aiohttp-msal 1.0.3__py3-none-any.whl → 1.0.4__py3-none-any.whl

aiohttp_msal/__init__.py

@@ -1,10 +1,11 @@
 """aiohttp_msal."""
 
+import json
 import logging
 from collections.abc import Awaitable, Callable
 from functools import wraps
 from inspect import getfullargspec, iscoroutinefunction
-from typing import TypeVar, TypeVarTuple, cast
+from typing import Any, TypeVar, TypeVarTuple, cast
 
 from aiohttp import ClientSession, web
 from aiohttp_session import get_session
@@ -12,6 +13,7 @@ from aiohttp_session import setup as _setup
 
 from aiohttp_msal.msal_async import AsyncMSAL
 from aiohttp_msal.settings import ENV
+from aiohttp_msal.utils import retry
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -87,7 +89,11 @@ def auth_or(
 
 
 async def app_init_redis_session(
-    app: web.Application, max_age: int = 3600 * 24 * 90
+    app: web.Application,
+    max_age: int = 3600 * 24 * 90,
+    check_proxy_cb: Callable[[], Awaitable[None]] | None = None,
+    encoder: Callable[[object], str] = json.dumps,
+    decoder: Callable[[str], Any] = json.loads,
 ) -> None:
     """Init an aiohttp_session with Redis storage helper.
 
@@ -96,7 +102,10 @@ async def app_init_redis_session(
     from aiohttp_session import redis_storage
     from redis.asyncio import from_url
 
-    await check_proxy()
+    if check_proxy_cb:
+        await check_proxy_cb()
+    else:
+        await check_proxy()
 
     _LOGGER.info("Connect to Redis %s", ENV.REDIS)
     try:
@@ -114,10 +123,13 @@ async def app_init_redis_session(
         secure=True,
         domain=ENV.DOMAIN,
         cookie_name=ENV.COOKIE_NAME,
+        encoder=encoder,
+        decoder=decoder,
     )
     _setup(app, storage)
 
 
+@retry
 async def check_proxy() -> None:
     """Test if we have Internet connectivity through proxies etc."""
     try:

aiohttp_msal/helpers.py

@@ -0,0 +1,136 @@
+"""Graph User Info."""
+
+from collections.abc import Mapping, Sequence
+from typing import Any, Literal, TypeVar
+
+from aiohttp import web
+from aiohttp_session import get_session
+
+from aiohttp_msal import ENV
+from aiohttp_msal.msal_async import AsyncMSAL
+from aiohttp_msal.utils import retry
+
+
+@retry
+async def get_user_info(aiomsal: AsyncMSAL) -> None:
+    """Load user info from MS graph API. Requires User.Read permissions."""
+    async with aiomsal.get("https://graph.microsoft.com/v1.0/me") as res:
+        body = await res.json()
+        try:
+            aiomsal.mail = body["mail"]
+            aiomsal.name = body["displayName"]
+        except KeyError as err:
+            raise KeyError(
+                f"Unexpected return from Graph endpoint: {body}: {err}"
+            ) from err
+
+
+@retry
+async def get_manager_info(aiomsal: AsyncMSAL) -> None:
+    """Load manager info from MS graph API. Requires User.Read.All permissions."""
+    async with aiomsal.get("https://graph.microsoft.com/v1.0/me/manager") as res:
+        body = await res.json()
+        try:
+            aiomsal.manager_mail = body["mail"]
+            aiomsal.manager_name = body["displayName"]
+        except KeyError as err:
+            raise KeyError(
+                f"Unexpected return from Graph endpoint: {body}: {err}"
+            ) from err
+
+
+def html_table(items: Mapping[Any, Any]) -> str:
+    """Return a table HTML."""
+    res = "<table style='width:80%;border:1px solid black;'>"
+    for key, val in items.items():
+        res += f"<tr><td>{key}</td><td>{val}</td></tr>"
+    res += "</table>"
+    return res
+
+
+def html_wrap(msgs: Sequence[str]) -> str:
+    """Return proper HTML when login fails."""
+    html = "</li><li>".join(msgs)
+    return f"""
+    <h2>Login failed</h2>
+
+    <p>Retry at <a href='/user/login'>/user/login</a></p>
+
+    <p>Try clearing the cookies for <b>.{ENV.DOMAIN}<b> by navigating to the correct
+    address for your browser:
+    <ul>
+    <li>chrome://settings/siteData?searchSubpage={ENV.DOMAIN}</li>
+    <li>brave://settings/siteData?searchSubpage={ENV.DOMAIN}</li>
+    <li>edge://settings/siteData (you will have to search for {ENV.DOMAIN} cookies)</li>
+    </ul></p>
+
+    <h4>Debug info</h4>
+    <ul><li>{html}</li></ul>
+    """
+
+
+TA = TypeVar("TA", bound=AsyncMSAL)
+
+
+async def check_auth_response(
+    request: web.Request,
+    asyncmsal_class: type[TA] = AsyncMSAL,  # type:ignore[assignment]
+    get_info: Literal["user", "manager", ""] = "manager",
+) -> tuple[TA | None, list[str]]:
+    """Parse the MS auth response."""
+    # Expecting response_mode="form_post"
+    auth_response = dict(await request.post())
+
+    msg = list[str]()
+
+    # Ensure all expected variables were returned...
+    if not all(auth_response.get(k) for k in ["code", "session_state", "state"]):
+        msg.append("Expected 'code', 'session_state', 'state' in auth_response")
+        msg.append(f"Received auth_response: {list(auth_response)}")
+        return None, msg
+
+    if not request.cookies.get(ENV.COOKIE_NAME):
+        cookies = dict(request.cookies.items())
+        msg.append(f"<b>Expected '{ENV.COOKIE_NAME}' in cookies</b>")
+        msg.append(html_table(cookies))
+        msg.append("Cookie should be set with Samesite:None")
+
+    session = await get_session(request)
+    if session.new:
+        msg.append(
+            "Warning: This is a new session and may not have all expected values."
+        )
+
+    if not session.get(asyncmsal_class.flow_cache_key):
+        msg.append(f"<b>Expected '{asyncmsal_class.flow_cache_key}' in session</b>")
+        msg.append(html_table(session))
+
+    aiomsal = asyncmsal_class(session)
+    aiomsal.redirect = "/" + aiomsal.redirect.lstrip("/")
+
+    if msg:
+        return aiomsal, msg
+
+    try:
+        await aiomsal.async_acquire_token_by_auth_code_flow(auth_response)
+    except Exception as err:
+        msg.append("<b>Could not get token</b> - async_acquire_token_by_auth_code_flow")
+        msg.append(str(err))
+
+    if not msg:
+        try:
+            if get_info in ("user", "manager"):
+                await get_user_info(aiomsal)
+            if get_info == "manager":
+                await get_manager_info(aiomsal)
+        except Exception as err:
+            msg.append("Could not get org info from MS graph")
+            msg.append(str(err))
+            aiomsal.mail = ""
+            aiomsal.name = ""
+
+        if session.get("mail"):
+            for lcb in ENV.login_callback:
+                await lcb(aiomsal)
+
+    return aiomsal, msg

aiohttp_msal/msal_async.py

@@ -9,7 +9,7 @@ import asyncio
 import json
 from collections.abc import Callable
 from functools import cached_property, partialmethod
-from typing import Any, ClassVar, Literal, Unpack
+from typing import Any, ClassVar, Literal, Unpack, cast
 
 import attrs
 from aiohttp import web
@@ -24,6 +24,7 @@ from aiohttp_session import Session
 from msal import ConfidentialClientApplication, SerializableTokenCache
 
 from aiohttp_msal.settings import ENV
+from aiohttp_msal.utils import dict_property
 
 HttpMethods = Literal["get", "post", "put", "patch", "delete"]
 HTTP_GET = "get"
@@ -33,11 +34,8 @@ HTTP_PATCH = "patch"
 HTTP_DELETE = "delete"
 HTTP_ALLOWED = [HTTP_GET, HTTP_POST, HTTP_PUT, HTTP_PATCH, HTTP_DELETE]
 
-DEFAULT_SCOPES = ["User.Read", "User.Read.All"]
-FLOW_CACHE = "flow_cache"
 
-
-@attrs.define()
+@attrs.define(slots=False)
 class AsyncMSAL:
     """AsycMSAL class.
 
@@ -58,8 +56,11 @@ class AsyncMSAL:
     """ConfidentialClientApplication kwargs."""
     client_session: ClassVar[ClientSession | None] = None
 
-    token_cache_key: str = "token_cache"
-    user_email_key: str = "mail"
+    token_cache_key: ClassVar[str] = "token_cache"
+    user_email_key: ClassVar[str] = "mail"
+    flow_cache_key: ClassVar[str] = "flow_cache"
+    redirect_key = "redirect"
+    default_scopes: ClassVar[list[str]] = ["User.Read", "User.Read.All"]
 
     @cached_property
     def app(self) -> ConfidentialClientApplication:
@@ -100,8 +101,8 @@ class AsyncMSAL:
         """First step - Start the flow."""
         self.session.pop(self.token_cache_key, None)
         self.session.pop(self.user_email_key, None)
-        self.session[FLOW_CACHE] = res = self.app.initiate_auth_code_flow(
-            scopes or DEFAULT_SCOPES,
+        self.session[self.flow_cache_key] = res = self.app.initiate_auth_code_flow(
+            scopes or self.default_scopes,
             redirect_uri=redirect_uri,
             response_mode="form_post",
             prompt=prompt,
@@ -118,7 +119,7 @@ class AsyncMSAL:
         """Second step - Acquire token."""
         # Assume we have it in the cache (added by /login)
         # will raise keryerror if no cache
-        auth_code_flow = self.session.pop(FLOW_CACHE)
+        auth_code_flow = self.session.pop(self.flow_cache_key)
         result = self.app.acquire_token_by_auth_code_flow(
             auth_code_flow, auth_response, scopes=scopes
         )
@@ -141,7 +142,7 @@ class AsyncMSAL:
         accounts = self.app.get_accounts()
         if accounts:
             result = self.app.acquire_token_silent(
-                scopes=scopes or DEFAULT_SCOPES, account=accounts[0]
+                scopes=scopes or self.default_scopes, account=accounts[0]
             )
             self.save_token_cache()
             return result
@@ -197,27 +198,13 @@ class AsyncMSAL:
     get = partialmethod(request_ctx, HTTP_GET)
     post = partialmethod(request_ctx, HTTP_POST)
 
-    @property
-    def mail(self) -> str:
-        """User email."""
-        return self.session.get(self.user_email_key, "")
-
-    @property
-    def manager_mail(self) -> str:
-        """User's manager's email."""
-        return self.session.get("m_mail", "")
-
-    @property
-    def manager_name(self) -> str:
-        """User's manager's name."""
-        return self.session.get("m_name", "")
-
-    @property
-    def name(self) -> str:
-        """User's display name."""
-        return self.session.get("name", "")
-
     @property
     def authenticated(self) -> bool:
         """If the user is logged in."""
         return bool(self.session.get(self.user_email_key))
+
+    name = cast(str, dict_property("session", "name"))
+    mail = dict_property("session", user_email_key)
+    manager_name = dict_property("session", "m_name")
+    manager_mail = dict_property("session", "m_mail")
+    redirect = dict_property("session", redirect_key)

aiohttp_msal/routes.py

@@ -1,7 +1,6 @@
 """The user blueprint."""
 
 import time
-from collections.abc import Mapping, Sequence
 from inspect import iscoroutinefunction
 from typing import Any
 from urllib.parse import urljoin
@@ -9,9 +8,14 @@ from urllib.parse import urljoin
 from aiohttp import web
 from aiohttp_session import get_session, new_session
 
-from aiohttp_msal import _LOGGER, ENV, auth_ok, msal_session
-from aiohttp_msal.msal_async import FLOW_CACHE, AsyncMSAL
-from aiohttp_msal.user_info import get_manager_info, get_user_info
+from aiohttp_msal import ENV, auth_ok, msal_session
+from aiohttp_msal.helpers import (
+    check_auth_response,
+    get_manager_info,
+    get_user_info,
+    html_wrap,
+)
+from aiohttp_msal.msal_async import AsyncMSAL
 
 ROUTES = web.RouteTableDef()
 
@@ -27,7 +31,7 @@ def get_route(request: web.Request, url: str) -> str:
     """
     url = str(request.url.origin() / url)
     if "localhost" not in url:
-        url = url.replace("p:", "ps:", 1)
+        url = url.replace("http:", "https:", 1)
     return url
 
 
@@ -45,83 +49,35 @@ async def user_login(request: web.Request) -> web.Response:
 
     msredirect = get_route(request, URI_USER_AUTHORIZED.lstrip("/"))
     redir = AsyncMSAL(session).initiate_auth_code_flow(redirect_uri=msredirect)
-    return web.HTTPFound(redir)
+    raise web.HTTPFound(redir)
 
 
 @ROUTES.post(URI_USER_AUTHORIZED)
 async def user_authorized(request: web.Request) -> web.Response:
     """Complete the auth code flow."""
-    session = await get_session(request)
-
-    # build a plain dict from the aiohttp server request's url parameters
-    # pre-0.1.18. Now we have response_mode="form_post"
-    # auth_response = dict(request.rel_url.query.items())
-    auth_response = dict(await request.post())
-
-    msg = []
-    response_cookie = 0
-
-    # Ensure all expected variables were returned...
-    if not all(auth_response.get(k) for k in ["code", "session_state", "state"]):
-        msg.append(
-            f"<b>Expecting code,state,session_state in post body.</b>auth_response: {auth_response}"
-        )
+    aiomsal, msg = await check_auth_response(request, AsyncMSAL)
 
-    if not request.cookies.get(ENV.COOKIE_NAME):
-        cookies = dict(request.cookies.items())
-        msg.append(f"<b>Expecting '{ENV.COOKIE_NAME}' in cookies</b>")
-        _LOGGER.fatal("Cookie should be set with Samesite:None")
-        msg.append(html_table(cookies))
-
-    elif not session.get(FLOW_CACHE):
-        msg.append(f"<b>Expecting '{FLOW_CACHE}' in session</b>")
-        msg.append(f"- Session.new: {session.new}")
-        msg.append(html_table(session))
-
-    aiomsal = AsyncMSAL(session)
-
-    if not msg:
+    if aiomsal and not msg:
         try:
-            await aiomsal.async_acquire_token_by_auth_code_flow(auth_response)
-        except Exception as err:
-            msg.append(
-                "<b>Could not get token</b> - async_acquire_token_by_auth_code_flow"
-            )
-            msg.append(str(err))
-
-    if not msg:
-        session.pop("mail", None)
-        session.pop("name", None)
-        try:
-            await get_user_info(aiomsal)
-            await get_manager_info(aiomsal)
-        except Exception as err:
-            msg.append("Could not get org info from MS graph")
-            msg.append(str(err))
-        if session.get("mail"):
-            for lcb in ENV.login_callback:
-                await lcb(aiomsal)
-
-    if msg:
-        resp = web.Response(
-            body=html_wrap(msg),
-            content_type="text/html",
+            raise web.HTTPFound(aiomsal.redirect)
+        finally:
+            aiomsal.redirect = ""
+
+    resp = web.Response(
+        body=html_wrap(msg),
+        content_type="text/html",
+    )
+    if aiomsal is None:
+        resp.set_cookie(
+            ENV.COOKIE_NAME,
+            "",
+            path="/",
+            httponly=True,
+            secure=True,
+            samesite="Strict",
+            domain=ENV.DOMAIN,
         )
-        if response_cookie:
-            resp.set_cookie(
-                ENV.COOKIE_NAME,
-                "",
-                path="/",
-                httponly=True,
-                secure=True,
-                samesite="Strict",
-                domain=ENV.DOMAIN,
-            )
-        return resp
-
-    redirect = session.pop(SESSION_REDIRECT, "") or "/fr/"
-
-    return web.HTTPFound(redirect)
+    return resp
 
 
 @ROUTES.get("/user/debug")
@@ -226,33 +182,3 @@ async def user_photo(request: web.Request, ses: AsyncMSAL) -> web.StreamResponse
 
         # await response.write_eof()
         return response
-
-
-def html_table(items: Mapping[Any, Any]) -> str:
-    """Return a table HTML."""
-    res = "<table style='width:80%;border:1px solid black;'>"
-    for key, val in items.items():
-        res += f"<tr><td>{key}</td><td>{val}</td></tr>"
-    res += "</table>"
-    return res
-
-
-def html_wrap(msgs: Sequence[str]) -> str:
-    """Return proper HTML when login fails."""
-    html = "</li><li>".join(msgs)
-    return f"""
-    <h2>Login failed</h2>
-
-    <p>Retry at <a href='/user/login'>/user/login</a></p>
-
-    <p>Try clearing the cookies for <b>.{ENV.DOMAIN}<b> by navigating to the correct
-    address for your browser:
-    <ul>
-    <li>chrome://settings/siteData?searchSubpage={ENV.DOMAIN}</li>
-    <li>brave://settings/siteData?searchSubpage={ENV.DOMAIN}</li>
-    <li>edge://settings/siteData (you will have to search for {ENV.DOMAIN} cookies)</li>
-    </ul></p>
-
-    <h4>Debug info</h4>
-    <ul><li>{html}</li></ul>
-    """

aiohttp_msal/utils.py

@@ -2,10 +2,8 @@
 
 import asyncio
 from collections.abc import Awaitable, Callable
-from functools import wraps
-from typing import ParamSpec, TypeVar, Any
-from functools import partial
-
+from functools import partial, wraps
+from typing import Any, ParamSpec, TypeVar
 
 T = TypeVar("T")
 P = ParamSpec("P")
@@ -31,6 +29,36 @@ def async_wrap(
     return run
 
 
+class dict_property(property):
+    """Property."""
+
+    def __init__(self, dict_name: str, prop_name: str) -> None:
+        """Initialize the property."""
+        self.dict_name = dict_name
+        self.prop_name = prop_name
+
+    def __get__(self, instance: Any, owner: type | None = None, /) -> Any:
+        """Getter."""
+        return getattr(instance, self.dict_name, {}).get(self.prop_name, "")
+
+    def __set__(self, instance: Any, value: Any, /) -> None:
+        """Setter."""
+        if value == "":
+            getattr(instance, self.dict_name, {}).pop(self.prop_name, None)
+        else:
+            getattr(instance, self.dict_name, {}).__setitem__(self.prop_name, value)
+
+
+# def dict_property(dict_name: str, prop_name: str) -> property:
+#     """Create properties for a dictionary."""
+#     return property(
+#         fget=lambda self: str(getattr(self, dict_name).get(prop_name, "")),
+#         fset=lambda self, v: getattr(self, dict_name).set(prop_name, v),
+#         fdel=lambda self: getattr(self, dict_name).pop(prop_name, None),
+#         doc=f'self.{dict_name}["{prop_name}"]',
+#     )
+
+
 def retry(func: Callable[P, Awaitable[T]]) -> Callable[P, Awaitable[T]]:
     """Retry if tenacity is installed."""
 

{aiohttp_msal-1.0.3.dist-info → aiohttp_msal-1.0.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: aiohttp-msal
-Version: 1.0.3
+Version: 1.0.4
 Summary: Helper Library to use the Microsoft Authentication Library (MSAL) with aiohttp
 Keywords: aiohttp,asyncio,msal,oauth
 Author: Johann Kellerman

aiohttp_msal-1.0.4.dist-info/RECORD

@@ -0,0 +1,11 @@
+aiohttp_msal/__init__.py,sha256=nrjPAIy0kNbBvHZsy9qUSKs5r_-Kiea-KJM17bsBIkw,4375
+aiohttp_msal/helpers.py,sha256=8sW-7FW4t1Ztazql11ng67SqdKBlbOWuOMjOBRfBc_c,4495
+aiohttp_msal/msal_async.py,sha256=RUV_XlhNNCOZslT1sEkEPyaYcHDOmsIyiGmRpZuA3I0,8097
+aiohttp_msal/redis_tools.py,sha256=6kCw0_zDQcvIcsJaPfG-zHUvT3vzkrNySNTV5y1tckE,6539
+aiohttp_msal/routes.py,sha256=3rAejWcHfL5czVA91TY3wZGT5EkRxmfyvc8vr6rhyxU,5438
+aiohttp_msal/settings.py,sha256=sArlq9vBDMsikLf9sTRw-UXE2_QRK_G-kzmtHvZcbwA,1559
+aiohttp_msal/settings_base.py,sha256=WBI7HS780i9zKWUy1ZnztDbRsfoDMVr3K-otHZOhNCc,3026
+aiohttp_msal/utils.py,sha256=ll303J58nwCEB9QCAm13urUOa6cPqsAE7z_iP9OlRJw,2390
+aiohttp_msal-1.0.4.dist-info/WHEEL,sha256=4n27za1eEkOnA7dNjN6C5-O2rUiw6iapszm14Uj-Qmk,79
+aiohttp_msal-1.0.4.dist-info/METADATA,sha256=OBl_U9OTy602OfSL9-d5myNJPUYuaGjtBF7voW5lu2Y,4514
+aiohttp_msal-1.0.4.dist-info/RECORD,,

aiohttp_msal/user_info.py

@@ -1,32 +0,0 @@
-"""Graph User Info."""
-
-from aiohttp_msal.msal_async import AsyncMSAL
-from aiohttp_msal.utils import retry
-
-
-@retry
-async def get_user_info(aiomsal: AsyncMSAL) -> None:
-    """Load user info from MS graph API. Requires User.Read permissions."""
-    async with aiomsal.get("https://graph.microsoft.com/v1.0/me") as res:
-        body = await res.json()
-        try:
-            aiomsal.session["mail"] = body["mail"]
-            aiomsal.session["name"] = body["displayName"]
-        except KeyError as err:
-            raise KeyError(
-                f"Unexpected return from Graph endpoint: {body}: {err}"
-            ) from err
-
-
-@retry
-async def get_manager_info(aiomsal: AsyncMSAL) -> None:
-    """Load manager info from MS graph API. Requires User.Read.All permissions."""
-    async with aiomsal.get("https://graph.microsoft.com/v1.0/me/manager") as res:
-        body = await res.json()
-        try:
-            aiomsal.session["m_mail"] = body["mail"]
-            aiomsal.session["m_name"] = body["displayName"]
-        except KeyError as err:
-            raise KeyError(
-                f"Unexpected return from Graph endpoint: {body}: {err}"
-            ) from err

aiohttp_msal-1.0.3.dist-info/RECORD

@@ -1,11 +0,0 @@
-aiohttp_msal/__init__.py,sha256=hnyifyJykI7NMvM93KrHIsTlrrfCVUrpKdbRKL6Gubw,4027
-aiohttp_msal/msal_async.py,sha256=urQvaMTi0mJnCboCsj8A9F9VpWcjPOYaechpZ5XrnbY,8153
-aiohttp_msal/redis_tools.py,sha256=6kCw0_zDQcvIcsJaPfG-zHUvT3vzkrNySNTV5y1tckE,6539
-aiohttp_msal/routes.py,sha256=WyLBuoPMkkG6Cx4gFUu_ER71FyJbeXKhOQRQu5ALG2M,8138
-aiohttp_msal/settings.py,sha256=sArlq9vBDMsikLf9sTRw-UXE2_QRK_G-kzmtHvZcbwA,1559
-aiohttp_msal/settings_base.py,sha256=WBI7HS780i9zKWUy1ZnztDbRsfoDMVr3K-otHZOhNCc,3026
-aiohttp_msal/user_info.py,sha256=lxjFxjm16rvC-0LS81y7SG5pCOa5Zl0s62uxi97yu_k,1171
-aiohttp_msal/utils.py,sha256=SgGpE1eFdVh48FaKvtbnQqJKTReXa9OPBKiYGY7SYq8,1303
-aiohttp_msal-1.0.3.dist-info/WHEEL,sha256=4n27za1eEkOnA7dNjN6C5-O2rUiw6iapszm14Uj-Qmk,79
-aiohttp_msal-1.0.3.dist-info/METADATA,sha256=raujaCawOODO6HYM79crhTECU28f_IjlkzIPmR8ck48,4514
-aiohttp_msal-1.0.3.dist-info/RECORD,,