PyPI - iatoolkit - Versions diffs - 0.56.0__py3-none-any.whl → 0.57.0__py3-none-any.whl - Mend

iatoolkit 0.56.0py3-none-any.whl → 0.57.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of iatoolkit might be problematic. Click here for more details.

Files changed (10) hide show

iatoolkit/iatoolkit.py +1 -1
iatoolkit/repositories/models.py +26 -1
iatoolkit/services/auth_service.py +109 -5
iatoolkit/views/base_login_view.py +3 -0
iatoolkit/views/external_login_view.py +12 -55
iatoolkit/views/login_view.py +4 -3
{iatoolkit-0.56.0.dist-info → iatoolkit-0.57.0.dist-info}/METADATA +1 -1
{iatoolkit-0.56.0.dist-info → iatoolkit-0.57.0.dist-info}/RECORD +10 -10
{iatoolkit-0.56.0.dist-info → iatoolkit-0.57.0.dist-info}/WHEEL +0 -0
{iatoolkit-0.56.0.dist-info → iatoolkit-0.57.0.dist-info}/top_level.txt +0 -0

iatoolkit/iatoolkit.py CHANGED Viewed

@@ -19,7 +19,7 @@ from werkzeug.middleware.proxy_fix import ProxyFix
 from injector import Binder, singleton, Injector
 from importlib.metadata import version as _pkg_version, PackageNotFoundError
-IATOOLKIT_VERSION = "0.56.0"
+IATOOLKIT_VERSION = "0.57.0"
 # global variable for the unique instance of IAToolkit
 _iatoolkit_instance: Optional['IAToolkit'] = None

iatoolkit/repositories/models.py CHANGED Viewed

@@ -3,9 +3,10 @@
 #
 # IAToolkit is open source software.
-from sqlalchemy import Column, Integer, String, DateTime, Enum, Text, JSON, Boolean, ForeignKey, Table
+from sqlalchemy import Column, Integer, BigInteger, String, DateTime, Enum, Text, JSON, Boolean, ForeignKey, Table
 from sqlalchemy.orm import DeclarativeBase
 from sqlalchemy.orm import relationship, class_mapper, declarative_base
+from sqlalchemy.sql import func
 from datetime import datetime
 from pgvector.sqlalchemy import Vector
 from enum import Enum as PyEnum
@@ -307,3 +308,27 @@ class Prompt(Base):
     company = relationship("Company", back_populates="prompts")
     category = relationship("PromptCategory", back_populates="prompts")
+class AccessLog(Base):
+    # Modelo ORM para registrar cada intento de acceso a la plataforma.
+    __tablename__ = 'iat_access_log'
+    id = Column(BigInteger, primary_key=True)
+    timestamp = Column(DateTime(timezone=True), server_default=func.now(), nullable=False, index=True)
+    company_short_name = Column(String(100), nullable=False, index=True)
+    user_identifier = Column(String(255), index=True)
+    # Cómo y el Resultado
+    auth_type = Column(String(20), nullable=False) # 'local', 'external_api', 'redeem_token', etc.
+    outcome = Column(String(10), nullable=False)   # 'success' o 'failure'
+    reason_code = Column(String(50))               # Causa de fallo, ej: 'INVALID_CREDENTIALS'
+    # Contexto de la Petición
+    source_ip = Column(String(45), nullable=False)
+    user_agent_hash = Column(String(16))           # Hash corto del User-Agent
+    request_path = Column(String(255), nullable=False)
+    def __repr__(self):
+        return (f"<AccessLog(id={self.id}, company='{self.company_short_name}', "
+                f"user='{self.user_identifier}', outcome='{self.outcome}')>")

iatoolkit/services/auth_service.py CHANGED Viewed

@@ -6,8 +6,12 @@
 from flask import request
 from injector import inject
 from iatoolkit.services.profile_service import ProfileService
+from iatoolkit.services.jwt_service import JWTService
+from iatoolkit.repositories.database_manager import DatabaseManager
+from iatoolkit.repositories.models import AccessLog
 from flask import request
 import logging
+import hashlib
 class AuthService:
@@ -17,11 +21,75 @@ class AuthService:
     """
     @inject
-    def __init__(self, profile_service: ProfileService):
-        """
-        Injects ProfileService to access session information and validate API keys.
-        """
+    def __init__(self, profile_service: ProfileService,
+                 jwt_service: JWTService,
+                 db_manager: DatabaseManager
+                 ):
         self.profile_service = profile_service
+        self.jwt_service = jwt_service
+        self.db_manager = db_manager
+    def login_local_user(self, company_short_name: str, email: str, password: str) -> dict:
+        # try to autenticate a local user, register the event and return the result
+        auth_response = self.profile_service.login(
+            company_short_name=company_short_name,
+            email=email,
+            password=password
+        )
+        if not auth_response.get('success'):
+            self.log_access(
+                company_short_name=company_short_name,
+                user_identifier=email,
+                auth_type='local',
+                outcome='failure',
+                reason_code='INVALID_CREDENTIALS',
+            )
+        else:
+            self.log_access(
+                company_short_name=company_short_name,
+                auth_type='local',
+                outcome='success',
+                user_identifier=auth_response.get('user_identifier')
+            )
+        return auth_response
+    def redeem_token_for_session(self, company_short_name: str, token: str) -> dict:
+        # redeem a token for a session, register the event and return the result
+        payload = self.jwt_service.validate_chat_jwt(token)
+        if not payload:
+            self.log_access(
+                company_short_name=company_short_name,
+                auth_type='redeem_token',
+                outcome='failure',
+                reason_code='JWT_INVALID'
+            )
+            return {'success': False, 'error': 'Token inválido o expirado'}
+        # 2. if token is valid, extract the user_identifier
+        user_identifier = payload.get('user_identifier')
+        try:
+            # create the Flask session
+            self.profile_service.set_session_for_user(company_short_name, user_identifier)
+            self.log_access(
+                company_short_name=company_short_name,
+                auth_type='redeem_token',
+                outcome='success',
+                user_identifier=user_identifier
+            )
+            return {'success': True, 'user_identifier': user_identifier}
+        except Exception as e:
+            logging.error(f"Error al crear la sesión desde token para {user_identifier}: {e}")
+            self.log_access(
+                company_short_name=company_short_name,
+                auth_type='redeem_token',
+                outcome='failure',
+                reason_code='SESSION_CREATION_FAILED',
+                user_identifier=user_identifier
+            )
+            return {'success': False, 'error': 'No se pudo crear la sesión del usuario'}
     def verify(self) -> dict:
         """
@@ -74,4 +142,40 @@ class AuthService:
         # --- Failure: No valid credentials found ---
         logging.info(f"Authentication required. No session cookie or API Key provided.")
         return {"success": False, "error": "Authentication required. No session cookie or API Key provided.",
-                "status_code": 402}
+                "status_code": 402}
+    def log_access(self,
+                   company_short_name: str,
+                   auth_type: str,
+                   outcome: str,
+                   user_identifier: str = None,
+                   reason_code: str = None):
+        """
+        Registra un intento de acceso en la base de datos.
+        Es "best-effort" y no debe interrumpir el flujo de autenticación.
+        """
+        session = self.db_manager.scoped_session()
+        try:
+            # Capturar datos del contexto de la petición de Flask
+            source_ip = request.headers.get('X-Forwarded-For', request.remote_addr)
+            path = request.path
+            ua = request.headers.get('User-Agent', '')
+            ua_hash = hashlib.sha256(ua.encode()).hexdigest()[:16] if ua else None
+            # Crear la entrada de log
+            log_entry = AccessLog(
+                company_short_name=company_short_name,
+                user_identifier=user_identifier,
+                auth_type=auth_type,
+                outcome=outcome,
+                reason_code=reason_code,
+                source_ip=source_ip,
+                user_agent_hash=ua_hash,
+                request_path=path,
+            )
+            session.add(log_entry)
+            session.commit()
+        except Exception as e:
+            logging.error(f"Fallo al escribir en AccessLog: {e}", exc_info=False)
+            session.rollback()

iatoolkit/views/base_login_view.py CHANGED Viewed

@@ -8,6 +8,7 @@ from flask.views import MethodView
 from flask import render_template, url_for
 from injector import inject
 from iatoolkit.services.profile_service import ProfileService
+from iatoolkit.services.auth_service import AuthService
 from iatoolkit.services.query_service import QueryService
 from iatoolkit.services.branding_service import BrandingService
 from iatoolkit.services.onboarding_service import OnboardingService
@@ -23,6 +24,7 @@ class BaseLoginView(MethodView):
     @inject
     def __init__(self,
                  profile_service: ProfileService,
+                 auth_service: AuthService,
                  jwt_service: JWTService,
                  branding_service: BrandingService,
                  prompt_service: PromptService,
@@ -30,6 +32,7 @@ class BaseLoginView(MethodView):
                  query_service: QueryService
                  ):
         self.profile_service = profile_service
+        self.auth_service = auth_service
         self.jwt_service = jwt_service
         self.branding_service = branding_service
         self.prompt_service = prompt_service

iatoolkit/views/external_login_view.py CHANGED Viewed

@@ -6,45 +6,18 @@
 import os
 import logging
 from flask import request, jsonify
-from flask.views import MethodView
 from injector import inject
-from iatoolkit.services.auth_service import AuthService
 from iatoolkit.views.base_login_view import BaseLoginView
 # Importar los servicios que necesita la clase base
 from iatoolkit.services.profile_service import ProfileService
 from iatoolkit.services.jwt_service import JWTService
-from iatoolkit.services.branding_service import BrandingService
-from iatoolkit.services.onboarding_service import OnboardingService
-from iatoolkit.services.query_service import QueryService
-from iatoolkit.services.prompt_manager_service import PromptService
 class ExternalLoginView(BaseLoginView):
     """
     Handles login for external users via API.
     Authenticates and then delegates the path decision (fast/slow) to the base class.
     """
-    @inject
-    def __init__(self,
-                 iauthentication: AuthService,
-                 jwt_service: JWTService,
-                 profile_service: ProfileService,
-                 branding_service: BrandingService,
-                 prompt_service: PromptService,
-                 onboarding_service: OnboardingService,
-                 query_service: QueryService):
-        # Pass the dependencies for the base class to its __init__
-        super().__init__(
-            profile_service=profile_service,
-            jwt_service=jwt_service,
-            branding_service=branding_service,
-            onboarding_service=onboarding_service,
-            query_service=query_service,
-            prompt_service=prompt_service,
-        )
-        # Handle the dependency specific to this child class
-        self.iauthentication = iauthentication
     def post(self, company_short_name: str):
         data = request.get_json()
         if not data or 'user_identifier' not in data:
@@ -59,9 +32,9 @@ class ExternalLoginView(BaseLoginView):
             return jsonify({"error": "missing user_identifier"}), 404
         # 1. Authenticate the API call.
-        iaut = self.iauthentication.verify()
-        if not iaut.get("success"):
-            return jsonify(iaut), 401
+        auth_response = self.auth_service.verify()
+        if not auth_response.get("success"):
+            return jsonify(auth_response), 401
         # 2. Create the external user session.
         self.profile_service.create_external_user_session(company, user_identifier)
@@ -74,37 +47,21 @@ class ExternalLoginView(BaseLoginView):
             return jsonify({"error": f"Internal server error while starting chat. {str(e)}"}), 500
-class RedeemTokenApiView(MethodView):
+class RedeemTokenApiView(BaseLoginView):
     # this endpoint is only used ONLY by chat_main.js to redeem a chat token
-    @inject
-    def __init__(self,
-                 profile_service: ProfileService,
-                 jwt_service: JWTService):
-        self.profile_service = profile_service
-        self.jwt_service = jwt_service
     def post(self, company_short_name: str):
         data = request.get_json()
         if not data or 'token' not in data:
             return jsonify({"error": "Falta token de validación"}), 400
-        # 1. validate the token
+        # get the token and validate with auth service
         token = data.get('token')
-        payload = self.jwt_service.validate_chat_jwt(token)
-        if not payload:
-            logging.warning("Intento de canjear un token inválido o expirado.")
-            return {"error": "Token inválido o expirado."}, 401
-        # 2. if token is valid, extract the user_identifier
-        user_identifier = payload.get('user_identifier')
-        try:
-            # 3. create the Flask session
-            self.profile_service.set_session_for_user(company_short_name, user_identifier)
-            logging.info(f"Token de sesión canjeado exitosamente para {user_identifier}.")
+        redeem_result = self.auth_service.redeem_token_for_session(
+            company_short_name=company_short_name,
+            token=token
+        )
-            return {"status": "ok"}, 200
+        if not redeem_result['success']:
+            return {"error": redeem_result['error']}, 401
-        except Exception as e:
-            logging.error(f"Error al crear la sesión desde token para {user_identifier}: {e}")
-            return {"error": "No se pudo crear la sesión del usuario."}, 500
+        return {"status": "ok"}, 200

iatoolkit/views/login_view.py CHANGED Viewed

@@ -7,6 +7,7 @@ from flask.views import MethodView
 from flask import request, redirect, render_template, url_for
 from injector import inject
 from iatoolkit.services.profile_service import ProfileService
+from iatoolkit.services.auth_service import AuthService
 from iatoolkit.services.jwt_service import JWTService
 from iatoolkit.services.query_service import QueryService
 from iatoolkit.services.prompt_manager_service import PromptService
@@ -21,7 +22,6 @@ class LoginView(BaseLoginView):
     Handles login for local users.
     Authenticates and then delegates the path decision (fast/slow) to the base class.
     """
     def post(self, company_short_name: str):
         company = self.profile_service.get_company_by_short_name(company_short_name)
         if not company:
@@ -30,8 +30,8 @@ class LoginView(BaseLoginView):
         email = request.form.get('email')
         password = request.form.get('password')
-        # 1. Authenticate user and create the session for internal user
-        auth_response = self.profile_service.login(
+        # 1. Authenticate internal user
+        auth_response = self.auth_service.login_local_user(
             company_short_name=company_short_name,
             email=email,
             password=password
@@ -67,6 +67,7 @@ class FinalizeContextView(MethodView):
     @inject
     def __init__(self,
                  profile_service: ProfileService,
+                 auth_service: AuthService,
                  query_service: QueryService,
                  prompt_service: PromptService,
                  branding_service: BrandingService,

{iatoolkit-0.56.0.dist-info → iatoolkit-0.57.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: iatoolkit
-Version: 0.56.0
+Version: 0.57.0
 Summary: IAToolkit
 Author: Fernando Libedinsky
 License-Expression: MIT

{iatoolkit-0.56.0.dist-info → iatoolkit-0.57.0.dist-info}/RECORD RENAMED Viewed

@@ -2,7 +2,7 @@ iatoolkit/__init__.py,sha256=4PWjMJjktixtrxF6BY405qyA50Sv967kEP2x-oil6qk,1120
 iatoolkit/base_company.py,sha256=nfF-G0h63jy3Qh9kCnvx8Ozx76IjG2p7a34HpweWhOk,4608
 iatoolkit/cli_commands.py,sha256=G5L9xQXZ0lVFXQWBaE_KEZHyfuiT6PL1nTQRoSdnBzc,2302
 iatoolkit/company_registry.py,sha256=tduqt3oV8iDX_IB1eA7KIgvIxE4edTcy-3qZIXh3Lzw,2549
-iatoolkit/iatoolkit.py,sha256=ve63cb-1L-m_RLPsU7KRG9IPhhMREb1fDQjqOIgHx9w,17583
+iatoolkit/iatoolkit.py,sha256=tFx-D1Q0usCdOc3vSNdtz94mTCWhUGcyRkDISI2QMMs,17583
 iatoolkit/common/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 iatoolkit/common/exceptions.py,sha256=EXx40n5htp7UiOM6P1xfJ9U6NMcADqm62dlFaKz7ICU,1154
 iatoolkit/common/routes.py,sha256=c8kRk8pEK_nV-2P1LiYXRERmW_QoW21Hk6CZkkizv6Y,6419
@@ -29,12 +29,12 @@ iatoolkit/repositories/__init__.py,sha256=5JqK9sZ6jBuK83zDQokUhxQ0wuJJJ9DXB8pYCL
 iatoolkit/repositories/database_manager.py,sha256=QgV8hNnVv9RmeOvUdomdj_mfk0bf3Rl8Ti41a-5zIAY,3700
 iatoolkit/repositories/document_repo.py,sha256=Y7bF1kZB1HWJsAGjWdF7P2aVYeTYNufq9ngQXp7mDkY,1124
 iatoolkit/repositories/llm_query_repo.py,sha256=YT_t7cYGQk8rwzH_17-28aTzO-e2jUfa2rvXy8tugvA,3612
-iatoolkit/repositories/models.py,sha256=3YbIJXNMZiTkMbPyiSOiyzqUKEQF0JIfN4VSWYzwr44,13146
+iatoolkit/repositories/models.py,sha256=qM95kiKm_92JoPNXiwMT4HTjr5BjalnrDiatG3Rte-M,14300
 iatoolkit/repositories/profile_repo.py,sha256=21am3GP7XCG0nq6i3pArQ7mfGsrRn8rdcWT98fsdwlU,4397
 iatoolkit/repositories/tasks_repo.py,sha256=icVO_r2oPagGnnBhwVFzznnvEEU2EAx-2dlWuWvoDC4,1745
 iatoolkit/repositories/vs_repo.py,sha256=UkpmQQiocgM5IwRBmmWhw3HHzHP6zK1nN3J3TcQgjhc,5300
 iatoolkit/services/__init__.py,sha256=5JqK9sZ6jBuK83zDQokUhxQ0wuJJJ9DXB8pYCLkX7X4,102
-iatoolkit/services/auth_service.py,sha256=XHG2F0Vf2wDFjylc_OdDEIJL8I4cdhxeUIZIltgE4DU,2936
+iatoolkit/services/auth_service.py,sha256=vBVKkFJWsaPhhR-LvfLXfIrR-mmR-P5Y8Ya_5p1pgC8,7126
 iatoolkit/services/benchmark_service.py,sha256=CdbFYyS3FHFhNzWQEa9ZNjUlmON10DT1nKNbZQ1EUi8,5880
 iatoolkit/services/branding_service.py,sha256=gXj9Lj6EIFNIHT6wAHia5lr4_2a2sD-ExMbewno5YD8,7505
 iatoolkit/services/dispatcher_service.py,sha256=Qdn2x4cozpgpKg2448sUxkhO6tuplzb8xPWUxdTTFBE,12772
@@ -86,10 +86,10 @@ iatoolkit/templates/onboarding_shell.html,sha256=r1ivSR2ci8GrDSm1uaD-cf78rfO1bKT
 iatoolkit/templates/signup.html,sha256=9ArDvcNQgHFR2dwxy-37AXzGUOeOsT7Nz5u0y6fAB3U,4385
 iatoolkit/templates/test.html,sha256=rwNtxC83tbCl5COZFXYvmRBxxmgFJtPNuVBd_nq9KWY,133
 iatoolkit/views/__init__.py,sha256=5JqK9sZ6jBuK83zDQokUhxQ0wuJJJ9DXB8pYCLkX7X4,102
-iatoolkit/views/base_login_view.py,sha256=6AANVhwhs5MyT3WVjJqKZLoS1TwyErsrKnb1xhpqP4Y,3970
+iatoolkit/views/base_login_view.py,sha256=_JM-SMFlftxhpIRV7KyHsTAnAJN_ThY2j1WaYP-HneI,4111
 iatoolkit/views/change_password_view.py,sha256=tM0woZyKdhY4XYjS_YXg2sKq3RYkXGfcq_eVAKrNvNM,4498
 iatoolkit/views/chat_token_request_view.py,sha256=wf32_A2Sq8NHYWshCwL10Tovd1znLoD0jQjzutR3sVE,4408
-iatoolkit/views/external_login_view.py,sha256=nuWebrl2Opnhj6H-UW6dUOHwi8pj4s1_-dN3VEKNQdY,4483
+iatoolkit/views/external_login_view.py,sha256=ZFd2Qm_B7ecLxFfu9vL4YjIfkRP6M18slGZszQzpB2g,2572
 iatoolkit/views/file_store_api_view.py,sha256=Uz9f6sey3_F5K8zuyQz6SwYRKAalCjD1ekf-Mkl_Kfo,2326
 iatoolkit/views/forgot_password_view.py,sha256=-qKJeeOBqJFdvDUk7rCNg1E1cDQnJQkozPpb0T0FgwA,3159
 iatoolkit/views/history_api_view.py,sha256=x-tZhB8UzqrD2n-WDIfmHK9iVhGZ9f0yncsGs9mxwt0,1953
@@ -98,14 +98,14 @@ iatoolkit/views/init_context_api_view.py,sha256=1j8NKfODfPrffbA5YO8TPMHh-ildlLNz
 iatoolkit/views/llmquery_api_view.py,sha256=Rh-y-VENwwtNsDrYAD_SWKwjK16fW-pFRWlEvI-OYwY,2120
 iatoolkit/views/llmquery_web_view.py,sha256=WhjlA1mfsoL8hL9tlKQfjCUcaTzT43odlp_uQKmT314,1500
 iatoolkit/views/login_simulation_view.py,sha256=0Qt-puRnltI2HZxlfdyJmOf26-hQp3xjknGV_jkwV7E,3484
-iatoolkit/views/login_view.py,sha256=sjM8ki_F7C9S0a9pukLd5jn5KnM2sbRabnAIrtIK8KQ,5373
+iatoolkit/views/login_view.py,sha256=VmW5oDOBqbxLcHx7-LcLyGoI9WMwyg-UbMedV7vap8g,5448
 iatoolkit/views/prompt_api_view.py,sha256=MP0r-MiswwKcbNc_5KY7aVbHkrR218I8XCiCX1D0yTA,1244
 iatoolkit/views/signup_view.py,sha256=BCjhM2lMiDPwYrlW_eEwPl-ZLupblbFfsonWtq0E4vU,3922
 iatoolkit/views/tasks_review_view.py,sha256=keLsLCyOTTlcoIapnB_lbuSvLwrPVZVpBiFC_7ChbLg,3388
 iatoolkit/views/tasks_view.py,sha256=a3anTXrJTTvbQuc6PSpOzidLKQFL4hWa7PI2Cppcz8w,4110
 iatoolkit/views/user_feedback_api_view.py,sha256=59XB9uQLHI4Q6QA4_XhK787HzfXb-c6EY7k1Ccyr4hI,2424
 iatoolkit/views/verify_user_view.py,sha256=7XLSaxvs8LjBr3cYOUDa9B8DqW_50IGlq0IvmOQcD0Y,2340
-iatoolkit-0.56.0.dist-info/METADATA,sha256=Td4cobpNkkpPaIPZALITKGwwBHowzfG3klOYoGANjsk,9301
-iatoolkit-0.56.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-iatoolkit-0.56.0.dist-info/top_level.txt,sha256=V_w4QvDx0b1RXiy8zTCrD1Bp7AZkFe3_O0-9fMiwogg,10
-iatoolkit-0.56.0.dist-info/RECORD,,
+iatoolkit-0.57.0.dist-info/METADATA,sha256=zrwlhrbdyUpcYe4x6e3-1nexr7_p8-b2aEcDzuv4Vzs,9301
+iatoolkit-0.57.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+iatoolkit-0.57.0.dist-info/top_level.txt,sha256=V_w4QvDx0b1RXiy8zTCrD1Bp7AZkFe3_O0-9fMiwogg,10
+iatoolkit-0.57.0.dist-info/RECORD,,

{iatoolkit-0.56.0.dist-info → iatoolkit-0.57.0.dist-info}/WHEEL RENAMED Viewed

File without changes

{iatoolkit-0.56.0.dist-info → iatoolkit-0.57.0.dist-info}/top_level.txt RENAMED Viewed

File without changes

iatoolkit 0.56.0__py3-none-any.whl → 0.57.0__py3-none-any.whl

Potentially problematic release.

iatoolkit 0.56.0py3-none-any.whl → 0.57.0py3-none-any.whl