U
    6³dÈ  ã                   @   s‚   d Z ddlZddlZddlZddlZddlZddlmZ G dd„ dejƒZ	G dd„ de
ƒZe ej¡G dd	„ d	e
ƒƒZd
d„ ZdS )a'  OAuth 2.0 Utilities.

This module provides implementations for various OAuth 2.0 utilities.
This includes `OAuth error handling`_ and
`Client authentication for OAuth flows`_.

OAuth error handling
--------------------
This will define interfaces for handling OAuth related error responses as
stated in `RFC 6749 section 5.2`_.
This will include a common function to convert these HTTP error responses to a
:class:`google.auth.exceptions.OAuthError` exception.


Client authentication for OAuth flows
-------------------------------------
We introduce an interface for defining client authentication credentials based
on `RFC 6749 section 2.3.1`_. This will expose the following
capabilities:

    * Ability to support basic authentication via request header.
    * Ability to support bearer token authentication via request header.
    * Ability to support client ID / secret authentication via request body.

.. _RFC 6749 section 2.3.1: https://tools.ietf.org/html/rfc6749#section-2.3.1
.. _RFC 6749 section 5.2: https://tools.ietf.org/html/rfc6749#section-5.2
é    N)Ú
exceptionsc                   @   s   e Zd ZdZdZdS )ÚClientAuthTypeé   é   N)Ú__name__Ú
__module__Ú__qualname__ÚbasicÚrequest_body© r   r   ú7/tmp/pip-unpacked-wheel-h3lf9jv9/google/oauth2/utils.pyr   7   s   r   c                   @   s   e Zd ZdZddd„ZdS )ÚClientAuthenticationz“Defines the client authentication credentials for basic and request-body
    types based on https://tools.ietf.org/html/rfc6749#section-2.3.1.
    Nc                 C   s   || _ || _|| _dS )a€  Instantiates a client authentication object containing the client ID
        and secret credentials for basic and response-body auth.

        Args:
            client_auth_type (google.oauth2.oauth_utils.ClientAuthType): The
                client authentication type.
            client_id (str): The client ID.
            client_secret (Optional[str]): The client secret.
        N)Úclient_auth_typeÚ	client_idÚclient_secret)Úselfr   r   r   r   r   r   Ú__init__A   s    
zClientAuthentication.__init__)N)r   r   r   Ú__doc__r   r   r   r   r   r   <   s   r   c                       s>   e Zd ZdZd‡ fdd„	Zddd„Zddd„Zd	d
„ Z‡  ZS )ÚOAuthClientAuthHandlerzUAbstract class for handling client authentication in OAuth-based
    operations.
    Nc                    s   t t| ƒ ¡  || _dS )zîInstantiates an OAuth client authentication handler.

        Args:
            client_authentication (Optional[google.oauth2.utils.ClientAuthentication]):
                The OAuth client authentication credentials if available.
        N)Úsuperr   r   Ú_client_authentication)r   Zclient_authentication©Ú	__class__r   r   r   V   s    zOAuthClientAuthHandler.__init__c                 C   s"   |   ||¡ |dkr|  |¡ dS )a¼  Applies client authentication on the OAuth request's headers or POST
        body.

        Args:
            headers (Mapping[str, str]): The HTTP request header.
            request_body (Optional[Mapping[str, str]]): The HTTP request body
                dictionary. For requests that do not support request body, this
                is None and will be ignored.
            bearer_token (Optional[str]): The optional bearer token.
        N)Ú_inject_authenticated_headersÚ"_inject_authenticated_request_body)r   Úheadersr
   Úbearer_tokenr   r   r   Ú#apply_client_authentication_options`   s    z:OAuthClientAuthHandler.apply_client_authentication_optionsc                 C   sl   |d k	rd| |d< nR| j d k	rh| j jtjkrh| j j}| j jp@d}t d||f  ¡ ¡ 	¡ }d| |d< d S )Nz	Bearer %sÚAuthorizationÚ z%s:%szBasic %s)
r   r   r   r	   r   r   Úbase64Ú	b64encodeÚencodeÚdecode)r   r   r   ÚusernameÚpasswordÚcredentialsr   r   r   r   s   s    ÿþÿz4OAuthClientAuthHandler._inject_authenticated_headersc                 C   sL   | j d k	rH| j jtjkrH|d kr,t d¡‚n| j j|d< | j jpBd|d< d S )Nz*HTTP request does not support request-bodyr   r   r   )r   r   r   r
   r   Ú
OAuthErrorr   r   )r   r
   r   r   r   r   ‚   s    ÿÿþÿ
ÿz9OAuthClientAuthHandler._inject_authenticated_request_body)N)NN)N)	r   r   r   r   r   r   r   r   Ú__classcell__r   r   r   r   r   P   s      ÿ

r   c              	   C   s–   zhg }t  | ¡}| d |d ¡¡ d|kr@| d |d ¡¡ d|kr\| d |d ¡¡ d |¡}W n ttfk
r„   | }Y nX t || ¡‚dS )	zÕTranslates an error response from an OAuth operation into an
    OAuthError exception.

    Args:
        response_body (str): The decoded response data.

    Raises:
        google.auth.exceptions.OAuthError
    zError code {}ÚerrorZerror_descriptionz: {}Z	error_uriz - {}r   N)	ÚjsonÚloadsÚappendÚformatÚjoinÚKeyErrorÚ
ValueErrorr   r'   )Zresponse_bodyZerror_componentsZ
error_dataZerror_detailsr   r   r   Úhandle_error_response“   s    


r1   )r   Úabcr    Úenumr*   ÚsixZgoogle.authr   ÚEnumr   Úobjectr   Úadd_metaclassÚABCMetar   r1   r   r   r   r   Ú<module>   s   
B