a \`n4@sdZddlZddlZddlZddlZddlZddlmZddlm Z m Z m ZddlmZzddlmZddlmZWn*eyddlmZddlmZYn0d Zd Zed ejZed Zd ZedZd:ddZ ddZ ddZ ddZ ddZ!e"ee"dBZ#ddZ$ddZ%dd Z&d!d"Z'd#efd$d%Z(d&d'Z)d(d)Z*d#efd*d+Z+d,d-Z,d;d/d0Z-d1d2Z.dabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789z_ !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}z&([^&;]*(?:password|token)[^=]*=)[^&;]+z&%[^0-9A-Fa-f]|%[0-9A-Fa-f][^0-9A-Fa-f]zAABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-Zoauthlib/cCs:t|tr|dn|}t||}t|tr6|d}|SNutf-8) isinstancestrencode_quotebytesdecode)ssafer3/usr/lib/python3.9/site-packages/oauthlib/common.pyr-s    rcCs t|}t|tr|d}|Sr )_unquoter rr)rrrrr7s  rcCs,t|}t|}t|tr|S|dSdSr )encode_params_utf8 _urlencoder rr)paramsZ utf8_params urlencodedrrrrAs  rcCsLg}|D]>\}}|t|tr(|dn|t|tr>|dn|fq|S)ziEnsures that all parameters in a list of 2-element tuples are encoded to bytestrings using UTF-8 r )appendr rr)rZencodedkvrrrrJs rcCsLg}|D]>\}}|t|tr(|dn|t|tr>|dn|fq|S)zfEnsures that all parameters in a list of 2-element tuples are decoded to unicode using UTF-8. r )rr rr)rZdecodedrrrrrdecode_params_utf8Vs rz=&;:%+~,*@!()/?'$cCsT|r,t|tks,d}t|t|t|ft|r>tdtj|dd}t|S)aDecode a query string in x-www-form-urlencoded format into a sequence of two-element tuples. Unlike urlparse.parse_qsl(..., strict_parsing=True) urldecode will enforce correct formatting of the query string by validation. If validation fails a ValueError will be raised. urllib.parse_qsl will only raise errors if any of name-value pairs omits the equals sign. zError trying to decode a non urlencoded string. Found invalid characters: %s in the string: '%s'. Please ensure the request/response body is x-www-form-urlencoded.z%Invalid hex encoding in query string.Tkeep_blank_values)setr ValueErrorINVALID_HEX_PATTERNsearchurlparse parse_qslr)queryerrorrrrr urldecodees  r*cCst|ttfr4z t|}Wqty0d}Yq0njt|drz t|Wn*ty`d}Yqtytd}Yq0tt|tr| n|}t |}nd}|S)a*Extract parameters and return them as a list of 2-tuples. Will successfully extract parameters from urlencoded query strings, dicts, or lists of 2-tuples. Empty strings/dicts/lists will return an empty list of parameters. Any other input will result in a return value of None. N__iter__) r rrr*r#hasattrdict TypeErrorlistitemsr)rawrrrrextract_paramss          r2cCstttdtS)aGenerate pseudorandom nonce that is unlikely to repeat. Per `section 3.3`_ of the OAuth 1 RFC 5849 spec. Per `section 3.2.1`_ of the MAC Access Authentication spec. A random 64-bit number is appended to the epoch timestamp for both randomness and to decrease the likelihood of collisions. .. _`section 3.2.1`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-3.2.1 .. _`section 3.3`: https://tools.ietf.org/html/rfc5849#section-3.3 @)rrgenerate_timestamprrrrgenerate_nonces r5cCstttS)aDGet seconds since epoch (UTC). Per `section 3.3`_ of the OAuth 1 RFC 5849 spec. Per `section 3.2.1`_ of the MAC Access Authentication spec. .. _`section 3.2.1`: https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01#section-3.2.1 .. _`section 3.3`: https://tools.ietf.org/html/rfc5849#section-3.3 )rinttimerrrrr4s r4cs$tdfddt|DS)aXGenerates a non-guessable OAuth token OAuth (1 and 2) does not specify the format of tokens except that they should be strings of random characters. Tokens should not be guessable and entropy when generating the random characters is important. Which is why SystemRandom is used instead of the default random.choice method. c3s|]}VqdSN)choice).0xcharsZrandrr z!generate_token..)rjoinrangelengthr?rr>rgenerate_tokensrFcCsTddl}tj}|j|tj|jdd}||j|||d}t |d}|S)Nr)Zseconds)scopeZexpRS256UTF-8) jwtdatetimeZutcnowrGZ timedeltaZ expires_inupdateclaimsr to_unicode)Z private_pemZrequestrJZnowrMtokenrrrgenerate_signed_tokens   rPcCsddl}|j||dgdS)NrrH)Z algorithms)rJr)Z public_pemrOrJrrrverify_signed_tokensrQcCs t||S)zGenerates an OAuth client_id OAuth 2 specify the format of client_id in https://tools.ietf.org/html/rfc6749#appendix-A. )rFrDrrrgenerate_client_idsrRcCs2t|tr|}tj|dd}||t|S)z)Extend a query with a list of two-tuples.Tr )r r-r0r&r'extendr)r(rZ queryparamsrrradd_params_to_qss   rTFc CsFt|\}}}}}}|r&t||}n t||}t||||||fS)z5Add a list of two-tuples to the uri query components.)r&rT urlunparse) urirfragmentZschZnetpathZparr(Zfrarrradd_params_to_uris   rYcCsHt|t|krdSd}t||D]\}}|t|t|AO}q"|dkS)a Near-constant time string comparison. Used in order to avoid timing attacks on sensitive information such as secret keys during request verification (`rootLabs`_). .. _`rootLabs`: http://rdist.root.org/2010/01/07/timing-independent-array-comparison/ Fr)lenzipord)abresultr=yrrrsafe_string_equalss rarIcst|tr|St|tr$t|dSt|drz t|Wn4tyLYnHtynfdd|DYS0t|dr|}fdd|DS|S)z:Convert a number of different types of objects to unicode.encodingr+c3s|]}t|VqdSr:rN)r<irbrrr@rAzto_unicode..r0cs"i|]\}}t|t|qSrrd)r<rrrbrr $rAzto_unicode..)r rrr,r-r.r#r0)datarcrrbrrNs        rNcsbeZdZdZiZddZddZfddZfdd Zdd d Z fd dZ fddZ Z S)CaseInsensitiveDictz3Basic case insensitive dict with strings only keys.cCs*dd|D|_|D]}||||<qdS)NcSsi|]}||qSr)lower)r<rrrrrf0rAz0CaseInsensitiveDict.__init__..)proxy)selfrgrrrr__init__/szCaseInsensitiveDict.__init__cCs||jvSr:)rirj)rkrrrr __contains__4sz CaseInsensitiveDict.__contains__cs*|j|}t||j|=dSr:)rjrisuper __delitem__rkrkey __class__rrro7s zCaseInsensitiveDict.__delitem__cs|j|}t|Sr:)rjrirn __getitem__rprrrrrt<szCaseInsensitiveDict.__getitem__NcCs||vr||S|Sr:r)rkrdefaultrrrget@szCaseInsensitiveDict.getcs t||||j|<dSr:)rn __setitem__rjri)rkrrrrrrrwCszCaseInsensitiveDict.__setitem__cs8tj|i|t|i|D]}||j|<q dSr:)rnrLr-rjri)rkargskwargsrrrrrrLGszCaseInsensitiveDict.update)N) __name__ __module__ __qualname____doc__rjrlrmrortrvrwrL __classcell__rrrrrrh)s    rhc@sNeZdZdZdddZddZd d Zed d Zed dZ eddZ dS)Requesta:A malleable representation of a signable HTTP request. Body argument may contain any data, but parameters will only be decoded if they are one of: * urlencoded query string * dict * list of 2-tuples Anything else will be treated as raw body data to be passed through unmolested. GETNr csfdd}|||_|||_t||p*i|_|||_t|j|_g|_i|_ddddddddddddddddddddddddddddddd|_ |j t t |j |j t |jpgdS)Ncsrt|S|Sr:rd)r=rbrr_rAz"Request.__init__..)Z access_tokenZclientZ client_idZ client_secretcodeZcode_challengeZcode_challenge_methodZ code_verifierZextra_credentialsZ grant_typeZ redirect_uriZ refresh_tokenZ request_tokenZ response_typerGZscopesstaterOuserZtoken_type_hintZ response_modeZnonceZdisplaypromptrMZmax_ageZ ui_localesZ id_token_hintZ login_hintZ acr_values)rV http_methodrhheadersbodyr2 decoded_bodyZ oauth_paramsZ validator_log_paramsrLr-r* uri_query)rkrVrrrrcrrrbrrl\sR     "zRequest.__init__cCs ||jvr|j|St|dSr:)rAttributeError)rknamerrr __getattr__s  zRequest.__getattr__cCsRts dS|j}|j}|r.tdt|}d|vr>d|d<d|j|j ||S)Nzz Z Authorizationz zF) rrrcopySANITIZE_PATTERNsubrformatrVr)rkrrrrr__repr__s  zRequest.__repr__cCst|jjSr:)r&rVr(rkrrrrszRequest.uri_querycCs|js gStj|jdddS)NT)r!strict_parsing)rr&r'rrrruri_query_paramss  zRequest.uri_query_paramscCsPtt}dd|jpg|jD}|D]}||d7<q(dd|DS)Ncss|]}|dVqdS)rNr)r<prrrr@sz+Request.duplicate_params..rcSsg|]\}}|dkr|qS)rr)r<rcrrr rAz,Request.duplicate_params..) collections defaultdictr6rrr0)rkZ seen_keysZall_keysrrrrduplicate_paramss zRequest.duplicate_params)rNNr ) rzr{r|r}rlrrpropertyrrrrrrrrMs  2   r)r )F)rI)3r}rrKZloggingrer7 urllib.parseparser&rrrrrrr9rZsecretsrr ImportErrorZrandomr ZUNICODE_ASCII_CHARACTER_SETZCLIENT_ID_CHARACTER_SETcompile IGNORECASErr$Z always_safeZ getLoggerlogrrr"rr*r2r5r4rFrPrQrRrTrYrarNr-rhrrrrrsP            !     $