Launchpad itself

Merge lp:~mbp/launchpad/701545-oauth into lp:launchpad

701545-oauth
Merge into devel

Proposed by Martin Pool on 2011-02-03

Status:

Superseded

Proposed branch:

lp:~mbp/launchpad/701545-oauth

Merge into:

lp:launchpad

Diff against target:

620 lines (+12/-537)

5 files modified

lib/canonical/launchpad/testing/pages.py (+2/-2)
lib/canonical/launchpad/webapp/authentication.py (+3/-2)
lib/canonical/launchpad/webapp/tests/test_authentication.py (+5/-2)
lib/canonical/launchpad/webapp/tests/test_publication.py (+2/-2)
lib/contrib/oauth.py (+0/-529)

To merge this branch:

bzr merge lp:~mbp/launchpad/701545-oauth

Low

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Curtis Hovey (community)	code	2011-02-03	Approve on 2011-02-03
j.c.sackett (community)	code*	2011-02-03	Approve on 2011-02-03
Review via email: mp+48431@code.launchpad.net

This proposal has been superseded by a proposal from 2011-02-13.

Commit message

[r=jcsackett,sinzui][ui=none][bug=701545][no-qa] remove extra copy of oauth.py

Description of the change

Remove redundant copy of oauth.py.

Launchpad contains a copy of oauth.py, which is a bit out of date. It also has a proper copy of the python-oauth module in lp-sourcedeps.

This doesn't specifically fix any user-visible bugs that I know of, but it removes some cruft, and if the duplication hadn't been there in the first place we would have avoided at least one oauth bug that existed for years.

This branch just deletes the shipped copy, and updates import statements to fetch from the real copy. It passes a smoketest of './bin/test -m oauth' and I'm running a full test.

If this is acceptable would someone please sponsor landing of it?

lp:~mbp/launchpad/701545-oauth updated on 2011-02-03

12314. By Launchpad PQM Bot on 2011-02-03: [r=sinzui][ui=sinzui][bug=708436] Fixed the width of the tag list so
it doesn't wrap (bug #708436).
12315. By Launchpad PQM Bot on 2011-02-03: [r=bac,
benji][ui=none][bug=699719] A (currently disabled) JS overlay has
been added for advanced direct bug subscriptions.
12316. By Launchpad PQM Bot on 2011-02-03: [r=gmb][bug=711901] Implement LIFECYCLE notification level for direct
subscriptions.
12317. By Launchpad PQM Bot on 2011-02-03: [r=mthaddon, stub][bug=712282,
712285][no-qa] Improve nightly.sh transparency,
and remove update-pkgcache.py from it.
12318. By Launchpad PQM Bot on 2011-02-03: [bug=75976] [r=abentley][ui=none] When someone asks to merge two
accounts, Launchpad sends an email to the primary account asking for
confirmation. That email was hard to understand and badly
written. This branch rewrites that email's text and introduces
a test that the email is sent with the correct text.

Revision history for this message

j.c.sackett (jcsackett) wrote on 2011-02-03:

Martin--

This looks good. Thanks!

review: Approve (code*)

Revision history for this message

Curtis Hovey (sinzui) wrote on 2011-02-03:

Hi Martin.

Thank you for cleaning up the code. We normally write copyrights as a range. Are you aware of utilities/update-copyright? It will update the copyright in all the modified files in your tree. I think this serial date style breaks the update-copyright script, subsequent updates will require the engineer to edit the copyright afterwards. You can either change the dates to ranges or verify that the script will work on these files in 2012.

review: Approve (code)

lp:~mbp/launchpad/701545-oauth updated on 2011-02-03

12319. By Launchpad PQM Bot on 2011-02-03: [no-qa] [r=allenap][ui=none][bug=707103] Clean-up of lint after
bugs-with-blueprints-bug-707103.

Revision history for this message

Francis J. Lacoste (flacoste) wrote on 2011-02-03:

On February 3, 2011, Martin Pool wrote:
> If this is acceptable would someone please sponsor landing of it?

All Canonical Bazaar Developers can land branches directly through PQM
nowawayds :-)

lp:~mbp/launchpad/701545-oauth updated on 2011-02-03

12320. By Launchpad PQM Bot on 2011-02-03: [r=deryck][ui=none][no-qa] Provide translation sharing information.
12321. By Launchpad PQM Bot on 2011-02-03: [r=jtv][bug=705652] Log warnings in the remove_translations script if
current translations are removed. Removed the theoretically
impossible case of finding a diverged translation being current
in upstream which is linked to a POTemplate having a diverged
translation being current in Ubuntu.
12322. By Launchpad PQM Bot on 2011-02-03: [r=leonardr][bug=705342] Fail nonvirtual builders in the ABORTED
state rather than cleaning them,
since we can't guarantee that there's no active build.
12323. By Launchpad PQM Bot on 2011-02-03: [r=lifeless][bug=709717] Remove an unnecessary join to
sourcepackagerelease when counting packages that are being
built/waiting to be built in ArchiveView.num_pkgs_building

Revision history for this message

Martin Pool (mbp) wrote on 2011-02-04:

Thanks, Curtis. I was not aware of that. I will send this to pqm.

Revision history for this message

Martin Pool (mbp) wrote on 2011-02-04:

On 4 February 2011 03:52, Francis J. Lacoste <email address hidden> wrote:
> On February 3, 2011, Martin Pool wrote:
>> If this is acceptable would someone please sponsor landing of it?
>
> All Canonical Bazaar Developers can land branches directly through PQM
> nowawayds :-)

No, I still get a gpgv error from pqm.

lp:~mbp/launchpad/701545-oauth updated on 2011-02-04

12324. By Launchpad PQM Bot on 2011-02-04: [r=thumper][bug=316694] Add a web_link property to the JSON
representation of all web service entries that correspond to
some page on the Launchpad website.

Revision history for this message

Martin Pool (mbp) wrote on 2011-02-04:

spm helped me sort this out and it's in the queue now.

- Martin
On 04/02/2011 11:35 AM, "Martin Pool" <email address hidden> wrote:
> On 4 February 2011 03:52, Francis J. Lacoste <email address hidden>
wrote:
>> On February 3, 2011, Martin Pool wrote:
>>> If this is acceptable would someone please sponsor landing of it?
>>
>> All Canonical Bazaar Developers can land branches directly through PQM
>> nowawayds :-)
>
> No, I still get a gpgv error from pqm.

lp:~mbp/launchpad/701545-oauth updated on 2011-02-13

12325. By Launchpad PQM Bot on 2011-02-04: [r=jcsackett,
sinzui][ui=none][bug=701545][no-qa] remove extra copy of oauth.py
12326. By Launchpad PQM Bot on 2011-02-04: [r=lifeless][ui=none][no-qa] Remove duplicated urgencymap in gina.
12327. By Launchpad PQM Bot on 2011-02-04: [r=lifeless][bug=670452] Fix layout of related branches collapsible
fieldset
12328. By Launchpad PQM Bot on 2011-02-04: [r=lifeless,
wallyworld][bug=712882][no-qa] Silence non-error output from
mirror-prober.sh.
12329. By Launchpad PQM Bot on 2011-02-04: [testfix][r=me][no-qa] Revert r12325 as the new oauth module is buggy
and causes a test to fail
12330. By Launchpad PQM Bot on 2011-02-04: [r=henninge][ui=none][no-qa] Add direct unit tests for
TM.shareIfPossible
12331. By Launchpad PQM Bot on 2011-02-04: [r=allenap][ui=none][bug=693689] Escape the token and title in
lp.app.widgets.itemswidgets renderer.
12332. By Launchpad PQM Bot on 2011-02-04: [r=bac][bug=710054][bug=530476][bug=530477] Fix the protocol in the
gpg documentation and branch and MP api docs.
12333. By Launchpad PQM Bot on 2011-02-04: [r=allenap][no-qa] Machinery for building documentation with sphinx
12334. By Launchpad PQM Bot on 2011-02-04: [r=henninge][ui=none][bug=697294] Refactors create_questionreopening
to be called as a helper, rather than a listener to notifications;
this avoids the need for a slew of guards on the method, and keeps it
from doing work when we don't want it to.
12335. By Launchpad PQM Bot on 2011-02-05: [testfix][rs=sinzui] Print the escaped text of the structured string.
12336. By Launchpad PQM Bot on 2011-02-07: Merging db-stable at revno 12335
12337. By Launchpad PQM Bot on 2011-02-07: [release-critical=wallyworld][r=jtv][bug=710591][incr] Provide
TranslationMessage.acceptFromImport and
.acceptFromUpstreamImportOnPackage.
12338. By Launchpad PQM Bot on 2011-02-08: [wallyworld,spm] merge db-devel into devel; needed for an RC DB patch
12339. By Launchpad PQM Bot on 2011-02-08: [r=gmb][bug=548] adds a simple way to control whether you want to
receive bug notifications for changes you generated.
12340. By Launchpad PQM Bot on 2011-02-08: [r=gmb][no-qa] test, tweak, and exercise the dbuser test helper
12341. By Launchpad PQM Bot on 2011-02-08: [r=jcsackett, sinzui][ui=none][bug=344125,
712012] Remove obsolete method Bug.addChangeNotification().
12342. By Launchpad PQM Bot on 2011-02-08: [r=leonardr][no-qa] Use itertools.tee() to simplify and speed up
CachingIterator.
12343. By Launchpad PQM Bot on 2011-02-08: [r=gmb][bug=713392] make the +structural-subscriptions UI correctly
show the effect of an event filter setting.
12344. By Launchpad PQM Bot on 2011-02-08: [r=thumper, wallyworld][ui=none] [r=thumper, wallyworld][bug=661988,
714312] Reduce the time taken for distro scope bug searches by 50% by
using sequence-of-sets based eager loading rather than
wide-query eager loading. As part of making this fit cleanly
stop loading assignees during bug task search (they are not
rendered so not needed).
12345. By Launchpad PQM Bot on 2011-02-09: [r=gmb][ui=none][bug=50616] Catch the ValueError while validating
image file.
12346. By Launchpad PQM Bot on 2011-02-09: [r=leonardr][bug=714527] Properly escape labels in suggestion widgets.
12347. By Launchpad PQM Bot on 2011-02-09: [r=sinzui][bug=715474] Permit showing server side render times in the
visible page (controlled by feature flag visible_render_time).
12348. By Launchpad PQM Bot on 2011-02-09: [r=lifeless][bug=715000] Upgrade to a bzr with a fix for the graph
ancestry chained stacking issue.
12349. By Launchpad PQM Bot on 2011-02-09: [r=lifeless][bug=713234] Remove duplicated queries issued when
calling ArchiveView.latest_updates
12350. By Launchpad PQM Bot on 2011-02-09: [r=leonardr][bug=715116] Add a big informational notice on the PPA
pages if publishing is disabled.
12351. By Launchpad PQM Bot on 2011-02-09: [r=jtv][bug=715659] Use zope.exceptions to format logged exceptions
so that __traceback_info__ is reported.
12352. By Launchpad PQM Bot on 2011-02-09: [r=adeuring][bug=181368] Gut BinaryPackageFilePublishing view.
12353. By Launchpad PQM Bot on 2011-02-09: [r=jtv][bug=714820] Ignore malformed responses when probing remote
Bugzilla instances for XML-RPC capabilities.
12354. By Launchpad PQM Bot on 2011-02-09: [r=allenap][bug=710603] The new direct subscription overlay allows
subscribing,
unsubscribing and editing subscriptions and is available to the
~malone-alpha team.
12355. By Launchpad PQM Bot on 2011-02-09: [r=jtv][bug=705657] Fix mirror-prober.sh wrapper script to export the
correct config. (Fix bug 705657)
12356. By Launchpad PQM Bot on 2011-02-09: [r=jtv] [ui=none][bug=316694][incr] Take advantage of web_link when
changing the URL in the browser bar,
rather than hacking self_link into web_link.
12357. By Launchpad PQM Bot on 2011-02-10: [r=flacoste][bug=716109] Update Launchpad to r202 of lazr-js,
which includes an update to YUI 3.3.
12358. By Launchpad PQM Bot on 2011-02-10: [r=lifeless][bug=457856] Added manual close to tag dialogue if it is
still open when tags are saved.
12359. By Launchpad PQM Bot on 2011-02-10: [r=allenap][bug=528367] Added alt tag to remove icons.
12360. By Launchpad PQM Bot on 2011-02-10: [r=thumper][no-qa] Mechanical move of
canonical.launchpad.windmill.testing to lp.testing.windmill.
12361. By Launchpad PQM Bot on 2011-02-10: [r=jcsackett,sinzui][bug=713382] test and fix for bug 713382
12362. By Launchpad PQM Bot on 2011-02-10: [r=jcsackett,sinzui][no-qa] Create a job for merging translations.
12363. By Launchpad PQM Bot on 2011-02-11: [r=gmb][bug=632847] Adds check to prevent bugtasks for deactivated
products from showing up for people who can't see the product.
12364. By Launchpad PQM Bot on 2011-02-11: [r=lifeless][bug=715992] Corrects use of canonical_url so that
requests for pillars via alias on the API do not redirect
outside of the API layer.
12365. By Launchpad PQM Bot on 2011-02-11: [r=stub,
wallyworld][ui=none][no-qa] Enforce BugMessage.index population on
all new BugMessage creation.
12366. By Launchpad PQM Bot on 2011-02-11: [r=sinzui][ui=sinzui][bug=710446] Unified the colours of the facets
(bugs, code etc.) so that they are all the same.
12367. By Launchpad PQM Bot on 2011-02-13: [r=bac, benji][no-qa] move some code,
which lets you look at bug activity log entires more precisely,
from browser code to model code. This is a step along the path to
addressing bug 164196.
12368. By Martin Pool on 2011-02-13: Remove dependency on oauth egg
12369. By Martin Pool on 2011-02-13: Use external python-oauth and remove contrib/oauth.py
12370. By Martin Pool on 2011-02-13: Also remove oauth from versions.cfg

Unmerged revisions

12370. By Martin Pool on 2011-02-13: Also remove oauth from versions.cfg
12369. By Martin Pool on 2011-02-13: Use external python-oauth and remove contrib/oauth.py
12368. By Martin Pool on 2011-02-13: Remove dependency on oauth egg

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Barki Mustapha

Celso Providelo

Christian Reis

Christy Awad

Colin Watson

Harpianto,ANDI

James Troup

John A Meinel

Kevin bush

Launchpad code reviewers

Launchpad code reviewers from Canonical

Martin Pool

Matthew Tanner

Maximiliano Bertacchini

Oguz Ersoz

Simon Brakhane

Ubuntu-BR DevOps

William Grant

alhawiti

api.ng

pedro cavazos

todaioan

wenjingwen

to status/vote changes:

Tzaddi

Tzaddi Belding

 === modified file 'lib/canonical/launchpad/testing/pages.py'
 --- lib/canonical/launchpad/testing/pages.py	2010-11-30 08:11:30 +0000
 +++ lib/canonical/launchpad/testing/pages.py	2011-02-04 00:32:51 +0000
@@ -1,4 +1,4 @@
--# Copyright 2009 Canonical Ltd.  This software is licensed under the
++# Copyright 2009-2011 Canonical Ltd.  This software is licensed under the
  # GNU Affero General Public License version 3 (see the file LICENSE).
  """Testing infrastructure for page tests."""
@@ -28,7 +28,7 @@
      SoupStrainer,
      Tag,
+     )
--from contrib.oauth import (
++from oauth.oauth import (
      OAuthConsumer,
      OAuthRequest,
      OAuthSignatureMethod_PLAINTEXT,
 === modified file 'lib/canonical/launchpad/webapp/authentication.py'
 --- lib/canonical/launchpad/webapp/authentication.py	2010-09-20 16:45:03 +0000
 +++ lib/canonical/launchpad/webapp/authentication.py	2011-02-04 00:32:51 +0000
@@ -1,4 +1,4 @@
--# Copyright 2009 Canonical Ltd.  This software is licensed under the
++# Copyright 2009-2011 Canonical Ltd.  This software is licensed under the
  # GNU Affero General Public License version 3 (see the file LICENSE).
  __metaclass__ = type
@@ -18,7 +18,8 @@
  import random
  from UserDict import UserDict
--from contrib.oauth import OAuthRequest
++from oauth.oauth import OAuthRequest
++
  from zope.annotation.interfaces import IAnnotations
  from zope.app.security.interfaces import ILoginPassword
  from zope.app.security.principalregistry import UnauthenticatedPrincipal
 === modified file 'lib/canonical/launchpad/webapp/tests/test_authentication.py'
 --- lib/canonical/launchpad/webapp/tests/test_authentication.py	2010-12-20 03:28:21 +0000
 +++ lib/canonical/launchpad/webapp/tests/test_authentication.py	2011-02-04 00:32:51 +0000
@@ -1,4 +1,4 @@
--# Copyright 2009 Canonical Ltd.  This software is licensed under the
++# Copyright 2009-2011 Canonical Ltd.  This software is licensed under the
  # GNU Affero General Public License version 3 (see the file LICENSE).
  """Tests authentication.py"""
@@ -10,7 +10,7 @@
  from zope.app.security.principalregistry import UnauthenticatedPrincipal
--from contrib.oauth import OAuthRequest
++from oauth.oauth import OAuthRequest
  from canonical.config import config
  from canonical.launchpad.ftests import login
@@ -65,6 +65,9 @@
          # This was really a bug in the underlying contrib/oauth.py module, but
          # it has no standalone test case.
+         #
++        # Now we use the separate oauth module (bug 701545), and this has been
++        # fixed upstream, but we might as well keep the test.
++        #
          # Note that the 'realm' parameter is not returned, because it's not
          # included in the OAuth calculations.
          headers = OAuthRequest._split_header(
 === modified file 'lib/canonical/launchpad/webapp/tests/test_publication.py'
 --- lib/canonical/launchpad/webapp/tests/test_publication.py	2010-10-04 19:50:45 +0000
 +++ lib/canonical/launchpad/webapp/tests/test_publication.py	2011-02-04 00:32:51 +0000
@@ -1,4 +1,4 @@
--# Copyright 2009 Canonical Ltd.  This software is licensed under the
++# Copyright 2009-2011 Canonical Ltd.  This software is licensed under the
  # GNU Affero General Public License version 3 (see the file LICENSE).
  """Tests publication.py"""
@@ -9,7 +9,7 @@
  import sys
  import unittest
--from contrib.oauth import (
++from oauth.oauth import (
      OAuthRequest,
      OAuthSignatureMethod_PLAINTEXT,
+     )
 === removed file 'lib/contrib/oauth.py'
 --- lib/contrib/oauth.py	2010-12-20 03:53:24 +0000
 +++ lib/contrib/oauth.py	1970-01-01 00:00:00 +0000
@@ -1,529 +0,0 @@
--# pylint: disable-msg=C0301,E0602,E0211,E0213,W0105,W0231,W0702
--
--import cgi
--import urllib
--import time
--import random
--import urlparse
--import hmac
--import base64
--
--VERSION = '1.0' # Hi Blaine!
--HTTP_METHOD = 'GET'
--SIGNATURE_METHOD = 'PLAINTEXT'
--
--# Generic exception class
--class OAuthError(RuntimeError):
--    def __init__(self, message='OAuth error occured'):
--        self.message = message
--
--# optional WWW-Authenticate header (401 error)
--def build_authenticate_header(realm=''):
--    return {'WWW-Authenticate': 'OAuth realm="%s"' % realm}
--
--# url escape
--def escape(s):
--    # escape '/' too
--    return urllib.quote(s, safe='~')
--
--# util function: current timestamp
--# seconds since epoch (UTC)
--def generate_timestamp():
--    return int(time.time())
--
--# util function: nonce
--# pseudorandom number
--def generate_nonce(length=8):
--    return ''.join(str(random.randint(0, 9)) for i in range(length))
--
--# OAuthConsumer is a data type that represents the identity of the Consumer
--# via its shared secret with the Service Provider.
--class OAuthConsumer(object):
--    key = None
--    secret = None
--
--    def __init__(self, key, secret):
--        self.key = key
--        self.secret = secret
--
--# OAuthToken is a data type that represents an End User via either an access
--# or request token.
--class OAuthToken(object):
--    # access tokens and request tokens
--    key = None
--    secret = None
--
--    '''
--    key = the token
--    secret = the token secret
--    '''
--    def __init__(self, key, secret):
--        self.key = key
--        self.secret = secret
--
--    def to_string(self):
--        return urllib.urlencode({'oauth_token': self.key, 'oauth_token_secret': self.secret})
--
--    # return a token from something like:
--    # oauth_token_secret=digg&oauth_token=digg
--    @staticmethod
--    def from_string(s):
--        params = cgi.parse_qs(s, keep_blank_values=False)
--        key = params['oauth_token'][0]
--        secret = params['oauth_token_secret'][0]
--        return OAuthToken(key, secret)
--
--    def __str__(self):
--        return self.to_string()
--
--# OAuthRequest represents the request and can be serialized
--class OAuthRequest(object):
--    '''
--    OAuth parameters:
--        - oauth_consumer_key
--        - oauth_token
--        - oauth_signature_method
--        - oauth_signature
--        - oauth_timestamp
--        - oauth_nonce
--        - oauth_version
--        ... any additional parameters, as defined by the Service Provider.
--    '''
--    parameters = None # oauth parameters
--    http_method = HTTP_METHOD
--    http_url = None
--    version = VERSION
--
--    def __init__(self, http_method=HTTP_METHOD, http_url=None, parameters=None):
--        self.http_method = http_method
--        self.http_url = http_url
--        self.parameters = parameters or {}
--
--    def set_parameter(self, parameter, value):
--        self.parameters[parameter] = value
--
--    def get_parameter(self, parameter):
--        try:
--            return self.parameters[parameter]
--        except:
--            raise OAuthError('Parameter not found: %s' % parameter)
--
--    def _get_timestamp_nonce(self):
--        return self.get_parameter('oauth_timestamp'), self.get_parameter('oauth_nonce')
--
--    # get any non-oauth parameters
--    def get_nonoauth_parameters(self):
--        parameters = {}
--        for k, v in self.parameters.iteritems():
--            # ignore oauth parameters
--            if k.find('oauth_') < 0:
--                parameters[k] = v
--        return parameters
--
--    # serialize as a header for an HTTPAuth request
--    def to_header(self, realm=''):
--        auth_header = 'OAuth realm="%s"' % realm
--        # add the oauth parameters
--        if self.parameters:
--            for k, v in self.parameters.iteritems():
--                auth_header += ', %s="%s"' % (k, v)
--        return {'Authorization': auth_header}
--
--    # serialize as post data for a POST request
--    def to_postdata(self):
--        return '&'.join('%s=%s' % (escape(str(k)), escape(str(v))) for k, v in self.parameters.iteritems())
--
--    # serialize as a url for a GET request
--    def to_url(self):
--        return '%s?%s' % (self.get_normalized_http_url(), self.to_postdata())
--
--    # return a string that consists of all the parameters that need to be signed
--    def get_normalized_parameters(self):
--        params = self.parameters
--        try:
--            # exclude the signature if it exists
--            del params['oauth_signature']
--        except:
--            pass
--        key_values = params.items()
--        # sort lexicographically, first after key, then after value
--        key_values.sort()
--        # combine key value pairs in string and escape
--        return '&'.join('%s=%s' % (escape(str(k)), escape(str(v))) for k, v in key_values)
--
--    # just uppercases the http method
--    def get_normalized_http_method(self):
--        return self.http_method.upper()
--
--    # parses the url and rebuilds it to be scheme://host/path
--    def get_normalized_http_url(self):
--        parts = urlparse.urlparse(self.http_url)
--        url_string = '%s://%s%s' % (parts[0], parts[1], parts[2]) # scheme, netloc, path
--        return url_string
--
--    # set the signature parameter to the result of build_signature
--    def sign_request(self, signature_method, consumer, token):
--        # set the signature method
--        self.set_parameter('oauth_signature_method', signature_method.get_name())
--        # set the signature
--        self.set_parameter('oauth_signature', self.build_signature(signature_method, consumer, token))
--
--    def build_signature(self, signature_method, consumer, token):
--        # call the build signature method within the signature method
--        return signature_method.build_signature(self, consumer, token)
--
--    @staticmethod
--    def from_request(http_method, http_url, headers=None, postdata=None, parameters=None):
--
--        # let the library user override things however they'd like, if they know
--        # which parameters to use then go for it, for example XMLRPC might want to
--        # do this
--        if parameters is not None:
--            return OAuthRequest(http_method, http_url, parameters)
--
--        # from the headers
--        if headers is not None:
--            try:
--                auth_header = headers['Authorization']
--                # check that the authorization header is OAuth
--                auth_header.index('OAuth')
--                # get the parameters from the header
--                parameters = OAuthRequest._split_header(auth_header)
--                return OAuthRequest(http_method, http_url, parameters)
--            except:
--                raise OAuthError('Unable to parse OAuth parameters from Authorization header.')
--
--        # from the parameter string (post body)
--        if http_method == 'POST' and postdata is not None:
--            parameters = OAuthRequest._split_url_string(postdata)
--
--        # from the url string
--        elif http_method == 'GET':
--            param_str = urlparse.urlparse(http_url).query
--            parameters = OAuthRequest._split_url_string(param_str)
--
--        if parameters:
--            return OAuthRequest(http_method, http_url, parameters)
--
--        raise OAuthError('Missing all OAuth parameters. OAuth parameters must be in the headers, post body, or url.')
--
--    @staticmethod
--    def from_consumer_and_token(oauth_consumer, token=None, http_method=HTTP_METHOD, http_url=None, parameters=None):
--        if not parameters:
--            parameters = {}
--
--        defaults = {
--            'oauth_consumer_key': oauth_consumer.key,
--            'oauth_timestamp': generate_timestamp(),
--            'oauth_nonce': generate_nonce(),
--            'oauth_version': OAuthRequest.version,
--        }
--
--        defaults.update(parameters)
--        parameters = defaults
--
--        if token:
--            parameters['oauth_token'] = token.key
--
--        return OAuthRequest(http_method, http_url, parameters)
--
--    @staticmethod
--    def from_token_and_callback(token, callback=None, http_method=HTTP_METHOD, http_url=None, parameters=None):
--        if not parameters:
--            parameters = {}
--
--        parameters['oauth_token'] = token.key
--
--        if callback:
--            parameters['oauth_callback'] = escape(callback)
--
--        return OAuthRequest(http_method, http_url, parameters)
--
--    # util function: turn Authorization: header into parameters, has to do some unescaping
--    @staticmethod
--    def _split_header(header):
--        params = {}
--        header = header.lstrip()
--        if not header.startswith('OAuth '):
--            raise ValueError("not an OAuth header: %r" % header)
--        header = header[6:]
--        parts = header.split(',')
--        for param in parts:
--            # remove whitespace
--            param = param.strip()
--            # split key-value
--            param_parts = param.split('=', 1)
--            if param_parts[0] == 'realm':
--                # Realm header is not an OAuth parameter according to rfc5849
--                # section 3.4.1.3.1.
--                continue
--            # remove quotes and unescape the value
--            params[param_parts[0]] = urllib.unquote(param_parts[1].strip('\"'))
--        return params
--
--    # util function: turn url string into parameters, has to do some unescaping
--    @staticmethod
--    def _split_url_string(param_str):
--        parameters = cgi.parse_qs(param_str, keep_blank_values=False)
--        for k, v in parameters.iteritems():
--            parameters[k] = urllib.unquote(v[0])
--        return parameters
--
--# OAuthServer is a worker to check a requests validity against a data store
--class OAuthServer(object):
--    timestamp_threshold = 300 # in seconds, five minutes
--    version = VERSION
--    signature_methods = None
--    data_store = None
--
--    def __init__(self, data_store=None, signature_methods=None):
--        self.data_store = data_store
--        self.signature_methods = signature_methods or {}
--
--    def set_data_store(self, oauth_data_store):
--        self.data_store = oauth_data_store
--
--    def get_data_store(self):
--        return self.data_store
--
--    def add_signature_method(self, signature_method):
--        self.signature_methods[signature_method.get_name()] = signature_method
--        return self.signature_methods
--
--    # process a request_token request
--    # returns the request token on success
--    def fetch_request_token(self, oauth_request):
--        try:
--            # get the request token for authorization
--            token = self._get_token(oauth_request, 'request')
--        except:
--            # no token required for the initial token request
--            version = self._get_version(oauth_request)
--            consumer = self._get_consumer(oauth_request)
--            self._check_signature(oauth_request, consumer, None)
--            # fetch a new token
--            token = self.data_store.fetch_request_token(consumer)
--        return token
--
--    # process an access_token request
--    # returns the access token on success
--    def fetch_access_token(self, oauth_request):
--        version = self._get_version(oauth_request)
--        consumer = self._get_consumer(oauth_request)
--        # get the request token
--        token = self._get_token(oauth_request, 'request')
--        self._check_signature(oauth_request, consumer, token)
--        new_token = self.data_store.fetch_access_token(consumer, token)
--        return new_token
--
--    # verify an api call, checks all the parameters
--    def verify_request(self, oauth_request):
--        # -> consumer and token
--        version = self._get_version(oauth_request)
--        consumer = self._get_consumer(oauth_request)
--        # get the access token
--        token = self._get_token(oauth_request, 'access')
--        self._check_signature(oauth_request, consumer, token)
--        parameters = oauth_request.get_nonoauth_parameters()
--        return consumer, token, parameters
--
--    # authorize a request token
--    def authorize_token(self, token, user):
--        return self.data_store.authorize_request_token(token, user)
--
--    # get the callback url
--    def get_callback(self, oauth_request):
--        return oauth_request.get_parameter('oauth_callback')
--
--    # optional support for the authenticate header
--    def build_authenticate_header(self, realm=''):
--        return {'WWW-Authenticate': 'OAuth realm="%s"' % realm}
--
--    # verify the correct version request for this server
--    def _get_version(self, oauth_request):
--        try:
--            version = oauth_request.get_parameter('oauth_version')
--        except:
--            version = VERSION
--        if version and version != self.version:
--            raise OAuthError('OAuth version %s not supported' % str(version))
--        return version
--
--    # figure out the signature with some defaults
--    def _get_signature_method(self, oauth_request):
--        try:
--            signature_method = oauth_request.get_parameter('oauth_signature_method')
--        except:
--            signature_method = SIGNATURE_METHOD
--        try:
--            # get the signature method object
--            signature_method = self.signature_methods[signature_method]
--        except:
--            signature_method_names = ', '.join(self.signature_methods.keys())
--            raise OAuthError('Signature method %s not supported try one of the following: %s' % (signature_method, signature_method_names))
--
--        return signature_method
--
--    def _get_consumer(self, oauth_request):
--        consumer_key = oauth_request.get_parameter('oauth_consumer_key')
--        if not consumer_key:
--            raise OAuthError('Invalid consumer key')
--        consumer = self.data_store.lookup_consumer(consumer_key)
--        if not consumer:
--            raise OAuthError('Invalid consumer')
--        return consumer
--
--    # try to find the token for the provided request token key
--    def _get_token(self, oauth_request, token_type='access'):
--        token_field = oauth_request.get_parameter('oauth_token')
--        token = self.data_store.lookup_token(token_type, token_field)
--        if not token:
--            raise OAuthError('Invalid %s token: %s' % (token_type, token_field))
--        return token
--
--    def _check_signature(self, oauth_request, consumer, token):
--        timestamp, nonce = oauth_request._get_timestamp_nonce()
--        self._check_timestamp(timestamp)
--        self._check_nonce(consumer, token, nonce)
--        signature_method = self._get_signature_method(oauth_request)
--        try:
--            signature = oauth_request.get_parameter('oauth_signature')
--        except:
--            raise OAuthError('Missing signature')
--        # attempt to construct the same signature
--        built = signature_method.build_signature(oauth_request, consumer, token)
--        if signature != built:
--            key, base = signature_method.build_signature_base_string(oauth_request, consumer, token)
--            raise OAuthError('Signature does not match. Expected: %s Got: %s Expected signature base string: %s' % (built, signature, base))
--
--    def _check_timestamp(self, timestamp):
--        # verify that timestamp is recentish
--        timestamp = int(timestamp)
--        now = int(time.time())
--        lapsed = now - timestamp
--        if lapsed > self.timestamp_threshold:
--            raise OAuthError('Expired timestamp: given %d and now %s has a greater difference than threshold %d' % (timestamp, now, self.timestamp_threshold))
--
--    def _check_nonce(self, consumer, token, nonce):
--        # verify that the nonce is uniqueish
--        try:
--            self.data_store.lookup_nonce(consumer, token, nonce)
--            raise OAuthError('Nonce already used: %s' % str(nonce))
--        except:
--            pass
--
--# OAuthClient is a worker to attempt to execute a request
--class OAuthClient(object):
--    consumer = None
--    token = None
--
--    def __init__(self, oauth_consumer, oauth_token):
--        self.consumer = oauth_consumer
--        self.token = oauth_token
--
--    def get_consumer(self):
--        return self.consumer
--
--    def get_token(self):
--        return self.token
--
--    def fetch_request_token(self, oauth_request):
--        # -> OAuthToken
--        raise NotImplementedError
--
--    def fetch_access_token(self, oauth_request):
--        # -> OAuthToken
--        raise NotImplementedError
--
--    def access_resource(self, oauth_request):
--        # -> some protected resource
--        raise NotImplementedError
--
--# OAuthDataStore is a database abstraction used to lookup consumers and tokens
--class OAuthDataStore(object):
--
--    def lookup_consumer(self, key):
--        # -> OAuthConsumer
--        raise NotImplementedError
--
--    def lookup_token(self, oauth_consumer, token_type, token_token):
--        # -> OAuthToken
--        raise NotImplementedError
--
--    def lookup_nonce(self, oauth_consumer, oauth_token, nonce, timestamp):
--        # -> OAuthToken
--        raise NotImplementedError
--
--    def fetch_request_token(self, oauth_consumer):
--        # -> OAuthToken
--        raise NotImplementedError
--
--    def fetch_access_token(self, oauth_consumer, oauth_token):
--        # -> OAuthToken
--        raise NotImplementedError
--
--    def authorize_request_token(self, oauth_token, user):
--        # -> OAuthToken
--        raise NotImplementedError
--
--# OAuthSignatureMethod is a strategy class that implements a signature method
--class OAuthSignatureMethod(object):
--    def get_name():
--        # -> str
--        raise NotImplementedError
--
--    def build_signature_base_string(oauth_request, oauth_consumer, oauth_token):
--        # -> str key, str raw
--        raise NotImplementedError
--
--    def build_signature(oauth_request, oauth_consumer, oauth_token):
--        # -> str
--        raise NotImplementedError
--
--class OAuthSignatureMethod_HMAC_SHA1(OAuthSignatureMethod):
--
--    def get_name(self):
--        return 'HMAC-SHA1'
--
--    def build_signature_base_string(self, oauth_request, consumer, token):
--        sig = (
--            escape(oauth_request.get_normalized_http_method()),
--            escape(oauth_request.get_normalized_http_url()),
--            escape(oauth_request.get_normalized_parameters()),
--        )
--
--        key = '%s&' % escape(consumer.secret)
--        if token:
--            key += escape(token.secret)
--        raw = '&'.join(sig)
--        return key, raw
--
--    def build_signature(self, oauth_request, consumer, token):
--        # build the base signature string
--        key, raw = self.build_signature_base_string(oauth_request, consumer, token)
--
--        # hmac object
--        try:
--            import hashlib # 2.5
--            hashed = hmac.new(key, raw, hashlib.sha1)
--        except:
--            import sha # deprecated
--            hashed = hmac.new(key, raw, sha)
--
--        # calculate the digest base 64
--        return base64.b64encode(hashed.digest())
--
--class OAuthSignatureMethod_PLAINTEXT(OAuthSignatureMethod):
--
--    def get_name(self):
--        return 'PLAINTEXT'
--
--    def build_signature_base_string(self, oauth_request, consumer, token):
--        # concatenate the consumer key and secret
--        sig = escape(consumer.secret)
--        if token:
--            sig = '&'.join((sig, escape(token.secret)))
--        return sig
--
--    def build_signature(self, oauth_request, consumer, token):
--        return self.build_signature_base_string(oauth_request, consumer, token)