aiohttp-msal 0.7.0__tar.gz → 1.0.0__tar.gz

{aiohttp_msal-0.7.0 → aiohttp_msal-1.0.0}/PKG-INFO

@@ -1,37 +1,27 @@
-Metadata-Version: 2.1
-Name: aiohttp_msal
-Version: 0.7.0
+Metadata-Version: 2.3
+Name: aiohttp-msal
+Version: 1.0.0
 Summary: Helper Library to use the Microsoft Authentication Library (MSAL) with aiohttp
-Home-page: https://github.com/kellerza/aiohttp_msal
+Keywords: aiohttp,asyncio,msal,oauth
 Author: Johann Kellerman
-Author-email: kellerza@gmail.com
+Author-email: Johann Kellerman <kellerza@gmail.com>
 License: MIT
-Keywords: msal,oauth,aiohttp,asyncio
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: Natural Language :: English
-Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3 :: Only
-Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
-Requires-Python: >=3.10
+Classifier: Programming Language :: Python :: 3.13
+Requires-Dist: aiohttp>=3.11.18,<3.13
+Requires-Dist: aiohttp-session>=2.12.1,<3
+Requires-Dist: attrs>=25.3,<26
+Requires-Dist: msal>=1.32.3,<2
+Requires-Dist: aiohttp-session[aioredis]>=2.12.1,<3 ; extra == 'aioredis'
+Requires-Python: >=3.11
+Project-URL: Homepage, https://github.com/kellerza/aiohttp_msal
+Provides-Extra: aioredis
 Description-Content-Type: text/markdown
-License-File: LICENSE
-Requires-Dist: msal>=1.30.0
-Requires-Dist: aiohttp_session>=2.12
-Requires-Dist: aiohttp>=3.8
-Provides-Extra: redis
-Requires-Dist: aiohttp_session[aioredis]>=2.12; extra == "redis"
-Provides-Extra: tests
-Requires-Dist: black==24.8.0; extra == "tests"
-Requires-Dist: pylint==3.2.6; extra == "tests"
-Requires-Dist: flake8; extra == "tests"
-Requires-Dist: pytest-aiohttp; extra == "tests"
-Requires-Dist: pytest; extra == "tests"
-Requires-Dist: pytest-cov; extra == "tests"
-Requires-Dist: pytest-asyncio; extra == "tests"
-Requires-Dist: pytest-env; extra == "tests"
 
 # aiohttp_msal Python library
 
@@ -139,3 +129,12 @@ def main()
     # ...
     # use the Graphclient
 ```
+
+## Development
+
+```bash
+uv sync --all-extras
+uv tool install ruff
+uv tool install codespell
+uv tool install pyproject-fmt
+```

{aiohttp_msal-0.7.0 → aiohttp_msal-1.0.0}/README.md

@@ -104,3 +104,12 @@ def main()
     # ...
     # use the Graphclient
 ```
+
+## Development
+
+```bash
+uv sync --all-extras
+uv tool install ruff
+uv tool install codespell
+uv tool install pyproject-fmt
+```

aiohttp_msal-1.0.0/pyproject.toml

@@ -0,0 +1,128 @@
+[build-system]
+build-backend = "uv_build"
+requires = [ "uv-build" ]  # >=0.5.15,<0.6
+
+[project]
+name = "aiohttp-msal"
+version = "1.0.0"
+description = "Helper Library to use the Microsoft Authentication Library (MSAL) with aiohttp"
+readme = "README.md"
+keywords = [ "aiohttp", "asyncio", "msal", "oauth" ]
+license = { text = "MIT" }
+authors = [ { name = "Johann Kellerman", email = "kellerza@gmail.com" } ]
+requires-python = ">=3.11"
+classifiers = [
+  "Development Status :: 4 - Beta",
+  "Intended Audience :: Developers",
+  "Natural Language :: English",
+  "Programming Language :: Python :: 3 :: Only",
+  "Programming Language :: Python :: 3.11",
+  "Programming Language :: Python :: 3.12",
+  "Programming Language :: Python :: 3.13",
+]
+dependencies = [
+  "aiohttp>=3.11.18,<3.13",
+  "aiohttp-session>=2.12.1,<3",
+  "attrs>=25.3,<26",
+  "msal>=1.32.3,<2",
+]
+optional-dependencies.aioredis = [ "aiohttp-session[aioredis]>=2.12.1,<3" ]
+urls.Homepage = "https://github.com/kellerza/aiohttp_msal"
+
+[dependency-groups]
+dev = [
+  "mypy",
+  "pytest",
+  "pytest-aiohttp",
+  "pytest-asyncio",
+  "pytest-cov",
+  "pytest-env",
+  "types-redis",
+]
+
+[tool.ruff]
+include = [ "aiohttp_msal/**/*.py", "tests/*.py" ]
+
+format.line-ending = "lf"
+format.docstring-code-format = true
+lint.select = [
+  "A",     # flake8-builtins
+  "ASYNC", # flake8-async
+  "B",     # bugbear
+  "D",     # pydocstyle
+  "E",     # pycodestyle
+  "F",     # pyflakes
+  "I",     # isort
+  "PGH",   # pygrep-hooks
+  "PIE",   # flake8-pie
+  "PL",    # pylint
+  "PTH",   # flake8-pathlib
+  "PYI",   # flake8-pyi
+  "RUF",   # ruff
+  "UP",    # pyupgrade
+  "W",     # pycodestyle
+]
+lint.ignore = [
+  "D203",
+  "D213",
+  "E203",
+  "E501",
+  "PLC0415",
+  "PLR2004",
+  "PLW2901",
+  "UP047",
+]
+lint.isort.no-lines-before = [ "future", "standard-library" ]
+
+[tool.codespell]
+skip = [ "build/*", "*.json", "*.csv", "**/node_modules/*", "./s2-js/dist/*" ]
+#ignore-words-list = []
+
+[tool.pytest.ini_options]
+pythonpath = [ ".", "src" ]
+filterwarnings = "ignore:.+@coroutine.+deprecated.+"
+norecursedirs = [ ".git", "modules" ]
+log_cli = true
+log_cli_level = "DEBUG"
+asyncio_mode = "auto"
+addopts = "--cov=aiohttp_msal --cov-report xml:cov.xml"
+asyncio_default_fixture_loop_scope = "function"
+
+env = [
+  "X_SP_APP_PW=p1",
+  "X_SP_APP_ID=i1",
+  "X_SP_AUTHORITY=a1",
+
+  "Y_SP_APP_PW=p2",
+  "Y_SP_APP_ID=i2",
+  "Y_SP_AUTHORITY=a2",
+
+  "A_NUM=5",
+  "A_BOOL=True",
+
+  "B_NUM=10",
+  "B_BOOL=False",
+  "B_ROOT=/c/",
+]
+
+[tool.mypy]
+disallow_untyped_defs = true
+ignore_missing_imports = true
+
+[tool.semantic_release]
+commit = true
+tag = true
+vcs_release = true
+commit_parser = "emoji"
+version_toml = [ "pyproject.toml:project.version" ]
+build_command = "pip install uv && uv build"
+commit_version_number = true
+
+# https://python-semantic-release.readthedocs.io/en/latest/multibranch_releases.html#configuring-multibranch-releases
+[tool.semantic_release.branches.main]
+match = "main"
+
+[tool.semantic_release.commit_parser_options]
+major_tags = [ ":boom:" ]
+minor_tags = [ ":rocket:" ]
+patch_tags = [ ":ambulance:", ":lock:", ":bug:", ":dolphin:" ]

{aiohttp_msal-0.7.0 → aiohttp_msal-1.0.0/src}/aiohttp_msal/__init__.py

@@ -1,9 +1,10 @@
 """aiohttp_msal."""
 
 import logging
-import typing
+from collections.abc import Awaitable, Callable
 from functools import wraps
 from inspect import getfullargspec, iscoroutinefunction
+from typing import TypeVar, TypeVarTuple, cast
 
 from aiohttp import ClientSession, web
 from aiohttp_session import get_session
@@ -14,49 +15,63 @@ from aiohttp_msal.settings import ENV
 
 _LOGGER = logging.getLogger(__name__)
 
-VERSION = "0.7.0"
+_T = TypeVar("_T")
+Ts = TypeVarTuple("Ts")
 
 
 def msal_session(
-    *callbacks: typing.Callable[[AsyncMSAL], bool | typing.Awaitable[bool]],
+    *callbacks: Callable[[AsyncMSAL], bool | Awaitable[bool]],
     at_least_one: bool | None = False,
-) -> typing.Callable:
+) -> Callable[
+    [Callable[[*Ts, AsyncMSAL], Awaitable[_T]]], Callable[[*Ts], Awaitable[_T]]
+]:
     """Session decorator.
 
     Arguments can include a list of function to perform login tests etc.
     """
 
-    def _session(func: typing.Callable) -> typing.Callable:
+    def check_session(
+        func: Callable[[*Ts, AsyncMSAL], Awaitable[_T]],
+    ) -> Callable[[*Ts], Awaitable[_T]]:
         @wraps(func)
-        async def __session(request: web.Request) -> typing.Callable:
+        async def wrapper(*args: *Ts) -> _T:
+            if len(args) < 1:
+                raise AssertionError("Requires a Request as the first parameter")
+            request = cast(web.Request, args[0])
             ses = AsyncMSAL(session=await get_session(request))
             for c_b in callbacks:
                 _ok = await c_b(ses) if iscoroutinefunction(c_b) else c_b(ses)
-                if at_least_one and _ok:
-                    break
-                if not at_least_one and not _ok:
+
+                if at_least_one:
+                    if _ok:
+                        return await func(*args, ses)
+                elif not _ok:
                     raise web.HTTPForbidden
-            return await func(request=request, ses=ses)
+
+            if at_least_one:
+                raise web.HTTPForbidden
+            return await func(*args, ses)
 
         assert iscoroutinefunction(func), f"Function needs to be a coroutine: {func}"
         spec = getfullargspec(func)
         assert "ses" in spec.args, f"Function needs to accept a session 'ses': {func}"
-        return __session
+        return wrapper
 
-    return _session
+    return check_session
 
 
-def authenticated(ses: AsyncMSAL) -> bool:
+def auth_ok(ses: AsyncMSAL) -> bool:
     """Test if session was authenticated."""
     return bool(ses.mail)
 
 
 def auth_or(
-    *args: typing.Callable[[AsyncMSAL], bool | typing.Awaitable[bool]]
-) -> typing.Callable[[AsyncMSAL], typing.Awaitable[bool]]:
+    *args: Callable[[AsyncMSAL], bool | Awaitable[bool]],
+) -> Callable[[AsyncMSAL], Awaitable[bool]]:
     """Ensure either of the methods is valid. An alternative to at_least_one=True.
 
-    Arguments can include a list of function to perform login tests etc."""
+    Arguments can include a list of function to perform login tests etc.
+    """
 
     async def or_auth(ses: AsyncMSAL) -> bool:
         """Or."""
@@ -74,11 +89,10 @@ def auth_or(
 async def app_init_redis_session(
     app: web.Application, max_age: int = 3600 * 24 * 90
 ) -> None:
-    """OPTIONAL: Initialize aiohttp_session with Redis storage.
+    """Init an aiohttp_session with Redis storage helper.
 
     You can initialize your own aiohttp_session & storage provider.
     """
-    # pylint: disable=import-outside-toplevel
     from aiohttp_session import redis_storage
     from redis.asyncio import from_url
 
@@ -86,7 +100,7 @@ async def app_init_redis_session(
 
     _LOGGER.info("Connect to Redis %s", ENV.REDIS)
     try:
-        ENV.database = from_url(ENV.REDIS)  # pylint: disable=no-member
+        ENV.database = from_url(ENV.REDIS)
         # , encoding="utf-8", decode_responses=True
     except ConnectionRefusedError as err:
         raise ConnectionError("Could not connect to REDIS server") from err
@@ -112,7 +126,7 @@ async def check_proxy() -> None:
                 if resp.ok:
                     return
                 raise ConnectionError(await resp.text())
-    except Exception as err:  # pylint: disable=broad-except
+    except Exception as err:
         raise ConnectionError(
             "No connection to the Internet. Required for OAuth. Check your Proxy?"
         ) from err

{aiohttp_msal-0.7.0 → aiohttp_msal-1.0.0/src}/aiohttp_msal/msal_async.py

@@ -7,16 +7,24 @@ Once you have the OAuth tokens store in the session, you are free to make reques
 
 import asyncio
 import json
-from functools import partial, wraps
-from typing import Any, Callable, Literal
+from collections.abc import Callable
+from functools import partial, partialmethod, wraps
+from typing import Any, ClassVar, Literal, Unpack
 
 from aiohttp import web
-from aiohttp.client import ClientResponse, ClientSession, _RequestContextManager
+from aiohttp.client import (
+    ClientResponse,
+    ClientSession,
+    _RequestContextManager,
+    _RequestOptions,
+)
+from aiohttp.typedefs import StrOrURL
 from aiohttp_session import Session
 from msal import ConfidentialClientApplication, SerializableTokenCache
 
 from aiohttp_msal.settings import ENV
 
+HttpMethods = Literal["get", "post", "put", "patch", "delete"]
 HTTP_GET = "get"
 HTTP_POST = "post"
 HTTP_PUT = "put"
@@ -62,24 +70,23 @@ class AsyncMSAL:
     Use until such time as MSAL Python gets a true async version.
     """
 
-    _token_cache: SerializableTokenCache = None
-    _app: ConfidentialClientApplication = None
-    _clientsession: ClientSession = None  # type: ignore
+    _token_cache: SerializableTokenCache
+    _app: ConfidentialClientApplication
+    client_session: ClassVar[ClientSession | None] = None
 
     def __init__(
         self,
-        session: Session | dict[str, str],
-        save_cache: Callable[[Session | dict[str, str]], None] | None = None,
+        session: Session | dict[str, Any],
+        save_callback: Callable[[Session | dict[str, Any]], None] | None = None,
     ):
         """Init the class.
 
-        **save_token_cache** will be called if the token cache changes. Optional.
+        **save_callback** will be called if the token cache changes. Optional.
           Not required when the session parameter is an aiohttp_session.Session.
         """
         self.session = session
-        if save_cache:
-            self.save_token_cache = save_cache
-        if not isinstance(session, (Session, dict)):
+        self.save_callback = save_callback
+        if not isinstance(session, Session | dict):
             raise ValueError(f"session or dict-like object required {session}")
 
     @property
@@ -110,12 +117,12 @@ class AsyncMSAL:
             )
         return self._app
 
-    def _save_token_cache(self) -> None:
+    def save_token_cache(self) -> None:
         """Save the token cache if it changed."""
         if self.token_cache.has_state_changed:
             self.session[TOKEN_CACHE] = self.token_cache.serialize()
-            if hasattr(self, "save_token_cache"):
-                self.save_token_cache(self.token_cache)
+            if self.save_callback:
+                self.save_callback(self.session)
 
     def build_auth_code_flow(
         self,
@@ -125,8 +132,8 @@ class AsyncMSAL:
         **kwargs: Any,
     ) -> str:
         """First step - Start the flow."""
-        self.session[TOKEN_CACHE] = None  # type: ignore
-        self.session[USER_EMAIL] = None  # type: ignore
+        self.session[TOKEN_CACHE] = None
+        self.session[USER_EMAIL] = None
         self.session[FLOW_CACHE] = res = self.app.initiate_auth_code_flow(
             scopes or DEFAULT_SCOPES,
             redirect_uri=redirect_uri,
@@ -149,10 +156,9 @@ class AsyncMSAL:
             raise web.HTTPBadRequest(text=str(result["error"]))
         if "id_token_claims" not in result:
             raise web.HTTPBadRequest(text=f"Expected id_token_claims in {result}")
-        self._save_token_cache()
-        self.session[USER_EMAIL] = result.get("id_token_claims").get(
-            "preferred_username"
-        )
+        self.save_token_cache()
+        if tok := result.get("id_token_claims"):
+            self.session[USER_EMAIL] = tok.get("preferred_username")
 
     async def async_acquire_token_by_auth_code_flow(self, auth_response: Any) -> None:
         """Second step - Acquire token, async version."""
@@ -167,7 +173,7 @@ class AsyncMSAL:
             result = self.app.acquire_token_silent(
                 scopes=scopes or DEFAULT_SCOPES, account=accounts[0]
             )
-            self._save_token_cache()
+            self.save_token_cache()
             return result
         return None
 
@@ -175,7 +181,9 @@ class AsyncMSAL:
         """Acquire a token based on username."""
         return await asyncio.get_event_loop().run_in_executor(None, self.get_token)
 
-    async def request(self, method: str, url: str, **kwargs: Any) -> ClientResponse:
+    async def request(
+        self, method: HttpMethods, url: StrOrURL, **kwargs: Unpack[_RequestOptions]
+    ) -> ClientResponse:
         """Make a request to url using an oauth session.
 
         :param str url: url to send request to
@@ -184,16 +192,14 @@ class AsyncMSAL:
         :return: Response of the request
         :rtype: aiohttp.Response
         """
-        if not self._clientsession:
-            AsyncMSAL._clientsession = ClientSession(trust_env=True)
-
         token = await self.async_get_token()
         if token is None:
             raise web.HTTPClientError(text="No login token available.")
 
         kwargs = kwargs.copy()
         # Ensure headers exist & make a copy
-        kwargs["headers"] = headers = dict(kwargs.get("headers", {}))
+        headers = dict[str, str](kwargs.get("headers") or {})  # type:ignore[arg-type]
+        kwargs["headers"] = headers
 
         headers["Authorization"] = "Bearer " + token["access_token"]
 
@@ -207,17 +213,27 @@ class AsyncMSAL:
             if "data" in kwargs:
                 kwargs["data"] = json.dumps(kwargs["data"])  # auto convert to json
 
-        response = await self._clientsession.request(method, url, **kwargs)
+        if not AsyncMSAL.client_session:
+            AsyncMSAL.client_session = ClientSession(trust_env=True)
+
+        return await AsyncMSAL.client_session.request(method, url, **kwargs)
+
+    def request_ctx(
+        self, method: HttpMethods, url: StrOrURL, **kwargs: Unpack[_RequestOptions]
+    ) -> _RequestContextManager:
+        """Request context manager."""
+        return _RequestContextManager(self.request(method, url, **kwargs))
 
-        return response
+    get = partialmethod(request_ctx, HTTP_GET)
+    post = partialmethod(request_ctx, HTTP_POST)
 
-    def get(self, url: str, **kwargs: Any):  # type:ignore
-        """GET Request."""
-        return _RequestContextManager(self.request(HTTP_GET, url, **kwargs))
+    # def get(self, url: str, **kwargs: Any) -> _RequestContextManager:
+    #     """GET Request."""
+    #     return _RequestContextManager(self.request(HTTP_GET, url, **kwargs))
 
-    def post(self, url: str, **kwargs: Any):  # type:ignore
-        """POST request."""
-        return _RequestContextManager(self.request(HTTP_POST, url, **kwargs))
+    # def post(self, url: str, **kwargs: Any) -> _RequestContextManager:
+    #     """POST request."""
+    #     return _RequestContextManager(self.request(HTTP_POST, url, **kwargs))
 
     @property
     def mail(self) -> str:

{aiohttp_msal-0.7.0 → aiohttp_msal-1.0.0/src}/aiohttp_msal/redis_tools.py

@@ -4,8 +4,9 @@ import asyncio
 import json
 import logging
 import time
+from collections.abc import AsyncGenerator
 from contextlib import AsyncExitStack, asynccontextmanager
-from typing import Any, AsyncGenerator, Optional
+from typing import Any
 
 from redis.asyncio import Redis, from_url
 
@@ -30,15 +31,15 @@ async def get_redis() -> AsyncGenerator[Redis, None]:
     try:
         yield redis
     finally:
-        MENV.database = None  # type:ignore
+        MENV.database = None  # type:ignore[assignment]
         await redis.close()
 
 
 async def session_iter(
     redis: Redis,
     *,
-    match: Optional[dict[str, str]] = None,
-    key_match: Optional[str] = None,
+    match: dict[str, str] | None = None,
+    key_match: str | None = None,
 ) -> AsyncGenerator[tuple[str, int, dict[str, Any]], None]:
     """Iterate over the Redis keys to find a specific session.
 
@@ -55,10 +56,10 @@ async def session_iter(
         sval = await redis.get(key)
         created, ses = 0, {}
         try:
-            val = json.loads(sval)  # type: ignore
+            val = json.loads(sval)  # type: ignore[arg-type]
             created = int(val["created"])
             ses = val["session"]
-        except Exception:  # pylint: disable=broad-except
+        except Exception:
             pass
         if match:
             # Ensure we match all the supplied terms
@@ -73,7 +74,7 @@ async def session_iter(
 
 
 async def session_clean(
-    redis: Redis, *, max_age: int = 90, expected_keys: Optional[dict] = None
+    redis: Redis, *, max_age: int = 90, expected_keys: dict[str, Any] | None = None
 ) -> None:
     """Clear session entries older than max_age days."""
     rem, keep = 0, 0
@@ -93,11 +94,29 @@ async def session_clean(
             _LOGGER.debug("No sessions removed (%s total)", keep)
 
 
-def _session_factory(key: str, created: str, session: dict) -> AsyncMSAL:
+async def invalid_sessions(redis: Redis) -> None:
+    """Find & clean invalid sessions."""
+    async for key in redis.scan_iter(count=100, match=f"{MENV.COOKIE_NAME}*"):
+        if not isinstance(key, str):
+            key = key.decode()
+        sval = await redis.get(key)
+        if sval is None:
+            continue
+        try:
+            val: dict = json.loads(sval)
+            assert isinstance(val["created"], int)
+            assert isinstance(val["session"], dict)
+        except Exception as err:
+            _LOGGER.warning("Removing session %s: %s", key, err)
+            await redis.delete(key)
+
+
+def _session_factory(key: str, created: int, session: dict) -> AsyncMSAL:
     """Create a AsyncMSAL session.
 
     When get_token refreshes the token retrieved from Redis, the save_cache callback
-    will be responsible to update the cache in Redis."""
+    will be responsible to update the cache in Redis.
+    """
 
     async def async_save_cache(_: dict) -> None:
         """Save the token cache to Redis."""
@@ -111,11 +130,11 @@ def _session_factory(key: str, created: str, session: dict) -> AsyncMSAL:
         except RuntimeError:
             asyncio.run(async_save_cache(*args))
 
-    return AsyncMSAL(session, save_cache=save_cache)
+    return AsyncMSAL(session, save_callback=save_cache)
 
 
 async def get_session(
-    email: str, *, redis: Optional[Redis] = None, scope: str = ""
+    email: str, *, redis: Redis | None = None, scope: str = ""
 ) -> AsyncMSAL:
     """Get a session from Redis."""
     cnt = 0
@@ -126,7 +145,7 @@ async def get_session(
             cnt += 1
             if scope and scope not in str(session.get("token_cache")).lower():
                 continue
-            return _session_factory(key, str(created), session)
+            return _session_factory(key, created, session)
     msg = f"Session for {email}"
     if not scope:
         raise ValueError(f"{msg} not found")
@@ -136,7 +155,7 @@ async def get_session(
 async def redis_get_json(key: str) -> list | dict | None:
     """Get a key from redis."""
     res = await MENV.database.get(key)
-    if isinstance(res, (str, bytes, bytearray)):
+    if isinstance(res, str | bytes | bytearray):
         return json.loads(res)
     if res is not None:
         _LOGGER.warning("Unexpected type for %s: %s", key, type(res))
@@ -148,7 +167,7 @@ async def redis_get(key: str) -> str | None:
     res = await MENV.database.get(key)
     if isinstance(res, str):
         return res
-    if isinstance(res, (bytes, bytearray)):
+    if isinstance(res, bytes | bytearray):
         return res.decode()
     if res is not None:
         _LOGGER.warning("Unexpected type for %s: %s", key, type(res))