diff options
author | Asif Saif Uddin <auvipy@gmail.com> | 2020-05-20 20:10:04 +0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-20 20:10:04 +0600 |
commit | dc4d464bc83588d345e021398618fc1da2705fe1 (patch) | |
tree | 0130ddb4c5b87d7551564000d339d30ed4d6fcf2 | |
parent | b3550fe5886dfc6d85136b0e46b499fffa864493 (diff) | |
parent | 0404b486b11b81de780234b944179fa7bde6f2b7 (diff) | |
download | oauthlib-dc4d464bc83588d345e021398618fc1da2705fe1.tar.gz |
Merge branch 'master' into doc-dynreg
128 files changed, 746 insertions, 452 deletions
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 9d4faec..a77947b 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,6 +1,6 @@ # These are supported funding model platforms -github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] +github: [JonathanHuot] patreon: # Replace with a single Patreon username open_collective: # Replace with a single Open Collective username ko_fi: # Replace with a single Ko-fi username diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e07ec3c..c42df83 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,33 +1,51 @@ Changelog ========= -3.1.0 (TBD) +3.1.1 (TBD) ------------------ +OAuth2.0 Client - Bugfixes + * #730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently + relies on the `scope` provided in the constructor if any, except if overridden temporarily + in a method call. Note that in particular providing a non-None `scope` in + `prepare_authorization_request` or `prepare_refresh_token` does not override anymore + `self.scope` forever, it is just used temporarily. + * #726: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response, + ServiceApplicationClient.prepare_request_body, + and WebApplicationClient.prepare_request_uri now correctly use the default `scope` provided in + constructor. + * #725: LegacyApplicationClient.prepare_request_body now correctly uses the default `scope` provided in constructor + +3.1.0 (2019-08-06) +------------------ OAuth2.0 Provider - Features -* #660: OIDC add support of nonce, c_hash, at_hash fields - - New RequestValidator.fill_id_token method - - Deprecated RequestValidator.get_id_token method -* #677: OIDC add UserInfo endpoint - - New RequestValidator.get_userinfo_claims method + + * #660: OIDC add support of `nonce`, `c_hash`, `at_hash fields` + - New `RequestValidator.fill_id_token` method + - Deprecated `RequestValidator.get_id_token` method + * #677: OIDC add `UserInfo` endpoint - New `RequestValidator.get_userinfo_claims` method OAuth2.0 Provider - Security -* #665: Enhance data leak to logs - - New default to not expose request content in logs - - New function `oauthlib.set_debug(True)` -* #666: Disabling query parameters for POST requests + + * #665: Enhance data leak to logs + * New default to not expose request content in logs + * New function `oauthlib.set_debug(True)` + * #666: Disabling query parameters for POST requests OAuth2.0 Provider - Bugfixes -* #670: Fix validate_authorization_request to return the new PKCE fields -* #674: Fix token_type to be case-insensitive (bearer and Bearer) + + * #670: Fix `validate_authorization_request` to return the new PKCE fields + * #674: Fix `token_type` to be case-insensitive (`bearer` and `Bearer`) OAuth2.0 Client - Bugfixes -* #290: Fix Authorization Code's errors processing -* #603: BackendApplication.Client.prepare_request_body use the "scope" argument as intended. -* #672: Fix edge case when expires_in=Null + + * #290: Fix Authorization Code's errors processing + * #603: BackendApplicationClient.prepare_request_body use the `scope` argument as intended. + * #672: Fix edge case when `expires_in=Null` OAuth1.0 Client -* #669: Add case-insensitive headers to oauth1 BaseEndpoint + + * #669: Add case-insensitive headers to oauth1 `BaseEndpoint` 3.0.2 (2019-07-04) ------------------ @@ -34,6 +34,12 @@ clean-build: @rm -fr dist/ @rm -fr *.egg-info +format fmt: + isort --recursive oauthlib tests + +lint: + isort --recursive --check-only --diff oauthlib tests + test: tox diff --git a/docs/contributing.rst b/docs/contributing.rst index 4a46e3b..eed3866 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -188,7 +188,7 @@ submit a breaking change, confirm that other projects builds are not affected. $ make -If you add code you need to add tests! +If you add code, add tests! -------------------------------------- We've learned the hard way that code without tests is undependable. If your pull @@ -303,7 +303,7 @@ First we pull the code into a local branch:: Then we run the tests:: - pytest + tox We finish with a non-fastforward merge (to preserve the branch history) and push to GitHub:: @@ -312,6 +312,19 @@ to GitHub:: git merge --no-ff <branch-name> git push upstream master +Sponsoring +========== + +The OAuthlib project is open to sponsoring. + +As a sponsor, you can participate by clicking on the "Sponsor" button in +the https://github.com/oauthlib/oauthlib homepage. + +As a contributor, you can adhere to the sponsoring program. Feel free +to open a PR by adding your name into the ``.github/FUNDING.yml`` +file. + + .. _installation: install.html .. _GitHub project: https://github.com/oauthlib/oauthlib .. _issue tracker: https://github.com/oauthlib/oauthlib/issues diff --git a/docs/oauth2/grants/custom_grant.rst b/docs/oauth2/grants/custom_grant.rst new file mode 100644 index 0000000..8c4571c --- /dev/null +++ b/docs/oauth2/grants/custom_grant.rst @@ -0,0 +1,78 @@ +================= +Custom Grant type +================= + +Writing a custom grant type can be useful to implement a specification +which is in an early draft, or implement a grant provided by a +specific OAuth2.0 Authorization Server documentation but not provided +by oauthlib. For information, any grant types with a clear +specification can be integrated in oauthlib, just make a PR for that ! +See :doc:`how to contribute here </contributing>`. + +Please find how to create a new grant and use it in an endpoint: + +.. contents:: Tutorial Contents + :depth: 3 + + +1. Define your Grant Type +------------------------- +The heart of your code is done by subclassing +:py:class:`GrantTypeBase`. If you want to use it in the Authorize +endpoint, you will have to implement +:py:meth:`create_authorization_response`, if you want to use the Token +endpoint, implement :py:meth:`create_token_response`. You can also +implement both. + +2. Implement the grant +---------------------- +Inside the method's implementation, you will have to: + +* add validations of the request (syntax, parameters, ...) +* call and orchestrate one or multiple Request Validators calls +* generate and return HTTP response + +You can define new Request Validator methods if needed, or reuse the +existing ones. + +3. Associate it with Endpoints +------------------------------ +Then, once implemented, you have to instanciate the grant object and +bind it to your endpoint. Either :py:class:`AuthorizationEndpoint`, +:py:class:`TokenEndpoint` or both. + +4. Example +---------- +This example shows how to add a simple extension to the `Token endpoint`: + +* creation of a new class ``MyCustomGrant``, and implement ``create_token_response``. +* do basics and custom request validations, then call a custom method + of `Request Validator` to extend the interface for the implementor. +* instanciate the new grant, and bind it with an existing ``Server``. + +.. code-block:: python + + grant_name = 'urn:ietf:params:oauth:grant-type:my-custom-grant' + + class MyCustomGrant(GrantTypeBase): + def create_token_response(self, request, token_handler): + if not request.grant_type == grant_name: + raise errors.UnsupportedGrantTypeError(request=request) + + # implement your custom validation checks + # .. + self.request_validator.your_custom_check(request) + + token = token_handler.create_token(request) + return self._get_default_headers(), json.dumps(token), 200 + + def setup_oauthlib(): + my_custom_grant = MyCustomGrant() + server = Server(request_validator) + server.grant_types[grant_name] = my_custom_grant + + +You can find concrete examples directly in the code source of existing +grants and existing servers. See Grant Types in +:py:mod:`oauthlib.oauth2.rfc749.grant_types`, and Servers in +:py:mod:`oauthlib.oauth2.rfc749.endpoints.pre_configured` diff --git a/docs/oauth2/grants/custom_validators.rst b/docs/oauth2/grants/custom_validators.rst index 4629e6f..9917dd7 100644 --- a/docs/oauth2/grants/custom_validators.rst +++ b/docs/oauth2/grants/custom_validators.rst @@ -1,5 +1,15 @@ Custom Validators ----------------- -.. autoclass:: oauthlib.oauth2.rfc6749.grant_types.base.ValidatorsContainer +The Custom validators are useful when you want to change a particular +behavior of an existing grant. That is often needed because of the +diversity of the identity softwares and to let the oauthlib framework to be +flexible as possible. + +However, if you are looking into writing a custom grant type, please +refer to the :doc:`Custom Grant Type </oauth2/grants/custom_grant>` +instead. + +.. autoclass:: + oauthlib.oauth2.rfc6749.grant_types.base.ValidatorsContainer :members: diff --git a/docs/oauth2/grants/grants.rst b/docs/oauth2/grants/grants.rst index 16b17be..e183761 100644 --- a/docs/oauth2/grants/grants.rst +++ b/docs/oauth2/grants/grants.rst @@ -9,23 +9,32 @@ Grant types implicit password credentials - custom_validators + refresh jwt + custom_validators + custom_grant -Grant types are what make OAuth 2 so flexible. The Authorization Code grant is -very similar to OAuth 1 (with less crypto), the Implicit grant serves less -secure applications such as mobile applications, the Resource Owner Password -Credentials grant allows for legacy applications to incrementally transition to -OAuth 2, the Client Credentials grant is excellent for embedded services and -backend applications. +Grant types are what make OAuth 2 so flexible. The :doc:`Authorization +Code grant </oauth2/grants/authcode>` is the default for almost all +Web Applications, the :doc:`Implicit grant </oauth2/grants/implicit>` +serves less secure applications such as Mobile Applications or +Single-Page Applications, the :doc:`Client Credentials grant +</oauth2/grants/credentials>` is excellent for embedded services and +backend applications. We have also the :doc:`Resource Owner Password +Credentials grant </oauth2/grants/password>` when there is a high +degree of trust between the resource owner and the client, and when +other authorization grant types are not available. This is also often +used for legacy applications to incrementally transition to OAuth 2. The main purpose of the grant types is to authorize access to protected resources in various ways with different security credentials. Naturally, OAuth 2 allows for extension grant types to be defined and OAuthLib -attempts to cater for easy inclusion of this as much as possible. +attempts to cater for easy inclusion of this as much as possible. See +:doc:`Custom Grant Type </oauth2/grants/custom_grant>`. -OAuthlib also offers hooks for registering your own custom validations for use +OAuthlib also offers hooks for registering your own :doc:`Custom +Validators </oauth2/grants/custom_validators>` for use with the existing grant type handlers (:py:class:`oauthlib.oauth2.rfc6749.grant_types.base.ValidatorsContainer`). In some situations, this may be more convenient than subclassing or writing @@ -36,6 +45,7 @@ client to request new tokens for as long as you as provider allow them too. In general, OAuth 2 tokens should expire quickly and rather than annoying the user by require them to go through the authorization redirect loop you may use the refresh token to get a new access token. Refresh tokens, contrary to what their -name suggest, are components of a grant type rather than token types (like +name suggest, are components of a grant type (see :doc:`Refresh Token +grant </oauth2/grants/refresh>`) rather than token types (like Bearer tokens), much like the authorization code in the authorization code grant. diff --git a/docs/oauth2/grants/refresh.rst b/docs/oauth2/grants/refresh.rst new file mode 100644 index 0000000..df925ff --- /dev/null +++ b/docs/oauth2/grants/refresh.rst @@ -0,0 +1,6 @@ +Refresh Token Grant +------------------------ + +.. autoclass:: oauthlib.oauth2.RefreshTokenGrant + :members: + :inherited-members: diff --git a/docs/oauth2/oidc.rst b/docs/oauth2/oidc.rst index d062386..a3810a6 100644 --- a/docs/oauth2/oidc.rst +++ b/docs/oauth2/oidc.rst @@ -1,16 +1,21 @@ OpenID Connect ============== -OpenID Connect represents a substantial set of behaviors and interactions built on the foundations of OAuth2. OAuthLib supports -OpenID Connect `Authentication flows`_ when the initial grant type request's ``scope`` parameter contains ``openid``. Clients wishing -to provide this support must implement several new features within their ``RequestValidator`` subclass. +OpenID Connect represents a substantial set of behaviors and +interactions built on the foundations of OAuth2. OAuthLib supports +OpenID Connect `Authentication flows`_ when the initial grant type +request's ``scope`` parameter contains ``openid``. Providers wishing +to provide this support must implement a couple of new features within +their ``RequestValidator`` subclass. + +A new userinfo endpoint can also be implemented to fulfill the core of OIDC. .. _`Authentication flows`: http://openid.net/specs/openid-connect-core-1_0.html#Authentication .. toctree:: :maxdepth: 2 - oidc/id_tokens oidc/validator - - + oidc/endpoints + oidc/grants + oidc/id_tokens diff --git a/docs/oauth2/oidc/authcode.rst b/docs/oauth2/oidc/authcode.rst new file mode 100644 index 0000000..11c4a62 --- /dev/null +++ b/docs/oauth2/oidc/authcode.rst @@ -0,0 +1,6 @@ +OpenID Authorization Code +------------------------- + +.. autoclass:: oauthlib.openid.connect.core.grant_types.AuthorizationCodeGrant + :members: + :inherited-members: diff --git a/docs/oauth2/oidc/dispatchers.rst b/docs/oauth2/oidc/dispatchers.rst new file mode 100644 index 0000000..f4d395e --- /dev/null +++ b/docs/oauth2/oidc/dispatchers.rst @@ -0,0 +1,24 @@ +Dispatchers +----------- + +.. contents:: + :depth: 2 + +Authorization Request +^^^^^^^^^^^^^^^^^^^^^ + +.. autoclass:: oauthlib.openid.connect.core.grant_types.ImplicitTokenGrantDispatcher + :members: + :inherited-members: + + +.. autoclass:: oauthlib.openid.connect.core.grant_types.AuthorizationCodeGrantDispatcher + :members: + :inherited-members: + +Token Request +^^^^^^^^^^^^^ + +.. autoclass:: oauthlib.openid.connect.core.grant_types.AuthorizationTokenGrantDispatcher + :members: + :inherited-members: diff --git a/docs/oauth2/oidc/endpoints.rst b/docs/oauth2/oidc/endpoints.rst new file mode 100644 index 0000000..51cd1e9 --- /dev/null +++ b/docs/oauth2/oidc/endpoints.rst @@ -0,0 +1,21 @@ +OpenID Provider Endpoints +========================= + +Endpoints in OpenID Connect Core adds a new UserInfo Endpoint. All +existing OAuth2.0 endpoints are common to both protocols. + +.. toctree:: + :maxdepth: 2 + + userinfo + +See also the related endpoints from OAuth2.0: + +.. hlist:: + :columns: 1 + + * :doc:`Authorization endpoint </oauth2/endpoints/authorization>` + * :doc:`Introspect endpoint </oauth2/endpoints/introspect>` + * :doc:`Token endpoint </oauth2/endpoints/token>` + * :doc:`Revocation endpoint </oauth2/endpoints/revocation>` + * :doc:`Resource endpoint </oauth2/endpoints/resource>` diff --git a/docs/oauth2/oidc/grants.rst b/docs/oauth2/oidc/grants.rst new file mode 100644 index 0000000..aa1f70f --- /dev/null +++ b/docs/oauth2/oidc/grants.rst @@ -0,0 +1,41 @@ +=========== +Grant types +=========== + +The OpenID Connect specification adds a new `Hybrid` flow and adds +variants to the existing `Authorization Code` and `Implicit` +flows. They share the same principle: having `openid` in the scope and +a combination of new `response_type` values. + + +.. list-table:: OpenID Connect "response_type" Values + :widths: 50 50 + :header-rows: 1 + + * - "response_type" value + - Flow + * - `code` + - Authorization Code Flow + * - `id_token` + - Implicit Flow + * - `id_token token` + - Implicit Flow + * - `code id_token` + - Hybrid Flow + * - `code token` + - Hybrid Flow + * - `code id_token token` + - Hybrid Flow + + +Special Dispatcher classes have been made to dynamically route the HTTP +requests to either an OAuth2.0 flow or an OIDC flow. It basically +checks the presence of `openid` scope in the parameters. + +.. toctree:: + :maxdepth: 2 + + dispatchers + authcode + implicit + hybrid diff --git a/docs/oauth2/oidc/hybrid.rst b/docs/oauth2/oidc/hybrid.rst new file mode 100644 index 0000000..6a6c2e7 --- /dev/null +++ b/docs/oauth2/oidc/hybrid.rst @@ -0,0 +1,6 @@ +OpenID Hybrid +------------- + +.. autoclass:: oauthlib.openid.connect.core.grant_types.HybridGrant + :members: + :inherited-members: diff --git a/docs/oauth2/oidc/implicit.rst b/docs/oauth2/oidc/implicit.rst new file mode 100644 index 0000000..08cef20 --- /dev/null +++ b/docs/oauth2/oidc/implicit.rst @@ -0,0 +1,6 @@ +OpenID Implicit +--------------- + +.. autoclass:: oauthlib.openid.connect.core.grant_types.ImplicitGrant + :members: + :inherited-members: diff --git a/docs/oauth2/oidc/userinfo.rst b/docs/oauth2/oidc/userinfo.rst new file mode 100644 index 0000000..7ba4fbf --- /dev/null +++ b/docs/oauth2/oidc/userinfo.rst @@ -0,0 +1,7 @@ +======================== +OpenID UserInfo endpoint +======================== + + +.. autoclass:: oauthlib.openid.connect.core.endpoints.userinfo.UserInfoEndpoint + :members: diff --git a/docs/oauth2/oidc/validator.rst b/docs/oauth2/oidc/validator.rst index 17f5825..a04e12e 100644 --- a/docs/oauth2/oidc/validator.rst +++ b/docs/oauth2/oidc/validator.rst @@ -1,7 +1,16 @@ -OpenID Connect -========================================= +Creating a Provider +============================================= -Migrate your OAuth2.0 server into an OIDC provider +.. contents:: + :depth: 2 + +1. Create an OIDC provider +----------------------- +If you don't have an OAuth2.0 Provider, you can follow the instructions at +:doc:`OAuth2.0 Creating a Provider </oauth2/server>`. Then, follow the +migration step below. + +2. Migrate your OAuth2.0 provider into an OIDC provider ---------------------------------------------------- If you have a OAuth2.0 provider running and want to upgrade to OIDC, you can @@ -19,13 +28,21 @@ Into from oauthlib.openid import Server from oauthlib.openid import RequestValidator -Then, you have to implement the new RequestValidator methods as shown below. -Note that a new UserInfo endpoint is defined and need a new controller into your webserver. +Then, you have to implement the new `RequestValidator` methods as +shown below. Note also that a new :doc:`UserInfo endpoint </oauth2/oidc/userinfo>` can be defined +and needs a new controller into your webserver. -RequestValidator Extension ----------------------------------------------------- +3. Extend RequestValidator +-------------------------- -A couple of methods must be implemented in your validator subclass if you wish to support OpenID Connect: +A couple of methods must be implemented in your validator subclass if +you wish to support OpenID Connect: .. autoclass:: oauthlib.openid.RequestValidator :members: + +4. Preconfigured all-in-one servers +----------------------------------- + +.. autoclass:: oauthlib.openid.connect.core.endpoints.pre_configured.Server + :members: diff --git a/docs/oauth2/server.rst b/docs/oauth2/server.rst index d9846c5..15420f3 100644 --- a/docs/oauth2/server.rst +++ b/docs/oauth2/server.rst @@ -239,6 +239,17 @@ the token. # the scopes into a string. scopes = django.db.models.TextField() +**Redirect URI**: + + If the client specifies a redirect_uri when obtaining code then that + redirect URI must be bound to the code and verified equal in this + method, according to RFC 6749 section 4.1. This field holds that + bound value. + + .. code-block:: python + + redirect_uri = django.db.models.TextField() + **Authorization Code**: An unguessable unique string of characters. diff --git a/examples/skeleton_oauth2_web_application_server.py b/examples/skeleton_oauth2_web_application_server.py index 9a30373..91859fc 100644 --- a/examples/skeleton_oauth2_web_application_server.py +++ b/examples/skeleton_oauth2_web_application_server.py @@ -54,13 +54,18 @@ class SkeletonValidator(RequestValidator): # Token request + def client_authentication_required(self, request, *args, **kwargs): + # Check if the client provided authentication information that needs to + # be validated, e.g. HTTP Basic auth + pass + def authenticate_client(self, request, *args, **kwargs): # Whichever authentication method suits you, HTTP Basic might work pass def authenticate_client_id(self, client_id, request, *args, **kwargs): - # Don't allow public (non-authenticated) clients - return False + # The client_id must match an existing public (non-confidential) client + pass def validate_code(self, client_id, code, client, request, *args, **kwargs): # Validate the code belongs to the client. Add associated scopes diff --git a/oauthlib/common.py b/oauthlib/common.py index e7131df..b5fbf52 100644 --- a/oauthlib/common.py +++ b/oauthlib/common.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.common ~~~~~~~~~~~~~~ @@ -12,10 +11,11 @@ import logging import re import time import urllib.parse as urlparse +from urllib.parse import ( + quote as _quote, unquote as _unquote, urlencode as _urlencode, +) + from . import get_debug -from urllib.parse import quote as _quote -from urllib.parse import unquote as _unquote -from urllib.parse import urlencode as _urlencode try: from secrets import randbits diff --git a/oauthlib/oauth1/__init__.py b/oauthlib/oauth1/__init__.py index e6d8a80..224fecf 100644 --- a/oauthlib/oauth1/__init__.py +++ b/oauthlib/oauth1/__init__.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth1 ~~~~~~~~~~~~~~ @@ -6,12 +5,17 @@ oauthlib.oauth1 This module is a wrapper for the most recent implementation of OAuth 1.0 Client and Server classes. """ -from .rfc5849 import Client -from .rfc5849 import SIGNATURE_HMAC, SIGNATURE_HMAC_SHA1, SIGNATURE_HMAC_SHA256, SIGNATURE_RSA, SIGNATURE_PLAINTEXT -from .rfc5849 import SIGNATURE_TYPE_AUTH_HEADER, SIGNATURE_TYPE_QUERY -from .rfc5849 import SIGNATURE_TYPE_BODY +from .rfc5849 import ( + SIGNATURE_HMAC, SIGNATURE_HMAC_SHA1, SIGNATURE_HMAC_SHA256, + SIGNATURE_PLAINTEXT, SIGNATURE_RSA, SIGNATURE_TYPE_AUTH_HEADER, + SIGNATURE_TYPE_BODY, SIGNATURE_TYPE_QUERY, Client, +) +from .rfc5849.endpoints import ( + AccessTokenEndpoint, AuthorizationEndpoint, RequestTokenEndpoint, + ResourceEndpoint, SignatureOnlyEndpoint, WebApplicationServer, +) +from .rfc5849.errors import ( + InsecureTransportError, InvalidClientError, InvalidRequestError, + InvalidSignatureMethodError, OAuth1Error, +) from .rfc5849.request_validator import RequestValidator -from .rfc5849.endpoints import RequestTokenEndpoint, AuthorizationEndpoint -from .rfc5849.endpoints import AccessTokenEndpoint, ResourceEndpoint -from .rfc5849.endpoints import SignatureOnlyEndpoint, WebApplicationServer -from .rfc5849.errors import InsecureTransportError, InvalidClientError, InvalidRequestError, InvalidSignatureMethodError, OAuth1Error diff --git a/oauthlib/oauth1/rfc5849/__init__.py b/oauthlib/oauth1/rfc5849/__init__.py index b629fc1..f7cd3f3 100644 --- a/oauthlib/oauth1/rfc5849/__init__.py +++ b/oauthlib/oauth1/rfc5849/__init__.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth1.rfc5849 ~~~~~~~~~~~~~~ @@ -9,14 +8,18 @@ for signing and checking OAuth 1.0 RFC 5849 requests. import base64 import hashlib import logging -log = logging.getLogger(__name__) - import urllib.parse as urlparse -from oauthlib.common import Request, urlencode, generate_nonce -from oauthlib.common import generate_timestamp, to_unicode +from oauthlib.common import ( + Request, generate_nonce, generate_timestamp, to_unicode, urlencode, +) + from . import parameters, signature +log = logging.getLogger(__name__) + + + SIGNATURE_HMAC_SHA1 = "HMAC-SHA1" SIGNATURE_HMAC_SHA256 = "HMAC-SHA256" SIGNATURE_HMAC = SIGNATURE_HMAC_SHA1 diff --git a/oauthlib/oauth1/rfc5849/endpoints/__init__.py b/oauthlib/oauth1/rfc5849/endpoints/__init__.py index 78ade72..9f30389 100644 --- a/oauthlib/oauth1/rfc5849/endpoints/__init__.py +++ b/oauthlib/oauth1/rfc5849/endpoints/__init__.py @@ -1,7 +1,8 @@ +from .access_token import AccessTokenEndpoint +from .authorization import AuthorizationEndpoint from .base import BaseEndpoint from .request_token import RequestTokenEndpoint -from .authorization import AuthorizationEndpoint -from .access_token import AccessTokenEndpoint from .resource import ResourceEndpoint from .signature_only import SignatureOnlyEndpoint -from .pre_configured import WebApplicationServer + +from .pre_configured import WebApplicationServer # isort:skip diff --git a/oauthlib/oauth1/rfc5849/endpoints/authorization.py b/oauthlib/oauth1/rfc5849/endpoints/authorization.py index 7d0353b..00d9576 100644 --- a/oauthlib/oauth1/rfc5849/endpoints/authorization.py +++ b/oauthlib/oauth1/rfc5849/endpoints/authorization.py @@ -6,11 +6,12 @@ oauthlib.oauth1.rfc5849.endpoints.authorization This module is an implementation of various logic needed for signing and checking OAuth 1.0 RFC 5849 requests. """ -from oauthlib.common import Request, add_params_to_uri +from urllib.parse import urlencode + +from oauthlib.common import add_params_to_uri from .. import errors from .base import BaseEndpoint -from urllib.parse import urlencode class AuthorizationEndpoint(BaseEndpoint): diff --git a/oauthlib/oauth1/rfc5849/endpoints/base.py b/oauthlib/oauth1/rfc5849/endpoints/base.py index f9a8f57..8103606 100644 --- a/oauthlib/oauth1/rfc5849/endpoints/base.py +++ b/oauthlib/oauth1/rfc5849/endpoints/base.py @@ -10,9 +10,11 @@ import time from oauthlib.common import CaseInsensitiveDict, Request, generate_token -from .. import (CONTENT_TYPE_FORM_URLENCODED, SIGNATURE_HMAC_SHA1, SIGNATURE_HMAC_SHA256, SIGNATURE_RSA, - SIGNATURE_TYPE_AUTH_HEADER, SIGNATURE_TYPE_BODY, - SIGNATURE_TYPE_QUERY, errors, signature, utils) +from .. import ( + CONTENT_TYPE_FORM_URLENCODED, SIGNATURE_HMAC_SHA1, SIGNATURE_HMAC_SHA256, + SIGNATURE_RSA, SIGNATURE_TYPE_AUTH_HEADER, SIGNATURE_TYPE_BODY, + SIGNATURE_TYPE_QUERY, errors, signature, utils, +) class BaseEndpoint: diff --git a/oauthlib/oauth1/rfc5849/endpoints/pre_configured.py b/oauthlib/oauth1/rfc5849/endpoints/pre_configured.py index b14a6d8..23e3cfc 100644 --- a/oauthlib/oauth1/rfc5849/endpoints/pre_configured.py +++ b/oauthlib/oauth1/rfc5849/endpoints/pre_configured.py @@ -1,5 +1,7 @@ -from . import (AccessTokenEndpoint, AuthorizationEndpoint, - RequestTokenEndpoint, ResourceEndpoint) +from . import ( + AccessTokenEndpoint, AuthorizationEndpoint, RequestTokenEndpoint, + ResourceEndpoint, +) class WebApplicationServer(RequestTokenEndpoint, AuthorizationEndpoint, diff --git a/oauthlib/oauth1/rfc5849/errors.py b/oauthlib/oauth1/rfc5849/errors.py index 98d327f..8774d40 100644 --- a/oauthlib/oauth1/rfc5849/errors.py +++ b/oauthlib/oauth1/rfc5849/errors.py @@ -1,4 +1,3 @@ -# coding=utf-8 """ oauthlib.oauth1.rfc5849.errors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/oauthlib/oauth1/rfc5849/parameters.py b/oauthlib/oauth1/rfc5849/parameters.py index 778a46d..2163772 100644 --- a/oauthlib/oauth1/rfc5849/parameters.py +++ b/oauthlib/oauth1/rfc5849/parameters.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.parameters ~~~~~~~~~~~~~~~~~~~ @@ -7,12 +6,12 @@ This module contains methods related to `section 3.5`_ of the OAuth 1.0a spec. .. _`section 3.5`: https://tools.ietf.org/html/rfc5849#section-3.5 """ +from urllib.parse import urlparse, urlunparse + from oauthlib.common import extract_params, urlencode from . import utils -from urllib.parse import urlparse, urlunparse - # TODO: do we need filter_params now that oauth_params are handled by Request? # We can easily pass in just oauth protocol params. diff --git a/oauthlib/oauth1/rfc5849/request_validator.py b/oauthlib/oauth1/rfc5849/request_validator.py index 657bfe3..dc5bf0e 100644 --- a/oauthlib/oauth1/rfc5849/request_validator.py +++ b/oauthlib/oauth1/rfc5849/request_validator.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth1.rfc5849 ~~~~~~~~~~~~~~ @@ -6,8 +5,6 @@ oauthlib.oauth1.rfc5849 This module is an implementation of various logic needed for signing and checking OAuth 1.0 RFC 5849 requests. """ -import sys - from . import SIGNATURE_METHODS, utils diff --git a/oauthlib/oauth1/rfc5849/signature.py b/oauthlib/oauth1/rfc5849/signature.py index fdc359e..0c22ef6 100644 --- a/oauthlib/oauth1/rfc5849/signature.py +++ b/oauthlib/oauth1/rfc5849/signature.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth1.rfc5849.signature ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -25,13 +24,12 @@ import binascii import hashlib import hmac import logging +import urllib.parse as urlparse from oauthlib.common import extract_params, safe_string_equals, urldecode -import urllib.parse as urlparse from . import utils - log = logging.getLogger(__name__) diff --git a/oauthlib/oauth1/rfc5849/utils.py b/oauthlib/oauth1/rfc5849/utils.py index 28e006a..8fb8302 100644 --- a/oauthlib/oauth1/rfc5849/utils.py +++ b/oauthlib/oauth1/rfc5849/utils.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.utils ~~~~~~~~~~~~~~ @@ -6,10 +5,9 @@ oauthlib.utils This module contains utility methods used by various parts of the OAuth spec. """ -from oauthlib.common import quote, unquote - import urllib.request as urllib2 +from oauthlib.common import quote, unquote UNICODE_ASCII_CHARACTER_SET = ('abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' diff --git a/oauthlib/oauth2/__init__.py b/oauthlib/oauth2/__init__.py index 9186800..a6e1ccc 100644 --- a/oauthlib/oauth2/__init__.py +++ b/oauthlib/oauth2/__init__.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2 ~~~~~~~~~~~~~~ @@ -6,29 +5,31 @@ oauthlib.oauth2 This module is a wrapper for the most recent implementation of OAuth 2.0 Client and Server classes. """ -from .rfc6749.clients import Client -from .rfc6749.clients import WebApplicationClient -from .rfc6749.clients import MobileApplicationClient -from .rfc6749.clients import LegacyApplicationClient -from .rfc6749.clients import BackendApplicationClient -from .rfc6749.clients import ServiceApplicationClient -from .rfc6749.endpoints import AuthorizationEndpoint -from .rfc6749.endpoints import IntrospectEndpoint -from .rfc6749.endpoints import MetadataEndpoint -from .rfc6749.endpoints import TokenEndpoint -from .rfc6749.endpoints import ResourceEndpoint -from .rfc6749.endpoints import RevocationEndpoint -from .rfc6749.endpoints import Server -from .rfc6749.endpoints import WebApplicationServer -from .rfc6749.endpoints import MobileApplicationServer -from .rfc6749.endpoints import LegacyApplicationServer -from .rfc6749.endpoints import BackendApplicationServer -from .rfc6749.errors import AccessDeniedError, OAuth2Error, FatalClientError, InsecureTransportError, InvalidClientError, InvalidClientIdError, InvalidGrantError, InvalidRedirectURIError, InvalidRequestError, InvalidRequestFatalError, InvalidScopeError, MismatchingRedirectURIError, MismatchingStateError, MissingClientIdError, MissingCodeError, MissingRedirectURIError, MissingResponseTypeError, MissingTokenError, MissingTokenTypeError, ServerError, TemporarilyUnavailableError, TokenExpiredError, UnauthorizedClientError, UnsupportedGrantTypeError, UnsupportedResponseTypeError, UnsupportedTokenTypeError -from .rfc6749.grant_types import AuthorizationCodeGrant -from .rfc6749.grant_types import ImplicitGrant -from .rfc6749.grant_types import ResourceOwnerPasswordCredentialsGrant -from .rfc6749.grant_types import ClientCredentialsGrant -from .rfc6749.grant_types import RefreshTokenGrant +from .rfc6749.clients import ( + BackendApplicationClient, Client, LegacyApplicationClient, + MobileApplicationClient, ServiceApplicationClient, WebApplicationClient, +) +from .rfc6749.endpoints import ( + AuthorizationEndpoint, BackendApplicationServer, IntrospectEndpoint, + LegacyApplicationServer, MetadataEndpoint, MobileApplicationServer, + ResourceEndpoint, RevocationEndpoint, Server, TokenEndpoint, + WebApplicationServer, +) +from .rfc6749.errors import ( + AccessDeniedError, FatalClientError, InsecureTransportError, + InvalidClientError, InvalidClientIdError, InvalidGrantError, + InvalidRedirectURIError, InvalidRequestError, InvalidRequestFatalError, + InvalidScopeError, MismatchingRedirectURIError, MismatchingStateError, + MissingClientIdError, MissingCodeError, MissingRedirectURIError, + MissingResponseTypeError, MissingTokenError, MissingTokenTypeError, + OAuth2Error, ServerError, TemporarilyUnavailableError, TokenExpiredError, + UnauthorizedClientError, UnsupportedGrantTypeError, + UnsupportedResponseTypeError, UnsupportedTokenTypeError, +) +from .rfc6749.grant_types import ( + AuthorizationCodeGrant, ClientCredentialsGrant, ImplicitGrant, + RefreshTokenGrant, ResourceOwnerPasswordCredentialsGrant, +) from .rfc6749.request_validator import RequestValidator from .rfc6749.tokens import BearerToken, OAuth2Token from .rfc6749.utils import is_secure_transport diff --git a/oauthlib/oauth2/rfc6749/__init__.py b/oauthlib/oauth2/rfc6749/__init__.py index 1c11234..4b75a8a 100644 --- a/oauthlib/oauth2/rfc6749/__init__.py +++ b/oauthlib/oauth2/rfc6749/__init__.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749 ~~~~~~~~~~~~~~~~~~~~~~~ @@ -9,10 +8,9 @@ for consuming and providing OAuth 2.0 RFC6749. import functools import logging -from .endpoints.base import BaseEndpoint -from .endpoints.base import catch_errors_and_unavailability -from .errors import TemporarilyUnavailableError, ServerError -from .errors import FatalClientError, OAuth2Error - +from .endpoints.base import BaseEndpoint, catch_errors_and_unavailability +from .errors import ( + FatalClientError, OAuth2Error, ServerError, TemporarilyUnavailableError, +) log = logging.getLogger(__name__) diff --git a/oauthlib/oauth2/rfc6749/clients/__init__.py b/oauthlib/oauth2/rfc6749/clients/__init__.py index 6fef738..8fc6c95 100644 --- a/oauthlib/oauth2/rfc6749/clients/__init__.py +++ b/oauthlib/oauth2/rfc6749/clients/__init__.py @@ -6,9 +6,9 @@ oauthlib.oauth2.rfc6749 This module is an implementation of various logic needed for consuming OAuth 2.0 RFC6749. """ -from .base import Client, AUTH_HEADER, URI_QUERY, BODY -from .web_application import WebApplicationClient -from .mobile_application import MobileApplicationClient -from .legacy_application import LegacyApplicationClient from .backend_application import BackendApplicationClient +from .base import AUTH_HEADER, BODY, URI_QUERY, Client +from .legacy_application import LegacyApplicationClient +from .mobile_application import MobileApplicationClient from .service_application import ServiceApplicationClient +from .web_application import WebApplicationClient diff --git a/oauthlib/oauth2/rfc6749/clients/backend_application.py b/oauthlib/oauth2/rfc6749/clients/backend_application.py index 5ffe6ae..0e2a829 100644 --- a/oauthlib/oauth2/rfc6749/clients/backend_application.py +++ b/oauthlib/oauth2/rfc6749/clients/backend_application.py @@ -6,7 +6,7 @@ oauthlib.oauth2.rfc6749 This module is an implementation of various logic needed for consuming and providing OAuth 2.0 RFC6749. """ -from ..parameters import parse_token_response, prepare_token_request +from ..parameters import prepare_token_request from .base import Client diff --git a/oauthlib/oauth2/rfc6749/clients/base.py b/oauthlib/oauth2/rfc6749/clients/base.py index 04dabe6..88065ab 100644 --- a/oauthlib/oauth2/rfc6749/clients/base.py +++ b/oauthlib/oauth2/rfc6749/clients/base.py @@ -11,11 +11,13 @@ import warnings from oauthlib.common import generate_token from oauthlib.oauth2.rfc6749 import tokens -from oauthlib.oauth2.rfc6749.errors import (InsecureTransportError, - TokenExpiredError) -from oauthlib.oauth2.rfc6749.parameters import (parse_token_response, - prepare_token_request, - prepare_token_revocation_request) +from oauthlib.oauth2.rfc6749.errors import ( + InsecureTransportError, TokenExpiredError, +) +from oauthlib.oauth2.rfc6749.parameters import ( + parse_token_response, prepare_token_request, + prepare_token_revocation_request, +) from oauthlib.oauth2.rfc6749.utils import is_secure_transport AUTH_HEADER = 'auth_header' @@ -220,7 +222,10 @@ class Client: the provider. If provided then it must also be provided in the token request. - :param scope: + :param scope: List of scopes to request. Must be equal to + or a subset of the scopes granted when obtaining the refresh + token. If none is provided, the ones provided in the constructor are + used. :param kwargs: Additional parameters to included in the request. @@ -231,10 +236,11 @@ class Client: self.state = state or self.state_generator() self.redirect_url = redirect_url or self.redirect_url - self.scope = scope or self.scope + # do not assign scope to self automatically anymore + scope = self.scope if scope is None else scope auth_url = self.prepare_request_uri( authorization_url, redirect_uri=self.redirect_url, - scope=self.scope, state=self.state, **kwargs) + scope=scope, state=self.state, **kwargs) return auth_url, FORM_ENC_HEADERS, '' def prepare_token_request(self, token_url, authorization_response=None, @@ -295,7 +301,8 @@ class Client: :param scope: List of scopes to request. Must be equal to or a subset of the scopes granted when obtaining the refresh - token. + token. If none is provided, the ones provided in the constructor are + used. :param kwargs: Additional parameters to included in the request. @@ -304,9 +311,10 @@ class Client: if not is_secure_transport(token_url): raise InsecureTransportError() - self.scope = scope or self.scope + # do not assign scope to self automatically anymore + scope = self.scope if scope is None else scope body = self.prepare_refresh_body(body=body, - refresh_token=refresh_token, scope=self.scope, **kwargs) + refresh_token=refresh_token, scope=scope, **kwargs) return token_url, FORM_ENC_HEADERS, body def prepare_token_revocation_request(self, revocation_url, token, @@ -380,7 +388,8 @@ class Client: returns an error response as described in `Section 5.2`_. :param body: The response body from the token request. - :param scope: Scopes originally requested. + :param scope: Scopes originally requested. If none is provided, the ones + provided in the constructor are used. :return: Dictionary of token parameters. :raises: Warning if scope has changed. OAuth2Error if response is invalid. @@ -416,6 +425,7 @@ class Client: .. _`Section 5.2`: https://tools.ietf.org/html/rfc6749#section-5.2 .. _`Section 7.1`: https://tools.ietf.org/html/rfc6749#section-7.1 """ + scope = self.scope if scope is None else scope self.token = parse_token_response(body, scope=scope) self.populate_token_attributes(self.token) return self.token @@ -437,9 +447,11 @@ class Client: Section 3.3. The requested scope MUST NOT include any scope not originally granted by the resource owner, and if omitted is treated as equal to the scope originally granted by the - resource owner. + resource owner. Note that if none is provided, the ones provided + in the constructor are used if any. """ refresh_token = refresh_token or self.refresh_token + scope = self.scope if scope is None else scope return prepare_token_request(self.refresh_token_key, body=body, scope=scope, refresh_token=refresh_token, **kwargs) diff --git a/oauthlib/oauth2/rfc6749/clients/legacy_application.py b/oauthlib/oauth2/rfc6749/clients/legacy_application.py index 1bb0e14..7af68f3 100644 --- a/oauthlib/oauth2/rfc6749/clients/legacy_application.py +++ b/oauthlib/oauth2/rfc6749/clients/legacy_application.py @@ -6,7 +6,7 @@ oauthlib.oauth2.rfc6749 This module is an implementation of various logic needed for consuming and providing OAuth 2.0 RFC6749. """ -from ..parameters import parse_token_response, prepare_token_request +from ..parameters import prepare_token_request from .base import Client @@ -79,5 +79,6 @@ class LegacyApplicationClient(Client): """ kwargs['client_id'] = self.client_id kwargs['include_client_id'] = include_client_id + scope = self.scope if scope is None else scope return prepare_token_request(self.grant_type, body=body, username=username, password=password, scope=scope, **kwargs) diff --git a/oauthlib/oauth2/rfc6749/clients/mobile_application.py b/oauthlib/oauth2/rfc6749/clients/mobile_application.py index 73627c4..cd325f4 100644 --- a/oauthlib/oauth2/rfc6749/clients/mobile_application.py +++ b/oauthlib/oauth2/rfc6749/clients/mobile_application.py @@ -91,6 +91,7 @@ class MobileApplicationClient(Client): .. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3 .. _`Section 10.12`: https://tools.ietf.org/html/rfc6749#section-10.12 """ + scope = self.scope if scope is None else scope return prepare_grant_uri(uri, self.client_id, self.response_type, redirect_uri=redirect_uri, state=state, scope=scope, **kwargs) @@ -167,6 +168,7 @@ class MobileApplicationClient(Client): .. _`Section 7.1`: https://tools.ietf.org/html/rfc6749#section-7.1 .. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3 """ + scope = self.scope if scope is None else scope self.token = parse_implicit_response(uri, state=state, scope=scope) self.populate_token_attributes(self.token) return self.token diff --git a/oauthlib/oauth2/rfc6749/clients/service_application.py b/oauthlib/oauth2/rfc6749/clients/service_application.py index 09fc7ba..c751c8b 100644 --- a/oauthlib/oauth2/rfc6749/clients/service_application.py +++ b/oauthlib/oauth2/rfc6749/clients/service_application.py @@ -10,7 +10,7 @@ import time from oauthlib.common import to_unicode -from ..parameters import parse_token_response, prepare_token_request +from ..parameters import prepare_token_request from .base import Client @@ -181,6 +181,7 @@ class ServiceApplicationClient(Client): kwargs['client_id'] = self.client_id kwargs['include_client_id'] = include_client_id + scope = self.scope if scope is None else scope return prepare_token_request(self.grant_type, body=body, assertion=assertion, diff --git a/oauthlib/oauth2/rfc6749/clients/web_application.py b/oauthlib/oauth2/rfc6749/clients/web_application.py index aedc9d1..a1f3db1 100644 --- a/oauthlib/oauth2/rfc6749/clients/web_application.py +++ b/oauthlib/oauth2/rfc6749/clients/web_application.py @@ -8,9 +8,10 @@ for consuming and providing OAuth 2.0 RFC6749. """ import warnings -from ..parameters import (parse_authorization_code_response, - parse_token_response, prepare_grant_uri, - prepare_token_request) +from ..parameters import ( + parse_authorization_code_response, prepare_grant_uri, + prepare_token_request, +) from .base import Client @@ -84,6 +85,7 @@ class WebApplicationClient(Client): .. _`Section 3.3`: https://tools.ietf.org/html/rfc6749#section-3.3 .. _`Section 10.12`: https://tools.ietf.org/html/rfc6749#section-10.12 """ + scope = self.scope if scope is None else scope return prepare_grant_uri(uri, self.client_id, 'code', redirect_uri=redirect_uri, scope=scope, state=state, **kwargs) diff --git a/oauthlib/oauth2/rfc6749/endpoints/__init__.py b/oauthlib/oauth2/rfc6749/endpoints/__init__.py index 49e7ee9..1695b41 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/__init__.py +++ b/oauthlib/oauth2/rfc6749/endpoints/__init__.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749 ~~~~~~~~~~~~~~~~~~~~~~~ @@ -9,11 +8,10 @@ for consuming and providing OAuth 2.0 RFC6749. from .authorization import AuthorizationEndpoint from .introspect import IntrospectEndpoint from .metadata import MetadataEndpoint -from .token import TokenEndpoint +from .pre_configured import ( + BackendApplicationServer, LegacyApplicationServer, MobileApplicationServer, + Server, WebApplicationServer, +) from .resource import ResourceEndpoint from .revocation import RevocationEndpoint -from .pre_configured import Server -from .pre_configured import WebApplicationServer -from .pre_configured import MobileApplicationServer -from .pre_configured import LegacyApplicationServer -from .pre_configured import BackendApplicationServer +from .token import TokenEndpoint diff --git a/oauthlib/oauth2/rfc6749/endpoints/authorization.py b/oauthlib/oauth2/rfc6749/endpoints/authorization.py index fd77f46..7196786 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/authorization.py +++ b/oauthlib/oauth2/rfc6749/endpoints/authorization.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749 ~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/oauthlib/oauth2/rfc6749/endpoints/base.py b/oauthlib/oauth2/rfc6749/endpoints/base.py index 5169517..3f23991 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/base.py +++ b/oauthlib/oauth2/rfc6749/endpoints/base.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749 ~~~~~~~~~~~~~~~~~~~~~~~ @@ -9,11 +8,10 @@ for consuming and providing OAuth 2.0 RFC6749. import functools import logging -from ..errors import (FatalClientError, OAuth2Error, ServerError, - TemporarilyUnavailableError, InvalidRequestError, - InvalidClientError, UnsupportedTokenTypeError) - -from oauthlib.common import CaseInsensitiveDict, urldecode +from ..errors import ( + FatalClientError, InvalidClientError, InvalidRequestError, OAuth2Error, + ServerError, TemporarilyUnavailableError, UnsupportedTokenTypeError, +) log = logging.getLogger(__name__) diff --git a/oauthlib/oauth2/rfc6749/endpoints/introspect.py b/oauthlib/oauth2/rfc6749/endpoints/introspect.py index bad8950..63570d9 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/introspect.py +++ b/oauthlib/oauth2/rfc6749/endpoints/introspect.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749.endpoint.introspect ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -12,7 +11,7 @@ import logging from oauthlib.common import Request -from ..errors import OAuth2Error, UnsupportedTokenTypeError +from ..errors import OAuth2Error from .base import BaseEndpoint, catch_errors_and_unavailability log = logging.getLogger(__name__) diff --git a/oauthlib/oauth2/rfc6749/endpoints/metadata.py b/oauthlib/oauth2/rfc6749/endpoints/metadata.py index 6bc078d..d30bfd7 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/metadata.py +++ b/oauthlib/oauth2/rfc6749/endpoints/metadata.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749.endpoint.metadata ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -11,13 +10,12 @@ import copy import json import logging -from .base import BaseEndpoint, catch_errors_and_unavailability +from .. import grant_types from .authorization import AuthorizationEndpoint +from .base import BaseEndpoint, catch_errors_and_unavailability from .introspect import IntrospectEndpoint -from .token import TokenEndpoint from .revocation import RevocationEndpoint -from .. import grant_types - +from .token import TokenEndpoint log = logging.getLogger(__name__) diff --git a/oauthlib/oauth2/rfc6749/endpoints/pre_configured.py b/oauthlib/oauth2/rfc6749/endpoints/pre_configured.py index 7b17dc4..d64a166 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/pre_configured.py +++ b/oauthlib/oauth2/rfc6749/endpoints/pre_configured.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749.endpoints.pre_configured ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -6,11 +5,10 @@ oauthlib.oauth2.rfc6749.endpoints.pre_configured This module is an implementation of various endpoints needed for providing OAuth 2.0 RFC6749 servers. """ -from ..grant_types import (AuthorizationCodeGrant, - ClientCredentialsGrant, - ImplicitGrant, - RefreshTokenGrant, - ResourceOwnerPasswordCredentialsGrant) +from ..grant_types import ( + AuthorizationCodeGrant, ClientCredentialsGrant, ImplicitGrant, + RefreshTokenGrant, ResourceOwnerPasswordCredentialsGrant, +) from ..tokens import BearerToken from .authorization import AuthorizationEndpoint from .introspect import IntrospectEndpoint diff --git a/oauthlib/oauth2/rfc6749/endpoints/resource.py b/oauthlib/oauth2/rfc6749/endpoints/resource.py index 76e57b1..f756225 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/resource.py +++ b/oauthlib/oauth2/rfc6749/endpoints/resource.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749 ~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/oauthlib/oauth2/rfc6749/endpoints/revocation.py b/oauthlib/oauth2/rfc6749/endpoints/revocation.py index ed245f3..4aa5ec6 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/revocation.py +++ b/oauthlib/oauth2/rfc6749/endpoints/revocation.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749.endpoint.revocation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -11,7 +10,7 @@ import logging from oauthlib.common import Request -from ..errors import OAuth2Error, UnsupportedTokenTypeError +from ..errors import OAuth2Error from .base import BaseEndpoint, catch_errors_and_unavailability log = logging.getLogger(__name__) diff --git a/oauthlib/oauth2/rfc6749/endpoints/token.py b/oauthlib/oauth2/rfc6749/endpoints/token.py index 2b2d495..c3494d1 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/token.py +++ b/oauthlib/oauth2/rfc6749/endpoints/token.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749 ~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/oauthlib/oauth2/rfc6749/errors.py b/oauthlib/oauth2/rfc6749/errors.py index 9896303..b01e247 100644 --- a/oauthlib/oauth2/rfc6749/errors.py +++ b/oauthlib/oauth2/rfc6749/errors.py @@ -1,4 +1,3 @@ -# coding=utf-8 """ oauthlib.oauth2.rfc6749.errors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/oauthlib/oauth2/rfc6749/grant_types/__init__.py b/oauthlib/oauth2/rfc6749/grant_types/__init__.py index 30c90d7..eb88cfc 100644 --- a/oauthlib/oauth2/rfc6749/grant_types/__init__.py +++ b/oauthlib/oauth2/rfc6749/grant_types/__init__.py @@ -1,10 +1,11 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749.grant_types ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ """ from .authorization_code import AuthorizationCodeGrant -from .implicit import ImplicitGrant -from .resource_owner_password_credentials import ResourceOwnerPasswordCredentialsGrant from .client_credentials import ClientCredentialsGrant +from .implicit import ImplicitGrant from .refresh_token import RefreshTokenGrant +from .resource_owner_password_credentials import ( + ResourceOwnerPasswordCredentialsGrant, +) diff --git a/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py b/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py index f4bde86..bf42d88 100644 --- a/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py +++ b/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749.grant_types ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/oauthlib/oauth2/rfc6749/grant_types/base.py b/oauthlib/oauth2/rfc6749/grant_types/base.py index 66e1fd1..a64f168 100644 --- a/oauthlib/oauth2/rfc6749/grant_types/base.py +++ b/oauthlib/oauth2/rfc6749/grant_types/base.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749.grant_types ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -7,8 +6,8 @@ import logging from itertools import chain from oauthlib.common import add_params_to_uri -from oauthlib.uri_validate import is_absolute_uri from oauthlib.oauth2.rfc6749 import errors, utils +from oauthlib.uri_validate import is_absolute_uri from ..request_validator import RequestValidator diff --git a/oauthlib/oauth2/rfc6749/grant_types/client_credentials.py b/oauthlib/oauth2/rfc6749/grant_types/client_credentials.py index fdb0bf6..e7b4618 100644 --- a/oauthlib/oauth2/rfc6749/grant_types/client_credentials.py +++ b/oauthlib/oauth2/rfc6749/grant_types/client_credentials.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749.grant_types ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -7,7 +6,6 @@ import json import logging from .. import errors -from ..request_validator import RequestValidator from .base import GrantTypeBase log = logging.getLogger(__name__) @@ -117,8 +115,8 @@ class ClientCredentialsGrant(GrantTypeBase): # Ensure client is authorized use of this grant type self.validate_grant_type(request) - log.debug('Authorizing access to user %r.', request.user) request.client_id = request.client_id or request.client.client_id + log.debug('Authorizing access to client %r.', request.client_id) self.validate_scopes(request) for validator in self.custom_validators.post_token: diff --git a/oauthlib/oauth2/rfc6749/grant_types/implicit.py b/oauthlib/oauth2/rfc6749/grant_types/implicit.py index 335e58c..6110b6f 100644 --- a/oauthlib/oauth2/rfc6749/grant_types/implicit.py +++ b/oauthlib/oauth2/rfc6749/grant_types/implicit.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749.grant_types ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py b/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py index e7405d2..8698a3d 100644 --- a/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py +++ b/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749.grant_types ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -7,7 +6,6 @@ import json import logging from .. import errors, utils -from ..request_validator import RequestValidator from .base import GrantTypeBase log = logging.getLogger(__name__) diff --git a/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py b/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py index 9c8ee1d..4b0de5b 100644 --- a/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py +++ b/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749.grant_types ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -7,7 +6,6 @@ import json import logging from .. import errors -from ..request_validator import RequestValidator from .base import GrantTypeBase log = logging.getLogger(__name__) diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py index 54c8d24..2af9eb6 100644 --- a/oauthlib/oauth2/rfc6749/parameters.py +++ b/oauthlib/oauth2/rfc6749/parameters.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749.parameters ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -10,14 +9,15 @@ This module contains methods related to `Section 4`_ of the OAuth 2 RFC. import json import os import time +import urllib.parse as urlparse from oauthlib.common import add_params_to_qs, add_params_to_uri from oauthlib.signals import scope_changed -import urllib.parse as urlparse -from .errors import (InsecureTransportError, MismatchingStateError, - MissingCodeError, MissingTokenError, - MissingTokenTypeError, raise_from_error) +from .errors import ( + InsecureTransportError, MismatchingStateError, MissingCodeError, + MissingTokenError, MissingTokenTypeError, raise_from_error, +) from .tokens import OAuth2Token from .utils import is_secure_transport, list_to_scope, scope_to_list diff --git a/oauthlib/oauth2/rfc6749/request_validator.py b/oauthlib/oauth2/rfc6749/request_validator.py index 568e9fd..0d5ec98 100644 --- a/oauthlib/oauth2/rfc6749/request_validator.py +++ b/oauthlib/oauth2/rfc6749/request_validator.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oauth2.rfc6749.request_validator ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/oauthlib/oauth2/rfc6749/tokens.py b/oauthlib/oauth2/rfc6749/tokens.py index 6f6b1f6..6284248 100644 --- a/oauthlib/oauth2/rfc6749/tokens.py +++ b/oauthlib/oauth2/rfc6749/tokens.py @@ -9,17 +9,16 @@ This module contains methods for adding two types of access tokens to requests. """ import hashlib import hmac -from binascii import b2a_base64 import warnings +from binascii import b2a_base64 +from urllib.parse import urlparse from oauthlib import common from oauthlib.common import add_params_to_qs, add_params_to_uri -from urllib.parse import urlparse from . import utils - class OAuth2Token(dict): def __init__(self, params, old_scope=None): diff --git a/oauthlib/oauth2/rfc6749/utils.py b/oauthlib/oauth2/rfc6749/utils.py index 3117d4b..7dc27b3 100644 --- a/oauthlib/oauth2/rfc6749/utils.py +++ b/oauthlib/oauth2/rfc6749/utils.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.utils ~~~~~~~~~~~~~~ @@ -7,10 +6,9 @@ This module contains utility methods used by various parts of the OAuth 2 spec. """ import datetime import os +from urllib.parse import quote, urlparse from oauthlib.common import urldecode -from urllib.parse import quote -from urllib.parse import urlparse def list_to_scope(scope): diff --git a/oauthlib/openid/__init__.py b/oauthlib/openid/__init__.py index fb1ac8d..e317437 100644 --- a/oauthlib/openid/__init__.py +++ b/oauthlib/openid/__init__.py @@ -1,9 +1,7 @@ -# -*- coding: utf-8 -*- """ oauthlib.openid ~~~~~~~~~~~~~~ """ -from .connect.core.endpoints import Server -from .connect.core.endpoints import UserInfoEndpoint +from .connect.core.endpoints import Server, UserInfoEndpoint from .connect.core.request_validator import RequestValidator diff --git a/oauthlib/openid/connect/core/endpoints/__init__.py b/oauthlib/openid/connect/core/endpoints/__init__.py index 92f1ba9..7017ff4 100644 --- a/oauthlib/openid/connect/core/endpoints/__init__.py +++ b/oauthlib/openid/connect/core/endpoints/__init__.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.oopenid.core ~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/oauthlib/openid/connect/core/endpoints/pre_configured.py b/oauthlib/openid/connect/core/endpoints/pre_configured.py index ca8199d..8ce8bee 100644 --- a/oauthlib/openid/connect/core/endpoints/pre_configured.py +++ b/oauthlib/openid/connect/core/endpoints/pre_configured.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ oauthlib.openid.connect.core.endpoints.pre_configured ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -7,29 +6,20 @@ This module is an implementation of various endpoints needed for providing OpenID Connect servers. """ from oauthlib.oauth2.rfc6749.endpoints import ( - AuthorizationEndpoint, - IntrospectEndpoint, - ResourceEndpoint, - RevocationEndpoint, - TokenEndpoint + AuthorizationEndpoint, IntrospectEndpoint, ResourceEndpoint, + RevocationEndpoint, TokenEndpoint, ) from oauthlib.oauth2.rfc6749.grant_types import ( AuthorizationCodeGrant as OAuth2AuthorizationCodeGrant, - ImplicitGrant as OAuth2ImplicitGrant, - ClientCredentialsGrant, - RefreshTokenGrant, - ResourceOwnerPasswordCredentialsGrant + ClientCredentialsGrant, ImplicitGrant as OAuth2ImplicitGrant, + RefreshTokenGrant, ResourceOwnerPasswordCredentialsGrant, ) from oauthlib.oauth2.rfc6749.tokens import BearerToken -from ..grant_types import ( - AuthorizationCodeGrant, - ImplicitGrant, - HybridGrant, -) + +from ..grant_types import AuthorizationCodeGrant, HybridGrant, ImplicitGrant from ..grant_types.dispatchers import ( - AuthorizationCodeGrantDispatcher, + AuthorizationCodeGrantDispatcher, AuthorizationTokenGrantDispatcher, ImplicitTokenGrantDispatcher, - AuthorizationTokenGrantDispatcher ) from ..tokens import JWTToken from .userinfo import UserInfoEndpoint diff --git a/oauthlib/openid/connect/core/endpoints/userinfo.py b/oauthlib/openid/connect/core/endpoints/userinfo.py index dc73373..1c29cc5 100644 --- a/oauthlib/openid/connect/core/endpoints/userinfo.py +++ b/oauthlib/openid/connect/core/endpoints/userinfo.py @@ -8,11 +8,11 @@ import json import logging from oauthlib.common import Request -from oauthlib.oauth2.rfc6749.endpoints.base import BaseEndpoint -from oauthlib.oauth2.rfc6749.endpoints.base import catch_errors_and_unavailability -from oauthlib.oauth2.rfc6749.tokens import BearerToken from oauthlib.oauth2.rfc6749 import errors - +from oauthlib.oauth2.rfc6749.endpoints.base import ( + BaseEndpoint, catch_errors_and_unavailability, +) +from oauthlib.oauth2.rfc6749.tokens import BearerToken log = logging.getLogger(__name__) diff --git a/oauthlib/openid/connect/core/exceptions.py b/oauthlib/openid/connect/core/exceptions.py index aa795e0..099b84e 100644 --- a/oauthlib/openid/connect/core/exceptions.py +++ b/oauthlib/openid/connect/core/exceptions.py @@ -1,4 +1,3 @@ -# coding=utf-8 """ oauthlib.oauth2.rfc6749.errors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/oauthlib/openid/connect/core/grant_types/__init__.py b/oauthlib/openid/connect/core/grant_types/__init__.py index 4e7b474..768bb00 100644 --- a/oauthlib/openid/connect/core/grant_types/__init__.py +++ b/oauthlib/openid/connect/core/grant_types/__init__.py @@ -1,15 +1,13 @@ -# -*- coding: utf-8 -*- """ oauthlib.openid.connect.core.grant_types ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ """ from .authorization_code import AuthorizationCodeGrant -from .implicit import ImplicitGrant from .base import GrantTypeBase -from .hybrid import HybridGrant -from .exceptions import OIDCNoPrompt from .dispatchers import ( - AuthorizationCodeGrantDispatcher, + AuthorizationCodeGrantDispatcher, AuthorizationTokenGrantDispatcher, ImplicitTokenGrantDispatcher, - AuthorizationTokenGrantDispatcher ) +from .exceptions import OIDCNoPrompt +from .hybrid import HybridGrant +from .implicit import ImplicitGrant diff --git a/oauthlib/openid/connect/core/grant_types/authorization_code.py b/oauthlib/openid/connect/core/grant_types/authorization_code.py index d07d138..6b2dcc3 100644 --- a/oauthlib/openid/connect/core/grant_types/authorization_code.py +++ b/oauthlib/openid/connect/core/grant_types/authorization_code.py @@ -1,11 +1,12 @@ -# -*- coding: utf-8 -*- """ oauthlib.openid.connect.core.grant_types ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ """ import logging -from oauthlib.oauth2.rfc6749.grant_types.authorization_code import AuthorizationCodeGrant as OAuth2AuthorizationCodeGrant +from oauthlib.oauth2.rfc6749.grant_types.authorization_code import ( + AuthorizationCodeGrant as OAuth2AuthorizationCodeGrant, +) from .base import GrantTypeBase diff --git a/oauthlib/openid/connect/core/grant_types/base.py b/oauthlib/openid/connect/core/grant_types/base.py index cd27237..d0a4812 100644 --- a/oauthlib/openid/connect/core/grant_types/base.py +++ b/oauthlib/openid/connect/core/grant_types/base.py @@ -1,12 +1,14 @@ -from .exceptions import OIDCNoPrompt - import base64 import hashlib import logging import time from json import loads -from oauthlib.oauth2.rfc6749.errors import ConsentRequired, InvalidRequestError, LoginRequired +from oauthlib.oauth2.rfc6749.errors import ( + ConsentRequired, InvalidRequestError, LoginRequired, +) + +from .exceptions import OIDCNoPrompt log = logging.getLogger(__name__) diff --git a/oauthlib/openid/connect/core/grant_types/dispatchers.py b/oauthlib/openid/connect/core/grant_types/dispatchers.py index 541467a..2734c38 100644 --- a/oauthlib/openid/connect/core/grant_types/dispatchers.py +++ b/oauthlib/openid/connect/core/grant_types/dispatchers.py @@ -1,4 +1,5 @@ import logging + log = logging.getLogger(__name__) @@ -9,8 +10,10 @@ class Dispatcher: class AuthorizationCodeGrantDispatcher(Dispatcher): """ - This is an adapter class that will route simple Authorization Code requests, those that have response_type=code and a scope - including 'openid' to either the default_grant or the oidc_grant based on the scopes requested. + This is an adapter class that will route simple Authorization Code + requests, those that have `response_type=code` and a scope including + `openid` to either the `default_grant` or the `oidc_grant` based on + the scopes requested. """ def __init__(self, default_grant=None, oidc_grant=None): self.default_grant = default_grant @@ -26,16 +29,20 @@ class AuthorizationCodeGrantDispatcher(Dispatcher): return handler def create_authorization_response(self, request, token_handler): + """Read scope and route to the designated handler.""" return self._handler_for_request(request).create_authorization_response(request, token_handler) def validate_authorization_request(self, request): + """Read scope and route to the designated handler.""" return self._handler_for_request(request).validate_authorization_request(request) class ImplicitTokenGrantDispatcher(Dispatcher): """ - This is an adapter class that will route simple Authorization Code requests, those that have response_type=code and a scope - including 'openid' to either the default_grant or the oidc_grant based on the scopes requested. + This is an adapter class that will route simple Authorization + requests, those that have `id_token` in `response_type` and a scope + including `openid` to either the `default_grant` or the `oidc_grant` + based on the scopes requested. """ def __init__(self, default_grant=None, oidc_grant=None): self.default_grant = default_grant @@ -51,9 +58,11 @@ class ImplicitTokenGrantDispatcher(Dispatcher): return handler def create_authorization_response(self, request, token_handler): + """Read scope and route to the designated handler.""" return self._handler_for_request(request).create_authorization_response(request, token_handler) def validate_authorization_request(self, request): + """Read scope and route to the designated handler.""" return self._handler_for_request(request).validate_authorization_request(request) @@ -75,7 +84,7 @@ class AuthorizationTokenGrantDispatcher(Dispatcher): code = parameters.get('code', None) redirect_uri = parameters.get('redirect_uri', None) - # If code is not pressent fallback to `default_grant` wich will + # If code is not pressent fallback to `default_grant` which will # raise an error for the missing `code` in `create_token_response` step. if code: scopes = self.request_validator.get_authorization_code_scopes(client_id, code, redirect_uri, request) @@ -87,5 +96,6 @@ class AuthorizationTokenGrantDispatcher(Dispatcher): return handler def create_token_response(self, request, token_handler): + """Read scope and route to the designated handler.""" handler = self._handler_for_request(request) return handler.create_token_response(request, token_handler) diff --git a/oauthlib/openid/connect/core/grant_types/hybrid.py b/oauthlib/openid/connect/core/grant_types/hybrid.py index caf8547..7e118b3 100644 --- a/oauthlib/openid/connect/core/grant_types/hybrid.py +++ b/oauthlib/openid/connect/core/grant_types/hybrid.py @@ -1,15 +1,16 @@ -# -*- coding: utf-8 -*- """ oauthlib.openid.connect.core.grant_types ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ """ import logging -from oauthlib.oauth2.rfc6749.grant_types.authorization_code import AuthorizationCodeGrant as OAuth2AuthorizationCodeGrant from oauthlib.oauth2.rfc6749.errors import InvalidRequestError +from oauthlib.oauth2.rfc6749.grant_types.authorization_code import ( + AuthorizationCodeGrant as OAuth2AuthorizationCodeGrant, +) -from .base import GrantTypeBase from ..request_validator import RequestValidator +from .base import GrantTypeBase log = logging.getLogger(__name__) diff --git a/oauthlib/openid/connect/core/grant_types/implicit.py b/oauthlib/openid/connect/core/grant_types/implicit.py index 62f63f9..a4fe604 100644 --- a/oauthlib/openid/connect/core/grant_types/implicit.py +++ b/oauthlib/openid/connect/core/grant_types/implicit.py @@ -1,14 +1,15 @@ -# -*- coding: utf-8 -*- """ oauthlib.openid.connect.core.grant_types ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ """ import logging -from .base import GrantTypeBase - -from oauthlib.oauth2.rfc6749.grant_types.implicit import ImplicitGrant as OAuth2ImplicitGrant from oauthlib.oauth2.rfc6749.errors import InvalidRequestError +from oauthlib.oauth2.rfc6749.grant_types.implicit import ( + ImplicitGrant as OAuth2ImplicitGrant, +) + +from .base import GrantTypeBase log = logging.getLogger(__name__) diff --git a/oauthlib/openid/connect/core/request_validator.py b/oauthlib/openid/connect/core/request_validator.py index ebc07dc..e8f334b 100644 --- a/oauthlib/openid/connect/core/request_validator.py +++ b/oauthlib/openid/connect/core/request_validator.py @@ -1,11 +1,12 @@ -# -*- coding: utf-8 -*- """ oauthlib.openid.connect.core.request_validator ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ """ import logging -from oauthlib.oauth2.rfc6749.request_validator import RequestValidator as OAuth2RequestValidator +from oauthlib.oauth2.rfc6749.request_validator import ( + RequestValidator as OAuth2RequestValidator, +) log = logging.getLogger(__name__) diff --git a/oauthlib/signals.py b/oauthlib/signals.py index 9356cc2..8fd347a 100644 --- a/oauthlib/signals.py +++ b/oauthlib/signals.py @@ -1,4 +1,3 @@ -# -*- coding: utf-8 -*- """ Implements signals based on blinker if available, otherwise falls silently back to a noop. Shamelessly stolen from flask.signals: diff --git a/requirements-test.txt b/requirements-test.txt index 64485a6..6d8d6e9 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,4 +1,3 @@ -r requirements.txt -mock>=2.0 pytest>=4.0 pytest-cov>=2.6 diff --git a/requirements.txt b/requirements.txt index a4614bb..7e9c3da 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ -pyjwt==1.6.0 +pyjwt==1.7.1 blinker==1.4 cryptography>=1.4.0 @@ -3,3 +3,13 @@ universal = 1 [metadata] license_file = LICENSE + +[isort] +combine_as_imports = true +default_section = THIRDPARTY +include_trailing_comma = true +known_first_party = oauthlib +known_tests = tests +sections = FUTURE,STDLIB,THIRDPARTY,FIRSTPARTY,TESTS,LOCALFOLDER +line_length = 79 +multi_line_output = 5 @@ -1,5 +1,3 @@ -# -*- coding: utf-8 -*- - # Hack because logging + setuptools sucks. try: import multiprocessing diff --git a/tests/oauth1/rfc5849/endpoints/test_access_token.py b/tests/oauth1/rfc5849/endpoints/test_access_token.py index 9ba8a3e..57d8117 100644 --- a/tests/oauth1/rfc5849/endpoints/test_access_token.py +++ b/tests/oauth1/rfc5849/endpoints/test_access_token.py @@ -1,10 +1,10 @@ -from mock import ANY, MagicMock +from unittest.mock import ANY, MagicMock from oauthlib.oauth1 import RequestValidator from oauthlib.oauth1.rfc5849 import Client from oauthlib.oauth1.rfc5849.endpoints import AccessTokenEndpoint -from ....unittest import TestCase +from tests.unittest import TestCase class AccessTokenEndpointTest(TestCase): diff --git a/tests/oauth1/rfc5849/endpoints/test_authorization.py b/tests/oauth1/rfc5849/endpoints/test_authorization.py index 178bddf..a9b2fc0 100644 --- a/tests/oauth1/rfc5849/endpoints/test_authorization.py +++ b/tests/oauth1/rfc5849/endpoints/test_authorization.py @@ -1,4 +1,4 @@ -from mock import MagicMock +from unittest.mock import MagicMock from oauthlib.oauth1 import RequestValidator from oauthlib.oauth1.rfc5849 import errors diff --git a/tests/oauth1/rfc5849/endpoints/test_base.py b/tests/oauth1/rfc5849/endpoints/test_base.py index de6c1a4..e87f359 100644 --- a/tests/oauth1/rfc5849/endpoints/test_base.py +++ b/tests/oauth1/rfc5849/endpoints/test_base.py @@ -1,15 +1,16 @@ from re import sub - -from mock import MagicMock +from unittest.mock import MagicMock from oauthlib.common import CaseInsensitiveDict, safe_string_equals from oauthlib.oauth1 import Client, RequestValidator -from oauthlib.oauth1.rfc5849 import (SIGNATURE_HMAC, SIGNATURE_PLAINTEXT, - SIGNATURE_RSA, errors) -from oauthlib.oauth1.rfc5849.endpoints import (BaseEndpoint, - RequestTokenEndpoint) - -from ....unittest import TestCase +from oauthlib.oauth1.rfc5849 import ( + SIGNATURE_HMAC, SIGNATURE_PLAINTEXT, SIGNATURE_RSA, errors, +) +from oauthlib.oauth1.rfc5849.endpoints import ( + BaseEndpoint, RequestTokenEndpoint, +) + +from tests.unittest import TestCase URLENCODED = {"Content-Type": "application/x-www-form-urlencoded"} diff --git a/tests/oauth1/rfc5849/endpoints/test_request_token.py b/tests/oauth1/rfc5849/endpoints/test_request_token.py index ece36bd..879cad2 100644 --- a/tests/oauth1/rfc5849/endpoints/test_request_token.py +++ b/tests/oauth1/rfc5849/endpoints/test_request_token.py @@ -1,10 +1,10 @@ -from mock import ANY, MagicMock +from unittest.mock import ANY, MagicMock from oauthlib.oauth1 import RequestValidator from oauthlib.oauth1.rfc5849 import Client from oauthlib.oauth1.rfc5849.endpoints import RequestTokenEndpoint -from ....unittest import TestCase +from tests.unittest import TestCase class RequestTokenEndpointTest(TestCase): diff --git a/tests/oauth1/rfc5849/endpoints/test_resource.py b/tests/oauth1/rfc5849/endpoints/test_resource.py index 41c9aee..416216f 100644 --- a/tests/oauth1/rfc5849/endpoints/test_resource.py +++ b/tests/oauth1/rfc5849/endpoints/test_resource.py @@ -1,10 +1,10 @@ -from mock import ANY, MagicMock +from unittest.mock import ANY, MagicMock from oauthlib.oauth1 import RequestValidator from oauthlib.oauth1.rfc5849 import Client from oauthlib.oauth1.rfc5849.endpoints import ResourceEndpoint -from ....unittest import TestCase +from tests.unittest import TestCase class ResourceEndpointTest(TestCase): diff --git a/tests/oauth1/rfc5849/endpoints/test_signature_only.py b/tests/oauth1/rfc5849/endpoints/test_signature_only.py index 9804137..16585bd 100644 --- a/tests/oauth1/rfc5849/endpoints/test_signature_only.py +++ b/tests/oauth1/rfc5849/endpoints/test_signature_only.py @@ -1,10 +1,10 @@ -from mock import ANY, MagicMock +from unittest.mock import ANY, MagicMock from oauthlib.oauth1 import RequestValidator from oauthlib.oauth1.rfc5849 import Client from oauthlib.oauth1.rfc5849.endpoints import SignatureOnlyEndpoint -from ....unittest import TestCase +from tests.unittest import TestCase class SignatureOnlyEndpointTest(TestCase): diff --git a/tests/oauth1/rfc5849/test_client.py b/tests/oauth1/rfc5849/test_client.py index 5c805a1..f7c997f 100644 --- a/tests/oauth1/rfc5849/test_client.py +++ b/tests/oauth1/rfc5849/test_client.py @@ -1,11 +1,12 @@ # -*- coding: utf-8 -*- from oauthlib.common import Request -from oauthlib.oauth1 import (SIGNATURE_PLAINTEXT, SIGNATURE_HMAC_SHA1, - SIGNATURE_HMAC_SHA256, SIGNATURE_RSA, - SIGNATURE_TYPE_BODY, SIGNATURE_TYPE_QUERY) +from oauthlib.oauth1 import ( + SIGNATURE_HMAC_SHA1, SIGNATURE_HMAC_SHA256, SIGNATURE_PLAINTEXT, + SIGNATURE_RSA, SIGNATURE_TYPE_BODY, SIGNATURE_TYPE_QUERY, +) from oauthlib.oauth1.rfc5849 import Client -from ...unittest import TestCase +from tests.unittest import TestCase class ClientRealmTests(TestCase): diff --git a/tests/oauth1/rfc5849/test_parameters.py b/tests/oauth1/rfc5849/test_parameters.py index 3afbb3a..92b95c1 100644 --- a/tests/oauth1/rfc5849/test_parameters.py +++ b/tests/oauth1/rfc5849/test_parameters.py @@ -1,11 +1,11 @@ # -*- coding: utf-8 -*- from oauthlib.common import urlencode -from oauthlib.oauth1.rfc5849.parameters import (_append_params, - prepare_form_encoded_body, - prepare_headers, - prepare_request_uri_query) +from oauthlib.oauth1.rfc5849.parameters import ( + _append_params, prepare_form_encoded_body, prepare_headers, + prepare_request_uri_query, +) -from ...unittest import TestCase +from tests.unittest import TestCase class ParameterTests(TestCase): diff --git a/tests/oauth1/rfc5849/test_request_validator.py b/tests/oauth1/rfc5849/test_request_validator.py index a3fe58f..8d34415 100644 --- a/tests/oauth1/rfc5849/test_request_validator.py +++ b/tests/oauth1/rfc5849/test_request_validator.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- from oauthlib.oauth1 import RequestValidator -from ...unittest import TestCase +from tests.unittest import TestCase class RequestValidatorTests(TestCase): diff --git a/tests/oauth1/rfc5849/test_signatures.py b/tests/oauth1/rfc5849/test_signatures.py index 89219f7..2de4e8a 100644 --- a/tests/oauth1/rfc5849/test_signatures.py +++ b/tests/oauth1/rfc5849/test_signatures.py @@ -1,19 +1,13 @@ # -*- coding: utf-8 -*- -from oauthlib.oauth1.rfc5849.signature import (collect_parameters, - signature_base_string, - base_string_uri, - normalize_parameters, - sign_hmac_sha1, - sign_hmac_sha1_with_client, - sign_plaintext, - sign_plaintext_with_client, - sign_rsa_sha1, - sign_rsa_sha1_with_client) from urllib.parse import quote -from ...unittest import TestCase - +from oauthlib.oauth1.rfc5849.signature import ( + base_string_uri, collect_parameters, normalize_parameters, sign_hmac_sha1, + sign_hmac_sha1_with_client, sign_plaintext, sign_plaintext_with_client, + sign_rsa_sha1, sign_rsa_sha1_with_client, signature_base_string, +) +from tests.unittest import TestCase class SignatureTests(TestCase): diff --git a/tests/oauth1/rfc5849/test_utils.py b/tests/oauth1/rfc5849/test_utils.py index ba8ed0e..013c71a 100644 --- a/tests/oauth1/rfc5849/test_utils.py +++ b/tests/oauth1/rfc5849/test_utils.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- from oauthlib.oauth1.rfc5849.utils import * -from ...unittest import TestCase +from tests.unittest import TestCase class UtilsTests(TestCase): diff --git a/tests/oauth2/rfc6749/clients/test_backend_application.py b/tests/oauth2/rfc6749/clients/test_backend_application.py index 8d80b39..c1489ac 100644 --- a/tests/oauth2/rfc6749/clients/test_backend_application.py +++ b/tests/oauth2/rfc6749/clients/test_backend_application.py @@ -1,12 +1,11 @@ # -*- coding: utf-8 -*- import os - -from mock import patch +from unittest.mock import patch from oauthlib import signals from oauthlib.oauth2 import BackendApplicationClient -from ....unittest import TestCase +from tests.unittest import TestCase @patch('time.time', new=lambda: 1000) diff --git a/tests/oauth2/rfc6749/clients/test_base.py b/tests/oauth2/rfc6749/clients/test_base.py index c545c25..c77cfed 100644 --- a/tests/oauth2/rfc6749/clients/test_base.py +++ b/tests/oauth2/rfc6749/clients/test_base.py @@ -6,7 +6,7 @@ from oauthlib.oauth2 import Client, InsecureTransportError, TokenExpiredError from oauthlib.oauth2.rfc6749 import utils from oauthlib.oauth2.rfc6749.clients import AUTH_HEADER, BODY, URI_QUERY -from ....unittest import TestCase +from tests.unittest import TestCase class ClientTest(TestCase): diff --git a/tests/oauth2/rfc6749/clients/test_legacy_application.py b/tests/oauth2/rfc6749/clients/test_legacy_application.py index 34ea108..b5a1819 100644 --- a/tests/oauth2/rfc6749/clients/test_legacy_application.py +++ b/tests/oauth2/rfc6749/clients/test_legacy_application.py @@ -1,14 +1,12 @@ # -*- coding: utf-8 -*- import os - -from mock import patch +import urllib.parse as urlparse +from unittest.mock import patch from oauthlib import signals from oauthlib.oauth2 import LegacyApplicationClient -import urllib.parse as urlparse - -from ....unittest import TestCase +from tests.unittest import TestCase @patch('time.time', new=lambda: 1000) diff --git a/tests/oauth2/rfc6749/clients/test_mobile_application.py b/tests/oauth2/rfc6749/clients/test_mobile_application.py index e2bdebe..c40950c 100644 --- a/tests/oauth2/rfc6749/clients/test_mobile_application.py +++ b/tests/oauth2/rfc6749/clients/test_mobile_application.py @@ -1,12 +1,11 @@ # -*- coding: utf-8 -*- import os - -from mock import patch +from unittest.mock import patch from oauthlib import signals from oauthlib.oauth2 import MobileApplicationClient -from ....unittest import TestCase +from tests.unittest import TestCase @patch('time.time', new=lambda: 1000) diff --git a/tests/oauth2/rfc6749/clients/test_service_application.py b/tests/oauth2/rfc6749/clients/test_service_application.py index ba9406b..b97d855 100644 --- a/tests/oauth2/rfc6749/clients/test_service_application.py +++ b/tests/oauth2/rfc6749/clients/test_service_application.py @@ -1,14 +1,14 @@ # -*- coding: utf-8 -*- import os from time import time +from unittest.mock import patch import jwt -from mock import patch from oauthlib.common import Request from oauthlib.oauth2 import ServiceApplicationClient -from ....unittest import TestCase +from tests.unittest import TestCase class ServiceApplicationClientTest(TestCase): diff --git a/tests/oauth2/rfc6749/clients/test_web_application.py b/tests/oauth2/rfc6749/clients/test_web_application.py index e3382c8..1f711f4 100644 --- a/tests/oauth2/rfc6749/clients/test_web_application.py +++ b/tests/oauth2/rfc6749/clients/test_web_application.py @@ -1,19 +1,18 @@ # -*- coding: utf-8 -*- import os +import urllib.parse as urlparse import warnings - -from mock import patch +from unittest.mock import patch from oauthlib import common, signals -from oauthlib.oauth2 import (BackendApplicationClient, Client, - LegacyApplicationClient, MobileApplicationClient, - WebApplicationClient) +from oauthlib.oauth2 import ( + BackendApplicationClient, Client, LegacyApplicationClient, + MobileApplicationClient, WebApplicationClient, +) from oauthlib.oauth2.rfc6749 import errors, utils from oauthlib.oauth2.rfc6749.clients import AUTH_HEADER, BODY, URI_QUERY -import urllib.parse as urlparse - -from ....unittest import TestCase +from tests.unittest import TestCase @patch('time.time', new=lambda: 1000) diff --git a/tests/oauth2/rfc6749/endpoints/test_base_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_base_endpoint.py index 2289b58..b1af6c3 100644 --- a/tests/oauth2/rfc6749/endpoints/test_base_endpoint.py +++ b/tests/oauth2/rfc6749/endpoints/test_base_endpoint.py @@ -1,10 +1,12 @@ # -*- coding: utf-8 -*- -from oauthlib.oauth2 import (FatalClientError, OAuth2Error, RequestValidator, - Server) -from oauthlib.oauth2.rfc6749 import (BaseEndpoint, - catch_errors_and_unavailability) +from oauthlib.oauth2 import ( + FatalClientError, OAuth2Error, RequestValidator, Server, +) +from oauthlib.oauth2.rfc6749 import ( + BaseEndpoint, catch_errors_and_unavailability, +) -from ....unittest import TestCase +from tests.unittest import TestCase class BaseEndpointTest(TestCase): diff --git a/tests/oauth2/rfc6749/endpoints/test_client_authentication.py b/tests/oauth2/rfc6749/endpoints/test_client_authentication.py index 48b5485..0659ee0 100644 --- a/tests/oauth2/rfc6749/endpoints/test_client_authentication.py +++ b/tests/oauth2/rfc6749/endpoints/test_client_authentication.py @@ -10,14 +10,15 @@ on the request object with a client_id parameter. The client_id attribute prevents this check from being circumvented with a client form parameter. """ import json +from unittest import mock -import mock +from oauthlib.oauth2 import ( + BackendApplicationServer, LegacyApplicationServer, MobileApplicationServer, + RequestValidator, WebApplicationServer, +) -from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer, - MobileApplicationServer, RequestValidator, - WebApplicationServer) +from tests.unittest import TestCase -from ....unittest import TestCase from .test_utils import get_fragment_credentials diff --git a/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py b/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py index bda71f7..32c770c 100644 --- a/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py +++ b/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py @@ -4,14 +4,15 @@ The Authorization Code Grant will need to preserve state as well as redirect uri and the Implicit Grant will need to preserve state. """ import json +from unittest import mock -import mock - -from oauthlib.oauth2 import (MobileApplicationServer, RequestValidator, - WebApplicationServer) +from oauthlib.oauth2 import ( + MobileApplicationServer, RequestValidator, WebApplicationServer, +) from oauthlib.oauth2.rfc6749 import errors -from ....unittest import TestCase +from tests.unittest import TestCase + from .test_utils import get_fragment_credentials, get_query_credentials diff --git a/tests/oauth2/rfc6749/endpoints/test_error_responses.py b/tests/oauth2/rfc6749/endpoints/test_error_responses.py index cdf2b63..3f53c71 100644 --- a/tests/oauth2/rfc6749/endpoints/test_error_responses.py +++ b/tests/oauth2/rfc6749/endpoints/test_error_responses.py @@ -1,15 +1,16 @@ """Ensure the correct error responses are returned for all defined error types. """ import json - -import mock +from unittest import mock from oauthlib.common import urlencode -from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer, - MobileApplicationServer, RequestValidator, - WebApplicationServer) +from oauthlib.oauth2 import ( + BackendApplicationServer, LegacyApplicationServer, MobileApplicationServer, + RequestValidator, WebApplicationServer, +) from oauthlib.oauth2.rfc6749 import errors -from ....unittest import TestCase + +from tests.unittest import TestCase class ErrorResponseTest(TestCase): diff --git a/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py b/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py index 6895dcd..97aaf86 100644 --- a/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py +++ b/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py @@ -1,12 +1,13 @@ """Ensure extra credentials can be supplied for inclusion in tokens. """ -import mock +from unittest import mock -from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer, - MobileApplicationServer, RequestValidator, - WebApplicationServer) +from oauthlib.oauth2 import ( + BackendApplicationServer, LegacyApplicationServer, MobileApplicationServer, + RequestValidator, WebApplicationServer, +) -from ....unittest import TestCase +from tests.unittest import TestCase class ExtraCredentialsTest(TestCase): diff --git a/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py index 0942d96..04df6a2 100644 --- a/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py +++ b/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py @@ -1,12 +1,11 @@ # -*- coding: utf-8 -*- from json import loads - -from mock import MagicMock +from unittest.mock import MagicMock from oauthlib.common import urlencode -from oauthlib.oauth2 import RequestValidator, IntrospectEndpoint +from oauthlib.oauth2 import IntrospectEndpoint, RequestValidator -from ....unittest import TestCase +from tests.unittest import TestCase class IntrospectEndpointTest(TestCase): diff --git a/tests/oauth2/rfc6749/endpoints/test_metadata.py b/tests/oauth2/rfc6749/endpoints/test_metadata.py index a01500f..681119a 100644 --- a/tests/oauth2/rfc6749/endpoints/test_metadata.py +++ b/tests/oauth2/rfc6749/endpoints/test_metadata.py @@ -1,9 +1,7 @@ # -*- coding: utf-8 -*- -from oauthlib.oauth2 import MetadataEndpoint -from oauthlib.oauth2 import TokenEndpoint -from oauthlib.oauth2 import Server +from oauthlib.oauth2 import MetadataEndpoint, Server, TokenEndpoint -from ....unittest import TestCase +from tests.unittest import TestCase class MetadataEndpointTest(TestCase): diff --git a/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py b/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py index 9e9d836..0453388 100644 --- a/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py +++ b/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py @@ -1,14 +1,15 @@ """Ensure all tokens are associated with a resource owner. """ import json +from unittest import mock -import mock +from oauthlib.oauth2 import ( + BackendApplicationServer, LegacyApplicationServer, MobileApplicationServer, + RequestValidator, WebApplicationServer, +) -from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer, - MobileApplicationServer, RequestValidator, - WebApplicationServer) +from tests.unittest import TestCase -from ....unittest import TestCase from .test_utils import get_fragment_credentials, get_query_credentials diff --git a/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py index 0e3b2e1..a4182eb 100644 --- a/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py +++ b/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py @@ -1,12 +1,11 @@ # -*- coding: utf-8 -*- from json import loads - -from mock import MagicMock +from unittest.mock import MagicMock from oauthlib.common import urlencode from oauthlib.oauth2 import RequestValidator, RevocationEndpoint -from ....unittest import TestCase +from tests.unittest import TestCase class RevocationEndpointTest(TestCase): diff --git a/tests/oauth2/rfc6749/endpoints/test_scope_handling.py b/tests/oauth2/rfc6749/endpoints/test_scope_handling.py index 65e0e3c..4c87d9c 100644 --- a/tests/oauth2/rfc6749/endpoints/test_scope_handling.py +++ b/tests/oauth2/rfc6749/endpoints/test_scope_handling.py @@ -4,14 +4,15 @@ Fairly trivial in all grants except the Authorization Code Grant where scope need to be persisted temporarily in an authorization code. """ import json +from unittest import mock -import mock +from oauthlib.oauth2 import ( + BackendApplicationServer, LegacyApplicationServer, MobileApplicationServer, + RequestValidator, Server, WebApplicationServer, +) -from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer, - MobileApplicationServer, RequestValidator, Server, - WebApplicationServer) +from tests.unittest import TestCase -from ....unittest import TestCase from .test_utils import get_fragment_credentials, get_query_credentials diff --git a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py index 4ed9086..20a2416 100644 --- a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py +++ b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py @@ -1,15 +1,15 @@ # -*- coding: utf-8 -*- import json - -import mock +from unittest import mock from oauthlib.common import Request from oauthlib.oauth2.rfc6749 import errors -from oauthlib.oauth2.rfc6749.grant_types import AuthorizationCodeGrant -from oauthlib.oauth2.rfc6749.grant_types import authorization_code +from oauthlib.oauth2.rfc6749.grant_types import ( + AuthorizationCodeGrant, authorization_code, +) from oauthlib.oauth2.rfc6749.tokens import BearerToken -from ....unittest import TestCase +from tests.unittest import TestCase class AuthorizationCodeGrantTest(TestCase): diff --git a/tests/oauth2/rfc6749/grant_types/test_client_credentials.py b/tests/oauth2/rfc6749/grant_types/test_client_credentials.py index d994278..e9559c7 100644 --- a/tests/oauth2/rfc6749/grant_types/test_client_credentials.py +++ b/tests/oauth2/rfc6749/grant_types/test_client_credentials.py @@ -1,13 +1,12 @@ # -*- coding: utf-8 -*- import json - -import mock +from unittest import mock from oauthlib.common import Request from oauthlib.oauth2.rfc6749.grant_types import ClientCredentialsGrant from oauthlib.oauth2.rfc6749.tokens import BearerToken -from ....unittest import TestCase +from tests.unittest import TestCase class ClientCredentialsGrantTest(TestCase): diff --git a/tests/oauth2/rfc6749/grant_types/test_implicit.py b/tests/oauth2/rfc6749/grant_types/test_implicit.py index ffd766a..1fb71a1 100644 --- a/tests/oauth2/rfc6749/grant_types/test_implicit.py +++ b/tests/oauth2/rfc6749/grant_types/test_implicit.py @@ -1,11 +1,11 @@ # -*- coding: utf-8 -*- -import mock +from unittest import mock from oauthlib.common import Request from oauthlib.oauth2.rfc6749.grant_types import ImplicitGrant from oauthlib.oauth2.rfc6749.tokens import BearerToken -from ....unittest import TestCase +from tests.unittest import TestCase class ImplicitGrantTest(TestCase): diff --git a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py index 074f359..1d3e77a 100644 --- a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py +++ b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py @@ -1,14 +1,13 @@ # -*- coding: utf-8 -*- import json - -import mock +from unittest import mock from oauthlib.common import Request from oauthlib.oauth2.rfc6749 import errors from oauthlib.oauth2.rfc6749.grant_types import RefreshTokenGrant from oauthlib.oauth2.rfc6749.tokens import BearerToken -from ....unittest import TestCase +from tests.unittest import TestCase class RefreshTokenGrantTest(TestCase): diff --git a/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py b/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py index 4e93015..294e27b 100644 --- a/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py +++ b/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py @@ -1,15 +1,15 @@ # -*- coding: utf-8 -*- import json - -import mock +from unittest import mock from oauthlib.common import Request from oauthlib.oauth2.rfc6749 import errors -from oauthlib.oauth2.rfc6749.grant_types import \ - ResourceOwnerPasswordCredentialsGrant +from oauthlib.oauth2.rfc6749.grant_types import ( + ResourceOwnerPasswordCredentialsGrant, +) from oauthlib.oauth2.rfc6749.tokens import BearerToken -from ....unittest import TestCase +from tests.unittest import TestCase class ResourceOwnerPasswordCredentialsGrantTest(TestCase): diff --git a/tests/oauth2/rfc6749/test_parameters.py b/tests/oauth2/rfc6749/test_parameters.py index e9b3621..f9245ec 100644 --- a/tests/oauth2/rfc6749/test_parameters.py +++ b/tests/oauth2/rfc6749/test_parameters.py @@ -1,10 +1,10 @@ -from mock import patch +from unittest.mock import patch from oauthlib import signals from oauthlib.oauth2.rfc6749.errors import * from oauthlib.oauth2.rfc6749.parameters import * -from ...unittest import TestCase +from tests.unittest import TestCase @patch('time.time', new=lambda: 1000) diff --git a/tests/oauth2/rfc6749/test_request_validator.py b/tests/oauth2/rfc6749/test_request_validator.py index 257280c..9688b5a 100644 --- a/tests/oauth2/rfc6749/test_request_validator.py +++ b/tests/oauth2/rfc6749/test_request_validator.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- from oauthlib.oauth2 import RequestValidator -from ...unittest import TestCase +from tests.unittest import TestCase class RequestValidatorTest(TestCase): diff --git a/tests/oauth2/rfc6749/test_server.py b/tests/oauth2/rfc6749/test_server.py index 9288e49..94af37e 100644 --- a/tests/oauth2/rfc6749/test_server.py +++ b/tests/oauth2/rfc6749/test_server.py @@ -1,20 +1,21 @@ # -*- coding: utf-8 -*- import json - -import mock +from unittest import mock from oauthlib import common from oauthlib.oauth2.rfc6749 import errors, tokens from oauthlib.oauth2.rfc6749.endpoints import Server -from oauthlib.oauth2.rfc6749.endpoints.authorization import AuthorizationEndpoint +from oauthlib.oauth2.rfc6749.endpoints.authorization import ( + AuthorizationEndpoint, +) from oauthlib.oauth2.rfc6749.endpoints.resource import ResourceEndpoint from oauthlib.oauth2.rfc6749.endpoints.token import TokenEndpoint -from oauthlib.oauth2.rfc6749.grant_types import (AuthorizationCodeGrant, - ClientCredentialsGrant, - ImplicitGrant, - ResourceOwnerPasswordCredentialsGrant) +from oauthlib.oauth2.rfc6749.grant_types import ( + AuthorizationCodeGrant, ClientCredentialsGrant, ImplicitGrant, + ResourceOwnerPasswordCredentialsGrant, +) -from ...unittest import TestCase +from tests.unittest import TestCase class AuthorizationEndpointTest(TestCase): diff --git a/tests/oauth2/rfc6749/test_tokens.py b/tests/oauth2/rfc6749/test_tokens.py index 61a23cb..fa6b1c0 100644 --- a/tests/oauth2/rfc6749/test_tokens.py +++ b/tests/oauth2/rfc6749/test_tokens.py @@ -1,15 +1,12 @@ -import mock +from unittest import mock from oauthlib.common import Request from oauthlib.oauth2.rfc6749.tokens import ( - BearerToken, - prepare_bearer_body, - prepare_bearer_headers, - prepare_bearer_uri, - prepare_mac_header, + BearerToken, prepare_bearer_body, prepare_bearer_headers, + prepare_bearer_uri, prepare_mac_header, ) -from ...unittest import TestCase +from tests.unittest import TestCase class TokenTest(TestCase): diff --git a/tests/oauth2/rfc6749/test_utils.py b/tests/oauth2/rfc6749/test_utils.py index cfc6c2c..3299591 100644 --- a/tests/oauth2/rfc6749/test_utils.py +++ b/tests/oauth2/rfc6749/test_utils.py @@ -1,11 +1,12 @@ import datetime import os -from oauthlib.oauth2.rfc6749.utils import (escape, generate_age, host_from_uri, - is_secure_transport, list_to_scope, - params_from_uri, scope_to_list) +from oauthlib.oauth2.rfc6749.utils import ( + escape, generate_age, host_from_uri, is_secure_transport, list_to_scope, + params_from_uri, scope_to_list, +) -from ...unittest import TestCase +from tests.unittest import TestCase class ScopeObject: diff --git a/tests/openid/connect/core/endpoints/test_claims_handling.py b/tests/openid/connect/core/endpoints/test_claims_handling.py index 943210c..bc70269 100644 --- a/tests/openid/connect/core/endpoints/test_claims_handling.py +++ b/tests/openid/connect/core/endpoints/test_claims_handling.py @@ -6,13 +6,13 @@ The claims parameter is an optional query param for the Authorization Request en request the claims should be transferred (via the oauthlib request) to be persisted with the Access Token when it is created. """ -import mock +from unittest import mock from oauthlib.openid import RequestValidator from oauthlib.openid.connect.core.endpoints.pre_configured import Server -from tests.unittest import TestCase from tests.oauth2.rfc6749.endpoints.test_utils import get_query_credentials +from tests.unittest import TestCase class TestClaimsHandling(TestCase): diff --git a/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py b/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py index 26ff46b..c55136f 100644 --- a/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py +++ b/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py @@ -1,11 +1,12 @@ -import mock +from unittest import mock +from urllib.parse import urlencode from oauthlib.oauth2 import InvalidRequestError -from oauthlib.oauth2.rfc6749.endpoints.authorization import \ - AuthorizationEndpoint +from oauthlib.oauth2.rfc6749.endpoints.authorization import ( + AuthorizationEndpoint, +) from oauthlib.oauth2.rfc6749.tokens import BearerToken from oauthlib.openid.connect.core.grant_types import AuthorizationCodeGrant -from urllib.parse import urlencode from tests.unittest import TestCase diff --git a/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py b/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py index 9edc970..4833485 100644 --- a/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py +++ b/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py @@ -1,10 +1,9 @@ # -*- coding: utf-8 -*- -import mock import json +from unittest import mock -from oauthlib.openid import RequestValidator -from oauthlib.openid import UserInfoEndpoint from oauthlib.oauth2.rfc6749 import errors +from oauthlib.openid import RequestValidator, UserInfoEndpoint from tests.unittest import TestCase diff --git a/tests/openid/connect/core/grant_types/test_authorization_code.py b/tests/openid/connect/core/grant_types/test_authorization_code.py index b6bb99c..91e24b3 100644 --- a/tests/openid/connect/core/grant_types/test_authorization_code.py +++ b/tests/openid/connect/core/grant_types/test_authorization_code.py @@ -1,17 +1,18 @@ # -*- coding: utf-8 -*- import json - -import mock +from unittest import mock from oauthlib.common import Request from oauthlib.oauth2.rfc6749.tokens import BearerToken - -from oauthlib.openid.connect.core.grant_types.authorization_code import AuthorizationCodeGrant +from oauthlib.openid.connect.core.grant_types.authorization_code import ( + AuthorizationCodeGrant, +) from oauthlib.openid.connect.core.grant_types.exceptions import OIDCNoPrompt +from tests.oauth2.rfc6749.grant_types.test_authorization_code import ( + AuthorizationCodeGrantTest, +) from tests.unittest import TestCase -from tests.oauth2.rfc6749.grant_types.test_authorization_code import \ - AuthorizationCodeGrantTest def get_id_token_mock(token, token_handler, request): diff --git a/tests/openid/connect/core/grant_types/test_base.py b/tests/openid/connect/core/grant_types/test_base.py index d506b7e..a88834b 100644 --- a/tests/openid/connect/core/grant_types/test_base.py +++ b/tests/openid/connect/core/grant_types/test_base.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- -import mock import time +from unittest import mock from oauthlib.common import Request from oauthlib.openid.connect.core.grant_types.base import GrantTypeBase diff --git a/tests/openid/connect/core/grant_types/test_dispatchers.py b/tests/openid/connect/core/grant_types/test_dispatchers.py index 2fc4ae6..ccbada4 100644 --- a/tests/openid/connect/core/grant_types/test_dispatchers.py +++ b/tests/openid/connect/core/grant_types/test_dispatchers.py @@ -1,20 +1,18 @@ # -*- coding: utf-8 -*- -import mock +from unittest import mock from oauthlib.common import Request - -from oauthlib.openid.connect.core.grant_types.authorization_code import AuthorizationCodeGrant -from oauthlib.openid.connect.core.grant_types.implicit import ImplicitGrant -from oauthlib.openid.connect.core.grant_types.dispatchers import ( - ImplicitTokenGrantDispatcher, - AuthorizationTokenGrantDispatcher -) - from oauthlib.oauth2.rfc6749.grant_types import ( AuthorizationCodeGrant as OAuth2AuthorizationCodeGrant, ImplicitGrant as OAuth2ImplicitGrant, ) - +from oauthlib.openid.connect.core.grant_types.authorization_code import ( + AuthorizationCodeGrant, +) +from oauthlib.openid.connect.core.grant_types.dispatchers import ( + AuthorizationTokenGrantDispatcher, ImplicitTokenGrantDispatcher, +) +from oauthlib.openid.connect.core.grant_types.implicit import ImplicitGrant from tests.unittest import TestCase diff --git a/tests/openid/connect/core/grant_types/test_hybrid.py b/tests/openid/connect/core/grant_types/test_hybrid.py index 3347031..fb61b04 100644 --- a/tests/openid/connect/core/grant_types/test_hybrid.py +++ b/tests/openid/connect/core/grant_types/test_hybrid.py @@ -1,11 +1,14 @@ # -*- coding: utf-8 -*- -import mock +from unittest import mock from oauthlib.oauth2.rfc6749 import errors from oauthlib.oauth2.rfc6749.tokens import BearerToken from oauthlib.openid.connect.core.grant_types.hybrid import HybridGrant -from tests.oauth2.rfc6749.grant_types.test_authorization_code import \ - AuthorizationCodeGrantTest + +from tests.oauth2.rfc6749.grant_types.test_authorization_code import ( + AuthorizationCodeGrantTest, +) + from .test_authorization_code import OpenIDAuthCodeTest diff --git a/tests/openid/connect/core/grant_types/test_implicit.py b/tests/openid/connect/core/grant_types/test_implicit.py index c8fefd4..80069ac 100644 --- a/tests/openid/connect/core/grant_types/test_implicit.py +++ b/tests/openid/connect/core/grant_types/test_implicit.py @@ -1,13 +1,15 @@ # -*- coding: utf-8 -*- -import mock +from unittest import mock from oauthlib.common import Request from oauthlib.oauth2.rfc6749 import errors from oauthlib.oauth2.rfc6749.tokens import BearerToken from oauthlib.openid.connect.core.grant_types.exceptions import OIDCNoPrompt from oauthlib.openid.connect.core.grant_types.implicit import ImplicitGrant + from tests.oauth2.rfc6749.grant_types.test_implicit import ImplicitGrantTest from tests.unittest import TestCase + from .test_authorization_code import get_id_token_mock diff --git a/tests/openid/connect/core/test_server.py b/tests/openid/connect/core/test_server.py index 681748f..47f0ecc 100644 --- a/tests/openid/connect/core/test_server.py +++ b/tests/openid/connect/core/test_server.py @@ -1,16 +1,18 @@ # -*- coding: utf-8 -*- import json - -import mock +from unittest import mock from oauthlib.oauth2.rfc6749 import errors -from oauthlib.oauth2.rfc6749.endpoints.authorization import AuthorizationEndpoint +from oauthlib.oauth2.rfc6749.endpoints.authorization import ( + AuthorizationEndpoint, +) from oauthlib.oauth2.rfc6749.endpoints.token import TokenEndpoint from oauthlib.oauth2.rfc6749.tokens import BearerToken - -from oauthlib.openid.connect.core.grant_types.authorization_code import AuthorizationCodeGrant -from oauthlib.openid.connect.core.grant_types.implicit import ImplicitGrant +from oauthlib.openid.connect.core.grant_types.authorization_code import ( + AuthorizationCodeGrant, +) from oauthlib.openid.connect.core.grant_types.hybrid import HybridGrant +from oauthlib.openid.connect.core.grant_types.implicit import ImplicitGrant from tests.unittest import TestCase diff --git a/tests/openid/connect/core/test_tokens.py b/tests/openid/connect/core/test_tokens.py index f1a6688..5889df5 100644 --- a/tests/openid/connect/core/test_tokens.py +++ b/tests/openid/connect/core/test_tokens.py @@ -1,4 +1,4 @@ -import mock +from unittest import mock from oauthlib.openid.connect.core.tokens import JWTToken diff --git a/tests/test_common.py b/tests/test_common.py index b0fb4b0..7f0e35b 100644 --- a/tests/test_common.py +++ b/tests/test_common.py @@ -1,14 +1,12 @@ # -*- coding: utf-8 -*- -import os -import sys - import oauthlib -from oauthlib.common import (CaseInsensitiveDict, Request, add_params_to_uri, - extract_params, generate_client_id, - generate_nonce, generate_timestamp, - generate_token, urldecode) +from oauthlib.common import ( + CaseInsensitiveDict, Request, add_params_to_uri, extract_params, + generate_client_id, generate_nonce, generate_timestamp, generate_token, + urldecode, +) -from .unittest import TestCase +from tests.unittest import TestCase PARAMS_DICT = {'foo': 'bar', 'baz': '123', } PARAMS_TWOTUPLE = [('foo', 'bar'), ('baz', '123')] diff --git a/tests/unittest/__init__.py b/tests/unittest/__init__.py index 13ad92f..f94f35c 100644 --- a/tests/unittest/__init__.py +++ b/tests/unittest/__init__.py @@ -1,5 +1,5 @@ -from unittest import TestCase import urllib.parse as urlparse +from unittest import TestCase # URL comparison where query param order is insignificant @@ -1,5 +1,5 @@ [tox] -envlist = py35,py36,py37,pypy,pypy3,docs,readme,bandit +envlist = py35,py36,py37,pypy,pypy3,docs,readme,bandit,isort [testenv] deps= @@ -9,9 +9,9 @@ commands= # tox -e docs to mimick readthedocs build. -# as of today, RTD is using python2.7 and doesn't run "setup.py install" +# as of today, RTD is using python3.6 and doesn't run "setup.py install" [testenv:docs] -basepython=python2.7 +basepython=python3.6 skipsdist=True deps= sphinx @@ -34,3 +34,10 @@ skipsdist=True deps=bandit commands=bandit -b bandit.json -r oauthlib/ whitelist_externals=bandit + +[testenv:isort] +basepython = python3.7 +usedevelop = false +deps = isort +changedir = {toxinidir} +commands = isort --recursive --check-only --diff oauthlib tests |