diff options
author | Ib Lundgren <ib.lundgren@gmail.com> | 2014-09-24 17:32:39 +0100 |
---|---|---|
committer | Ib Lundgren <ib.lundgren@gmail.com> | 2014-09-24 17:32:39 +0100 |
commit | 2d7dab66b589159712f96bd0086f45ae3c32216d (patch) | |
tree | 1e24d34ada1982ef2865530ff18d228164c0d35a /oauthlib/oauth1 | |
parent | 39013947bd2e242dda85fb0f150c49be23fd7510 (diff) | |
download | oauthlib-2d7dab66b589159712f96bd0086f45ae3c32216d.tar.gz |
Auto pep8 changes throughout the code base.
Diffstat (limited to 'oauthlib/oauth1')
-rw-r--r-- | oauthlib/oauth1/rfc5849/__init__.py | 57 | ||||
-rw-r--r-- | oauthlib/oauth1/rfc5849/endpoints/access_token.py | 32 | ||||
-rw-r--r-- | oauthlib/oauth1/rfc5849/endpoints/authorization.py | 28 | ||||
-rw-r--r-- | oauthlib/oauth1/rfc5849/endpoints/base.py | 61 | ||||
-rw-r--r-- | oauthlib/oauth1/rfc5849/endpoints/pre_configured.py | 2 | ||||
-rw-r--r-- | oauthlib/oauth1/rfc5849/endpoints/request_token.py | 19 | ||||
-rw-r--r-- | oauthlib/oauth1/rfc5849/endpoints/resource.py | 9 | ||||
-rw-r--r-- | oauthlib/oauth1/rfc5849/endpoints/signature_only.py | 5 | ||||
-rw-r--r-- | oauthlib/oauth1/rfc5849/parameters.py | 5 | ||||
-rw-r--r-- | oauthlib/oauth1/rfc5849/request_validator.py | 5 | ||||
-rw-r--r-- | oauthlib/oauth1/rfc5849/signature.py | 22 |
11 files changed, 135 insertions, 110 deletions
diff --git a/oauthlib/oauth1/rfc5849/__init__.py b/oauthlib/oauth1/rfc5849/__init__.py index fbf6429..7ecc69e 100644 --- a/oauthlib/oauth1/rfc5849/__init__.py +++ b/oauthlib/oauth1/rfc5849/__init__.py @@ -39,6 +39,7 @@ CONTENT_TYPE_FORM_URLENCODED = 'application/x-www-form-urlencoded' class Client(object): + """A client used to sign OAuth 1.0 RFC 5849 requests.""" SIGNATURE_METHODS = { SIGNATURE_HMAC: signature.sign_hmac_sha1_with_client, @@ -51,15 +52,15 @@ class Client(object): cls.SIGNATURE_METHODS[method_name] = method_callback def __init__(self, client_key, - client_secret=None, - resource_owner_key=None, - resource_owner_secret=None, - callback_uri=None, - signature_method=SIGNATURE_HMAC, - signature_type=SIGNATURE_TYPE_AUTH_HEADER, - rsa_key=None, verifier=None, realm=None, - encoding='utf-8', decoding=None, - nonce=None, timestamp=None): + client_secret=None, + resource_owner_key=None, + resource_owner_secret=None, + callback_uri=None, + signature_method=SIGNATURE_HMAC, + signature_type=SIGNATURE_TYPE_AUTH_HEADER, + rsa_key=None, verifier=None, realm=None, + encoding='utf-8', decoding=None, + nonce=None, timestamp=None): """Create an OAuth 1 client. :param client_key: Client key (consumer key), mandatory. @@ -101,12 +102,14 @@ class Client(object): self.timestamp = encode(timestamp) if self.signature_method == SIGNATURE_RSA and self.rsa_key is None: - raise ValueError('rsa_key is required when using RSA signature method.') + raise ValueError( + 'rsa_key is required when using RSA signature method.') def __repr__(self): attrs = vars(self).copy() attrs['client_secret'] = '****' if attrs['client_secret'] else None - attrs['resource_owner_secret'] = '****' if attrs['resource_owner_secret'] else None + attrs[ + 'resource_owner_secret'] = '****' if attrs['resource_owner_secret'] else None attribute_str = ', '.join('%s=%s' % (k, v) for k, v in attrs.items()) return '<%s %s>' % (self.__class__.__name__, attribute_str) @@ -123,7 +126,7 @@ class Client(object): if self.signature_method == SIGNATURE_PLAINTEXT: # fast-path return signature.sign_plaintext(self.client_secret, - self.resource_owner_secret) + self.resource_owner_secret) uri, headers, body = self._render(request) @@ -135,12 +138,12 @@ class Client(object): normalized_params = signature.normalize_parameters(collected_params) normalized_uri = signature.normalize_base_string_uri(uri, - headers.get('Host', None)) + headers.get('Host', None)) log.debug("Normalized params: {0}".format(normalized_params)) log.debug("Normalized URI: {0}".format(normalized_uri)) base_string = signature.construct_base_string(request.http_method, - normalized_uri, normalized_params) + normalized_uri, normalized_params) log.debug("Base signing string: {0}".format(base_string)) @@ -196,14 +199,17 @@ class Client(object): # like the spec requires. This would be a fundamental change though, and # I'm not sure how I feel about it. if self.signature_type == SIGNATURE_TYPE_AUTH_HEADER: - headers = parameters.prepare_headers(request.oauth_params, request.headers, realm=realm) + headers = parameters.prepare_headers( + request.oauth_params, request.headers, realm=realm) elif self.signature_type == SIGNATURE_TYPE_BODY and request.decoded_body is not None: - body = parameters.prepare_form_encoded_body(request.oauth_params, request.decoded_body) + body = parameters.prepare_form_encoded_body( + request.oauth_params, request.decoded_body) if formencode: body = urlencode(body) headers['Content-Type'] = 'application/x-www-form-urlencoded' elif self.signature_type == SIGNATURE_TYPE_QUERY: - uri = parameters.prepare_request_uri_query(request.oauth_params, request.uri) + uri = parameters.prepare_request_uri_query( + request.oauth_params, request.uri) else: raise ValueError('Unknown signature type specified.') @@ -253,16 +259,19 @@ class Client(object): # if [...]: # * The entity-body is single-part. if multipart and has_params: - raise ValueError("Headers indicate a multipart body but body contains parameters.") + raise ValueError( + "Headers indicate a multipart body but body contains parameters.") # * The entity-body follows the encoding requirements of the # "application/x-www-form-urlencoded" content-type as defined by # [W3C.REC-html40-19980424]. elif should_have_params and not has_params: - raise ValueError("Headers indicate a formencoded body but body was not decodable.") + raise ValueError( + "Headers indicate a formencoded body but body was not decodable.") # * The HTTP request entity-header includes the "Content-Type" # header field set to "application/x-www-form-urlencoded". elif not should_have_params and has_params: - raise ValueError("Body contains parameters but Content-Type header was not set.") + raise ValueError( + "Body contains parameters but Content-Type header was not set.") # 3.5.2. Form-Encoded Body # Protocol parameters can be transmitted in the HTTP request entity- @@ -275,7 +284,8 @@ class Client(object): # field set to "application/x-www-form-urlencoded". elif self.signature_type == SIGNATURE_TYPE_BODY and not ( should_have_params and has_params and not multipart): - raise ValueError('Body signatures may only be used with form-urlencoded content') + raise ValueError( + 'Body signatures may only be used with form-urlencoded content') # We amend http://tools.ietf.org/html/rfc5849#section-3.4.1.3.1 # with the clause that parameters from body should only be included @@ -290,11 +300,12 @@ class Client(object): request.oauth_params = self.get_oauth_params(request) # generate the signature - request.oauth_params.append(('oauth_signature', self.get_oauth_signature(request))) + request.oauth_params.append( + ('oauth_signature', self.get_oauth_signature(request))) # render the signed request and return it uri, headers, body = self._render(request, formencode=True, - realm=(realm or self.realm)) + realm=(realm or self.realm)) if self.decoding: log.debug('Encoding URI, headers and body to %s.', self.decoding) diff --git a/oauthlib/oauth1/rfc5849/endpoints/access_token.py b/oauthlib/oauth1/rfc5849/endpoints/access_token.py index f3139fb..26db919 100644 --- a/oauthlib/oauth1/rfc5849/endpoints/access_token.py +++ b/oauthlib/oauth1/rfc5849/endpoints/access_token.py @@ -21,6 +21,7 @@ log = logging.getLogger(__name__) class AccessTokenEndpoint(BaseEndpoint): + """An endpoint responsible for providing OAuth 1 access tokens. Typical use is to instantiate with a request validator and invoke the @@ -40,7 +41,7 @@ class AccessTokenEndpoint(BaseEndpoint): :returns: The token as an urlencoded string. """ request.realms = self.request_validator.get_realms( - request.resource_owner_key, request) + request.resource_owner_key, request) token = { 'oauth_token': self.token_generator(), 'oauth_token_secret': self.token_generator(), @@ -52,8 +53,7 @@ class AccessTokenEndpoint(BaseEndpoint): return urlencode(token.items()) def create_access_token_response(self, uri, http_method='GET', body=None, - headers=None, credentials=None): - + headers=None, credentials=None): """Create an access token response, with a new request token if valid. :param uri: The full URI of the token request. @@ -104,13 +104,13 @@ class AccessTokenEndpoint(BaseEndpoint): try: request = self._create_request(uri, http_method, body, headers) valid, processed_request = self.validate_access_token_request( - request) + request) if valid: token = self.create_access_token(request, credentials or {}) self.request_validator.invalidate_request_token( - request.client_key, - request.resource_owner_key, - request) + request.client_key, + request.resource_owner_key, + request) return resp_headers, token, 200 else: return {}, None, 401 @@ -131,20 +131,20 @@ class AccessTokenEndpoint(BaseEndpoint): if not request.resource_owner_key: raise errors.InvalidRequestError( - description='Missing resource owner.') + description='Missing resource owner.') if not self.request_validator.check_request_token( request.resource_owner_key): raise errors.InvalidRequestError( - description='Invalid resource owner key format.') + description='Invalid resource owner key format.') if not request.verifier: raise errors.InvalidRequestError( - description='Missing verifier.') + description='Missing verifier.') if not self.request_validator.check_verifier(request.verifier): raise errors.InvalidRequestError( - description='Invalid verifier format.') + description='Invalid verifier format.') if not self.request_validator.validate_timestamp_and_nonce( request.client_key, request.timestamp, request.nonce, request, @@ -159,7 +159,7 @@ class AccessTokenEndpoint(BaseEndpoint): # # Note that early exit would enable client enumeration valid_client = self.request_validator.validate_client_key( - request.client_key, request) + request.client_key, request) if not valid_client: request.client_key = self.request_validator.dummy_client @@ -185,10 +185,10 @@ class AccessTokenEndpoint(BaseEndpoint): # Note that early exit would enable resource owner authorization # verifier enumertion. valid_verifier = self.request_validator.validate_verifier( - request.client_key, - request.resource_owner_key, - request.verifier, - request) + request.client_key, + request.resource_owner_key, + request.verifier, + request) valid_signature = self._check_signature(request, is_token_request=True) diff --git a/oauthlib/oauth1/rfc5849/endpoints/authorization.py b/oauthlib/oauth1/rfc5849/endpoints/authorization.py index 7ebbfe8..a93a517 100644 --- a/oauthlib/oauth1/rfc5849/endpoints/authorization.py +++ b/oauthlib/oauth1/rfc5849/endpoints/authorization.py @@ -17,7 +17,9 @@ try: except ImportError: from urllib.parse import urlencode + class AuthorizationEndpoint(BaseEndpoint): + """An endpoint responsible for letting authenticated users authorize access to their protected resources to a client. @@ -49,11 +51,11 @@ class AuthorizationEndpoint(BaseEndpoint): } verifier.update(credentials) self.request_validator.save_verifier( - request.resource_owner_key, verifier, request) + request.resource_owner_key, verifier, request) return verifier def create_authorization_response(self, uri, http_method='GET', body=None, - headers=None, realms=None, credentials=None): + headers=None, realms=None, credentials=None): """Create an authorization response, with a new request token if valid. :param uri: The full URI of the token request. @@ -105,11 +107,11 @@ class AuthorizationEndpoint(BaseEndpoint): 200 """ request = self._create_request(uri, http_method=http_method, body=body, - headers=headers) + headers=headers) if not request.resource_owner_key: raise errors.InvalidRequestError( - 'Missing mandatory parameter oauth_token.') + 'Missing mandatory parameter oauth_token.') if not self.request_validator.verify_request_token( request.resource_owner_key, request): raise errors.InvalidClientError() @@ -118,22 +120,24 @@ class AuthorizationEndpoint(BaseEndpoint): if (request.realms and not self.request_validator.verify_realms( request.resource_owner_key, request.realms, request)): raise errors.InvalidRequestError( - description=('User granted access to realms outside of ' - 'what the client may request.')) + description=('User granted access to realms outside of ' + 'what the client may request.')) verifier = self.create_verifier(request, credentials or {}) redirect_uri = self.request_validator.get_redirect_uri( - request.resource_owner_key, request) + request.resource_owner_key, request) if redirect_uri == 'oob': - response_headers = {'Content-Type': 'application/x-www-form-urlencoded'} + response_headers = { + 'Content-Type': 'application/x-www-form-urlencoded'} response_body = urlencode(verifier) return response_headers, response_body, 200 else: - populated_redirect = add_params_to_uri(redirect_uri, verifier.items()) + populated_redirect = add_params_to_uri( + redirect_uri, verifier.items()) return {'Location': populated_redirect}, None, 302 def get_realms_and_credentials(self, uri, http_method='GET', body=None, - headers=None): + headers=None): """Fetch realms and credentials for the presented request token. :param uri: The full URI of the token request. @@ -146,12 +150,12 @@ class AuthorizationEndpoint(BaseEndpoint): authorization form. """ request = self._create_request(uri, http_method=http_method, body=body, - headers=headers) + headers=headers) if not self.request_validator.verify_request_token( request.resource_owner_key, request): raise errors.InvalidClientError() realms = self.request_validator.get_realms( - request.resource_owner_key, request) + request.resource_owner_key, request) return realms, {'resource_owner_key': request.resource_owner_key} diff --git a/oauthlib/oauth1/rfc5849/endpoints/base.py b/oauthlib/oauth1/rfc5849/endpoints/base.py index 4db2f07..42006a1 100644 --- a/oauthlib/oauth1/rfc5849/endpoints/base.py +++ b/oauthlib/oauth1/rfc5849/endpoints/base.py @@ -30,13 +30,14 @@ class BaseEndpoint(object): """Extracts parameters from query, headers and body. Signature type is set to the source in which parameters were found. """ - # Per RFC5849, only the Authorization header may contain the 'realm' optional parameter. + # Per RFC5849, only the Authorization header may contain the 'realm' + # optional parameter. header_params = signature.collect_parameters(headers=request.headers, - exclude_oauth_signature=False, with_realm=True) + exclude_oauth_signature=False, with_realm=True) body_params = signature.collect_parameters(body=request.body, - exclude_oauth_signature=False) + exclude_oauth_signature=False) query_params = signature.collect_parameters(uri_query=request.uri_query, - exclude_oauth_signature=False) + exclude_oauth_signature=False) params = [] params.extend(header_params) @@ -54,15 +55,16 @@ class BaseEndpoint(object): if len(signature_types_with_oauth_params) > 1: found_types = [s[0] for s in signature_types_with_oauth_params] raise errors.InvalidRequestError( - description=('oauth_ params must come from only 1 signature' - 'type but were found in %s', - ', '.join(found_types))) + description=('oauth_ params must come from only 1 signature' + 'type but were found in %s', + ', '.join(found_types))) try: - signature_type, params, oauth_params = signature_types_with_oauth_params[0] + signature_type, params, oauth_params = signature_types_with_oauth_params[ + 0] except IndexError: raise errors.InvalidRequestError( - description='Missing mandatory OAuth parameters.') + description='Missing mandatory OAuth parameters.') return signature_type, params, oauth_params @@ -76,13 +78,13 @@ class BaseEndpoint(object): request = Request(uri, http_method, '', headers) signature_type, params, oauth_params = ( - self._get_signature_type_and_params(request)) + self._get_signature_type_and_params(request)) # The server SHOULD return a 400 (Bad Request) status code when # receiving a request with duplicated protocol parameters. if len(dict(oauth_params)) != len(oauth_params): raise errors.InvalidRequestError( - description='Duplicate OAuth2 entries.') + description='Duplicate OAuth2 entries.') oauth_params = dict(oauth_params) request.signature = oauth_params.get('oauth_signature') @@ -101,7 +103,8 @@ class BaseEndpoint(object): request.params = [(k, v) for k, v in params if k != "oauth_signature"] if 'realm' in request.headers.get('Authorization', ''): - request.params = [(k, v) for k, v in request.params if k != "realm"] + request.params = [(k, v) + for k, v in request.params if k != "realm"] return request @@ -118,7 +121,7 @@ class BaseEndpoint(object): request.nonce, request.timestamp, request.signature_method)): raise errors.InvalidRequestError( - description='Missing mandatory OAuth parameters.') + description='Missing mandatory OAuth parameters.') # OAuth does not mandate a particular signature method, as each # implementation can have its own unique requirements. Servers are @@ -131,31 +134,31 @@ class BaseEndpoint(object): if (not request.signature_method in self.request_validator.allowed_signature_methods): raise errors.InvalidSignatureMethodError( - description="Invalid signature, %s not in %r." % ( - request.signature_method, - self.request_validator.allowed_signature_methods)) + description="Invalid signature, %s not in %r." % ( + request.signature_method, + self.request_validator.allowed_signature_methods)) # Servers receiving an authenticated request MUST validate it by: # If the "oauth_version" parameter is present, ensuring its value is # "1.0". if ('oauth_version' in request.oauth_params and - request.oauth_params['oauth_version'] != '1.0'): + request.oauth_params['oauth_version'] != '1.0'): raise errors.InvalidRequestError( - description='Invalid OAuth version.') + description='Invalid OAuth version.') # The timestamp value MUST be a positive integer. Unless otherwise # specified by the server's documentation, the timestamp is expressed # in the number of seconds since January 1, 1970 00:00:00 GMT. if len(request.timestamp) != 10: raise errors.InvalidRequestError( - description='Invalid timestamp size') + description='Invalid timestamp size') try: ts = int(request.timestamp) except ValueError: raise errors.InvalidRequestError( - description='Timestamp must be an integer.') + description='Timestamp must be an integer.') else: # To avoid the need to retain an infinite number of nonce values for @@ -163,19 +166,19 @@ class BaseEndpoint(object): # which a request with an old timestamp is rejected. if abs(time.time() - ts) > self.request_validator.timestamp_lifetime: raise errors.InvalidRequestError( - description=('Timestamp given is invalid, differ from ' - 'allowed by over %s seconds.' % ( - self.request_validator.timestamp_lifetime))) + description=('Timestamp given is invalid, differ from ' + 'allowed by over %s seconds.' % ( + self.request_validator.timestamp_lifetime))) # Provider specific validation of parameters, used to enforce # restrictions such as character set and length. if not self.request_validator.check_client_key(request.client_key): raise errors.InvalidRequestError( - description='Invalid client key format.') + description='Invalid client key format.') if not self.request_validator.check_nonce(request.nonce): raise errors.InvalidRequestError( - description='Invalid nonce format.') + description='Invalid nonce format.') def _check_signature(self, request, is_token_request=False): # ---- RSA Signature verification ---- @@ -183,7 +186,7 @@ class BaseEndpoint(object): # The server verifies the signature per `[RFC3447] section 8.2.2`_ # .. _`[RFC3447] section 8.2.2`: http://tools.ietf.org/html/rfc3447#section-8.2.1 rsa_key = self.request_validator.get_rsa_key( - request.client_key, request) + request.client_key, request) valid_signature = signature.verify_rsa_sha1(request, rsa_key) # ---- HMAC or Plaintext Signature verification ---- @@ -194,7 +197,7 @@ class BaseEndpoint(object): # client via the "oauth_signature" parameter. # .. _`Section 3.4`: http://tools.ietf.org/html/rfc5849#section-3.4 client_secret = self.request_validator.get_client_secret( - request.client_key, request) + request.client_key, request) resource_owner_secret = None if request.resource_owner_key: if is_token_request: @@ -206,8 +209,8 @@ class BaseEndpoint(object): if request.signature_method == SIGNATURE_HMAC: valid_signature = signature.verify_hmac_sha1(request, - client_secret, resource_owner_secret) + client_secret, resource_owner_secret) else: valid_signature = signature.verify_plaintext(request, - client_secret, resource_owner_secret) + client_secret, resource_owner_secret) return valid_signature diff --git a/oauthlib/oauth1/rfc5849/endpoints/pre_configured.py b/oauthlib/oauth1/rfc5849/endpoints/pre_configured.py index ceb8dac..f0705a8 100644 --- a/oauthlib/oauth1/rfc5849/endpoints/pre_configured.py +++ b/oauthlib/oauth1/rfc5849/endpoints/pre_configured.py @@ -5,7 +5,7 @@ from . import AccessTokenEndpoint, ResourceEndpoint class WebApplicationServer(RequestTokenEndpoint, AuthorizationEndpoint, - AccessTokenEndpoint, ResourceEndpoint): + AccessTokenEndpoint, ResourceEndpoint): def __init__(self, request_validator): RequestTokenEndpoint.__init__(self, request_validator) diff --git a/oauthlib/oauth1/rfc5849/endpoints/request_token.py b/oauthlib/oauth1/rfc5849/endpoints/request_token.py index 9424b9d..e97c34b 100644 --- a/oauthlib/oauth1/rfc5849/endpoints/request_token.py +++ b/oauthlib/oauth1/rfc5849/endpoints/request_token.py @@ -21,6 +21,7 @@ log = logging.getLogger(__name__) class RequestTokenEndpoint(BaseEndpoint): + """An endpoint responsible for providing OAuth 1 request tokens. Typical use is to instantiate with a request validator and invoke the @@ -47,7 +48,7 @@ class RequestTokenEndpoint(BaseEndpoint): return urlencode(token.items()) def create_request_token_response(self, uri, http_method='GET', body=None, - headers=None, credentials=None): + headers=None, credentials=None): """Create a request token response, with a new request token if valid. :param uri: The full URI of the token request. @@ -98,7 +99,7 @@ class RequestTokenEndpoint(BaseEndpoint): try: request = self._create_request(uri, http_method, body, headers) valid, processed_request = self.validate_request_token_request( - request) + request) if valid: token = self.create_request_token(request, credentials or {}) return resp_headers, token, 200 @@ -123,15 +124,15 @@ class RequestTokenEndpoint(BaseEndpoint): request.realms = request.realm.split(' ') else: request.realms = self.request_validator.get_default_realms( - request.client_key, request) + request.client_key, request) if not self.request_validator.check_realms(request.realms): raise errors.InvalidRequestError( - description='Invalid realm %s. Allowed are %r.' % ( - request.realms, self.request_validator.realms)) + description='Invalid realm %s. Allowed are %r.' % ( + request.realms, self.request_validator.realms)) if not request.redirect_uri: raise errors.InvalidRequestError( - description='Missing callback URI.') + description='Missing callback URI.') if not self.request_validator.validate_timestamp_and_nonce( request.client_key, request.timestamp, request.nonce, request, @@ -146,7 +147,7 @@ class RequestTokenEndpoint(BaseEndpoint): # # Note that early exit would enable client enumeration valid_client = self.request_validator.validate_client_key( - request.client_key, request) + request.client_key, request) if not valid_client: request.client_key = self.request_validator.dummy_client @@ -173,13 +174,13 @@ class RequestTokenEndpoint(BaseEndpoint): # that the realm is now tied to the access token and not provided by # the client. valid_realm = self.request_validator.validate_requested_realms( - request.client_key, request.realms, request) + request.client_key, request.realms, request) # Callback is normally never required, except for requests for # a Temporary Credential as described in `Section 2.1`_ # .._`Section 2.1`: http://tools.ietf.org/html/rfc5849#section-2.1 valid_redirect = self.request_validator.validate_redirect_uri( - request.client_key, request.redirect_uri, request) + request.client_key, request.redirect_uri, request) if not request.redirect_uri: raise NotImplementedError('Redirect URI must either be provided ' 'or set to a default during validation.') diff --git a/oauthlib/oauth1/rfc5849/endpoints/resource.py b/oauthlib/oauth1/rfc5849/endpoints/resource.py index 00b5c5f..651a87c 100644 --- a/oauthlib/oauth1/rfc5849/endpoints/resource.py +++ b/oauthlib/oauth1/rfc5849/endpoints/resource.py @@ -17,6 +17,7 @@ log = logging.getLogger(__name__) class ResourceEndpoint(BaseEndpoint): + """An endpoint responsible for protecting resources. Typical use is to instantiate with a request validator and invoke the @@ -52,7 +53,7 @@ class ResourceEndpoint(BaseEndpoint): """ def validate_protected_resource_request(self, uri, http_method='GET', - body=None, headers=None, realms=None): + body=None, headers=None, realms=None): """Create a request token response, with a new request token if valid. :param uri: The full URI of the token request. @@ -97,7 +98,7 @@ class ResourceEndpoint(BaseEndpoint): # # Note that early exit would enable client enumeration valid_client = self.request_validator.validate_client_key( - request.client_key, request) + request.client_key, request) if not valid_client: request.client_key = self.request_validator.dummy_client @@ -136,8 +137,8 @@ class ResourceEndpoint(BaseEndpoint): # that the realm is now tied to the access token and not provided by # the client. valid_realm = self.request_validator.validate_realms(request.client_key, - request.resource_owner_key, request, uri=request.uri, - realms=realms) + request.resource_owner_key, request, uri=request.uri, + realms=realms) valid_signature = self._check_signature(request) diff --git a/oauthlib/oauth1/rfc5849/endpoints/signature_only.py b/oauthlib/oauth1/rfc5849/endpoints/signature_only.py index 0cdcdd3..2f8e7c9 100644 --- a/oauthlib/oauth1/rfc5849/endpoints/signature_only.py +++ b/oauthlib/oauth1/rfc5849/endpoints/signature_only.py @@ -17,10 +17,11 @@ log = logging.getLogger(__name__) class SignatureOnlyEndpoint(BaseEndpoint): + """An endpoint only responsible for verifying an oauth signature.""" def validate_request(self, uri, http_method='GET', - body=None, headers=None): + body=None, headers=None): """Validate a signed OAuth request. :param uri: The full URI of the token request. @@ -54,7 +55,7 @@ class SignatureOnlyEndpoint(BaseEndpoint): # # Note that early exit would enable client enumeration valid_client = self.request_validator.validate_client_key( - request.client_key, request) + request.client_key, request) if not valid_client: request.client_key = self.request_validator.dummy_client diff --git a/oauthlib/oauth1/rfc5849/parameters.py b/oauthlib/oauth1/rfc5849/parameters.py index dee22a2..f0963ab 100644 --- a/oauthlib/oauth1/rfc5849/parameters.py +++ b/oauthlib/oauth1/rfc5849/parameters.py @@ -77,7 +77,7 @@ def prepare_headers(oauth_params, headers=None, realm=None): if realm: # NOTE: realm should *not* be escaped authorization_header_parameters = ('realm="%s", ' % realm + - authorization_header_parameters) + authorization_header_parameters) # the auth-scheme name set to "OAuth" (case insensitive). authorization_header = 'OAuth %s' % authorization_header_parameters @@ -132,5 +132,6 @@ def prepare_request_uri_query(oauth_params, uri): """ # append OAuth params to the existing set of query components sch, net, path, par, query, fra = urlparse(uri) - query = urlencode(_append_params(oauth_params, extract_params(query) or [])) + query = urlencode( + _append_params(oauth_params, extract_params(query) or [])) return urlunparse((sch, net, path, par, query, fra)) diff --git a/oauthlib/oauth1/rfc5849/request_validator.py b/oauthlib/oauth1/rfc5849/request_validator.py index ef4cc92..e722029 100644 --- a/oauthlib/oauth1/rfc5849/request_validator.py +++ b/oauthlib/oauth1/rfc5849/request_validator.py @@ -12,6 +12,7 @@ from . import SIGNATURE_METHODS, utils class RequestValidator(object): + """A validator/datastore interaction base class for OAuth 1 providers. OAuth providers should inherit from RequestValidator and implement the @@ -552,7 +553,7 @@ class RequestValidator(object): raise NotImplementedError("Subclasses must implement this function.") def validate_timestamp_and_nonce(self, client_key, timestamp, nonce, - request, request_token=None, access_token=None): + request, request_token=None, access_token=None): """Validates that the nonce has not been used before. :param client_key: The client/consumer key. @@ -653,7 +654,7 @@ class RequestValidator(object): raise NotImplementedError("Subclasses must implement this function.") def validate_realms(self, client_key, token, request, uri=None, - realms=None): + realms=None): """Validates access to the request realm. :param client_key: The client/consumer key. diff --git a/oauthlib/oauth1/rfc5849/signature.py b/oauthlib/oauth1/rfc5849/signature.py index 58a3497..b3a419c 100644 --- a/oauthlib/oauth1/rfc5849/signature.py +++ b/oauthlib/oauth1/rfc5849/signature.py @@ -36,7 +36,7 @@ from oauthlib.common import bytes_type, unicode_type def construct_base_string(http_method, base_string_uri, - normalized_encoded_request_parameters): + normalized_encoded_request_parameters): """**String Construction** Per `section 3.4.1.1`_ of the spec. @@ -185,10 +185,10 @@ def normalize_base_string_uri(uri, host=None): # particular manner that is often different from their original # encoding scheme, and concatenated into a single string. # -# .. _`section 3.4.1.3`: http://tools.ietf.org/html/rfc5849#section-3.4.1.3 +# .. _`section 3.4.1.3`: http://tools.ietf.org/html/rfc5849#section-3.4.1.3 def collect_parameters(uri_query='', body=[], headers=None, - exclude_oauth_signature=True, with_realm=False): + exclude_oauth_signature=True, with_realm=False): """**Parameter Sources** Parameters starting with `oauth_` will be unescaped. @@ -305,7 +305,7 @@ def collect_parameters(uri_query='', body=[], headers=None, # base string if present. if exclude_oauth_signature: unescaped_params = list(filter(lambda i: i[0] != 'oauth_signature', - unescaped_params)) + unescaped_params)) return unescaped_params @@ -409,10 +409,11 @@ def normalize_parameters(params): def sign_hmac_sha1_with_client(base_string, client): - return sign_hmac_sha1(base_string, - client.client_secret, - client.resource_owner_secret - ) + return sign_hmac_sha1(base_string, + client.client_secret, + client.resource_owner_secret + ) + def sign_hmac_sha1(base_string, client_secret, resource_owner_secret): """**HMAC-SHA1** @@ -536,8 +537,9 @@ def sign_plaintext(client_secret, resource_owner_secret): def sign_plaintext_with_client(base_string, client): return sign_plaintext(client.client_secret, client.resource_owner_secret) + def verify_hmac_sha1(request, client_secret=None, - resource_owner_secret=None): + resource_owner_secret=None): """Verify a HMAC-SHA1 signature. Per `section 3.4`_ of the spec. @@ -557,7 +559,7 @@ def verify_hmac_sha1(request, client_secret=None, uri = normalize_base_string_uri(request.uri) base_string = construct_base_string(request.http_method, uri, norm_params) signature = sign_hmac_sha1(base_string, client_secret, - resource_owner_secret) + resource_owner_secret) return safe_string_equals(signature, request.signature) |