aiohttp-msal 0.5.4__tar.gz → 0.6__tar.gz

{aiohttp_msal-0.5.4 → aiohttp_msal-0.6}/PKG-INFO

@@ -1,13 +1,13 @@
 Metadata-Version: 2.1
 Name: aiohttp_msal
-Version: 0.5.4
-Summary: Helper Library to use MSAL with aiohttp
+Version: 0.6
+Summary: Helper Library to use the Microsoft Authentication Library (MSAL) with aiohttp
 Home-page: https://github.com/kellerza/aiohttp_msal
 Author: Johann Kellerman
 Author-email: kellerza@gmail.com
 License: MIT
 Keywords: msal,oauth,aiohttp,asyncio
-Classifier: Development Status :: 2 - Pre-Alpha
+Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: Natural Language :: English
 Classifier: Programming Language :: Python :: 3
@@ -15,11 +15,24 @@ Classifier: Programming Language :: Python :: 3 :: Only
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: msal>=1.24.1
+Requires-Dist: aiohttp_session>=2.12
+Requires-Dist: aiohttp>=3.8
 Provides-Extra: redis
+Requires-Dist: aiohttp_session[aioredis]>=2.12; extra == "redis"
 Provides-Extra: tests
-License-File: LICENSE
+Requires-Dist: black==23.9.1; extra == "tests"
+Requires-Dist: pylint; extra == "tests"
+Requires-Dist: flake8; extra == "tests"
+Requires-Dist: pytest-aiohttp; extra == "tests"
+Requires-Dist: pytest; extra == "tests"
+Requires-Dist: pytest-cov; extra == "tests"
+Requires-Dist: pytest-asyncio; extra == "tests"
+Requires-Dist: pytest-env; extra == "tests"
 
 # aiohttp_msal Python library
 
@@ -29,11 +42,10 @@ Blocking MSAL functions are executed in the executor thread. Should be useful un
 
 Tested with MSAL Python 1.21.0 onward - [MSAL Python docs](https://github.com/AzureAD/microsoft-authentication-library-for-python)
 
-
 ## AsycMSAL class
 
 The AsyncMSAL class wraps the behavior in the following example app
-https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py#L76
+<https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py#L76>
 
 It is responsible to manage tokens & token refreshes and as a client to retrieve data using these tokens.
 
@@ -41,7 +53,7 @@ It is responsible to manage tokens & token refreshes and as a client to retrieve
 
 Firstly you should get the tokens via OAuth
 
-1.  `initiate_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
+1. `initiate_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
 
     The caller is expected to:
     1. somehow store this content, typically inside the current session of the server,
@@ -51,8 +63,7 @@ Firstly you should get the tokens via OAuth
 
     **Step 1** and part of **Step 3** is stored by this class in the aiohttp_session
 
-2.  `acquire_token_by_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
-
+2. `acquire_token_by_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
 
 ### Use the token
 
@@ -65,11 +76,11 @@ async with aiomsal.get("https://graph.microsoft.com/v1.0/me") as res:
     res = await res.json()
 ```
 
-# Example web server
+## Example web server
 
 Complete routes can be found in [routes.py](./aiohttp_msal/routes.py)
 
-## Start the login process
+### Start the login process
 
 ```python
 @ROUTES.get("/user/login")
@@ -84,7 +95,7 @@ async def user_login(request: web.Request) -> web.Response:
     return web.HTTPFound(redir)
 ```
 
-## Acquire the token after being redirected back to the server
+### Acquire the token after being redirected back to the server
 
 ```python
 @ROUTES.post(URI_USER_AUTHORIZED)
@@ -101,7 +112,7 @@ async def user_authorized(request: web.Request) -> web.Response:
 
 - `@ROUTES.get("/user/photo")`
 
-  Serve the user's photo from his Microsoft profile
+  Serve the user's photo from their Microsoft profile
 
 - `get_user_info`
 

{aiohttp_msal-0.5.4 → aiohttp_msal-0.6}/README.md

@@ -6,11 +6,10 @@ Blocking MSAL functions are executed in the executor thread. Should be useful un
 
 Tested with MSAL Python 1.21.0 onward - [MSAL Python docs](https://github.com/AzureAD/microsoft-authentication-library-for-python)
 
-
 ## AsycMSAL class
 
 The AsyncMSAL class wraps the behavior in the following example app
-https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py#L76
+<https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py#L76>
 
 It is responsible to manage tokens & token refreshes and as a client to retrieve data using these tokens.
 
@@ -18,7 +17,7 @@ It is responsible to manage tokens & token refreshes and as a client to retrieve
 
 Firstly you should get the tokens via OAuth
 
-1.  `initiate_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
+1. `initiate_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
 
     The caller is expected to:
     1. somehow store this content, typically inside the current session of the server,
@@ -28,8 +27,7 @@ Firstly you should get the tokens via OAuth
 
     **Step 1** and part of **Step 3** is stored by this class in the aiohttp_session
 
-2.  `acquire_token_by_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
-
+2. `acquire_token_by_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
 
 ### Use the token
 
@@ -42,11 +40,11 @@ async with aiomsal.get("https://graph.microsoft.com/v1.0/me") as res:
     res = await res.json()
 ```
 
-# Example web server
+## Example web server
 
 Complete routes can be found in [routes.py](./aiohttp_msal/routes.py)
 
-## Start the login process
+### Start the login process
 
 ```python
 @ROUTES.get("/user/login")
@@ -61,7 +59,7 @@ async def user_login(request: web.Request) -> web.Response:
     return web.HTTPFound(redir)
 ```
 
-## Acquire the token after being redirected back to the server
+### Acquire the token after being redirected back to the server
 
 ```python
 @ROUTES.post(URI_USER_AUTHORIZED)
@@ -78,7 +76,7 @@ async def user_authorized(request: web.Request) -> web.Response:
 
 - `@ROUTES.get("/user/photo")`
 
-  Serve the user's photo from his Microsoft profile
+  Serve the user's photo from their Microsoft profile
 
 - `get_user_info`
 

{aiohttp_msal-0.5.4 → aiohttp_msal-0.6}/aiohttp_msal/__init__.py

@@ -13,7 +13,7 @@ from .settings import ENV
 
 _LOGGER = logging.getLogger(__name__)
 
-VERSION = "0.5.4"
+VERSION = "0.6"
 
 
 def msal_session(*args: Callable[[AsyncMSAL], Union[Any, Awaitable[Any]]]) -> Callable:

{aiohttp_msal-0.5.4 → aiohttp_msal-0.6}/aiohttp_msal/msal_async.py

@@ -7,7 +7,7 @@ Once you have the OAuth tokens store in the session, you are free to make reques
 import asyncio
 import json
 from functools import partial, wraps
-from typing import Any, Callable, Optional
+from typing import Any, Callable, Optional, Union
 
 from aiohttp import web
 from aiohttp.client import ClientResponse, ClientSession, _RequestContextManager
@@ -96,11 +96,21 @@ class AsyncMSAL:
     _app: ConfidentialClientApplication = None
     _clientsession: ClientSession = None  # type: ignore
 
-    def __init__(self, session: Session):
-        """Init the class."""
+    def __init__(
+        self,
+        session: Union[Session, dict[str, str]],
+        save_cache: Optional[Callable[[Union[Session, dict[str, str]]], None]] = None,
+    ):
+        """Init the class.
+
+        **save_token_cache** will be called if the token cache changes. Optional.
+          Not required when the session parameter is an aiohttp_session.Session.
+        """
         self.session = session
-        if not isinstance(session, Session):
-            raise ValueError(f"session required {session}")
+        if save_cache:
+            self.save_token_cache = save_cache
+        if not isinstance(session, (Session, dict)):
+            raise ValueError(f"session or dict-like object required {session}")
 
     @property
     def token_cache(self) -> SerializableTokenCache:
@@ -134,11 +144,13 @@ class AsyncMSAL:
         """Save the token cache if it changed."""
         if self.token_cache.has_state_changed:
             self.session[TOKEN_CACHE] = self.token_cache.serialize()
+            if hasattr(self, "save_token_cache"):
+                self.save_token_cache(self.token_cache)
 
     def build_auth_code_flow(self, redirect_uri: str) -> str:
         """First step - Start the flow."""
-        self.session[TOKEN_CACHE] = None
-        self.session[USER_EMAIL] = None
+        self.session[TOKEN_CACHE] = None  # type: ignore
+        self.session[USER_EMAIL] = None  # type: ignore
         self.session[FLOW_CACHE] = res = self.app.initiate_auth_code_flow(
             MY_SCOPE,
             redirect_uri=redirect_uri,
@@ -149,8 +161,7 @@ class AsyncMSAL:
         # https://msal-python.readthedocs.io/en/latest/#msal.ClientApplication.initiate_auth_code_flow
         return str(res["auth_uri"])
 
-    @async_wrap
-    def async_acquire_token_by_auth_code_flow(self, auth_response: Any) -> None:
+    def acquire_token_by_auth_code_flow(self, auth_response: Any) -> None:
         """Second step - Acquire token."""
         # Assume we have it in the cache (added by /login)
         # will raise keryerror if no cache
@@ -165,8 +176,13 @@ class AsyncMSAL:
             "preferred_username"
         )
 
-    @async_wrap
-    def async_get_token(self) -> Optional[dict[str, Any]]:
+    async def async_acquire_token_by_auth_code_flow(self, auth_response: Any) -> None:
+        """Second step - Acquire token, async version."""
+        await asyncio.get_event_loop().run_in_executor(
+            None, self.acquire_token_by_auth_code_flow, auth_response
+        )
+
+    def get_token(self) -> Optional[dict[str, Any]]:
         """Acquire a token based on username."""
         accounts = self.app.get_accounts()
         if accounts:
@@ -175,6 +191,10 @@ class AsyncMSAL:
             return result
         return None
 
+    async def async_get_token(self) -> Optional[dict[str, Any]]:
+        """Acquire a token based on username."""
+        return await asyncio.get_event_loop().run_in_executor(None, self.get_token)
+
     async def request(self, method: str, url: str, **kwargs: Any) -> ClientResponse:
         """Make a request to url using an oauth session.
 
@@ -188,6 +208,8 @@ class AsyncMSAL:
             AsyncMSAL._clientsession = ClientSession(trust_env=True)
 
         token = await self.async_get_token()
+        if token is None:
+            raise web.HTTPClientError(text="No login token available.")
 
         kwargs = kwargs.copy()
         # Ensure headers exist & make a copy
@@ -195,7 +217,8 @@ class AsyncMSAL:
 
         headers["Authorization"] = "Bearer " + token["access_token"]
 
-        assert method in HTTP_ALLOWED, "Method must be one of the allowed ones"
+        if method not in HTTP_ALLOWED:
+            raise web.HTTPClientError(text=f"HTTP method {method} not allowed")
 
         if method == HTTP_GET:
             kwargs.setdefault("allow_redirects", True)

aiohttp_msal-0.6/aiohttp_msal/redis_tools.py

@@ -0,0 +1,87 @@
+"""Redis tools for sessions."""
+import asyncio
+import json
+import logging
+import time
+from typing import Any, AsyncGenerator, Optional
+
+from redis.asyncio import Redis, from_url
+
+from aiohttp_msal.msal_async import AsyncMSAL
+from aiohttp_msal.settings import ENV
+
+_LOGGER = logging.getLogger(__name__)
+
+SES_KEYS = ("mail", "name", "m_mail", "m_name")
+
+
+def get_redis() -> Redis:
+    """Get a Redis connection."""
+    _LOGGER.info("Connect to Redis %s", ENV.REDIS)
+    ENV.database = from_url(ENV.REDIS)  # pylint: disable=no-member
+    return ENV.database
+
+
+async def iter_redis(
+    redis: Redis, *, clean: bool = False, match: Optional[dict[str, str]] = None
+) -> AsyncGenerator[tuple[str, str, dict], None]:
+    """Iterate over the Redis keys to find a specific session."""
+    async for key in redis.scan_iter(count=100, match=f"{ENV.COOKIE_NAME}*"):
+        sval = await redis.get(key)
+        if not isinstance(sval, str):
+            if clean:
+                await redis.delete(key)
+            continue
+        val = json.loads(sval)
+        ses = val.get("session")
+        created = val.get("created")
+        if clean and not ses or not created:
+            await redis.delete(key)
+            continue
+        if match:
+            for mkey, mval in match.items():
+                if mval not in ses[mkey]:
+                    continue
+        created = val.get("created") or "0"
+        session = val.get("session") or {}
+        yield key, created, session
+
+
+async def clean_redis(redis: Redis, max_age: int = 90) -> None:
+    """Clear session entries older than max_age days."""
+    expire = int(time.time() - max_age * 24 * 60 * 60)
+    async for key, created, ses in iter_redis(redis, clean=True):
+        for key in SES_KEYS:
+            if not ses.get(key):
+                await redis.delete(key)
+                continue
+        if int(created) < expire:
+            await redis.delete(key)
+
+
+def _session_factory(key: str, created: str, session: dict) -> AsyncMSAL:
+    """Create a session with a save callback."""
+
+    async def async_save_cache(_: dict) -> None:
+        """Save the token cache to Redis."""
+        rd2 = get_redis()
+        try:
+            await rd2.set(key, json.dumps({"created": created, "session": session}))
+        finally:
+            await rd2.close()
+
+    def save_cache(*args: Any) -> None:
+        """Save the token cache to Redis."""
+        try:
+            asyncio.get_event_loop().create_task(async_save_cache(*args))
+        except RuntimeError:
+            asyncio.run(async_save_cache(*args))
+
+    return AsyncMSAL(session, save_cache=save_cache)
+
+
+async def get_session(red: Redis, email: str) -> AsyncMSAL:
+    """Get a session from Redis."""
+    async for key, created, session in iter_redis(red, match={"mail": email}):
+        return _session_factory(key, created, session)
+    raise ValueError(f"Session for {email} not found")

{aiohttp_msal-0.5.4 → aiohttp_msal-0.6}/aiohttp_msal.egg-info/PKG-INFO

@@ -1,13 +1,13 @@
 Metadata-Version: 2.1
 Name: aiohttp-msal
-Version: 0.5.4
-Summary: Helper Library to use MSAL with aiohttp
+Version: 0.6
+Summary: Helper Library to use the Microsoft Authentication Library (MSAL) with aiohttp
 Home-page: https://github.com/kellerza/aiohttp_msal
 Author: Johann Kellerman
 Author-email: kellerza@gmail.com
 License: MIT
 Keywords: msal,oauth,aiohttp,asyncio
-Classifier: Development Status :: 2 - Pre-Alpha
+Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: Natural Language :: English
 Classifier: Programming Language :: Python :: 3
@@ -15,11 +15,24 @@ Classifier: Programming Language :: Python :: 3 :: Only
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
 Requires-Python: >=3.9
 Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: msal>=1.24.1
+Requires-Dist: aiohttp_session>=2.12
+Requires-Dist: aiohttp>=3.8
 Provides-Extra: redis
+Requires-Dist: aiohttp_session[aioredis]>=2.12; extra == "redis"
 Provides-Extra: tests
-License-File: LICENSE
+Requires-Dist: black==23.9.1; extra == "tests"
+Requires-Dist: pylint; extra == "tests"
+Requires-Dist: flake8; extra == "tests"
+Requires-Dist: pytest-aiohttp; extra == "tests"
+Requires-Dist: pytest; extra == "tests"
+Requires-Dist: pytest-cov; extra == "tests"
+Requires-Dist: pytest-asyncio; extra == "tests"
+Requires-Dist: pytest-env; extra == "tests"
 
 # aiohttp_msal Python library
 
@@ -29,11 +42,10 @@ Blocking MSAL functions are executed in the executor thread. Should be useful un
 
 Tested with MSAL Python 1.21.0 onward - [MSAL Python docs](https://github.com/AzureAD/microsoft-authentication-library-for-python)
 
-
 ## AsycMSAL class
 
 The AsyncMSAL class wraps the behavior in the following example app
-https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py#L76
+<https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py#L76>
 
 It is responsible to manage tokens & token refreshes and as a client to retrieve data using these tokens.
 
@@ -41,7 +53,7 @@ It is responsible to manage tokens & token refreshes and as a client to retrieve
 
 Firstly you should get the tokens via OAuth
 
-1.  `initiate_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
+1. `initiate_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
 
     The caller is expected to:
     1. somehow store this content, typically inside the current session of the server,
@@ -51,8 +63,7 @@ Firstly you should get the tokens via OAuth
 
     **Step 1** and part of **Step 3** is stored by this class in the aiohttp_session
 
-2.  `acquire_token_by_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
-
+2. `acquire_token_by_auth_code_flow` [referernce](https://msal-python.readthedocs.io/en/latest/#msal.PublicClientApplication.initiate_auth_code_flow)
 
 ### Use the token
 
@@ -65,11 +76,11 @@ async with aiomsal.get("https://graph.microsoft.com/v1.0/me") as res:
     res = await res.json()
 ```
 
-# Example web server
+## Example web server
 
 Complete routes can be found in [routes.py](./aiohttp_msal/routes.py)
 
-## Start the login process
+### Start the login process
 
 ```python
 @ROUTES.get("/user/login")
@@ -84,7 +95,7 @@ async def user_login(request: web.Request) -> web.Response:
     return web.HTTPFound(redir)
 ```
 
-## Acquire the token after being redirected back to the server
+### Acquire the token after being redirected back to the server
 
 ```python
 @ROUTES.post(URI_USER_AUTHORIZED)
@@ -101,7 +112,7 @@ async def user_authorized(request: web.Request) -> web.Response:
 
 - `@ROUTES.get("/user/photo")`
 
-  Serve the user's photo from his Microsoft profile
+  Serve the user's photo from their Microsoft profile
 
 - `get_user_info`
 

{aiohttp_msal-0.5.4 → aiohttp_msal-0.6}/aiohttp_msal.egg-info/SOURCES.txt

@@ -4,6 +4,7 @@ setup.cfg
 setup.py
 aiohttp_msal/__init__.py
 aiohttp_msal/msal_async.py
+aiohttp_msal/redis_tools.py
 aiohttp_msal/routes.py
 aiohttp_msal/settings.py
 aiohttp_msal/settings_base.py

{aiohttp_msal-0.5.4 → aiohttp_msal-0.6}/aiohttp_msal.egg-info/requires.txt

@@ -1,4 +1,4 @@
-msal>=1.21.0
+msal>=1.24.1
 aiohttp_session>=2.12
 aiohttp>=3.8
 
@@ -6,7 +6,7 @@ aiohttp>=3.8
 aiohttp_session[aioredis]>=2.12
 
 [tests]
-black==23.3.0
+black==23.9.1
 pylint
 flake8
 pytest-aiohttp

{aiohttp_msal-0.5.4 → aiohttp_msal-0.6}/setup.cfg

@@ -1,7 +1,7 @@
 [metadata]
 name = aiohttp_msal
 version = attr: aiohttp_msal.VERSION
-description = Helper Library to use MSAL with aiohttp
+description = Helper Library to use the Microsoft Authentication Library (MSAL) with aiohttp
 long_description = file: README.md
 long_description_content_type = text/markdown
 url = https://github.com/kellerza/aiohttp_msal
@@ -10,7 +10,7 @@ author_email = kellerza@gmail.com
 license = MIT
 license_file = LICENSE
 classifiers = 
-	Development Status :: 2 - Pre-Alpha
+	Development Status :: 4 - Beta
 	Intended Audience :: Developers
 	Natural Language :: English
 	Programming Language :: Python :: 3
@@ -18,6 +18,7 @@ classifiers =
 	Programming Language :: Python :: 3.8
 	Programming Language :: Python :: 3.9
 	Programming Language :: Python :: 3.10
+	Programming Language :: Python :: 3.11
 keywords = msal, oauth, aiohttp, asyncio
 
 [options]
@@ -26,7 +27,7 @@ python_requires = >=3.9
 include_package_data = True
 tests_requires = file: requirements_test.txt
 install_requires = 
-	msal>=1.21.0
+	msal>=1.24.1
 	aiohttp_session>=2.12
 	aiohttp>=3.8
 zip_safe = true
@@ -35,7 +36,7 @@ zip_safe = true
 redis = 
 	aiohttp_session[aioredis]>=2.12
 tests = 
-	black==23.3.0
+	black==23.9.1
 	pylint
 	flake8
 	pytest-aiohttp

{aiohttp_msal-0.5.4 → aiohttp_msal-0.6}/setup.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python
 """aiohttp_msal library setup."""
-import setuptools
+from setuptools import setup
 
 if __name__ == "__main__":
-    setuptools.setup()
+    setup()

{aiohttp_msal-0.5.4 → aiohttp_msal-0.6}/tests/test_init.py

@@ -1,2 +1,3 @@
 """Init."""
 import aiohttp_msal  # noqa
+import aiohttp_msal.routes  # noqa