PyPI - jaaql-middleware-python - Versions diffs - 4.11.26__tar.gz → 4.11.28__tar.gz - Mend

jaaql-middleware-python 4.11.26tar.gz → 4.11.28tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (74) hide show

{jaaql-middleware-python-4.11.26 → jaaql-middleware-python-4.11.28}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: jaaql-middleware-python
-Version: 4.11.26
+Version: 4.11.28
 Summary: The jaaql package, allowing for rapid development and deployment of RESTful HTTP applications
 Home-page: https://github.com/JAAQL/JAAQL-middleware-python
 Author: Software Quality Measurement and Improvement bv

{jaaql-middleware-python-4.11.26 → jaaql-middleware-python-4.11.28}/jaaql/constants.py RENAMED Viewed

@@ -1,5 +1,6 @@
 KEY__username = "username"
 KEY__password = "password"
+KEY__remember_me = "remember_me"
 KEY__attach_as = "attach_as"
 KEY__ip_address = "ip_address"
 KEY__created = "created"
@@ -134,5 +135,5 @@ ROLE__postgres = "postgres"
 PROTOCOL__postgres = "postgresql://"
-VERSION = "4.11.26"
+VERSION = "4.11.28"

{jaaql-middleware-python-4.11.26 → jaaql-middleware-python-4.11.28}/jaaql/documentation/documentation_shared.py RENAMED Viewed

@@ -94,24 +94,26 @@ DOCUMENTATION__oauth_cookie = SwaggerDocumentation(
             ARG_RES__username,
             ARG_RES__password,
             SwaggerArgumentResponse(
-                name="remember_me",
+                name=KEY__remember_me,
                 arg_type=bool,
                 description="Whether or not the returned cookie will act as a remember me cookie"
             )
-        ]
+        ],
+        response=SwaggerFlatResponse()
     )
 )
 DOCUMENTATION__logout_cookie = SwaggerDocumentation(
     tags="OAuth",
-    security=True,
+    security=False,
     methods=SwaggerMethod(
         name="OAuth Fetch Token",
         description="Authenticate with the server. Send username and password and server will respond with 200 and a "
                     "token which can be used to access the service. The server may also respond with a 202 and a "
                     "token, this indicates that an mfa key is expected. Send the token back to the service along with "
                     "an MFA key and you will returned the aforementioned 200 response",
-        method=REST__POST
+        method=REST__POST,
+        response=SwaggerFlatResponse()
     )
 )
@@ -126,6 +128,17 @@ DOCUMENTATION__oauth_refresh = SwaggerDocumentation(
     )
 )
+DOCUMENTATION__oauth_refresh_cookie = SwaggerDocumentation(
+    tags="OAuth",
+    security=False,
+    methods=SwaggerMethod(
+        name="OAuth Refresh Cookie",
+        description="Refresh your Cookie",
+        method=REST__POST,
+        response=SwaggerFlatResponse()
+    )
+)
 DOCUMENTATION__submit = SwaggerDocumentation(
     tags="Queries",
     methods=SwaggerMethod(

{jaaql-middleware-python-4.11.26 → jaaql-middleware-python-4.11.28}/jaaql/mvc/base_controller.py RENAMED Viewed

@@ -15,6 +15,7 @@ import os
 import dataclasses
 import decimal
 from queue import Queue
+from jaaql.utilities.utils_no_project_imports import get_cookie_attrs, format_cookie, COOKIE_JAAQL_AUTH
 from jaaql.utilities.utils import time_delta_ms, Profiler
 from flask import Response, Flask, request, jsonify, current_app
 from flask.json.provider import DefaultJSONProvider
@@ -40,7 +41,7 @@ ARG__auth_token = "auth_token"
 ARG__auth_token_for_refresh = "auth_token_for_refresh"
 ARG__connection = "connection"
 ARG__is_the_anonymous_user = "is_the_anonymous_user"
-ARG__auth_cookie = "auth_cookie"
+ARG__remember_me = "remember_me"
 ARG__verification_hook = "verification_hook"
 ARG_START__connection = "connection__"
 ARG_START__jaaql_connection = "jaaql_" + ARG_START__connection
@@ -462,6 +463,7 @@ class BaseJAAQLController:
                 resp_type = current_app.json.mimetype
                 jaaql_resp = JAAQLResponse()
                 jaaql_resp.response_type = resp_type
+                remember_me = False
                 if not BaseJAAQLController.is_options():
                     the_method = BaseJAAQLController.get_method(swagger_documentation)
@@ -483,7 +485,7 @@ class BaseJAAQLController:
                     security_key = request.headers.get(HEADER__security)
                     auth_cookie = request.cookies.get(COOKIE_JAAQL_AUTH)
                     if auth_cookie is not None:
-                        security_key = auth_cookie.split("=")[1].split(";")[0].strip()
+                        security_key = auth_cookie
                     if swagger_documentation.security:
                         bypass_super = request.headers.get(HEADER__security_bypass)
@@ -504,11 +506,11 @@ class BaseJAAQLController:
                                 verification_hook.put((True, None, None))
                         elif verification_hook:
-                            account_id, username, ip_id, is_public = self.model.verify_auth_token_threaded(security_key,
-                                                                                                           ip_addr, verification_hook)
+                            account_id, username, ip_id, is_public, remember_me = self.model.verify_auth_token_threaded(security_key,
+                                                                                                                        ip_addr, verification_hook)
                             self.perform_profile(request_id, "Verify JWT Threaded")
                         else:
-                            account_id, username, ip_id, is_public = self.model.verify_auth_token(security_key, ip_addr)
+                            account_id, username, ip_id, is_public, remember_me = self.model.verify_auth_token(security_key, ip_addr)
                             self.perform_profile(request_id, "Verify JWT")
                     supply_dict = {}
@@ -524,8 +526,8 @@ class BaseJAAQLController:
                                 raise Exception(ERR__method_required_account_id)
                             supply_dict[ARG__account_id] = account_id
-                        if ARG__auth_cookie in inspect.getfullargspec(view_func_local).args:
-                            supply_dict[ARG__auth_cookie] = auth_cookie
+                        if ARG__remember_me in inspect.getfullargspec(view_func_local).args:
+                            supply_dict[ARG__remember_me] = auth_cookie
                         if method.parallel_verification:
                             supply_dict[ARG__verification_hook] = verification_hook
@@ -582,10 +584,6 @@ class BaseJAAQLController:
                         self.perform_profile(request_id, "Perform work")
-                        if not swagger_documentation.security:
-                            account_id = jaaql_resp.account_id
-                            ip_id = jaaql_resp.ip_id
                         status = jaaql_resp.response_code
                         method_response = BaseJAAQLController.get_response(the_method, status)
                         do_allow_all = False
@@ -594,7 +592,6 @@ class BaseJAAQLController:
                                 do_allow_all = True
                         if not do_allow_all:
                             resp = BaseJAAQLController.validate_output(method_response, resp)
-                        ret_status = status
                         self.perform_profile(request_id, "Validate output")
                     except Exception as ex:
@@ -643,13 +640,9 @@ class BaseJAAQLController:
                     resp = Response(resp, mimetype=jaaql_resp.response_type, status=jaaql_resp.response_code)
                 if request.cookies.get(COOKIE_JAAQL_AUTH) is not None and COOKIE_JAAQL_AUTH not in jaaql_resp.cookies:
-                    auth_cookie = COOKIE_JAAQL_AUTH + "=" + request.cookies.get(COOKIE_JAAQL_AUTH)
-                    auth_cookie_fields = [field for field in auth_cookie.split(";") if not field.strip().startswith(COOKIE_ATTR_MAX_AGE)]
-                    if self.model.vigilant_sessions:
-                        auth_cookie_fields.append(COOKIE_ATTR_MAX_AGE + "=" + COOKIE_VAL_INACTIVITY_15_MINUTES)
-                    resp.headers.add("Set-Cookie", "; ".join(auth_cookie_fields))
+                    resp.headers.add("Set-Cookie", format_cookie(COOKIE_JAAQL_AUTH, request.cookies.get(COOKIE_JAAQL_AUTH),
+                                                                 get_cookie_attrs(self.model.vigilant_sessions, remember_me, self.model.is_container),
+                                                                 self.model.is_https))
                 for _, cookie in jaaql_resp.cookies.items():
                     resp.headers.add("Set-Cookie", cookie)

{jaaql-middleware-python-4.11.26 → jaaql-middleware-python-4.11.28}/jaaql/mvc/base_model.py RENAMED Viewed

@@ -189,6 +189,7 @@ class BaseJAAQLModel:
         self.migration_folder = migration_folder
         self.is_container = is_container
+        self.is_https = os.environ.get("IS_HTTPS", "false").lower().strip() == "true"
         self.vigilant_sessions = os.environ.get("VIGILANT_SESSIONS", "false").lower().strip() == "true"
         self.cached_canned_query_service = None

{jaaql-middleware-python-4.11.26 → jaaql-middleware-python-4.11.28}/jaaql/mvc/controller.py RENAMED Viewed

@@ -28,8 +28,8 @@ class JAAQLController(BaseJAAQLController):
             self.model.logout_cookie(response)
         @self.cors_route('/oauth/refresh-cookie', DOCUMENTATION__oauth_refresh)
-        def refresh_oauth_cookie(auth_token_for_refresh: str, ip_address: str, auth_cookie: str):
-            self.model.refresh_auth_token(auth_token_for_refresh, ip_address, cookie=True, auth_cookie=auth_cookie)
+        def refresh_oauth_cookie(auth_token_for_refresh: str, ip_address: str, remember_me: bool):
+            self.model.refresh_auth_token(auth_token_for_refresh, ip_address, cookie=True, remember_me=remember_me)
         @self.cors_route("/internal/freeze", DOCUMENTATION__freeze)
         def refresh_oauth_token(connection: DBInterface):

{jaaql-middleware-python-4.11.26 → jaaql-middleware-python-4.11.28}/jaaql/mvc/model.py RENAMED Viewed

@@ -11,6 +11,7 @@ from jaaql.utilities.utils import get_jaaql_root, get_base_url
 from jaaql.db.db_utils import create_interface, jaaql__encrypt
 from jaaql.db.db_utils_no_circ import submit
 from jaaql.utilities import crypt_utils
+from jaaql.utilities.utils_no_project_imports import get_cookie_attrs, COOKIE_JAAQL_AUTH, COOKIE_ATTR_EXPIRES
 from jaaql.mvc.response import *
 import threading
 from datetime import datetime, timedelta
@@ -433,7 +434,8 @@ WHERE
                 threading.Thread(target=self.verification_thread, args=[JAAQLModel.VERIFICATION_QUEUE], daemon=True).start()
             JAAQLModel.VERIFICATION_QUEUE.put((auth_token, ip_address, complete))
             payload = json.loads(base64url_decode(auth_token.split(".")[1].encode("UTF-8")).decode())
-            return payload[KEY__account_id], payload[KEY__username], payload[KEY__ip_address], payload[KEY__is_the_anonymous_user]
+            return payload[KEY__account_id], payload[KEY__username], payload[KEY__ip_address], payload[KEY__is_the_anonymous_user],\
+                payload[KEY__remember_me]
         except Exception:
             raise HttpStatusException(ERR__invalid_token, HTTPStatus.UNAUTHORIZED)
@@ -445,9 +447,10 @@ WHERE
         validate_is_most_recent_password(self.jaaql_lookup_connection, decoded[KEY__account_id], decoded[KEY__password],
                                          singleton_message=ERR__invalid_token, singleton_code=HTTPStatus.UNAUTHORIZED)
-        return decoded[KEY__account_id], decoded[KEY__username], decoded[KEY__ip_address], decoded[KEY__is_the_anonymous_user]
+        return decoded[KEY__account_id], decoded[KEY__username], decoded[KEY__ip_address], decoded[KEY__is_the_anonymous_user],\
+            decoded[KEY__remember_me]
-    def refresh_auth_token(self, auth_token: str, ip_address: str, cookie: bool = False, auth_cookie: str = None):
+    def refresh_auth_token(self, auth_token: str, ip_address: str, cookie: bool = False, remember_me: bool = False):
         decoded = crypt_utils.jwt_decode(self.vault.get_obj(VAULT_KEY__jwt_crypt_key), auth_token, JWT_PURPOSE__oauth, allow_expired=True)
         if not decoded:
             raise HttpStatusException(ERR__invalid_token, HTTPStatus.UNAUTHORIZED)
@@ -455,10 +458,6 @@ WHERE
         if datetime.fromisoformat(decoded[KEY__created]) + timedelta(milliseconds=self.refresh_expiry_ms) < datetime.now():
             raise HttpStatusException(ERR__refresh_expired, HTTPStatus.UNAUTHORIZED)
-        remember_me = False
-        if auth_cookie is not None:
-            remember_me = any(section.strip().startswith("Expires=") for section in auth_cookie.split(";"))
         return self.get_auth_token(decoded[KEY__username], ip_address, cookie=cookie, remember_me=remember_me)
     def get_bypass_user(self, username: str, ip_address: str):
@@ -475,7 +474,8 @@ WHERE
         return account[KG__account__id], address
     def logout_cookie(self, response: JAAQLResponse):
-        response.set_cookie(COOKIE_JAAQL_AUTH, "", attributes={COOKIE_ATTR_EXPIRES: format_date_time(mktime(datetime(1970, 1, 1).timetuple()))})
+        response.set_cookie(COOKIE_JAAQL_AUTH, "", attributes={COOKIE_ATTR_EXPIRES: format_date_time(mktime(datetime(1970, 1, 1).timetuple()))},
+                            is_https=self.is_https)
     def get_auth_token(self, username: str, ip_address: str, password: str = None, response: JAAQLResponse = None, cookie: bool = False,
                        remember_me: bool = False):
@@ -519,7 +519,8 @@ WHERE
             KEY__ip_address: ip_address,
             KEY__ip_id: str(address),
             KEY__created: datetime.now().isoformat(),
-            KEY__is_the_anonymous_user: username == USERNAME__anonymous
+            KEY__is_the_anonymous_user: username == USERNAME__anonymous,
+            KEY__remember_me: remember_me
         }
         if response is not None:
@@ -529,13 +530,9 @@ WHERE
         jwt_token = crypt_utils.jwt_encode(self.vault.get_obj(VAULT_KEY__jwt_crypt_key), jwt_data, JWT_PURPOSE__oauth, expiry_ms=self.token_expiry_ms)
         if cookie:
-            cookie_attrs = { COOKIE_ATTR_SAME_SITE: COOKIE_VAL_STRICT }
-            if self.vigilant_sessions:
-                cookie_attrs = {COOKIE_ATTR_MAX_AGE: COOKIE_VAL_INACTIVITY_15_MINUTES}
-            elif remember_me:
-                cookie_attrs = {COOKIE_ATTR_EXPIRES: format_date_time(mktime((datetime.now() + timedelta(days=COOKIE_EXPIRY_90_DAYS)).timetuple()))}
-            response.set_cookie(COOKIE_JAAQL_AUTH, value=jwt_token, attributes=cookie_attrs)
+            response.set_cookie(COOKIE_JAAQL_AUTH, value=jwt_token,
+                                attributes=get_cookie_attrs(self.vigilant_sessions, remember_me, self.is_container),
+                                is_https=self.is_https)
         else:
             return jwt_token

jaaql-middleware-python-4.11.28/jaaql/mvc/response.py ADDED Viewed

@@ -0,0 +1,17 @@
+from http import HTTPStatus
+from jaaql.utilities.utils_no_project_imports import format_cookie
+class JAAQLResponse:
+    def __init__(self):
+        self.response_code = HTTPStatus.OK
+        self.account_id = None
+        self.ip_id = None
+        self.response_type = None
+        self.cookies = {}
+    def set_cookie(self, name, value, attributes, is_https):
+        if name in self.cookies:
+            raise Exception("Cookie '%s' already exists" % name)
+        self.cookies[name] = format_cookie(name, value, attributes, is_https)

{jaaql-middleware-python-4.11.26 → jaaql-middleware-python-4.11.28}/jaaql/utilities/utils_no_project_imports.py RENAMED Viewed

@@ -62,3 +62,39 @@ def pull_from_dict(self, inputs: dict, keys: Union[list, str, dict]):
         return {key: inputs[key] for key in keys}
     else:
         return {map_to: inputs[map_from if map_from is not None else map_to] for map_from, map_to in keys.items()}
+COOKIE_JAAQL_AUTH = "jaaql_auth"
+COOKIE_FLAG_HTTP_ONLY = "HttpOnly"
+COOKIE_FLAG_SECURE = "Secure"
+COOKIE_ATTR_SAME_SITE = "SameSite"
+COOKIE_ATTR_EXPIRES = "Expires"
+COOKIE_ATTR_MAX_AGE = "Max-Age"
+COOKIE_VAL_STRICT = "Strict"
+COOKIE_VAL_INACTIVITY_15_MINUTES = "900"
+COOKIE_EXPIRY_90_DAYS = 90
+COOKIE_ATTR_PATH = "Path"
+from wsgiref.handlers import format_date_time
+from time import mktime
+from datetime import timedelta
+def get_cookie_attrs(vigilant_sessions: bool, remember_me: bool, is_gunicorn: bool):
+    cookie_attrs = {COOKIE_ATTR_SAME_SITE: COOKIE_VAL_STRICT}
+    cookie_attrs[COOKIE_ATTR_PATH] = "/api" if is_gunicorn else "/"
+    if vigilant_sessions:
+        cookie_attrs[COOKIE_ATTR_MAX_AGE] = COOKIE_VAL_INACTIVITY_15_MINUTES
+    elif remember_me:
+        cookie_attrs[COOKIE_ATTR_EXPIRES] = format_date_time(mktime((datetime.now() + timedelta(days=COOKIE_EXPIRY_90_DAYS)).timetuple()))
+    return cookie_attrs
+def format_cookie(name, value, attributes, is_https: bool):
+    cookie_flags = [COOKIE_FLAG_HTTP_ONLY]
+    if is_https:
+        cookie_flags.append(COOKIE_FLAG_SECURE)
+    return "; ".join([name + "=" + value] + cookie_flags + [key + "=" + val for key, val in attributes.items()])

{jaaql-middleware-python-4.11.26 → jaaql-middleware-python-4.11.28}/jaaql_middleware_python.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: jaaql-middleware-python
-Version: 4.11.26
+Version: 4.11.28
 Summary: The jaaql package, allowing for rapid development and deployment of RESTful HTTP applications
 Home-page: https://github.com/JAAQL/JAAQL-middleware-python
 Author: Software Quality Measurement and Improvement bv

jaaql-middleware-python-4.11.26/jaaql/mvc/response.py DELETED Viewed

@@ -1,28 +0,0 @@
-from http import HTTPStatus
-COOKIE_JAAQL_AUTH = "jaaql_auth"
-COOKIE_FLAG_HTTP_ONLY = "HttpOnly"
-COOKIE_FLAG_SECURE = "Secure"
-COOKIE_ATTR_SAME_SITE = "SameSite"
-COOKIE_ATTR_EXPIRES = "Expires"
-COOKIE_ATTR_MAX_AGE = "Max-Age"
-COOKIE_VAL_STRICT = "Strict"
-COOKIE_VAL_INACTIVITY_15_MINUTES = "900"
-COOKIE_EXPIRY_90_DAYS = 90
-DEFAULT_COOKIE_FLAGS = [COOKIE_FLAG_SECURE, COOKIE_FLAG_HTTP_ONLY, COOKIE_FLAG_SECURE]
-class JAAQLResponse:
-    def __init__(self):
-        self.response_code = HTTPStatus.OK
-        self.account_id = None
-        self.ip_id = None
-        self.response_type = None
-        self.cookies = {}
-    def set_cookie(self, name, value, attributes):
-        if name in self.cookies:
-            raise Exception("Cookie '%s' already exists" % name)
-        self.cookies[name] = ("; ".join([name + "=" + value] + DEFAULT_COOKIE_FLAGS + [key + "=" + val for key, val in attributes.items()]))