mirror of
https://github.com/Tautulli/Tautulli.git
synced 2025-07-14 01:02:59 -07:00
Update oauthlib-3.1.1
This commit is contained in:
JonnyWong16
parent
e58aa40099
commit
d76838a607
64 changed files with 4329 additions and 1421 deletions
|
|
@ -1,9 +1,8 @@
|
|||
from __future__ import absolute_import
|
||||
|
||||
from .access_token import AccessTokenEndpoint
|
||||
from .authorization import AuthorizationEndpoint
|
||||
from .base import BaseEndpoint
|
||||
from .request_token import RequestTokenEndpoint
|
||||
from .authorization import AuthorizationEndpoint
|
||||
from .access_token import AccessTokenEndpoint
|
||||
from .resource import ResourceEndpoint
|
||||
from .signature_only import SignatureOnlyEndpoint
|
||||
from .pre_configured import WebApplicationServer
|
||||
|
||||
from .pre_configured import WebApplicationServer # isort:skip
|
||||
|
|
|
|||
|
|
@ -8,14 +8,12 @@ OAuth 1.0 RFC 5849. It validates the correctness of access token requests,
|
|||
creates and persists tokens as well as create the proper response to be
|
||||
returned to the client.
|
||||
"""
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
import logging
|
||||
|
||||
from oauthlib.common import urlencode
|
||||
|
||||
from .base import BaseEndpoint
|
||||
from .. import errors
|
||||
from .base import BaseEndpoint
|
||||
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
|
|
@ -37,7 +35,8 @@ class AccessTokenEndpoint(BaseEndpoint):
|
|||
Similar to OAuth 2, indication of granted scopes will be included as a
|
||||
space separated list in ``oauth_authorized_realms``.
|
||||
|
||||
:param request: An oauthlib.common.Request object.
|
||||
:param request: OAuthlib request.
|
||||
:type request: oauthlib.common.Request
|
||||
:returns: The token as an urlencoded string.
|
||||
"""
|
||||
request.realms = self.request_validator.get_realms(
|
||||
|
|
@ -120,7 +119,8 @@ class AccessTokenEndpoint(BaseEndpoint):
|
|||
def validate_access_token_request(self, request):
|
||||
"""Validate an access token request.
|
||||
|
||||
:param request: An oauthlib.common.Request object.
|
||||
:param request: OAuthlib request.
|
||||
:type request: oauthlib.common.Request
|
||||
:raises: OAuth1Error if the request is invalid.
|
||||
:returns: A tuple of 2 elements.
|
||||
1. The validation result (True or False).
|
||||
|
|
@ -180,7 +180,7 @@ class AccessTokenEndpoint(BaseEndpoint):
|
|||
# token credentials to the client, and ensure that the temporary
|
||||
# credentials have not expired or been used before. The server MUST
|
||||
# also verify the verification code received from the client.
|
||||
# .. _`Section 3.2`: http://tools.ietf.org/html/rfc5849#section-3.2
|
||||
# .. _`Section 3.2`: https://tools.ietf.org/html/rfc5849#section-3.2
|
||||
#
|
||||
# Note that early exit would enable resource owner authorization
|
||||
# verifier enumertion.
|
||||
|
|
|
|||
|
|
@ -6,16 +6,12 @@ oauthlib.oauth1.rfc5849.endpoints.authorization
|
|||
This module is an implementation of various logic needed
|
||||
for signing and checking OAuth 1.0 RFC 5849 requests.
|
||||
"""
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
from urllib.parse import urlencode
|
||||
|
||||
from oauthlib.common import Request, add_params_to_uri
|
||||
from oauthlib.common import add_params_to_uri
|
||||
|
||||
from .base import BaseEndpoint
|
||||
from .. import errors
|
||||
try:
|
||||
from urllib import urlencode
|
||||
except ImportError:
|
||||
from urllib.parse import urlencode
|
||||
from .base import BaseEndpoint
|
||||
|
||||
|
||||
class AuthorizationEndpoint(BaseEndpoint):
|
||||
|
|
@ -41,7 +37,8 @@ class AuthorizationEndpoint(BaseEndpoint):
|
|||
def create_verifier(self, request, credentials):
|
||||
"""Create and save a new request token.
|
||||
|
||||
:param request: An oauthlib.common.Request object.
|
||||
:param request: OAuthlib request.
|
||||
:type request: oauthlib.common.Request
|
||||
:param credentials: A dict of extra token credentials.
|
||||
:returns: The verifier as a dict.
|
||||
"""
|
||||
|
|
|
|||
|
|
@ -6,21 +6,20 @@ oauthlib.oauth1.rfc5849.endpoints.base
|
|||
This module is an implementation of various logic needed
|
||||
for signing and checking OAuth 1.0 RFC 5849 requests.
|
||||
"""
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
import time
|
||||
|
||||
from oauthlib.common import Request, generate_token
|
||||
from oauthlib.common import CaseInsensitiveDict, Request, generate_token
|
||||
|
||||
from .. import signature, utils, errors
|
||||
from .. import CONTENT_TYPE_FORM_URLENCODED
|
||||
from .. import SIGNATURE_HMAC, SIGNATURE_RSA
|
||||
from .. import SIGNATURE_TYPE_AUTH_HEADER
|
||||
from .. import SIGNATURE_TYPE_QUERY
|
||||
from .. import SIGNATURE_TYPE_BODY
|
||||
from .. import (
|
||||
CONTENT_TYPE_FORM_URLENCODED,
|
||||
SIGNATURE_HMAC_SHA1, SIGNATURE_HMAC_SHA256, SIGNATURE_HMAC_SHA512,
|
||||
SIGNATURE_RSA_SHA1, SIGNATURE_RSA_SHA256, SIGNATURE_RSA_SHA512,
|
||||
SIGNATURE_PLAINTEXT,
|
||||
SIGNATURE_TYPE_AUTH_HEADER, SIGNATURE_TYPE_BODY,
|
||||
SIGNATURE_TYPE_QUERY, errors, signature, utils)
|
||||
|
||||
|
||||
class BaseEndpoint(object):
|
||||
class BaseEndpoint:
|
||||
|
||||
def __init__(self, request_validator, token_generator=None):
|
||||
self.request_validator = request_validator
|
||||
|
|
@ -70,7 +69,7 @@ class BaseEndpoint(object):
|
|||
|
||||
def _create_request(self, uri, http_method, body, headers):
|
||||
# Only include body data from x-www-form-urlencoded requests
|
||||
headers = headers or {}
|
||||
headers = CaseInsensitiveDict(headers or {})
|
||||
if ("Content-Type" in headers and
|
||||
CONTENT_TYPE_FORM_URLENCODED in headers["Content-Type"]):
|
||||
request = Request(uri, http_method, body, headers)
|
||||
|
|
@ -130,11 +129,11 @@ class BaseEndpoint(object):
|
|||
# specification. Implementers should review the Security
|
||||
# Considerations section (`Section 4`_) before deciding on which
|
||||
# method to support.
|
||||
# .. _`Section 4`: http://tools.ietf.org/html/rfc5849#section-4
|
||||
# .. _`Section 4`: https://tools.ietf.org/html/rfc5849#section-4
|
||||
if (not request.signature_method in
|
||||
self.request_validator.allowed_signature_methods):
|
||||
raise errors.InvalidSignatureMethodError(
|
||||
description="Invalid signature, %s not in %r." % (
|
||||
description="Invalid signature, {} not in {!r}.".format(
|
||||
request.signature_method,
|
||||
self.request_validator.allowed_signature_methods))
|
||||
|
||||
|
|
@ -182,35 +181,65 @@ class BaseEndpoint(object):
|
|||
|
||||
def _check_signature(self, request, is_token_request=False):
|
||||
# ---- RSA Signature verification ----
|
||||
if request.signature_method == SIGNATURE_RSA:
|
||||
if request.signature_method == SIGNATURE_RSA_SHA1 or \
|
||||
request.signature_method == SIGNATURE_RSA_SHA256 or \
|
||||
request.signature_method == SIGNATURE_RSA_SHA512:
|
||||
# RSA-based signature method
|
||||
|
||||
# The server verifies the signature per `[RFC3447] section 8.2.2`_
|
||||
# .. _`[RFC3447] section 8.2.2`: http://tools.ietf.org/html/rfc3447#section-8.2.1
|
||||
# .. _`[RFC3447] section 8.2.2`: https://tools.ietf.org/html/rfc3447#section-8.2.1
|
||||
|
||||
rsa_key = self.request_validator.get_rsa_key(
|
||||
request.client_key, request)
|
||||
valid_signature = signature.verify_rsa_sha1(request, rsa_key)
|
||||
|
||||
if request.signature_method == SIGNATURE_RSA_SHA1:
|
||||
valid_signature = signature.verify_rsa_sha1(request, rsa_key)
|
||||
elif request.signature_method == SIGNATURE_RSA_SHA256:
|
||||
valid_signature = signature.verify_rsa_sha256(request, rsa_key)
|
||||
elif request.signature_method == SIGNATURE_RSA_SHA512:
|
||||
valid_signature = signature.verify_rsa_sha512(request, rsa_key)
|
||||
else:
|
||||
valid_signature = False
|
||||
|
||||
# ---- HMAC or Plaintext Signature verification ----
|
||||
else:
|
||||
# Non-RSA based signature method
|
||||
|
||||
# Servers receiving an authenticated request MUST validate it by:
|
||||
# Recalculating the request signature independently as described in
|
||||
# `Section 3.4`_ and comparing it to the value received from the
|
||||
# client via the "oauth_signature" parameter.
|
||||
# .. _`Section 3.4`: http://tools.ietf.org/html/rfc5849#section-3.4
|
||||
# .. _`Section 3.4`: https://tools.ietf.org/html/rfc5849#section-3.4
|
||||
|
||||
client_secret = self.request_validator.get_client_secret(
|
||||
request.client_key, request)
|
||||
|
||||
resource_owner_secret = None
|
||||
if request.resource_owner_key:
|
||||
if is_token_request:
|
||||
resource_owner_secret = self.request_validator.get_request_token_secret(
|
||||
request.client_key, request.resource_owner_key, request)
|
||||
resource_owner_secret = \
|
||||
self.request_validator.get_request_token_secret(
|
||||
request.client_key, request.resource_owner_key,
|
||||
request)
|
||||
else:
|
||||
resource_owner_secret = self.request_validator.get_access_token_secret(
|
||||
request.client_key, request.resource_owner_key, request)
|
||||
resource_owner_secret = \
|
||||
self.request_validator.get_access_token_secret(
|
||||
request.client_key, request.resource_owner_key,
|
||||
request)
|
||||
|
||||
if request.signature_method == SIGNATURE_HMAC:
|
||||
valid_signature = signature.verify_hmac_sha1(request,
|
||||
client_secret, resource_owner_secret)
|
||||
if request.signature_method == SIGNATURE_HMAC_SHA1:
|
||||
valid_signature = signature.verify_hmac_sha1(
|
||||
request, client_secret, resource_owner_secret)
|
||||
elif request.signature_method == SIGNATURE_HMAC_SHA256:
|
||||
valid_signature = signature.verify_hmac_sha256(
|
||||
request, client_secret, resource_owner_secret)
|
||||
elif request.signature_method == SIGNATURE_HMAC_SHA512:
|
||||
valid_signature = signature.verify_hmac_sha512(
|
||||
request, client_secret, resource_owner_secret)
|
||||
elif request.signature_method == SIGNATURE_PLAINTEXT:
|
||||
valid_signature = signature.verify_plaintext(
|
||||
request, client_secret, resource_owner_secret)
|
||||
else:
|
||||
valid_signature = signature.verify_plaintext(request,
|
||||
client_secret, resource_owner_secret)
|
||||
valid_signature = False
|
||||
|
||||
return valid_signature
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
from . import RequestTokenEndpoint, AuthorizationEndpoint
|
||||
from . import AccessTokenEndpoint, ResourceEndpoint
|
||||
from . import (
|
||||
AccessTokenEndpoint, AuthorizationEndpoint, RequestTokenEndpoint,
|
||||
ResourceEndpoint,
|
||||
)
|
||||
|
||||
|
||||
class WebApplicationServer(RequestTokenEndpoint, AuthorizationEndpoint,
|
||||
|
|
|
|||
|
|
@ -8,14 +8,12 @@ OAuth 1.0 RFC 5849. It validates the correctness of request token requests,
|
|||
creates and persists tokens as well as create the proper response to be
|
||||
returned to the client.
|
||||
"""
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
import logging
|
||||
|
||||
from oauthlib.common import urlencode
|
||||
|
||||
from .base import BaseEndpoint
|
||||
from .. import errors
|
||||
from .base import BaseEndpoint
|
||||
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
|
|
@ -34,7 +32,8 @@ class RequestTokenEndpoint(BaseEndpoint):
|
|||
def create_request_token(self, request, credentials):
|
||||
"""Create and save a new request token.
|
||||
|
||||
:param request: An oauthlib.common.Request object.
|
||||
:param request: OAuthlib request.
|
||||
:type request: oauthlib.common.Request
|
||||
:param credentials: A dict of extra token credentials.
|
||||
:returns: The token as an urlencoded string.
|
||||
"""
|
||||
|
|
@ -111,7 +110,8 @@ class RequestTokenEndpoint(BaseEndpoint):
|
|||
def validate_request_token_request(self, request):
|
||||
"""Validate a request token request.
|
||||
|
||||
:param request: An oauthlib.common.Request object.
|
||||
:param request: OAuthlib request.
|
||||
:type request: oauthlib.common.Request
|
||||
:raises: OAuth1Error if the request is invalid.
|
||||
:returns: A tuple of 2 elements.
|
||||
1. The validation result (True or False).
|
||||
|
|
@ -127,7 +127,7 @@ class RequestTokenEndpoint(BaseEndpoint):
|
|||
request.client_key, request)
|
||||
if not self.request_validator.check_realms(request.realms):
|
||||
raise errors.InvalidRequestError(
|
||||
description='Invalid realm %s. Allowed are %r.' % (
|
||||
description='Invalid realm {}. Allowed are {!r}.'.format(
|
||||
request.realms, self.request_validator.realms))
|
||||
|
||||
if not request.redirect_uri:
|
||||
|
|
@ -156,7 +156,7 @@ class RequestTokenEndpoint(BaseEndpoint):
|
|||
# However they could be seen as a scope or realm to which the
|
||||
# client has access and as such every client should be checked
|
||||
# to ensure it is authorized access to that scope or realm.
|
||||
# .. _`realm`: http://tools.ietf.org/html/rfc2617#section-1.2
|
||||
# .. _`realm`: https://tools.ietf.org/html/rfc2617#section-1.2
|
||||
#
|
||||
# Note that early exit would enable client realm access enumeration.
|
||||
#
|
||||
|
|
@ -178,7 +178,7 @@ class RequestTokenEndpoint(BaseEndpoint):
|
|||
|
||||
# Callback is normally never required, except for requests for
|
||||
# a Temporary Credential as described in `Section 2.1`_
|
||||
# .._`Section 2.1`: http://tools.ietf.org/html/rfc5849#section-2.1
|
||||
# .._`Section 2.1`: https://tools.ietf.org/html/rfc5849#section-2.1
|
||||
valid_redirect = self.request_validator.validate_redirect_uri(
|
||||
request.client_key, request.redirect_uri, request)
|
||||
if not request.redirect_uri:
|
||||
|
|
|
|||
|
|
@ -6,12 +6,10 @@ oauthlib.oauth1.rfc5849.endpoints.resource
|
|||
This module is an implementation of the resource protection provider logic of
|
||||
OAuth 1.0 RFC 5849.
|
||||
"""
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
import logging
|
||||
|
||||
from .base import BaseEndpoint
|
||||
from .. import errors
|
||||
from .base import BaseEndpoint
|
||||
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
|
|
@ -119,7 +117,7 @@ class ResourceEndpoint(BaseEndpoint):
|
|||
# However they could be seen as a scope or realm to which the
|
||||
# client has access and as such every client should be checked
|
||||
# to ensure it is authorized access to that scope or realm.
|
||||
# .. _`realm`: http://tools.ietf.org/html/rfc2617#section-1.2
|
||||
# .. _`realm`: https://tools.ietf.org/html/rfc2617#section-1.2
|
||||
#
|
||||
# Note that early exit would enable client realm access enumeration.
|
||||
#
|
||||
|
|
|
|||
|
|
@ -6,12 +6,10 @@ oauthlib.oauth1.rfc5849.endpoints.signature_only
|
|||
This module is an implementation of the signing logic of OAuth 1.0 RFC 5849.
|
||||
"""
|
||||
|
||||
from __future__ import absolute_import, unicode_literals
|
||||
|
||||
import logging
|
||||
|
||||
from .base import BaseEndpoint
|
||||
from .. import errors
|
||||
from .base import BaseEndpoint
|
||||
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
|
|
@ -34,17 +32,22 @@ class SignatureOnlyEndpoint(BaseEndpoint):
|
|||
"""
|
||||
try:
|
||||
request = self._create_request(uri, http_method, body, headers)
|
||||
except errors.OAuth1Error:
|
||||
except errors.OAuth1Error as err:
|
||||
log.info(
|
||||
'Exception caught while validating request, %s.' % err)
|
||||
return False, None
|
||||
|
||||
try:
|
||||
self._check_transport_security(request)
|
||||
self._check_mandatory_parameters(request)
|
||||
except errors.OAuth1Error:
|
||||
except errors.OAuth1Error as err:
|
||||
log.info(
|
||||
'Exception caught while validating request, %s.' % err)
|
||||
return False, request
|
||||
|
||||
if not self.request_validator.validate_timestamp_and_nonce(
|
||||
request.client_key, request.timestamp, request.nonce, request):
|
||||
log.debug('[Failure] verification failed: timestamp/nonce')
|
||||
return False, request
|
||||
|
||||
# The server SHOULD return a 401 (Unauthorized) status code when
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue