*dZddlmZmZddlZddlZddlmZddlZddl m Z ddl m Z m Z mZddlmZ dd lmZGd d eZ dd Zd ZddZddZddZdZdZGddeZGddeZy#e$r dd lmZYOwxYw)zoauthlib.oauth2.rfc6749.tokens ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This module contains methods for adding two types of access tokens to requests. - Bearer https://tools.ietf.org/html/rfc6750 - MAC https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 )absolute_importunicode_literalsN) b2a_base64)common)add_params_to_qsadd_params_to_uri unicode_type)utils)urlparseceZdZd fd ZedZedZedZedZedZ edZ edZ xZ S) OAuth2TokencBtt| |d|_d|vr+|dr&t t j |d|_|Bt t j ||_|j|j|_yy|j|_y)Nscope)superr__init__ _new_scopesetr scope_to_list _old_scope)selfparams old_scope __class__s 1lib/third_party/oauthlib/oauth2/rfc6749/tokens.pyrzOAuth2Token.__init__s +t%f-DO&VG_E//w@AdoE// :;do  // ! doc4|j|jk7SN)rrrs r scope_changedzOAuth2Token.scope_changed*s ??doo --rc@tj|jSr)r list_to_scoperrs rrzOAuth2Token.old_scope.   t //rc,t|jSr)listrrs r old_scopeszOAuth2Token.old_scopes2   rc@tj|jSr)r r"rrs rrzOAuth2Token.scope6r#rc,t|jSr)r%rrs rscopeszOAuth2Token.scopes:r'rcFt|j|jz Sr)r%rrrs rmissing_scopeszOAuth2Token.missing_scopes> $//1 22rcFt|j|jz Sr)r%rrrs radditional_scopeszOAuth2Token.additional_scopesBr-rr) __name__ __module__ __qualname__rpropertyr rr&rr*r,r/ __classcell__)rs@rrrs ( . . 0 0 ! ! 0 0 ! ! 3 3 3 3rrc Z|j}tj|\} } |jdk(rtj } n/|jdk(rtj } n td| dk(r<|xs7djtj| tj}n(tj}tj}t|\}}}}}}|r |dz|z}n|}|H| dk(rC|jd}t| |j!dd j#d}nd }g}| dk(r|j%|n"|j%|j%||j%|j|j%||j%| |j%| | dk(r|j%||j%|xsd d j'|d z}t)|t*r|jd}t-j.||jd| }t|j!dd j#d}g}|j%d |z| dk7r|j%d z|j%d|z|r|j%d|z|r|j%d|z|j%d|z|xsi}dj'||d<|S)agAdd an `MAC Access Authentication`_ signature to headers. Unlike OAuth 1, this HMAC signature does not require inclusion of the request payload/body, neither does it use a combination of client_secret and token_secret but rather a mac_key provided together with the access token. Currently two algorithms are supported, "hmac-sha-1" and "hmac-sha-256", `extension algorithms`_ are not supported. Example MAC Authorization header, linebreaks added for clarity Authorization: MAC id="h480djs93hd8", nonce="1336363200:dj83hs9s", mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM=" .. _`MAC Access Authentication`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 .. _`extension algorithms`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-7.1 :param token: :param uri: Request URI. :param key: MAC given provided by token endpoint. :param http_method: HTTP Request method. :param nonce: :param headers: Request headers as a dictionary. :param body: :param ext: :param hash_algorithm: HMAC algorithm provided by token endpoint. :param issue_time: Time when the MAC credentials were issued (datetime). :param draft: MAC authentication specification version. :return: headers dictionary with the authorization field added. hmac-sha-1z hmac-sha-256zunknown hash algorithmrz{0}:{1}?Nzutf-8 z MAC id="%s"zts="%s"z nonce="%s"z bodyhash="%s"zext="%s"zmac="%s"z, Authorization)upperr host_from_urilowerhashlibsha1sha256 ValueErrorformat generate_agergenerate_noncegenerate_timestampr encoderdigestdecodeappendjoin isinstancer hmacnew)tokenurikey http_methodnonceheadersbodyexthash_algorithm issue_timedrafthostporthtsschnetpathparqueryfra request_uribodyhashbase base_stringsignheaders rprepare_mac_headerrjGsZ!!#+""3'*$|+ A/A - .. aZ  AY%% :&(=(=(?AE  " " $B  ! ! #E$,SM!#sD#uc *u$KK %1* ;;w D!D'..*+CR077@HH $ aZKKKKOKK++k!"++k++d++d aZKK++ciR $$&+\" **W C #{))'2A 6$ DKKM "3B ' . .w 7$ &-- %& aZ MM)b.!-- u$%  MM/H,- MM*s"#-- T!" Mr'!YYv.'/ .rc t|d|fgS)aAdd a `Bearer Token`_ to the request URI. Not recommended, use only if client can't use authorization header or body. http://www.example.com/path?access_token=h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param uri: access_token)r)rOrPs rprepare_bearer_urirms 3>5"9 ; <5"9 ; <|_tj|Sr)claimsrgenerate_signed_token)rukwargs private_pems rsigned_token_generatorz6signed_token_generator..signed_token_generatorsGN  ' ' W ==rro)r}r|r~s`` rr~r~s > rcd}d|jvrF|jjdj}t|dk(r |ddk(r|d}|S|j}|S)z Helper function to extract a token from the request header. :param request: OAuthlib request. :type request: oauthlib.common.Request :return: Return the token or None if the Authorization header is malformed. Nr;rBearerr )rTgetsplitlenrl)rurO split_headers rget_token_from_headerrsl %'??&&7==?L <A,q/X"=1oe ,  E ,rc eZdZddZdZdZy) TokenBasectd)N&Subclasses must implement this method.NotImplementedError)rrurvs r__call__zTokenBase.__call__s F GGrctdb :param request: OAuthlib request. :type request: oauthlib.common.Request rrrrus rvalidate_requestzTokenBase.validate_request F GGrctdrrrs r estimate_typezTokenBase.estimate_typerrNF)r0r1r2rrrrorrrrsHHHrrc4eZdZdZ ddZddZdZdZy) BearerToken)request_validatortoken_generatorrefresh_token_generator expires_inNcp||_|xst|_|xs |j|_|xsd|_y)Ni)rrwrrr)rrrrrs rrzBearerToken.__init__'s< /D*D.DD74#7#7   (DDOrc d|vrtjdtt|jr|j |}n |j}||_|j ||dd}|j dj|j |d<|rK|jr+|jj|s|j|d<n|j||d<|j|jxsit|S)z Create a BearerToken, by default without refresh token. :param request: OAuthlib request. :type request: oauthlib.common.Request :param refresh_token: save_tokenzx`save_token` has been deprecated, it was not called internally.If you do, call `request_validator.save_token()` instead.r)rlr token_type rrv)warningswarnDeprecationWarningcallablerrr*rKrvrrotate_refresh_tokenrupdateextra_credentialsr)rrurvr|rrOs r create_tokenzBearerToken.create_token2svmm F   ??7+j??j#G,,W5  E~~!xx/eGn   $$99'B!(!6!6o!%!=!=g!Fo LL**0b1 u rcft|}|jj||j|S)r)rrvalidate_bearer_tokenr*)rrurOs rrzBearerToken.validate_request]s4 "' *E  ! ! 7 7w~~8? AArc|jjddjdddk(ry|jyy)rr;r9rrr )rTrrrlrs rrzBearerToken.estimate_typefsB ?B/55c:1=I     )  r)NNNNr)r0r1r2 __slots__rrrrrorrrr#s-8)"&#'+ ))VA rr)NNNr9r6Nrr)r9r) __doc__ __future__rrr?rMbinasciirroauthlibroauthlib.commonrrr r9r r ImportError urllib.parsedictrrjrmrprrrwr~robjectrrrorrrs9 MM$ *3$*3b"# &2"&od =" =!  (HH(M)M[$#$sA<< B  B