alpha-python 0.3.2__tar.gz → 0.3.4__tar.gz

{alpha_python-0.3.2 → alpha_python-0.3.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: alpha-python
-Version: 0.3.2
+Version: 0.3.4
 Summary: Alpha is intended to be the first dependency you need to add to your Python application. It is a Python library which contains standard building blocks that can be used in applications that are used as APIs and/or make use of database interaction.
 Author-email: Bart Reijling <bart@reijling.eu>
 Requires-Python: >=3.11
@@ -16,7 +16,8 @@ Requires-Dist: pyjwt>=2.10.1
 Requires-Dist: six>=1.17.0
 Requires-Dist: sqlalchemy>=2.0.44
 Requires-Dist: requests>=2.28.1
-Requires-Dist: dependency-injector[yaml]<5.0.0,>=4.48.3
+Requires-Dist: dependency-injector[yaml]!=4.48.3,<5.0.0,>=4.42.0
+Requires-Dist: argon2-cffi>=25.1.0
 Provides-Extra: api-generator
 Requires-Dist: openapi-generator-cli==7.14.0; (python_version >= "3.11" and python_version < "4.0") and extra == "api-generator"
 Requires-Dist: jdk4py; extra == "api-generator"

{alpha_python-0.3.2 → alpha_python-0.3.4}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "alpha-python"
-version = "0.3.2"
+version = "0.3.4"
 description = "Alpha is intended to be the first dependency you need to add to your Python application. It is a Python library which contains standard building blocks that can be used in applications that are used as APIs and/or make use of database interaction."
 readme = "README.md"
 authors = [
@@ -18,7 +18,8 @@ dependencies = [
     "six>=1.17.0",
     "sqlalchemy>=2.0.44",
     "requests>=2.28.1",
-    "dependency-injector[yaml]>=4.48.3,<5.0.0",
+    "dependency-injector[yaml]>=4.42.0,<5.0.0,!=4.48.3",
+    "argon2-cffi>=25.1.0",
 ]
 
 [project.scripts]

{alpha_python-0.3.2 → alpha_python-0.3.4}/src/alpha/cli.py

@@ -134,15 +134,25 @@ def _guess_current_package_name() -> str:
         try:
             with open(pyproject_path, 'rb') as f:
                 pyproject_data = tomllib.load(f)
-                return pyproject_data['project']['name'].replace('-', '_')
+                name = None
+                try:
+                    if 'project' in pyproject_data:
+                        name = pyproject_data['project']['name']
+                    elif 'tool' in pyproject_data and 'poetry' in pyproject_data['tool']:
+                        name = pyproject_data['tool']['poetry']['name']
+                    if name is not None:
+                        return name.replace('-', '_')
+                except KeyError:
+                    print('Could not find project name in pyproject.toml')
         except Exception:
             pass
+    else:
+        print('Could not find pyproject.toml')
 
     # Fallback to use the current folder name
-    print('Could not find pyproject.toml, guessing package name from folder')
+    print('Guessing package name from folder')
     return os.path.basename(cwd)
 
-
 def init() -> None:
     """Init the container and wire it to the main function."""
     container = Container()

{alpha_python-0.3.2 → alpha_python-0.3.4}/src/alpha/domain/models/user.py

@@ -48,7 +48,7 @@ class User(LifeCycleBase, BaseDomainModel):
 
         Parameters
         ----------
-        user
+        obj
             User object to update from.
         """
         if not isinstance(obj, User):
@@ -60,7 +60,7 @@ class User(LifeCycleBase, BaseDomainModel):
         self.display_name = obj.display_name
         self.permissions = obj.permissions
         self.groups = obj.groups
-        self.updated_at = datetime.now(tz=timezone.utc)
+        self.modified_at = datetime.now(tz=timezone.utc)
         self.is_active = obj.is_active
         self.admin = obj.admin
         return cast(DomainModel, self)

{alpha_python-0.3.2 → alpha_python-0.3.4}/src/alpha/exceptions.py

@@ -177,6 +177,27 @@ class TokenCreationException(Exception):
     """Raised when there is an error during token creation."""
 
 
+# User exceptions
+class UnknownUserException(BadRequestException):
+    """Raised when a referenced user cannot be found."""
+
+
+class EmptyValueException(BadRequestException):
+    """Raised when a required value is empty."""
+
+
+class UnknownTokenException(UnauthorizedException):
+    """Raised when a token is not recognized."""
+
+
+class WrongPasswordException(BadRequestException):
+    """Raised when an incorrect password is provided."""
+
+
+class MissingPasswordException(InternalServerErrorException):
+    """Raised when a required password is missing from the request or configuration."""
+
+
 # Cli Exceptions
 class InvalidArgumentsException(Exception):
     """Raised when invalid arguments are provided to a CLI command."""

alpha_python-0.3.4/src/alpha/factories/password_factory.py

@@ -0,0 +1,130 @@
+"""Contains PasswordFactory class with password hashing methods
+hash_password & verify_password
+"""
+
+from argon2 import PasswordHasher
+from argon2.exceptions import VerifyMismatchError
+
+from alpha import exceptions
+
+
+class PasswordFactory:
+    """This class provides methods for hashing and verifying passwords using
+    the argon2 library. It includes the following methods:
+    - hash_password: Hashes a given password and returns the hashed value as a
+        hexadecimal string.
+    - verify_password: Verifies a given password against a provided hash and
+        returns True if the password matches the hash, False otherwise.
+
+    Parameters
+    ----------
+    password_hasher
+        An optional password hasher instance. If not provided, a default
+        PasswordHasher with a salt length of 16 will be used.
+    """
+
+    def __init__(self, password_hasher: PasswordHasher | None = None) -> None:
+        self._password_hasher = password_hasher or PasswordHasher(salt_len=16)
+
+    def hash_password(
+        self, password: str | None, convert_to_hex: bool = True
+    ) -> str:
+        """Hashes the provided password using the password hasher.
+
+        Parameters
+        ----------
+        password
+            The password to be hashed.
+        convert_to_hex
+            A boolean flag indicating whether to convert the hashed password to
+            hexadecimal format. Defaults to True.
+
+        Returns
+        -------
+            The hashed password as a hexadecimal string.
+
+        Raises
+        ------
+        exceptions.WrongPasswordException
+            Raised when the provided password is None or empty.
+        """
+        if not password:
+            raise exceptions.WrongPasswordException("Password value is empty")
+        hashed_password = self._password_hasher.hash(password=password)
+        return (
+            self._to_hex(hashed_password)
+            if convert_to_hex
+            else hashed_password
+        )
+
+    def verify_password(
+        self,
+        password: str | None,
+        hash: str | None,
+        convert_from_hex: bool = True,
+    ) -> bool:
+        """Verifies the provided password against the given hash using the
+        password hasher.
+
+        Parameters
+        ----------
+        password
+            The password to be verified.
+        hash
+            The hash to verify the password against.
+        convert_from_hex
+            A boolean flag indicating whether to convert the hash from
+            hexadecimal format before verification. Defaults to True.
+
+        Returns
+        -------
+            True if the password matches the hash, False otherwise.
+        Raises
+        ------
+        exceptions.WrongPasswordException
+            Raised when the provided password is None or empty.
+        exceptions.MissingPasswordException
+            Raised when the provided hash is None or empty.
+        """
+        if not password:
+            raise exceptions.WrongPasswordException("Password value is empty")
+        if not hash:
+            raise exceptions.MissingPasswordException(
+                "No password value to compare with"
+            )
+
+        try:
+            return self._password_hasher.verify(
+                hash=self._from_hex(hash) if convert_from_hex else hash,
+                password=password,
+            )
+        except VerifyMismatchError:
+            return False
+
+    def _to_hex(self, value: str) -> str:
+        """Converts a string value to its hexadecimal representation.
+
+        Parameters
+        ----------
+        value
+            The string value to be converted to hexadecimal.
+
+        Returns
+        -------
+            The hexadecimal representation of the string value.
+        """
+        return value.encode("utf-8").hex()
+
+    def _from_hex(self, hex: str) -> str:
+        """Converts a hexadecimal string back to its original string
+        representation.
+
+        Parameters
+        ----------
+        hex
+            The hexadecimal string to be converted back to the original string.
+        Returns
+        -------
+            The original string representation of the hexadecimal input.
+        """
+        return bytes.fromhex(hex).decode("utf-8")

{alpha_python-0.3.2 → alpha_python-0.3.4}/src/alpha/handlers/api_generate_handler.py

@@ -23,8 +23,8 @@ class ApiGenerateHandler(BaseHandler):
                 "the required packages first. \nThis can be done by installing "
                 "the \'api-generator\' extra: \n"
                 "- pip install alpha-python[api-generator]\n"
-                "- poetry add alpha-python --extras api-generator\n"
-                "- uv add alpha-python --extra api-generator"
+                "- poetry add --dev alpha-python --extras api-generator\n"
+                "- uv add --dev alpha-python --extra api-generator"
             )
             exit(1)
         

{alpha_python-0.3.2 → alpha_python-0.3.4}/src/alpha/handlers/templates/python-flask/Dockerfile.mustache

@@ -19,5 +19,7 @@ COPY . /usr/src/app
 
 EXPOSE {{serverPort}}
 
+ENV FLASK_ENV=production
+
 CMD ["gunicorn", "--bind", ":{{serverPort}}", "--workers", "4", "--logger-class", "alpha.utils.logging_configurator.GunicornLogger", "{{packageName}}.__main__:app"]
 

alpha_python-0.3.4/src/alpha/providers/database_provider.py

@@ -0,0 +1,242 @@
+"""Database Identity Provider implementation"""
+
+import logging
+
+from alpha.domain.models.user import User
+from alpha.factories.password_factory import PasswordFactory
+from alpha.interfaces.sql_repository import SqlRepository
+from alpha.interfaces.token_factory import TokenFactory
+from alpha.interfaces.unit_of_work import UnitOfWork
+from alpha.mixins.jwt_provider import JWTProviderMixin
+from alpha.providers.models.credentials import PasswordCredentials
+from alpha.providers.models.identity import Identity
+from alpha import exceptions
+
+
+class DatabaseProvider(JWTProviderMixin):
+    """Database Identity Provider implementation."""
+
+    protocol = "database"
+    _token_factory: TokenFactory | None = None
+
+    def __init__(
+        self,
+        uow: UnitOfWork,
+        token_factory: TokenFactory | None = None,
+        password_factory: PasswordFactory | None = None,
+        user_name_attribute: str = "username",
+        users_repository_name: str = "users",
+    ) -> None:
+        """Database Identity Provider implementation for user authentication
+        and management. This provider uses a database to store user information
+        and credentials, and provides methods for authenticating users,
+        retrieving user information, and changing passwords.
+
+        Parameters
+        ----------
+        uow
+            Unit of work instance to manage database transactions
+        token_factory
+            Token factory instance to generate and validate tokens
+        password_factory, optional
+            Password factory instance to handle password hashing and
+            verification, by default None
+        user_name_attribute, optional
+            Attribute name to identify the user, by default "username"
+        users_repository_name, optional
+            Repository name for user entities, by default "users"
+        """
+        self.uow = uow
+        self._token_factory = token_factory
+        self._password_factory = password_factory or PasswordFactory()
+        self._user_name_attribute = user_name_attribute
+        self._users_repository_name = users_repository_name
+
+    def authenticate(self, credentials: PasswordCredentials) -> Identity:
+        """Authenticate a user using their credentials.
+
+        Parameters
+        ----------
+        credentials
+            Password credentials for the user
+
+        Returns
+        -------
+            Identity instance representing the authenticated user
+        """
+        with self.uow:
+            users: SqlRepository[User] = getattr(
+                self.uow, self._users_repository_name
+            )
+            user = self._verify_password(
+                credentials=credentials, user_repository=users
+            )
+
+            return Identity.from_user(user)
+
+    def get_user(self, subject: str) -> Identity:
+        """Retrieve a user by their subject identifier.
+
+        Parameters
+        ----------
+        subject
+            The subject identifier of the user
+
+        Returns
+        -------
+            Identity instance representing the user
+        """
+        with self.uow:
+            users: SqlRepository[User] = getattr(
+                self.uow, self._users_repository_name
+            )
+            user = self._get_user(
+                username=subject, user_repository=users, attribute_name="id"
+            )
+
+            return Identity.from_user(user)
+
+    def change_password(
+        self, credentials: PasswordCredentials, new_password: str
+    ) -> None:
+        """Change the password for a user.
+
+        Parameters
+        ----------
+        credentials
+            Password credentials for the user
+        new_password
+            The new password to set for the user
+        """
+        with self.uow:
+            users: SqlRepository[User] = getattr(
+                self.uow, self._users_repository_name
+            )
+            user = self._verify_password(
+                credentials=credentials, user_repository=users
+            )
+
+            self._update_user_password(user, new_password)
+            self.uow.commit()
+
+    def _get_user(
+        self,
+        username: str,
+        user_repository: SqlRepository[User],
+        attribute_name: str | None = None,
+    ) -> User:
+        """Retrieve a user by their username.
+
+        Parameters
+        ----------
+        username
+            The username of the user
+        user_repository
+            The repository to query for the user
+        attribute_name
+            The attribute name to use for querying the user, by default None.
+            If None, the provider's configured user_name_attribute will be
+            used.
+
+        Returns
+        -------
+            User instance representing the retrieved user
+
+        Raises
+        ------
+        exceptions.UserNotFoundException
+            If the user does not exist
+        """
+        user = user_repository.get_one_or_none(
+            attr=attribute_name or self._user_name_attribute,
+            value=username,
+        )
+
+        if not user:
+            msg = (
+                f"User with '{attribute_name or self._user_name_attribute}'="
+                f"'{username}' does not exist"
+            )
+            logging.debug(msg)
+            # Disabled lines below for future implementation of logging and
+            # unit of work commit
+            # self.logger(msg=msg, level=LogLevel.DEBUG)
+            # self.uow.commit()
+            raise exceptions.UserNotFoundException(msg)
+
+        return user
+
+    def _verify_password(
+        self,
+        credentials: PasswordCredentials,
+        user_repository: SqlRepository[User],
+    ) -> User:
+        """Verify the password for a user.
+
+        Parameters
+        ----------
+        credentials
+            Password credentials for the user
+        user_repository
+            The repository to query for the user
+
+        Returns
+        -------
+            User instance representing the authenticated user
+
+        Raises
+        ------
+        exceptions.InvalidCredentialsException
+            If the provided credentials are invalid
+        exceptions.MissingPasswordException
+            If the user does not have a password set
+        """
+
+        user = self._get_user(credentials.username, user_repository)
+
+        try:
+            if not self._password_factory.verify_password(
+                credentials.password, user.password
+            ):
+                msg = (
+                    f"The provided password for user "
+                    f"'{getattr(user, self._user_name_attribute)}' is "
+                    "incorrect"
+                )
+                logging.debug(msg)
+                # Disabled lines below for future implementation of logging and
+                # unit of work commit
+                # self.logger(msg=msg, level=LogLevel.DEBUG)
+                # self.uow.commit()
+                raise exceptions.InvalidCredentialsException(msg)
+        except exceptions.MissingPasswordException as exc:
+            msg = (
+                f"No password value to compare for "
+                f"'{getattr(user, self._user_name_attribute)}'"
+            )
+            logging.error(msg)
+            # Disabled lines below for future implementation of logging and
+            # unit of work commit
+            # self.logger(msg=msg, level=LogLevel.ERROR)
+            # self.uow.commit()
+            raise exceptions.MissingPasswordException(msg) from exc
+
+        return user
+
+    def _update_user_password(
+        self,
+        user: User,
+        new_password: str,
+    ) -> None:
+        """Change the password for a user.
+
+        Parameters
+        ----------
+        user
+            User instance representing the user to update the password for
+        new_password
+            The new password to set for the user
+        user_repository
+            The repository to query for the user
+        """
+        user.password = self._password_factory.hash_password(new_password)

{alpha_python-0.3.2 → alpha_python-0.3.4}/src/alpha/providers/models/identity.py

@@ -27,43 +27,43 @@ DEFAULT_AD_MAPPINGS = {
 }
 
 AD_SEARCH_ATTRIBUTES = [
-    'cn',
-    'generationQualifier',
-    'name',
-    'postalAddress',
-    'lastLogonTimestamp',
-    'mobile',
-    'postalCode',
-    'countryCode',
-    'company',
-    'displayName',
-    'o',
-    'st',
-    'ou',
-    'givenName',
-    'msExchUserCulture',
-    'l',
-    'initials',
-    'msTSLicenseVersion',
-    'memberOf',
-    'whenChanged',
-    'mailNickname',
-    'sn',
-    'street',
-    'accountExpires',
-    'uSNChanged',
-    'distinguishedName',
-    'whenCreated',
-    'sAMAccountName',
-    'c',
-    'employeeID',
-    'streetAddress',
-    'description',
-    'mail',
-    'title',
-    'department',
-    'co',
-    'personalTitle',
+    "cn",
+    "generationQualifier",
+    "name",
+    "postalAddress",
+    "lastLogonTimestamp",
+    "mobile",
+    "postalCode",
+    "countryCode",
+    "company",
+    "displayName",
+    "o",
+    "st",
+    "ou",
+    "givenName",
+    "msExchUserCulture",
+    "l",
+    "initials",
+    "msTSLicenseVersion",
+    "memberOf",
+    "whenChanged",
+    "mailNickname",
+    "sn",
+    "street",
+    "accountExpires",
+    "uSNChanged",
+    "distinguishedName",
+    "whenCreated",
+    "sAMAccountName",
+    "c",
+    "employeeID",
+    "streetAddress",
+    "description",
+    "mail",
+    "title",
+    "department",
+    "co",
+    "personalTitle",
 ]
 
 
@@ -230,6 +230,32 @@ class Identity:
             ),
         )
 
+    @classmethod
+    def from_user(cls, user: User) -> "Identity":
+        """Instantiate an Identity from a User instance.
+
+        Parameters
+        ----------
+        user
+            User object to create the Identity from.
+
+        Returns
+        -------
+            An Identity instance populated with data from the User object.
+        """
+        return cls(
+            subject=str(user.id),
+            username=user.username,
+            email=user.email,
+            display_name=user.display_name,
+            groups=user.groups or [],
+            permissions=user.permissions or [],
+            claims={},
+            issued_at=datetime.now(tz=timezone.utc),
+            role=user.role,
+            admin=user.admin,
+        )
+
     def update_from_user(self, user: User) -> None:
         """Update the Identity instance with data from a User instance.
 
@@ -244,11 +270,11 @@ class Identity:
         if not self.display_name:
             self.display_name = user.display_name
         for permission in user.permissions or []:
-            if permission not in self.permissions:
-                self.permissions.append(permission)  # type: ignore
+            self.permissions = self._append_on_sequence(
+                self.permissions, permission
+            )
         for group in user.groups or []:
-            if group not in self.groups:
-                self.groups.append(group)  # type: ignore
+            self.groups = self._append_on_sequence(self.groups, group)
         self.role = user.role
         self.admin = user.admin
 
@@ -379,11 +405,33 @@ class Identity:
         groups: list[str] = []
         for item in entry.get("memberOf", []):
             group = (
-                item.replace('\\,', ';')
-                .split(',')[0]
-                .replace(';', ',')
-                .replace('CN=', '')
-                .replace('cn=', '')
+                item.replace("\\,", ";")
+                .split(",")[0]
+                .replace(";", ",")
+                .replace("CN=", "")
+                .replace("cn=", "")
             )
             groups.append(group)
         return groups
+
+    def _append_on_sequence(
+        self, sequence: Sequence[str], item: str
+    ) -> Sequence[str]:
+        """Helper method to append an item to a sequence if it's not already
+        present.
+
+        Parameters
+        ----------
+        sequence
+            The original sequence to append to.
+        item
+            The item to append if not already in the sequence.
+
+        Returns
+        -------
+            A new sequence with the item appended if it was not already
+            present.
+        """
+        if item not in sequence:
+            return list(sequence) + [item]
+        return sequence