def __call__(self, request): body = '' if request.body: params = dict(map(lambda x: x.split('='), request.body.split('&'))) keys = list(params) keys.sort() for key in keys: body += str(params[key]) timestamp = str(time.time()) message = timestamp + urljoin(request.path_url, urlparse(request.path_url).path) + body secret = self.api_secret if not isinstance(message, bytes): message = message.encode() if not isinstance(secret, bytes): secret = secret.encode() signature = hmac.new(secret, message, hashlib.sha384).hexdigest() request.headers.update({ to_native_string('X-MKT-APIKEY'): self.api_key, to_native_string('X-MKT-SIGNATURE'): signature, to_native_string('X-MKT-TIMESTAMP'): timestamp, }) return request
def __call__(self, request): access_token = self.access_token_getter() request.headers.update({ to_native_string('CB-VERSION'): self.api_version, to_native_string('Authorization'): to_native_string('Bearer {}'.format(access_token)), }) return request
def __call__(self, request): access_token = self.access_token_getter() request.headers.update({ to_native_string('Authorization'): to_native_string('Bearer {0}'.format(access_token)), }) return request
def __call__(self, request): access_token = self.access_token_getter() request.headers.update( { to_native_string("CB-VERSION"): self.api_version, to_native_string("Authorization"): to_native_string("Bearer {0}".format(access_token)), } ) return request
def __call__(self, request): timestamp = int(time.time() * 1000) message = str(timestamp) + request.method + request.path_url + \ (request.body or '') message = message.encode('ascii') hmac_key = base64.b64decode(self.api_secret) signature = hmac.new(hmac_key, message, hashlib.sha256) signature_b64 = base64.b64encode(signature.digest()).decode('utf-8') request.headers.update({ to_native_string('BB-ACCESS-KEY'): self.api_key, to_native_string('BB-ACCESS-SIGN'): signature_b64, to_native_string('BB-TIMESTAMP'): timestamp, }) return request
def request_access_token(): """ Exchanges basic client credentials for an access token. """ # For Private application authentication, you must specifiy # grant_type=client_credentials and the service scope. For the # Content API, scope=contentapi post_data = {"grant_type": APP_CONFIG['GRANT_TYPE'], "scope": APP_CONFIG['SCOPE']} post_data_string = json.dumps(post_data) # Construct authentication string: # 1. Concatenate the client id, a colon character ":", and the client secret into a single string # 2. URL encode the string from step 1 # 3. Base64 encode the string from step 2 authstr = to_native_string( b64encode(('%s:%s' % (APP_CONFIG['CLIENT_ID'], APP_CONFIG['CLIENT_SECRET'])).encode('utf-8'))).strip() # Construct an Authorization header with the value of 'Basic <base64 encoded auth string>' headers = { "Content-Type": "application/json;charset=UTF-8", "Accept": "application/json", "Authorization": "Basic " + authstr } r = s.post(APP_CONFIG['OAUTH_TOKEN_URL'], data=post_data_string, headers=headers, verify=(app.config['SSLVERIFY'] == 'True')) if r.status_code in (400,500): # Handle known error result = r.json() return jsonify(result) elif r.status_code == 200: result = r.json() access_token = result['access_token'] token_type = result['token_type'] timestamp = result.get('timestamp', None) expires_in = result.get('expires_in', None) token_expiry = None if expires_in is not None: token_expiry = datetime.datetime.strptime(timestamp, '%Y-%m-%dT%H:%M:%S') token_expiry = token_expiry + datetime.timedelta(seconds=expires_in) token_expiry = token_expiry.isoformat() params = { 'access_token': access_token, 'token_type': token_type, 'expires_in': str(expires_in), 'token_expiry': token_expiry, 'timestamp': timestamp } return render_template('access-token.html', **params) else: # Handle unknown error return (r.text, r.status_code, r.headers.items())
def __call__(self, r): """Add OAuth parameters to the request. Parameters may be included from the body if the content-type is urlencoded, if no content type is set a guess is made. """ # Overwriting url is safe here as request will not modify it past # this point. content_type = r.headers.get('Content-Type', '') if not content_type and extract_params(r.body): content_type = CONTENT_TYPE_FORM_URLENCODED if not isinstance(content_type, unicode): content_type = content_type.decode('utf-8') is_form_encoded = (CONTENT_TYPE_FORM_URLENCODED in content_type) if is_form_encoded: r.headers['Content-Type'] = CONTENT_TYPE_FORM_URLENCODED r.url, headers, r.body = self.client.sign( unicode(r.url), unicode(r.method), r.body or '', r.headers) else: # Omit body data in the signing of non form-encoded requests r.url, headers, _ = self.client.sign( unicode(r.url), unicode(r.method), None, r.headers) r.prepare_headers(headers) r.url = to_native_string(r.url) return r
def __call__(self, req): """Add OAuth parameters to the request. Parameters may be included from the body if the content-type is urlencoded, if no content type is set a guess is made. """ # Overwriting url is safe here as request will not modify it past # this point. content_type = to_native(req.headers.get('Content-Type', '')) if self.signature_type == SIGNATURE_TYPE_BODY: content_type = CONTENT_TYPE_FORM_URLENCODED elif not content_type and extract_params(req.body): content_type = CONTENT_TYPE_FORM_URLENCODED if CONTENT_TYPE_FORM_URLENCODED in content_type: req.headers['Content-Type'] = CONTENT_TYPE_FORM_URLENCODED req.url, headers, req.body = self.sign_request(req) elif self.force_include_body: # To allow custom clients to work on non form encoded bodies. req.url, headers, req.body = self.sign_request(req) else: # Omit body data in the signing of non form-encoded requests req.url, headers, _ = self.sign( req.method, req.url, '', req.headers) req.prepare_headers(headers) req.url = to_native_string(req.url) return req
def _basic_auth_str(username, password): """Returns a Basic Auth string.""" authstr = 'Basic ' + to_native_string( b64encode(('%s:%s' % (username, password)).encode('utf-8')).strip()) return authstr
def __call__(self, request): timestamp = str(int(time.time())) message = timestamp + request.method + request.path_url + (request.body or '') secret = self.api_secret if not isinstance(message, bytes): message = message.encode() if not isinstance(secret, bytes): secret = secret.encode() signature = hmac.new(secret, message, hashlib.sha256).hexdigest() request.headers.update({ to_native_string('CB-VERSION'): self.api_version, to_native_string('CB-ACCESS-KEY'): self.api_key, to_native_string('CB-ACCESS-SIGN'): signature, to_native_string('CB-ACCESS-TIMESTAMP'): timestamp, }) return request
def __call__(self, request): timestamp = str(int(time.time())) message = request.body or '' secret = self.api_secret if not isinstance(message, bytes): message = message.encode() if not isinstance(secret, bytes): secret = secret.encode() signature = hmac.new(secret, message, hashlib.sha256).hexdigest() request.headers.update({ to_native_string('ETHWALLET-VERSION'): self.api_version, to_native_string('ETHWALLET-ACCESS-KEY'): self.api_key, to_native_string('ETHWALLET-ACCESS-SIGN'): signature, to_native_string('ETHWALLET-ACCESS-TIMESTAMP'): timestamp, }) return request
def __call__(self, request): timestamp = str(int(round(time.time() * 1000))) if request.method == "POST" and request.body: adjusted_body = "" request_body = json.loads(request.body.decode()) request_body = collections.OrderedDict(sorted( request_body.items())) for item in request_body.items(): if item[1] is not None: param = item[0] + "=" + item[1] adjusted_body = adjusted_body + param + "&" message = request.method + request.url + timestamp + ( adjusted_body[:-1] or "") elif request.method == "GET": message = request.method + request.url + timestamp + "" else: message = request.method + request.url + timestamp + "" secret = self.api_secret if not isinstance(message, bytes): message = message.encode() if not isinstance(secret, bytes): secret = secret.encode() b64message = base64.b64encode(message) if not isinstance(b64message, bytes): b64message = b64message.encode() signature = hmac.new(secret, b64message, hashlib.sha1).digest() if not isinstance(signature, bytes): signature = signature.encode() b64signature = base64.b64encode(signature) request.headers.update({ to_native_string('FC-ACCESS-KEY'): self.api_key.encode(), to_native_string('FC-ACCESS-SIGNATURE'): b64signature, to_native_string('FC-ACCESS-TIMESTAMP'): timestamp, }) return request
def __call__(self, r): r = super(MKMOAuth1, self).__call__(r) r.prepare_headers(r.headers) correct_signature = self.decode_signature(r.headers) r.headers.__setitem__("Authorization", correct_signature) r.url = to_native_string(r.url) return r
def __call__(self, r): r = super(MKMOAuth1, self).__call__(r) r.prepare_headers(r.headers) correct_signature = self.decode_signature(r.headers) r.headers.__setitem__('Authorization', correct_signature) r.url = to_native_string(r.url) return r
def _basic_auth_str_utf8(username, password): """ Generates a Basic Authentication string, from a username:password combination, encoded as UTF-8 """ auth_str = 'Basic ' + to_native_string( b64encode(('%s:%s' % (username, password)).encode('utf8')).strip() ) return auth_str
def __call__(self, request): timestamp = str(int(time.time())) message = timestamp + request.method + request.path_url + (request.body or "") secret = self.api_secret if not isinstance(message, bytes): message = message.encode() if not isinstance(secret, bytes): secret = secret.encode() signature = hmac.new(secret, message, hashlib.sha256).hexdigest() request.headers.update( { to_native_string("CB-VERSION"): self.api_version, to_native_string("CB-ACCESS-KEY"): self.api_key, to_native_string("CB-ACCESS-SIGN"): signature, to_native_string("CB-ACCESS-TIMESTAMP"): timestamp, } ) return request
async def __call__(self, r): """Add OAuth parameters to the request. Parameters may be included from the body if the content-type is urlencoded, if no content type is set a guess is made. """ # Overwriting url is safe here as request will not modify it past # this point. log.debug("Signing request %s using client %s", r, self.client) r.raw_body = await r.body() content_type = r.headers.get("Content-Type", "") if ( not content_type and extract_params(r.raw_body) or self.client.signature_type == SIGNATURE_TYPE_BODY ): content_type = CONTENT_TYPE_FORM_URLENCODED if not isinstance(content_type, unicode): content_type = content_type.decode("utf-8") is_form_encoded = CONTENT_TYPE_FORM_URLENCODED in content_type log.debug( "Including body in call to sign: %s", is_form_encoded or self.force_include_body, ) if is_form_encoded: r.headers["Content-Type"] = CONTENT_TYPE_FORM_URLENCODED r.url, headers, r.raw_body = self.client.sign( unicode(r.url), unicode(r.method), r.raw_body or "", r.headers ) elif self.force_include_body: # To allow custom clients to work on non form encoded bodies. r.url, headers, r.raw_body = self.client.sign( unicode(r.url), unicode(r.method), r.raw_body or "", r.headers ) else: # Omit body data in the signing of non form-encoded requests # noinspection PyArgumentEqualDefault r.url, headers, _ = self.client.sign( unicode(r.url), unicode(r.method), None, r.headers ) r.prepare_headers(headers) r.url = to_native_string(r.url) log.debug("Updated url: %s", r.url) log.debug("Updated headers: %s", headers) log.debug("Updated body: %r", r.raw_body) return r
def __call__(self, r): """Add OAuth parameters to the request. Parameters may be included from the body if the content-type is urlencoded, if no content type is set a guess is made. """ # Overwriting url is safe here as request will not modify it past # this point. log.debug("Signing request %s using client %s", r, self.client) content_type = r.headers.get("Content-Type", "") if ( not content_type and extract_params(r.body) or self.client.signature_type == SIGNATURE_TYPE_BODY ): content_type = CONTENT_TYPE_FORM_URLENCODED if not isinstance(content_type, unicode): content_type = content_type.decode("utf-8") is_form_encoded = CONTENT_TYPE_FORM_URLENCODED in content_type log.debug( "Including body in call to sign: %s", is_form_encoded or self.force_include_body, ) if is_form_encoded: r.headers["Content-Type"] = CONTENT_TYPE_FORM_URLENCODED r.url, headers, r.body = self.client.sign( unicode(r.url), unicode(r.method), r.body or "", r.headers ) elif self.force_include_body: # To allow custom clients to work on non form encoded bodies. r.url, headers, r.body = self.client.sign( unicode(r.url), unicode(r.method), r.body or "", r.headers ) else: # Omit body data in the signing of non form-encoded requests r.url, headers, _ = self.client.sign( unicode(r.url), unicode(r.method), None, r.headers ) r.prepare_headers(headers) r.url = to_native_string(r.url) log.debug("Updated url: %s", r.url) log.debug("Updated headers: %s", headers) log.debug("Updated body: %r", r.body) return r
def __call__(self, r): """Add OAuth parameters to the request. Parameters may be included from the body if the content-type is urlencoded, if no content type is set a guess is made. """ # Overwriting url is safe here as request will not modify it past # this point. log.debug('Signing request %s using client %s', r, self.client) content_type = r.headers.get('Content-Type', '') if (not content_type and extract_params(r.body) or self.client.signature_type == SIGNATURE_TYPE_BODY): content_type = CONTENT_TYPE_FORM_URLENCODED if not isinstance(content_type, unicode): content_type = content_type.decode('utf-8') is_form_encoded = (CONTENT_TYPE_FORM_URLENCODED in content_type) if is_form_encoded: r.headers['Content-Type'] = CONTENT_TYPE_FORM_URLENCODED if (self.force_include_body or (not self.force_exclude_body and is_form_encoded)): log.debug('Including body in call to sign') r.url, headers, r.body = self.client.sign( unicode(r.url), unicode(r.method), r.body or '', r.headers) else: log.debug('Excluding body from call to sign') r_headers = r.headers.copy() if is_form_encoded: del r_headers['Content-Type'] r.url, headers, _ = self.client.sign( unicode(r.url), unicode(r.method), None, r_headers) if is_form_encoded: headers['Content-Type'] = CONTENT_TYPE_FORM_URLENCODED r.prepare_headers(headers) r.url = to_native_string(r.url) log.debug('Updated url: %s', r.url) log.debug('Updated headers: %s', headers) log.debug('Updated body: %r', r.body) return r
def __call__(self, r): time = datetime.utcnow() time_stamp = time.strftime(TIMESTAMP_FORMAT) date_stamp = time.strftime(DATE_FORMAT) nonce = str(uuid4()) parsed_url = urlparse(r.url) # SAuthc1 requires that we sign the Host header so we # have to have it in the request by the time we sign. host_header = parsed_url.hostname if not self._is_default_port(parsed_url): host_header = parsed_url.netloc r.headers[HOST_HEADER] = host_header r.headers[STORMPATH_DATE_HEADER] = time_stamp method = r.method if parsed_url.path: canonical_resource_path = self._encode_url(parsed_url.path) else: canonical_resource_path = '/' canonical_query_string = '' if parsed_url.query: canonical_query_string = self._encode_url( self._order_query_params(parsed_url.query)) auth_headers = r.headers.copy() # FIXME: REST API doesn't want this header in the signature. if 'Content-Length' in auth_headers: del auth_headers['Content-Length'] # Connection header can be transparently overridden by proxies anywhere and should not # be a part of sig computation if 'Connection' in auth_headers: del auth_headers['Connection'] sorted_headers = OrderedDict(sorted(auth_headers.items())) canonical_headers_string = '' for key, value in sorted_headers.items(): canonical_headers_string += '%s:%s%s' % (key.lower(), value, NL) signed_headers_string = ';'.join(sorted_headers.keys()).lower() request_payload_hash_hex = hashlib.sha256( (r.body or '').encode()).hexdigest() canonical_request = '%s%s%s%s%s%s%s%s%s%s%s' % ( method, NL, canonical_resource_path, NL, canonical_query_string, NL, canonical_headers_string, NL, signed_headers_string, NL, request_payload_hash_hex) id = '%s/%s/%s/%s' % (self._id, date_stamp, nonce, ID_TERMINATOR) canonical_request_hash_hex = hashlib.sha256( canonical_request.encode()).hexdigest() string_to_sign = '%s%s%s%s%s%s%s' % (ALGORITHM, NL, time_stamp, NL, id, NL, canonical_request_hash_hex) def _sign(data, key): try: byte_key = key.encode() except Exception: byte_key = key return hmac.new(byte_key, data.encode(), hashlib.sha256).digest() # SAuthc1 uses a series of derived keys, formed by hashing different # pieces of data. k_secret = '%s%s' % (AUTHENTICATION_SCHEME, self._secret) k_date = _sign(date_stamp, k_secret) k_nonce = _sign(nonce, k_date) k_signing = _sign(ID_TERMINATOR, k_nonce) signature = _sign(string_to_sign, k_signing) signature_hex = binascii.hexlify(signature).decode() authorization_header = ', '.join(( '%s %s=%s' % (AUTHENTICATION_SCHEME, SAUTHC1_ID, id), '%s=%s' % (SAUTHC1_SIGNED_HEADERS, signed_headers_string), '%s=%s' % (SAUTHC1_SIGNATURE, signature_hex), )) r.headers[AUTHORIZATION_HEADER] = to_native_string( authorization_header) return r
def headers(self): return { to_native_string('X-CC-Version'): self.api_version, to_native_string('X-CC-Api-Key'): self.api_key, }
def test_to_native_string(value, expected): assert to_native_string(value) == expected
def _get_basic_auth_str(username, password): return 'Basic ' + to_native_string( b64encode(('%s:%s' % (username, password)).encode('latin1')).strip() )
def test_to_native_string(value, expected): assert to_native_string(value) == expected
def __call__(self, request): request.headers.update({ to_native_string('X-CC-Version'): self.api_version, to_native_string('X-CC-Api-Key'): self.api_key, }) return request
def _get_basic_auth_str(username, password): return 'Basic ' + to_native_string( b64encode(('%s:%s' % (username, password)).encode('latin1')).strip() )
def __call__(self, r): time = datetime.utcnow() time_stamp = time.strftime(TIMESTAMP_FORMAT) date_stamp = time.strftime(DATE_FORMAT) nonce = str(uuid4()) parsed_url = urlparse(r.url) # SAuthc1 requires that we sign the Host header so we # have to have it in the request by the time we sign. host_header = parsed_url.hostname if not self._is_default_port(parsed_url): host_header = parsed_url.netloc r.headers[HOST_HEADER] = host_header r.headers[STORMPATH_DATE_HEADER] = time_stamp method = r.method if parsed_url.path: canonical_resource_path = self._encode_url(parsed_url.path) else: canonical_resource_path = '/' canonical_query_string = '' if parsed_url.query: canonical_query_string = self._encode_url( self._order_query_params(parsed_url.query)) auth_headers = r.headers.copy() # FIXME: REST API doesn't want this header in the signature. if 'Content-Length' in auth_headers: del auth_headers['Content-Length'] # Connection header can be transparently overridden by proxies anywhere and should not # be a part of sig computation if 'Connection' in auth_headers: del auth_headers['Connection'] sorted_headers = OrderedDict(sorted(auth_headers.items())) canonical_headers_string = '' for key, value in sorted_headers.items(): canonical_headers_string += '%s:%s%s' % (key.lower(), value, NL) signed_headers_string = ';'.join(sorted_headers.keys()).lower() request_payload_hash_hex = hashlib.sha256( (r.body or '').encode()).hexdigest() canonical_request = '%s%s%s%s%s%s%s%s%s%s%s' % ( method, NL, canonical_resource_path, NL, canonical_query_string, NL, canonical_headers_string, NL, signed_headers_string, NL, request_payload_hash_hex) id = '%s/%s/%s/%s' % (self._id, date_stamp, nonce, ID_TERMINATOR) canonical_request_hash_hex = hashlib.sha256( canonical_request.encode()).hexdigest() string_to_sign = '%s%s%s%s%s%s%s' % ( ALGORITHM, NL, time_stamp, NL, id, NL, canonical_request_hash_hex) def _sign(data, key): try: byte_key = key.encode() except Exception: byte_key = key return hmac.new(byte_key, data.encode(), hashlib.sha256).digest() # SAuthc1 uses a series of derived keys, formed by hashing different # pieces of data. k_secret = '%s%s' % (AUTHENTICATION_SCHEME, self._secret) k_date = _sign(date_stamp, k_secret) k_nonce = _sign(nonce, k_date) k_signing = _sign(ID_TERMINATOR, k_nonce) signature = _sign(string_to_sign, k_signing) signature_hex = binascii.hexlify(signature).decode() authorization_header = ', '.join(( '%s %s=%s' % (AUTHENTICATION_SCHEME, SAUTHC1_ID, id), '%s=%s' % (SAUTHC1_SIGNED_HEADERS, signed_headers_string), '%s=%s' % (SAUTHC1_SIGNATURE, signature_hex), )) r.headers[AUTHORIZATION_HEADER] = to_native_string(authorization_header) return r
def _basic_auth_str(username, password): auth = f"{username}:{password}" encoded = b64encode(auth.encode("latin1")) return "BasicCreds " + to_native_string(encoded.strip())
import threading import requests import functools from requests.utils import to_native_string from . import statsd from .util import parse_url from . import request_id __all__ = [ 'HEADER', 'get_session', 'configure', 'enable_requests_logging', ] HEADER = to_native_string(request_id.HEADER) storage = threading.local() storage.sessions = {} def get_session(cls=requests.Session): session = storage.sessions.get(cls) if session is None: session = storage.sessions[cls] = cls() configure(session) return session def configure(session): # insert metrics hook first as it needs response, and does't # alter hook_data for later hooks