U [eZy@sddlmZeZdddddddgZzdd lmZWn ek rRdd lmZYnXdd l Z dd l Z dd l Z dd l m Z dd l Z dd lmZdd lZzdd lmZWn ek rdd lmZYnXzddlmZWn ek rddlmZYnXdd lZddlmZmZddlmZeekr,eZneZddl m!Z!ddl"m#Z$m%Z%m&Z&m'Z'ddl(m)Z)dZ*dZ+dZ,dZ-dZ.e/e0e1fZ2ddZ3ddZ4Gddde&Z5Gddde$Z#Gddde$Z6Gd dde7Z8Gd!d"d"e8Z9Gd#d$d$e8Z:Gd%d&d&e8Z;Gd'dde7ZGd+d,d,e?Z@Gd-d.d.e@ZAGd/d0d0e@ZBGd1d2d2eBZCGd3d4d4eBZDGd5d6d6eDZEGd7d8d8e@ZFGd9d:d:e@ZGGd;d<dd>e@ZId S)?)print_function AccessTokenAnonymousAccessToken AuthorizeRequestTokenWithBrowserCredentialStoreRequestTokenAuthorizationEngineConsumer Credentials)StringION)select)stdin) urlencode)urljoin) b64decode b64encode)parse_qs) HTTPError)rrOAuthAuthorizerSystemWideConsumer)urisz+request-tokenz +access-tokenz+authorize-tokenicCsttjddS)zWhether the user has disabled SSL certificate connection. Some testing servers have broken certificates. Rather than raising an error, we allow an environment variable, ``LP_DISABLE_SSL_CERTIFICATE_VALIDATION`` to disable the check. Z%LP_DISABLE_SSL_CERTIFICATE_VALIDATIONF)boolosenvirongetrrZ/var/www/html/services/stratfitenv/lib/python3.8/site-packages/launchpadlib/credentials.py$_ssl_certificate_validation_disabledVs rcCsDt}tj|dj|d|t|d\}}|jdkr cCs0t}|||}t|tr,|d}|S)zeTurn this object into a string. This should probably be moved into OAuthAuthorizer. utf-8)r savegetvalue isinstance unicode_typeencode)selfsio serializedrrr serializes    zCredentials.serializecCs,|}t|ts|d}|t||S)z}Create a `Credentials` object from a serialized string. This should probably be moved into OAuthAuthorizer. r.)r1r2decodeloadr )clsvalue credentialsrrr from_strings   zCredentials.from_stringc Cs|jdk std|jdks$tdt|}t|jjddd}|t}d|i}||jkrbd|d <t |||\}}t |t r| d }||jkrt |}|dk r||d <t||_|St||_d |t|jjf}|dk r||j_|d |7}|SdS)aRequest an OAuth token to Launchpad. Also store the token in self._request_token. This method must not be called on an object with no consumer specified or if an access token has already been obtained. :param context: The context of this token, that is, its scope of validity within Launchpad. :param web_root: The URL of the website on which the token should be requested. :token_format: How the token should be presented. URI_TOKEN_FORMAT means just return the URL to the page that authorizes the token. DICT_TOKEN_FORMAT means return a dictionary describing the token and the site's authentication policy. :return: If token_format is URI_TOKEN_FORMAT, the URL for the user to authorize the `AccessToken` provided by Launchpad. If token_format is DICT_TOKEN_FORMAT, a dict of information about the new access token. NzConsumer not specified.zAccess token already obtained. PLAINTEXT&)oauth_consumer_keyoauth_signature_methodoauth_signatureRefererzapplication/jsonAcceptr. lp.contextz%s%s?oauth_token=%sz&lp.context=%s)consumerAssertionError access_tokenrlookup_web_rootr,keyrequest_token_pageDICT_TOKEN_FORMATr*r1bytesr8jsonloadsr from_params_request_tokenr=authorize_token_pagecontext) r4rSweb_root token_formatr'r&r r(r)rrrget_request_tokens>         zCredentials.get_request_tokencCsl|jdk stdt|}t|jjd|jjd|jjd}|t}d|i}t |||\}}t ||_ dS)adExchange the previously obtained request token for an access token. This method must not be called unless get_request_token() has been called and completed successfully. The access token will be stored as self.access_token. :param web_root: The base URL of the website that granted the request token. Nz5get_request_token() doesn't seem to have been called.r>z&%s)r@rA oauth_tokenrBrC) rQrGrrIr,rFrJsecretaccess_token_pager*rr=rH)r4rTr'r&r r(r)rrr'exchange_request_token_for_access_tokens  z3Credentials.exchange_request_token_for_access_token)__name__ __module__ __qualname____doc__rQZURI_TOKEN_FORMATrLZITEM_SEPARATORNEWLINEr7 classmethodr=rZSTAGING_WEB_ROOTrVrZrrrrr rs   >c@s(eZdZdZeddZeddZdS)rzAn OAuth access token.cCs&|d}|d}|d}||||S)z:Create and return a new `AccessToken` from the given dict.rWoauth_token_secretrE)r)r:r'rJrXrSrrrrPs zAccessToken.from_paramscCst|ts|d}t|dd}|d}t|dksNFcs(tt||d|_|r$t||_dSN)rerwrf _fallbackMemoryCredentialStore)r4rkfallbackrhrrrfsszKeyringCredentialStore.__init__cCsJdtkrddladtkrFzddlmaWntk rDtaYnXdS)aGEnsure the keyring module is imported (postponing side effects). The keyring module initializes the environment-dependent backend at import time (nasty). We want to avoid that initialization because it may do things like prompt the user to unlock their password store (e.g., KWallet). keyringrNNoKeyringError)r})globalsr|Zkeyring.errorsr} ImportError RuntimeErrorrrrr_ensure_keyring_importedys  z/KeyringCredentialStore._ensure_keyring_importedc Cs||}|jt|}ztd||dWnPtk r}z2ttkr^dt |kr^|j rt|j ||nW5d}~XYnXdS)z2Store newly-authorized credentials in the keyring. launchpadlibr.$No recommended backend was availableN) rr7 B64MARKERrr| set_passwordr8r}rstrryr/)r4r<rvr6rqrrrrms$ zKeyringCredentialStore.do_savec Cs|ztd|}WnTtk rl}z6ttkr@dt|kr@|jrZ|j|WYSW5d}~XYnX|dk rt|t r| d}| |j rzt |t|j d}Wntk rYdSXzt|}|WStk rYdSXdS)z&Retrieve credentials from the keyring.rrNutf8)rr| get_passwordr}rrryr9r1r2r3 startswithrrrc TypeErrorr r=ro)r4rvZcredential_stringrqr<rrrrts>     zKeyringCredentialStore.do_load)NF) r[r\r]r^rrf staticmethodrrmrtrjrrrhrrwis rwcs2eZdZdZd fdd ZddZddZZS) UnencryptedFileCredentialStorezStore credentials unencrypted in a file on disk. This is a good solution for scripts that need to run without any user interaction. Ncstt||||_dSrx)rerrffilename)r4rrkrhrrrfs z'UnencryptedFileCredentialStore.__init__cCs||jdS)zSave the credentials to disk.N)Z save_to_pathrr4r<rvrrrrmsz&UnencryptedFileCredentialStore.do_savecCs4tj|jr0t|jtjdks0t|jSdS)zLoad the credentials from disk.rN)rpathexistsrstatST_SIZEr Zload_from_pathrurrrrts   z&UnencryptedFileCredentialStore.do_load)Nr[r\r]r^rfrmrtrjrrrhrrsrcs2eZdZdZd fdd ZddZddZZS) rzzCredentialStore that stores keys only in memory. This can be used to provide a CredentialStore instance without actually saving any key to persistent storage. Ncstt||i|_dSrx)rerzrf _credentialsrlrhrrrfszMemoryCredentialStore.__init__cCs||j|<dS)z!Store the credentials in our dictN)rrrrrrmszMemoryCredentialStore.do_savecCs |j|S)z&Retrieve the credentials from our dict)rrrurrrrtszMemoryCredentialStore.do_load)Nrrrrhrrzsrzc@sJeZdZdZdZdddZeddZdd Zd d Z d d Z ddZ dS)ra/The superclass of all request token authorizers. This base class does not implement request token authorization, since that varies depending on how you want the end-user to authorize a request token. You'll need to subclass this class and implement `make_end_user_authorize_token`. UNAUTHORIZEDNcCst||_t||_|dkr0|dkr0td|dk rP|dk rPtd||f|dkrhdg}t|}n t|}|}||_||_ |pg|_ dS)aDBase class initialization. :param service_root: The root of the Launchpad instance being used. :param application_name: The name of the application that wants to use launchpadlib. This is used in conjunction with a desktop-wide integration. If you specify this argument, your values for consumer_name and allow_access_levels are ignored. :param consumer_name: The OAuth consumer name, for an application that wants its own point of integration into Launchpad. In almost all cases, you want to specify application_name instead and do a desktop-wide integration. The exception is when you're integrating a third-party website into Launchpad. :param allow_access_levels: A list of the Launchpad access levels to present to the user. ('READ_PUBLIC' and so on.) Your value for this argument will be ignored during a desktop-wide integration. :type allow_access_levels: A list of strings. Nz:You must provide either application_name or consumer_name.zZYou must provide only one of application_name and consumer_name. (You provided %r and %r.)ZDESKTOP_INTEGRATION) rZlookup_service_root service_rootZweb_root_for_service_rootrT ValueErrorrrrFapplication_nameallow_access_levels)r4rr consumer_namerrFrrrrf s(   z(RequestTokenAuthorizationEngine.__init__cCs|jjd|jS)z7Return a string identifying this consumer on this host.@)rFrJrrgrrrrpIsz2RequestTokenAuthorizationEngine.unique_consumer_idcCs>dt|f}d}t|jdkr2||||j7}t|j|S)zReturn the authorization URL for a request token. This is the URL the end-user must visit to authorize the token. How exactly does this happen? That depends on the subclass implementation. z%s?oauth_token=%sz&allow_permission=r)rRrcrjoinrrT)r4 request_tokenpageZallow_permissionrrrauthorization_urlNs z1RequestTokenAuthorizationEngine.authorization_urlcCs6||}||||jdkr$dS|||j|S)adAuthorize a token and associate it with the given credentials. If the credential store runs into a problem storing the credential locally, the `credential_save_failed` callback will be invoked. The callback will not be invoked if there's a problem authorizing the credentials. :param credentials: A `Credentials` object. If the end-user authorizes these credentials, this object will have its .access_token property set. :param credential_store: A `CredentialStore` object. If the end-user authorizes the credentials, they will be persisted locally using this object. :return: If the credentials are successfully authorized, the return value is the `Credentials` object originally passed in. Otherwise the return value is None. N)rVmake_end_user_authorize_tokenrHr/rp)r4r<Zcredential_storeZrequest_token_stringrrr__call__]s    z(RequestTokenAuthorizationEngine.__call__cCs|j|jtjd}|dS)z\Get a new request token from the server. :param return: The request token. )rTrUrW)rVrTr rL)r4r<Zauthorization_jsonrrrrV{s z1RequestTokenAuthorizationEngine.get_request_tokencCs tdS)a5Authorize the given request token using the given credentials. Your subclass must implement this method: it has no default implementation. Because an access token may expire or be revoked in the middle of a session, this method may be called at arbitrary points in a launchpadlib session, or even multiple times during a single session (with a different request token each time). In most cases, however, this method will be called at the beginning of a launchpadlib session, or not at all. Nrr)r4r<rrrrrsz=RequestTokenAuthorizationEngine.make_end_user_authorize_token)NNN) r[r\r]r^ZUNAUTHORIZED_ACCESS_LEVELrfpropertyrprrrVrrrrrrs @  c@s@eZdZdZdZdZddZddZdd Zd d Z d d Z dS)AuthorizeRequestTokenWithURLzAuthorize using a URL. This authorizer simply shows the URL for the user to open for authorization, and waits until the server responds. zPlease open this authorization page: (%s) in your browser. Use your browser to authorize this program to access Launchpad on your behalf.z.Press Enter after authorizing in your browser.cCs t|dS)zDisplay a message. By default, prints the message to standard output. The message does not require any user interaction--it's solely informative. N)print)r4messagerrroutputsz#AuthorizeRequestTokenWithURL.outputcCs||j|dS)Notify the end-user of the URL.N)rWAITING_FOR_USER)r4rrrr!notify_end_user_authorization_urlsz>AuthorizeRequestTokenWithURL.notify_end_user_authorization_urlc Cs|z||jWn`tk rp}zB|jjdkr:t|jn&|jjdkrVtdt|t|jW5d}~XYnX|j dk S)z Check if the end-user authorizediiz#Unexpected response from Launchpad:N) rZrTrr(r%EndUserDeclinedAuthorizationr)rEndUserNoAuthorizationrH)r4r<rqrrrcheck_end_user_authorizations   z9AuthorizeRequestTokenWithURL.check_end_user_authorizationcCs"||jt||dS)"Wait for the end-user to authorizeN)rWAITING_FOR_LAUNCHPADr readliner)r4r<rrrwait_for_end_user_authorizations zs            Kf;f