B #an4@sdZddlZddlZddlZddlZddlZddlmZddlm Z m Z m ZddlmZyddlmZddlmZWn,ek rddlmZddlmZYnXd Zd Zed ejZed Zd ZedZd:ddZ ddZ ddZ ddZ ddZ!e"ee"dBZ#ddZ$ddZ%dd Z&d!d"Z'd#efd$d%Z(d&d'Z)d(d)Z*d#efd*d+Z+d,d-Z,d;d/d0Z-d1d2Z.dabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789z_ !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}z&([^&;]*(?:password|token)[^=]*=)[^&;]+z&%[^0-9A-Fa-f]|%[0-9A-Fa-f][^0-9A-Fa-f]zAABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-Zoauthlib/cCs:t|tr|dn|}t||}t|tr6|d}|S)Nzutf-8) isinstancestrencode_quotebytesdecode)ssafer6/tmp/pip-target-jgxl_w8r/lib/python/oauthlib/common.pyr-s    rcCs t|}t|tr|d}|S)Nzutf-8)_unquoter rr)rrrrr7s  rcCs,t|}t|}t|tr|S|dSdS)Nzutf-8)encode_params_utf8 _urlencoder r r)paramsZ utf8_params urlencodedrrrrAs  rcCsPg}xF|D]>\}}|t|tr*|dn|t|tr@|dn|fq W|S)ziEnsures that all parameters in a list of 2-element tuples are encoded to bytestrings using UTF-8 zutf-8)appendr r r )rencodedkvrrrrJs  rcCsPg}xF|D]>\}}|t|tr*|dn|t|tr@|dn|fq W|S)zfEnsures that all parameters in a list of 2-element tuples are decoded to unicode using UTF-8. zutf-8)rr rr)rdecodedrrrrrdecode_params_utf8Vs  rz=&;:%+~,*@!()/?'$cCsT|r,t|tks,d}t|t|t|ft|r>tdtj|dd}t|S)aDecode a query string in x-www-form-urlencoded format into a sequence of two-element tuples. Unlike urlparse.parse_qsl(..., strict_parsing=True) urldecode will enforce correct formatting of the query string by validation. If validation fails a ValueError will be raised. urllib.parse_qsl will only raise errors if any of name-value pairs omits the equals sign. zError trying to decode a non urlencoded string. Found invalid characters: %s in the string: '%s'. Please ensure the request/response body is x-www-form-urlencoded.z%Invalid hex encoding in query string.T)keep_blank_values)setr ValueErrorINVALID_HEX_PATTERNsearchurlparse parse_qslr)queryerrorrrrr urldecodees  r)cCst|ttfr6y t|}Wqtk r2d}YqXnnt|dry t|Wn.tk rdd}Yqtk rzd}YqXtt|tr| n|}t |}nd}|S)a*Extract parameters and return them as a list of 2-tuples. Will successfully extract parameters from urlencoded query strings, dicts, or lists of 2-tuples. Empty strings/dicts/lists will return an empty list of parameters. Any other input will result in a return value of None. N__iter__) r rr r)r"hasattrdict TypeErrorlistitemsr)rawrrrrextract_paramss       r1cCstttdtS)aGenerate pseudorandom nonce that is unlikely to repeat. Per `section 3.3`_ of the OAuth 1 RFC 5849 spec. Per `section 3.2.1`_ of the MAC Access Authentication spec. A random 64-bit number is appended to the epoch timestamp for both randomness and to decrease the likelihood of collisions. .. _`section 3.2.1`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-3.2.1 .. _`section 3.3`: https://tools.ietf.org/html/rfc5849#section-3.3 @)r rgenerate_timestamprrrrgenerate_nonces r4cCstttS)aDGet seconds since epoch (UTC). Per `section 3.3`_ of the OAuth 1 RFC 5849 spec. Per `section 3.2.1`_ of the MAC Access Authentication spec. .. _`section 3.2.1`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-3.2.1 .. _`section 3.3`: https://tools.ietf.org/html/rfc5849#section-3.3 )r inttimerrrrr3s r3cs$tdfddt|DS)aXGenerates a non-guessable OAuth token OAuth (1 and 2) does not specify the format of tokens except that they should be strings of random characters. Tokens should not be guessable and entropy when generating the random characters is important. Which is why SystemRandom is used instead of the default random.choice method. c3s|]}VqdS)N)choice).0x)charsrandrr sz!generate_token..)rjoinrange)lengthr<r)r<r=rgenerate_tokensrBcCsTddl}tj}|j|tj|jdd}||j|||d}t |d}|S)Nr)seconds)scopeexpRS256zUTF-8) jwtdatetimeutcnowrD timedeltaZ expires_inupdateclaimsr to_unicode)Z private_pemrequestrGnowrLtokenrrrgenerate_signed_tokens   rQcCsddl}|j||dgdS)NrrF)Z algorithms)rGr)Z public_pemrPrGrrrverify_signed_tokensrRcCs t||S)zGenerates an OAuth client_id OAuth 2 specify the format of client_id in https://tools.ietf.org/html/rfc6749#appendix-A. )rB)rAr<rrrgenerate_client_idsrScCs2t|tr|}tj|dd}||t|S)z)Extend a query with a list of two-tuples.T)r )r r,r/r%r&extendr)r'rZ queryparamsrrradd_params_to_qss   rUFc CsFt|\}}}}}}|r&t||}n t||}t||||||fS)z5Add a list of two-tuples to the uri query components.)r%rU urlunparse) urirfragmentZschnetpathparr'Zfrarrradd_params_to_uris   r\cCsLt|t|krdSd}x*t||D]\}}|t|t|AO}q$W|dkS)a Near-constant time string comparison. Used in order to avoid timing attacks on sensitive information such as secret keys during request verification (`rootLabs`_). .. _`rootLabs`: http://rdist.root.org/2010/01/07/timing-independent-array-comparison/ Fr)lenzipord)abresultr;yrrrsafe_string_equalss rdUTF-8cst|tr|St|tr$t|dSt|dry t|Wn4tk rNYnFtk rnfdd|DSXt|dr|}fdd|DS|S)z:Convert a number of different types of objects to unicode.)encodingr*c3s|]}t|VqdS)N)rM)r:i)rfrrr>szto_unicode..r/cs"i|]\}}t|t|qSr)rM)r:rr)rfrr $szto_unicode..)r r rr+r,r-r"r/)datarfr)rfrrMs      rMcsbeZdZdZiZddZddZfddZfdd Zdd d Z fd dZ fddZ Z S)CaseInsensitiveDictz3Basic case insensitive dict with strings only keys.cCs.dd|D|_x|D]}||||<qWdS)NcSsi|]}||qSr)lower)r:rrrrrh0sz0CaseInsensitiveDict.__init__..)proxy)selfrirrrr__init__/s zCaseInsensitiveDict.__init__cCs||jkS)N)rkrl)rmrrrr __contains__4sz CaseInsensitiveDict.__contains__cs*|j|}t||j|=dS)N)rlrksuper __delitem__)rmrkey) __class__rrrq7s zCaseInsensitiveDict.__delitem__cs|j|}t|S)N)rlrkrp __getitem__)rmrrr)rsrrrt<szCaseInsensitiveDict.__getitem__NcCs||kr||S|S)Nr)rmrdefaultrrrget@szCaseInsensitiveDict.getcs t||||j|<dS)N)rp __setitem__rlrk)rmrr)rsrrrwCszCaseInsensitiveDict.__setitem__cs4tj||x t||D]}||j|<qWdS)N)rprKr,rlrk)rmargskwargsr)rsrrrKGszCaseInsensitiveDict.update)N) __name__ __module__ __qualname____doc__rlrnrorqrtrvrwrK __classcell__rr)rsrrj)s    rjc@sNeZdZdZdddZddZd d Zed d Zed dZ eddZ dS)Requesta:A malleable representation of a signable HTTP request. Body argument may contain any data, but parameters will only be decoded if they are one of: * urlencoded query string * dict * list of 2-tuples Anything else will be treated as raw body data to be passed through unmolested. GETNutf-8csfdd}|||_|||_t||p*i|_|||_t|j|_g|_i|_ddddddddddddddddddddddddddddddd|_ |j t t |j |j t |jpgdS)Ncsrt|S|S)N)rM)r;)rfrr_z"Request.__init__..)Z access_tokenclientZ client_idZ client_secretcodeZcode_challengeZcode_challenge_methodZ code_verifierZextra_credentialsZ grant_typeZ redirect_uriZ refresh_tokenZ request_tokenZ response_typerDZscopesstaterPuserZtoken_type_hintZ response_modenonceZdisplaypromptrLZmax_ageZ ui_localesZ id_token_hintZ login_hintZ acr_values)rW http_methodrjheadersbodyr1 decoded_bodyZ oauth_paramsZ validator_log_paramsrKr,r) uri_query)rmrWrrrrfr r)rfrrn\sP      zRequest.__init__cCs ||jkr|j|St|dS)N)rAttributeError)rmnamerrr __getattr__s  zRequest.__getattr__cCsRts dS|j}|j}|r.tdt|}d|kr>d|d<d|j|j ||S)Nzz  Authorizationz zF) rrrcopySANITIZE_PATTERNsubr formatrWr)rmrrrrr__repr__s zRequest.__repr__cCst|jjS)N)r%rWr')rmrrrrszRequest.uri_querycCs|js gStj|jdddS)NT)r strict_parsing)rr%r&)rmrrruri_query_paramss zRequest.uri_query_paramscCsTtt}dd|jpg|jD}x|D]}||d7<q*Wdd|DS)Ncss|]}|dVqdS)rNr)r:prrrr>sz+Request.duplicate_params..rcSsg|]\}}|dkr|qS)rr)r:rcrrr sz,Request.duplicate_params..) collections defaultdictr5rrr/)rmZ seen_keysZall_keysrrrrduplicate_paramss   zRequest.duplicate_params)rNNr) rzr{r|r}rnrrpropertyrrrrrrrrMs  1  r)r )F)re)3r}rrHloggingrer6 urllib.parseparser%rrrrrrr8rZsecretsrr ImportErrorrandomr ZUNICODE_ASCII_CHARACTER_SETZCLIENT_ID_CHARACTER_SETcompile IGNORECASErr#Z always_safe getLoggerlogrrr!rr)r1r4r3rBrQrRrSrUr\rdrMr,rjrrrrrsP           !     $