PyPI - clue-api - Versions diffs - 1.0.1.dev81__tar.gz → 1.0.1.dev89__tar.gz - Mend

@@ -131,9 +131,6 @@ suppress-none-returning = true
 "clue/common/classification.py" = ["D", "ANN", "C901", "TRY301", "T203"]
 "clue/remote/datatypes/*" = ["D", "ANN", "C901"]
 "clue/security/__init__.py" = ["TRY301"]
-"plugin/interactive.py" = ["T201"]
-"plugin/create.py" = ["T201", "D103"]
-"plugin/commands.py" = ["T201", "D103"]
 "test/conftest.py" = ["E402"]
 ###################
@@ -149,7 +146,7 @@ log_cli_level = "WARN"
 [tool.poetry]
 package-mode = true
 name = "clue-api"
-version = "1.0.1.dev81"
+version = "1.0.1.dev89"
 description = "Clue distributed enrichment service"
 authors = ["Canadian Centre for Cyber Security <contact@cyber.gc.ca>"]
 license = "MIT"
@@ -208,7 +205,7 @@ prometheus-client = { version = "^0.20.0", optional = true }
 apscheduler = { version = "^3.10.4", optional = true }
 pytz = { version = "^2024.1", optional = true }
 passlib = { version = "^1.7.4", optional = true }
-authlib = { version = "<1.0.0", optional = true }
+authlib = { version = "<2.0.0", optional = true }
 flask-cors = { version = ">=4.0.1,<7.0.0", optional = true }
 flasgger = { version = "^0.9.7.1", optional = true }
 trino = "^0.336.0"
@@ -241,8 +238,6 @@ last_success = "build_scripts.last_success:main"
 check_changes = "build_scripts.check_changes:main"
 type_check = "build_scripts.type_check:main"
 coverage_report = "build_scripts.coverage_reports:main"
-plugin = "plugin.interactive:main"
-create = "plugin.create:main"
 [tool.poetry.group.test.dependencies]
 pytest = "^8.1.1"

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: clue-api
-Version: 1.0.1.dev81
+Version: 1.0.1.dev89
 Summary: Clue distributed enrichment service
 License: MIT
 License-File: LICENSE
@@ -20,7 +20,7 @@ Provides-Extra: server
 Requires-Dist: PyYAML (>=6.0.1,<7.0.0) ; extra == "server"
 Requires-Dist: Werkzeug (>=3.0.2,<4.0.0) ; extra == "server"
 Requires-Dist: apscheduler (>=3.10.4,<4.0.0) ; extra == "server"
-Requires-Dist: authlib (<1.0.0) ; extra == "server"
+Requires-Dist: authlib (<2.0.0) ; extra == "server"
 Requires-Dist: bcrypt (>=4.1.2,<5.0.0) ; extra == "server"
 Requires-Dist: beautifulsoup4 (>=4.13.3,<5.0.0)
 Requires-Dist: cart (>=1.2.3,<2.0.0)

@@ -125,7 +125,7 @@ def login(**_) -> dict[str, Any]:  # noqa: C901
                 uri = urlparse(referer if referer else request.host_url)
                 port_portion = ":" + str(uri.port) if uri.port else ""
                 redirect_uri = f"{uri.scheme}://{uri.hostname}{port_portion}/login?provider={oauth_provider}"
-                return provider.authorize_redirect(redirect_uri=redirect_uri)
+                return provider.authorize_redirect(redirect_uri=redirect_uri, nonce=request.args.get("nonce", None))
             # At this point we know the code exists, so we're good to use that to exchange for an JSON Web Token with
             # user data in it. token_data contains the access token, expiry, refresh token, and id token,

@@ -1,7 +1,7 @@
 from typing import Any
 import elasticapm
-from flask import current_app
+from flask import current_app, request
 from clue.common.exceptions import (
     AccessDeniedException,
@@ -49,7 +49,9 @@ def parse_user_data(
     provider = oauth.create_client(oauth_provider)
     if "id_token" in data:
-        data = provider.parse_id_token(data)
+        data = provider.parse_id_token(
+            data, nonce=request.args.get("nonce", data.get("userinfo", {}).get("nonce", None))
+        )
     oauth_provider_config = config.auth.oauth.providers[oauth_provider]

clue-api 1.0.1.dev81__tar.gz → 1.0.1.dev89__tar.gz