clear-skies 1.19.20__py3-none-any.whl → 1.19.22__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of clear-skies might be problematic. Click here for more details.

Files changed (7) hide show
  1. {clear_skies-1.19.20.dist-info → clear_skies-1.19.22.dist-info}/METADATA +3 -1
  2. {clear_skies-1.19.20.dist-info → clear_skies-1.19.22.dist-info}/RECORD +7 -6
  3. clearskies/authentication/__init__.py +7 -0
  4. clearskies/authentication/jwks.py +13 -0
  5. clearskies/authentication/jwks_jwcrypto.py +39 -0
  6. {clear_skies-1.19.20.dist-info → clear_skies-1.19.22.dist-info}/LICENSE +0 -0
  7. {clear_skies-1.19.20.dist-info → clear_skies-1.19.22.dist-info}/WHEEL +0 -0
{clear_skies-1.19.20.dist-info → clear_skies-1.19.22.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: clear-skies
3
- Version: 1.19.20
3
+ Version: 1.19.22
4
4
  Summary: A framework for building backends in the cloud
5
5
  Home-page: https://github.com/cmancone/clearskies
6
6
  License: MIT
@@ -15,12 +15,14 @@ Classifier: Programming Language :: Python :: 3.10
15
15
  Classifier: Programming Language :: Python :: 3.11
16
16
  Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
17
17
  Provides-Extra: jose
18
+ Provides-Extra: jwcrypto
18
19
  Provides-Extra: mysql
19
20
  Provides-Extra: secrets
20
21
  Requires-Dist: akeyless (>=3.6.2,<4.0.0) ; extra == "secrets"
21
22
  Requires-Dist: akeyless-cloud-id (>=0.2.3,<0.3.0) ; extra == "secrets"
22
23
  Requires-Dist: dateparser (>=1.1.8,<2.0.0)
23
24
  Requires-Dist: jose (>=1.0.0,<2.0.0) ; extra == "jose"
25
+ Requires-Dist: jwcrypto (>=1.5.6,<2.0.0) ; extra == "jwcrypto"
24
26
  Requires-Dist: pymysql (>=1.1.0,<2.0.0) ; extra == "mysql"
25
27
  Requires-Dist: requests (>=2.31.0,<3.0.0)
26
28
  Project-URL: Repository, https://github.com/cmancone/clearskies
{clear_skies-1.19.20.dist-info → clear_skies-1.19.22.dist-info}/RECORD RENAMED
@@ -1,10 +1,11 @@
1
1
  clearskies/__init__.py,sha256=Iz_VxSgiqM6VtGXoUsB_yVKFy_uWvcf071w803wJ8EE,832
2
2
  clearskies/application.py,sha256=_gYGIUGdVE5fAS9dwxRZ1gDpDjqGo7-twVt_VxI6XVE,966
3
- clearskies/authentication/__init__.py,sha256=sAU6m9c8cJECfLa-hY-BxsSk5FVLb5Dvphb5u6AmULA,710
3
+ clearskies/authentication/__init__.py,sha256=pHKJOfujgvNAbgzQpKVzEhWORwjAZTE4jKhJ50M7zts,900
4
4
  clearskies/authentication/auth0_jwks.py,sha256=bzqNaEoG_iPndwttRXuaKpgkDtgOCLAooyifl0I0ACI,4447
5
5
  clearskies/authentication/auth_exception.py,sha256=8Tay3Sim2K8vAZ6ldisSJyRyN0cwX7iyGHwfglSKW_A,41
6
6
  clearskies/authentication/authorization.py,sha256=eLzBrXMNr1gYoIBZTd8I6uH3R0CfMMjhvimkJt4Amrs,601
7
- clearskies/authentication/jwks.py,sha256=JsBG4U7eGoKO75CV6J39d91lrVWtjVn6n8fN9RpCYEc,2811
7
+ clearskies/authentication/jwks.py,sha256=AOrCkL7pVznTM6mbrQ3RVHCccws0b_yEtqEOe6NRw5k,3368
8
+ clearskies/authentication/jwks_jwcrypto.py,sha256=Oq3lID1nXSSaBnmxzpz1TSByvyNbanUHNAmdqDsuM6k,1219
8
9
  clearskies/authentication/public.py,sha256=zNpglAILTU7koz22YaGpMOAtTn_dG8dAP4Q9REdbaOk,630
9
10
  clearskies/authentication/secret_bearer.py,sha256=OBkjvw4n-ZLRRtZEKyzdael03DYIwacvUxrj5V9h0Ow,2968
10
11
  clearskies/autodoc/__init__.py,sha256=JRUAmd0he8iGlgiZvxewLMIXJqnOFEdvlaKAtHpC2lo,124
@@ -199,7 +200,7 @@ clearskies/tests/simple_api/models/__init__.py,sha256=nUA0W6fgXw_Bxa9CudkaDkC80t
199
200
  clearskies/tests/simple_api/models/status.py,sha256=PEhPbaQh5qdUNHp8O0gz91LOLENAEBtqSaHxUPXchaM,699
200
201
  clearskies/tests/simple_api/models/user.py,sha256=5_P4Tp1tTdX7PkMJ__epPM5MA7JAeVYGas69vcWloLc,819
201
202
  clearskies/tests/simple_api/users_api.py,sha256=KYXCgEofDxHeRdQK67txN5oYUPvxxmB8JTku7L-apk4,2344
202
- clear_skies-1.19.20.dist-info/LICENSE,sha256=3Ehd0g3YOpCj8sqj0Xjq5qbOtjjgk9qzhhD9YjRQgOA,1053
203
- clear_skies-1.19.20.dist-info/METADATA,sha256=pGY_Nr8VLrTIxGc4KnBhrQscpkNiSxDDPMY1JyIqLH0,1624
204
- clear_skies-1.19.20.dist-info/WHEEL,sha256=d2fvjOD7sXsVzChCqf0Ty0JbHKBaLYwDbGQDwQTnJ50,88
205
- clear_skies-1.19.20.dist-info/RECORD,,
203
+ clear_skies-1.19.22.dist-info/LICENSE,sha256=3Ehd0g3YOpCj8sqj0Xjq5qbOtjjgk9qzhhD9YjRQgOA,1053
204
+ clear_skies-1.19.22.dist-info/METADATA,sha256=kuCvcPxF59ud7HOnRF4rRYyCRiPT-im2EKSJkOtyTP4,1712
205
+ clear_skies-1.19.22.dist-info/WHEEL,sha256=d2fvjOD7sXsVzChCqf0Ty0JbHKBaLYwDbGQDwQTnJ50,88
206
+ clear_skies-1.19.22.dist-info/RECORD,,
clearskies/authentication/__init__.py CHANGED
@@ -4,6 +4,7 @@ from .public import Public
4
4
  from .auth0_jwks import Auth0JWKS
5
5
  from .authorization import Authorization
6
6
  from .jwks import JWKS
7
+ from .jwks_jwcrypto import JWKSJwCrypto
7
8
 
8
9
 
9
10
  def public():
@@ -22,6 +23,10 @@ def jwks(jwks_url, **kwargs):
22
23
  return BindingConfig(JWKS, jwks_url=jwks_url, **kwargs)
23
24
 
24
25
 
26
+ def jwks_jwcrypto(jwks_url, **kwargs):
27
+ return BindingConfig(JWKSJwCrypto, jwks_url=jwks_url, **kwargs)
28
+
29
+
25
30
  __all__ = [
26
31
  "Authorization",
27
32
  "BindingConfig",
@@ -34,4 +39,6 @@ __all__ = [
34
39
  "authorization",
35
40
  "jwks",
36
41
  "JWKS",
42
+ "jwks_jwcrypto",
43
+ "JWKSJwCrypto",
37
44
  ]
clearskies/authentication/jwks.py CHANGED
@@ -7,6 +7,7 @@ class JWKS(Auth0JWKS):
7
7
  _audience = None
8
8
  _jwks_url = None
9
9
  _jwks_cache_time = None
10
+ _authorization_url = None
10
11
 
11
12
  def __init__(self, environment, requests, jose_jwt):
12
13
  super().__init__(environment, requests, jose_jwt)
@@ -18,6 +19,7 @@ class JWKS(Auth0JWKS):
18
19
  audience=None,
19
20
  issuer=None,
20
21
  documentation_security_name=None,
22
+ authorization_url=None,
21
23
  jwks_cache_time=86400,
22
24
  ):
23
25
  self._audience = audience
@@ -28,6 +30,7 @@ class JWKS(Auth0JWKS):
28
30
  raise ValueError("Must provide 'jwks_url' when using JWKS authentication")
29
31
  self._algorithms = ["RS256"] if algorithms is None else algorithms
30
32
  self._documentation_security_name = documentation_security_name
33
+ self._authorization_url = authorization_url if authorization_url else ""
31
34
 
32
35
  def authenticate(self, input_output):
33
36
  auth_header = input_output.get_request_header("authorization", True)
@@ -73,3 +76,13 @@ class JWKS(Auth0JWKS):
73
76
  self._jwks_fetched = now
74
77
 
75
78
  return self._jwks
79
+
80
+ def documentation_security_scheme(self):
81
+ return {
82
+ "type": "oauth2",
83
+ "description": "JWT based authentication",
84
+ "flows": {"implicit": {"authorizationUrl": self._authorization_url, "scopes": {}}},
85
+ }
86
+
87
+ def documentation_security_scheme_name(self):
88
+ return self._documentation_security_name if self._documentation_security_name is not None else "jwt"
clearskies/authentication/jwks_jwcrypto.py ADDED
@@ -0,0 +1,39 @@
1
+ import datetime
2
+ import json
3
+
4
+ from clearskies.authentication import JWKS
5
+ from clearskies.handlers.exceptions import ClientError
6
+
7
+
8
+ class JWKSJwCrypto(JWKS):
9
+ def __init__(self, environment, requests):
10
+ # the third parameter is supposed to be jose_jwt, but we're going to override all
11
+ # the functions that use it
12
+ super().__init__(environment, requests, {})
13
+
14
+ def validate_jwt(self, raw_jwt):
15
+ from jwcrypto import jws, jwk, jwt
16
+ from jwcrypto.common import JWException
17
+
18
+ keys = jwk.JWKSet()
19
+ keys.import_keyset(json.dumps(self._get_jwks()))
20
+
21
+ client_jwt = jwt.JWT()
22
+ try:
23
+ client_jwt.deserialize(raw_jwt)
24
+ except Exception as e:
25
+ raise ClientError(str(e))
26
+
27
+ try:
28
+ client_jwt.validate(keys)
29
+ self.jwt_claims = json.loads(client_jwt.claims)
30
+ except JWException as e:
31
+ raise ClientError(str(e))
32
+
33
+ if self._audience and self.jwt_claims.get("aud") != self._audience:
34
+ raise ClientError("Audience does not match")
35
+
36
+ if self._issuer and self.jwt_claims.get("iss") != self._issuer:
37
+ raise ClientError("Issuer does not match")
38
+
39
+ return True