def __call__(self, request):
body = ''
if request.body:
params = dict(map(lambda x: x.split('='), request.body.split('&')))
keys = list(params)
keys.sort()
for key in keys:
body += str(params[key])
timestamp = str(time.time())
message = timestamp + urljoin(request.path_url, urlparse(request.path_url).path) + body
secret = self.api_secret
if not isinstance(message, bytes):
message = message.encode()
if not isinstance(secret, bytes):
secret = secret.encode()
signature = hmac.new(secret, message, hashlib.sha384).hexdigest()
request.headers.update({
to_native_string('X-MKT-APIKEY'): self.api_key,
to_native_string('X-MKT-SIGNATURE'): signature,
to_native_string('X-MKT-TIMESTAMP'): timestamp,
})
return request
def __call__(self, request):
access_token = self.access_token_getter()
request.headers.update({
to_native_string('CB-VERSION'): self.api_version,
to_native_string('Authorization'): to_native_string('Bearer {}'.format(access_token)),
})
return request
def __call__(self, request):
access_token = self.access_token_getter()
request.headers.update({
to_native_string('Authorization'):
to_native_string('Bearer {0}'.format(access_token)),
})
return request
def __call__(self, request):
access_token = self.access_token_getter()
request.headers.update(
{
to_native_string("CB-VERSION"): self.api_version,
to_native_string("Authorization"): to_native_string("Bearer {0}".format(access_token)),
}
)
return request
def __call__(self, request):
timestamp = int(time.time() * 1000)
message = str(timestamp) + request.method + request.path_url + \
(request.body or '')
message = message.encode('ascii')
hmac_key = base64.b64decode(self.api_secret)
signature = hmac.new(hmac_key, message, hashlib.sha256)
signature_b64 = base64.b64encode(signature.digest()).decode('utf-8')
request.headers.update({
to_native_string('BB-ACCESS-KEY'): self.api_key,
to_native_string('BB-ACCESS-SIGN'): signature_b64,
to_native_string('BB-TIMESTAMP'): timestamp,
})
return request
def request_access_token():
"""
Exchanges basic client credentials for an access token.
"""
# For Private application authentication, you must specifiy
# grant_type=client_credentials and the service scope. For the
# Content API, scope=contentapi
post_data = {"grant_type": APP_CONFIG['GRANT_TYPE'],
"scope": APP_CONFIG['SCOPE']}
post_data_string = json.dumps(post_data)
# Construct authentication string:
# 1. Concatenate the client id, a colon character ":", and the client secret into a single string
# 2. URL encode the string from step 1
# 3. Base64 encode the string from step 2
authstr = to_native_string(
b64encode(('%s:%s' % (APP_CONFIG['CLIENT_ID'], APP_CONFIG['CLIENT_SECRET'])).encode('utf-8'))).strip()
# Construct an Authorization header with the value of 'Basic <base64 encoded auth string>'
headers = {
"Content-Type": "application/json;charset=UTF-8",
"Accept": "application/json",
"Authorization": "Basic " + authstr
}
r = s.post(APP_CONFIG['OAUTH_TOKEN_URL'], data=post_data_string, headers=headers, verify=(app.config['SSLVERIFY'] == 'True'))
if r.status_code in (400,500):
# Handle known error
result = r.json()
return jsonify(result)
elif r.status_code == 200:
result = r.json()
access_token = result['access_token']
token_type = result['token_type']
timestamp = result.get('timestamp', None)
expires_in = result.get('expires_in', None)
token_expiry = None
if expires_in is not None:
token_expiry = datetime.datetime.strptime(timestamp, '%Y-%m-%dT%H:%M:%S')
token_expiry = token_expiry + datetime.timedelta(seconds=expires_in)
token_expiry = token_expiry.isoformat()
params = {
'access_token': access_token,
'token_type': token_type,
'expires_in': str(expires_in),
'token_expiry': token_expiry,
'timestamp': timestamp
}
return render_template('access-token.html', **params)
else:
# Handle unknown error
return (r.text, r.status_code, r.headers.items())
def __call__(self, r):
"""Add OAuth parameters to the request.
Parameters may be included from the body if the content-type is
urlencoded, if no content type is set a guess is made.
"""
# Overwriting url is safe here as request will not modify it past
# this point.
content_type = r.headers.get('Content-Type', '')
if not content_type and extract_params(r.body):
content_type = CONTENT_TYPE_FORM_URLENCODED
if not isinstance(content_type, unicode):
content_type = content_type.decode('utf-8')
is_form_encoded = (CONTENT_TYPE_FORM_URLENCODED in content_type)
if is_form_encoded:
r.headers['Content-Type'] = CONTENT_TYPE_FORM_URLENCODED
r.url, headers, r.body = self.client.sign(
unicode(r.url), unicode(r.method), r.body or '', r.headers)
else:
# Omit body data in the signing of non form-encoded requests
r.url, headers, _ = self.client.sign(
unicode(r.url), unicode(r.method), None, r.headers)
r.prepare_headers(headers)
r.url = to_native_string(r.url)
return r
def __call__(self, req):
"""Add OAuth parameters to the request.
Parameters may be included from the body if the content-type is
urlencoded, if no content type is set a guess is made.
"""
# Overwriting url is safe here as request will not modify it past
# this point.
content_type = to_native(req.headers.get('Content-Type', ''))
if self.signature_type == SIGNATURE_TYPE_BODY:
content_type = CONTENT_TYPE_FORM_URLENCODED
elif not content_type and extract_params(req.body):
content_type = CONTENT_TYPE_FORM_URLENCODED
if CONTENT_TYPE_FORM_URLENCODED in content_type:
req.headers['Content-Type'] = CONTENT_TYPE_FORM_URLENCODED
req.url, headers, req.body = self.sign_request(req)
elif self.force_include_body:
# To allow custom clients to work on non form encoded bodies.
req.url, headers, req.body = self.sign_request(req)
else:
# Omit body data in the signing of non form-encoded requests
req.url, headers, _ = self.sign(
req.method, req.url, '', req.headers)
req.prepare_headers(headers)
req.url = to_native_string(req.url)
return req
def _basic_auth_str(username, password):
"""Returns a Basic Auth string."""
authstr = 'Basic ' + to_native_string(
b64encode(('%s:%s' % (username, password)).encode('utf-8')).strip())
return authstr
def __call__(self, request):
timestamp = str(int(time.time()))
message = timestamp + request.method + request.path_url + (request.body or '')
secret = self.api_secret
if not isinstance(message, bytes):
message = message.encode()
if not isinstance(secret, bytes):
secret = secret.encode()
signature = hmac.new(secret, message, hashlib.sha256).hexdigest()
request.headers.update({
to_native_string('CB-VERSION'): self.api_version,
to_native_string('CB-ACCESS-KEY'): self.api_key,
to_native_string('CB-ACCESS-SIGN'): signature,
to_native_string('CB-ACCESS-TIMESTAMP'): timestamp,
})
return request
def __call__(self, request):
timestamp = str(int(time.time()))
message = request.body or ''
secret = self.api_secret
if not isinstance(message, bytes):
message = message.encode()
if not isinstance(secret, bytes):
secret = secret.encode()
signature = hmac.new(secret, message, hashlib.sha256).hexdigest()
request.headers.update({
to_native_string('ETHWALLET-VERSION'): self.api_version,
to_native_string('ETHWALLET-ACCESS-KEY'): self.api_key,
to_native_string('ETHWALLET-ACCESS-SIGN'): signature,
to_native_string('ETHWALLET-ACCESS-TIMESTAMP'): timestamp,
})
return request
def __call__(self, request):
timestamp = str(int(round(time.time() * 1000)))
if request.method == "POST" and request.body:
adjusted_body = ""
request_body = json.loads(request.body.decode())
request_body = collections.OrderedDict(sorted(
request_body.items()))
for item in request_body.items():
if item[1] is not None:
param = item[0] + "=" + item[1]
adjusted_body = adjusted_body + param + "&"
message = request.method + request.url + timestamp + (
adjusted_body[:-1] or "")
elif request.method == "GET":
message = request.method + request.url + timestamp + ""
else:
message = request.method + request.url + timestamp + ""
secret = self.api_secret
if not isinstance(message, bytes):
message = message.encode()
if not isinstance(secret, bytes):
secret = secret.encode()
b64message = base64.b64encode(message)
if not isinstance(b64message, bytes):
b64message = b64message.encode()
signature = hmac.new(secret, b64message, hashlib.sha1).digest()
if not isinstance(signature, bytes):
signature = signature.encode()
b64signature = base64.b64encode(signature)
request.headers.update({
to_native_string('FC-ACCESS-KEY'):
self.api_key.encode(),
to_native_string('FC-ACCESS-SIGNATURE'):
b64signature,
to_native_string('FC-ACCESS-TIMESTAMP'):
timestamp,
})
return request
def __call__(self, r):
r = super(MKMOAuth1, self).__call__(r)
r.prepare_headers(r.headers)
correct_signature = self.decode_signature(r.headers)
r.headers.__setitem__("Authorization", correct_signature)
r.url = to_native_string(r.url)
return r
def __call__(self, r):
r = super(MKMOAuth1, self).__call__(r)
r.prepare_headers(r.headers)
correct_signature = self.decode_signature(r.headers)
r.headers.__setitem__('Authorization', correct_signature)
r.url = to_native_string(r.url)
return r
def _basic_auth_str_utf8(username, password):
"""
Generates a Basic Authentication string,
from a username:password combination,
encoded as UTF-8
"""
auth_str = 'Basic ' + to_native_string(
b64encode(('%s:%s' % (username, password)).encode('utf8')).strip()
)
return auth_str
def __call__(self, request):
timestamp = str(int(time.time()))
message = timestamp + request.method + request.path_url + (request.body or "")
secret = self.api_secret
if not isinstance(message, bytes):
message = message.encode()
if not isinstance(secret, bytes):
secret = secret.encode()
signature = hmac.new(secret, message, hashlib.sha256).hexdigest()
request.headers.update(
{
to_native_string("CB-VERSION"): self.api_version,
to_native_string("CB-ACCESS-KEY"): self.api_key,
to_native_string("CB-ACCESS-SIGN"): signature,
to_native_string("CB-ACCESS-TIMESTAMP"): timestamp,
}
)
return request
async def __call__(self, r):
"""Add OAuth parameters to the request.
Parameters may be included from the body if the content-type is
urlencoded, if no content type is set a guess is made.
"""
# Overwriting url is safe here as request will not modify it past
# this point.
log.debug("Signing request %s using client %s", r, self.client)
r.raw_body = await r.body()
content_type = r.headers.get("Content-Type", "")
if (
not content_type
and extract_params(r.raw_body)
or self.client.signature_type == SIGNATURE_TYPE_BODY
):
content_type = CONTENT_TYPE_FORM_URLENCODED
if not isinstance(content_type, unicode):
content_type = content_type.decode("utf-8")
is_form_encoded = CONTENT_TYPE_FORM_URLENCODED in content_type
log.debug(
"Including body in call to sign: %s",
is_form_encoded or self.force_include_body,
)
if is_form_encoded:
r.headers["Content-Type"] = CONTENT_TYPE_FORM_URLENCODED
r.url, headers, r.raw_body = self.client.sign(
unicode(r.url), unicode(r.method), r.raw_body or "", r.headers
)
elif self.force_include_body:
# To allow custom clients to work on non form encoded bodies.
r.url, headers, r.raw_body = self.client.sign(
unicode(r.url), unicode(r.method), r.raw_body or "", r.headers
)
else:
# Omit body data in the signing of non form-encoded requests
# noinspection PyArgumentEqualDefault
r.url, headers, _ = self.client.sign(
unicode(r.url), unicode(r.method), None, r.headers
)
r.prepare_headers(headers)
r.url = to_native_string(r.url)
log.debug("Updated url: %s", r.url)
log.debug("Updated headers: %s", headers)
log.debug("Updated body: %r", r.raw_body)
return r
def __call__(self, r):
"""Add OAuth parameters to the request.
Parameters may be included from the body if the content-type is
urlencoded, if no content type is set a guess is made.
"""
# Overwriting url is safe here as request will not modify it past
# this point.
log.debug("Signing request %s using client %s", r, self.client)
content_type = r.headers.get("Content-Type", "")
if (
not content_type
and extract_params(r.body)
or self.client.signature_type == SIGNATURE_TYPE_BODY
):
content_type = CONTENT_TYPE_FORM_URLENCODED
if not isinstance(content_type, unicode):
content_type = content_type.decode("utf-8")
is_form_encoded = CONTENT_TYPE_FORM_URLENCODED in content_type
log.debug(
"Including body in call to sign: %s",
is_form_encoded or self.force_include_body,
)
if is_form_encoded:
r.headers["Content-Type"] = CONTENT_TYPE_FORM_URLENCODED
r.url, headers, r.body = self.client.sign(
unicode(r.url), unicode(r.method), r.body or "", r.headers
)
elif self.force_include_body:
# To allow custom clients to work on non form encoded bodies.
r.url, headers, r.body = self.client.sign(
unicode(r.url), unicode(r.method), r.body or "", r.headers
)
else:
# Omit body data in the signing of non form-encoded requests
r.url, headers, _ = self.client.sign(
unicode(r.url), unicode(r.method), None, r.headers
)
r.prepare_headers(headers)
r.url = to_native_string(r.url)
log.debug("Updated url: %s", r.url)
log.debug("Updated headers: %s", headers)
log.debug("Updated body: %r", r.body)
return r
def __call__(self, r):
"""Add OAuth parameters to the request.
Parameters may be included from the body if the content-type is
urlencoded, if no content type is set a guess is made.
"""
# Overwriting url is safe here as request will not modify it past
# this point.
log.debug('Signing request %s using client %s', r, self.client)
content_type = r.headers.get('Content-Type', '')
if (not content_type and extract_params(r.body)
or self.client.signature_type == SIGNATURE_TYPE_BODY):
content_type = CONTENT_TYPE_FORM_URLENCODED
if not isinstance(content_type, unicode):
content_type = content_type.decode('utf-8')
is_form_encoded = (CONTENT_TYPE_FORM_URLENCODED in content_type)
if is_form_encoded:
r.headers['Content-Type'] = CONTENT_TYPE_FORM_URLENCODED
if (self.force_include_body or
(not self.force_exclude_body and is_form_encoded)):
log.debug('Including body in call to sign')
r.url, headers, r.body = self.client.sign(
unicode(r.url), unicode(r.method), r.body or '', r.headers)
else:
log.debug('Excluding body from call to sign')
r_headers = r.headers.copy()
if is_form_encoded:
del r_headers['Content-Type']
r.url, headers, _ = self.client.sign(
unicode(r.url), unicode(r.method), None, r_headers)
if is_form_encoded:
headers['Content-Type'] = CONTENT_TYPE_FORM_URLENCODED
r.prepare_headers(headers)
r.url = to_native_string(r.url)
log.debug('Updated url: %s', r.url)
log.debug('Updated headers: %s', headers)
log.debug('Updated body: %r', r.body)
return r
def __call__(self, r):
time = datetime.utcnow()
time_stamp = time.strftime(TIMESTAMP_FORMAT)
date_stamp = time.strftime(DATE_FORMAT)
nonce = str(uuid4())
parsed_url = urlparse(r.url)
# SAuthc1 requires that we sign the Host header so we
# have to have it in the request by the time we sign.
host_header = parsed_url.hostname
if not self._is_default_port(parsed_url):
host_header = parsed_url.netloc
r.headers[HOST_HEADER] = host_header
r.headers[STORMPATH_DATE_HEADER] = time_stamp
method = r.method
if parsed_url.path:
canonical_resource_path = self._encode_url(parsed_url.path)
else:
canonical_resource_path = '/'
canonical_query_string = ''
if parsed_url.query:
canonical_query_string = self._encode_url(
self._order_query_params(parsed_url.query))
auth_headers = r.headers.copy()
# FIXME: REST API doesn't want this header in the signature.
if 'Content-Length' in auth_headers:
del auth_headers['Content-Length']
# Connection header can be transparently overridden by proxies anywhere and should not
# be a part of sig computation
if 'Connection' in auth_headers:
del auth_headers['Connection']
sorted_headers = OrderedDict(sorted(auth_headers.items()))
canonical_headers_string = ''
for key, value in sorted_headers.items():
canonical_headers_string += '%s:%s%s' % (key.lower(), value, NL)
signed_headers_string = ';'.join(sorted_headers.keys()).lower()
request_payload_hash_hex = hashlib.sha256(
(r.body or '').encode()).hexdigest()
canonical_request = '%s%s%s%s%s%s%s%s%s%s%s' % (
method, NL, canonical_resource_path, NL, canonical_query_string,
NL, canonical_headers_string, NL, signed_headers_string, NL,
request_payload_hash_hex)
id = '%s/%s/%s/%s' % (self._id, date_stamp, nonce, ID_TERMINATOR)
canonical_request_hash_hex = hashlib.sha256(
canonical_request.encode()).hexdigest()
string_to_sign = '%s%s%s%s%s%s%s' % (ALGORITHM, NL, time_stamp, NL, id,
NL, canonical_request_hash_hex)
def _sign(data, key):
try:
byte_key = key.encode()
except Exception:
byte_key = key
return hmac.new(byte_key, data.encode(), hashlib.sha256).digest()
# SAuthc1 uses a series of derived keys, formed by hashing different
# pieces of data.
k_secret = '%s%s' % (AUTHENTICATION_SCHEME, self._secret)
k_date = _sign(date_stamp, k_secret)
k_nonce = _sign(nonce, k_date)
k_signing = _sign(ID_TERMINATOR, k_nonce)
signature = _sign(string_to_sign, k_signing)
signature_hex = binascii.hexlify(signature).decode()
authorization_header = ', '.join((
'%s %s=%s' % (AUTHENTICATION_SCHEME, SAUTHC1_ID, id),
'%s=%s' % (SAUTHC1_SIGNED_HEADERS, signed_headers_string),
'%s=%s' % (SAUTHC1_SIGNATURE, signature_hex),
))
r.headers[AUTHORIZATION_HEADER] = to_native_string(
authorization_header)
return r
def headers(self):
return {
to_native_string('X-CC-Version'): self.api_version,
to_native_string('X-CC-Api-Key'): self.api_key,
}
def test_to_native_string(value, expected):
assert to_native_string(value) == expected
def _get_basic_auth_str(username, password):
return 'Basic ' + to_native_string(
b64encode(('%s:%s' % (username, password)).encode('latin1')).strip()
)
def test_to_native_string(value, expected):
assert to_native_string(value) == expected
def __call__(self, request):
request.headers.update({
to_native_string('X-CC-Version'): self.api_version,
to_native_string('X-CC-Api-Key'): self.api_key,
})
return request
def _get_basic_auth_str(username, password):
return 'Basic ' + to_native_string(
b64encode(('%s:%s' % (username, password)).encode('latin1')).strip()
)
def __call__(self, r):
time = datetime.utcnow()
time_stamp = time.strftime(TIMESTAMP_FORMAT)
date_stamp = time.strftime(DATE_FORMAT)
nonce = str(uuid4())
parsed_url = urlparse(r.url)
# SAuthc1 requires that we sign the Host header so we
# have to have it in the request by the time we sign.
host_header = parsed_url.hostname
if not self._is_default_port(parsed_url):
host_header = parsed_url.netloc
r.headers[HOST_HEADER] = host_header
r.headers[STORMPATH_DATE_HEADER] = time_stamp
method = r.method
if parsed_url.path:
canonical_resource_path = self._encode_url(parsed_url.path)
else:
canonical_resource_path = '/'
canonical_query_string = ''
if parsed_url.query:
canonical_query_string = self._encode_url(
self._order_query_params(parsed_url.query))
auth_headers = r.headers.copy()
# FIXME: REST API doesn't want this header in the signature.
if 'Content-Length' in auth_headers:
del auth_headers['Content-Length']
# Connection header can be transparently overridden by proxies anywhere and should not
# be a part of sig computation
if 'Connection' in auth_headers:
del auth_headers['Connection']
sorted_headers = OrderedDict(sorted(auth_headers.items()))
canonical_headers_string = ''
for key, value in sorted_headers.items():
canonical_headers_string += '%s:%s%s' % (key.lower(), value, NL)
signed_headers_string = ';'.join(sorted_headers.keys()).lower()
request_payload_hash_hex = hashlib.sha256(
(r.body or '').encode()).hexdigest()
canonical_request = '%s%s%s%s%s%s%s%s%s%s%s' % (
method, NL, canonical_resource_path, NL, canonical_query_string,
NL, canonical_headers_string, NL, signed_headers_string,
NL, request_payload_hash_hex)
id = '%s/%s/%s/%s' % (self._id, date_stamp, nonce, ID_TERMINATOR)
canonical_request_hash_hex = hashlib.sha256(
canonical_request.encode()).hexdigest()
string_to_sign = '%s%s%s%s%s%s%s' % (
ALGORITHM, NL, time_stamp, NL, id, NL, canonical_request_hash_hex)
def _sign(data, key):
try:
byte_key = key.encode()
except Exception:
byte_key = key
return hmac.new(byte_key, data.encode(), hashlib.sha256).digest()
# SAuthc1 uses a series of derived keys, formed by hashing different
# pieces of data.
k_secret = '%s%s' % (AUTHENTICATION_SCHEME, self._secret)
k_date = _sign(date_stamp, k_secret)
k_nonce = _sign(nonce, k_date)
k_signing = _sign(ID_TERMINATOR, k_nonce)
signature = _sign(string_to_sign, k_signing)
signature_hex = binascii.hexlify(signature).decode()
authorization_header = ', '.join((
'%s %s=%s' % (AUTHENTICATION_SCHEME, SAUTHC1_ID, id),
'%s=%s' % (SAUTHC1_SIGNED_HEADERS, signed_headers_string),
'%s=%s' % (SAUTHC1_SIGNATURE, signature_hex),
))
r.headers[AUTHORIZATION_HEADER] = to_native_string(authorization_header)
return r
def _basic_auth_str(username, password):
auth = f"{username}:{password}"
encoded = b64encode(auth.encode("latin1"))
return "BasicCreds " + to_native_string(encoded.strip())
import threading
import requests
import functools
from requests.utils import to_native_string
from . import statsd
from .util import parse_url
from . import request_id
__all__ = [
'HEADER',
'get_session',
'configure',
'enable_requests_logging',
]
HEADER = to_native_string(request_id.HEADER)
storage = threading.local()
storage.sessions = {}
def get_session(cls=requests.Session):
session = storage.sessions.get(cls)
if session is None:
session = storage.sessions[cls] = cls()
configure(session)
return session
def configure(session):
# insert metrics hook first as it needs response, and does't
# alter hook_data for later hooks
