rpms
/
python-oauthlib
7
0
Fork 0
Code Issues Pull Requests Releases Activity

RFC5849 oauth1 signature base_string_uri IPv6 parsing 

Resolves: rhbz#2133805
This commit is contained in:
Tomas Halman 2022-11-10 11:42:31 +01:00
parent 7253680681
commit 18d108cfc2
5 changed files with 246 additions and 440 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

240
0004-IPV6-parsing-signature.patch Normal file
View File

@ -0,0 +1,240 @@
From 49294a6a7cb6e9ece1c1814d629e2d9e497180fa Mon Sep 17 00:00:00 2001
From: Dariusz Smigiel <dsmigiel@redhat.com>
Date: Thu, 19 May 2022 09:41:59 -0700
Subject: [PATCH 1/4] OAuth1: Allow IPv6 addresses being parsed by signature
This PR addresses issue with incorrectly parsing IPv6 address,
described here: https://github.com/oauthlib/oauthlib/issues/817
---
oauthlib/oauth1/rfc5849/signature.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/oauthlib/oauth1/rfc5849/signature.py b/oauthlib/oauth1/rfc5849/signature.py
index a370ccd6..424393b6 100644
--- a/oauthlib/oauth1/rfc5849/signature.py
+++ b/oauthlib/oauth1/rfc5849/signature.py
@@ -173,7 +173,7 @@ def base_string_uri(uri: str, host: str = None) -> str:
if ':' in netloc:
# Contains a colon ":", so try to parse as "host:port"
- hostname, port_str = netloc.split(':', 1)
+ hostname, port_str = netloc.rsplit(':', 1)
if len(hostname) == 0:
raise ValueError('missing host') # error: netloc was ":port" or ":"
From d05c388078b45285ac4a012c568a5e2d56556a34 Mon Sep 17 00:00:00 2001
From: Dariusz Smigiel <dsmigiel@redhat.com>
Date: Wed, 15 Jun 2022 09:26:20 -0700
Subject: [PATCH 2/4] Removed dependency on split
---
oauthlib/oauth1/rfc5849/signature.py | 68 +++++++++++++++----------
tests/oauth1/rfc5849/test_signatures.py | 21 +++++++-
2 files changed, 60 insertions(+), 29 deletions(-)
diff --git a/oauthlib/oauth1/rfc5849/signature.py b/oauthlib/oauth1/rfc5849/signature.py
index 424393b6..70447852 100644
--- a/oauthlib/oauth1/rfc5849/signature.py
+++ b/oauthlib/oauth1/rfc5849/signature.py
@@ -37,6 +37,7 @@
import binascii
import hashlib
import hmac
+import ipaddress
import logging
import warnings
@@ -131,7 +132,14 @@ def base_string_uri(uri: str, host: str = None) -> str:
raise ValueError('uri must be a string.')
# FIXME: urlparse does not support unicode
- scheme, netloc, path, params, query, fragment = urlparse.urlparse(uri)
+ output = urlparse.urlparse(uri)
+ scheme = output.scheme
+ hostname = output.hostname
+ port = output.port
+ path = output.path
+ params = output.params
+ query = output.query
+ fragment = output.fragment
# The scheme, authority, and path of the request resource URI `RFC3986`
# are included by constructing an "http" or "https" URI representing
@@ -153,13 +161,22 @@ def base_string_uri(uri: str, host: str = None) -> str:
# 1. The scheme and host MUST be in lowercase.
scheme = scheme.lower()
- netloc = netloc.lower()
# Note: if ``host`` is used, it will be converted to lowercase below
+ if hostname is not None:
+ hostname = hostname.lower()
# 2. The host and port values MUST match the content of the HTTP
# request "Host" header field.
if host is not None:
- netloc = host.lower() # override value in uri with provided host
+ # NOTE: override value in uri with provided host
+ # Host argument is equal to netloc. It means it's missing scheme.
+ # Add it back, before parsing.
+
+ host = host.lower()
+ host = f"{scheme}://{host}"
+ output = urlparse.urlparse(host)
+ hostname = output.hostname
+ port = output.port
# 3. The port MUST be included if it is not the default port for the
# scheme, and MUST be excluded if it is the default. Specifically,
@@ -170,33 +187,28 @@ def base_string_uri(uri: str, host: str = None) -> str:
# .. _`RFC2616`: https://tools.ietf.org/html/rfc2616
# .. _`RFC2818`: https://tools.ietf.org/html/rfc2818
- if ':' in netloc:
- # Contains a colon ":", so try to parse as "host:port"
-
- hostname, port_str = netloc.rsplit(':', 1)
-
- if len(hostname) == 0:
- raise ValueError('missing host') # error: netloc was ":port" or ":"
+ if hostname is None:
+ raise ValueError('missing host')
- if len(port_str) == 0:
- netloc = hostname # was "host:", so just use the host part
- else:
- try:
- port_num = int(port_str) # try to parse into an integer number
- except ValueError:
- raise ValueError('port is not an integer')
-
- if port_num <= 0 or 65535 < port_num:
- raise ValueError('port out of range') # 16-bit unsigned ints
- if (scheme, port_num) in (('http', 80), ('https', 443)):
- netloc = hostname # default port for scheme: exclude port num
- else:
- netloc = hostname + ':' + str(port_num) # use hostname:port
+ # NOTE: Try guessing if we're dealing with IP or hostname
+ try:
+ hostname = ipaddress.ip_address(hostname)
+ except ValueError:
+ pass
+
+ if isinstance(hostname, ipaddress.IPv6Address):
+ hostname = f"[{hostname}]"
+ elif isinstance(hostname, ipaddress.IPv4Address):
+ hostname = f"{hostname}"
+
+ if port is not None and not (0 <= port <= 65535):
+ raise ValueError('port out of range') # 16-bit unsigned ints
+ if (scheme, port) in (('http', 80), ('https', 443)):
+ netloc = hostname # default port for scheme: exclude port num
+ elif port:
+ netloc = f"{hostname}:{port}" # use hostname:port
else:
- # Does not contain a colon, so entire value must be the hostname
-
- if len(netloc) == 0:
- raise ValueError('missing host') # error: netloc was empty string
+ netloc = hostname
v = urlparse.urlunparse((scheme, netloc, path, params, '', ''))
diff --git a/tests/oauth1/rfc5849/test_signatures.py b/tests/oauth1/rfc5849/test_signatures.py
index 3e84f24b..e737e68b 100644
--- a/tests/oauth1/rfc5849/test_signatures.py
+++ b/tests/oauth1/rfc5849/test_signatures.py
@@ -239,6 +239,26 @@ def test_base_string_uri(self):
'http://override.example.com/path',
base_string_uri('http:///path', 'OVERRIDE.example.com'))
+ # ----------------
+ # Host: valid host allows for IPv4 and IPv6
+
+ self.assertEqual(
+ 'https://192.168.0.1/',
+ base_string_uri('https://192.168.0.1')
+ )
+ self.assertEqual(
+ 'https://192.168.0.1:13000/',
+ base_string_uri('https://192.168.0.1:13000')
+ )
+ self.assertEqual(
+ 'https://[123:db8:fd00:1000::5]:13000/',
+ base_string_uri('https://[123:db8:fd00:1000::5]:13000')
+ )
+ self.assertEqual(
+ 'https://[123:db8:fd00:1000::5]/',
+ base_string_uri('https://[123:db8:fd00:1000::5]')
+ )
+
# ----------------
# Port: default ports always excluded; non-default ports always included
@@ -339,7 +359,6 @@ def test_base_string_uri(self):
self.assertRaises(ValueError, base_string_uri, 'http://:8080')
# Port is not a valid TCP/IP port number
- self.assertRaises(ValueError, base_string_uri, 'http://eg.com:0')
self.assertRaises(ValueError, base_string_uri, 'http://eg.com:-1')
self.assertRaises(ValueError, base_string_uri, 'http://eg.com:65536')
self.assertRaises(ValueError, base_string_uri, 'http://eg.com:3.14')
From ed0cb63945c4a5940b185823809693b7f97989ad Mon Sep 17 00:00:00 2001
From: Dariusz Smigiel <dsmigiel@redhat.com>
Date: Wed, 15 Jun 2022 10:20:29 -0700
Subject: [PATCH 3/4] Removed unused query and fragment
---
oauthlib/oauth1/rfc5849/signature.py | 2 --
1 file changed, 2 deletions(-)
diff --git a/oauthlib/oauth1/rfc5849/signature.py b/oauthlib/oauth1/rfc5849/signature.py
index 70447852..7e8044a9 100644
--- a/oauthlib/oauth1/rfc5849/signature.py
+++ b/oauthlib/oauth1/rfc5849/signature.py
@@ -138,8 +138,6 @@ def base_string_uri(uri: str, host: str = None) -> str:
port = output.port
path = output.path
params = output.params
- query = output.query
- fragment = output.fragment
# The scheme, authority, and path of the request resource URI `RFC3986`
# are included by constructing an "http" or "https" URI representing
From 9aa45aaff0cdeab258d18c025cf66e9bdba529c0 Mon Sep 17 00:00:00 2001
From: Dariusz Smigiel <dsmigiel@redhat.com>
Date: Mon, 27 Jun 2022 07:20:06 -0700
Subject: [PATCH 4/4] Restored test for port 0.
---
oauthlib/oauth1/rfc5849/signature.py | 2 +-
tests/oauth1/rfc5849/test_signatures.py | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/oauthlib/oauth1/rfc5849/signature.py b/oauthlib/oauth1/rfc5849/signature.py
index 862c3f3c..9cb1a517 100644
--- a/oauthlib/oauth1/rfc5849/signature.py
+++ b/oauthlib/oauth1/rfc5849/signature.py
@@ -198,7 +198,7 @@ def base_string_uri(uri: str, host: str = None) -> str:
elif isinstance(hostname, ipaddress.IPv4Address):
hostname = f"{hostname}"
- if port is not None and not (0 <= port <= 65535):
+ if port is not None and not (0 < port <= 65535):
raise ValueError('port out of range') # 16-bit unsigned ints
if (scheme, port) in (('http', 80), ('https', 443)):
netloc = hostname # default port for scheme: exclude port num
diff --git a/tests/oauth1/rfc5849/test_signatures.py b/tests/oauth1/rfc5849/test_signatures.py
index f0e18093..2d4735ea 100644
--- a/tests/oauth1/rfc5849/test_signatures.py
+++ b/tests/oauth1/rfc5849/test_signatures.py
@@ -348,6 +348,7 @@ def test_base_string_uri(self):
self.assertRaises(ValueError, base_string_uri, 'http://:8080')
# Port is not a valid TCP/IP port number
+ self.assertRaises(ValueError, base_string_uri, 'http://eg.com:0')
self.assertRaises(ValueError, base_string_uri, 'http://eg.com:-1')
self.assertRaises(ValueError, base_string_uri, 'http://eg.com:65536')
self.assertRaises(ValueError, base_string_uri, 'http://eg.com:3.14')

80
nomock-direct-core.patch
View File

@ -1,80 +0,0 @@
diff -up oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_authorization_code.py.import_mock_core oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_authorization_code.py
--- oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_authorization_code.py.import_mock_core 2021-05-10 13:45:33.273189402 +0200
+++ oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_authorization_code.py 2021-05-10 13:46:17.883317682 +0200
@@ -3,7 +3,7 @@ from __future__ import absolute_import,
import json
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749.tokens import BearerToken
diff -up oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_base.py.import_mock_core oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_base.py
--- oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_base.py.import_mock_core 2021-05-10 13:45:33.276189411 +0200
+++ oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_base.py 2021-05-10 13:46:05.152281074 +0200
@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*-
-import mock
+from unittest import mock
import time
from oauthlib.common import Request
diff -up oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_dispatchers.py.import_mock_core oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_dispatchers.py
--- oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_dispatchers.py.import_mock_core 2021-05-10 13:45:33.278189416 +0200
+++ oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_dispatchers.py 2021-05-10 13:46:12.971303558 +0200
@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
from __future__ import absolute_import, unicode_literals
-import mock
+from unittest import mock
from oauthlib.common import Request
diff -up oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_hybrid.py.import_mock_core oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_hybrid.py
--- oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_hybrid.py.import_mock_core 2021-05-10 13:45:33.274189405 +0200
+++ oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_hybrid.py 2021-05-10 13:46:10.072295221 +0200
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
from __future__ import absolute_import, unicode_literals
-import mock
+from unittest import mock
from oauthlib.oauth2.rfc6749 import errors
from oauthlib.oauth2.rfc6749.tokens import BearerToken
diff -up oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_implicit.py.import_mock_core oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_implicit.py
--- oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_implicit.py.import_mock_core 2021-05-10 13:45:33.280189422 +0200
+++ oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_implicit.py 2021-05-10 13:46:15.650311261 +0200
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
from __future__ import absolute_import, unicode_literals
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749 import errors
diff -up oauthlib-3.1.0/tests/openid/connect/core/test_server.py.import_mock_core oauthlib-3.1.0/tests/openid/connect/core/test_server.py
--- oauthlib-3.1.0/tests/openid/connect/core/test_server.py.import_mock_core 2021-05-10 13:45:33.271189396 +0200
+++ oauthlib-3.1.0/tests/openid/connect/core/test_server.py 2021-05-10 13:46:23.046332529 +0200
@@ -3,7 +3,7 @@ from __future__ import absolute_import,
import json
-import mock
+from unittest import mock
from oauthlib.oauth2.rfc6749 import errors
from oauthlib.oauth2.rfc6749.endpoints.authorization import AuthorizationEndpoint
diff -up oauthlib-3.1.0/tests/openid/connect/core/test_tokens.py.import_mock_core oauthlib-3.1.0/tests/openid/connect/core/test_tokens.py
--- oauthlib-3.1.0/tests/openid/connect/core/test_tokens.py.import_mock_core 2021-05-10 13:45:33.269189391 +0200
+++ oauthlib-3.1.0/tests/openid/connect/core/test_tokens.py 2021-05-10 13:46:20.348324770 +0200
@@ -1,6 +1,6 @@
from __future__ import absolute_import, unicode_literals
-import mock
+from unittest import mock
from oauthlib.openid.connect.core.tokens import JWTToken

197
nomock-direct.patch
View File

@ -1,197 +0,0 @@
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_client_authentication.py.import_mock oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_client_authentication.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_client_authentication.py.import_mock 2021-05-10 13:29:05.881284703 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_client_authentication.py 2021-05-10 13:34:09.452187326 +0200
@@ -13,7 +13,7 @@ from __future__ import absolute_import,
import json
-import mock
+from unittest import mock
from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
MobileApplicationServer, RequestValidator,
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py.import_mock oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py.import_mock 2021-05-10 13:29:05.877284691 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py 2021-05-10 13:34:02.487166616 +0200
@@ -7,7 +7,7 @@ from __future__ import absolute_import,
import json
-import mock
+from unittest import mock
from oauthlib.oauth2 import (MobileApplicationServer, RequestValidator,
WebApplicationServer)
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_error_responses.py.import_mock oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_error_responses.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_error_responses.py.import_mock 2021-05-10 13:29:05.879284697 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_error_responses.py 2021-05-10 13:34:04.801173496 +0200
@@ -4,7 +4,7 @@ from __future__ import absolute_import,
import json
-import mock
+from unittest import mock
from oauthlib.common import urlencode
from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py.import_mock oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py.import_mock 2021-05-10 13:29:05.874284682 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py 2021-05-10 13:33:57.745152516 +0200
@@ -2,7 +2,7 @@
"""
from __future__ import absolute_import, unicode_literals
-import mock
+from unittest import mock
from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
MobileApplicationServer, RequestValidator,
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py.import_mock oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py.import_mock 2021-05-10 13:29:05.884284712 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py 2021-05-10 13:34:07.165180526 +0200
@@ -4,7 +4,7 @@ from __future__ import absolute_import,
import json
-import mock
+from unittest import mock
from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
MobileApplicationServer, RequestValidator,
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_scope_handling.py.import_mock oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_scope_handling.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_scope_handling.py.import_mock 2021-05-10 13:29:05.872284676 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_scope_handling.py 2021-05-10 13:34:00.218159869 +0200
@@ -7,7 +7,7 @@ from __future__ import absolute_import,
import json
-import mock
+from unittest import mock
from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
MobileApplicationServer, RequestValidator, Server,
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_authorization_code.py.import_mock oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_authorization_code.py.import_mock 2021-05-10 13:29:05.863284649 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_authorization_code.py 2021-05-10 13:33:06.712000770 +0200
@@ -3,7 +3,7 @@ from __future__ import absolute_import,
import json
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749 import errors
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_client_credentials.py.import_mock oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_client_credentials.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_client_credentials.py.import_mock 2021-05-10 13:29:05.865284655 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_client_credentials.py 2021-05-10 13:33:09.931010342 +0200
@@ -3,7 +3,7 @@ from __future__ import absolute_import,
import json
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749.grant_types import ClientCredentialsGrant
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_implicit.py.import_mock oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_implicit.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_implicit.py.import_mock 2021-05-10 13:29:05.856284628 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_implicit.py 2021-05-10 13:32:57.082972139 +0200
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
from __future__ import absolute_import, unicode_literals
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749.grant_types import ImplicitGrant
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_refresh_token.py.import_mock oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_refresh_token.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_refresh_token.py.import_mock 2021-05-10 13:29:05.861284643 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_refresh_token.py 2021-05-10 13:33:03.865992308 +0200
@@ -3,7 +3,7 @@ from __future__ import absolute_import,
import json
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749 import errors
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py.import_mock oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py.import_mock 2021-05-10 13:29:05.858284634 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py 2021-05-10 13:33:00.930983581 +0200
@@ -3,7 +3,7 @@ from __future__ import absolute_import,
import json
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749 import errors
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/test_server.py.import_mock oauthlib-3.1.0/tests/oauth2/rfc6749/test_server.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/test_server.py.import_mock 2021-05-10 13:29:05.870284670 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/test_server.py 2021-05-10 13:33:55.289145213 +0200
@@ -3,7 +3,7 @@ from __future__ import absolute_import,
import json
-import mock
+from unittest import mock
from oauthlib import common
from oauthlib.oauth2.rfc6749 import errors, tokens
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/test_tokens.py.import_mock oauthlib-3.1.0/tests/oauth2/rfc6749/test_tokens.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/test_tokens.py.import_mock 2021-05-10 13:29:05.868284664 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/test_tokens.py 2021-05-10 13:34:19.177216243 +0200
@@ -1,6 +1,6 @@
from __future__ import absolute_import, unicode_literals
-import mock
+from unittest import mock
from oauthlib.common import Request
from oauthlib.oauth2.rfc6749.tokens import (
diff -up oauthlib-3.1.0/tests/openid/connect/core/endpoints/test_claims_handling.py.import_mock oauthlib-3.1.0/tests/openid/connect/core/endpoints/test_claims_handling.py
--- oauthlib-3.1.0/tests/openid/connect/core/endpoints/test_claims_handling.py.import_mock 2021-05-10 13:29:05.849284608 +0200
+++ oauthlib-3.1.0/tests/openid/connect/core/endpoints/test_claims_handling.py 2021-05-10 13:32:42.946930106 +0200
@@ -8,7 +8,7 @@ The claims parameter is an optional quer
"""
from __future__ import absolute_import, unicode_literals
-import mock
+from unittest import mock
from oauthlib.openid import RequestValidator
from oauthlib.openid.connect.core.endpoints.pre_configured import Server
diff -up oauthlib-3.1.0/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py.import_mock oauthlib-3.1.0/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py
--- oauthlib-3.1.0/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py.import_mock 2021-05-10 13:29:05.851284613 +0200
+++ oauthlib-3.1.0/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py 2021-05-10 13:32:47.634944046 +0200
@@ -1,6 +1,6 @@
from __future__ import absolute_import, unicode_literals
-import mock
+from unittest import mock
from oauthlib.oauth2 import InvalidRequestError
from oauthlib.oauth2.rfc6749.endpoints.authorization import \
diff -up oauthlib-3.1.0/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py.import_mock oauthlib-3.1.0/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py
--- oauthlib-3.1.0/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py.import_mock 2021-05-10 13:29:05.853284619 +0200
+++ oauthlib-3.1.0/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py 2021-05-10 13:32:51.005954069 +0200
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
from __future__ import absolute_import, unicode_literals
-import mock
+from unittest import mock
import json
from oauthlib.openid import RequestValidator
diff -up oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_authorization_code.py.import_mock oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_authorization_code.py
diff -up oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_base.py.import_mock oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_base.py
diff -up oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_dispatchers.py.import_mock oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_dispatchers.py
diff -up oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_hybrid.py.import_mock oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_hybrid.py
diff -up oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_implicit.py.import_mock oauthlib-3.1.0/tests/openid/connect/core/grant_types/test_implicit.py
diff -up oauthlib-3.1.0/tests/openid/connect/core/test_server.py.import_mock oauthlib-3.1.0/tests/openid/connect/core/test_server.py
diff -up oauthlib-3.1.0/tests/openid/connect/core/test_tokens.py.import_mock oauthlib-3.1.0/tests/openid/connect/core/test_tokens.py

162
nomock-indirect.patch
View File

@ -1,162 +0,0 @@
diff -up oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_access_token.py.mock_indirect oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_access_token.py
--- oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_access_token.py.mock_indirect 2021-05-10 12:43:55.343919797 +0200
+++ oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_access_token.py 2021-05-10 12:46:56.336475872 +0200
@@ -1,6 +1,6 @@
from __future__ import absolute_import, unicode_literals
-from mock import ANY, MagicMock
+from unittest.mock import ANY, MagicMock
from oauthlib.oauth1 import RequestValidator
from oauthlib.oauth1.rfc5849 import Client
diff -up oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_authorization.py.mock_indirect oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_authorization.py
--- oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_authorization.py.mock_indirect 2021-05-10 12:43:55.340919787 +0200
+++ oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_authorization.py 2021-05-10 12:46:53.640467589 +0200
@@ -1,6 +1,6 @@
from __future__ import absolute_import, unicode_literals
-from mock import MagicMock
+from unittest.mock import MagicMock
from oauthlib.oauth1 import RequestValidator
from oauthlib.oauth1.rfc5849 import errors
diff -up oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_base.py.mock_indirect oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_base.py
--- oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_base.py.mock_indirect 2021-05-10 12:43:55.347919809 +0200
+++ oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_base.py 2021-05-10 12:46:43.396436116 +0200
@@ -2,7 +2,7 @@ from __future__ import absolute_import,
from re import sub
-from mock import MagicMock
+from unittest.mock import MagicMock
from oauthlib.common import CaseInsensitiveDict, safe_string_equals
from oauthlib.oauth1 import Client, RequestValidator
diff -up oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_request_token.py.mock_indirect oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_request_token.py
--- oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_request_token.py.mock_indirect 2021-05-10 12:43:55.345919802 +0200
+++ oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_request_token.py 2021-05-10 12:46:59.010484087 +0200
@@ -1,6 +1,6 @@
from __future__ import absolute_import, unicode_literals
-from mock import ANY, MagicMock
+from unittest.mock import ANY, MagicMock
from oauthlib.oauth1 import RequestValidator
from oauthlib.oauth1.rfc5849 import Client
diff -up oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_resource.py.mock_indirect oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_resource.py
--- oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_resource.py.mock_indirect 2021-05-10 12:43:55.338919781 +0200
+++ oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_resource.py 2021-05-10 12:46:48.398451483 +0200
@@ -1,6 +1,6 @@
from __future__ import absolute_import, unicode_literals
-from mock import ANY, MagicMock
+from unittest.mock import ANY, MagicMock
from oauthlib.oauth1 import RequestValidator
from oauthlib.oauth1.rfc5849 import Client
diff -up oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_signature_only.py.mock_indirect oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_signature_only.py
--- oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_signature_only.py.mock_indirect 2021-05-10 12:43:55.342919793 +0200
+++ oauthlib-3.1.0/tests/oauth1/rfc5849/endpoints/test_signature_only.py 2021-05-10 12:46:50.956459343 +0200
@@ -1,6 +1,6 @@
from __future__ import absolute_import, unicode_literals
-from mock import ANY, MagicMock
+from unittest.mock import ANY, MagicMock
from oauthlib.oauth1 import RequestValidator
from oauthlib.oauth1.rfc5849 import Client
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_backend_application.py.mock_indirect oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_backend_application.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_backend_application.py.mock_indirect 2021-05-10 12:43:55.326919744 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_backend_application.py 2021-05-10 12:47:06.771507932 +0200
@@ -3,7 +3,7 @@ from __future__ import absolute_import,
import os
-from mock import patch
+from unittest.mock import patch
from oauthlib import signals
from oauthlib.oauth2 import BackendApplicationClient
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_legacy_application.py.mock_indirect oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_legacy_application.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_legacy_application.py.mock_indirect 2021-05-10 12:43:55.320919726 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_legacy_application.py 2021-05-10 12:48:21.082736247 +0200
@@ -3,7 +3,7 @@ from __future__ import absolute_import,
import os
-from mock import patch
+from unittest.mock import patch
from oauthlib import signals
from oauthlib.oauth2 import LegacyApplicationClient
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_mobile_application.py.mock_indirect oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_mobile_application.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_mobile_application.py.mock_indirect 2021-05-10 12:43:55.328919750 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_mobile_application.py 2021-05-10 12:47:04.255500202 +0200
@@ -3,7 +3,7 @@ from __future__ import absolute_import,
import os
-from mock import patch
+from unittest.mock import patch
from oauthlib import signals
from oauthlib.oauth2 import MobileApplicationClient
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_service_application.py.mock_indirect oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_service_application.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_service_application.py.mock_indirect 2021-05-10 12:43:55.323919735 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_service_application.py 2021-05-10 12:47:09.375515932 +0200
@@ -5,7 +5,7 @@ import os
from time import time
import jwt
-from mock import patch
+from unittest.mock import patch
from oauthlib.common import Request
from oauthlib.oauth2 import ServiceApplicationClient
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_web_application.py.mock_indirect oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_web_application.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_web_application.py.mock_indirect 2021-05-10 12:43:55.330919757 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/clients/test_web_application.py 2021-05-10 12:47:01.696492340 +0200
@@ -5,7 +5,7 @@ import datetime
import os
import warnings
-from mock import patch
+from unittest.mock import patch
from oauthlib import common, signals
from oauthlib.oauth2 import (BackendApplicationClient, Client,
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py.mock_indirect oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py.mock_indirect 2021-05-10 12:43:55.336919775 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py 2021-05-10 12:48:12.888711068 +0200
@@ -3,7 +3,7 @@ from __future__ import absolute_import,
from json import loads
-from mock import MagicMock
+from unittest.mock import MagicMock
from oauthlib.common import urlencode
from oauthlib.oauth2 import RequestValidator, IntrospectEndpoint
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py.mock_indirect oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py.mock_indirect 2021-05-10 12:43:55.333919766 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py 2021-05-10 12:48:10.078702435 +0200
@@ -3,7 +3,7 @@ from __future__ import absolute_import,
from json import loads
-from mock import MagicMock
+from unittest.mock import MagicMock
from oauthlib.common import urlencode
from oauthlib.oauth2 import RequestValidator, RevocationEndpoint
diff -up oauthlib-3.1.0/tests/oauth2/rfc6749/test_parameters.py.mock_indirect oauthlib-3.1.0/tests/oauth2/rfc6749/test_parameters.py
--- oauthlib-3.1.0/tests/oauth2/rfc6749/test_parameters.py.mock_indirect 2021-05-10 12:43:55.349919815 +0200
+++ oauthlib-3.1.0/tests/oauth2/rfc6749/test_parameters.py 2021-05-10 12:48:36.576783620 +0200
@@ -1,6 +1,6 @@
from __future__ import absolute_import, unicode_literals
-from mock import patch
+from unittest.mock import patch
from oauthlib import signals
from oauthlib.oauth2.rfc6749.errors import *

7
python-oauthlib.spec
View File

@ -2,7 +2,7 @@
Name: python-oauthlib
Version: 3.1.1
Release: 4%{?dist}
Release: 5%{?dist}
Summary: An implementation of the OAuth request-signing logic
License: BSD
@ -12,6 +12,7 @@ Source0: https://github.com/oauthlib/oauthlib/archive/v%{version}/%{m
Patch0001: 0001-Rip-out-RSA-SHA1.patch
Patch0002: 0002-Rip-out-the-rest-of-RSA.patch
Patch0003: 0003-IPV6-regex-redirect_uri.patch
Patch0004: 0004-IPV6-parsing-signature.patch
BuildArch: noarch
@ -76,6 +77,10 @@ rm jwt.py
%{python3_sitelib}/%{modname}-%{version}-*
%changelog
* Thu Nov 10 2022 TomasHalman <thalman@redhat.com> - 3.1.1-5
- RFC5849 oauth1 signature base_string_uri doesn't parse IPv6 addresses
Resolves: rhbz#2133805
* Mon Oct 24 2022 TomasHalman <thalman@redhat.com> - 3.1.1-4
- Resolves: rhbz#2133805 - fix for CVE-2022-36087