Plex plugin to to play various online streams (mostly Latvian).

auth.py 8.0KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252
  1. # -*- coding: utf-8 -*-
  2. """
  3. requests.auth
  4. ~~~~~~~~~~~~~
  5. This module contains the authentication handlers for Requests.
  6. """
  7. import os
  8. import re
  9. import time
  10. import hashlib
  11. import threading
  12. from base64 import b64encode
  13. from .compat import urlparse, str
  14. from .cookies import extract_cookies_to_jar
  15. from .utils import parse_dict_header, to_native_string
  16. from .status_codes import codes
  17. CONTENT_TYPE_FORM_URLENCODED = 'application/x-www-form-urlencoded'
  18. CONTENT_TYPE_MULTI_PART = 'multipart/form-data'
  19. def _basic_auth_str(username, password):
  20. """Returns a Basic Auth string."""
  21. authstr = 'Basic ' + to_native_string(
  22. b64encode(('%s:%s' % (username, password)).encode('latin1')).strip()
  23. )
  24. return authstr
  25. class AuthBase(object):
  26. """Base class that all auth implementations derive from"""
  27. def __call__(self, r):
  28. raise NotImplementedError('Auth hooks must be callable.')
  29. class HTTPBasicAuth(AuthBase):
  30. """Attaches HTTP Basic Authentication to the given Request object."""
  31. def __init__(self, username, password):
  32. self.username = username
  33. self.password = password
  34. def __eq__(self, other):
  35. return all([
  36. self.username == getattr(other, 'username', None),
  37. self.password == getattr(other, 'password', None)
  38. ])
  39. def __ne__(self, other):
  40. return not self == other
  41. def __call__(self, r):
  42. r.headers['Authorization'] = _basic_auth_str(self.username, self.password)
  43. return r
  44. class HTTPProxyAuth(HTTPBasicAuth):
  45. """Attaches HTTP Proxy Authentication to a given Request object."""
  46. def __call__(self, r):
  47. r.headers['Proxy-Authorization'] = _basic_auth_str(self.username, self.password)
  48. return r
  49. class HTTPDigestAuth(AuthBase):
  50. """Attaches HTTP Digest Authentication to the given Request object."""
  51. def __init__(self, username, password):
  52. self.username = username
  53. self.password = password
  54. # Keep state in per-thread local storage
  55. self._thread_local = threading.local()
  56. def init_per_thread_state(self):
  57. # Ensure state is initialized just once per-thread
  58. if not hasattr(self._thread_local, 'init'):
  59. self._thread_local.init = True
  60. self._thread_local.last_nonce = ''
  61. self._thread_local.nonce_count = 0
  62. self._thread_local.chal = {}
  63. self._thread_local.pos = None
  64. self._thread_local.num_401_calls = None
  65. def build_digest_header(self, method, url):
  66. """
  67. :rtype: str
  68. """
  69. realm = self._thread_local.chal['realm']
  70. nonce = self._thread_local.chal['nonce']
  71. qop = self._thread_local.chal.get('qop')
  72. algorithm = self._thread_local.chal.get('algorithm')
  73. opaque = self._thread_local.chal.get('opaque')
  74. hash_utf8 = None
  75. if algorithm is None:
  76. _algorithm = 'MD5'
  77. else:
  78. _algorithm = algorithm.upper()
  79. # lambdas assume digest modules are imported at the top level
  80. if _algorithm == 'MD5' or _algorithm == 'MD5-SESS':
  81. def md5_utf8(x):
  82. if isinstance(x, str):
  83. x = x.encode('utf-8')
  84. return hashlib.md5(x).hexdigest()
  85. hash_utf8 = md5_utf8
  86. elif _algorithm == 'SHA':
  87. def sha_utf8(x):
  88. if isinstance(x, str):
  89. x = x.encode('utf-8')
  90. return hashlib.sha1(x).hexdigest()
  91. hash_utf8 = sha_utf8
  92. KD = lambda s, d: hash_utf8("%s:%s" % (s, d))
  93. if hash_utf8 is None:
  94. return None
  95. # XXX not implemented yet
  96. entdig = None
  97. p_parsed = urlparse(url)
  98. #: path is request-uri defined in RFC 2616 which should not be empty
  99. path = p_parsed.path or "/"
  100. if p_parsed.query:
  101. path += '?' + p_parsed.query
  102. A1 = '%s:%s:%s' % (self.username, realm, self.password)
  103. A2 = '%s:%s' % (method, path)
  104. HA1 = hash_utf8(A1)
  105. HA2 = hash_utf8(A2)
  106. if nonce == self._thread_local.last_nonce:
  107. self._thread_local.nonce_count += 1
  108. else:
  109. self._thread_local.nonce_count = 1
  110. ncvalue = '%08x' % self._thread_local.nonce_count
  111. s = str(self._thread_local.nonce_count).encode('utf-8')
  112. s += nonce.encode('utf-8')
  113. s += time.ctime().encode('utf-8')
  114. s += os.urandom(8)
  115. cnonce = (hashlib.sha1(s).hexdigest()[:16])
  116. if _algorithm == 'MD5-SESS':
  117. HA1 = hash_utf8('%s:%s:%s' % (HA1, nonce, cnonce))
  118. if not qop:
  119. respdig = KD(HA1, "%s:%s" % (nonce, HA2))
  120. elif qop == 'auth' or 'auth' in qop.split(','):
  121. noncebit = "%s:%s:%s:%s:%s" % (
  122. nonce, ncvalue, cnonce, 'auth', HA2
  123. )
  124. respdig = KD(HA1, noncebit)
  125. else:
  126. # XXX handle auth-int.
  127. return None
  128. self._thread_local.last_nonce = nonce
  129. # XXX should the partial digests be encoded too?
  130. base = 'username="%s", realm="%s", nonce="%s", uri="%s", ' \
  131. 'response="%s"' % (self.username, realm, nonce, path, respdig)
  132. if opaque:
  133. base += ', opaque="%s"' % opaque
  134. if algorithm:
  135. base += ', algorithm="%s"' % algorithm
  136. if entdig:
  137. base += ', digest="%s"' % entdig
  138. if qop:
  139. base += ', qop="auth", nc=%s, cnonce="%s"' % (ncvalue, cnonce)
  140. return 'Digest %s' % (base)
  141. def handle_redirect(self, r, **kwargs):
  142. """Reset num_401_calls counter on redirects."""
  143. if r.is_redirect:
  144. self._thread_local.num_401_calls = 1
  145. def handle_401(self, r, **kwargs):
  146. """
  147. Takes the given response and tries digest-auth, if needed.
  148. :rtype: requests.Response
  149. """
  150. if self._thread_local.pos is not None:
  151. # Rewind the file position indicator of the body to where
  152. # it was to resend the request.
  153. r.request.body.seek(self._thread_local.pos)
  154. s_auth = r.headers.get('www-authenticate', '')
  155. if 'digest' in s_auth.lower() and self._thread_local.num_401_calls < 2:
  156. self._thread_local.num_401_calls += 1
  157. pat = re.compile(r'digest ', flags=re.IGNORECASE)
  158. self._thread_local.chal = parse_dict_header(pat.sub('', s_auth, count=1))
  159. # Consume content and release the original connection
  160. # to allow our new request to reuse the same one.
  161. r.content
  162. r.close()
  163. prep = r.request.copy()
  164. extract_cookies_to_jar(prep._cookies, r.request, r.raw)
  165. prep.prepare_cookies(prep._cookies)
  166. prep.headers['Authorization'] = self.build_digest_header(
  167. prep.method, prep.url)
  168. _r = r.connection.send(prep, **kwargs)
  169. _r.history.append(r)
  170. _r.request = prep
  171. return _r
  172. self._thread_local.num_401_calls = 1
  173. return r
  174. def __call__(self, r):
  175. # Initialize per-thread state, if needed
  176. self.init_per_thread_state()
  177. # If we have a saved nonce, skip the 401
  178. if self._thread_local.last_nonce:
  179. r.headers['Authorization'] = self.build_digest_header(r.method, r.url)
  180. try:
  181. self._thread_local.pos = r.body.tell()
  182. except AttributeError:
  183. # In the case of HTTPDigestAuth being reused and the body of
  184. # the previous request was a file-like object, pos has the
  185. # file position of the previous body. Ensure it's set to
  186. # None.
  187. self._thread_local.pos = None
  188. r.register_hook('response', self.handle_401)
  189. r.register_hook('response', self.handle_redirect)
  190. self._thread_local.num_401_calls = 1
  191. return r
  192. def __eq__(self, other):
  193. return all([
  194. self.username == getattr(other, 'username', None),
  195. self.password == getattr(other, 'password', None)
  196. ])
  197. def __ne__(self, other):
  198. return not self == other