Mercurial > repos > guerler > hhblits
comparison lib/python3.8/site-packages/pip/_vendor/requests/auth.py @ 1:64071f2a4cf0 draft default tip
Deleted selected files
author | guerler |
---|---|
date | Mon, 27 Jul 2020 03:55:49 -0400 |
parents | 9e54283cc701 |
children |
comparison
equal
deleted
inserted
replaced
0:9e54283cc701 | 1:64071f2a4cf0 |
---|---|
1 # -*- coding: utf-8 -*- | |
2 | |
3 """ | |
4 requests.auth | |
5 ~~~~~~~~~~~~~ | |
6 | |
7 This module contains the authentication handlers for Requests. | |
8 """ | |
9 | |
10 import os | |
11 import re | |
12 import time | |
13 import hashlib | |
14 import threading | |
15 import warnings | |
16 | |
17 from base64 import b64encode | |
18 | |
19 from .compat import urlparse, str, basestring | |
20 from .cookies import extract_cookies_to_jar | |
21 from ._internal_utils import to_native_string | |
22 from .utils import parse_dict_header | |
23 | |
24 CONTENT_TYPE_FORM_URLENCODED = 'application/x-www-form-urlencoded' | |
25 CONTENT_TYPE_MULTI_PART = 'multipart/form-data' | |
26 | |
27 | |
28 def _basic_auth_str(username, password): | |
29 """Returns a Basic Auth string.""" | |
30 | |
31 # "I want us to put a big-ol' comment on top of it that | |
32 # says that this behaviour is dumb but we need to preserve | |
33 # it because people are relying on it." | |
34 # - Lukasa | |
35 # | |
36 # These are here solely to maintain backwards compatibility | |
37 # for things like ints. This will be removed in 3.0.0. | |
38 if not isinstance(username, basestring): | |
39 warnings.warn( | |
40 "Non-string usernames will no longer be supported in Requests " | |
41 "3.0.0. Please convert the object you've passed in ({!r}) to " | |
42 "a string or bytes object in the near future to avoid " | |
43 "problems.".format(username), | |
44 category=DeprecationWarning, | |
45 ) | |
46 username = str(username) | |
47 | |
48 if not isinstance(password, basestring): | |
49 warnings.warn( | |
50 "Non-string passwords will no longer be supported in Requests " | |
51 "3.0.0. Please convert the object you've passed in ({!r}) to " | |
52 "a string or bytes object in the near future to avoid " | |
53 "problems.".format(password), | |
54 category=DeprecationWarning, | |
55 ) | |
56 password = str(password) | |
57 # -- End Removal -- | |
58 | |
59 if isinstance(username, str): | |
60 username = username.encode('latin1') | |
61 | |
62 if isinstance(password, str): | |
63 password = password.encode('latin1') | |
64 | |
65 authstr = 'Basic ' + to_native_string( | |
66 b64encode(b':'.join((username, password))).strip() | |
67 ) | |
68 | |
69 return authstr | |
70 | |
71 | |
72 class AuthBase(object): | |
73 """Base class that all auth implementations derive from""" | |
74 | |
75 def __call__(self, r): | |
76 raise NotImplementedError('Auth hooks must be callable.') | |
77 | |
78 | |
79 class HTTPBasicAuth(AuthBase): | |
80 """Attaches HTTP Basic Authentication to the given Request object.""" | |
81 | |
82 def __init__(self, username, password): | |
83 self.username = username | |
84 self.password = password | |
85 | |
86 def __eq__(self, other): | |
87 return all([ | |
88 self.username == getattr(other, 'username', None), | |
89 self.password == getattr(other, 'password', None) | |
90 ]) | |
91 | |
92 def __ne__(self, other): | |
93 return not self == other | |
94 | |
95 def __call__(self, r): | |
96 r.headers['Authorization'] = _basic_auth_str(self.username, self.password) | |
97 return r | |
98 | |
99 | |
100 class HTTPProxyAuth(HTTPBasicAuth): | |
101 """Attaches HTTP Proxy Authentication to a given Request object.""" | |
102 | |
103 def __call__(self, r): | |
104 r.headers['Proxy-Authorization'] = _basic_auth_str(self.username, self.password) | |
105 return r | |
106 | |
107 | |
108 class HTTPDigestAuth(AuthBase): | |
109 """Attaches HTTP Digest Authentication to the given Request object.""" | |
110 | |
111 def __init__(self, username, password): | |
112 self.username = username | |
113 self.password = password | |
114 # Keep state in per-thread local storage | |
115 self._thread_local = threading.local() | |
116 | |
117 def init_per_thread_state(self): | |
118 # Ensure state is initialized just once per-thread | |
119 if not hasattr(self._thread_local, 'init'): | |
120 self._thread_local.init = True | |
121 self._thread_local.last_nonce = '' | |
122 self._thread_local.nonce_count = 0 | |
123 self._thread_local.chal = {} | |
124 self._thread_local.pos = None | |
125 self._thread_local.num_401_calls = None | |
126 | |
127 def build_digest_header(self, method, url): | |
128 """ | |
129 :rtype: str | |
130 """ | |
131 | |
132 realm = self._thread_local.chal['realm'] | |
133 nonce = self._thread_local.chal['nonce'] | |
134 qop = self._thread_local.chal.get('qop') | |
135 algorithm = self._thread_local.chal.get('algorithm') | |
136 opaque = self._thread_local.chal.get('opaque') | |
137 hash_utf8 = None | |
138 | |
139 if algorithm is None: | |
140 _algorithm = 'MD5' | |
141 else: | |
142 _algorithm = algorithm.upper() | |
143 # lambdas assume digest modules are imported at the top level | |
144 if _algorithm == 'MD5' or _algorithm == 'MD5-SESS': | |
145 def md5_utf8(x): | |
146 if isinstance(x, str): | |
147 x = x.encode('utf-8') | |
148 return hashlib.md5(x).hexdigest() | |
149 hash_utf8 = md5_utf8 | |
150 elif _algorithm == 'SHA': | |
151 def sha_utf8(x): | |
152 if isinstance(x, str): | |
153 x = x.encode('utf-8') | |
154 return hashlib.sha1(x).hexdigest() | |
155 hash_utf8 = sha_utf8 | |
156 elif _algorithm == 'SHA-256': | |
157 def sha256_utf8(x): | |
158 if isinstance(x, str): | |
159 x = x.encode('utf-8') | |
160 return hashlib.sha256(x).hexdigest() | |
161 hash_utf8 = sha256_utf8 | |
162 elif _algorithm == 'SHA-512': | |
163 def sha512_utf8(x): | |
164 if isinstance(x, str): | |
165 x = x.encode('utf-8') | |
166 return hashlib.sha512(x).hexdigest() | |
167 hash_utf8 = sha512_utf8 | |
168 | |
169 KD = lambda s, d: hash_utf8("%s:%s" % (s, d)) | |
170 | |
171 if hash_utf8 is None: | |
172 return None | |
173 | |
174 # XXX not implemented yet | |
175 entdig = None | |
176 p_parsed = urlparse(url) | |
177 #: path is request-uri defined in RFC 2616 which should not be empty | |
178 path = p_parsed.path or "/" | |
179 if p_parsed.query: | |
180 path += '?' + p_parsed.query | |
181 | |
182 A1 = '%s:%s:%s' % (self.username, realm, self.password) | |
183 A2 = '%s:%s' % (method, path) | |
184 | |
185 HA1 = hash_utf8(A1) | |
186 HA2 = hash_utf8(A2) | |
187 | |
188 if nonce == self._thread_local.last_nonce: | |
189 self._thread_local.nonce_count += 1 | |
190 else: | |
191 self._thread_local.nonce_count = 1 | |
192 ncvalue = '%08x' % self._thread_local.nonce_count | |
193 s = str(self._thread_local.nonce_count).encode('utf-8') | |
194 s += nonce.encode('utf-8') | |
195 s += time.ctime().encode('utf-8') | |
196 s += os.urandom(8) | |
197 | |
198 cnonce = (hashlib.sha1(s).hexdigest()[:16]) | |
199 if _algorithm == 'MD5-SESS': | |
200 HA1 = hash_utf8('%s:%s:%s' % (HA1, nonce, cnonce)) | |
201 | |
202 if not qop: | |
203 respdig = KD(HA1, "%s:%s" % (nonce, HA2)) | |
204 elif qop == 'auth' or 'auth' in qop.split(','): | |
205 noncebit = "%s:%s:%s:%s:%s" % ( | |
206 nonce, ncvalue, cnonce, 'auth', HA2 | |
207 ) | |
208 respdig = KD(HA1, noncebit) | |
209 else: | |
210 # XXX handle auth-int. | |
211 return None | |
212 | |
213 self._thread_local.last_nonce = nonce | |
214 | |
215 # XXX should the partial digests be encoded too? | |
216 base = 'username="%s", realm="%s", nonce="%s", uri="%s", ' \ | |
217 'response="%s"' % (self.username, realm, nonce, path, respdig) | |
218 if opaque: | |
219 base += ', opaque="%s"' % opaque | |
220 if algorithm: | |
221 base += ', algorithm="%s"' % algorithm | |
222 if entdig: | |
223 base += ', digest="%s"' % entdig | |
224 if qop: | |
225 base += ', qop="auth", nc=%s, cnonce="%s"' % (ncvalue, cnonce) | |
226 | |
227 return 'Digest %s' % (base) | |
228 | |
229 def handle_redirect(self, r, **kwargs): | |
230 """Reset num_401_calls counter on redirects.""" | |
231 if r.is_redirect: | |
232 self._thread_local.num_401_calls = 1 | |
233 | |
234 def handle_401(self, r, **kwargs): | |
235 """ | |
236 Takes the given response and tries digest-auth, if needed. | |
237 | |
238 :rtype: requests.Response | |
239 """ | |
240 | |
241 # If response is not 4xx, do not auth | |
242 # See https://github.com/requests/requests/issues/3772 | |
243 if not 400 <= r.status_code < 500: | |
244 self._thread_local.num_401_calls = 1 | |
245 return r | |
246 | |
247 if self._thread_local.pos is not None: | |
248 # Rewind the file position indicator of the body to where | |
249 # it was to resend the request. | |
250 r.request.body.seek(self._thread_local.pos) | |
251 s_auth = r.headers.get('www-authenticate', '') | |
252 | |
253 if 'digest' in s_auth.lower() and self._thread_local.num_401_calls < 2: | |
254 | |
255 self._thread_local.num_401_calls += 1 | |
256 pat = re.compile(r'digest ', flags=re.IGNORECASE) | |
257 self._thread_local.chal = parse_dict_header(pat.sub('', s_auth, count=1)) | |
258 | |
259 # Consume content and release the original connection | |
260 # to allow our new request to reuse the same one. | |
261 r.content | |
262 r.close() | |
263 prep = r.request.copy() | |
264 extract_cookies_to_jar(prep._cookies, r.request, r.raw) | |
265 prep.prepare_cookies(prep._cookies) | |
266 | |
267 prep.headers['Authorization'] = self.build_digest_header( | |
268 prep.method, prep.url) | |
269 _r = r.connection.send(prep, **kwargs) | |
270 _r.history.append(r) | |
271 _r.request = prep | |
272 | |
273 return _r | |
274 | |
275 self._thread_local.num_401_calls = 1 | |
276 return r | |
277 | |
278 def __call__(self, r): | |
279 # Initialize per-thread state, if needed | |
280 self.init_per_thread_state() | |
281 # If we have a saved nonce, skip the 401 | |
282 if self._thread_local.last_nonce: | |
283 r.headers['Authorization'] = self.build_digest_header(r.method, r.url) | |
284 try: | |
285 self._thread_local.pos = r.body.tell() | |
286 except AttributeError: | |
287 # In the case of HTTPDigestAuth being reused and the body of | |
288 # the previous request was a file-like object, pos has the | |
289 # file position of the previous body. Ensure it's set to | |
290 # None. | |
291 self._thread_local.pos = None | |
292 r.register_hook('response', self.handle_401) | |
293 r.register_hook('response', self.handle_redirect) | |
294 self._thread_local.num_401_calls = 1 | |
295 | |
296 return r | |
297 | |
298 def __eq__(self, other): | |
299 return all([ | |
300 self.username == getattr(other, 'username', None), | |
301 self.password == getattr(other, 'password', None) | |
302 ]) | |
303 | |
304 def __ne__(self, other): | |
305 return not self == other |