cardo-python-utils 0.5.dev12__tar.gz → 0.5.dev14__tar.gz

{cardo_python_utils-0.5.dev12/cardo_python_utils.egg-info → cardo_python_utils-0.5.dev14}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cardo-python-utils
-Version: 0.5.dev12
+Version: 0.5.dev14
 Summary: Python library enhanced with a wide range of functions for different scenarios.
 Author-email: CardoAI <hello@cardoai.com>
 License: MIT

{cardo_python_utils-0.5.dev12 → cardo_python_utils-0.5.dev14/cardo_python_utils.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cardo-python-utils
-Version: 0.5.dev12
+Version: 0.5.dev14
 Summary: Python library enhanced with a wide range of functions for different scenarios.
 Author-email: CardoAI <hello@cardoai.com>
 License: MIT

{cardo_python_utils-0.5.dev12 → cardo_python_utils-0.5.dev14}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "cardo-python-utils"
-version = "0.5.dev12"
+version = "0.5.dev14"
 description = "Python library enhanced with a wide range of functions for different scenarios."
 readme = "README.rst"
 requires-python = ">=3.8"

{cardo_python_utils-0.5.dev12 → cardo_python_utils-0.5.dev14}/python_utils/choices.py

@@ -9,6 +9,7 @@ It adds some useful methods to the Enum class, such as:
 
 from abc import ABC, abstractmethod
 from enum import EnumMeta, Enum
+from typing import Union
 
 
 class IChoice(ABC):
@@ -41,7 +42,7 @@ class ChoiceEnumMeta(EnumMeta, IChoice, ABC):
 
         return new_cls
 
-    def __contains__(cls, item: int | str) -> bool:
+    def __contains__(cls, item: Union[int, str]) -> bool:
         if isinstance(item, int):
             member_values = [v.value[0] for v in cls.__members__.values()]
         elif isinstance(item, str):
@@ -75,12 +76,12 @@ class ChoiceEnum(Enum, metaclass=ChoiceEnumMeta):
         return {elm.value[0]: elm.value[1] for elm in cls}
 
     @classmethod
-    def get_by_value(cls, value: str | int):
+    def get_by_value(cls, value: Union[str, int]):
         value_index = 0 if isinstance(value, int) else 1
         return next((v for v in cls.__members__.values() if v.value[value_index] == value), None)
 
     @classmethod
-    def list_as(cls, item_type) -> list[int | str]:
+    def list_as(cls, item_type) -> list[Union[int, str]]:
         if item_type not in [int, str]:
             raise TypeError('Invalid item type')
         return list(map(item_type, cls))

{cardo_python_utils-0.5.dev12 → cardo_python_utils-0.5.dev14}/python_utils/django/keycloak/api/ninja.py

@@ -1,27 +1,35 @@
-from typing import Literal
+import logging
+from typing import Literal, Optional, Union
 
 from jwt.exceptions import InvalidTokenError
 
 from django.conf import settings
+from django.http import HttpRequest
 from ninja.security import HttpBearer
 from ninja.errors import AuthenticationError, HttpError
 
-from .utils import create_or_update_user, decode_jwt
+from .utils import (
+    acreate_or_update_user,
+    create_or_update_user,
+    decode_jwt,
+    TokenPayload,
+)
+
+logger = logging.getLogger()
 
 
 class AuthBearer(HttpBearer):
-    def authenticate(self, request, token):
-        try:
-            payload = decode_jwt(token)
-        except InvalidTokenError as e:
-            raise AuthenticationError(f"Invalid token: {str(e)}") from e
+    def __call__(self, request: HttpRequest):
+        token = self._get_token(request)
+        if not token:
+            return None
 
-        try:
-            username = payload["preferred_username"]
-        except KeyError as e:
-            raise AuthenticationError(
-                "Invalid token: preferred_username not present."
-            ) from e
+        return self.authenticate(request, token)
+
+    def authenticate(self, request: HttpRequest, token: str) -> TokenPayload:
+        payload = self._decode_token(token)
+
+        username = self._get_username(payload)
 
         user = create_or_update_user(username, payload)
 
@@ -32,6 +40,38 @@ class AuthBearer(HttpBearer):
         # The return value is stored in request.auth
         return payload
 
+    def _get_token(self, request: HttpRequest) -> Optional[str]:
+        """
+        This part of the token validation is similar to what 
+        django-ninja is doing in HttpBearer.__call__
+        """
+        headers = request.headers
+        auth_value = headers.get(self.header)
+        if not auth_value:
+            return None
+        parts = auth_value.split(" ")
+
+        if parts[0].lower() != self.openapi_scheme:
+            if settings.DEBUG:
+                logger.error(f"Unexpected auth - '{auth_value}'")
+            return None
+
+        return " ".join(parts[1:])
+
+    def _decode_token(self, token: str) -> TokenPayload:
+        try:
+            return decode_jwt(token)
+        except InvalidTokenError as e:
+            raise AuthenticationError(f"Invalid token: {str(e)}") from e
+
+    def _get_username(self, payload: TokenPayload) -> str:
+        try:
+            return payload["preferred_username"]
+        except KeyError as e:
+            raise AuthenticationError(
+                "Invalid token: 'preferred_username' claim not present."
+            ) from e
+
     def _verify_scopes(self, request, token_payload):
         allowed_scopes = self._get_view_allowed_scopes(request)
 
@@ -53,7 +93,7 @@ class AuthBearer(HttpBearer):
 
         if scopes is None:
             raise Exception(
-                f"No allowed_scopes defined on the view {view_function.__name__}."
+                f"No allowed_scopes defined on the view {view_function.__name__}. "
                 "Add the decorator @allowed_scopes([...]) or @allowed_scopes('*') to the view."
             )
 
@@ -71,7 +111,34 @@ class AuthBearer(HttpBearer):
         )
 
 
-def allowed_scopes(scopes: list[str] | Literal["*"]):
+class AuthBearerAsync(AuthBearer):
+    """
+    Same as AuthBearer, but with async __call__ and authenticate methods.
+    """
+
+    async def __call__(self, request: HttpRequest):
+        token = self._get_token(request)
+        if not token:
+            return None
+
+        return await self.authenticate(request, token)
+
+    async def authenticate(self, request: HttpRequest, token: str) -> TokenPayload:
+        payload = self._decode_token(token)
+
+        username = self._get_username(payload)
+
+        user = await acreate_or_update_user(username, payload)
+
+        self._verify_scopes(request, payload)
+
+        request.user = user
+
+        # The return value is stored in request.auth
+        return payload
+
+
+def allowed_scopes(scopes: Union[list[str], Literal["*"]]):
     """
     A decorator that attaches a list of required scopes to a view function
     in the attribute `_allowed_scopes`.

{cardo_python_utils-0.5.dev12 → cardo_python_utils-0.5.dev14}/python_utils/django/keycloak/api/utils.py

@@ -1,4 +1,4 @@
-from typing import TypedDict
+from typing import TypedDict, Union
 
 from django.conf import settings
 from django.contrib.auth import get_user_model
@@ -6,13 +6,14 @@ from jwt import decode, PyJWKClient
 
 jwks_client = PyJWKClient(getattr(settings, "JWKS_URL", ""))
 
+User = get_user_model()
 
 class TokenPayload(TypedDict, total=False):
     exp: int
     iat: int
     jti: str
     iss: str
-    aud: str | list[str]
+    aud: Union[str, list[str]]
     typ: str
     azp: str
     sid: str
@@ -43,35 +44,68 @@ def decode_jwt(token: str) -> TokenPayload:
     )
 
 
-def create_or_update_user(username: str, payload: TokenPayload):
+def get_user_data_from_payload(payload: TokenPayload) -> dict:
     """
-    Create or update a user based on the JWT payload.
+    Extract user data from the JWT payload.
     """
-    user_model = get_user_model()
     user_data = {
         "first_name": payload.get("given_name") or "",
         "last_name": payload.get("family_name") or "",
         "email": payload.get("email") or "",
         "is_staff": payload.get("is_staff", False),
     }
-    if hasattr(user_model, "is_demo"):
+
+    if hasattr(User, "is_demo"):
         user_data["is_demo"] = payload.get("is_demo", False)
 
-    user = user_model.objects.filter(username=username).first()
-    if user:
-        update_needed = False
+    return user_data
+
+
+def update_user_from_user_data(user, user_data: dict) -> bool:
+    update_needed = False
+
+    for field, value in user_data.items():
+        if getattr(user, field) != value:
+            setattr(user, field, value)
+            update_needed = True
 
-        for field, value in user_data.items():
-            if getattr(user, field) != value:
-                setattr(user, field, value)
-                update_needed = True
+    return update_needed
+
+
+def create_or_update_user(username: str, payload: TokenPayload):
+    """
+    Create or update a user based on the JWT payload.
+    """
+    user_data = get_user_data_from_payload(payload)
+
+    user = User.objects.filter(username=username).first()
+    if user:
+        update_needed = update_user_from_user_data(user, user_data)
 
         if update_needed:
             user.save(update_fields=list(user_data.keys()))
 
         return user
     else:
-        return user_model.objects.create(
+        return User.objects.create(
+            username=username,
+            **user_data,
+        )
+
+
+async def acreate_or_update_user(username: str, payload: TokenPayload):
+    user_data = get_user_data_from_payload(payload)
+
+    user = await User.objects.filter(username=username).afirst()
+    if user:
+        update_needed = update_user_from_user_data(user, user_data)
+
+        if update_needed:
+            await user.asave(update_fields=list(user_data.keys()))
+
+        return user
+    else:
+        return await User.objects.acreate(
             username=username,
             **user_data,
         )

{cardo_python_utils-0.5.dev12 → cardo_python_utils-0.5.dev14}/python_utils/django/keycloak/service.py

@@ -1,9 +1,11 @@
 from django.apps import apps
 from django.conf import settings
+from django.db import models
 from keycloak import KeycloakAdmin
 from keycloak import KeycloakOpenIDConnection
 from keycloak.exceptions import KeycloakGetError
 
+
 def _get_user_group_model():
     """
     Dynamically get the UserGroup model.
@@ -76,7 +78,7 @@ class KeycloakService:
         return KeycloakAdmin(connection=keycloak_connection)
 
     def _process_group_recursively(
-        self, group, existing_groups_by_id, reported_group_ids
+        self, group: dict, existing_groups_by_id: dict[str, models.Model], reported_group_ids: set[str]
     ):
         group_id = str(group["id"])
         reported_group_ids.add(group_id)
@@ -100,6 +102,74 @@ class KeycloakService:
                 )
 
 
+class KeycloakServiceAsync(KeycloakService):
+    """
+    Async version of KeycloakService.
+    """
+
+    async def sync_user_groups(self, raise_exceptions: bool = False):
+        print("Syncing user groups from Keycloak...")
+
+        try:
+            groups = self._keycloak_admin.get_groups(full_hierarchy=True)
+        except KeycloakGetError as e:
+            print(f"Failed to fetch groups from Keycloak: {str(e)}")
+            if raise_exceptions:
+                raise e
+
+            return
+
+        # Process existing and new groups
+        existing_groups = self._user_group_model.objects.all()
+        existing_groups_by_id = {
+            str(group.id): group async for group in existing_groups
+        }
+
+        reported_group_ids = set()
+        for group in groups:
+            await self._process_group_recursively(
+                group, existing_groups_by_id, reported_group_ids
+            )
+
+        # Identify deleted groups
+        deleted_groups = self._user_group_model.objects.exclude(
+            id__in=reported_group_ids
+        )
+        if await deleted_groups.aexists():
+            paths = [
+                path async for path in deleted_groups.values_list("path", flat=True)
+            ]
+            print(f"Deleting groups no longer present in Keycloak: {paths}")
+
+            await deleted_groups.adelete()
+
+    async def _process_group_recursively(
+        self, group: dict, existing_groups_by_id: dict[str, models.Model], reported_group_ids: set[str]
+    ):
+        group_id = str(group["id"])
+        reported_group_ids.add(group_id)
+
+        if group_id in existing_groups_by_id:
+            existing_group = existing_groups_by_id[group_id]
+            if existing_group.path != group["path"]:
+                print(
+                    f"Updating group path from {existing_group.path} to {group['path']}..."
+                )
+                existing_group.path = group["path"]
+                await existing_group.asave()
+        else:
+            print(f"Creating new group with path {group['path']}...")
+            await self._user_group_model.objects.acreate(
+                id=group_id, path=group["path"]
+            )
+
+        if subgroups := group.get("subGroups"):
+            for subgroup in subgroups:
+                await self._process_group_recursively(
+                    subgroup, existing_groups_by_id, reported_group_ids
+                )
+
+
 class AuthServiceBase:
     @staticmethod
     def _get_all_level_paths(path: str) -> list[str]:
@@ -128,3 +198,21 @@ class AuthServiceBase:
             user_groups = UserGroup.objects.filter(path__in=all_group_paths)
 
         return user_groups
+
+
+class AuthServiceBaseAsync(AuthServiceBase):
+    @classmethod
+    async def _get_user_groups_from_paths(cls, group_paths: list[str]):
+        all_group_paths = set()
+        for path in group_paths:
+            all_group_paths.update(cls._get_all_level_paths(path))
+
+        UserGroup = _get_user_group_model()
+        user_groups = UserGroup.objects.filter(path__in=all_group_paths)
+
+        # If a group is missing/has been renamed in Keycloak, sync the groups
+        if await user_groups.acount() != len(all_group_paths):
+            await KeycloakServiceAsync().sync_user_groups()
+            user_groups = UserGroup.objects.filter(path__in=all_group_paths)
+
+        return user_groups