shell bypass 403
a
����\��`�
����������������������@���sB���d�Z�ddlZddlmZ�ddlmZ�e�e�ZG�dd��de�Z dS�) z�
oauthlib.oauth1.rfc5849.endpoints.resource
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This module is an implementation of the resource protection provider logic of
OAuth 1.0 RFC 5849.
�����N����)�errors����)�
BaseEndpointc�������������������@���s���e�Zd�ZdZddd�ZdS�)�ResourceEndpointa!��An endpoint responsible for protecting resources.
Typical use is to instantiate with a request validator and invoke the
``validate_protected_resource_request`` in a decorator around a view
function. If the request is valid, invoke and return the response of the
view. If invalid create and return an error response directly from the
decorator.
See :doc:`/oauth1/validator` for details on which validator methods to implement
for this endpoint.
An example decorator::
from functools import wraps
from your_validator import your_validator
from oauthlib.oauth1 import ResourceEndpoint
endpoint = ResourceEndpoint(your_validator)
def require_oauth(realms=None):
def decorator(f):
@wraps(f)
def wrapper(request, *args, **kwargs):
v, r = provider.validate_protected_resource_request(
request.url,
http_method=request.method,
body=request.data,
headers=request.headers,
realms=realms or [])
if v:
return f(*args, **kwargs)
else:
return abort(403)
�GETNc�����������
������C���s���z|���||||�}W�n�tjy*���Y�dS�0�z|��|��|��|��W�n
�tjy`���d|f�Y�S�0�|jspd|fS�|�j�|j�s�d|fS�|�jj|j |j
|j
||jd�s�d|fS�|�j�
|j |�}|s�|�jj
|_ |�j�|j |j|�}|s�|�jj|_|�jj|j |j||j|d�} |��|�}
||jd<�||jd<�| |jd<�|
|jd<�t||| |
f�}
|
�s�t�d ��t�d
|��t�d
|��t�d
| ��t�d
|
��|
|fS�)a���Create a request token response, with a new request token if valid.
:param uri: The full URI of the token request.
:param http_method: A valid HTTP verb, i.e. GET, POST, PUT, HEAD, etc.
:param body: The request body as a string.
:param headers: The request headers as a dict.
:param realms: A list of realms the resource is protected under.
This will be supplied to the ``validate_realms``
method of the request validator.
:returns: A tuple of 2 elements.
1. True if valid, False otherwise.
2. An oauthlib.common.Request object.
)FNF)Z
access_token)�uri�realmsZclientZresource_ownerZrealmZ signaturez&[Failure] request verification failed.zValid client: %szValid token: %szValid realm: %szValid signature: %s)Z_create_requestr���Z
OAuth1ErrorZ_check_transport_securityZ_check_mandatory_parametersZresource_owner_keyZrequest_validatorZcheck_access_tokenZ
validate_timestamp_and_nonceZ
client_keyZ timestampZnonceZvalidate_client_keyZ
dummy_clientZvalidate_access_tokenZdummy_access_tokenZvalidate_realmsr���Z_check_signatureZ
validator_log�all�log�info)
�selfr���Z
http_method�bodyZheadersr ���ZrequestZ
valid_clientZvalid_resource_ownerZ
valid_realmZvalid_signature�v��r����N/usr/lib/python3.9/site-packages/oauthlib/oauth1/rfc5849/endpoints/resource.py�#validate_protected_resource_request5���sb����
�� �
�
�
�
z4ResourceEndpoint.validate_protected_resource_request)r���NNN)�__name__�
__module__�
__qualname__�__doc__r���r���r���r���r���r������s���"���r���)
r���Zlogging��r����baser���Z getLoggerr���r
���r���r���r���r���r����<module>���s
���