mirror of
https://github.com/Tautulli/Tautulli.git
synced 2025-07-10 15:32:38 -07:00
Update oauthlib-3.1.1
This commit is contained in:
JonnyWong16
parent
e58aa40099
commit
d76838a607
64 changed files with 4329 additions and 1421 deletions
|
|
@ -1,36 +1,68 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
"""
|
||||
oauthlib.oauth1.rfc5849
|
||||
~~~~~~~~~~~~~~
|
||||
|
||||
This module is an implementation of various logic needed
|
||||
for signing and checking OAuth 1.0 RFC 5849 requests.
|
||||
|
||||
It supports all three standard signature methods defined in RFC 5849:
|
||||
|
||||
- HMAC-SHA1
|
||||
- RSA-SHA1
|
||||
- PLAINTEXT
|
||||
|
||||
It also supports signature methods that are not defined in RFC 5849. These are
|
||||
based on the standard ones but replace SHA-1 with the more secure SHA-256:
|
||||
|
||||
- HMAC-SHA256
|
||||
- RSA-SHA256
|
||||
|
||||
"""
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
import base64
|
||||
import hashlib
|
||||
import logging
|
||||
log = logging.getLogger(__name__)
|
||||
import urllib.parse as urlparse
|
||||
|
||||
import sys
|
||||
try:
|
||||
import urlparse
|
||||
except ImportError:
|
||||
import urllib.parse as urlparse
|
||||
from oauthlib.common import (
|
||||
Request, generate_nonce, generate_timestamp, to_unicode, urlencode,
|
||||
)
|
||||
|
||||
if sys.version_info[0] == 3:
|
||||
bytes_type = bytes
|
||||
else:
|
||||
bytes_type = str
|
||||
|
||||
from oauthlib.common import Request, urlencode, generate_nonce
|
||||
from oauthlib.common import generate_timestamp, to_unicode
|
||||
from . import parameters, signature
|
||||
|
||||
SIGNATURE_HMAC = "HMAC-SHA1"
|
||||
SIGNATURE_RSA = "RSA-SHA1"
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
# Available signature methods
|
||||
#
|
||||
# Note: SIGNATURE_HMAC and SIGNATURE_RSA are kept for backward compatibility
|
||||
# with previous versions of this library, when it the only HMAC-based and
|
||||
# RSA-based signature methods were HMAC-SHA1 and RSA-SHA1. But now that it
|
||||
# supports other hashing algorithms besides SHA1, explicitly identifying which
|
||||
# hashing algorithm is being used is recommended.
|
||||
#
|
||||
# Note: if additional values are defined here, don't forget to update the
|
||||
# imports in "../__init__.py" so they are available outside this module.
|
||||
|
||||
SIGNATURE_HMAC_SHA1 = "HMAC-SHA1"
|
||||
SIGNATURE_HMAC_SHA256 = "HMAC-SHA256"
|
||||
SIGNATURE_HMAC_SHA512 = "HMAC-SHA512"
|
||||
SIGNATURE_HMAC = SIGNATURE_HMAC_SHA1 # deprecated variable for HMAC-SHA1
|
||||
|
||||
SIGNATURE_RSA_SHA1 = "RSA-SHA1"
|
||||
SIGNATURE_RSA_SHA256 = "RSA-SHA256"
|
||||
SIGNATURE_RSA_SHA512 = "RSA-SHA512"
|
||||
SIGNATURE_RSA = SIGNATURE_RSA_SHA1 # deprecated variable for RSA-SHA1
|
||||
|
||||
SIGNATURE_PLAINTEXT = "PLAINTEXT"
|
||||
SIGNATURE_METHODS = (SIGNATURE_HMAC, SIGNATURE_RSA, SIGNATURE_PLAINTEXT)
|
||||
|
||||
SIGNATURE_METHODS = (
|
||||
SIGNATURE_HMAC_SHA1,
|
||||
SIGNATURE_HMAC_SHA256,
|
||||
SIGNATURE_HMAC_SHA512,
|
||||
SIGNATURE_RSA_SHA1,
|
||||
SIGNATURE_RSA_SHA256,
|
||||
SIGNATURE_RSA_SHA512,
|
||||
SIGNATURE_PLAINTEXT
|
||||
)
|
||||
|
||||
SIGNATURE_TYPE_AUTH_HEADER = 'AUTH_HEADER'
|
||||
SIGNATURE_TYPE_QUERY = 'QUERY'
|
||||
|
|
@ -39,12 +71,16 @@ SIGNATURE_TYPE_BODY = 'BODY'
|
|||
CONTENT_TYPE_FORM_URLENCODED = 'application/x-www-form-urlencoded'
|
||||
|
||||
|
||||
class Client(object):
|
||||
class Client:
|
||||
|
||||
"""A client used to sign OAuth 1.0 RFC 5849 requests."""
|
||||
SIGNATURE_METHODS = {
|
||||
SIGNATURE_HMAC: signature.sign_hmac_sha1_with_client,
|
||||
SIGNATURE_RSA: signature.sign_rsa_sha1_with_client,
|
||||
SIGNATURE_HMAC_SHA1: signature.sign_hmac_sha1_with_client,
|
||||
SIGNATURE_HMAC_SHA256: signature.sign_hmac_sha256_with_client,
|
||||
SIGNATURE_HMAC_SHA512: signature.sign_hmac_sha512_with_client,
|
||||
SIGNATURE_RSA_SHA1: signature.sign_rsa_sha1_with_client,
|
||||
SIGNATURE_RSA_SHA256: signature.sign_rsa_sha256_with_client,
|
||||
SIGNATURE_RSA_SHA512: signature.sign_rsa_sha512_with_client,
|
||||
SIGNATURE_PLAINTEXT: signature.sign_plaintext_with_client
|
||||
}
|
||||
|
||||
|
|
@ -57,7 +93,7 @@ class Client(object):
|
|||
resource_owner_key=None,
|
||||
resource_owner_secret=None,
|
||||
callback_uri=None,
|
||||
signature_method=SIGNATURE_HMAC,
|
||||
signature_method=SIGNATURE_HMAC_SHA1,
|
||||
signature_type=SIGNATURE_TYPE_AUTH_HEADER,
|
||||
rsa_key=None, verifier=None, realm=None,
|
||||
encoding='utf-8', decoding=None,
|
||||
|
|
@ -105,10 +141,11 @@ class Client(object):
|
|||
def __repr__(self):
|
||||
attrs = vars(self).copy()
|
||||
attrs['client_secret'] = '****' if attrs['client_secret'] else None
|
||||
attrs['rsa_key'] = '****' if attrs['rsa_key'] else None
|
||||
attrs[
|
||||
'resource_owner_secret'] = '****' if attrs['resource_owner_secret'] else None
|
||||
attribute_str = ', '.join('%s=%s' % (k, v) for k, v in attrs.items())
|
||||
return '<%s %s>' % (self.__class__.__name__, attribute_str)
|
||||
attribute_str = ', '.join('{}={}'.format(k, v) for k, v in attrs.items())
|
||||
return '<{} {}>'.format(self.__class__.__name__, attribute_str)
|
||||
|
||||
def get_oauth_signature(self, request):
|
||||
"""Get an OAuth signature to be used in signing a request
|
||||
|
|
@ -118,7 +155,7 @@ class Client(object):
|
|||
replace any netloc part of the request argument's uri attribute
|
||||
value.
|
||||
|
||||
.. _`section 3.4.1.2`: http://tools.ietf.org/html/rfc5849#section-3.4.1.2
|
||||
.. _`section 3.4.1.2`: https://tools.ietf.org/html/rfc5849#section-3.4.1.2
|
||||
"""
|
||||
if self.signature_method == SIGNATURE_PLAINTEXT:
|
||||
# fast-path
|
||||
|
|
@ -131,25 +168,24 @@ class Client(object):
|
|||
uri_query=urlparse.urlparse(uri).query,
|
||||
body=body,
|
||||
headers=headers)
|
||||
log.debug("Collected params: {0}".format(collected_params))
|
||||
log.debug("Collected params: {}".format(collected_params))
|
||||
|
||||
normalized_params = signature.normalize_parameters(collected_params)
|
||||
normalized_uri = signature.normalize_base_string_uri(uri,
|
||||
headers.get('Host', None))
|
||||
log.debug("Normalized params: {0}".format(normalized_params))
|
||||
log.debug("Normalized URI: {0}".format(normalized_uri))
|
||||
normalized_uri = signature.base_string_uri(uri, headers.get('Host', None))
|
||||
log.debug("Normalized params: {}".format(normalized_params))
|
||||
log.debug("Normalized URI: {}".format(normalized_uri))
|
||||
|
||||
base_string = signature.construct_base_string(request.http_method,
|
||||
base_string = signature.signature_base_string(request.http_method,
|
||||
normalized_uri, normalized_params)
|
||||
|
||||
log.debug("Base signing string: {0}".format(base_string))
|
||||
log.debug("Signing: signature base string: {}".format(base_string))
|
||||
|
||||
if self.signature_method not in self.SIGNATURE_METHODS:
|
||||
raise ValueError('Invalid signature method.')
|
||||
|
||||
sig = self.SIGNATURE_METHODS[self.signature_method](base_string, self)
|
||||
|
||||
log.debug("Signature: {0}".format(sig))
|
||||
log.debug("Signature: {}".format(sig))
|
||||
return sig
|
||||
|
||||
def get_oauth_params(self, request):
|
||||
|
|
@ -174,10 +210,12 @@ class Client(object):
|
|||
params.append(('oauth_verifier', self.verifier))
|
||||
|
||||
# providing body hash for requests other than x-www-form-urlencoded
|
||||
# as described in http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html
|
||||
# as described in https://tools.ietf.org/html/draft-eaton-oauth-bodyhash-00#section-4.1.1
|
||||
# 4.1.1. When to include the body hash
|
||||
# * [...] MUST NOT include an oauth_body_hash parameter on requests with form-encoded request bodies
|
||||
# * [...] SHOULD include the oauth_body_hash parameter on all other requests.
|
||||
# Note that SHA-1 is vulnerable. The spec acknowledges that in https://tools.ietf.org/html/draft-eaton-oauth-bodyhash-00#section-6.2
|
||||
# At this time, no further effort has been made to replace SHA-1 for the OAuth Request Body Hash extension.
|
||||
content_type = request.headers.get('Content-Type', None)
|
||||
content_type_eligible = content_type and content_type.find('application/x-www-form-urlencoded') < 0
|
||||
if request.body is not None and content_type_eligible:
|
||||
|
|
@ -278,8 +316,8 @@ class Client(object):
|
|||
# header field set to "application/x-www-form-urlencoded".
|
||||
elif not should_have_params and has_params:
|
||||
raise ValueError(
|
||||
"Body contains parameters but Content-Type header was {0} "
|
||||
"instead of {1}".format(content_type or "not set",
|
||||
"Body contains parameters but Content-Type header was {} "
|
||||
"instead of {}".format(content_type or "not set",
|
||||
CONTENT_TYPE_FORM_URLENCODED))
|
||||
|
||||
# 3.5.2. Form-Encoded Body
|
||||
|
|
@ -296,7 +334,7 @@ class Client(object):
|
|||
raise ValueError(
|
||||
'Body signatures may only be used with form-urlencoded content')
|
||||
|
||||
# We amend http://tools.ietf.org/html/rfc5849#section-3.4.1.3.1
|
||||
# We amend https://tools.ietf.org/html/rfc5849#section-3.4.1.3.1
|
||||
# with the clause that parameters from body should only be included
|
||||
# in non GET or HEAD requests. Extracting the request body parameters
|
||||
# and including them in the signature base string would give semantic
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue