ó žA/Mc@sbdZeZdddddddgZdd lZdd lmZdd lZdd lZdd l Z dd l Z dd l m Z dd l mZdd lZdd lZdd lmZddlmZmZmZmZddlmZdZdZdZdZee e!fZ"defd„ƒYZ#defd„ƒYZdefd„ƒYZ$de%fd„ƒYZ&de&fd„ƒYZ'de&fd„ƒYZ(de%fd„ƒYZ)de)fd„ƒYZ*de+fd„ƒYZ,d e,fd!„ƒYZ-d"e,fd#„ƒYZ.d$e,fd%„ƒYZ/d&e,fd'„ƒYZ0d(e,fd)„ƒYZ1d*e,fd+„ƒYZ2d S(,s4launchpadlib credentials and authentication support.t AccessTokentAnonymousAccessTokent AuthorizeRequestTokenWithBrowsertCredentialStoretRequestTokenAuthorizationEnginetConsumert CredentialsiÿÿÿÿN(tStringIO(t urlencode(turljoin(t HTTPError(RRtOAuthAuthorizertSystemWideConsumer(turiss+request-tokens +access-tokens+authorize-tokenicBs\eZdZdZdZdZd„Zed„ƒZ de j ed„Z e j d„Z RS(sèStandard credentials storage and usage class. :ivar consumer: The consumer (application) :type consumer: `Consumer` :ivar access_token: Access information on behalf of the user :type access_token: `AccessToken` turitdictcCs tƒ}|j|ƒ|jƒS(seTurn this object into a string. This should probably be moved into OAuthAuthorizer. (Rtsavetgetvalue(tselftsio((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyt serializeIs  cCs |ƒ}|jt|ƒƒ|S(s}Create a `Credentials` object from a serialized string. This should probably be moved into OAuthAuthorizer. (tloadR(tclstvaluet credentials((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyt from_stringRs c Cs|jdk std‚|jdks0td‚tj|ƒ}td|jjddddƒ}|t}i|d6}||j kr“d |d toauth_token_secrets lp.context(tget(RR9R*R?R6((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR3²s  cCsÆtj|dtƒ}|d}t|ƒdks:td‚|d}|d}t|ƒdksitd‚|d}|jdƒ}|d k r¶t|ƒdks©td ‚|d}n||||ƒS( s<Create and return a new `AccessToken` from the given string.tkeep_blank_valuesR>is/Query string must have exactly one oauth_token.iRHs*Query string must have exactly one secret.s lp.contexts*Query string must have exactly one contextN(tcgitparse_qstFalsetlenR'RIR&(Rt query_stringR9R*R?R6((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRºs      (RBRCRDRFR3R(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR¯scBseZdZd„ZRS(soAn OAuth access token that doesn't authenticate anybody. This token can be used for anonymous access. cCstt|ƒjddƒdS(Nt(tsuperRt__init__(R((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRRÒs(RBRCRDRR(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRÍscBs>eZdZdd„Zd„Zd„Zd„Zd„ZRS(sÖStore OAuth credentials locally. This is a generic superclass. To implement a specific way of storing credentials locally you'll need to subclass this class, and implement `do_save` and `do_load`. cCs ||_dS(sConstructor. :param credential_save_failed: A callback to be invoked if the save to local storage fails. You should never invoke this callback yourself! Instead, you should raise an exception from do_save(). N(tcredential_save_failed(RRS((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRRÞscCscy|j||ƒWnHtk r*‚n5tk r^}|jdkrQ|‚n|jƒnX|S(sœSave the credentials and invoke the callback on failure. Do not override this method when subclassing. Override do_save() instead. N(tdo_savetEXPLOSIVE_ERRORSt ExceptionRSR&(RRtunique_consumer_idte((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRès  cCs tƒ‚dS(sõStore newly-authorized credentials locally for later use. :param credentials: A Credentials object to save. :param unique_consumer_id: A string uniquely identifying an OAuth consumer on a Launchpad instance. N(tNotImplementedError(RRRW((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRTøscCs |j|ƒS(s0Retrieve credentials from a local store. This method is the inverse of `save`. There's no special behavior in this method--it just calls `do_load`. There _is_ special behavior in `save`, and this way, developers can remember to implement `do_save` and `do_load`, not `do_save` and `load`. :param unique_key: A string uniquely identifying an OAuth consumer on a Launchpad instance. :return: A `Credentials` object if one is found in the local store, and None otherise. (tdo_load(Rt unique_key((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRscCs tƒ‚dS(s@Retrieve credentials from a local store. This method is the inverse of `do_save`. :param unique_key: A string uniquely identifying an OAuth consumer on a Launchpad instance. :return: A `Credentials` object if one is found in the local store, and None otherise. N(RY(RR[((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRZs N( RBRCRDR&RRRRTRRZ(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRÖs   tKeyringCredentialStorecBs/eZdZed„ƒZd„Zd„ZRS(söStore credentials in the GNOME keyring or KDE wallet. This is a good solution for desktop applications and interactive scripts. It doesn't work for non-interactive scripts, or for integrating third-party websites into Launchpad. cCs"dtƒkrddlandS(sGEnsure the keyring module is imported (postponing side effects). The keyring module initializes the environment-dependent backend at import time (nasty). We want to avoid that initialization because it may do things like prompt the user to unlock their password store (e.g., KWallet). tkeyringiÿÿÿÿN(tglobalsR](((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyt_ensure_keyring_imported)s cCs'|jƒtjd||jƒƒdS(s2Store newly-authorized credentials in the keyring.t launchpadlibN(R_R]t set_passwordR(RRR[((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRT6s cCs9|jƒtjd|ƒ}|dk r5tj|ƒSdS(s&Retrieve credentials from the keyring.R`N(R_R]t get_passwordR&RR(RR[tcredential_string((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRZ<s     (RBRCRDt staticmethodR_RTRZ(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR\!s tUnencryptedFileCredentialStorecBs,eZdZdd„Zd„Zd„ZRS(s‘Store credentials unencrypted in a file on disk. This is a good solution for scripts that need to run without any user interaction. cCs#tt|ƒj|ƒ||_dS(N(RQReRRtfilename(RRfRS((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRRMscCs|j|jƒdS(sSave the credentials to disk.N(t save_to_pathRf(RRR[((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRTRscCsItjj|jƒrEtj|jƒtjdk rEtj|jƒSdS(sLoad the credentials from disk.iN( tostpathtexistsRftstattST_SIZERtload_from_pathR&(RR[((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRZVs N(RBRCRDR&RRRTRZ(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyReFs  cBsYeZdZdZdddd„Zed„ƒZd„Zd„Z d„Z d„Z RS( s/The superclass of all request token authorizers. This base class does not implement request token authorization, since that varies depending on how you want the end-user to authorize a request token. You'll need to subclass this class and implement `make_end_user_authorize_token`. t UNAUTHORIZEDcCs×tj|ƒ|_tj|ƒ|_|dkrK|dkrKtdƒ‚n|dk r||dk r|td||fƒ‚n|dkr dg}t|ƒ}nt|ƒ}|}||_ ||_ |pÍg|_ dS(sDBase class initialization. :param service_root: The root of the Launchpad instance being used. :param application_name: The name of the application that wants to use launchpadlib. This is used in conjunction with a desktop-wide integration. If you specify this argument, your values for consumer_name and allow_access_levels are ignored. :param consumer_name: The OAuth consumer name, for an application that wants its own point of integration into Launchpad. In almost all cases, you want to specify application_name instead and do a desktop-wide integration. The exception is when you're integrating a third-party website into Launchpad. :param allow_access_levels: A list of the Launchpad access levels to present to the user. ('READ_PUBLIC' and so on.) Your value for this argument will be ignored during a desktop-wide integration. :type allow_access_levels: A list of strings. s:You must provide either application_name or consumer_name.sZYou must provide only one of application_name and consumer_name. (You provided %r and %r.)tDESKTOP_INTEGRATIONN( R tlookup_service_roott service_roottweb_root_for_service_rootR7R&t ValueErrorR RR%tapplication_nametallow_access_levels(RRqRtt consumer_nameRuR%((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRRis"      cCs|jjd|jS(s7Return a string identifying this consumer on this host.t@(R%R*Rq(R((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRW¢scCsXdt|f}d}t|jƒdkrH|||j|jƒ7}nt|j|ƒS(sÞReturn the authorization URL for a request token. This is the URL the end-user must visit to authorize the token. How exactly does this happen? That depends on the subclass implementation. s%s?oauth_token=%ss&allow_permission=i(R5RNRutjoinR R7(Rt request_tokentpagetallow_permission((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pytauthorization_url§scCsI|j|ƒ}|j||ƒ|jdkr2dS|j||jƒ|S(sdAuthorize a token and associate it with the given credentials. If the credential store runs into a problem storing the credential locally, the `credential_save_failed` callback will be invoked. The callback will not be invoked if there's a problem authorizing the credentials. :param credentials: A `Credentials` object. If the end-user authorizes these credentials, this object will have its .access_token property set. :param credential_store: A `CredentialStore` object. If the end-user authorizes the credentials, they will be persisted locally using this object. :return: If the credentials are successfully authorized, the return value is the `Credentials` object originally passed in. Otherwise the return value is None. N(R=tmake_end_user_authorize_tokenR(R&RRW(RRtcredential_storetrequest_token_string((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyt__call__¶s cCs&|jd|jdtjƒ}|dS(s\Get a new request token from the server. :param return: The request token. R7R8R>(R=R7RR,(RRtauthorization_json((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR=Ôs   cCs tƒ‚dS(s5Authorize the given request token using the given credentials. Your subclass must implement this method: it has no default implementation. Because an access token may expire or be revoked in the middle of a session, this method may be called at arbitrary points in a launchpadlib session, or even multiple times during a single session (with a different request token each time). In most cases, however, this method will be called at the beginning of a launchpadlib session, or not at all. N(RY(RRRy((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR}ÞsN( RBRCRDtUNAUTHORIZED_ACCESS_LEVELR&RRtpropertyRWR|R€R=R}(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR^s8   cBs8eZdZdZdddd„Zd„Zd„ZRS(sßThe simplest (and, right now, the only) request token authorizer. This authorizer simply opens up the end-user's web browser to a Launchpad URL and lets the end-user authorize the request token themselves. sÇThe authorization page: (%s) should be opening in your browser. Use your browser to authorize this program to access Launchpad on your behalf. Waiting to hear from Launchpad about your decision...cCs#tt|ƒj||d|ƒdS(soConstructor. :param service_root: See `RequestTokenAuthorizationEngine`. :param application_name: See `RequestTokenAuthorizationEngine`. :param consumer_name: The value of this argument is ignored. If we have the capability to open the end-user's web browser, we must be running on the end-user's computer, so we should do a full desktop integration. :param credential_save_failed: See `RequestTokenAuthorizationEngine`. :param allow_access_levels: The value of this argument is ignored, for the same reason as consumer_name. N(RQRRRR&(RRqRtRvRSRu((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRRùs cCs |GHdS(s³Display a message. By default, prints the message to standard output. The message does not require any user interaction--it's solely informative. N((Rtmessage((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pytoutputscCsÅ|j|ƒ}tj|ƒ|j|j|ƒxŽ|jdkrÀtjt ƒy|j |j ƒPWq3t k r¼}|j jdkršt|jƒ‚q½|j jdkr¯q½dGH|GHq3Xq3WdS(s7Have the end-user authorize the token in their browser.i“i‘s#Unexpected response from Launchpad:N(R|t webbrowsertopenR…tWAITING_FOR_USERR(R&ttimetsleeptaccess_token_poll_timeRAR7R R;R0tEndUserDeclinedAuthorizationR<(RRRyR|RX((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR}s    N(RBRCRDRˆR&RRR…R}(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRïs  tTokenAuthorizationExceptioncBseZRS((RBRC(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR1stRequestTokenAlreadyAuthorizedcBseZRS((RBRC(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRŽ5sRŒcBseZRS((RBRC(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRŒ9st ClientErrorcBseZRS((RBRC(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR=st ServerErrorcBseZRS((RBRC(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyRAstNoLaunchpadAccountcBseZRS((RBRC(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR‘EstTooManyAuthenticationFailurescBseZRS((RBRC(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pyR’Is(3RDttypet __metaclass__t__all__RKt cStringIORR-RhRkR‰turllibRturlparseR R†R1tlazr.restfulclient.errorsR t"lazr.restfulclient.authorize.oauthRt _AccessTokenRR R R`R R+R@R5R‹t MemoryErrortKeyboardInterruptt SystemExitRURRtobjectRR\ReRRRVRRŽRŒRRR‘R’(((s</usr/lib/python2.7/dist-packages/launchpadlib/credentials.pytsR        "s K%‘B