aiohttp-msal 0.6.6__py3-none-any.whl → 0.6.8__py3-none-any.whl

aiohttp_msal/__init__.py

@@ -1,8 +1,9 @@
 """aiohttp_msal."""
+
 import logging
+import typing
 from functools import wraps
 from inspect import getfullargspec, iscoroutinefunction
-from typing import Any, Awaitable, Callable, Union
 
 from aiohttp import ClientSession, web
 from aiohttp_session import get_session
@@ -13,26 +14,29 @@ from aiohttp_msal.settings import ENV
 
 _LOGGER = logging.getLogger(__name__)
 
-VERSION = "0.6.6"
+VERSION = "0.6.8"
 
 
-def msal_session(*args: Callable[[AsyncMSAL], Union[Any, Awaitable[Any]]]) -> Callable:
+def msal_session(
+    *callbacks: typing.Callable[[AsyncMSAL], bool | typing.Awaitable[bool]],
+    at_least_one: bool | None = False,
+) -> typing.Callable:
     """Session decorator.
 
     Arguments can include a list of function to perform login tests etc.
     """
 
-    def _session(func: Callable) -> Callable:
+    def _session(func: typing.Callable) -> typing.Callable:
         @wraps(func)
-        async def __session(request: web.Request) -> Callable:
-            _ses = AsyncMSAL(session=await get_session(request))
-            for arg in args:
-                if iscoroutinefunction(arg):
-                    if not await arg(_ses):
-                        raise web.HTTPForbidden
-                elif not arg(_ses):
+        async def __session(request: web.Request) -> typing.Callable:
+            ses = AsyncMSAL(session=await get_session(request))
+            for c_b in callbacks:
+                _ok = await c_b(ses) if iscoroutinefunction(c_b) else c_b(ses)
+                if at_least_one and _ok:
+                    break
+                if not at_least_one and not _ok:
                     raise web.HTTPForbidden
-            return await func(request=request, ses=_ses)
+            return await func(request=request, ses=ses)
 
         assert iscoroutinefunction(func), f"Function needs to be a coroutine: {func}"
         spec = getfullargspec(func)

aiohttp_msal/msal_async.py

@@ -4,10 +4,11 @@ The AsyncMSAL class contains more info to perform OAuth & get the required token
 Once you have the OAuth tokens store in the session, you are free to make requests
 (typically from an aiohttp server's inside a request)
 """
+
 import asyncio
 import json
 from functools import partial, wraps
-from typing import Any, Callable, Optional, Union
+from typing import Any, Callable, Literal
 
 from aiohttp import web
 from aiohttp.client import ClientResponse, ClientSession, _RequestContextManager
@@ -32,7 +33,7 @@ def async_wrap(func: Callable) -> Callable:
     @wraps(func)
     async def run(
         *args: Any,
-        loop: Optional[asyncio.AbstractEventLoop] = None,
+        loop: asyncio.AbstractEventLoop | None = None,
         executor: Any = None,
         **kwargs: dict[str, Any],
     ) -> Callable:
@@ -53,44 +54,12 @@ USER_EMAIL = "mail"
 class AsyncMSAL:
     """AsycMSAL class.
 
-    AsyncIO based OAuth using the Microsoft Authentication Library (MSAL) for Python.
-    Blocking MSAL functions are executed in the executor thread.
-    Use until such time as MSAL Python gets a true async version...
-
-    Tested with MSAL Python 1.13.0
-    https://github.com/AzureAD/microsoft-authentication-library-for-python
-
-    AsyncMSAL is based on the following example app
-    https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py#L76
-
-    Use as follows:
-
-        Get the tokens via oauth
-
-        1. initiate_auth_code_flow
-           https://msal-python.readthedocs.io/en/latest/#msal.ClientApplication.initiate_auth_code_flow
-
-           The caller is expected to:
-           1. somehow store this content, typically inside the current session of the
-              server,
-           2. guide the end user (i.e. resource owner) to visit that auth_uri,
-              typically with a redirect
-           3. and then relay this dict and subsequent auth response to
-              acquire_token_by_auth_code_flow().
-
-           [1. and part of 3.] is stored by this class in the aiohttp_session
-
-        2. acquire_token_by_auth_code_flow
-           https://msal-python.readthedocs.io/en/latest/#msal.ClientApplication.acquire_token_by_auth_code_flow
-
-
-        Now you are free to make requests (typically from an aiohttp server)
-
-            session = await get_session(request)
-            aiomsal = AsyncMSAL(session)
-            async with aiomsal.get("https://graph.microsoft.com/v1.0/me") as res:
-                res = await res.json()
+    Authorization Code Flow Helper. Learn more about auth-code-flow at
+    https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow
 
+    Async based OAuth using the Microsoft Authentication Library (MSAL) for Python.
+    Blocking MSAL functions are executed in the executor thread.
+    Use until such time as MSAL Python gets a true async version.
     """
 
     _token_cache: SerializableTokenCache = None
@@ -99,8 +68,8 @@ class AsyncMSAL:
 
     def __init__(
         self,
-        session: Union[Session, dict[str, str]],
-        save_cache: Optional[Callable[[Union[Session, dict[str, str]]], None]] = None,
+        session: Session | dict[str, str],
+        save_cache: Callable[[Session | dict[str, str]], None] | None = None,
     ):
         """Init the class.
 
@@ -149,7 +118,11 @@ class AsyncMSAL:
                 self.save_token_cache(self.token_cache)
 
     def build_auth_code_flow(
-        self, redirect_uri: str, scopes: Optional[list[str]] = None
+        self,
+        redirect_uri: str,
+        scopes: list[str] | None = None,
+        prompt: Literal["login", "consent", "select_account", "none"] | None = None,
+        **kwargs: Any,
     ) -> str:
         """First step - Start the flow."""
         self.session[TOKEN_CACHE] = None  # type: ignore
@@ -157,7 +130,9 @@ class AsyncMSAL:
         self.session[FLOW_CACHE] = res = self.app.initiate_auth_code_flow(
             scopes or DEFAULT_SCOPES,
             redirect_uri=redirect_uri,
-            response_mode="form_post"
+            response_mode="form_post",
+            prompt=prompt,
+            **kwargs,
             # max_age=1209600,
             # max allowed 86400 - 1 day
         )
@@ -185,7 +160,7 @@ class AsyncMSAL:
             None, self.acquire_token_by_auth_code_flow, auth_response
         )
 
-    def get_token(self, scopes: Optional[list[str]] = None) -> Optional[dict[str, Any]]:
+    def get_token(self, scopes: list[str] | None = None) -> dict[str, Any] | None:
         """Acquire a token based on username."""
         accounts = self.app.get_accounts()
         if accounts:
@@ -196,7 +171,7 @@ class AsyncMSAL:
             return result
         return None
 
-    async def async_get_token(self) -> Optional[dict[str, Any]]:
+    async def async_get_token(self) -> dict[str, Any] | None:
         """Acquire a token based on username."""
         return await asyncio.get_event_loop().run_in_executor(None, self.get_token)
 

aiohttp_msal/redis_tools.py

@@ -1,4 +1,5 @@
 """Redis tools for sessions."""
+
 import asyncio
 import json
 import logging
@@ -9,7 +10,7 @@ from typing import Any, AsyncGenerator, Optional
 from redis.asyncio import Redis, from_url
 
 from aiohttp_msal.msal_async import AsyncMSAL
-from aiohttp_msal.settings import ENV
+from aiohttp_msal.settings import ENV as MENV
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -19,15 +20,17 @@ SES_KEYS = ("mail", "name", "m_mail", "m_name")
 @asynccontextmanager
 async def get_redis() -> AsyncGenerator[Redis, None]:
     """Get a Redis connection."""
-    if ENV.database:
+    if MENV.database:
         _LOGGER.debug("Using redis from environment")
-        yield ENV.database
+        yield MENV.database
         return
-    _LOGGER.info("Connect to Redis %s", ENV.REDIS)
-    redis = from_url(ENV.REDIS)
+    _LOGGER.info("Connect to Redis %s", MENV.REDIS)
+    redis = from_url(MENV.REDIS)  # decode_responses=True not allowed aiohttp_session
+    MENV.database = redis
     try:
         yield redis
     finally:
+        MENV.database = None  # type:ignore
         await redis.close()
 
 
@@ -45,10 +48,11 @@ async def session_iter(
     if match and not all(isinstance(v, str) for v in match.values()):
         raise ValueError("match values must be strings")
     async for key in redis.scan_iter(
-        count=100, match=key_match or f"{ENV.COOKIE_NAME}*"
+        count=100, match=key_match or f"{MENV.COOKIE_NAME}*"
     ):
+        if not isinstance(key, str):
+            key = key.decode()
         sval = await redis.get(key)
-        _LOGGER.debug("Session: %s = %s", key, sval)
         created, ses = 0, {}
         try:
             val = json.loads(sval)  # type: ignore
@@ -110,11 +114,67 @@ def _session_factory(key: str, created: str, session: dict) -> AsyncMSAL:
     return AsyncMSAL(session, save_cache=save_cache)
 
 
-async def get_session(email: str, *, redis: Optional[Redis] = None) -> AsyncMSAL:
+async def get_session(
+    email: str, *, redis: Optional[Redis] = None, scope: str = ""
+) -> AsyncMSAL:
     """Get a session from Redis."""
+    cnt = 0
     async with AsyncExitStack() as stack:
         if redis is None:
             redis = await stack.enter_async_context(get_redis())
         async for key, created, session in session_iter(redis, match={"mail": email}):
+            cnt += 1
+            if scope and scope not in str(session.get("token_cache")).lower():
+                continue
             return _session_factory(key, str(created), session)
-    raise ValueError(f"Session for {email} not found")
+    msg = f"Session for {email}"
+    if not scope:
+        raise ValueError(f"{msg} not found")
+    raise ValueError(f"{msg} with scope {scope} not found ({cnt} checked)")
+
+
+async def redis_get_json(key: str) -> list | dict | None:
+    """Get a key from redis."""
+    res = await MENV.database.get(key)
+    if isinstance(res, (str, bytes, bytearray)):
+        return json.loads(res)
+    if res is not None:
+        _LOGGER.warning("Unexpected type for %s: %s", key, type(res))
+    return None
+
+
+async def redis_get(key: str) -> str | None:
+    """Get a key from redis."""
+    res = await MENV.database.get(key)
+    if isinstance(res, str):
+        return res
+    if isinstance(res, (bytes, bytearray)):
+        return res.decode()
+    if res is not None:
+        _LOGGER.warning("Unexpected type for %s: %s", key, type(res))
+    return None
+
+
+async def redis_set_set(key: str, new_set: set[str]) -> None:
+    """Set the value of a set in redis."""
+    cur_set = set(
+        s if isinstance(s, str) else s.decode()
+        for s in await MENV.database.smembers(key)
+    )
+    dif = list(cur_set - new_set)
+    if dif:
+        _LOGGER.warning("%s: removing %s", key, dif)
+        await MENV.database.srem(key, *dif)
+
+    dif = list(new_set - cur_set)
+    if dif:
+        _LOGGER.info("%s: adding %s", key, dif)
+        await MENV.database.sadd(key, *dif)
+
+
+async def redis_scan(match_str: str) -> list[str]:
+    """Return a list of matching keys."""
+    return [
+        s if isinstance(s, str) else s.decode()
+        async for s in MENV.database.scan_iter(match=match_str)
+    ]

aiohttp_msal/routes.py

@@ -1,4 +1,5 @@
 """The user blueprint."""
+
 import time
 from inspect import iscoroutinefunction
 from typing import Any, Mapping, Sequence

aiohttp_msal/settings.py

@@ -1,8 +1,14 @@
 """Settings."""
-from typing import Any, Awaitable, Callable, Union
+
+from typing import TYPE_CHECKING, Any, Awaitable, Callable
 
 from aiohttp_msal.settings_base import SettingsBase, Var
 
+if TYPE_CHECKING:
+    from redis.asyncio import Redis
+else:
+    Redis = Any
+
 
 class MSALSettings(SettingsBase):
     """Settings."""
@@ -26,12 +32,12 @@ class MSALSettings(SettingsBase):
 
     login_callback: list[Callable[[Any], Awaitable[Any]]] = []
     """A list of callbacks to execute on successful login."""
-    info: dict[str, Callable[[Any], Union[Any, Awaitable[Any]]]] = {}
+    info: dict[str, Callable[[Any], Any | Awaitable[Any]]] = {}
     """List of attributes to return in /user/info."""
 
     REDIS = "redis://redis1:6379"
     """OPTIONAL: Redis database connection used by app_init_redis_session()."""
-    database: Any = None
+    database: Redis
     """Store the Redis connection when using app_init_redis_session()."""
 
 

aiohttp_msal/settings_base.py

@@ -1,4 +1,6 @@
 """Settings Base."""
+
+from __future__ import annotations
 import logging
 import os
 from pathlib import Path
@@ -9,7 +11,7 @@ class Var:  # pylint: disable=too-few-public-methods
     """Variable settings."""
 
     @staticmethod
-    def from_value(val: Any):  # type: ignore
+    def from_value(val: Any) -> Var:
         """Ensure the return is an instance of Var."""
         return val if isinstance(val, Var) else Var(type(val))
 

aiohttp_msal/user_info.py

@@ -1,4 +1,5 @@
 """Graph User Info."""
+
 import asyncio
 from functools import wraps
 from typing import Any, Callable

{aiohttp_msal-0.6.6.dist-info → aiohttp_msal-0.6.8.dist-info}/LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2022-2023 kellerza
+Copyright (c) 2022-2024 kellerza
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

{aiohttp_msal-0.6.6.dist-info → aiohttp_msal-0.6.8.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
-Name: aiohttp-msal
-Version: 0.6.6
+Name: aiohttp_msal
+Version: 0.6.8
 Summary: Helper Library to use the Microsoft Authentication Library (MSAL) with aiohttp
 Home-page: https://github.com/kellerza/aiohttp_msal
 Author: Johann Kellerman
@@ -12,20 +12,20 @@ Classifier: Intended Audience :: Developers
 Classifier: Natural Language :: English
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3 :: Only
-Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
-Requires-Python: >=3.9
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: msal >=1.24.1
+Requires-Dist: msal >=1.30.0
 Requires-Dist: aiohttp-session >=2.12
 Requires-Dist: aiohttp >=3.8
 Provides-Extra: redis
 Requires-Dist: aiohttp-session[aioredis] >=2.12 ; extra == 'redis'
 Provides-Extra: tests
-Requires-Dist: black ==23.9.1 ; extra == 'tests'
-Requires-Dist: pylint ; extra == 'tests'
+Requires-Dist: black ==24.8.0 ; extra == 'tests'
+Requires-Dist: pylint ==3.2.6 ; extra == 'tests'
 Requires-Dist: flake8 ; extra == 'tests'
 Requires-Dist: pytest-aiohttp ; extra == 'tests'
 Requires-Dist: pytest ; extra == 'tests'
@@ -35,9 +35,13 @@ Requires-Dist: pytest-env ; extra == 'tests'
 
 # aiohttp_msal Python library
 
-AsyncIO based OAuth using the Microsoft Authentication Library (MSAL) for Python.
+Authorization Code Flow Helper. Learn more about auth-code-flow at
+<https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow>
 
-Blocking MSAL functions are executed in the executor thread. Should be useful until such time as MSAL Python gets a true async version...
+Async based OAuth using the Microsoft Authentication Library (MSAL) for Python.
+
+Blocking MSAL functions are executed in the executor thread.
+Should be useful until such time as MSAL Python gets a true async version.
 
 Tested with MSAL Python 1.21.0 onward - [MSAL Python docs](https://github.com/AzureAD/microsoft-authentication-library-for-python)
 

aiohttp_msal-0.6.8.dist-info/RECORD

@@ -0,0 +1,18 @@
+aiohttp_msal/__init__.py,sha256=vvc6_F-5jkV_Fy2il81x-kFCrwhZvBMfZ9rNPhkx4ts,3103
+aiohttp_msal/msal_async.py,sha256=afvfh7gZrXk5KO7Umb9jAnQu4jdg_iVlgaTnxS3JgNM,8899
+aiohttp_msal/redis_tools.py,sha256=zgRACVxm2wPkbEHtA6VmArsd-QQlKn-crlq1XlFbjEY,5919
+aiohttp_msal/routes.py,sha256=JNz0tn-avHUiUmI-YeprY7XyVQNnHRdb2kQFynCTBy0,8228
+aiohttp_msal/settings.py,sha256=AriMUJnTzNkxbwtg8tjxAuM4uPxtJFx26RA3-YvYp1U,1318
+aiohttp_msal/settings_base.py,sha256=m4tmurnq8xipVNAa-Dh4ii9Rsu6gg39F4aDJNHPLwiI,2919
+aiohttp_msal/user_info.py,sha256=fijBUbl5g1AVgrpOl-2ZY-eQCCWcu4YqcA0QaMQrcWw,1766
+tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+tests/test_init.py,sha256=olI80lEHoG9Bf2owq3lyfJHp6OPYdsoN_jzlrNY0GYk,76
+tests/test_msal_async.py,sha256=7-G6dO3_qWb8zxqC6_SqMMubCBbEERZy513P7UM4vmw,365
+tests/test_redis_tools.py,sha256=uFpPSe6atbDVAuh1_OUtFgeZwyuLDspp42_EECJDSPg,1869
+tests/test_settings.py,sha256=z-qtUs1zl5Q9NEux051eebyPnArLZ_OfZu65FKz0N4Y,333
+aiohttp_msal-0.6.8.dist-info/LICENSE,sha256=BwqFEcF0Ij49hDZx4A_5CzsKnfU_twRjrm87JFwydFc,1080
+aiohttp_msal-0.6.8.dist-info/METADATA,sha256=brsm0akO5VVzEW7FDe-GxKCw8Bl1WiQadjxq5cVpYXA,4724
+aiohttp_msal-0.6.8.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+aiohttp_msal-0.6.8.dist-info/top_level.txt,sha256=QPWOi5JtacVEdbaU5bJExc9o-cCT2Lufx0QhUpsv5_E,19
+aiohttp_msal-0.6.8.dist-info/zip-safe,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
+aiohttp_msal-0.6.8.dist-info/RECORD,,

{aiohttp_msal-0.6.6.dist-info → aiohttp_msal-0.6.8.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.41.2)
+Generator: setuptools (72.1.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

tests/test_init.py

@@ -1,3 +1,4 @@
 """Init."""
+
 import aiohttp_msal  # noqa
 import aiohttp_msal.routes  # noqa

tests/test_msal_async.py

@@ -1,4 +1,5 @@
 """Test the AsyncMSAL class."""
+
 from aiohttp_msal.msal_async import AsyncMSAL, Session
 
 

tests/test_redis_tools.py

@@ -1,4 +1,5 @@
 """Test redis tools."""
+
 from json import dumps
 from typing import AsyncGenerator
 from unittest.mock import AsyncMock, MagicMock, Mock, call

aiohttp_msal-0.6.6.dist-info/RECORD

@@ -1,18 +0,0 @@
-aiohttp_msal/__init__.py,sha256=R-OEq-FJnT_uYiiSYeltrUqTSnPTcFqR8SKSbVszues,3025
-aiohttp_msal/msal_async.py,sha256=HjLJ5gOengQNjuN1Nod1U7J4sqChTN_B4QuXjVJkheA,9964
-aiohttp_msal/redis_tools.py,sha256=3Zyl3-sdT_SgxACdWeeBtWGywBzwyF9Ekm9CC2oCb90,4082
-aiohttp_msal/routes.py,sha256=UmUQkFFubFK2N1IAryDPwN7UBMCgow87H6zhNbKiE1I,8227
-aiohttp_msal/settings.py,sha256=Nz0GO62IMtQdfdZqJ8o8w331i1sxfGuaIo4j533u4NM,1243
-aiohttp_msal/settings_base.py,sha256=pmVmzTtaGEgRh-AMGy0HdhF1JvoZhZp42G3PL_ILHLw,2892
-aiohttp_msal/user_info.py,sha256=02DYVbP8lnLNCm1HQEGZY7tktWRHvEAuHf6fLj2Kcp8,1765
-tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-tests/test_init.py,sha256=sHmt7yNDlcu5JHrpM_gim0NeLce0NwUAMM3HAdGoo58,75
-tests/test_msal_async.py,sha256=Vi2Jx8_GG-iMfKPY4UCvmX-0U1Bl2xswrAyWGIRP-Ac,364
-tests/test_redis_tools.py,sha256=x9Yd9WOGd2ZW5fJwyiAta5wMRkSM3prsCPhkVe6CS3Q,1868
-tests/test_settings.py,sha256=z-qtUs1zl5Q9NEux051eebyPnArLZ_OfZu65FKz0N4Y,333
-aiohttp_msal-0.6.6.dist-info/LICENSE,sha256=H1aGfkSfZFwK3q4INn9mUldOJGZy-ZXu5-65K9Glunw,1080
-aiohttp_msal-0.6.6.dist-info/METADATA,sha256=XDKJEJXQkOyLveVhob8NukGwprF14ZRLX_geNu8rJm4,4565
-aiohttp_msal-0.6.6.dist-info/WHEEL,sha256=yQN5g4mg4AybRjkgi-9yy4iQEFibGQmlz78Pik5Or-A,92
-aiohttp_msal-0.6.6.dist-info/top_level.txt,sha256=QPWOi5JtacVEdbaU5bJExc9o-cCT2Lufx0QhUpsv5_E,19
-aiohttp_msal-0.6.6.dist-info/zip-safe,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
-aiohttp_msal-0.6.6.dist-info/RECORD,,