Accepting request 298709 from home:Nijel:branches:devel:languages:python
- Update to 0.7.2: * (Quick fix) Unpushed locally modified files got included in the PyPI 0.7.1 release. Doing a new clean release to address this. Please upgrade quickly and report any issues you are running into. * (Quick fix) Add oauthlib.common.log object back in for libraries using it. * (Change) OAuth2 clients will not raise a Warning on scope change if the environment variable ``OAUTHLIB_RELAX_TOKEN_SCOPE`` is set. The token will now be available as an attribute on the error, ``error.token``. Token changes will now also be announced using blinker. * (Fix/Feature) Automatic fixes of non-compliant OAuth2 provider responses (e.g. Facebook). * (Fix) Logging is now tiered (per file) as opposed to logging all under ``oauthlib``. * (Fix) Error messages should now include a description in their message. * (Fix/Feature) Optional support for jsonp callbacks after token revocation. * (Feature) Client side preparation of OAuth 2 token revocation requests. * (Feature) New OAuth2 client API methods for preparing full requests. * (Feature) OAuth1 SignatureOnlyEndpoint that only verifies signatures and client IDs. * (Fix/Feature) Refresh token grant now allow optional refresh tokens. * (Fix) add missing state param to OAuth2 errors. * (Fix) add_params_to_uri now properly parse fragment. * (Fix/Feature) All OAuth1 errors can now be imported from oauthlib.oauth1. * (Fix/Security) OAuth2 logs will now strip client provided password, if present. * Allow unescaped @ in urlencoded parameters. - New dependency on python-blinker - Add pycrypto.patch to be compatible with latest PyJWT OBS-URL: https://build.opensuse.org/request/show/298709 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-oauthlib?expand=0&rev=17
This commit is contained in:
parent
99e862a919
commit
0f663f7df0
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:0a11ab2311f7a29d0079fe529bde9503fec9a2bdd52db834cf8a284a8c1c52f9
|
|
||||||
size 100950
|
|
3
oauthlib-0.7.2.tar.gz
Normal file
3
oauthlib-0.7.2.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:a051f04ee8ec3305055ab34d87b36c9a449375e07c7d6a05bcafa48329cac7c3
|
||||||
|
size 106079
|
449
pycrypto.patch
Normal file
449
pycrypto.patch
Normal file
@ -0,0 +1,449 @@
|
|||||||
|
From fc2d1218e015adcf65ba01965884430c47895cd0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Joseph Tate <joseph@crunch.io>
|
||||||
|
Date: Tue, 14 Apr 2015 12:30:44 -0400
|
||||||
|
Subject: [PATCH] Support newer PyJWT (1.0.0). remove PyCrypto completely for
|
||||||
|
cryptography and PyJWT helpers. Reformat some test certificates to be easier
|
||||||
|
to maintain. Update documentation to match use of cryptography instead of
|
||||||
|
PyCrypto
|
||||||
|
|
||||||
|
---
|
||||||
|
CHANGELOG.rst | 6 ++
|
||||||
|
docs/faq.rst | 13 ++--
|
||||||
|
docs/feature_matrix.rst | 4 +-
|
||||||
|
docs/oauth1/client.rst | 31 ++++-----
|
||||||
|
oauthlib/common.py | 16 +----
|
||||||
|
oauthlib/oauth1/rfc5849/signature.py | 41 +++++++-----
|
||||||
|
.../oauth2/rfc6749/clients/service_application.py | 3 -
|
||||||
|
oauthlib/oauth2/rfc6749/utils.py | 2 +-
|
||||||
|
requirements.txt | 6 +-
|
||||||
|
setup.py | 8 +--
|
||||||
|
tests/oauth1/rfc5849/test_signatures.py | 44 ++++++-------
|
||||||
|
.../rfc6749/clients/test_service_application.py | 51 ++++++++-------
|
||||||
|
tests/oauth2/rfc6749/test_server.py | 73 +++++++++++++---------
|
||||||
|
tests/oauth2/rfc6749/test_utils.py | 3 +
|
||||||
|
14 files changed, 153 insertions(+), 148 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/oauthlib/common.py b/oauthlib/common.py
|
||||||
|
index 9cd7a61..0179b8e 100644
|
||||||
|
--- a/oauthlib/common.py
|
||||||
|
+++ b/oauthlib/common.py
|
||||||
|
@@ -229,11 +229,8 @@ def generate_token(length=30, chars=UNICODE_ASCII_CHARACTER_SET):
|
||||||
|
|
||||||
|
|
||||||
|
def generate_signed_token(private_pem, request):
|
||||||
|
- import Crypto.PublicKey.RSA as RSA
|
||||||
|
import jwt
|
||||||
|
|
||||||
|
- private_key = RSA.importKey(private_pem)
|
||||||
|
-
|
||||||
|
now = datetime.datetime.utcnow()
|
||||||
|
|
||||||
|
claims = {
|
||||||
|
@@ -243,23 +240,16 @@ def generate_signed_token(private_pem, request):
|
||||||
|
|
||||||
|
claims.update(request.claims)
|
||||||
|
|
||||||
|
- token = jwt.encode(claims, private_key, 'RS256')
|
||||||
|
+ token = jwt.encode(claims, private_pem, 'RS256')
|
||||||
|
token = to_unicode(token, "UTF-8")
|
||||||
|
|
||||||
|
return token
|
||||||
|
|
||||||
|
|
||||||
|
-def verify_signed_token(private_pem, token):
|
||||||
|
- import Crypto.PublicKey.RSA as RSA
|
||||||
|
+def verify_signed_token(public_pem, token):
|
||||||
|
import jwt
|
||||||
|
|
||||||
|
- public_key = RSA.importKey(private_pem).publickey()
|
||||||
|
-
|
||||||
|
- try:
|
||||||
|
- # return jwt.verify_jwt(token.encode(), public_key)
|
||||||
|
- return jwt.decode(token, public_key)
|
||||||
|
- except:
|
||||||
|
- raise Exception
|
||||||
|
+ return jwt.decode(token, public_pem, algorithms=['RS256'])
|
||||||
|
|
||||||
|
|
||||||
|
def generate_client_id(length=30, chars=CLIENT_ID_CHARACTER_SET):
|
||||||
|
diff --git a/oauthlib/oauth1/rfc5849/signature.py b/oauthlib/oauth1/rfc5849/signature.py
|
||||||
|
index f2d7ee4..f57d80a 100644
|
||||||
|
--- a/oauthlib/oauth1/rfc5849/signature.py
|
||||||
|
+++ b/oauthlib/oauth1/rfc5849/signature.py
|
||||||
|
@@ -464,6 +464,15 @@ def sign_hmac_sha1(base_string, client_secret, resource_owner_secret):
|
||||||
|
# .. _`RFC2045, Section 6.8`: http://tools.ietf.org/html/rfc2045#section-6.8
|
||||||
|
return binascii.b2a_base64(signature.digest())[:-1].decode('utf-8')
|
||||||
|
|
||||||
|
+_jwtrs1 = None
|
||||||
|
+
|
||||||
|
+#jwt has some nice pycrypto/cryptography abstractions
|
||||||
|
+def _jwt_rs1_signing_algorithm():
|
||||||
|
+ global _jwtrs1
|
||||||
|
+ if _jwtrs1 is None:
|
||||||
|
+ import jwt.algorithms as jwtalgo
|
||||||
|
+ _jwtrs1 = jwtalgo.RSAAlgorithm(jwtalgo.hashes.SHA1)
|
||||||
|
+ return _jwtrs1
|
||||||
|
|
||||||
|
def sign_rsa_sha1(base_string, rsa_private_key):
|
||||||
|
"""**RSA-SHA1**
|
||||||
|
@@ -481,16 +490,13 @@ def sign_rsa_sha1(base_string, rsa_private_key):
|
||||||
|
.. _`RFC3447, Section 8.2`: http://tools.ietf.org/html/rfc3447#section-8.2
|
||||||
|
|
||||||
|
"""
|
||||||
|
- # TODO: finish RSA documentation
|
||||||
|
- from Crypto.PublicKey import RSA
|
||||||
|
- from Crypto.Signature import PKCS1_v1_5
|
||||||
|
- from Crypto.Hash import SHA
|
||||||
|
- key = RSA.importKey(rsa_private_key)
|
||||||
|
if isinstance(base_string, unicode_type):
|
||||||
|
base_string = base_string.encode('utf-8')
|
||||||
|
- h = SHA.new(base_string)
|
||||||
|
- p = PKCS1_v1_5.new(key)
|
||||||
|
- return binascii.b2a_base64(p.sign(h))[:-1].decode('utf-8')
|
||||||
|
+ # TODO: finish RSA documentation
|
||||||
|
+ alg = _jwt_rs1_signing_algorithm()
|
||||||
|
+ key = _prepare_key_plus(alg, rsa_private_key)
|
||||||
|
+ s=alg.sign(base_string, key)
|
||||||
|
+ return binascii.b2a_base64(s)[:-1].decode('utf-8')
|
||||||
|
|
||||||
|
|
||||||
|
def sign_rsa_sha1_with_client(base_string, client):
|
||||||
|
@@ -560,13 +566,17 @@ def verify_hmac_sha1(request, client_secret=None,
|
||||||
|
resource_owner_secret)
|
||||||
|
return safe_string_equals(signature, request.signature)
|
||||||
|
|
||||||
|
+def _prepare_key_plus(alg, keystr):
|
||||||
|
+ if isinstance(keystr, bytes_type):
|
||||||
|
+ keystr = keystr.decode('utf-8')
|
||||||
|
+ return alg.prepare_key(keystr)
|
||||||
|
|
||||||
|
def verify_rsa_sha1(request, rsa_public_key):
|
||||||
|
"""Verify a RSASSA-PKCS #1 v1.5 base64 encoded signature.
|
||||||
|
|
||||||
|
Per `section 3.4.3`_ of the spec.
|
||||||
|
|
||||||
|
- Note this method requires the PyCrypto library.
|
||||||
|
+ Note this method requires the jwt and cryptography libraries.
|
||||||
|
|
||||||
|
.. _`section 3.4.3`: http://tools.ietf.org/html/rfc5849#section-3.4.3
|
||||||
|
|
||||||
|
@@ -578,17 +588,14 @@ def verify_rsa_sha1(request, rsa_public_key):
|
||||||
|
|
||||||
|
.. _`RFC2616 section 5.2`: http://tools.ietf.org/html/rfc2616#section-5.2
|
||||||
|
"""
|
||||||
|
- from Crypto.PublicKey import RSA
|
||||||
|
- from Crypto.Signature import PKCS1_v1_5
|
||||||
|
- from Crypto.Hash import SHA
|
||||||
|
- key = RSA.importKey(rsa_public_key)
|
||||||
|
norm_params = normalize_parameters(request.params)
|
||||||
|
uri = normalize_base_string_uri(request.uri)
|
||||||
|
- message = construct_base_string(request.http_method, uri, norm_params)
|
||||||
|
- h = SHA.new(message.encode('utf-8'))
|
||||||
|
- p = PKCS1_v1_5.new(key)
|
||||||
|
+ message = construct_base_string(request.http_method, uri, norm_params).encode('utf-8')
|
||||||
|
sig = binascii.a2b_base64(request.signature.encode('utf-8'))
|
||||||
|
- return p.verify(h, sig)
|
||||||
|
+
|
||||||
|
+ alg = _jwt_rs1_signing_algorithm()
|
||||||
|
+ key = _prepare_key_plus(alg, rsa_public_key)
|
||||||
|
+ return alg.verify(message, key, sig)
|
||||||
|
|
||||||
|
|
||||||
|
def verify_plaintext(request, client_secret=None, resource_owner_secret=None):
|
||||||
|
diff --git a/oauthlib/oauth2/rfc6749/clients/service_application.py b/oauthlib/oauth2/rfc6749/clients/service_application.py
|
||||||
|
index f60ac4f..36da98b 100644
|
||||||
|
--- a/oauthlib/oauth2/rfc6749/clients/service_application.py
|
||||||
|
+++ b/oauthlib/oauth2/rfc6749/clients/service_application.py
|
||||||
|
@@ -140,14 +140,11 @@ def prepare_request_body(self,
|
||||||
|
.. _`Section 3.2.1`: http://tools.ietf.org/html/rfc6749#section-3.2.1
|
||||||
|
"""
|
||||||
|
import jwt
|
||||||
|
- import Crypto.PublicKey.RSA as RSA
|
||||||
|
|
||||||
|
key = private_key or self.private_key
|
||||||
|
if not key:
|
||||||
|
raise ValueError('An encryption key must be supplied to make JWT'
|
||||||
|
' token requests.')
|
||||||
|
- key = RSA.importKey(key)
|
||||||
|
-
|
||||||
|
claim = {
|
||||||
|
'iss': issuer or self.issuer,
|
||||||
|
'aud': audience or self.issuer,
|
||||||
|
diff --git a/oauthlib/oauth2/rfc6749/utils.py b/oauthlib/oauth2/rfc6749/utils.py
|
||||||
|
index e8ffba4..6a8e24b 100644
|
||||||
|
--- a/oauthlib/oauth2/rfc6749/utils.py
|
||||||
|
+++ b/oauthlib/oauth2/rfc6749/utils.py
|
||||||
|
@@ -24,7 +24,7 @@ def list_to_scope(scope):
|
||||||
|
"""Convert a list of scopes to a space separated string."""
|
||||||
|
if isinstance(scope, unicode_type) or scope is None:
|
||||||
|
return scope
|
||||||
|
- elif isinstance(scope, list):
|
||||||
|
+ elif isinstance(scope, (tuple, list)):
|
||||||
|
return " ".join([unicode_type(s) for s in scope])
|
||||||
|
elif isinstance(scope, set):
|
||||||
|
return list_to_scope(list(scope))
|
||||||
|
diff --git a/setup.py b/setup.py
|
||||||
|
index da76450..e2870b2 100755
|
||||||
|
--- a/setup.py
|
||||||
|
+++ b/setup.py
|
||||||
|
@@ -18,11 +18,11 @@ def fread(fn):
|
||||||
|
return f.read()
|
||||||
|
|
||||||
|
if sys.version_info[0] == 3:
|
||||||
|
- tests_require = ['nose', 'pycrypto', 'pyjwt', 'blinker']
|
||||||
|
+ tests_require = ['nose', 'cryptography', 'pyjwt>=1.0.0', 'blinker']
|
||||||
|
else:
|
||||||
|
- tests_require = ['nose', 'unittest2', 'pycrypto', 'mock', 'pyjwt', 'blinker']
|
||||||
|
-rsa_require = ['pycrypto']
|
||||||
|
-signedtoken_require = ['pycrypto', 'pyjwt']
|
||||||
|
+ tests_require = ['nose', 'unittest2', 'cryptography', 'mock', 'pyjwt>=1.0.0', 'blinker']
|
||||||
|
+rsa_require = ['cryptography']
|
||||||
|
+signedtoken_require = ['cryptography', 'pyjwt>=1.0.0']
|
||||||
|
signals_require = ['blinker']
|
||||||
|
|
||||||
|
requires = []
|
||||||
|
diff --git a/tests/oauth1/rfc5849/test_signatures.py b/tests/oauth1/rfc5849/test_signatures.py
|
||||||
|
index aca6142..51e01ef 100644
|
||||||
|
--- a/tests/oauth1/rfc5849/test_signatures.py
|
||||||
|
+++ b/tests/oauth1/rfc5849/test_signatures.py
|
||||||
|
@@ -269,31 +269,25 @@ def test_sign_hmac_sha1_with_client(self):
|
||||||
|
b"th_nonce%253D%25227d8f3e4a%2522%252Coauth_signature"
|
||||||
|
b"%253D%2522bYT5CMsGcbgUdFHObYMEfcx6bsw%25253D%2522")
|
||||||
|
|
||||||
|
- @property
|
||||||
|
- def rsa_private_key(self):
|
||||||
|
- # Generated using: $ openssl genrsa -out <key>.pem 1024
|
||||||
|
- # PyCrypto / python-rsa requires the key to be concatenated with
|
||||||
|
- # linebreaks.
|
||||||
|
- return (
|
||||||
|
- b"-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDk1/bxy"
|
||||||
|
- b"S8Q8jiheHeYYp/4rEKJopeQRRKKpZI4s5i+UPwVpupG\nAlwXWfzXw"
|
||||||
|
- b"SMaKPAoKJNdu7tqKRniqst5uoHXw98gj0x7zamu0Ck1LtQ4c7pFMVa"
|
||||||
|
- b"h\n5IYGhBi2E9ycNS329W27nJPWNCbESTu7snVlG8V8mfvGGg3xNjT"
|
||||||
|
- b"MO7IdrwIDAQAB\nAoGBAOQ2KuH8S5+OrsL4K+wfjoCi6MfxCUyqVU9"
|
||||||
|
- b"GxocdM1m30WyWRFMEz2nKJ8fR\np3vTD4w8yplTOhcoXdQZl0kRoaD"
|
||||||
|
- b"zrcYkm2VvJtQRrX7dKFT8dR8D/Tr7dNQLOXfC\nDY6xveQczE7qt7V"
|
||||||
|
- b"k7lp4FqmxBsaaEuokt78pOOjywZoInjZhAkEA9wz3zoZNT0/i\nrf6"
|
||||||
|
- b"qv2qTIeieUB035N3dyw6f1BGSWYaXSuerDCD/J1qZbAPKKhyHZbVaw"
|
||||||
|
- b"Ft3UMhe\n542UftBaxQJBAO0iJy1I8GQjGnS7B3yvyH3CcLYGy296+"
|
||||||
|
- b"XO/2xKp/d/ty1OIeovx\nC60pLNwuFNF3z9d2GVQAdoQ89hUkOtjZL"
|
||||||
|
- b"eMCQQD0JO6oPHUeUjYT+T7ImAv7UKVT\nSuy30sKjLzqoGw1kR+wv7"
|
||||||
|
- b"C5PeDRvscs4wa4CW9s6mjSrMDkDrmCLuJDtmf55AkEA\nkmaMg2PNr"
|
||||||
|
- b"jUR51F0zOEFycaaqXbGcFwe1/xx9zLmHzMDXd4bsnwt9kk+fe0hQzV"
|
||||||
|
- b"S\nJzatanQit3+feev1PN3QewJAWv4RZeavEUhKv+kLe95Yd0su7lT"
|
||||||
|
- b"LVduVgh4v5yLT\nGa6FHdjGPcfajt+nrpB1n8UQBEH9ZxniokR/IPv"
|
||||||
|
- b"dMlxqXA==\n-----END RSA PRIVATE KEY-----"
|
||||||
|
- )
|
||||||
|
-
|
||||||
|
+ # Generated using: $ openssl genrsa -out <key>.pem 1024
|
||||||
|
+ # PEM encoding requires the key to be concatenated with
|
||||||
|
+ # linebreaks.
|
||||||
|
+ rsa_private_key = b"""-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
+MIICXgIBAAKBgQDk1/bxyS8Q8jiheHeYYp/4rEKJopeQRRKKpZI4s5i+UPwVpupG
|
||||||
|
+AlwXWfzXwSMaKPAoKJNdu7tqKRniqst5uoHXw98gj0x7zamu0Ck1LtQ4c7pFMVah
|
||||||
|
+5IYGhBi2E9ycNS329W27nJPWNCbESTu7snVlG8V8mfvGGg3xNjTMO7IdrwIDAQAB
|
||||||
|
+AoGBAOQ2KuH8S5+OrsL4K+wfjoCi6MfxCUyqVU9GxocdM1m30WyWRFMEz2nKJ8fR
|
||||||
|
+p3vTD4w8yplTOhcoXdQZl0kRoaDzrcYkm2VvJtQRrX7dKFT8dR8D/Tr7dNQLOXfC
|
||||||
|
+DY6xveQczE7qt7Vk7lp4FqmxBsaaEuokt78pOOjywZoInjZhAkEA9wz3zoZNT0/i
|
||||||
|
+rf6qv2qTIeieUB035N3dyw6f1BGSWYaXSuerDCD/J1qZbAPKKhyHZbVawFt3UMhe
|
||||||
|
+542UftBaxQJBAO0iJy1I8GQjGnS7B3yvyH3CcLYGy296+XO/2xKp/d/ty1OIeovx
|
||||||
|
+C60pLNwuFNF3z9d2GVQAdoQ89hUkOtjZLeMCQQD0JO6oPHUeUjYT+T7ImAv7UKVT
|
||||||
|
+Suy30sKjLzqoGw1kR+wv7C5PeDRvscs4wa4CW9s6mjSrMDkDrmCLuJDtmf55AkEA
|
||||||
|
+kmaMg2PNrjUR51F0zOEFycaaqXbGcFwe1/xx9zLmHzMDXd4bsnwt9kk+fe0hQzVS
|
||||||
|
+JzatanQit3+feev1PN3QewJAWv4RZeavEUhKv+kLe95Yd0su7lTLVduVgh4v5yLT
|
||||||
|
+Ga6FHdjGPcfajt+nrpB1n8UQBEH9ZxniokR/IPvdMlxqXA==
|
||||||
|
+-----END RSA PRIVATE KEY-----
|
||||||
|
+"""
|
||||||
|
@property
|
||||||
|
def control_signature_rsa_sha1(self):
|
||||||
|
# Base string saved in "<message>". Signature obtained using:
|
||||||
|
diff --git a/tests/oauth2/rfc6749/clients/test_service_application.py b/tests/oauth2/rfc6749/clients/test_service_application.py
|
||||||
|
index a14750e..de57291 100644
|
||||||
|
--- a/tests/oauth2/rfc6749/clients/test_service_application.py
|
||||||
|
+++ b/tests/oauth2/rfc6749/clients/test_service_application.py
|
||||||
|
@@ -5,7 +5,6 @@
|
||||||
|
from time import time
|
||||||
|
|
||||||
|
import jwt
|
||||||
|
-from Crypto.PublicKey import RSA
|
||||||
|
from mock import patch
|
||||||
|
|
||||||
|
from oauthlib.common import Request
|
||||||
|
@@ -18,25 +17,32 @@ class ServiceApplicationClientTest(TestCase):
|
||||||
|
|
||||||
|
gt = ServiceApplicationClient.grant_type
|
||||||
|
|
||||||
|
- private_key = (
|
||||||
|
- "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDk1/bxy"
|
||||||
|
- "S8Q8jiheHeYYp/4rEKJopeQRRKKpZI4s5i+UPwVpupG\nAlwXWfzXw"
|
||||||
|
- "SMaKPAoKJNdu7tqKRniqst5uoHXw98gj0x7zamu0Ck1LtQ4c7pFMVa"
|
||||||
|
- "h\n5IYGhBi2E9ycNS329W27nJPWNCbESTu7snVlG8V8mfvGGg3xNjT"
|
||||||
|
- "MO7IdrwIDAQAB\nAoGBAOQ2KuH8S5+OrsL4K+wfjoCi6MfxCUyqVU9"
|
||||||
|
- "GxocdM1m30WyWRFMEz2nKJ8fR\np3vTD4w8yplTOhcoXdQZl0kRoaD"
|
||||||
|
- "zrcYkm2VvJtQRrX7dKFT8dR8D/Tr7dNQLOXfC\nDY6xveQczE7qt7V"
|
||||||
|
- "k7lp4FqmxBsaaEuokt78pOOjywZoInjZhAkEA9wz3zoZNT0/i\nrf6"
|
||||||
|
- "qv2qTIeieUB035N3dyw6f1BGSWYaXSuerDCD/J1qZbAPKKhyHZbVaw"
|
||||||
|
- "Ft3UMhe\n542UftBaxQJBAO0iJy1I8GQjGnS7B3yvyH3CcLYGy296+"
|
||||||
|
- "XO/2xKp/d/ty1OIeovx\nC60pLNwuFNF3z9d2GVQAdoQ89hUkOtjZL"
|
||||||
|
- "eMCQQD0JO6oPHUeUjYT+T7ImAv7UKVT\nSuy30sKjLzqoGw1kR+wv7"
|
||||||
|
- "C5PeDRvscs4wa4CW9s6mjSrMDkDrmCLuJDtmf55AkEA\nkmaMg2PNr"
|
||||||
|
- "jUR51F0zOEFycaaqXbGcFwe1/xx9zLmHzMDXd4bsnwt9kk+fe0hQzV"
|
||||||
|
- "S\nJzatanQit3+feev1PN3QewJAWv4RZeavEUhKv+kLe95Yd0su7lT"
|
||||||
|
- "LVduVgh4v5yLT\nGa6FHdjGPcfajt+nrpB1n8UQBEH9ZxniokR/IPv"
|
||||||
|
- "dMlxqXA==\n-----END RSA PRIVATE KEY-----"
|
||||||
|
- )
|
||||||
|
+ private_key = """
|
||||||
|
+-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
+MIICXgIBAAKBgQDk1/bxyS8Q8jiheHeYYp/4rEKJopeQRRKKpZI4s5i+UPwVpupG
|
||||||
|
+AlwXWfzXwSMaKPAoKJNdu7tqKRniqst5uoHXw98gj0x7zamu0Ck1LtQ4c7pFMVah
|
||||||
|
+5IYGhBi2E9ycNS329W27nJPWNCbESTu7snVlG8V8mfvGGg3xNjTMO7IdrwIDAQAB
|
||||||
|
+AoGBAOQ2KuH8S5+OrsL4K+wfjoCi6MfxCUyqVU9GxocdM1m30WyWRFMEz2nKJ8fR
|
||||||
|
+p3vTD4w8yplTOhcoXdQZl0kRoaDzrcYkm2VvJtQRrX7dKFT8dR8D/Tr7dNQLOXfC
|
||||||
|
+DY6xveQczE7qt7Vk7lp4FqmxBsaaEuokt78pOOjywZoInjZhAkEA9wz3zoZNT0/i
|
||||||
|
+rf6qv2qTIeieUB035N3dyw6f1BGSWYaXSuerDCD/J1qZbAPKKhyHZbVawFt3UMhe
|
||||||
|
+542UftBaxQJBAO0iJy1I8GQjGnS7B3yvyH3CcLYGy296+XO/2xKp/d/ty1OIeovx
|
||||||
|
+C60pLNwuFNF3z9d2GVQAdoQ89hUkOtjZLeMCQQD0JO6oPHUeUjYT+T7ImAv7UKVT
|
||||||
|
+Suy30sKjLzqoGw1kR+wv7C5PeDRvscs4wa4CW9s6mjSrMDkDrmCLuJDtmf55AkEA
|
||||||
|
+kmaMg2PNrjUR51F0zOEFycaaqXbGcFwe1/xx9zLmHzMDXd4bsnwt9kk+fe0hQzVS
|
||||||
|
+JzatanQit3+feev1PN3QewJAWv4RZeavEUhKv+kLe95Yd0su7lTLVduVgh4v5yLT
|
||||||
|
+Ga6FHdjGPcfajt+nrpB1n8UQBEH9ZxniokR/IPvdMlxqXA==
|
||||||
|
+-----END RSA PRIVATE KEY-----
|
||||||
|
+"""
|
||||||
|
+
|
||||||
|
+ public_key = """
|
||||||
|
+-----BEGIN PUBLIC KEY-----
|
||||||
|
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDk1/bxyS8Q8jiheHeYYp/4rEKJ
|
||||||
|
+opeQRRKKpZI4s5i+UPwVpupGAlwXWfzXwSMaKPAoKJNdu7tqKRniqst5uoHXw98g
|
||||||
|
+j0x7zamu0Ck1LtQ4c7pFMVah5IYGhBi2E9ycNS329W27nJPWNCbESTu7snVlG8V8
|
||||||
|
+mfvGGg3xNjTMO7IdrwIDAQAB
|
||||||
|
+-----END PUBLIC KEY-----
|
||||||
|
+"""
|
||||||
|
|
||||||
|
subject = 'resource-owner@provider.com'
|
||||||
|
|
||||||
|
@@ -86,11 +92,10 @@ def test_request_body(self, t):
|
||||||
|
self.assertEqual(r.isnot, 'empty')
|
||||||
|
self.assertEqual(r.grant_type, ServiceApplicationClient.grant_type)
|
||||||
|
|
||||||
|
- key = RSA.importKey(self.private_key).publickey()
|
||||||
|
- claim = jwt.decode(r.assertion, key)
|
||||||
|
+ claim = jwt.decode(r.assertion, self.public_key, audience=self.audience, algorithms=['RS256'])
|
||||||
|
|
||||||
|
self.assertEqual(claim['iss'], self.issuer)
|
||||||
|
- self.assertEqual(claim['aud'], self.audience)
|
||||||
|
+ # audience verification is handled during decode now
|
||||||
|
self.assertEqual(claim['sub'], self.subject)
|
||||||
|
self.assertEqual(claim['iat'], int(t.return_value))
|
||||||
|
|
||||||
|
diff --git a/tests/oauth2/rfc6749/test_server.py b/tests/oauth2/rfc6749/test_server.py
|
||||||
|
index 24c9fb9..fde785e 100644
|
||||||
|
--- a/tests/oauth2/rfc6749/test_server.py
|
||||||
|
+++ b/tests/oauth2/rfc6749/test_server.py
|
||||||
|
@@ -1,7 +1,6 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import absolute_import, unicode_literals
|
||||||
|
from ...unittest import TestCase
|
||||||
|
-import Crypto.PublicKey.RSA as RSA
|
||||||
|
import json
|
||||||
|
import jwt
|
||||||
|
import mock
|
||||||
|
@@ -177,35 +176,47 @@ def set_user(request):
|
||||||
|
self.mock_validator.authenticate_client.side_effect = set_user
|
||||||
|
self.addCleanup(setattr, self, 'mock_validator', mock.MagicMock())
|
||||||
|
|
||||||
|
- self.private_pem = (
|
||||||
|
- "-----BEGIN RSA PRIVATE KEY-----\n"
|
||||||
|
- "MIIEpAIBAAKCAQEA6TtDhWGwzEOWZP6m/zHoZnAPLABfetvoMPmxPGjFjtDuMRPv\n"
|
||||||
|
- "EvI1sbixZBjBtdnc5rTtHUUQ25Am3JzwPRGo5laMGbj1pPyCPxlVi9LK82HQNX0B\n"
|
||||||
|
- "YK7tZtVfDHElQA7F4v3j9d3rad4O9/n+lyGIQ0tT7yQcBm2A8FEaP0bZYCLMjwMN\n"
|
||||||
|
- "WfaVLE8eXHyv+MfpNNLI9wttLxygKYM48I3NwsFuJgOa/KuodXaAmf8pJnx8t1Wn\n"
|
||||||
|
- "nxvaYXFiUn/TxmhM/qhemPa6+0nqq+aWV5eT7xn4K/ghLgNs09v6Yge0pmPl9Oz+\n"
|
||||||
|
- "+bjJ+aKRnAmwCOY8/5U5EilAiUOeBoO9+8OXtwIDAQABAoIBAGFTTbXXMkPK4HN8\n"
|
||||||
|
- "oItVdDlrAanG7hECuz3UtFUVE3upS/xG6TjqweVLwRqYCh2ssDXFwjy4mXRGDzF4\n"
|
||||||
|
- "e/e/6s9Txlrlh/w1MtTJ6ZzTdcViR9RKOczysjZ7S5KRlI3KnGFAuWPcG2SuOWjZ\n"
|
||||||
|
- "dZfzcj1Crd/ZHajBAVFHRsCo/ATVNKbTRprFfb27xKpQ2BwH/GG781sLE3ZVNIhs\n"
|
||||||
|
- "aRRaED4622kI1E/WXws2qQMqbFKzo0m1tPbLb3Z89WgZJ/tRQwuDype1Vfm7k6oX\n"
|
||||||
|
- "xfbp3948qSe/yWKRlMoPkleji/WxPkSIalzWSAi9ziN/0Uzhe65FURgrfHL3XR1A\n"
|
||||||
|
- "B8UR+aECgYEA7NPQZV4cAikk02Hv65JgISofqV49P8MbLXk8sdnI1n7Mj10TgzU3\n"
|
||||||
|
- "lyQGDEX4hqvT0bTXe4KAOxQZx9wumu05ejfzhdtSsEm6ptGHyCdmYDQeV0C/pxDX\n"
|
||||||
|
- "JNCK8XgMku2370XG0AnyBCT7NGlgtDcNCQufcesF2gEuoKiXg6Zjo7sCgYEA/Bzs\n"
|
||||||
|
- "9fWGZZnSsMSBSW2OYbFuhF3Fne0HcxXQHipl0Rujc/9g0nccwqKGizn4fGOE7a8F\n"
|
||||||
|
- "usQgJoeGcinL7E9OEP/uQ9VX1C9RNVjIxP1O5/Guw1zjxQQYetOvbPhN2QhD1Ye7\n"
|
||||||
|
- "0TRKrW1BapcjwLpFQlVg1ZeTPOi5lv24W/wX9jUCgYEAkrMSX/hPuTbrTNVZ3L6r\n"
|
||||||
|
- "NV/2hN+PaTPeXei/pBuXwOaCqDurnpcUfFcgN/IP5LwDVd+Dq0pHTFFDNv45EFbq\n"
|
||||||
|
- "R77o5n3ZVsIVEMiyJ1XgoK8oLDw7e61+15smtjT69Piz+09pu+ytMcwGn4y3Dmsb\n"
|
||||||
|
- "dALzHYnL8iLRU0ubrz0ec4kCgYAJiVKRTzNBPptQom49h85d9ac3jJCAE8o3WTjh\n"
|
||||||
|
- "Gzt0uHXrWlqgO280EY/DTnMOyXjqwLcXxHlu26uDP/99tdY/IF8z46sJ1KxetzgI\n"
|
||||||
|
- "84f7kBHLRAU9m5UNeFpnZdEUB5MBTbwWAsNcYgiabpMkpCcghjg+fBhOsoLqqjhC\n"
|
||||||
|
- "CnwhjQKBgQDkv0QTdyBU84TE8J0XY3eLQwXbrvG2yD5A2ntN3PyxGEneX5WTJGMZ\n"
|
||||||
|
- "xJxwaFYQiDS3b9E7b8Q5dg8qa5Y1+epdhx3cuQAWPm+AoHKshDfbRve4txBDQAqh\n"
|
||||||
|
- "c6MxSWgsa+2Ld5SWSNbGtpPcmEM3Fl5ttMCNCKtNc0UE16oHwaPAIw==\n"
|
||||||
|
- "-----END RSA PRIVATE KEY-----"
|
||||||
|
- )
|
||||||
|
+ self.private_pem = """
|
||||||
|
+-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
+MIIEpAIBAAKCAQEA6TtDhWGwzEOWZP6m/zHoZnAPLABfetvoMPmxPGjFjtDuMRPv
|
||||||
|
+EvI1sbixZBjBtdnc5rTtHUUQ25Am3JzwPRGo5laMGbj1pPyCPxlVi9LK82HQNX0B
|
||||||
|
+YK7tZtVfDHElQA7F4v3j9d3rad4O9/n+lyGIQ0tT7yQcBm2A8FEaP0bZYCLMjwMN
|
||||||
|
+WfaVLE8eXHyv+MfpNNLI9wttLxygKYM48I3NwsFuJgOa/KuodXaAmf8pJnx8t1Wn
|
||||||
|
+nxvaYXFiUn/TxmhM/qhemPa6+0nqq+aWV5eT7xn4K/ghLgNs09v6Yge0pmPl9Oz+
|
||||||
|
++bjJ+aKRnAmwCOY8/5U5EilAiUOeBoO9+8OXtwIDAQABAoIBAGFTTbXXMkPK4HN8
|
||||||
|
+oItVdDlrAanG7hECuz3UtFUVE3upS/xG6TjqweVLwRqYCh2ssDXFwjy4mXRGDzF4
|
||||||
|
+e/e/6s9Txlrlh/w1MtTJ6ZzTdcViR9RKOczysjZ7S5KRlI3KnGFAuWPcG2SuOWjZ
|
||||||
|
+dZfzcj1Crd/ZHajBAVFHRsCo/ATVNKbTRprFfb27xKpQ2BwH/GG781sLE3ZVNIhs
|
||||||
|
+aRRaED4622kI1E/WXws2qQMqbFKzo0m1tPbLb3Z89WgZJ/tRQwuDype1Vfm7k6oX
|
||||||
|
+xfbp3948qSe/yWKRlMoPkleji/WxPkSIalzWSAi9ziN/0Uzhe65FURgrfHL3XR1A
|
||||||
|
+B8UR+aECgYEA7NPQZV4cAikk02Hv65JgISofqV49P8MbLXk8sdnI1n7Mj10TgzU3
|
||||||
|
+lyQGDEX4hqvT0bTXe4KAOxQZx9wumu05ejfzhdtSsEm6ptGHyCdmYDQeV0C/pxDX
|
||||||
|
+JNCK8XgMku2370XG0AnyBCT7NGlgtDcNCQufcesF2gEuoKiXg6Zjo7sCgYEA/Bzs
|
||||||
|
+9fWGZZnSsMSBSW2OYbFuhF3Fne0HcxXQHipl0Rujc/9g0nccwqKGizn4fGOE7a8F
|
||||||
|
+usQgJoeGcinL7E9OEP/uQ9VX1C9RNVjIxP1O5/Guw1zjxQQYetOvbPhN2QhD1Ye7
|
||||||
|
+0TRKrW1BapcjwLpFQlVg1ZeTPOi5lv24W/wX9jUCgYEAkrMSX/hPuTbrTNVZ3L6r
|
||||||
|
+NV/2hN+PaTPeXei/pBuXwOaCqDurnpcUfFcgN/IP5LwDVd+Dq0pHTFFDNv45EFbq
|
||||||
|
+R77o5n3ZVsIVEMiyJ1XgoK8oLDw7e61+15smtjT69Piz+09pu+ytMcwGn4y3Dmsb
|
||||||
|
+dALzHYnL8iLRU0ubrz0ec4kCgYAJiVKRTzNBPptQom49h85d9ac3jJCAE8o3WTjh
|
||||||
|
+Gzt0uHXrWlqgO280EY/DTnMOyXjqwLcXxHlu26uDP/99tdY/IF8z46sJ1KxetzgI
|
||||||
|
+84f7kBHLRAU9m5UNeFpnZdEUB5MBTbwWAsNcYgiabpMkpCcghjg+fBhOsoLqqjhC
|
||||||
|
+CnwhjQKBgQDkv0QTdyBU84TE8J0XY3eLQwXbrvG2yD5A2ntN3PyxGEneX5WTJGMZ
|
||||||
|
+xJxwaFYQiDS3b9E7b8Q5dg8qa5Y1+epdhx3cuQAWPm+AoHKshDfbRve4txBDQAqh
|
||||||
|
+c6MxSWgsa+2Ld5SWSNbGtpPcmEM3Fl5ttMCNCKtNc0UE16oHwaPAIw==
|
||||||
|
+-----END RSA PRIVATE KEY-----
|
||||||
|
+ """
|
||||||
|
+
|
||||||
|
+ self.public_pem = """
|
||||||
|
+-----BEGIN PUBLIC KEY-----
|
||||||
|
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6TtDhWGwzEOWZP6m/zHo
|
||||||
|
+ZnAPLABfetvoMPmxPGjFjtDuMRPvEvI1sbixZBjBtdnc5rTtHUUQ25Am3JzwPRGo
|
||||||
|
+5laMGbj1pPyCPxlVi9LK82HQNX0BYK7tZtVfDHElQA7F4v3j9d3rad4O9/n+lyGI
|
||||||
|
+Q0tT7yQcBm2A8FEaP0bZYCLMjwMNWfaVLE8eXHyv+MfpNNLI9wttLxygKYM48I3N
|
||||||
|
+wsFuJgOa/KuodXaAmf8pJnx8t1WnnxvaYXFiUn/TxmhM/qhemPa6+0nqq+aWV5eT
|
||||||
|
+7xn4K/ghLgNs09v6Yge0pmPl9Oz++bjJ+aKRnAmwCOY8/5U5EilAiUOeBoO9+8OX
|
||||||
|
+twIDAQAB
|
||||||
|
+-----END PUBLIC KEY-----
|
||||||
|
+ """
|
||||||
|
|
||||||
|
signed_token = tokens.signed_token_generator(self.private_pem,
|
||||||
|
user_id=123)
|
||||||
|
@@ -254,7 +265,7 @@ def test_scopes_and_user_id_stored_in_access_token(self):
|
||||||
|
|
||||||
|
access_token = json.loads(body)['access_token']
|
||||||
|
|
||||||
|
- claims = common.verify_signed_token(self.private_pem, access_token)
|
||||||
|
+ claims = common.verify_signed_token(self.public_pem, access_token)
|
||||||
|
|
||||||
|
self.assertEqual(claims['scope'], 'all of them')
|
||||||
|
self.assertEqual(claims['user_id'], 123)
|
||||||
|
diff --git a/tests/oauth2/rfc6749/test_utils.py b/tests/oauth2/rfc6749/test_utils.py
|
||||||
|
index d292eeb..858cf1f 100644
|
||||||
|
--- a/tests/oauth2/rfc6749/test_utils.py
|
||||||
|
+++ b/tests/oauth2/rfc6749/test_utils.py
|
||||||
|
@@ -73,6 +73,9 @@ def test_list_to_scope(self):
|
||||||
|
string_list = ['foo', 'bar', 'baz']
|
||||||
|
self.assertEqual(list_to_scope(string_list), expected)
|
||||||
|
|
||||||
|
+ string_tuple = ('foo', 'bar', 'baz')
|
||||||
|
+ self.assertEqual(list_to_scope(string_tuple), expected)
|
||||||
|
+
|
||||||
|
obj_list = [ScopeObject('foo'), ScopeObject('bar'), ScopeObject('baz')]
|
||||||
|
self.assertEqual(list_to_scope(obj_list), expected)
|
||||||
|
|
@ -1,3 +1,31 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Apr 22 09:38:29 UTC 2015 - mcihar@suse.cz
|
||||||
|
|
||||||
|
- Update to 0.7.2:
|
||||||
|
* (Quick fix) Unpushed locally modified files got included in the PyPI 0.7.1
|
||||||
|
release. Doing a new clean release to address this. Please upgrade quickly
|
||||||
|
and report any issues you are running into.
|
||||||
|
* (Quick fix) Add oauthlib.common.log object back in for libraries using it.
|
||||||
|
* (Change) OAuth2 clients will not raise a Warning on scope change if
|
||||||
|
the environment variable ``OAUTHLIB_RELAX_TOKEN_SCOPE`` is set. The token
|
||||||
|
will now be available as an attribute on the error, ``error.token``.
|
||||||
|
Token changes will now also be announced using blinker.
|
||||||
|
* (Fix/Feature) Automatic fixes of non-compliant OAuth2 provider responses (e.g. Facebook).
|
||||||
|
* (Fix) Logging is now tiered (per file) as opposed to logging all under ``oauthlib``.
|
||||||
|
* (Fix) Error messages should now include a description in their message.
|
||||||
|
* (Fix/Feature) Optional support for jsonp callbacks after token revocation.
|
||||||
|
* (Feature) Client side preparation of OAuth 2 token revocation requests.
|
||||||
|
* (Feature) New OAuth2 client API methods for preparing full requests.
|
||||||
|
* (Feature) OAuth1 SignatureOnlyEndpoint that only verifies signatures and client IDs.
|
||||||
|
* (Fix/Feature) Refresh token grant now allow optional refresh tokens.
|
||||||
|
* (Fix) add missing state param to OAuth2 errors.
|
||||||
|
* (Fix) add_params_to_uri now properly parse fragment.
|
||||||
|
* (Fix/Feature) All OAuth1 errors can now be imported from oauthlib.oauth1.
|
||||||
|
* (Fix/Security) OAuth2 logs will now strip client provided password, if present.
|
||||||
|
* Allow unescaped @ in urlencoded parameters.
|
||||||
|
- New dependency on python-blinker
|
||||||
|
- Add pycrypto.patch to be compatible with latest PyJWT
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jul 23 13:29:30 UTC 2014 - mcihar@suse.cz
|
Wed Jul 23 13:29:30 UTC 2014 - mcihar@suse.cz
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package python-oauthlib
|
# spec file for package python-oauthlib
|
||||||
#
|
#
|
||||||
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -17,24 +17,30 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: python-oauthlib
|
Name: python-oauthlib
|
||||||
Version: 0.6.3
|
Version: 0.7.2
|
||||||
Release: 0
|
Release: 0
|
||||||
Url: https://github.com/idangazit/oauthlib
|
Url: https://github.com/idangazit/oauthlib
|
||||||
Summary: A Generic Implementation of the OAuth Request-Signing Logic
|
Summary: A Generic Implementation of the OAuth Request-Signing Logic
|
||||||
License: BSD-3-Clause
|
License: BSD-3-Clause
|
||||||
Group: Development/Languages/Python
|
Group: Development/Languages/Python
|
||||||
Source: http://pypi.python.org/packages/source/o/oauthlib/oauthlib-%{version}.tar.gz
|
Source: http://pypi.python.org/packages/source/o/oauthlib/oauthlib-%{version}.tar.gz
|
||||||
|
# PATCH-FIX-UPSTREAM -- https://github.com/josephtate/oauthlib/commit/fc2d1218e015adcf65ba01965884430c47895cd0
|
||||||
|
Patch0: pycrypto.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
BuildRequires: python-devel
|
BuildRequires: python-devel
|
||||||
BuildRequires: python-setuptools
|
BuildRequires: python-setuptools
|
||||||
# Test build requirements:
|
# Test build requirements:
|
||||||
BuildRequires: python-PyJWT
|
BuildRequires: python-PyJWT
|
||||||
|
BuildRequires: python-blinker
|
||||||
|
BuildRequires: python-cryptography
|
||||||
BuildRequires: python-mock
|
BuildRequires: python-mock
|
||||||
BuildRequires: python-nose
|
BuildRequires: python-nose
|
||||||
|
BuildRequires: python-pyasn1
|
||||||
BuildRequires: python-pycrypto
|
BuildRequires: python-pycrypto
|
||||||
BuildRequires: python-unittest2
|
BuildRequires: python-unittest2
|
||||||
Requires: python-PyJWT
|
Requires: python-PyJWT
|
||||||
Requires: python-pycrypto
|
Requires: python-blinker
|
||||||
|
Requires: python-cryptography
|
||||||
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
|
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
|
||||||
%{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
|
%{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
|
||||||
%else
|
%else
|
||||||
@ -59,6 +65,7 @@ veneer on top of OAuthLib and get OAuth support for very little effort.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n oauthlib-%{version}
|
%setup -q -n oauthlib-%{version}
|
||||||
|
%patch0 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
python setup.py build
|
python setup.py build
|
||||||
|
Loading…
Reference in New Issue
Block a user