Current File : //usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/__pycache__/tokens.cpython-312.pyc
�

�bl+����dZddlZddlZddlZddlmZddlmZddlm	Z	ddl
mZmZddl
mZGd	�d
e�Z							dd�Zd�Zdd
�Zdd�Zdd�Zd�Zd�ZGd�d�ZGd�de�Zy)z�
oauthlib.oauth2.rfc6749.tokens
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This module contains methods for adding two types of access tokens to requests.

- Bearer https://tools.ietf.org/html/rfc6750
- MAC https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
�N)�
b2a_base64)�urlparse)�common)�add_params_to_qs�add_params_to_uri�)�utilsc���eZdZd	�fd�	Zed��Zed��Zed��Zed��Zed��Z	ed��Z
ed��Z�xZS)
�OAuth2Tokenc�:��t�|�|�d|_d|vr+|dr&tt	j
|d��|_|�Btt	j
|��|_|j�|j|_yy|j|_y)N�scope)�super�__init__�
_new_scope�setr	�
scope_to_list�
_old_scope)�self�params�	old_scope�	__class__s   ��@/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/tokens.pyrzOAuth2Token.__init__s����
���� �����f�����!�%�"5�"5�f�W�o�"F�G�D�O�� �!�%�"5�"5�i�"@�A�D�O����&�#'�/�/���'�
#�o�o�D�O�c�4�|j|jk7S�N)rr�rs r�
scope_changedzOAuth2Token.scope_changed&s�����$�/�/�1�1rc�@�tj|j�Sr)r	�
list_to_scoperrs rrzOAuth2Token.old_scope*����"�"�4�?�?�3�3rc�,�t|j�Sr)�listrrs r�
old_scopeszOAuth2Token.old_scopes.����D�O�O�$�$rc�@�tj|j�Sr)r	rrrs rr
zOAuth2Token.scope2r rc�,�t|j�Sr)r"rrs r�scopeszOAuth2Token.scopes6r$rc�F�t|j|jz
�Sr)r"rrrs r�missing_scopeszOAuth2Token.missing_scopes:����D�O�O�d�o�o�5�6�6rc�F�t|j|jz
�Sr)r"rrrs r�additional_scopeszOAuth2Token.additional_scopes>r*rr)
�__name__�
__module__�__qualname__r�propertyrrr#r
r'r)r,�
__classcell__)rs@rrrs����.��2��2��4��4��%��%��4��4��%��%��7��7��7��7rrc�Z�|j�}tj|�\}}|j�dk(rtj
}
n/|j�dk(rtj}
ntd��|
dk(r<|xs7djtj|	�tj��}n(tj�}tj�}t|�\}}}}}}|r	|dz|z}n|}|�H|
dk(rC|jd�}t|
|�j!��dd	j#d�}nd
}g}|
dk(r|j%|�n"|j%�|j%|�|j%|j��|j%|�|j%|�|j%|�|
dk(r|j%|�|j%|xsd
�dj'|�dz}t)|t*�r|jd�}t-j.||jd�|
�}t|j!��dd	j#d�}g}|j%d|z�|
dk7r|j%d
z�|j%d|z�|r|j%d|z�|r|j%d|z�|j%d|z�|xsi}dj'|�|d<|S)a_Add an `MAC Access Authentication`_ signature to headers.

    Unlike OAuth 1, this HMAC signature does not require inclusion of the
    request payload/body, neither does it use a combination of client_secret
    and token_secret but rather a mac_key provided together with the access
    token.

    Currently two algorithms are supported, "hmac-sha-1" and "hmac-sha-256",
    `extension algorithms`_ are not supported.

    Example MAC Authorization header, linebreaks added for clarity

    Authorization: MAC id="h480djs93hd8",
                       nonce="1336363200:dj83hs9s",
                       mac="bhCQXTVyfj5cmA9uKkPFx1zeOXM="

    .. _`MAC Access Authentication`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
    .. _`extension algorithms`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-7.1

    :param token:
    :param uri: Request URI.
    :param key: MAC given provided by token endpoint.
    :param http_method: HTTP Request method.
    :param nonce:
    :param headers: Request headers as a dictionary.
    :param body:
    :param ext:
    :param hash_algorithm: HMAC algorithm provided by token endpoint.
    :param issue_time: Time when the MAC credentials were issued (datetime).
    :param draft: MAC authentication specification version.
    :return: headers dictionary with the authorization field added.
    �
hmac-sha-1zhmac-sha-256zunknown hash algorithmrz{}:{}�?Nzutf-8�����
zMAC id="%s"zts="%s"z
nonce="%s"z
bodyhash="%s"zext="%s"zmac="%s"z, �
Authorization)�upperr	�
host_from_uri�lower�hashlib�sha1�sha256�
ValueError�format�generate_ager�generate_nonce�generate_timestampr�encoder�digest�decode�append�join�
isinstance�str�hmac�new)�token�uri�key�http_method�nonce�headers�body�ext�hash_algorithm�
issue_time�draft�host�port�h�ts�sch�net�path�par�query�fra�request_uri�bodyhash�base�base_string�sign�headers                           r�prepare_mac_headerrhCs���P�#�#�%�K��$�$�S�)�J�D�$������-��L�L��	�	�	�	�>�	1��N�N���1�2�2���z��C�����(:�(:�:�(F�*0�*?�*?�*A�C���
&�
&�
(���%�%�'��&.�s�m�#�C��d�C�����S�j�5�(������E�Q�J��{�{�7�#���a��g�n�n�.�/���4�;�;�G�D�����D���z����E�����B�����E���K�K��!�!�#�$��K�K����K�K����K�K�����z����H���K�K��	�r���)�)�D�/�D�(�K��#�s���j�j��!���8�8�C��+�+�G�4�a�8�D��d�k�k�m�$�S�b�)�0�0��9�D�
�F�
�M�M�-�%�'�(���z��
�
�i�"�n�%�
�M�M�,��&�'���
�
�o��0�1�
��
�
�j�3�&�'�
�M�M�*�t�#�$��m��G�#�y�y��0�G�O���Nrc� �t|d|fg�S)aAdd a `Bearer Token`_ to the request URI.
    Not recommended, use only if client can't use authorization header or body.

    http://www.example.com/path?access_token=h480djs93hd8

    .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750

    :param token:
    :param uri:
    �access_token)r)rMrNs  r�prepare_bearer_urirk�s���S�^�U�$;�"=�>�>rc�"�|xsi}d|z|d<|S)z�Add a `Bearer Token`_ to the request URI.
    Recommended method of passing bearer tokens.

    Authorization: Bearer h480djs93hd8

    .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750

    :param token:
    :param headers:
    z	Bearer %sr8�)rMrRs  r�prepare_bearer_headersrn�s!���m��G�*�U�2�G�O���Nrc� �t|d|fg�S)z�Add a `Bearer Token`_ to the request body.

    access_token=h480djs93hd8

    .. _`Bearer Token`: https://tools.ietf.org/html/rfc6750

    :param token:
    :param body:
    rj)r)rMrSs  r�prepare_bearer_bodyrp�s���D�^�U�$;�"=�>�>rc�*�tj�S)zp
    :param request: OAuthlib request.
    :type request: oauthlib.common.Request
    :param refresh_token:
    )r�generate_token)�request�
refresh_tokens  r�random_token_generatorru�s��� � �"�"rc������fd�}|S)z
    :param private_pem:
    c�>���|_tj�|�Sr)�claimsr�generate_signed_token)rs�kwargs�private_pems ��r�signed_token_generatorz6signed_token_generator.<locals>.signed_token_generator�s�������+�+�K��A�Arrm)r{rzr|s`` rr|r|�s���B�"�!rc���d}d|jvrT|jjd�j�}t|�dk(r|dj	�dk(r|d}|S|j
}|S)z�
    Helper function to extract a token from the request header.

    :param request: OAuthlib request.
    :type request: oauthlib.common.Request
    :return: Return the token or None if the Authorization header is malformed.
    Nr8�r�bearerr)rR�get�split�lenr;rj)rsrM�split_headers   r�get_token_from_headerr��su��
�E��'�/�/�)����*�*�?�;�A�A�C���|���!�l�1�o�&;�&;�&=��&I� ��O�E��L��$�$���Lrc�$�eZdZdZdd�Zd�Zd�Zy)�	TokenBasermc��td��)N�&Subclasses must implement this method.��NotImplementedError)rrsrts   r�__call__zTokenBase.__call__s��!�"J�K�Krc��td����b
        :param request: OAuthlib request.
        :type request: oauthlib.common.Request
        r�r��rrss  r�validate_requestzTokenBase.validate_request	���
"�"J�K�Krc��td��r�r�r�s  r�
estimate_typezTokenBase.estimate_typer�rN�F)r-r.r/�	__slots__r�r�r�rmrrr�r�s���I�L�L�Lrr�c�0�eZdZdZ		dd�Zdd�Zd�Zd�Zy)	�BearerToken)�request_validator�token_generator�refresh_token_generator�
expires_inNc�p�||_|xst|_|xs|j|_|xsd|_y)Ni)r�rur�r�r�)rr�r�r�r�s     rrzBearerToken.__init__s<��!2���.�H�2H���#�;�t�';�';�	
�$�%�,���rc��d|vrtjdt�t|j�r|j	|�}n|j}||_|j|�|dd�}|j�dj|j�|d<|rK|jr+|jj|�s|j|d<n|j|�|d<|j|jxsi�t|�S)z�
        Create a BearerToken, by default without refresh token.

        :param request: OAuthlib request.
        :type request: oauthlib.common.Request
        :param refresh_token:
        �
save_tokenzx`save_token` has been deprecated, it was not called internally.If you do, call `request_validator.save_token()` instead.�Bearer)rjr��
token_type� r
rt)�warnings�warn�DeprecationWarning�callabler�r�r'rHrtr��rotate_refresh_tokenr��update�extra_credentialsr)rrsrtrzr�rMs      r�create_tokenzBearerToken.create_token's����6�!��M�M�V�,�
.��D�O�O�$�����1�J����J�'���!�0�0��9�$�"�
���>�>�%� �X�X�g�n�n�5�E�'�N���%�%��.�.�C�C�G�L�)0�)>�)>��o�&�)-�)E�)E�g�)N��o�&�
���W�.�.�4�"�5��5�!�!rc�f�t|�}|jj||j|�S)r�)r�r��validate_bearer_tokenr')rrsrMs   rr�zBearerToken.validate_requestQs2��
&�g�.���%�%�;�;��7�>�>�7�,�	,rc��|jjdd�jd�dj�dk(ry|j�yy)r�r8r6r�rr�	�)rRr�r�r;rjr�s  rr�zBearerToken.estimate_typeZsK��
�?�?�����3�9�9�#�>�q�A�G�G�I�X�U��
�
!�
!�
-��r)NNNNr�)r-r.r/r�rr�r�r�rmrrr�r�s(���I�
@D�:>�-�("�T,�
rr�)NNNr6r3Nrr)r6r�)�__doc__r<rKr��binasciir�urllib.parser�oauthlibr�oauthlib.commonrrr6r	�dictrrhrkrnrprur|r�r�r�rmrr�<module>r�s��������!��?��*7�$�*7�\"�#� ��&2�"&��j�Z?�
� 
?�#�"��(L�L�*L�)�Lr