Compare commits

..

No commits in common. "c8" and "c9s" have entirely different histories.
c8 ... c9s

6 changed files with 308 additions and 84 deletions

7
.gitignore vendored
View File

@ -1 +1,6 @@
SOURCES/v1.0.0.tar.gz
/requests-oauthlib-0.4.0.tar.gz
/requests-oauthlib-0.5.0.tar.gz
/v0.8.0.tar.gz
/v1.0.0.tar.gz
/v1.2.0.tar.gz
/v1.3.0.tar.gz

View File

@ -1 +0,0 @@
a0164a7013283b6738258f703c01df8a6fbcb01e SOURCES/v1.0.0.tar.gz

View File

@ -0,0 +1,155 @@
From 289f5bb346318d21ed70f747db0180bdb79a6d5d Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Sat, 3 Jul 2021 20:51:17 +0200
Subject: [PATCH] Don't use SIGNATURE_RSA
---
requests_oauthlib/oauth1_session.py | 25 ++++++-------
tests/test_oauth1_session.py | 54 +----------------------------
2 files changed, 11 insertions(+), 68 deletions(-)
diff --git a/requests_oauthlib/oauth1_session.py b/requests_oauthlib/oauth1_session.py
index aa17f28..ea3de69 100644
--- a/requests_oauthlib/oauth1_session.py
+++ b/requests_oauthlib/oauth1_session.py
@@ -9,7 +9,7 @@ import logging
from oauthlib.common import add_params_to_uri
from oauthlib.common import urldecode as _urldecode
-from oauthlib.oauth1 import SIGNATURE_HMAC, SIGNATURE_RSA, SIGNATURE_TYPE_AUTH_HEADER
+from oauthlib.oauth1 import SIGNATURE_HMAC, SIGNATURE_TYPE_AUTH_HEADER
import requests
from . import OAuth1
@@ -134,8 +134,7 @@ class OAuth1Session(requests.Session):
authorization.
:param signature_method: Signature methods determine how the OAuth
signature is created. The three options are
- oauthlib.oauth1.SIGNATURE_HMAC (default),
- oauthlib.oauth1.SIGNATURE_RSA and
+ oauthlib.oauth1.SIGNATURE_HMAC (default) and
oauthlib.oauth1.SIGNATURE_PLAIN.
:param signature_type: Signature type decides where the OAuth
parameters are added. Either in the
@@ -145,8 +144,9 @@ class OAuth1Session(requests.Session):
oauthlib.oauth1.SIGNATURE_TYPE_QUERY and
oauthlib.oauth1.SIGNATURE_TYPE_BODY
respectively.
- :param rsa_key: The private RSA key as a string. Can only be used with
- signature_method=oauthlib.oauth1.SIGNATURE_RSA.
+ :param rsa_key: The private RSA key as a string. Because this version
+ does not support signature_method=oauthlib.oauth1.SIGNATURE_RSA.
+ this parameter is unused
:param verifier: A verifier string to prove authorization was granted.
:param client_class: A subclass of `oauthlib.oauth1.Client` to use with
`requests_oauthlib.OAuth1` instead of the default
@@ -200,16 +200,11 @@ class OAuth1Session(requests.Session):
authentication dance before OAuth-protected requests to the resource
will succeed.
"""
- if self._client.client.signature_method == SIGNATURE_RSA:
- # RSA only uses resource_owner_key
- return bool(self._client.client.resource_owner_key)
- else:
- # other methods of authentication use all three pieces
- return (
- bool(self._client.client.client_secret)
- and bool(self._client.client.resource_owner_key)
- and bool(self._client.client.resource_owner_secret)
- )
+ return (
+ bool(self._client.client.client_secret)
+ and bool(self._client.client.resource_owner_key)
+ and bool(self._client.client.resource_owner_secret)
+ )
def authorization_url(self, url, request_token=None, **kwargs):
"""Create an authorization URL by appending request_token and optional
diff --git a/tests/test_oauth1_session.py b/tests/test_oauth1_session.py
index 1dd2b2f..88928e1 100644
--- a/tests/test_oauth1_session.py
+++ b/tests/test_oauth1_session.py
@@ -5,7 +5,7 @@ import requests
from io import StringIO
from oauthlib.oauth1 import SIGNATURE_TYPE_QUERY, SIGNATURE_TYPE_BODY
-from oauthlib.oauth1 import SIGNATURE_RSA, SIGNATURE_PLAINTEXT
+from oauthlib.oauth1 import SIGNATURE_PLAINTEXT
from requests_oauthlib import OAuth1Session
try:
@@ -117,18 +117,6 @@ class OAuth1SessionTest(unittest.TestCase):
auth.send = self.verify_signature(signature)
auth.post("https://i.b")
- signature = (
- "OAuth "
- 'oauth_nonce="abc", oauth_timestamp="123", oauth_version="1.0", '
- 'oauth_signature_method="RSA-SHA1", oauth_consumer_key="foo", '
- 'oauth_signature="{sig}"'
- ).format(sig=TEST_RSA_OAUTH_SIGNATURE)
- auth = OAuth1Session(
- "foo", signature_method=SIGNATURE_RSA, rsa_key=TEST_RSA_KEY
- )
- auth.send = self.verify_signature(signature)
- auth.post("https://i.b")
-
@mock.patch("oauthlib.oauth1.rfc5849.generate_timestamp")
@mock.patch("oauthlib.oauth1.rfc5849.generate_nonce")
def test_binary_upload(self, generate_nonce, generate_timestamp):
@@ -279,52 +267,12 @@ class OAuth1SessionTest(unittest.TestCase):
sess = OAuth1Session("foo")
self.assertIs(sess.authorized, False)
- def test_authorized_false_rsa(self):
- signature = (
- "OAuth "
- 'oauth_nonce="abc", oauth_timestamp="123", oauth_version="1.0", '
- 'oauth_signature_method="RSA-SHA1", oauth_consumer_key="foo", '
- 'oauth_signature="{sig}"'
- ).format(sig=TEST_RSA_OAUTH_SIGNATURE)
- sess = OAuth1Session(
- "foo", signature_method=SIGNATURE_RSA, rsa_key=TEST_RSA_KEY
- )
- sess.send = self.verify_signature(signature)
- self.assertIs(sess.authorized, False)
-
def test_authorized_true(self):
sess = OAuth1Session("key", "secret", verifier="bar")
sess.send = self.fake_body("oauth_token=foo&oauth_token_secret=bar")
sess.fetch_access_token("https://example.com/token")
self.assertIs(sess.authorized, True)
- @mock.patch("oauthlib.oauth1.rfc5849.generate_timestamp")
- @mock.patch("oauthlib.oauth1.rfc5849.generate_nonce")
- def test_authorized_true_rsa(self, generate_nonce, generate_timestamp):
- if not cryptography:
- raise unittest.SkipTest("cryptography module is required")
- if not jwt:
- raise unittest.SkipTest("pyjwt module is required")
-
- generate_nonce.return_value = "abc"
- generate_timestamp.return_value = "123"
- signature = (
- "OAuth "
- 'oauth_nonce="abc", oauth_timestamp="123", oauth_version="1.0", '
- 'oauth_signature_method="RSA-SHA1", oauth_consumer_key="foo", '
- 'oauth_verifier="bar", oauth_signature="{sig}"'
- ).format(sig=TEST_RSA_OAUTH_SIGNATURE)
- sess = OAuth1Session(
- "key",
- "secret",
- signature_method=SIGNATURE_RSA,
- rsa_key=TEST_RSA_KEY,
- verifier="bar",
- )
- sess.send = self.fake_body("oauth_token=foo&oauth_token_secret=bar")
- sess.fetch_access_token("https://example.com/token")
- self.assertIs(sess.authorized, True)
-
def verify_signature(self, signature):
def fake_send(r, **kwargs):
auth_header = r.headers["Authorization"]
--
2.26.3

89
401.patch Normal file
View File

@ -0,0 +1,89 @@
From 62d8d04f49f731839ccd4a2c448ac08c8a1ab493 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
Date: Mon, 16 Mar 2020 12:34:23 +0100
Subject: [PATCH] Prefer unittest.mock over external mock package
Prefer using unittest.mock over external mock package to avoid
extraneous dependencies in Python 3.3+. Install 'mock' only for older
Python versions.
---
setup.py | 2 +-
tests/test_core.py | 4 ++--
tests/test_oauth1_session.py | 4 ++--
tests/test_oauth2_session.py | 4 ++--
tox.ini | 2 +-
5 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/setup.py b/setup.py
index 1532c17..2e8dd82 100644
--- a/setup.py
+++ b/setup.py
@@ -63,6 +63,6 @@ def readall(path):
"Programming Language :: Python :: Implementation :: PyPy",
],
zip_safe=False,
- tests_require=["mock", "requests-mock"],
+ tests_require=['mock;python_version<"3.3"', "requests-mock"],
test_suite="tests",
)
diff --git a/tests/test_core.py b/tests/test_core.py
index ea4575f..971ee6c 100644
--- a/tests/test_core.py
+++ b/tests/test_core.py
@@ -8,9 +8,9 @@
import unittest
try:
- import mock
-except ImportError:
from unittest import mock
+except ImportError:
+ import mock
@mock.patch("oauthlib.oauth1.rfc5849.generate_timestamp")
diff --git a/tests/test_oauth1_session.py b/tests/test_oauth1_session.py
index 1dd2b2f..ad0578f 100644
--- a/tests/test_oauth1_session.py
+++ b/tests/test_oauth1_session.py
@@ -9,9 +9,9 @@
from requests_oauthlib import OAuth1Session
try:
- import mock
-except ImportError:
from unittest import mock
+except ImportError:
+ import mock
try:
import cryptography
diff --git a/tests/test_oauth2_session.py b/tests/test_oauth2_session.py
index cfc6236..2f7b227 100644
--- a/tests/test_oauth2_session.py
+++ b/tests/test_oauth2_session.py
@@ -9,9 +9,9 @@
from unittest import TestCase
try:
- import mock
-except ImportError:
from unittest import mock
+except ImportError:
+ import mock
from oauthlib.common import urlencode
from oauthlib.oauth2 import TokenExpiredError, OAuth2Error
diff --git a/tox.ini b/tox.ini
index abc641a..0db1117 100644
--- a/tox.ini
+++ b/tox.ini
@@ -4,7 +4,7 @@ envlist = py27, py34, py35, py36, py37, pypy, pypy3
[testenv]
deps=
-r{toxinidir}/requirements.txt
- mock
+ mock;python_version<"3.3"
coveralls
requests-mock
commands= coverage run --source=requests_oauthlib -m unittest discover

View File

@ -1,72 +1,25 @@
%if (0%{?fedora} > 0 && 0%{?fedora} < 32) || (0%{?rhel} > 0 && 0%{?rhel} <= 7)
%bcond_without python2
%bcond_without python3
%endif
%if 0%{?fedora} || 0%{?rhel} >= 8
%bcond_with python2
%bcond_without python3
%endif
%if 0%{?el6}%{?el7}
# python3 and python version related macros
# required to build python3- subpackage
# are not available in el6 and el7
%{!?__python2: %global __python2 %{__python}}
%{!?python2_sitelib: %global python2_sitelib %{python_sitelib}}
%{!?py2_build: %global py2_build %{__python2} setup.py build --executable="%{__python2} -s" %{?*}}
%{!?py2_install: %global py2_install %{__python2} setup.py install --skip-build --root %{buildroot} %{?*}}
%endif
%global distname requests-oauthlib
%global modname requests_oauthlib
Name: python-requests-oauthlib
Version: 1.0.0
Release: 1%{?dist}
Version: 1.3.0
Release: 12%{?dist}
Summary: OAuthlib authentication support for Requests.
Group: Development/Libraries
License: ISC
URL: http://pypi.python.org/pypi/requests-oauthlib
Source0: https://github.com/requests/requests-oauthlib/archive/v%{version}.tar.gz
Patch0001: 401.patch
Patch0002: 0002-Don-t-use-SIGNATURE_RSA.patch
BuildArch: noarch
%description
This project provides first-class OAuth library support for python-request.
%if %{with python2}
%package -n python2-%{distname}
%if 0%{?python_provide:1}
%python_provide python2-%{distname}
%else
Provides: python-%{distname} = %{?epoch:%{epoch}:}%{version}-%{release}
%endif
Summary: OAuthlib authentication support for Requests.
Group: Development/Libraries
BuildRequires: python2-devel
BuildRequires: python2-setuptools
BuildRequires: python2-oauthlib >= 0.6.2
BuildRequires: python2-requests >= 2.0.0
BuildRequires: python2-mock
Requires: python2-oauthlib
Requires: python2-requests >= 2.0.0
%description -n python2-%{distname}
This project provides first-class OAuth library support for python-request.
%endif # with python2
%if %{with python3}
%package -n python3-%{distname}
%{?python_provide:%python_provide python3-%{distname}}
Summary: OAuthlib authentication support for Requests.
Group: Development/Libraries
BuildRequires: python3-devel
BuildRequires: python3-setuptools
@ -74,68 +27,90 @@ BuildRequires: python3-setuptools
BuildRequires: python3-oauthlib >= 0.6.2
BuildRequires: python3-requests >= 2.0.0
BuildRequires: python3-mock
Requires: python3-oauthlib
Requires: python3-requests
%description -n python3-%{distname}
This project provides first-class OAuth library support for python-request.
%endif
%prep
%autosetup -n %{distname}-%{version}
%autosetup -n %{distname}-%{version} -p1
# Remove bundled egg-info in case it exists
rm -rf %{distname}.egg-info
%build
%if %{with python2}
%py2_build
%endif # with python2
%if %{with python3}
%py3_build
%endif
%install
%if %{with python2}
%py2_install
%endif # with python2
%if %{with python3}
%py3_install
%endif
# Upstream doesn't actually ship the tests with the tarball.
# https://github.com/requests/requests-oauthlib/pull/91
#%%check
#%%{__python2} setup.py test
%if %{with python2}
%files -n python2-%{distname}
%doc README.rst HISTORY.rst requirements.txt AUTHORS.rst
%license LICENSE
%{python2_sitelib}/%{modname}/
%{python2_sitelib}/%{modname}-%{version}*
%endif # with python2
%if %{with python3}
%files -n python3-%{distname}
%doc README.rst HISTORY.rst requirements.txt AUTHORS.rst
%license LICENSE
%{python3_sitelib}/%{modname}/
%{python3_sitelib}/%{modname}-%{version}*
%endif
%changelog
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.0-12
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Sat Jul 3 2021 Jakub Hrozek <jhrozek@redhat.com> - 1.3.0-11
- Don't use SIGNATURE_RSA
- Related: #1935433 - python-oauthlib implements and/or uses the deprecated
SHA1 algorithm by default
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.0-10
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Feb 8 2021 Jakub Hrozek <jhrozek@redhat.com> - 1.3.0-9
- Drop python2 support
- actually run unit tests
- drop unused python3-mock dependency
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sun Sep 27 2020 Kevin Fenzi <kevin@scrye.com> - 1.3.0-7
- Update to 1.3.0. Fixes bug #1769415
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1.2.0-6
- Rebuilt for Python 3.9
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1.2.0-4
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1.2.0-3
- Rebuilt for Python 3.8
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Jun 29 2019 Kevin Fenzi <kevin@scrye.com> - 1.2.0-1
- Update to 1.2.0. Fixes bug #1697439
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jul 30 2018 <jdennis@redhat.com> - 1.0.0-1
- upgrade to new upstream release 1.0.0
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 10 2018 <jdennis@redhat.com> - 0.8.0-6
- Unify Fedora/RHEL py2/py3 logic
* Wed May 16 2018 Charalampos Stratakis <cstratak@redhat.com> - 0.8.0-5
- Conditionalize the python2 subpackage
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.8.0-5
- Rebuilt for Python 3.7
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (v1.3.0.tar.gz) = 0eebd209dad892567de7d37f1482b5c7523eced3a73a68054674b29447d090c885b2388fd6f2db26436f14098833051c8888ace8b137889a4012e010efb0e86b