o gf!t@sdZddlZddlmZddlZddlZddlZddlZddlZddl m Z ddl m Z ddl m Z ddl m Z dd l mZdd l mZdd l mZdd l mZdd l mZddl mZddl mZddl mZddl mZddl mZddlmZdZdZdZGdddeZGdddeZdGddZ dHddZ!d d!Z"d"d#Z#d$d%Z$d&d'Z%d(d)Z&d*d+Z'd,d-Z(d.d/Z)dId1d2Z*dId3d4Z+Gd5d6d6e,Z-Gd7d8d8e,Z.d9d:Z/Gd;d<dd>ej2Z3Gd?d@d@e,Z4GdAdBdBe,Z5GdCdDdDe5Z6GdEdFdFe5Z7dS)Ja[ The MIT License Copyright (c) 2007-2010 Leah Culver, Joe Stump, Mark Paschal, Vic Fryzel Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. N)sha1)PY3)b)parse_qs)quote) STRING_TYPES)TEXT)uunquote)unquote_to_bytes) urlencode)urlsplit) urlunsplit)urlparse) urlunparse) __version__z1.0GET PLAINTEXTc@s.eZdZdZd ddZeddZddZd S) ErrorzGeneric exception class.OAuth error occurred.cCs ||_dSN_message)selfmessagerP/var/www/html/humari/django-venv/lib/python3.10/site-packages/oauth2/__init__.py__init__9s zError.__init__cC|jS)z3A hack to get around the deprecation errors in 2.6.rrrrrr<sz Error.messagecCr rrr!rrr__str__Asz Error.__str__N)r)__name__ __module__ __qualname____doc__rpropertyrr"rrrrr6s    rc@s eZdZdS)MissingSignatureN)r#r$r%rrrrr(Esr(cCs dd|iS)z,Optional WWW-Authenticate header (401 error)WWW-AuthenticateOAuth realm="%s"rrealmrrrbuild_authenticate_headerI r.cCspt||d|}t}||||g}t|D]\}}|dur-|d|t|fqdd|d|fS)z;Build an XOAUTH string for use in SMTP/IMPA authentication.rN%s="%s"z%s %s %s,) Requestfrom_consumer_and_tokenSignatureMethod_HMAC_SHA1 sign_requestsorteditemsappendescapejoin)urlconsumertokenrequestsigning_methodparamskvrrrbuild_xoauth_stringNsrCc Csft|ts1t|tstdt||fz|d}W|Sty0}ztd||fd}~ww|S)zn Convert to unicode, raise exception with instructive error message if s is not unicode, ascii, or utf-8. zCYou are required to pass either unicode or bytes here, not: %r (%s)utf-8zYou are required to pass either a unicode object or a utf-8-enccoded bytes string here. You passed a bytes object which contained non-utf-8: %r. The UnicodeDecodeError that resulted from attempting to interpret it as utf-8 was: %sN) isinstancer bytes TypeErrortypedecodeUnicodeDecodeError)slerrr to_unicode^s     rMcCst|dS)NrD)rMencoderKrrrto_utf8qrPcCt|tr t|S|Sr)rErrMrOrrrto_unicode_if_stringt rScCrRr)rErrPrOrrrto_utf8_if_stringzrTrUc Cft|tr t|Szt|}Wnty+}zdt|vsJ|WYd}~Sd}~wwdd|DS)zw Raise TypeError if x is a str containing non-utf8 bytes or if x is an iterable which contains such a str. is not iterableNcSg|]}t|qSr)rM.0errr z0to_unicode_optional_iterator..)rErrMlistrGstrxlr[rrrto_unicode_optional_iterator  rcc CrV)zX Raise TypeError if x is a str or if x is an iterable which contains a str. rWNcSrXrrUrYrrrr\r]z-to_utf8_optional_iterator..)rErrPr^rGr_r`rrrto_utf8_optional_iteratorrdrfcCs t|ts |d}t|ddS)zEscape a URL including any /.rD~)safe)rErFrNrrOrrrr9s   r9cCs ttSzGet seconds since epoch (UTC).)inttimerrrrgenerate_timestampr/rlcCdddt|DS)Generate pseudorandom number.r)cS g|] }ttddqSr r_random SystemRandomrandintrZirrrr\ z"generate_nonce..r:rangelengthrrrgenerate_noncer~cCrn)ror)cSrprqrsrwrrrr\ryz%generate_verifier..rzr|rrrgenerate_verifierrrc@s(eZdZdZdZdZddZddZdS)ConsumeraA consumer of OAuth-protected services. The OAuth consumer is a "third-party" service that wants to access protected resources from an OAuth service provider on behalf of an end user. It's kind of the OAuth client. Usually a consumer must be registered with the service provider by the developer of the consumer software. As part of that process, the service provider gives the consumer a *key* and a *secret* with which the consumer software can identify itself to the service. The consumer will include its key in each request to identify itself, but will use its secret only when signing requests, to prove that the request is from that particular registered consumer. Once registered, the consumer can then use its consumer credentials to ask the service provider for a request token, kicking off the OAuth authorization process. NcC,||_||_|jdus|jdurtddSNzKey and secret must be set.keysecret ValueErrorrrrrrrr zConsumer.__init__cCs|j|jd}t|S)N)oauth_consumer_keyoauth_consumer_secret)rrr)rdatarrrr"szConsumer.__str__)r#r$r%r&rrrr"rrrrrs  rc@sbeZdZdZdZdZdZdZdZddZ ddZ dddZ d d Z d d Z ed dZddZdS)TokenaXAn OAuth credential used to request authorization or a protected resource. Tokens in OAuth comprise a *key* and a *secret*. The key is included in requests to identify the token being used, but the secret is used only in the signature, to prove that the requester is who the server gave the token to. When first negotiating the authorization, the consumer asks for a *request token* that the live user authorizes with the service provider. The consumer then exchanges the request token for an *access token* that can be used to access protected resources. NcCrrrrrrrrrzToken.__init__cCs||_d|_dS)Ntrue)callbackcallback_confirmed)rrrrr set_callbacks zToken.set_callbackcCs|dur ||_dSt|_dSr)verifierr)rrrrr set_verifiers  zToken.set_verifiercCsf|jr0|jr0t|j}|dd\}}}}}}|r!d||jf}nd|j}t||||||fS|jS)Nz%s&oauth_verifier=%szoauth_verifier=%s)rrrr)rpartsschemenetlocpathr@queryfragmentrrrget_callback_urls    zToken.get_callback_urlcCs6d|jfd|jfg}|jdur|d|jft|S)zReturns this token as a plain string, suitable for storage. The resulting string includes the token's secret, so you should never send or store this string where a third party can read it. oauth_tokenoauth_token_secretNoauth_callback_confirmed)rrrr8r)rr7rrr to_string s  zToken.to_stringcCst|stdtt|dd}t|stdz|dd}Wn ty+tdwz|dd}Wn ty?tdwt||}z |d d|_W|StyYY|Sw) zNDeserializes a token from a string like one returned by `to_string()`.zInvalid parameter string.Fkeep_blank_valuesrrz)'oauth_token' not found in OAuth request.rz0'oauth_token_secret' not found in OAuth request.r)lenrrr ExceptionrrKeyError)rKr@rrr=rrr from_strings.    zToken.from_stringcCs|Sr)rr!rrrr":sz Token.__str__r)r#r$r%r&rrrrrrrrrr staticmethodrr"rrrrrs    rcs*|jfdd}fdd}t|||S)Ncs$z|jWStytwr)__dict__rAttributeErrorr!namerrgetterAs   zsetter..gettercs |j=dSr)rr!rrrdeleterGs zsetter..deleter)r#r')attrrrrrrsetter>s   rc@seZdZdZeZeddddfddZeddZ ed d Z d d Z d dZ d*ddZ ddZddZddZddZddZeddZeddZe  d+d d!Zededdddfd"d#Zededdfd$d%Zed&d'Zed(d)ZdS),r2amThe parameters and information for an HTTP request, suitable for authorizing with OAuth credentials. When a consumer wants to access a service's protected resources, it does so using a signed HTTP request identifying itself (the consumer) with its key, and providing an access token authorized by the end user to access those resources. NFcCsZ|dur t||_||_|dur%|D]\}}t|}t|}|||<q||_||_dSr)rMr;methodr7rcbodyis_form_encoded)rrr; parametersrrrArBrrrr[s   zRequest.__init__cCs||jd<|durOt|\}}}}}|dkr%|dddkr%|dd}n|dkr7|dddkr7|dd}|dvrCtd ||ft|||ddf|_dSd|_d|jd<dS) Nr;httpz:80httpsz:443)rrzUnsupported URL %s (%s).)rrrrnormalized_url)rvaluerrrrrrrrr;hs  z Request.urlcCs||jd<dS)Nr)upperr)rrrrrr|szRequest.methodcCs|d|dfS)Noauth_timestamp oauth_noncerr!rrr_get_timestamp_nonceszRequest._get_timestamp_noncecCstdd|DS)zGet any non-OAuth parameters.cSs"g|] \}}|ds||fqS)oauth_ startswithrZrArBrrrr\s z3Request.get_nonoauth_parameters..)dictr7r!rrrget_nonoauth_parametersszRequest.get_nonoauth_parametersr)cCsXdd|D}dd|D}dd|D}d|}d|}|r(d||f}d|iS) z.Serialize as a header for an HTTPAuth request.css&|]\}}|dr||fVqdS)rNrrrrr s z$Request.to_header..css |] \}}|t|fVqdSr)r9rrrrrcss |] \}}d||fVqdS)r0Nrrrrrrr, r+z%s, %s Authorization)r7r:)rr- oauth_paramsstringy_params header_params params_header auth_headerrrr to_headers  zRequest.to_headercCsDg}t|D]\}}||dt|fqt|dddS)z*Serialize as post data for a POST request.rDT+%20)r6r7r8rNrfrreplace)rr7rArBrrr to_postdataszRequest.to_postdatac Cst|j}tr0t|j}|D]\}}||gt|q|j }|j }|j }|j }|j } n6tt|j}|D]\}}|t|gt|q;t|j }t|j }t|j }t|j }t|j } ||||t|d| f} t| S)z%Serialize as a URL for a GET request.T)rr;rrrr7 setdefaultr8rfrrrr@rrPrr) rbase_urlrrArBrrrr@rr;rrrto_urls(       zRequest.to_urlcCs"||}|durtd||S)NzParameter not found: %s)getr)r parameterretrrr get_parameters  zRequest.get_parameterc s g}|D]R\}dkrqt|tr |tt|fqzt|}Wn%tyK}zdt|vs6J|tt|fWYd}~qd}~ww| fdd|Dqt |j d}| |}dd|D}| || t|d }|d d d d S)zAReturn a string that contains the parameters that must be signed.oauth_signaturerWNc3s |] }tt|fVqdSrre)rZitemrrrrrz4Request.get_normalized_parameters..cSs(g|]\}}|dkrt|t|fqS)r)rPrfrrrrr\s(z5Request.get_normalized_parameters..Trrz%7Erg)r7rErr8rUrPr^rGr_extendrr;_split_url_stringsortrr)rr7rr[r url_items encoded_strrrrget_normalized_parameterss*  "  z!Request.get_normalized_parameterscCsf|jstt|j|d<d|vr|j|d<|r#d|vr#|j|d<|j|d<|||||d<dS)z2Set the signature parameter to the result of sign.oauth_body_hashrroauth_signature_methodrN) rbase64 b64encoderrdigestrrsign)rsignature_methodr<r=rrrr5s    zRequest.sign_requestcCstttSri)r_rjrkclsrrrmake_timestampszRequest.make_timestampcCsttddS)rorirsrrrr make_nonceszRequest.make_noncec Cs|duri}|rEd}|D]\}}|dks|dkr |}q|rE|dddkrE|dd}z ||} || Wntd|rQ||} || t|d} || } || |ri||||SdS)z$Combines multiple parameter sources.N authorizationHTTP_AUTHORIZATIONrzOAuth z;Unable to parse OAuth parameters from Authorization header.r)r7lowerr _split_headerupdaterrr) r http_methodhttp_urlheadersr query_stringrrArBr query_params param_str url_paramsrrr from_requests2          zRequest.from_requestc Cs`|si}|j|||jd}|||}|r'|j|d<|jr'|j|d<||||||dS)N)rrr oauth_versionroauth_verifier)rr)rrrversionrr) rr<r=rrrrrdefaultsrrrr3+s     zRequest.from_consumer_and_tokencCs*|si}|j|d<|r||d<||||S)Nroauth_callbackr)rr=rrrrrrrfrom_token_and_callbackDs   zRequest.from_token_and_callbackcCsZi}|d}|D]!}|ddkrq |}|dd}t|dd||d<q |S)z+Turn Authorization: header into parameters.r1r-=r"r)splitfindstripr )headerr@rparam param_partsrrrrRs  zRequest._split_headercCsdtst|d}t|dd}|D]\}}t|dkr$t|d||<qtdd|D||<q|S)z Turn URL string into parameters.rDTrrrcSrXrr )rZrKrrrr\or]z-Request._split_url_string..)rrrr7rr r6)rrrArBrrrrcs   zRequest._split_url_stringr))NNN)r#r$r%r& OAUTH_VERSIONr HTTP_METHODrrr;rrrrrrrrr5 classmethodrrrr3rrrrrrrrr2MsN      "   (   r2cs@eZdZdZd fdd ZddZdddejdfd d ZZ S) Clientz8OAuthClient is a worker to attempt to execute a request.Nc sb|dur t|ts td|durt|tstd||_||_t|_tt |j di|dS)NzInvalid consumer.zInvalid token.r) rErrrr<r=r4rsuperrr)rr<r=kwargs __class__rrrvszClient.__init__cCst|ts td||_dS)NzInvalid signature method.)rESignatureMethodrr)rrrrrset_signature_methods  zClient.set_signature_methodrrc Csd}t|ts i}|dkr|d||d<|ddk}|r%|r%t|} nd} tj|j|j||| ||d} | |j |j|jt |\} } } }}}t | | ddddf}|rZ| }n|dkrc| }n || j|dtjj|||||||dS) Nz!application/x-www-form-urlencodedPOSTz Content-Type)r=rrrrrr)rr,)rrr redirectionsconnection_type)rErrrr2r3r<r=r5rrrrrrrhttplib2Httpr>)rurirrrrrDEFAULT_POST_CONTENT_TYPErrreqrrrr@rrr-rrrr>s8     zClient.requestr) r#r$r%r&rrrDEFAULT_MAX_REDIRECTSr> __classcell__rrrrrssrc@sheZdZdZdZeZdZdddZddZ dd Z dd d Z d dZ ddZ ddZddZddZdS)Servera/A skeletal implementation of a service provider, providing protected resources to requests from authorized consumers. This class implements the logic to check requests for authorization. You can use it with your web server or web framework to protect certain resources with OAuth. i,NcCs|pi|_dSr)signature_methods)rr rrrrrQzServer.__init__cCs||j|j<|jSr)r r)rrrrradd_signature_methods zServer.add_signature_methodcCs$|||||||}|S)z3Verifies an api call and checks all the parameters.)_check_version_check_signaturer)rr>r<r=rrrrverify_requests zServer.verify_requestr)cCs dd|iS)z-Optional support for the authenticate header.r*r+r)rr-rrrr.r/z Server.build_authenticate_headercCs0||}|r||jkrtdt|dSdS)z:Verify the correct version of the request for this server.zOAuth version %s not supported.N) _get_versionrrr_rr>rrrrr"s zServer._check_versioncCs"z|d}W|St}Y|S)z2Return the version of the request for this server.r)rr r&rrrr%s  zServer._get_versioncCsR|d}|dur t}z|j|WSty(d|j}td||fw)z,Figure out the signature with some defaults.rNrz>Signature method %s not supported try one of the following: %s)rSIGNATURE_METHODr rr:keysr)rr>rsignature_method_namesrrr_get_signature_methods   zServer._get_signature_methodc Csp|\}}||||}|d}|durtd|||||}|s6||||\} } td| dS)NrzMissing oauth_signature.z5Invalid signature. Expected signature base string: %s)r_check_timestampr*rr(check signing_baser) rr>r<r= timestampnoncer signaturevalidrbaserrrr#s    zServer._check_signaturecCs>t|}tt}||}||jkrtd|||jfdS)z#Verify that timestamp is recentish.zQExpired timestamp: given %d and now %s has a greater difference than threshold %dN)rjrktimestamp_thresholdr)rr.nowlapsedrrrr+s  zServer._check_timestamprr )r#r$r%r&r3r rr rr!r$r.r"r%r*r#r+rrrrrs    rc@s(eZdZdZddZddZddZdS) ra0A way of signing requests. The OAuth protocol lets consumers and service providers pick a way to sign requests. This interface shows the methods expected by the other `oauth` modules for signing requests. Subclass it and implement its methods to provide a new way to sign requests. cCt)aCalculates the string that needs to be signed. This method returns a 2-tuple containing the starting key for the signing and the message to be signed. The latter may be used in error messages to help clients debug their software. NotImplementedErrorrr>r<r=rrrr-zSignatureMethod.signing_basecCr6)aReturns the signature for the given request, based on the consumer and token also provided. You should use your implementation of `signing_base()` to build the message to sign. Otherwise it may be less useful for debugging. r7r9rrrr r:zSignatureMethod.signcCs||||}||kS)zReturns whether the given signature is the correct signature for the given consumer and token signing the given request.)r)rr>r<r=r0builtrrrr,*szSignatureMethod.checkN)r#r$r%r&r-rr,rrrrr s  rc@ eZdZdZddZddZdS)r4z HMAC-SHA1cCsxt|dr |jdurtdt|jt|jt|f}dt|j}|r-|t|j7}d|}|d|dfS)Nrz Base URL for request is not set.%s&&ascii) hasattrrrr9rrrr:rN)rr>r<r=sigrrawrrrr-4s  z&SignatureMethod_HMAC_SHA1.signing_basecCs6||||\}}t||t}t|ddS)z!Builds the base signature string.Nr)r-hmacnewrbinascii b2a_base64r)rr>r<r=rrBhashedrrrrDszSignatureMethod_HMAC_SHA1.signNr#r$r%rr-rrrrrr41s r4c@r<)SignatureMethod_PLAINTEXTrcCs(dt|j}|r|t|j}||fS)zIConcatenates the consumer key and secret with the token's secret.r=)r9r)rr>r<r=rArrrr-Rsz&SignatureMethod_PLAINTEXT.signing_basecCs||||\}}|dS)Nutf8)r-rN)rr>r<r=rrBrrrrZs zSignatureMethod_PLAINTEXT.signNrHrrrrrINs rIr r)rm)8r&rhashlibrrkrtrCrEr_compatrrrrrr r r r rrrrr_versionrr r r' RuntimeErrorrr(r.rCrMrPrSrUrcrfr9rlr~robjectrrrrr2rrrrr4rIrrrrsf                    %d(?[$