ó «mOc@s˜dZeZdddddddgZdd lZdd lmZdd lZdd lZdd l m Z dd l Z dd l m Z dd l Z dd lmZddlmZdd lZddlmZmZdd lZddlmZddlmZmZmZmZddlm Z dZ!dZ"dZ#dZ$e%e&e'fZ(defd„ƒYZ)defd„ƒYZdefd„ƒYZ*de+fd„ƒYZ,de,fd„ƒYZ-de,fd„ƒYZ.de+fd„ƒYZ/de/fd „ƒYZ0d!e1fd"„ƒYZ2d#e2fd$„ƒYZ3d%e2fd&„ƒYZ4d'e2fd(„ƒYZ5d)e2fd*„ƒYZ6d+e2fd,„ƒYZ7d-e2fd.„ƒYZ8d S(/s4launchpadlib credentials and authentication support.t AccessTokentAnonymousAccessTokent AuthorizeRequestTokenWithBrowsertCredentialStoretRequestTokenAuthorizationEnginetConsumert CredentialsiÿÿÿÿN(tStringIO(tselect(tstdin(t urlencode(turljoin(t b64decodet b64encode(t HTTPError(RRtOAuthAuthorizertSystemWideConsumer(turiss+request-tokens +access-tokens+authorize-tokenicBsheZdZd ZdZdZdZdZd„Z e d„ƒZ d e j ed„Ze j d„ZRS( sèStandard credentials storage and usage class. :ivar consumer: The consumer (application) :type consumer: `Consumer` :ivar access_token: Access information on behalf of the user :type access_token: `AccessToken` turitdicts
s cCs&tƒ}|j|ƒ|jƒ}|S(seTurn this object into a string. This should probably be moved into OAuthAuthorizer. (Rtsavetgetvalue(tselftsiot serialized((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyt serializeQs   cCs |ƒ}|jt|ƒƒ|S(s}Create a `Credentials` object from a serialized string. This should probably be moved into OAuthAuthorizer. (tloadR(tclstvaluet credentials((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyt from_string[s c Cs–|jdk stdƒ‚|jdks6tdƒ‚tj|ƒ}td|jjddddƒ}|t}i|d6}||j kr™d |d R?R(R@RA((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyt'exchange_request_token_for_access_token›s       'N(t__name__t __module__t__doc__R+R9tURI_TOKEN_FORMATR1tITEM_SEPARATORtNEWLINERt classmethodRRtSTAGING_WEB_ROOTRBRF(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRBs   6cBs,eZdZed„ƒZed„ƒZRS(sAn OAuth access token.cCs3|d}|d}|jdƒ}||||ƒS(s:Create and return a new `AccessToken` from the given dict.RCtoauth_token_secrets lp.context(tget(RR>R/RDR;((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR8»s  cCsÏtj|dtƒ}|d}t|ƒdks=tdƒ‚|d}|d}t|ƒdksotdƒ‚|d}|jdƒ}|d k r¿t|ƒdks²td ƒ‚|d}n||||ƒS( s<Create and return a new `AccessToken` from the given string.tkeep_blank_valuesRCis/Query string must have exactly one oauth_token.iROs*Query string must have exactly one secret.s lp.contexts*Query string must have exactly one contextN(tcgitparse_qstFalsetlenR,RPR+(Rt query_stringR>R/RDR;((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRÃs        (RGRHRIRMR8R(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR¸scBseZdZd„ZRS(soAn OAuth access token that doesn't authenticate anybody. This token can be used for anonymous access. cCstt|ƒjddƒdS(Nt(tsuperRt__init__(R((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRYÛs(RGRHRIRY(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRÖscBs>eZdZdd„Zd„Zd„Zd„Zd„ZRS(sÖStore OAuth credentials locally. This is a generic superclass. To implement a specific way of storing credentials locally you'll need to subclass this class, and implement `do_save` and `do_load`. cCs ||_dS(sConstructor. :param credential_save_failed: A callback to be invoked if the save to local storage fails. You should never invoke this callback yourself! Instead, you should raise an exception from do_save(). N(tcredential_save_failed(RRZ((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRYçscCscy|j||ƒWnHtk r*‚n5tk r^}|jdkrQ|‚n|jƒnX|S(sœSave the credentials and invoke the callback on failure. Do not override this method when subclassing. Override do_save() instead. N(tdo_savetEXPLOSIVE_ERRORSt ExceptionRZR+(RRtunique_consumer_idte((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRñs  cCs tƒ‚dS(sõStore newly-authorized credentials locally for later use. :param credentials: A Credentials object to save. :param unique_consumer_id: A string uniquely identifying an OAuth consumer on a Launchpad instance. N(tNotImplementedError(RRR^((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR[scCs |j|ƒS(s0Retrieve credentials from a local store. This method is the inverse of `save`. There's no special behavior in this method--it just calls `do_load`. There _is_ special behavior in `save`, and this way, developers can remember to implement `do_save` and `do_load`, not `do_save` and `load`. :param unique_key: A string uniquely identifying an OAuth consumer on a Launchpad instance. :return: A `Credentials` object if one is found in the local store, and None otherise. (tdo_load(Rt unique_key((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR scCs tƒ‚dS(s@Retrieve credentials from a local store. This method is the inverse of `do_save`. :param unique_key: A string uniquely identifying an OAuth consumer on a Launchpad instance. :return: A `Credentials` object if one is found in the local store, and None otherise. N(R`(RRb((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRas N( RGRHRIR+RYRR[RRa(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRßs   tKeyringCredentialStorecBs5eZdZdZed„ƒZd„Zd„ZRS(söStore credentials in the GNOME keyring or KDE wallet. This is a good solution for desktop applications and interactive scripts. It doesn't work for non-interactive scripts, or for integrating third-party websites into Launchpad. scCs"dtƒkrddlandS(sGEnsure the keyring module is imported (postponing side effects). The keyring module initializes the environment-dependent backend at import time (nasty). We want to avoid that initialization because it may do things like prompt the user to unlock their password store (e.g., KWallet). tkeyringiÿÿÿÿN(tglobalsRd(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyt_ensure_keyring_imported4s cCs@|jƒ|jƒ}|jt|ƒ}tjd||ƒdS(s2Store newly-authorized credentials in the keyring.t launchpadlibN(RfRt B64MARKERR Rdt set_password(RRRbR((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR[As   cCs§|jƒtjd|ƒ}|dk r£|jdƒ}|j|jƒr~yt|t|jƒƒ}Wq~t k rzdSXnyt j |ƒ}|SWq£dSXndS(s&Retrieve credentials from the keyring.Rgtutf8N( RfRdt get_passwordR+tencodet startswithRhR RUt TypeErrorRR(RRbtcredential_stringR((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRaLs"    (RGRHRIRht staticmethodRfR[Ra(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRc*s  tUnencryptedFileCredentialStorecBs,eZdZdd„Zd„Zd„ZRS(s‘Store credentials unencrypted in a file on disk. This is a good solution for scripts that need to run without any user interaction. cCs#tt|ƒj|ƒ||_dS(N(RXRqRYtfilename(RRrRZ((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRYmscCs|j|jƒdS(sSave the credentials to disk.N(t save_to_pathRr(RRRb((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR[rscCsItjj|jƒrEtj|jƒtjdk rEtj|jƒSdS(sLoad the credentials from disk.iN( tostpathtexistsRrtstattST_SIZERtload_from_pathR+(RRb((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRavs N(RGRHRIR+RYR[Ra(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRqfs  cBsYeZdZdZdddd„Zed„ƒZd„Zd„Z d„Z d„Z RS( s/The superclass of all request token authorizers. This base class does not implement request token authorization, since that varies depending on how you want the end-user to authorize a request token. You'll need to subclass this class and implement `make_end_user_authorize_token`. t UNAUTHORIZEDcCs×tj|ƒ|_tj|ƒ|_|dkrK|dkrKtdƒ‚n|dk r||dk r|td||fƒ‚n|dkr dg}t|ƒ}nt|ƒ}|}||_ ||_ |pÍg|_ dS(sDBase class initialization. :param service_root: The root of the Launchpad instance being used. :param application_name: The name of the application that wants to use launchpadlib. This is used in conjunction with a desktop-wide integration. If you specify this argument, your values for consumer_name and allow_access_levels are ignored. :param consumer_name: The OAuth consumer name, for an application that wants its own point of integration into Launchpad. In almost all cases, you want to specify application_name instead and do a desktop-wide integration. The exception is when you're integrating a third-party website into Launchpad. :param allow_access_levels: A list of the Launchpad access levels to present to the user. ('READ_PUBLIC' and so on.) Your value for this argument will be ignored during a desktop-wide integration. :type allow_access_levels: A list of strings. s:You must provide either application_name or consumer_name.sZYou must provide only one of application_name and consumer_name. (You provided %r and %r.)tDESKTOP_INTEGRATIONN( Rtlookup_service_roott service_roottweb_root_for_service_rootR<R+t ValueErrorRRR*tapplication_nametallow_access_levels(RR}R€t consumer_nameRR*((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRY‰s"      cCs|jjd|jS(s7Return a string identifying this consumer on this host.t@(R*R/R}(R((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR^ÂscCsXdt|f}d}t|jƒdkrH|||j|jƒ7}nt|j|ƒS(sÞReturn the authorization URL for a request token. This is the URL the end-user must visit to authorize the token. How exactly does this happen? That depends on the subclass implementation. s%s?oauth_token=%ss&allow_permission=i(R:RURtjoinR R<(Rt request_tokentpagetallow_permission((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pytauthorization_urlÇscCsI|j|ƒ}|j||ƒ|jdkr2dS|j||jƒ|S(sdAuthorize a token and associate it with the given credentials. If the credential store runs into a problem storing the credential locally, the `credential_save_failed` callback will be invoked. The callback will not be invoked if there's a problem authorizing the credentials. :param credentials: A `Credentials` object. If the end-user authorizes these credentials, this object will have its .access_token property set. :param credential_store: A `CredentialStore` object. If the end-user authorizes the credentials, they will be persisted locally using this object. :return: If the credentials are successfully authorized, the return value is the `Credentials` object originally passed in. Otherwise the return value is None. N(RBtmake_end_user_authorize_tokenR-R+RR^(RRtcredential_storetrequest_token_string((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyt__call__Ös cCs&|jd|jdtjƒ}|dS(s\Get a new request token from the server. :param return: The request token. R<R=RC(RBR<RR1(RRtauthorization_json((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRBôs   cCs tƒ‚dS(s5Authorize the given request token using the given credentials. Your subclass must implement this method: it has no default implementation. Because an access token may expire or be revoked in the middle of a session, this method may be called at arbitrary points in a launchpadlib session, or even multiple times during a single session (with a different request token each time). In most cases, however, this method will be called at the beginning of a launchpadlib session, or not at all. N(R`(RRR…((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR‰þsN( RGRHRItUNAUTHORIZED_ACCESS_LEVELR+RYtpropertyR^RˆRŒRBR‰(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR~s8   cBsJeZdZdZdZdZdZdddd„Zd„Z d„Z RS( sßThe simplest (and, right now, the only) request token authorizer. This authorizer simply opens up the end-user's web browser to a Launchpad URL and lets the end-user authorize the request token themselves. sThe authorization page: (%s) should be opening in your browser. Use your browser to authorize this program to access Launchpad on your behalf.s1Press any key to continue or wait (%d) seconds...is5Waiting to hear from Launchpad about your decision...cCs#tt|ƒj||d|ƒdS(soConstructor. :param service_root: See `RequestTokenAuthorizationEngine`. :param application_name: See `RequestTokenAuthorizationEngine`. :param consumer_name: The value of this argument is ignored. If we have the capability to open the end-user's web browser, we must be running on the end-user's computer, so we should do a full desktop integration. :param credential_save_failed: See `RequestTokenAuthorizationEngine`. :param allow_access_levels: The value of this argument is ignored, for the same reason as consumer_name. N(RXRRYR+(RR}R€R‚RZR((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRYs cCs |GHdS(s³Display a message. By default, prints the message to standard output. The message does not require any user interaction--it's solely informative. N((Rtmessage((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pytoutput1scCs#|j|ƒ}|j|j|ƒ|j|j|jƒttggg|jƒ\}}}|rqtjƒn|j|jƒt j |ƒxŽ|j dkrt jtƒy|j|jƒPWq‘tk r}|jjdkrøt|jƒ‚q|jjdkr qdGH|GHq‘Xq‘WdS(s7Have the end-user authorize the token in their browser.i“i‘s#Unexpected response from Launchpad:N(RˆR‘tWAITING_FOR_USERtTIMEOUT_MESSAGEtTIMEOUTRR treadlinetWAITING_FOR_LAUNCHPADt webbrowsertopenR-R+ttimetsleeptaccess_token_poll_timeRFR<RR@R5tEndUserDeclinedAuthorizationRA(RRR…Rˆtrlistt_R_((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR‰:s*$    N( RGRHRIR’R“R”R–R+RYR‘R‰(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRs tTokenAuthorizationExceptioncBseZRS((RGRH(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRŸ[stRequestTokenAlreadyAuthorizedcBseZRS((RGRH(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR _sRœcBseZRS((RGRH(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRœcst ClientErrorcBseZRS((RGRH(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR¡gst ServerErrorcBseZRS((RGRH(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR¢kstNoLaunchpadAccountcBseZRS((RGRH(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR£ostTooManyAuthenticationFailurescBseZRS((RGRH(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR¤ss(9RIttypet __metaclass__t__all__RRt cStringIORR2RtRRwtsysR R™turllibR turlparseR R—tbase64R R R6tlazr.restfulclient.errorsRt"lazr.restfulclient.authorize.oauthRt _AccessTokenRRRRgRR0RER:R›t MemoryErrortKeyboardInterruptt SystemExitR\RRtobjectRRcRqRRR]RŸR RœR¡R¢R£R¤(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pytsX        "v K<‘L