xbmcbackup/resources/lib/dropbox/client.py

from __future__ import absolute_import

import base64
import re
import os
import sys
import urllib

PY3 = sys.version_info[0] == 3

if PY3:
    from io import StringIO
    basestring = str
else:
    from StringIO import StringIO

try:
    import json
except ImportError:
    import simplejson as json

from .rest import ErrorResponse, RESTClient, params_to_urlencoded
from .session import BaseSession, DropboxSession, DropboxOAuth2Session


def format_path(path):
    """Normalize path for use with the Dropbox API.

    This function turns multiple adjacent slashes into single
    slashes, then ensures that there's a leading slash but
    not a trailing slash.
    """
    if not path:
        return path

    path = re.sub(r'/+', '/', path)

    if path == '/':
        return (u"" if isinstance(path, unicode) else "")
    else:
        return '/' + path.strip('/')


class DropboxClient(object):
    """
    This class lets you make Dropbox API calls.  You'll need to obtain an
    OAuth 2 access token first.  You can get an access token using either
    :class:`DropboxOAuth2Flow` or :class:`DropboxOAuth2FlowNoRedirect`.

    All of the API call methods can raise a :class:`dropbox.rest.ErrorResponse` exception if
    the server returns a non-200 or invalid HTTP response. Note that a 401
    return status at any point indicates that the access token you're using
    is no longer valid and the user must be put through the OAuth 2
    authorization flow again.
    """

    def __init__(self, oauth2_access_token, locale=None, rest_client=None):
        """Construct a ``DropboxClient`` instance.

        Parameters
          oauth2_access_token
            An OAuth 2 access token (string).  For backwards compatibility this may
            also be a DropboxSession object (see :meth:`create_oauth2_access_token()`).
          locale
            The locale of the user of your application.  For example "en" or "en_US".
            Some API calls return localized data and error messages; this setting
            tells the server which locale to use.  By default, the server uses "en_US".
          rest_client
            Optional :class:`dropbox.rest.RESTClient`-like object to use for making
            requests.
        """
        if rest_client is None: rest_client = RESTClient
        if isinstance(oauth2_access_token, basestring):
            if not _OAUTH2_ACCESS_TOKEN_PATTERN.match(oauth2_access_token):
                raise ValueError("invalid format for oauth2_access_token: %r"
                                 % (oauth2_access_token,))
            self.session = DropboxOAuth2Session(oauth2_access_token, locale)
        elif isinstance(oauth2_access_token, DropboxSession):
            # Backwards compatibility with OAuth 1
            if locale is not None:
                raise ValueError("The 'locale' parameter to DropboxClient is only useful "
                                 "when also passing in an OAuth 2 access token")
            self.session = oauth2_access_token
        else:
            raise ValueError("'oauth2_access_token' must either be a string or a DropboxSession")
        self.rest_client = rest_client

    def request(self, target, params=None, method='POST',
                content_server=False, notification_server=False):
        """
        An internal method that builds the url, headers, and params for a Dropbox API request.
        It is exposed if you need to make API calls not implemented in this library or if you
        need to debug requests.

        Parameters
            target
              The target URL with leading slash (e.g. '/files').
            params
              A dictionary of parameters to add to the request.
            method
              An HTTP method (e.g. 'GET' or 'POST').
            content_server
              A boolean indicating whether the request is to the
              API content server, for example to fetch the contents of a file
              rather than its metadata.
            notification_server
              A boolean indicating whether the request is to the API notification
              server, for example for longpolling.

        Returns
              A tuple of ``(url, params, headers)`` that should be used to make the request.
              OAuth will be added as needed within these fields.
        """
        assert method in ['GET','POST', 'PUT'], "Only 'GET', 'POST', and 'PUT' are allowed."
        assert not (content_server and notification_server), \
            "Cannot construct request simultaneously for content and notification servers."

        if params is None:
            params = {}

        if content_server:
            host = self.session.API_CONTENT_HOST
        elif notification_server:
            host = self.session.API_NOTIFICATION_HOST
        else:
            host = self.session.API_HOST

        base = self.session.build_url(host, target)
        headers, params = self.session.build_access_headers(method, base, params)

        if method in ('GET', 'PUT'):
            url = self.session.build_url(host, target, params)
        else:
            url = self.session.build_url(host, target)

        return url, params, headers

    def account_info(self):
        """Retrieve information about the user's account.

        Returns
              A dictionary containing account information.

              For a detailed description of what this call returns, visit:
              https://www.dropbox.com/developers/core/docs#account-info
        """
        url, params, headers = self.request("/account/info", method='GET')

        return self.rest_client.GET(url, headers)

    def disable_access_token(self):
        """
        Disable the access token that this ``DropboxClient`` is using.  If this call
        succeeds, further API calls using this object will fail.
        """
        url, params, headers = self.request("/disable_access_token", method='POST')

        return self.rest_client.POST(url, params, headers)

    def create_oauth2_access_token(self):
        """
        If this ``DropboxClient`` was created with an OAuth 1 access token, this method
        can be used to create an equivalent OAuth 2 access token.  This can be used to
        upgrade your app's existing access tokens from OAuth 1 to OAuth 2.

        Example::

            from dropbox.client import DropboxClient
            from dropbox.session import DropboxSession
            session = DropboxSession(APP_KEY, APP_SECRET)
            access_key, access_secret = '123abc', 'xyz456'  # Previously obtained OAuth 1 credentials
            session.set_token(access_key, access_secret)
            client = DropboxClient(session)
            token = client.create_oauth2_access_token()
            # Optionally, create a new client using the new token
            new_client = DropboxClient(token)
        """
        if not isinstance(self.session, DropboxSession):
            raise ValueError("This call requires a DropboxClient that is configured with an "
                             "OAuth 1 access token.")
        url, params, headers = self.request("/oauth2/token_from_oauth1", method='POST')

        r = self.rest_client.POST(url, params, headers)
        return r['access_token']

    def get_chunked_uploader(self, file_obj, length):
        """Creates a :class:`ChunkedUploader` to upload the given file-like object.

        Parameters
            file_obj
              The file-like object which is the source of the data
              being uploaded.
            length
              The number of bytes to upload.

        The expected use of this function is as follows::

            bigFile = open("data.txt", 'rb')

            uploader = myclient.get_chunked_uploader(bigFile, size)
            print "uploading: ", size
            while uploader.offset < size:
                try:
                    upload = uploader.upload_chunked()
                except rest.ErrorResponse, e:
                    # perform error handling and retry logic
            uploader.finish('/bigFile.txt')

        The SDK leaves the error handling and retry logic to the developer
        to implement, as the exact requirements will depend on the application
        involved.
        """
        return ChunkedUploader(self, file_obj, length)

    def upload_chunk(self, file_obj, length=None, offset=0, upload_id=None):
        """Uploads a single chunk of data from a string or file-like object. The majority of users
        should use the :class:`ChunkedUploader` object, which provides a simpler interface to the
        chunked_upload API endpoint.

        Parameters
            file_obj
              The source of the chunk to upload; a file-like object or a string.
            length
              This argument is ignored but still present for backward compatibility reasons.
            offset
              The byte offset to which this source data corresponds in the original file.
            upload_id
              The upload identifier for which this chunk should be uploaded,
              returned by a previous call, or None to start a new upload.

        Returns
            A dictionary containing the keys:

            upload_id
              A string used to identify the upload for subsequent calls to :meth:`upload_chunk()`
              and :meth:`commit_chunked_upload()`.
            offset
              The offset at which the next upload should be applied.
            expires
              The time after which this partial upload is invalid.
        """

        params = dict()

        if upload_id:
            params['upload_id'] = upload_id
            params['offset'] = offset

        url, ignored_params, headers = self.request("/chunked_upload", params,
                                                    method='PUT', content_server=True)

        try:
            reply = self.rest_client.PUT(url, file_obj, headers)
            return reply['offset'], reply['upload_id']
        except ErrorResponse as e:
            raise e

    def commit_chunked_upload(self, full_path, upload_id, overwrite=False, parent_rev=None):
        """Commit the previously uploaded chunks for the given path.

        Parameters
            full_path
              The full path to which the chunks are uploaded, *including the file name*.
              If the destination folder does not yet exist, it will be created.
            upload_id
              The chunked upload identifier, previously returned from upload_chunk.
            overwrite
              Whether to overwrite an existing file at the given path. (Default ``False``.)
              If overwrite is False and a file already exists there, Dropbox
              will rename the upload to make sure it doesn't overwrite anything.
              You need to check the metadata returned for the new name.
              This field should only be True if your intent is to potentially
              clobber changes to a file that you don't know about.
            parent_rev
              Optional rev field from the 'parent' of this upload.
              If your intent is to update the file at the given path, you should
              pass the parent_rev parameter set to the rev value from the most recent
              metadata you have of the existing file at that path. If the server
              has a more recent version of the file at the specified path, it will
              automatically rename your uploaded file, spinning off a conflict.
              Using this parameter effectively causes the overwrite parameter to be ignored.
              The file will always be overwritten if you send the most recent parent_rev,
              and it will never be overwritten if you send a less recent one.

        Returns
            A dictionary containing the metadata of the newly committed file.

            For a detailed description of what this call returns, visit:
            https://www.dropbox.com/developers/core/docs#commit-chunked-upload
        """

        params = {
            'upload_id': upload_id,
            'overwrite': overwrite,
            }

        if parent_rev is not None:
            params['parent_rev'] = parent_rev

        url, params, headers = self.request("/commit_chunked_upload/%s" % full_path,
                                            params, content_server=True)

        return self.rest_client.POST(url, params, headers)

    def put_file(self, full_path, file_obj, overwrite=False, parent_rev=None):
        """Upload a file.

        A typical use case would be as follows::

            f = open('working-draft.txt', 'rb')
            response = client.put_file('/magnum-opus.txt', f)
            print "uploaded:", response

        which would return the metadata of the uploaded file, similar to::

            {
                'bytes': 77,
                'icon': 'page_white_text',
                'is_dir': False,
                'mime_type': 'text/plain',
                'modified': 'Wed, 20 Jul 2011 22:04:50 +0000',
                'path': '/magnum-opus.txt',
                'rev': '362e2029684fe',
                'revision': 221922,
                'root': 'dropbox',
                'size': '77 bytes',
                'thumb_exists': False
            }

        Parameters
            full_path
              The full path to upload the file to, *including the file name*.
              If the destination folder does not yet exist, it will be created.
            file_obj
              A file-like object to upload. If you would like, you can pass a string as file_obj.
            overwrite
              Whether to overwrite an existing file at the given path. (Default ``False``.)
              If overwrite is False and a file already exists there, Dropbox
              will rename the upload to make sure it doesn't overwrite anything.
              You need to check the metadata returned for the new name.
              This field should only be True if your intent is to potentially
              clobber changes to a file that you don't know about.
            parent_rev
              Optional rev field from the 'parent' of this upload.
              If your intent is to update the file at the given path, you should
              pass the parent_rev parameter set to the rev value from the most recent
              metadata you have of the existing file at that path. If the server
              has a more recent version of the file at the specified path, it will
              automatically rename your uploaded file, spinning off a conflict.
              Using this parameter effectively causes the overwrite parameter to be ignored.
              The file will always be overwritten if you send the most recent parent_rev,
              and it will never be overwritten if you send a less recent one.

        Returns
              A dictionary containing the metadata of the newly uploaded file.

              For a detailed description of what this call returns, visit:
              https://www.dropbox.com/developers/core/docs#files-put

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 400: Bad request (may be due to many things; check e.error for details).
              - 503: User over quota.
        """
        path = "/files_put/%s%s" % (self.session.root, format_path(full_path))

        params = {
            'overwrite': bool(overwrite),
            }

        if parent_rev is not None:
            params['parent_rev'] = parent_rev

        url, params, headers = self.request(path, params, method='PUT', content_server=True)

        return self.rest_client.PUT(url, file_obj, headers)

    def get_file(self, from_path, rev=None, start=None, length=None):
        """Download a file.

        Example::

            out = open('magnum-opus.txt', 'wb')
            with client.get_file('/magnum-opus.txt') as f:
                out.write(f.read())

        which would download the file ``magnum-opus.txt`` and write the contents into
        the file ``magnum-opus.txt`` on the local filesystem.

        Parameters
            from_path
              The path to the file to be downloaded.
            rev
              Optional previous rev value of the file to be downloaded.
            start
              Optional byte value from which to start downloading.
            length
              Optional length in bytes for partially downloading the file. If ``length`` is
              specified but ``start`` is not, then the last ``length`` bytes will be downloaded.
        Returns
              A :class:`dropbox.rest.RESTResponse` that is the HTTP response for
              the API request.  It is a file-like object that can be read from.  You
              must call ``close()`` when you're done.

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 400: Bad request (may be due to many things; check e.error for details).
              - 404: No file was found at the given path, or the file that was there was deleted.
              - 200: Request was okay but response was malformed in some way.
        """
        path = "/files/%s%s" % (self.session.root, format_path(from_path))

        params = {}
        if rev is not None:
            params['rev'] = rev

        url, params, headers = self.request(path, params, method='GET', content_server=True)
        if start is not None:
            if length:
              headers['Range'] = 'bytes=%s-%s' % (start, start + length - 1)
            else:
              headers['Range'] = 'bytes=%s-' % start
        elif length is not None:
            headers['Range'] = 'bytes=-%s' % length
        return self.rest_client.request("GET", url, headers=headers, raw_response=True)

    def get_file_and_metadata(self, from_path, rev=None):
        """Download a file alongwith its metadata.

        Acts as a thin wrapper around get_file() (see :meth:`get_file()` comments for
        more details)

        A typical usage looks like this::

            out = open('magnum-opus.txt', 'wb')
            f, metadata = client.get_file_and_metadata('/magnum-opus.txt')
            with f:
                out.write(f.read())

        Parameters
            from_path
              The path to the file to be downloaded.
            rev
              Optional previous rev value of the file to be downloaded.

        Returns
              A pair of ``(response, metadata)``:

              response
                A :class:`dropbox.rest.RESTResponse` that is the HTTP response for
                the API request.  It is a file-like object that can be read from.  You
                must call ``close()`` when you're done.
              metadata
                A dictionary containing the metadata of the file (see
                https://www.dropbox.com/developers/core/docs#metadata for details).

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 400: Bad request (may be due to many things; check e.error for details).
              - 404: No file was found at the given path, or the file that was there was deleted.
              - 200: Request was okay but response was malformed in some way.
        """
        file_res = self.get_file(from_path, rev)
        metadata = DropboxClient.__parse_metadata_as_dict(file_res)

        return file_res, metadata

    @staticmethod
    def __parse_metadata_as_dict(dropbox_raw_response):
        # Parses file metadata from a raw dropbox HTTP response, raising a
        # dropbox.rest.ErrorResponse if parsing fails.
        metadata = None
        for header, header_val in dropbox_raw_response.getheaders().iteritems():
            if header.lower() == 'x-dropbox-metadata':
                try:
                    metadata = json.loads(header_val)
                except ValueError:
                    raise ErrorResponse(dropbox_raw_response)
        if not metadata: raise ErrorResponse(dropbox_raw_response)
        return metadata

    def delta(self, cursor=None, path_prefix=None, include_media_info=False):
        """A way of letting you keep up with changes to files and folders in a
        user's Dropbox.  You can periodically call delta() to get a list of "delta
        entries", which are instructions on how to update your local state to
        match the server's state.

        Parameters
          cursor
            On the first call, omit this argument (or pass in ``None``).  On
            subsequent calls, pass in the ``cursor`` string returned by the previous
            call.
          path_prefix
            If provided, results will be limited to files and folders
            whose paths are equal to or under ``path_prefix``.  The ``path_prefix`` is
            fixed for a given cursor.  Whatever ``path_prefix`` you use on the first
            ``delta()`` must also be passed in on subsequent calls that use the returned
            cursor.
          include_media_info
            If True, delta will return additional media info for photos and videos
            (the time a photo was taken, the GPS coordinates of a photo, etc.). There
            is a delay between when a file is uploaded to Dropbox and when this
            information is available; delta will only include a file in the changelist
            once its media info is ready. The value you use on the first ``delta()`` must
            also be passed in on subsequent calls that use the returned cursor.

        Returns
          A dict with four keys:

          entries
            A list of "delta entries" (described below).
          reset
            If ``True``, you should your local state to be an empty folder
            before processing the list of delta entries.  This is only ``True`` only
            in rare situations.
          cursor
            A string that is used to keep track of your current state.
            On the next call to delta(), pass in this value to return entries
            that were recorded since the cursor was returned.
          has_more
            If ``True``, then there are more entries available; you can
            call delta() again immediately to retrieve those entries.  If ``False``,
            then wait at least 5 minutes (preferably longer) before checking again.

        Delta Entries: Each entry is a 2-item list of one of following forms:

          - [*path*, *metadata*]: Indicates that there is a file/folder at the given
            path.  You should add the entry to your local path.  (The *metadata*
            value is the same as what would be returned by the ``metadata()`` call.)

            - If the new entry includes parent folders that don't yet exist in your
              local state, create those parent folders in your local state.  You
              will eventually get entries for those parent folders.
            - If the new entry is a file, replace whatever your local state has at
              *path* with the new entry.
            - If the new entry is a folder, check what your local state has at
              *path*.  If it's a file, replace it with the new entry.  If it's a
              folder, apply the new *metadata* to the folder, but do not modify
              the folder's children.
          - [*path*, ``None``]: Indicates that there is no file/folder at the *path* on
            Dropbox.  To update your local state to match, delete whatever is at *path*,
            including any children (you will sometimes also get "delete" delta entries
            for the children, but this is not guaranteed).  If your local state doesn't
            have anything at *path*, ignore this entry.

        Remember: Dropbox treats file names in a case-insensitive but case-preserving
        way.  To facilitate this, the *path* strings above are lower-cased versions of
        the actual path.  The *metadata* dicts have the original, case-preserved path.
        """
        path = "/delta"

        params = {'include_media_info': include_media_info}
        if cursor is not None:
            params['cursor'] = cursor
        if path_prefix is not None:
            params['path_prefix'] = path_prefix

        url, params, headers = self.request(path, params)

        return self.rest_client.POST(url, params, headers)

    def longpoll_delta(self, cursor, timeout=None):
        """A long-poll endpoint to wait for changes on an account. In conjunction with
        :meth:`delta()`, this call gives you a low-latency way to monitor an account for
        file changes.

        Note that this call goes to ``api-notify.dropbox.com`` instead of ``api.dropbox.com``.

        Unlike most other API endpoints, this call does not require OAuth authentication.
        The passed-in cursor can only be acquired via an authenticated call to :meth:`delta()`.

        Parameters
          cursor
            A delta cursor as returned from a call to :meth:`delta()`. Note that a cursor
            returned from a call to :meth:`delta()` with ``include_media_info=True`` is
            incompatible with ``longpoll_delta()`` and an error will be returned.
          timeout
            An optional integer indicating a timeout, in seconds. The default value is
            30 seconds, which is also the minimum allowed value. The maximum is 480
            seconds. The request will block for at most this length of time, plus up
            to 90 seconds of random jitter added to avoid the thundering herd problem.
            Care should be taken when using this parameter, as some network
            infrastructure does not support long timeouts.

        Returns
            The connection will block until there are changes available or a timeout occurs.
            The response will be a dictionary that looks like the following example::

              {"changes": false, "backoff": 60}

            For a detailed description of what this call returns, visit:
            https://www.dropbox.com/developers/core/docs#longpoll-delta

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 400: Bad request (generally due to an invalid parameter; check e.error for details).
        """
        path = "/longpoll_delta"

        params = {'cursor': cursor}
        if timeout is not None:
            params['timeout'] = timeout

        url, params, headers = self.request(path, params, method='GET', notification_server=True)

        return self.rest_client.GET(url, headers)

    def create_copy_ref(self, from_path):
        """Creates and returns a copy ref for a specific file.  The copy ref can be
        used to instantly copy that file to the Dropbox of another account.

        Parameters
          path
            The path to the file for a copy ref to be created on.

        Returns
          A dictionary that looks like the following example::

            {"expires": "Fri, 31 Jan 2042 21:01:05 +0000", "copy_ref": "z1X6ATl6aWtzOGq0c3g5Ng"}

        """
        path = "/copy_ref/%s%s" % (self.session.root, format_path(from_path))

        url, params, headers = self.request(path, {}, method='GET')

        return self.rest_client.GET(url, headers)

    def add_copy_ref(self, copy_ref, to_path):
        """Adds the file referenced by the copy ref to the specified path

        Parameters
          copy_ref
            A copy ref string that was returned from a create_copy_ref call.
            The copy_ref can be created from any other Dropbox account, or from the same account.
          path
            The path to where the file will be created.

        Returns
            A dictionary containing the metadata of the new copy of the file.
         """
        path = "/fileops/copy"

        params = {'from_copy_ref': copy_ref,
                  'to_path': format_path(to_path),
                  'root': self.session.root}

        url, params, headers = self.request(path, params)

        return self.rest_client.POST(url, params, headers)

    def file_copy(self, from_path, to_path):
        """Copy a file or folder to a new location.

        Parameters
            from_path
              The path to the file or folder to be copied.
            to_path
              The destination path of the file or folder to be copied.
              This parameter should include the destination filename (e.g.
              from_path: '/test.txt', to_path: '/dir/test.txt'). If there's
              already a file at the to_path it will raise an ErrorResponse.

        Returns
              A dictionary containing the metadata of the new copy of the file or folder.

              For a detailed description of what this call returns, visit:
              https://www.dropbox.com/developers/core/docs#fileops-copy

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 400: Bad request (may be due to many things; check e.error for details).
              - 403: An invalid copy operation was attempted
                (e.g. there is already a file at the given destination,
                or trying to copy a shared folder).
              - 404: No file was found at given from_path.
              - 503: User over storage quota.
        """
        params = {'root': self.session.root,
                  'from_path': format_path(from_path),
                  'to_path': format_path(to_path),
                  }

        url, params, headers = self.request("/fileops/copy", params)

        return self.rest_client.POST(url, params, headers)

    def file_create_folder(self, path):
        """Create a folder.

        Parameters
            path
              The path of the new folder.

        Returns
              A dictionary containing the metadata of the newly created folder.

              For a detailed description of what this call returns, visit:
              https://www.dropbox.com/developers/core/docs#fileops-create-folder

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 400: Bad request (may be due to many things; check e.error for details).
              - 403: A folder at that path already exists.
        """
        params = {'root': self.session.root, 'path': format_path(path)}

        url, params, headers = self.request("/fileops/create_folder", params)

        return self.rest_client.POST(url, params, headers)

    def file_delete(self, path):
        """Delete a file or folder.

        Parameters
            path
              The path of the file or folder.

        Returns
              A dictionary containing the metadata of the just deleted file.

              For a detailed description of what this call returns, visit:
              https://www.dropbox.com/developers/core/docs#fileops-delete

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 400: Bad request (may be due to many things; check e.error for details).
              - 404: No file was found at the given path.
        """
        params = {'root': self.session.root, 'path': format_path(path)}

        url, params, headers = self.request("/fileops/delete", params)

        return self.rest_client.POST(url, params, headers)

    def file_move(self, from_path, to_path):
        """Move a file or folder to a new location.

        Parameters
            from_path
              The path to the file or folder to be moved.
            to_path
              The destination path of the file or folder to be moved.
              This parameter should include the destination filename (e.g. if
              ``from_path`` is ``'/test.txt'``, ``to_path`` might be
              ``'/dir/test.txt'``). If there's already a file at the
              ``to_path`` it will raise an ErrorResponse.

        Returns
              A dictionary containing the metadata of the new copy of the file or folder.

              For a detailed description of what this call returns, visit:
              https://www.dropbox.com/developers/core/docs#fileops-move

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 400: Bad request (may be due to many things; check e.error for details).
              - 403: An invalid move operation was attempted
                (e.g. there is already a file at the given destination,
                or moving a shared folder into a shared folder).
              - 404: No file was found at given from_path.
              - 503: User over storage quota.
        """
        params = {'root': self.session.root,
                  'from_path': format_path(from_path),
                  'to_path': format_path(to_path)}

        url, params, headers = self.request("/fileops/move", params)

        return self.rest_client.POST(url, params, headers)

    def metadata(self, path, list=True, file_limit=25000, hash=None,
                 rev=None, include_deleted=False, include_media_info=False):
        """Retrieve metadata for a file or folder.

        A typical use would be::

            folder_metadata = client.metadata('/')
            print "metadata:", folder_metadata

        which would return the metadata of the root folder. This
        will look something like::

            {
                'bytes': 0,
                'contents': [
                    {
                       'bytes': 0,
                       'icon': 'folder',
                       'is_dir': True,
                       'modified': 'Thu, 25 Aug 2011 00:03:15 +0000',
                       'path': '/Sample Folder',
                       'rev': '803beb471',
                       'revision': 8,
                       'root': 'dropbox',
                       'size': '0 bytes',
                       'thumb_exists': False
                    },
                    {
                       'bytes': 77,
                       'icon': 'page_white_text',
                       'is_dir': False,
                       'mime_type': 'text/plain',
                       'modified': 'Wed, 20 Jul 2011 22:04:50 +0000',
                       'path': '/magnum-opus.txt',
                       'rev': '362e2029684fe',
                       'revision': 221922,
                       'root': 'dropbox',
                       'size': '77 bytes',
                       'thumb_exists': False
                    }
                ],
                'hash': 'efdac89c4da886a9cece1927e6c22977',
                'icon': 'folder',
                'is_dir': True,
                'path': '/',
                'root': 'app_folder',
                'size': '0 bytes',
                'thumb_exists': False
            }

        In this example, the root folder contains two things: ``Sample Folder``,
        which is a folder, and ``/magnum-opus.txt``, which is a text file 77 bytes long

        Parameters
            path
              The path to the file or folder.
            list
              Whether to list all contained files (only applies when
              path refers to a folder).
            file_limit
              The maximum number of file entries to return within
              a folder. If the number of files in the folder exceeds this
              limit, an exception is raised. The server will return at max
              25,000 files within a folder.
            hash
              Every folder listing has a hash parameter attached that
              can then be passed back into this function later to save on
              bandwidth. Rather than returning an unchanged folder's contents,
              the server will instead return a 304.
            rev
              Optional revision of the file to retrieve the metadata for.
              This parameter only applies for files. If omitted, you'll receive
              the most recent revision metadata.
            include_deleted
              When listing contained files, include files that have been deleted.
            include_media_info
              If True, includes additional media info for photos and videos if
              available (the time a photo was taken, the GPS coordinates of a photo,
              etc.).

        Returns
              A dictionary containing the metadata of the file or folder
              (and contained files if appropriate).

              For a detailed description of what this call returns, visit:
              https://www.dropbox.com/developers/core/docs#metadata

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 304: Current folder hash matches hash parameters, so contents are unchanged.
              - 400: Bad request (may be due to many things; check e.error for details).
              - 404: No file was found at given path.
              - 406: Too many file entries to return.
        """
        path = "/metadata/%s%s" % (self.session.root, format_path(path))

        params = {'file_limit': file_limit,
                  'list': 'true',
                  'include_deleted': include_deleted,
                  'include_media_info': include_media_info,
                  }

        if not list:
            params['list'] = 'false'
        if hash is not None:
            params['hash'] = hash
        if rev:
            params['rev'] = rev

        url, params, headers = self.request(path, params, method='GET')

        return self.rest_client.GET(url, headers)

    def thumbnail(self, from_path, size='m', format='JPEG'):
        """Download a thumbnail for an image.

        Parameters
            from_path
              The path to the file to be thumbnailed.
            size
              A string specifying the desired thumbnail size.  Currently
              supported sizes: ``"xs"`` (32x32), ``"s"`` (64x64), ``"m"`` (128x128),
              ``"l``" (640x480), ``"xl"`` (1024x768).
              Check https://www.dropbox.com/developers/core/docs#thumbnails for
              more details.
            format
              The image format the server should use for the returned
              thumbnail data.  Either ``"JPEG"`` or ``"PNG"``.

        Returns
              A :class:`dropbox.rest.RESTResponse` that is the HTTP response for
              the API request.  It is a file-like object that can be read from.  You
              must call ``close()`` when you're done.

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 400: Bad request (may be due to many things; check e.error for details).
              - 404: No file was found at the given from_path,
                or files of that type cannot be thumbnailed.
              - 415: Image is invalid and cannot be thumbnailed.
        """
        assert format in ['JPEG', 'PNG'], \
               "expected a thumbnail format of 'JPEG' or 'PNG', got %s" % format

        path = "/thumbnails/%s%s" % (self.session.root, format_path(from_path))

        url, params, headers = self.request(path, {'size': size, 'format': format},
                                            method='GET', content_server=True)
        return self.rest_client.request("GET", url, headers=headers, raw_response=True)

    def thumbnail_and_metadata(self, from_path, size='m', format='JPEG'):
        """Download a thumbnail for an image alongwith its metadata.

        Acts as a thin wrapper around thumbnail() (see :meth:`thumbnail()` comments for
        more details)

        Parameters
            from_path
              The path to the file to be thumbnailed.
            size
              A string specifying the desired thumbnail size. See :meth:`thumbnail()`
              for details.
            format
              The image format the server should use for the returned
              thumbnail data.  Either ``"JPEG"`` or ``"PNG"``.

        Returns
              A pair of ``(response, metadata)``:

              response
                A :class:`dropbox.rest.RESTResponse` that is the HTTP response for
                the API request.  It is a file-like object that can be read from.  You
                must call ``close()`` when you're done.
              metadata
                A dictionary containing the metadata of the file whose thumbnail
                was downloaded (see https://www.dropbox.com/developers/core/docs#metadata
                for details).

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 400: Bad request (may be due to many things; check e.error for details).
              - 404: No file was found at the given from_path,
                or files of that type cannot be thumbnailed.
              - 415: Image is invalid and cannot be thumbnailed.
              - 200: Request was okay but response was malformed in some way.
        """
        thumbnail_res = self.thumbnail(from_path, size, format)
        metadata = DropboxClient.__parse_metadata_as_dict(thumbnail_res)

        return thumbnail_res, metadata

    def search(self, path, query, file_limit=1000, include_deleted=False):
        """Search folder for filenames matching query.

        Parameters
            path
              The folder to search within.
            query
              The query to search on (minimum 3 characters).
            file_limit
              The maximum number of file entries to return within a folder.
              The server will return at max 1,000 files.
            include_deleted
              Whether to include deleted files in search results.

        Returns
              A list of the metadata of all matching files (up to
              file_limit entries).  For a detailed description of what
              this call returns, visit:
              https://www.dropbox.com/developers/core/docs#search

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 400: Bad request (may be due to many things; check e.error for details).
        """
        path = "/search/%s%s" % (self.session.root, format_path(path))

        params = {
            'query': query,
            'file_limit': file_limit,
            'include_deleted': include_deleted,
            }

        url, params, headers = self.request(path, params)

        return self.rest_client.POST(url, params, headers)

    def revisions(self, path, rev_limit=1000):
        """Retrieve revisions of a file.

        Parameters
            path
              The file to fetch revisions for. Note that revisions
              are not available for folders.
            rev_limit
              The maximum number of file entries to return within
              a folder. The server will return at max 1,000 revisions.

        Returns
              A list of the metadata of all matching files (up to rev_limit entries).

              For a detailed description of what this call returns, visit:
              https://www.dropbox.com/developers/core/docs#revisions

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 400: Bad request (may be due to many things; check e.error for details).
              - 404: No revisions were found at the given path.
        """
        path = "/revisions/%s%s" % (self.session.root, format_path(path))

        params = {
            'rev_limit': rev_limit,
            }

        url, params, headers = self.request(path, params, method='GET')

        return self.rest_client.GET(url, headers)

    def restore(self, path, rev):
        """Restore a file to a previous revision.

        Parameters
            path
              The file to restore. Note that folders can't be restored.
            rev
              A previous rev value of the file to be restored to.

        Returns
              A dictionary containing the metadata of the newly restored file.

              For a detailed description of what this call returns, visit:
              https://www.dropbox.com/developers/core/docs#restore

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 400: Bad request (may be due to many things; check e.error for details).
              - 404: Unable to find the file at the given revision.
        """
        path = "/restore/%s%s" % (self.session.root, format_path(path))

        params = {
            'rev': rev,
            }

        url, params, headers = self.request(path, params)

        return self.rest_client.POST(url, params, headers)

    def media(self, path):
        """Get a temporary unauthenticated URL for a media file.

        All of Dropbox's API methods require OAuth, which may cause problems in
        situations where an application expects to be able to hit a URL multiple times
        (for example, a media player seeking around a video file). This method
        creates a time-limited URL that can be accessed without any authentication,
        and returns that to you, along with an expiration time.

        Parameters
            path
              The file to return a URL for. Folders are not supported.

        Returns
            A dictionary that looks like the following example::

              {'url': 'https://dl.dropboxusercontent.com/1/view/abcdefghijk/example',
               'expires': 'Thu, 16 Sep 2011 01:01:25 +0000'}

            For a detailed description of what this call returns, visit:
            https://www.dropbox.com/developers/core/docs#media

        Raises
            A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

            - 400: Bad request (may be due to many things; check e.error for details).
            - 404: Unable to find the file at the given path.
        """
        path = "/media/%s%s" % (self.session.root, format_path(path))

        url, params, headers = self.request(path, method='GET')

        return self.rest_client.GET(url, headers)

    def share(self, path, short_url=True):
        """Create a shareable link to a file or folder.

        Shareable links created on Dropbox are time-limited, but don't require any
        authentication, so they can be given out freely. The time limit should allow
        at least a day of shareability, though users have the ability to disable
        a link from their account if they like.

        Parameters
            path
              The file or folder to share.

        Returns
              A dictionary that looks like the following example::

                {'url': u'https://db.tt/c0mFuu1Y', 'expires': 'Tue, 01 Jan 2030 00:00:00 +0000'}

              For a detailed description of what this call returns, visit:
              https://www.dropbox.com/developers/core/docs#shares

        Raises
              A :class:`dropbox.rest.ErrorResponse` with an HTTP status of:

              - 400: Bad request (may be due to many things; check e.error for details).
              - 404: Unable to find the file at the given path.
        """
        path = "/shares/%s%s" % (self.session.root, format_path(path))

        params = {
            'short_url': short_url,
            }

        url, params, headers = self.request(path, params, method='GET')

        return self.rest_client.GET(url, headers)


class ChunkedUploader(object):
    """Contains the logic around a chunked upload, which uploads a
    large file to Dropbox via the /chunked_upload endpoint.
    """

    def __init__(self, client, file_obj, length):
        self.client = client
        self.offset = 0
        self.upload_id = None

        self.last_block = None
        self.file_obj = file_obj
        self.target_length = length

    def upload_chunked(self, chunk_size = 4 * 1024 * 1024):
        """Uploads data from this ChunkedUploader's file_obj in chunks, until
        an error occurs. Throws an exception when an error occurs, and can
        be called again to resume the upload.

        Parameters
            chunk_size
              The number of bytes to put in each chunk. (Default 4 MB.)
        """

        while self.offset < self.target_length:
            next_chunk_size = min(chunk_size, self.target_length - self.offset)
            if self.last_block == None:
                self.last_block = self.file_obj.read(next_chunk_size)

            try:
                (self.offset, self.upload_id) = self.client.upload_chunk(
                    StringIO(self.last_block), next_chunk_size, self.offset, self.upload_id)
                self.last_block = None
            except ErrorResponse as e:
                # Handle the case where the server tells us our offset is wrong.
                must_reraise = True
                if e.status == 400:
                    reply = e.body
                    if "offset" in reply and reply['offset'] != 0 and reply['offset'] > self.offset:
                        self.last_block = None
                        self.offset = reply['offset']
                        must_reraise = False
                if must_reraise:
                    raise

    def finish(self, path, overwrite=False, parent_rev=None):
        """Commits the bytes uploaded by this ChunkedUploader to a file
        in the users dropbox.

        Parameters
            path
              The full path of the file in the Dropbox.
            overwrite
              Whether to overwrite an existing file at the given path. (Default ``False``.)
              If overwrite is False and a file already exists there, Dropbox
              will rename the upload to make sure it doesn't overwrite anything.
              You need to check the metadata returned for the new name.
              This field should only be True if your intent is to potentially
              clobber changes to a file that you don't know about.
            parent_rev
              Optional rev field from the 'parent' of this upload.
              If your intent is to update the file at the given path, you should
              pass the parent_rev parameter set to the rev value from the most recent
              metadata you have of the existing file at that path. If the server
              has a more recent version of the file at the specified path, it will
              automatically rename your uploaded file, spinning off a conflict.
              Using this parameter effectively causes the overwrite parameter to be ignored.
              The file will always be overwritten if you send the most recent parent_rev,
              and it will never be overwritten if you send a less recent one.
        """

        path = "/commit_chunked_upload/%s%s" % (self.client.session.root, format_path(path))

        params = dict(
            overwrite = bool(overwrite),
            upload_id = self.upload_id
        )

        if parent_rev is not None:
            params['parent_rev'] = parent_rev

        url, params, headers = self.client.request(path, params, content_server=True)

        return self.client.rest_client.POST(url, params, headers)


# Allow access of ChunkedUploader via DropboxClient for backwards compatibility.
DropboxClient.ChunkedUploader = ChunkedUploader


class DropboxOAuth2FlowBase(object):

    def __init__(self, consumer_key, consumer_secret, locale=None, rest_client=RESTClient):
        self.consumer_key = consumer_key
        self.consumer_secret = consumer_secret
        self.locale = locale
        self.rest_client = rest_client

    def _get_authorize_url(self, redirect_uri, state):
        params = dict(response_type='code',
                      client_id=self.consumer_key)
        if redirect_uri is not None:
            params['redirect_uri'] = redirect_uri
        if state is not None:
            params['state'] = state

        return self.build_url(BaseSession.WEB_HOST, '/oauth2/authorize', params)

    def _finish(self, code, redirect_uri):
        url = self.build_url(BaseSession.API_HOST, '/oauth2/token')
        params = {'grant_type': 'authorization_code',
                  'code': code,
                  'client_id': self.consumer_key,
                  'client_secret': self.consumer_secret,
                  }
        if self.locale is not None:
            params['locale'] = self.locale
        if redirect_uri is not None:
            params['redirect_uri'] = redirect_uri

        response = self.rest_client.POST(url, params=params)
        access_token = response["access_token"]
        user_id = response["uid"]
        return access_token, user_id

    def build_path(self, target, params=None):
        """Build the path component for an API URL.

        This method urlencodes the parameters, adds them
        to the end of the target url, and puts a marker for the API
        version in front.

        Parameters
            target
              A target url (e.g. '/files') to build upon.
            params
              Optional dictionary of parameters (name to value).

        Returns
            The path and parameters components of an API URL.
        """
        if sys.version_info < (3,) and type(target) == unicode:
            target = target.encode("utf8")

        target_path = urllib.quote(target)

        params = params or {}
        params = params.copy()

        if self.locale:
            params['locale'] = self.locale

        if params:
            query_string = params_to_urlencoded(params)
            return "/%s%s?%s" % (BaseSession.API_VERSION, target_path, query_string)
        else:
            return "/%s%s" % (BaseSession.API_VERSION, target_path)

    def build_url(self, host, target, params=None):
        """Build an API URL.

        This method adds scheme and hostname to the path
        returned from build_path.

        Parameters
            target
              A target url (e.g. '/files') to build upon.
            params
              Optional dictionary of parameters (name to value).

        Returns
            The full API URL.
        """
        return "https://%s%s" % (host, self.build_path(target, params))


class DropboxOAuth2FlowNoRedirect(DropboxOAuth2FlowBase):
    """
    OAuth 2 authorization helper for apps that can't provide a redirect URI
    (such as the command-line example apps).

    Example::

        from dropbox.client import DropboxOAuth2FlowNoRedirect, DropboxClient
        from dropbox import rest as dbrest

        auth_flow = DropboxOAuth2FlowNoRedirect(APP_KEY, APP_SECRET)

        authorize_url = auth_flow.start()
        print "1. Go to: " + authorize_url
        print "2. Click \\"Allow\\" (you might have to log in first)."
        print "3. Copy the authorization code."
        auth_code = raw_input("Enter the authorization code here: ").strip()

        try:
            access_token, user_id = auth_flow.finish(auth_code)
        except dbrest.ErrorResponse, e:
            print('Error: %s' % (e,))
            return

        c = DropboxClient(access_token)
    """

    def __init__(self, consumer_key, consumer_secret, locale=None, rest_client=None):
        """
        Construct an instance.

        Parameters
          consumer_key
            Your API app's "app key"
          consumer_secret
            Your API app's "app secret"
          locale
            The locale of the user of your application.  For example "en" or "en_US".
            Some API calls return localized data and error messages; this setting
            tells the server which locale to use.  By default, the server uses "en_US".
          rest_client
            Optional :class:`dropbox.rest.RESTClient`-like object to use for making
            requests.
        """
        if rest_client is None: rest_client = RESTClient
        super(DropboxOAuth2FlowNoRedirect, self).__init__(consumer_key, consumer_secret,
                                                          locale, rest_client)

    def start(self):
        """
        Starts the OAuth 2 authorization process.

        Returns
            The URL for a page on Dropbox's website.  This page will let the user "approve"
            your app, which gives your app permission to access the user's Dropbox account.
            Tell the user to visit this URL and approve your app.
        """
        return self._get_authorize_url(None, None)

    def finish(self, code):
        """
        If the user approves your app, they will be presented with an "authorization code".  Have
        the user copy/paste that authorization code into your app and then call this method to
        get an access token.

        Parameters
          code
            The authorization code shown to the user when they approved your app.

        Returns
            A pair of ``(access_token, user_id)``.  ``access_token`` is a string that
            can be passed to DropboxClient.  ``user_id`` is the Dropbox user ID (string) of the
            user that just approved your app.

        Raises
            The same exceptions as :meth:`DropboxOAuth2Flow.finish()`.
        """
        return self._finish(code, None)


class DropboxOAuth2Flow(DropboxOAuth2FlowBase):
    """
    OAuth 2 authorization helper.  Use this for web apps.

    OAuth 2 has a two-step authorization process.  The first step is having the user authorize
    your app.  The second involves getting an OAuth 2 access token from Dropbox.

    Example::

        from dropbox.client import DropboxOAuth2Flow, DropboxClient

        def get_dropbox_auth_flow(web_app_session):
            redirect_uri = "https://my-web-server.org/dropbox-auth-finish")
            return DropboxOAuth2Flow(APP_KEY, APP_SECRET, redirect_uri,
                                     web_app_session, "dropbox-auth-csrf-token")

        # URL handler for /dropbox-auth-start
        def dropbox_auth_start(web_app_session, request):
            authorize_url = get_dropbox_auth_flow(web_app_session).start()
            redirect_to(authorize_url)

        # URL handler for /dropbox-auth-finish
        def dropbox_auth_finish(web_app_session, request):
            try:
                access_token, user_id, url_state = \\
                        get_dropbox_auth_flow(web_app_session).finish(request.query_params)
            except DropboxOAuth2Flow.BadRequestException, e:
                http_status(400)
            except DropboxOAuth2Flow.BadStateException, e:
                # Start the auth flow again.
                redirect_to("/dropbox-auth-start")
            except DropboxOAuth2Flow.CsrfException, e:
                http_status(403)
            except DropboxOAuth2Flow.NotApprovedException, e:
                flash('Not approved?  Why not?')
                return redirect_to("/home")
            except DropboxOAuth2Flow.ProviderException, e:
                logger.log("Auth error: %s" % (e,))
                http_status(403)

    """

    def __init__(self, consumer_key, consumer_secret, redirect_uri, session,
                 csrf_token_session_key, locale=None, rest_client=None):
        """
        Construct an instance.

        Parameters
          consumer_key
            Your API app's "app key".
          consumer_secret
            Your API app's "app secret".
          redirect_uri
            The URI that the Dropbox server will redirect the user to after the user
            finishes authorizing your app.  This URI  must be HTTPS-based and pre-registered with
            the Dropbox servers, though localhost URIs are allowed without pre-registration and can
            be either HTTP or HTTPS.
          session
            A dict-like object that represents the current user's web session (will be
            used to save the CSRF token).
          csrf_token_session_key
            The key to use when storing the CSRF token in the session (for
            example: "dropbox-auth-csrf-token").
          locale
            The locale of the user of your application.  For example "en" or "en_US".
            Some API calls return localized data and error messages; this setting
            tells the server which locale to use.  By default, the server uses "en_US".
          rest_client
            Optional :class:`dropbox.rest.RESTClient`-like object to use for making
            requests.
        """
        if rest_client is None: rest_client = RESTClient
        super(DropboxOAuth2Flow, self).__init__(consumer_key, consumer_secret, locale, rest_client)
        self.redirect_uri = redirect_uri
        self.session = session
        self.csrf_token_session_key = csrf_token_session_key

    def start(self, url_state=None):
        """
        Starts the OAuth 2 authorization process.

        This function builds an "authorization URL".  You should redirect your user's browser to
        this URL, which will give them an opportunity to grant your app access to their Dropbox
        account.  When the user completes this process, they will be automatically redirected to
        the ``redirect_uri`` you passed in to the constructor.

        This function will also save a CSRF token to ``session[csrf_token_session_key]`` (as
        provided to the constructor).  This CSRF token will be checked on :meth:`finish()` to
        prevent request forgery.

        Parameters
          url_state
            Any data that you would like to keep in the URL through the
            authorization process.  This exact value will be returned to you by :meth:`finish()`.

        Returns
            The URL for a page on Dropbox's website.  This page will let the user "approve"
            your app, which gives your app permission to access the user's Dropbox account.
            Tell the user to visit this URL and approve your app.
        """
        csrf_token = base64.urlsafe_b64encode(os.urandom(16))
        state = csrf_token
        if url_state is not None:
            state += "|" + url_state
        self.session[self.csrf_token_session_key] = csrf_token

        return self._get_authorize_url(self.redirect_uri, state)

    def finish(self, query_params):
        """
        Call this after the user has visited the authorize URL (see :meth:`start()`), approved your
        app and was redirected to your redirect URI.

        Parameters
          query_params
            The query parameters on the GET request to your redirect URI.

        Returns
          A tuple of ``(access_token, user_id, url_state)``.  ``access_token`` can be used to
          construct a :class:`DropboxClient`.  ``user_id`` is the Dropbox user ID (string) of the
          user that just approved your app.  ``url_state`` is the value you originally passed in to
          :meth:`start()`.

        Raises
          :class:`BadRequestException`
            If the redirect URL was missing parameters or if the given parameters were not valid.
          :class:`BadStateException`
            If there's no CSRF token in the session.
          :class:`CsrfException`
            If the ``'state'`` query parameter doesn't contain the CSRF token from the user's
            session.
          :class:`NotApprovedException`
            If the user chose not to approve your app.
          :class:`ProviderException`
            If Dropbox redirected to your redirect URI with some unexpected error identifier
            and error message.
        """
        csrf_token_from_session = self.session[self.csrf_token_session_key]

        # Check well-formedness of request.

        state = query_params.get('state')
        if state is None:
            raise self.BadRequestException("Missing query parameter 'state'.")

        error = query_params.get('error')
        error_description = query_params.get('error_description')
        code = query_params.get('code')

        if error is not None and code is not None:
            raise self.BadRequestException("Query parameters 'code' and 'error' are both set; "
                                           " only one must be set.")
        if error is None and code is None:
            raise self.BadRequestException("Neither query parameter 'code' or 'error' is set.")

        # Check CSRF token

        if csrf_token_from_session is None:
            raise self.BadStateError("Missing CSRF token in session.")
        if len(csrf_token_from_session) <= 20:
            raise AssertionError("CSRF token unexpectedly short: %r" % (csrf_token_from_session,))

        split_pos = state.find('|')
        if split_pos < 0:
            given_csrf_token = state
            url_state = None
        else:
            given_csrf_token = state[0:split_pos]
            url_state = state[split_pos+1:]

        if not _safe_equals(csrf_token_from_session, given_csrf_token):
            raise self.CsrfException("expected %r, got %r" % (csrf_token_from_session,
                                                              given_csrf_token))

        del self.session[self.csrf_token_session_key]

        # Check for error identifier

        if error is not None:
            if error == 'access_denied':
                # The user clicked "Deny"
                if error_description is None:
                    raise self.NotApprovedException("No additional description from Dropbox")
                else:
                    raise self.NotApprovedException("Additional description from Dropbox: " +
                                                    error_description)
            else:
                # All other errors
                full_message = error
                if error_description is not None:
                    full_message += ": " + error_description
                raise self.ProviderError(full_message)

        # If everything went ok, make the network call to get an access token.

        access_token, user_id = self._finish(code, self.redirect_uri)
        return access_token, user_id, url_state

    class BadRequestException(Exception):
        """
        Thrown if the redirect URL was missing parameters or if the
        given parameters were not valid.

        The recommended action is to show an HTTP 400 error page.
        """
        pass

    class BadStateException(Exception):
        """
        Thrown if all the parameters are correct, but there's no CSRF token in the session.  This
        probably means that the session expired.

        The recommended action is to redirect the user's browser to try the approval process again.
        """
        pass

    class CsrfException(Exception):
        """
        Thrown if the given 'state' parameter doesn't contain the CSRF
        token from the user's session.
        This is blocked to prevent CSRF attacks.

        The recommended action is to respond with an HTTP 403 error page.
        """
        pass

    class NotApprovedException(Exception):
        """
        The user chose not to approve your app.
        """
        pass

    class ProviderException(Exception):
        """
        Dropbox redirected to your redirect URI with some unexpected error identifier and error
        message.

        The recommended action is to log the error, tell the user something went wrong, and let
        them try again.
        """
        pass


def _safe_equals(a, b):
    if len(a) != len(b): return False
    res = 0
    for ca, cb in zip(a, b):
        res |= ord(ca) ^ ord(cb)
    return res == 0


_OAUTH2_ACCESS_TOKEN_PATTERN = re.compile(r'\A[-_~/A-Za-z0-9\.\+]+=*\Z')
    # From the "Bearer" token spec, RFC 6750.