two version of R2R are here HEAD master

1 files changed, 400 insertions, 0 deletions

diff --git a/.venv/lib/python3.12/site-packages/oauthlib/oauth2/rfc6749/errors.py b/.venv/lib/python3.12/site-packages/oauthlib/oauth2/rfc6749/errors.py
new file mode 100644
index 00000000..da24feab
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/oauthlib/oauth2/rfc6749/errors.py
@@ -0,0 +1,400 @@
+"""
+oauthlib.oauth2.rfc6749.errors
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Error used both by OAuth 2 clients and providers to represent the spec
+defined error responses for all four core grant types.
+"""
+import json
+
+from oauthlib.common import add_params_to_uri, urlencode
+
+
+class OAuth2Error(Exception):
+    error = None
+    status_code = 400
+    description = ''
+
+    def __init__(self, description=None, uri=None, state=None,
+                 status_code=None, request=None):
+        """
+        :param description: A human-readable ASCII [USASCII] text providing
+                            additional information, used to assist the client
+                            developer in understanding the error that occurred.
+                            Values for the "error_description" parameter
+                            MUST NOT include characters outside the set
+                            x20-21 / x23-5B / x5D-7E.
+
+        :param uri: A URI identifying a human-readable web page with information
+                    about the error, used to provide the client developer with
+                    additional information about the error.  Values for the
+                    "error_uri" parameter MUST conform to the URI- Reference
+                    syntax, and thus MUST NOT include characters outside the set
+                    x21 / x23-5B / x5D-7E.
+
+        :param state: A CSRF protection value received from the client.
+
+        :param status_code:
+
+        :param request: OAuthlib request.
+        :type request: oauthlib.common.Request
+        """
+        if description is not None:
+            self.description = description
+
+        message = '({}) {}'.format(self.error, self.description)
+        if request:
+            message += ' ' + repr(request)
+        super().__init__(message)
+
+        self.uri = uri
+        self.state = state
+
+        if status_code:
+            self.status_code = status_code
+
+        if request:
+            self.redirect_uri = request.redirect_uri
+            self.client_id = request.client_id
+            self.scopes = request.scopes
+            self.response_type = request.response_type
+            self.response_mode = request.response_mode
+            self.grant_type = request.grant_type
+            if not state:
+                self.state = request.state
+        else:
+            self.redirect_uri = None
+            self.client_id = None
+            self.scopes = None
+            self.response_type = None
+            self.response_mode = None
+            self.grant_type = None
+
+    def in_uri(self, uri):
+        fragment = self.response_mode == "fragment"
+        return add_params_to_uri(uri, self.twotuples, fragment)
+
+    @property
+    def twotuples(self):
+        error = [('error', self.error)]
+        if self.description:
+            error.append(('error_description', self.description))
+        if self.uri:
+            error.append(('error_uri', self.uri))
+        if self.state:
+            error.append(('state', self.state))
+        return error
+
+    @property
+    def urlencoded(self):
+        return urlencode(self.twotuples)
+
+    @property
+    def json(self):
+        return json.dumps(dict(self.twotuples))
+
+    @property
+    def headers(self):
+        if self.status_code == 401:
+            """
+            https://tools.ietf.org/html/rfc6750#section-3
+
+            All challenges defined by this specification MUST use the auth-scheme
+            value "Bearer".  This scheme MUST be followed by one or more
+            auth-param values.
+            """
+            authvalues = ['error="{}"'.format(self.error)]
+            if self.description:
+                authvalues.append('error_description="{}"'.format(self.description))
+            if self.uri:
+                authvalues.append('error_uri="{}"'.format(self.uri))
+            return {"WWW-Authenticate": "Bearer " + ", ".join(authvalues)}
+        return {}
+
+
+class TokenExpiredError(OAuth2Error):
+    error = 'token_expired'
+
+
+class InsecureTransportError(OAuth2Error):
+    error = 'insecure_transport'
+    description = 'OAuth 2 MUST utilize https.'
+
+
+class MismatchingStateError(OAuth2Error):
+    error = 'mismatching_state'
+    description = 'CSRF Warning! State not equal in request and response.'
+
+
+class MissingCodeError(OAuth2Error):
+    error = 'missing_code'
+
+
+class MissingTokenError(OAuth2Error):
+    error = 'missing_token'
+
+
+class MissingTokenTypeError(OAuth2Error):
+    error = 'missing_token_type'
+
+
+class FatalClientError(OAuth2Error):
+    """
+    Errors during authorization where user should not be redirected back.
+
+    If the request fails due to a missing, invalid, or mismatching
+    redirection URI, or if the client identifier is missing or invalid,
+    the authorization server SHOULD inform the resource owner of the
+    error and MUST NOT automatically redirect the user-agent to the
+    invalid redirection URI.
+
+    Instead the user should be informed of the error by the provider itself.
+    """
+    pass
+
+
+class InvalidRequestFatalError(FatalClientError):
+    """
+    For fatal errors, the request is missing a required parameter, includes
+    an invalid parameter value, includes a parameter more than once, or is
+    otherwise malformed.
+    """
+    error = 'invalid_request'
+
+
+class InvalidRedirectURIError(InvalidRequestFatalError):
+    description = 'Invalid redirect URI.'
+
+
+class MissingRedirectURIError(InvalidRequestFatalError):
+    description = 'Missing redirect URI.'
+
+
+class MismatchingRedirectURIError(InvalidRequestFatalError):
+    description = 'Mismatching redirect URI.'
+
+
+class InvalidClientIdError(InvalidRequestFatalError):
+    description = 'Invalid client_id parameter value.'
+
+
+class MissingClientIdError(InvalidRequestFatalError):
+    description = 'Missing client_id parameter.'
+
+
+class InvalidRequestError(OAuth2Error):
+    """
+    The request is missing a required parameter, includes an invalid
+    parameter value, includes a parameter more than once, or is
+    otherwise malformed.
+    """
+    error = 'invalid_request'
+
+
+class MissingResponseTypeError(InvalidRequestError):
+    description = 'Missing response_type parameter.'
+
+
+class MissingCodeChallengeError(InvalidRequestError):
+    """
+    If the server requires Proof Key for Code Exchange (PKCE) by OAuth
+    public clients and the client does not send the "code_challenge" in
+    the request, the authorization endpoint MUST return the authorization
+    error response with the "error" value set to "invalid_request".  The
+    "error_description" or the response of "error_uri" SHOULD explain the
+    nature of error, e.g., code challenge required.
+    """
+    description = 'Code challenge required.'
+
+
+class MissingCodeVerifierError(InvalidRequestError):
+    """
+    The request to the token endpoint, when PKCE is enabled, has
+    the parameter `code_verifier` REQUIRED.
+    """
+    description = 'Code verifier required.'
+
+
+class AccessDeniedError(OAuth2Error):
+    """
+    The resource owner or authorization server denied the request.
+    """
+    error = 'access_denied'
+
+
+class UnsupportedResponseTypeError(OAuth2Error):
+    """
+    The authorization server does not support obtaining an authorization
+    code using this method.
+    """
+    error = 'unsupported_response_type'
+
+
+class UnsupportedCodeChallengeMethodError(InvalidRequestError):
+    """
+    If the server supporting PKCE does not support the requested
+    transformation, the authorization endpoint MUST return the
+    authorization error response with "error" value set to
+    "invalid_request".  The "error_description" or the response of
+    "error_uri" SHOULD explain the nature of error, e.g., transform
+    algorithm not supported.
+    """
+    description = 'Transform algorithm not supported.'
+
+
+class InvalidScopeError(OAuth2Error):
+    """
+    The requested scope is invalid, unknown, or malformed, or
+    exceeds the scope granted by the resource owner.
+
+    https://tools.ietf.org/html/rfc6749#section-5.2
+    """
+    error = 'invalid_scope'
+
+
+class ServerError(OAuth2Error):
+    """
+    The authorization server encountered an unexpected condition that
+    prevented it from fulfilling the request.  (This error code is needed
+    because a 500 Internal Server Error HTTP status code cannot be returned
+    to the client via a HTTP redirect.)
+    """
+    error = 'server_error'
+
+
+class TemporarilyUnavailableError(OAuth2Error):
+    """
+    The authorization server is currently unable to handle the request
+    due to a temporary overloading or maintenance of the server.
+    (This error code is needed because a 503 Service Unavailable HTTP
+    status code cannot be returned to the client via a HTTP redirect.)
+    """
+    error = 'temporarily_unavailable'
+
+
+class InvalidClientError(FatalClientError):
+    """
+    Client authentication failed (e.g. unknown client, no client
+    authentication included, or unsupported authentication method).
+    The authorization server MAY return an HTTP 401 (Unauthorized) status
+    code to indicate which HTTP authentication schemes are supported.
+    If the client attempted to authenticate via the "Authorization" request
+    header field, the authorization server MUST respond with an
+    HTTP 401 (Unauthorized) status code, and include the "WWW-Authenticate"
+    response header field matching the authentication scheme used by the
+    client.
+    """
+    error = 'invalid_client'
+    status_code = 401
+
+
+class InvalidGrantError(OAuth2Error):
+    """
+    The provided authorization grant (e.g. authorization code, resource
+    owner credentials) or refresh token is invalid, expired, revoked, does
+    not match the redirection URI used in the authorization request, or was
+    issued to another client.
+
+    https://tools.ietf.org/html/rfc6749#section-5.2
+    """
+    error = 'invalid_grant'
+    status_code = 400
+
+
+class UnauthorizedClientError(OAuth2Error):
+    """
+    The authenticated client is not authorized to use this authorization
+    grant type.
+    """
+    error = 'unauthorized_client'
+
+
+class UnsupportedGrantTypeError(OAuth2Error):
+    """
+    The authorization grant type is not supported by the authorization
+    server.
+    """
+    error = 'unsupported_grant_type'
+
+
+class UnsupportedTokenTypeError(OAuth2Error):
+    """
+    The authorization server does not support the hint of the
+    presented token type.  I.e. the client tried to revoke an access token
+    on a server not supporting this feature.
+    """
+    error = 'unsupported_token_type'
+
+
+class InvalidTokenError(OAuth2Error):
+    """
+    The access token provided is expired, revoked, malformed, or
+    invalid for other reasons.  The resource SHOULD respond with
+    the HTTP 401 (Unauthorized) status code.  The client MAY
+    request a new access token and retry the protected resource
+    request.
+    """
+    error = 'invalid_token'
+    status_code = 401
+    description = ("The access token provided is expired, revoked, malformed, "
+                   "or invalid for other reasons.")
+
+
+class InsufficientScopeError(OAuth2Error):
+    """
+    The request requires higher privileges than provided by the
+    access token.  The resource server SHOULD respond with the HTTP
+    403 (Forbidden) status code and MAY include the "scope"
+    attribute with the scope necessary to access the protected
+    resource.
+    """
+    error = 'insufficient_scope'
+    status_code = 403
+    description = ("The request requires higher privileges than provided by "
+                   "the access token.")
+
+
+class ConsentRequired(OAuth2Error):
+    """
+    The Authorization Server requires End-User consent.
+
+    This error MAY be returned when the prompt parameter value in the
+    Authentication Request is none, but the Authentication Request cannot be
+    completed without displaying a user interface for End-User consent.
+    """
+    error = 'consent_required'
+
+
+class LoginRequired(OAuth2Error):
+    """
+    The Authorization Server requires End-User authentication.
+
+    This error MAY be returned when the prompt parameter value in the
+    Authentication Request is none, but the Authentication Request cannot be
+    completed without displaying a user interface for End-User authentication.
+    """
+    error = 'login_required'
+
+
+class CustomOAuth2Error(OAuth2Error):
+    """
+    This error is a placeholder for all custom errors not described by the RFC.
+    Some of the popular OAuth2 providers are using custom errors.
+    """
+    def __init__(self, error, *args, **kwargs):
+        self.error = error
+        super().__init__(*args, **kwargs)
+
+
+def raise_from_error(error, params=None):
+    import inspect
+    import sys
+    kwargs = {
+        'description': params.get('error_description'),
+        'uri': params.get('error_uri'),
+        'state': params.get('state')
+    }
+    for _, cls in inspect.getmembers(sys.modules[__name__], inspect.isclass):
+        if cls.error == error:
+            raise cls(**kwargs)
+    raise CustomOAuth2Error(error=error, **kwargs)