B ²ô`,ã@s dZddlmZmZddlZddlZddlmZddlZddl m Z ddl m Z m Z mZddlmZydd lmZWn ek r”dd lmZYnXGd d „d eƒZd!dd„Zdd„Zd"dd„Zd#dd„Zd$dd„Zdd„Zdd„ZGdd„deƒZGdd „d eƒZdS)%zÿ oauthlib.oauth2.rfc6749.tokens ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This module contains methods for adding two types of access tokens to requests. - Bearer https://tools.ietf.org/html/rfc6750 - MAC https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 é)Úabsolute_importÚunicode_literalsN)Ú b2a_base64)Úcommon)Úadd_params_to_qsÚadd_params_to_uriÚ unicode_typeé)Úutils)ÚurlparsecsreZdZd‡fdd„ Zedd„ƒZedd„ƒZedd „ƒZed d „ƒZed d „ƒZ edd„ƒZ edd„ƒZ ‡Z S)Ú OAuth2TokenNcsrtt|ƒ |¡d|_d|kr:|dr:tt |d¡ƒ|_|dk rftt |¡ƒ|_|jdkrn|j|_n|j|_dS)NÚscope)Úsuperr Ú__init__Ú _new_scopeÚsetr Z scope_to_listÚ _old_scope)ÚselfÚparamsÚ old_scope)Ú __class__©úM/home/dcms/DCMS/lib/python3.7/site-packages/oauthlib/oauth2/rfc6749/tokens.pyrs  zOAuth2Token.__init__cCs |j|jkS)N)rr)rrrrÚ scope_changed,szOAuth2Token.scope_changedcCs t |j¡S)N)r Ú list_to_scoper)rrrrr0szOAuth2Token.old_scopecCs t|jƒS)N)Úlistr)rrrrÚ old_scopes4szOAuth2Token.old_scopescCs t |j¡S)N)r rr)rrrrr 8szOAuth2Token.scopecCs t|jƒS)N)rr)rrrrÚscopes<szOAuth2Token.scopescCst|j|jƒS)N)rrr)rrrrÚmissing_scopes@szOAuth2Token.missing_scopescCst|j|jƒS)N)rrr)rrrrÚadditional_scopesDszOAuth2Token.additional_scopes)N) Ú__name__Ú __module__Ú __qualname__rÚpropertyrrrr rrrÚ __classcell__rr)rrr s      r Úú hmac-sha-1c Cs:| ¡}t |¡\} } | ¡dkr*tj} n| ¡dkr>tj} ntdƒ‚| dkrj|pfd t  | ¡t   ¡¡}nt   ¡}t   ¡}t |ƒ\}}}}}}|r |d|}n|}|dk rÞ| dkrÞ| d¡}t| |ƒ ¡ƒdd … d¡}nd }g}| dkrú| |¡n| |¡| |¡| | ¡¡| |¡| | ¡| | ¡| dkrN| |¡| |pZd ¡d  |¡d }t|tƒr‚| d¡}t || d¡| ¡}t| ¡ƒdd … d¡}g}| d |¡| dkrÚ| d |¡| d|¡|rü| d|¡|r| d|¡| d|¡|p&i}d |¡|d<|S)a_Add an `MAC Access Authentication`_ signature to headers. Unlike OAuth 1, this HMAC signature does not require inclusion of the request payload/body, neither does it use a combination of client_secret and token_secret but rather a mac_key provided together with the access token. Currently two algorithms are supported, "hmac-sha-1" and "hmac-sha-256", `extension algorithms`_ are not supported. Example MAC Authorization header, linebreaks added for clarity Authorization: MAC id="h480djs93hd8", nonce="1336363200:dj83hs9s", mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM=" .. _`MAC Access Authentication`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 .. _`extension algorithms`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-7.1 :param token: :param uri: Request URI. :param key: MAC given provided by token endpoint. :param http_method: HTTP Request method. :param nonce: :param headers: Request headers as a dictionary. :param body: :param ext: :param hash_algorithm: HMAC algorithm provided by token endpoint. :param issue_time: Time when the MAC credentials were issued (datetime). :param draft: MAC authentication specification version. :return: headers dictionary with the authorization field added. z hmac-sha-1z hmac-sha-256zunknown hash algorithmrz{0}:{1}ú?Nzutf-8éÿÿÿÿr%Ú z MAC id="%s"zts="%s"z nonce="%s"z bodyhash="%s"zext="%s"zmac="%s"z, Ú Authorization)Úupperr Z host_from_uriÚlowerÚhashlibÚsha1Úsha256Ú ValueErrorÚformatZ generate_agerZgenerate_nonceZgenerate_timestampr ÚencoderÚdigestÚdecodeÚappendÚjoinÚ isinstancerÚhmacÚnew)ÚtokenÚuriÚkeyZ http_methodÚnonceÚheadersÚbodyÚextZhash_algorithmZ issue_timeZdraftÚhostÚportÚhÚtsZschÚnetÚpathÚparÚqueryZfraÚ request_uriZbodyhashÚbaseZ base_stringÚsignÚheaderrrrÚprepare_mac_headerIsd(                 rMcCst|d|fgƒS)aAdd a `Bearer Token`_ to the request URI. Not recommended, use only if client can't use authorization header or body. http://www.example.com/path?access_token=h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param uri: Ú access_token)r)r:r;rrrÚprepare_bearer_uri¶s rOcCs|pi}d||d<|S)zëAdd a `Bearer Token`_ to the request URI. Recommended method of passing bearer tokens. Authorization: Bearer h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param headers: z Bearer %sr*r)r:r>rrrÚprepare_bearer_headersÄs  rPcCst|d|fgƒS)z¯Add a `Bearer Token`_ to the request body. access_token=h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param body: rN)r)r:r?rrrÚprepare_bearer_bodyÔs rQFcCst ¡S)zp :param request: OAuthlib request. :type request: oauthlib.common.Request :param refresh_token: )rZgenerate_token)ÚrequestÚ refresh_tokenrrrÚrandom_token_generatorásrTc s‡‡fdd„}|S)z :param private_pem: csˆ|_t ˆ|¡S)N)ZclaimsrZgenerate_signed_token)rR)ÚkwargsÚ private_pemrrÚsigned_token_generatorîsz6signed_token_generator..signed_token_generatorr)rVrUrWr)rUrVrrWêsrWcCsNd}d|jkrD|j d¡ ¡}t|ƒdkrJ|d ¡dkrJ|d}n|j}|S)zç Helper function to extract a token from the request header. :param request: OAuthlib request. :type request: oauthlib.common.Request :return: Return the token or None if the Authorization header is malformed. Nr*érÚbearerr )r>ÚgetÚsplitÚlenr,rN)rRr:Z split_headerrrrÚget_token_from_headerõs  r]c@s&eZdZd dd„Zdd„Zdd„ZdS) Ú TokenBaseFcCs tdƒ‚dS)Nz&Subclasses must implement this method.)ÚNotImplementedError)rrRrSrrrÚ__call__ szTokenBase.__call__cCs tdƒ‚dS)zb :param request: OAuthlib request. :type request: oauthlib.common.Request z&Subclasses must implement this method.N)r_)rrRrrrÚvalidate_requestszTokenBase.validate_requestcCs tdƒ‚dS)zb :param request: OAuthlib request. :type request: oauthlib.common.Request z&Subclasses must implement this method.N)r_)rrRrrrÚ estimate_typeszTokenBase.estimate_typeN)F)r r!r"r`rarbrrrrr^ s r^c@s4eZdZdZd dd„Zd dd„Zdd „Zd d „ZdS)Ú BearerToken)Úrequest_validatorÚtoken_generatorÚrefresh_token_generatorÚ expires_inNcCs*||_|p t|_|p|j|_|p"d|_dS)Ni)rdrTrerfrg)rrdrergrfrrrr#s  zBearerToken.__init__FcKsªd|krt dt¡t|jƒr*| |¡}n|j}||_| |¡|ddœ}|jdk rbd |j¡|d<|r’|jr„|j   |¡s„|j|d<n|  |¡|d<|  |j pži¡t|ƒS) zÁ Create a BearerToken, by default without refresh token. :param request: OAuthlib request. :type request: oauthlib.common.Request :param refresh_token: Z save_tokenzx`save_token` has been deprecated, it was not called internally.If you do, call `request_validator.save_token()` instead.ZBearer)rNrgÚ token_typeNú r rS)ÚwarningsÚwarnÚDeprecationWarningÚcallablergrerr6rSrdZrotate_refresh_tokenrfÚupdateZextra_credentialsr )rrRrSrUrgr:rrrÚ create_token,s&     zBearerToken.create_tokencCst|ƒ}|j ||j|¡S)zb :param request: OAuthlib request. :type request: oauthlib.common.Request )r]rdZvalidate_bearer_tokenr)rrRr:rrrraVszBearerToken.validate_requestcCs:|j dd¡ d¡d ¡dkr$dS|jdk r2dSdSdS) zb :param request: OAuthlib request. :type request: oauthlib.common.Request r*r%rirrYé Né)r>rZr[r,rN)rrRrrrrb_s   zBearerToken.estimate_type)NNNN)F)r r!r"Ú __slots__rrorarbrrrrrcs   * rc)NNNr%r&Nr)N)r%)F) Ú__doc__Ú __future__rrr-r8ÚbinasciirrjZoauthlibrZoauthlib.commonrrrr%r r Ú ImportErrorÚ urllib.parseÚdictr rMrOrPrQrTrWr]Úobjectr^rcrrrrÚ s8   . f