3 Zig$@sddlmZeZdddddddgZdd lZydd lmZWn ek rZdd l mZYnXdd l Z dd l Z dd l m Z dd l Z dd lmZdd lZydd lmZWn ek rdd lmZYnXyddlmZWn ek rddlmZYnXdd lZddlmZmZy dd lZWnek r:dd lZYnXeekrLeZneZddl m!Z!ddl"m#Z$m%Z%m&Z&m'Z'ddl(m)Z)dZ*dZ+dZ,dZ-d7Z.e/e0e1fZ2ddZ3ddZ4Gddde&Z5Gddde$Z#Gddde$Z6Gd dde7Z8Gd!d"d"e8Z9Gd#d$d$e8Z:Gd%dde7Z;Gd&dde;ZGd)d*d*e>Z?Gd+d,d,e>Z@Gd-d.d.e>ZAGd/d0d0e>ZBGd1d2d2e>ZCGd3d4d4e>ZDGd5d6d6e>ZEd S)8)print_function AccessTokenAnonymousAccessToken AuthorizeRequestTokenWithBrowserCredentialStoreRequestTokenAuthorizationEngineConsumer CredentialsN)StringIO)select)stdin) urlencode)urljoin) b64decode b64encode) HTTPError)rrOAuthAuthorizerSystemWideConsumer)urisz+request-tokenz +access-tokenz+authorize-token<cCsttjjddS)zWhether the user has disabled SSL certificate connection. Some testing servers have broken certificates. Rather than raising an error, we allow an environment variable, ``LP_DISABLE_SSL_CERTIFICATE_VALIDATION`` to disable the check. Z%LP_DISABLE_SSL_CERTIFICATE_VALIDATIONF)boolosenvirongetrr:/usr/lib/python3/dist-packages/launchpadlib/credentials.py$_ssl_certificate_validation_disabledXs rcCsDt}tj|dj|d|t|d\}}|jdkr cCs0t}|j||j}t|tr,|jd}|S)zeTurn this object into a string. This should probably be moved into OAuthAuthorizer. zutf-8)r savegetvalue isinstance unicode_typeencode)selfZsio serializedrrr serializes    zCredentials.serializecCs,|}t|ts|jd}|jt||S)z}Create a `Credentials` object from a serialized string. This should probably be moved into OAuthAuthorizer. zutf-8)r-r.decodeloadr )clsvalue credentialsrrr from_strings   zCredentials.from_stringc Cs|jdk std|jdks$tdtj|}t|jjddd}|t}d|i}||jkrbd|d <t |||\}}t |t r|j d }||jkrt j|}|dk r||d <tj||_|Stj||_d |t|jjf}|dk r||j_|d |7}|SdS)aRequest an OAuth token to Launchpad. Also store the token in self._request_token. This method must not be called on an object with no consumer specified or if an access token has already been obtained. :param context: The context of this token, that is, its scope of validity within Launchpad. :param web_root: The URL of the website on which the token should be requested. :token_format: How the token should be presented. URI_TOKEN_FORMAT means just return the URL to the page that authorizes the token. DICT_TOKEN_FORMAT means return a dictionary describing the token and the site's authentication policy. :return: If token_format is URI_TOKEN_FORMAT, the URL for the user to authorize the `AccessToken` provided by Launchpad. If token_format is DICT_TOKEN_FORMAT, a dict of information about the new access token. NzConsumer not specified.zAccess token already obtained. PLAINTEXT&)oauth_consumer_keyoauth_signature_methodoauth_signatureRefererzapplication/jsonZAcceptzutf-8z lp.contextz%s%s?oauth_token=%sz&lp.context=%s)consumerAssertionError access_tokenrlookup_web_rootr)keyrequest_token_pageDICT_TOKEN_FORMATr(r-bytesr3jsonloadsr from_params_request_tokenr8authorize_token_pagecontext) r0rLweb_root token_formatr%r$r r&r'rrrget_request_tokens6          zCredentials.get_request_tokencCsl|jdk stdtj|}t|jjd|jjd|jjd}|t}d|i}t |||\}}t j ||_ dS)adExchange the previously obtained request token for an access token. This method must not be called unless get_request_token() has been called and completed successfully. The access token will be stored as self.access_token. :param web_root: The base URL of the website that granted the request token. Nz5get_request_token() doesn't seem to have been called.r9z&%s)r;r< oauth_tokenr=r>) rJr@rrBr)r?rCsecretaccess_token_pager(rr8rA)r0rMr%r$r r&r'rrr'exchange_request_token_for_access_tokens  z3Credentials.exchange_request_token_for_access_token)__name__ __module__ __qualname____doc__rJZURI_TOKEN_FORMATrEZITEM_SEPARATORNEWLINEr2 classmethodr8rZSTAGING_WEB_ROOTrOrSrrrrr us  5c@s(eZdZdZeddZeddZdS)rzAn OAuth access token.cCs&|d}|d}|jd}||||S)z:Create and return a new `AccessToken` from the given dict.rPoauth_token_secretz lp.context)r)r5r%rCrQrLrrrrIs zAccessToken.from_paramscCst|ts|jd}tj|dd}|d}t|dks>td|d}|d}t|dksbtd |d}|jd }|d k rt|dkstd |d}||||S) zcCsdtkrddladS)aGEnsure the keyring module is imported (postponing side effects). The keyring module initializes the environment-dependent backend at import time (nasty). We want to avoid that initialization because it may do things like prompt the user to unlock their password store (e.g., KWallet). keyringrN)globalsrlrrrr_ensure_keyring_importedis z/KeyringCredentialStore._ensure_keyring_importedcCs6|j|j}|jt|}tjd||jddS)z2Store newly-authorized credentials in the keyring. launchpadlibzutf-8N)rnr2 B64MARKERrrlZ set_passwordr3)r0r7rjr1rrrrcvs zKeyringCredentialStore.do_savecCs|jtjd|}|dk rt|tr0|jd}|j|jrlyt|t |jd}Wnt k rjdSXyt j |}|SdSdS)z&Retrieve credentials from the keyring.roNutf8) rnrlZ get_passwordr-r.r/ startswithrprr\ TypeErrorr r8)r0rjZcredential_stringr7rrrris$    zKeyringCredentialStore.do_loadN) rTrUrVrWrp staticmethodrnrcrirrrrrk_s   rkcs2eZdZdZd fdd ZddZddZZS) UnencryptedFileCredentialStorezStore credentials unencrypted in a file on disk. This is a good solution for scripts that need to run without any user interaction. Ncstt|j|||_dS)N)r^rur_filename)r0rvrb)r`rrr_s z'UnencryptedFileCredentialStore.__init__cCs|j|jdS)zSave the credentials to disk.N)Z save_to_pathrv)r0r7rjrrrrcsz&UnencryptedFileCredentialStore.do_savecCs6tjj|jr2tj|jtjdk r2tj|jSdS)zLoad the credentials from disk.rN)rpathexistsrvstatST_SIZEr Zload_from_path)r0rjrrrris z&UnencryptedFileCredentialStore.do_load)N)rTrUrVrWr_rcrirarr)r`rrusruc@sJeZdZdZdZdddZeddZdd Zd d Z d d Z ddZ dS)ra/The superclass of all request token authorizers. This base class does not implement request token authorization, since that varies depending on how you want the end-user to authorize a request token. You'll need to subclass this class and implement `make_end_user_authorize_token`. Z UNAUTHORIZEDNcCstj||_tj||_|dkr0|dkr0td|dk rP|dk rPtd||f|dkrhdg}t|}n t|}|}||_||_ |pg|_ dS)aDBase class initialization. :param service_root: The root of the Launchpad instance being used. :param application_name: The name of the application that wants to use launchpadlib. This is used in conjunction with a desktop-wide integration. If you specify this argument, your values for consumer_name and allow_access_levels are ignored. :param consumer_name: The OAuth consumer name, for an application that wants its own point of integration into Launchpad. In almost all cases, you want to specify application_name instead and do a desktop-wide integration. The exception is when you're integrating a third-party website into Launchpad. :param allow_access_levels: A list of the Launchpad access levels to present to the user. ('READ_PUBLIC' and so on.) Your value for this argument will be ignored during a desktop-wide integration. :type allow_access_levels: A list of strings. Nz:You must provide either application_name or consumer_name.zZYou must provide only one of application_name and consumer_name. (You provided %r and %r.)ZDESKTOP_INTEGRATION) rZlookup_service_root service_rootZweb_root_for_service_rootrM ValueErrorrrr?application_nameallow_access_levels)r0r{r} consumer_namer~r?rrrr_s"    z(RequestTokenAuthorizationEngine.__init__cCs|jjd|jS)z7Return a string identifying this consumer on this host.@)r?rCr{)r0rrrrfsz2RequestTokenAuthorizationEngine.unique_consumer_idcCs>dt|f}d}t|jdkr2|||j|j7}t|j|S)zReturn the authorization URL for a request token. This is the URL the end-user must visit to authorize the token. How exactly does this happen? That depends on the subclass implementation. z%s?oauth_token=%sz&allow_permission=r)rKr\r~joinrrM)r0 request_tokenZpageZallow_permissionrrrauthorization_urls z1RequestTokenAuthorizationEngine.authorization_urlcCs6|j|}|j|||jdkr$dS|j||j|S)adAuthorize a token and associate it with the given credentials. If the credential store runs into a problem storing the credential locally, the `credential_save_failed` callback will be invoked. The callback will not be invoked if there's a problem authorizing the credentials. :param credentials: A `Credentials` object. If the end-user authorizes these credentials, this object will have its .access_token property set. :param credential_store: A `CredentialStore` object. If the end-user authorizes the credentials, they will be persisted locally using this object. :return: If the credentials are successfully authorized, the return value is the `Credentials` object originally passed in. Otherwise the return value is None. N)rOmake_end_user_authorize_tokenrAr+rf)r0r7Zcredential_storeZrequest_token_stringrrr__call__ s    z(RequestTokenAuthorizationEngine.__call__cCs|j|jtjd}|dS)z\Get a new request token from the server. :param return: The request token. )rMrNrP)rOrMr rE)r0r7Zauthorization_jsonrrrrO*s z1RequestTokenAuthorizationEngine.get_request_tokencCs tdS)a5Authorize the given request token using the given credentials. Your subclass must implement this method: it has no default implementation. Because an access token may expire or be revoked in the middle of a session, this method may be called at arbitrary points in a launchpadlib session, or even multiple times during a single session (with a different request token each time). In most cases, however, this method will be called at the beginning of a launchpadlib session, or not at all. N)rh)r0r7rrrrr4sz=RequestTokenAuthorizationEngine.make_end_user_authorize_token)NNN) rTrUrVrWZUNAUTHORIZED_ACCESS_LEVELr_propertyrfrrrOrrrrrrs 8  csFeZdZdZdZdZdZdZdZdfdd Z ddZ ddZ Z S)rzThe simplest (and, right now, the only) request token authorizer. This authorizer simply opens up the end-user's web browser to a Launchpad URL and lets the end-user authorize the request token themselves. zThe authorization page: (%s) should be opening in your browser. Use your browser to authorize this program to access Launchpad on your behalf.z/Press Enter to continue or wait (%d) seconds...z5Waiting to hear from Launchpad about your decision... www-browserlinkslinks2lynxelinks elinks-litenetrikw3mNcstt|j||d|dS)aoConstructor. :param service_root: See `RequestTokenAuthorizationEngine`. :param application_name: See `RequestTokenAuthorizationEngine`. :param consumer_name: The value of this argument is ignored. If we have the capability to open the end-user's web browser, we must be running on the end-user's computer, so we should do a full desktop integration. :param credential_save_failed: See `RequestTokenAuthorizationEngine`. :param allow_access_levels: The value of this argument is ignored, for the same reason as consumer_name. N)r^rr_)r0r{r}rrbr~)r`rrr_Ys z)AuthorizeRequestTokenWithBrowser.__init__cCs t|dS)zDisplay a message. By default, prints the message to standard output. The message does not require any user interaction--it's solely informative. N)print)r0messagerrroutputnsz'AuthorizeRequestTokenWithBrowser.outputc Csj|j|}|j|j|y"tj}t|dd}||jk}Wntjk rZd}d}YnX|r|j|j|j t t ggg|j \}}}|rt j |j|j |dk rtj|tj} x|jdkrdtjty|j|jPWn^tk rD} z@| jjdkrt| jn | jjdkr$ntdt| WYdd} ~ XnXtj| tkrtdtqWdS)z7Have the end-user authorize the token in their browser.basenameNFiiz#Unexpected response from Launchpad:zTimed out after %d seconds.)rrWAITING_FOR_USER webbrowserrgetattrTERMINAL_BROWSERSErrorTIMEOUT_MESSAGETIMEOUTr r readlineWAITING_FOR_LAUNCHPADopentimerAZsleepaccess_token_poll_timerSrMrr&r#EndUserDeclinedAuthorizationr'raccess_token_poll_timeoutTokenAuthorizationTimedOut) r0r7rrZ browser_objZbrowserZconsole_browserZrlist_Z start_timergrrrrwsD       z>AuthorizeRequestTokenWithBrowser.make_end_user_authorize_token)rrrrrrrr)NNN) rTrUrVrWrrrrrr_rrrarr)r`rrEs c@s eZdZdS)TokenAuthorizationExceptionN)rTrUrVrrrrrsrc@s eZdZdS)RequestTokenAlreadyAuthorizedN)rTrUrVrrrrrsrc@s eZdZdS)rN)rTrUrVrrrrrsrc@s eZdZdS)rN)rTrUrVrrrrrsrc@s eZdZdS) ClientErrorN)rTrUrVrrrrrsrc@s eZdZdS) ServerErrorN)rTrUrVrrrrrsrc@s eZdZdS)NoLaunchpadAccountN)rTrUrVrrrrrsrc@s eZdZdS)TooManyAuthenticationFailuresN)rTrUrVrrrrrsri)FZ __future__rtypeZ __metaclass____all__r[ cStringIOr ImportErrorior"rr rysysr rZ urllib.parser ZurllibrZurlparserbase64rrrGZ simplejsonrFstrZunicoder.Zlazr.restfulclient.errorsrZ"lazr.restfulclient.authorize.oauthrZ _AccessTokenrrrrorrDrRrKrr MemoryErrorKeyboardInterrupt SystemExitrdrr(r robjectrrkrurrrerrrrrrrrrrrrs        v  K=c