&g|]ddlZddlmZmZddlmZmZddlmZddlmZm Z ddl Z ej e Z GddeZGdd e jZdS) N)generate_token urldecode)WebApplicationClientInsecureTransportError)LegacyApplicationClient)TokenExpiredErroris_secure_transportceZdZfdZxZS) TokenUpdatedcdtt|||_dSN)superr __init__token)selfr __class__s R/var/www/api/venv/lib/python3.11/site-packages/requests_oauthlib/oauth2_session.pyrzTokenUpdated.__init__ s* lD!!**,,, )__name__ __module__ __qualname__r __classcell__rs@rr r s8rr ceZdZdZ dfd ZedZejdZdZedZ e jdZ e j d Z ed Z e jd Z ed Z e jd Z e j dZ edZ ddZ ddZdZ ddZ dfd ZdZxZS) OAuth2Sessiona*Versatile OAuth 2 extension to :class:`requests.Session`. Supports any grant type adhering to :class:`oauthlib.oauth2.Client` spec including the four core OAuth 2 grants. Can be used to create authorization urls, fetch tokens and access protected resources using the :class:`requests.Session` interface you are used to. - :class:`oauthlib.oauth2.WebApplicationClient` (default): Authorization Code Grant - :class:`oauthlib.oauth2.MobileApplicationClient`: Implicit Grant - :class:`oauthlib.oauth2.LegacyApplicationClient`: Password Credentials Grant - :class:`oauthlib.oauth2.BackendApplicationClient`: Client Credentials Grant Note that the only time you will be using Implicit Grant from python is if you are driving a user agent able to obtain URL fragments. Nc  tt|jdi| |pt|||_|pi|_||_||_|pt|_ ||_ ||_ |pi|_ | |_ | |_|jdvr-td|j|jd|_t't't't't'd|_dS)aConstruct a new OAuth 2 client session. :param client_id: Client id obtained during registration :param client: :class:`oauthlib.oauth2.Client` to be used. Default is WebApplicationClient which is useful for any hosted application but not mobile or desktop. :param scope: List of scopes you wish to request access to :param redirect_uri: Redirect URI you registered as callback :param token: Token dictionary, must include access_token and token_type. :param state: State string used to prevent CSRF. This will be given when creating the authorization url and must be supplied when parsing the authorization response. Can be either a string or a no argument callable. :auto_refresh_url: Refresh token endpoint URL, must be HTTPS. Supply this if you wish the client to automatically refresh your access tokens. :auto_refresh_kwargs: Extra arguments to pass to the refresh token endpoint. :token_updater: Method with one argument, token, to be used to update your token database on automatic token refresh. If not set a TokenUpdated warning will be raised when a token has been refreshed. This warning will carry the token in its token argument. :param pkce: Set "S256" or "plain" to enable PKCE. Default is disabled. :param kwargs: Arguments to pass to the Session constructor. )r)S256plainNzWrong value for {}(.., pkce={})c|Sr )rs rz(OAuth2Session.__init__..^sar)access_token_responserefresh_token_responseprotected_requestrefresh_token_requestaccess_token_requestNr )rrrr_clientr_scope redirect_urirstate_stateauto_refresh_urlauto_refresh_kwargs token_updater_pkceAttributeErrorformatrauthsetcompliance_hook) r client_idclientr-r.scoper*rr+r/pkcekwargsrs rrzOAuth2Session.__init__$s R ,mT""+55f555M!5iu!M!M!M [b  (,n  0#6#<" * :4 4 4 !B!I!I$.Z^Zd!e!eff f K &)UU&)ee!$%(UU$'EE   rcH|j|jS|j |jjSdS)zBBy default the scope from the client is used, except if overriddenN)r)r(r8rs rr8zOAuth2Session.scopejs, ; ";  \ %<% %4rc||_dSr )r))rr8s rr8zOAuth2Session.scopets  rc ||_td|jn<#t$r/|j|_td|jYnwxYw|jS)z6Generates a state string to be used in authorizations.zGenerated new state %s.z&Re-using previously supplied state %s.)r+r,logdebug TypeErrorr<s r new_statezOAuth2Session.new_statexs M**,,DK II/ = = = = M M M*DK II> L L L L L M{s9<6A54A5c.t|jddS)Nr6getattrr(r<s rr6zOAuth2Session.client_idst|[$777rc||j_dSr r(r6rvalues rr6zOAuth2Session.client_ids!& rc|j`dSr rGr<s rr6zOAuth2Session.client_ids L " " "rc.t|jddS)NrrDr<s rrzOAuth2Session.tokenst|Wd333rcR||j_|j|dSr )r(rpopulate_token_attributesrHs rrzOAuth2Session.tokens("  ..u55555rc.t|jddS)N access_tokenrDr<s rrOzOAuth2Session.access_tokenst|^T:::rc||j_dSr r(rOrHs rrOzOAuth2Session.access_tokens$) !!!rc|j`dSr rQr<s rrOzOAuth2Session.access_tokens L % % %rc*t|jS)aBoolean that indicates whether this session has an OAuth token or not. If `self.authorized` is True, you can reasonably expect OAuth-protected requests to the resource to succeed. If `self.authorized` is False, you need the user to go through the OAuth authentication dance before OAuth-protected requests to the resource will succeed. )boolrOr<s r authorizedzOAuth2Session.authorizedsD%&&&rc &|p|}|jrR|jd|_|j|d<|j|j|j|d<|jj|f|j|j|d||fS)aFForm an authorization URL. :param url: Authorization endpoint url, must be HTTPS. :param state: An optional state string for CSRF protection. If not given it will be generated for you. :param kwargs: Extra parameters to include. :return: authorization_url, state +code_challenge_method) code_verifierrXcode_challenge)r*r8r+) rBr0r(create_code_verifier_code_verifiercreate_code_challengeprepare_request_urir*r8)rurlr+r:s rauthorization_urlzOAuth2Session.authorization_urls))) : "&,"C"CB"G"GD .2jF* +'+|'I'I"1&*j(J((F# $ -DL , !.j          rPOSTFc t|st|s0|r.|j||j|jj}n9|s7t |jtr|jj}|std|j r |j td|j |d<t |jtr"|td|td|||d<|||d <||d }nN|d urJ|j }|rAtd |||nd }tj||}|r|||d<|jjd%|||j|d|}| pddd} i|_i}|dkr$t-t/||| rdnd<nG|dkr t-t/||d<ntd|jdD].}td|||| |\}} }/|jd%||| | || | |d|}td|jtd|jjtd|jjtd|jjtd|j|jtd t?|jd!|jd!D](}td"|||})|j |j|j!#|jj|_td$|j|jS)&a Generic method for fetching an access token from the token endpoint. If you are using the MobileApplicationClient you will want to use `token_from_fragment` instead of `fetch_token`. The current implementation enforces the RFC guidelines. :param token_url: Token endpoint URL, must use HTTPS. :param code: Authorization code (used by WebApplicationClients). :param authorization_response: Authorization response URL, the callback URL of the request back to you. Used by WebApplicationClients instead of code. :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by `requests`. :param username: Username required by LegacyApplicationClients to appear in the request body. :param password: Password required by LegacyApplicationClients to appear in the request body. :param method: The HTTP method used to make the request. Defaults to POST, but may also be GET. Other methods should be added as needed. :param force_querystring: If True, force the request body to be sent in the querystring instead. :param timeout: Timeout of the request in seconds. :param headers: Dict to default request headers with. :param verify: Verify SSL certificate. :param proxies: The `proxies` argument is passed onto `requests`. :param include_client_id: Should the request body include the `client_id` parameter. Default is `None`, which will attempt to autodetect. This can be forced to always include (True) or never include (False). :param client_secret: The `client_secret` paired to the `client_id`. This is generally required unless provided in the `auth` tuple. If the value is `None`, it will be omitted from the request, however if the value is an empty string, an empty string will be sent. :param cert: Client certificate to send for OAuth 2.0 Mutual-TLS Client Authentication (draft-ietf-oauth-mtls). Can either be the path of a file containing the private key and certificate or a tuple of two filenames for certificate and key. :param kwargs: Extra parameters to include in the token request. :return: A token dict r+z?Please supply either code or authorization_response parameters.NzFCode verifier is not found, authorization URL must be generated beforerYzQ`LegacyApplicationClient` requires both the `username` and `password` parameters.zGThe required parameter `username` was supplied, but `password` was not.usernamepasswordFTzIEncoding `client_id` "%s" with `client_secret` as Basic auth credentials.ra client_secret)codebodyr*include_client_idapplication/json!application/x-www-form-urlencodedAcceptz Content-TyperbparamsdataGETz%The method kwarg must be POST or GET.r'z&Invoking access_token_request hook %s.)methodr_timeoutheadersr3verifyproxiescertz0Request to fetch token completed with status %s.zRequest url was %szRequest headers were %szRequest body was %s(Response headers were %s and content %s.!Invoking %d token response hooks.r#Invoking hook %s.r8zObtained token %s.r )"r rr(parse_request_uri_responser,rh isinstancer ValueErrorr0r\rr6r?r@requestsr3 HTTPBasicAuthprepare_request_bodyr*rupperdictrr5request status_coder_rtritextlenparse_request_body_responser8)r token_urlrhauthorization_responserir3rerfrrforce_querystringrsrtrurvrjrgrwr:r6request_kwargshookr!s r fetch_tokenzOAuth2Session.fetch_tokensB#9-- +(** * .  L 3 3&dk 4   <$DD *T\3GHH <$D  X : :"* \'+&9F? # dl$; < <  < .  !)F:   !)F:    !($)!!,, N QII5! 6C5NMMTVM#=66y-PPD  8(*7'0t|0 */       (?    <<>>V # #HL$IIN'8D88f E E\\^^u $ $'+IdOO'<' E E E157N22 .Iw DL    DamTTT & 666 +QY->??? '888  >   ()@A  D II)4 0 0 0QAA 00tz0JJJ\'  & 333zrct|j||j|jj|_|jS)zParse token from the URI fragment, used by MobileApplicationClients. :param authorization_response: The full URL of the redirect back to you :return: A token dict rd)r(r|r,r)rrs rtoken_from_fragmentz!OAuth2Session.token_from_fragments@ // "$+ 0   \' zrc |stdt|st|p|jd}t d|j| |j|j j d|||j d| }t d||ddd }|j d D].} t d | | |||\}}}/| |tt|||||d | } t d| jt d| j| jt dt'|j d|j dD](} t d| | | } )|j | j|j |_d|jvr$t d||jd<|jS)aFetch a new access token using a refresh token. :param token_url: The token endpoint, must be HTTPS. :param refresh_token: The refresh_token to use. :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by `requests`. :param timeout: Timeout of the request in seconds. :param headers: A dict of headers to be used by `requests`. :param verify: Verify SSL certificate. :param proxies: The `proxies` argument will be passed to `requests`. :param kwargs: Extra parameters to include in the token request. :return: A token dict z'No token endpoint set for auto_refresh. refresh_tokenz*Adding auto refresh key word arguments %s.)rirr8z&Prepared refresh token request body %sNrkrlrmr&z'Invoking refresh_token_request hook %s.T)rpr3rsrtruwithhold_tokenrvz2Request to refresh token completed with status %s.rxryr$rzr{z)No new refresh token given. Re-using old.r )r~r rrgetr?r@r.updater(prepare_refresh_bodyr8r5postrrrrtrrr) rrrrir3rsrtrurvr:rr!s rrzOAuth2Session.refresh_tokensb4 HFGG G"9-- +(** *%H)H)H  8$:R     d.///0t|0 ]$*  HN   :DAAA ?,!DG ()@A F FD II? F F F'+tIw'E'E $Iw II ioo&&   F VVV  ? ?   ()AB  D II)4 0 0 0QAA\==afDJ=WW $* , , IIA B B B*7DJ 'zrc  t|st|jr|stdt |jd|jdD].} td| | |||\}}}/td|j |j||||\}}}n#t$r|j rtd|j | dd} |r?|r=| ;td |tj ||} |j|j fd| i| } |jrYtd | |j|| |j||||\}}}nt#| YnwxYwtd ||td ||td | t%t&|j||f|||d| S)z>   ,-@A > > -t444%)T#w%=%="Wdd II3TZ @ @ @" %)\%;%;V$&<&&"Wdd%   (IIK- "::fd33D U]U  c% (}::9mTT.D.-48 6VDDD 4gtDDD :FCCC1u]D))1 C !(t5  DJ   s:"CDG/.G/c||jvrtd||j|j||dS)aRegister a hook for request/response tweaking. Available hooks are: access_token_response invoked before token parsing. refresh_token_response invoked before refresh token parsing. protected_request invoked before making a request. access_token_request invoked before making a token fetch request. refresh_token_request invoked before making a refresh request. If you find a new hook is needed please send a GitHub PR request or open an issue. zHook type %s is not in %s.N)r5r~add)r hook_typers rregister_compliance_hookz&OAuth2Session.register_compliance_hook:sR D0 0 0,i9M  Y'++D11111r) NNNNNNNNNNr )NNraNNNrbFNNNNNNN)NraNNNNN)NNFNNN)rrr__doc__rpropertyr8setterrBr6deleterrrOrUr`rrrrrrrs@rrrs&  D D D D D D LX \\88X8'''###44X4 \66\6;;X;***&&&''X'    >#   #OOOOb     MMMMfB B B B B B H2222222rr)loggingoauthlib.commonrroauthlib.oauth2rrrrr r getLoggerrr?Warningr Sessionrr rrrs55555555HHHHHHHH333333BBBBBBBBg!!7 y2y2y2y2y2H$y2y2y2y2y2r