class OAuth2MACClient(object):
def __init__(self, mac_key, access_token,
mac_algorithm=DEFAULT_MAC_ALGORITHM):
self.client = Client(
None,
token_type='MAC',
access_token=access_token,
refresh_token=None,
mac_key=mac_key,
mac_algorithm=mac_algorithm)
def __call__(self, r):
# unquote the URL to make sure that the signature is computed based
# on unquoted values, not quoted values. The can cause headaches
# if the unquoted values contain a '#' but we wouldn't allows
# something like that... ugh.
self.client.add_token(
str(urllib.parse.unquote(r.url)),
str(r.method),
None,
r.headers,
draft=1)
return r
def test_add_mac_token(self):
# Missing access token
client = Client(self.client_id, token_type="MAC")
self.assertRaises(ValueError, client.add_token, self.uri)
# Invalid hash algorithm
client = Client(self.client_id,
token_type="MAC",
access_token=self.access_token,
mac_key=self.mac_key,
mac_algorithm="hmac-sha-2")
self.assertRaises(ValueError, client.add_token, self.uri)
orig_generate_timestamp = common.generate_timestamp
orig_generate_nonce = common.generate_nonce
orig_generate_age = utils.generate_age
self.addCleanup(setattr, common, 'generage_timestamp',
orig_generate_timestamp)
self.addCleanup(setattr, common, 'generage_nonce', orig_generate_nonce)
self.addCleanup(setattr, utils, 'generate_age', orig_generate_age)
common.generate_timestamp = lambda: '123456789'
common.generate_nonce = lambda: 'abc123'
utils.generate_age = lambda *args: 0
# Add the Authorization header (draft 00)
client = Client(self.client_id,
token_type="MAC",
access_token=self.access_token,
mac_key=self.mac_key,
mac_algorithm="hmac-sha-1")
uri, headers, body = client.add_token(
self.uri,
body=self.body,
headers=self.headers,
issue_time=datetime.datetime.now())
self.assertEqual(uri, self.uri)
self.assertEqual(body, self.body)
self.assertEqual(headers, self.mac_00_header)
# Add the Authorization header (draft 00)
client = Client(self.client_id,
token_type="MAC",
access_token=self.access_token,
mac_key=self.mac_key,
mac_algorithm="hmac-sha-1")
uri, headers, body = client.add_token(self.uri,
body=self.body,
headers=self.headers,
draft=1)
self.assertEqual(uri, self.uri)
self.assertEqual(body, self.body)
self.assertEqual(headers, self.mac_01_header)
def test_add_mac_token(self):
# Missing access token
client = Client(self.client_id, token_type="MAC")
self.assertRaises(ValueError, client.add_token, self.uri)
# Invalid hash algorithm
client = Client(self.client_id, token_type="MAC",
access_token=self.access_token, mac_key=self.mac_key,
mac_algorithm="hmac-sha-2")
self.assertRaises(ValueError, client.add_token, self.uri)
orig_generate_timestamp = common.generate_timestamp
orig_generate_nonce = common.generate_nonce
orig_generate_age = utils.generate_age
self.addCleanup(setattr, common, 'generage_timestamp', orig_generate_timestamp)
self.addCleanup(setattr, common, 'generage_nonce', orig_generate_nonce)
self.addCleanup(setattr, utils, 'generate_age', orig_generate_age)
common.generate_timestamp = lambda: '123456789'
common.generate_nonce = lambda: 'abc123'
utils.generate_age = lambda *args: 0
# Add the Authorization header (draft 00)
client = Client(self.client_id, token_type="MAC",
access_token=self.access_token, mac_key=self.mac_key,
mac_algorithm="hmac-sha-1")
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers, issue_time=datetime.datetime.now())
self.assertEqual(uri, self.uri)
self.assertEqual(body, self.body)
self.assertEqual(headers, self.mac_00_header)
# Add the Authorization header (draft 00)
client = Client(self.client_id, token_type="MAC",
access_token=self.access_token, mac_key=self.mac_key,
mac_algorithm="hmac-sha-1")
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers, draft=1)
self.assertEqual(uri, self.uri)
self.assertEqual(body, self.body)
self.assertEqual(headers, self.mac_01_header)
async def do_download(
sheet_id: str, sheet_mime_type: str, oauth2_client: oauth2.Client, output_path: Path
) -> FetchResult:
"""
Download spreadsheet from Google.
If `sheet_mime_type` is 'application/vnd.google-apps.spreadsheet', use
GDrive API to _export_ a text/csv. Otherwise, use GDrive API to _download_
the file.
"""
if sheet_mime_type == "application/vnd.google-apps.spreadsheet":
url = _generate_google_sheet_url(sheet_id)
sheet_mime_type = "text/csv"
else:
url = _generate_gdrive_file_url(sheet_id)
# and use the passed sheet_mime_type
url, headers, _ = oauth2_client.add_token(url, headers={})
try:
await httpfile.download(url, output_path, headers=headers, ssl=SSL_CONTEXT)
except HttpError.NotSuccess as err:
response = err.response
if response.status_code == 401:
return TODO_i18n_fetch_error(
output_path, "Invalid credentials. Please reconnect to Google Drive."
)
elif response.status_code == 403:
return TODO_i18n_fetch_error(
output_path,
"You chose a file your logged-in user cannot access. Please reconnect to Google Drive or choose a different file.",
)
elif response.status_code == 404:
return TODO_i18n_fetch_error(
output_path, "File not found. Please choose a different file."
)
else:
# HACK: *err.i18n_message because i18n_message is a tuple
# compatible with I18nMessage() ctor
return FetchResult(
output_path, errors=[RenderError(I18nMessage(*err.i18n_message))]
)
except HttpError as err:
# HACK: *err.i18n_message because i18n_message is a tuple
# compatible with I18nMessage() ctor
return FetchResult(
output_path, errors=[RenderError(I18nMessage(*err.i18n_message))]
)
return FetchResult(output_path)
async def download_data_frame(
sheet_id: str, sheet_mime_type: str, oauth2_client: oauth2.Client
) -> Union[pd.DataFrame, str, Tuple[pd.DataFrame, str]]:
"""Download spreadsheet from Google, or return a str error message.
Arguments decide how the download and parse will occur:
* If `secret` is not set, return an error.
* If `sheet_mime_type` is 'application/vnd.google-apps.spreadsheet', use
GDrive API to _export_ a text/csv, then parse it. Otherwise, use GDrive
API to _download_ the file, and parse it according to its mime type.
"""
if sheet_mime_type == "application/vnd.google-apps.spreadsheet":
url = _generate_google_sheet_url(sheet_id)
sheet_mime_type = "text/csv"
else:
url = _generate_gdrive_file_url(sheet_id)
# and use the passed sheet_mime_type
url, headers, _ = oauth2_client.add_token(url, headers={})
try:
async with spooled_data_from_url(url, headers) as (blobio, _, __):
# TODO store raw bytes and then parse in render(), like in
# [2019-10-31] loadurl module.
#
# For now, we hard-code questionable params:
#
# * encoding=None: because GDrive doesn't know the charset, and it
# returns the wrong charset sometimes.
# * has_header=True: legacy (and buggy). When we store raw bytes,
# we'll use the user's preference.
return parse_bytesio(blobio,
encoding=None,
content_type=sheet_mime_type,
has_header=True)
except aiohttp.ClientResponseError as err:
if err.status == 401:
return "Invalid credentials. Please reconnect to Google Drive."
elif err.status == 403:
return "You chose a file your logged-in user cannot access. Please reconnect to Google Drive or choose a different file."
elif err.status == 404:
return "File not found. Please choose a different file."
else:
return "GDrive responded with HTTP %d %s" % (err.status,
err.message)
except aiohttp.ClientError as err:
return "Error during GDrive request: %s" % str(err)
except asyncio.TimeoutError:
return "Timeout during GDrive request"
def test_add_bearer_token(self):
"""Test a number of bearer token placements"""
# Invalid token type
client = Client(self.client_id, token_type="invalid")
self.assertRaises(ValueError, client.add_token, self.uri)
# Case-insensitive token type
client = Client(self.client_id, access_token=self.access_token, token_type="bEAreR")
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.bearer_header)
# Missing access token
client = Client(self.client_id)
self.assertRaises(ValueError, client.add_token, self.uri)
# The default token placement, bearer in auth header
client = Client(self.client_id, access_token=self.access_token)
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.bearer_header)
# Setting default placements of tokens
client = Client(self.client_id, access_token=self.access_token,
default_token_placement=AUTH_HEADER)
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.bearer_header)
client = Client(self.client_id, access_token=self.access_token,
default_token_placement=URI_QUERY)
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.bearer_query)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.headers)
client = Client(self.client_id, access_token=self.access_token,
default_token_placement=BODY)
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.bearer_body)
self.assertEqual(headers, self.headers)
# Asking for specific placement in the add_token method
client = Client(self.client_id, access_token=self.access_token)
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers, token_placement=AUTH_HEADER)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.bearer_header)
client = Client(self.client_id, access_token=self.access_token)
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers, token_placement=URI_QUERY)
self.assertURLEqual(uri, self.bearer_query)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.headers)
client = Client(self.client_id, access_token=self.access_token)
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers, token_placement=BODY)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.bearer_body)
self.assertEqual(headers, self.headers)
# Invalid token placement
client = Client(self.client_id, access_token=self.access_token)
self.assertRaises(ValueError, client.add_token, self.uri, body=self.body,
headers=self.headers, token_placement="invalid")
client = Client(self.client_id, access_token=self.access_token,
default_token_placement="invalid")
self.assertRaises(ValueError, client.add_token, self.uri, body=self.body,
headers=self.headers)
def test_add_bearer_token(self):
"""Test a number of bearer token placements"""
# Invalid token type
client = Client(self.client_id, token_type="invalid")
self.assertRaises(ValueError, client.add_token, self.uri)
# Case-insensitive token type
client = Client(self.client_id,
access_token=self.access_token,
token_type="bEAreR")
uri, headers, body = client.add_token(self.uri,
body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.bearer_header)
# Missing access token
client = Client(self.client_id)
self.assertRaises(ValueError, client.add_token, self.uri)
# The default token placement, bearer in auth header
client = Client(self.client_id, access_token=self.access_token)
uri, headers, body = client.add_token(self.uri,
body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.bearer_header)
# Setting default placements of tokens
client = Client(self.client_id,
access_token=self.access_token,
default_token_placement=AUTH_HEADER)
uri, headers, body = client.add_token(self.uri,
body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.bearer_header)
client = Client(self.client_id,
access_token=self.access_token,
default_token_placement=URI_QUERY)
uri, headers, body = client.add_token(self.uri,
body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.bearer_query)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.headers)
client = Client(self.client_id,
access_token=self.access_token,
default_token_placement=BODY)
uri, headers, body = client.add_token(self.uri,
body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.bearer_body)
self.assertEqual(headers, self.headers)
# Asking for specific placement in the add_token method
client = Client(self.client_id, access_token=self.access_token)
uri, headers, body = client.add_token(self.uri,
body=self.body,
headers=self.headers,
token_placement=AUTH_HEADER)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.bearer_header)
client = Client(self.client_id, access_token=self.access_token)
uri, headers, body = client.add_token(self.uri,
body=self.body,
headers=self.headers,
token_placement=URI_QUERY)
self.assertURLEqual(uri, self.bearer_query)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.headers)
client = Client(self.client_id, access_token=self.access_token)
uri, headers, body = client.add_token(self.uri,
body=self.body,
headers=self.headers,
token_placement=BODY)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.bearer_body)
self.assertEqual(headers, self.headers)
# Invalid token placement
client = Client(self.client_id, access_token=self.access_token)
self.assertRaises(ValueError,
client.add_token,
self.uri,
body=self.body,
headers=self.headers,
token_placement="invalid")
client = Client(self.client_id,
access_token=self.access_token,
default_token_placement="invalid")
self.assertRaises(ValueError,
client.add_token,
self.uri,
body=self.body,
headers=self.headers)
def test_add_bearer_token(self):
"""Test a number of bearer token placements"""
# Invalid token type
client = Client(self.client_id, token_type="invalid")
self.assertRaises(ValueError, client.add_token, self.uri)
# Case-insensitive token type
client = Client(self.client_id, access_token=self.access_token, token_type="bEAreR")
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.bearer_header)
# Non-HTTPS
insecure_uri = 'http://example.com/path?query=world'
client = Client(self.client_id, access_token=self.access_token, token_type="Bearer")
self.assertRaises(InsecureTransportError, client.add_token, insecure_uri,
body=self.body,
headers=self.headers)
# Missing access token
client = Client(self.client_id)
self.assertRaises(ValueError, client.add_token, self.uri)
# Expired token
expired = 523549800
expired_token = {
'expires_at': expired,
}
client = Client(self.client_id, token=expired_token, access_token=self.access_token, token_type="Bearer")
self.assertRaises(TokenExpiredError, client.add_token, self.uri,
body=self.body, headers=self.headers)
# The default token placement, bearer in auth header
client = Client(self.client_id, access_token=self.access_token)
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.bearer_header)
# Setting default placements of tokens
client = Client(self.client_id, access_token=self.access_token,
default_token_placement=AUTH_HEADER)
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.bearer_header)
client = Client(self.client_id, access_token=self.access_token,
default_token_placement=URI_QUERY)
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.bearer_query)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.headers)
client = Client(self.client_id, access_token=self.access_token,
default_token_placement=BODY)
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.bearer_body)
self.assertEqual(headers, self.headers)
# Asking for specific placement in the add_token method
client = Client(self.client_id, access_token=self.access_token)
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers, token_placement=AUTH_HEADER)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.bearer_header)
client = Client(self.client_id, access_token=self.access_token)
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers, token_placement=URI_QUERY)
self.assertURLEqual(uri, self.bearer_query)
self.assertFormBodyEqual(body, self.body)
self.assertEqual(headers, self.headers)
client = Client(self.client_id, access_token=self.access_token)
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers, token_placement=BODY)
self.assertURLEqual(uri, self.uri)
self.assertFormBodyEqual(body, self.bearer_body)
self.assertEqual(headers, self.headers)
# Invalid token placement
client = Client(self.client_id, access_token=self.access_token)
self.assertRaises(ValueError, client.add_token, self.uri, body=self.body,
headers=self.headers, token_placement="invalid")
client = Client(self.client_id, access_token=self.access_token,
default_token_placement="invalid")
self.assertRaises(ValueError, client.add_token, self.uri, body=self.body,
headers=self.headers)
def test_add_mac_token(self):
# Missing access token
client = Client(self.client_id, token_type="MAC")
self.assertRaises(ValueError, client.add_token, self.uri)
# Invalid hash algorithm
client = Client(self.client_id, token_type="MAC",
access_token=self.access_token, mac_key=self.mac_key,
mac_algorithm="hmac-sha-2")
self.assertRaises(ValueError, client.add_token, self.uri)
orig_generate_timestamp = common.generate_timestamp
orig_generate_nonce = common.generate_nonce
orig_generate_age = utils.generate_age
self.addCleanup(setattr, common, 'generage_timestamp', orig_generate_timestamp)
self.addCleanup(setattr, common, 'generage_nonce', orig_generate_nonce)
self.addCleanup(setattr, utils, 'generate_age', orig_generate_age)
common.generate_timestamp = lambda: '123456789'
common.generate_nonce = lambda: 'abc123'
utils.generate_age = lambda *args: 0
# Add the Authorization header (draft 00)
client = Client(self.client_id, token_type="MAC",
access_token=self.access_token, mac_key=self.mac_key,
mac_algorithm="hmac-sha-1")
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers, issue_time=datetime.datetime.now())
self.assertEqual(uri, self.uri)
self.assertEqual(body, self.body)
self.assertEqual(headers, self.mac_00_header)
# Non-HTTPS
insecure_uri = 'http://example.com/path?query=world'
self.assertRaises(InsecureTransportError, client.add_token, insecure_uri,
body=self.body,
headers=self.headers,
issue_time=datetime.datetime.now())
# Expired Token
expired = 523549800
expired_token = {
'expires_at': expired,
}
client = Client(self.client_id, token=expired_token, token_type="MAC",
access_token=self.access_token, mac_key=self.mac_key,
mac_algorithm="hmac-sha-1")
self.assertRaises(TokenExpiredError, client.add_token, self.uri,
body=self.body,
headers=self.headers,
issue_time=datetime.datetime.now())
# Add the Authorization header (draft 01)
client = Client(self.client_id, token_type="MAC",
access_token=self.access_token, mac_key=self.mac_key,
mac_algorithm="hmac-sha-1")
uri, headers, body = client.add_token(self.uri, body=self.body,
headers=self.headers, draft=1)
self.assertEqual(uri, self.uri)
self.assertEqual(body, self.body)
self.assertEqual(headers, self.mac_01_header)
# Non-HTTPS
insecure_uri = 'http://example.com/path?query=world'
self.assertRaises(InsecureTransportError, client.add_token, insecure_uri,
body=self.body,
headers=self.headers,
draft=1)
# Expired Token
expired = 523549800
expired_token = {
'expires_at': expired,
}
client = Client(self.client_id, token=expired_token, token_type="MAC",
access_token=self.access_token, mac_key=self.mac_key,
mac_algorithm="hmac-sha-1")
self.assertRaises(TokenExpiredError, client.add_token, self.uri,
body=self.body,
headers=self.headers,
draft=1)
