aiohttp-msal 1.0.4__py3-none-any.whl → 1.0.5__py3-none-any.whl

aiohttp_msal/helpers.py

@@ -1,18 +1,19 @@
 """Graph User Info."""
 
 from collections.abc import Mapping, Sequence
-from typing import Any, Literal, TypeVar
+from typing import TYPE_CHECKING, Any
 
 from aiohttp import web
-from aiohttp_session import get_session
 
-from aiohttp_msal import ENV
-from aiohttp_msal.msal_async import AsyncMSAL
+from aiohttp_msal.settings import ENV
 from aiohttp_msal.utils import retry
 
+if TYPE_CHECKING:
+    from aiohttp_msal.msal_async import AsyncMSAL
+
 
 @retry
-async def get_user_info(aiomsal: AsyncMSAL) -> None:
+async def get_user_info(aiomsal: "AsyncMSAL") -> None:
     """Load user info from MS graph API. Requires User.Read permissions."""
     async with aiomsal.get("https://graph.microsoft.com/v1.0/me") as res:
         body = await res.json()
@@ -26,7 +27,7 @@ async def get_user_info(aiomsal: AsyncMSAL) -> None:
 
 
 @retry
-async def get_manager_info(aiomsal: AsyncMSAL) -> None:
+async def get_manager_info(aiomsal: "AsyncMSAL") -> None:
     """Load manager info from MS graph API. Requires User.Read.All permissions."""
     async with aiomsal.get("https://graph.microsoft.com/v1.0/me/manager") as res:
         body = await res.json()
@@ -69,68 +70,7 @@ def html_wrap(msgs: Sequence[str]) -> str:
     """
 
 
-TA = TypeVar("TA", bound=AsyncMSAL)
-
-
-async def check_auth_response(
-    request: web.Request,
-    asyncmsal_class: type[TA] = AsyncMSAL,  # type:ignore[assignment]
-    get_info: Literal["user", "manager", ""] = "manager",
-) -> tuple[TA | None, list[str]]:
-    """Parse the MS auth response."""
-    # Expecting response_mode="form_post"
-    auth_response = dict(await request.post())
-
-    msg = list[str]()
-
-    # Ensure all expected variables were returned...
-    if not all(auth_response.get(k) for k in ["code", "session_state", "state"]):
-        msg.append("Expected 'code', 'session_state', 'state' in auth_response")
-        msg.append(f"Received auth_response: {list(auth_response)}")
-        return None, msg
-
-    if not request.cookies.get(ENV.COOKIE_NAME):
-        cookies = dict(request.cookies.items())
-        msg.append(f"<b>Expected '{ENV.COOKIE_NAME}' in cookies</b>")
-        msg.append(html_table(cookies))
-        msg.append("Cookie should be set with Samesite:None")
-
-    session = await get_session(request)
-    if session.new:
-        msg.append(
-            "Warning: This is a new session and may not have all expected values."
-        )
-
-    if not session.get(asyncmsal_class.flow_cache_key):
-        msg.append(f"<b>Expected '{asyncmsal_class.flow_cache_key}' in session</b>")
-        msg.append(html_table(session))
-
-    aiomsal = asyncmsal_class(session)
-    aiomsal.redirect = "/" + aiomsal.redirect.lstrip("/")
-
-    if msg:
-        return aiomsal, msg
-
-    try:
-        await aiomsal.async_acquire_token_by_auth_code_flow(auth_response)
-    except Exception as err:
-        msg.append("<b>Could not get token</b> - async_acquire_token_by_auth_code_flow")
-        msg.append(str(err))
-
-    if not msg:
-        try:
-            if get_info in ("user", "manager"):
-                await get_user_info(aiomsal)
-            if get_info == "manager":
-                await get_manager_info(aiomsal)
-        except Exception as err:
-            msg.append("Could not get org info from MS graph")
-            msg.append(str(err))
-            aiomsal.mail = ""
-            aiomsal.name = ""
-
-        if session.get("mail"):
-            for lcb in ENV.login_callback:
-                await lcb(aiomsal)
-
-    return aiomsal, msg
+def get_url(request: web.Request, path: str = "", https_proxy: bool = True) -> str:
+    """Return the full outside URL."""
+    res = str(request.url.with_path(path))
+    return res.replace("http://", "https://") if https_proxy else res

aiohttp_msal/msal_async.py

@@ -7,9 +7,10 @@ Once you have the OAuth tokens store in the session, you are free to make reques
 
 import asyncio
 import json
+import logging
 from collections.abc import Callable
 from functools import cached_property, partialmethod
-from typing import Any, ClassVar, Literal, Unpack, cast
+from typing import Any, ClassVar, Literal, Self, TypeVar, Unpack, cast
 
 import attrs
 from aiohttp import web
@@ -20,12 +21,15 @@ from aiohttp.client import (
     _RequestOptions,
 )
 from aiohttp.typedefs import StrOrURL
-from aiohttp_session import Session
+from aiohttp_session import Session, get_session, new_session
 from msal import ConfidentialClientApplication, SerializableTokenCache
 
+from aiohttp_msal import helpers
 from aiohttp_msal.settings import ENV
 from aiohttp_msal.utils import dict_property
 
+_LOG = logging.getLogger(__name__)
+
 HttpMethods = Literal["get", "post", "put", "patch", "delete"]
 HTTP_GET = "get"
 HTTP_POST = "post"
@@ -34,6 +38,8 @@ HTTP_PATCH = "patch"
 HTTP_DELETE = "delete"
 HTTP_ALLOWED = [HTTP_GET, HTTP_POST, HTTP_PUT, HTTP_PATCH, HTTP_DELETE]
 
+T = TypeVar("T")
+
 
 @attrs.define(slots=False)
 class AsyncMSAL:
@@ -54,14 +60,46 @@ class AsyncMSAL:
     """
     app_kwargs: dict[str, Any] | None = None
     """ConfidentialClientApplication kwargs."""
-    client_session: ClassVar[ClientSession | None] = None
 
+    client_session: ClassVar[ClientSession | None] = None
     token_cache_key: ClassVar[str] = "token_cache"
     user_email_key: ClassVar[str] = "mail"
     flow_cache_key: ClassVar[str] = "flow_cache"
-    redirect_key = "redirect"
+    redirect_key: ClassVar[str] = "redirect"
     default_scopes: ClassVar[list[str]] = ["User.Read", "User.Read.All"]
 
+    @classmethod
+    async def from_request(
+        cls,
+        request: web.Request,
+        /,
+        allow_new: bool = False,
+        app_kwargs: dict[str, Any] | None = None,
+    ) -> Self:
+        """Get the session or raise an exception."""
+        try:
+            session = await get_session(request)
+            return cls(session, app_kwargs=app_kwargs)
+        except TypeError as err:
+            cookie = request.get(ENV.COOKIE_NAME)
+            _LOG.error(
+                "Invalid session, %s: %s [cookie: %s]",
+                "create new" if allow_new else "fail",
+                err,
+                request.get(ENV.COOKIE_NAME),
+                cookie,
+            )
+            if allow_new:
+                return cls(await new_session(request), app_kwargs=app_kwargs)
+
+            text = "Invalid session. Login for a new session: '/usr/login'"
+
+            if not cookie:
+                cookies = dict(request.cookies.items())
+                text = f"Cookie empty. Expected '{ENV.COOKIE_NAME}' in cookies: {list(cookies)}. Cookie should be set with Samesite:None"
+
+            raise web.HTTPException(text=text) from None
+
     @cached_property
     def app(self) -> ConfidentialClientApplication:
         """Get the app."""
@@ -118,7 +156,7 @@ class AsyncMSAL:
     ) -> None:
         """Second step - Acquire token."""
         # Assume we have it in the cache (added by /login)
-        # will raise keryerror if no cache
+        # will raise KeyError if not in cache
         auth_code_flow = self.session.pop(self.flow_cache_key)
         result = self.app.acquire_token_by_auth_code_flow(
             auth_code_flow, auth_response, scopes=scopes
@@ -208,3 +246,67 @@ class AsyncMSAL:
     manager_name = dict_property("session", "m_name")
     manager_mail = dict_property("session", "m_mail")
     redirect = dict_property("session", redirect_key)
+
+    async def async_acquire_token_by_auth_code_flow_plus(
+        self,
+        request: web.Request,
+        get_info: Literal["user", "manager", ""] = "manager",
+    ) -> tuple[bool, list[str]]:
+        """Enhanced version of async_acquire_token_by_auth_code_flow. Returns issues.
+
+        Parse the auth response from the request, checks for valid keys,
+        acquire the token and get_info.
+
+        response_mode for the auth_code flow should be "form_post"
+        """
+        auth_response = dict(await request.post())
+        assert isinstance(self.session, Session)
+
+        msg = list[str]()
+
+        # Ensure all expected variables were returned...
+        if not all(auth_response.get(k) for k in ["code", "session_state", "state"]):
+            msg.append("Expected 'code', 'session_state', 'state' in auth_response")
+            msg.append(f"Received auth_response: {list(auth_response)}")
+            return False, msg
+
+        if self.session.new:
+            msg.append(
+                "Warning: This is a new session and may not have all expected values."
+            )
+
+        if not self.session.get(self.flow_cache_key):
+            msg.append(f"<b>Expected '{self.flow_cache_key}' in session</b>")
+            msg.append(helpers.html_table(self.session))
+
+        self.redirect = "/" + self.redirect.lstrip("/")
+
+        if msg:
+            return False, msg
+
+        try:
+            await self.async_acquire_token_by_auth_code_flow(auth_response)
+        except Exception as err:
+            msg.append(
+                "<b>Could not get token</b> - async_acquire_token_by_auth_code_flow"
+            )
+            msg.append(str(err))
+            return False, msg
+
+        if not msg:
+            try:
+                if get_info in ("user", "manager"):
+                    await helpers.get_user_info(self)
+                if get_info == "manager":
+                    await helpers.get_manager_info(self)
+            except Exception as err:
+                msg.append("Could not get org info from MS graph")
+                msg.append(str(err))
+                self.mail = ""
+                self.name = ""
+
+            if self.session.get("mail"):
+                for lcb in ENV.login_callback:
+                    await lcb(self)
+
+        return True, msg

aiohttp_msal/routes.py

@@ -9,12 +9,7 @@ from aiohttp import web
 from aiohttp_session import get_session, new_session
 
 from aiohttp_msal import ENV, auth_ok, msal_session
-from aiohttp_msal.helpers import (
-    check_auth_response,
-    get_manager_info,
-    get_user_info,
-    html_wrap,
-)
+from aiohttp_msal.helpers import get_manager_info, get_url, get_user_info, html_wrap
 from aiohttp_msal.msal_async import AsyncMSAL
 
 ROUTES = web.RouteTableDef()
@@ -24,17 +19,6 @@ URI_USER_AUTHORIZED = "/user/authorized"
 SESSION_REDIRECT = "redirect"
 
 
-def get_route(request: web.Request, url: str) -> str:
-    """Retrieve server route from request.
-
-    localhost and production on http:// with nginx proxy that adds TLS/SSL.
-    """
-    url = str(request.url.origin() / url)
-    if "localhost" not in url:
-        url = url.replace("http:", "https:", 1)
-    return url
-
-
 @ROUTES.get(URI_USER_LOGIN)
 @ROUTES.get(f"{URI_USER_LOGIN}/{{to:.+$}}")
 async def user_login(request: web.Request) -> web.Response:
@@ -47,7 +31,7 @@ async def user_login(request: web.Request) -> web.Response:
         _to = "/"
     session[SESSION_REDIRECT] = urljoin(_to, request.match_info.get("to", ""))
 
-    msredirect = get_route(request, URI_USER_AUTHORIZED.lstrip("/"))
+    msredirect = get_url(request, URI_USER_AUTHORIZED.lstrip("/"))
     redir = AsyncMSAL(session).initiate_auth_code_flow(redirect_uri=msredirect)
     raise web.HTTPFound(redir)
 
@@ -55,9 +39,10 @@ async def user_login(request: web.Request) -> web.Response:
 @ROUTES.post(URI_USER_AUTHORIZED)
 async def user_authorized(request: web.Request) -> web.Response:
     """Complete the auth code flow."""
-    aiomsal, msg = await check_auth_response(request, AsyncMSAL)
+    aiomsal = await AsyncMSAL.from_request(request)
+    ok, msg = await aiomsal.async_acquire_token_by_auth_code_flow_plus(request)
 
-    if aiomsal and not msg:
+    if ok and not msg:
         try:
             raise web.HTTPFound(aiomsal.redirect)
         finally:
@@ -149,7 +134,7 @@ async def user_logout(request: web.Request, ses: AsyncMSAL) -> web.Response:
     if ref:
         _to = urljoin(ref, _to)
     else:
-        _to = get_route(request, _to)
+        _to = get_url(request, _to)
 
     return web.HTTPFound(
         f"https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri={_to}"

{aiohttp_msal-1.0.4.dist-info → aiohttp_msal-1.0.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: aiohttp-msal
-Version: 1.0.4
+Version: 1.0.5
 Summary: Helper Library to use the Microsoft Authentication Library (MSAL) with aiohttp
 Keywords: aiohttp,asyncio,msal,oauth
 Author: Johann Kellerman
@@ -137,4 +137,6 @@ uv sync --all-extras
 uv tool install ruff
 uv tool install codespell
 uv tool install pyproject-fmt
+uv tool install prek
+prek install  # add pre-commit hooks
 ```

aiohttp_msal-1.0.5.dist-info/RECORD

@@ -0,0 +1,11 @@
+aiohttp_msal/__init__.py,sha256=nrjPAIy0kNbBvHZsy9qUSKs5r_-Kiea-KJM17bsBIkw,4375
+aiohttp_msal/helpers.py,sha256=L0DFIZD9OfCepckfk64ZtxrVX0-y0aAqRFowBYipepE,2474
+aiohttp_msal/msal_async.py,sha256=VG5L6PGBHzRBNg_XfIqvfU1V-Snznv_Srd_kXzBgTts,11702
+aiohttp_msal/redis_tools.py,sha256=6kCw0_zDQcvIcsJaPfG-zHUvT3vzkrNySNTV5y1tckE,6539
+aiohttp_msal/routes.py,sha256=Cc6FHqs8dyHSTCC6AaT-yPttSDyBlsngoiz7j9QCKRU,5143
+aiohttp_msal/settings.py,sha256=sArlq9vBDMsikLf9sTRw-UXE2_QRK_G-kzmtHvZcbwA,1559
+aiohttp_msal/settings_base.py,sha256=WBI7HS780i9zKWUy1ZnztDbRsfoDMVr3K-otHZOhNCc,3026
+aiohttp_msal/utils.py,sha256=ll303J58nwCEB9QCAm13urUOa6cPqsAE7z_iP9OlRJw,2390
+aiohttp_msal-1.0.5.dist-info/WHEEL,sha256=Jb20R3Ili4n9P1fcwuLup21eQ5r9WXhs4_qy7VTrgPI,79
+aiohttp_msal-1.0.5.dist-info/METADATA,sha256=OR8PATJQ8sdTo2vifYRzTmj4iYt9Vcra-CxoADp39Ac,4572
+aiohttp_msal-1.0.5.dist-info/RECORD,,

{aiohttp_msal-1.0.4.dist-info → aiohttp_msal-1.0.5.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: uv 0.8.13
+Generator: uv 0.8.15
 Root-Is-Purelib: true
 Tag: py3-none-any

aiohttp_msal-1.0.4.dist-info/RECORD

@@ -1,11 +0,0 @@
-aiohttp_msal/__init__.py,sha256=nrjPAIy0kNbBvHZsy9qUSKs5r_-Kiea-KJM17bsBIkw,4375
-aiohttp_msal/helpers.py,sha256=8sW-7FW4t1Ztazql11ng67SqdKBlbOWuOMjOBRfBc_c,4495
-aiohttp_msal/msal_async.py,sha256=RUV_XlhNNCOZslT1sEkEPyaYcHDOmsIyiGmRpZuA3I0,8097
-aiohttp_msal/redis_tools.py,sha256=6kCw0_zDQcvIcsJaPfG-zHUvT3vzkrNySNTV5y1tckE,6539
-aiohttp_msal/routes.py,sha256=3rAejWcHfL5czVA91TY3wZGT5EkRxmfyvc8vr6rhyxU,5438
-aiohttp_msal/settings.py,sha256=sArlq9vBDMsikLf9sTRw-UXE2_QRK_G-kzmtHvZcbwA,1559
-aiohttp_msal/settings_base.py,sha256=WBI7HS780i9zKWUy1ZnztDbRsfoDMVr3K-otHZOhNCc,3026
-aiohttp_msal/utils.py,sha256=ll303J58nwCEB9QCAm13urUOa6cPqsAE7z_iP9OlRJw,2390
-aiohttp_msal-1.0.4.dist-info/WHEEL,sha256=4n27za1eEkOnA7dNjN6C5-O2rUiw6iapszm14Uj-Qmk,79
-aiohttp_msal-1.0.4.dist-info/METADATA,sha256=OBl_U9OTy602OfSL9-d5myNJPUYuaGjtBF7voW5lu2Y,4514
-aiohttp_msal-1.0.4.dist-info/RECORD,,