hardpy 0.12.1__py3-none-any.whl → 0.13.0__py3-none-any.whl

hardpy/common/stand_cloud/registration.py

@@ -1,236 +1,75 @@
-# Copyright (c) 2024 Everypin
+# Copyright (c) 2025 Everypin
 # GNU General Public License v3.0 (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import annotations
 
-import base64
-import hashlib
-import json
-import os
-import re
-import secrets
-import socket
-import subprocess
-import sys
-from contextlib import suppress
-from platform import system
-from time import sleep
+from datetime import timedelta
+from io import StringIO
 from typing import TYPE_CHECKING
-from urllib.parse import urlencode
 
-import requests
-from keyring import delete_password, get_credential
-from keyring.errors import KeyringError
-from oauthlib.common import urldecode
-from oauthlib.oauth2 import WebApplicationClient
-from oauthlib.oauth2.rfc6749.errors import InvalidClientIdError
+from oauthlib.oauth2.rfc6749.errors import OAuth2Error
+from qrcode import QRCode
+from requests.exceptions import ConnectionError as RequestConnectionError, HTTPError
+from requests_oauth2client.tokens import ExpiredAccessToken
 
-from hardpy.common.stand_cloud.connector import StandCloudConnector, StandCloudError
-from hardpy.common.stand_cloud.token_storage import get_token_store
+from hardpy.common.stand_cloud.exception import StandCloudError
+from hardpy.common.stand_cloud.token_manager import TokenManager
 
 if TYPE_CHECKING:
-    from requests_oauth2client import BearerToken
+    from hardpy.common.stand_cloud.connector import StandCloudConnector
 
 
-def login(addr: str) -> None:
+def login(sc_connector: StandCloudConnector) -> None:
     """Login HardPy in StandCloud.
 
     Args:
-        addr (str): StandCloud address
+        sc_connector (StandCloudConnector): StandCloud connector
     """
-    # OAuth client configuration
-    client_id = "hardpy-report-uploader"
-    client = WebApplicationClient(client_id)
-    try:
-        sc_connector = StandCloudConnector(addr=addr)
-    except StandCloudError as exc:
-        print(str(exc))
-        sys.exit(1)
-
-    verify_ssl = not __debug__
-
-    # Auth requests
-    port = _reserve_socket_port()
-    callback_process = _create_callback_process(port)
-    state = secrets.token_urlsafe(16)
-    code_verifier = _code_verifier()
-    data = _par_data(code_verifier, client_id, port, state, sc_connector.url.api)
-    timeout = 10
-
-    # fmt: off
-    # pushed authorization response
-    try:
-        response = json.loads(requests.post(sc_connector.url.par, data=data, verify=verify_ssl, timeout=timeout).content)
-    except Exception as e:  # noqa: BLE001
-        print(f"Authentication server is unavailable: {e}")
-        sys.exit(1)
-    url = (sc_connector.url.auth + "?" + urlencode({"client_id": client_id, "request_uri": response["request_uri"]}))
-
-    # OAuth authorization code request
-    print(f"\nOpen the provided URL and authorize HardPy to use StandCloud\n\n{url}")
-
-    # use subprocess
-    first_line = next(callback_process.stdout)  # type: ignore
-    sleep(1)
-
-    # OAuth authorization code grant
-    response = json.loads(first_line)
-    callback_process.kill()
-
-    _check_incorrect_response(response, state)
-
-    code = response["code"]
-    uri = _redirect_uri(port)
-    data = client.prepare_request_body(code=code, client_id=client_id, redirect_uri=uri, code_verifier=code_verifier)
-
-    # OAuth access token request
-    data = dict(urldecode(data))
-    response = requests.post(sc_connector.url.token, data=data, verify=verify_ssl, timeout=timeout)
-    # fmt: on
+    token = sc_connector.get_access_token()
+    if token is None or sc_connector.is_refresh_token_valid() is False:
+        try:
+            response = sc_connector.get_verification_url()
+        except (RequestConnectionError, StandCloudError) as e:
+            print(f"Connection error to StandCloud: {sc_connector.addr}. \nError: {e}")
+            return
+        url = response["verification_uri_complete"]
+        _print_user_action_request(url)
+        token = sc_connector.wait_verification(response)
+
+    sc_connector.update_token(token)
 
     try:
-        # OAuth access token grant
-        response = client.parse_request_body_response(response.text)
-    except InvalidClientIdError as e:
+        sc_connector.healthcheck()
+    except ExpiredAccessToken as e:
+        time_diff = timedelta(seconds=abs(e.args[0].expires_in))
+        print(f"API access error: token is expired for {time_diff}")
+    except OAuth2Error as e:
+        print(e.description)
+    except HTTPError as e:
         print(e)
-        sys.exit(1)
-
-    _store_password(client.token)
+    else:
+        print(f"HardPy login to {sc_connector.addr} success")
 
 
-def logout() -> bool:
+def logout(addr: str) -> bool:
     """Logout HardPy from StandCloud.
 
-    Returns:
-        bool: True if successful else False
-    """
-    service_name = "HardPy"
-
-    try:
-        while cred := get_credential(service_name, None):
-            delete_password(service_name, cred.username)
-    except KeyringError:
-        return False
-    # TODO(xorialexandrov): fix keyring clearing
-    # Windows does not clear refresh token by itself
-    if system() == "Windows":
-        storage_keyring, _ = get_token_store()
-        with suppress(KeyringError):
-            storage_keyring.delete_password(service_name, "refresh_token")
-    return True
-
-
-def _redirect_uri(port: str) -> str:
-    return f"http://127.0.0.1:{port}/oauth2/callback"
-
-
-def _reserve_socket_port() -> str:
-    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    sock.bind(("127.0.0.1", 0))
-    port = sock.getsockname()[1]
-    sock.close()
-
-    return str(port)
-
-
-def _code_verifier() -> str:
-    code_verifier = base64.urlsafe_b64encode(os.urandom(40)).decode("utf-8")
-    return re.sub("[^a-zA-Z0-9]+", "", code_verifier)
-
-
-def _code_challenge(code_verifier: str) -> str:
-    code_challenge = hashlib.sha256(code_verifier.encode("utf-8")).digest()
-    code_challenge = base64.urlsafe_b64encode(code_challenge).decode("utf-8")
-    return code_challenge.replace("=", "")
-
-
-def _create_callback_process(port: str) -> subprocess.Popen:
-    args = [
-        sys.executable,
-        "-m",
-        "uvicorn",
-        "hardpy.common.stand_cloud.oauth_callback:app",
-        "--host=127.0.0.1",
-        f"--port={port}",
-        "--log-level=error",
-    ]
-
-    if system() == "Windows":
-        env = os.environ.copy()
-        env["PYTHONUNBUFFERED"] = "1"
-
-        return subprocess.Popen(  # noqa: S603
-            args,
-            stdout=subprocess.PIPE,
-            bufsize=1,
-            universal_newlines=True,
-            env=env,
-            creationflags=subprocess.CREATE_NEW_PROCESS_GROUP,  # type: ignore
-        )
-    return subprocess.Popen(  # noqa: S603
-        args,
-        stdout=subprocess.PIPE,
-        bufsize=1,
-        universal_newlines=True,
-        env=dict(PYTHONUNBUFFERED="1"),  # noqa: C408
-    )
-
-
-def _store_password(token: BearerToken) -> None:
-    storage_keyring, mem_keyring = get_token_store()
-
-    storage_keyring.set_password(
-        "HardPy",
-        "refresh_token",
-        token["refresh_token"],
-    )
-    token_data = {
-        "access_token": token["access_token"],
-        "expires_at": token["expires_at"],
-    }
-    try:
-        mem_keyring.set_password("HardPy", "access_token", json.dumps(token_data))
-    except KeyringError as e:
-        print(e)
-        return
-    print("\nRegistration completed successfully")
-
-
-def _check_incorrect_response(response: dict, state: str) -> None:
-    if response["state"] != state:
-        print("Wrong state in response")
-        sys.exit(1)
-
-    if "error" in response:
-        error = response["error"]
-        error_description = response["error_description"]
-        print(f"{error}: {error_description}")
-        sys.exit(1)
-
-
-def _par_data(
-    code_verifier: str,
-    client_id: str,
-    port: str,
-    state: str,
-    api_url: str,
-) -> dict:
-    """Create pushed authorization request data.
+    Args:
+        addr (str): StandCloud address
 
     Returns:
-        dict: pushed authorization request data
+        bool: True if successful else False
     """
-    # Code Challenge Data
-    code_challenge = _code_challenge(code_verifier)
-
-    # pushed authorization request
-    return {
-        "scope": "authelia.bearer.authz offline_access",
-        "response_type": "code",
-        "client_id": client_id,
-        "redirect_uri": _redirect_uri(port),
-        "code_challenge": code_challenge,
-        "code_challenge_method": "S256",
-        "state": state,
-        "audience": api_url,
-    }
+    token_manager = TokenManager(addr)
+    return token_manager.remove_token()
+
+def _print_user_action_request(url_complete: str) -> None:
+    qr = QRCode()
+    qr.add_data(url_complete)
+    f = StringIO()
+    qr.print_ascii(out=f)
+    f.seek(0)
+
+    print(f.read())
+    print("Scan the QR code or, using a browser on another device, visit:")
+    print(url_complete, end="\n\n")

hardpy/common/stand_cloud/token_manager.py

@@ -0,0 +1,119 @@
+# Copyright (c) 2025 Everypin
+# GNU General Public License v3.0 (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+from __future__ import annotations
+
+import json
+import sys
+from contextlib import suppress
+from copy import deepcopy
+from datetime import datetime, timezone
+from platform import system
+from typing import TYPE_CHECKING
+
+from keyring import delete_password, get_credential
+from keyring.core import load_keyring
+from keyring.errors import KeyringError
+from requests_oauth2client import BearerToken
+
+if TYPE_CHECKING:
+    from keyring.backend import KeyringBackend
+
+
+class TokenManager:
+    """Token manager.
+
+    Manage token in keyring storage.
+    """
+
+    def __init__(self, service_name: str) -> None:
+        self._service_name = f"HardPy_{service_name}"
+
+    def remove_token(self) -> bool:
+        """Remove token from keyring storage.
+
+        Returns:
+            bool: True if successful else False
+        """
+        try:
+            while cred := get_credential(self._service_name, None):
+                delete_password(self._service_name, cred.username)
+        except KeyringError:
+            return False
+        # TODO(xorialexandrov): fix keyring clearing
+        # Windows does not clear refresh token by itself
+        if system() == "Windows":
+            storage_keyring, _ = self._get_store()
+            with suppress(KeyringError):
+                storage_keyring.delete_password(self._service_name, "refresh_token")
+        return True
+
+    def save_token_info(self, token: BearerToken | dict) -> None:
+        """Save token to keyring storage.
+
+        Args:
+            token (BearerToken | dict): token
+        """
+        # fmt: off
+        storage_keyring, mem_keyring = self._get_store()
+        storage_keyring.set_password(self._service_name, "refresh_token", token["refresh_token"])  # noqa: E501
+
+        token_info = deepcopy(token)
+        token_info.pop("expires_in")
+        token_info.pop("refresh_token")
+
+        try:
+            mem_keyring.set_password(self._service_name, "access_token", json.dumps(token_info))  # noqa: E501
+        except KeyringError as e:
+            print(e)  # noqa: T201
+            sys.exit(1)
+        # fmt: on
+
+    def read_access_token(self) -> BearerToken:
+        """Read access token from token store.
+
+        Returns:
+            BearerToken: access token
+        """
+        _, mem_keyring = self._get_store()
+        token_info = mem_keyring.get_password(self._service_name, "access_token")
+        secret = self._add_expires_in(json.loads(token_info))  # type: ignore
+        return BearerToken(**secret)
+
+    def read_refresh_token(self) -> str | None:
+        """Read refresh token from token store.
+
+        Returns:
+            str | None: refresh token
+        """
+        storage_keyring, _ = self._get_store()
+        service_name = self._service_name
+        return storage_keyring.get_password(service_name, "refresh_token")
+
+    def _get_store(self) -> tuple[KeyringBackend, KeyringBackend]:
+        """Get token store.
+
+        Returns:
+            tuple[KeyringBackend, KeyringBackend]: token store
+        """
+        if system() == "Linux":
+            storage_keyring = load_keyring("keyring.backends.SecretService.Keyring")
+        elif system() == "Windows":
+            storage_keyring = load_keyring("keyring.backends.Windows.WinVaultKeyring")
+        # TODO(xorialexandrov): add memory keyring or other store
+        mem_keyring = storage_keyring
+
+        return storage_keyring, mem_keyring
+
+    def _add_expires_in(self, secret: dict) -> dict:
+        if "expires_at" in secret:
+            expires_at = secret["expires_at"]
+        elif "id_token" in secret and "exp" in secret["id_token"]:
+            expires_at = secret["id_token"]["exp"]
+        expires_at_datetime = datetime.fromtimestamp(expires_at, timezone.utc)
+
+        expires_in_datetime = expires_at_datetime - datetime.now(timezone.utc)
+        expires_in = int(expires_in_datetime.total_seconds())
+
+        secret["expires_in"] = expires_in
+
+        return secret

hardpy/common/stand_cloud/utils.py

@@ -0,0 +1,33 @@
+# Copyright (c) 2024 Everypin
+# GNU General Public License v3.0 (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
+from __future__ import annotations
+
+from enum import Enum
+from typing import NamedTuple
+
+
+class StandCloudAddr(NamedTuple):
+    """StandCloud address.
+
+    domain: StandCloud address
+    api: API address
+    token: token address
+    auth: auth address
+    device: device-authorization address
+    """
+
+    domain: str
+    api: str
+    token: str
+    auth: str
+    device: str
+
+
+class StandCloudAPIMode(str, Enum):
+    """StandCloud API mode.
+
+    HARDPY for test stand, integration for third-party service.
+    """
+
+    HARDPY = "hardpy"
+    INTEGRATION = "integration"

hardpy/hardpy_panel/frontend/dist/assets/{allPaths-B26356fZ.js → allPaths-Cg7WZDXy.js}

@@ -1 +1 @@
-import{I as n}from"./index-xb4M2ucX.js";import{I as e}from"./index-BMEat_ws.js";import{p as r,I as s}from"./index-Bl_IX0Up.js";function I(o,t){var a=r(o);return t===s.STANDARD?n[a]:e[a]}function p(o){return r(o)}export{n as IconSvgPaths16,e as IconSvgPaths20,I as getIconPaths,p as iconNameToPathsRecordKey};
+import{I as n}from"./index-xb4M2ucX.js";import{I as e}from"./index-BMEat_ws.js";import{p as r,I as s}from"./index-De5CJ3kt.js";function I(o,t){var a=r(o);return t===s.STANDARD?n[a]:e[a]}function p(o){return r(o)}export{n as IconSvgPaths16,e as IconSvgPaths20,I as getIconPaths,p as iconNameToPathsRecordKey};

hardpy/hardpy_panel/frontend/dist/assets/{allPathsLoader-0BeGWuiy.js → allPathsLoader-C79wUwqR.js}

@@ -1,2 +1,2 @@
-const __vite__mapDeps=(i,m=__vite__mapDeps,d=(m.f||(m.f=["assets/allPaths-B26356fZ.js","assets/index-xb4M2ucX.js","assets/index-BMEat_ws.js","assets/index-Bl_IX0Up.js","assets/index-BwCQzehg.css"])))=>i.map(i=>d[i]);
-import{_ as o,a as n,b as i}from"./index-Bl_IX0Up.js";var _=function(e,a){return o(void 0,void 0,void 0,function(){var t;return n(this,function(r){switch(r.label){case 0:return[4,i(()=>import("./allPaths-B26356fZ.js"),__vite__mapDeps([0,1,2,3,4]))];case 1:return t=r.sent().getIconPaths,[2,t(e,a)]}})})};export{_ as allPathsLoader};
+const __vite__mapDeps=(i,m=__vite__mapDeps,d=(m.f||(m.f=["assets/allPaths-Cg7WZDXy.js","assets/index-xb4M2ucX.js","assets/index-BMEat_ws.js","assets/index-De5CJ3kt.js","assets/index-BwCQzehg.css"])))=>i.map(i=>d[i]);
+import{_ as o,a as n,b as i}from"./index-De5CJ3kt.js";var _=function(e,a){return o(void 0,void 0,void 0,function(){var t;return n(this,function(r){switch(r.label){case 0:return[4,i(()=>import("./allPaths-Cg7WZDXy.js"),__vite__mapDeps([0,1,2,3,4]))];case 1:return t=r.sent().getIconPaths,[2,t(e,a)]}})})};export{_ as allPathsLoader};