ó O'—^c@@sRdZddlmZmZddlmZddlZddlZyddlmZWn!e k r{ddl mZnXddl m Z m Z mZddlmZdd lmZd efd „ƒYZdddd d ddd„Zd„Zdd„Zd d„Zed„Zd„Zdefd„ƒYZdefd„ƒYZdS(uý oauthlib.oauth2.rfc6749.tokens ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This module contains methods for adding two types of access tokens to requests. - Bearer http://tools.ietf.org/html/rfc6750 - MAC http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 i(tabsolute_importtunicode_literals(t b2a_base64N(turlparse(tadd_params_to_uritadd_params_to_qst unicode_type(tcommoni(tutilst OAuth2TokencB@s}eZdd„Zed„ƒZed„ƒZed„ƒZed„ƒZed„ƒZ ed„ƒZ ed„ƒZ RS( cC@sŸtt|ƒj|ƒd|_d|krJttj|dƒƒ|_n|dk rttj|ƒƒ|_|jdkr›|j|_q›n |j|_dS(Nuscope( tsuperR t__init__tNonet _new_scopetsetRt scope_to_listt _old_scope(tselftparamst old_scope((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pyR s   cC@s|j|jkS(N(R R(R((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pyt scope_changed*scC@stj|jƒS(N(Rt list_to_scopeR(R((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pyR.scC@s t|jƒS(N(tlistR(R((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pyt old_scopes2scC@stj|jƒS(N(RRR (R((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pytscope6scC@s t|jƒS(N(RR (R((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pytscopes:scC@st|j|jƒS(N(RRR (R((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pytmissing_scopes>scC@st|j|jƒS(N(RR R(R((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pytadditional_scopesBsN( t__name__t __module__R R tpropertyRRRRRRR(((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pyR s uu hmac-sha-1c C@s |jƒ}tj|ƒ\} } |jƒdkr?tj} n*|jƒdkr]tj} n tdƒ‚| dkrŸ|p™djtj | ƒt j ƒƒ}nt j ƒ}t j ƒ}t |ƒ\}}}}}}|rì|d|}n|}|dk rA| dkrA|jdƒ}t| |ƒjƒƒd jdƒ}nd }g}| dkri|j|ƒn|j|ƒ|j|ƒ|j|jƒƒ|j|ƒ|j| ƒ|j| ƒ| dkrÙ|j|ƒn|j|pèd ƒd j|ƒd }t|tƒr |jdƒ}ntj||jdƒ| ƒ}t|jƒƒd jdƒ}g}|jd |ƒ| dkr”|jd |ƒn|jd |ƒ|r¿|jd|ƒn|rÙ|jd|ƒn|jd|ƒ|pói}dj|ƒ|d<|S(uAdd an `MAC Access Authentication`_ signature to headers. Unlike OAuth 1, this HMAC signature does not require inclusion of the request payload/body, neither does it use a combination of client_secret and token_secret but rather a mac_key provided together with the access token. Currently two algorithms are supported, "hmac-sha-1" and "hmac-sha-256", `extension algorithms`_ are not supported. Example MAC Authorization header, linebreaks added for clarity Authorization: MAC id="h480djs93hd8", nonce="1336363200:dj83hs9s", mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM=" .. _`MAC Access Authentication`: http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 .. _`extension algorithms`: http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-7.1 :param uri: Request URI. :param headers: Request headers as a dictionary. :param http_method: HTTP Request method. :param key: MAC given provided by token endpoint. :param hash_algorithm: HMAC algorithm provided by token endpoint. :param issue_time: Time when the MAC credentials were issued (datetime). :param draft: MAC authentication specification version. :return: headers dictionary with the authorization field added. u hmac-sha-1u hmac-sha-256uunknown hash algorithmiu{0}:{1}u?uutf-8iÿÿÿÿuu u MAC id="%s"uts="%s"u nonce="%s"u bodyhash="%s"uext="%s"umac="%s"u, u AuthorizationN(tupperRt host_from_uritlowerthashlibtsha1tsha256t ValueErrortformatt generate_ageRtgenerate_noncetgenerate_timestampRR tencodeRtdigesttdecodetappendtjoint isinstanceRthmactnew(ttokenturitkeyt http_methodtnoncetheaderstbodytextthash_algorithmt issue_timetdraftthosttportthttstschtnettpathtpartquerytfrat request_uritbodyhashtbaset base_stringtsigntheader((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pytprepare_mac_headerGsd$       (         cC@st|d|fgƒS(uõAdd a `Bearer Token`_ to the request URI. Not recommended, use only if client can't use authorization header or body. http://www.example.com/path?access_token=h480djs93hd8 .. _`Bearer Token`: http://tools.ietf.org/html/rfc6750 u access_token(R(R2R3((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pytprepare_bearer_uri°scC@s|p i}d||d<|S(uÃAdd a `Bearer Token`_ to the request URI. Recommended method of passing bearer tokens. Authorization: Bearer h480djs93hd8 .. _`Bearer Token`: http://tools.ietf.org/html/rfc6750 u Bearer %su Authorization((R2R7((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pytprepare_bearer_headers»s cC@st|d|fgƒS(uŠAdd a `Bearer Token`_ to the request body. access_token=h480djs93hd8 .. _`Bearer Token`: http://tools.ietf.org/html/rfc6750 u access_token(R(R2R8((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pytprepare_bearer_bodyÈscC@s tjƒS(N(Rtgenerate_token(trequestt refresh_token((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pytrandom_token_generatorÒsc @s‡‡fd†}|S(Nc@sˆ|_tjˆ|ƒS(N(tclaimsRtgenerate_signed_token(RR(tkwargst private_pem(s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pytsigned_token_generator×s ((RXRWRY((RWRXs@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pyRYÖst TokenBasecB@s&eZed„Zd„Zd„ZRS(cC@stdƒ‚dS(Nu&Subclasses must implement this method.(tNotImplementedError(RRRRS((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pyt__call__àscC@stdƒ‚dS(Nu&Subclasses must implement this method.(R[(RRR((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pytvalidate_requestãscC@stdƒ‚dS(Nu&Subclasses must implement this method.(R[(RRR((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pyt estimate_typeæs(RRtFalseR\R]R^(((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pyRZÞs  t BearerTokencB@s;eZddddd„Zed„Zd„Zd„ZRS(cC@s=||_|pt|_|p$|j|_|p3d|_dS(Ni(trequest_validatorRTttoken_generatortrefresh_token_generatort expires_in(RRaRbRdRc((s@/tmp/pip-unpacked-wheel-eAx2J6/oauthlib/oauth2/rfc6749/tokens.pyR ìs cC@st|jƒr!|j|ƒ}n |j}||_i|j|ƒd6|d6dd6}|jd k rdj|jƒ|d s4   . b