o aY+@sdZddlZddlZddlZddlmZddlmZddlm Z ddl m Z m Z ddl mZGd d d eZ     d d dZddZd!ddZd"ddZd#ddZddZddZGdddZGdddeZdS)$z oauthlib.oauth2.rfc6749.tokens ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This module contains methods for adding two types of access tokens to requests. - Bearer https://tools.ietf.org/html/rfc6750 - MAC https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 N) b2a_base64)urlparse)common)add_params_to_qsadd_params_to_uri)utilscsreZdZdfdd ZeddZeddZedd Zed d Zed d Z eddZ eddZ Z S) OAuth2TokenNcstt|d|_d|vr|drtt|d|_|dur4tt||_|jdur2|j|_dSdS|j|_dS)Nscope)super__init__ _new_scopesetrZ scope_to_list _old_scope)selfparams old_scope __class__@/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/tokens.pyr s    zOAuth2Token.__init__cCs |j|jkSN)r rrrrr scope_changed& zOAuth2Token.scope_changedcC t|jSr)r list_to_scoperrrrrr*rzOAuth2Token.old_scopecC t|jSr)listrrrrr old_scopes. zOAuth2Token.old_scopescCrr)rrr rrrrr 2rzOAuth2Token.scopecCrr)rr rrrrscopes6r zOAuth2Token.scopescCt|j|jSr)rrr rrrrmissing_scopes:zOAuth2Token.missing_scopescCr"r)rr rrrrradditional_scopes>r$zOAuth2Token.additional_scopesr) __name__ __module__ __qualname__r propertyrrrr r!r#r% __classcell__rrrrr s       r hmac-sha-1c Cs0|}t|\} } |dkrtj} n|dkrtj} ntd| dkr5|p3dt | t }nt }t }t |\}}}}}}|rP|d|}n|}|duro| dkro|d}t| |dd d}nd }g}| dkr}||n |||||||||| || | dkr||||pd d |d }t|tr|d}t||d| }t|dd d}g}|d || dkr|d ||d||r|d||r|d||d||pi}d||d<|S)a_Add an `MAC Access Authentication`_ signature to headers. Unlike OAuth 1, this HMAC signature does not require inclusion of the request payload/body, neither does it use a combination of client_secret and token_secret but rather a mac_key provided together with the access token. Currently two algorithms are supported, "hmac-sha-1" and "hmac-sha-256", `extension algorithms`_ are not supported. Example MAC Authorization header, linebreaks added for clarity Authorization: MAC id="h480djs93hd8", nonce="1336363200:dj83hs9s", mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM=" .. _`MAC Access Authentication`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 .. _`extension algorithms`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-7.1 :param token: :param uri: Request URI. :param key: MAC given provided by token endpoint. :param http_method: HTTP Request method. :param nonce: :param headers: Request headers as a dictionary. :param body: :param ext: :param hash_algorithm: HMAC algorithm provided by token endpoint. :param issue_time: Time when the MAC credentials were issued (datetime). :param draft: MAC authentication specification version. :return: headers dictionary with the authorization field added. r,z hmac-sha-256zunknown hash algorithmrz{}:{}?Nzutf-8r+ z MAC id="%s"zts="%s"z nonce="%s"z bodyhash="%s"zext="%s"zmac="%s"z, Authorization)upperrZ host_from_urilowerhashlibZsha1Zsha256 ValueErrorformatZ generate_agerZgenerate_nonceZgenerate_timestamprencoderZdigestdecodeappendjoin isinstancestrhmacnew)tokenurikeyZ http_methodZnonceheadersbodyextZhash_algorithmZ issue_timeZdraftZhostZporthtsZschZnetpathZparZqueryZfraZ request_uriZbodyhashbaseZ base_stringsignheaderrrrprepare_mac_headerCsf(              rJcCt|d|fgS)aAdd a `Bearer Token`_ to the request URI. Not recommended, use only if client can't use authorization header or body. http://www.example.com/path?access_token=h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param uri: access_token)r)r>r?rrrprepare_bearer_uris rMcCs|pi}d||d<|S)zAdd a `Bearer Token`_ to the request URI. Recommended method of passing bearer tokens. Authorization: Bearer h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param headers: z Bearer %sr0r)r>rArrrprepare_bearer_headerss rNcCrK)zAdd a `Bearer Token`_ to the request body. access_token=h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param body: rL)r)r>rBrrrprepare_bearer_bodys rOFcCstS)zp :param request: OAuthlib request. :type request: oauthlib.common.Request :param refresh_token: )rZgenerate_token)request refresh_tokenrrrrandom_token_generatorsrRc sfdd}|S)z :param private_pem: cs|_t|Sr)ZclaimsrZgenerate_signed_token)rPkwargs private_pemrrsigned_token_generators z6signed_token_generator..signed_token_generatorr)rUrTrVrrSrrVsrVcCsPd}d|jvr#|jd}t|dkr!|ddkr!|d}|S|j}|S)z Helper function to extract a token from the request header. :param request: OAuthlib request. :type request: oauthlib.common.Request :return: Return the token or None if the Authorization header is malformed. Nr0rbearerr)rAgetsplitlenr2rL)rPr>Z split_headerrrrget_token_from_headers r\c@s&eZdZd ddZddZddZdS) TokenBaseFcCtd)N&Subclasses must implement this method.NotImplementedError)rrPrQrrr__call__szTokenBase.__call__cCr^b :param request: OAuthlib request. :type request: oauthlib.common.Request r_r`rrPrrrvalidate_requestzTokenBase.validate_requestcCr^rcr`rerrr estimate_typergzTokenBase.estimate_typeNF)r&r'r(rbrfrhrrrrr]s  r]c@s8eZdZdZ  d ddZd ddZdd Zd d ZdS) BearerToken)request_validatortoken_generatorrefresh_token_generator expires_inNcCs*||_|pt|_|p |j|_|pd|_dS)Ni)rkrRrlrmrn)rrkrlrnrmrrrr s  zBearerToken.__init__FcKsd|vr tdtt|jr||}n|j}||_|||dd}|jdur1d|j|d<|rI|jrB|j |sB|j|d<n| ||d<| |j pOit|S) z Create a BearerToken, by default without refresh token. :param request: OAuthlib request. :type request: oauthlib.common.Request :param refresh_token: Z save_tokenzx`save_token` has been deprecated, it was not called internally.If you do, call `request_validator.save_token()` instead.ZBearer)rLrn token_typeN r rQ)warningswarnDeprecationWarningcallablernrlr!r9rQrkZrotate_refresh_tokenrmupdateZextra_credentialsr )rrPrQrTrnr>rrr create_token&s,     zBearerToken.create_tokencCst|}|j||j|S)rd)r\rkZvalidate_bearer_tokenr!)rrPr>rrrrfPszBearerToken.validate_requestcCs6|jdddddkrdS|jdurdSdS) rdr0r+rprrX N)rArYrZr2rLrerrrrhYs  zBearerToken.estimate_type)NNNNri)r&r'r( __slots__r rvrfrhrrrrrjs * rj)NNNr+r,Nrr)r+ri)__doc__r3r<rqZbinasciirZ urllib.parserZoauthlibrZoauthlib.commonrrr+rdictr rJrMrNrOrRrVr\r]rjrrrrs4     . m