U 'cih@s<ddddddgZddlZddlZddlZddlZddlZddlmZddl Z ddl Z ddl m Z m Z dd lmZmZddlZdd lmZmZdd lmZmZdd lmZmZmZmZeeZd dZddZ GdddZ!Gddde!Z"Gddde!Z#Gddde!Z$Gddde!Z%Gddde Z&e&fddZ'dS)SpotifyClientCredentials SpotifyOAuthSpotifyOauthErrorSpotifyStateErrorSpotifyImplicitGrant SpotifyPKCEN)BaseHTTPRequestHandler HTTPServer) parse_qslurlparse)CacheFileHandler CacheHandler)rr)CLIENT_CREDS_ENV_VARSREQUESTS_SESSION get_host_portnormalize_scopecCs0tt|d|d}dd|diS)N:ascii AuthorizationzBasic )base64 b64encodestrencodedecode) client_id client_secret auth_headerr2/tmp/pip-unpacked-wheel-5vxoxy0m/spotipy/oauth2.py_make_authorization_headerssrcCs<t|}|pt|}|dkr8d|d|d}t||S)NzNo z. Pass it or set a z environment variable.)rosgetenvr)valueZenv_keyZenv_valZ_valmsgrrr _ensure_value&s r$c@seZdZddZddZeddZejddZedd Zejd d Zed d Z e jd d Z e ddZ e ddZ e ddZ ddZddZdS)SpotifyAuthBasecCs:t|tjr||_n"|r$t|_nddlm}||_dS)Nr)api) isinstancerequestsSession_sessionr&)selfrequests_sessionr&rrr__init__0s    zSpotifyAuthBase.__init__cCst|SN)r)r+scoperrr_normalize_scope:sz SpotifyAuthBase._normalize_scopecCs|jSr.) _client_idr+rrrr=szSpotifyAuthBase.client_idcCst|d|_dS)Nr)r$r1r+valrrrrAscCs|jSr.)_client_secretr2rrrrEszSpotifyAuthBase.client_secretcCst|d|_dS)Nr)r$r5r3rrrrIscCs|jSr.) _redirect_urir2rrr redirect_uriMszSpotifyAuthBase.redirect_uricCst|d|_dS)Nr7)r$r6r3rrrr7QscCs,z t|WStk r&t|YSXdSr.) raw_input NameErrorinput)promptrrr_get_user_inputUs zSpotifyAuthBase._get_user_inputcCstt}|d|dkS)N expires_at<inttime) token_infonowrrris_token_expired\s z SpotifyAuthBase.is_token_expiredcCs4|rt|nt}|r&t|nt}||kSr.)setsplit)Z needle_scopeZhaystack_scoperrr_is_scope_subsetasz SpotifyAuthBase._is_scope_subsetcCsh|j}z |}|d}|d}Wn"tk rH|jp>d}d}YnXtd|d|||ddS)Nerrorerror_descriptionzerror: z, error_description: )rHrI)responsejsonget ValueErrortextr)r+ http_errorrJZ error_payloadrHrIrrr_handle_oauth_erroris   z#SpotifyAuthBase._handle_oauth_errorcCs&t|ddr"t|jtr"|jdS)z+Make sure the connection (pool) gets closedr*N)getattrr'r*rcloser2rrr__del__}szSpotifyAuthBase.__del__N)__name__ __module__ __qualname__r-r0propertyrsetterrr7 staticmethodr<rDrGrPrSrrrrr%/s,          r%cs<eZdZdZd fdd Zd ddZdd Zd d ZZS)r&https://accounts.spotify.com/api/tokenNTcsht|||_||_||_||_|r\t|jtsTt dt t |dt t||_ nt |_ dS)a[ Creates a Client Credentials Flow Manager. The Client Credentials flow is used in server-to-server authentication. Only endpoints that do not access user information can be accessed. This means that endpoints that require authorization scopes cannot be accessed. The advantage, however, of this authorization flow is that it does not require any user interaction You can either provide a client_id and client_secret to the constructor or set SPOTIPY_CLIENT_ID and SPOTIPY_CLIENT_SECRET environment variables Parameters: * client_id: Must be supplied or set as environment variable * client_secret: Must be supplied or set as environment variable * proxies: Optional, proxy for the requests library to route through * requests_session: A Requests session * requests_timeout: Optional, tell Requests to stop waiting for a response after a given number of seconds * cache_handler: An instance of the `CacheHandler` class to handle getting and saving cached authorization tokens. Optional, will otherwise use `CacheFileHandler`. (takes precedence over `cache_path` and `username`) 2cache_handler must be a subclass of CacheHandler:  != N)superr-rrproxiesrequests_timeout issubclass __class__r AssertionErrorrtype cache_handlerr )r+rrr^r,r_rdrarrr-s$ z!SpotifyClientCredentials.__init__cCsn|rtjdtdd|r@|j}|r@||s@|r8|S|dS|}||}|j||rf|S|dS)aI If a valid access token is in memory, returns it Else fetches a new token and returns it Parameters: - as_dict: (deprecated) a boolean indicating if returning the access token as a token_info dictionary, otherwise it will be returned as a string. You're using 'as_dict = True'.get_access_token will return the token string directly in future versions. Please adjust your code accordingly, or use get_cached_token instead. stacklevel access_token) warningswarnDeprecationWarningrdget_cached_tokenrD_request_access_token _add_custom_values_to_token_infosave_token_to_cache)r+as_dict check_cacherBrrrget_access_tokens     z)SpotifyClientCredentials.get_access_tokenc Csddi}t|j|j}td|jd|d|z4|jj|j||d|j|j d}| | }|WSt j jk r}z||W5d}~XYnXdS) z%Gets client credentials access token grant_typeZclient_credentialsSending POST request to  with Headers: and Body: Tdataheadersverifyr^timeoutN)rrrloggerdebugOAUTH_TOKEN_URLr*postr^r_raise_for_statusrKr( exceptions HTTPErrorrP)r+payloadr{rJrBrOrrrros(z.SpotifyClientCredentials._request_access_tokencCstt|d|d<|S` Store some values that aren't directly provided by a Web API response. expires_inr=r?r+rBrrrrpsz9SpotifyClientCredentials._add_custom_values_to_token_info)NNNTNN)TT) rTrUrVrr-rtrorp __classcell__rrrerrs2 c seZdZdZdZdZd'fdd Zd d Zd(d d Zd dZ e ddZ ddZ ddZ d)ddZddZd*ddZd+ddZd,ddZdd Zd!d"Zd#d$Zd%d&ZZS)-rzP Implements Authorization Code Flow for Spotify's OAuth implementation. &https://accounts.spotify.com/authorizerZNFTcst| ||_||_||_||_|||_|s8|rRt dt | rRt d| rt | j t stdtt| dtt | |_n |pttd}t||d|_||_| |_| |_| |_dS)aP Creates a SpotifyOAuth object Parameters: * client_id: Must be supplied or set as environment variable * client_secret: Must be supplied or set as environment variable * redirect_uri: Must be supplied or set as environment variable * state: Optional, no verification is performed * scope: Optional, either a list of scopes or comma separated string of scopes. e.g, "playlist-read-private,playlist-read-collaborative" * cache_path: (deprecated) Optional, will otherwise be generated (takes precedence over `username`) * username: (deprecated) Optional or set as environment variable (will set `cache_path` to `.cache-{username}`) * proxies: Optional, proxy for the requests library to route through * show_dialog: Optional, interpreted as boolean * requests_session: A Requests session * requests_timeout: Optional, tell Requests to stop waiting for a response after a given number of seconds * open_browser: Optional, whether the web browser should be opened to authorize a user * cache_handler: An instance of the `CacheHandler` class to handle getting and saving cached authorization tokens. Optional, will otherwise use `CacheFileHandler`. (takes precedence over `cache_path` and `username`) aSpecifying cache_path or username as arguments to SpotifyOAuth will be deprecated. Instead, please create a CacheFileHandler instance with the desired cache_path and username and pass it to SpotifyOAuth as the cache_handler. For example: from spotipy.oauth2 import CacheFileHandler handler = CacheFileHandler(cache_path=cache_path, username=username) sp = spotipy.SpotifyOAuth(client_id, client_secret, redirect_uri, cache_handler=handler)~A cache_handler has been specified along with a cache_path or username. The cache_path and username arguments will be ignored.r[r\client_usernameusername cache_pathN)r]r-rrr7stater0r/rkrlrmr`rar rbrrcrdr r!rr r^r_ show_dialog open_browser)r+rrr7rr/rrr^rr,r_rrdrerrr-s<+     zSpotifyOAuth.__init__cCsF|dkr dSd|ks&||j|ds*dS||rB||d}|SNr/ refresh_tokenrGr/rDrefresh_access_tokenrrrrvalidate_tokenRs  zSpotifyOAuth.validate_tokencCsf|jd|jd}|jr |j|d<|dkr.|j}|dk r>||d<|jrLd|d<t|}|jd|S) z3 Gets the URL to use to authorize this app coder response_typer7r/NrTr?rr7r/rr urllibparse urlencodeOAUTH_AUTHORIZE_URLr+rrZ urlparamsrrrget_authorize_urlcs  zSpotifyOAuth.get_authorize_urlcCs"||\}}|dkr|S|SdSz} Parse the response code in the given response url Parameters: - url - the response url Nparse_auth_response_urlr+url_rrrrparse_response_codexsz SpotifyOAuth.parse_response_codecsNt|j}tt|dkr8tddddtfdddDS)NrH!Received error from auth server: )rHc3s|]}|VqdSr.rL.0paramformrr sz7SpotifyOAuth.parse_auth_response_url..)rr)r querydictr rtuple)rquery_srrrrs  z$SpotifyOAuth.parse_auth_response_urlcCst|j|jSr.)rrrr2rrrrsz(SpotifyOAuth._make_authorization_headerscCsT|}z t|td|dWn&tjk rNtd|YnXdSNzOpened z in your browserzPlease navigate here: r webbrowseropenr~infoErrorrH)r+auth_urlrrr_open_auth_urls  zSpotifyOAuth._open_auth_urlcCsb|r|d}n|}d|d}||}t|\}}|jdk r^|j|kr^t|j||SN&Enter the URL you were redirected to: zGo to the following URL: z' Enter the URL you were redirected to: )rrr<rrrrr+rr;rrJrrrrr_get_auth_response_interactives   z+SpotifyOAuth._get_auth_response_interactivecCslt|}|||jdk r*|jn>|jdk rP|j|jkrPt|j|jn|jdk r`|jStddS)N3Server listening on localhost has not been accessed)start_local_http_serverrhandle_requestrHrr auth_coderr+ redirect_portserverrrr_get_auth_response_local_servers  z,SpotifyOAuth._get_auth_response_local_servercCstdt|j}t|j\}}|dkr4td|jdkrP|dkrPtd|dkr^|j}|r|dkr|jdkr|r| |Std|d|d |j |d S NUser authentication requires interaction with your web browser. Once you enter your credentials and give authorization, you will be redirected to a url. Paste that url you were directed to to complete the authorization. localhostzUsing 'localhost' as a redirect URI is being deprecated. Use a loopback IP address such as 127.0.0.1 to ensure your app remains functional.http 127.0.0.1rzhRedirect URIs using HTTP are being deprecated. To ensure your app remains functional, use HTTPS instead.zUsing `z8` as redirect URI without a port. Specify a port (e.g. `z:8080`) to allow automatic retrieval of authentication code instead of having to copy and paste the URL your browser is redirected to.)r) r~rr r7rnetlocwarningschemerrrr+r redirect_info redirect_hostrrrrget_auth_responses.   zSpotifyOAuth.get_auth_responsecCs|r||S|Sr.)rrr+rJrrrget_authorization_codes z#SpotifyOAuth.get_authorization_codec CsD|rtjdtdd|rX||j}|dk rX||rH||d}|rP|S|dS|j|pf| dd}|j r~|j |d <|j r|j |d <| }t d |jd |d |zX|jj|j||d|j|jd}||}||}|j||r|n|dWStjjk r>}z||W5d}~XYnXdS)aW Gets the access token for the app given the code Parameters: - code: the response code - as_dict: (deprecated) a boolean indicating if returning the access token as a token_info dictionary, otherwise it will be returned as a string. rfrgrhNrrjauthorization_code)r7rrur/rrvrwrxTry)rkrlrmrrdrnrDrr7rr/rrr~rrr*rr^r_rrKrprqr(rrrP) r+rrrrsrBrr{rJrOrrrrtsP       zSpotifyOAuth.get_access_tokenc Cs|dd}|}td|jd|d|zX|jj|j|||j|jd}|| }| |}d|krx||d<|j ||WSt jjk r}z||W5d}~XYnXdS)Nr)rrurvrwrxrzr{r^r})rr~rrr*rr^r_rrKrprdrqr(rrrPr+rrr{rJrBrOrrrrs,  z!SpotifyOAuth.refresh_access_tokencCs&tt|d|d<|j|d<|Srrr=r/r@rAr/rrrrrp<s z-SpotifyOAuth._add_custom_values_to_token_infocCstdt||jS) Gets the cached token for the app .. deprecated:: This method is deprecated and may be removed in a future version. aHCalling get_cached_token directly on the SpotifyOAuth object will be deprecated. Instead, please specify a CacheFileHandler instance as the cache_handler in SpotifyOAuth and use the CacheFileHandler's get_cached_token method. You can replace: sp.get_cached_token() With: sp.validate_token(sp.cache_handler.get_cached_token())rkrlrmrrdrnr2rrrrnEszSpotifyOAuth.get_cached_tokencCstdt|j|dSNzCalling _save_token_info directly on the SpotifyOAuth object will be deprecated. Instead, please specify a CacheFileHandler instance as the cache_handler in SpotifyOAuth and use the CacheFileHandler's save_token_to_cache method.rkrlrmrdrqrrrr_save_token_infoTs  zSpotifyOAuth._save_token_info) NNNNNNNNFTNTN)N)F)N)N)NTT)rTrUrV__doc__rrr-rrrrYrrrrrrrrtrrprnrrrrrerrsBR     )  ; c seZdZdZdZdZd+fdd Zdd Zd d Zd,d d Z d-ddZ d.ddZ ddZ d/ddZ d0ddZddZddZddZd1dd Zd!d"Zd#d$Zed%d&Zd'd(Zd)d*ZZS)2ra Implements PKCE Authorization Flow for client apps This auth manager enables *user and non-user* endpoints with only a client ID, redirect URI, and username. When the app requests an access token for the first time, the user is prompted to authorize the new client app. After authorizing the app, the client app is then given both access and refresh tokens. This is the preferred way of authorizing a mobile/desktop client. rrZNTc st| ||_||_||_|||_|s2|rLtdt | rLtd| rt t | t s~t dtt | dtt | |_n |pttd}t||d|_||_||_d|_d|_d|_d|_| |_dS) a Creates Auth Manager with the PKCE Auth flow. Parameters: * client_id: Must be supplied or set as environment variable * redirect_uri: Must be supplied or set as environment variable * state: Optional, no verification is performed * scope: Optional, either a list of scopes or comma separated string of scopes. e.g, "playlist-read-private,playlist-read-collaborative" * cache_path: (deprecated) Optional, will otherwise be generated (takes precedence over `username`) * username: (deprecated) Optional or set as environment variable (will set `cache_path` to `.cache-{username}`) * proxies: Optional, proxy for the requests library to route through * requests_timeout: Optional, tell Requests to stop waiting for a response after a given number of seconds * requests_session: A Requests session * open_browser: Optional, whether the web browser should be opened to authorize a user * cache_handler: An instance of the `CacheHandler` class to handle getting and saving cached authorization tokens. Optional, will otherwise use `CacheFileHandler`. (takes precedence over `cache_path` and `username`) aSpecifying cache_path or username as arguments to SpotifyPKCE will be deprecated. Instead, please create a CacheFileHandler instance with the desired cache_path and username and pass it to SpotifyPKCE as the cache_handler. For example: from spotipy.oauth2 import CacheFileHandler handler = CacheFileHandler(cache_path=cache_path, username=username) sp = spotipy.SpotifyImplicitGrant(client_id, client_secret, redirect_uri, cache_handler=handler)rtype(cache_handler): r\rrZS256N)r]r-rr7rr0r/rkrlrmr`rcr rbrrdr r!rr r^r__code_challenge_method code_verifiercode_challengerr) r+rr7rr/rrr^r_r,rrdrerrr-ns8%     zSpotifyPKCE.__init__cCs&ddl}|dd}ddl}||S)z Spotify PCKE code verifier - See step 1 of the reference guide below Reference: https://developer.spotify.com/documentation/general/guides/authorization-guide/#authorization-code-flow-with-proof-key-for-code-exchange-pkce rN!`)randomrandintsecretsZ token_urlsafe)r+rlengthrrrr_get_code_verifiers zSpotifyPKCE._get_code_verifiercCsBddl}ddl}||jd}||d}|ddS)z Spotify PCKE code challenge - See step 1 of the reference guide below Reference: https://developer.spotify.com/documentation/general/guides/authorization-guide/#authorization-code-flow-with-proof-key-for-code-exchange-pkce rNutf-8=) rhashlibsha256rrdigesturlsafe_b64encoderreplace)r+rrZcode_challenge_digestrrrr_get_code_challenges zSpotifyPKCE._get_code_challengecCsn|js||jd|j|j|jd}|jr6|j|d<|dkrD|j}|dk rT||d<t|}|j d|S)+ Gets the URL to use to authorize this app r)rrr7Zcode_challenge_methodrr/Nrr) rget_pkce_handshake_parametersrr7rr/rrrrrrrrrs   zSpotifyPKCE.get_authorize_urlcCsV||}z t|td|dWn&tjk rPtd|YnXdSrrr+rrrrrrs   zSpotifyPKCE._open_auth_urlcCstdt|j}t|j\}}|dkr0|j}|dkrBtd|jdkr^|dkr^td|r|dkr|jdkr|r| |Std|d|d |j |d Sr) r~rr r7rrrrrrrrrrr_get_auth_responses.   zSpotifyPKCE._get_auth_responsecCstt|}|||jdk r<|j|jkr get_access_token(get_authorization_code()) * get_auth_response() -> get_access_token(get_authorization_code()); get_cached_token() * parse_response_token(url)['access_token'] -> get_access_token(parse_response_code(url)) * parse_response_token(url) -> get_access_token(parse_response_code(url)); get_cached_token() The security concern in the Implicit Grant flow is that the token is returned in the URL and can be intercepted through the browser. A request with an authorization code and proof of origin could not be easily intercepted without a compromised network. rNFc Cstd||_||_||_|s$|r>tdt|r>td|rxtt |t spt dt t |dt t ||_ n |pttd}t||d|_ |||_||_d|_dS) a Creates Auth Manager using the Implicit Grant flow **See help(SpotifyImplicitGrant) for full Security Warning** Parameters ---------- * client_id: Must be supplied or set as environment variable * redirect_uri: Must be supplied or set as environment variable * state: May be supplied, no verification is performed * scope: Optional, either a list of scopes or comma separated string of scopes. e.g, "playlist-read-private,playlist-read-collaborative" * cache_handler: An instance of the `CacheHandler` class to handle getting and saving cached authorization tokens. May be supplied, will otherwise use `CacheFileHandler`. (takes precedence over `cache_path` and `username`) * cache_path: (deprecated) May be supplied, will otherwise be generated (takes precedence over `username`) * username: (deprecated) May be supplied or set as environment variable (will set `cache_path` to `.cache-{username}`) * show_dialog: Interpreted as boolean zSpotify is deprecating the Implicit Grant Flow for client-side code. Use the SpotifyPKCE auth manager instead of SpotifyImplicitGrant. For more details and a guide to switching, see help(SpotifyImplicitGrant).aSpecifying cache_path or username as arguments to SpotifyImplicitGrant will be deprecated. Instead, please create a CacheFileHandler instance with the desired cache_path and username and pass it to SpotifyImplicitGrant as the cache_handler. For example: from spotipy.oauth2 import CacheFileHandler handler = CacheFileHandler(cache_path=cache_path, username=username) sp = spotipy.SpotifyImplicitGrant(client_id, client_secret, redirect_uri, cache_handler=handler)rrr\rrN)r~rrr7rrkrlrmr`rcr rbrrdr r!rr r0r/rr*) r+rr7rr/rrrrdrrrr-s.     zSpotifyImplicitGrant.__init__cCs<|dkr dSd|ks&||j|ds*dS||r8dS|S)Nr/)rGr/rDrrrrr8s  z#SpotifyImplicitGrant.validate_tokenTcCsf|r.||j}|dks.||s.|dS|r>||}n ||}||}|j||dS)a  Gets Auth Token from cache (preferred) or user interaction Parameters ---------- * state: May be given, overrides (without changing) self.state * response: URI with token, can break expiration checks * check_cache: Interpreted as boolean Nrj)rrdrnrDparse_response_tokenrrprq)r+rrJrsrBrrrrtGs     z%SpotifyImplicitGrant.get_access_tokencCsf|jd|jd}|jr |j|d<|dkr.|j}|dk r>||d<|jrLd|d<t|}|jd|S) rtokenrr/NrTrrrrrrrras  z&SpotifyImplicitGrant.get_authorize_urlcCsH||\}}}}|dkr |j}|dk r:||kr:t||||||dS)z3 Parse the response code in the given response url N)rj token_typerr)rrr)r+rrZ remote_staterZt_typeZexp_inrrrrus z)SpotifyImplicitGrant.parse_response_tokencst|}|j}|j}tdd|p&|p&|dDdkrVtdddddkrntdd<tfd dd DS) Ncss|]}|dVqdS)rN)rF)rirrrrsz?SpotifyImplicitGrant.parse_auth_response_url..&rHrr)rrc3s|]}|VqdSr.rrrrrrs)rrjrr)r fragmentrrrFrr@r)rZurl_componentsZ fragment_srrrrrsz,SpotifyImplicitGrant.parse_auth_response_urlcCsV||}z t|td|dWn&tjk rPtd|YnXdSrrrrrrrs   z#SpotifyImplicitGrant._open_auth_urlcCsltdt|j}t|j\}}|dkrB|jdkrB|rBtd||tdt d}| ||S)z1 Gets a new auth **token** with user interaction rrrzUsing a local redirect URI with a port, likely expecting automatic retrieval. Due to technical limitations, the authentication token cannot be automatically retrieved and must be copied and pasted.zJPaste that url you were directed to in order to complete the authorizationr) r~rr r7rrrrrrr<r)r+rrrrrJrrrrs      z&SpotifyImplicitGrant.get_auth_responsecCs&tt|d|d<|j|d<|Srrrrrrrps z5SpotifyImplicitGrant._add_custom_values_to_token_infocCstdt||jS)raPCalling get_cached_token directly on the SpotifyImplicitGrant object will be deprecated. Instead, please specify a CacheFileHandler instance as the cache_handler in SpotifyOAuth and use the CacheFileHandler's get_cached_token method. You can replace: sp.get_cached_token() With: sp.validate_token(sp.cache_handler.get_cached_token())rr2rrrrnsz%SpotifyImplicitGrant.get_cached_tokencCstdt|j|dS)NzCalling _save_token_info directly on the SpotifyImplicitGrant object will be deprecated. Instead, please specify a CacheFileHandler instance as the cache_handler in SpotifyOAuth and use the CacheFileHandler's save_token_to_cache method.rrrrrrs  z%SpotifyImplicitGrant._save_token_info)NNNNNNFN)NNT)N)N)N)N)rTrUrVrrr-rrtrrrYrrrrprnrrrrrrs2  E       c@s$eZdZddZddZddZdS)RequestHandlerc Csd|j_|j_z$t|j\}}||j_||j_Wn*tk r^}z ||j_W5d}~XYnX|d| dd| |jjrd}n2|jjrdt t |jjd}n|ddS|d|d dS) Nrz text/htmlZ successfulzfailed ()z2

Invalid request

zK

Authentication status: z

This window can be closed. )rrrHrrpathrrZ send_responseZ send_headerZ end_headershtmlescaper_write)r+rrrHstatusrrrdo_GETs&    zRequestHandler.do_GETcCs|j|dS)Nr)wfilewriter)r+rNrrrr szRequestHandler._writecGsdSr.r)r+formatargsrrr log_messageszRequestHandler.log_messageN)rTrUrVr r rrrrrrs%rcCs*td|f|}d|_d|_d|_d|_|S)NrT)r allow_reuse_addressrZauth_token_formrH)porthandlerrrrrrs r)(__all__rrloggingr rA urllib.parseparserrkrZ http.serverrr r r r(Zspotipy.cache_handlerr r Zspotipy.exceptionsrrZ spotipy.utilrrrr getLoggerrTr~rr$r%rrrrrrrrrrsH    Tvhs -