U Ž“I],ã@s dZddlmZmZddlZddlZddlmZddlZddl m Z ddl m Z m Z mZddlmZzdd lmZWn ek r”dd lmZYnXGd d „d eƒZd!dd„Zdd„Zd"dd„Zd#dd„Zd$dd„Zdd„Zdd„ZGdd„deƒZGdd „d eƒZdS)%zÿ oauthlib.oauth2.rfc6749.tokens ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This module contains methods for adding two types of access tokens to requests. - Bearer https://tools.ietf.org/html/rfc6750 - MAC https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 é)Úabsolute_importÚunicode_literalsN)Ú b2a_base64)Úcommon)Úadd_params_to_qsÚadd_params_to_uriÚ unicode_typeé)Úutils)ÚurlparsecsreZdZd‡fdd„ Zedd„ƒZedd„ƒZedd „ƒZed d „ƒZed d „ƒZ edd„ƒZ edd„ƒZ ‡Z S)Ú OAuth2TokenNcsrtt|ƒ |¡d|_d|kr:|dr:tt |d¡ƒ|_|dk rftt |¡ƒ|_|jdkrn|j|_n|j|_dS)NÚscope)Úsuperr Ú__init__Ú _new_scopeÚsetr Z scope_to_listÚ _old_scope)ÚselfZparamsÚ old_scope©Ú __class__©ú@/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/tokens.pyrs  zOAuth2Token.__init__cCs |j|jkS©N)rr©rrrrÚ scope_changed,szOAuth2Token.scope_changedcCs t |j¡Sr)r Ú list_to_scoperrrrrr0szOAuth2Token.old_scopecCs t|jƒSr)ÚlistrrrrrÚ old_scopes4szOAuth2Token.old_scopescCs t |j¡Sr)r rrrrrrr 8szOAuth2Token.scopecCs t|jƒSr)rrrrrrÚscopes<szOAuth2Token.scopescCst|j|jƒSr)rrrrrrrÚmissing_scopes@szOAuth2Token.missing_scopescCst|j|jƒSr)rrrrrrrÚadditional_scopesDszOAuth2Token.additional_scopes)N) Ú__name__Ú __module__Ú __qualname__rÚpropertyrrrr rr r!Ú __classcell__rrrrr s      r Úú hmac-sha-1c Cs:| ¡}t |¡\} } | ¡dkr*tj} n| ¡dkr>tj} ntdƒ‚| dkrj|pfd t  | ¡t   ¡¡}nt   ¡}t   ¡}t |ƒ\}}}}}}|r |d|}n|}|dk rÞ| dkrÞ| d¡}t| |ƒ ¡ƒdd … d¡}nd }g}| dkrú| |¡n| |¡| |¡| | ¡¡| |¡| | ¡| | ¡| dkrN| |¡| |pZd ¡d  |¡d }t|tƒr‚| d¡}t || d¡| ¡}t| ¡ƒdd … d¡}g}| d |¡| dkrÚ| d |¡| d|¡|rü| d|¡|r| d|¡| d|¡|p&i}d |¡|d<|S)a_Add an `MAC Access Authentication`_ signature to headers. Unlike OAuth 1, this HMAC signature does not require inclusion of the request payload/body, neither does it use a combination of client_secret and token_secret but rather a mac_key provided together with the access token. Currently two algorithms are supported, "hmac-sha-1" and "hmac-sha-256", `extension algorithms`_ are not supported. Example MAC Authorization header, linebreaks added for clarity Authorization: MAC id="h480djs93hd8", nonce="1336363200:dj83hs9s", mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM=" .. _`MAC Access Authentication`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 .. _`extension algorithms`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-7.1 :param token: :param uri: Request URI. :param key: MAC given provided by token endpoint. :param http_method: HTTP Request method. :param nonce: :param headers: Request headers as a dictionary. :param body: :param ext: :param hash_algorithm: HMAC algorithm provided by token endpoint. :param issue_time: Time when the MAC credentials were issued (datetime). :param draft: MAC authentication specification version. :return: headers dictionary with the authorization field added. r(z hmac-sha-256zunknown hash algorithmrz{0}:{1}ú?Nzutf-8éÿÿÿÿr'Ú z MAC id="%s"zts="%s"z nonce="%s"z bodyhash="%s"zext="%s"zmac="%s"z, Ú Authorization)Úupperr Z host_from_uriÚlowerÚhashlibZsha1Zsha256Ú ValueErrorÚformatZ generate_agerZgenerate_nonceZgenerate_timestampr ÚencoderZdigestÚdecodeÚappendÚjoinÚ isinstancerÚhmacÚnew)ÚtokenÚuriÚkeyZ http_methodZnonceÚheadersÚbodyZextZhash_algorithmZ issue_timeZdraftZhostZportÚhZtsZschZnetÚpathZparZqueryZfraZ request_uriZbodyhashÚbaseZ base_stringZsignÚheaderrrrÚprepare_mac_headerIsf(  ÿ              rBcCst|d|fgƒS)aAdd a `Bearer Token`_ to the request URI. Not recommended, use only if client can't use authorization header or body. http://www.example.com/path?access_token=h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param uri: Ú access_token)r)r9r:rrrÚprepare_bearer_uri¶s rDcCs|pi}d||d<|S)zëAdd a `Bearer Token`_ to the request URI. Recommended method of passing bearer tokens. Authorization: Bearer h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param headers: z Bearer %sr,r)r9r<rrrÚprepare_bearer_headersÄs  rEcCst|d|fgƒS)z¯Add a `Bearer Token`_ to the request body. access_token=h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param body: rC)r)r9r=rrrÚprepare_bearer_bodyÔs rFFcCst ¡S)zp :param request: OAuthlib request. :type request: oauthlib.common.Request :param refresh_token: )rZgenerate_token)ÚrequestÚ refresh_tokenrrrÚrandom_token_generatorásrIc s‡‡fdd„}|S)z :param private_pem: csˆ|_t ˆ|¡Sr)ZclaimsrZgenerate_signed_token)rG©ÚkwargsÚ private_pemrrÚsigned_token_generatorîsz6signed_token_generator..signed_token_generatorr)rLrKrMrrJrrMêsrMcCsNd}d|jkrD|j d¡ ¡}t|ƒdkrJ|d ¡dkrJ|d}n|j}|S)zç Helper function to extract a token from the request header. :param request: OAuthlib request. :type request: oauthlib.common.Request :return: Return the token or None if the Authorization header is malformed. Nr,érÚbearerr )r<ÚgetÚsplitÚlenr.rC)rGr9Z split_headerrrrÚget_token_from_headerõs  rSc@s&eZdZd dd„Zdd„Zdd„ZdS) Ú TokenBaseFcCs tdƒ‚dS)Nú&Subclasses must implement this method.©ÚNotImplementedError)rrGrHrrrÚ__call__ szTokenBase.__call__cCs tdƒ‚dS©úb :param request: OAuthlib request. :type request: oauthlib.common.Request rUNrV©rrGrrrÚvalidate_requestszTokenBase.validate_requestcCs tdƒ‚dSrYrVr[rrrÚ estimate_typeszTokenBase.estimate_typeN)F)r"r#r$rXr\r]rrrrrT s rTc@s4eZdZdZd dd„Zd dd„Zdd „Zd d „ZdS)Ú BearerToken)Úrequest_validatorÚtoken_generatorÚrefresh_token_generatorÚ expires_inNcCs*||_|p t|_|p|j|_|p"d|_dS)Ni)r_rIr`rarb)rr_r`rbrarrrr#s  ÿzBearerToken.__init__FcKsªd|krt dt¡t|jƒr*| |¡}n|j}||_| |¡|ddœ}|jdk rbd |j¡|d<|r’|jr„|j   |¡s„|j|d<n|  |¡|d<|  |j pži¡t|ƒS) zÁ Create a BearerToken, by default without refresh token. :param request: OAuthlib request. :type request: oauthlib.common.Request :param refresh_token: Z save_tokenzx`save_token` has been deprecated, it was not called internally.If you do, call `request_validator.save_token()` instead.ZBearer)rCrbÚ token_typeNú r rH)ÚwarningsÚwarnÚDeprecationWarningÚcallablerbr`rr5rHr_Zrotate_refresh_tokenraÚupdateZextra_credentialsr )rrGrHrKrbr9rrrÚ create_token,s,þ  ý  ÿ zBearerToken.create_tokencCst|ƒ}|j ||j|¡S)rZ)rSr_Zvalidate_bearer_tokenr)rrGr9rrrr\Vs ÿzBearerToken.validate_requestcCs:|j dd¡ d¡d ¡dkr$dS|jdk r2dSdSdS) rZr,r'rdrrOé Né)r<rPrQr.rCr[rrrr]_s   zBearerToken.estimate_type)NNNN)F)r"r#r$Ú __slots__rrjr\r]rrrrr^sÿ * r^)NNNr'r(Nr)N)r')F) Ú__doc__Z __future__rrr/r7ZbinasciirreZoauthlibrZoauthlib.commonrrrr'r r Ú ImportErrorZ urllib.parseÚdictr rBrDrErFrIrMrSÚobjectrTr^rrrrÚs:    .ù m