PyPI - cardo-python-utils - Versions diffs - 0.5.dev14__tar.gz → 0.5.dev16__tar.gz - Mend

cardo-python-utils 0.5.dev14tar.gz → 0.5.dev16tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

{cardo_python_utils-0.5.dev14/cardo_python_utils.egg-info → cardo_python_utils-0.5.dev16}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cardo-python-utils
-Version: 0.5.dev14
+Version: 0.5.dev16
 Summary: Python library enhanced with a wide range of functions for different scenarios.
 Author-email: CardoAI <hello@cardoai.com>
 License: MIT

{cardo_python_utils-0.5.dev14 → cardo_python_utils-0.5.dev16/cardo_python_utils.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cardo-python-utils
-Version: 0.5.dev14
+Version: 0.5.dev16
 Summary: Python library enhanced with a wide range of functions for different scenarios.
 Author-email: CardoAI <hello@cardoai.com>
 License: MIT

{cardo_python_utils-0.5.dev14 → cardo_python_utils-0.5.dev16}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "cardo-python-utils"
-version = "0.5.dev14"
+version = "0.5.dev16"
 description = "Python library enhanced with a wide range of functions for different scenarios."
 readme = "README.rst"
 requires-python = ">=3.8"

{cardo_python_utils-0.5.dev14 → cardo_python_utils-0.5.dev16}/python_utils/django/keycloak/api/drf.py RENAMED Viewed

@@ -13,7 +13,7 @@ class AuthenticationBackend(authentication.TokenAuthentication):
     def authenticate_credentials(self, token: str):
         try:
-            payload = decode_jwt(token)
+            payload = decode_jwt(token, audience=self._get_audience())
         except InvalidTokenError as e:
             raise AuthenticationFailed(f"Invalid token: {str(e)}") from e
@@ -26,6 +26,12 @@ class AuthenticationBackend(authentication.TokenAuthentication):
         user = create_or_update_user(username, payload)
         return user, payload
+    def _get_audience(self):
+        """
+        Allows subclasses to override the audience used for JWT decoding.
+        """
+        return getattr(settings, "JWT_AUDIENCE", None)
 class HasScope(BasePermission):
@@ -42,18 +48,32 @@ class HasScope(BasePermission):
         allowed_scopes = ["jobs"]
         ...
+    It is possible to define different scopes per HTTP method
+    by setting `allowed_scopes` as a dict:
+    class MyApiView(APIView):
+        permission_classes = [IsAuthenticated, HasScope]
+        allowed_scopes = {
+            "get": ["jobs"],
+            "post": ["jobs_admin"],
+        }
+        ...
     If no particular scope is required, you can set `allowed_scopes = "*"`
         to allow access without scope checks.
     """
     def has_permission(self, request, view):
-        allowed_scopes = getattr(view, "allowed_scopes", [])
+        allowed_scopes = getattr(view, "allowed_scopes", None)
         if not allowed_scopes:
             raise Exception(
                 f"No allowed_scopes defined on the view '{view.__class__.__name__}'. "
                 "Define allowed_scopes or set it to '*' to allow any scope."
             )
+        if isinstance(allowed_scopes, dict):
+            allowed_scopes = allowed_scopes.get(request.method.lower(), [])
         if allowed_scopes == "*":
             return True

{cardo_python_utils-0.5.dev14 → cardo_python_utils-0.5.dev16}/python_utils/django/keycloak/api/utils.py RENAMED Viewed

@@ -1,4 +1,4 @@
-from typing import TypedDict, Union
+from typing import Optional, TypedDict, Union
 from django.conf import settings
 from django.contrib.auth import get_user_model
@@ -27,7 +27,7 @@ class TokenPayload(TypedDict, total=False):
     groups: list[str]  # Full path of the user group, e.g. "/group1/subgroup1"
-def decode_jwt(token: str) -> TokenPayload:
+def decode_jwt(token: str, audience: Optional[str] = None) -> TokenPayload:
     """
     Decode a JWT token using the public certificate of the Auth Server.
@@ -36,11 +36,14 @@ def decode_jwt(token: str) -> TokenPayload:
     """
     signing_key = jwks_client.get_signing_key_from_jwt(token)
+    if audience is None:
+        audience = getattr(settings, "JWT_AUDIENCE", None)
     return decode(
         token,
         signing_key.key,
         algorithms=["RS256"],
-        audience=getattr(settings, "JWT_AUDIENCE", None),
+        audience=audience,
     )