a \†¶`Y+ã@sÎdZddlZddlZddlZddlmZddlmZddlm Z ddl m Z m Z ddl mZGd d „d eƒZd d d„Zdd„Zd!dd„Zd"dd„Zd#dd„Zdd„Zdd„ZGdd„dƒZGdd„deƒZdS)$zÿ oauthlib.oauth2.rfc6749.tokens ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This module contains methods for adding two types of access tokens to requests. - Bearer https://tools.ietf.org/html/rfc6750 - MAC https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 éN)Ú b2a_base64)Úurlparse)Úcommon)Úadd_params_to_qsÚadd_params_to_urié)ÚutilscsreZdZd‡fdd„ Zedd„ƒZedd„ƒZedd „ƒZed d „ƒZed d „ƒZ edd„ƒZ edd„ƒZ ‡Z S)Ú OAuth2TokenNcsntƒ |¡d|_d|vr6|dr6tt |d¡ƒ|_|durbtt |¡ƒ|_|jdurj|j|_n|j|_dS)NÚscope)ÚsuperÚ__init__Ú _new_scopeÚsetrZ scope_to_listÚ _old_scope)ÚselfÚparamsÚ old_scope©Ú __class__©úB/usr/lib/python3.9/site-packages/oauthlib/oauth2/rfc6749/tokens.pyr s   zOAuth2Token.__init__cCs |j|jkS©N)r r©rrrrÚ scope_changed&szOAuth2Token.scope_changedcCs t |j¡Sr)rÚ list_to_scoperrrrrr*szOAuth2Token.old_scopecCs t|jƒSr)ÚlistrrrrrÚ old_scopes.szOAuth2Token.old_scopescCs t |j¡Sr)rrr rrrrr 2szOAuth2Token.scopecCs t|jƒSr)rr rrrrÚscopes6szOAuth2Token.scopescCst|j|jƒSr)rrr rrrrÚmissing_scopes:szOAuth2Token.missing_scopescCst|j|jƒSr)rr rrrrrÚadditional_scopes>szOAuth2Token.additional_scopes)N) Ú__name__Ú __module__Ú __qualname__r Úpropertyrrrr rrrÚ __classcell__rrrrr s      r Úú hmac-sha-1c Cs:| ¡}t |¡\} } | ¡dkr*tj} n| ¡dkr>tj} ntdƒ‚| dkrj|pfd t  | ¡t   ¡¡}nt   ¡}t   ¡}t |ƒ\}}}}}}|r |d|}n|}|durÞ| dkrÞ| d¡}t| |ƒ ¡ƒdd … d¡}nd }g}| dkrú| |¡n| |¡| |¡| | ¡¡| |¡| | ¡| | ¡| dkrN| |¡| |pZd ¡d  |¡d }t|tƒr‚| d¡}t || d¡| ¡}t| ¡ƒdd … d¡}g}| d |¡| dkrÚ| d |¡| d|¡|rü| d|¡|r| d|¡| d|¡|p&i}d |¡|d<|S)a_Add an `MAC Access Authentication`_ signature to headers. Unlike OAuth 1, this HMAC signature does not require inclusion of the request payload/body, neither does it use a combination of client_secret and token_secret but rather a mac_key provided together with the access token. Currently two algorithms are supported, "hmac-sha-1" and "hmac-sha-256", `extension algorithms`_ are not supported. Example MAC Authorization header, linebreaks added for clarity Authorization: MAC id="h480djs93hd8", nonce="1336363200:dj83hs9s", mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM=" .. _`MAC Access Authentication`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 .. _`extension algorithms`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-7.1 :param token: :param uri: Request URI. :param key: MAC given provided by token endpoint. :param http_method: HTTP Request method. :param nonce: :param headers: Request headers as a dictionary. :param body: :param ext: :param hash_algorithm: HMAC algorithm provided by token endpoint. :param issue_time: Time when the MAC credentials were issued (datetime). :param draft: MAC authentication specification version. :return: headers dictionary with the authorization field added. r&z hmac-sha-256zunknown hash algorithmrz{}:{}ú?Nzutf-8éÿÿÿÿr%Ú z MAC id="%s"zts="%s"z nonce="%s"z bodyhash="%s"zext="%s"zmac="%s"z, Ú Authorization)ÚupperrZ host_from_uriÚlowerÚhashlibZsha1Zsha256Ú ValueErrorÚformatZ generate_agerZgenerate_nonceZgenerate_timestamprÚencoderÚdigestÚdecodeÚappendÚjoinÚ isinstanceÚstrÚhmacÚnew)ÚtokenÚuriÚkeyZ http_methodZnonceÚheadersÚbodyÚextZhash_algorithmZ issue_timeZdraftÚhostÚportÚhÚtsZschZnetÚpathZparÚqueryZfraZ request_uriZbodyhashÚbaseZ base_stringÚsignÚheaderrrrÚprepare_mac_headerCsf(  ÿ              rHcCst|d|fgƒS)aAdd a `Bearer Token`_ to the request URI. Not recommended, use only if client can't use authorization header or body. http://www.example.com/path?access_token=h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param uri: Ú access_token)r)r9r:rrrÚprepare_bearer_uri°s rJcCs|pi}d||d<|S)zëAdd a `Bearer Token`_ to the request URI. Recommended method of passing bearer tokens. Authorization: Bearer h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param headers: z Bearer %sr*r)r9r<rrrÚprepare_bearer_headers¾s  rKcCst|d|fgƒS)z¯Add a `Bearer Token`_ to the request body. access_token=h480djs93hd8 .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750 :param token: :param body: rI)r)r9r=rrrÚprepare_bearer_bodyÎs rLFcCst ¡S)zp :param request: OAuthlib request. :type request: oauthlib.common.Request :param refresh_token: )rZgenerate_token)ÚrequestÚ refresh_tokenrrrÚrandom_token_generatorÛsrOc s‡‡fdd„}|S)z :param private_pem: csˆ|_t ˆ|¡Sr)ZclaimsrZgenerate_signed_token)rM©ÚkwargsÚ private_pemrrÚsigned_token_generatorèsz6signed_token_generator..signed_token_generatorr)rRrQrSrrPrrSäsrScCsNd}d|jvrD|j d¡ ¡}t|ƒdkrJ|d ¡dkrJ|d}n|j}|S)zç Helper function to extract a token from the request header. :param request: OAuthlib request. :type request: oauthlib.common.Request :return: Return the token or None if the Authorization header is malformed. Nr*érÚbearerr)r<ÚgetÚsplitÚlenr,rI)rMr9Z split_headerrrrÚget_token_from_headerïs  rYc@s&eZdZd dd„Zdd„Zdd„ZdS) Ú TokenBaseFcCs tdƒ‚dS)Nú&Subclasses must implement this method.©ÚNotImplementedError)rrMrNrrrÚ__call__szTokenBase.__call__cCs tdƒ‚dS©úb :param request: OAuthlib request. :type request: oauthlib.common.Request r[Nr\©rrMrrrÚvalidate_requestszTokenBase.validate_requestcCs tdƒ‚dSr_r\rarrrÚ estimate_typeszTokenBase.estimate_typeN)F)r r!r"r^rbrcrrrrrZs rZc@s4eZdZdZd dd„Zd dd„Zdd „Zd d „ZdS)Ú BearerToken)Úrequest_validatorÚtoken_generatorÚrefresh_token_generatorÚ expires_inNcCs*||_|p t|_|p|j|_|p"d|_dS)Ni)rerOrfrgrh)rrerfrhrgrrrr s  ÿzBearerToken.__init__FcKsªd|vrt dt¡t|jƒr*| |¡}n|j}||_| |¡|ddœ}|jdurbd |j¡|d<|r’|jr„|j   |¡s„|j|d<n|  |¡|d<|  |j pži¡t|ƒS) zÁ Create a BearerToken, by default without refresh token. :param request: OAuthlib request. :type request: oauthlib.common.Request :param refresh_token: Z save_tokenzx`save_token` has been deprecated, it was not called internally.If you do, call `request_validator.save_token()` instead.ZBearer)rIrhÚ token_typeNú r rN)ÚwarningsÚwarnÚDeprecationWarningÚcallablerhrfrr4rNreZrotate_refresh_tokenrgÚupdateZextra_credentialsr )rrMrNrQrhr9rrrÚ create_token&s,þ  ý  ÿ zBearerToken.create_tokencCst|ƒ}|j ||j|¡S)r`)rYreZvalidate_bearer_tokenr)rrMr9rrrrbPsÿzBearerToken.validate_requestcCs:|j dd¡ d¡d ¡dkr$dS|jdur2dSdSdS) r`r*r%rjrrUé Né)r<rVrWr,rIrarrrrcYs   zBearerToken.estimate_type)NNNN)F)r r!r"Ú __slots__r rprbrcrrrrrdsÿ * rd)NNNr%r&Nr)N)r%)F)Ú__doc__r-r7rkZbinasciirÚ urllib.parserZoauthlibrZoauthlib.commonrrr%rÚdictr rHrJrKrLrOrSrYrZrdrrrrÚs2     .ù m