PyPI - commonground-api-common - Versions diffs - 1.13.3__py3-none-any.whl → 2.0.0__py3-none-any.whl - Mend

commonground-api-common 1.13.3py3-none-any.whl → 2.0.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

vng_api_common/authorizations/utils.py ADDED Viewed

@@ -0,0 +1,17 @@
+def generate_jwt(client_id, secret, user_id, user_representation):
+    from zgw_consumers.client import ZGWAuth
+    class FakeService:
+        def __init__(self, **kwargs):
+            for key, value in kwargs.items():
+                setattr(self, key, value)
+    auth = ZGWAuth(
+        service=FakeService(  # type: ignore
+            client_id=client_id,
+            secret=secret,
+            user_id=user_id,
+            user_representation=user_representation,
+        )
+    )
+    return f"Bearer {auth._token}"

vng_api_common/client.py CHANGED Viewed

@@ -1,44 +1,73 @@
 """
-Interface to get a zds_client object for a given URL.
+Interface to get a client object for a given URL.
 """
-from typing import Optional
+import logging
+from typing import Any, Optional
-from django.apps import apps
 from django.conf import settings
 from django.utils.module_loading import import_string
-from zds_client import Client
+from ape_pie import APIClient
+from requests import JSONDecodeError, RequestException, Response
+logger = logging.getLogger(__name__)
-def get_client(url: str, url_is_api_root=False) -> Optional[Client]:
-    """
-    Get a client instance for the given URL.
-    If the setting CUSTOM_CLIENT_FETCHER is defined, then this callable is invoked.
-    Otherwise we fall back on the default implementation.
+class ClientError(RuntimeError):
+    pass
-    If no suitable client is found, ``None`` is returned.
-    """
-    custom_client_fetcher = getattr(settings, "CUSTOM_CLIENT_FETCHER", None)
-    if custom_client_fetcher:
-        client_getter = import_string(custom_client_fetcher)
-        return client_getter(url)
-    # default implementation
-    Client = import_string(settings.ZDS_CLIENT_CLASS)
+# TODO: use more approriate method name
+def to_internal_data(response: Response) -> dict | list | None:
+    try:
+        response_json = response.json()
+    except JSONDecodeError:
+        logger.exception("Unable to parse json from response")
+        response_json = None
-    if url_is_api_root and not url.endswith("/"):
-        url = f"{url}/"
+    try:
+        response.raise_for_status()
+    except RequestException as exc:
+        if response.status_code >= 500:
+            raise
+        raise ClientError(response_json if response_json is not None else {}) from exc
-    client = Client.from_url(url)
-    if client is None:
-        return None
+    assert response_json
+    return response_json
+class Client(APIClient):
+    def request(
+        self, method: str | bytes, url: str | bytes, *args, **kwargs
+    ) -> Response:
+        headers = kwargs.pop("headers", {})
+        headers.setdefault("Accept", "application/json")
+        headers.setdefault("Content-Type", "application/json")
+        kwargs["headers"] = headers
+        data = kwargs.get("data", {})
-    APICredential = apps.get_model("vng_api_common", "APICredential")
+        if data:
+            kwargs["json"] = data
-    if url_is_api_root:
-        client.base_url = url
+        return super().request(method, url, *args, **kwargs)
+def get_client(url: str) -> Client | None:
+    """
+    Get a client instance for the given URL.
+    If no suitable client is found, ``None`` is returned.
+    """
+    from zgw_consumers.client import build_client
+    from zgw_consumers.models import Service
+    service: Optional[Service] = Service.get_service(url)
+    if not service:
+        logger.warning(f"No service configured for {url}")
+        return None
-    client.auth = APICredential.get_auth(url)
-    return client
+    return build_client(service, client_factory=Client)

vng_api_common/conf/api.py CHANGED Viewed

@@ -4,7 +4,6 @@ __all__ = [
     "BASE_SWAGGER_SETTINGS",
     "COMMON_SPEC",
     "LINK_FETCHER",
-    "ZDS_CLIENT_CLASS",
     "GEMMA_URL_TEMPLATE",
     "GEMMA_URL_COMPONENTTYPE",
     "GEMMA_URL_INFORMATIEMODEL",
@@ -94,8 +93,6 @@ REDOC_SETTINGS = {"EXPAND_RESPONSES": "200,201", "SPEC_URL": "openapi.json"}
 # See: https://github.com/Rebilly/ReDoc#redoc-options-object
 LINK_FETCHER = "requests.get"
-ZDS_CLIENT_CLASS = "zds_client.Client"
 GEMMA_URL_TEMPLATE = "https://www.gemmaonline.nl/index.php/{informatiemodel}_{versie}/doc/{componenttype}/{component}"
 GEMMA_URL_COMPONENTTYPE = "objecttype"
 GEMMA_URL_INFORMATIEMODEL = "Rgbz"

vng_api_common/management/commands/generate_swagger.py CHANGED Viewed

@@ -47,7 +47,7 @@ class Row:
 class Command(generate_swagger.Command):
     """
-    Patches to the provided command to modify the schema for ZDS needs.
+    Patches to the provided command to modify the schema.
     """
     leave_locale_alone = True

vng_api_common/middleware.py CHANGED Viewed

@@ -1,242 +1,16 @@
 # https://pyjwt.readthedocs.io/en/latest/usage.html#reading-headers-without-validation
 # -> we can put the organization/service in the headers itself
 import logging
-from typing import Any, Dict, Iterable, List, Optional
 from django.conf import settings
-from django.db import models, transaction
-from django.db.models import QuerySet
-from django.utils.translation import gettext as _
-import jwt
-from djangorestframework_camel_case.util import underscoreize
-from rest_framework.exceptions import PermissionDenied
 from rest_framework.response import Response
-from zds_client.client import ClientError
-from .authorizations.models import Applicatie, AuthorizationsConfig, Autorisatie
-from .authorizations.serializers import ApplicatieUuidSerializer
-from .constants import VERSION_HEADER, VertrouwelijkheidsAanduiding
-from .models import JWTSecret
-from .utils import get_uuid_from_path
+from .constants import VERSION_HEADER
 logger = logging.getLogger(__name__)
-class JWTAuth:
-    def __init__(self, encoded: str = None):
-        self.encoded = encoded
-    @property
-    def applicaties(self) -> Iterable[Applicatie]:
-        if self.client_id is None:
-            return []
-        applicaties = self._get_auth()
-        if not applicaties:
-            auth_data = self._request_auth()
-            applicaties = self._save_auth(auth_data)
-        return applicaties
-    @property
-    def autorisaties(self) -> models.QuerySet:
-        """
-        Retrieve all authorizations relevant to this component.
-        """
-        app_ids = [app.id for app in self.applicaties]
-        config = AuthorizationsConfig.get_solo()
-        return Autorisatie.objects.filter(
-            applicatie_id__in=app_ids, component=config.component
-        )
-    def _request_auth(self) -> list:
-        client = AuthorizationsConfig.get_client()
-        try:
-            response = client.list(
-                "applicatie", query_params={"clientIds": self.client_id}
-            )
-        except ClientError as exc:
-            response = exc.args[0]
-            # friendly debug - hint at where the problem is located
-            if response["status"] == 403 and response["code"] == "not_authenticated":
-                detail = _(
-                    "Component could not authenticate against the AC - "
-                    "authorizations could not be retrieved"
-                )
-                raise PermissionDenied(detail=detail, code="not_authenticated_for_ac")
-            logger.warn("Authorization component can't be accessed")
-            return []
-        return underscoreize(response["results"])
-    def _get_auth(self):
-        return Applicatie.objects.filter(client_ids__contains=[self.client_id])
-    @transaction.atomic
-    def _save_auth(self, auth_data):
-        applicaties = []
-        for applicatie_data in auth_data:
-            applicatie_serializer = ApplicatieUuidSerializer(data=applicatie_data)
-            uuid = get_uuid_from_path(applicatie_data["url"])
-            applicatie_data["uuid"] = uuid
-            applicatie_serializer.is_valid()
-            applicaties.append(applicatie_serializer.save())
-        return applicaties
-    @property
-    def payload(self) -> Optional[Dict[str, Any]]:
-        if self.encoded is None:
-            return None
-        if not hasattr(self, "_payload"):
-            # decode the JWT and validate it
-            # jwt check
-            try:
-                payload = jwt.decode(
-                    self.encoded,
-                    algorithms=["HS256"],
-                    options={"verify_signature": False},
-                    leeway=settings.JWT_LEEWAY,
-                )
-            except jwt.DecodeError:
-                logger.info("Invalid JWT encountered")
-                raise PermissionDenied(
-                    _(
-                        "JWT could not be decoded. Possibly you made a copy-paste mistake."
-                    ),
-                    code="jwt-decode-error",
-                )
-            # get client_id
-            try:
-                client_id = payload["client_id"]
-            except KeyError:
-                raise PermissionDenied(
-                    "Client identifier is niet aanwezig in JWT",
-                    code="missing-client-identifier",
-                )
-            # find client_id in DB and retrieve its secret
-            try:
-                jwt_secret = JWTSecret.objects.exclude(secret="").get(
-                    identifier=client_id
-                )
-            except JWTSecret.DoesNotExist:
-                raise PermissionDenied(
-                    "Client identifier bestaat niet", code="invalid-client-identifier"
-                )
-            else:
-                key = jwt_secret.secret
-            # check signature of the token
-            try:
-                payload = jwt.decode(
-                    self.encoded,
-                    key,
-                    algorithms=["HS256"],
-                    leeway=settings.JWT_LEEWAY,
-                )
-            except jwt.InvalidSignatureError:
-                logger.exception("Invalid signature - possible payload tampering?")
-                raise PermissionDenied(
-                    "Client credentials zijn niet geldig", code="invalid-jwt-signature"
-                )
-            self._payload = payload
-        return self._payload
-    @property
-    def client_id(self) -> str:
-        if not self.payload:
-            return None
-        return self.payload["client_id"]
-    def filter_vertrouwelijkheidaanduiding(self, base: QuerySet, value) -> QuerySet:
-        if value is None:
-            return base
-        order_provided = VertrouwelijkheidsAanduiding.get_choice_order(value)
-        order_case = VertrouwelijkheidsAanduiding.get_order_expression(
-            "max_vertrouwelijkheidaanduiding"
-        )
-        # In this case we are filtering Autorisatie model to look for auth which meets our needs.
-        # Therefore we're only considering authorizations here that have a max_vertrouwelijkheidaanduiding
-        # bigger or equal than what we're checking for the object.
-        # In cases when we are filtering data objects (Zaak, InformatieObject etc) it's the other way around
-        return base.annotate(max_vertr=order_case).filter(max_vertr__gte=order_provided)
-    def filter_default(self, base: QuerySet, name, value) -> QuerySet:
-        if value is None:
-            return base
-        return base.filter(**{name: value})
-    def has_auth(
-        self, scopes: List[str], component: Optional[str] = None, **fields
-    ) -> bool:
-        if scopes is None:
-            return False
-        scopes_provided = set()
-        config = AuthorizationsConfig.get_solo()
-        if component is None:
-            component = config.component
-        for applicatie in self.applicaties:
-            # allow everything
-            if applicatie.heeft_alle_autorisaties is True:
-                return True
-            autorisaties = applicatie.autorisaties.filter(component=component)
-            # filter on all additional components
-            for field_name, field_value in fields.items():
-                if hasattr(self, f"filter_{field_name}"):
-                    autorisaties = getattr(self, f"filter_{field_name}")(
-                        autorisaties, field_value
-                    )
-                else:
-                    autorisaties = self.filter_default(
-                        autorisaties, field_name, field_value
-                    )
-            for autorisatie in autorisaties:
-                scopes_provided.update(autorisatie.scopes)
-        return scopes.is_contained_in(list(scopes_provided))
-class AuthMiddleware:
-    header = "HTTP_AUTHORIZATION"
-    auth_type = "Bearer"
-    def __init__(self, get_response=None):
-        self.get_response = get_response
-    def __call__(self, request):
-        self.extract_jwt_payload(request)
-        return self.get_response(request) if self.get_response else None
-    def extract_jwt_payload(self, request):
-        authorization = request.META.get(self.header, "")
-        prefix = f"{self.auth_type} "
-        if authorization.startswith(prefix):
-            # grab the actual token
-            encoded = authorization[len(prefix) :]
-        else:
-            encoded = None
-        request.jwt_auth = JWTAuth(encoded)
 class APIVersionHeaderMiddleware:
     """
     Include a header specifying the API-version

vng_api_common/migrations/0006_delete_apicredential.py ADDED Viewed

@@ -0,0 +1,119 @@
+# Generated by Django 5.1.2 on 2024-10-24 13:51
+import logging
+from typing import Set
+from django.db import migrations, models
+from django.utils.text import slugify
+from zgw_consumers.constants import APITypes, AuthTypes
+logger = logging.getLogger(__name__)
+def _get_api_type(api_root: str) -> APITypes:
+    mapping = {
+        "/autorisaties/api/": APITypes.ac,
+        "/zaken/api/": APITypes.zrc,
+        "/catalogi/api/": APITypes.ztc,
+        "/documenten/api/": APITypes.drc,
+        "/besluiten/api/": APITypes.drc,
+    }
+    for path, _type in mapping.items():
+        if path in api_root.lower():
+            return _type
+    return APITypes.orc
+def _get_service_slug(credential: models.Model, existing_slugs: Set[str]) -> str:
+    default_slug: str = slugify(credential.label)
+    if default_slug not in existing_slugs or not existing_slugs:
+        return default_slug
+    count = 2
+    slug = f"{default_slug}-{count}"
+    while slug in existing_slugs:
+        count += 1
+        slug = f"{default_slug}-{count}"
+    return slug
+def migrate_credentials_to_service(apps, _) -> None:
+    APICredential = apps.get_model("vng_api_common", "APICredential")
+    Service = apps.get_model("zgw_consumers", "Service")
+    credentials = APICredential.objects.all()
+    existings_service_slugs = set(Service.objects.values_list("slug", flat=True))
+    for credential in credentials:
+        logger.info(f"Creating Service for {credential.client_id}")
+        service_slug = _get_service_slug(credential, existings_service_slugs)
+        _, created = Service.objects.get_or_create(
+            api_root=credential.api_root,
+            defaults=dict(
+                label=credential.label,
+                slug=service_slug,
+                api_type=_get_api_type(credential.api_root),
+                auth_type=AuthTypes.zgw,
+                client_id=credential.client_id,
+                secret=credential.secret,
+                user_id=credential.user_id,
+                user_representation=credential.user_representation,
+            ),
+        )
+        existings_service_slugs.add(service_slug)
+        if created:
+            logger.info(f"Created new Service for {credential.api_root}")
+        else:
+            logger.info(f"Existing service found for {credential.api_root}")
+def migrate_service_to_credentials(apps, _) -> None:
+    APICredential = apps.get_model("vng_api_common", "APICredential")
+    Service = apps.get_model("zgw_consumers", "Service")
+    services = Service.objects.filter(auth_type=AuthTypes.zgw)
+    for service in services:
+        logger.info(f"Creating APICredentials for {service.client_id}")
+        _, created = APICredential.objects.get_or_create(
+            api_root=service.api_root,
+            defaults=dict(
+                label=f"Migrated credentials for {service.client_id}",
+                client_id=service.client_id,
+                secret=service.secret,
+                user_id=service.user_id,
+                user_representation=service.user_representation,
+            ),
+        )
+        if created:
+            logger.info(f"Created new APICredentials for {service.api_root}")
+        else:
+            logger.info(f"Existing APICredentials found for {service.api_root}")
+class Migration(migrations.Migration):
+    dependencies = [
+        ("vng_api_common", "0005_auto_20190614_1346"),
+    ]
+    operations = [
+        migrations.RunPython(
+            migrate_credentials_to_service, reverse_code=migrate_service_to_credentials
+        ),
+        migrations.DeleteModel(
+            name="APICredential",
+        ),
+    ]

vng_api_common/mocks.py CHANGED Viewed

@@ -1,7 +1,10 @@
 import re
 from urllib.parse import urlparse
-from zds_client.client import UUID_PATTERN
+UUID_PATTERN = re.compile(
+    r"[0-9a-f]{8}\-[0-9a-f]{4}\-4[0-9a-f]{3}\-[89ab][0-9a-f]{3}\-[0-9a-f]{12}",
+    flags=re.I,
+)
 class Response:

vng_api_common/models.py CHANGED Viewed

@@ -1,15 +1,7 @@
-from typing import Optional, Union
-from urllib.parse import urlsplit, urlunsplit
 from django.db import models
-from django.db.models.functions import Length
 from django.utils.translation import gettext_lazy as _
 from rest_framework.reverse import reverse
-from solo.models import SingletonModel
-from zds_client import Client, ClientAuth
-from .client import get_client as _get_client
 class APIMixin:
@@ -69,106 +61,3 @@ class JWTSecret(models.Model):
     def __str__(self):
         return self.identifier
-class APICredential(models.Model):
-    """
-    Store credentials for external APIs.
-    When we need to authenticate against a remote API, we need to know which
-    client ID and secret to use to sign the JWT.
-    """
-    api_root = models.URLField(
-        _("API-root"),
-        unique=True,
-        help_text=_(
-            "URL of the external API, ending in a trailing slash. Example: https://example.com/api/v1/"
-        ),
-    )
-    label = models.CharField(
-        _("label"),
-        max_length=100,
-        default="",
-        help_text=_("Human readable label of the external API."),
-    )
-    client_id = models.CharField(
-        _("client ID"),
-        max_length=255,
-        help_text=_("Client ID to identify this API at the external API."),
-    )
-    secret = models.CharField(
-        _("secret"), max_length=255, help_text=_("Secret belonging to the client ID.")
-    )
-    user_id = models.CharField(
-        _("user ID"),
-        max_length=255,
-        help_text=_(
-            "User ID to use for the audit trail. Although these external API credentials are typically used by"
-            "this API itself instead of a user, the user ID is required."
-        ),
-    )
-    user_representation = models.CharField(
-        _("user representation"),
-        max_length=255,
-        default="",
-        help_text=_("Human readable representation of the user."),
-    )
-    class Meta:
-        verbose_name = _("external API credential")
-        verbose_name_plural = _("external API credentials")
-    def __str__(self):
-        return self.api_root
-    @classmethod
-    def get_auth(cls, url: str, **kwargs) -> Union[ClientAuth, None]:
-        split_url = urlsplit(url)
-        scheme_and_domain = urlunsplit(split_url[:2] + ("", "", ""))
-        candidates = (
-            cls.objects.filter(api_root__startswith=scheme_and_domain)
-            .annotate(api_root_length=Length("api_root"))
-            .order_by("-api_root_length")
-        )
-        # select the one matching
-        for candidate in candidates.iterator():
-            if url.startswith(candidate.api_root):
-                credentials = candidate
-                break
-        else:
-            return None
-        auth = ClientAuth(
-            client_id=credentials.client_id,
-            secret=credentials.secret,
-            user_id=credentials.user_id,
-            user_representation=credentials.user_representation,
-            **kwargs,
-        )
-        return auth
-class ClientConfig(SingletonModel):
-    api_root = models.URLField(_("api root"), unique=True)
-    class Meta:
-        abstract = True
-    def __str__(self):
-        return self.api_root
-    def save(self, *args, **kwargs):
-        if not self.api_root.endswith("/"):
-            self.api_root = f"{self.api_root}/"
-        super().save(*args, **kwargs)
-    @classmethod
-    def get_client(cls) -> Optional[Client]:
-        """
-        Construct a client, prepared with the required auth.
-        """
-        config = cls.get_solo()
-        return _get_client(config.api_root, url_is_api_root=True)

vng_api_common/notifications/api/views.py CHANGED Viewed

@@ -3,6 +3,7 @@ from django.utils.module_loading import import_string
 from drf_yasg.utils import swagger_auto_schema
 from notifications_api_common.api.serializers import NotificatieSerializer
+from notifications_api_common.constants import SCOPE_NOTIFICATIES_PUBLICEREN_LABEL
 from rest_framework import status
 from rest_framework.response import Response
 from rest_framework.views import APIView
@@ -10,7 +11,6 @@ from rest_framework.views import APIView
 from ...permissions import AuthScopesRequired
 from ...scopes import Scope
 from ...serializers import FoutSerializer, ValidatieFoutSerializer
-from ..constants import SCOPE_NOTIFICATIES_PUBLICEREN_LABEL
 class NotificationBaseView(APIView):

vng_api_common/notifications/handlers.py CHANGED Viewed

@@ -4,7 +4,7 @@ from djangorestframework_camel_case.util import underscoreize
 from ..authorizations.models import Applicatie
 from ..authorizations.serializers import ApplicatieUuidSerializer
-from ..client import get_client
+from ..client import get_client, to_internal_data
 from ..constants import CommonResourceAction
 from ..utils import get_uuid_from_path
@@ -20,8 +20,13 @@ class LoggingHandler:
 class AuthHandler:
     def _request_auth(self, url: str) -> dict:
         client = get_client(url)
-        response = client.retrieve("applicatie", url)
-        return underscoreize(response)
+        if not client:
+            return {}
+        response = client.get(url)
+        data = to_internal_data(response)
+        return underscoreize(data)
     def handle(self, message: dict) -> None:
         uuid = get_uuid_from_path(message["resource_url"])

commonground-api-common 1.13.3__py3-none-any.whl → 2.0.0__py3-none-any.whl

commonground-api-common 1.13.3py3-none-any.whl → 2.0.0py3-none-any.whl