o Rh|]@s|ddlZddlmZmZddlmZmZddlmZddlmZm Z ddl Z e e Z GdddeZGdd d e jZdS) N)generate_token urldecode)WebApplicationClientInsecureTransportError)LegacyApplicationClient)TokenExpiredErroris_secure_transportcseZdZfddZZS) TokenUpdatedcstt|||_dSN)superr __init__token)selfr  __class__b/home/air/sanwanet/backup_V2/venv/lib/python3.10/site-packages/requests_oauthlib/oauth2_session.pyr s zTokenUpdated.__init__)__name__ __module__ __qualname__r __classcell__rrrrr sr csBeZdZdZ          d&fdd ZeddZejddZdd Zed d Z e jd d Z e j d d Z eddZ e jddZ eddZ e jddZ e j ddZ eddZ d'ddZ               d(ddZddZ       d)d d!Z      d*fd"d# Zd$d%ZZS)+ OAuth2Sessiona*Versatile OAuth 2 extension to :class:`requests.Session`. Supports any grant type adhering to :class:`oauthlib.oauth2.Client` spec including the four core OAuth 2 grants. Can be used to create authorization urls, fetch tokens and access protected resources using the :class:`requests.Session` interface you are used to. - :class:`oauthlib.oauth2.WebApplicationClient` (default): Authorization Code Grant - :class:`oauthlib.oauth2.MobileApplicationClient`: Implicit Grant - :class:`oauthlib.oauth2.LegacyApplicationClient`: Password Credentials Grant - :class:`oauthlib.oauth2.BackendApplicationClient`: Client Credentials Grant Note that the only time you will be using Implicit Grant from python is if you are driving a user agent able to obtain URL fragments. Nc  stt|jdi| |pt||d|_|pi|_||_||_|p"t|_ ||_ ||_ |p-i|_ | |_ | |_|jdvrDtd|j|jdd|_tttttd|_dS) aConstruct a new OAuth 2 client session. :param client_id: Client id obtained during registration :param client: :class:`oauthlib.oauth2.Client` to be used. Default is WebApplicationClient which is useful for any hosted application but not mobile or desktop. :param scope: List of scopes you wish to request access to :param redirect_uri: Redirect URI you registered as callback :param token: Token dictionary, must include access_token and token_type. :param state: State string used to prevent CSRF. This will be given when creating the authorization url and must be supplied when parsing the authorization response. Can be either a string or a no argument callable. :auto_refresh_url: Refresh token endpoint URL, must be HTTPS. Supply this if you wish the client to automatically refresh your access tokens. :auto_refresh_kwargs: Extra arguments to pass to the refresh token endpoint. :token_updater: Method with one argument, token, to be used to update your token database on automatic token refresh. If not set a TokenUpdated warning will be raised when a token has been refreshed. This warning will carry the token in its token argument. :param pkce: Set "S256" or "plain" to enable PKCE. Default is disabled. :param kwargs: Arguments to pass to the Session constructor. )r )S256plainNzWrong value for {}(.., pkce={})cSs|Sr r)rrrr^sz(OAuth2Session.__init__..)access_token_responserefresh_token_responseprotected_requestrefresh_token_requestaccess_token_requestNr)r rr r_clientr _scope redirect_urirstate_stateauto_refresh_urlauto_refresh_kwargs token_updater_pkceAttributeErrorformatrauthsetcompliance_hook) r client_idclientr&r'scoper#r r$r(pkcekwargsrrrr $s()      zOAuth2Session.__init__cCs&|jdur|jS|jdur|jjSdS)zBBy default the scope from the client is used, except if overriddenN)r"r!r1rrrrr1js  zOAuth2Session.scopecCs ||_dSr )r")rr1rrrr1t cCsNz||_td|jW|jSty&|j|_td|jY|jSw)z6Generates a state string to be used in authorizations.zGenerated new state %s.z&Re-using previously supplied state %s.)r$r%logdebug TypeErrorr4rrr new_statexs  zOAuth2Session.new_statecCt|jddS)Nr/getattrr!r4rrrr/zOAuth2Session.client_idcC ||j_dSr r!r/rvaluerrrr/ cC |j`dSr r?r4rrrr/r5cCr:)Nr r;r4rrrr r=zOAuth2Session.tokencCs||j_|j|dSr )r!r populate_token_attributesr@rrrr scCr:)N access_tokenr;r4rrrrEr=zOAuth2Session.access_tokencCr>r r!rEr@rrrrErBcCrCr rFr4rrrrEr5cCs t|jS)aBoolean that indicates whether this session has an OAuth token or not. If `self.authorized` is True, you can reasonably expect OAuth-protected requests to the resource to succeed. If `self.authorized` is False, you need the user to go through the OAuth authentication dance before OAuth-protected requests to the resource will succeed. )boolrEr4rrr authorizeds zOAuth2Session.authorizedcKsf|p|}|jr!|jd|_|j|d<|jj|j|jd|d<|jj|f|j|j|d||fS)aFForm an authorization URL. :param url: Authorization endpoint url, must be HTTPS. :param state: An optional state string for CSRF protection. If not given it will be generated for you. :param kwargs: Extra parameters to include. :return: authorization_url, state +code_challenge_method) code_verifierrJcode_challenge)r#r1r$) r9r)r!create_code_verifier_code_verifiercreate_code_challengeprepare_request_urir#r1)rurlr$r3rrrauthorization_urls&   zOAuth2Session.authorization_urlPOSTFc Kst|st|s|r|jj||jd|jj}n|s+t|jtr+|jj}|s+td|j r<|j dur7td|j |d<t|jt rR|durJtd|durRtd|durZ||d<|durb||d <|durm|durld }n|d ur|j }|rt d ||dur|nd }tj||}|r|dur||d<|jjd%|||j|d|}| pddd} i|_i}|dkrtt||| rdnd<n|dkrtt||d<ntd|jdD]}t d|||| |\}} }q|jd%||| | || | |d|}t d|jt d|jjt d|jjt d|jjt d|j|jt d t|jd!|jd!D] }t d"|||}q6|jj |j|j!d#|jj|_t d$|j|jS)&a Generic method for fetching an access token from the token endpoint. If you are using the MobileApplicationClient you will want to use `token_from_fragment` instead of `fetch_token`. The current implementation enforces the RFC guidelines. :param token_url: Token endpoint URL, must use HTTPS. :param code: Authorization code (used by WebApplicationClients). :param authorization_response: Authorization response URL, the callback URL of the request back to you. Used by WebApplicationClients instead of code. :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by `requests`. :param username: Username required by LegacyApplicationClients to appear in the request body. :param password: Password required by LegacyApplicationClients to appear in the request body. :param method: The HTTP method used to make the request. Defaults to POST, but may also be GET. Other methods should be added as needed. :param force_querystring: If True, force the request body to be sent in the querystring instead. :param timeout: Timeout of the request in seconds. :param headers: Dict to default request headers with. :param verify: Verify SSL certificate. :param proxies: The `proxies` argument is passed onto `requests`. :param include_client_id: Should the request body include the `client_id` parameter. Default is `None`, which will attempt to autodetect. This can be forced to always include (True) or never include (False). :param client_secret: The `client_secret` paired to the `client_id`. This is generally required unless provided in the `auth` tuple. If the value is `None`, it will be omitted from the request, however if the value is an empty string, an empty string will be sent. :param cert: Client certificate to send for OAuth 2.0 Mutual-TLS Client Authentication (draft-ietf-oauth-mtls). Can either be the path of a file containing the private key and certificate or a tuple of two filenames for certificate and key. :param kwargs: Extra parameters to include in the token request. :return: A token dict r$z?Please supply either code or authorization_response parameters.NzFCode verifier is not found, authorization URL must be generated beforerKzQ`LegacyApplicationClient` requires both the `username` and `password` parameters.zGThe required parameter `username` was supplied, but `password` was not.usernamepasswordFTzIEncoding `client_id` "%s" with `client_secret` as Basic auth credentials.rS client_secret)codebodyr#include_client_idapplication/json!application/x-www-form-urlencodedAcceptz Content-TyperTparamsdataGETz%The method kwarg must be POST or GET.r z&Invoking access_token_request hook %s.)methodrQtimeoutheadersr,verifyproxiescertz0Request to fetch token completed with status %s.zRequest url was %szRequest headers were %szRequest body was %s(Response headers were %s and content %s.!Invoking %d token response hooks.rInvoking hook %s.r1zObtained token %s.r)"rrr!parse_request_uri_responser%rY isinstancer ValueErrorr)rNrr/r6r7requestsr, HTTPBasicAuthprepare_request_bodyr#r upperdictrr.request status_coderQrerZtextlenparse_request_body_responser1)r token_urlrYauthorization_responserZr,rVrWrcforce_querystringrdrerfrgr[rXrhr3r/request_kwargshookrrrr fetch_tokensA              zOAuth2Session.fetch_tokencCs"|jj||jd|jj|_|jS)zParse token from the URI fragment, used by MobileApplicationClients. :param authorization_response: The full URL of the redirect back to you :return: A token dict rU)r!rmr%r )rr{rrrtoken_from_fragments  z!OAuth2Session.token_from_fragmentc Ksb|stdt|s t|p|jd}td|j| |j|j j d|||j d| }td||dur?ddd }|j d D]} td | | |||\}}}qD|j |tt|||||d |d } td| jtd| j| jtdt|j d|j dD] } td| | | } q|j j| j|j d|_d|jvrtd||jd<|jS)aFetch a new access token using a refresh token. :param token_url: The token endpoint, must be HTTPS. :param refresh_token: The refresh_token to use. :param body: Optional application/x-www-form-urlencoded body to add the include in the token request. Prefer kwargs over body. :param auth: An auth tuple or method as accepted by `requests`. :param timeout: Timeout of the request in seconds. :param headers: A dict of headers to be used by `requests`. :param verify: Verify SSL certificate. :param proxies: The `proxies` argument will be passed to `requests`. :param kwargs: Extra parameters to include in the token request. :return: A token dict z'No token endpoint set for auto_refresh. refresh_tokenz*Adding auto refresh key word arguments %s.)rZrr1z&Prepared refresh token request body %sNr\r]r^rz'Invoking refresh_token_request hook %s.T)rar,rdrerfwithhold_tokenrgz2Request to refresh token completed with status %s.rirjrrkrlz)No new refresh token given. Re-using old.r)rorrr getr6r7r'updater!prepare_refresh_bodyr1r.postrtrrvrerwrxry) rrzrrZr,rdrerfrgr3r~rrrrrs\           zOAuth2Session.refresh_tokenc st|st|jr|stdt|jd|jdD]} td| | |||\}}}qtd|jz|jj||||d\}}}Wn]t y|j rtd|j | dd} |rp|rp| durptd |t j ||} |j|j fd| i| } |jrtd | |j|| |jj||||d\}}}nt| Ynwtd ||td ||td | tt|j||f|||d| S)zs