amsdal 0.3.3__cp311-cp311-macosx_10_9_universal2.whl → 0.5.29__cp311-cp311-macosx_10_9_universal2.whl

amsdal/__migrations__/0004_update_class_file.py

@@ -0,0 +1,45 @@
+from amsdal_models.migration import migrations
+from amsdal_utils.models.enums import ModuleType
+
+
+class Migration(migrations.Migration):
+    operations: list[migrations.Operation] = [
+        migrations.UpdateClass(
+            module_type=ModuleType.CORE,
+            class_name="File",
+            old_schema={
+                "title": "File",
+                "required": ["filename"],
+                "properties": {
+                    "filename": {"type": "string", "title": "Filename"},
+                    "data": {"type": "binary", "title": "Data"},
+                    "size": {"type": "number", "title": "Size"},
+                    "storage_address": {"type": "anything", "title": "Storage Reference"},
+                },
+                "custom_code": 'import base64\nimport io\nfrom contextlib import suppress\nfrom pathlib import Path\nfrom typing import IO\nfrom typing import Any\nfrom typing import BinaryIO\n\nfrom amsdal_models.storage.backends.db import DBStorage\nfrom amsdal_models.storage.base import Storage\nfrom pydantic import model_validator\n\n\n@classmethod\ndef data_base64_decode(cls, data: Any) -> bytes:\n    if isinstance(data, str):\n        data = data.encode(\'utf-8\')\n    is_base64: bool = False\n    with suppress(Exception):\n        is_base64 = base64.b64encode(base64.b64decode(data)) == data\n    if is_base64:\n        return base64.b64decode(data)\n    return data\n\n@classmethod\ndef from_bytes(cls, filename: str, data: bytes) -> \'File\':\n    """\n        Creates a `File` object from a byte string.\n\n        Args:\n            filename (str): The filename of the file.\n            data (bytes): The byte string containing the file data.:\n\n        Returns:\n            File: The created `File` object.\n        """\n    obj = cls(filename=filename, data=data, size=len(data))\n    obj._needs_persist = True\n    return obj\n\n@classmethod\ndef from_file(cls, file_or_path: Path | BinaryIO) -> \'File\':\n    """\n        Creates a `File` object from a file path or a binary file object.\n\n        Args:\n            file_or_path (Path | BinaryIO): The file path or binary file object.\n\n        Returns:\n            File: The created `File` object.\n\n        Raises:\n            ValueError: If the provided path is a directory.\n        """\n    f: BinaryIO | io.BufferedReader\n    if isinstance(file_or_path, Path):\n        if file_or_path.is_dir():\n            msg = f\'{file_or_path} is a directory\'\n            raise ValueError(msg)\n        f = file_or_path.open(\'rb\')\n        filename = file_or_path.name\n        size = file_or_path.stat().st_size\n    else:\n        f = file_or_path\n        filename = Path(getattr(f, \'name\', \'unnamed\')).name\n        try:\n            if f.seekable():\n                f.seek(0, io.SEEK_END)\n                size = f.tell()\n                f.seek(0)\n            else:\n                size = None\n        except (OSError, AttributeError):\n            size = None\n    obj = cls(filename=filename, size=size)\n    obj._source = f\n    obj._needs_persist = True\n    return obj\n\n@model_validator(mode=\'before\')\n@classmethod\ndef validate_model_data(cls, data: Any) -> Any:\n    if isinstance(data, dict):\n        if \'data\' in data:\n            if data[\'data\']:\n                data[\'data\'] = cls.data_base64_decode(data[\'data\'])\n                data[\'size\'] = len(data[\'data\'])\n            else:\n                data[\'size\'] = 0\n    return data\n\n@property\ndef mimetype(self) -> str | None:\n    """\n        Returns the MIME type of the file based on its filename.\n\n        This method uses the `mimetypes` module to guess the MIME type of the file.\n\n        Returns:\n            str | None: The guessed MIME type of the file, or None if it cannot be determined.\n        """\n    import mimetypes\n    return mimetypes.guess_type(self.filename)[0]\n\n@property\ndef storage(self) -> Storage:\n    from amsdal.storages import default_storage\n    if self._storage:\n        return self._storage\n    if self.storage_address:\n        return Storage.from_storage_spec({\'storage_class\': self.storage_address.ref.resource})\n    return default_storage()\n\nasync def aopen(self, mode: str=\'rb\') -> Any:\n    """\n        Async variant of open().\n\n        Uses the resolved storage to call aopen(); if the backend does not implement\n        async, falls back to the sync open().\n        """\n    try:\n        return await self.storage.aopen(self, mode)\n    except NotImplementedError:\n        return self.storage.open(self, mode)\n\nasync def apre_create(self) -> None:\n    if self._needs_persist:\n        from amsdal_models.storage.persistence import apersist_file\n        await apersist_file(self, storage=self.storage)\n\nasync def apre_update(self) -> None:\n    if self._needs_persist:\n        from amsdal_models.storage.persistence import apersist_file\n        await apersist_file(self, storage=self.storage)\n\nasync def aread_bytes(self) -> bytes:\n    async with await self.aopen() as f:\n        return await f.read()\n\nasync def aurl(self) -> str:\n    """\n        Async variant of url().\n\n        Uses the resolved storage to call aurl(); if the backend does not implement\n        async, falls back to the sync url().\n        """\n    try:\n        return await self.storage.aurl(self)\n    except NotImplementedError:\n        return self.storage.url(self)\n\ndef __repr__(self) -> str:\n    return f"File<{self.filename}>({self.size or len(self.data or \'\') or 0} bytes)"\n\ndef __str__(self) -> str:\n    return repr(self)\n\ndef open(self, mode: str=\'rb\') -> IO[Any]:\n    """\n        Open a binary stream for reading (or other modes if supported) using storage_address.\n\n        Raises StateError if storage_address is missing.\n        """\n    return self.storage.open(self, mode)\n\ndef pre_create(self) -> None:\n    if self._needs_persist:\n        from amsdal_models.storage.persistence import persist_file\n        persist_file(self, storage=self.storage)\n\ndef pre_update(self) -> None:\n    if self._needs_persist:\n        from amsdal_models.storage.persistence import persist_file\n        persist_file(self, storage=self.storage)\n\ndef read_bytes(self) -> bytes:\n    with self.open() as f:\n        return f.read()\n\ndef set_data(self, data: bytes | str) -> None:\n    if not isinstance(self.storage, DBStorage):\n        msg = \'Cannot set data on a file that is not stored in a database. Use `File.from_bytes` instead.\'\n        raise ValueError(msg)\n    self.data = self.data_base64_decode(data)\n    self.size = len(self.data)\n    self._needs_persist = True\n\ndef to_file(self, file_or_path: Path | BinaryIO) -> None:\n    """\n        Writes the object\'s data to a file path or a binary file object.\n\n        Args:\n            file_or_path (Path | BinaryIO): The file path or binary file object where the data will be written.\n\n        Returns:\n            None\n\n        Raises:\n            ValueError: If the provided path is a directory.\n        """\n    with self.open() as f:\n        if isinstance(file_or_path, Path):\n            if file_or_path.is_dir():\n                file_or_path = file_or_path / self.name\n            file_or_path.write_bytes(f.read())\n        else:\n            file_or_path.write(f.read())\n            file_or_path.seek(0)\n\ndef url(self) -> str:\n    """\n        Return a URL for this file using its storage_address.\n\n        Raises StateError if storage_address is missing.\n        """\n    return self.storage.url(self)',
+                "storage_metadata": {
+                    "table_name": "File",
+                    "db_fields": {},
+                    "primary_key": ["partition_key"],
+                    "foreign_keys": {},
+                },
+            },
+            new_schema={
+                "title": "File",
+                "required": ["filename"],
+                "properties": {
+                    "filename": {"type": "string", "title": "Filename"},
+                    "data": {"type": "binary", "title": "Data"},
+                    "size": {"type": "number", "title": "Size"},
+                    "storage_address": {"type": "anything", "title": "Storage Reference"},
+                },
+                "custom_code": 'import base64\nimport io\nfrom contextlib import suppress\nfrom pathlib import Path\nfrom typing import IO\nfrom typing import Any\nfrom typing import BinaryIO\n\nfrom amsdal_models.storage.backends.db import AsyncFileWrapper\nfrom amsdal_models.storage.backends.db import DBStorage\nfrom amsdal_models.storage.base import Storage\nfrom pydantic import model_validator\n\n\n@classmethod\ndef data_base64_decode(cls, data: Any) -> bytes:\n    if isinstance(data, str):\n        data = data.encode(\'utf-8\')\n    is_base64: bool = False\n    with suppress(Exception):\n        is_base64 = base64.b64encode(base64.b64decode(data)) == data\n    if is_base64:\n        return base64.b64decode(data)\n    return data\n\n@classmethod\ndef from_bytes(cls, filename: str, data: bytes) -> \'File\':\n    """\n        Creates a `File` object from a byte string.\n\n        Args:\n            filename (str): The filename of the file.\n            data (bytes): The byte string containing the file data.:\n\n        Returns:\n            File: The created `File` object.\n        """\n    obj = cls(filename=filename, data=data, size=len(data))\n    return obj\n\n@classmethod\ndef from_file(cls, file_or_path: Path | BinaryIO) -> \'File\':\n    """\n        Creates a `File` object from a file path or a binary file object.\n\n        Args:\n            file_or_path (Path | BinaryIO): The file path or binary file object.\n\n        Returns:\n            File: The created `File` object.\n\n        Raises:\n            ValueError: If the provided path is a directory.\n        """\n    f: BinaryIO | io.BufferedReader\n    if isinstance(file_or_path, Path):\n        if file_or_path.is_dir():\n            msg = f\'{file_or_path} is a directory\'\n            raise ValueError(msg)\n        f = file_or_path.open(\'rb\')\n        filename = file_or_path.name\n        size = file_or_path.stat().st_size\n    else:\n        f = file_or_path\n        filename = Path(getattr(f, \'name\', \'unnamed\')).name\n        try:\n            if f.seekable():\n                f.seek(0, io.SEEK_END)\n                size = f.tell()\n                f.seek(0)\n            else:\n                size = None\n        except (OSError, AttributeError):\n            size = None\n    obj = cls(filename=filename, size=size)\n    obj._source = f\n    return obj\n\n@model_validator(mode=\'before\')\n@classmethod\ndef validate_model_data(cls, data: Any) -> Any:\n    if isinstance(data, dict):\n        if \'data\' in data:\n            if data[\'data\']:\n                data[\'data\'] = cls.data_base64_decode(data[\'data\'])\n                data[\'size\'] = len(data[\'data\'])\n            else:\n                data[\'size\'] = 0\n    return data\n\n@property\ndef mimetype(self) -> str | None:\n    """\n        Returns the MIME type of the file based on its filename.\n\n        This method uses the `mimetypes` module to guess the MIME type of the file.\n\n        Returns:\n            str | None: The guessed MIME type of the file, or None if it cannot be determined.\n        """\n    import mimetypes\n    return mimetypes.guess_type(self.filename)[0]\n\n@property\ndef storage(self) -> Storage:\n    from amsdal.storages import default_storage\n    if self._storage:\n        return self._storage\n    if self.storage_address:\n        return Storage.from_storage_spec({\'storage_class\': self.storage_address.ref.resource})\n    return default_storage()\n\nasync def aopen(self, mode: str=\'rb\') -> Any:\n    """\n        Async variant of open().\n\n        Uses the resolved storage to call aopen(); if the backend does not implement\n        async, falls back to the sync open().\n        """\n    try:\n        return await self.storage.aopen(self, mode)\n    except NotImplementedError:\n        return AsyncFileWrapper(self.storage.open(self, mode))\n\nasync def apre_create(self) -> None:\n    from amsdal_models.storage.persistence import apersist_file\n    await apersist_file(self, storage=self.storage)\n\nasync def apre_update(self) -> None:\n    from amsdal_models.storage.persistence import apersist_file\n    await apersist_file(self, storage=self.storage)\n\nasync def aread_bytes(self) -> bytes:\n    async with await self.aopen() as f:\n        return await f.read()\n\nasync def aurl(self) -> str:\n    """\n        Async variant of url().\n\n        Uses the resolved storage to call aurl(); if the backend does not implement\n        async, falls back to the sync url().\n        """\n    try:\n        return await self.storage.aurl(self)\n    except NotImplementedError:\n        return self.storage.url(self)\n\ndef __repr__(self) -> str:\n    return f"File<{self.filename}>({self.size or len(self.data or \'\') or 0} bytes)"\n\ndef __str__(self) -> str:\n    return repr(self)\n\ndef open(self, mode: str=\'rb\') -> IO[Any]:\n    """\n        Open a binary stream for reading (or other modes if supported) using storage_address.\n\n        Raises StateError if storage_address is missing.\n        """\n    return self.storage.open(self, mode)\n\ndef pre_create(self) -> None:\n    from amsdal_models.storage.persistence import persist_file\n    persist_file(self, storage=self.storage)\n\ndef pre_update(self) -> None:\n    from amsdal_models.storage.persistence import persist_file\n    persist_file(self, storage=self.storage)\n\ndef read_bytes(self) -> bytes:\n    with self.open() as f:\n        return f.read()\n\ndef set_data(self, data: bytes | str) -> None:\n    if not isinstance(self.storage, DBStorage):\n        msg = \'Cannot set data on a file that is not stored in a database. Use `File.from_bytes` instead.\'\n        raise ValueError(msg)\n    self.data = self.data_base64_decode(data)\n    self.size = len(self.data)\n\ndef to_file(self, file_or_path: Path | BinaryIO) -> None:\n    """\n        Writes the object\'s data to a file path or a binary file object.\n\n        Args:\n            file_or_path (Path | BinaryIO): The file path or binary file object where the data will be written.\n\n        Returns:\n            None\n\n        Raises:\n            ValueError: If the provided path is a directory.\n        """\n    with self.open() as f:\n        if isinstance(file_or_path, Path):\n            if file_or_path.is_dir():\n                file_or_path = file_or_path / self.name\n            file_or_path.write_bytes(f.read())\n        else:\n            file_or_path.write(f.read())\n            file_or_path.seek(0)\n\ndef url(self) -> str:\n    """\n        Return a URL for this file using its storage_address.\n\n        Raises StateError if storage_address is missing.\n        """\n    return self.storage.url(self)',
+                "storage_metadata": {
+                    "table_name": "File",
+                    "db_fields": {},
+                    "primary_key": ["partition_key"],
+                    "foreign_keys": {},
+                },
+            },
+        ),
+    ]

amsdal/cloud/services/auth/credentials.pyi

@@ -6,7 +6,6 @@ from amsdal.cloud.services.actions.create_session import CreateSessionAction as
 from amsdal.cloud.services.auth.base import AuthHandlerBase as AuthHandlerBase
 from amsdal.cloud.services.auth.token import TokenAuthHandler as TokenAuthHandler
 from amsdal.errors import AmsdalAuthenticationError as AmsdalAuthenticationError
-from amsdal.schemas.manager import SchemaManager as SchemaManager
 
 class CredentialsAuthHandler(AuthHandlerBase):
     """

amsdal/cloud/services/auth/token.pyi

@@ -2,7 +2,6 @@ from _typeshed import Incomplete
 from amsdal.cloud.constants import JWT_PUBLIC_KEY as JWT_PUBLIC_KEY
 from amsdal.cloud.services.auth.base import AuthHandlerBase as AuthHandlerBase
 from amsdal.errors import AmsdalAuthenticationError as AmsdalAuthenticationError
-from amsdal.schemas.manager import SchemaManager as SchemaManager
 
 HMAC_KEY: bytes
 

amsdal/configs/main.py

@@ -48,20 +48,33 @@ class Settings(BaseSettings):
 
     APP_PATH: Path = Path('.')
     CONFIG_PATH: Path | None = None
-    MODELS_MODULE_NAME: str = 'models'
-    SCHEMAS_MODULE_NAME: str = 'schemas'
+    TYPE_MODELS_MODULE: str = 'amsdal.models.types'
+    CORE_MODELS_MODULE: str = 'amsdal.models.core'
+    USER_MODELS_MODULE_PATH: Path | None = None
+    USER_MODELS_MODULE: str = 'models'
+    FIXTURES_MODULE_PATH: Path | None = None
     FIXTURES_MODULE_NAME: str = 'fixtures'
+    STATIC_MODULE_PATH: Path | None = None
     STATIC_MODULE_NAME: str = 'static'
+    TRANSACTIONS_MODULE_PATH: Path | None = None
     TRANSACTIONS_MODULE_NAME: str = 'transactions'
+    MIGRATIONS_MODULE_PATH: Path | None = None
     MIGRATIONS_DIRECTORY_NAME: str = 'migrations'
     ACCESS_KEY_ID: str | None = None
     SECRET_ACCESS_KEY: str | None = None
     ACCESS_TOKEN: str | None = None
     SANDBOX_ENVIRONMENT: bool | None = None
-    CONTRIBS: list[str] = [
+    CONTRIBS: list[str] | str = [
         'amsdal.contrib.auth.app.AuthAppConfig',
         'amsdal.contrib.frontend_configs.app.FrontendConfigAppConfig',
     ]
+    CONTRIB_MODELS_PACKAGE_NAME: str = 'models'
+    CONTRIB_MIGRATIONS_DIRECTORY_NAME: str = 'migrations'
+
+    # File Storage
+    MEDIA_ROOT: Path = Path('./media')
+    MEDIA_URL: str = '/media/'
+    DEFAULT_FILE_STORAGE: str = 'amsdal_models.storage.backends.db.DBStorage'
 
     @field_validator('CONTRIBS', mode='after')
     def load_contrib_modules(cls, value: list[str]) -> list[str]:  # noqa: N805
@@ -88,7 +101,7 @@ class Settings(BaseSettings):
         return value
 
     @property
-    def models_root_path(self) -> Path:
+    def user_models_path(self) -> Path:
         """
         Returns the root path for models.
 
@@ -98,20 +111,16 @@ class Settings(BaseSettings):
         Returns:
             Path: The root path for the models directory.
         """
-        return self.APP_PATH / self.MODELS_MODULE_NAME
+        if self.USER_MODELS_MODULE_PATH:
+            return self.USER_MODELS_MODULE_PATH
 
-    @property
-    def schemas_root_path(self) -> Path:
-        """
-        Returns the root path for schemas.
+        if '.' in self.USER_MODELS_MODULE:
+            _package, _ = self.USER_MODELS_MODULE.split('.', 1)
+            _module = importlib.import_module(_package)
 
-        This property constructs and returns the path to the schemas directory
-        based on the `APP_PATH` and `SCHEMAS_MODULE_NAME` attributes.
+            return Path(_module.__path__[0])
 
-        Returns:
-            Path: The root path for the schemas directory.
-        """
-        return self.APP_PATH / self.SCHEMAS_MODULE_NAME
+        return self.APP_PATH / self.USER_MODELS_MODULE
 
     @property
     def fixtures_root_path(self) -> Path:
@@ -124,7 +133,7 @@ class Settings(BaseSettings):
         Returns:
             Path: The root path for the fixtures directory.
         """
-        return self.APP_PATH / self.FIXTURES_MODULE_NAME
+        return self.FIXTURES_MODULE_PATH or self.APP_PATH / self.FIXTURES_MODULE_NAME
 
     @property
     def static_root_path(self) -> Path:
@@ -137,7 +146,7 @@ class Settings(BaseSettings):
         Returns:
             Path: The root path for the static files directory.
         """
-        return self.APP_PATH / self.STATIC_MODULE_NAME
+        return self.STATIC_MODULE_PATH or self.APP_PATH / self.STATIC_MODULE_NAME
 
     @property
     def transactions_root_path(self) -> Path:
@@ -150,7 +159,7 @@ class Settings(BaseSettings):
         Returns:
             Path: The root path for the transactions directory.
         """
-        return self.models_root_path / self.TRANSACTIONS_MODULE_NAME
+        return self.TRANSACTIONS_MODULE_PATH or self.APP_PATH / self.TRANSACTIONS_MODULE_NAME
 
     @property
     def migrations_root_path(self) -> Path:
@@ -163,10 +172,10 @@ class Settings(BaseSettings):
         Returns:
             Path: The root path for the migrations directory.
         """
-        return self.models_root_path / self.MIGRATIONS_DIRECTORY_NAME
+        return self.MIGRATIONS_MODULE_PATH or self.APP_PATH / self.MIGRATIONS_DIRECTORY_NAME
 
     @model_validator(mode='after')
-    def check_passwords_match(self) -> 'Settings':
+    def check_config_path_set(self) -> 'Settings':
         """
         Ensures the configuration path is set.
 
@@ -183,6 +192,17 @@ class Settings(BaseSettings):
 
         return self
 
+    @model_validator(mode='before')
+    @classmethod
+    def normalize_complex_values(cls, data: Any) -> Any:
+        if isinstance(data, dict):
+            if 'CONTRIBS' in data:
+                contribs = data['CONTRIBS']
+
+                if isinstance(contribs, str) and '[' not in contribs:
+                    data['CONTRIBS'] = [item.strip() for item in contribs.split(',')]
+        return data
+
 
 if TYPE_CHECKING:
     base: TypeAlias = Settings

amsdal/configs/main.pyi

@@ -33,17 +33,28 @@ class Settings(BaseSettings):
     model_config: Incomplete
     APP_PATH: Path
     CONFIG_PATH: Path | None
-    MODELS_MODULE_NAME: str
-    SCHEMAS_MODULE_NAME: str
+    TYPE_MODELS_MODULE: str
+    CORE_MODELS_MODULE: str
+    USER_MODELS_MODULE_PATH: Path | None
+    USER_MODELS_MODULE: str
+    FIXTURES_MODULE_PATH: Path | None
     FIXTURES_MODULE_NAME: str
+    STATIC_MODULE_PATH: Path | None
     STATIC_MODULE_NAME: str
+    TRANSACTIONS_MODULE_PATH: Path | None
     TRANSACTIONS_MODULE_NAME: str
+    MIGRATIONS_MODULE_PATH: Path | None
     MIGRATIONS_DIRECTORY_NAME: str
     ACCESS_KEY_ID: str | None
     SECRET_ACCESS_KEY: str | None
     ACCESS_TOKEN: str | None
     SANDBOX_ENVIRONMENT: bool | None
-    CONTRIBS: list[str]
+    CONTRIBS: list[str] | str
+    CONTRIB_MODELS_PACKAGE_NAME: str
+    CONTRIB_MIGRATIONS_DIRECTORY_NAME: str
+    MEDIA_ROOT: Path
+    MEDIA_URL: str
+    DEFAULT_FILE_STORAGE: str
     def load_contrib_modules(cls, value: list[str]) -> list[str]:
         """
         Loads and initializes contrib modules.
@@ -58,7 +69,7 @@ class Settings(BaseSettings):
             list[str]: The same list of contrib module paths after loading and initializing the modules.
         """
     @property
-    def models_root_path(self) -> Path:
+    def user_models_path(self) -> Path:
         """
         Returns the root path for models.
 
@@ -69,17 +80,6 @@ class Settings(BaseSettings):
             Path: The root path for the models directory.
         """
     @property
-    def schemas_root_path(self) -> Path:
-        """
-        Returns the root path for schemas.
-
-        This property constructs and returns the path to the schemas directory
-        based on the `APP_PATH` and `SCHEMAS_MODULE_NAME` attributes.
-
-        Returns:
-            Path: The root path for the schemas directory.
-        """
-    @property
     def fixtures_root_path(self) -> Path:
         """
         Returns the root path for fixtures.
@@ -123,7 +123,7 @@ class Settings(BaseSettings):
         Returns:
             Path: The root path for the migrations directory.
         """
-    def check_passwords_match(self) -> Settings:
+    def check_config_path_set(self) -> Settings:
         """
         Ensures the configuration path is set.
 
@@ -133,8 +133,9 @@ class Settings(BaseSettings):
         Returns:
             Settings: The updated settings instance with the `CONFIG_PATH` attribute set.
         """
-
-base: TypeAlias
+    @classmethod
+    def normalize_complex_values(cls, data: Any) -> Any: ...
+base: TypeAlias = Settings
 
 class SettingsProxy(base):
     """

amsdal/contrib/auth/errors.py

@@ -5,3 +5,39 @@ class UserCreationError(AmsdalError): ...
 
 
 class AuthenticationError(AmsdalError): ...
+
+
+class MFARequiredError(AuthenticationError):
+    """Raised when MFA verification is required but not provided."""
+
+    ...
+
+
+class InvalidMFACodeError(AuthenticationError):
+    """Raised when the provided MFA code is invalid."""
+
+    ...
+
+
+class MFADeviceNotFoundError(AmsdalError):
+    """Raised when no valid MFA device is found for the user."""
+
+    ...
+
+
+class MFASetupError(AmsdalError):
+    """Raised when there's an error during MFA device setup."""
+
+    ...
+
+
+class PermissionDeniedError(AmsdalError):
+    """Raised when a user lacks permission for an operation."""
+
+    ...
+
+
+class UserNotFoundError(AmsdalError):
+    """Raised when a target user cannot be found."""
+
+    ...

amsdal/contrib/auth/errors.pyi

@@ -2,3 +2,15 @@ from amsdal_utils.errors import AmsdalError
 
 class UserCreationError(AmsdalError): ...
 class AuthenticationError(AmsdalError): ...
+class MFARequiredError(AuthenticationError):
+    """Raised when MFA verification is required but not provided."""
+class InvalidMFACodeError(AuthenticationError):
+    """Raised when the provided MFA code is invalid."""
+class MFADeviceNotFoundError(AmsdalError):
+    """Raised when no valid MFA device is found for the user."""
+class MFASetupError(AmsdalError):
+    """Raised when there's an error during MFA device setup."""
+class PermissionDeniedError(AmsdalError):
+    """Raised when a user lacks permission for an operation."""
+class UserNotFoundError(AmsdalError):
+    """Raised when a target user cannot be found."""

amsdal/contrib/auth/fixtures/basic_permissions.json

@@ -0,0 +1,64 @@
+{
+    "Permission": [
+        {
+            "_external_id": "user_delete",
+            "model": "User",
+            "action": "delete"
+        },
+        {
+            "_external_id": "user_read",
+            "model": "User",
+            "action": "read"
+        },
+        {
+            "_external_id": "user_update",
+            "model": "User",
+            "action": "update"
+        },
+        {
+            "_external_id": "user_all_actions",
+            "model": "User",
+            "action": "*"
+        },
+        {
+            "_external_id": "all_models_all_actions",
+            "model": "*",
+            "action": "*"
+        },
+        {
+            "_external_id": "login_session_delete",
+            "model": "LoginSession",
+            "action": "delete"
+        },
+        {
+            "_external_id": "login_session_read",
+            "model": "LoginSession",
+            "action": "read"
+        },
+        {
+            "_external_id": "login_session_update",
+            "model": "LoginSession",
+            "action": "update"
+        },
+        {
+            "_external_id": "permission_delete",
+            "model": "Permission",
+            "action": "delete"
+        },
+        {
+            "_external_id": "permission_read",
+            "model": "Permission",
+            "action": "read"
+        },
+        {
+            "_external_id": "permission_update",
+            "model": "Permission",
+            "action": "update"
+        },
+        {
+            "_external_id": "permission_create",
+            "model": "Permission",
+            "action": "create"
+        }
+    ]
+}

amsdal/contrib/auth/lifecycle/consumer.py

@@ -32,9 +32,9 @@ class CheckAndCreateSuperUserConsumer(LifecycleConsumer):
         in the authentication settings. If the super user does not exist, it creates one
         with the necessary permissions.
         """
+        from amsdal.contrib.auth.models.permission import Permission
+        from amsdal.contrib.auth.models.user import User
         from amsdal.contrib.auth.settings import auth_settings
-        from models.contrib.permission import Permission  # type: ignore[import-not-found]
-        from models.contrib.user import User  # type: ignore[import-not-found]
 
         logger.info('Ensure super user exists')
 
@@ -63,9 +63,9 @@ class CheckAndCreateSuperUserConsumer(LifecycleConsumer):
             .execute()
         )
 
-        instance = User(
+        instance = User(  # type: ignore[call-arg]
             email=auth_settings.ADMIN_USER_EMAIL,
-            password=auth_settings.ADMIN_USER_PASSWORD,
+            password=auth_settings.ADMIN_USER_PASSWORD.encode(),
             permissions=[access_all_permission],
         )
         instance.save(force_insert=True)
@@ -80,9 +80,9 @@ class CheckAndCreateSuperUserConsumer(LifecycleConsumer):
         in the authentication settings. If the super user does not exist, it creates one
         with the necessary permissions.
         """
+        from amsdal.contrib.auth.models.permission import Permission  # type: ignore[import-not-found]
+        from amsdal.contrib.auth.models.user import User  # type: ignore[import-not-found]
         from amsdal.contrib.auth.settings import auth_settings
-        from models.contrib.permission import Permission  # type: ignore[import-not-found]
-        from models.contrib.user import User  # type: ignore[import-not-found]
 
         logger.info('Ensure super user exists')
 
@@ -111,12 +111,12 @@ class CheckAndCreateSuperUserConsumer(LifecycleConsumer):
             .aexecute()
         )
 
-        instance = User(
+        instance = User(  # type: ignore[call-arg]
             email=auth_settings.ADMIN_USER_EMAIL,
-            password=auth_settings.ADMIN_USER_PASSWORD,
+            password=auth_settings.ADMIN_USER_PASSWORD.encode(),
             permissions=[access_all_permission],
         )
-        await instance.asave(force_insert=True)
+        await instance.asave(force_insert=True)  # type: ignore[misc]
         logger.info('Super user created successfully')
 
 
@@ -141,8 +141,8 @@ class AuthenticateUserConsumer(LifecycleConsumer):
             auth_header (str): The JWT token from the authorization header.
             authentication_info (Any): The authentication information object to update with the user.
         """
+        from amsdal.contrib.auth.models.user import User  # type: ignore[import-not-found]
         from amsdal.contrib.auth.settings import auth_settings
-        from models.contrib.user import User  # type: ignore[import-not-found]
 
         authentication_info.user = None
         email: str | None
@@ -181,8 +181,8 @@ class AuthenticateUserConsumer(LifecycleConsumer):
             auth_header (str): The JWT token from the authorization header.
             authentication_info (Any): The authentication information object to update with the user.
         """
+        from amsdal.contrib.auth.models.user import User  # type: ignore[import-not-found]
         from amsdal.contrib.auth.settings import auth_settings
-        from models.contrib.user import User  # type: ignore[import-not-found]
 
         authentication_info.user = None
         email: str | None
@@ -219,8 +219,8 @@ class CheckPermissionConsumer(LifecycleConsumer):
     """
 
     def _prepopulate_default_permissions(self, object_class: type[Model], permissions_info: Any) -> None:
+        from amsdal.contrib.auth.models.permission import Permission
         from amsdal.contrib.auth.settings import auth_settings
-        from models.contrib.permission import Permission  # type: ignore[import-not-found]
 
         permissions_info.has_read_permission = not auth_settings.REQUIRE_DEFAULT_AUTHORIZATION
         permissions_info.has_create_permission = (
@@ -245,8 +245,8 @@ class CheckPermissionConsumer(LifecycleConsumer):
                 permissions_info.has_delete_permission = False
 
     async def _async_prepopulate_default_permissions(self, object_class: type[Model], permissions_info: Any) -> None:
+        from amsdal.contrib.auth.models.permission import Permission  # type: ignore[import-not-found]
         from amsdal.contrib.auth.settings import auth_settings
-        from models.contrib.permission import Permission  # type: ignore[import-not-found]
 
         permissions_info.has_read_permission = not auth_settings.REQUIRE_DEFAULT_AUTHORIZATION
         permissions_info.has_create_permission = (

amsdal/contrib/auth/lifecycle/consumer.pyi

@@ -1,5 +1,6 @@
 from _typeshed import Incomplete
 from amsdal.contrib.auth.errors import AuthenticationError as AuthenticationError
+from amsdal_data.transactions.decorators import async_transaction, transaction
 from amsdal_models.classes.model import Model
 from amsdal_utils.lifecycle.consumer import LifecycleConsumer
 from typing import Any
@@ -13,6 +14,7 @@ class CheckAndCreateSuperUserConsumer(LifecycleConsumer):
     This consumer checks if a super user exists based on the provided email and password
     in the authentication settings. If the super user does not exist, it creates one.
     """
+    @transaction
     def on_event(self) -> None:
         """
         Checks for the existence of a super user and creates one if necessary.
@@ -21,6 +23,7 @@ class CheckAndCreateSuperUserConsumer(LifecycleConsumer):
         in the authentication settings. If the super user does not exist, it creates one
         with the necessary permissions.
         """
+    @async_transaction
     async def on_event_async(self) -> None:
         """
         Checks for the existence of a super user and creates one if necessary.