aiohttp-msal 0.5.4__py3-none-any.whl → 0.6__py3-none-any.whl

aiohttp_msal/__init__.py

@@ -13,7 +13,7 @@ from .settings import ENV
 
 _LOGGER = logging.getLogger(__name__)
 
-VERSION = "0.5.4"
+VERSION = "0.6"
 
 
 def msal_session(*args: Callable[[AsyncMSAL], Union[Any, Awaitable[Any]]]) -> Callable:

aiohttp_msal/msal_async.py

@@ -7,7 +7,7 @@ Once you have the OAuth tokens store in the session, you are free to make reques
 import asyncio
 import json
 from functools import partial, wraps
-from typing import Any, Callable, Optional
+from typing import Any, Callable, Optional, Union
 
 from aiohttp import web
 from aiohttp.client import ClientResponse, ClientSession, _RequestContextManager
@@ -96,11 +96,21 @@ class AsyncMSAL:
     _app: ConfidentialClientApplication = None
     _clientsession: ClientSession = None  # type: ignore
 
-    def __init__(self, session: Session):
-        """Init the class."""
+    def __init__(
+        self,
+        session: Union[Session, dict[str, str]],
+        save_cache: Optional[Callable[[Union[Session, dict[str, str]]], None]] = None,
+    ):
+        """Init the class.
+
+        **save_token_cache** will be called if the token cache changes. Optional.
+          Not required when the session parameter is an aiohttp_session.Session.
+        """
         self.session = session
-        if not isinstance(session, Session):
-            raise ValueError(f"session required {session}")
+        if save_cache:
+            self.save_token_cache = save_cache
+        if not isinstance(session, (Session, dict)):
+            raise ValueError(f"session or dict-like object required {session}")
 
     @property
     def token_cache(self) -> SerializableTokenCache:
@@ -134,11 +144,13 @@ class AsyncMSAL:
         """Save the token cache if it changed."""
         if self.token_cache.has_state_changed:
             self.session[TOKEN_CACHE] = self.token_cache.serialize()
+            if hasattr(self, "save_token_cache"):
+                self.save_token_cache(self.token_cache)
 
     def build_auth_code_flow(self, redirect_uri: str) -> str:
         """First step - Start the flow."""
-        self.session[TOKEN_CACHE] = None
-        self.session[USER_EMAIL] = None
+        self.session[TOKEN_CACHE] = None  # type: ignore
+        self.session[USER_EMAIL] = None  # type: ignore
         self.session[FLOW_CACHE] = res = self.app.initiate_auth_code_flow(
             MY_SCOPE,
             redirect_uri=redirect_uri,
@@ -149,8 +161,7 @@ class AsyncMSAL:
         # https://msal-python.readthedocs.io/en/latest/#msal.ClientApplication.initiate_auth_code_flow
         return str(res["auth_uri"])
 
-    @async_wrap
-    def async_acquire_token_by_auth_code_flow(self, auth_response: Any) -> None:
+    def acquire_token_by_auth_code_flow(self, auth_response: Any) -> None:
         """Second step - Acquire token."""
         # Assume we have it in the cache (added by /login)
         # will raise keryerror if no cache
@@ -165,8 +176,13 @@ class AsyncMSAL:
             "preferred_username"
         )
 
-    @async_wrap
-    def async_get_token(self) -> Optional[dict[str, Any]]:
+    async def async_acquire_token_by_auth_code_flow(self, auth_response: Any) -> None:
+        """Second step - Acquire token, async version."""
+        await asyncio.get_event_loop().run_in_executor(
+            None, self.acquire_token_by_auth_code_flow, auth_response
+        )
+
+    def get_token(self) -> Optional[dict[str, Any]]:
         """Acquire a token based on username."""
         accounts = self.app.get_accounts()
         if accounts:
@@ -175,6 +191,10 @@ class AsyncMSAL:
             return result
         return None
 
+    async def async_get_token(self) -> Optional[dict[str, Any]]:
+        """Acquire a token based on username."""
+        return await asyncio.get_event_loop().run_in_executor(None, self.get_token)
+
     async def request(self, method: str, url: str, **kwargs: Any) -> ClientResponse:
         """Make a request to url using an oauth session.
 
@@ -188,6 +208,8 @@ class AsyncMSAL:
             AsyncMSAL._clientsession = ClientSession(trust_env=True)
 
         token = await self.async_get_token()
+        if token is None:
+            raise web.HTTPClientError(text="No login token available.")
 
         kwargs = kwargs.copy()
         # Ensure headers exist & make a copy
@@ -195,7 +217,8 @@ class AsyncMSAL:
 
         headers["Authorization"] = "Bearer " + token["access_token"]
 
-        assert method in HTTP_ALLOWED, "Method must be one of the allowed ones"
+        if method not in HTTP_ALLOWED:
+            raise web.HTTPClientError(text=f"HTTP method {method} not allowed")
 
         if method == HTTP_GET:
             kwargs.setdefault("allow_redirects", True)

aiohttp_msal/redis_tools.py

@@ -0,0 +1,87 @@
+"""Redis tools for sessions."""
+import asyncio
+import json
+import logging
+import time
+from typing import Any, AsyncGenerator, Optional
+
+from redis.asyncio import Redis, from_url
+
+from aiohttp_msal.msal_async import AsyncMSAL
+from aiohttp_msal.settings import ENV
+
+_LOGGER = logging.getLogger(__name__)
+
+SES_KEYS = ("mail", "name", "m_mail", "m_name")
+
+
+def get_redis() -> Redis:
+    """Get a Redis connection."""
+    _LOGGER.info("Connect to Redis %s", ENV.REDIS)
+    ENV.database = from_url(ENV.REDIS)  # pylint: disable=no-member
+    return ENV.database
+
+
+async def iter_redis(
+    redis: Redis, *, clean: bool = False, match: Optional[dict[str, str]] = None
+) -> AsyncGenerator[tuple[str, str, dict], None]:
+    """Iterate over the Redis keys to find a specific session."""
+    async for key in redis.scan_iter(count=100, match=f"{ENV.COOKIE_NAME}*"):
+        sval = await redis.get(key)
+        if not isinstance(sval, str):
+            if clean:
+                await redis.delete(key)
+            continue
+        val = json.loads(sval)
+        ses = val.get("session")
+        created = val.get("created")
+        if clean and not ses or not created:
+            await redis.delete(key)
+            continue
+        if match:
+            for mkey, mval in match.items():
+                if mval not in ses[mkey]:
+                    continue
+        created = val.get("created") or "0"
+        session = val.get("session") or {}
+        yield key, created, session
+
+
+async def clean_redis(redis: Redis, max_age: int = 90) -> None:
+    """Clear session entries older than max_age days."""
+    expire = int(time.time() - max_age * 24 * 60 * 60)
+    async for key, created, ses in iter_redis(redis, clean=True):
+        for key in SES_KEYS:
+            if not ses.get(key):
+                await redis.delete(key)
+                continue
+        if int(created) < expire:
+            await redis.delete(key)
+
+
+def _session_factory(key: str, created: str, session: dict) -> AsyncMSAL:
+    """Create a session with a save callback."""
+
+    async def async_save_cache(_: dict) -> None:
+        """Save the token cache to Redis."""
+        rd2 = get_redis()
+        try:
+            await rd2.set(key, json.dumps({"created": created, "session": session}))
+        finally:
+            await rd2.close()
+
+    def save_cache(*args: Any) -> None:
+        """Save the token cache to Redis."""
+        try:
+            asyncio.get_event_loop().create_task(async_save_cache(*args))
+        except RuntimeError:
+            asyncio.run(async_save_cache(*args))
+
+    return AsyncMSAL(session, save_cache=save_cache)
+
+
+async def get_session(red: Redis, email: str) -> AsyncMSAL:
+    """Get a session from Redis."""
+    async for key, created, session in iter_redis(red, match={"mail": email}):
+        return _session_factory(key, created, session)
+    raise ValueError(f"Session for {email} not found")

{aiohttp_msal-0.5.4.dist-info → aiohttp_msal-0.6.dist-info}/METADATA

@@ -1,13 +1,13 @@
 Metadata-Version: 2.1
 Name: aiohttp-msal
-Version: 0.5.4
-Summary: Helper Library to use MSAL with aiohttp
+Version: 0.6
+Summary: Helper Library to use the Microsoft Authentication Library (MSAL) with aiohttp
 Home-page: https://github.com/kellerza/aiohttp_msal
 Author: Johann Kellerman
 Author-email: kellerza@gmail.com
 License: MIT
 Keywords: msal,oauth,aiohttp,asyncio
-Classifier: Development Status :: 2 - Pre-Alpha
+Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: Natural Language :: English
 Classifier: Programming Language :: Python :: 3
@@ -15,16 +15,17 @@ Classifier: Programming Language :: Python :: 3 :: Only
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: msal (>=1.21.0)
-Requires-Dist: aiohttp-session (>=2.12)
-Requires-Dist: aiohttp (>=3.8)
+Requires-Dist: msal >=1.24.1
+Requires-Dist: aiohttp-session >=2.12
+Requires-Dist: aiohttp >=3.8
 Provides-Extra: redis
-Requires-Dist: aiohttp-session[aioredis] (>=2.12) ; extra == 'redis'
+Requires-Dist: aiohttp-session[aioredis] >=2.12 ; extra == 'redis'
 Provides-Extra: tests
-Requires-Dist: black (==23.3.0) ; extra == 'tests'
+Requires-Dist: black ==23.9.1 ; extra == 'tests'
 Requires-Dist: pylint ; extra == 'tests'
 Requires-Dist: flake8 ; extra == 'tests'
 Requires-Dist: pytest-aiohttp ; extra == 'tests'
@@ -41,11 +42,10 @@ Blocking MSAL functions are executed in the executor thread. Should be useful un
 
 Tested with MSAL Python 1.21.0 onward - [MSAL Python docs](https://github.com/AzureAD/microsoft-authentication-library-for-python)
 
-
 ## AsycMSAL class
 
 The AsyncMSAL class wraps the behavior in the following example app
-https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py#L76
+<https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py#L76>
 
 It is responsible to manage tokens & token refreshes and as a client to retrieve data using these tokens.
 
@@ -53,7 +53,7 @@ It is responsible to manage tokens & token refreshes and as a client to retrieve
 
 Firstly you should get the tokens via OAuth
 
-1.  `initiate_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
+1. `initiate_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
 
     The caller is expected to:
     1. somehow store this content, typically inside the current session of the server,
@@ -63,8 +63,7 @@ Firstly you should get the tokens via OAuth
 
     **Step 1** and part of **Step 3** is stored by this class in the aiohttp_session
 
-2.  `acquire_token_by_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
-
+2. `acquire_token_by_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
 
 ### Use the token
 
@@ -77,11 +76,11 @@ async with aiomsal.get("https://graph.microsoft.com/v1.0/me") as res:
     res = await res.json()
 ```
 
-# Example web server
+## Example web server
 
 Complete routes can be found in [routes.py](./aiohttp_msal/routes.py)
 
-## Start the login process
+### Start the login process
 
 ```python
 @ROUTES.get("/user/login")
@@ -96,7 +95,7 @@ async def user_login(request: web.Request) -> web.Response:
     return web.HTTPFound(redir)
 ```
 
-## Acquire the token after being redirected back to the server
+### Acquire the token after being redirected back to the server
 
 ```python
 @ROUTES.post(URI_USER_AUTHORIZED)
@@ -113,7 +112,7 @@ async def user_authorized(request: web.Request) -> web.Response:
 
 - `@ROUTES.get("/user/photo")`
 
-  Serve the user's photo from his Microsoft profile
+  Serve the user's photo from their Microsoft profile
 
 - `get_user_info`
 

aiohttp_msal-0.6.dist-info/RECORD

@@ -0,0 +1,17 @@
+aiohttp_msal/__init__.py,sha256=SUmd1YvN_mSr192WMoMNf9h9TWZJWFRDzwoHjgEghzw,2999
+aiohttp_msal/msal_async.py,sha256=lSwTK2utBVjhQQ921aoq34hNa0z-AJsQleSHXxh9STk,9779
+aiohttp_msal/redis_tools.py,sha256=OQVuugad_46hWDIOC7I0uzq-E6koVmOXvq_qC5q9k7s,2896
+aiohttp_msal/routes.py,sha256=c-w5wHaLAYGEqZvfZ8PnzzRh60asLqdUa30lvSANdYM,8319
+aiohttp_msal/settings.py,sha256=ZZn7D6QmIyQSvuqCAoTacKRXYfopqK4P74eVdPCw-uI,1231
+aiohttp_msal/settings_base.py,sha256=pmVmzTtaGEgRh-AMGy0HdhF1JvoZhZp42G3PL_ILHLw,2892
+aiohttp_msal/user_info.py,sha256=oIu90lgi71G27MVkw4pGH8wZqjXk8kxmW0fn2LKxOHc,1753
+tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+tests/test_init.py,sha256=sHmt7yNDlcu5JHrpM_gim0NeLce0NwUAMM3HAdGoo58,75
+tests/test_msal_async.py,sha256=31MCoAbUiyUhc4SkebUKpjLDHozEBko-QgEBSHjfSoM,332
+tests/test_settings.py,sha256=z-qtUs1zl5Q9NEux051eebyPnArLZ_OfZu65FKz0N4Y,333
+aiohttp_msal-0.6.dist-info/LICENSE,sha256=H1aGfkSfZFwK3q4INn9mUldOJGZy-ZXu5-65K9Glunw,1080
+aiohttp_msal-0.6.dist-info/METADATA,sha256=e3p4JvDqsf2BPlJklTd2S2pCSpclj-B1GobMpLFdP98,4205
+aiohttp_msal-0.6.dist-info/WHEEL,sha256=yQN5g4mg4AybRjkgi-9yy4iQEFibGQmlz78Pik5Or-A,92
+aiohttp_msal-0.6.dist-info/top_level.txt,sha256=QPWOi5JtacVEdbaU5bJExc9o-cCT2Lufx0QhUpsv5_E,19
+aiohttp_msal-0.6.dist-info/zip-safe,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
+aiohttp_msal-0.6.dist-info/RECORD,,

{aiohttp_msal-0.5.4.dist-info → aiohttp_msal-0.6.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.40.0)
+Generator: bdist_wheel (0.41.2)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

tests/test_init.py

@@ -1,2 +1,3 @@
 """Init."""
 import aiohttp_msal  # noqa
+import aiohttp_msal.routes  # noqa

aiohttp_msal-0.5.4.dist-info/RECORD

@@ -1,16 +0,0 @@
-aiohttp_msal/__init__.py,sha256=KzrwHvSLoH65kYGQ9YhfkP3H07uABTs3PcTtCbrqjQw,3001
-aiohttp_msal/msal_async.py,sha256=194tsWvx_V0iLR8aZoKLvK7lLAq0CH0f5t8_bLWYtQI,8656
-aiohttp_msal/routes.py,sha256=c-w5wHaLAYGEqZvfZ8PnzzRh60asLqdUa30lvSANdYM,8319
-aiohttp_msal/settings.py,sha256=ZZn7D6QmIyQSvuqCAoTacKRXYfopqK4P74eVdPCw-uI,1231
-aiohttp_msal/settings_base.py,sha256=pmVmzTtaGEgRh-AMGy0HdhF1JvoZhZp42G3PL_ILHLw,2892
-aiohttp_msal/user_info.py,sha256=oIu90lgi71G27MVkw4pGH8wZqjXk8kxmW0fn2LKxOHc,1753
-tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-tests/test_init.py,sha256=HPcL6bXaM95b3J908tMKLznHnwVf1fvKM3tuFhSuX84,40
-tests/test_msal_async.py,sha256=31MCoAbUiyUhc4SkebUKpjLDHozEBko-QgEBSHjfSoM,332
-tests/test_settings.py,sha256=z-qtUs1zl5Q9NEux051eebyPnArLZ_OfZu65FKz0N4Y,333
-aiohttp_msal-0.5.4.dist-info/LICENSE,sha256=H1aGfkSfZFwK3q4INn9mUldOJGZy-ZXu5-65K9Glunw,1080
-aiohttp_msal-0.5.4.dist-info/METADATA,sha256=HedY_5K8jH5vv-Lc9SBHWVlI2rINbnztEdSAGfaKiPA,4129
-aiohttp_msal-0.5.4.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
-aiohttp_msal-0.5.4.dist-info/top_level.txt,sha256=QPWOi5JtacVEdbaU5bJExc9o-cCT2Lufx0QhUpsv5_E,19
-aiohttp_msal-0.5.4.dist-info/zip-safe,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
-aiohttp_msal-0.5.4.dist-info/RECORD,,