alpha-python 0.5.0__py3-none-any.whl → 0.5.1__py3-none-any.whl

alpha/__init__.py

@@ -49,6 +49,7 @@ from alpha.repositories.models.repository_model import RepositoryModel
 from alpha.repositories.rest_api_repository import RestApiRepository
 from alpha.repositories.sql_alchemy_repository import SqlAlchemyRepository
 from alpha.services.authentication_service import AuthenticationService
+from alpha.services.user_lifecycle_management import UserLifecycleManagement
 from alpha.utils.is_attrs import is_attrs
 from alpha.utils.is_pydantic import is_pydantic
 from alpha.utils.logging_configurator import (
@@ -56,6 +57,7 @@ from alpha.utils.logging_configurator import (
     GunicornLogger,
 )
 from alpha.utils.logging_level_checker import logging_level_checker
+from alpha.utils.request_headers import Headers
 from alpha.utils.response_object import create_response_object
 from alpha.utils.verify_identity import verify_identity
 from alpha.utils.version_checker import minor_version_gte
@@ -126,11 +128,13 @@ __all__ = [
     "RestApiRepository",
     "SqlAlchemyRepository",
     "AuthenticationService",
+    "UserLifecycleManagement",
     "is_attrs",
     "is_pydantic",
     "LoggingConfigurator",
     "GunicornLogger",
     "logging_level_checker",
+    "Headers",
     "create_response_object",
     "verify_identity",
     "minor_version_gte",

alpha/domain/models/user.py

@@ -1,25 +1,89 @@
 from dataclasses import dataclass
 from datetime import datetime, timezone
+from enum import Enum, auto
 from typing import Self, Sequence, cast
 from uuid import UUID
 
 from alpha.domain.models.base_model import BaseDomainModel, DomainModel
+from alpha.domain.models.group import Group
 from alpha.domain.models.life_cycle_base import LifeCycleBase
 
 from alpha.providers.models.identity import Identity
 
 
+class Role(Enum):
+    """Defines user roles with varying levels of permissions. The roles are
+    ordered from highest to lowest permissions. The comparison methods allow
+    for easy comparison of roles based on their hierarchy. The roles are
+    ordered on a scale from highest to lowest permissions.
+
+    Typical permissions are as follows:
+    - CREATE: Permission to create new content or data, but not modify existing
+    content.
+    - READ: Permission to read content or data.
+    - UPDATE: Permission to modify existing content or data, but not create new
+    content.
+    - DELETE: Permission to delete content or data.
+    - MANAGE_USERS: Permission to manage user accounts and permissions.
+    - MANAGE_SETTINGS: Permission to manage system settings and configurations.
+    - ALL: Permission to perform all actions, including user management and
+    system settings.
+
+    Roles:
+    - ADMIN: Role with permissions to manage users, content, and system
+    settings. Typically has the ALL permissions.
+    - SUPERUSER: Role with all permissions, including system settings and user
+    management. Typically has the ALL permissions, but may be used to denote a
+    special type of admin user with additional privileges or responsibilities.
+    - OWNER: Role with permissions to manage their own resources and users, but
+    not system settings. Typically has permissions similar to ADMIN, but
+    limited to their own scope of resources.
+    - MODERATOR: Role with permissions to manage content and users, but not
+    system settings. Typically has permissions to UPDATE and DELETE content,
+    and MANAGE_USERS, but not MANAGE_SETTINGS.
+    - EDITOR: Role with permissions to create and edit content, but not manage
+    users or settings. Typically has permissions to CREATE, READ, UPDATE, and
+    DELETE content, but not MANAGE_USERS or MANAGE_SETTINGS.
+    - USER: Default role with standard permissions. Typically has permissions
+    to CREATE, READ, and UPDATE their own content, but not DELETE content or
+    manage users or settings.
+    - VIEWER: Typical read-only role with limited permissions. Typically has
+    permission to READ content, but not CREATE, UPDATE, DELETE, or manage users
+    or settings.
+    """
+
+    ADMIN = auto()
+    SUPERUSER = auto()
+    OWNER = auto()
+    MODERATOR = auto()
+    EDITOR = auto()
+    USER = auto()
+    VIEWER = auto()
+
+    def __lt__(self, obj: Self) -> bool:
+        return self.value < obj.value
+
+    def __le__(self, obj: Self) -> bool:
+        return self.value <= obj.value
+
+    def __gt__(self, obj: Self) -> bool:
+        return self.value > obj.value
+
+    def __ge__(self, obj: Self) -> bool:
+        return self.value >= obj.value
+
+
 @dataclass(kw_only=True)
 class User(LifeCycleBase, BaseDomainModel):
     id: UUID | int | str | None = None
     username: str | None = None
     password: str | None = None
-    role: str | None = None
+    role: str | Role | None = None
     email: str | None = None
     phone: str | None = None
     display_name: str | None = None
     permissions: Sequence[str] | None = None
-    groups: Sequence[str] | None = None
+    groups: Sequence[str | Group] | None = None
     is_active: bool = True
     admin: bool = False
 

alpha/factories/jwt_factory.py

@@ -18,8 +18,12 @@ class JWTFactory:
         lifetime_hours: str | None = "12",
         issuer: str = "http://localhost",
         jwt_algorithm: str = "HS256",
+        options: dict[str, Any] | None = None,
     ) -> None:
-        """Initialize the JWTFactory.
+        """Initialize the JWTFactory. This method sets up the necessary
+        configuration for creating and validating JWT tokens. It requires a
+        secret key for signing the tokens and allows optional configuration
+        for token lifetime, issuer, algorithm, and decoding options.
 
         Parameters
         ----------
@@ -31,6 +35,10 @@ class JWTFactory:
             The issuer of the JWT, by default "http://localhost"
         jwt_algorithm, optional
             The algorithm used to sign the JWT, by default "HS256"
+        options, optional
+            A dictionary of options to customize the decoding behavior, by
+            default None. If not provided, it defaults to requiring standard
+            claims and verifying the signature.
 
         Raises
         ------
@@ -46,6 +54,10 @@ class JWTFactory:
         self.JWT_ISSUER = issuer
         self.JWT_ALGORITHM = jwt_algorithm
         self.JWT_LIFETIME_SECONDS = 3600 * int(lifetime_hours)
+        self.JWT_OPTIONS = options or {
+            "require": ["exp", "iat", "nbf", "iss", "sub"],
+            "verify_signature": True,
+        }
 
     def create(
         self,
@@ -93,13 +105,19 @@ class JWTFactory:
         )
         return token
 
-    def validate(self, token: str) -> bool:
-        """Validate a JWT token.
+    def validate(
+        self, token: str, options: dict[str, Any] | None = None
+    ) -> bool:
+        """Validate a JWT token. This method checks the token's signature,
+        expiration, and issuer. If the token is invalid, it raises an
+        appropriate exception. If the token is valid, it returns True.
 
         Parameters
         ----------
         token
             The JWT token to be validated.
+        options
+            A dictionary of options to customize the decoding behavior.
 
         Returns
         -------
@@ -112,15 +130,62 @@ class JWTFactory:
             InvalidSignatureException
                 If the token signature is invalid.
         """
+        if self._decode(token, options):
+            return True
+        return False
+
+    def get_payload(
+        self, token: str, options: dict[str, Any] | None = None
+    ) -> dict[str, Any]:
+        """Retrieve the payload from a JWT token. This method does not perform
+        validation of the token by default. It simply decodes the token and
+        extracts the payload.
+
+        If the `options` parameter is provided, it will be passed to the
+        `jwt.decode` function. This allows customization of the decoding
+        behavior, such as enabling or disabling signature verification.
+
+        Parameters
+        ----------
+        token
+            The JWT token from which to extract the payload.
+        options
+            A dictionary of options to customize the decoding behavior.
+
+        Returns
+        -------
+            A dictionary containing the payload data extracted from the token.
+        """
+        decoded = self._decode(token, options)
+        return decoded.get("payload", {})
+
+    def _decode(
+        self, token: str, options: dict[str, Any] | None = None
+    ) -> dict[str, Any]:
+        """Decode a JWT token without performing validation. This method is
+        intended for internal use and should not be exposed as part of the
+        public API.
+
+        Parameters
+        ----------
+        token
+            The JWT token to be decoded.
+        options
+            A dictionary of options to customize the decoding behavior.
+
+        Returns
+        -------
+            A dictionary containing the decoded token data.
+        """
         try:
-            jwt.decode(
+            decoded: dict[str, Any] = jwt.decode(
                 jwt=token,
                 key=self.JWT_SECRET,
                 algorithms=[self.JWT_ALGORITHM],
                 issuer=self.JWT_ISSUER,
-                verify=True,
+                options=options or self.JWT_OPTIONS,
             )
-            return True
+            return decoded
         except jwt.ExpiredSignatureError as e:
             raise exceptions.TokenExpiredException(str(e)) from e
         except jwt.InvalidSignatureError as e:
@@ -129,23 +194,3 @@ class JWTFactory:
             raise exceptions.InvalidTokenException(
                 f"Token is invalid: {str(e)}"
             ) from e
-
-    def get_payload(self, token: str) -> dict[str, Any]:
-        """Retrieve the payload from a JWT token.
-
-        Parameters
-        ----------
-        token
-            The JWT token from which to extract the payload.
-
-        Returns
-        -------
-            A dictionary containing the payload data extracted from the token.
-        """
-        decoded: dict[str, Any] = jwt.decode(
-            jwt=token,
-            key=self.JWT_SECRET,
-            algorithms=[self.JWT_ALGORITHM],
-            issuer=self.JWT_ISSUER,
-        )
-        return decoded.get("payload", {})

alpha/factories/password_factory.py

@@ -11,6 +11,7 @@ from alpha import exceptions
 class PasswordFactory:
     """This class provides methods for hashing and verifying passwords using
     the argon2 library. It includes the following methods:
+
     - hash_password: Hashes a given password and returns the hashed value as a
         hexadecimal string.
     - verify_password: Verifies a given password against a provided hash and

alpha/handlers/templates/python-flask/controller.mustache

@@ -11,6 +11,7 @@ from typing import List
 from alpha.factories.request_factory import RequestFactory
 from alpha.factories.response_factory import ResponseFactory
 from alpha.utils.response_object import create_response_object
+from alpha.utils.request_headers import Headers
 from alpha.utils.verify_identity import verify_identity
 from alpha.utils._http_codes import http_codes_{{#languageCode}}{{languageCode}}{{/languageCode}}{{^languageCode}}en{{/languageCode}} as http_codes
 from alpha.exceptions import (
@@ -144,28 +145,36 @@ def {{operationId}}(
             {{response}}
         {{/isContainer}}
     {{/allParams}}
+    headers = Headers.from_headers(connexion.request.headers)
+
+    auth_token = headers.auth_token if headers.has_auth_token else None
+    refresh_token = headers.refresh_token
+    api_key = headers.api_key
 
-    {{#authMethods}}{{#isBasicBearer}}
-    if "Authorization" in connexion.request.headers:
-        token = connexion.request.headers["Authorization"].split(" ").pop()
-    else:
-        token = None
-    {{/isBasicBearer}}{{/authMethods}}
     try:
         # Objects used for authorization
         roles=[{{#vendorExtensions.x-alpha-verify-roles}}"{{.}}",{{/vendorExtensions.x-alpha-verify-roles}}]
         groups=[{{#vendorExtensions.x-alpha-verify-groups}}"{{.}}",{{/vendorExtensions.x-alpha-verify-groups}}]
         permissions=[{{#vendorExtensions.x-alpha-verify-permissions}}"{{.}}",{{/vendorExtensions.x-alpha-verify-permissions}}]
-        {{#authMethods}}{{#isBasicBearer}}
-        # validate token
-        if token_factory.validate(token):
-            identity = token_factory.get_payload(token)
-            verify_identity(identity,
-                roles=roles,
-                groups=groups,
-                permissions=permissions,
-            )
-        {{/isBasicBearer}}{{/authMethods}}
+        {{#authMethods}}
+        {{#isBasicBearer}}
+        # Validate authentication token
+        if auth_token is None:
+            raise UnauthorizedException('Missing authentication token')
+        
+        token_factory.validate(auth_token)
+
+        identity = token_factory.get_payload(auth_token)
+        verify_identity(identity,
+            roles=roles,
+            groups=groups,
+            permissions=permissions,
+        )
+        {{/isBasicBearer}}
+        {{#isApiKey}}
+        # This needs to be replaced by code to authenticate with an API key
+        {{/isApiKey}}
+        {{/authMethods}}
         # Call method or use variable
         {{#vendorExtensions.x-alpha-request-factory}}
             {{#vendorExtensions.x-alpha-service-name}}
@@ -180,35 +189,34 @@ def {{operationId}}(
                 {{/vendorExtensions.x-alpha-service-method}}
             {{/vendorExtensions.x-alpha-service-name}}
             {{^vendorExtensions.x-alpha-service-name}}
-                {{#vendorExtensions.x-alpha-method}}
-        result = {{vendorExtensions.x-alpha-method}}
-                {{/vendorExtensions.x-alpha-method}}
+                {{#vendorExtensions.x-alpha-custom-response}}
+        result = {{vendorExtensions.x-alpha-custom-response}}
+                {{/vendorExtensions.x-alpha-custom-response}}
             {{/vendorExtensions.x-alpha-service-name}}
         {{/vendorExtensions.x-alpha-request-factory}}
         {{^vendorExtensions.x-alpha-request-factory}}
             {{^vendorExtensions.x-alpha-service-name}}
-                {{^vendorExtensions.x-alpha-method}}
+                {{^vendorExtensions.x-alpha-custom-response}}
         raise ServerErrorException('Missing x-alpha-service-name in API specification')
-                {{/vendorExtensions.x-alpha-method}}
+                {{/vendorExtensions.x-alpha-custom-response}}
                 {{^vendorExtensions.x-alpha-service-method}}
-                    {{^vendorExtensions.x-alpha-method}}
+                    {{^vendorExtensions.x-alpha-custom-response}}
         raise ServerErrorException('Missing x-alpha-service-method in API specification')
-                    {{/vendorExtensions.x-alpha-method}}
+                    {{/vendorExtensions.x-alpha-custom-response}}
                 {{/vendorExtensions.x-alpha-service-method}}
             {{/vendorExtensions.x-alpha-service-name}}
             {{#vendorExtensions.x-alpha-service-name}}
                 {{#vendorExtensions.x-alpha-service-method}}
         result = {{vendorExtensions.x-alpha-service-name}}.{{vendorExtensions.x-alpha-service-method}}(
             {{#allParams}}{{paramName}}={{paramName}},{{/allParams}}
-            {{#vendorExtensions.x-alpha-service-additional-parameters}}{{.}}={{.}},
-            {{/vendorExtensions.x-alpha-service-additional-parameters}}
+            {{#vendorExtensions.x-alpha-service-additional-parameters}}{{.}}={{.}},{{/vendorExtensions.x-alpha-service-additional-parameters}}
         )
                 {{/vendorExtensions.x-alpha-service-method}}
             {{/vendorExtensions.x-alpha-service-name}}
             {{^vendorExtensions.x-alpha-service-name}}
-                {{#vendorExtensions.x-alpha-method}}
-        result = {{vendorExtensions.x-alpha-method}}
-                {{/vendorExtensions.x-alpha-method}}
+                {{#vendorExtensions.x-alpha-custom-response}}
+        result = {{vendorExtensions.x-alpha-custom-response}}
+                {{/vendorExtensions.x-alpha-custom-response}}
             {{/vendorExtensions.x-alpha-service-name}}
         {{/vendorExtensions.x-alpha-request-factory}}
     

alpha/interfaces/token_factory.py

@@ -48,13 +48,18 @@ class TokenFactory(Protocol):
         """
         ...
 
-    def get_payload(self, token: str) -> dict[str, str]:
+    def get_payload(
+        self, token: str, options: dict[str, bool] | None
+    ) -> dict[str, str]:
         """Retrieve the payload from an authentication token.
 
         Parameters
         ----------
         token
             The authentication token from which to extract the payload.
+        options
+            A dictionary of options to customize the decoding behavior, such as
+            enabling or disabling signature verification.
 
         Returns
         -------

alpha/providers/models/identity.py

@@ -123,7 +123,7 @@ class Identity:
     username: str | None
     email: str | None
     display_name: str | None
-    groups: Sequence[str]
+    groups: Sequence[str | Group]
     permissions: Sequence[str]
     claims: Mapping[str, Any]
     issued_at: datetime

alpha/repositories/models/repository_model.py

@@ -30,5 +30,5 @@ class RepositoryModel(Generic[DomainModel]):
     name: str
     repository: Callable[..., object]
     default_model: type[DomainModel]
-    interface: object | None
+    interface: object | None = None
     additional_config: dict[str, object] | None = None

alpha/services/__init__.py

@@ -1,5 +1,7 @@
 from alpha.services.authentication_service import AuthenticationService
+from alpha.services.user_lifecycle_management import UserLifecycleManagement
 
 __all__ = [
     "AuthenticationService",
+    "UserLifecycleManagement",
 ]

alpha/services/authentication_service.py

@@ -43,8 +43,8 @@ class AuthenticationService:
         refresh_token_max_age: int = 3600 * 24 * 7,
         merge_with_database_users: bool = False,
         merge_with_database_groups: bool = False,
-        user_id_attribute: str = "username",
-        group_id_attribute: str = "name",
+        user_username_attribute: str = "username",
+        group_name_attribute: str = "name",
         uow: UnitOfWork | None = None,
         users_repository_name: str = "users",
         groups_repository_name: str = "groups",
@@ -106,10 +106,10 @@ class AuthenticationService:
         merge_with_database_groups, optional
             Whether to merge identity data with database group data,
             by default False
-        user_id_attribute, optional
+        user_username_attribute, optional
             Attribute name in the user database to use as the unique
             identifier, by default "username"
-        group_id_attribute, optional
+        group_name_attribute, optional
             Attribute name in the group database to use as the unique
             identifier, by default "name"
         uow, optional
@@ -176,8 +176,8 @@ class AuthenticationService:
         self._refresh_token_max_age = refresh_token_max_age
         self._merge_with_database_users = merge_with_database_users
         self._merge_with_database_groups = merge_with_database_groups
-        self._user_id_attribute = user_id_attribute
-        self._group_id_attribute = group_id_attribute
+        self._user_username_attribute = user_username_attribute
+        self._group_name_attribute = group_name_attribute
         self.uow = uow
         self._users_repository_name = users_repository_name
         self._groups_repository_name = groups_repository_name
@@ -368,8 +368,14 @@ class AuthenticationService:
                     "configured, cannot retrieve identity from auth token."
                 )
             try:
+                # Attempt to retrieve the identity from the auth token without
+                # validating the token, since it may be expired. The payload
+                # should still be retrievable if the token is expired, as long
+                # as the signature is valid. If the signature is invalid, an
+                # exception will be raised and caught, resulting in the
+                # identity remaining None.
                 payload = self._identity_provider.token_factory.get_payload(
-                    token=auth_token
+                    token=auth_token, options={"verify_exp": False}
                 )
                 identity = Identity.from_dict(payload)
             except Exception:
@@ -469,8 +475,8 @@ class AuthenticationService:
             )
 
             user = users.get_by_id(
-                value=getattr(identity, self._user_id_attribute),
-                attr=self._user_id_attribute,
+                value=getattr(identity, self._user_username_attribute),
+                attr=self._user_username_attribute,
             )
             if user:
                 identity.update_from_user(user)
@@ -502,18 +508,23 @@ class AuthenticationService:
             self._raise_no_uow()
 
         with self.uow:
-            groups: SqlRepository[Group] = getattr(
+            groups_repo: SqlRepository[Group] = getattr(
                 self.uow, self._groups_repository_name
             )
 
+            groups = list(identity.groups)
+            for i, group in enumerate(groups):
+                if isinstance(group, Group):
+                    groups[i] = getattr(group, self._group_name_attribute)
+
             filters = [
                 SearchFilter(
-                    field=self._group_id_attribute,
+                    field=self._group_name_attribute,
                     op=Operator.IN,
-                    value=identity.groups,
+                    value=groups,
                 )
             ]
-            user_groups = groups.select(filters=filters)
+            user_groups = groups_repo.select(filters=filters)
             identity.update_from_groups(user_groups)
 
         return identity

alpha/services/user_lifecycle_management.py

@@ -0,0 +1,331 @@
+"""Contains the UserLifecycleManagement class"""
+
+from uuid import UUID
+
+from alpha.domain.models.group import Group
+from alpha.domain.models.user import User
+from alpha.exceptions import BadRequestException, NotFoundException
+from alpha.factories.password_factory import PasswordFactory
+from alpha.interfaces.sql_repository import SqlRepository
+from alpha.interfaces.unit_of_work import UnitOfWork
+from alpha.providers.models.identity import Identity
+
+
+class UserLifecycleManagement:
+    """Management service for User CRUD transactions"""
+
+    def __init__(
+        self,
+        uow: UnitOfWork,
+        users_repository_name: str = "users",
+        groups_repository_name: str = "groups",
+        password_support: bool = False,
+        password_factory: PasswordFactory | None = None,
+        user_username_attribute: str = "username",
+        user_password_attribute: str = "password",
+    ):
+        """Initializes the UserLifecycleManagement service. This service
+        provides methods for managing the lifecycle of User objects, including
+        creating, retrieving, updating, and deleting users. It interacts with a
+        Unit of Work to manage transactions and repositories for users and
+        groups. It also supports optional password hashing functionality when
+        enabled.
+
+        Parameters
+        ----------
+        uow
+            Unit of Work instance for managing transactions
+        users_repository_name, optional
+            Name of the users repository, by default "users"
+        groups_repository_name, optional
+            Name of the groups repository, by default "groups"
+        password_support, optional
+            Whether password support is enabled, by default False
+        password_factory, optional
+            Factory for creating password hashes, by default None. If None, a
+            default PasswordFactory will be used.
+        user_username_attribute, optional
+            Attribute name for the username, by default "username"
+        user_password_attribute, optional
+            Attribute name for the password, by default "password"
+        """
+        self.uow = uow
+        self._users_repository_name = users_repository_name
+        self._groups_repository_name = groups_repository_name
+        self._password_support = password_support
+        self._password_factory = password_factory or PasswordFactory()
+        self._user_username_attribute = user_username_attribute
+        self._user_password_attribute = user_password_attribute
+
+    def add_user(self, user: User, identity: Identity | None = None) -> User:
+        """Adds a new user object to the repository
+
+        Parameters
+        ----------
+        user
+            New user object
+        identity
+            The identity of the user making the changes, by default None. If
+            provided, the `created_by` attribute of the user will be updated
+            with the username from the identity.
+
+        Returns
+        -------
+            Created user object
+        """
+        if not hasattr(user, self._user_username_attribute) or not getattr(
+            user, self._user_username_attribute
+        ):
+            raise BadRequestException("Username of User attribute is empty")
+
+        if self._password_support:
+            if not hasattr(user, self._user_password_attribute) or not getattr(
+                user, self._user_password_attribute
+            ):
+                raise BadRequestException(
+                    "Password of User attribute is empty"
+                )
+
+            setattr(
+                user,
+                self._user_password_attribute,
+                self._password_factory.hash_password(
+                    password=getattr(user, self._user_password_attribute)
+                ),
+            )
+
+        if identity:
+            user.created_by = identity.username
+
+        with self.uow:
+            users: SqlRepository[User] = getattr(
+                self.uow, self._users_repository_name
+            )
+            user = users.add(user, raise_if_exists=True)
+            self.uow.commit()
+            return user
+
+    def add_group(
+        self, group: Group, identity: Identity | None = None
+    ) -> Group:
+        """Adds a new group object to the repository
+
+        Parameters
+        ----------
+        group
+            New group object
+        identity
+            The identity of the user making the changes, by default None. If
+            provided, the `created_by` attribute of the group will be updated
+            with the username from the identity.
+
+        Returns
+        -------
+            Created group object
+        """
+        if identity:
+            group.created_by = identity.username
+
+        with self.uow:
+            groups: SqlRepository[Group] = getattr(
+                self.uow, self._groups_repository_name
+            )
+            group = groups.add(group, raise_if_exists=True)
+            self.uow.commit()
+            return group
+
+    def get_user(self, user_id: str | int | UUID) -> User:
+        """Get an user object by id from the repository
+
+        Parameters
+        ----------
+        user_id
+            The id of the user object
+
+        Returns
+        -------
+            User object which corresponds to the id
+
+        Raises
+        ------
+        NotFoundException
+            When the object is not found in the repository
+        """
+        with self.uow:
+            users: SqlRepository[User] = getattr(
+                self.uow, self._users_repository_name
+            )
+            user = users.get_by_id(user_id)
+
+            if not user:
+                raise NotFoundException(
+                    f"User with id '{user_id}' is not found"
+                )
+
+            return user
+
+    def get_group(self, group_id: str | int | UUID) -> Group:
+        """Get a group object by id from the repository
+
+        Parameters
+        ----------
+        group_id
+            The id of the group object
+
+        Returns
+        -------
+            Group object which corresponds to the id
+
+        Raises
+        ------
+        NotFoundException
+            When the object is not found in the repository
+        """
+        with self.uow:
+            groups: SqlRepository[Group] = getattr(
+                self.uow, self._groups_repository_name
+            )
+            group = groups.get_by_id(group_id)
+
+            if not group:
+                raise NotFoundException(
+                    f"Group with id '{group_id}' is not found"
+                )
+
+            return group
+
+    def get_users(self) -> list[User]:
+        """Gets all user objects from the repository
+
+        Returns
+        -------
+            A collection of all the user objects
+        """
+        with self.uow:
+            users: SqlRepository[User] = getattr(
+                self.uow, self._users_repository_name
+            )
+            result = users.select()
+
+            return result
+
+    def get_groups(self) -> list[Group]:
+        """Gets all group objects from the repository
+
+        Returns
+        -------
+            A collection of all the group objects
+        """
+        with self.uow:
+            groups: SqlRepository[Group] = getattr(
+                self.uow, self._groups_repository_name
+            )
+            result = groups.select()
+
+            return result
+
+    def remove_user(self, user_id: str | int | UUID) -> None:
+        """Removes an user object from the repository
+
+        Parameters
+        ----------
+        user_id
+            The id of the user object
+        """
+        user = self.get_user(user_id=user_id)
+        with self.uow:
+            users: SqlRepository[User] = getattr(
+                self.uow, self._users_repository_name
+            )
+
+            users.remove(user)
+            self.uow.commit()
+
+    def remove_group(self, group_id: str | int | UUID) -> None:
+        """Removes a group object from the repository
+
+        Parameters
+        ----------
+        group_id
+            The id of the group object
+        """
+        group = self.get_group(group_id=group_id)
+        with self.uow:
+            groups: SqlRepository[Group] = getattr(
+                self.uow, self._groups_repository_name
+            )
+
+            groups.remove(group)
+            self.uow.commit()
+
+    def update_user(
+        self,
+        user_id: str | int | UUID,
+        user: User,
+        identity: Identity | None = None,
+    ) -> User:
+        """Updates an existing user object in the repository
+
+        Parameters
+        ----------
+        user
+            User object with changes
+        user_id
+            The id of the user object
+        identity
+            The identity of the user making the changes, by default None. If
+            provided, the `modified_by` attribute of the user will be updated
+            with the username from the identity.
+
+        Returns
+        -------
+            Updated user object
+        """
+        original_user = self.get_user(user_id=user_id)
+
+        with self.uow:
+            users: SqlRepository[User] = getattr(
+                self.uow, self._users_repository_name
+            )
+            updated_user = users.update(original_user, user)
+            if identity:
+                updated_user.modified_by = identity.username
+            self.uow.commit()
+
+        return updated_user
+
+    def update_group(
+        self,
+        group_id: str | int | UUID,
+        group: Group,
+        identity: Identity | None = None,
+    ) -> Group:
+        """Updates an existing group object in the repository
+
+        Parameters
+        ----------
+        group
+            Group object with changes
+        group_id
+            The id of the group object
+        identity
+            The identity of the user making the changes, by default None. If
+            provided, the `modified_by` attribute of the group will be updated
+            with the username from the identity.
+
+        Returns
+        -------
+            Updated group object
+        """
+        original_group = self.get_group(group_id=group_id)
+
+        with self.uow:
+            groups: SqlRepository[Group] = getattr(
+                self.uow, self._groups_repository_name
+            )
+            updated_group = groups.update(original_group, group)
+            if identity:
+                updated_group.modified_by = identity.username
+            self.uow.commit()
+
+        return updated_group

alpha/utils/__init__.py

@@ -5,6 +5,7 @@ from alpha.utils.logging_configurator import (
     GunicornLogger,
 )
 from alpha.utils.logging_level_checker import logging_level_checker
+from alpha.utils.request_headers import Headers
 from alpha.utils.response_object import create_response_object
 from alpha.utils.verify_identity import verify_identity
 from alpha.utils.version_checker import minor_version_gte
@@ -18,4 +19,5 @@ __all__ = [
     "create_response_object",
     "verify_identity",
     "minor_version_gte",
+    "Headers",
 ]

alpha/utils/request_headers.py

@@ -0,0 +1,108 @@
+from dataclasses import dataclass
+from http import cookies
+from typing import Mapping, Self
+
+
+@dataclass(frozen=True, slots=True)
+class Headers:
+    """A dataclass representing the headers of an HTTP request. This is
+    primarily used for extracting authentication tokens and API keys from the
+    request headers and cookies.
+
+    This class provides a convenient way to access authentication tokens and
+    API keys, regardless of whether they are provided in the standard headers
+    or in cookies. It provides properties to check the presence of these tokens
+    and keys.
+
+    This class is designed to be immutable and uses slots for memory
+    efficiency.
+    """
+
+    auth_token: str | None = None
+    auth_token_type: str | None = None
+    refresh_token: str | None = None
+    api_key: str | None = None
+
+    @classmethod
+    def from_headers(
+        cls,
+        headers: Mapping[str, str],
+        auth_token_cookie_name: str = "auth_token",
+        refresh_token_cookie_name: str = "refresh_token",
+        api_key_cookie_name: str = "api_key",
+    ) -> Self:
+        """Create a Headers instance from a mapping of headers.
+
+        For the auth token, the method first checks the "Authorization" header.
+        If present, it extracts the token and its type (e.g., "Bearer"). If it
+        is not present, it looks for a cookie with the name specified by
+        `auth_token_cookie_name`. The same logic applies to the refresh token
+        and API key, checking the "X-Refresh-Token" and "X-API-Key" headers. If
+        they are not present, it looks for cookies with the names specified by
+        `refresh_token_cookie_name` and `api_key_cookie_name`.
+
+        Parameters
+        ----------
+        headers
+            A mapping of header names to their values.
+        auth_token_cookie_name
+            The name of the cookie containing the auth token, default is
+            "auth_token".
+        refresh_token_cookie_name
+            The name of the cookie containing the refresh token, default is
+            "refresh_token".
+        api_key_cookie_name
+            The name of the cookie containing the API key, default is
+            "api_key".
+
+        Returns
+        -------
+            An instance of the Headers class.
+        """
+        auth_token = None
+        auth_token_type = None
+        authorization_header = headers.get("Authorization")
+        if authorization_header is not None:
+            parts = authorization_header.split()
+            if len(parts) == 2:
+                auth_token_type, auth_token = parts
+                if auth_token_type.lower() == "bearer":
+                    auth_token_type = "Bearer"
+
+        refresh_token = headers.get("X-Refresh-Token")
+        api_key = headers.get("X-API-Key")
+        cookies_header = headers.get("Cookie")
+
+        if cookies_header is not None:
+            cookie_jar = cookies.SimpleCookie(cookies_header)
+
+            if not auth_token and auth_token_cookie_name in cookie_jar:
+                auth_token = cookie_jar[auth_token_cookie_name].value
+                auth_token_type = "Bearer"
+            if not refresh_token and refresh_token_cookie_name in cookie_jar:
+                refresh_token = cookie_jar[refresh_token_cookie_name].value
+            if not api_key and api_key_cookie_name in cookie_jar:
+                api_key = cookie_jar[api_key_cookie_name].value
+
+        return cls(
+            auth_token=auth_token,
+            auth_token_type=auth_token_type,
+            refresh_token=refresh_token,
+            api_key=api_key,
+        )
+
+    @property
+    def has_auth_token(self) -> bool:
+        if not self.auth_token:
+            return False
+        if not self.auth_token_type:
+            return False
+        return self.auth_token_type.lower() == "bearer"
+
+    @property
+    def has_refresh_token(self) -> bool:
+        return True if self.refresh_token else False
+
+    @property
+    def has_api_key(self) -> bool:
+        return True if self.api_key else False

{alpha_python-0.5.0.dist-info → alpha_python-0.5.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: alpha-python
-Version: 0.5.0
+Version: 0.5.1
 Summary: Alpha is intended to be the first dependency you need to add to your Python application. It is a Python library which contains standard building blocks that can be used in applications that are used as APIs and/or make use of database interaction.
 Author-email: Bart Reijling <bart@reijling.eu>
 Requires-Python: >=3.11

{alpha_python-0.5.0.dist-info → alpha_python-0.5.1.dist-info}/RECORD

@@ -1,4 +1,4 @@
-alpha/__init__.py,sha256=f-klxGrJmRBDMWJ2KC_G42RaLR_gMxHJGrl5MdaGN30,4755
+alpha/__init__.py,sha256=2Dk-KZu8cM84sFeePENcFnxb4-CHl9OR7qBbYSetvnw,4926
 alpha/cli.py,sha256=YdBvz_nqvC1c4kA-Xb1KtS-1Or6rbDu2VcF3ClatP6o,5657
 alpha/encoder.py,sha256=ZKPHnG4DT6azne3Sh9tNOuPO9s8xnjlr64CQ0e2abjI,1924
 alpha/exceptions.py,sha256=AHoFMPyHvjj6j_1X2TS40dSaFBzCDtgzAmucimSZjfc,5793
@@ -13,17 +13,17 @@ alpha/domain/models/__init__.py,sha256=ZBL9sp-DL8qVvD5QQHOqoAGGZD7TneuiW7A_JPYtQ
 alpha/domain/models/base_model.py,sha256=VzPDUdizaDAydvv3PfSqWwkUtzaBSKv1et7yPcKEL44,837
 alpha/domain/models/group.py,sha256=8UeZrXDScAlfYf7qz8PzjFqUNdZkI49_oPPsAD-rYWI,1108
 alpha/domain/models/life_cycle_base.py,sha256=XMLAFoCxUeItmx9owyAxzUHJHN19s40TQKk_ZEDhexQ,246
-alpha/domain/models/user.py,sha256=nNdC4YHBHwhbm894dO2Cxffd-thIlYhgP4azKkfaxPE,1997
+alpha/domain/models/user.py,sha256=9YXDn2l0S7TjobaUKNJsqLqpz3v43ObUo0jMqZR6DEk,4783
 alpha/factories/__init__.py,sha256=baxoq0UY7UYust7NiR9wT954nJw5bfgSmOWvLjBt2C4,278
 alpha/factories/_type_conversion_matrix.py,sha256=mhMYpus6OFE0sZB0gQ-b1ndIOhiA1ScprvDa9tLANAM,5055
 alpha/factories/_type_mapping.py,sha256=f8cRfu8KUfw1ggY0Txs6fEX2e6GaXrsNcc2SCeYFRHM,789
 alpha/factories/class_factories.py,sha256=MDUnWQC1a3OUE0HyKEZx6watdMes8BjjoZQaOzBWfVo,15582
 alpha/factories/default_field_factory.py,sha256=ZvPU6BdrdELmZNXIeTmRp_YOCIscWFC9W6s05qXyXrk,1758
 alpha/factories/field_iterator.py,sha256=_7Z5UIdGEHhVV2JYA-e7ayJb7wnvo6KVRgXwykOCbgA,6212
-alpha/factories/jwt_factory.py,sha256=S6RSbFGpB2LOs1rz_k5uPnqb_8pQ_04BNwCHdZ_Fozg,4354
+alpha/factories/jwt_factory.py,sha256=zNRmGu874AYOHvRPrNQd1p-TAQPRx1lPgxusiut1JhM,6407
 alpha/factories/logging_handler_factory.py,sha256=H9gVS1rNt5Jln3C_2EbOvJG-gqS9ksTsYUIx2UK7gVk,3059
 alpha/factories/model_class_factory.py,sha256=40eiLr8gYXpJfbbn1wPzcgsys9gU5x9nB2zlVTbgU7E,5704
-alpha/factories/password_factory.py,sha256=ptj5BMcN_dYM5b0DzqvIBOYx_LaugWTA8LxXYz9SCs0,4186
+alpha/factories/password_factory.py,sha256=dmpcKUG-R4CI68GpW5sxlnbuP5T09uzzRYeXbMn-QWk,4187
 alpha/factories/request_factory.py,sha256=271gFfiDf5ZgtDcB0CQYG4ppbj-XuKic2ENWVNMrg2s,6704
 alpha/factories/response_factory.py,sha256=QFtOq2n7cYkBeLoz-mZdBtHkVsJiQ2rHNF6SdP_nz_E,6399
 alpha/factories/type_factories.py,sha256=_cBJQQtccnbq-fThP402J1YuI5vM0BlmSJWGyZi0MTU,6017
@@ -47,7 +47,7 @@ alpha/handlers/templates/python-flask/__init__model.mustache,sha256=JRwyJmOCAD8n
 alpha/handlers/templates/python-flask/__init__test.mustache,sha256=wUxDXcyE4rPh3sDp8MvR5m8vqzoU25Fw1bo_xh6InnY,438
 alpha/handlers/templates/python-flask/__main__.mustache,sha256=GetXHmF7BXxrwVajfkI6OjLQV7ekFxD9SPYHjZLNNWY,2393
 alpha/handlers/templates/python-flask/base_model.mustache,sha256=B--jl9LmfiHACq9n1kDxm6YTi6tb1oSUFnZya_IKOhU,2184
-alpha/handlers/templates/python-flask/controller.mustache,sha256=uGontq1CAmb2h0vsqrl6ZtpS8i_yr3aSzrVNg_Oi2qg,13053
+alpha/handlers/templates/python-flask/controller.mustache,sha256=zGVY4a5dGKH4gEYT6D5bXiTy3DEqRPKLKDSI3wucr64,13395
 alpha/handlers/templates/python-flask/controller_test.mustache,sha256=RX_IG_eaC4rmI696jDUkDcOhPE9CgS2YmgqOBIEn7GM,2849
 alpha/handlers/templates/python-flask/dockerignore.mustache,sha256=hqlHuqIMLuuwvVqK6xhIcfaezKoChriR3D7TvxtkjGo,906
 alpha/handlers/templates/python-flask/encoder.mustache,sha256=03rsvhN_QdqaWsQC2v3772UvrLEXna9WcvxQsl6mwiU,866
@@ -89,7 +89,7 @@ alpha/interfaces/pydantic_instance.py,sha256=S96jLEWRmDyvYV3VqofSqjiN-lcjfkjiNp7
 alpha/interfaces/sql_database.py,sha256=H52NR1ti2j9G9zJsibPtKmXL7WdHOzeSyPXO4Zq9wlA,996
 alpha/interfaces/sql_mapper.py,sha256=NyPYc4DuG9HBd9LO8ooYidD-rv1poSty5GmzW6jmE8g,465
 alpha/interfaces/sql_repository.py,sha256=PS_nIK9Yej15OlSVdLm_JNDPzhMEuCTT0C98lznIqJ8,8767
-alpha/interfaces/token_factory.py,sha256=lzrqU7Sx5w9UxHbBp17y0lnPKmDqMVCp4Z6xMdWqpXg,1644
+alpha/interfaces/token_factory.py,sha256=8leGt3jIGiYQfQBFQWWgscU9uI3N_P4bkOSAwh15oMg,1845
 alpha/interfaces/unit_of_work.py,sha256=yQ0Zexj3gVOzH7pjwF_9tvAKUPvzCielvgdzzCgLuZA,870
 alpha/interfaces/updateable.py,sha256=7Vq6kzNa8hyTVk_vzjUdM8hUyRWclHt7L3erRlo7L2U,173
 alpha/mixins/__init__.py,sha256=4In0NQdfIFB8U-E4dzxHOJFJGUk6-1lQ_eJ7C1fKnvk,87
@@ -101,30 +101,32 @@ alpha/providers/ldap_provider.py,sha256=r6T8cMVrN1oMAw_a494n8P7ZmHQkNLVmcOwk4lCh
 alpha/providers/oidc_provider.py,sha256=sAu4kMepJ2YRao3d4LZo3-nX86k3Sn9cukQ7nEeCFhg,12717
 alpha/providers/models/__init__.py,sha256=SI-qTA3JMOxXx4o1h7frk8x3PRj0g_GSCEbLzyvw7CI,409
 alpha/providers/models/credentials.py,sha256=_nq60FcPVcWfRQ6UmK1Ug4ey6f-MWXGwKWHdIct2q9M,476
-alpha/providers/models/identity.py,sha256=L_BlFHlXNZaQ1DoQ_H1tI7ZXBzxOp_gWS2e5o9l2myw,14817
+alpha/providers/models/identity.py,sha256=KostRfSm3vc0kTokdqPVdUZyBgEcNYK9hfpU_pLg2FQ,14825
 alpha/providers/models/token.py,sha256=jWFQSuXsPuy2xNpJRwpdzpOTtiMJ1xfUelQhQTxmykU,1698
 alpha/repositories/__init__.py,sha256=qN7iefBr93_fXo8cTn_RUFaz8PPhsUlzojKbYFM2m-c,306
 alpha/repositories/rest_api_repository.py,sha256=RWGa5KxvOAiS_g5WIx_qLTPAUd5HPtKgAY2CX3-W-t0,46019
 alpha/repositories/sql_alchemy_repository.py,sha256=k4WeK15w4a0XZ360UoUMtflLamGX8ycbySrxFpPwcio,19912
 alpha/repositories/models/__init__.py,sha256=PY3kFG0z5r5ALcwBFXVNO9GAVNn1tVTkvUp8XoZEMuY,109
-alpha/repositories/models/repository_model.py,sha256=IMkYC_u9m8R_BJi_7cYSZeau0jTriO5lPkWX_8VLavw,1031
-alpha/services/__init__.py,sha256=_S7-3YxzxXtqAgcxol_RnhjBOgEMcFaGECkqwuWyeLQ,116
-alpha/services/authentication_service.py,sha256=Bm1JGXPYq9_MWbSgj5pErzpp5rYrsLCQCT2cN8xMCzo,28978
+alpha/repositories/models/repository_model.py,sha256=WpfW90HpDvwDK5jcqNcprIKugqxcMaQWoqEFEgr0FoA,1038
+alpha/services/__init__.py,sha256=yeUbS-N0127DSejbCAv9jbdKuHRa_H5Ue0CtsWf4ghI,224
+alpha/services/authentication_service.py,sha256=61x17xNI_D0MFhxf6D1ME0ceSfqfkn28bF6U8tDlQ5Y,29694
+alpha/services/user_lifecycle_management.py,sha256=OHrzmRJ79yrYWB55Vp_9DDAM9V__nCUpgKCF5PwVT4E,10411
 alpha/services/models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 alpha/services/models/cookie.py,sha256=V0BTBG_AsvJEGoBv5_6n4LYWt36YJfGT2MVkTvWfxTU,1654
-alpha/utils/__init__.py,sha256=0ee9hUogCyBKBlaeQMrRzr_qf1noFm-PxfBx4tyKSZk,635
+alpha/utils/__init__.py,sha256=QHentkiIMO_schZQ1k7XoTwZLfdwxliKlHExm51sMuc,698
 alpha/utils/_http_codes.py,sha256=QLU43JnjvYGsv6u_quRP7jzgg996boa4-a-yKcSw9Bo,6558
 alpha/utils/is_attrs.py,sha256=LlLozdSnKEjFtVwJm9AWf7NAIkBPotnpbhFmwz3f4AI,432
 alpha/utils/is_pydantic.py,sha256=qFxiR8UsHW612D_0e33ghtSZ4xDG-chhY6JU56lSzrg,635
 alpha/utils/logging_configurator.py,sha256=gnN1mlV9sPnSrWvR8jrGuBrc8pYWeQ2cyTpzCkWDOFM,3741
 alpha/utils/logging_level_checker.py,sha256=x3MrwV0aqmtd-YOb5VxZzNm6MKsX3YtaVxUQ6dT0E4E,669
+alpha/utils/request_headers.py,sha256=ETaYLFuPdAYiFHBeb9HFSrpqM3lZsxueFwHqYOq_-wU,3993
 alpha/utils/response_object.py,sha256=AomSsUGHNjH-evtcFDlUbR56-B676Fs8hb94dhKELyY,4948
 alpha/utils/secret_generator.py,sha256=SOzhyC3e3epSLCpc-7TEKntmdsrNoU6SRD2mIxwlGe0,401
 alpha/utils/verify_identity.py,sha256=tnh9JAez8FlrqN4Bqh1bfTdnEOM2VA1ZAVLfZCqI-ZU,2229
 alpha/utils/version_checker.py,sha256=W8v69hDbrr0VvJ40gpFmXMtVawrDmUz_YGWssKUTmVE,380
-alpha_python-0.5.0.dist-info/licenses/LICENSE,sha256=5KwEqC3KUoH4lVXgZ9tGriKOl-LGxHkXBWo16mFmAYM,1070
-alpha_python-0.5.0.dist-info/METADATA,sha256=RUwU7vjZOMr6NkUhqVIhKQ_JkK0GJ0Bo3-qPedzjBnE,3783
-alpha_python-0.5.0.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
-alpha_python-0.5.0.dist-info/entry_points.txt,sha256=LBEXdcofOugYYdZ46nz5Dxj_aj1QbRBkumfPGhy-GXI,41
-alpha_python-0.5.0.dist-info/top_level.txt,sha256=tqmNnOmi2RSSiPo99C03fD5Cc3r9za9xTjPAoQC1EGA,6
-alpha_python-0.5.0.dist-info/RECORD,,
+alpha_python-0.5.1.dist-info/licenses/LICENSE,sha256=5KwEqC3KUoH4lVXgZ9tGriKOl-LGxHkXBWo16mFmAYM,1070
+alpha_python-0.5.1.dist-info/METADATA,sha256=Gw4-1tWzAB-lx_hBAxLryd6Lt2kGoDQXvZdd6DTfWo4,3783
+alpha_python-0.5.1.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+alpha_python-0.5.1.dist-info/entry_points.txt,sha256=LBEXdcofOugYYdZ46nz5Dxj_aj1QbRBkumfPGhy-GXI,41
+alpha_python-0.5.1.dist-info/top_level.txt,sha256=tqmNnOmi2RSSiPo99C03fD5Cc3r9za9xTjPAoQC1EGA,6
+alpha_python-0.5.1.dist-info/RECORD,,