PyPI - cardo-python-utils - Versions diffs - 0.5.dev9__tar.gz → 0.5.dev11__tar.gz - Mend

cardo-python-utils 0.5.dev9tar.gz → 0.5.dev11tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

{cardo_python_utils-0.5.dev9/cardo_python_utils.egg-info → cardo_python_utils-0.5.dev11}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cardo-python-utils
-Version: 0.5.dev9
+Version: 0.5.dev11
 Summary: Python library enhanced with a wide range of functions for different scenarios.
 Author-email: CardoAI <hello@cardoai.com>
 License: MIT

{cardo_python_utils-0.5.dev9 → cardo_python_utils-0.5.dev11/cardo_python_utils.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cardo-python-utils
-Version: 0.5.dev9
+Version: 0.5.dev11
 Summary: Python library enhanced with a wide range of functions for different scenarios.
 Author-email: CardoAI <hello@cardoai.com>
 License: MIT

{cardo_python_utils-0.5.dev9 → cardo_python_utils-0.5.dev11}/cardo_python_utils.egg-info/SOURCES.txt RENAMED Viewed

@@ -28,5 +28,6 @@ python_utils/django/keycloak/admin/user_groups_changelist.html
 python_utils/django/keycloak/api/__init__.py
 python_utils/django/keycloak/api/drf.py
 python_utils/django/keycloak/api/ninja.py
+python_utils/django/keycloak/api/utils.py
 python_utils/django/keycloak/models/__init__.py
 python_utils/django/keycloak/models/user_group.py

{cardo_python_utils-0.5.dev9 → cardo_python_utils-0.5.dev11}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "cardo-python-utils"
-version = "0.5.dev9"
+version = "0.5.dev11"
 description = "Python library enhanced with a wide range of functions for different scenarios."
 readme = "README.rst"
 requires-python = ">=3.8"

{cardo_python_utils-0.5.dev9 → cardo_python_utils-0.5.dev11}/python_utils/django/keycloak/api/drf.py RENAMED Viewed

@@ -1,31 +1,19 @@
-import jwt
 from django.conf import settings
-from django.contrib.auth import get_user_model
-from jwt import PyJWKClient
 from jwt.exceptions import InvalidTokenError
 from rest_framework import authentication
 from rest_framework.exceptions import AuthenticationFailed
 from rest_framework.permissions import BasePermission
-jwks_client = PyJWKClient(getattr(settings, "JWKS_URL", ""))
+from .utils import create_or_update_user, decode_jwt
 class AuthenticationBackend(authentication.TokenAuthentication):
     keyword = "Bearer"
     def authenticate_credentials(self, token: str):
-        signing_key = jwks_client.get_signing_key_from_jwt(token)
         try:
-            payload = jwt.decode(
-                token,
-                signing_key.key,
-                algorithms=["RS256"],
-                audience=getattr(settings, "JWT_AUDIENCE", None),
-            )
+            payload = decode_jwt(token)
         except InvalidTokenError as e:
             raise AuthenticationFailed(f"Invalid token: {str(e)}") from e
@@ -36,43 +24,9 @@ class AuthenticationBackend(authentication.TokenAuthentication):
                 "Invalid token: preferred_username not present."
             ) from e
-        user = self._get_user(username, payload)
+        user = create_or_update_user(username, payload)
         return user, payload
-    def _get_user(self, username: str, payload: dict):
-        """
-        Get or create a user based on the JWT payload.
-        If the user exists, update their details.
-        """
-        user_model = get_user_model()
-        user_data = {
-            "first_name": payload.get("given_name") or "",
-            "last_name": payload.get("family_name") or "",
-            "email": payload.get("email") or "",
-            "is_staff": payload.get("is_staff", False),
-        }
-        if hasattr(user_model, "is_demo"):
-            user_data["is_demo"] = payload.get("is_demo", False)
-        user = user_model.objects.filter(username=username).first()
-        if user:
-            update_needed = False
-            for field, value in user_data.items():
-                if getattr(user, field) != value:
-                    setattr(user, field, value)
-                    update_needed = True
-            if update_needed:
-                user.save(update_fields=list(user_data.keys()))
-            return user
-        else:
-            return user_model.objects.create(
-                username=username,
-                **user_data,
-            )
 class HasScope(BasePermission):
     """

{cardo_python_utils-0.5.dev9 → cardo_python_utils-0.5.dev11}/python_utils/django/keycloak/api/ninja.py RENAMED Viewed

@@ -1,27 +1,18 @@
 from typing import Literal
-from jwt import PyJWKClient, decode as jwt_decode
 from jwt.exceptions import InvalidTokenError
 from django.conf import settings
-from django.contrib.auth import get_user_model
 from ninja.security import HttpBearer
 from ninja.errors import AuthenticationError, HttpError
-jwks_client = PyJWKClient(getattr(settings, "JWKS_URL", ""))
+from .utils import create_or_update_user, decode_jwt
 class AuthBearer(HttpBearer):
     def authenticate(self, request, token):
-        signing_key = jwks_client.get_signing_key_from_jwt(token)
         try:
-            payload = jwt_decode(
-                token,
-                signing_key.key,
-                algorithms=["RS256"],
-                audience=getattr(settings, "JWT_AUDIENCE", None),
-            )
+            payload = decode_jwt(token)
         except InvalidTokenError as e:
             raise AuthenticationError(f"Invalid token: {str(e)}") from e
@@ -32,46 +23,12 @@ class AuthBearer(HttpBearer):
                 "Invalid token: preferred_username not present."
             ) from e
-        user = self._get_user(username, payload)
+        user = create_or_update_user(username, payload)
         self._verify_scopes(request, payload)
         return user
-    def _get_user(self, username: str, payload: dict):
-        """
-        Get or create a user based on the JWT payload.
-        If the user exists, update their details.
-        """
-        user_model = get_user_model()
-        user_data = {
-            "first_name": payload.get("given_name") or "",
-            "last_name": payload.get("family_name") or "",
-            "email": payload.get("email") or "",
-            "is_staff": payload.get("is_staff", False),
-        }
-        if hasattr(user_model, "is_demo"):
-            user_data["is_demo"] = payload.get("is_demo", False)
-        user = user_model.objects.filter(username=username).first()
-        if user:
-            update_needed = False
-            for field, value in user_data.items():
-                if getattr(user, field) != value:
-                    setattr(user, field, value)
-                    update_needed = True
-            if update_needed:
-                user.save(update_fields=list(user_data.keys()))
-            return user
-        else:
-            return user_model.objects.create(
-                username=username,
-                **user_data,
-            )
     def _verify_scopes(self, request, token_payload):
         allowed_scopes = self._get_view_allowed_scopes(request)

cardo_python_utils-0.5.dev11/python_utils/django/keycloak/api/utils.py ADDED Viewed

@@ -0,0 +1,77 @@
+from typing import TypedDict
+from django.conf import settings
+from django.contrib.auth import get_user_model
+from jwt import decode, PyJWKClient
+jwks_client = PyJWKClient(getattr(settings, "JWKS_URL", ""))
+class TokenPayload(TypedDict, total=False):
+    exp: int
+    iat: int
+    jti: str
+    iss: str
+    aud: str | list[str]
+    typ: str
+    azp: str
+    sid: str
+    scope: str
+    preferred_username: str
+    given_name: str
+    family_name: str
+    email: str
+    is_staff: bool
+    is_demo: bool
+    groups: list[str]  # Full path of the user group, e.g. "/group1/subgroup1"
+def decode_jwt(token: str) -> TokenPayload:
+    """
+    Decode a JWT token using the public certificate of the Auth Server.
+    Raises:
+        jwt.exceptions.InvalidTokenError: If the token is invalid or cannot be decoded.
+    """
+    signing_key = jwks_client.get_signing_key_from_jwt(token)
+    return decode(
+        token,
+        signing_key.key,
+        algorithms=["RS256"],
+        audience=getattr(settings, "JWT_AUDIENCE", None),
+    )
+def create_or_update_user(username: str, payload: TokenPayload):
+    """
+    Create or update a user based on the JWT payload.
+    """
+    user_model = get_user_model()
+    user_data = {
+        "first_name": payload.get("given_name") or "",
+        "last_name": payload.get("family_name") or "",
+        "email": payload.get("email") or "",
+        "is_staff": payload.get("is_staff", False),
+    }
+    if hasattr(user_model, "is_demo"):
+        user_data["is_demo"] = payload.get("is_demo", False)
+    user = user_model.objects.filter(username=username).first()
+    if user:
+        update_needed = False
+        for field, value in user_data.items():
+            if getattr(user, field) != value:
+                setattr(user, field, value)
+                update_needed = True
+        if update_needed:
+            user.save(update_fields=list(user_data.keys()))
+        return user
+    else:
+        return user_model.objects.create(
+            username=username,
+            **user_data,
+        )

{cardo_python_utils-0.5.dev9 → cardo_python_utils-0.5.dev11}/python_utils/django/keycloak/service.py RENAMED Viewed

@@ -4,10 +4,32 @@ from keycloak import KeycloakAdmin
 from keycloak import KeycloakOpenIDConnection
 from keycloak.exceptions import KeycloakGetError
+def _get_user_group_model():
+    """
+    Dynamically get the UserGroup model.
+    Attempts to use the model specified in settings.KEYCLOAK_USER_GROUP_MODEL.
+    Returns:
+        The UserGroup model class.
+    Raises:
+        LookupError: If the model cannot be found.
+    """
+    try:
+        model_string = getattr(settings, "KEYCLOAK_USER_GROUP_MODEL")
+    except AttributeError:
+        raise LookupError(
+            "Please set KEYCLOAK_USER_GROUP_MODEL in your Django settings "
+            "(e.g., 'myapp.UserGroup')."
+        )
+    return apps.get_model(model_string)
 class KeycloakService:
     def __init__(self):
-        self._user_group_model = self._get_user_group_model()
+        self._user_group_model = _get_user_group_model()
         self._keycloak_admin = self._get_keycloak_admin()
     def sync_user_groups(self, raise_exceptions: bool = False):
@@ -53,28 +75,6 @@ class KeycloakService:
         )
         return KeycloakAdmin(connection=keycloak_connection)
-    def _get_user_group_model(self):
-        """
-        Dynamically get the UserGroup model.
-        Attempts to use the model specified in settings.KEYCLOAK_USER_GROUP_MODEL.
-        Returns:
-            The UserGroup model class.
-        Raises:
-            LookupError: If the model cannot be found.
-        """
-        try:
-            model_string = getattr(settings, "KEYCLOAK_USER_GROUP_MODEL")
-        except AttributeError:
-            raise LookupError(
-                "Please set KEYCLOAK_USER_GROUP_MODEL in your Django settings "
-                "(e.g., 'myapp.UserGroup')."
-            )
-        return apps.get_model(model_string)
     def _process_group_recursively(
         self, group, existing_groups_by_id, reported_group_ids
     ):
@@ -98,3 +98,33 @@ class KeycloakService:
                 self._process_group_recursively(
                     subgroup, existing_groups_by_id, reported_group_ids
                 )
+class AuthServiceBase:
+    @staticmethod
+    def _get_all_level_paths(path: str) -> list[str]:
+        """
+        Given a group path, return all level paths up to the root.
+        E.g., for "/a/b/c", return ["/a/b/c", "/a/b", "/a"]
+        """
+        paths = []
+        while "/" in path:
+            paths.append(path)
+            path = "/".join(path.split("/")[:-1])
+        return paths
+    @classmethod
+    def _get_user_groups_from_paths(cls, group_paths: list[str]):
+        all_group_paths = set()
+        for path in group_paths:
+            all_group_paths.update(cls._get_all_level_paths(path))
+        UserGroup = _get_user_group_model()
+        user_groups = UserGroup.objects.filter(path__in=all_group_paths)
+        # If a group is missing/has been renamed in Keycloak, sync the groups
+        if user_groups.count() != len(all_group_paths):
+            KeycloakService().sync_user_groups()
+            user_groups = UserGroup.objects.filter(path__in=all_group_paths)
+        return user_groups