This repository has been archived by the owner on Dec 29, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 227
/
service.py
executable file
·1717 lines (1462 loc) · 68 KB
/
service.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#
# Copyright (C) 2006,2008 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""GDataService provides CRUD ops. and programmatic login for GData services.
Error: A base exception class for all exceptions in the gdata_client
module.
CaptchaRequired: This exception is thrown when a login attempt results in a
captcha challenge from the ClientLogin service. When this
exception is thrown, the captcha_token and captcha_url are
set to the values provided in the server's response.
BadAuthentication: Raised when a login attempt is made with an incorrect
username or password.
NotAuthenticated: Raised if an operation requiring authentication is called
before a user has authenticated.
NonAuthSubToken: Raised if a method to modify an AuthSub token is used when
the user is either not authenticated or is authenticated
through another authentication mechanism.
NonOAuthToken: Raised if a method to modify an OAuth token is used when the
user is either not authenticated or is authenticated through
another authentication mechanism.
RequestError: Raised if a CRUD request returned a non-success code.
UnexpectedReturnType: Raised if the response from the server was not of the
desired type. For example, this would be raised if the
server sent a feed when the client requested an entry.
GDataService: Encapsulates user credentials needed to perform insert, update
and delete operations with the GData API. An instance can
perform user authentication, query, insertion, deletion, and
update.
Query: Eases query URI creation by allowing URI parameters to be set as
dictionary attributes. For example a query with a feed of
'/base/feeds/snippets' and ['bq'] set to 'digital camera' will
produce '/base/feeds/snippets?bq=digital+camera' when .ToUri() is
called on it.
"""
__author__ = 'api.jscudder (Jeffrey Scudder)'
import re
import urllib
import urlparse
try:
from xml.etree import cElementTree as ElementTree
except ImportError:
try:
import cElementTree as ElementTree
except ImportError:
try:
from xml.etree import ElementTree
except ImportError:
from elementtree import ElementTree
import atom.service
import gdata
import atom
import atom.http_interface
import atom.token_store
import gdata.auth
import gdata.gauth
AUTH_SERVER_HOST = 'https://www.google.com'
# When requesting an AuthSub token, it is often helpful to track the scope
# which is being requested. One way to accomplish this is to add a URL
# parameter to the 'next' URL which contains the requested scope. This
# constant is the default name (AKA key) for the URL parameter.
SCOPE_URL_PARAM_NAME = 'authsub_token_scope'
# When requesting an OAuth access token or authorization of an existing OAuth
# request token, it is often helpful to track the scope(s) which is/are being
# requested. One way to accomplish this is to add a URL parameter to the
# 'callback' URL which contains the requested scope. This constant is the
# default name (AKA key) for the URL parameter.
OAUTH_SCOPE_URL_PARAM_NAME = 'oauth_token_scope'
# Maps the service names used in ClientLogin to scope URLs.
CLIENT_LOGIN_SCOPES = gdata.gauth.AUTH_SCOPES
# Default parameters for GDataService.GetWithRetries method
DEFAULT_NUM_RETRIES = 3
DEFAULT_DELAY = 1
DEFAULT_BACKOFF = 2
def lookup_scopes(service_name):
"""Finds the scope URLs for the desired service.
In some cases, an unknown service may be used, and in those cases this
function will return None.
"""
if service_name in CLIENT_LOGIN_SCOPES:
return CLIENT_LOGIN_SCOPES[service_name]
return None
# Module level variable specifies which module should be used by GDataService
# objects to make HttpRequests. This setting can be overridden on each
# instance of GDataService.
# This module level variable is deprecated. Reassign the http_client member
# of a GDataService object instead.
http_request_handler = atom.service
class Error(Exception):
pass
class CaptchaRequired(Error):
pass
class BadAuthentication(Error):
pass
class NotAuthenticated(Error):
pass
class NonAuthSubToken(Error):
pass
class NonOAuthToken(Error):
pass
class RequestError(Error):
pass
class UnexpectedReturnType(Error):
pass
class BadAuthenticationServiceURL(Error):
pass
class FetchingOAuthRequestTokenFailed(RequestError):
pass
class TokenUpgradeFailed(RequestError):
pass
class RevokingOAuthTokenFailed(RequestError):
pass
class AuthorizationRequired(Error):
pass
class TokenHadNoScope(Error):
pass
class RanOutOfTries(Error):
pass
class GDataService(atom.service.AtomService):
"""Contains elements needed for GData login and CRUD request headers.
Maintains additional headers (tokens for example) needed for the GData
services to allow a user to perform inserts, updates, and deletes.
"""
# The hander member is deprecated, use http_client instead.
handler = None
# The auth_token member is deprecated, use the token_store instead.
auth_token = None
# The tokens dict is deprecated in favor of the token_store.
tokens = None
def __init__(self, email=None, password=None, account_type='HOSTED_OR_GOOGLE',
service=None, auth_service_url=None, source=None, server=None,
additional_headers=None, handler=None, tokens=None,
http_client=None, token_store=None):
"""Creates an object of type GDataService.
Args:
email: string (optional) The user's email address, used for
authentication.
password: string (optional) The user's password.
account_type: string (optional) The type of account to use. Use
'GOOGLE' for regular Google accounts or 'HOSTED' for Google
Apps accounts, or 'HOSTED_OR_GOOGLE' to try finding a HOSTED
account first and, if it doesn't exist, try finding a regular
GOOGLE account. Default value: 'HOSTED_OR_GOOGLE'.
service: string (optional) The desired service for which credentials
will be obtained.
auth_service_url: string (optional) User-defined auth token request URL
allows users to explicitly specify where to send auth token requests.
source: string (optional) The name of the user's application.
server: string (optional) The name of the server to which a connection
will be opened. Default value: 'base.google.com'.
additional_headers: dictionary (optional) Any additional headers which
should be included with CRUD operations.
handler: module (optional) This parameter is deprecated and has been
replaced by http_client.
tokens: This parameter is deprecated, calls should be made to
token_store instead.
http_client: An object responsible for making HTTP requests using a
request method. If none is provided, a new instance of
atom.http.ProxiedHttpClient will be used.
token_store: Keeps a collection of authorization tokens which can be
applied to requests for a specific URLs. Critical methods are
find_token based on a URL (atom.url.Url or a string), add_token,
and remove_token.
"""
atom.service.AtomService.__init__(self, http_client=http_client,
token_store=token_store)
self.email = email
self.password = password
self.account_type = account_type
self.service = service
self.auth_service_url = auth_service_url
self.server = server
self.additional_headers = additional_headers or {}
self._oauth_input_params = None
self.__SetSource(source)
self.__captcha_token = None
self.__captcha_url = None
self.__gsessionid = None
if http_request_handler.__name__ == 'gdata.urlfetch':
import gdata.alt.appengine
self.http_client = gdata.alt.appengine.AppEngineHttpClient()
def _SetSessionId(self, session_id):
"""Used in unit tests to simulate a 302 which sets a gsessionid."""
self.__gsessionid = session_id
# Define properties for GDataService
def _SetAuthSubToken(self, auth_token, scopes=None):
"""Deprecated, use SetAuthSubToken instead."""
self.SetAuthSubToken(auth_token, scopes=scopes)
def __SetAuthSubToken(self, auth_token, scopes=None):
"""Deprecated, use SetAuthSubToken instead."""
self._SetAuthSubToken(auth_token, scopes=scopes)
def _GetAuthToken(self):
"""Returns the auth token used for authenticating requests.
Returns:
string
"""
current_scopes = lookup_scopes(self.service)
if current_scopes:
token = self.token_store.find_token(current_scopes[0])
if hasattr(token, 'auth_header'):
return token.auth_header
return None
def _GetCaptchaToken(self):
"""Returns a captcha token if the most recent login attempt generated one.
The captcha token is only set if the Programmatic Login attempt failed
because the Google service issued a captcha challenge.
Returns:
string
"""
return self.__captcha_token
def __GetCaptchaToken(self):
return self._GetCaptchaToken()
captcha_token = property(__GetCaptchaToken,
doc="""Get the captcha token for a login request.""")
def _GetCaptchaURL(self):
"""Returns the URL of the captcha image if a login attempt generated one.
The captcha URL is only set if the Programmatic Login attempt failed
because the Google service issued a captcha challenge.
Returns:
string
"""
return self.__captcha_url
def __GetCaptchaURL(self):
return self._GetCaptchaURL()
captcha_url = property(__GetCaptchaURL,
doc="""Get the captcha URL for a login request.""")
def GetGeneratorFromLinkFinder(self, link_finder, func,
num_retries=DEFAULT_NUM_RETRIES,
delay=DEFAULT_DELAY,
backoff=DEFAULT_BACKOFF):
"""returns a generator for pagination"""
yield link_finder
next = link_finder.GetNextLink()
while next is not None:
next_feed = func(str(self.GetWithRetries(
next.href, num_retries=num_retries, delay=delay, backoff=backoff)))
yield next_feed
next = next_feed.GetNextLink()
def _GetElementGeneratorFromLinkFinder(self, link_finder, func,
num_retries=DEFAULT_NUM_RETRIES,
delay=DEFAULT_DELAY,
backoff=DEFAULT_BACKOFF):
for element in self.GetGeneratorFromLinkFinder(link_finder, func,
num_retries=num_retries,
delay=delay,
backoff=backoff).entry:
yield element
def GetOAuthInputParameters(self):
return self._oauth_input_params
def SetOAuthInputParameters(self, signature_method, consumer_key,
consumer_secret=None, rsa_key=None,
two_legged_oauth=False, requestor_id=None):
"""Sets parameters required for using OAuth authentication mechanism.
NOTE: Though consumer_secret and rsa_key are optional, either of the two
is required depending on the value of the signature_method.
Args:
signature_method: class which provides implementation for strategy class
oauth.oauth.OAuthSignatureMethod. Signature method to be used for
signing each request. Valid implementations are provided as the
constants defined by gdata.auth.OAuthSignatureMethod. Currently
they are gdata.auth.OAuthSignatureMethod.RSA_SHA1 and
gdata.auth.OAuthSignatureMethod.HMAC_SHA1
consumer_key: string Domain identifying third_party web application.
consumer_secret: string (optional) Secret generated during registration.
Required only for HMAC_SHA1 signature method.
rsa_key: string (optional) Private key required for RSA_SHA1 signature
method.
two_legged_oauth: boolean (optional) Enables two-legged OAuth process.
requestor_id: string (optional) User email adress to make requests on
their behalf. This parameter should only be set when two_legged_oauth
is True.
"""
self._oauth_input_params = gdata.auth.OAuthInputParams(
signature_method, consumer_key, consumer_secret=consumer_secret,
rsa_key=rsa_key, requestor_id=requestor_id)
if two_legged_oauth:
oauth_token = gdata.auth.OAuthToken(
oauth_input_params=self._oauth_input_params)
self.SetOAuthToken(oauth_token)
def FetchOAuthRequestToken(self, scopes=None, extra_parameters=None,
request_url='%s/accounts/OAuthGetRequestToken' % \
AUTH_SERVER_HOST, oauth_callback=None):
"""Fetches and sets the OAuth request token and returns it.
Args:
scopes: string or list of string base URL(s) of the service(s) to be
accessed. If None, then this method tries to determine the
scope(s) from the current service.
extra_parameters: dict (optional) key-value pairs as any additional
parameters to be included in the URL and signature while making a
request for fetching an OAuth request token. All the OAuth parameters
are added by default. But if provided through this argument, any
default parameters will be overwritten. For e.g. a default parameter
oauth_version 1.0 can be overwritten if
extra_parameters = {'oauth_version': '2.0'}
request_url: Request token URL. The default is
'https://www.google.com/accounts/OAuthGetRequestToken'.
oauth_callback: str (optional) If set, it is assume the client is using
the OAuth v1.0a protocol where the callback url is sent in the
request token step. If the oauth_callback is also set in
extra_params, this value will override that one.
Returns:
The fetched request token as a gdata.auth.OAuthToken object.
Raises:
FetchingOAuthRequestTokenFailed if the server responded to the request
with an error.
"""
if scopes is None:
scopes = lookup_scopes(self.service)
if not isinstance(scopes, (list, tuple)):
scopes = [scopes,]
if oauth_callback:
if extra_parameters is not None:
extra_parameters['oauth_callback'] = oauth_callback
else:
extra_parameters = {'oauth_callback': oauth_callback}
request_token_url = gdata.auth.GenerateOAuthRequestTokenUrl(
self._oauth_input_params, scopes,
request_token_url=request_url,
extra_parameters=extra_parameters)
response = self.http_client.request('GET', str(request_token_url))
if response.status == 200:
token = gdata.auth.OAuthToken()
token.set_token_string(response.read())
token.scopes = scopes
token.oauth_input_params = self._oauth_input_params
self.SetOAuthToken(token)
return token
error = {
'status': response.status,
'reason': 'Non 200 response on fetch request token',
'body': response.read()
}
raise FetchingOAuthRequestTokenFailed(error)
def SetOAuthToken(self, oauth_token):
"""Attempts to set the current token and add it to the token store.
The oauth_token can be any OAuth token i.e. unauthorized request token,
authorized request token or access token.
This method also attempts to add the token to the token store.
Use this method any time you want the current token to point to the
oauth_token passed. For e.g. call this method with the request token
you receive from FetchOAuthRequestToken.
Args:
request_token: gdata.auth.OAuthToken OAuth request token.
"""
if self.auto_set_current_token:
self.current_token = oauth_token
if self.auto_store_tokens:
self.token_store.add_token(oauth_token)
def GenerateOAuthAuthorizationURL(
self, request_token=None, callback_url=None, extra_params=None,
include_scopes_in_callback=False,
scopes_param_prefix=OAUTH_SCOPE_URL_PARAM_NAME,
request_url='%s/accounts/OAuthAuthorizeToken' % AUTH_SERVER_HOST):
"""Generates URL at which user will login to authorize the request token.
Args:
request_token: gdata.auth.OAuthToken (optional) OAuth request token.
If not specified, then the current token will be used if it is of
type <gdata.auth.OAuthToken>, else it is found by looking in the
token_store by looking for a token for the current scope.
callback_url: string (optional) The URL user will be sent to after
logging in and granting access.
extra_params: dict (optional) Additional parameters to be sent.
include_scopes_in_callback: Boolean (default=False) if set to True, and
if 'callback_url' is present, the 'callback_url' will be modified to
include the scope(s) from the request token as a URL parameter. The
key for the 'callback' URL's scope parameter will be
OAUTH_SCOPE_URL_PARAM_NAME. The benefit of including the scope URL as
a parameter to the 'callback' URL, is that the page which receives
the OAuth token will be able to tell which URLs the token grants
access to.
scopes_param_prefix: string (default='oauth_token_scope') The URL
parameter key which maps to the list of valid scopes for the token.
This URL parameter will be included in the callback URL along with
the scopes of the token as value if include_scopes_in_callback=True.
request_url: Authorization URL. The default is
'https://www.google.com/accounts/OAuthAuthorizeToken'.
Returns:
A string URL at which the user is required to login.
Raises:
NonOAuthToken if the user's request token is not an OAuth token or if a
request token was not available.
"""
if request_token and not isinstance(request_token, gdata.auth.OAuthToken):
raise NonOAuthToken
if not request_token:
if isinstance(self.current_token, gdata.auth.OAuthToken):
request_token = self.current_token
else:
current_scopes = lookup_scopes(self.service)
if current_scopes:
token = self.token_store.find_token(current_scopes[0])
if isinstance(token, gdata.auth.OAuthToken):
request_token = token
if not request_token:
raise NonOAuthToken
return str(gdata.auth.GenerateOAuthAuthorizationUrl(
request_token,
authorization_url=request_url,
callback_url=callback_url, extra_params=extra_params,
include_scopes_in_callback=include_scopes_in_callback,
scopes_param_prefix=scopes_param_prefix))
def UpgradeToOAuthAccessToken(self, authorized_request_token=None,
request_url='%s/accounts/OAuthGetAccessToken' \
% AUTH_SERVER_HOST, oauth_version='1.0',
oauth_verifier=None):
"""Upgrades the authorized request token to an access token and returns it
Args:
authorized_request_token: gdata.auth.OAuthToken (optional) OAuth request
token. If not specified, then the current token will be used if it is
of type <gdata.auth.OAuthToken>, else it is found by looking in the
token_store by looking for a token for the current scope.
request_url: Access token URL. The default is
'https://www.google.com/accounts/OAuthGetAccessToken'.
oauth_version: str (default='1.0') oauth_version parameter. All other
'oauth_' parameters are added by default. This parameter too, is
added by default but here you can override it's value.
oauth_verifier: str (optional) If present, it is assumed that the client
will use the OAuth v1.0a protocol which includes passing the
oauth_verifier (as returned by the SP) in the access token step.
Returns:
Access token
Raises:
NonOAuthToken if the user's authorized request token is not an OAuth
token or if an authorized request token was not available.
TokenUpgradeFailed if the server responded to the request with an
error.
"""
if (authorized_request_token and
not isinstance(authorized_request_token, gdata.auth.OAuthToken)):
raise NonOAuthToken
if not authorized_request_token:
if isinstance(self.current_token, gdata.auth.OAuthToken):
authorized_request_token = self.current_token
else:
current_scopes = lookup_scopes(self.service)
if current_scopes:
token = self.token_store.find_token(current_scopes[0])
if isinstance(token, gdata.auth.OAuthToken):
authorized_request_token = token
if not authorized_request_token:
raise NonOAuthToken
access_token_url = gdata.auth.GenerateOAuthAccessTokenUrl(
authorized_request_token,
self._oauth_input_params,
access_token_url=request_url,
oauth_version=oauth_version,
oauth_verifier=oauth_verifier)
response = self.http_client.request('GET', str(access_token_url))
if response.status == 200:
token = gdata.auth.OAuthTokenFromHttpBody(response.read())
token.scopes = authorized_request_token.scopes
token.oauth_input_params = authorized_request_token.oauth_input_params
self.SetOAuthToken(token)
return token
else:
raise TokenUpgradeFailed({'status': response.status,
'reason': 'Non 200 response on upgrade',
'body': response.read()})
def RevokeOAuthToken(self, request_url='%s/accounts/AuthSubRevokeToken' % \
AUTH_SERVER_HOST):
"""Revokes an existing OAuth token.
request_url: Token revoke URL. The default is
'https://www.google.com/accounts/AuthSubRevokeToken'.
Raises:
NonOAuthToken if the user's auth token is not an OAuth token.
RevokingOAuthTokenFailed if request for revoking an OAuth token failed.
"""
scopes = lookup_scopes(self.service)
token = self.token_store.find_token(scopes[0])
if not isinstance(token, gdata.auth.OAuthToken):
raise NonOAuthToken
response = token.perform_request(self.http_client, 'GET', request_url,
headers={'Content-Type':'application/x-www-form-urlencoded'})
if response.status == 200:
self.token_store.remove_token(token)
else:
raise RevokingOAuthTokenFailed
def GetAuthSubToken(self):
"""Returns the AuthSub token as a string.
If the token is an gdta.auth.AuthSubToken, the Authorization Label
("AuthSub token") is removed.
This method examines the current_token to see if it is an AuthSubToken
or SecureAuthSubToken. If not, it searches the token_store for a token
which matches the current scope.
The current scope is determined by the service name string member.
Returns:
If the current_token is set to an AuthSubToken/SecureAuthSubToken,
return the token string. If there is no current_token, a token string
for a token which matches the service object's default scope is returned.
If there are no tokens valid for the scope, returns None.
"""
if isinstance(self.current_token, gdata.auth.AuthSubToken):
return self.current_token.get_token_string()
current_scopes = lookup_scopes(self.service)
if current_scopes:
token = self.token_store.find_token(current_scopes[0])
if isinstance(token, gdata.auth.AuthSubToken):
return token.get_token_string()
else:
token = self.token_store.find_token(atom.token_store.SCOPE_ALL)
if isinstance(token, gdata.auth.ClientLoginToken):
return token.get_token_string()
return None
def SetAuthSubToken(self, token, scopes=None, rsa_key=None):
"""Sets the token sent in requests to an AuthSub token.
Sets the current_token and attempts to add the token to the token_store.
Only use this method if you have received a token from the AuthSub
service. The auth token is set automatically when UpgradeToSessionToken()
is used. See documentation for Google AuthSub here:
http://code.google.com/apis/accounts/AuthForWebApps.html
Args:
token: gdata.auth.AuthSubToken or gdata.auth.SecureAuthSubToken or string
The token returned by the AuthSub service. If the token is an
AuthSubToken or SecureAuthSubToken, the scope information stored in
the token is used. If the token is a string, the scopes parameter is
used to determine the valid scopes.
scopes: list of URLs for which the token is valid. This is only used
if the token parameter is a string.
rsa_key: string (optional) Private key required for RSA_SHA1 signature
method. This parameter is necessary if the token is a string
representing a secure token.
"""
if not isinstance(token, gdata.auth.AuthSubToken):
token_string = token
if rsa_key:
token = gdata.auth.SecureAuthSubToken(rsa_key)
else:
token = gdata.auth.AuthSubToken()
token.set_token_string(token_string)
# If no scopes were set for the token, use the scopes passed in, or
# try to determine the scopes based on the current service name. If
# all else fails, set the token to match all requests.
if not token.scopes:
if scopes is None:
scopes = lookup_scopes(self.service)
if scopes is None:
scopes = [atom.token_store.SCOPE_ALL]
token.scopes = scopes
if self.auto_set_current_token:
self.current_token = token
if self.auto_store_tokens:
self.token_store.add_token(token)
def GetClientLoginToken(self):
"""Returns the token string for the current token or a token matching the
service scope.
If the current_token is a ClientLoginToken, the token string for
the current token is returned. If the current_token is not set, this method
searches for a token in the token_store which is valid for the service
object's current scope.
The current scope is determined by the service name string member.
The token string is the end of the Authorization header, it doesn not
include the ClientLogin label.
"""
if isinstance(self.current_token, gdata.auth.ClientLoginToken):
return self.current_token.get_token_string()
current_scopes = lookup_scopes(self.service)
if current_scopes:
token = self.token_store.find_token(current_scopes[0])
if isinstance(token, gdata.auth.ClientLoginToken):
return token.get_token_string()
else:
token = self.token_store.find_token(atom.token_store.SCOPE_ALL)
if isinstance(token, gdata.auth.ClientLoginToken):
return token.get_token_string()
return None
def SetClientLoginToken(self, token, scopes=None):
"""Sets the token sent in requests to a ClientLogin token.
This method sets the current_token to a new ClientLoginToken and it
also attempts to add the ClientLoginToken to the token_store.
Only use this method if you have received a token from the ClientLogin
service. The auth_token is set automatically when ProgrammaticLogin()
is used. See documentation for Google ClientLogin here:
http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html
Args:
token: string or instance of a ClientLoginToken.
"""
if not isinstance(token, gdata.auth.ClientLoginToken):
token_string = token
token = gdata.auth.ClientLoginToken()
token.set_token_string(token_string)
if not token.scopes:
if scopes is None:
scopes = lookup_scopes(self.service)
if scopes is None:
scopes = [atom.token_store.SCOPE_ALL]
token.scopes = scopes
if self.auto_set_current_token:
self.current_token = token
if self.auto_store_tokens:
self.token_store.add_token(token)
# Private methods to create the source property.
def __GetSource(self):
return self.__source
def __SetSource(self, new_source):
self.__source = new_source
# Update the UserAgent header to include the new application name.
self.additional_headers['User-Agent'] = atom.http_interface.USER_AGENT % (
self.__source,)
source = property(__GetSource, __SetSource,
doc="""The source is the name of the application making the request.
It should be in the form company_id-app_name-app_version""")
# Authentication operations
def ProgrammaticLogin(self, captcha_token=None, captcha_response=None):
"""Authenticates the user and sets the GData Auth token.
Login retreives a temporary auth token which must be used with all
requests to GData services. The auth token is stored in the GData client
object.
Login is also used to respond to a captcha challenge. If the user's login
attempt failed with a CaptchaRequired error, the user can respond by
calling Login with the captcha token and the answer to the challenge.
Args:
captcha_token: string (optional) The identifier for the captcha challenge
which was presented to the user.
captcha_response: string (optional) The user's answer to the captch
challenge.
Raises:
CaptchaRequired if the login service will require a captcha response
BadAuthentication if the login service rejected the username or password
Error if the login service responded with a 403 different from the above
"""
request_body = gdata.auth.generate_client_login_request_body(self.email,
self.password, self.service, self.source, self.account_type,
captcha_token, captcha_response)
# If the user has defined their own authentication service URL,
# send the ClientLogin requests to this URL:
if not self.auth_service_url:
auth_request_url = AUTH_SERVER_HOST + '/accounts/ClientLogin'
else:
auth_request_url = self.auth_service_url
auth_response = self.http_client.request('POST', auth_request_url,
data=request_body,
headers={'Content-Type':'application/x-www-form-urlencoded'})
response_body = auth_response.read()
if auth_response.status == 200:
# TODO: insert the token into the token_store directly.
self.SetClientLoginToken(
gdata.auth.get_client_login_token(response_body))
self.__captcha_token = None
self.__captcha_url = None
elif auth_response.status == 403:
# Examine each line to find the error type and the captcha token and
# captch URL if they are present.
captcha_parameters = gdata.auth.get_captcha_challenge(response_body,
captcha_base_url='%s/accounts/' % AUTH_SERVER_HOST)
if captcha_parameters:
self.__captcha_token = captcha_parameters['token']
self.__captcha_url = captcha_parameters['url']
raise CaptchaRequired, 'Captcha Required'
elif response_body.splitlines()[0] == 'Error=BadAuthentication':
self.__captcha_token = None
self.__captcha_url = None
raise BadAuthentication, 'Incorrect username or password'
else:
self.__captcha_token = None
self.__captcha_url = None
raise Error, 'Server responded with a 403 code'
elif auth_response.status == 302:
self.__captcha_token = None
self.__captcha_url = None
# Google tries to redirect all bad URLs back to
# http://www.google.<locale>. If a redirect
# attempt is made, assume the user has supplied an incorrect authentication URL
raise BadAuthenticationServiceURL, 'Server responded with a 302 code.'
def ClientLogin(self, username, password, account_type=None, service=None,
auth_service_url=None, source=None, captcha_token=None,
captcha_response=None):
"""Convenience method for authenticating using ProgrammaticLogin.
Sets values for email, password, and other optional members.
Args:
username:
password:
account_type: string (optional)
service: string (optional)
auth_service_url: string (optional)
captcha_token: string (optional)
captcha_response: string (optional)
"""
self.email = username
self.password = password
if account_type:
self.account_type = account_type
if service:
self.service = service
if source:
self.source = source
if auth_service_url:
self.auth_service_url = auth_service_url
self.ProgrammaticLogin(captcha_token, captcha_response)
def GenerateAuthSubURL(self, next, scope, secure=False, session=True,
domain='default'):
"""Generate a URL at which the user will login and be redirected back.
Users enter their credentials on a Google login page and a token is sent
to the URL specified in next. See documentation for AuthSub login at:
http://code.google.com/apis/accounts/docs/AuthSub.html
Args:
next: string The URL user will be sent to after logging in.
scope: string or list of strings. The URLs of the services to be
accessed.
secure: boolean (optional) Determines whether or not the issued token
is a secure token.
session: boolean (optional) Determines whether or not the issued token
can be upgraded to a session token.
"""
if not isinstance(scope, (list, tuple)):
scope = (scope,)
return gdata.auth.generate_auth_sub_url(next, scope, secure=secure,
session=session,
request_url='%s/accounts/AuthSubRequest' % AUTH_SERVER_HOST,
domain=domain)
def UpgradeToSessionToken(self, token=None):
"""Upgrades a single use AuthSub token to a session token.
Args:
token: A gdata.auth.AuthSubToken or gdata.auth.SecureAuthSubToken
(optional) which is good for a single use but can be upgraded
to a session token. If no token is passed in, the token
is found by looking in the token_store by looking for a token
for the current scope.
Raises:
NonAuthSubToken if the user's auth token is not an AuthSub token
TokenUpgradeFailed if the server responded to the request with an
error.
"""
if token is None:
scopes = lookup_scopes(self.service)
if scopes:
token = self.token_store.find_token(scopes[0])
else:
token = self.token_store.find_token(atom.token_store.SCOPE_ALL)
if not isinstance(token, gdata.auth.AuthSubToken):
raise NonAuthSubToken
self.SetAuthSubToken(self.upgrade_to_session_token(token))
def upgrade_to_session_token(self, token):
"""Upgrades a single use AuthSub token to a session token.
Args:
token: A gdata.auth.AuthSubToken or gdata.auth.SecureAuthSubToken
which is good for a single use but can be upgraded to a
session token.
Returns:
The upgraded token as a gdata.auth.AuthSubToken object.
Raises:
TokenUpgradeFailed if the server responded to the request with an
error.
"""
response = token.perform_request(self.http_client, 'GET',
AUTH_SERVER_HOST + '/accounts/AuthSubSessionToken',
headers={'Content-Type':'application/x-www-form-urlencoded'})
response_body = response.read()
if response.status == 200:
token.set_token_string(
gdata.auth.token_from_http_body(response_body))
return token
else:
raise TokenUpgradeFailed({'status': response.status,
'reason': 'Non 200 response on upgrade',
'body': response_body})
def RevokeAuthSubToken(self):
"""Revokes an existing AuthSub token.
Raises:
NonAuthSubToken if the user's auth token is not an AuthSub token
"""
scopes = lookup_scopes(self.service)
token = self.token_store.find_token(scopes[0])
if not isinstance(token, gdata.auth.AuthSubToken):
raise NonAuthSubToken
response = token.perform_request(self.http_client, 'GET',
AUTH_SERVER_HOST + '/accounts/AuthSubRevokeToken',
headers={'Content-Type':'application/x-www-form-urlencoded'})
if response.status == 200:
self.token_store.remove_token(token)
def AuthSubTokenInfo(self):
"""Fetches the AuthSub token's metadata from the server.
Raises:
NonAuthSubToken if the user's auth token is not an AuthSub token
"""
scopes = lookup_scopes(self.service)
token = self.token_store.find_token(scopes[0])
if not isinstance(token, gdata.auth.AuthSubToken):
raise NonAuthSubToken
response = token.perform_request(self.http_client, 'GET',
AUTH_SERVER_HOST + '/accounts/AuthSubTokenInfo',
headers={'Content-Type':'application/x-www-form-urlencoded'})
result_body = response.read()
if response.status == 200:
return result_body
else:
raise RequestError, {'status': response.status,
'body': result_body}
def GetWithRetries(self, uri, extra_headers=None, redirects_remaining=4,
encoding='UTF-8', converter=None, num_retries=DEFAULT_NUM_RETRIES,
delay=DEFAULT_DELAY, backoff=DEFAULT_BACKOFF, logger=None):
"""This is a wrapper method for Get with retrying capability.
To avoid various errors while retrieving bulk entities by retrying
specified times.
Note this method relies on the time module and so may not be usable
by default in Python2.2.
Args:
num_retries: Integer; the retry count.
delay: Integer; the initial delay for retrying.
backoff: Integer; how much the delay should lengthen after each failure.
logger: An object which has a debug(str) method to receive logging
messages. Recommended that you pass in the logging module.
Raises:
ValueError if any of the parameters has an invalid value.
RanOutOfTries on failure after number of retries.
"""
# Moved import for time module inside this method since time is not a
# default module in Python2.2. This method will not be usable in
# Python2.2.
import time
if backoff <= 1:
raise ValueError("backoff must be greater than 1")
num_retries = int(num_retries)
if num_retries < 0:
raise ValueError("num_retries must be 0 or greater")
if delay <= 0:
raise ValueError("delay must be greater than 0")
# Let's start
mtries, mdelay = num_retries, delay
while mtries > 0:
if mtries != num_retries:
if logger:
logger.debug("Retrying: %s" % uri)
try:
rv = self.Get(uri, extra_headers=extra_headers,
redirects_remaining=redirects_remaining,
encoding=encoding, converter=converter)
except SystemExit:
# Allow this error
raise
except RequestError, e:
# Error 500 is 'internal server error' and warrants a retry