howler-api 3.3.0.dev767__py3-none-any.whl → 3.3.0.dev768__py3-none-any.whl

howler/api/v1/user.py

@@ -128,9 +128,7 @@ def add_user_account(username, **_):
         data["name"] = data["uname"]
 
     # Add dynamic classification group
-    data["classification"] = user_service.get_dynamic_classification(
-        cast(str | None, data.get("classification", None)), data["email"]
-    )
+    data["classification"] = user_service.get_dynamic_classification(data)
 
     # Clear non user account data
     avatar = data.pop("avatar", None)
@@ -290,7 +288,7 @@ def set_user_account(username: str, **kwargs):  # noqa: C901
             data.pop("new_pass_confirm", None)
 
         # Apply dynamic classification
-        data["classification"] = user_service.get_dynamic_classification(data["classification"], data["email"])
+        data["classification"] = user_service.get_dynamic_classification(data)
 
         ret_val = user_service.save_user_account(username, data, kwargs["user"])
         return ok({"success": ret_val})

howler/common/classification.py

@@ -38,7 +38,7 @@ class Classification(object):
             "description",
         ]
         self.original_definition = classification_definition
-        self.levels_map: dict[str, str] = {}
+        self.levels_map: dict[str, int] = {}
         self.levels_map_stl = {}
         self.levels_map_lts = {}
         self.levels_styles_map = {}
@@ -64,6 +64,9 @@ class Classification(object):
 
         self.enforce = False
         self.dynamic_groups = False
+        # dynamic group type is one of: email | group | all
+        # defaults to email for original behavior
+        self.dynamic_groups_type = "email"
 
         # Add Invalid classification
         self.levels_map["INV"] = self.INVALID_LVL
@@ -84,12 +87,10 @@ class Classification(object):
                 raise HowlerKeyError("Enforce not set!")
 
             self.dynamic_groups = classification_definition.get("dynamic_groups", None)
-            if self.enforce is None:
+            if self.dynamic_groups is None:
                 raise HowlerKeyError("Dynamic groups not set!")
 
-            if self.enforce:
-                self._classification_cache = self.list_all_classification_combinations()
-                self._classification_cache_short = self.list_all_classification_combinations(long_format=False)
+            self.dynamic_groups_type = classification_definition.get("dynamic_groups_type", self.dynamic_groups_type)
 
             if classification_definition.get("levels", None) is None:
                 raise HowlerKeyError("No classification levels provided!")
@@ -186,6 +187,16 @@ class Classification(object):
                 self.description[short_name] = x.get("description", "N/A")
                 self.description[name] = self.description[short_name]
 
+            # Build the classification cache AFTER all maps are populated so
+            # that normalize_classification can fully validate each combination.
+            # Using normalized=True filters out invalid combos (e.g. subgroups
+            # that violate limited_to_group constraints).
+            if self.enforce:
+                self._classification_cache = self.list_all_classification_combinations(normalized=True)
+                self._classification_cache_short = self.list_all_classification_combinations(
+                    long_format=False, normalized=True
+                )
+
             if not self.is_valid(classification_definition["unrestricted"]):
                 raise InvalidDefinition("Classification definition's unrestricted classification is invalid.")
 
@@ -238,40 +249,46 @@ class Classification(object):
 
         return items
 
-    def _get_c12n_level_index(self, c12n: str) -> str:
+    def _get_c12n_level_index(self, c12n: str) -> tuple[int, str]:
         # Parse classifications in uppercase mode only
         c12n = c12n.upper()
 
-        lvl = c12n.split("//")[0]
+        lvl, _, remain = c12n.partition("//")
         if lvl in self.levels_map:
-            return self.levels_map[lvl]
+            return self.levels_map[lvl], remain
         elif lvl in self.levels_map_lts:
-            return self.levels_map[self.levels_map_lts[lvl]]
+            return self.levels_map[self.levels_map_lts[lvl]], remain
         elif lvl in self.levels_aliases:
-            return self.levels_map[self.levels_aliases[lvl]]
+            return self.levels_map[self.levels_aliases[lvl]], remain
         else:
             raise InvalidClassification(
                 "Classification level '%s' was not found in your classification definition." % lvl
             )
 
     def _get_c12n_level_text(self, lvl_idx: int, long_format: bool = True) -> str:
-        text = self.levels_map.get(str(lvl_idx), None)
+        text: Any = self.levels_map.get(str(lvl_idx), None)
+
         if not text:
             raise InvalidClassification(
                 "Classification level number '%s' was not found in your classification definition." % lvl_idx
             )
+
         if long_format:
             return self.levels_map_stl[text]
+
         return text
 
-    def _get_c12n_required(self, c12n: str, long_format: bool = True) -> List:
+    def _get_c12n_required(self, c12n: str, long_format: bool = True) -> tuple[List, list[str]]:
         # Parse classifications in uppercase mode only
         c12n = c12n.upper()
 
         return_set = set()
         part_set = set(c12n.split("/"))
+        unused = []
 
         for p in part_set:
+            if not p:
+                continue
             if p in self.access_req_map_lts:
                 return_set.add(self.access_req_map_lts[p])
             elif p in self.access_req_map_stl:
@@ -279,27 +296,37 @@ class Classification(object):
             elif p in self.access_req_aliases:
                 for a in self.access_req_aliases[p]:
                     return_set.add(a)
+            else:
+                unused.append(p)
 
         if long_format:
-            return sorted([self.access_req_map_stl[r] for r in return_set])
-        return sorted(list(return_set))
+            return sorted([self.access_req_map_stl[r] for r in return_set]), unused
+        return sorted(list(return_set)), unused
 
-    def _get_c12n_groups(self, c12n: str, long_format: bool = True) -> Tuple[List, List]:
+    def _get_c12n_groups(
+        self, c12n: list[str], long_format: bool = True, get_dynamic_groups: bool = True, auto_select: bool = False
+    ) -> Tuple[List, List, list[str]]:
         # Parse classifications in uppercase mode only
-        c12n = c12n.upper()
 
         g1_set = set()
         g2_set = set()
         others = set()
 
-        grp_part = c12n.split("//")
         groups = []
-        for gp in grp_part:
-            gp = gp.replace("REL TO ", "")
-            gp = gp.replace("REL ", "")
-            temp_group = set([x.strip() for x in gp.split(",")])
-            for t in temp_group:
-                groups.extend(t.split("/"))
+        subgroups = []
+
+        for gp in c12n:
+            # If there is a rel marking we know we have groups
+            if gp.startswith("REL "):
+                gp = gp.replace("REL TO ", "")
+                gp = gp.replace("REL ", "")
+                temp_group = set([x.strip() for x in gp.split(",")])
+                for t in temp_group:
+                    groups.extend(t.split("/"))
+            else:
+                # if there is not a rel marking we either have a subgroup or a solitary_display_name
+                # alias for a group, which we will filter out later
+                subgroups.append(gp)
 
         for g in groups:
             if g in self.groups_map_lts:
@@ -309,33 +336,63 @@ class Classification(object):
             elif g in self.groups_aliases:
                 for a in self.groups_aliases[g]:
                     g1_set.add(a)
-            elif g in self.subgroups_map_lts:
+            else:
+                others.add(g)
+
+        for g in subgroups:
+            if g in self.subgroups_map_lts:
                 g2_set.add(self.subgroups_map_lts[g])
             elif g in self.subgroups_map_stl:
                 g2_set.add(g)
             elif g in self.subgroups_aliases:
                 for a in self.subgroups_aliases[g]:
                     g2_set.add(a)
+            # Here is where we catch any solitary_display_name aliases for groups within the subgroup sections
+            elif g in self.groups_aliases:
+                # Check that this alias is actually a solitary name, don't
+                # let other aliases leak outside the REL marking
+                groups = self.groups_aliases[g]
+                if len(groups) > 1:
+                    raise InvalidClassification(f"Unclear use of alias: {g}")
+                g1_set.add(groups[0])
             else:
-                others.add(g)
+                raise InvalidClassification(f"Unknown Subgroup: {g}")
+
+        # If dynamic groups are active all remaining parts should be groups found under a
+        # REL TO marking that we can merge in with the other groups
+        if self.dynamic_groups and get_dynamic_groups:
+            g1_set.update(others)
+            others = set()
+
+        # Check if there are any required group assignments
+        for subgroup in g2_set:
+            required = self.params_map.get(subgroup, {}).get("require_group", None)
+            if required:
+                g1_set.add(required)
+
+        # Check if there are any forbidden group assignments
+        for subgroup in g2_set:
+            limited_to_group = self.params_map.get(subgroup, {}).get("limited_to_group", None)
+            if limited_to_group is not None:
+                if len(g1_set) > 1 or (len(g1_set) == 1 and g1_set != set([limited_to_group])):
+                    raise InvalidClassification(
+                        f"Subgroup {subgroup} is limited to group {limited_to_group} (found: {', '.join(g1_set)})"
+                    )
 
-        if self.dynamic_groups:
-            for o in others:
-                if (
-                    o not in self.access_req_map_lts
-                    and o not in self.access_req_map_stl
-                    and o not in self.access_req_aliases
-                    and o not in self.levels_map
-                    and o not in self.levels_map_lts
-                    and o not in self.levels_aliases
-                ):
-                    g1_set.add(o)
+        # Do auto select
+        if auto_select and g1_set:
+            g1_set.update(self.groups_auto_select_short)
+        if auto_select and g2_set:
+            g2_set.update(self.subgroups_auto_select_short)
 
+        # Swap to long format if required
         if long_format:
-            return sorted([self.groups_map_stl.get(r, r) for r in g1_set]), sorted(
-                [self.subgroups_map_stl[r] for r in g2_set]
+            return (
+                sorted([self.groups_map_stl.get(r, r) for r in g1_set]),
+                sorted([self.subgroups_map_stl[r] for r in g2_set]),
+                list(others),
             )
-        return sorted(list(g1_set)), sorted(list(g2_set))
+        return sorted(list(g1_set)), sorted(list(g2_set)), list(others)
 
     @staticmethod
     def _can_see_required(user_req: List, req: List) -> bool:
@@ -446,11 +503,22 @@ class Classification(object):
         return out
 
     def _get_classification_parts(
-        self, c12n: str, long_format: bool = True
-    ) -> Tuple[Union[Union[int, str], Any], List, List, List]:
-        lvl_idx = self._get_c12n_level_index(c12n)
-        req = self._get_c12n_required(c12n, long_format=long_format)
-        groups, subgroups = self._get_c12n_groups(c12n, long_format=long_format)
+        self,
+        c12n: str,
+        long_format: bool = True,
+        get_dynamic_groups: bool = True,
+        auto_select: bool = False,
+        ignore_unused: bool = False,
+    ) -> Tuple[int, list[str], list[str], list[str]]:
+        lvl_idx, unused = self._get_c12n_level_index(c12n)
+        req, unused_parts = self._get_c12n_required(unused, long_format=long_format)
+
+        groups, subgroups, unused_parts = self._get_c12n_groups(
+            unused_parts, long_format=long_format, get_dynamic_groups=get_dynamic_groups, auto_select=auto_select
+        )
+
+        if unused_parts and not ignore_unused:
+            raise InvalidClassification(f"Unparsable classification parts: {', '.join(unused_parts)}")
 
         return lvl_idx, req, groups, subgroups
 
@@ -473,7 +541,7 @@ class Classification(object):
     # Public functions
     # ++++++++++++++++++++++++
     # noinspection PyUnusedLocal
-    def list_all_classification_combinations(self, long_format: bool = True) -> Set:
+    def list_all_classification_combinations(self, long_format: bool = True, normalized: bool = False) -> Set:
         combinations = set()
 
         levels = self._list_items_and_aliases(self.original_definition["levels"], long_format=long_format)
@@ -529,7 +597,10 @@ class Classification(object):
 
         temp_combinations = copy(combinations)
         for p in itertools.product(temp_combinations, sgrp_cbs):
-            if "//REL TO " in p[0]:
+            # A combo already has a group part when it contains "//REL TO " (explicit)
+            # or ends with a solitary display name like "//ANY" (after replacement).
+            has_group = "//REL TO " in p[0] or any(p[0].endswith(f"//{sol_name}") for sol_name in solitary_names)
+            if has_group:
                 cl = "/".join(p)
 
                 if cl.endswith("/"):
@@ -537,13 +608,25 @@ class Classification(object):
                 else:
                     combinations.add(cl)
             else:
-                cl = "//REL TO ".join(p)
+                # No group present — subgroups are joined with "//" (not "//REL TO ")
+                # to match the format produced by _get_normalized_classification_text.
+                # "REL TO" is reserved for groups in _get_c12n_groups.
+                cl = "//".join(p)
 
-                if cl.endswith("//REL TO "):
-                    combinations.add(cl[:-9])
+                if cl.endswith("//"):
+                    combinations.add(cl[:-2])
                 else:
                     combinations.add(cl)
 
+        if normalized:
+            good = []
+            for x in combinations:
+                try:
+                    good.append(self.normalize_classification(x, long_format=long_format))
+                except InvalidClassification:
+                    pass
+            return set(good)
+
         return combinations
 
     # noinspection PyUnusedLocal
@@ -581,7 +664,8 @@ class Classification(object):
         return out
 
     def get_access_control_parts(self, c12n: str, user_classification: bool = False) -> Dict:
-        """Returns a dictionary containing the different access parameters Lucene needs to build it's queries
+        """
+        Returns a dictionary containing the different access parameters Lucene needs to build it's queries
 
         Args:
             c12n: The classification to get the parts from
@@ -591,12 +675,8 @@ class Classification(object):
             c12n = self.UNRESTRICTED
 
         try:
-            # Normalize the classification before gathering the parts
-            c12n = self.normalize_classification(c12n, skip_auto_select=user_classification)
-
-            access_lvl = self._get_c12n_level_index(c12n)
-            access_req = self._get_c12n_required(c12n, long_format=False)
-            access_grp1, access_grp2 = self._get_c12n_groups(c12n, long_format=False)
+            parts = self._get_classification_parts(c12n, long_format=False, auto_select=not user_classification)
+            access_lvl, access_req, access_grp1, access_grp2 = parts
 
             return {
                 "__access_lvl__": access_lvl,
@@ -679,7 +759,8 @@ class Classification(object):
         )
 
     def is_accessible(self, user_c12n: str, c12n: str, ignore_invalid: bool = False) -> bool:
-        """Given a user classification, check if a user is allow to see a certain classification
+        """
+        Given a user classification, check if a user is allow to see a certain classification
 
         Args:
             user_c12n: Maximum classification for the user
@@ -698,16 +779,10 @@ class Classification(object):
             return True
 
         try:
-            # Normalize classifications before comparing them
-            user_c12n = self.normalize_classification(user_c12n, skip_auto_select=True)
-            c12n = self.normalize_classification(c12n, skip_auto_select=True)
+            user_lvl, user_req, user_groups, user_subgroups = self._get_classification_parts(user_c12n)
+            lvl, req, groups, subgroups = self._get_classification_parts(c12n)
 
-            user_req = self._get_c12n_required(user_c12n)
-            user_groups, user_subgroups = self._get_c12n_groups(user_c12n)
-            req = self._get_c12n_required(c12n)
-            groups, subgroups = self._get_c12n_groups(c12n)
-
-            if self._get_c12n_level_index(user_c12n) >= self._get_c12n_level_index(c12n):
+            if int(user_lvl) >= int(lvl):
                 if not self._can_see_required(user_req, req):
                     return False
                 if not self._can_see_groups(user_groups, groups):
@@ -812,7 +887,7 @@ class Classification(object):
 
         return True
 
-    def max_classification(self, c12n_1: str, c12n_2: str, long_format: bool = True) -> str:
+    def max_classification(self, c12n_1: str | None, c12n_2: str | None, long_format: bool = True) -> str:
         """Mixes to classification and returns to most restrictive form for them
 
         Args:
@@ -833,9 +908,10 @@ class Classification(object):
             c12n_2 = self.normalize_classification(c12n_2)
 
         if c12n_1 is None:
-            return c12n_2
+            return c12n_2 if c12n_2 else self.UNRESTRICTED
+
         if c12n_2 is None:
-            return c12n_1
+            return c12n_1 if c12n_1 else self.UNRESTRICTED
 
         lvl_idx_1, req_1, groups_1, subgroups_1 = self._get_classification_parts(c12n_1, long_format=long_format)
         lvl_idx_2, req_2, groups_2, subgroups_2 = self._get_classification_parts(c12n_2, long_format=long_format)
@@ -899,8 +975,16 @@ class Classification(object):
             long_format=long_format,  # type: ignore
         )
 
-    def normalize_classification(self, c12n: str, long_format: bool = True, skip_auto_select: bool = False) -> str:
-        """Normalize a given classification by applying the rules defined in the classification definition.
+    def normalize_classification(
+        self,
+        c12n: str,
+        long_format: bool = True,
+        skip_auto_select: bool = False,
+        get_dynamic_groups: bool = True,
+        ignore_unused: bool = False,
+    ) -> str:
+        """
+        Normalize a given classification by applying the rules defined in the classification definition.
         This function will remove any invalid parts and add missing parts to the classification.
         It will also ensure that the display of the classification is always done the same way
 
@@ -916,19 +1000,16 @@ class Classification(object):
             return self.UNRESTRICTED
 
         # Has the classification has already been normalized before?
-        if long_format and c12n in self._classification_cache:
+        if long_format and c12n in self._classification_cache and get_dynamic_groups:
             return c12n
-        if not long_format and c12n in self._classification_cache_short:
+        if not long_format and c12n in self._classification_cache_short and get_dynamic_groups:
             return c12n
 
-        lvl_idx, req, groups, subgroups = self._get_classification_parts(c12n, long_format=long_format)
+        lvl_idx, req, groups, subgroups = self._get_classification_parts(
+            c12n, long_format=long_format, get_dynamic_groups=get_dynamic_groups, ignore_unused=ignore_unused
+        )
         new_c12n = self._get_normalized_classification_text(
-            lvl_idx,  # type: ignore
-            req,
-            groups,
-            subgroups,
-            long_format=long_format,
-            skip_auto_select=skip_auto_select,
+            lvl_idx, req, groups, subgroups, long_format=long_format, skip_auto_select=skip_auto_select
         )
         if long_format:
             self._classification_cache.add(new_c12n)
@@ -937,7 +1018,7 @@ class Classification(object):
 
         return new_c12n
 
-    def build_user_classification(self, c12n_1: str | None, c12n_2: str | None, long_format: bool = True) -> str | None:
+    def build_user_classification(self, c12n_1: str, c12n_2: str, long_format: bool = True) -> str:
         """Mixes to classification and return the classification marking that would give access to the most data
 
         Args:
@@ -959,7 +1040,6 @@ class Classification(object):
 
         if c12n_1 is None:
             return c12n_2
-
         if c12n_2 is None:
             return c12n_1
 

howler/config.py

@@ -10,7 +10,7 @@ from howler.remote.datatypes.user_quota_tracker import UserQuotaTracker
 #################################################################
 # Configuration
 
-CLASSIFICATION = loader.get_classification()
+CLASSIFICATION = loader.get_classification(os.getenv("HWL_CLASSIFICATION_PATH", None))
 
 AUDIT = config.ui.audit
 

howler/helper/azure.py

@@ -1,6 +1,6 @@
 import requests
 
-from howler.common.exceptions import HowlerException
+from howler.common.exceptions import HowlerAttributeError, HowlerException
 from howler.common.logging import get_logger
 from howler.config import config
 from howler.utils.str_utils import default_string_value
@@ -20,7 +20,12 @@ def azure_obo(token: str) -> str:
     Returns:
         str: The new access token with updated privileges
     """
-    azure_provider_config = config.auth.oauth.providers["azure"]
+    if "azure" in config.auth.oauth.providers:
+        azure_provider_config = config.auth.oauth.providers["azure"]
+    elif "entraid" in config.auth.oauth.providers:
+        azure_provider_config = config.auth.oauth.providers["entraid"]
+    else:
+        raise HowlerAttributeError("No azure/entraid-based provider configured!")
 
     logger.debug("OBOing to MS Graph")
     # Azure is a special case here, as we need to OBO to MS Graph

howler/helper/oauth.py

@@ -60,7 +60,7 @@ def parse_profile(profile: dict[str, Any], provider_config: OAuthProvider) -> di
         uname = profile.get("uname", profile.get("preferred_username", email_adr))
 
         # Did we default to email?
-        if email_adr is not None and uname is not None and uname.lower() == email_adr.lower():
+        if uname is not None and email_adr is not None and uname.lower() == email_adr.lower():
             # 1. Use provided regex matcher
             if provider_config.uid_regex:
                 match = re.match(provider_config.uid_regex, uname)
@@ -93,6 +93,8 @@ def parse_profile(profile: dict[str, Any], provider_config: OAuthProvider) -> di
     # Compute access, roles and classification using auto_properties
     access = True
     roles = ["user"]
+    groups: list[str] = profile.get("groups", [])
+    assignments = []
     classification = CLASSIFICATION_ENGINE.UNRESTRICTED
     if provider_config.auto_properties:
         for auto_prop in provider_config.auto_properties:
@@ -129,18 +131,33 @@ def parse_profile(profile: dict[str, Any], provider_config: OAuthProvider) -> di
                         classification = CLASSIFICATION_ENGINE.build_user_classification(
                             classification, auto_prop.value
                         )
+                        logger.debug("Classification: %s", classification)
                         break
 
-    # Infer roles from groups
-    if profile.get("groups") and provider_config.role_map:
+                # Append groups from matching patterns
+                elif auto_prop.type == "group":
+                    if re.match(auto_prop.pattern, value):
+                        groups.append(auto_prop.value)
+                        break
+
+                # Append assignments from matching patterns
+                elif auto_prop.type == "assignment":
+                    if re.match(auto_prop.pattern, value):
+                        assignments.append(auto_prop.value)
+                        break
+
+    # Infer roles from groups (legacy)
+    if groups and provider_config.role_map:
         for user_type in USER_TYPES:
             if (
                 user_type in provider_config.role_map
-                and provider_config.role_map[user_type] in profile.get("groups", [])
+                and provider_config.role_map[user_type] in groups
                 and user_type not in roles
             ):
                 roles.append(user_type)
 
+    # TODO: re-export assignments once they're actually used.
+    # This may need a refactor once the tags stuff is figured out
     return dict(
         access=access,
         type=roles,
@@ -150,7 +167,7 @@ def parse_profile(profile: dict[str, Any], provider_config: OAuthProvider) -> di
         email=email_adr,
         password="__NO_PASSWORD__",  # noqa: S106
         avatar=profile.get("picture", provider_config.picture_url or alternate),
-        groups=profile.get("groups", []),
+        groups=groups,
     )
 
 
@@ -166,9 +183,9 @@ def fetch_avatar(  # noqa: C901
         # Generic picture url endpoint, i.e. MS Graph
         if url == provider_config.picture_url:
             headers = {}
-
             token: str | None = None
-            if oauth_provider == "azure":
+
+            if oauth_provider in ["entraid", "azure"]:
                 if not access_token:
                     raise HowlerValueError("An azure access token is necessary to retrieve the profile picture")  # noqa: TRY301
 
@@ -206,13 +223,13 @@ def fetch_avatar(  # noqa: C901
         return None
 
 
-def fetch_groups(token: str):
-    """Fetch a user's groups form an external endpoint"""
+def fetch_groups(token: str):  # noqa: C901
+    """Fetch a user's groups from an external endpoint"""
     oauth_provider = jwt_service.get_provider(token)
     oauth_provider_config = config.auth.oauth.providers[oauth_provider]
 
     if oauth_provider_config.groups_url:
-        if oauth_provider == "azure":
+        if oauth_provider in ["entraid", "azure"]:
             try:
                 token = azure_obo(token)
             except HowlerException:
@@ -232,13 +249,20 @@ def fetch_groups(token: str):
                     result = result[part]
 
             detailed_group_data = []
+
             for group in result:
-                detailed_group_data.append(
-                    {
-                        "id": group.get("id", None),
-                        "name": group.get("name", group.get("displayName", group.get("id", None))),
-                    }
-                )
+                # Only process groups that are groups (not directory roles)
+                if group.get("@odata.type") == "#microsoft.graph.group":
+                    group_id = group.get("id")
+                    display_name = group.get("displayName")
+                    if display_name:  # Only add if display name exists
+                        detailed_group_data.append(
+                            {
+                                "id": group_id,
+                                "name": display_name,
+                            }
+                        )
+                        logger.debug("Added group: %s (%s)", display_name, group_id)
 
             return sorted(detailed_group_data, key=lambda g: g.get("name", "").lower())
 

howler/helper/search.py

@@ -5,7 +5,7 @@ from howler.datastore.collection import ESCollection
 from howler.odm.models.user import User
 
 # List of indices where queries are protected with classification access control
-ACCESS_CONTROLLED_INDICES: dict[str, ESCollection] = {}
+ACCESS_CONTROLLED_INDICES: set[str] = {"hit"}
 
 ADMIN_INDEX_MAP: dict[str, Callable[[], ESCollection]] = {}
 

howler/odm/models/config.py

@@ -176,7 +176,7 @@ class OAuthAutoProperty(BaseModel):
 
     field: str = Field(description="Field to apply `pattern` to")
     pattern: str = Field(description="Regex pattern for auto-prop assignment")
-    type: Literal["access", "classification", "role"] = Field(
+    type: Literal["access", "classification", "role", "group", "assignment"] = Field(
         description="Type of property assignment on pattern match",
     )
     value: str = Field(description="Assigned property value")

howler/odm/models/hit.py

@@ -3,6 +3,7 @@ from typing import Optional
 
 from howler import odm
 from howler.common.logging import get_logger
+from howler.config import CLASSIFICATION
 from howler.odm.models.assemblyline import AssemblyLine
 from howler.odm.models.aws import AWS
 from howler.odm.models.azure import Azure
@@ -67,6 +68,12 @@ class Hit(odm.Model):
         description="Custom key/value pairs.",
         reference="https://www.elastic.co/guide/en/ecs/8.5/ecs-base.html",
     )
+    classification: str = odm.Classification(
+        is_user_classification=False,
+        copyto="__text__",
+        default=CLASSIFICATION.UNRESTRICTED,
+        description="Maximum classification for the hit",
+    )
     tags: list[str] = odm.List(
         odm.Keyword(),
         default=[],

howler/odm/models/user.py

@@ -60,6 +60,7 @@ class User(odm.Model):
     is_active: bool = odm.Boolean(default=True, description="Is the user active?")
     name: str = odm.Keyword(copyto="__text__", description="Full name of the user")
     password: str = odm.Keyword(index=False, store=False, description="BCrypt hash of the user's password")
+    access_control: str = odm.Keyword(index=False, store=False, optional=True, description="Access control filter")
     type: list[str] = odm.List(
         odm.Enum(values=loader.USER_TYPES),
         default=["user", "automation_basic"],

howler/odm/random_data.py

@@ -45,7 +45,7 @@ from howler.odm.models.user import User
 from howler.odm.models.view import View
 from howler.odm.randomizer import get_random_string, get_random_user, get_random_word, random_model_obj
 from howler.security.utils import get_password_hash
-from howler.services import analytic_service
+from howler.services import analytic_service, user_service
 
 classification = loader.get_classification()
 
@@ -155,6 +155,7 @@ def create_users(ds):
         {
             "name": "Dwight Schrute",
             "email": "user@howler.cyber.gc.ca",
+            "classification": classification.RESTRICTED,
             "apikeys": {
                 "devkey": {"acl": ["R", "W"], "password": user_hash},
                 "impersonate_admin": {
@@ -174,6 +175,10 @@ def create_users(ds):
         }
     )
 
+    c12n = user_service.get_dynamic_classification(user_data.as_primitives())
+    if c12n:
+        user_data.classification = c12n
+
     user_view = run_modifications("view", user_view)
     user_data = run_modifications("user", user_data)
 
@@ -215,6 +220,7 @@ def create_users(ds):
                     "password": huey_hash,
                 },
             },
+            "classification": classification.UNRESTRICTED,
             "password": huey_hash,
             "uname": "huey",
             "favourite_views": [huey_view.view_id],
@@ -249,6 +255,7 @@ def create_users(ds):
             "apikeys": {},
             "type": ["admin", "user"],
             "groups": ["group1", "group2"],
+            "classification": classification.UNRESTRICTED,
             "password": get_password_hash(shawnh_pass),
             "uname": "shawn-h",
             "favourite_views": [shawnh_view.view_id],
@@ -279,6 +286,7 @@ def create_users(ds):
             "apikeys": {},
             "type": ["admin", "user"],
             "groups": ["group1", "group2"],
+            "classification": classification.RESTRICTED,
             "password": get_password_hash(goose_pass),
             "uname": "goose",
             "favourite_views": [goose_view.view_id],
@@ -527,6 +535,10 @@ def create_hits(ds: HowlerDatastore, hit_count: int = 200):
     for hit_idx in range(hit_count):
         hit = generate_useful_hit(lookups, [user.uname for user in users], prune_hit=False)
 
+        # Ensure the first 20 hits have unrestricted classification for test access
+        if hit_idx < 20:
+            hit.classification = classification.UNRESTRICTED
+
         if hit_idx + 1 == hit_count:
             hit.howler.analytic = "SecretAnalytic"
             hit.howler.detection = None
@@ -588,6 +600,7 @@ def create_bundles(ds: HowlerDatastore):
     for i in range(3):
         bundle_hit: Hit = generate_useful_hit(lookups, users)
         bundle_hit.howler.is_bundle = True
+        bundle_hit.classification = classification.UNRESTRICTED
 
         for hit in ds.hit.search("howler.is_bundle:false", rows=randint(3, 10), offset=(i * 2))["items"]:
             if hit.howler.id not in hits:

howler/odm/randomizer.py

@@ -454,7 +454,7 @@ def random_data_for_field(field: _Field, name: str, minimal: bool = False) -> _A
         return random.choice([True, False])
     elif isinstance(field, Classification):
         if field.engine.enforce:
-            possible_classifications = list(field.engine._classification_cache)
+            possible_classifications = list(field.engine.list_all_classification_combinations(normalized=True))
             possible_classifications.extend([field.engine.UNRESTRICTED, field.engine.RESTRICTED])
         else:
             possible_classifications = [field.engine.UNRESTRICTED]
@@ -490,11 +490,13 @@ def random_data_for_field(field: _Field, name: str, minimal: bool = False) -> _A
     elif isinstance(field, Date):
         return get_random_iso_date()
     elif isinstance(field, Integer):
-        return random.randint(128, 4096)
+        return random.randint(-2_147_483_648, 2_147_483_647)
     elif isinstance(field, Long):
-        return random.randint(1, 223372036854775807)
+        # Generate a random 64-bit signed integer
+        return random.randint(-9_223_372_036_854_775_808, 9_223_372_036_854_775_807)
     elif isinstance(field, Float):
-        return random.randint(12800, 409600) / 100.0
+        # Generate a random float in a reasonable range
+        return random.uniform(-1e6, 1e6)
     elif isinstance(field, MD5):
         return get_random_hash(32)
     elif isinstance(field, SHA1):

howler/services/jwt_service.py

@@ -112,8 +112,8 @@ def get_audience(oauth_provider: str) -> str:
     elif provider_data.client_id:
         audience = provider_data.client_id
 
-    if oauth_provider == "azure" and f"{audience}/.default" not in provider_data.scope:
-        raise HowlerValueError("Azure scope must contain the <client_id>/.default claim!")
+    if oauth_provider in ["entraid", "azure"] and f"{audience}/.default" not in provider_data.scope:
+        raise HowlerValueError("Azure/Entra ID scope must contain the <client_id>/.default claim!")
 
     return audience
 

howler/services/user_service.py

@@ -176,7 +176,7 @@ def parse_user_data(  # noqa: C901
         username = user_data["uname"]
 
         # Add add dynamic classification group
-        user_data["classification"] = get_dynamic_classification(user_data["classification"], user_data["email"])
+        user_data["classification"] = get_dynamic_classification(user_data)
 
         # Make sure the user exists in howler and is in sync
         if (not current_user and oauth_provider_config.auto_create) or (
@@ -193,20 +193,26 @@ def parse_user_data(  # noqa: C901
             avatar = current_user.pop("avatar", None)
 
             # Save updated user if there are changes to sync or it doesn't exist
+            log_id: str | None = user_id if not isinstance(user_id, list) else user_id[0]
             if old_user != current_user:
-                if user_id:
-                    logger.info("Updating %s with new data", user_id if not isinstance(user_id, list) else user_id[0])
+                if log_id:
+                    logger.info("Updating %s with new data", log_id)
+                    current_user["id"] = log_id
                 else:
                     logger.info("Creating new user %s", username)
 
-                if user_id:
-                    current_user["id"] = user_id
-
                 if avatar:
                     current_user["avatar"] = avatar
 
+                add_access_control(current_user)
+                storage.user.save(username, current_user)
+            # Ensure access_control is always present, even if user data hasn't changed
+            elif "access_control" not in current_user:
+                logger.info("Adding access control for user %s", log_id or username)
+                add_access_control(current_user)
                 storage.user.save(username, current_user)
-                storage.user.commit()
+            else:
+                logger.debug("User is up to date!")
 
             if not skip_setup:
                 if avatar:
@@ -336,18 +342,36 @@ def save_user_account(username: str, data: dict[str, Any], user: dict[str, Any])
     return storage.user.save(username, data)
 
 
-def get_dynamic_classification(current_c12n: str | None, email: str) -> str | None:
+def get_dynamic_classification(user_info: dict[str, Any]) -> str | None:
     """Get the classification of the user
 
     Args:
         current_c12n (str): The current classification of the user
-        email (str): The user's email
+        user_info (dict): The user definition
 
     Returns:
-        str: The classification
+        str: The normalized classification with dynamic groups applied
     """
-    if CLASSIFICATION.dynamic_groups and email:
-        dyn_group = email.upper().split("@")[1]
-        return CLASSIFICATION.build_user_classification(current_c12n, f"{CLASSIFICATION.UNRESTRICTED}//{dyn_group}")
+    new_c12n = CLASSIFICATION.normalize_classification(
+        user_info.get("classification", CLASSIFICATION.UNRESTRICTED),
+        skip_auto_select=True,
+        get_dynamic_groups=False,
+        ignore_unused=True,
+    )
+
+    if CLASSIFICATION.dynamic_groups:
+        email = user_info.get("email", None)
+        groups = user_info.get("groups", [])
+
+        if CLASSIFICATION.dynamic_groups_type in ["email", "all"] and email:
+            dyn_group = email.upper().split("@")[1]
+            new_c12n = CLASSIFICATION.build_user_classification(
+                new_c12n, f"{CLASSIFICATION.UNRESTRICTED}//REL {dyn_group}"
+            )
+
+        if CLASSIFICATION.dynamic_groups_type in ["group", "all"] and groups:
+            new_c12n = CLASSIFICATION.build_user_classification(
+                new_c12n, f"{CLASSIFICATION.UNRESTRICTED}//REL {', '.join(groups)}"
+            )
 
-    return current_c12n
+    return new_c12n

{howler_api-3.3.0.dev767.dist-info → howler_api-3.3.0.dev768.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: howler-api
-Version: 3.3.0.dev767
+Version: 3.3.0.dev768
 Summary: Howler - API server
 License: MIT
 Keywords: howler,alerting,gc,canada,cse-cst,cse,cst,cyber,cccs

{howler_api-3.3.0.dev767.dist-info → howler_api-3.3.0.dev768.dist-info}/RECORD

@@ -27,14 +27,14 @@ howler/api/v1/overview.py,sha256=hHP9B6mWpBSnOM_ospSusFsruiWX37eTG6ecNtd0-j4,501
 howler/api/v1/search.py,sha256=gdKd_Goo2bFWB4nwvLT99dxnSrTRnZN0GHw_bCY54Po,27815
 howler/api/v1/template.py,sha256=q4QSPPM1YGiuvufO14IUKWENTrFRZBpvbXX88Oa0fm8,5785
 howler/api/v1/tool.py,sha256=Y7-iF_dfZxlEUjfOvAK4yY4WQWuXNP56Q-7ie5Nt0oI,6752
-howler/api/v1/user.py,sha256=_PJNiTLGRQUNwKghXi3-lwOt83AsJ_uFXZWwwMnHCmQ,13924
+howler/api/v1/user.py,sha256=fROPhzcrW5KXczt7hzQMW3031JA0BxtWVFi2C7vibT0,13816
 howler/api/v1/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 howler/api/v1/utils/etag.py,sha256=IGB4WUkecHbBt0KKLQFCxCn0mN3T_aSPG0y45l_zT9I,3431
 howler/api/v1/view.py,sha256=gneyowjUIWg2H9QUdIWuLe3J2p2kCWSkNDh0VdpE4DE,8223
 howler/app.py,sha256=h8ZlGjiZEB7w_GhKQz6dXbZ5rnxYxpTJbNXUBbBAtsU,6799
 howler/common/README.md,sha256=8uPpDqh14Ne7Rtn9BwPwE-JpuFkauVsTr2s0s4YG5Bg,5637
 howler/common/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-howler/common/classification.py,sha256=b0Qd2zaG9S_gPrrfC7HOpdxqUAe6ICObAVP9aSTPr_Y,39355
+howler/common/classification.py,sha256=oOpyfZh4SudrCcLjBpJIOi3Ye_iy5Kc1Nu27KScp9og,43057
 howler/common/classification.yml,sha256=3VBqzKYkiqz8bCsSuqNvqxeqUPN1NmXBKHusGFO3hbg,4092
 howler/common/exceptions.py,sha256=An8MW-qB8g7EYLTxddnoIiyxNDQAqU9AmH8MrDFfnwQ,5804
 howler/common/loader.py,sha256=VgoNwf8G95t4MIe9TBYhnSDmU1XZlxsmeNEP1wFcFrg,5455
@@ -45,7 +45,7 @@ howler/common/net.py,sha256=H4KrP-aUeYVxjLYmC3yNTSriQEmqC__Fzho7p86rAlI,1795
 howler/common/net_static.py,sha256=q5ccJRFft4flMwhtQSN14M8Fn_GWxQ6yLK4mzSqCW6g,20589
 howler/common/random_user.py,sha256=0NEJzLBz08dcSCk7-M6HQpC89qc4QUTKa_zC84hfds4,4920
 howler/common/swagger.py,sha256=XqFVxgCQg_HJrLdl6b37alwyanOWmcAU1bbVi6eDQrA,3752
-howler/config.py,sha256=amwf4FXJ1ZKeooHqPlC_F691tg6Yaj4osKn_ExiUSS0,2128
+howler/config.py,sha256=aMWL40YnN29moAIjm3NXlPHPQrIeagRd68sjuuDwK2I,2170
 howler/cronjobs/__init__.py,sha256=GEhNsxPGATumlroMa-g6z5Dt9yy0QT93s3uuNC-GwIM,909
 howler/cronjobs/retention.py,sha256=qpUT7A2UoIJIyHZ_zpcgOe1o3do6xLRsV-uUxEJ5m94,1778
 howler/cronjobs/rules.py,sha256=-yAjGTyYI7jeQ9wigjoupRMq3b6DakU0EW0XCS8xowQ,10511
@@ -76,11 +76,11 @@ howler/external/wipe_databases.py,sha256=CO_mUdezp24h6xz6Di_K5-Mid61d9EVcBO4ap5q
 howler/gunicorn_config.py,sha256=0X7DPFcVDu3qAgMbNsdYGqCuvQGn5ZNx_eapOMyuXuI,750
 howler/healthz.py,sha256=nvb8MBBERYIkA_UxxLIyNEQazYOnPCcm0sH0Jm5nF0k,769
 howler/helper/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-howler/helper/azure.py,sha256=Sbm4kpCaU1IcQQS9gtoJEF8myGnqhlAP4Lb_zJSCFvo,1543
+howler/helper/azure.py,sha256=evI413uz-PdI6C5HIHh8LPRx83mTO8y6nad5ed_qJ5Y,1830
 howler/helper/discover.py,sha256=j1nPHOPZ9CwvcfLT2xd-uvvpEex-nhPscl9aZwutwDk,2221
 howler/helper/hit.py,sha256=Us2B4Dngu_ghWCZ40o7mZ0iLKKDr2onV6oB2OLuE5Fc,7863
-howler/helper/oauth.py,sha256=aTzmcFJXsPDwxAP_J4wUpb8K7Xe1IZuiKG1iTHOrzpM,9549
-howler/helper/search.py,sha256=cU9bDPQv2LIRNQ2j-8rAqePCYq9CrgOtS76PrziSgG8,2892
+howler/helper/oauth.py,sha256=08yApXF9l-mCVFUodmcZDDj6Y0B4tFge10OrDYqnQmg,10725
+howler/helper/search.py,sha256=XQ_6ScHsmzfqXnQ3Rt-j9ADmddaSVsAcG6348L-WtPY,2882
 howler/helper/workflow.py,sha256=ATvEv5CI7Bm2bTEy0U0EPEdz6-fZfyqIkc-gZCYmRY8,4803
 howler/helper/ws.py,sha256=im7pFQJDmGs3EyaBviGD1csYmTTRwLx8Gfih6-MlPhs,15911
 howler/odm/README.md,sha256=Ihc_DyjVQlLaIOEbPoQNPkum9Ecn8kn37-PMFQsX77s,5645
@@ -97,7 +97,7 @@ howler/odm/models/aws.py,sha256=pJVadJqubdgT27riCfp7bEKVP4XsMZB0ZUnKAbmCMd0,895
 howler/odm/models/azure.py,sha256=o7MZMMo9jh1SB8xXCajl_YSKP2nnnWsjx_DPT6LnQKg,710
 howler/odm/models/cbs.py,sha256=onUiJOGUxK3iy_-4XkGGwHxFiFq9Td_p59Kum4XaR-w,1366
 howler/odm/models/clue.py,sha256=TNJV1t9bEhRTcJuSC2qNKQ-XpwFqb5iQstRpvHOrTHE,636
-howler/odm/models/config.py,sha256=jMmdr12dtVNdpZNKvKUOJvnWuUKrqwewOL-kEMXCmJY,22581
+howler/odm/models/config.py,sha256=cEFdR8Tzl0VUwRTj-zJ8ARBsRAcnHarQcAiggmpoz0E,22604
 howler/odm/models/dossier.py,sha256=Ob2qROrG2-DYzmVo2XVe4NJ8HjWGCoRAu2gPo6p9XGU,1244
 howler/odm/models/ecs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 howler/odm/models/ecs/agent.py,sha256=idSooyFCLuQAB7_RyEWTYW4-x9w5a3wpy2ct_-EDRQs,713
@@ -138,17 +138,17 @@ howler/odm/models/ecs/user.py,sha256=A1KoIZk5LLPR-boE3O9LEbMRDBbDcrXhdXjlFF1exYU
 howler/odm/models/ecs/user_agent.py,sha256=LM4ZjbdEkkF02zZu6Pg7j8JLuAyfliTC6PVAEw9W2S4,845
 howler/odm/models/ecs/vulnerability.py,sha256=iX2TUmCZTJjwyMcOmxiHg-pfoEwX8Wx-h8cxo5QsJmo,1553
 howler/odm/models/gcp.py,sha256=FLwaQVcfFeE5AbIhEB_Ge2UL-HjPdldY04Nrm9Mq7kk,675
-howler/odm/models/hit.py,sha256=kgzk3RzgKGvHdtNG0iMRxCtLPD73-BFFU9A_IxJcOHI,13396
+howler/odm/models/hit.py,sha256=Gxr_afLleKzK0dM0VfgtftYTU5zo-egEggQgk0V_tX4,13657
 howler/odm/models/howler_data.py,sha256=7anqSVFyvecqTlmvg1_ULGgJmWii4AanTanbbqtMUqo,12515
 howler/odm/models/lead.py,sha256=lqapGWZ4u22Asib48o7wAzramnFY9EkRybmb4olsyrA,904
 howler/odm/models/localized_label.py,sha256=G7gfQ1cngiI4KprqldHWE1KHkAgK4AG_JsfHxVRdsRs,361
 howler/odm/models/overview.py,sha256=kvZcMYPDlkJEGa0L1jq9pG0RFjLOVudC64-2GTWVu2w,684
 howler/odm/models/pivot.py,sha256=ZewcGh91xbE64snZ5Ahz2So1onAqO8U9H4CFe6jBOXs,1405
 howler/odm/models/template.py,sha256=-Tqq_36qD_3nQ4jv13OPeH_EyyERKhc55wT03CU-Kbk,979
-howler/odm/models/user.py,sha256=XUh627AghESPkjCWXFTorAVRxZA1BKdAQik5HP7Ow48,3272
+howler/odm/models/user.py,sha256=T1VTbUfRHU4g48iccW3TS7lWSgGXVfd1CuSx-b3TDjE,3388
 howler/odm/models/view.py,sha256=DYFrYcx4NT-Z_0GUg_5qjRRLwrMMFK78NQ-20iuFx8o,1323
-howler/odm/random_data.py,sha256=tAycwRyyGuY6RyqpyWirx1_SLmJFnqXg-CkFT-9TeO4,28877
-howler/odm/randomizer.py,sha256=B4fMtCtdO4Me2omTaM2xTcin8lp4ZiJVuwgq81LfqJE,23692
+howler/odm/random_data.py,sha256=96HRJu1O47hDvZ3pA55UPN6ckPh458oxrxQrmupmJng,29490
+howler/odm/randomizer.py,sha256=2gBwQA6karZQhX82cz0oBhgCXvmVlFXhdKXGdjoAjLM,23870
 howler/patched.py,sha256=Br4BGU5raaqjSMDLD7ogb5A8Yn0dzecouh6uWVV2jlQ,77
 howler/plugins/__init__.py,sha256=P5P-t4KgIInOzp4NmIturNIhUbb3jPO81n55Q_b_gM0,841
 howler/plugins/config.py,sha256=75sGAPQPU9_dGkJJ8_Q1H1qIYEhu9iv8c0_PDgAJDAs,4802
@@ -177,12 +177,12 @@ howler/services/config_service.py,sha256=tmSXHKMqJHT3ZoCb250Ad5l32Gh3MiWApIRSI8b
 howler/services/dossier_service.py,sha256=nn4lGJ8caJVBYQyp_sViVmMm6m0MetY0Wml5ITaZhb4,10559
 howler/services/event_service.py,sha256=4Mf2n02Rj2cfirwj_dIWkFGXzw_nrW8kfveAT-Kwx0M,2985
 howler/services/hit_service.py,sha256=jeqWfDvzNIvR0SxhZeCfdeVvA3zd0pBI74YE8hTgu98,34716
-howler/services/jwt_service.py,sha256=g0Q2pkENSeWxDEOgg9Kdvare2-HshDtD4UdxARLfGC0,5579
+howler/services/jwt_service.py,sha256=2ULBu1GqosowIgtMpqgn0imRsOGfwFOioH-uVOmXZpw,5601
 howler/services/lucene_service.py,sha256=PRDM6cEnIA9qb1elpsiD2EVIXRo0rg6q0ki1QTu9UQA,12752
 howler/services/notebook_service.py,sha256=_MWllCnuVxt7lCcvWghXnaS926FbvBRE3DrBt--zO7U,3968
 howler/services/overview_service.py,sha256=-Jk6m1jRA0RQ9QuBxaguQbI0baH1Rz6N6H6R8E4jzJ8,1704
 howler/services/template_service.py,sha256=ts2vF6uimyuQbsocPSu-7wrI0-Av3ZjDAYWb53ERW-A,2051
-howler/services/user_service.py,sha256=AqqnfNJxvDKCYymfExtN7VWKlkBpSDbWnNsoGgpPVHw,12671
+howler/services/user_service.py,sha256=ic_vnw5bXycSQmO1ohUifqvwDAJ6AKcNqBLP8hFPY54,13758
 howler/telemetry.py,sha256=bXjXhZXwiwcGDJAD2ZNN_Zh6aZd19cQqtmn3G47Ckac,2584
 howler/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 howler/utils/annotations.py,sha256=GLuDbjbXp8esDji3qhQY_uQyOWVqfIdpF_zs2t0IaMI,878
@@ -196,7 +196,7 @@ howler/utils/path.py,sha256=DfOU4i4zSs4wchHoE8iE7aWVLkTxiC_JRGepF2hBYBk,690
 howler/utils/socket_utils.py,sha256=nz1SklC9xBHUSfHyTJjpq3mbozX1GDf01WzdGxfaUII,2212
 howler/utils/str_utils.py,sha256=HE8Hqh2HlOLaj16w0H9zKOyDJLp-f1LQ50y_WeGZaEk,8389
 howler/utils/uid.py,sha256=p9dsqyvZ-lpiAuzZWCPCeEM99kdk0Ly9czf04HNdSuw,1341
-howler_api-3.3.0.dev767.dist-info/METADATA,sha256=mSXzbRE4gGRPvdwASv3kiT5Yk0ZhCe-CFUChcuiOOLg,2879
-howler_api-3.3.0.dev767.dist-info/WHEEL,sha256=Vz2fHgx6HFtSwhs8KvkHLqH5Ea4w1_rner5uNVGCeIE,88
-howler_api-3.3.0.dev767.dist-info/entry_points.txt,sha256=Lu9SBGvwe0wczJHmc-RudC24lmQk7tv3ZBXon9RIihg,259
-howler_api-3.3.0.dev767.dist-info/RECORD,,
+howler_api-3.3.0.dev768.dist-info/METADATA,sha256=0ShN3xopxsQbeWQ2LoELT33OvpjicY67jiTl-jpDGJ0,2879
+howler_api-3.3.0.dev768.dist-info/WHEEL,sha256=Vz2fHgx6HFtSwhs8KvkHLqH5Ea4w1_rner5uNVGCeIE,88
+howler_api-3.3.0.dev768.dist-info/entry_points.txt,sha256=Lu9SBGvwe0wczJHmc-RudC24lmQk7tv3ZBXon9RIihg,259
+howler_api-3.3.0.dev768.dist-info/RECORD,,