B
    ²ô`,  ã               @   s
  d Z ddlmZmZ ddlZddlZddlmZ ddlZddl	m
Z
 ddlmZmZmZ ddlmZ ydd	lmZ W n  ek
r”   dd	lmZ Y nX G d
d„ deƒZd!dd„Zdd„ Zd"dd„Zd#dd„Zd$dd„Zdd„ Zdd„ ZG dd„ deƒZG dd „ d eƒZdS )%zÿ
oauthlib.oauth2.rfc6749.tokens
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This module contains methods for adding two types of access tokens to requests.

- Bearer https://tools.ietf.org/html/rfc6750
- MAC https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
é    )Úabsolute_importÚunicode_literalsN)Ú
b2a_base64)Úcommon)Úadd_params_to_qsÚadd_params_to_uriÚunicode_typeé   )Úutils)Úurlparsec                   sr   e Zd Zd‡ fdd„	Zedd„ ƒZedd„ ƒZedd	„ ƒZed
d„ ƒZedd„ ƒZ	edd„ ƒZ
edd„ ƒZ‡  ZS )ÚOAuth2TokenNc                sr   t t| ƒ |¡ d | _d|kr:|d r:tt |d ¡ƒ| _|d k	rftt |¡ƒ| _| jd krn| j| _n| j| _d S )NÚscope)Úsuperr   Ú__init__Ú
_new_scopeÚsetr
   Zscope_to_listÚ
_old_scope)ÚselfÚparamsÚ	old_scope)Ú	__class__© úM/home/dcms/DCMS/lib/python3.7/site-packages/oauthlib/oauth2/rfc6749/tokens.pyr      s    

zOAuth2Token.__init__c             C   s   | j | jkS )N)r   r   )r   r   r   r   Úscope_changed,   s    zOAuth2Token.scope_changedc             C   s   t  | j¡S )N)r
   Úlist_to_scoper   )r   r   r   r   r   0   s    zOAuth2Token.old_scopec             C   s
   t | jƒS )N)Úlistr   )r   r   r   r   Ú
old_scopes4   s    zOAuth2Token.old_scopesc             C   s   t  | j¡S )N)r
   r   r   )r   r   r   r   r   8   s    zOAuth2Token.scopec             C   s
   t | jƒS )N)r   r   )r   r   r   r   Úscopes<   s    zOAuth2Token.scopesc             C   s   t | j| j ƒS )N)r   r   r   )r   r   r   r   Úmissing_scopes@   s    zOAuth2Token.missing_scopesc             C   s   t | j| j ƒS )N)r   r   r   )r   r   r   r   Úadditional_scopesD   s    zOAuth2Token.additional_scopes)N)Ú__name__Ú
__module__Ú__qualname__r   Úpropertyr   r   r   r   r   r   r   Ú__classcell__r   r   )r   r   r      s   r   Ú ú
hmac-sha-1c             C   s:  |  ¡ }t |¡\}}| ¡ dkr*tj}n| ¡ dkr>tj}ntdƒ‚|
dkrj|pfd t 	|	¡t
 ¡ ¡}nt
 ¡ }t
 ¡ }t|ƒ\}}}}}}|r |d | }n|}|dk	rÞ|
dkrÞ| d¡}t||ƒ ¡ ƒdd	…  d¡}nd
}g }|
dkrú| |¡ n| |¡ | |¡ | |  ¡ ¡ | |¡ | |¡ | |¡ |
dkrN| |¡ | |pZd
¡ d |¡d }t|tƒr‚| d¡}t || d¡|¡}t| ¡ ƒdd	…  d¡}g }| d|  ¡ |
dkrÚ| d| ¡ | d| ¡ |rü| d| ¡ |r| d| ¡ | d| ¡ |p&i }d |¡|d< |S )a_  Add an `MAC Access Authentication`_ signature to headers.

    Unlike OAuth 1, this HMAC signature does not require inclusion of the
    request payload/body, neither does it use a combination of client_secret
    and token_secret but rather a mac_key provided together with the access
    token.

    Currently two algorithms are supported, "hmac-sha-1" and "hmac-sha-256",
    `extension algorithms`_ are not supported.

    Example MAC Authorization header, linebreaks added for clarity

    Authorization: MAC id="h480djs93hd8",
                       nonce="1336363200:dj83hs9s",
                       mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM="

    .. _`MAC Access Authentication`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
    .. _`extension algorithms`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-7.1

    :param token:
    :param uri: Request URI.
    :param key: MAC given provided by token endpoint.
    :param http_method: HTTP Request method.
    :param nonce:
    :param headers: Request headers as a dictionary.
    :param body:
    :param ext:
    :param hash_algorithm: HMAC algorithm provided by token endpoint.
    :param issue_time: Time when the MAC credentials were issued (datetime).
    :param draft: MAC authentication specification version.
    :return: headers dictionary with the authorization field added.
    z
hmac-sha-1zhmac-sha-256zunknown hash algorithmr   z{0}:{1}ú?Nzutf-8éÿÿÿÿr%   Ú
zMAC id="%s"zts="%s"z
nonce="%s"zbodyhash="%s"zext="%s"zmac="%s"z, ÚAuthorization)Úupperr
   Zhost_from_uriÚlowerÚhashlibÚsha1Úsha256Ú
ValueErrorÚformatZgenerate_ager   Zgenerate_nonceZgenerate_timestampr   Úencoder   ÚdigestÚdecodeÚappendÚjoinÚ
isinstancer   ÚhmacÚnew)ÚtokenÚuriÚkeyZhttp_methodÚnonceÚheadersÚbodyÚextZhash_algorithmZ
issue_timeZdraftÚhostÚportÚhÚtsZschÚnetÚpathÚparÚqueryZfraÚrequest_uriZbodyhashÚbaseZbase_stringÚsignÚheaderr   r   r   Úprepare_mac_headerI   sd    (
 









rM   c             C   s   t |d| fgƒS )a  Add a `Bearer Token`_ to the request URI.
    Not recommended, use only if client can't use authorization header or body.

    http://www.example.com/path?access_token=h480djs93hd8

    .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750

    :param token:
    :param uri:
    Úaccess_token)r   )r:   r;   r   r   r   Úprepare_bearer_uri¶   s    rO   c             C   s   |pi }d|  |d< |S )zëAdd a `Bearer Token`_ to the request URI.
    Recommended method of passing bearer tokens.

    Authorization: Bearer h480djs93hd8

    .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750

    :param token:
    :param headers:
    z	Bearer %sr*   r   )r:   r>   r   r   r   Úprepare_bearer_headersÄ   s    rP   c             C   s   t |d| fgƒS )z¯Add a `Bearer Token`_ to the request body.

    access_token=h480djs93hd8

    .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750

    :param token:
    :param body:
    rN   )r   )r:   r?   r   r   r   Úprepare_bearer_bodyÔ   s    
rQ   Fc             C   s   t  ¡ S )zp
    :param request: OAuthlib request.
    :type request: oauthlib.common.Request
    :param refresh_token:
    )r   Zgenerate_token)ÚrequestÚrefresh_tokenr   r   r   Úrandom_token_generatorá   s    rT   c                s   ‡ ‡fdd„}|S )z
    :param private_pem:
    c                s   ˆ | _ t ˆ| ¡S )N)Zclaimsr   Zgenerate_signed_token)rR   )ÚkwargsÚprivate_pemr   r   Úsigned_token_generatorî   s    z6signed_token_generator.<locals>.signed_token_generatorr   )rV   rU   rW   r   )rU   rV   r   rW   ê   s    rW   c             C   sN   d}d| j krD| j  d¡ ¡ }t|ƒdkrJ|d  ¡ dkrJ|d }n| j}|S )zç
    Helper function to extract a token from the request header.

    :param request: OAuthlib request.
    :type request: oauthlib.common.Request
    :return: Return the token or None if the Authorization header is malformed.
    Nr*   é   r   Úbearerr	   )r>   ÚgetÚsplitÚlenr,   rN   )rR   r:   Zsplit_headerr   r   r   Úget_token_from_headerõ   s    

r]   c               @   s&   e Zd Zd	dd„Zdd„ Zdd„ ZdS )
Ú	TokenBaseFc             C   s   t dƒ‚d S )Nz&Subclasses must implement this method.)ÚNotImplementedError)r   rR   rS   r   r   r   Ú__call__  s    zTokenBase.__call__c             C   s   t dƒ‚dS )zb
        :param request: OAuthlib request.
        :type request: oauthlib.common.Request
        z&Subclasses must implement this method.N)r_   )r   rR   r   r   r   Úvalidate_request  s    zTokenBase.validate_requestc             C   s   t dƒ‚dS )zb
        :param request: OAuthlib request.
        :type request: oauthlib.common.Request
        z&Subclasses must implement this method.N)r_   )r   rR   r   r   r   Úestimate_type  s    zTokenBase.estimate_typeN)F)r    r!   r"   r`   ra   rb   r   r   r   r   r^   	  s   
r^   c               @   s4   e Zd ZdZddd„Zddd„Zdd	„ Zd
d„ ZdS )ÚBearerToken)Úrequest_validatorÚtoken_generatorÚrefresh_token_generatorÚ
expires_inNc             C   s*   || _ |pt| _|p| j| _|p"d| _d S )Ni  )rd   rT   re   rf   rg   )r   rd   re   rg   rf   r   r   r   r   #  s    
zBearerToken.__init__Fc             K   sª   d|krt  dt¡ t| jƒr*|  |¡}n| j}||_|  |¡|ddœ}|jdk	rbd |j¡|d< |r’|jr„| j	 
|¡s„|j|d< n|  |¡|d< | |jpži ¡ t|ƒS )	zÁ
        Create a BearerToken, by default without refresh token.

        :param request: OAuthlib request.
        :type request: oauthlib.common.Request
        :param refresh_token:
        Z
save_tokenzx`save_token` has been deprecated, it was not called internally.If you do, call `request_validator.save_token()` instead.ZBearer)rN   rg   Ú
token_typeNú r   rS   )ÚwarningsÚwarnÚDeprecationWarningÚcallablerg   re   r   r6   rS   rd   Zrotate_refresh_tokenrf   ÚupdateZextra_credentialsr   )r   rR   rS   rU   rg   r:   r   r   r   Úcreate_token,  s&    

zBearerToken.create_tokenc             C   s   t |ƒ}| j ||j|¡S )zb
        :param request: OAuthlib request.
        :type request: oauthlib.common.Request
        )r]   rd   Zvalidate_bearer_tokenr   )r   rR   r:   r   r   r   ra   V  s    zBearerToken.validate_requestc             C   s:   |j  dd¡ d¡d  ¡ dkr$dS |jdk	r2dS dS dS )	zb
        :param request: OAuthlib request.
        :type request: oauthlib.common.Request
        r*   r%   ri   r   rY   é	   Né   )r>   rZ   r[   r,   rN   )r   rR   r   r   r   rb   _  s
     
zBearerToken.estimate_type)NNNN)F)r    r!   r"   Ú	__slots__r   ro   ra   rb   r   r   r   r   rc     s    

*	rc   )NNNr%   r&   Nr   )N)r%   )F) Ú__doc__Ú
__future__r   r   r-   r8   Úbinasciir   rj   Zoauthlibr   Zoauthlib.commonr   r   r   r%   r
   r   ÚImportErrorÚurllib.parseÚdictr   rM   rO   rP   rQ   rT   rW   r]   Úobjectr^   rc   r   r   r   r   Ú<module>	   s8   .      
f


	