Bump requests-oauthlib from 1.3.1 to 2.0.0 (#2293)

* Bump requests-oauthlib from 1.3.1 to 2.0.0 Bumps [requests-oauthlib](https://github.com/requests/requests-oauthlib) from 1.3.1 to 2.0.0. - [Release notes](https://github.com/requests/requests-oauthlib/releases) - [Changelog](https://github.com/requests/requests-oauthlib/blob/master/HISTORY.rst) - [Commits](https://github.com/requests/requests-oauthlib/compare/v1.3.1...v2.0.0) --- updated-dependencies: - dependency-name: requests-oauthlib dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Update requests-oauthlib==2.0.0 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: JonnyWong16 <9099342+JonnyWong16@users.noreply.github.com> [skip ci]
2025-08-14 02:26:58 -07:00 · 2024-03-30 15:28:02 -07:00 · 2024-03-30 15:28:02 -07:00 · 0d1d2a3e6b
commit 0d1d2a3e6b
parent 452a4afdcf
60 changed files with 2414 additions and 2291 deletions
--- a/lib/oauthlib/oauth1/init.py
+++ b/lib/oauthlib/oauth1/init.py
@ -5,24 +5,19 @@ oauthlib.oauth1
 This module is a wrapper for the most recent implementation of OAuth 1.0 Client
 and Server classes.
 """
-from .rfc5849 import Client
-from .rfc5849 import (SIGNATURE_HMAC,
-                      SIGNATURE_HMAC_SHA1,
-                      SIGNATURE_HMAC_SHA256,
-                      SIGNATURE_HMAC_SHA512,
-                      SIGNATURE_RSA,
-                      SIGNATURE_RSA_SHA1,
-                      SIGNATURE_RSA_SHA256,
-                      SIGNATURE_RSA_SHA512,
-                      SIGNATURE_PLAINTEXT)
-from .rfc5849 import SIGNATURE_TYPE_AUTH_HEADER, SIGNATURE_TYPE_QUERY
-from .rfc5849 import SIGNATURE_TYPE_BODY
+from .rfc5849 import (
+    SIGNATURE_HMAC, SIGNATURE_HMAC_SHA1, SIGNATURE_HMAC_SHA256,
+    SIGNATURE_HMAC_SHA512, SIGNATURE_PLAINTEXT, SIGNATURE_RSA,
+    SIGNATURE_RSA_SHA1, SIGNATURE_RSA_SHA256, SIGNATURE_RSA_SHA512,
+    SIGNATURE_TYPE_AUTH_HEADER, SIGNATURE_TYPE_BODY, SIGNATURE_TYPE_QUERY,
+    Client,
+)
+from .rfc5849.endpoints import (
+    AccessTokenEndpoint, AuthorizationEndpoint, RequestTokenEndpoint,
+    ResourceEndpoint, SignatureOnlyEndpoint, WebApplicationServer,
+)
+from .rfc5849.errors import (
+    InsecureTransportError, InvalidClientError, InvalidRequestError,
+    InvalidSignatureMethodError, OAuth1Error,
+)
 from .rfc5849.request_validator import RequestValidator
-from .rfc5849.endpoints import RequestTokenEndpoint, AuthorizationEndpoint
-from .rfc5849.endpoints import AccessTokenEndpoint, ResourceEndpoint
-from .rfc5849.endpoints import SignatureOnlyEndpoint, WebApplicationServer
-from .rfc5849.errors import (InsecureTransportError,
-                             InvalidClientError,
-                             InvalidRequestError,
-                             InvalidSignatureMethodError,
-                             OAuth1Error)
--- a/lib/oauthlib/oauth1/rfc5849/endpoints/base.py
+++ b/lib/oauthlib/oauth1/rfc5849/endpoints/base.py
@ -11,12 +11,11 @@ import time
 from oauthlib.common import CaseInsensitiveDict, Request, generate_token

 from .. import (
-    CONTENT_TYPE_FORM_URLENCODED,
-    SIGNATURE_HMAC_SHA1, SIGNATURE_HMAC_SHA256, SIGNATURE_HMAC_SHA512,
-    SIGNATURE_RSA_SHA1, SIGNATURE_RSA_SHA256, SIGNATURE_RSA_SHA512,
-    SIGNATURE_PLAINTEXT,
-    SIGNATURE_TYPE_AUTH_HEADER, SIGNATURE_TYPE_BODY,
-    SIGNATURE_TYPE_QUERY, errors, signature, utils)
+    CONTENT_TYPE_FORM_URLENCODED, SIGNATURE_HMAC_SHA1, SIGNATURE_HMAC_SHA256,
+    SIGNATURE_HMAC_SHA512, SIGNATURE_PLAINTEXT, SIGNATURE_RSA_SHA1,
+    SIGNATURE_RSA_SHA256, SIGNATURE_RSA_SHA512, SIGNATURE_TYPE_AUTH_HEADER,
+    SIGNATURE_TYPE_BODY, SIGNATURE_TYPE_QUERY, errors, signature, utils,
+)


 class BaseEndpoint:
--- a/lib/oauthlib/oauth1/rfc5849/endpoints/request_token.py
+++ b/lib/oauthlib/oauth1/rfc5849/endpoints/request_token.py
@ -152,7 +152,7 @@ class RequestTokenEndpoint(BaseEndpoint):
            request.client_key = self.request_validator.dummy_client

        # Note that `realm`_ is only used in authorization headers and how
-        # it should be interepreted is not included in the OAuth spec.
+        # it should be interpreted is not included in the OAuth spec.
        # However they could be seen as a scope or realm to which the
        # client has access and as such every client should be checked
        # to ensure it is authorized access to that scope or realm.
@ -164,7 +164,7 @@ class RequestTokenEndpoint(BaseEndpoint):
        # workflow where a client requests access to a specific realm.
        # This first step (obtaining request token) need not require a realm
        # and can then be identified by checking the require_resource_owner
-        # flag and abscence of realm.
+        # flag and absence of realm.
        #
        # Clients obtaining an access token will not supply a realm and it will
        # not be checked. Instead the previously requested realm should be
--- a/lib/oauthlib/oauth1/rfc5849/endpoints/resource.py
+++ b/lib/oauthlib/oauth1/rfc5849/endpoints/resource.py
@ -113,7 +113,7 @@ class ResourceEndpoint(BaseEndpoint):
            request.resource_owner_key = self.request_validator.dummy_access_token

        # Note that `realm`_ is only used in authorization headers and how
-        # it should be interepreted is not included in the OAuth spec.
+        # it should be interpreted is not included in the OAuth spec.
        # However they could be seen as a scope or realm to which the
        # client has access and as such every client should be checked
        # to ensure it is authorized access to that scope or realm.
@ -125,7 +125,7 @@ class ResourceEndpoint(BaseEndpoint):
        # workflow where a client requests access to a specific realm.
        # This first step (obtaining request token) need not require a realm
        # and can then be identified by checking the require_resource_owner
-        # flag and abscence of realm.
+        # flag and absence of realm.
        #
        # Clients obtaining an access token will not supply a realm and it will
        # not be checked. Instead the previously requested realm should be
--- a/lib/oauthlib/oauth1/rfc5849/request_validator.py
+++ b/lib/oauthlib/oauth1/rfc5849/request_validator.py
@ -19,7 +19,7 @@ class RequestValidator:
    Methods used to check the format of input parameters. Common tests include
    length, character set, membership, range or pattern. These tests are
    referred to as `whitelisting or blacklisting`_. Whitelisting is better
-    but blacklisting can be usefull to spot malicious activity.
+    but blacklisting can be useful to spot malicious activity.
    The following have methods a default implementation:

    - check_client_key
@ -443,7 +443,7 @@ class RequestValidator:
        :type request: oauthlib.common.Request
        :returns: None

-        Per `Section 2.3`__ of the spec:
+        Per `Section 2.3`_ of the spec:

        "The server MUST (...) ensure that the temporary
        credentials have not expired or been used before."
@ -831,7 +831,7 @@ class RequestValidator:
        """Associate an authorization verifier with a request token.

        :param token: A request token string.
-        :param verifier A dictionary containing the oauth_verifier and
+        :param verifier: A dictionary containing the oauth_verifier and
                        oauth_token
        :param request: OAuthlib request.
        :type request: oauthlib.common.Request
--- a/lib/oauthlib/oauth1/rfc5849/signature.py
+++ b/lib/oauthlib/oauth1/rfc5849/signature.py
@ -37,15 +37,15 @@ should have no impact on properly behaving programs.
 import binascii
 import hashlib
 import hmac
+import ipaddress
 import logging
+import urllib.parse as urlparse
 import warnings

 from oauthlib.common import extract_params, safe_string_equals, urldecode
-import urllib.parse as urlparse

 from . import utils

-
 log = logging.getLogger(__name__)


@ -131,7 +131,12 @@ def base_string_uri(uri: str, host: str = None) -> str:
        raise ValueError('uri must be a string.')

    # FIXME: urlparse does not support unicode
-    scheme, netloc, path, params, query, fragment = urlparse.urlparse(uri)
+    output = urlparse.urlparse(uri)
+    scheme = output.scheme
+    hostname = output.hostname
+    port = output.port
+    path = output.path
+    params = output.params

    # The scheme, authority, and path of the request resource URI `RFC3986`
    # are included by constructing an "http" or "https" URI representing
@ -153,13 +158,22 @@ def base_string_uri(uri: str, host: str = None) -> str:

    # 1.  The scheme and host MUST be in lowercase.
    scheme = scheme.lower()
-    netloc = netloc.lower()
    # Note: if ``host`` is used, it will be converted to lowercase below
+    if hostname is not None:
+        hostname = hostname.lower()

    # 2.  The host and port values MUST match the content of the HTTP
    #     request "Host" header field.
    if host is not None:
-        netloc = host.lower()  # override value in uri with provided host
+        # NOTE: override value in uri with provided host
+        # Host argument is equal to netloc. It means it's missing scheme.
+        # Add it back, before parsing.
+
+        host = host.lower()
+        host = f"{scheme}://{host}"
+        output = urlparse.urlparse(host)
+        hostname = output.hostname
+        port = output.port

    # 3.  The port MUST be included if it is not the default port for the
    #     scheme, and MUST be excluded if it is the default.  Specifically,
@ -170,33 +184,28 @@ def base_string_uri(uri: str, host: str = None) -> str:
    # .. _`RFC2616`: https://tools.ietf.org/html/rfc2616
    # .. _`RFC2818`: https://tools.ietf.org/html/rfc2818

-    if ':' in netloc:
-        # Contains a colon ":", so try to parse as "host:port"
+    if hostname is None:
+        raise ValueError('missing host')

-        hostname, port_str = netloc.split(':', 1)
+    # NOTE: Try guessing if we're dealing with IP or hostname
+    try:
+        hostname = ipaddress.ip_address(hostname)
+    except ValueError:
+        pass

-        if len(hostname) == 0:
-            raise ValueError('missing host')  # error: netloc was ":port" or ":"
+    if isinstance(hostname, ipaddress.IPv6Address):
+        hostname = f"[{hostname}]"
+    elif isinstance(hostname, ipaddress.IPv4Address):
+        hostname = f"{hostname}"

-        if len(port_str) == 0:
-            netloc = hostname  # was "host:", so just use the host part
-        else:
-            try:
-                port_num = int(port_str)  # try to parse into an integer number
-            except ValueError:
-                raise ValueError('port is not an integer')
-
-            if port_num <= 0 or 65535 < port_num:
-                raise ValueError('port out of range')  # 16-bit unsigned ints
-            if (scheme, port_num) in (('http', 80), ('https', 443)):
-                netloc = hostname  # default port for scheme: exclude port num
-            else:
-                netloc = hostname + ':' + str(port_num)  # use hostname:port
+    if port is not None and not (0 < port <= 65535):
+        raise ValueError('port out of range')  # 16-bit unsigned ints
+    if (scheme, port) in (('http', 80), ('https', 443)):
+        netloc = hostname  # default port for scheme: exclude port num
+    elif port:
+        netloc = f"{hostname}:{port}"  # use hostname:port
    else:
-        # Does not contain a colon, so entire value must be the hostname
-
-        if len(netloc) == 0:
-            raise ValueError('missing host')  # error: netloc was empty string
+        netloc = hostname

    v = urlparse.urlunparse((scheme, netloc, path, params, '', ''))