py2/py3: import from six.moves.

65a3692f · Kazuhiko Shiozaki · Arnaud Fontaine · 1848b1d6 · 65a3692f · 65a3692f
Commit 65a3692f authored Oct 19, 2022 by Kazuhiko Shiozaki Committed by Arnaud Fontaine Jul 06, 2024
9 changed files
--- a/bt5/erp5_oauth2_authorisation/DocumentTemplateItem/portal_components/document.erp5.OAuth2AuthorisationServerConnector.py
+++ b/bt5/erp5_oauth2_authorisation/DocumentTemplateItem/portal_components/document.erp5.OAuth2AuthorisationServerConnector.py
@@ -31,8 +31,7 @@ from io import BytesIO
 import json
 from os import urandom
 from time import time
-import urllib
-import urlparse
+from six.moves.urllib.parse import parse_qsl, urlencode, urlsplit, urlunsplit
 import uuid
 from cryptography.hazmat.backends import default_backend
 from cryptography import fernet
@@ -145,7 +144,7 @@ def substituteRequest(
  environ = request.environ
  inner_environ_dict = environ.copy()
  inner_environ_dict['REQUEST_METHOD'] = method
-  inner_environ_dict['QUERY_STRING'] = urllib.urlencode(query_list)
+  inner_environ_dict['QUERY_STRING'] = urlencode(query_list)
  if request._auth:
    inner_environ_dict['HTTP_AUTHORIZATION'] = request._auth

@@ -256,18 +255,18 @@ class _ERP5AuthorisationEndpoint(AuthorizationEndpoint):
        if is_local_client and self.__login_retry_url:
          # ...with a local resource server, redirect user agent to
          # the provided login URL.
-          split_login_retry_url = urlparse.urlsplit(self.__login_retry_url)
+          split_login_retry_url = urlsplit(self.__login_retry_url)
          return (
            (
              (
                'Location',
-                urlparse.urlunsplit((
+                urlunsplit((
                  split_login_retry_url.scheme,
                  split_login_retry_url.netloc,
                  split_login_retry_url.path,
-                  urllib.urlencode([
+                  urlencode([
                    (x, y)
-                    for x, y in urlparse.parse_qsl(split_login_retry_url.query)
+                    for x, y in parse_qsl(split_login_retry_url.query)
                    if x != 'portal_status_message'
                  ] + [(
                    'portal_status_message',
@@ -299,7 +298,7 @@ class _ERP5AuthorisationEndpoint(AuthorizationEndpoint):
        credentials=credentials,
      )
      if authorization_status == 302 and is_local_client:
-        split_location = urlparse.urlsplit(authorization_header_dict['Location'])
+        split_location = urlsplit(authorization_header_dict['Location'])
        # XXX: to cut down on code complexity, this code has strong expectations on what location is.
        _, client_connector_id, method_id = split_location.path.rsplit('/', 2)
        if method_id != 'loggedIn':
@@ -307,7 +306,7 @@ class _ERP5AuthorisationEndpoint(AuthorizationEndpoint):
        client_connector_value = client_value.getParentValue().getParentValue()[client_connector_id]
        if client_connector_value.getPortalType() != 'OAuth2 Authorisation Client Connector':
          raise ValueError(split_location.path)
-        query_list = urlparse.parse_qsl(split_location.query)
+        query_list = parse_qsl(split_location.query)
        # Note: query string generation should not have produce any duplicate
        # entries, so convert into a dict for code simplicity.
        query_dict = {
@@ -385,7 +384,7 @@ class _ERP5AuthorisationEndpoint(AuthorizationEndpoint):
            # Use the internal path back to us so it can be traversed to while
            # still in the just-authenticated request.
            (
-              self.__server_connector_path + '?' + urlparse.urlsplit(uri).query
+              self.__server_connector_path + '?' + urlsplit(uri).query
            ) if is_local_client else
            # Use the external URL back to us so user can be redirected to it,
            # as they are then authenticated over multiple requests.
@@ -407,8 +406,8 @@ class _ERP5AuthorisationEndpoint(AuthorizationEndpoint):
            login_form = neutral_context_value.login_form
          portal_status_message_list = [
            value
-            for name, value in urlparse.parse_qsl(
-              urlparse.urlsplit(came_from).query,
+            for name, value in parse_qsl(
+              urlsplit(came_from).query,
            )
            if name == 'portal_status_message'
          ]
@@ -763,8 +762,8 @@ class _ERP5RequestValidator(RequestValidator):
      # redirect_uri path, but it may be under an extra layer of VirtualHost Monster
      # magic.
      # Client is declared local, accept any redirect URI on our scheme and netloc.
-      split_my_url = urlparse.urlsplit(client_value.absolute_url())
-      split_redirect_uri = urlparse.urlsplit(redirect_uri)
+      split_my_url = urlsplit(client_value.absolute_url())
+      split_redirect_uri = urlsplit(redirect_uri)
      return (
        split_my_url.scheme == split_redirect_uri.scheme and
        split_my_url.netloc == split_redirect_uri.netloc
@@ -854,7 +853,7 @@ def _callEndpoint(endpoint, self, REQUEST):
  if request_body is None and content_type == 'application/x-www-form-urlencoded':
    # XXX: very imperfect, but should be good enough for OAuth2 usage:
    # no standard OAuth2 POST field should be marshalled by Zope.
-    request_body = urllib.urlencode([
+    request_body = urlencode([
      (x, y)
      for x, y in six.iteritems(REQUEST.form)
      if isinstance(y, six.string_types)

--- a/bt5/erp5_oauth2_authorisation/SkinTemplateItem/portal_skins/erp5_oauth2_authorisation/ERP5Site_getClientIdFromLoginOnceCameFrom.py
+++ b/bt5/erp5_oauth2_authorisation/SkinTemplateItem/portal_skins/erp5_oauth2_authorisation/ERP5Site_getClientIdFromLoginOnceCameFrom.py
@@ -6,14 +6,14 @@ Once the user is authenticated, the same value can be accessed with:
  from AccessControl import getSecurityManager
  getSecurityManager().getUser().getClientId()
 """
-import urlparse
+from six.moves.urllib.parse import parse_qsl, urlsplit
 # The came_from for login_once_form is special: it has no scheme, no netloc, a path and a query.
 # Verify this so caller knows if they are providing the wrong value.
 if not context.ERP5Site_isOAuth2CameFrom(came_from=came_from):
  raise ValueError
 result, = [
  value
-  for name, value in urlparse.parse_qsl(urlparse.urlsplit(came_from).query)
+  for name, value in parse_qsl(urlsplit(came_from).query)
  if name == 'client_id'
 ]
 return result
--- a/bt5/erp5_oauth2_authorisation/SkinTemplateItem/portal_skins/erp5_oauth2_authorisation/ERP5Site_isOAuth2CameFrom.py
+++ b/bt5/erp5_oauth2_authorisation/SkinTemplateItem/portal_skins/erp5_oauth2_authorisation/ERP5Site_isOAuth2CameFrom.py
@@ -2,8 +2,8 @@
 OAuth2's /authorize endpoint produces a very specific format of came_from, with very specific meaning (not a real URL).
 This script returns True value if given such came_from, and False otherwise.
 """
-import urlparse
-parsed_came_from = urlparse.urlsplit(came_from)
+from six.moves.urllib.parse import urlsplit
+parsed_came_from = urlsplit(came_from)
 return bool(
  not parsed_came_from.scheme and
  not parsed_came_from.netloc and

--- a/bt5/erp5_oauth2_authorisation/SkinTemplateItem/portal_skins/erp5_oauth2_authorisation/ERP5Site_retryOAuth2Authorisation.py
+++ b/bt5/erp5_oauth2_authorisation/SkinTemplateItem/portal_skins/erp5_oauth2_authorisation/ERP5Site_retryOAuth2Authorisation.py
@@ -3,16 +3,16 @@
 Retry calling /authorize using the values in came_from
 (which a previous call to /authorize generated, and is not a traditional came_from).
 """
-import urlparse
+from six.moves.urllib.parse import parse_qsl, urlsplit
 from erp5.component.document.OAuth2AuthorisationServerConnector import substituteRequest
 if not context.ERP5Site_isOAuth2CameFrom(came_from):
  # came_from is broken, there is no way to call /authorize , so escape to wherever.
  context.Base_redirect()
  return
-parsed_came_from = urlparse.urlsplit(came_from)
+parsed_came_from = urlsplit(came_from)
 query_list = [
  (key, value)
-  for key, value in urlparse.parse_qsl(parsed_came_from.query)
+  for key, value in parse_qsl(parsed_came_from.query)
  if key != 'portal_status_message'
 ]
 if portal_status_message is not None:

--- a/bt5/erp5_oauth2_authorisation/SkinTemplateItem/portal_skins/erp5_oauth2_authorisation/logged_in_once.py
+++ b/bt5/erp5_oauth2_authorisation/SkinTemplateItem/portal_skins/erp5_oauth2_authorisation/logged_in_once.py
@@ -3,7 +3,7 @@
 Similar to logged_in, but user authentication will only last for current request if nothing else is done.
 So came_from must be honoured within the current request, and not redirected to.
 """
-import urlparse
+from six.moves.urllib.parse import parse_qsl, urlsplit
 from erp5.component.document.OAuth2AuthorisationServerConnector import substituteRequest
 portal = context.getPortalObject()
 if portal.portal_skins.updateSkinCookie():
@@ -28,7 +28,7 @@ if not came_from or not context.ERP5Site_isOAuth2CameFrom(came_from):
  # came_from is broken, there is no way to call authorize, so escape to wherever.
  context.Base_redirect()
  return
-parsed_came_from = urlparse.urlsplit(came_from)
+parsed_came_from = urlsplit(came_from)
 # Turn the ZODB path from came_from into a relative URL and base it on context (and not portal) to
 # work as expected from within Web Sites without Virtual Host Monster relocating them above portal.
 connector_value = context.restrictedTraverse(parsed_came_from.path.lstrip('/'))
@@ -40,7 +40,7 @@ if (
  return
 # Note: query string generation should not have produce any duplicate
 # entries, so directly use to update form dict for code simplicity.
-form = dict(urlparse.parse_qsl(parsed_came_from.query))
+form = dict(parse_qsl(parsed_came_from.query))
 login_retry_url = REQUEST.form.get('login_retry_url')
 if login_retry_url is not None:
  form['login_retry_url'] = login_retry_url

--- a/bt5/erp5_oauth2_resource/DocumentTemplateItem/portal_components/document.erp5.OAuth2AuthorisationClientConnector.py
+++ b/bt5/erp5_oauth2_resource/DocumentTemplateItem/portal_components/document.erp5.OAuth2AuthorisationClientConnector.py
@@ -31,13 +31,12 @@ import email.utils
 import functools
 import hashlib
 import hmac
-import httplib
+from six.moves.http_client import HTTPConnection, HTTPSConnection
 import json
 from os import urandom
 import random
 from time import time
-import urllib
-import urlparse
+from six.moves.urllib.parse import urlencode, urljoin, urlparse
 import ssl
 from AccessControl import (
  ClassSecurityInfo,
@@ -191,7 +190,7 @@ class _OAuth2AuthorisationServerProxy(object):
    ca_certificate_pem,
    insecure,
  ):
-    scheme = urlparse.urlsplit(authorisation_server_url).scheme
+    scheme = urlsplit(authorisation_server_url).scheme
    if scheme != 'https' and not insecure:
      raise ValueError('Only https access to Authorisation Server is allowed')
    self._scheme = scheme
@@ -210,7 +209,7 @@ class _OAuth2AuthorisationServerProxy(object):

  def _query(self, method_id, body, header_dict=()):
    plain_url = self._authorisation_server_url + '/' + method_id
-    parsed_url = urlparse.urlparse(plain_url)
+    parsed_url = urlparse(plain_url)
    if self._scheme == 'https':
      ssl_context = ssl.create_default_context(
        cadata=self._ca_certificate_pem,
@@ -222,11 +221,11 @@ class _OAuth2AuthorisationServerProxy(object):
        ssl_context.verify_mode = ssl.CERT_REQUIRED
        ssl_context.check_hostname = True
      Connection = functools.partial(
-        httplib.HTTPSConnection,
+        HTTPSConnection,
        context=ssl_context,
      )
    else:
-      Connection = httplib.HTTPConnection
+      Connection = HTTPConnection
    timeout = getTimeLeft()
    if timeout is None or timeout > self._timeout:
      timeout = self._timeout
@@ -256,7 +255,7 @@ class _OAuth2AuthorisationServerProxy(object):
  def _queryERP5(self, method_id, kw=()):
    header_dict, body, status = self._query(
      method_id=method_id,
-      body=urllib.urlencode(kw),
+      body=urlencode(kw),
      header_dict={
        'Accept': 'application/json;charset=UTF-8',
        'Content-Type': 'application/x-www-form-urlencoded',
@@ -274,7 +273,7 @@ class _OAuth2AuthorisationServerProxy(object):
  def _queryOAuth2(self, method, REQUEST, RESPONSE):
    header_dict, body, status = self._query(
      method,
-      body=urllib.urlencode(REQUEST.form.items()),
+      body=urlencode(REQUEST.form.items()),
      header_dict={
        'CONTENT_TYPE': REQUEST.environ['CONTENT_TYPE'],
      },
@@ -377,7 +376,7 @@ class OAuth2AuthorisationClientConnector(
    if '/' in authorisation_server_url:
      # Remote Authorisation Server
      return _OAuth2AuthorisationServerProxy(
-        authorisation_server_url=urlparse.urljoin(
+        authorisation_server_url=urljoin(
          # In case authorisation_server_url contains slashes but is still
          # relative (to the scheme or to the netloc - path-relative is not
          # supported by urljoin)
@@ -474,7 +473,7 @@ class OAuth2AuthorisationClientConnector(
    assert inner_response.status == 200
    access_token = oauth2_response['access_token']
    refresh_token = oauth2_response.get('refresh_token')
-    parsed_actual_url = urlparse.urlparse(request.other.get('ACTUAL_URL'))
+    parsed_actual_url = urlparse(request.other.get('ACTUAL_URL'))
    same_site = self.ERP5Site_getAuthCookieSameSite(
      scheme=parsed_actual_url.scheme,
      hostname=parsed_actual_url.hostname,
@@ -712,8 +711,8 @@ class OAuth2AuthorisationClientConnector(
    # came_from is what the user was trying to do just before they ended up
    # here, so we can redirect them there once they are authenticated.
    if came_from:
-      parsed_came_from = urlparse.urlparse(came_from)
-      parsed_redirect_uri = urlparse.urlparse(redirect_uri)
+      parsed_came_from = urlparse(came_from)
+      parsed_redirect_uri = urlparse(redirect_uri)
      if (
        parsed_came_from.scheme != parsed_redirect_uri.scheme or
        parsed_came_from.netloc != parsed_redirect_uri.netloc
@@ -829,7 +828,7 @@ class OAuth2AuthorisationClientConnector(
        'Location',
        self._getAuthorisationServerValue(
          REQUEST=REQUEST,
-        ).absolute_url() + '/authorize?' + urllib.urlencode(query_list),
+        ).absolute_url() + '/authorize?' + urlencode(query_list),
      )
    else:
      # Provide the current URL to authorize, so that it can redirect the

--- a/bt5/erp5_oauth2_resource/SkinTemplateItem/portal_skins/erp5_oauth2_resource/ERP5Site_preventLoginAttemptRetry.py
+++ b/bt5/erp5_oauth2_resource/SkinTemplateItem/portal_skins/erp5_oauth2_resource/ERP5Site_preventLoginAttemptRetry.py
@@ -3,17 +3,16 @@ Modify given URL so that the resulting one prevents further login attempts when

 Useful to break redirection loops.
 """
-import urllib
-import urlparse
+from six.moves.urllib.parse import parse_qsl, urlencode, urlsplit, urlunsplit
 PARAMETER_NAME = 'disable_cookie_login__'
-parsed_url = urlparse.urlsplit(url)
-return urlparse.urlunsplit((
+parsed_url = urlsplit(url)
+return urlunsplit((
  parsed_url.scheme,
  parsed_url.netloc,
  parsed_url.path,
-  urllib.urlencode([
+  urlencode([
    (x, y)
-    for x, y in urlparse.parse_qsl(parsed_url.query)
+    for x, y in parse_qsl(parsed_url.query)
    if x != PARAMETER_NAME
  ] + [
    (PARAMETER_NAME, '1'),

--- a/bt5/erp5_web_renderjs_ui/SkinTemplateItem/portal_skins/erp5_web_renderjs_ui/login_form.py
+++ b/bt5/erp5_web_renderjs_ui/SkinTemplateItem/portal_skins/erp5_web_renderjs_ui/login_form.py
 # Short-circuit old (pre-oauth2) web-mode "login_form"s
-import urllib
+from six.moves.urllib.parse import urlencode
 web_section_value = context.getWebSectionValue()
 client_id = context.getPortalObject().ERP5Site_getOAuth2ClientConnectorClientId(
  connector_id=(
@@ -13,7 +13,7 @@ if client_id is None:
  return context.login_once_form(has_oauth2=False)
 if came_from:
  # Make the user go through WebSite_login after authentication, so it does its url de-templatification magic
-  came_from = context.absolute_url() + '/WebSite_login?' + urllib.urlencode((('came_from', came_from), ))
+  came_from = context.absolute_url() + '/WebSite_login?' + urlencode((('came_from', came_from), ))
 return context.skinSuper('erp5_web_renderjs_ui', script.id)(
  REQUEST=REQUEST,
  RESPONSE=RESPONSE,

--- a/bt5/erp5_web_service/MixinTemplateItem/portal_components/mixin.erp5.RESTAPIClientConnectorMixin.py
+++ b/bt5/erp5_web_service/MixinTemplateItem/portal_components/mixin.erp5.RESTAPIClientConnectorMixin.py
@@ -26,10 +26,11 @@
 #
 ##############################################################################
 import time
-import urlparse
 import ssl
-import httplib
 import json
+from six.moves.http_client import HTTPSConnection
+from six.moves.urllib.parse import urlparse
+from six import string_types as basestring
 from Products.ERP5Type.Timeout import getTimeLeft
 from contextlib import contextmanager
 from Products.ERP5Type.XMLObject import XMLObject
@@ -106,7 +107,7 @@ class RESTAPIClientConnectorMixin(XMLObject):
      header_dict['content-type'] = 'application/json'
      body = json.dumps(body)
    plain_url = self.getBaseUrl().rstrip('/') + '/' + path.lstrip('/')
-    parsed_url = urlparse.urlparse(plain_url)
+    parsed_url = urlparse(plain_url)
    ssl_context = ssl.create_default_context(
      cadata=self.getCaCertificatePem(),
    )
@@ -116,7 +117,7 @@ class RESTAPIClientConnectorMixin(XMLObject):
    if bind_address:
      bind_address = (bind_address, 0)
    time_left_before_timeout = getTimeLeft()
-    http_connection = httplib.HTTPSConnection(
+    http_connection = HTTPSConnection(
      host=parsed_url.hostname,
      port=parsed_url.port,
      strict=True,
@@ -185,7 +186,7 @@ class RESTAPIClientConnectorMixin(XMLObject):
      with time_tracker('call'), Deadline(timeout):
        # Limit numbers of retries, in case the authentication API succeeds
        # but the token is not usable.
-        for _ in xrange(2):
+        for _ in range(2):
          with time_tracker('token'):
            access_token = self._getAccessToken()
            if access_token is not None: