aiohttp-msal 0.6.3__py3-none-any.whl → 0.6.5__py3-none-any.whl

aiohttp_msal/__init__.py

@@ -13,7 +13,7 @@ from .settings import ENV
 
 _LOGGER = logging.getLogger(__name__)
 
-VERSION = "0.6.3"
+VERSION = "0.6.5"
 
 
 def msal_session(*args: Callable[[AsyncMSAL], Union[Any, Awaitable[Any]]]) -> Callable:

aiohttp_msal/msal_async.py

@@ -23,7 +23,7 @@ HTTP_PATCH = "patch"
 HTTP_DELETE = "delete"
 HTTP_ALLOWED = [HTTP_GET, HTTP_POST, HTTP_PUT, HTTP_PATCH, HTTP_DELETE]
 
-MY_SCOPE = ["User.Read", "User.Read.All"]
+DEFAULT_SCOPES = ["User.Read", "User.Read.All"]
 
 
 def async_wrap(func: Callable) -> Callable:
@@ -71,11 +71,12 @@ class AsyncMSAL:
            https://msal-python.readthedocs.io/en/latest/#msal.ClientApplication.initiate_auth_code_flow
 
            The caller is expected to:
-           1.somehow store this content, typically inside the current session of the server,
-           2.guide the end user (i.e. resource owner) to visit that auth_uri,
-             typically with a redirect
-           3.and then relay this dict and subsequent auth response to
-             acquire_token_by_auth_code_flow().
+           1. somehow store this content, typically inside the current session of the
+              server,
+           2. guide the end user (i.e. resource owner) to visit that auth_uri,
+              typically with a redirect
+           3. and then relay this dict and subsequent auth response to
+              acquire_token_by_auth_code_flow().
 
            [1. and part of 3.] is stored by this class in the aiohttp_session
 
@@ -147,12 +148,14 @@ class AsyncMSAL:
             if hasattr(self, "save_token_cache"):
                 self.save_token_cache(self.token_cache)
 
-    def build_auth_code_flow(self, redirect_uri: str) -> str:
+    def build_auth_code_flow(
+        self, redirect_uri: str, scopes: Optional[list[str]] = None
+    ) -> str:
         """First step - Start the flow."""
         self.session[TOKEN_CACHE] = None  # type: ignore
         self.session[USER_EMAIL] = None  # type: ignore
         self.session[FLOW_CACHE] = res = self.app.initiate_auth_code_flow(
-            MY_SCOPE,
+            scopes or DEFAULT_SCOPES,
             redirect_uri=redirect_uri,
             response_mode="form_post"
             # max_age=1209600,
@@ -182,11 +185,13 @@ class AsyncMSAL:
             None, self.acquire_token_by_auth_code_flow, auth_response
         )
 
-    def get_token(self) -> Optional[dict[str, Any]]:
+    def get_token(self, scopes: Optional[list[str]] = None) -> Optional[dict[str, Any]]:
         """Acquire a token based on username."""
         accounts = self.app.get_accounts()
         if accounts:
-            result = self.app.acquire_token_silent(scopes=MY_SCOPE, account=accounts[0])
+            result = self.app.acquire_token_silent(
+                scopes=scopes or DEFAULT_SCOPES, account=accounts[0]
+            )
             self._save_token_cache()
             return result
         return None

aiohttp_msal/redis_tools.py

@@ -3,6 +3,7 @@ import asyncio
 import json
 import logging
 import time
+from contextlib import AsyncExitStack, asynccontextmanager
 from typing import Any, AsyncGenerator, Optional
 
 from redis.asyncio import Redis, from_url
@@ -15,56 +16,81 @@ _LOGGER = logging.getLogger(__name__)
 SES_KEYS = ("mail", "name", "m_mail", "m_name")
 
 
-def get_redis() -> Redis:
+@asynccontextmanager
+async def get_redis() -> AsyncGenerator[Redis, None]:
     """Get a Redis connection."""
+    if ENV.database:
+        _LOGGER.debug("Using redis from environment")
+        yield ENV.database
+        return
     _LOGGER.info("Connect to Redis %s", ENV.REDIS)
-    ENV.database = from_url(ENV.REDIS)  # pylint: disable=no-member
-    return ENV.database
+    redis = from_url(ENV.REDIS)
+    try:
+        yield redis
+    finally:
+        await redis.close()
+
+
+async def session_iter(
+    redis: Redis,
+    *,
+    match: Optional[dict[str, str]] = None,
+    key_match: Optional[str] = None,
+) -> AsyncGenerator[tuple[str, int, dict[str, Any]], None]:
+    """Iterate over the Redis keys to find a specific session.
+
+    match: Filter based on session content (i.e. mail/name)
+    key_match: Filter the Redis keys. Defaults to ENV.cookie_name
+    """
+    async for key in redis.scan_iter(
+        count=100, match=key_match or f"{ENV.COOKIE_NAME}*"
+    ):
+        sval = await redis.get(key)
+        created, ses = 0, {}
+        try:
+            val = json.loads(sval)  # type: ignore
+            created = int(val["created"])
+            ses = val["session"]
+        except Exception:  # pylint: disable=broad-except
+            pass
+        if match:
+            # Ensure we match all the supplied terms
+            if not all(k in ses and v in ses[k] for k, v in match.items()):
+                continue
+        yield key, created, ses
 
 
-async def iter_redis(
-    redis: Redis, *, clean: bool = False, match: Optional[dict[str, str]] = None
-) -> AsyncGenerator[tuple[str, str, dict], None]:
-    """Iterate over the Redis keys to find a specific session."""
-    async for key in redis.scan_iter(count=100, match=f"{ENV.COOKIE_NAME}*"):
-        sval = await redis.get(key)
-        if not isinstance(sval, (str, bytes, bytearray)):
-            if clean:
-                await redis.delete(key)
-            continue
-        val = json.loads(sval)
-        ses = val.get("session") or {}
-        created = val.get("created")
-        if clean and not ses or not created:
-            await redis.delete(key)
-            continue
-        if match and not all(v in ses[k] for k, v in match.items()):
-            continue
-        yield key, created or "0", ses
-
-
-async def clean_redis(redis: Redis, max_age: int = 90) -> None:
+async def session_clean(
+    redis: Redis, *, max_age: int = 90, expected_keys: Optional[dict] = None
+) -> None:
     """Clear session entries older than max_age days."""
+    rem, keep = 0, 0
     expire = int(time.time() - max_age * 24 * 60 * 60)
-    async for key, created, ses in iter_redis(redis, clean=True):
-        for key in SES_KEYS:
-            if not ses.get(key):
+    try:
+        async for key, created, ses in session_iter(redis):
+            all_keys = all(sk in ses for sk in (expected_keys or SES_KEYS))
+            if created < expire or not all_keys:
+                rem += 1
                 await redis.delete(key)
-                continue
-        if int(created) < expire:
-            await redis.delete(key)
+            else:
+                keep += 1
+    finally:
+        if rem:
+            _LOGGER.info("Sessions removed: %s (%s total)", rem, keep)
+        else:
+            _LOGGER.debug("No sessions removed (%s total)", keep)
 
 
 def _session_factory(key: str, created: str, session: dict) -> AsyncMSAL:
-    """Create a session with a save callback."""
+    """Create a AsyncMSAL session.
+
+    When get_token refreshes the token retrieved from Redis, the save_cache callback
+    will be responsible to update the cache in Redis."""
 
     async def async_save_cache(_: dict) -> None:
         """Save the token cache to Redis."""
-        rd2 = get_redis()
-        try:
+        async with get_redis() as rd2:
             await rd2.set(key, json.dumps({"created": created, "session": session}))
-        finally:
-            await rd2.close()
 
     def save_cache(*args: Any) -> None:
         """Save the token cache to Redis."""
@@ -76,8 +102,11 @@ def _session_factory(key: str, created: str, session: dict) -> AsyncMSAL:
     return AsyncMSAL(session, save_cache=save_cache)
 
 
-async def get_session(red: Redis, email: str) -> AsyncMSAL:
+async def get_session(email: str, *, redis: Optional[Redis] = None) -> AsyncMSAL:
     """Get a session from Redis."""
-    async for key, created, session in iter_redis(red, match={"mail": email}):
-        return _session_factory(key, created, session)
+    async with AsyncExitStack() as stack:
+        if redis is None:
+            redis = await stack.enter_async_context(get_redis())
+        async for key, created, session in session_iter(redis, match={"mail": email}):
+            return _session_factory(key, str(created), session)
     raise ValueError(f"Session for {email} not found")

{aiohttp_msal-0.6.3.dist-info → aiohttp_msal-0.6.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aiohttp-msal
-Version: 0.6.3
+Version: 0.6.5
 Summary: Helper Library to use the Microsoft Authentication Library (MSAL) with aiohttp
 Home-page: https://github.com/kellerza/aiohttp_msal
 Author: Johann Kellerman
@@ -125,23 +125,13 @@ async def user_authorized(request: web.Request) -> web.Response:
 
 ```python
 from aiohttp_msal import ENV, AsyncMSAL
-from aiohttp_msal.redis_tools import clean_redis, get_redis, get_session
-
-async def get_async_msal(email: str) -> AsyncMSAL:
-    """Clean redis and get a session."""
-    red = get_redis()
-    try:
-        return await get_session(red, email)
-    finally:
-        await red.close()
-
+from aiohttp_msal.redis_tools import get_session
 
 def main()
     # Uses the redis.asyncio driver to retrieve the current token
     # Will update the token_cache if a RefreshToken was used
-    ases = asyncio.run(get_async_msal(MYEMAIL))
+    ases = asyncio.run(get_session(MYEMAIL))
     client = GraphClient(ases.get_token)
     # ...
     # use the Graphclient
-    # ...
 ```

{aiohttp_msal-0.6.3.dist-info → aiohttp_msal-0.6.5.dist-info}/RECORD

@@ -1,6 +1,6 @@
-aiohttp_msal/__init__.py,sha256=NfHiiJnjJer0z96e3aM5xQnJ2ICSeBmKu79JBHL7alo,3001
-aiohttp_msal/msal_async.py,sha256=lSwTK2utBVjhQQ921aoq34hNa0z-AJsQleSHXxh9STk,9779
-aiohttp_msal/redis_tools.py,sha256=I9tjkRSSAQi3S1TajsZX0fkvNgIYyOwgNGkViP1vjRA,2794
+aiohttp_msal/__init__.py,sha256=hz7_nNDPT3bWxWu78vjAAWr9i60eRX0He34RRZ6DIz0,3001
+aiohttp_msal/msal_async.py,sha256=Z810J2OHn7H4EevfQ7XB5L7Rks8iB4RsdFbFv5wPb3k,9952
+aiohttp_msal/redis_tools.py,sha256=eEYGJTCWtpyBvmI7IAs2jInypsyzbQP_RAVQnAyRgtE,3737
 aiohttp_msal/routes.py,sha256=c-w5wHaLAYGEqZvfZ8PnzzRh60asLqdUa30lvSANdYM,8319
 aiohttp_msal/settings.py,sha256=ZZn7D6QmIyQSvuqCAoTacKRXYfopqK4P74eVdPCw-uI,1231
 aiohttp_msal/settings_base.py,sha256=pmVmzTtaGEgRh-AMGy0HdhF1JvoZhZp42G3PL_ILHLw,2892
@@ -9,9 +9,9 @@ tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tests/test_init.py,sha256=sHmt7yNDlcu5JHrpM_gim0NeLce0NwUAMM3HAdGoo58,75
 tests/test_msal_async.py,sha256=31MCoAbUiyUhc4SkebUKpjLDHozEBko-QgEBSHjfSoM,332
 tests/test_settings.py,sha256=z-qtUs1zl5Q9NEux051eebyPnArLZ_OfZu65FKz0N4Y,333
-aiohttp_msal-0.6.3.dist-info/LICENSE,sha256=H1aGfkSfZFwK3q4INn9mUldOJGZy-ZXu5-65K9Glunw,1080
-aiohttp_msal-0.6.3.dist-info/METADATA,sha256=YWhtkOjRGbnHriO9MUEZQeYG6AKV1GBqnnN1zzdAHRY,4811
-aiohttp_msal-0.6.3.dist-info/WHEEL,sha256=yQN5g4mg4AybRjkgi-9yy4iQEFibGQmlz78Pik5Or-A,92
-aiohttp_msal-0.6.3.dist-info/top_level.txt,sha256=QPWOi5JtacVEdbaU5bJExc9o-cCT2Lufx0QhUpsv5_E,19
-aiohttp_msal-0.6.3.dist-info/zip-safe,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
-aiohttp_msal-0.6.3.dist-info/RECORD,,
+aiohttp_msal-0.6.5.dist-info/LICENSE,sha256=H1aGfkSfZFwK3q4INn9mUldOJGZy-ZXu5-65K9Glunw,1080
+aiohttp_msal-0.6.5.dist-info/METADATA,sha256=xXoce4L-2TzT6OufblyHIsHoWYIrrsa3Qarxfi3KOT0,4565
+aiohttp_msal-0.6.5.dist-info/WHEEL,sha256=yQN5g4mg4AybRjkgi-9yy4iQEFibGQmlz78Pik5Or-A,92
+aiohttp_msal-0.6.5.dist-info/top_level.txt,sha256=QPWOi5JtacVEdbaU5bJExc9o-cCT2Lufx0QhUpsv5_E,19
+aiohttp_msal-0.6.5.dist-info/zip-safe,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
+aiohttp_msal-0.6.5.dist-info/RECORD,,