aiohttp-msal 0.5.2__py3-none-any.whl → 0.6__py3-none-any.whl

aiohttp_msal/__init__.py

@@ -3,7 +3,6 @@ import logging
 from functools import wraps
 from inspect import getfullargspec, iscoroutinefunction
 from typing import Any, Awaitable, Callable, Union
-from urllib.parse import urlparse
 
 from aiohttp import ClientSession, web
 from aiohttp_session import get_session
@@ -14,7 +13,7 @@ from .settings import ENV
 
 _LOGGER = logging.getLogger(__name__)
 
-VERSION = "0.5.2"
+VERSION = "0.6"
 
 
 def msal_session(*args: Callable[[AsyncMSAL], Union[Any, Awaitable[Any]]]) -> Callable:
@@ -56,20 +55,15 @@ async def app_init_redis_session(
     You can initialize your own aiohttp_session & storage provider.
     """
     # pylint: disable=import-outside-toplevel
-    import aioredis
     from aiohttp_session import redis_storage
+    from redis.asyncio import from_url
 
     await check_proxy()
 
     _LOGGER.info("Connect to Redis %s", ENV.REDIS)
-    red = urlparse(ENV.REDIS)
     try:
-        if hasattr(aioredis, "create_redis_pool"):
-            ENV.database = await aioredis.create_redis_pool((red.hostname, red.port))
-        else:
-            # when aioredis migrates to 2.0...
-            ENV.database = aioredis.from_url(ENV.REDIS)  # pylint: disable=no-member
-            # , encoding="utf-8", decode_responses=True
+        ENV.database = from_url(ENV.REDIS)  # pylint: disable=no-member
+        # , encoding="utf-8", decode_responses=True
     except ConnectionRefusedError as err:
         raise ConnectionError("Could not connect to REDIS server") from err
 

aiohttp_msal/msal_async.py

@@ -7,7 +7,7 @@ Once you have the OAuth tokens store in the session, you are free to make reques
 import asyncio
 import json
 from functools import partial, wraps
-from typing import Any, Callable, Optional
+from typing import Any, Callable, Optional, Union
 
 from aiohttp import web
 from aiohttp.client import ClientResponse, ClientSession, _RequestContextManager
@@ -96,11 +96,21 @@ class AsyncMSAL:
     _app: ConfidentialClientApplication = None
     _clientsession: ClientSession = None  # type: ignore
 
-    def __init__(self, session: Session):
-        """Init the class."""
+    def __init__(
+        self,
+        session: Union[Session, dict[str, str]],
+        save_cache: Optional[Callable[[Union[Session, dict[str, str]]], None]] = None,
+    ):
+        """Init the class.
+
+        **save_token_cache** will be called if the token cache changes. Optional.
+          Not required when the session parameter is an aiohttp_session.Session.
+        """
         self.session = session
-        if not isinstance(session, Session):
-            raise ValueError(f"session required {session}")
+        if save_cache:
+            self.save_token_cache = save_cache
+        if not isinstance(session, (Session, dict)):
+            raise ValueError(f"session or dict-like object required {session}")
 
     @property
     def token_cache(self) -> SerializableTokenCache:
@@ -134,11 +144,13 @@ class AsyncMSAL:
         """Save the token cache if it changed."""
         if self.token_cache.has_state_changed:
             self.session[TOKEN_CACHE] = self.token_cache.serialize()
+            if hasattr(self, "save_token_cache"):
+                self.save_token_cache(self.token_cache)
 
     def build_auth_code_flow(self, redirect_uri: str) -> str:
         """First step - Start the flow."""
-        self.session[TOKEN_CACHE] = None
-        self.session[USER_EMAIL] = None
+        self.session[TOKEN_CACHE] = None  # type: ignore
+        self.session[USER_EMAIL] = None  # type: ignore
         self.session[FLOW_CACHE] = res = self.app.initiate_auth_code_flow(
             MY_SCOPE,
             redirect_uri=redirect_uri,
@@ -149,8 +161,7 @@ class AsyncMSAL:
         # https://msal-python.readthedocs.io/en/latest/#msal.ClientApplication.initiate_auth_code_flow
         return str(res["auth_uri"])
 
-    @async_wrap
-    def async_acquire_token_by_auth_code_flow(self, auth_response: Any) -> None:
+    def acquire_token_by_auth_code_flow(self, auth_response: Any) -> None:
         """Second step - Acquire token."""
         # Assume we have it in the cache (added by /login)
         # will raise keryerror if no cache
@@ -165,8 +176,13 @@ class AsyncMSAL:
             "preferred_username"
         )
 
-    @async_wrap
-    def async_get_token(self) -> Optional[dict[str, Any]]:
+    async def async_acquire_token_by_auth_code_flow(self, auth_response: Any) -> None:
+        """Second step - Acquire token, async version."""
+        await asyncio.get_event_loop().run_in_executor(
+            None, self.acquire_token_by_auth_code_flow, auth_response
+        )
+
+    def get_token(self) -> Optional[dict[str, Any]]:
         """Acquire a token based on username."""
         accounts = self.app.get_accounts()
         if accounts:
@@ -175,6 +191,10 @@ class AsyncMSAL:
             return result
         return None
 
+    async def async_get_token(self) -> Optional[dict[str, Any]]:
+        """Acquire a token based on username."""
+        return await asyncio.get_event_loop().run_in_executor(None, self.get_token)
+
     async def request(self, method: str, url: str, **kwargs: Any) -> ClientResponse:
         """Make a request to url using an oauth session.
 
@@ -188,6 +208,8 @@ class AsyncMSAL:
             AsyncMSAL._clientsession = ClientSession(trust_env=True)
 
         token = await self.async_get_token()
+        if token is None:
+            raise web.HTTPClientError(text="No login token available.")
 
         kwargs = kwargs.copy()
         # Ensure headers exist & make a copy
@@ -195,7 +217,8 @@ class AsyncMSAL:
 
         headers["Authorization"] = "Bearer " + token["access_token"]
 
-        assert method in HTTP_ALLOWED, "Method must be one of the allowed ones"
+        if method not in HTTP_ALLOWED:
+            raise web.HTTPClientError(text=f"HTTP method {method} not allowed")
 
         if method == HTTP_GET:
             kwargs.setdefault("allow_redirects", True)

aiohttp_msal/redis_tools.py

@@ -0,0 +1,87 @@
+"""Redis tools for sessions."""
+import asyncio
+import json
+import logging
+import time
+from typing import Any, AsyncGenerator, Optional
+
+from redis.asyncio import Redis, from_url
+
+from aiohttp_msal.msal_async import AsyncMSAL
+from aiohttp_msal.settings import ENV
+
+_LOGGER = logging.getLogger(__name__)
+
+SES_KEYS = ("mail", "name", "m_mail", "m_name")
+
+
+def get_redis() -> Redis:
+    """Get a Redis connection."""
+    _LOGGER.info("Connect to Redis %s", ENV.REDIS)
+    ENV.database = from_url(ENV.REDIS)  # pylint: disable=no-member
+    return ENV.database
+
+
+async def iter_redis(
+    redis: Redis, *, clean: bool = False, match: Optional[dict[str, str]] = None
+) -> AsyncGenerator[tuple[str, str, dict], None]:
+    """Iterate over the Redis keys to find a specific session."""
+    async for key in redis.scan_iter(count=100, match=f"{ENV.COOKIE_NAME}*"):
+        sval = await redis.get(key)
+        if not isinstance(sval, str):
+            if clean:
+                await redis.delete(key)
+            continue
+        val = json.loads(sval)
+        ses = val.get("session")
+        created = val.get("created")
+        if clean and not ses or not created:
+            await redis.delete(key)
+            continue
+        if match:
+            for mkey, mval in match.items():
+                if mval not in ses[mkey]:
+                    continue
+        created = val.get("created") or "0"
+        session = val.get("session") or {}
+        yield key, created, session
+
+
+async def clean_redis(redis: Redis, max_age: int = 90) -> None:
+    """Clear session entries older than max_age days."""
+    expire = int(time.time() - max_age * 24 * 60 * 60)
+    async for key, created, ses in iter_redis(redis, clean=True):
+        for key in SES_KEYS:
+            if not ses.get(key):
+                await redis.delete(key)
+                continue
+        if int(created) < expire:
+            await redis.delete(key)
+
+
+def _session_factory(key: str, created: str, session: dict) -> AsyncMSAL:
+    """Create a session with a save callback."""
+
+    async def async_save_cache(_: dict) -> None:
+        """Save the token cache to Redis."""
+        rd2 = get_redis()
+        try:
+            await rd2.set(key, json.dumps({"created": created, "session": session}))
+        finally:
+            await rd2.close()
+
+    def save_cache(*args: Any) -> None:
+        """Save the token cache to Redis."""
+        try:
+            asyncio.get_event_loop().create_task(async_save_cache(*args))
+        except RuntimeError:
+            asyncio.run(async_save_cache(*args))
+
+    return AsyncMSAL(session, save_cache=save_cache)
+
+
+async def get_session(red: Redis, email: str) -> AsyncMSAL:
+    """Get a session from Redis."""
+    async for key, created, session in iter_redis(red, match={"mail": email}):
+        return _session_factory(key, created, session)
+    raise ValueError(f"Session for {email} not found")

{aiohttp_msal-0.5.2.dist-info → aiohttp_msal-0.6.dist-info}/LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2022 kellerza
+Copyright (c) 2022-2023 kellerza
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

aiohttp_msal-0.6.dist-info/METADATA

@@ -0,0 +1,123 @@
+Metadata-Version: 2.1
+Name: aiohttp-msal
+Version: 0.6
+Summary: Helper Library to use the Microsoft Authentication Library (MSAL) with aiohttp
+Home-page: https://github.com/kellerza/aiohttp_msal
+Author: Johann Kellerman
+Author-email: kellerza@gmail.com
+License: MIT
+Keywords: msal,oauth,aiohttp,asyncio
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Natural Language :: English
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: msal >=1.24.1
+Requires-Dist: aiohttp-session >=2.12
+Requires-Dist: aiohttp >=3.8
+Provides-Extra: redis
+Requires-Dist: aiohttp-session[aioredis] >=2.12 ; extra == 'redis'
+Provides-Extra: tests
+Requires-Dist: black ==23.9.1 ; extra == 'tests'
+Requires-Dist: pylint ; extra == 'tests'
+Requires-Dist: flake8 ; extra == 'tests'
+Requires-Dist: pytest-aiohttp ; extra == 'tests'
+Requires-Dist: pytest ; extra == 'tests'
+Requires-Dist: pytest-cov ; extra == 'tests'
+Requires-Dist: pytest-asyncio ; extra == 'tests'
+Requires-Dist: pytest-env ; extra == 'tests'
+
+# aiohttp_msal Python library
+
+AsyncIO based OAuth using the Microsoft Authentication Library (MSAL) for Python.
+
+Blocking MSAL functions are executed in the executor thread. Should be useful until such time as MSAL Python gets a true async version...
+
+Tested with MSAL Python 1.21.0 onward - [MSAL Python docs](https://github.com/AzureAD/microsoft-authentication-library-for-python)
+
+## AsycMSAL class
+
+The AsyncMSAL class wraps the behavior in the following example app
+<https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py#L76>
+
+It is responsible to manage tokens & token refreshes and as a client to retrieve data using these tokens.
+
+### Acquire the token
+
+Firstly you should get the tokens via OAuth
+
+1. `initiate_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
+
+    The caller is expected to:
+    1. somehow store this content, typically inside the current session of the server,
+    2. guide the end user (i.e. resource owner) to visit that auth_uri, typically with a redirect
+    3. and then relay this dict and subsequent auth response to
+        acquire_token_by_auth_code_flow().
+
+    **Step 1** and part of **Step 3** is stored by this class in the aiohttp_session
+
+2. `acquire_token_by_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
+
+### Use the token
+
+Now you are free to make requests (typically from an aiohttp server)
+
+```python
+session = await get_session(request)
+aiomsal = AsyncMSAL(session)
+async with aiomsal.get("https://graph.microsoft.com/v1.0/me") as res:
+    res = await res.json()
+```
+
+## Example web server
+
+Complete routes can be found in [routes.py](./aiohttp_msal/routes.py)
+
+### Start the login process
+
+```python
+@ROUTES.get("/user/login")
+async def user_login(request: web.Request) -> web.Response:
+    """Redirect to MS login page."""
+    session = await new_session(request)
+
+    redir = AsyncMSAL(session).build_auth_code_flow(
+        redirect_uri=get_route(request, URI_USER_AUTHORIZED)
+    )
+
+    return web.HTTPFound(redir)
+```
+
+### Acquire the token after being redirected back to the server
+
+```python
+@ROUTES.post(URI_USER_AUTHORIZED)
+async def user_authorized(request: web.Request) -> web.Response:
+    """Complete the auth code flow."""
+    session = await get_session(request)
+    auth_response = dict(await request.post())
+
+    aiomsal = AsyncMSAL(session)
+    await aiomsal.async_acquire_token_by_auth_code_flow(auth_response)
+```
+
+## Helper methods
+
+- `@ROUTES.get("/user/photo")`
+
+  Serve the user's photo from their Microsoft profile
+
+- `get_user_info`
+
+  Get the user's email and display name from MS Graph
+
+- `get_manager_info`
+
+  Get the user's manager info from MS Graph

aiohttp_msal-0.6.dist-info/RECORD

@@ -0,0 +1,17 @@
+aiohttp_msal/__init__.py,sha256=SUmd1YvN_mSr192WMoMNf9h9TWZJWFRDzwoHjgEghzw,2999
+aiohttp_msal/msal_async.py,sha256=lSwTK2utBVjhQQ921aoq34hNa0z-AJsQleSHXxh9STk,9779
+aiohttp_msal/redis_tools.py,sha256=OQVuugad_46hWDIOC7I0uzq-E6koVmOXvq_qC5q9k7s,2896
+aiohttp_msal/routes.py,sha256=c-w5wHaLAYGEqZvfZ8PnzzRh60asLqdUa30lvSANdYM,8319
+aiohttp_msal/settings.py,sha256=ZZn7D6QmIyQSvuqCAoTacKRXYfopqK4P74eVdPCw-uI,1231
+aiohttp_msal/settings_base.py,sha256=pmVmzTtaGEgRh-AMGy0HdhF1JvoZhZp42G3PL_ILHLw,2892
+aiohttp_msal/user_info.py,sha256=oIu90lgi71G27MVkw4pGH8wZqjXk8kxmW0fn2LKxOHc,1753
+tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+tests/test_init.py,sha256=sHmt7yNDlcu5JHrpM_gim0NeLce0NwUAMM3HAdGoo58,75
+tests/test_msal_async.py,sha256=31MCoAbUiyUhc4SkebUKpjLDHozEBko-QgEBSHjfSoM,332
+tests/test_settings.py,sha256=z-qtUs1zl5Q9NEux051eebyPnArLZ_OfZu65FKz0N4Y,333
+aiohttp_msal-0.6.dist-info/LICENSE,sha256=H1aGfkSfZFwK3q4INn9mUldOJGZy-ZXu5-65K9Glunw,1080
+aiohttp_msal-0.6.dist-info/METADATA,sha256=e3p4JvDqsf2BPlJklTd2S2pCSpclj-B1GobMpLFdP98,4205
+aiohttp_msal-0.6.dist-info/WHEEL,sha256=yQN5g4mg4AybRjkgi-9yy4iQEFibGQmlz78Pik5Or-A,92
+aiohttp_msal-0.6.dist-info/top_level.txt,sha256=QPWOi5JtacVEdbaU5bJExc9o-cCT2Lufx0QhUpsv5_E,19
+aiohttp_msal-0.6.dist-info/zip-safe,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
+aiohttp_msal-0.6.dist-info/RECORD,,

{aiohttp_msal-0.5.2.dist-info → aiohttp_msal-0.6.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.38.4)
+Generator: bdist_wheel (0.41.2)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

tests/test_init.py

@@ -1,2 +1,3 @@
 """Init."""
 import aiohttp_msal  # noqa
+import aiohttp_msal.routes  # noqa

aiohttp_msal-0.5.2.dist-info/METADATA

@@ -1,27 +0,0 @@
-Metadata-Version: 2.1
-Name: aiohttp-msal
-Version: 0.5.2
-Summary: Helper Library to use MSAL with aiohttp
-Home-page: https://github.com/kellerza/aiohttp_msal
-Author: Johann Kellerman
-Author-email: kellerza@gmail.com
-License: MIT
-Keywords: msal,oauth,aiohttp,asyncio
-Classifier: Development Status :: 2 - Pre-Alpha
-Classifier: Intended Audience :: Developers
-Classifier: Natural Language :: English
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3 :: Only
-Classifier: Programming Language :: Python :: 3.8
-Classifier: Programming Language :: Python :: 3.9
-Classifier: Programming Language :: Python :: 3.10
-Requires-Python: >=3.9
-Description-Content-Type: text/markdown
-License-File: LICENSE
-Requires-Dist: msal (>=1.18.0b1)
-Requires-Dist: aiohttp-session (>=2.11)
-Requires-Dist: aiohttp (>=3.8)
-Provides-Extra: redis
-Requires-Dist: aiohttp-session[redis] ; extra == 'redis'
-
-aiohttp_msal library

aiohttp_msal-0.5.2.dist-info/RECORD

@@ -1,16 +0,0 @@
-aiohttp_msal/__init__.py,sha256=EENbQw1X9Md4BTqLWcMERfh9-RoiFxB4NEoR7xUyDzc,3261
-aiohttp_msal/msal_async.py,sha256=194tsWvx_V0iLR8aZoKLvK7lLAq0CH0f5t8_bLWYtQI,8656
-aiohttp_msal/routes.py,sha256=c-w5wHaLAYGEqZvfZ8PnzzRh60asLqdUa30lvSANdYM,8319
-aiohttp_msal/settings.py,sha256=ZZn7D6QmIyQSvuqCAoTacKRXYfopqK4P74eVdPCw-uI,1231
-aiohttp_msal/settings_base.py,sha256=pmVmzTtaGEgRh-AMGy0HdhF1JvoZhZp42G3PL_ILHLw,2892
-aiohttp_msal/user_info.py,sha256=oIu90lgi71G27MVkw4pGH8wZqjXk8kxmW0fn2LKxOHc,1753
-tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-tests/test_init.py,sha256=HPcL6bXaM95b3J908tMKLznHnwVf1fvKM3tuFhSuX84,40
-tests/test_msal_async.py,sha256=31MCoAbUiyUhc4SkebUKpjLDHozEBko-QgEBSHjfSoM,332
-tests/test_settings.py,sha256=z-qtUs1zl5Q9NEux051eebyPnArLZ_OfZu65FKz0N4Y,333
-aiohttp_msal-0.5.2.dist-info/LICENSE,sha256=J6cRBikbciilokG0-Hlz2fO72XET1ebYm4LMEfknoF8,1075
-aiohttp_msal-0.5.2.dist-info/METADATA,sha256=4kfu7BI-LR1MMrBxokTbY1SZ_tNSuObEyEnKbpB6iBk,942
-aiohttp_msal-0.5.2.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
-aiohttp_msal-0.5.2.dist-info/top_level.txt,sha256=QPWOi5JtacVEdbaU5bJExc9o-cCT2Lufx0QhUpsv5_E,19
-aiohttp_msal-0.5.2.dist-info/zip-safe,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
-aiohttp_msal-0.5.2.dist-info/RECORD,,