o ‘¸õaY+ã@sÜdZddlZddlZddlZddlmZddlmZddlm Z ddl m Z m Z ddl mZGd d „d eƒZ     d d d„Zdd„Zd!dd„Zd"dd„Zd#dd„Zdd„Zdd„ZGdd„dƒZGdd„deƒZdS)$zÿ oauthlib.oauth2.rfc6749.tokens ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This module contains methods for adding two types of access tokens to requests. - Bearer https://tools.ietf.org/html/rfc6750 - MAC https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 éN)Ú b2a_base64)Úurlparse)Úcommon)Úadd_params_to_qsÚadd_params_to_urié)ÚutilscsreZdZd‡fdd„ Zedd„ƒZedd„ƒZedd „ƒZed d „ƒZed d „ƒZ edd„ƒZ edd„ƒZ ‡Z S)Ú OAuth2TokenNcsttƒ |¡d|_d|vr|drtt |d¡ƒ|_|dur4tt |¡ƒ|_|jdur2|j|_dSdS|j|_dS)NÚscope)ÚsuperÚ__init__Ú _new_scopeÚsetrÚ scope_to_listÚ _old_scope)ÚselfÚparamsÚ old_scope©Ú __class__©ú@/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/tokens.pyr s   ý zOAuth2Token.__init__cCs |j|jkS©N)r r©rrrrÚ scope_changed&ó zOAuth2Token.scope_changedcCó t |j¡Sr)rÚ list_to_scoperrrrrr*rzOAuth2Token.old_scopecCó t|jƒSr)ÚlistrrrrrÚ old_scopes.ó zOAuth2Token.old_scopescCrr)rrr rrrrr 2rzOAuth2Token.scopecCrr)rr rrrrÚscopes6r!zOAuth2Token.scopescCót|j|jƒSr)rrr rrrrÚmissing_scopes:ózOAuth2Token.missing_scopescCr#r)rr rrrrrÚadditional_scopes>r%zOAuth2Token.additional_scopesr) Ú__name__Ú __module__Ú __qualname__r Úpropertyrrr r r"r$r&Ú __classcell__rrrrr s       r Úú hmac-sha-1c Cs0| ¡}t |¡\} } | ¡dkrtj} n| ¡dkrtj} ntdƒ‚| dkr5|p3d t  | ¡t   ¡¡}nt   ¡}t   ¡}t |ƒ\}}}}}}|rP|d|}n|}|duro| dkro| d¡}t| |ƒ ¡ƒdd … d¡}nd }g}| dkr}| |¡n | |¡| |¡| | ¡¡| |¡| | ¡| | ¡| dkr¦| |¡| |p«d ¡d  |¡d }t|tƒr¾| d¡}t || d¡| ¡}t| ¡ƒdd … d¡}g}| d |¡| dkré| d |¡| d|¡|rù| d|¡|r| d|¡| d|¡|pi}d |¡|d<|S)a_Add an `MAC Access Authentication`_ signature to headers. Unlike OAuth 1, this HMAC signature does not require inclusion of the request payload/body, neither does it use a combination of client_secret and token_secret but rather a mac_key provided together with the access token. Currently two algorithms are supported, "hmac-sha-1" and "hmac-sha-256", `extension algorithms`_ are not supported. Example MAC Authorization header, linebreaks added for clarity Authorization: MAC id="h480djs93hd8", nonce="1336363200:dj83hs9s", mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM=" .. _`MAC Access Authentication`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 .. _`extension algorithms`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-7.1 :param token: :param uri: Request URI. :param key: MAC given provided by token endpoint. :param http_method: HTTP Request method. :param nonce: :param headers: Request headers as a dictionary. :param body: :param ext: :param hash_algorithm: HMAC algorithm provided by token endpoint. :param issue_time: Time when the MAC credentials were issued (datetime). :param draft: MAC authentication specification version. :return: headers dictionary with the authorization field added. r-z hmac-sha-256zunknown hash algorithmrz{}:{}ú?Nzutf-8éÿÿÿÿr,Ú z MAC id="%s"zts="%s"z nonce="%s"z bodyhash="%s"zext="%s"zmac="%s"z, Ú Authorization)ÚupperrÚ host_from_uriÚlowerÚhashlibÚsha1Úsha256Ú ValueErrorÚformatÚ generate_agerÚgenerate_nonceÚgenerate_timestamprÚencoderÚdigestÚdecodeÚappendÚjoinÚ isinstanceÚstrÚhmacÚnew)ÚtokenÚuriÚkeyÚ http_methodÚnonceÚheadersÚbodyÚextÚhash_algorithmÚ issue_timeÚdraftÚhostÚportÚhÚtsÚschÚnetÚpathÚparÚqueryÚfraÚ request_uriÚbodyhashÚbaseÚ base_stringÚsignÚheaderrrrÚprepare_mac_headerCsf(  ÿ            racCót|d|fgƒS)aAdd a `Bearer Token`_ to the request URI. Not recommended, use only if client can't use authorization header or body. http://www.example.com/path?access_token=h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param uri: Ú access_token)r)rFrGrrrÚprepare_bearer_uri°s rdcCs|pi}d||d<|S)zëAdd a `Bearer Token`_ to the request URI. Recommended method of passing bearer tokens. Authorization: Bearer h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param headers: z Bearer %sr1r)rFrKrrrÚprepare_bearer_headers¾s recCrb)z¯Add a `Bearer Token`_ to the request body. access_token=h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param body: rc)r)rFrLrrrÚprepare_bearer_bodyÎs rfFcCst ¡S)zp :param request: OAuthlib request. :type request: oauthlib.common.Request :param refresh_token: )rÚgenerate_token)ÚrequestÚ refresh_tokenrrrÚrandom_token_generatorÛsrjc s‡‡fdd„}|S)z :param private_pem: csˆ|_t ˆ|¡Sr)ÚclaimsrÚgenerate_signed_token)rh©ÚkwargsÚ private_pemrrÚsigned_token_generatorès z6signed_token_generator..signed_token_generatorr)rornrprrmrrpäsrpcCsPd}d|jvr#|j d¡ ¡}t|ƒdkr!|d ¡dkr!|d}|S|j}|S)zç Helper function to extract a token from the request header. :param request: OAuthlib request. :type request: oauthlib.common.Request :return: Return the token or None if the Authorization header is malformed. Nr1érÚbearerr)rKÚgetÚsplitÚlenr4rc)rhrFÚ split_headerrrrÚget_token_from_headerïs þrwc@s&eZdZd dd„Zdd„Zdd„ZdS) Ú TokenBaseFcCótdƒ‚)Nú&Subclasses must implement this method.©ÚNotImplementedError)rrhrirrrÚ__call__szTokenBase.__call__cCry©úb :param request: OAuthlib request. :type request: oauthlib.common.Request rzr{©rrhrrrÚvalidate_requestózTokenBase.validate_requestcCryr~r{r€rrrÚ estimate_typer‚zTokenBase.estimate_typeN©F)r'r(r)r}rrƒrrrrrxs  rxc@s8eZdZdZ  d dd„Zd dd„Zdd „Zd d „ZdS)Ú BearerToken)Úrequest_validatorÚtoken_generatorÚrefresh_token_generatorÚ expires_inNcCs*||_|pt|_|p |j|_|pd|_dS)Ni)r†rjr‡rˆr‰)rr†r‡r‰rˆrrrr s  ÿzBearerToken.__init__FcKsªd|vr t dt¡t|jƒr| |¡}n|j}||_| |¡|ddœ}|jdur1d |j¡|d<|rI|jrB|j   |¡sB|j|d<n|  |¡|d<|  |j pOi¡t|ƒS) zÁ Create a BearerToken, by default without refresh token. :param request: OAuthlib request. :type request: oauthlib.common.Request :param refresh_token: Ú save_tokenzx`save_token` has been deprecated, it was not called internally.If you do, call `request_validator.save_token()` instead.ÚBearer)rcr‰Ú token_typeNú r ri)ÚwarningsÚwarnÚDeprecationWarningÚcallabler‰r‡r"rArir†Úrotate_refresh_tokenrˆÚupdateÚextra_credentialsr )rrhrirnr‰rFrrrÚ create_token&s,þ  ý  ÿ zBearerToken.create_tokencCst|ƒ}|j ||j|¡S)r)rwr†Úvalidate_bearer_tokenr")rrhrFrrrrPsÿzBearerToken.validate_requestcCs6|j dd¡ d¡d ¡dkrdS|jdurdSdS) rr1r,rrrré Né)rKrsrtr4rcr€rrrrƒYs  zBearerToken.estimate_type)NNNNr„)r'r(r)Ú __slots__r r•rrƒrrrrr…s ÿ * r…)NNNr,r-Nrr)r,r„)Ú__doc__r5rDrŽÚbinasciirÚ urllib.parserÚoauthlibrÚoauthlib.commonrrr,rÚdictr rardrerfrjrprwrxr…rrrrÚs4     . ùm