diff options
Diffstat (limited to 'oauthlib/oauth2/draft25/tokens.py')
-rw-r--r-- | oauthlib/oauth2/draft25/tokens.py | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/oauthlib/oauth2/draft25/tokens.py b/oauthlib/oauth2/draft25/tokens.py index 1fc719f..cb58036 100644 --- a/oauthlib/oauth2/draft25/tokens.py +++ b/oauthlib/oauth2/draft25/tokens.py @@ -10,6 +10,7 @@ This module contains methods for adding two types of access tokens to requests. """ from binascii import b2a_base64 +import datetime import hashlib import hmac try: @@ -18,11 +19,13 @@ except ImportError: from urllib.parse import urlparse from oauthlib.common import add_params_to_uri, add_params_to_qs, unicode_type +from oauthlib import common from . import utils def prepare_mac_header(token, uri, key, http_method, nonce=None, headers=None, - body=None, ext='', hash_algorithm='hmac-sha-1'): + body=None, ext='', hash_algorithm='hmac-sha-1', issue_time=None, + draft=0): """Add an `MAC Access Authentication`_ signature to headers. Unlike OAuth 1, this HMAC signature does not require inclusion of the request @@ -46,6 +49,8 @@ def prepare_mac_header(token, uri, key, http_method, nonce=None, headers=None, :param http_method: HTTP Request method. :param key: MAC given provided by token endpoint. :param algorithm: HMAC algorithm provided by token endpoint. + :param issue_time: Time when the MAC credentials were issues as a datetime object. + :param draft: MAC authentication specification version. :return: headers dictionary with the authorization field added. """ http_method = http_method.upper() @@ -53,10 +58,18 @@ def prepare_mac_header(token, uri, key, http_method, nonce=None, headers=None, if hash_algorithm.lower() == 'hmac-sha-1': h = hashlib.sha1 - else: + elif hash_algorithm.lower() == 'hmac-sha-256': h = hashlib.sha256 + else: + raise ValueError('unknown hash algorithm') + + if draft == 0: + nonce = nonce or '{0}:{1}'.format(utils.generate_age(issue_time), + common.generate_nonce()) + else: + ts = common.generate_timestamp() + nonce = common.generate_nonce() - nonce = nonce or '{0}:{1}'.format(utils.generate_nonce(), utils.generate_timestamp()) sch, net, path, par, query, fra = urlparse(uri) if query: @@ -65,20 +78,25 @@ def prepare_mac_header(token, uri, key, http_method, nonce=None, headers=None, request_uri = path # Hash the body/payload - if body is not None: + if body is not None and draft == 0: bodyhash = b2a_base64(h(body.encode('utf-8')).digest())[:-1].decode('utf-8') else: bodyhash = '' # Create the normalized base string base = [] - base.append(nonce) + if draft == 0: + base.append(nonce) + else: + base.append(ts) + base.append(nonce) base.append(http_method.upper()) base.append(request_uri) base.append(host) base.append(port) - base.append(bodyhash) - base.append(ext) + if draft == 0: + base.append(bodyhash) + base.append(ext or '') base_string = '\n'.join(base) + '\n' # hmac struggles with unicode strings - http://bugs.python.org/issue5285 @@ -89,6 +107,8 @@ def prepare_mac_header(token, uri, key, http_method, nonce=None, headers=None, header = [] header.append('MAC id="%s"' % token) + if draft != 0: + header.append('ts="%s"' % ts) header.append('nonce="%s"' % nonce) if bodyhash: header.append('bodyhash="%s"' % bodyhash) |