PyPI - cmdbox - Versions diffs - 0.5.3__py3-none-any.whl → 0.5.4__py3-none-any.whl - Mend

cmdbox 0.5.3py3-none-any.whl → 0.5.4py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of cmdbox might be problematic. Click here for more details.

Files changed (86) hide show

cmdbox/app/auth/__init__.py ADDED Viewed

File without changes

cmdbox/app/auth/azure_signin.py ADDED Viewed

@@ -0,0 +1,38 @@
+from cmdbox.app.auth.signin import Signin
+from fastapi import Request, Response
+from typing import Any, Dict
+import requests
+import urllib
+class AzureSignin(Signin):
+    @classmethod
+    def get_email(cls, data:Any) -> str:
+        user_info_resp = requests.get(
+            url='https://graph.microsoft.com/v1.0/me',
+            #url='https://graph.microsoft.com/v1.0/me/transitiveMemberOf?$Top=999',
+            headers={'Authorization': f'Bearer {data}'}
+        )
+        user_info_resp.raise_for_status()
+        user_info_json = user_info_resp.json()
+        if isinstance(user_info_json, dict):
+            email = user_info_json.get('mail', 'notfound')
+            return email
+        return 'notfound'
+    def request_access_token(self, conf:Dict, req:Request, res:Response) -> str:
+        headers = {'Content-Type': 'application/x-www-form-urlencoded',
+                    'Accept': 'application/json'}
+        data = {'tenant': conf['tenant_id'],
+                'code': req.query_params['code'],
+                'scope': " ".join(conf['scope']),
+                'client_id': conf['client_id'],
+                #'client_secret': conf['client_secret'],
+                'redirect_uri': conf['redirect_uri'],
+                'grant_type': 'authorization_code'}
+        query = '&'.join([f'{k}={urllib.parse.quote(v)}' for k, v in data.items()])
+        # アクセストークン取得
+        token_resp = requests.post(url=f'https://login.microsoftonline.com/{conf["tenant_id"]}/oauth2/v2.0/token', headers=headers, data=query)
+        token_resp.raise_for_status()
+        token_json = token_resp.json()
+        return token_json['access_token']

cmdbox/app/auth/azure_signin_saml.py ADDED Viewed

@@ -0,0 +1,12 @@
+from cmdbox.app.auth.signin_saml import SigninSAML
+from typing import Any
+class AzyreSigninSAML(SigninSAML):
+    @classmethod
+    def get_email(cls, data:Any) -> str:
+        user_info_json = data.get_attributes()
+        if isinstance(user_info_json, dict):
+            email = user_info_json.get('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress', ['notfound'])
+            return email[0] if len(email) > 0 else 'notfound'
+        return 'notfound'

cmdbox/app/auth/github_signin.py ADDED Viewed

@@ -0,0 +1,38 @@
+from cmdbox.app.auth.signin import Signin
+from fastapi import Request, Response
+from typing import Any, Dict
+import requests
+import urllib.parse
+class GithubSignin(Signin):
+    @classmethod
+    def get_email(cls, data:Any) -> str:
+        user_info_resp = requests.get(
+            url='https://api.github.com/user/emails',
+            headers={'Authorization': f'Bearer {data}'}
+        )
+        user_info_resp.raise_for_status()
+        user_info_json = user_info_resp.json()
+        if type(user_info_json) == list:
+            email = 'notfound'
+            for u in user_info_json:
+                if u['primary']:
+                    email = u['email']
+                    break
+            return email
+        return 'notfound'
+    def request_access_token(self, conf:Dict, req:Request, res:Response) -> str:
+        headers = {'Content-Type': 'application/x-www-form-urlencoded',
+                    'Accept': 'application/json'}
+        data = {'code': req.query_params['code'],
+                'client_id': conf['client_id'],
+                'client_secret': conf['client_secret'],
+                'redirect_uri': conf['redirect_uri']}
+        query = '&'.join([f'{k}={urllib.parse.quote(v)}' for k, v in data.items()])
+        # アクセストークン取得
+        token_resp = requests.post(url='https://github.com/login/oauth/access_token', headers=headers, data=query)
+        token_resp.raise_for_status()
+        token_json = token_resp.json()
+        return token_json['access_token']

cmdbox/app/auth/google_signin.py ADDED Viewed

@@ -0,0 +1,32 @@
+from cmdbox.app.auth.signin import Signin
+from fastapi import Request, Response
+from typing import Any, Dict
+import requests
+import urllib.parse
+class GoogleSignin(Signin):
+    @classmethod
+    def get_email(cls, data:Any) -> str:
+        user_info_resp = requests.get(
+            url='https://www.googleapis.com/oauth2/v1/userinfo',
+            headers={'Authorization': f'Bearer {data}'}
+        )
+        user_info_resp.raise_for_status()
+        user_info_json = user_info_resp.json()
+        return user_info_json['email'] if 'email' in user_info_json else 'notfound'
+    def request_access_token(self, conf:Dict, req:Request, res:Response) -> str:
+        headers = {'Content-Type': 'application/x-www-form-urlencoded'}
+        next = req.query_params['state']
+        data = {'code': req.query_params['code'],
+                'client_id': conf['client_id'],
+                'client_secret': conf['client_secret'],
+                'redirect_uri': conf['redirect_uri'],
+                'grant_type': 'authorization_code'}
+        query = '&'.join([f'{k}={urllib.parse.quote(v)}' for k, v in data.items()])
+        # アクセストークン取得
+        token_resp = requests.post(url='https://oauth2.googleapis.com/token', headers=headers, data=query)
+        token_resp.raise_for_status()
+        token_json = token_resp.json()
+        return token_json['access_token']

cmdbox/app/auth/signin.py CHANGED Viewed

@@ -27,13 +27,12 @@ class Signin(object):
         """
         return self.signin_file_data
-    def jadge(self, access_token:str, email:str) -> Tuple[bool, Dict[str, Any]]:
+    def jadge(self, email:str) -> Tuple[bool, Dict[str, Any]]:
         """
         サインインを成功させるかどうかを判定します。
         返すユーザーデータには、uid, name, email, groups, hash が必要です。
         Args:
-            access_token (str): アクセストークン
             email (str): メールアドレス
         Returns:
@@ -203,8 +202,8 @@ class Signin(object):
                     raise HTTPException(status_code=500, detail=f'signin_file format error. "password" not found or empty. ({signin_file})')
                 if 'hash' not in user or user['hash'] is None:
                     raise HTTPException(status_code=500, detail=f'signin_file format error. "hash" not found or empty. ({signin_file})')
-                if user['hash'] not in ['oauth2', 'plain', 'md5', 'sha1', 'sha256']:
-                    raise HTTPException(status_code=500, detail=f'signin_file format error. Algorithms not supported. ({signin_file}). hash={user["hash"]} "oauth2", "plain", "md5", "sha1", "sha256" only.')
+                if user['hash'] not in ['oauth2', 'saml', 'plain', 'md5', 'sha1', 'sha256']:
+                    raise HTTPException(status_code=500, detail=f'signin_file format error. Algorithms not supported. ({signin_file}). hash={user["hash"]} "oauth2", "saml", "plain", "md5", "sha1", "sha256" only.')
                 if 'groups' not in user or type(user['groups']) is not list:
                     raise HTTPException(status_code=500, detail=f'signin_file format error. "groups" not found or not list type. ({signin_file})')
                 if len([ug for ug in user['groups'] if ug not in groups]) > 0:
@@ -416,6 +415,24 @@ class Signin(object):
                 raise HTTPException(status_code=500, detail=f'signin_file format error. "scope" not list type in "azure". ({signin_file})')
             if 'signin_module' not in yml['oauth2']['providers']['azure']:
                 raise HTTPException(status_code=500, detail=f'signin_file format error. "signin_module" not found in "azure". ({signin_file})')
+            # samlのフォーマットチェック
+            if 'saml' not in yml:
+                raise HTTPException(status_code=500, detail=f'signin_file format error. "saml" not found. ({signin_file})')
+            if 'providers' not in yml['saml']:
+                raise HTTPException(status_code=500, detail=f'signin_file format error. "providers" not found in "saml". ({signin_file})')
+            # azure
+            if 'azure' not in yml['saml']['providers']:
+                raise HTTPException(status_code=500, detail=f'signin_file format error. "azure" not found in "providers". ({signin_file})')
+            if 'enabled' not in yml['saml']['providers']['azure']:
+                raise HTTPException(status_code=500, detail=f'signin_file format error. "enabled" not found in "azure". ({signin_file})')
+            if type(yml['saml']['providers']['azure']['enabled']) is not bool:
+                raise HTTPException(status_code=500, detail=f'signin_file format error. "enabled" not bool type in "azure". ({signin_file})')
+            if 'signin_module' not in yml['saml']['providers']['azure']:
+                raise HTTPException(status_code=500, detail=f'signin_file format error. "signin_module" not found in "azure". ({signin_file})')
+            if 'sp' not in yml['saml']['providers']['azure']:
+                raise HTTPException(status_code=500, detail=f'signin_file format error. "sp" not found in "azure". ({signin_file})')
+            if 'idp' not in yml['saml']['providers']['azure']:
+                raise HTTPException(status_code=500, detail=f'signin_file format error. "idp" not found in "azure". ({signin_file})')
             # フォーマットチェックOK
             return yml
@@ -632,3 +649,29 @@ class Signin(object):
             return False, f"Password policy error. not_contain_username=True"
         self.logger.info(f"Password policy OK.")
         return True, "Password policy OK."
+    def request_access_token(self, conf:Dict, req:Request, res:Response) -> str:
+        """
+        アクセストークンを取得します
+        Args:
+            conf (Dict): サインインモジュールの設定
+            req (Request): リクエスト
+            res (Response): レスポンス
+        Returns:
+            str: アクセストークン
+        """
+        raise NotImplementedError("request_access_token() is not implemented.")
+    def get_email(self, data:Any) -> str:
+        """
+        アクセストークンからメールアドレスを取得します
+        Args:
+            data (str): アクセストークン又は属性データ
+        Returns:
+            str: メールアドレス
+        """
+        return self.__class__.get_email(data)

cmdbox/app/auth/signin_saml.py ADDED Viewed

@@ -0,0 +1,61 @@
+from cmdbox.app.auth.signin import Signin
+from fastapi import Request, Response
+from typing import Any, Dict, Tuple
+import copy
+import logging
+class SigninSAML(Signin):
+    def jadge(self, email:str) -> Tuple[bool, Dict[str, Any]]:
+        """
+        サインインを成功させるかどうかを判定します。
+        返すユーザーデータには、uid, name, email, groups, hash が必要です。
+        Args:
+            email (str): メールアドレス
+        Returns:
+            Tuple[bool, Dict[str, Any]]: (成功かどうか, ユーザーデータ)
+        """
+        copy_signin_data = copy.deepcopy(self.signin_file_data)
+        users = [u for u in copy_signin_data['users'] if u['email'] == email and u['hash'] == 'saml']
+        return len(users) > 0, users[0] if len(users) > 0 else None
+    async def make_saml(self, prov:str, next:str, form_data:Dict[str, Any], req:Request, res:Response) -> Any:
+        """
+        SAML認証のリダイレクトURLを取得する
+        Args:
+            prov (str): プロバイダ名
+            next (str): リダイレクト先のURL
+            req (Request): リクエスト
+            res (Response): レスポンス
+        Returns:
+            OneLogin_Saml2_Auth: SAML認証オブジェクト
+        """
+        sd = self.get_data()
+        saml_settings = dict(
+            strict=False,
+            debug=self.logger.level==logging.DEBUG,
+            idp=sd['saml']['providers'][prov]['idp'],
+            sp=sd['saml']['providers'][prov]['sp'])
+        # SAML認証のリダイレクトURLを取得
+        request_data = dict(
+            https='on' if req.url.scheme=='https' else 'off',
+            http_host=req.client.host,
+            server_port=req.url.port,
+            script_name=f'{req.url.path}?next={next}',
+            post_data=dict(),
+            get_data=dict(),
+        )
+        if (req.query_params):
+            request_data["get_data"] = req.query_params,
+        if "SAMLResponse" in form_data:
+            SAMLResponse = form_data["SAMLResponse"]
+            request_data["post_data"]["SAMLResponse"] = SAMLResponse
+        if "RelayState" in form_data:
+            RelayState = form_data["RelayState"]
+            request_data["post_data"]["RelayState"] = RelayState
+        from onelogin.saml2.auth import OneLogin_Saml2_Auth
+        auth = OneLogin_Saml2_Auth(request_data=request_data, old_settings=saml_settings)
+        return auth

cmdbox 0.5.3__py3-none-any.whl → 0.5.4__py3-none-any.whl

Potentially problematic release.

cmdbox 0.5.3py3-none-any.whl → 0.5.4py3-none-any.whl