관리-도구

편집 파일: access_token.cpython-39.opt-1.pyc

����\��`�$����������������������@���sN���d�Z�ddlZddlmZ�ddlmZ�ddlmZ�e�e	�Z
G�dd	��d	e�ZdS�)
aR��
oauthlib.oauth1.rfc5849.endpoints.access_token
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This module is an implementation of the access token provider logic of
OAuth 1.0 RFC 5849. It validates the correctness of access token requests,
creates and persists tokens as well as create the proper response to be
returned to the client.
�����N)�	urlencode����)�errors����)�BaseEndpointc�������������������@���s*���e�Zd�ZdZdd��Zd
dd�Zdd	��ZdS�)�AccessTokenEndpointa���An endpoint responsible for providing OAuth 1 access tokens.

Typical use is to instantiate with a request validator and invoke the
    ``create_access_token_response`` from a view function. The tuple returned
    has all information necessary (body, status, headers) to quickly form
    and return a proper response. See :doc:`/oauth1/validator` for details on which
    validator methods to implement for this endpoint.
    c�����������������C���sR���|�j��|j|�|_|����|����d�|j�d�}|�|��|�j��||��t|�	���S�)aH��Create and save a new access token.

Similar to OAuth 2, indication of granted scopes will be included as a
        space separated list in ``oauth_authorized_realms``.

:param request: OAuthlib request.
        :type request: oauthlib.common.Request
        :returns: The token as an urlencoded string.
        � )Zoauth_tokenZoauth_token_secretZoauth_authorized_realms)
�request_validatorZ
get_realms�resource_owner_keyZrealmsZtoken_generator�join�updateZsave_access_tokenr����items)�self�request�credentials�token��r����R/usr/lib/python3.9/site-packages/oauthlib/oauth1/rfc5849/endpoints/access_token.py�create_access_token ���s����
�
�
z'AccessTokenEndpoint.create_access_token�GETNc��������������
���C���s����ddi}zb|���||||�}|��|�\}}	|r\|��||p8i��}
|�j�|j|j|��||
dfW�S�i�ddfW�S�W�n4�tjy��}�z||j	|j
fW��Y�d}~S�d}~0�0�dS�)a��Create an access token response, with a new request token if valid.

:param uri: The full URI of the token request.
        :param http_method: A valid HTTP verb, i.e. GET, POST, PUT, HEAD, etc.
        :param body: The request body as a string.
        :param headers: The request headers as a dict.
        :param credentials: A list of extra credentials to include in the token.
        :returns: A tuple of 3 elements.
                  1. A dict of headers to set on the response.
                  2. The response body as a string.
                  3. The response status code as an integer.

An example of a valid request::

>>> from your_validator import your_validator
            >>> from oauthlib.oauth1 import AccessTokenEndpoint
            >>> endpoint = AccessTokenEndpoint(your_validator)
            >>> h, b, s = endpoint.create_access_token_response(
            ...     'https://your.provider/access_token?foo=bar',
            ...     headers={
            ...         'Authorization': 'OAuth oauth_token=234lsdkf....'
            ...     },
            ...     credentials={
            ...         'my_specific': 'argument',
            ...     })
            >>> h
            {'Content-Type': 'application/x-www-form-urlencoded'}
            >>> b
            'oauth_token=lsdkfol23w54jlksdef&oauth_token_secret=qwe089234lkjsdf&oauth_authorized_realms=movies+pics&my_specific=argument'
            >>> s
            200

An response to invalid request would have a different body and status::

>>> b
            'error=invalid_request&description=missing+resource+owner+key'
            >>> s
            400

The same goes for an an unauthorized request:

>>> b
            ''
            >>> s
            401
        zContent-Typez!application/x-www-form-urlencoded�����Ni���)Z_create_request�validate_access_token_requestr���r	���Zinvalidate_request_token�
client_keyr
���r���ZOAuth1ErrorZ
urlencodedZstatus_code)r���ZuriZhttp_method�bodyZheadersr���Zresp_headersr���ZvalidZprocessed_requestr����er���r���r����create_access_token_response6���s"����0��z0AccessTokenEndpoint.create_access_token_responsec�����������������C���sx��|���|��|��|��|js&tjdd��|�j�|j�s@tjdd��|jsRtjdd��|�j�|j�sltjdd��|�jj	|j
|j|j||jd�s�d|fS�|�j�
|j
|�}|s�|�jj|_
|�j�|j
|j|�}|s�|�jj|_|�j�|j
|j|j|�}|�j|dd	�}||jd
<�||jd<�||jd<�||jd
<�t||||f�}|�spt�d��t�d|��t�d|��t�d|��t�d|��||fS�)aJ��Validate an access token request.

:param request: OAuthlib request.
        :type request: oauthlib.common.Request
        :raises: OAuth1Error if the request is invalid.
        :returns: A tuple of 2 elements.
                  1. The validation result (True or False).
                  2. The request object.
        zMissing resource owner.)�descriptionz"Invalid resource owner key format.zMissing verifier.zInvalid verifier format.)Z
request_tokenFT)Zis_token_requestZclientZresource_owner�verifierZ	signaturez&[Failure] request verification failed.zValid client:, %szValid token:, %szValid verifier:, %szValid signature:, %s)Z_check_transport_securityZ_check_mandatory_parametersr
���r���ZInvalidRequestErrorr	���Zcheck_request_tokenr���Zcheck_verifierZvalidate_timestamp_and_noncer���Z	timestampZnonceZvalidate_client_keyZdummy_clientZvalidate_request_tokenZdummy_request_tokenZvalidate_verifierZ_check_signatureZ
validator_log�all�log�info)r���r���Zvalid_clientZvalid_resource_ownerZvalid_verifierZvalid_signature�vr���r���r���r���w���sp����

������	�
	
�
�

�
z1AccessTokenEndpoint.validate_access_token_request)r���NNN)�__name__�
__module__�__qualname__�__doc__r���r���r���r���r���r���r���r������s���	���
Ar���)r%���ZloggingZoauthlib.commonr�����r����baser���Z	getLoggerr"���r���r���r���r���r���r����<module>���s���