amsdal 0.3.1__cp311-cp311-macosx_10_9_universal2.whl → 0.3.3__cp311-cp311-macosx_10_9_universal2.whl

amsdal/__about__.py

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2023-present
 #
 # SPDX-License-Identifier: AMSDAL End User License Agreement
-__version__ = '0.3.1'
+__version__ = '0.3.3'

amsdal/contrib/auth/decorators/__init__.py

@@ -1,3 +1,4 @@
+import asyncio
 from collections.abc import Callable
 from functools import wraps
 from typing import Any
@@ -7,14 +8,28 @@ from amsdal.contrib.auth.errors import AuthenticationError
 
 
 def require_auth(func: Callable[..., Any]) -> Callable[..., Any]:
-    @wraps(func)
-    def wrapper(*args: Any, **kwargs: Any) -> Callable[..., Any]:
-        request = AmsdalContextManager().get_context().get('request', None)
+    if asyncio.iscoroutinefunction(func):
 
-        if not request or not request.user:
-            msg = 'Authentication required'
-            raise AuthenticationError(msg)
+        @wraps(func)
+        async def wrapper(*args: Any, **kwargs: Any) -> Callable[..., Any]:
+            request = AmsdalContextManager().get_context().get('request', None)
 
-        return func(*args, **kwargs)
+            if not request or not request.user:
+                msg = 'Authentication required'
+                raise AuthenticationError(msg)
+
+            return await func(*args, **kwargs)
+
+    else:
+
+        @wraps(func)
+        def wrapper(*args: Any, **kwargs: Any) -> Callable[..., Any]:
+            request = AmsdalContextManager().get_context().get('request', None)
+
+            if not request or not request.user:
+                msg = 'Authentication required'
+                raise AuthenticationError(msg)
+
+            return func(*args, **kwargs)
 
     return wrapper

amsdal/contrib/auth/lifecycle/consumer.py

@@ -2,6 +2,7 @@ import logging
 from typing import Any
 
 import jwt
+from amsdal_data.transactions.decorators import async_transaction
 from amsdal_data.transactions.decorators import transaction
 from amsdal_models.classes.helpers.reference_loader import ReferenceLoader
 from amsdal_models.classes.model import Model
@@ -70,6 +71,54 @@ class CheckAndCreateSuperUserConsumer(LifecycleConsumer):
         instance.save(force_insert=True)
         logger.info('Super user created successfully')
 
+    @async_transaction
+    async def on_event_async(self) -> None:  # type: ignore[override]
+        """
+        Checks for the existence of a super user and creates one if necessary.
+
+        This method ensures that a super user exists by checking the email and password
+        in the authentication settings. If the super user does not exist, it creates one
+        with the necessary permissions.
+        """
+        from amsdal.contrib.auth.settings import auth_settings
+        from models.contrib.permission import Permission  # type: ignore[import-not-found]
+        from models.contrib.user import User  # type: ignore[import-not-found]
+
+        logger.info('Ensure super user exists')
+
+        if not (auth_settings.ADMIN_USER_EMAIL and auth_settings.ADMIN_USER_PASSWORD):
+            logger.info('Email / password missing for super user - skipping')
+            return
+
+        user = (
+            await User.objects.filter(email=auth_settings.ADMIN_USER_EMAIL, _address__object_version=Versions.LATEST)
+            .get_or_none()
+            .aexecute()
+        )
+        if user is not None:
+            logger.info('Super user already exists - skipping')
+            return
+
+        logger.info("Super user doesn't exist - creating now")
+
+        access_all_permission = (
+            await Permission.objects.filter(
+                model='*',
+                action='*',
+                _address__object_version=Versions.LATEST,
+            )
+            .get()
+            .aexecute()
+        )
+
+        instance = User(
+            email=auth_settings.ADMIN_USER_EMAIL,
+            password=auth_settings.ADMIN_USER_PASSWORD,
+            permissions=[access_all_permission],
+        )
+        await instance.asave(force_insert=True)
+        logger.info('Super user created successfully')
+
 
 class AuthenticateUserConsumer(LifecycleConsumer):
     """
@@ -120,6 +169,46 @@ class AuthenticateUserConsumer(LifecycleConsumer):
 
         authentication_info.user = user
 
+    async def on_event_async(self, auth_header: str, authentication_info: Any) -> None:
+        """
+        Authenticates the user using the provided JWT token.
+
+        This method decodes the JWT token from the authorization header and retrieves
+        the corresponding user from the database. If the token is invalid or expired,
+        it raises an `AuthenticationError`.
+
+        Args:
+            auth_header (str): The JWT token from the authorization header.
+            authentication_info (Any): The authentication information object to update with the user.
+        """
+        from amsdal.contrib.auth.settings import auth_settings
+        from models.contrib.user import User  # type: ignore[import-not-found]
+
+        authentication_info.user = None
+        email: str | None
+
+        try:
+            jwt_payload = jwt.decode(
+                auth_header,
+                auth_settings.AUTH_JWT_KEY,  # type: ignore[arg-type]
+                algorithms=['HS256'],
+            )
+            email = jwt_payload['email']
+        except jwt.ExpiredSignatureError as exc:
+            logger.error('Auth token expired. Defaulting to anonymous user.')
+
+            msg = 'Auth token has expired.'
+            raise AuthenticationError(msg) from exc
+        except Exception as exc:
+            logger.error('Auth token decode failure. Defaulting to anonymous user.')
+
+            msg = 'Failed to decode auth token.'
+            raise AuthenticationError(msg) from exc
+
+        user = await User.objects.filter(email=email, _address__object_version=Versions.LATEST).get_or_none().aexecute()
+
+        authentication_info.user = user
+
 
 class CheckPermissionConsumer(LifecycleConsumer):
     """
@@ -155,6 +244,32 @@ class CheckPermissionConsumer(LifecycleConsumer):
             elif required_permission.action == 'delete':
                 permissions_info.has_delete_permission = False
 
+    async def _async_prepopulate_default_permissions(self, object_class: type[Model], permissions_info: Any) -> None:
+        from amsdal.contrib.auth.settings import auth_settings
+        from models.contrib.permission import Permission  # type: ignore[import-not-found]
+
+        permissions_info.has_read_permission = not auth_settings.REQUIRE_DEFAULT_AUTHORIZATION
+        permissions_info.has_create_permission = (
+            (not auth_settings.REQUIRE_DEFAULT_AUTHORIZATION) if object_class.__name__ != 'LoginSession' else True
+        )
+        permissions_info.has_update_permission = not auth_settings.REQUIRE_DEFAULT_AUTHORIZATION
+        permissions_info.has_delete_permission = not auth_settings.REQUIRE_DEFAULT_AUTHORIZATION
+
+        required_permissions = await Permission.objects.filter(
+            model=object_class.__name__,
+            _address__object_version=Versions.LATEST,
+        ).aexecute()
+
+        for required_permission in required_permissions:
+            if required_permission.action == 'read':
+                permissions_info.has_read_permission = False
+            elif required_permission.action == 'create':
+                permissions_info.has_create_permission = False
+            elif required_permission.action == 'update':
+                permissions_info.has_update_permission = False
+            elif required_permission.action == 'delete':
+                permissions_info.has_delete_permission = False
+
     def _check_class_permissions(self, object_class: type[Model], user: Any, permissions_info: Any) -> None:
         if hasattr(object_class, 'has_permission'):
             for action in ['read', 'create', 'update', 'delete']:
@@ -185,6 +300,36 @@ class CheckPermissionConsumer(LifecycleConsumer):
                 permissions_info.has_update_permission = True
                 permissions_info.has_delete_permission = True
 
+    async def _async_check_class_permissions(self, object_class: type[Model], user: Any, permissions_info: Any) -> None:
+        if hasattr(object_class, 'has_permission'):
+            for action in ['read', 'create', 'update', 'delete']:
+                setattr(permissions_info, f'has_{action}_permission', object_class.has_permission(user, action))
+
+        if not user or not getattr(user, 'permissions', None):
+            return
+
+        user_permissions = [
+            await ReferenceLoader(p).aload_reference() if isinstance(p, Reference) else p for p in user.permissions
+        ]
+
+        for user_permission in user_permissions:
+            if user_permission.model not in [object_class.__name__, '*']:
+                continue
+
+            if user_permission.action == 'read':
+                permissions_info.has_read_permission = True
+            elif user_permission.action == 'create':
+                permissions_info.has_create_permission = True
+            elif user_permission.action == 'update':
+                permissions_info.has_update_permission = True
+            elif user_permission.action == 'delete':
+                permissions_info.has_delete_permission = True
+            elif user_permission.action == '*':
+                permissions_info.has_read_permission = True
+                permissions_info.has_create_permission = True
+                permissions_info.has_update_permission = True
+                permissions_info.has_delete_permission = True
+
     def _check_object_permissions(self, obj: Model, user: Any, permissions_info: Any) -> None:
         if hasattr(obj, 'has_object_permission'):
             for action in ['read', 'update', 'delete']:
@@ -220,3 +365,30 @@ class CheckPermissionConsumer(LifecycleConsumer):
 
         if obj:
             self._check_object_permissions(obj, user, permissions_info)
+
+    async def on_event_async(
+        self,
+        object_class: type[Model],
+        user: Any,
+        access_types: list[Any],  # noqa: ARG002
+        permissions_info: Any,
+        obj: Model | None = None,
+    ) -> None:
+        """
+        Main method to check permissions for a given user and object.
+
+        This method prepopulates default permissions, checks class-level permissions,
+        and object-level permissions for the given user and object.
+
+        Args:
+            object_class (type[Model]): The class of the object to check permissions for.
+            user (Any): The user to check permissions for.
+            access_types (list[Any]): The list of access types to check.
+            permissions_info (Any): The permissions information object to update.
+            obj (Model | None): The object to check permissions for, if any.
+        """
+        await self._async_prepopulate_default_permissions(object_class, permissions_info)
+        await self._async_check_class_permissions(object_class, user, permissions_info)
+
+        if obj:
+            self._check_object_permissions(obj, user, permissions_info)

amsdal/contrib/auth/lifecycle/consumer.pyi

@@ -17,6 +17,14 @@ class CheckAndCreateSuperUserConsumer(LifecycleConsumer):
         """
         Checks for the existence of a super user and creates one if necessary.
 
+        This method ensures that a super user exists by checking the email and password
+        in the authentication settings. If the super user does not exist, it creates one
+        with the necessary permissions.
+        """
+    async def on_event_async(self) -> None:
+        """
+        Checks for the existence of a super user and creates one if necessary.
+
         This method ensures that a super user exists by checking the email and password
         in the authentication settings. If the super user does not exist, it creates one
         with the necessary permissions.
@@ -38,6 +46,18 @@ class AuthenticateUserConsumer(LifecycleConsumer):
         the corresponding user from the database. If the token is invalid or expired,
         it raises an `AuthenticationError`.
 
+        Args:
+            auth_header (str): The JWT token from the authorization header.
+            authentication_info (Any): The authentication information object to update with the user.
+        """
+    async def on_event_async(self, auth_header: str, authentication_info: Any) -> None:
+        """
+        Authenticates the user using the provided JWT token.
+
+        This method decodes the JWT token from the authorization header and retrieves
+        the corresponding user from the database. If the token is invalid or expired,
+        it raises an `AuthenticationError`.
+
         Args:
             auth_header (str): The JWT token from the authorization header.
             authentication_info (Any): The authentication information object to update with the user.
@@ -51,7 +71,9 @@ class CheckPermissionConsumer(LifecycleConsumer):
     and object-level permissions for a given user and object.
     """
     def _prepopulate_default_permissions(self, object_class: type[Model], permissions_info: Any) -> None: ...
+    async def _async_prepopulate_default_permissions(self, object_class: type[Model], permissions_info: Any) -> None: ...
     def _check_class_permissions(self, object_class: type[Model], user: Any, permissions_info: Any) -> None: ...
+    async def _async_check_class_permissions(self, object_class: type[Model], user: Any, permissions_info: Any) -> None: ...
     def _check_object_permissions(self, obj: Model, user: Any, permissions_info: Any) -> None: ...
     def on_event(self, object_class: type[Model], user: Any, access_types: list[Any], permissions_info: Any, obj: Model | None = None) -> None:
         """
@@ -60,6 +82,20 @@ class CheckPermissionConsumer(LifecycleConsumer):
         This method prepopulates default permissions, checks class-level permissions,
         and object-level permissions for the given user and object.
 
+        Args:
+            object_class (type[Model]): The class of the object to check permissions for.
+            user (Any): The user to check permissions for.
+            access_types (list[Any]): The list of access types to check.
+            permissions_info (Any): The permissions information object to update.
+            obj (Model | None): The object to check permissions for, if any.
+        """
+    async def on_event_async(self, object_class: type[Model], user: Any, access_types: list[Any], permissions_info: Any, obj: Model | None = None) -> None:
+        """
+        Main method to check permissions for a given user and object.
+
+        This method prepopulates default permissions, checks class-level permissions,
+        and object-level permissions for the given user and object.
+
         Args:
             object_class (type[Model]): The class of the object to check permissions for.
             user (Any): The user to check permissions for.

amsdal/contrib/auth/models/login_session/hooks/pre_init.py

@@ -3,9 +3,10 @@ from datetime import timedelta
 from datetime import timezone
 from typing import Any
 
-import bcrypt
+# import bcrypt
 import jwt
-from amsdal_utils.models.enums import Versions
+
+# from amsdal_utils.models.enums import Versions
 
 
 def pre_init(self, *, is_new_object: bool, kwargs: dict[str, Any]) -> None:  # type: ignore[no-untyped-def]  # noqa: ARG001
@@ -41,17 +42,20 @@ def pre_init(self, *, is_new_object: bool, kwargs: dict[str, Any]) -> None:  # t
 
     lowercased_email = email.lower()
 
-    from models.contrib.user import User  # type: ignore[import-not-found]
+    # from models.contrib.user import User  # type: ignore[import-not-found]
 
-    user = User.objects.filter(email=lowercased_email, _address__object_version=Versions.LATEST).get_or_none().execute()
+    # user = User.objects.filter(
+    #     email=lowercased_email,
+    #     _address__object_version=Versions.LATEST
+    # ).get_or_none().execute()
 
-    if not user:
-        msg = 'Invalid email / password'
-        raise AuthenticationError(msg)
+    # if not user:
+    #     msg = 'Invalid email / password'
+    #     raise AuthenticationError(msg)
 
-    if not bcrypt.checkpw(password.encode('utf-8') if isinstance(password, str) else password, user.password):
-        msg = 'Invalid email / password'
-        raise AuthenticationError(msg)
+    # if not bcrypt.checkpw(password.encode('utf-8') if isinstance(password, str) else password, user.password):
+    #     msg = 'Invalid email / password'
+    #     raise AuthenticationError(msg)
 
     kwargs['password'] = 'validated'
     expiration_time = datetime.now(tz=timezone.utc) + timedelta(seconds=auth_settings.AUTH_TOKEN_EXPIRATION)

amsdal/contrib/auth/models/user/hooks/post_init.py

@@ -55,3 +55,22 @@ def pre_update(self) -> None:  # type: ignore[no-untyped-def]
         except ValueError:
             hashed_password = bcrypt.hashpw(password, bcrypt.gensalt())
             self.password = hashed_password
+
+
+async def apre_update(self) -> None:  # type: ignore[no-untyped-def]
+    import bcrypt
+
+    original_object = await self.arefetch_from_db()
+
+    password = self.password
+
+    if original_object.password and password is not None:
+        if isinstance(password, str):
+            password = password.encode('utf-8')
+
+        try:
+            if not bcrypt.checkpw(password, original_object.password):
+                self.password = password
+        except ValueError:
+            hashed_password = bcrypt.hashpw(password, bcrypt.gensalt())
+            self.password = hashed_password

amsdal/contrib/frontend_configs/lifecycle/consumer.py

@@ -240,3 +240,48 @@ class ProcessResponseConsumer(LifecycleConsumer):
                 )
             else:
                 response['control'] = populate_frontend_config_with_values(get_default_control(class_name), values)
+
+    async def on_event_async(
+        self,
+        request: Any,
+        response: dict[str, Any],
+    ) -> None:
+        """
+        Handles the event by extracting the class name and values from the request and response,
+        and populates the frontend configuration accordingly.
+
+        Args:
+            request (Any): The request object containing query and path parameters.
+            response (dict[str, Any]): The response dictionary to be processed.
+
+        Returns:
+            None
+        """
+        from models.contrib.frontend_model_config import FrontendModelConfig  # type: ignore[import-not-found]
+
+        class_name = None
+        values = {}
+        if hasattr(request, 'query_params') and 'class_name' in request.query_params:
+            class_name = request.query_params['class_name']
+
+        if hasattr(request, 'path_params') and 'address' in request.path_params:
+            class_name = Address.from_string(request.path_params['address']).class_name
+            values = get_values_from_response(response)
+
+        if class_name and isinstance(response, dict):
+            config = (
+                await FrontendModelConfig.objects.all()
+                .first(
+                    class_name=class_name,
+                    _metadata__is_deleted=False,
+                    _address__object_version=Versions.LATEST,
+                )
+                .aexecute()
+            )
+
+            if config and config.control:
+                response['control'] = populate_frontend_config_with_values(
+                    config.control.model_dump(exclude_none=True), values
+                )
+            else:
+                response['control'] = populate_frontend_config_with_values(get_default_control(class_name), values)

amsdal/contrib/frontend_configs/lifecycle/consumer.pyi

@@ -77,6 +77,18 @@ class ProcessResponseConsumer(LifecycleConsumer):
         Handles the event by extracting the class name and values from the request and response,
         and populates the frontend configuration accordingly.
 
+        Args:
+            request (Any): The request object containing query and path parameters.
+            response (dict[str, Any]): The response dictionary to be processed.
+
+        Returns:
+            None
+        """
+    async def on_event_async(self, request: Any, response: dict[str, Any]) -> None:
+        """
+        Handles the event by extracting the class name and values from the request and response,
+        and populates the frontend configuration accordingly.
+
         Args:
             request (Any): The request object containing query and path parameters.
             response (dict[str, Any]): The response dictionary to be processed.