o ©D®f-6ã@sTddlmZmZddlmZddlmZmZmZm Z m Z m Z m Z Gdd„deƒZ dS)é)Ú is_valid_urlÚadd_params_to_urié)Ú BaseServer)Ú OAuth1ErrorÚInvalidRequestErrorÚMissingRequiredParameterErrorÚInvalidClientErrorÚInvalidTokenErrorÚAccessDeniedErrorÚMethodNotAllowedErrorc@s”eZdZgd¢ZdZdd„Zdd„Zdd„Zd d „Zd d „Z d"dd„Z dd„Z d"dd„Z dd„Z dd„Zdd„Zdd„Zdd„Zdd„Zd d!„Zd S)#ÚAuthorizationServer))z Content-Typez!application/x-www-form-urlencoded)z Cache-Controlzno-store)ÚPragmazno-cacheÚPOSTcCs| |j¡}||_|S©N)Úget_client_by_idÚ client_idÚclient)ÚselfÚrequestr©rúd/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/oauth1/rfc5849/authorization_server.pyÚ _get_clients zAuthorizationServer._get_clientcCótƒ‚r©ÚNotImplementedError©rrrrrÚcreate_oauth1_requestóz)AuthorizationServer.create_oauth1_requestcCrrr)rÚ status_codeÚpayloadÚheadersrrrÚhandle_responserz#AuthorizationServer.handle_responsecCs| |j| ¡| ¡¡Sr)r"rÚget_bodyÚ get_headers)rÚerrorrrrÚhandle_error_response"s ýz)AuthorizationServer.handle_error_responsecCs||j ¡|jkr tƒ‚|jstdƒ‚|j}|jstdƒ‚|dkr(t|ƒs(tdƒ‚|  |¡}|s2t ƒ‚|  |¡|  |¡|S)z0Validate HTTP request for temporary credentials.Úoauth_consumer_keyÚoauth_callbackÚoobzInvalid "oauth_callback" value) ÚmethodÚupperÚTEMPORARY_CREDENTIALS_METHODr rrÚ redirect_urirrrr Úvalidate_timestamp_and_nonceÚvalidate_oauth_signature)rrr(rrrrÚ&validate_temporary_credentials_request)s   z:AuthorizationServer.validate_temporary_credentials_requestNc Cs|z | |¡}| |¡Wnty#}z | |¡WYd}~Sd}~ww| |¡}d| ¡fd| ¡fdg}| d||j¡S)a”Validate temporary credentials token request and create response for temporary credentials token. Assume the endpoint of temporary credentials request is ``https://photos.example.net/initiate``: .. code-block:: http POST /initiate HTTP/1.1 Host: photos.example.net Authorization: OAuth realm="Photos", oauth_consumer_key="dpf43f3p2l4k3l03", oauth_signature_method="HMAC-SHA1", oauth_timestamp="137131200", oauth_nonce="wIjqoS", oauth_callback="http%3A%2F%2Fprinter.example.com%2Fready", oauth_signature="74KNZJeDHnMBp0EMJ9ZHt%2FXKycU%3D" The server validates the request and replies with a set of temporary credentials in the body of the HTTP response: .. code-block:: http HTTP/1.1 200 OK Content-Type: application/x-www-form-urlencoded oauth_token=hh5s93j4hdidpola&oauth_token_secret=hdhd0244k9j7ao03& oauth_callback_confirmed=true :param request: OAuth1Request instance. :returns: (status_code, body, headers) NÚ oauth_tokenÚoauth_token_secret)Úoauth_callback_confirmedTéÈ) rr0rr&Úcreate_temporary_credentialÚget_oauth_tokenÚget_oauth_token_secretr"ÚTOKEN_RESPONSE_HEADER©rrr%Ú credentialr rrrÚ%create_temporary_credentials_responseIs €ÿ   ýz9AuthorizationServer.create_temporary_credentials_responsecCs,|jstdƒ‚| |¡}|stƒ‚||_|S)z6Validate the request for resource owner authorization.r1)ÚtokenrÚget_temporary_credentialr r:)rrr:rrrÚvalidate_authorization_requestvs z2AuthorizationServer.validate_authorization_requestc Cs¸| |¡}| |¡|j}| ¡}|r|dkr$| ¡}| |¡}| ¡}|durr:Úget_redirect_uriÚ get_client_idrÚget_default_redirect_urir rr#r"ÚuserÚcreate_authorization_verifierr<) rrÚ grant_userÚtemporary_credentialsr-rrr%ÚlocationÚverifierÚparamsrrrÚcreate_authorization_responseƒs&     þ z1AuthorizationServer.create_authorization_responsecCsŒ|jstdƒ‚| |¡}|stƒ‚|jstdƒ‚| |¡}|s"tƒ‚|j d¡}|s.tdƒ‚|  |¡s7t dƒ‚||_ |  |¡|  |¡|S)z#Validate request for issuing token.r'r1rAzInvalid "oauth_verifier")rrrr r<r=r Ú oauth_paramsÚgetÚcheck_verifierrr:r.r/)rrrr<rJrrrÚvalidate_token_request³s&      z*AuthorizationServer.validate_token_requestc CsÂz| |¡}Wnty}z | |¡WYd}~Sd}~wwz| |¡WntyB}z| |¡| |¡WYd}~Sd}~ww| |¡}d| ¡fd| ¡fg}| |¡| d||j ¡S)a6Validate token request and create token response. Assuming the endpoint of token request is ``https://photos.example.net/token``, the callback request informs the client that Jane completed the authorization process. The client then requests a set of token credentials using its temporary credentials (over a secure Transport Layer Security (TLS) channel): .. code-block:: http POST /token HTTP/1.1 Host: photos.example.net Authorization: OAuth realm="Photos", oauth_consumer_key="dpf43f3p2l4k3l03", oauth_token="hh5s93j4hdidpola", oauth_signature_method="HMAC-SHA1", oauth_timestamp="137131201", oauth_nonce="walatlh", oauth_verifier="hfdp7dh39dks9884", oauth_signature="gKgrFCywp7rO0OXSjdot%2FIHF7IU%3D" The server validates the request and replies with a set of token credentials in the body of the HTTP response: .. code-block:: http HTTP/1.1 200 OK Content-Type: application/x-www-form-urlencoded oauth_token=nnch734d00sl2jdk&oauth_token_secret=pfkkdhi9sl3r4s00 :param request: OAuth1Request instance. :returns: (status_code, body, headers) Nr1r2r4) rrr&rPÚdelete_temporary_credentialÚcreate_token_credentialr6r7r"r8r9rrrÚcreate_token_responseÐs&"€ÿ €þ   þ z)AuthorizationServer.create_token_responsecCr)apGenerate and save a temporary credential into database or cache. A temporary credential is used for exchanging token credential. This method should be re-implemented:: def create_temporary_credential(self, request): oauth_token = generate_token(36) oauth_token_secret = generate_token(48) temporary_credential = TemporaryCredential( oauth_token=oauth_token, oauth_token_secret=oauth_token_secret, client_id=request.client_id, redirect_uri=request.redirect_uri, ) # if the credential has a save method temporary_credential.save() return temporary_credential :param request: OAuth1Request instance :return: TemporaryCredential instance rrrrrr5óz/AuthorizationServer.create_temporary_credentialcCr)a;Get the temporary credential from database or cache. A temporary credential should share the same methods as described in models of ``TemporaryCredentialMixin``:: def get_temporary_credential(self, request): key = 'a-key-prefix:{}'.format(request.token) data = cache.get(key) # TemporaryCredential shares methods from TemporaryCredentialMixin return TemporaryCredential(data) :param request: OAuth1Request instance :return: TemporaryCredential instance rrrrrr=sz,AuthorizationServer.get_temporary_credentialcCr)aKDelete temporary credential from database or cache. For instance, if temporary credential is saved in cache:: def delete_temporary_credential(self, request): key = 'a-key-prefix:{}'.format(request.token) cache.delete(key) :param request: OAuth1Request instance rrrrrrQ,s z/AuthorizationServer.delete_temporary_credentialcCr)aÓCreate and bind ``oauth_verifier`` to temporary credential. It could be re-implemented in this way:: def create_authorization_verifier(self, request): verifier = generate_token(36) temporary_credential = request.credential user_id = request.user.id temporary_credential.user_id = user_id temporary_credential.oauth_verifier = verifier # if the credential has a save method temporary_credential.save() # remember to return the verifier return verifier :param request: OAuth1Request instance :return: A string of ``oauth_verifier`` rrrrrrF8rTz1AuthorizationServer.create_authorization_verifiercCr)a^Create and save token credential into database. This method would be re-implemented like this:: def create_token_credential(self, request): oauth_token = generate_token(36) oauth_token_secret = generate_token(48) temporary_credential = request.credential token_credential = TokenCredential( oauth_token=oauth_token, oauth_token_secret=oauth_token_secret, client_id=temporary_credential.get_client_id(), user_id=temporary_credential.get_user_id() ) # if the credential has a save method token_credential.save() return token_credential :param request: OAuth1Request instance :return: TokenCredential instance rrrrrrROsz+AuthorizationServer.create_token_credentialr)Ú__name__Ú __module__Ú __qualname__r8r,rrr"r&r0r;r>rLrPrSr5r=rQrFrRrrrrr s$ - 05 r N)Úauthlib.common.urlsrrÚ base_serverrÚerrorsrrrr r r r r rrrrÚs $