PyPI - jaaql-middleware-python - Versions diffs - 4.26.0__tar.gz → 4.26.1__tar.gz - Mend

jaaql-middleware-python 4.26.0tar.gz → 4.26.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

{jaaql-middleware-python-4.26.0/jaaql_middleware_python.egg-info → jaaql-middleware-python-4.26.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: jaaql-middleware-python
-Version: 4.26.0
+Version: 4.26.1
 Summary: The jaaql package, allowing for rapid development and deployment of RESTful HTTP applications
 Home-page: https://github.com/JAAQL/JAAQL-middleware-python
 Author: Software Quality Measurement and Improvement bv

{jaaql-middleware-python-4.26.0 → jaaql-middleware-python-4.26.1}/jaaql/constants.py RENAMED Viewed

@@ -53,6 +53,7 @@ CRON_month = "month"
 CRON_dayOfWeek = "dayOfWeek"
 REGEX__dmbs_object_name = r'^[0-9a-zA-Z_]{1,63}$'
+REGEX__dmbs_procedure_name = r'^[0-9a-zA-Z_$.]{1,63}$'
 SEPARATOR__comma_space = ", "
 SEPARATOR__comma = ","
@@ -181,5 +182,5 @@ ROLE__postgres = "postgres"
 PROTOCOL__postgres = "postgresql://"
-VERSION = "4.26.0"
+VERSION = "4.26.1"

{jaaql-middleware-python-4.26.0 → jaaql-middleware-python-4.26.1}/jaaql/documentation/documentation_internal.py RENAMED Viewed

@@ -355,15 +355,19 @@ DOCUMENTATION__oidc_user_registries = SwaggerDocumentation(
         ],
         response=SwaggerResponse(
             description="Providers response",
-            response=[
-                ARG_RES__provider,
-                SwaggerArgumentResponse(
-                    name=KG__identity_provider_service__logo_url,
-                    description="The logo url for the provider",
-                    arg_type=str,
-                    example=["/identity-logos/azure.png"]
+            response=SwaggerArgumentResponse(
+                name="providers",
+                description="A list of the providers",
+                arg_type=SwaggerList(
+                    ARG_RES__provider,
+                    SwaggerArgumentResponse(
+                        name=KG__identity_provider_service__logo_url,
+                        description="The logo url for the provider",
+                        arg_type=str,
+                        example=["/identity-logos/azure.png"]
+                    )
                 )
-            ]
+            )
         )
     )
 )
@@ -400,7 +404,7 @@ DOCUMENTATION__oidc_exchange_code = SwaggerDocumentation(
         name="Fetch OIDC code",
         description="Exchanges OIDC auth code for auth token, returns the token",
         method=REST__POST,
-        arguments=[
+        body=[
             SwaggerArgumentResponse(
                 name=KEY__code,
                 description="The OIDC Auth code",

{jaaql-middleware-python-4.26.0 → jaaql-middleware-python-4.26.1}/jaaql/mvc/base_controller.py RENAMED Viewed

@@ -364,18 +364,22 @@ class BaseJAAQLController:
             if method.arguments[0] == ARG_RESP__allow_all:
                 was_allow_all = True
+        only_args = False
         if len(method.body) != 0 or was_allow_all:
             BaseJAAQLController.enforce_content_type_json()
             data = request.json
         else:
             content_type = request.headers.get('Content-Type', '')
             if 'charset=' not in content_type and len(kwargs) == 0:
-                return {}
+                only_args = True
         if isinstance(data, list):
             combined_data = data
         else:
-            combined_data = {**request.form, **request.args, **data, **kwargs}
+            if only_args:
+                combined_data = {**request.args}
+            else:
+                combined_data = {**request.form, **request.args, **data, **kwargs}
             if len(combined_data) != len(request.form) + len(request.args) + len(data) + len(kwargs):
                 raise HttpStatusException(ERR__duplicated_field, HTTPStatus.BAD_REQUEST)
@@ -663,8 +667,9 @@ class BaseJAAQLController:
                     if jaaql_resp.raw_response is not None:
                         resp = jaaql_resp.raw_response
                     resp = Response(resp, mimetype=jaaql_resp.response_type, status=jaaql_resp.response_code)
-                    for key, val in jaaql_resp.raw_headers.items():
-                        resp.headers.add(key, val)
+                for key, val in jaaql_resp.raw_headers.items():
+                    resp.headers.add(key, val)
                 if request.cookies.get(COOKIE_JAAQL_AUTH) is not None and COOKIE_JAAQL_AUTH not in jaaql_resp.cookies:
                     resp.headers.add("Set-Cookie", format_cookie(COOKIE_JAAQL_AUTH, request.cookies.get(COOKIE_JAAQL_AUTH),

{jaaql-middleware-python-4.26.0 → jaaql-middleware-python-4.26.1}/jaaql/mvc/controller.py RENAMED Viewed

@@ -20,11 +20,11 @@ class JAAQLController(BaseJAAQLController):
         @self.publish_route('/oauth/token', DOCUMENTATION__oauth_token)
         def fetch_oauth_token(http_inputs: dict, ip_address: str, response: JAAQLResponse):
-            return self.model.get_auth_token(**http_inputs, ip_address=ip_address, response=response)
+            return self.model.get_auth_token(**http_inputs, ip_address=ip_address, response=response, is_refresh=False)
         @self.publish_route('/oauth/cookie', DOCUMENTATION__oauth_cookie)
         def fetch_oauth_cookie(http_inputs: dict, ip_address: str, response: JAAQLResponse):
-            self.model.get_auth_token(**http_inputs, ip_address=ip_address, response=response, cookie=True)
+            self.model.get_auth_token(**http_inputs, ip_address=ip_address, response=response, cookie=True, is_refresh=False)
         @self.publish_route('/logout-cookie', DOCUMENTATION__logout_cookie)
         def fetch_oauth_cookie(response: JAAQLResponse):

{jaaql-middleware-python-4.26.0 → jaaql-middleware-python-4.26.1}/jaaql/mvc/exception_queries.py RENAMED Viewed

@@ -1,5 +1,5 @@
 """
-This script was generated from jaaql.exceptions.fxli at 2025-02-06, 06:08:49
+This script was generated from jaaql.exceptions.fxli at 2025-02-06, 11:10:33
 """
 from jaaql.utilities.crypt_utils import get_repeatable_salt
@@ -72,7 +72,7 @@ QUERY__fetch_providers_from_tenant_and_database = """
         UR.discovery_url,
         DUR.federation_procedure,
         DUR.client_id,
-        DUR.client_secret,
+        DUR.client_secret
     FROM identity_provider_service IPS
     INNER JOIN user_registry UR ON
         IPS.name = UR.provider

{jaaql-middleware-python-4.26.0 → jaaql-middleware-python-4.26.1}/jaaql/mvc/generated_queries.py RENAMED Viewed

@@ -1,5 +1,5 @@
 """
-This script was generated from build_and_run.fxls at 2025-02-06, 06:08:49
+This script was generated from build_and_run.fxls at 2025-02-06, 11:10:33
 """
 from jaaql.db.db_interface import DBInterface

{jaaql-middleware-python-4.26.0 → jaaql-middleware-python-4.26.1}/jaaql/mvc/model.py RENAMED Viewed

@@ -460,19 +460,21 @@ WHERE
     def fetch_user_registries_for_tenant(self, inputs: dict):
         schema = inputs.get(KEY__schema, None)
         if not schema:
-            schema = application__select(self.jaaql_lookup_connection, inputs[KEY__application])[KG__application_schema__name]
+            schema = application__select(self.jaaql_lookup_connection, inputs[KEY__application])[KG__application__default_schema]
         database = application_schema__select(self.jaaql_lookup_connection, inputs[KEY__application], schema)
         providers = fetch_providers_from_tenant_and_database(self.jaaql_lookup_connection, inputs[KG__user_registry__tenant],
                                                              database[KG__application_schema__database])
-        return [
-            {
-                KG__user_registry__provider: provider[KG__identity_provider_service__name],
-                KG__identity_provider_service__logo_url: provider[KG__identity_provider_service__logo_url]
-            }
-            for provider in providers
-        ]
+        return {
+            "providers": [
+                {
+                    KG__user_registry__provider: provider[KG__identity_provider_service__name],
+                    KG__identity_provider_service__logo_url: provider[KG__identity_provider_service__logo_url]
+                }
+                for provider in providers
+            ]
+        }
     def fetch_discovery_content(self, database: str, provider: str, tenant: str, discovery_url: str = None):
         lookup = database + ":" + provider + ":" + tenant
@@ -486,7 +488,7 @@ WHERE
         return discovery
     def fetch_jwks_client(self, database: str, provider: str, tenant: str, discovery):
-        jwks_url = discovery.get("jwks_uri")
+        jwks_url = discovery.get("jwks_uri").replace("localhost", "host.docker.internal")
         if not jwks_url:
             raise Exception(f"Discovery document for {provider}, {tenant} did not have JWKS url")
         lookup = database + ":" + provider + ":" + tenant
@@ -547,9 +549,14 @@ WHERE
             token_request_payload["client_secret"] = database_user_registry[KG__database_user_registry__client_secret]
         token_response = requests.post(
-            token_endpoint,
+            token_endpoint.replace("localhost", "host.docker.internal"),
             data=token_request_payload,
         )
+        if os.environ.get("JAAQL_DEBUGGING") == "TRUE":
+            print(token_response.status_code)
+            print(token_response.text)
         token_data = token_response.json()
         id_token = token_data.get('id_token')
@@ -581,27 +588,28 @@ WHERE
         except HttpSingletonStatusException:
             # User does not exist, federate it
+            print("federating user")
             email = id_payload.get('email')
             email_verified = id_payload.get('email_verified')
             account_id = self.create_account_with_potential_api_key(self.jaaql_lookup_connection,
                                                                     sub, provider, tenant,
-                                                                    email, registered=email_verified)
+                                                                    None, email, registered=email_verified)
+            print("new federated user with account id " + account_id)
             account = account__select(self.jaaql_lookup_connection, self.get_db_crypt_key(), account_id)
             db_params = {"tenant": tenant, "application": application, "account_id": account_id}
             parameters = fetch_parameters_for_federation_procedure(self.jaaql_lookup_connection,
                                                                    database_user_registry[KG__database_user_registry__federation_procedure])
             for claim in parameters:
                 claim_name = claim[KG__federation_procedure_parameter__name]
-                db_params[claim_name] = id_token.get(claim_name)
+                db_params[claim_name] = id_payload.get(claim_name)
             procedure_name = database_user_registry[KG__database_user_registry__federation_procedure]
-            if re.match(REGEX__dmbs_object_name, procedure_name) is None:
+            if re.match(REGEX__dmbs_procedure_name, procedure_name) is None:
                 raise HttpStatusException("Unsafe data federation procedure")
             procedure_params = []
             for key, _ in db_params.items():
-                if re.match(REGEX__dmbs_object_name, procedure_name) is None:
+                if re.match(REGEX__dmbs_object_name, key) is None:
                     raise HttpStatusException("Unsafe data federation parameter " + key)
                 procedure_params.append(f"{key} => :{key}")
@@ -612,10 +620,15 @@ WHERE
                 KEY__parameters: db_params
             }
+            print("Preparing federating procedure")
             submit(self.vault, self.config, self.get_db_crypt_key(),
                    self.jaaql_lookup_connection, submit_data, ROLE__jaaql,
                    None, self.cached_canned_query_service, as_objects=True, singleton=True)
+            print("Federated user")
+            print(submit_data)
         salt_user = self.get_repeatable_salt(account[KG__account__id])
         encrypted_salted_ip_address = jaaql__encrypt(ip_address, self.get_db_crypt_key(), salt_user)  # An optimisation, it is used later twice
         address = execute_supplied_statement_singleton(self.jaaql_lookup_connection,
@@ -627,7 +640,7 @@ WHERE
         jwt_data = {
             KEY__account_id: str(account[KG__account__id]),
             KEY__username: sub,
-            KEY__password: str(account[KG__account__api_key]),
+            KEY__password: None,
             KEY__ip_address: ip_address,
             KEY__ip_id: str(address),
             KEY__created: datetime.now().isoformat(),
@@ -649,7 +662,7 @@ WHERE
         schema = inputs.get(KEY__schema, None)
         application = application__select(self.jaaql_lookup_connection, inputs[KEY__application])
         if not schema:
-            schema = application[KG__application_schema__name]
+            schema = application[KG__application__default_schema]
         database = application_schema__select(self.jaaql_lookup_connection, inputs[KEY__application], schema)
         user_registry = user_registry__select(self.jaaql_lookup_connection, inputs[KG__user_registry__provider], inputs[KG__user_registry__tenant])
@@ -665,14 +678,14 @@ WHERE
         parameters = fetch_parameters_for_federation_procedure(self.jaaql_lookup_connection,
                                                                database_user_registry[KG__database_user_registry__federation_procedure])
-        scope_list = urllib.parse.quote(" ".join([parameter[KG__federation_procedure_parameter__name] for parameter in parameters]))
+        scope_list = [parameter[KG__federation_procedure_parameter__name] for parameter in parameters]
         client_id = urllib.parse.quote(database_user_registry[KG__database_user_registry__client_id])
         nonce = secrets.token_urlsafe(32)
         state = secrets.token_urlsafe(32)
         code_verifier = secrets.token_urlsafe(64)
         code_challenge = self.generate_code_challenge(code_verifier)
-        redirect_uri = application[KG__application__base_url + "/" + inputs[KEY__redirect_uri]]
+        redirect_uri = application[KG__application__base_url] + "/" + inputs[KEY__redirect_uri]
         oidc_session = crypt_utils.jwt_encode(self.vault.get_obj(VAULT_KEY__jwt_crypt_key), {
             "redirect_uri": redirect_uri,
@@ -695,8 +708,9 @@ WHERE
             if scope not in default_scopes:
                 default_scopes.append(scope)
-        redirect = auth_endpoint + f"?client_id={client_id}&response_type=code&code_challenge_method=S256&nonce=&scope={default_scopes}&nonce={nonce}&state={
-            state}&code_challenge={code_challenge}&redirect_uri={urllib.parse.quote(redirect_uri)}"
+        redirect = auth_endpoint + f"?client_id={client_id}&response_type=code&code_challenge_method=S256&scope={
+            urllib.parse.quote(" ".join(["openid"]))}&nonce={nonce}&state={
+            state}&code_challenge={code_challenge}&redirect_uri={urllib.parse.quote(redirect_uri, safe='')}"
         response.response_code = HTTPStatus.FOUND
         response.raw_headers["Location"] = redirect
@@ -914,7 +928,7 @@ WHERE
             try:
                 account = fetch_account_from_id(self.jaaql_lookup_connection, decoded[KEY__account_id], singleton_code=HTTPStatus.UNAUTHORIZED,
                                                 singleton_message=ERR__invalid_token)
-                if account[KG__account__api_key] != decoded[KEY__password]:
+                if decoded[KEY__password] is not None and account[KG__account__api_key] != decoded[KEY__password]:
                     raise HttpSingletonStatusException(ERR__invalid_token, HTTPStatus.UNAUTHORIZED)
             except HttpSingletonStatusException:
                 raise UserUnauthorized()
@@ -933,7 +947,7 @@ WHERE
         if datetime.fromisoformat(decoded[KEY__created]) + timedelta(milliseconds=self.refresh_expiry_ms) < datetime.now():
             raise UserUnauthorized()
-        return self.get_auth_token(decoded[KEY__username], ip_address, cookie=cookie, remember_me=remember_me, response=response)
+        return self.get_auth_token(decoded[KEY__username], ip_address, cookie=cookie, remember_me=remember_me, response=response, is_refresh=True)
     def get_bypass_user(self, username: str, ip_address: str, provider: str = None, tenant: str = None):
         account = fetch_account_from_username(self.jaaql_lookup_connection, username, singleton_code=HTTPStatus.UNAUTHORIZED)
@@ -954,6 +968,7 @@ WHERE
         self,
         username: str, ip_address: str, password: str = None,
         response: JAAQLResponse = None, remember_me: bool = False, cookie: bool = False,
+        is_refresh=False,
     ):
         incorrect_credentials = False
         account = None
@@ -975,10 +990,12 @@ WHERE
             encrypted_salted_ip_address = jaaql__encrypt(ip_address, self.get_db_crypt_key(), salt_user)  # An optimisation, it is used later twice
-            if password is not None:
+            if is_refresh:
+                incorrect_credentials = not exists_matching_validated_ip_address(self.jaaql_lookup_connection, encrypted_salted_ip_address)
+            elif password is not None:
                 incorrect_credentials = jaaql__decrypt(account[KG__account__api_key], self.get_db_crypt_key()) != password
             else:
-                incorrect_credentials = not exists_matching_validated_ip_address(self.jaaql_lookup_connection, encrypted_salted_ip_address)
+                incorrect_credentials = True
         if incorrect_credentials:
             raise UserUnauthorized()

{jaaql-middleware-python-4.26.0 → jaaql-middleware-python-4.26.1}/jaaql/scripts/01.install_domains.generated.sql RENAMED Viewed

@@ -4,7 +4,7 @@ CREATE DOMAIN encrypted__email_server_password AS character varying(256);
 CREATE DOMAIN encrypted__access_token AS character varying(64);
 CREATE DOMAIN encrypted__oidc_client_id AS character varying(200);
 CREATE DOMAIN encrypted__oidc_client_secret AS character varying(200);
-CREATE DOMAIN encrypted__oidc_sub AS character varying(63);
+CREATE DOMAIN encrypted__oidc_sub AS character varying(200);
 CREATE DOMAIN encrypted__email AS character varying(255);
 CREATE DOMAIN encrypted__salted_ip AS character varying(256);
 CREATE DOMAIN encrypted__jaaql_username AS character varying(128);

{jaaql-middleware-python-4.26.0 → jaaql-middleware-python-4.26.1}/jaaql/scripts/02.install_super_user.exceptions.sql RENAMED Viewed

@@ -9,8 +9,8 @@ DECLARE
     account_id postgres_role;
 BEGIN
     if create_account.provider is not null then
-        SELECT requires_email_verification INTO requires_email_verification
-        FROM identity_provider_service
+        SELECT X.requires_email_verification INTO requires_email_verification
+        FROM identity_provider_service X
         WHERE name = create_account.provider;
     end if;
@@ -76,5 +76,7 @@ BEGIN
     IF lacks_registered THEN
         EXECUTE 'GRANT registered TO ' || quote_ident(mark_account_registered.id);
     END IF;
+    UPDATE account A SET email_verified = true WHERE A.id = mark_account_registered.id;
 END
 $$ language plpgsql SECURITY DEFINER;

{jaaql-middleware-python-4.26.0 → jaaql-middleware-python-4.26.1/jaaql_middleware_python.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: jaaql-middleware-python
-Version: 4.26.0
+Version: 4.26.1
 Summary: The jaaql package, allowing for rapid development and deployment of RESTful HTTP applications
 Home-page: https://github.com/JAAQL/JAAQL-middleware-python
 Author: Software Quality Measurement and Improvement bv