fastapi-sso 0.13.1__py3-none-any.whl → 0.14.0__py3-none-any.whl

fastapi_sso/sso/base.py

@@ -8,7 +8,7 @@ import os
 import sys
 import warnings
 from types import TracebackType
-from typing import Any, Dict, List, Optional, Type, Union
+from typing import Any, Dict, List, Literal, Optional, Type, Union, overload
 
 import httpx
 import pydantic
@@ -296,6 +296,7 @@ class SSOBase:
             response.set_cookie("pkce_code_verifier", str(self._pkce_code_verifier))
         return response
 
+    @overload
     async def verify_and_process(
         self,
         request: Request,
@@ -303,7 +304,29 @@ class SSOBase:
         params: Optional[Dict[str, Any]] = None,
         headers: Optional[Dict[str, Any]] = None,
         redirect_uri: Optional[str] = None,
-    ) -> Optional[OpenID]:
+        convert_response: Literal[True] = True,
+    ) -> Optional[OpenID]: ...
+
+    @overload
+    async def verify_and_process(
+        self,
+        request: Request,
+        *,
+        params: Optional[Dict[str, Any]] = None,
+        headers: Optional[Dict[str, Any]] = None,
+        redirect_uri: Optional[str] = None,
+        convert_response: Literal[False],
+    ) -> Optional[Dict[str, Any]]: ...
+
+    async def verify_and_process(
+        self,
+        request: Request,
+        *,
+        params: Optional[Dict[str, Any]] = None,
+        headers: Optional[Dict[str, Any]] = None,
+        redirect_uri: Optional[str] = None,
+        convert_response: Union[Literal[True], Literal[False]] = True,
+    ) -> Union[Optional[OpenID], Optional[Dict[str, Any]]]:
         """
         Processes the login given a FastAPI (Starlette) Request object. This should be used for the /callback path.
 
@@ -312,12 +335,14 @@ class SSOBase:
             params (Optional[Dict[str, Any]]): Additional query parameters to pass to the provider.
             headers (Optional[Dict[str, Any]]): Additional headers to pass to the provider.
             redirect_uri (Optional[str]): Overrides the `redirect_uri` specified on this instance.
+            convert_response (bool): If True, userinfo response is converted to OpenID object.
 
         Raises:
             SSOLoginError: If the 'code' parameter is not found in the callback request.
 
         Returns:
-            Optional[OpenID]: User information in OpenID format if the login was successful.
+            Optional[OpenID]: User information as OpenID instance (if convert_response == True)
+            Optional[Dict[str, Any]]: The original JSON response from the API.
         """
         headers = headers or {}
         code = request.query_params.get("code")
@@ -338,6 +363,7 @@ class SSOBase:
             additional_headers=headers,
             redirect_uri=redirect_uri,
             pkce_code_verifier=pkce_code_verifier,
+            convert_response=convert_response,
         )
 
     def __enter__(self) -> "SSOBase":
@@ -363,6 +389,7 @@ class SSOBase:
     def _extra_query_params(self) -> Dict:
         return {}
 
+    @overload
     async def process_login(
         self,
         code: str,
@@ -372,7 +399,33 @@ class SSOBase:
         additional_headers: Optional[Dict[str, Any]] = None,
         redirect_uri: Optional[str] = None,
         pkce_code_verifier: Optional[str] = None,
-    ) -> Optional[OpenID]:
+        convert_response: Literal[True] = True,
+    ) -> Optional[OpenID]: ...
+
+    @overload
+    async def process_login(
+        self,
+        code: str,
+        request: Request,
+        *,
+        params: Optional[Dict[str, Any]] = None,
+        additional_headers: Optional[Dict[str, Any]] = None,
+        redirect_uri: Optional[str] = None,
+        pkce_code_verifier: Optional[str] = None,
+        convert_response: Literal[False],
+    ) -> Optional[Dict[str, Any]]: ...
+
+    async def process_login(
+        self,
+        code: str,
+        request: Request,
+        *,
+        params: Optional[Dict[str, Any]] = None,
+        additional_headers: Optional[Dict[str, Any]] = None,
+        redirect_uri: Optional[str] = None,
+        pkce_code_verifier: Optional[str] = None,
+        convert_response: Union[Literal[True], Literal[False]] = True,
+    ) -> Union[Optional[OpenID], Optional[Dict[str, Any]]]:
         """
         Processes login from the callback endpoint to verify the user and request user info endpoint.
         It's a lower-level method, typically, you should use `verify_and_process` instead.
@@ -384,12 +437,14 @@ class SSOBase:
             additional_headers (Optional[Dict[str, Any]]): Additional headers to be added to all requests.
             redirect_uri (Optional[str]): Overrides the `redirect_uri` specified on this instance.
             pkce_code_verifier (Optional[str]): A PKCE code verifier sent to the server to verify the login request.
+            convert_response (bool): If True, userinfo response is converted to OpenID object.
 
         Raises:
             ReusedOauthClientWarning: If the SSO object is reused, which is not safe and caused security issues.
 
         Returns:
-            Optional[OpenID]: User information in OpenID format if the login was successful.
+            Optional[OpenID]: User information in OpenID format if the login was successful (convert_response == True).
+            Optional[Dict[str, Any]]: Original userinfo API endpoint response.
         """
         # pylint: disable=too-many-locals
         if self._oauth_client is not None:  # pragma: no cover
@@ -417,6 +472,9 @@ class SSOBase:
 
         current_path = f"{url.scheme}://{url.netloc}{url.path}"
 
+        if pkce_code_verifier:
+            params.update({"code_verifier": pkce_code_verifier})
+
         token_url, headers, body = self.oauth_client.prepare_token_request(
             await self.token_endpoint,
             authorization_response=current_url,
@@ -432,11 +490,8 @@ class SSOBase:
 
         auth = httpx.BasicAuth(self.client_id, self.client_secret)
 
-        if pkce_code_verifier:
-            params.update({"code_verifier": pkce_code_verifier})
-
         async with httpx.AsyncClient() as session:
-            response = await session.post(token_url, headers=headers, content=body, auth=auth, params=params)
+            response = await session.post(token_url, headers=headers, content=body, auth=auth)
             content = response.json()
             self._refresh_token = content.get("refresh_token")
             self._id_token = content.get("id_token")
@@ -447,5 +502,6 @@ class SSOBase:
             session.headers.update(headers)
             response = await session.get(uri)
             content = response.json()
-
-            return await self.openid_from_response(content, session)
+            if convert_response:
+                return await self.openid_from_response(content, session)
+            return content

fastapi_sso/sso/gitlab.py

@@ -1,6 +1,9 @@
 """Gitlab SSO Oauth Helper class"""
 
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, List, Optional, Tuple, Union
+from urllib.parse import urljoin
+
+import pydantic
 
 from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
 
@@ -14,19 +17,61 @@ class GitlabSSO(SSOBase):
     provider = "gitlab"
     scope = ["read_user", "openid", "profile"]
     additional_headers = {"accept": "application/json"}
+    base_endpoint_url = "https://gitlab.com"
+
+    def __init__(
+        self,
+        client_id: str,
+        client_secret: str,
+        redirect_uri: Optional[Union[pydantic.AnyHttpUrl, str]] = None,
+        allow_insecure_http: bool = False,
+        use_state: bool = False,  # TODO: Remove use_state argument
+        scope: Optional[List[str]] = None,
+        base_endpoint_url: Optional[str] = None,
+    ) -> None:
+        super().__init__(
+            client_id,
+            client_secret,
+            redirect_uri,
+            allow_insecure_http,
+            use_state,  # TODO: Remove use_state argument
+            scope,
+        )
+        self.base_endpoint_url = base_endpoint_url or self.base_endpoint_url
 
     async def get_discovery_document(self) -> DiscoveryDocument:
+        """Override the discovery document method to return Yandex OAuth endpoints."""
+
         return {
-            "authorization_endpoint": "https://gitlab.com/oauth/authorize",
-            "token_endpoint": "https://gitlab.com/oauth/token",
-            "userinfo_endpoint": "https://gitlab.com/api/v4/user",
+            "authorization_endpoint": urljoin(self.base_endpoint_url, "/oauth/authorize"),
+            "token_endpoint": urljoin(self.base_endpoint_url, "/oauth/token"),
+            "userinfo_endpoint": urljoin(self.base_endpoint_url, "/api/v4/user"),
         }
 
+    def _parse_name(self, full_name: Optional[str]) -> Tuple[Union[str, None], Union[str, None]]:
+        """Parses the full name from Gitlab into the first and last name."""
+        if not full_name or not isinstance(full_name, str):
+            return None, None
+
+        name_parts = full_name.split()
+
+        if len(name_parts) == 1:
+            return name_parts[0], None
+
+        first_name = name_parts[0]
+        last_name = " ".join(name_parts[1:])
+        return first_name, last_name
+
     async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
+        """Converts Gitlab user info response to OpenID object."""
+        first_name, last_name = self._parse_name(response.get("name"))
+
         return OpenID(
             email=response["email"],
             provider=self.provider,
             id=str(response["id"]),
+            first_name=first_name,
+            last_name=last_name,
             display_name=response["username"],
             picture=response["avatar_url"],
         )

fastapi_sso/sso/yandex.py

@@ -0,0 +1,44 @@
+"""Yandex SSO Login Helper
+"""
+
+from typing import TYPE_CHECKING, Optional
+
+from fastapi_sso.sso.base import DiscoveryDocument, OpenID, SSOBase
+
+if TYPE_CHECKING:
+    import httpx  # pragma: no cover
+
+
+class YandexSSO(SSOBase):
+    """Class providing login using Yandex OAuth."""
+
+    provider = "yandex"
+    scope = ["login:email", "login:info", "login:avatar"]
+    avatar_url = "https://avatars.yandex.net/get-yapic"
+
+    async def get_discovery_document(self) -> DiscoveryDocument:
+        """Override the discovery document method to return Yandex OAuth endpoints."""
+
+        return {
+            "authorization_endpoint": "https://oauth.yandex.ru/authorize",
+            "token_endpoint": "https://oauth.yandex.ru/token",
+            "userinfo_endpoint": "https://login.yandex.ru/info",
+        }
+
+    async def openid_from_response(self, response: dict, session: Optional["httpx.AsyncClient"] = None) -> OpenID:
+        """Converts Yandex user info response to OpenID object."""
+
+        picture = None
+
+        if (avatar_id := response.get("default_avatar_id")) is not None:
+            picture = f"{self.avatar_url}/{avatar_id}/islands-200"
+
+        return OpenID(
+            email=response.get("default_email"),
+            display_name=response.get("display_name"),
+            provider=self.provider,
+            id=response.get("id"),
+            first_name=response.get("first_name"),
+            last_name=response.get("last_name"),
+            picture=picture,
+        )

{fastapi_sso-0.13.1.dist-info → fastapi_sso-0.14.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fastapi-sso
-Version: 0.13.1
+Version: 0.14.0
 Summary: FastAPI plugin to enable SSO to most common providers (such as Facebook login, Google login and login via Microsoft Office 365 Account)
 Home-page: https://tomasvotava.github.io/fastapi-sso/
 License: MIT
@@ -85,6 +85,7 @@ I tend to process Pull Requests faster when properly caffeinated 😉.
 - Gitlab (by Alessandro Pischedda) - [Cereal84](https://github.com/Cereal84)
 - Line (by Jimmy Yeh) - [jimmyyyeh](https://github.com/jimmyyyeh)
 - LinkedIn (by Alessandro Pischedda) - [Cereal84](https://github.com/Cereal84)
+- Yandex (by Akim Faskhutdinov) – [akimrx](https://github.com/akimrx)
 
 See [Contributing](#contributing) for a guide on how to contribute your own login provider.
 

{fastapi_sso-0.13.1.dist-info → fastapi_sso-0.14.0.dist-info}/RECORD

@@ -2,12 +2,12 @@ fastapi_sso/__init__.py,sha256=bQH_ECRRvpAQfPfpe5bIiGdfRoPULFgvbSjGS9OPkYQ,690
 fastapi_sso/pkce.py,sha256=_J9wMCaSwPsUk32qoHzorhB9HG79YVifcQcRA4l_N7I,790
 fastapi_sso/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 fastapi_sso/sso/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-fastapi_sso/sso/base.py,sha256=VypbWdKTC4B2cmHpNv7TI8VjbI0Sl1gMwak8cHf3Z0w,17130
+fastapi_sso/sso/base.py,sha256=DDqOSjuXzP6-GrAuQeRAt5M4aKXAsxuDXztd8orBeO0,19272
 fastapi_sso/sso/facebook.py,sha256=fyO9R7wmhuDp8gZWOp5hogMfTLbff_7ms1XcrLL9udU,1347
 fastapi_sso/sso/fitbit.py,sha256=ofWcrGVeZk6n4b59RI9dLxPz_GzpizJiLNGLvrIphmY,1278
 fastapi_sso/sso/generic.py,sha256=nfH_ju0zRM4HAX-YYHMulSGRb_UEr342YAcK8JtJ3CE,2645
 fastapi_sso/sso/github.py,sha256=GA0jalPGjgBvhJH2SSyIxiizcj6PR8ccOXQYemmaKpQ,1713
-fastapi_sso/sso/gitlab.py,sha256=Fdq4_f3YmxQUEEx11GahXh6ELwExRyOC9ERwNYvbIHw,1057
+fastapi_sso/sso/gitlab.py,sha256=xYpzDfah8fRD0vVClG_w2_oHWoQ3JdkVh4zOWDVhoZs,2683
 fastapi_sso/sso/google.py,sha256=iyVqh5YG5Xw-Ss4y8xEv1APDvubdI9Vt3ijvPMmStVk,1380
 fastapi_sso/sso/kakao.py,sha256=-St6EEI0r3oFFphFd7UgqppA0z7XtZ22FmBOyhPfJ9M,884
 fastapi_sso/sso/line.py,sha256=1u27gqq8ZNiNn3XRumyTzNTj67vyTlo_HfVBRj4_crI,1210
@@ -17,8 +17,9 @@ fastapi_sso/sso/naver.py,sha256=L9rMTESnZrKZb1Z3odxn2oR2hxjrbnPa8rG8LcypbqU,921
 fastapi_sso/sso/notion.py,sha256=3OU70JpE4mle9DXyZrf4sRpwq1raWcOHjFJrRmsI-EM,1302
 fastapi_sso/sso/spotify.py,sha256=EyCuUK1fiP-I7NSg1ssDoPJilHnIULyXB4AyJNxPiYg,1269
 fastapi_sso/sso/twitter.py,sha256=NsRbKZlau_8gZNKgCywlggKv1jZLRP1oDXTp-TId2PU,1227
+fastapi_sso/sso/yandex.py,sha256=cTfxnK1xKBqGZ1GHd4Y1GtqTJGt1dYV6RAE6kACvX14,1489
 fastapi_sso/state.py,sha256=bwqsl73I5_VSf-TfCTvDfVb7L_3PwUqtP7jDjco-8Nw,298
-fastapi_sso-0.13.1.dist-info/LICENSE.md,sha256=5NVQtYs6liDtYdWM4VObWmTTKaK0k9C9txx5pLPJSyQ,1093
-fastapi_sso-0.13.1.dist-info/METADATA,sha256=oCN_56pDK4ELk7iPOAYHjLuB9FvgBnxbIR3gcpjouj0,4563
-fastapi_sso-0.13.1.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-fastapi_sso-0.13.1.dist-info/RECORD,,
+fastapi_sso-0.14.0.dist-info/LICENSE.md,sha256=5NVQtYs6liDtYdWM4VObWmTTKaK0k9C9txx5pLPJSyQ,1093
+fastapi_sso-0.14.0.dist-info/METADATA,sha256=rhu8DYZyQHwK-A7z9eTYTpW6QILwqIKq7UkCWsUr83M,4635
+fastapi_sso-0.14.0.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+fastapi_sso-0.14.0.dist-info/RECORD,,