bl+dZddlZddlZddlZddlmZddlmZddlm Z ddl m Z m Z ddl mZGd d eZ dd Zd Zdd ZddZddZdZdZGddZGddeZy)z oauthlib.oauth2.rfc6749.tokens ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This module contains methods for adding two types of access tokens to requests. - Bearer https://tools.ietf.org/html/rfc6750 - MAC https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 N) b2a_base64)urlparse)common)add_params_to_qsadd_params_to_uri)utilsceZdZd fd ZedZedZedZedZedZ edZ edZ xZ S) OAuth2Tokenc:t||d|_d|vr+|dr&tt j |d|_|Btt j ||_|j|j |_yy|j|_y)Nscope)super__init__ _new_scopesetr scope_to_list _old_scope)selfparams old_scope __class__s @/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/tokens.pyrzOAuth2Token.__init__s   f !%"5"5fWo"FGDO  !%"5"5i"@ADO&#'//' #ooDOc4|j|jk7SN)rrrs r scope_changedzOAuth2Token.scope_changed&s$//11rc@tj|jSr)r list_to_scoperrs rrzOAuth2Token.old_scope*""4??33rc,t|jSr)listrrs r old_scopeszOAuth2Token.old_scopes.DOO$$rc@tj|jSr)r rrrs rr zOAuth2Token.scope2r rc,t|jSr)r"rrs rscopeszOAuth2Token.scopes6r$rcFt|j|jz Sr)r"rrrs rmissing_scopeszOAuth2Token.missing_scopes:DOOdoo566rcFt|j|jz Sr)r"rrrs radditional_scopeszOAuth2Token.additional_scopes>r*rr) __name__ __module__ __qualname__rpropertyrrr#r r'r)r, __classcell__)rs@rr r s .2244%%44%%7777rr c Z|j}tj|\} } |jdk(rtj } n/|jdk(rtj } n td| dk(r<|xs7djtj| tj}n(tj}tj}t|\}}}}}}|r |dz|z}n|}|H| dk(rC|jd}t| |j!dd j#d}nd }g}| dk(r|j%|n"|j%|j%||j%|j|j%||j%| |j%| | dk(r|j%||j%|xsd d j'|d z}t)|t*r|jd}t-j.||jd| }t|j!dd j#d}g}|j%d |z| dk7r|j%d z|j%d|z|r|j%d|z|r|j%d|z|j%d|z|xsi}dj'||d<|S)a_Add an `MAC Access Authentication`_ signature to headers. Unlike OAuth 1, this HMAC signature does not require inclusion of the request payload/body, neither does it use a combination of client_secret and token_secret but rather a mac_key provided together with the access token. Currently two algorithms are supported, "hmac-sha-1" and "hmac-sha-256", `extension algorithms`_ are not supported. Example MAC Authorization header, linebreaks added for clarity Authorization: MAC id="h480djs93hd8", nonce="1336363200:dj83hs9s", mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM=" .. _`MAC Access Authentication`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 .. _`extension algorithms`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-7.1 :param token: :param uri: Request URI. :param key: MAC given provided by token endpoint. :param http_method: HTTP Request method. :param nonce: :param headers: Request headers as a dictionary. :param body: :param ext: :param hash_algorithm: HMAC algorithm provided by token endpoint. :param issue_time: Time when the MAC credentials were issued (datetime). :param draft: MAC authentication specification version. :return: headers dictionary with the authorization field added. hmac-sha-1z hmac-sha-256zunknown hash algorithmrz{}:{}?Nzutf-8 z MAC id="%s"zts="%s"z nonce="%s"z bodyhash="%s"zext="%s"zmac="%s"z, Authorization)upperr host_from_urilowerhashlibsha1sha256 ValueErrorformat generate_agergenerate_noncegenerate_timestamprencoderdigestdecodeappendjoin isinstancestrhmacnew)tokenurikey http_methodnonceheadersbodyexthash_algorithm issue_timedrafthostporthtsschnetpathparqueryfra request_uribodyhashbase base_stringsignheaders rprepare_mac_headerrhCsP##%K$$S)JD$- LL    > 1 NN122 zC(:(::(F*0*?*?*AC & & (%%'&.sm#CdC Sj5(   EQJ{{7#agnn./4;;GD D z E B EKK !!#$KK KKKK z HKK r))D/D(K#sjj! 88C++G4a 8D dkkm $Sb ) 0 0 9D F MM-%'( z i"n% MM,&' o01  j3&' MM*t#$mG#yy0GO Nrc t|d|fgS)aAdd a `Bearer Token`_ to the request URI. Not recommended, use only if client can't use authorization header or body. http://www.example.com/path?access_token=h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param uri: access_token)r)rMrNs rprepare_bearer_urirks S^U$;"= >>rc"|xsi}d|z|d<|S)zAdd a `Bearer Token`_ to the request URI. Recommended method of passing bearer tokens. Authorization: Bearer h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param headers: z Bearer %sr8)rMrRs rprepare_bearer_headersrns!mG*U2GO Nrc t|d|fgS)zAdd a `Bearer Token`_ to the request body. access_token=h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param body: rj)r)rMrSs rprepare_bearer_bodyrps D^U$;"= >>rc*tjS)zp :param request: OAuthlib request. :type request: oauthlib.common.Request :param refresh_token: )rgenerate_token)request refresh_tokens rrandom_token_generatorrus  ""rc fd}|S)z :param private_pem: c>|_tj|Sr)claimsrgenerate_signed_token)rskwargs private_pems rsigned_token_generatorz6signed_token_generator..signed_token_generators++KAArrm)r{rzr|s`` rr|r|sB "!rcd}d|jvrT|jjdj}t|dk(r|dj dk(r|d}|S|j }|S)z Helper function to extract a token from the request header. :param request: OAuthlib request. :type request: oauthlib.common.Request :return: Return the token or None if the Authorization header is malformed. Nr8rbearerr)rRgetsplitlenr;rj)rsrM split_headers rget_token_from_headerrsu E'//)**?;AAC |  !l1o&;&;&=&I OE L$$ Lrc$eZdZdZddZdZdZy) TokenBasermctd)N&Subclasses must implement this method.NotImplementedError)rrsrts r__call__zTokenBase.__call__s!"JKKrctdb :param request: OAuthlib request. :type request: oauthlib.common.Request rrrrss rvalidate_requestzTokenBase.validate_request  ""JKKrctdrrrs r estimate_typezTokenBase.estimate_typerrNF)r-r.r/ __slots__rrrrmrrrrsILLLrrc0eZdZdZ ddZddZdZdZy) BearerToken)request_validatortoken_generatorrefresh_token_generator expires_inNcp||_|xst|_|xs |j|_|xsd|_y)Ni)rrurrr)rrrrrs rrzBearerToken.__init__s<!2.H2H # ;t';'; $%,rc d|vrtjdtt|jr|j |}n |j}||_|j ||dd}|j dj|j |d<|rK|jr+|jj|s|j|d<n|j||d<|j|jxsit|S)z Create a BearerToken, by default without refresh token. :param request: OAuthlib request. :type request: oauthlib.common.Request :param refresh_token: save_tokenzx`save_token` has been deprecated, it was not called internally.If you do, call `request_validator.save_token()` instead.Bearer)rjr token_type r rt)warningswarnDeprecationWarningcallablerrr'rHrtrrotate_refresh_tokenrupdateextra_credentialsr )rrsrtrzrrMs r create_tokenzBearerToken.create_token's 6 ! MMV, . DOO $1JJ'!009$"  >> % XXgnn5E'N %%..CCGL)0)>)>o&)-)E)Eg)No& W..4"55!!rcft|}|jj||j|S)r)rrvalidate_bearer_tokenr')rrsrMs rrzBearerToken.validate_requestQs2 &g.%%;; 7>>7, ,rc|jjddjddjdk(ry|jyy)rr8r6rrr )rRrrr;rjrs rrzBearerToken.estimate_typeZsK ??   3 9 9# >q A G G IX U  ! ! -r)NNNNr)r-r.r/rrrrrrmrrrrs(I @D:>-("T, rr)NNNr6r3Nrr)r6r)__doc__r<rKrbinasciir urllib.parseroauthlibroauthlib.commonrrr6r dictr rhrkrnrprur|rrrrmrrrs !?*7$*7\"# &2"&jZ ?  ?#"(LL*L)Lr