PyPI - amsdal - Versions diffs - 0.4.10__cp311-cp311-macosx_10_9_universal2.whl → 0.5.29__cp311-cp311-macosx_10_9_universal2.whl - Mend

amsdal 0.4.10__cp311-cp311-macosx_10_9_universal2.whl → 0.5.29__cp311-cp311-macosx_10_9_universal2.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (163) hide show

amsdal/Third-Party Materials - AMSDAL Dependencies - License Notices.md +28 -0
amsdal/__about__.py +1 -1
amsdal/__migrations__/0000_initial.py +22 -203
amsdal/__migrations__/0001_create_class_file.py +61 -0
amsdal/__migrations__/0002_create_class_file.py +109 -0
amsdal/__migrations__/0003_update_class_file.py +91 -0
amsdal/__migrations__/0004_update_class_file.py +45 -0
amsdal/cloud/__init__.cpython-311-darwin.so +0 -0
amsdal/cloud/client.cpython-311-darwin.so +0 -0
amsdal/cloud/constants.cpython-311-darwin.so +0 -0
amsdal/cloud/enums.cpython-311-darwin.so +0 -0
amsdal/cloud/models/__init__.cpython-311-darwin.so +0 -0
amsdal/cloud/models/base.cpython-311-darwin.so +0 -0
amsdal/cloud/services/__init__.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/__init__.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/add_allowlist_ip.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/add_basic_auth.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/add_dependency.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/add_secret.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/base.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/create_deploy.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/create_env.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/create_session.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/delete_allowlist_ip.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/delete_basic_auth.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/delete_dependency.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/delete_env.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/delete_secret.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/destroy_deploy.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/expose_db.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/get_basic_auth_credentials.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/get_monitoring_info.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/list_dependencies.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/list_deploys.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/list_envs.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/list_secrets.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/manager.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/signup_action.cpython-311-darwin.so +0 -0
amsdal/cloud/services/actions/update_deploy.cpython-311-darwin.so +0 -0
amsdal/cloud/services/auth/__init__.cpython-311-darwin.so +0 -0
amsdal/cloud/services/auth/base.cpython-311-darwin.so +0 -0
amsdal/cloud/services/auth/credentials.cpython-311-darwin.so +0 -0
amsdal/cloud/services/auth/manager.cpython-311-darwin.so +0 -0
amsdal/cloud/services/auth/signup_service.cpython-311-darwin.so +0 -0
amsdal/cloud/services/auth/token.cpython-311-darwin.so +0 -0
amsdal/configs/main.py +17 -1
amsdal/configs/main.pyi +7 -3
amsdal/contrib/__init__.cpython-311-darwin.so +0 -0
amsdal/contrib/auth/errors.py +36 -0
amsdal/contrib/auth/errors.pyi +12 -0
amsdal/contrib/auth/lifecycle/consumer.py +3 -3
amsdal/contrib/auth/lifecycle/consumer.pyi +3 -0
amsdal/contrib/auth/migrations/0000_initial.py +55 -52
amsdal/contrib/auth/migrations/0001_add_mfa_support.py +188 -0
amsdal/contrib/auth/models/__init__.py +1 -0
amsdal/contrib/auth/models/backup_code.py +85 -0
amsdal/contrib/auth/models/email_mfa_device.py +108 -0
amsdal/contrib/auth/models/login_session.py +117 -0
amsdal/contrib/auth/models/mfa_device.py +86 -0
amsdal/contrib/auth/models/sms_device.py +113 -0
amsdal/contrib/auth/models/totp_device.py +58 -0
amsdal/contrib/auth/models/user.py +50 -0
amsdal/contrib/auth/services/__init__.py +1 -0
amsdal/contrib/auth/services/mfa_device_service.py +544 -0
amsdal/contrib/auth/services/mfa_device_service.pyi +216 -0
amsdal/contrib/auth/services/totp_service.py +358 -0
amsdal/contrib/auth/services/totp_service.pyi +158 -0
amsdal/contrib/auth/settings.py +8 -0
amsdal/contrib/auth/settings.pyi +8 -0
amsdal/contrib/auth/transactions/__init__.py +1 -0
amsdal/contrib/auth/transactions/mfa_device_transactions.py +463 -0
amsdal/contrib/auth/transactions/mfa_device_transactions.pyi +226 -0
amsdal/contrib/auth/transactions/totp_transactions.py +206 -0
amsdal/contrib/auth/transactions/totp_transactions.pyi +113 -0
amsdal/contrib/auth/utils/mfa.py +257 -0
amsdal/contrib/auth/utils/mfa.pyi +119 -0
amsdal/contrib/frontend_configs/conversion/convert.py +32 -5
amsdal/contrib/frontend_configs/migrations/0000_initial.py +154 -183
amsdal/contrib/frontend_configs/migrations/0001_update_frontend_control_config.py +245 -0
amsdal/contrib/frontend_configs/migrations/0002_add_button_and_invoke_actions.py +352 -0
amsdal/contrib/frontend_configs/migrations/0003_create_class_frontendconfigdashboardelement.py +145 -0
amsdal/contrib/frontend_configs/models/frontend_config_control_action.py +57 -1
amsdal/contrib/frontend_configs/models/frontend_config_dashboard.py +51 -0
amsdal/contrib/frontend_configs/models/frontend_control_config.py +69 -46
amsdal/fixtures/__init__.cpython-311-darwin.so +0 -0
amsdal/fixtures/manager.cpython-311-darwin.so +0 -0
amsdal/fixtures/utils.cpython-311-darwin.so +0 -0
amsdal/manager.cpython-311-darwin.so +0 -0
amsdal/manager.pyi +5 -0
amsdal/mixins/__init__.cpython-311-darwin.so +0 -0
amsdal/mixins/class_versions_mixin.cpython-311-darwin.so +0 -0
amsdal/models/core/class_object.py +7 -6
amsdal/models/core/class_property.py +7 -1
amsdal/models/core/file.py +168 -81
amsdal/models/core/storage_metadata.py +15 -0
amsdal/models/mixins.py +31 -0
amsdal/models/types/object.py +3 -3
amsdal/schemas/core/class_object/model.json +20 -0
amsdal/schemas/core/class_property/model.json +19 -0
amsdal/schemas/core/file/properties/validate_data.py +2 -3
amsdal/schemas/core/storage_metadata/model.json +52 -0
amsdal/schemas/interfaces.pyi +1 -1
amsdal/schemas/manager.cpython-311-darwin.so +0 -0
amsdal/schemas/mixins/check_dependencies_mixin.py +23 -8
amsdal/schemas/mixins/check_dependencies_mixin.pyi +5 -2
amsdal/schemas/utils.pyi +2 -2
amsdal/services/__init__.py +11 -0
amsdal/services/__init__.pyi +4 -0
amsdal/services/external_connections.py +262 -0
amsdal/services/external_connections.pyi +190 -0
amsdal/services/external_model_generator.py +350 -0
amsdal/services/external_model_generator.pyi +134 -0
amsdal/services/transaction_execution.cpython-311-darwin.so +0 -0
amsdal/services/transaction_execution.pyi +1 -0
amsdal/storages/__init__.py +20 -0
amsdal/storages/__init__.pyi +8 -0
amsdal/storages/file_system.py +214 -0
amsdal/storages/file_system.pyi +36 -0
amsdal/utils/rollback/__init__.pyi +6 -0
amsdal/utils/tests/enums.py +0 -2
amsdal/utils/tests/helpers.py +213 -381
amsdal/utils/tests/migrations.py +157 -0
{amsdal-0.4.10.dist-info → amsdal-0.5.29.dist-info}/METADATA +13 -8
{amsdal-0.4.10.dist-info → amsdal-0.5.29.dist-info}/RECORD +131 -124
{amsdal-0.4.10.dist-info → amsdal-0.5.29.dist-info}/WHEEL +1 -1
amsdal/__migrations__/0001_datetime_type.py +0 -18
amsdal/__migrations__/0002_fixture_order.py +0 -44
amsdal/__migrations__/0003_schema_type_in_class_meta.py +0 -44
amsdal/contrib/auth/models/login_session.pyi +0 -37
amsdal/contrib/auth/models/permission.pyi +0 -18
amsdal/contrib/auth/models/user.pyi +0 -46
amsdal/contrib/frontend_configs/models/frontend_activator_config.pyi +0 -12
amsdal/contrib/frontend_configs/models/frontend_config_async_validator.pyi +0 -7
amsdal/contrib/frontend_configs/models/frontend_config_control_action.pyi +0 -32
amsdal/contrib/frontend_configs/models/frontend_config_group_validator.pyi +0 -11
amsdal/contrib/frontend_configs/models/frontend_config_option.pyi +0 -8
amsdal/contrib/frontend_configs/models/frontend_config_skip_none_base.pyi +0 -8
amsdal/contrib/frontend_configs/models/frontend_config_slider_option.pyi +0 -9
amsdal/contrib/frontend_configs/models/frontend_config_text_mask.pyi +0 -10
amsdal/contrib/frontend_configs/models/frontend_config_validator.pyi +0 -15
amsdal/contrib/frontend_configs/models/frontend_control_config.pyi +0 -35
amsdal/contrib/frontend_configs/models/frontend_model_config.pyi +0 -9
amsdal/models/__init__.pyi +0 -9
amsdal/models/core/class_object.pyi +0 -24
amsdal/models/core/class_object_meta.py +0 -26
amsdal/models/core/class_object_meta.pyi +0 -15
amsdal/models/core/class_property.pyi +0 -11
amsdal/models/core/class_property_meta.py +0 -15
amsdal/models/core/class_property_meta.pyi +0 -10
amsdal/models/core/file.pyi +0 -104
amsdal/models/core/fixture.pyi +0 -14
amsdal/models/core/option.pyi +0 -8
amsdal/models/core/validator.pyi +0 -8
amsdal/models/types/object.pyi +0 -16
amsdal/schemas/core/class_object_meta/model.json +0 -59
amsdal/schemas/core/class_property_meta/model.json +0 -23
amsdal/services/__init__.cpython-311-darwin.so +0 -0
/amsdal/contrib/auth/{models → services}/__init__.pyi +0 -0
/amsdal/contrib/{frontend_configs/models → auth/transactions}/__init__.pyi +0 -0
/amsdal/{models/core/__init__.pyi → contrib/auth/utils/__init__.py} +0 -0
/amsdal/{models/types → contrib/auth/utils}/__init__.pyi +0 -0
{amsdal-0.4.10.dist-info → amsdal-0.5.29.dist-info}/licenses/LICENSE.txt +0 -0
{amsdal-0.4.10.dist-info → amsdal-0.5.29.dist-info}/top_level.txt +0 -0

amsdal/contrib/auth/transactions/mfa_device_transactions.pyi ADDED Viewed

@@ -0,0 +1,226 @@
+from _typeshed import Incomplete
+from amsdal.context.manager import AmsdalContextManager as AmsdalContextManager
+from amsdal.contrib.auth.decorators import require_auth as require_auth
+from amsdal.contrib.auth.models.email_mfa_device import EmailMFADevice as EmailMFADevice
+from amsdal.contrib.auth.models.user import User as User
+from amsdal.contrib.auth.services.mfa_device_service import MFADeviceService as MFADeviceService
+from amsdal.contrib.auth.utils.mfa import DeviceType as DeviceType
+from pydantic import BaseModel
+TAGS: Incomplete
+class AddEmailDeviceRequest(BaseModel):
+    """Request model for adding email MFA device."""
+    target_user_email: str
+    device_name: str
+    email: str | None
+class EmailDeviceResponse(BaseModel):
+    """Response model for email MFA device."""
+    device_id: str
+    user_email: str
+    name: str
+    email: str
+    confirmed: bool
+    @classmethod
+    def from_device(cls, device: EmailMFADevice) -> EmailDeviceResponse:
+        """Create response from EmailMFADevice model."""
+class AddBackupCodesRequest(BaseModel):
+    """Request model for adding backup codes."""
+    target_user_email: str
+    device_name: str
+    code_count: int | None
+class AddBackupCodesResponse(BaseModel):
+    """Response model for adding backup codes."""
+    model_config: Incomplete
+    device_count: int
+    codes: list[str]
+class ListDevicesRequest(BaseModel):
+    """Request model for listing MFA devices."""
+    target_user_email: str
+    include_unconfirmed: bool
+class DeviceInfo(BaseModel):
+    """Device information for list response."""
+    device_id: str
+    name: str
+    confirmed: bool
+    device_type: str
+class ListDevicesResponse(BaseModel):
+    """Response model for listing MFA devices."""
+    totp_devices: list[DeviceInfo]
+    email_devices: list[DeviceInfo]
+    sms_devices: list[DeviceInfo]
+    backup_codes: list[DeviceInfo]
+    total_count: int
+    @classmethod
+    def from_device_dict(cls, devices_by_type: dict) -> ListDevicesResponse:
+        """Create response from service layer result."""
+class RemoveDeviceRequest(BaseModel):
+    """Request model for removing MFA device."""
+    device_id: str
+    hard_delete: bool
+class RemoveDeviceResponse(BaseModel):
+    """Response model for removing MFA device."""
+    device_id: str
+    deleted: bool
+def get_current_user() -> User:
+    """Helper to get current authenticated user from context."""
+@require_auth
+def add_email_device_transaction(request: AddEmailDeviceRequest) -> EmailDeviceResponse:
+    """
+    Add email MFA device for a user.
+    Email devices are automatically confirmed and can be used immediately.
+    Args:
+        current_user: The authenticated user making the request.
+        request: Email device creation request.
+    Returns:
+        EmailDeviceResponse: Created device details.
+    Raises:
+        UserNotFoundError: If target user doesn't exist.
+        PermissionDeniedError: If user lacks permission.
+    """
+@require_auth
+async def aadd_email_device_transaction(request: AddEmailDeviceRequest) -> EmailDeviceResponse:
+    """
+    Async version of add_email_device_transaction.
+    Add email MFA device for a user.
+    Args:
+        current_user: The authenticated user making the request.
+        request: Email device creation request.
+    Returns:
+        EmailDeviceResponse: Created device details.
+    Raises:
+        UserNotFoundError: If target user doesn't exist.
+        PermissionDeniedError: If user lacks permission.
+    """
+@require_auth
+def add_backup_codes_transaction(request: AddBackupCodesRequest) -> AddBackupCodesResponse:
+    """
+    Add backup codes for a user.
+    Backup codes are one-time use codes that can be used if primary
+    MFA methods are unavailable.
+    Security Note:
+        Plaintext codes are returned ONLY during creation.
+        Caller must display/send these to user immediately.
+        Codes cannot be retrieved later.
+    Args:
+        current_user: The authenticated user making the request.
+        request: Backup codes creation request.
+    Returns:
+        AddBackupCodesResponse: Contains plaintext backup codes.
+    Raises:
+        UserNotFoundError: If target user doesn't exist.
+        PermissionDeniedError: If user lacks permission.
+    """
+@require_auth
+async def aadd_backup_codes_transaction(request: AddBackupCodesRequest) -> AddBackupCodesResponse:
+    """
+    Async version of add_backup_codes_transaction.
+    Add backup codes for a user.
+    Args:
+        current_user: The authenticated user making the request.
+        request: Backup codes creation request.
+    Returns:
+        AddBackupCodesResponse: Contains plaintext backup codes.
+    Raises:
+        UserNotFoundError: If target user doesn't exist.
+        PermissionDeniedError: If user lacks permission.
+    """
+@require_auth
+def list_devices_transaction(request: ListDevicesRequest) -> ListDevicesResponse:
+    """
+    List all MFA devices for a user.
+    Returns devices grouped by type (TOTP, Email, SMS, Backup Codes).
+    Note: Read-only operation, no @transaction decorator needed.
+    Args:
+        current_user: The authenticated user making the request.
+        request: List devices request.
+    Returns:
+        ListDevicesResponse: Devices grouped by type.
+    Raises:
+        PermissionDeniedError: If user lacks permission.
+    """
+@require_auth
+async def alist_devices_transaction(request: ListDevicesRequest) -> ListDevicesResponse:
+    """
+    Async version of list_devices_transaction.
+    List all MFA devices for a user.
+    Args:
+        current_user: The authenticated user making the request.
+        request: List devices request.
+    Returns:
+        ListDevicesResponse: Devices grouped by type.
+    Raises:
+        PermissionDeniedError: If user lacks permission.
+    """
+@require_auth
+def remove_device_transaction(request: RemoveDeviceRequest) -> RemoveDeviceResponse:
+    """
+    Remove (deactivate or delete) an MFA device.
+    By default performs soft delete (marks inactive) to preserve audit trail.
+    Use hard_delete=True to permanently remove the device.
+    Args:
+        current_user: The authenticated user making the request.
+        request: Remove device request.
+    Returns:
+        RemoveDeviceResponse: Removal confirmation.
+    Raises:
+        PermissionDeniedError: If user lacks permission.
+        MFADeviceNotFoundError: If device doesn't exist.
+    """
+@require_auth
+async def aremove_device_transaction(request: RemoveDeviceRequest) -> RemoveDeviceResponse:
+    """
+    Async version of remove_device_transaction.
+    Remove (deactivate or delete) an MFA device.
+    Args:
+        current_user: The authenticated user making the request.
+        request: Remove device request.
+    Returns:
+        RemoveDeviceResponse: Removal confirmation.
+    Raises:
+        PermissionDeniedError: If user lacks permission.
+        MFADeviceNotFoundError: If device doesn't exist.
+    """

amsdal/contrib/auth/transactions/totp_transactions.py ADDED Viewed

@@ -0,0 +1,206 @@
+"""TOTP device transaction wrappers for API endpoints."""
+from amsdal_data.transactions.decorators import async_transaction
+from amsdal_data.transactions.decorators import transaction
+from pydantic import BaseModel
+from pydantic import Field
+from amsdal.context.manager import AmsdalContextManager
+from amsdal.contrib.auth.decorators import require_auth
+from amsdal.contrib.auth.models.totp_device import TOTPDevice
+from amsdal.contrib.auth.models.user import User
+from amsdal.contrib.auth.services.totp_service import TOTPService
+# ============================================================================
+# REQUEST/RESPONSE MODELS
+# ============================================================================
+TAGS = ['Auth', 'MFA', 'TOTP']
+class SetupTOTPDeviceRequest(BaseModel):
+    """Request model for TOTP device setup."""
+    target_user_email: str = Field(..., description='Email of user to setup device for')
+    device_name: str = Field(..., description='User-friendly name for the device')
+    issuer: str | None = Field(None, description='TOTP issuer name (optional)')
+class SetupTOTPDeviceResponse(BaseModel):
+    """Response model for TOTP device setup."""
+    secret: str = Field(..., description='Base32 TOTP secret (show to user ONCE)')
+    qr_code_url: str = Field(..., description='otpauth:// URL for QR code generation')
+    device_id: str = Field(..., description='ID of unconfirmed device')
+class ConfirmTOTPDeviceRequest(BaseModel):
+    """Request model for TOTP device confirmation."""
+    device_id: str = Field(..., description='ID of unconfirmed device from setup')
+    verification_code: str = Field(..., description='6-digit code from authenticator app', min_length=6, max_length=6)
+class ConfirmTOTPDeviceResponse(BaseModel):
+    """Response model for TOTP device confirmation."""
+    device_id: str = Field(..., description='ID of confirmed device')
+    user_email: str = Field(..., description='User email')
+    name: str = Field(..., description='Device name')
+    confirmed: bool = Field(..., description='Confirmation status')
+    @classmethod
+    def from_device(cls, device: TOTPDevice) -> 'ConfirmTOTPDeviceResponse':
+        """Create response from TOTPDevice model."""
+        return cls(
+            device_id=device._object_id,
+            user_email=device.user_email,
+            name=device.name,
+            confirmed=device.confirmed,
+        )
+# ============================================================================
+# TRANSACTION FUNCTIONS
+# ============================================================================
+def get_current_user() -> User:
+    """Helper to get current authenticated user from context."""
+    return AmsdalContextManager().get_context().get('request').user  # type: ignore[union-attr]
+@require_auth
+@transaction(tags=TAGS)  # type: ignore[call-arg]
+def setup_totp_device_transaction(
+    request: SetupTOTPDeviceRequest,
+) -> SetupTOTPDeviceResponse:
+    """
+    Setup TOTP device (Step 1 of 2).
+    Creates an unconfirmed TOTP device and returns the secret and QR code URL.
+    The secret is only returned once and cannot be retrieved later.
+    Args:
+        request: Setup request containing target user and device details.
+    Returns:
+        SetupTOTPDeviceResponse: Contains secret, QR code URL, and device ID.
+    Raises:
+        UserNotFoundError: If target user doesn't exist.
+        PermissionDeniedError: If user lacks permission.
+    """
+    if isinstance(request, dict):
+        request = SetupTOTPDeviceRequest.model_validate(request)
+    result = TOTPService.setup_totp_device(  # type: ignore[call-arg]
+        current_user=get_current_user(),
+        target_user_email=request.target_user_email,
+        device_name=request.device_name,
+        issuer=request.issuer,
+    )
+    return SetupTOTPDeviceResponse(**result)
+@require_auth
+@async_transaction(tags=TAGS)  # type: ignore[call-arg]
+async def asetup_totp_device_transaction(
+    request: SetupTOTPDeviceRequest,
+) -> SetupTOTPDeviceResponse:
+    """
+    Async version of setup_totp_device_transaction.
+    Setup TOTP device (Step 1 of 2).
+    Args:
+        request: Setup request containing target user and device details.
+    Returns:
+        SetupTOTPDeviceResponse: Contains secret, QR code URL, and device ID.
+    Raises:
+        UserNotFoundError: If target user doesn't exist.
+        PermissionDeniedError: If user lacks permission.
+    """
+    if isinstance(request, dict):
+        request = SetupTOTPDeviceRequest.model_validate(request)
+    result = await TOTPService.asetup_totp_device(  # type: ignore[call-arg]
+        current_user=get_current_user(),
+        target_user_email=request.target_user_email,
+        device_name=request.device_name,
+        issuer=request.issuer,
+    )
+    return SetupTOTPDeviceResponse(**result)
+@require_auth
+@transaction(tags=TAGS)  # type: ignore[call-arg]
+def confirm_totp_device_transaction(
+    request: ConfirmTOTPDeviceRequest,
+) -> ConfirmTOTPDeviceResponse:
+    """
+    Confirm TOTP device by verifying code (Step 2 of 2).
+    Validates the verification code from the authenticator app and marks
+    the device as confirmed if successful.
+    Args:
+        request: Confirmation request containing device ID and verification code.
+    Returns:
+        ConfirmTOTPDeviceResponse: Confirmed device details.
+    Raises:
+        MFADeviceNotFoundError: If device doesn't exist.
+        PermissionDeniedError: If user lacks permission.
+        InvalidMFACodeError: If verification code is incorrect.
+        MFASetupError: If device already confirmed.
+    """
+    if isinstance(request, dict):
+        request = ConfirmTOTPDeviceRequest.model_validate(request)
+    device = TOTPService.confirm_totp_device(  # type: ignore[call-arg]
+        current_user=get_current_user(),
+        device_id=request.device_id,
+        verification_code=request.verification_code,
+    )
+    return ConfirmTOTPDeviceResponse.from_device(device)
+@require_auth
+@async_transaction(tags=TAGS)  # type: ignore[call-arg]
+async def aconfirm_totp_device_transaction(
+    request: ConfirmTOTPDeviceRequest,
+) -> ConfirmTOTPDeviceResponse:
+    """
+    Async version of confirm_totp_device_transaction.
+    Confirm TOTP device by verifying code (Step 2 of 2).
+    Args:
+        request: Confirmation request containing device ID and verification code.
+    Returns:
+        ConfirmTOTPDeviceResponse: Confirmed device details.
+    Raises:
+        MFADeviceNotFoundError: If device doesn't exist.
+        PermissionDeniedError: If user lacks permission.
+        InvalidMFACodeError: If verification code is incorrect.
+        MFASetupError: If device already confirmed.
+    """
+    if isinstance(request, dict):
+        request = ConfirmTOTPDeviceRequest.model_validate(request)
+    device = await TOTPService.aconfirm_totp_device(  # type: ignore[call-arg]
+        current_user=get_current_user(),
+        device_id=request.device_id,
+        verification_code=request.verification_code,
+    )
+    return ConfirmTOTPDeviceResponse.from_device(device)

amsdal/contrib/auth/transactions/totp_transactions.pyi ADDED Viewed

@@ -0,0 +1,113 @@
+from _typeshed import Incomplete
+from amsdal.context.manager import AmsdalContextManager as AmsdalContextManager
+from amsdal.contrib.auth.decorators import require_auth as require_auth
+from amsdal.contrib.auth.models.totp_device import TOTPDevice as TOTPDevice
+from amsdal.contrib.auth.models.user import User as User
+from amsdal.contrib.auth.services.totp_service import TOTPService as TOTPService
+from pydantic import BaseModel
+TAGS: Incomplete
+class SetupTOTPDeviceRequest(BaseModel):
+    """Request model for TOTP device setup."""
+    target_user_email: str
+    device_name: str
+    issuer: str | None
+class SetupTOTPDeviceResponse(BaseModel):
+    """Response model for TOTP device setup."""
+    secret: str
+    qr_code_url: str
+    device_id: str
+class ConfirmTOTPDeviceRequest(BaseModel):
+    """Request model for TOTP device confirmation."""
+    device_id: str
+    verification_code: str
+class ConfirmTOTPDeviceResponse(BaseModel):
+    """Response model for TOTP device confirmation."""
+    device_id: str
+    user_email: str
+    name: str
+    confirmed: bool
+    @classmethod
+    def from_device(cls, device: TOTPDevice) -> ConfirmTOTPDeviceResponse:
+        """Create response from TOTPDevice model."""
+def get_current_user() -> User:
+    """Helper to get current authenticated user from context."""
+@require_auth
+def setup_totp_device_transaction(request: SetupTOTPDeviceRequest) -> SetupTOTPDeviceResponse:
+    """
+    Setup TOTP device (Step 1 of 2).
+    Creates an unconfirmed TOTP device and returns the secret and QR code URL.
+    The secret is only returned once and cannot be retrieved later.
+    Args:
+        request: Setup request containing target user and device details.
+    Returns:
+        SetupTOTPDeviceResponse: Contains secret, QR code URL, and device ID.
+    Raises:
+        UserNotFoundError: If target user doesn't exist.
+        PermissionDeniedError: If user lacks permission.
+    """
+@require_auth
+async def asetup_totp_device_transaction(request: SetupTOTPDeviceRequest) -> SetupTOTPDeviceResponse:
+    """
+    Async version of setup_totp_device_transaction.
+    Setup TOTP device (Step 1 of 2).
+    Args:
+        request: Setup request containing target user and device details.
+    Returns:
+        SetupTOTPDeviceResponse: Contains secret, QR code URL, and device ID.
+    Raises:
+        UserNotFoundError: If target user doesn't exist.
+        PermissionDeniedError: If user lacks permission.
+    """
+@require_auth
+def confirm_totp_device_transaction(request: ConfirmTOTPDeviceRequest) -> ConfirmTOTPDeviceResponse:
+    """
+    Confirm TOTP device by verifying code (Step 2 of 2).
+    Validates the verification code from the authenticator app and marks
+    the device as confirmed if successful.
+    Args:
+        request: Confirmation request containing device ID and verification code.
+    Returns:
+        ConfirmTOTPDeviceResponse: Confirmed device details.
+    Raises:
+        MFADeviceNotFoundError: If device doesn't exist.
+        PermissionDeniedError: If user lacks permission.
+        InvalidMFACodeError: If verification code is incorrect.
+        MFASetupError: If device already confirmed.
+    """
+@require_auth
+async def aconfirm_totp_device_transaction(request: ConfirmTOTPDeviceRequest) -> ConfirmTOTPDeviceResponse:
+    """
+    Async version of confirm_totp_device_transaction.
+    Confirm TOTP device by verifying code (Step 2 of 2).
+    Args:
+        request: Confirmation request containing device ID and verification code.
+    Returns:
+        ConfirmTOTPDeviceResponse: Confirmed device details.
+    Raises:
+        MFADeviceNotFoundError: If device doesn't exist.
+        PermissionDeniedError: If user lacks permission.
+        InvalidMFACodeError: If verification code is incorrect.
+        MFASetupError: If device already confirmed.
+    """