github/plexpy
1
0
Fork 0
mirror of https://github.com/Tautulli/Tautulli.git synced 2025-07-06 13:11:15 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update oauthlib-3.1.1

Browse source
This commit is contained in:
JonnyWong16 2021-10-14 22:34:45 -07:00
parent e58aa40099
commit d76838a607
No known key found for this signature in database
GPG key ID: B1F1F9807184697A
64 changed files with 4329 additions and 1421 deletions
Download patch file Download diff file Expand all files Collapse all files

238
lib/oauthlib/oauth2/rfc6749/errors.py
View file

@ -1,4 +1,3 @@
# coding=utf-8
"""
oauthlib.oauth2.rfc6749.errors
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -6,9 +5,9 @@ oauthlib.oauth2.rfc6749.errors
Error used both by OAuth 2 clients and providers to represent the spec
defined error responses for all four core grant types.
"""
from __future__ import unicode_literals
import json
from oauthlib.common import urlencode, add_params_to_uri
from oauthlib.common import add_params_to_uri, urlencode
class OAuth2Error(Exception):
@ -16,32 +15,37 @@ class OAuth2Error(Exception):
status_code = 400
description = ''
def __init__(self, description=None, uri=None, state=None, status_code=None,
request=None):
def __init__(self, description=None, uri=None, state=None,
status_code=None, request=None):
"""
description: A human-readable ASCII [USASCII] text providing
additional information, used to assist the client
developer in understanding the error that occurred.
Values for the "error_description" parameter MUST NOT
include characters outside the set
x20-21 / x23-5B / x5D-7E.
:param description: A human-readable ASCII [USASCII] text providing
additional information, used to assist the client
developer in understanding the error that occurred.
Values for the "error_description" parameter
MUST NOT include characters outside the set
x20-21 / x23-5B / x5D-7E.
uri: A URI identifying a human-readable web page with information
about the error, used to provide the client developer with
additional information about the error. Values for the
"error_uri" parameter MUST conform to the URI- Reference
syntax, and thus MUST NOT include characters outside the set
x21 / x23-5B / x5D-7E.
:param uri: A URI identifying a human-readable web page with information
about the error, used to provide the client developer with
additional information about the error. Values for the
"error_uri" parameter MUST conform to the URI- Reference
syntax, and thus MUST NOT include characters outside the set
x21 / x23-5B / x5D-7E.
state: A CSRF protection value received from the client.
:param state: A CSRF protection value received from the client.
request: Oauthlib Request object
:param status_code:
:param request: OAuthlib request.
:type request: oauthlib.common.Request
"""
self.description = description or self.description
message = '(%s) %s' % (self.error, self.description)
if description is not None:
self.description = description
message = '({}) {}'.format(self.error, self.description)
if request:
message += ' ' + repr(request)
super(OAuth2Error, self).__init__(message)
super().__init__(message)
self.uri = uri
self.state = state
@ -54,12 +58,21 @@ class OAuth2Error(Exception):
self.client_id = request.client_id
self.scopes = request.scopes
self.response_type = request.response_type
self.response_mode = request.response_mode
self.grant_type = request.grant_type
if not state:
self.state = request.state
else:
self.redirect_uri = None
self.client_id = None
self.scopes = None
self.response_type = None
self.response_mode = None
self.grant_type = None
def in_uri(self, uri):
return add_params_to_uri(uri, self.twotuples)
fragment = self.response_mode == "fragment"
return add_params_to_uri(uri, self.twotuples, fragment)
@property
def twotuples(self):
@ -80,6 +93,27 @@ class OAuth2Error(Exception):
def json(self):
return json.dumps(dict(self.twotuples))
@property
def headers(self):
if self.status_code == 401:
"""
https://tools.ietf.org/html/rfc6750#section-3
All challenges defined by this specification MUST use the auth-scheme
value "Bearer". This scheme MUST be followed by one or more
auth-param values.
"""
authvalues = [
"Bearer",
'error="{}"'.format(self.error)
]
if self.description:
authvalues.append('error_description="{}"'.format(self.description))
if self.uri:
authvalues.append('error_uri="{}"'.format(self.uri))
return {"WWW-Authenticate": ", ".join(authvalues)}
return {}
class TokenExpiredError(OAuth2Error):
error = 'token_expired'
@ -108,8 +142,8 @@ class MissingTokenTypeError(OAuth2Error):
class FatalClientError(OAuth2Error):
"""Errors during authorization where user should not be redirected back.
"""
Errors during authorization where user should not be redirected back.
If the request fails due to a missing, invalid, or mismatching
redirection URI, or if the client identifier is missing or invalid,
@ -123,7 +157,8 @@ class FatalClientError(OAuth2Error):
class InvalidRequestFatalError(FatalClientError):
"""For fatal errors, the request is missing a required parameter, includes
"""
For fatal errors, the request is missing a required parameter, includes
an invalid parameter value, includes a parameter more than once, or is
otherwise malformed.
"""
@ -151,8 +186,8 @@ class MissingClientIdError(InvalidRequestFatalError):
class InvalidRequestError(OAuth2Error):
"""The request is missing a required parameter, includes an invalid
"""
The request is missing a required parameter, includes an invalid
parameter value, includes a parameter more than once, or is
otherwise malformed.
"""
@ -163,31 +198,66 @@ class MissingResponseTypeError(InvalidRequestError):
description = 'Missing response_type parameter.'
class AccessDeniedError(OAuth2Error):
class MissingCodeChallengeError(InvalidRequestError):
"""
If the server requires Proof Key for Code Exchange (PKCE) by OAuth
public clients and the client does not send the "code_challenge" in
the request, the authorization endpoint MUST return the authorization
error response with the "error" value set to "invalid_request". The
"error_description" or the response of "error_uri" SHOULD explain the
nature of error, e.g., code challenge required.
"""
description = 'Code challenge required.'
"""The resource owner or authorization server denied the request."""
class MissingCodeVerifierError(InvalidRequestError):
"""
The request to the token endpoint, when PKCE is enabled, has
the parameter `code_verifier` REQUIRED.
"""
description = 'Code verifier required.'
class AccessDeniedError(OAuth2Error):
"""
The resource owner or authorization server denied the request.
"""
error = 'access_denied'
status_code = 401
class UnsupportedResponseTypeError(OAuth2Error):
"""The authorization server does not support obtaining an authorization
"""
The authorization server does not support obtaining an authorization
code using this method.
"""
error = 'unsupported_response_type'
class InvalidScopeError(OAuth2Error):
class UnsupportedCodeChallengeMethodError(InvalidRequestError):
"""
If the server supporting PKCE does not support the requested
transformation, the authorization endpoint MUST return the
authorization error response with "error" value set to
"invalid_request". The "error_description" or the response of
"error_uri" SHOULD explain the nature of error, e.g., transform
algorithm not supported.
"""
description = 'Transform algorithm not supported.'
"""The requested scope is invalid, unknown, or malformed."""
class InvalidScopeError(OAuth2Error):
"""
The requested scope is invalid, unknown, or malformed, or
exceeds the scope granted by the resource owner.
https://tools.ietf.org/html/rfc6749#section-5.2
"""
error = 'invalid_scope'
status_code = 401
class ServerError(OAuth2Error):
"""The authorization server encountered an unexpected condition that
"""
The authorization server encountered an unexpected condition that
prevented it from fulfilling the request. (This error code is needed
because a 500 Internal Server Error HTTP status code cannot be returned
to the client via a HTTP redirect.)
@ -196,8 +266,8 @@ class ServerError(OAuth2Error):
class TemporarilyUnavailableError(OAuth2Error):
"""The authorization server is currently unable to handle the request
"""
The authorization server is currently unable to handle the request
due to a temporary overloading or maintenance of the server.
(This error code is needed because a 503 Service Unavailable HTTP
status code cannot be returned to the client via a HTTP redirect.)
@ -205,9 +275,9 @@ class TemporarilyUnavailableError(OAuth2Error):
error = 'temporarily_unavailable'
class InvalidClientError(OAuth2Error):
"""Client authentication failed (e.g. unknown client, no client
class InvalidClientError(FatalClientError):
"""
Client authentication failed (e.g. unknown client, no client
authentication included, or unsupported authentication method).
The authorization server MAY return an HTTP 401 (Unauthorized) status
code to indicate which HTTP authentication schemes are supported.
@ -222,42 +292,103 @@ class InvalidClientError(OAuth2Error):
class InvalidGrantError(OAuth2Error):
"""The provided authorization grant (e.g. authorization code, resource
"""
The provided authorization grant (e.g. authorization code, resource
owner credentials) or refresh token is invalid, expired, revoked, does
not match the redirection URI used in the authorization request, or was
issued to another client.
https://tools.ietf.org/html/rfc6749#section-5.2
"""
error = 'invalid_grant'
status_code = 401
status_code = 400
class UnauthorizedClientError(OAuth2Error):
"""The authenticated client is not authorized to use this authorization
"""
The authenticated client is not authorized to use this authorization
grant type.
"""
error = 'unauthorized_client'
status_code = 401
class UnsupportedGrantTypeError(OAuth2Error):
"""The authorization grant type is not supported by the authorization
"""
The authorization grant type is not supported by the authorization
server.
"""
error = 'unsupported_grant_type'
class UnsupportedTokenTypeError(OAuth2Error):
"""The authorization server does not support the revocation of the
"""
The authorization server does not support the hint of the
presented token type. I.e. the client tried to revoke an access token
on a server not supporting this feature.
"""
error = 'unsupported_token_type'
class InvalidTokenError(OAuth2Error):
"""
The access token provided is expired, revoked, malformed, or
invalid for other reasons. The resource SHOULD respond with
the HTTP 401 (Unauthorized) status code. The client MAY
request a new access token and retry the protected resource
request.
"""
error = 'invalid_token'
status_code = 401
description = ("The access token provided is expired, revoked, malformed, "
"or invalid for other reasons.")
class InsufficientScopeError(OAuth2Error):
"""
The request requires higher privileges than provided by the
access token. The resource server SHOULD respond with the HTTP
403 (Forbidden) status code and MAY include the "scope"
attribute with the scope necessary to access the protected
resource.
"""
error = 'insufficient_scope'
status_code = 403
description = ("The request requires higher privileges than provided by "
"the access token.")
class ConsentRequired(OAuth2Error):
"""
The Authorization Server requires End-User consent.
This error MAY be returned when the prompt parameter value in the
Authentication Request is none, but the Authentication Request cannot be
completed without displaying a user interface for End-User consent.
"""
error = 'consent_required'
class LoginRequired(OAuth2Error):
"""
The Authorization Server requires End-User authentication.
This error MAY be returned when the prompt parameter value in the
Authentication Request is none, but the Authentication Request cannot be
completed without displaying a user interface for End-User authentication.
"""
error = 'login_required'
class CustomOAuth2Error(OAuth2Error):
"""
This error is a placeholder for all custom errors not described by the RFC.
Some of the popular OAuth2 providers are using custom errors.
"""
def __init__(self, error, *args, **kwargs):
self.error = error
super().__init__(*args, **kwargs)
def raise_from_error(error, params=None):
import inspect
import sys
@ -269,3 +400,4 @@ def raise_from_error(error, params=None):
for _, cls in inspect.getmembers(sys.modules[__name__], inspect.isclass):
if cls.error == error:
raise cls(**kwargs)
raise CustomOAuth2Error(error=error, **kwargs)