o
    aY+                     @   s   d Z ddlZddlZddlZddlmZ ddlmZ ddlm	Z	 ddl
mZmZ ddlmZ G d	d
 d
eZ							d ddZdd Zd!ddZd"ddZd#ddZdd Zdd ZG dd dZG dd deZdS )$z
oauthlib.oauth2.rfc6749.tokens
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This module contains methods for adding two types of access tokens to requests.

- Bearer https://tools.ietf.org/html/rfc6750
- MAC https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
    N)
b2a_base64)urlparse)common)add_params_to_qsadd_params_to_uri   )utilsc                       sr   e Zd Zd fdd	Zedd Zedd Zedd	 Zed
d Zedd Z	edd Z
edd Z  ZS )OAuth2TokenNc                    st   t  | d | _d|v r|d rtt|d | _|d ur4tt|| _| jd u r2| j| _d S d S | j| _d S )Nscope)super__init__
_new_scopesetr   Zscope_to_list
_old_scope)selfparams	old_scope	__class__ @/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/tokens.pyr      s   
zOAuth2Token.__init__c                 C   s   | j | jkS N)r   r   r   r   r   r   scope_changed&      zOAuth2Token.scope_changedc                 C      t | jS r   )r   list_to_scoper   r   r   r   r   r   *   r   zOAuth2Token.old_scopec                 C   
   t | jS r   )listr   r   r   r   r   
old_scopes.      
zOAuth2Token.old_scopesc                 C   r   r   )r   r   r   r   r   r   r   r
   2   r   zOAuth2Token.scopec                 C   r   r   )r   r   r   r   r   r   scopes6   r    zOAuth2Token.scopesc                 C      t | j| j S r   )r   r   r   r   r   r   r   missing_scopes:      zOAuth2Token.missing_scopesc                 C   r"   r   )r   r   r   r   r   r   r   additional_scopes>   r$   zOAuth2Token.additional_scopesr   )__name__
__module____qualname__r   propertyr   r   r   r
   r!   r#   r%   __classcell__r   r   r   r   r	      s     





r	    
hmac-sha-1c                 C   s0  |  }t|\}}| dkrtj}n| dkrtj}ntd|
dkr5|p3dt	|	t
 }nt
 }t
 }t|\}}}}}}|rP|d | }n|}|duro|
dkro|d}t|| dd	 d}nd
}g }|
dkr}|| n
|| || ||   || || || |
dkr|| ||pd
 d|d }t|tr|d}t||d|}t| dd	 d}g }|d|   |
dkr|d|  |d|  |r|d|  |r|d|  |d|  |pi }d||d< |S )a_  Add an `MAC Access Authentication`_ signature to headers.

    Unlike OAuth 1, this HMAC signature does not require inclusion of the
    request payload/body, neither does it use a combination of client_secret
    and token_secret but rather a mac_key provided together with the access
    token.

    Currently two algorithms are supported, "hmac-sha-1" and "hmac-sha-256",
    `extension algorithms`_ are not supported.

    Example MAC Authorization header, linebreaks added for clarity

    Authorization: MAC id="h480djs93hd8",
                       nonce="1336363200:dj83hs9s",
                       mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM="

    .. _`MAC Access Authentication`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
    .. _`extension algorithms`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-7.1

    :param token:
    :param uri: Request URI.
    :param key: MAC given provided by token endpoint.
    :param http_method: HTTP Request method.
    :param nonce:
    :param headers: Request headers as a dictionary.
    :param body:
    :param ext:
    :param hash_algorithm: HMAC algorithm provided by token endpoint.
    :param issue_time: Time when the MAC credentials were issued (datetime).
    :param draft: MAC authentication specification version.
    :return: headers dictionary with the authorization field added.
    r,   zhmac-sha-256zunknown hash algorithmr   z{}:{}?Nzutf-8r+   
zMAC id="%s"zts="%s"z
nonce="%s"zbodyhash="%s"zext="%s"zmac="%s"z, Authorization)upperr   Zhost_from_urilowerhashlibZsha1Zsha256
ValueErrorformatZgenerate_ager   Zgenerate_nonceZgenerate_timestampr   encoder   Zdigestdecodeappendjoin
isinstancestrhmacnew)tokenurikeyZhttp_methodZnonceheadersbodyextZhash_algorithmZ
issue_timeZdraftZhostZporthtsZschZnetpathZparZqueryZfraZrequest_uriZbodyhashbaseZbase_stringsignheaderr   r   r   prepare_mac_headerC   sf   (
 








rJ   c                 C      t |d| fgS )a  Add a `Bearer Token`_ to the request URI.
    Not recommended, use only if client can't use authorization header or body.

    http://www.example.com/path?access_token=h480djs93hd8

    .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750

    :param token:
    :param uri:
    access_token)r   )r>   r?   r   r   r   prepare_bearer_uri   s   rM   c                 C   s   |pi }d|  |d< |S )zAdd a `Bearer Token`_ to the request URI.
    Recommended method of passing bearer tokens.

    Authorization: Bearer h480djs93hd8

    .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750

    :param token:
    :param headers:
    z	Bearer %sr0   r   )r>   rA   r   r   r   prepare_bearer_headers   s   rN   c                 C   rK   )zAdd a `Bearer Token`_ to the request body.

    access_token=h480djs93hd8

    .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750

    :param token:
    :param body:
    rL   )r   )r>   rB   r   r   r   prepare_bearer_body   s   
rO   Fc                 C   s   t  S )zp
    :param request: OAuthlib request.
    :type request: oauthlib.common.Request
    :param refresh_token:
    )r   Zgenerate_token)requestrefresh_tokenr   r   r   random_token_generator   s   rR   c                    s    fdd}|S )z
    :param private_pem:
    c                    s    | _ t| S r   )Zclaimsr   Zgenerate_signed_token)rP   kwargsprivate_pemr   r   signed_token_generator   s   z6signed_token_generator.<locals>.signed_token_generatorr   )rU   rT   rV   r   rS   r   rV      s   rV   c                 C   sP   d}d| j v r#| j d }t|dkr!|d  dkr!|d }|S | j}|S )z
    Helper function to extract a token from the request header.

    :param request: OAuthlib request.
    :type request: oauthlib.common.Request
    :return: Return the token or None if the Authorization header is malformed.
    Nr0      r   bearerr   )rA   getsplitlenr2   rL   )rP   r>   Zsplit_headerr   r   r   get_token_from_header   s   
r\   c                   @   s&   e Zd Zd	ddZdd Zdd ZdS )
	TokenBaseFc                 C      t d)N&Subclasses must implement this method.NotImplementedError)r   rP   rQ   r   r   r   __call__  s   zTokenBase.__call__c                 C   r^   b
        :param request: OAuthlib request.
        :type request: oauthlib.common.Request
        r_   r`   r   rP   r   r   r   validate_request     zTokenBase.validate_requestc                 C   r^   rc   r`   re   r   r   r   estimate_type  rg   zTokenBase.estimate_typeNF)r&   r'   r(   rb   rf   rh   r   r   r   r   r]     s    
r]   c                   @   s8   e Zd ZdZ		dddZdddZdd	 Zd
d ZdS )BearerToken)request_validatortoken_generatorrefresh_token_generator
expires_inNc                 C   s*   || _ |pt| _|p| j| _|pd| _d S )Ni  )rk   rR   rl   rm   rn   )r   rk   rl   rn   rm   r   r   r   r     s
   
zBearerToken.__init__Fc                 K   s   d|v r
t dt t| jr| |}n| j}||_| ||dd}|jdur1d|j|d< |rI|jrB| j	
|sB|j|d< n| ||d< ||jpOi  t|S )	z
        Create a BearerToken, by default without refresh token.

        :param request: OAuthlib request.
        :type request: oauthlib.common.Request
        :param refresh_token:
        Z
save_tokenzx`save_token` has been deprecated, it was not called internally.If you do, call `request_validator.save_token()` instead.ZBearer)rL   rn   
token_typeN r
   rQ   )warningswarnDeprecationWarningcallablern   rl   r!   r9   rQ   rk   Zrotate_refresh_tokenrm   updateZextra_credentialsr	   )r   rP   rQ   rT   rn   r>   r   r   r   create_token&  s,   

	
zBearerToken.create_tokenc                 C   s   t |}| j||j|S )rd   )r\   rk   Zvalidate_bearer_tokenr!   )r   rP   r>   r   r   r   rf   P  s   zBearerToken.validate_requestc                 C   s6   |j dddd  dkrdS |jdurdS dS )	rd   r0   r+   rp   r   rX   	   N   )rA   rY   rZ   r2   rL   re   r   r   r   rh   Y  s
    
zBearerToken.estimate_type)NNNNri   )r&   r'   r(   	__slots__r   rv   rf   rh   r   r   r   r   rj     s    

	*	rj   )NNNr+   r,   Nr   r   )r+   ri   )__doc__r3   r<   rq   Zbinasciir   Zurllib.parser   Zoauthlibr   Zoauthlib.commonr   r   r+   r   dictr	   rJ   rM   rN   rO   rR   rV   r\   r]   rj   r   r   r   r   <module>   s4    	.
m


	