fixup! fixup! oauth2_authorisation: py3

8120d73b · Jérome Perrin · 5ea407ba · 8120d73b · 8120d73b · 8120d73b
Commit 8120d73b authored Apr 19, 2024 by Jérome Perrin
5 changed files
--- a/bt5/erp5_oauth2_authorisation/DocumentTemplateItem/portal_components/document.erp5.OAuth2AuthorisationServerConnector.py
+++ b/bt5/erp5_oauth2_authorisation/DocumentTemplateItem/portal_components/document.erp5.OAuth2AuthorisationServerConnector.py
@@ -554,7 +554,7 @@ class _ERP5RequestValidator(RequestValidator):
        return token_callable(**kw)
      except jwt.InvalidTokenError:
        pass
-    raise
+    raise  # pylint:disable=misplaced-bare-raise

  def client_authentication_required(self, request, *args, **kwargs):
    # Use this method, which is called early on most endpoints, to setup request.client .
@@ -1288,7 +1288,7 @@ class OAuth2AuthorisationServerConnector(XMLObject):
          ensure_ascii(token_dict[JWT_PAYLOAD_KEY]),
        )
        return token_dict
-    raise
+    raise  # pylint:disable=misplaced-bare-raise

  def _getRefreshTokenDict(self, value, request):
    for _, algorithm, symetric_key in self.__getRefreshTokenKeyList():
@@ -1310,7 +1310,7 @@ class OAuth2AuthorisationServerConnector(XMLObject):
        continue
      else:
        return token_dict
-    raise
+    raise  # pylint:disable=misplaced-bare-raise

  def _checkCustomTokenPolicy(self, token, request):
    """
@@ -1370,7 +1370,7 @@ class OAuth2AuthorisationServerConnector(XMLObject):
        continue
      else:
        return token_dict['iss']
-    raise
+    raise  # pylint:disable=misplaced-bare-raise

  security.declarePrivate('getRefreshTokenClientId')
  def getRefreshTokenClientId(self, value, request):
@@ -1396,7 +1396,7 @@ class OAuth2AuthorisationServerConnector(XMLObject):
        continue
      else:
        return token_dict['iss']
-    raise
+    raise  # pylint:disable=misplaced-bare-raise

  def _getSessionValueFromTokenDict(self, token_dict):
    session_value = self._getSessionValue(

--- a/bt5/erp5_oauth2_authorisation/TestTemplateItem/portal_components/test.erp5.testOAuth2Server.py
+++ b/bt5/erp5_oauth2_authorisation/TestTemplateItem/portal_components/test.erp5.testOAuth2Server.py
@@ -43,6 +43,7 @@ import random
 import pprint
 from time import time
 import unittest
+import six.moves.urllib as urllib
 from six.moves.urllib.parse import parse_qsl, quote, urlencode, urlsplit, urlunsplit
 from AccessControl.SecurityManagement import getSecurityManager, setSecurityManager
 from DateTime import DateTime
@@ -69,12 +70,13 @@ _HTML_FIELD_TAG_SET = {
  # Very incomplete, but enough for this tests' purpose: ignores "select"s...
 }
 class FormExtractor(HTMLParser):
+  # pylint:disable=abstract-method
  def reset(self):
    self.__in_form = False
    self.form_list = []
    HTMLParser.reset(self)

-  def handle_starttag(self, tag, attribute_item_list):
+  def handle_starttag(self, tag, attribute_item_list): # pylint:disable=arguments-renamed
    attr_dict = dict(attribute_item_list)
    if tag == 'form':
      assert not self.__in_form
@@ -91,6 +93,7 @@ class FormExtractor(HTMLParser):
      self.__in_form = False

 class TestOAuth2(ERP5TypeTestCase):
+  # pylint:disable=unused-private-member
  __cleanup_list = None
  __port = None
  __query_trace = None
@@ -428,7 +431,7 @@ class TestOAuth2(ERP5TypeTestCase):
          cookie_value, cookie_attributes = cookie_body.split(';', 1)
          cookie_value = cookie_value.strip('"')
          cookie_value_dict = {
-            'value': six.moves.urllib.parse.unquote(cookie_value),
+            'value': urllib.parse.unquote(cookie_value),
          }
          for cookie_attribute in cookie_attributes.split(';'):
            cookie_attribute = cookie_attribute.lstrip()
@@ -497,7 +500,7 @@ class TestOAuth2(ERP5TypeTestCase):
        b'',
        # XXX: Tolerate the redirect URL being returned in the body.
        # This is a bug, body should really be empty.
-        header_dict.get('location', b''),
+        str2bytes(header_dict.get('location', '')),
      ),
    )
    parsed_location = urlsplit(header_dict.get('location', ''))

--- a/bt5/erp5_oauth2_resource/DocumentTemplateItem/portal_components/document.erp5.OAuth2AuthorisationClientConnector.py
+++ b/bt5/erp5_oauth2_resource/DocumentTemplateItem/portal_components/document.erp5.OAuth2AuthorisationClientConnector.py
@@ -227,13 +227,16 @@ class _OAuth2AuthorisationServerProxy(object):
      )
    else:
      Connection = HTTPConnection
+    if six.PY2:
+      # Changed in version 3.4: The strict parameter was removed.
+      # HTTP 0.9-style “Simple Responses” are no longer supported.
+      Connection = functools.partial(Connection, strict=True)
    timeout = getTimeLeft()
    if timeout is None or timeout > self._timeout:
      timeout = self._timeout
    http_connection = Connection(
      host=parsed_url.hostname,
      port=parsed_url.port,
-      strict=True,
      timeout=timeout,
      source_address=self._bind_address,
    )
@@ -274,7 +277,7 @@ class _OAuth2AuthorisationServerProxy(object):
  def _queryOAuth2(self, method, REQUEST, RESPONSE):
    header_dict, body, status = self._query(
      method,
-      body=urlencode(REQUEST.form.items()),
+      body=urlencode(REQUEST.form),
      header_dict={
        'CONTENT_TYPE': REQUEST.environ['CONTENT_TYPE'],
      },
@@ -864,7 +867,7 @@ class OAuth2AuthorisationClientConnector(
    try:
      state_dict = json.loads(
        self.__getMultiFernet().decrypt(
-          state,
+          str2bytes(state),
          ttl=self._SESSION_STATE_VALIDITY,
        ),
      )

--- a/product/ERP5/ERP5Site.py
+++ b/product/ERP5/ERP5Site.py
@@ -46,6 +46,7 @@ from Products.ERP5Type.TransactionalVariable import \
  getTransactionalVariable, TransactionalResource
 from Products.ERP5Type.dynamic.portal_type_class import synchronizeDynamicModules
 from Products.ERP5Type.mixin.response_header_generator import ResponseHeaderGenerator
+from Products.ERP5Type.Utils import str2bytes, bytes2str

 from zLOG import LOG, INFO, WARNING, ERROR
 from zExceptions import BadRequest
@@ -248,10 +249,10 @@ class AutorisationExtractorBeforeTraverseHook(object):
      ERP5_AUTHORISATION_EXTRACTOR_PASSWORD_NAME in form_dict
    ):
      username = form_dict[ERP5_AUTHORISATION_EXTRACTOR_USERNAME_NAME]
-      request._auth = 'Basic ' + base64.b64encode('%s:%s' % (
+      request._auth = 'Basic ' + bytes2str(base64.b64encode(str2bytes('%s:%s' % (
        username,
        form_dict[ERP5_AUTHORISATION_EXTRACTOR_PASSWORD_NAME],
-      ))
+      ))))
      request.response._auth = 1
      _setUserNameForAccessLog(username, request)


--- a/product/ERP5Security/ERP5OAuth2ResourceServerPlugin.py
+++ b/product/ERP5Security/ERP5OAuth2ResourceServerPlugin.py
@@ -48,7 +48,7 @@ from Products.PluggableAuthService.interfaces.plugins import (
 )
 from Products.ERP5Security import _setUserNameForAccessLog
 from Products.ERP5Type.Globals import InitializeClass
-from Products.ERP5Type.Utils import bytes2str, str2bytes, unicode2str
+from Products.ERP5Type.Utils import bytes2str, str2bytes, str2unicode, unicode2str

 # Public constants. Must not change once deployed.

@@ -426,7 +426,7 @@ class ERP5OAuth2ResourceServerPlugin(BasePlugin):
    The schema of this dictionary is purely an internal implementation detail
    of this plugin.
    """
-    client_address = request.getClientAddr().decode('utf-8')
+    client_address = str2unicode(request.getClientAddr())
    token = self.__checkTokenSignature(access_token)
    if token is None and can_update_key:
      self.__updateAccessTokenSignatureKeyList(request=request)