hyperpocket 0.0.1__py3-none-any.whl

hyperpocket/auth/slack/oauth2_handler.py

@@ -0,0 +1,151 @@
+from typing import Optional
+from urllib.parse import urljoin, urlencode
+
+import httpx
+
+from hyperpocket.auth import AuthProvider
+from hyperpocket.auth.context import AuthContext
+from hyperpocket.auth.handler import AuthHandlerInterface
+from hyperpocket.auth.slack.oauth2_context import SlackOAuth2AuthContext
+from hyperpocket.auth.slack.oauth2_schema import SlackOAuth2Response, SlackOAuth2Request
+from hyperpocket.config import config as config
+from hyperpocket.futures import FutureStore
+
+
+class SlackOAuth2AuthHandler(AuthHandlerInterface):
+    _SLACK_OAUTH_URL: str = "https://slack.com/oauth/v2/authorize"
+    _SLACK_TOKEN_URL: str = "https://slack.com/api/oauth.v2.access"
+
+    name: str = "slack-oauth2"
+    description: str = "This handler is used to authenticate users using the Slack OAuth2 authentication method."
+    scoped: bool = True
+
+    @staticmethod
+    def provider() -> AuthProvider:
+        return AuthProvider.SLACK
+
+    @staticmethod
+    def provider_default() -> bool:
+        return True
+
+    @staticmethod
+    def recommended_scopes() -> set[str]:
+        if config.auth.slack.use_recommended_scope:
+            recommended_scopes = {
+                "channels:history",
+                "channels:read",
+                "chat:write",
+                "groups:history",
+                "groups:read",
+                "im:history",
+                "mpim:history",
+                "reactions:read",
+                "reactions:write",
+            }
+        else:
+            recommended_scopes = {}
+        return recommended_scopes
+
+    def prepare(self, auth_req: SlackOAuth2Request, thread_id: str, profile: str,
+                future_uid: str, *args, **kwargs) -> str:
+        redirect_uri = urljoin(
+            config.public_base_url + "/",
+            f"{config.callback_url_rewrite_prefix}/auth/slack/oauth2/callback",
+        )
+        print(f"redirect_uri: {redirect_uri}")
+        auth_url = self._make_auth_url(req=auth_req, redirect_uri=redirect_uri, state=future_uid)
+
+        FutureStore.create_future(future_uid, data={
+            "redirect_uri": redirect_uri,
+            "thread_id": thread_id,
+            "profile": profile,
+        })
+
+        return f'User needs to authenticate using the following URL: {auth_url}'
+
+    async def authenticate(self, auth_req: SlackOAuth2Request, future_uid: str, *args, **kwargs) -> AuthContext:
+        future_data = FutureStore.get_future(future_uid)
+        auth_code = await future_data.future
+
+        async with httpx.AsyncClient() as client:
+            resp = await client.post(
+                url=self._SLACK_TOKEN_URL,
+                data={
+                    'client_id': auth_req.client_id,
+                    'client_secret': auth_req.client_secret,
+                    'code': auth_code,
+                    'redirect_uri': future_data.data["redirect_uri"],
+                }
+            )
+        if resp.status_code != 200:
+            raise Exception(f"failed to authenticate. status_code : {resp.status_code}")
+
+        resp_json = resp.json()
+        if resp_json["ok"] is False:
+            raise Exception(f"failed to authenticate. error : {resp_json['error']}")
+
+        resp_typed = SlackOAuth2Response(**resp_json)
+        return SlackOAuth2AuthContext.from_slack_oauth2_response(resp_typed)
+
+    async def refresh(self, auth_req: SlackOAuth2Request, context: AuthContext, *args, **kwargs) -> AuthContext:
+        slack_context: SlackOAuth2AuthContext = context
+        last_oauth2_resp: SlackOAuth2Response = slack_context.detail
+        refresh_token = slack_context.refresh_token
+
+        async with httpx.AsyncClient() as client:
+            resp = await client.post(
+                url=self._SLACK_TOKEN_URL,
+                data={
+                    'client_id': config.auth.slack.client_id,
+                    'client_secret': config.auth.slack.client_secret,
+                    'grant_type': 'refresh_token',
+                    'refresh_token': refresh_token,
+                },
+            )
+
+        if resp.status_code != 200:
+            raise Exception(f"failed to refresh. status_code : {resp.status_code}")
+
+        resp_json = resp.json()
+        if resp_json["ok"] is False:
+            raise Exception(f"failed to refresh. status_code : {resp.status_code}")
+
+        if last_oauth2_resp.authed_user:
+            new_resp = last_oauth2_resp.model_copy(
+                update={
+                    "authed_user": SlackOAuth2Response.AuthedUser(**{
+                        **last_oauth2_resp.authed_user.model_dump(),
+                        "access_token": resp_json["access_token"],
+                        "refresh_token": resp_json["refresh_token"],
+                        "expires_in": resp_json["expires_in"],
+                    })
+                }
+            )
+        else:
+            new_resp = last_oauth2_resp.model_copy(
+                update={
+                    **last_oauth2_resp.model_dump(),
+                    "access_token": resp_json["access_token"],
+                    "refresh_token": resp_json["refresh_token"],
+                    "expires_in": resp_json["expires_in"],
+                }
+            )
+
+        return SlackOAuth2AuthContext.from_slack_oauth2_response(new_resp)
+
+    def _make_auth_url(self, req: SlackOAuth2Request, redirect_uri: str, state: str):
+        params = {
+            "user_scope": ','.join(req.auth_scopes),
+            "client_id": req.client_id,
+            "redirect_uri": redirect_uri,
+            "state": state,
+        }
+        auth_url = f"{self._SLACK_OAUTH_URL}?{urlencode(params)}"
+        return auth_url
+
+    def make_request(self, auth_scopes: Optional[list[str]] = None, **kwargs) -> SlackOAuth2Request:
+        return SlackOAuth2Request(
+            auth_scopes=auth_scopes,
+            client_id=config.auth.slack.client_id,
+            client_secret=config.auth.slack.client_secret,
+        )

hyperpocket/auth/slack/oauth2_schema.py

@@ -0,0 +1,40 @@
+from typing import Optional
+
+from pydantic import BaseModel
+
+from hyperpocket.auth.schema import AuthenticateRequest, AuthenticateResponse
+
+
+class SlackOAuth2Request(AuthenticateRequest):
+    client_id: str
+    client_secret: str
+
+
+class SlackOAuth2Response(AuthenticateResponse):
+    class Team(BaseModel):
+        name: str
+        id: str
+
+    class Enterprise(BaseModel):
+        name: str
+        id: str
+
+    class AuthedUser(BaseModel):
+        id: str
+        access_token: Optional[str] = None
+        refresh_token: Optional[str] = None
+        expires_in: Optional[int] = None
+        scope: Optional[str] = None
+        token_type: Optional[str] = None
+
+    ok: bool
+    access_token: Optional[str] = None
+    refresh_token: Optional[str] = None
+    expires_in: Optional[int] = None
+    token_type: Optional[str] = None
+    scope: Optional[str] = None
+    bot_user_id: Optional[str] = None
+    app_id: Optional[str] = None
+    team: Optional[Team] = None
+    enterprise: Optional[Enterprise] = None
+    authed_user: Optional[AuthedUser] = None

hyperpocket/auth/slack/tests/test_oauth2_handler.py

@@ -0,0 +1,32 @@
+# import asyncio
+# from unittest import TestCase
+#
+# from pocket.auth.slack.oauth2_handler import SlackOAuth2AuthHandler
+# from pocket.auth.slack.oauth2_schema import SlackOAuth2Request
+# from pocket.config import config
+# from pocket.server.server import get_proxy_server, get_server
+#
+#
+# class TestSlackOAuth2AuthHandler(TestCase):
+#
+#     def test_authenticate(self):
+#         loop = asyncio.new_event_loop()
+#         asyncio.set_event_loop(loop)
+#         server = get_server()
+#         asyncio.ensure_future(server.serve(), loop=loop)
+#         proxy_server = get_proxy_server()
+#         if proxy_server:
+#             asyncio.ensure_future(proxy_server.serve(), loop=loop)
+#
+#         slack_auth = SlackOAuth2AuthHandler()
+#         auth_req = SlackOAuth2Request(
+#             auth_scopes=["channels:history", "im:history", "mpim:history", "groups:history", "reactions:read"],
+#             client_id=config.auth.slack.client_id,
+#             client_secret=config.auth.slack.client_secret,
+#         )
+#
+#         # when
+#         context = loop.run_until_complete(slack_auth.authenticate(auth_req))
+#
+#         # then
+#         print("access_token : ", context.access_token)

hyperpocket/auth/slack/tests/test_token_handler.py

@@ -0,0 +1,23 @@
+# import asyncio
+# from unittest import TestCase
+# from unittest.mock import patch
+#
+# from pocket.auth.context import AuthContext
+# from pocket.auth.slack.token_handler import SlackTokenAuthHandler
+# from pocket.auth.slack.token_schema import SlackTokenRequest
+#
+#
+# class TestSlackTokenAuthHandler(TestCase):
+#     def test_authenticate(self):
+#         loop = asyncio.new_event_loop()
+#         asyncio.set_event_loop(loop)
+#
+#         slack_auth = SlackTokenAuthHandler()
+#         auth_req = SlackTokenRequest()
+#
+#         # when
+#         with patch("builtins.input", return_value="test-slack-token"):
+#             context: AuthContext = loop.run_until_complete(slack_auth.authenticate(auth_req))
+#
+#         # then
+#         assert context.access_token == "test-slack-token"

hyperpocket/auth/slack/token_context.py

@@ -0,0 +1,14 @@
+from hyperpocket.auth.slack.context import SlackAuthContext
+from hyperpocket.auth.slack.token_schema import SlackTokenResponse
+
+
+class SlackTokenAuthContext(SlackAuthContext):
+    @classmethod
+    def from_slack_token_response(cls, response: SlackTokenResponse):
+        description = f'Slack Token Context logged in'
+
+        return cls(
+            access_token=response.access_token,
+            description=description,
+            expires_at=None
+        )

hyperpocket/auth/slack/token_handler.py

@@ -0,0 +1,64 @@
+from typing import Optional
+from urllib.parse import urljoin, urlencode
+
+from hyperpocket.auth import AuthProvider
+from hyperpocket.auth.context import AuthContext
+from hyperpocket.auth.handler import AuthHandlerInterface
+from hyperpocket.auth.slack.token_context import SlackTokenAuthContext
+from hyperpocket.auth.slack.token_schema import SlackTokenResponse, SlackTokenRequest
+from hyperpocket.config import config
+from hyperpocket.futures import FutureStore
+
+
+class SlackTokenAuthHandler(AuthHandlerInterface):
+    name: str = "slack-token"
+    description: str = "This handler is used to authenticate users using the Slack token."
+    scoped: bool = False
+
+    _TOKEN_URL: str = urljoin(config.public_base_url + "/", f"{config.callback_url_rewrite_prefix}/auth/token")
+
+    @staticmethod
+    def provider() -> AuthProvider:
+        return AuthProvider.SLACK
+
+    @staticmethod
+    def recommended_scopes() -> set[str]:
+        return set()
+
+    def prepare(self, auth_req: SlackTokenRequest, thread_id: str, profile: str,
+                future_uid: str, *args, **kwargs) -> str:
+        redirect_uri = urljoin(
+            config.public_base_url + "/",
+            f"{config.callback_url_rewrite_prefix}/auth/slack/token/callback",
+        )
+        url = self._make_auth_url(req=auth_req, redirect_uri=redirect_uri, state=future_uid)
+        FutureStore.create_future(future_uid, data={
+            "redirect_uri": redirect_uri,
+            "thread_id": thread_id,
+            "profile": profile,
+        })
+
+        return f'User needs to authenticate using the following URL: {url}'
+
+    async def authenticate(self, auth_req: SlackTokenRequest, future_uid: str, *args, **kwargs) -> AuthContext:
+        future_data = FutureStore.get_future( future_uid)
+        access_token = await future_data.future
+
+        response = SlackTokenResponse(access_token=access_token)
+        context = SlackTokenAuthContext.from_slack_token_response(response)
+
+        return context
+
+    async def refresh(self, auth_req: SlackTokenRequest, context: AuthContext, *args, **kwargs) -> AuthContext:
+        raise Exception("Slack token doesn't support refresh")
+
+    def _make_auth_url(self, req: SlackTokenRequest, redirect_uri: str, state: str):
+        params = {
+            "redirect_uri": redirect_uri,
+            "state": state,
+        }
+        auth_url = f"{self._TOKEN_URL}?{urlencode(params)}"
+        return auth_url
+
+    def make_request(self, auth_scopes: Optional[list[str]] = None, **kwargs) -> SlackTokenRequest:
+        return SlackTokenRequest()

hyperpocket/auth/slack/token_schema.py

@@ -0,0 +1,9 @@
+from hyperpocket.auth.schema import AuthenticateRequest, AuthenticateResponse
+
+
+class SlackTokenRequest(AuthenticateRequest):
+    pass
+
+
+class SlackTokenResponse(AuthenticateResponse):
+    access_token: str

hyperpocket/auth/tests/test_google_oauth2_handler.py

@@ -0,0 +1,147 @@
+import uuid
+from datetime import timezone, datetime
+from unittest import IsolatedAsyncioTestCase
+from unittest.mock import patch
+from urllib.parse import urlparse, parse_qs
+
+import httpx
+
+from hyperpocket.auth import GoogleOAuth2AuthContext
+from hyperpocket.auth.google.oauth2_handler import GoogleOAuth2AuthHandler
+from hyperpocket.auth.google.oauth2_schema import GoogleOAuth2Request, GoogleOAuth2Response
+from hyperpocket.config import config
+from hyperpocket.config.auth import GoogleAuthConfig
+from hyperpocket.futures import FutureStore
+
+
+class TestGoogleOAuth2AuthHandler(IsolatedAsyncioTestCase):
+
+    async def asyncSetUp(self):
+        config.auth.google = GoogleAuthConfig(
+            client_id="test-client-id",
+            client_secret="test-client-secret",
+        )
+
+        self.handler = GoogleOAuth2AuthHandler()
+        self.auth_req = GoogleOAuth2Request(
+            auth_scopes=["https://www.googleapis.com/auth/calendar"],
+            client_id="test-client-id",
+            client_secret="test-client-secret",
+        )
+
+    async def test_make_auth_url(self):
+        future_uid = str(uuid.uuid4())
+
+        auth_url = self.handler._make_auth_url(
+            auth_req=self.auth_req,
+            redirect_uri="http://test-redirect-uri.com",
+            state=future_uid
+        )
+        parsed = urlparse(auth_url)
+        query_params = parse_qs(parsed.query)
+        base_url = f"{parsed.scheme}://{parsed.netloc}{parsed.path}"
+
+        # then
+        self.assertEqual(base_url, self.handler._GOOGLE_AUTH_URL)
+        self.assertEqual(query_params["state"][0], future_uid)
+        self.assertEqual(query_params["redirect_uri"][0], "http://test-redirect-uri.com")
+        self.assertEqual(query_params["client_id"][0], "test-client-id")
+        self.assertEqual(query_params["scope"][0], "https://www.googleapis.com/auth/calendar")
+
+    async def test_prepare(self):
+        future_uid = str(uuid.uuid4())
+
+        # when
+        prepare: str = self.handler.prepare(
+            auth_req=self.auth_req,
+            thread_id="test-prepare-thread-id",
+            profile="test-prepare-profile",
+            future_uid=future_uid,
+        )
+        auth_url = prepare.removeprefix("User needs to authenticate using the following URL:").strip()
+        future_data = FutureStore.get_future( uid=future_uid)
+
+        # then
+        self.assertTrue(auth_url.startswith(self.handler._GOOGLE_AUTH_URL))
+        self.assertIsNotNone(future_data)
+        self.assertEqual(future_data.data["thread_id"], "test-prepare-thread-id")
+        self.assertEqual(future_data.data["profile"], "test-prepare-profile")
+        self.assertFalse(future_data.future.done())
+
+    async def test_authenticate(self):
+        mock_response = httpx.Response(
+            status_code=200,
+            json={
+                "access_token": "test-token",
+                "refresh_token": "test-refresh-token",
+                "expires_in": 3600,
+                "scope": "https://www.googleapis.com/auth/calendar",
+                "token_type": "Bearer",
+
+            }
+        )
+        future_uid = str(uuid.uuid4())
+
+        self.handler.prepare(
+            auth_req=self.auth_req,
+            thread_id="test-thread-id",
+            profile="test-profile",
+            future_uid=future_uid
+        )
+        future_data = FutureStore.get_future( uid=future_uid)
+        future_data.future.set_result("test-code")
+
+        with patch("httpx.AsyncClient.post", return_value=mock_response):
+            response: GoogleOAuth2AuthContext = await self.handler.authenticate(
+                auth_req=self.auth_req,
+                future_uid=future_uid
+            )
+
+        time_diff = (response.expires_at - datetime.now(tz=timezone.utc)).total_seconds()
+
+        self.assertIsInstance(response, GoogleOAuth2AuthContext)
+        self.assertEqual(response.access_token, "test-token")
+        self.assertEqual(response.refresh_token, "test-refresh-token")
+        self.assertTrue(time_diff > 3500)
+
+    async def test_refresh(self):
+        # given
+        mock_response = httpx.Response(
+            status_code=200,
+            json={
+                "access_token": "new-test-token",
+                "expires_in": 3600,
+                "scope": "https://www.googleapis.com/auth/calendar",
+                "token_type": "Bearer",
+            }
+        )
+        response = GoogleOAuth2Response(
+            **{
+                "access_token": "test-token",
+                "expires_in": 100,
+                "scope": "https://www.googleapis.com/auth/calendar",
+                "refresh_token": "test-refresh-token",
+                "token_type": "Bearer",
+            }
+        )
+        context = GoogleOAuth2AuthContext.from_google_oauth2_response(response)
+
+        # when
+        with patch("httpx.AsyncClient.post", return_value=mock_response):
+            new_context: GoogleOAuth2AuthContext = await self.handler.refresh(
+                auth_req=self.auth_req,
+                context=context
+            )
+
+        old_time_diff = (context.expires_at - datetime.now(tz=timezone.utc))
+        new_time_diff = (new_context.expires_at - datetime.now(tz=timezone.utc))
+
+        # then
+        self.assertIsInstance(new_context, GoogleOAuth2AuthContext)
+        self.assertEqual(context.access_token, "test-token")
+        self.assertEqual(context.refresh_token, "test-refresh-token")
+        self.assertTrue(old_time_diff.total_seconds() < 100)
+
+        self.assertEqual(new_context.access_token, "new-test-token")
+        self.assertEqual(new_context.refresh_token, "test-refresh-token")
+        self.assertTrue(new_time_diff.total_seconds() > 3500)

hyperpocket/auth/tests/test_slack_oauth2_handler.py

@@ -0,0 +1,147 @@
+import uuid
+from datetime import timezone, datetime
+from unittest.async_case import IsolatedAsyncioTestCase
+from unittest.mock import patch
+from urllib.parse import urlparse, parse_qs
+
+import httpx
+
+from hyperpocket.auth import SlackOAuth2AuthContext
+from hyperpocket.auth.slack.oauth2_handler import SlackOAuth2AuthHandler
+from hyperpocket.auth.slack.oauth2_schema import SlackOAuth2Request, SlackOAuth2Response
+from hyperpocket.config import config
+from hyperpocket.config.auth import SlackAuthConfig
+from hyperpocket.futures import FutureStore
+
+
+class TestSlackOAuth2AuthHandler(IsolatedAsyncioTestCase):
+
+    async def asyncSetUp(self):
+        config.auth.slack = SlackAuthConfig(
+            client_id="test-client-id",
+            client_secret="test-client-secret",
+        )
+
+        self.handler = SlackOAuth2AuthHandler()
+        self.auth_req = SlackOAuth2Request(
+            auth_scopes=["channels:history", "im:history", "mpim:history", "groups:history", "reactions:read"],
+            client_id="test-client-id",
+            client_secret="test-client-secret",
+        )
+
+    async def test_make_auth_url(self):
+        future_uid = str(uuid.uuid4())
+
+        auth_url = self.handler._make_auth_url(
+            req=self.auth_req,
+            redirect_uri="http://test-redirect-uri.com",
+            state=future_uid
+        )
+        parsed = urlparse(auth_url)
+        query_params = parse_qs(parsed.query)
+        base_url = f"{parsed.scheme}://{parsed.netloc}{parsed.path}"
+
+        # then
+        self.assertEqual(base_url, SlackOAuth2AuthHandler._SLACK_OAUTH_URL)
+        self.assertEqual(query_params["state"][0], future_uid)
+        self.assertEqual(query_params["redirect_uri"][0], "http://test-redirect-uri.com")
+        self.assertEqual(query_params["client_id"][0], "test-client-id")
+        self.assertEqual(query_params["user_scope"][0],
+                         "channels:history,im:history,mpim:history,groups:history,reactions:read")
+
+    async def test_prepare(self):
+        future_uid = str(uuid.uuid4())
+
+        # when
+        prepare: str = self.handler.prepare(
+            auth_req=self.auth_req,
+            thread_id="test-prepare-thread-id",
+            profile="test-prepare-profile",
+            future_uid=future_uid,
+        )
+        auth_url = prepare.removeprefix("User needs to authenticate using the following URL:").strip()
+        future_data = FutureStore.get_future( uid=future_uid)
+
+        # then
+        self.assertTrue(auth_url.startswith(SlackOAuth2AuthHandler._SLACK_OAUTH_URL))
+        self.assertIsNotNone(future_data)
+        self.assertEqual(future_data.data["thread_id"], "test-prepare-thread-id")
+        self.assertEqual(future_data.data["profile"], "test-prepare-profile")
+        self.assertFalse(future_data.future.done())
+
+    async def test_authenticate(self):
+        # given
+        future_uid = str(uuid.uuid4())
+        mock_response = httpx.Response(
+            status_code=200,
+            json={
+                "ok": True,
+                "authed_user": {
+                    "id": "test-user",
+                    "access_token": "test-token"
+                }
+
+            }
+        )
+
+        # when
+        self.handler.prepare(
+            auth_req=self.auth_req,
+            thread_id="test-thread-id",
+            profile="test-profile",
+            future_uid=future_uid
+        )
+        future_data = FutureStore.get_future( uid=future_uid)
+        future_data.future.set_result("test-code")
+
+        with patch("httpx.AsyncClient.post", return_value=mock_response):
+            response: SlackOAuth2AuthContext = await self.handler.authenticate(
+                auth_req=self.auth_req,
+                future_uid=future_uid
+            )
+
+        self.assertIsInstance(response, SlackOAuth2AuthContext)
+        self.assertEqual(response.access_token, "test-token")
+
+    async def test_refresh(self):
+        # given
+        # https://api.slack.com/authentication/rotation
+        mock_response = httpx.Response(
+            status_code=200,
+            json={
+                "ok": True,
+                "access_token": "new-access-token",
+                "refresh_token": "new-refresh-token",
+                "expires_in": 3600,
+            }
+        )
+
+        response = SlackOAuth2Response(
+            **{
+                "ok": True,
+                "authed_user": {
+                    "id": "test",
+                    "access_token": "access-token",
+                    "refresh_token": "refresh-token",
+                    "expires_in": 3600,
+                }
+            }
+        )
+        context = SlackOAuth2AuthContext.from_slack_oauth2_response(response)
+
+        # when
+        with patch("httpx.AsyncClient.post", return_value=mock_response):
+            new_context: SlackOAuth2AuthContext = await self.handler.refresh(
+                auth_req=self.auth_req,
+                context=context
+            )
+
+        time_diff = (new_context.expires_at - datetime.now(tz=timezone.utc))
+
+        # then
+        self.assertIsInstance(new_context, SlackOAuth2AuthContext)
+        self.assertEqual(context.access_token, "access-token")
+        self.assertEqual(context.refresh_token, "refresh-token")
+        self.assertEqual(new_context.access_token, "new-access-token")
+        self.assertEqual(new_context.refresh_token, "new-refresh-token")
+        self.assertTrue(time_diff.total_seconds() > 3500)