|r$t||_dSN)r^rpr_ _fallbackMemoryCredentialStore)r0rdZfallbackrarrr_jszKeyringCredentialStore.__init__cCsJdtkrddladtkrFzddlmaWntk rDtaYnXdS)aGEnsure the keyring module is imported (postponing side effects). The keyring module initializes the environment-dependent backend at import time (nasty). We want to avoid that initialization because it may do things like prompt the user to unlock their password store (e.g., KWallet). keyringrNNoKeyringError)ru)globalsrtZkeyring.errorsru ImportError RuntimeErrorrrrr_ensure_keyring_importedps  z/KeyringCredentialStore._ensure_keyring_importedc Cs||}|jt|}ztd||dWnPtk r}z2ttkr^dt |kr^|j rt|j ||nW5d}~XYnXdS)z2Store newly-authorized credentials in the keyring. launchpadlibr*$No recommended backend was availableN) ryr2 B64MARKERrrtZ set_passwordr3rurxstrrrr+)r0r7ror1rjrrrrfs" zKeyringCredentialStore.do_savec Cs|ztd|}WnTtk rl}z6ttkr@dt|kr@|jrZ|j|WYSW5d}~XYnX|dk rt|t r| d}| |j rzt |t|j d}Wntk rYdSXzt|}|WSYdSXdS)z&Retrieve credentials from the keyring.rzr{Nutf8)ryrtZ get_passwordrurxr}rrr4r-r.r/ startswithr|rr\ TypeErrorr r8)r0roZcredential_stringrjr7rrrrms<     zKeyringCredentialStore.do_load)NF) rUrVrWrXr|r_ staticmethodryrfrmrcrrrarrp`s rpcs2eZdZdZd fdd ZddZddZZS) UnencryptedFileCredentialStorezStore credentials unencrypted in a file on disk. This is a good solution for scripts that need to run without any user interaction. Ncstt||||_dSrq)r^rr_filename)r0rrdrarrr_s z'UnencryptedFileCredentialStore.__init__cCs||jdS)zSave the credentials to disk.N)Z save_to_pathrr0r7rorrrrfsz&UnencryptedFileCredentialStore.do_savecCs4tj|jr0t|jtjdks0t|jSdS)zLoad the credentials from disk.rN)rpathexistsrstatST_SIZEr Zload_from_pathrnrrrrms  z&UnencryptedFileCredentialStore.do_load)NrUrVrWrXr_rfrmrcrrrarrsrcs2eZdZdZd fdd ZddZddZZS) rszCredentialStore that stores keys only in memory. This can be used to provide a CredentialStore instance without actually saving any key to persistent storage. Ncstt||i|_dSrq)r^rsr_ _credentialsrerarrr_szMemoryCredentialStore.__init__cCs||j|<dS)z!Store the credentials in our dictN)rrrrrrfszMemoryCredentialStore.do_savecCs |j|S)z&Retrieve the credentials from our dict)rrrnrrrrmszMemoryCredentialStore.do_load)Nrrrrarrssrsc@sJeZdZdZdZdddZeddZdd Zd d Z d d Z ddZ dS)ra/The superclass of all request token authorizers. This base class does not implement request token authorization, since that varies depending on how you want the end-user to authorize a request token. You'll need to subclass this class and implement `make_end_user_authorize_token`. Z UNAUTHORIZEDNcCst||_t||_|dkr0|dkr0td|dk rP|dk rPtd||f|dkrhdg}t|}n t|}|}||_||_ |pg|_ dS)aDBase class initialization. :param service_root: The root of the Launchpad instance being used. :param application_name: The name of the application that wants to use launchpadlib. This is used in conjunction with a desktop-wide integration. If you specify this argument, your values for consumer_name and allow_access_levels are ignored. :param consumer_name: The OAuth consumer name, for an application that wants its own point of integration into Launchpad. In almost all cases, you want to specify application_name instead and do a desktop-wide integration. The exception is when you're integrating a third-party website into Launchpad. :param allow_access_levels: A list of the Launchpad access levels to present to the user. ('READ_PUBLIC' and so on.) Your value for this argument will be ignored during a desktop-wide integration. :type allow_access_levels: A list of strings. Nz:You must provide either application_name or consumer_name.zZYou must provide only one of application_name and consumer_name. (You provided %r and %r.)ZDESKTOP_INTEGRATION) rZlookup_service_root service_rootZweb_root_for_service_rootrN ValueErrorrrr@application_nameallow_access_levels)r0rr consumer_namerr@rrrr_s,   z(RequestTokenAuthorizationEngine.__init__cCs|jjd|jS)z7Return a string identifying this consumer on this host.@)r@rDrr`rrrri.sz2RequestTokenAuthorizationEngine.unique_consumer_idcCs>dt|f}d}t|jdkr2||||j7}t|j|S)zReturn the authorization URL for a request token. This is the URL the end-user must visit to authorize the token. How exactly does this happen? That depends on the subclass implementation. z%s?oauth_token=%sz&allow_permission=r)rLr\rjoinrrN)r0 request_tokenZpageZallow_permissionrrrauthorization_url3s  z1RequestTokenAuthorizationEngine.authorization_urlcCs6||}||||jdkr$dS|||j|S)adAuthorize a token and associate it with the given credentials. If the credential store runs into a problem storing the credential locally, the `credential_save_failed` callback will be invoked. The callback will not be invoked if there's a problem authorizing the credentials. :param credentials: A `Credentials` object. If the end-user authorizes these credentials, this object will have its .access_token property set. :param credential_store: A `CredentialStore` object. If the end-user authorizes the credentials, they will be persisted locally using this object. :return: If the credentials are successfully authorized, the return value is the `Credentials` object originally passed in. Otherwise the return value is None. N)rPmake_end_user_authorize_tokenrBr+ri)r0r7Zcredential_storeZrequest_token_stringrrr__call__Bs    z(RequestTokenAuthorizationEngine.__call__cCs|j|jtjd}|dS)z\Get a new request token from the server. :param return: The request token. )rNrOrQ)rPrNr rF)r0r7Zauthorization_jsonrrrrP`s z1RequestTokenAuthorizationEngine.get_request_tokencCs tdS)a5Authorize the given request token using the given credentials. Your subclass must implement this method: it has no default implementation. Because an access token may expire or be revoked in the middle of a session, this method may be called at arbitrary points in a launchpadlib session, or even multiple times during a single session (with a different request token each time). In most cases, however, this method will be called at the beginning of a launchpadlib session, or not at all. Nrk)r0r7rrrrrjsz=RequestTokenAuthorizationEngine.make_end_user_authorize_token)NNN) rUrVrWrXZUNAUTHORIZED_ACCESS_LEVELr_propertyrirrrPrrrrrrs 9  c@s@eZdZdZdZdZddZddZdd Zd d Z d d Z dS)AuthorizeRequestTokenWithURLzAuthorize using a URL. This authorizer simply shows the URL for the user to open for authorization, and waits until the server responds. zPlease open this authorization page: (%s) in your browser. Use your browser to authorize this program to access Launchpad on your behalf.z.Press Enter after authorizing in your browser.cCs t|dS)zDisplay a message. By default, prints the message to standard output. The message does not require any user interaction--it's solely informative. N)print)r0messagerrroutputsz#AuthorizeRequestTokenWithURL.outputcCs||j|dS)Notify the end-user of the URL.N)rWAITING_FOR_USER)r0rrrr!notify_end_user_authorization_urlsz>AuthorizeRequestTokenWithURL.notify_end_user_authorization_urlc Cs|z||jWn`tk rp}zB|jjdkr:t|jn&|jjdkrVtdt|t|jW5d}~XYnX|j dk S)z Check if the end-user authorizediiz#Unexpected response from Launchpad:N) rTrNrr%r"EndUserDeclinedAuthorizationr&rEndUserNoAuthorizationrB)r0r7rjrrrcheck_end_user_authorizations   z9AuthorizeRequestTokenWithURL.check_end_user_authorizationcCs"||jt||dS)"Wait for the end-user to authorizeN)rWAITING_FOR_LAUNCHPADr readliner)r0r7rrrwait_for_end_user_authorizations zs          v  K_<T