ecodev-core 0.0.52__py3-none-any.whl → 0.0.54__py3-none-any.whl

ecodev_core/__init__.py

@@ -12,6 +12,7 @@ from ecodev_core.app_user import select_user
 from ecodev_core.app_user import upsert_app_users
 from ecodev_core.auth_configuration import AUTH
 from ecodev_core.authentication import attempt_to_log
+from ecodev_core.authentication import ban_token
 from ecodev_core.authentication import get_access_token
 from ecodev_core.authentication import get_app_services
 from ecodev_core.authentication import get_current_user
@@ -40,6 +41,7 @@ from ecodev_core.db_insertion import get_raw_df
 from ecodev_core.db_retrieval import count_rows
 from ecodev_core.db_retrieval import get_rows
 from ecodev_core.db_retrieval import ServerSideField
+from ecodev_core.db_upsertion import add_missing_enum_values
 from ecodev_core.db_upsertion import field
 from ecodev_core.db_upsertion import filter_to_sfield_dict
 from ecodev_core.db_upsertion import get_sfield_columns
@@ -87,6 +89,7 @@ from ecodev_core.safe_utils import SimpleReturn
 from ecodev_core.safe_utils import stringify
 from ecodev_core.settings import SETTINGS
 from ecodev_core.settings import Settings
+from ecodev_core.token_banlist import TokenBanlist
 from ecodev_core.version import db_to_value
 from ecodev_core.version import get_row_versions
 from ecodev_core.version import get_versions
@@ -107,4 +110,4 @@ __all__ = [
     'sort_by_keys', 'sort_by_values', 'Settings', 'load_yaml_file', 'Deployment', 'Version',
     'sfield', 'field', 'upsert_df_data', 'upsert_deletor', 'get_row_versions', 'get_versions',
     'db_to_value', 'upsert_data', 'upsert_selector', 'get_sfield_columns', 'filter_to_sfield_dict',
-    'SETTINGS']
+    'SETTINGS', 'add_missing_enum_values', 'ban_token', 'TokenBanlist']

ecodev_core/authentication.py

@@ -33,7 +33,7 @@ from ecodev_core.db_connection import engine
 from ecodev_core.logger import logger_get
 from ecodev_core.permissions import Permission
 from ecodev_core.pydantic_utils import Frozen
-
+from ecodev_core.token_banlist import TokenBanlist
 
 SCHEME = OAuth2PasswordBearer(tokenUrl='login')
 auth_router = APIRouter(tags=['authentication'])
@@ -44,6 +44,7 @@ INVALID_USER = 'Invalid User'
 INVALID_TFA = 'Invalid TFA code'
 ADMIN_ERROR = 'Could not validate credentials. You need admin rights to call this'
 INVALID_CREDENTIALS = 'Invalid Credentials'
+REVOKED_TOKEN = 'This token has been revoked (by a logout action), please login again.'
 log = logger_get(__name__)
 
 
@@ -62,7 +63,7 @@ class TokenData(Frozen):
     id: int
 
 
-def get_access_token(token: Dict[str, Any]):
+def get_access_token(token: Dict[str, Any]) -> str | None:
     """
     Robust method to return access token or None
     """
@@ -158,6 +159,9 @@ def is_authorized_user(token: str = Depends(SCHEME)) -> bool:
     """
     Check if the passed token corresponds to an authorized user
     """
+    if _is_banned(token):
+        return False
+
     try:
         return get_current_user(token) is not None
     except Exception:
@@ -180,12 +184,38 @@ def get_user(token: str = Depends(SCHEME),
     """
     Retrieves (if it exists) the db user corresponding to the passed token
     """
+    if _is_banned(token):
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=REVOKED_TOKEN,
+                            headers={'WWW-Authenticate': 'Bearer'})
     if user := get_current_user(token, tfa_value, tfa_check):
         return user
     raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=INVALID_CREDENTIALS,
                         headers={'WWW-Authenticate': 'Bearer'})
 
 
+def ban_token(token: str, session: Session) -> None:
+    """
+    Ban the passed token
+    """
+    session.add(TokenBanlist(token=token))
+    session.commit()
+
+
+def _is_banned(token: str) -> bool:
+    """
+    Check if the passed token is banned.
+
+    NB: Clean the TokenBanlist table (deleting old entries) on the fly
+    """
+    with Session(engine) as session:
+        threshold = datetime.now() - timedelta(minutes=EXPIRATION_LENGTH)
+        for token_banned in session.exec(
+                select(TokenBanlist).where(TokenBanlist.created_at <= threshold)).all():
+            session.delete(token_banned)
+        session.commit()
+        return token in session.exec(select(TokenBanlist.token)).all()
+
+
 def get_current_user(token: str,
                      tfa_value: Optional[str] = None,
                      tfa_check: bool = False
@@ -202,6 +232,10 @@ def is_admin_user(token: str = Depends(SCHEME)) -> AppUser:
     """
     Retrieves (if it exists) the admin (meaning who has valid credentials) user from the db
     """
+    if _is_banned(token):
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=REVOKED_TOKEN,
+                            headers={'WWW-Authenticate': 'Bearer'})
+
     if (user := get_current_user(token)) and user.permission == Permission.ADMIN:
         return user
     raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=ADMIN_ERROR,
@@ -212,6 +246,10 @@ def is_monitoring_user(token: str = Depends(SCHEME)) -> AppUser:
     """
     Retrieves (if it exists) the monitoring user from the db
     """
+    if _is_banned(token):
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=REVOKED_TOKEN,
+                            headers={'WWW-Authenticate': 'Bearer'})
+
     if (user := get_current_user(token)) and user.user == MONITORING:
         return user
     raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED,

ecodev_core/db_upsertion.py

@@ -2,6 +2,7 @@
 Module handling CRUD and version operations
 """
 from datetime import datetime
+from enum import EnumType
 from functools import partial
 from typing import Any
 from typing import Union
@@ -14,6 +15,7 @@ from sqlmodel import inspect
 from sqlmodel import select
 from sqlmodel import Session
 from sqlmodel import SQLModel
+from sqlmodel import text
 from sqlmodel import update
 from sqlmodel.main import SQLModelMetaclass
 from sqlmodel.sql.expression import SelectOfScalar
@@ -27,6 +29,33 @@ INFO = 'info'
 SA_COLUMN_KWARGS = 'sa_column_kwargs'
 
 
+def add_missing_enum_values(enum: EnumType, session: Session, new_vals: list | None = None) -> None:
+    """
+    Add to an existing enum its missing db values. Do so by retrieving what is already in db, and
+    insert what is new.
+
+    NB: new_val argument is there for testing purposes
+    """
+
+    for val in [e.name for e in new_vals or enum if e.name not in get_enum_values(enum, session)]:
+        session.execute(text(f"ALTER TYPE {enum.__name__.lower()} ADD VALUE IF NOT EXISTS '{val}'"))
+        session.commit()
+
+
+def get_enum_values(enum: EnumType, session: Session) -> set[str]:
+    """
+    Return all enum values in db for the passed enum.
+    """
+    result = session.execute(text(
+        """
+        SELECT enumlabel FROM pg_enum
+        JOIN pg_type ON pg_enum.enumtypid = pg_type.oid
+        WHERE pg_type.typname = :enum_name
+        """
+    ), {'enum_name': enum.__name__.lower()})
+    return {x[0] for x in result}
+
+
 def sfield(**kwargs):
     """
     Field constructor for columns not to be versioned. Those are the columns on which to select.
@@ -147,11 +176,11 @@ def get_sfield_columns(db_model: SQLModelMetaclass) -> list[str]:
         for x in inspect(db_model).c
         if x.info.get(FILTER_ON) is True
     ]
-    
-    
-def filter_to_sfield_dict(row: dict | SQLModelMetaclass, 
-                           db_schema: SQLModelMetaclass | None = None) \
-                              -> dict[str, dict | SQLModelMetaclass]:
+
+
+def filter_to_sfield_dict(row: dict | SQLModelMetaclass,
+                          db_schema: SQLModelMetaclass | None = None) \
+        -> dict[str, dict | SQLModelMetaclass]:
     """
     Returns a dict with only sfields from object
     Args:
@@ -162,4 +191,3 @@ def filter_to_sfield_dict(row: dict | SQLModelMetaclass,
     """
     return {pk: getattr(row, pk)
             for pk in get_sfield_columns(db_schema or row.__class__)}
-    

ecodev_core/token_banlist.py

@@ -0,0 +1,18 @@
+"""
+Module implementing the token ban list table
+"""
+from datetime import datetime
+from typing import Optional
+
+from sqlmodel import Field
+from sqlmodel import SQLModel
+
+
+class TokenBanlist(SQLModel, table=True):  # type: ignore
+    """
+    A token banlist: timestamped banned token.
+    """
+    __tablename__ = 'token_banlist'
+    id: Optional[int] = Field(default=None, primary_key=True)
+    created_at: datetime = Field(default_factory=datetime.utcnow)
+    token: str = Field(index=True)

{ecodev_core-0.0.52.dist-info → ecodev_core-0.0.54.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ecodev-core
-Version: 0.0.52
+Version: 0.0.54
 Summary: Low level sqlmodel/fastapi/pydantic building blocks
 License: MIT
 Author: Thomas Epelbaum
@@ -43,7 +43,7 @@ Requires-Dist: pandas (>=2,<3)
 Requires-Dist: passlib[bcyrypt] (>=1,<2)
 Requires-Dist: progressbar2 (>=4.4.2,<5.0.0)
 Requires-Dist: psycopg2-binary (>=2,<3)
-Requires-Dist: pydantic (==2.9.2)
+Requires-Dist: pydantic (==2.11.7)
 Requires-Dist: pydantic-settings (>=2,<3)
 Requires-Dist: python-jose[cryptography] (>=3,<4)
 Requires-Dist: pyyaml (>=6,<7)

{ecodev_core-0.0.52.dist-info → ecodev_core-0.0.54.dist-info}/RECORD

@@ -1,9 +1,9 @@
-ecodev_core/__init__.py,sha256=ULUNsG-OwP5pZkqFemYcA5NZURCdSjrC2v4PNTlreDs,6001
+ecodev_core/__init__.py,sha256=xS1h7Xtp-LBGeKkxFfJFqyxeBiznow7c1MPNAeYLtOg,6218
 ecodev_core/app_activity.py,sha256=KBtI-35LBLPDppFB7xjxWthXQrY3Z_aGDnC-HrW8Ea0,4641
 ecodev_core/app_rights.py,sha256=RZPdDtydFqc_nFj96huKAc56BS0qS6ScKv4Kghqd6lc,726
 ecodev_core/app_user.py,sha256=r1bqA4H08x53XmxmjwyGKl_PFjYQazzBbVErdkztqeE,2947
 ecodev_core/auth_configuration.py,sha256=qZ1Dkk7n1AH7w0tVKQ8AYswukOeMZH6mmbixPEAQnJ8,764
-ecodev_core/authentication.py,sha256=HYi4C7cHFwGUoskiMK2q-X7QeGofONPYWB55kxzJ6vI,10093
+ecodev_core/authentication.py,sha256=HuA8o_A_jjnTzG6NKqIeh5LP1tb0yyCR1RvXcPy2Xks,11559
 ecodev_core/backup.py,sha256=N5AtoqtHJRp92Bj0Nr7WW5WDcpjTIET8haxZoYDOtyI,3890
 ecodev_core/check_dependencies.py,sha256=aFn8GI4eBbuJT8RxsfhSSnlpNYYj_LPOH-tZF0EqfKQ,6917
 ecodev_core/custom_equal.py,sha256=2gRn0qpyJ8-Kw9GQSueu0nLngLrRrwyMPlP6zqPac0U,899
@@ -11,7 +11,7 @@ ecodev_core/db_connection.py,sha256=hhqeyTrl0DlQA7RkUs6pIOpZeE3yS_Q5mqj5uGPfG_Y,
 ecodev_core/db_filters.py,sha256=T_5JVF27UEu7sC6NOm7-W3_Y0GLfbWQO_EeTXcD2cv8,5041
 ecodev_core/db_insertion.py,sha256=k-r798MMrW1sRb-gb8lQTxyJrb4QP5iZT8GDzCYYwlo,4544
 ecodev_core/db_retrieval.py,sha256=sCP7TDGIcTOK5gT3Inga91bE4S31HbQPw4yI22WJbss,7392
-ecodev_core/db_upsertion.py,sha256=_OdCILP1NEw1hkbvTn9ZOF5YkU9U02Fj_U3E7uY5AoI,5861
+ecodev_core/db_upsertion.py,sha256=Nri5innUEcUBc5zFWDq9oqyzC5sjkX7xQHwqriZ6OUI,6814
 ecodev_core/deployment.py,sha256=z8ACI00EtKknXOB8xyPwYIXTvPjIDOH9z9cBGEU0YrA,281
 ecodev_core/email_sender.py,sha256=V3UGweuq6Iy09Z9to8HzM6JOVDVGHZXHGjUSkW94Tac,1912
 ecodev_core/enum_utils.py,sha256=BkQ4YQ97tXBYmMcQiSIi0mbioD5CgVU79myg1BBAXuA,556
@@ -25,8 +25,9 @@ ecodev_core/read_write.py,sha256=YIGRERvFHU7vy-JIaCWAza4CPMysLRUHKJxN-ZgFmu0,120
 ecodev_core/safe_utils.py,sha256=Q8N15El1tSxZJJsy1i_1CCycuBN1_98QQoHmYJRcLIY,6904
 ecodev_core/settings.py,sha256=UvaTv8S_HvfFAL-m1Rfqv_geSGcccuV3ziR1o1d5wu4,1795
 ecodev_core/sqlmodel_utils.py,sha256=t57H3QPtKRy4ujic1clMK_2L4p0yjGJLZbDjHPZ8M94,453
+ecodev_core/token_banlist.py,sha256=rKXG9QkfCpjOTr8gBgdX-KYNHAkKvQ9TRnGS99VC9Co,491
 ecodev_core/version.py,sha256=eyIf8KkW_t-hMuYFIoy0cUlNaMewLe6i45m2HKZKh0Q,4403
-ecodev_core-0.0.52.dist-info/LICENSE.md,sha256=8dqVJEbwXjPWjjRKjdLMym5k9Gi8hwtrHh84sti6KIs,1068
-ecodev_core-0.0.52.dist-info/METADATA,sha256=UgEUyk-1FHtzUXSP3t7fattxjRHbSVXjwvMI8_Ioa8g,3509
-ecodev_core-0.0.52.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-ecodev_core-0.0.52.dist-info/RECORD,,
+ecodev_core-0.0.54.dist-info/LICENSE.md,sha256=8dqVJEbwXjPWjjRKjdLMym5k9Gi8hwtrHh84sti6KIs,1068
+ecodev_core-0.0.54.dist-info/METADATA,sha256=B7yPgikOYilTBVwdJs9VXdrdzONDc5JFXPX7cRoyYZI,3510
+ecodev_core-0.0.54.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+ecodev_core-0.0.54.dist-info/RECORD,,