jaaql-middleware-python 4.26.2__tar.gz → 4.27.1__tar.gz

{jaaql-middleware-python-4.26.2/jaaql_middleware_python.egg-info → jaaql-middleware-python-4.27.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: jaaql-middleware-python
-Version: 4.26.2
+Version: 4.27.1
 Summary: The jaaql package, allowing for rapid development and deployment of RESTful HTTP applications
 Home-page: https://github.com/JAAQL/JAAQL-middleware-python
 Author: Software Quality Measurement and Improvement bv
@@ -8,7 +8,7 @@ Author-email: aaron.tasker@sqmi.nl
 License: Mozilla Public License Version 2.0 with Commons Clause
 Description-Content-Type: text/markdown
 License-File: LICENSE.txt
-Requires-Dist: jaaql-monitor~=1.4.17
+Requires-Dist: jaaql-monitor~=1.6.3
 Requires-Dist: psycopg[binary]~=3.1.18
 Requires-Dist: Pillow~=10.3.0
 Requires-Dist: cryptography~=42.0.5
@@ -21,14 +21,15 @@ Requires-Dist: werkzeug~=3.0.1
 Requires-Dist: argon2-cffi~=23.1.0
 Requires-Dist: pyotp~=2.9.0
 Requires-Dist: qrcode~=7.4.2
-Requires-Dist: gunicorn~=21.2.0
+Requires-Dist: gunicorn~=23.0.0
 Requires-Dist: gevent~=24.2.1
-Requires-Dist: requests~=2.31.0
+Requires-Dist: requests~=2.32.3
 Requires-Dist: pyzbar~=0.1.9
-Requires-Dist: parsys-requests-unixsocket~=0.3.1
+Requires-Dist: parsys-requests-unixsocket~=0.3.2
 Requires-Dist: selenium~=4.18.1
 Requires-Dist: twine~=5.0.0
-Requires-Dist: urllib3~=2.2.1
+Requires-Dist: urllib3~=2.3.0
+Requires-Dist: jwcrypto~=1.5.6
 
 # JAAQL-middleware-python
 Please navigate to docker/docker.md to see setup instructions  

{jaaql-middleware-python-4.26.2 → jaaql-middleware-python-4.27.1}/jaaql/constants.py

@@ -164,6 +164,7 @@ ENDPOINT__report_sentinel_error = "/sentinel/reporting/error"
 ENDPOINT__install = "/internal/install"
 ENDPOINT__set_shared_var = "/set-shared-var"
 ENDPOINT__get_shared_var = "/get-shared-var"
+ENDPOINT__oidc_get_token = "/exchange-auth-code"
 
 CONFIG__default = "Default config"
 CONFIG__default_desc = "Default config description"
@@ -182,5 +183,5 @@ ROLE__postgres = "postgres"
 
 PROTOCOL__postgres = "postgresql://"
 
-VERSION = "4.26.2"
+VERSION = "4.27.1"
 

{jaaql-middleware-python-4.26.2 → jaaql-middleware-python-4.27.1}/jaaql/documentation/documentation_internal.py

@@ -403,24 +403,66 @@ DOCUMENTATION__oidc_exchange_code = SwaggerDocumentation(
     methods=SwaggerMethod(
         name="Fetch OIDC code",
         description="Exchanges OIDC auth code for auth token, returns the token",
-        method=REST__POST,
-        body=[
-            SwaggerArgumentResponse(
-                name=KEY__code,
-                description="The OIDC Auth code",
-                arg_type=str,
-                example=["SplxlOBeZQQYbYS6WxSbIA"]
-            ),
-            SwaggerArgumentResponse(
-                name=KEY__state,
-                description="The state",
-                arg_type=str,
-                example=["SplxlOBeZQQYbYS6WxSbIA"]
-            )
-        ],
+        method=REST__GET,
+        arguments=SwaggerArgumentResponse(
+            name="response",
+            description="The OIDC response JWT object",
+            arg_type=str,
+            example=["eyJ..."]
+        ),
         response=SwaggerFlatResponse(
-            description="Access token",
-            body="eyJ..."
+            description="URL",
+            code=HTTPStatus.FOUND,
+            body="You are being redirected back to your place in the app..."
         )
     )
 )
+
+DOCUMENTATION__jwks = SwaggerDocumentation(
+    tags="jwks",
+    security=False,
+    methods=SwaggerMethod(
+        name="Fetch JWKS",
+        description="Fetches the JWKS so that mTLS can be used with JAAQL",
+        method=REST__GET,
+        response=SwaggerResponse(
+            description="The Keys",
+            response=SwaggerArgumentResponse(
+                name="keys",
+                description="A list of keys",
+                arg_type=SwaggerList(
+                    SwaggerArgumentResponse(
+                        name="e",
+                        description="JWKS e",
+                        arg_type=str,
+                        example=["AQAB"]
+                    ),
+                    SwaggerArgumentResponse(
+                        name="kty",
+                        description="JWKS kty",
+                        arg_type=str,
+                        example=["RSA"]
+                    ),
+                    SwaggerArgumentResponse(
+                        name="n",
+                        description="The public key",
+                        arg_type=str,
+                        example=["tKiq..."]
+                    ),
+                    SwaggerArgumentResponse(
+                        name="kid",
+                        description="The unique id",
+                        arg_type=str,
+                        example=["tKiq..."]
+                    ),
+                    SwaggerArgumentResponse(
+                        name="alg",
+                        description="The algorithm",
+                        arg_type=str,
+                        example=["RS256"]
+                    )
+                )
+            )
+        )
+    )
+)

{jaaql-middleware-python-4.26.2 → jaaql-middleware-python-4.27.1}/jaaql/mvc/base_controller.py

@@ -15,7 +15,7 @@ import sys
 import dataclasses
 import decimal
 from queue import Queue
-from jaaql.utilities.utils_no_project_imports import get_cookie_attrs, COOKIE_JAAQL_AUTH
+from jaaql.utilities.utils_no_project_imports import get_cookie_attrs, COOKIE_JAAQL_AUTH, COOKIE_LOGIN_MARKER, COOKIE_ATTR_PATH
 from jaaql.utilities.utils import time_delta_ms, Profiler
 from flask import Response, Flask, request, jsonify, current_app
 from flask.json.provider import DefaultJSONProvider
@@ -676,6 +676,11 @@ class BaseJAAQLController:
                                                                  get_cookie_attrs(self.model.vigilant_sessions, remember_me, self.model.is_container),
                                                                  self.model.is_https))
 
+                if request.cookies.get(COOKIE_LOGIN_MARKER) is not None:
+                    resp.headers.add("Set-Cookie", format_cookie(COOKIE_LOGIN_MARKER, "",
+                                                                 {COOKIE_ATTR_EXPIRES: format_date_time(0), COOKIE_ATTR_PATH: "/"},
+                                                                 self.model.is_https))
+
                 for _, cookie in jaaql_resp.cookies.items():
                     resp.headers.add("Set-Cookie", cookie)
 

{jaaql-middleware-python-4.26.2 → jaaql-middleware-python-4.27.1}/jaaql/mvc/base_model.py

@@ -1,5 +1,9 @@
 import sys
 
+import json
+import requests
+
+from cryptography import x509
 from jaaql.utilities.vault import Vault, DIR__vault
 from jaaql.db.db_interface import DBInterface
 import jaaql.utilities.crypt_utils as crypt_utils
@@ -202,6 +206,25 @@ class BaseJAAQLModel:
         self.force_mfa = config[CONFIG_KEY__security][CONFIG_KEY_SECURITY__force_mfa]
         self.do_audit = config[CONFIG_KEY__security][CONFIG_KEY_SECURITY__do_audit]
 
+        self.jwks = None
+        if self.is_container:
+            with open('/tmp/jwks.json', 'r') as f:
+                self.jwks = json.load(f)
+
+        self.application_url = os.environ.get("SERVER_ADDRESS", "")
+        self.use_fapi_advanced = os.environ.get("USE_FAPI_ADVANCED", "").lower() == "true"
+
+        self.fapi_pem = None
+        self.fapi_cert = None
+        if self.is_container:
+            with open('/tmp/client_key.pem', "rb") as f:
+                self.fapi_pem = f.read()
+
+            if self.use_fapi_advanced:
+                with open(f"/etc/letsencrypt/live/{self.application_url}/fullchain.pem", "rb") as f:
+                    self.fapi_cert = f.read()
+                    self.fapi_cert = x509.load_pem_x509_certificate(self.fapi_cert)
+
         self.vault = Vault(vault_key, DIR__vault)
         self.jaaql_lookup_connection = None
         self.email_manager = EmailManager(self.is_container)
@@ -260,9 +283,16 @@ class BaseJAAQLModel:
                 install_key_file.write(self.install_key)
             print("INSTALL KEY: " + self.install_key, file=sys.stderr)  # Print to stderr as unbuffered
 
+        self.idp_session = requests.Session()
+
     def get_db_crypt_key(self):
         return self.vault.get_obj(VAULT_KEY__db_crypt_key).encode(crypt_utils.ENCODING__ascii)
 
+    def reload_fapi_cert(self):
+        with open(f"/etc/letsencrypt/live/{self.application_url}/fullchain.pem", "rb") as f:
+            self.fapi_cert = f.read()
+            self.fapi_cert = x509.load_pem_x509_certificate(self.fapi_cert)
+
     def get_vault_repeatable_salt(self):
         return self.vault.get_obj(VAULT_KEY__db_repeatable_salt)
 

{jaaql-middleware-python-4.26.2 → jaaql-middleware-python-4.27.1}/jaaql/mvc/controller.py

@@ -163,6 +163,10 @@ class JAAQLController(BaseJAAQLController):
         def fetch_redirect_url(http_inputs: dict, response: JAAQLResponse):
             self.model.fetch_redirect_uri(http_inputs, response)
 
-        @self.publish_route('/exchange-auth-code', DOCUMENTATION__oidc_exchange_code)
+        @self.publish_route(ENDPOINT__oidc_get_token, DOCUMENTATION__oidc_exchange_code)
         def exchange_auth_code(http_inputs: dict, ip_address: str, response: JAAQLResponse):
             self.model.exchange_auth_code(http_inputs, request.cookies.get(COOKIE_OIDC), ip_address, response)
+
+        @self.publish_route('/.well-known/jwks', DOCUMENTATION__jwks)
+        def fetch_jwks():
+            return self.model.fetch_jwks()

{jaaql-middleware-python-4.26.2 → jaaql-middleware-python-4.27.1}/jaaql/mvc/model.py

@@ -6,6 +6,7 @@ import traceback
 import urllib.parse
 import uuid
 import secrets
+from cryptography.hazmat.primitives import hashes
 
 import re
 
@@ -26,7 +27,8 @@ from jaaql.utilities.utils import get_jaaql_root, get_base_url
 from jaaql.db.db_utils import create_interface, jaaql__encrypt, create_interface_for_db, jaaql__decrypt
 from jaaql.db.db_utils_no_circ import submit, get_required_db, objectify
 from jaaql.utilities import crypt_utils
-from jaaql.utilities.utils_no_project_imports import get_cookie_attrs, COOKIE_JAAQL_AUTH, COOKIE_ATTR_EXPIRES, time_delta_ms, COOKIE_OIDC
+from jaaql.utilities.utils_no_project_imports import get_cookie_attrs, COOKIE_JAAQL_AUTH, COOKIE_OIDC, COOKIE_LOGIN_MARKER, \
+    get_sloppy_cookie_attrs
 from jaaql.mvc.response import *
 import threading
 from datetime import datetime, timedelta
@@ -509,13 +511,19 @@ WHERE
         challenge = base64.urlsafe_b64encode(digest).decode('ascii').rstrip('=')
         return challenge
 
+    def fetch_jwks(self):
+        return self.jwks
+
+    def get_cert_thumbprint(self) -> str:
+        fingerprint = self.fapi_cert.fingerprint(hashes.SHA256())
+        return base64.urlsafe_b64encode(fingerprint).rstrip(b'=').decode('utf-8')
+
     def exchange_auth_code(self, inputs: dict, oidc_cookie: str, ip_address: str, response: JAAQLResponse):
         response.delete_cookie(COOKIE_OIDC, self.is_https)
         oidc_state = crypt_utils.jwt_decode(self.vault.get_obj(VAULT_KEY__jwt_crypt_key), oidc_cookie, JWT_PURPOSE__oidc)
-        if inputs[KEY__state] != oidc_state.get('state'):
-            raise UserUnauthorized()
 
         application = oidc_state[KEY__application]
+        application_tuple = application__select(self.jaaql_lookup_connection, application)
         provider = oidc_state[KG__user_registry__provider]
         tenant = oidc_state[KG__user_registry__tenant]
         database = jaaql__decrypt(oidc_state["database"], self.get_db_crypt_key())
@@ -538,27 +546,71 @@ WHERE
         if not allowed_algs:
             raise Exception(f"No allowed algs for {provider}, {tenant}")
 
+        jarms_response = inputs["response"]
+        signing_key = jwk_client.get_signing_key_from_jwt(jarms_response)
+        try:
+            jarms_payload = jwt.decode(
+                jarms_response,
+                signing_key.key,
+                algorithms=allowed_algs,
+                audience=database_user_registry[KG__database_user_registry__client_id],
+                issuer=expected_issuer
+            )
+        except:
+            raise UserUnauthorized()
+
+        if jarms_payload[KEY__state] != oidc_state.get('state'):
+            raise UserUnauthorized()
+
         token_request_payload = {
             'grant_type': 'authorization_code',
-            'code': inputs[KEY__code],
-            'redirect_uri': oidc_state["redirect_uri"],
+            'code': jarms_payload[KEY__code],
+            'redirect_uri': application_tuple[KG__application__base_url] + "/api" + ENDPOINT__oidc_get_token,
             'client_id': database_user_registry[KG__database_user_registry__client_id],
-            'code_verifier': code_verifier,
+            'code_verifier': code_verifier
         }
-        if database_user_registry[KG__database_user_registry__client_secret]:
-            token_request_payload["client_secret"] = database_user_registry[KG__database_user_registry__client_secret]
 
-        token_response = requests.post(
+        kwargs = {}
+        if self.use_fapi_advanced:
+            token_request_payload = {
+                **token_request_payload,
+                "iss": database_user_registry[KG__database_user_registry__client_id],
+                "aud": discovery.get("pushed_authorization_request_endpoint"),
+                "jti": str(uuid.uuid4()),
+                "iat": int(time.time()),
+                "exp": int(time.time()) + 300  # Token valid for 5 minutes
+            }
+            token_request_payload = {
+                "client_id": database_user_registry[KG__database_user_registry__client_id],
+                "request": jwt.encode(token_request_payload, self.fapi_pem, algorithm="PS256", headers={
+                    "kid": self.jwks["keys"][0]["kid"]
+                })
+            }
+            kwargs["verify"] = True
+            kwargs["cert"] = (f"/etc/letsencrypt/live/{self.application_url}/fullchain.pem", f"/etc/letsencrypt/live/{self.application_url}/privkey.pem")
+        else:
+            payload = {
+                "iss": database_user_registry[KG__database_user_registry__client_id],
+                "sub": database_user_registry[KG__database_user_registry__client_id],
+                "aud": token_endpoint,
+                "jti": str(uuid.uuid4()),
+                "iat": int(time.time()),
+                "exp": int(time.time()) + 300  # Token valid for 5 minutes
+            }
+            token_request_payload["client_assertion_type"] = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
+            token_request_payload["client_assertion"] = jwt.encode(payload, self.fapi_pem, algorithm="PS256", headers={
+                "kid": self.jwks["keys"][0]["kid"]
+            })
+
+        token_response = self.idp_session.post(
             token_endpoint.replace("localhost", "host.docker.internal"),
             data=token_request_payload,
+            **kwargs
         )
 
-        if os.environ.get("JAAQL_DEBUGGING") == "TRUE":
-            print(token_response.status_code)
-            print(token_response.text)
-
         token_data = token_response.json()
         id_token = token_data.get('id_token')
+        access_token = token_data.get('access_token')
 
         signing_key = jwk_client.get_signing_key_from_jwt(id_token)
         try:
@@ -575,6 +627,38 @@ WHERE
         if id_payload.get("nonce") != oidc_state["nonce"]:
             raise UserUnauthorized()
 
+        if self.use_fapi_advanced:
+            access_signing_key = jwk_client.get_signing_key_from_jwt(access_token)
+            try:
+                access_payload = jwt.decode(
+                    access_token,
+                    access_signing_key.key,
+                    algorithms=allowed_algs,
+                    audience=database_user_registry[KG__database_user_registry__client_id],
+                    issuer=expected_issuer
+                )
+            except:
+                raise UserUnauthorized()
+
+            # 2. Extract and check the cnf claim.
+            cnf_claim = access_payload.get("cnf")
+            if not cnf_claim:
+                raise UserUnauthorized()  # Access token is missing the 'cnf' claim.
+
+            expected_thumbprint = cnf_claim.get("x5t#S256")
+            if not expected_thumbprint:
+                raise UserUnauthorized()  # The 'cnf' claim does not contain the 'x5t#S256' field.
+
+            # 3. Compute the thumbprint of the certificate used for mTLS.
+            client_cert_thumbprint = self.get_cert_thumbprint()
+
+            # 4. Compare the thumbprints.
+            if client_cert_thumbprint != expected_thumbprint:
+                self.reload_fapi_cert()
+                client_cert_thumbprint = self.get_cert_thumbprint()
+                if client_cert_thumbprint != expected_thumbprint:
+                    raise UserUnauthorized()  # Access token 'cnf' claim does not match the client's certificate thumbprint.
+
         sub = id_payload.get("sub")
 
         account = None
@@ -659,6 +743,11 @@ WHERE
                             attributes=get_cookie_attrs(self.vigilant_sessions, False, self.is_container),
                             is_https=self.is_https)
 
+        response.set_cookie(COOKIE_LOGIN_MARKER, value="true", is_https=True, attributes=get_sloppy_cookie_attrs())
+
+        response.response_code = HTTPStatus.FOUND
+        response.raw_headers["Location"] = oidc_state[KEY__redirect_uri]
+
     def fetch_redirect_uri(self, inputs: dict, response: JAAQLResponse):
         schema = inputs.get(KEY__schema, None)
         application = application__select(self.jaaql_lookup_connection, inputs[KEY__application])
@@ -686,10 +775,11 @@ WHERE
         state = secrets.token_urlsafe(32)
         code_verifier = secrets.token_urlsafe(64)
         code_challenge = self.generate_code_challenge(code_verifier)
-        redirect_uri = application[KG__application__base_url] + "/" + inputs[KEY__redirect_uri]
+        real_redirect_uri = application[KG__application__base_url] + "/" + inputs[KEY__redirect_uri]
+        oidc_redirect_uri = application[KG__application__base_url] + "/api" + ENDPOINT__oidc_get_token
 
         oidc_session = crypt_utils.jwt_encode(self.vault.get_obj(VAULT_KEY__jwt_crypt_key), {
-            "redirect_uri": redirect_uri,
+            "redirect_uri": real_redirect_uri,
             "code_verifier": jaaql__encrypt(code_verifier, self.get_db_crypt_key()),
             "nonce": nonce,
             "state": state,
@@ -709,12 +799,75 @@ WHERE
             if scope not in default_scopes:
                 default_scopes.append(scope)
 
-        redirect = auth_endpoint + f"?client_id={client_id}&response_type=code&code_challenge_method=S256&scope={
-            urllib.parse.quote(" ".join(["openid"]))}&nonce={nonce}&state={
-            state}&code_challenge={code_challenge}&redirect_uri={urllib.parse.quote(redirect_uri, safe='')}"
+        par_endpoint = discovery.get("pushed_authorization_request_endpoint")
+        if not par_endpoint:
+            raise Exception("Pushed Authorization Request endpoint not found in discovery document.")
+        par_endpoint = par_endpoint.replace("localhost", "host.docker.internal")
+
+        par_payload = {
+            "client_id": database_user_registry[KG__database_user_registry__client_id],
+            "response_type": "code",
+            "code_challenge_method": "S256",
+            "scope": " ".join(["openid"]),  # should later be default scopes, may cause issues now
+            "nonce": nonce,
+            "state": state,
+            "code_challenge": code_challenge,
+            "redirect_uri": oidc_redirect_uri,
+        }
+
+        kwargs = {}
+        if self.use_fapi_advanced:
+            payload = {
+                **par_payload,
+                "iss": database_user_registry[KG__database_user_registry__client_id],
+                "aud": discovery.get("pushed_authorization_request_endpoint"),
+                "jti": str(uuid.uuid4()),
+                "iat": int(time.time()),
+                "exp": int(time.time()) + 300  # Token valid for 5 minutes
+            }
+            par_payload = {
+                "client_id": database_user_registry[KG__database_user_registry__client_id],
+                "request": jwt.encode(payload, self.fapi_pem, algorithm="PS256", headers={
+                    "kid": self.jwks["keys"][0]["kid"]
+                })
+            }
+            kwargs["verify"] = True
+            kwargs["cert"] = (f"/etc/letsencrypt/live/{self.application_url}/fullchain.pem", f"/etc/letsencrypt/live/{self.application_url}/privkey.pem")
+        else:
+            payload = {
+                "iss": database_user_registry[KG__database_user_registry__client_id],
+                "sub": database_user_registry[KG__database_user_registry__client_id],
+                "aud": discovery.get("pushed_authorization_request_endpoint"),
+                "jti": str(uuid.uuid4()),
+                "iat": int(time.time()),
+                "exp": int(time.time()) + 300  # Token valid for 5 minutes
+            }
+            par_payload["client_assertion_type"] = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
+            par_payload["client_assertion"] = jwt.encode(payload, self.fapi_pem, algorithm="PS256", headers={
+                "kid": self.jwks["keys"][0]["kid"]
+            })
+
+        par_response = self.idp_session.post(
+            par_endpoint,
+            data=par_payload,
+            **kwargs
+        )
+
+        if par_response.status_code not in (200, 201):
+            print(par_response.status_code)
+            print(par_response.text)
+            raise Exception(f"PAR request failed with status {par_response.status_code}: {par_response.text}")
+
+        par_data = par_response.json()
+        request_uri = par_data.get("request_uri")
+        if not request_uri:
+            raise Exception("No request_uri returned from the PAR endpoint.")
+
+        redirect_url = auth_endpoint + "?request_uri=" + urllib.parse.quote(request_uri) + "&response_mode=query.jwt&client_id=" + client_id
+        print(request_uri)
 
         response.response_code = HTTPStatus.FOUND
-        response.raw_headers["Location"] = redirect
+        response.raw_headers["Location"] = redirect_url
 
     def set_web_config(self, connection: DBInterface):
         self.is_super_admin(connection)

{jaaql-middleware-python-4.26.2 → jaaql-middleware-python-4.27.1}/jaaql/utilities/utils_no_project_imports.py

@@ -71,6 +71,7 @@ def pull_from_dict(self, inputs: dict, keys: Union[list, str, dict]):
 
 
 COOKIE_JAAQL_AUTH = "jaaql_auth"
+COOKIE_LOGIN_MARKER = "jaaql_successful_auth"
 COOKIE_OIDC = "oidc"
 COOKIE_FLAG_HTTP_ONLY = "HttpOnly"
 COOKIE_FLAG_SECURE = "Secure"
@@ -99,8 +100,19 @@ def get_cookie_attrs(vigilant_sessions: bool, remember_me: bool, is_gunicorn: bo
     return cookie_attrs
 
 
+def get_sloppy_cookie_attrs():
+    cookie_attrs = {}
+    cookie_attrs[COOKIE_ATTR_PATH] = "/"
+
+    cookie_attrs[COOKIE_ATTR_EXPIRES] = format_date_time(mktime((datetime.now() + timedelta(minutes=15)).timetuple()))
+
+    return cookie_attrs
+
+
 def format_cookie(name, value, attributes, is_https: bool):
     cookie_flags = [COOKIE_FLAG_HTTP_ONLY]
+    if name == COOKIE_LOGIN_MARKER:
+        cookie_flags = []
     if is_https:
         cookie_flags.append(COOKIE_FLAG_SECURE)
 

{jaaql-middleware-python-4.26.2 → jaaql-middleware-python-4.27.1/jaaql_middleware_python.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: jaaql-middleware-python
-Version: 4.26.2
+Version: 4.27.1
 Summary: The jaaql package, allowing for rapid development and deployment of RESTful HTTP applications
 Home-page: https://github.com/JAAQL/JAAQL-middleware-python
 Author: Software Quality Measurement and Improvement bv
@@ -8,7 +8,7 @@ Author-email: aaron.tasker@sqmi.nl
 License: Mozilla Public License Version 2.0 with Commons Clause
 Description-Content-Type: text/markdown
 License-File: LICENSE.txt
-Requires-Dist: jaaql-monitor~=1.4.17
+Requires-Dist: jaaql-monitor~=1.6.3
 Requires-Dist: psycopg[binary]~=3.1.18
 Requires-Dist: Pillow~=10.3.0
 Requires-Dist: cryptography~=42.0.5
@@ -21,14 +21,15 @@ Requires-Dist: werkzeug~=3.0.1
 Requires-Dist: argon2-cffi~=23.1.0
 Requires-Dist: pyotp~=2.9.0
 Requires-Dist: qrcode~=7.4.2
-Requires-Dist: gunicorn~=21.2.0
+Requires-Dist: gunicorn~=23.0.0
 Requires-Dist: gevent~=24.2.1
-Requires-Dist: requests~=2.31.0
+Requires-Dist: requests~=2.32.3
 Requires-Dist: pyzbar~=0.1.9
-Requires-Dist: parsys-requests-unixsocket~=0.3.1
+Requires-Dist: parsys-requests-unixsocket~=0.3.2
 Requires-Dist: selenium~=4.18.1
 Requires-Dist: twine~=5.0.0
-Requires-Dist: urllib3~=2.2.1
+Requires-Dist: urllib3~=2.3.0
+Requires-Dist: jwcrypto~=1.5.6
 
 # JAAQL-middleware-python
 Please navigate to docker/docker.md to see setup instructions  

{jaaql-middleware-python-4.26.2 → jaaql-middleware-python-4.27.1}/jaaql_middleware_python.egg-info/requires.txt

@@ -1,4 +1,4 @@
-jaaql-monitor~=1.4.17
+jaaql-monitor~=1.6.3
 psycopg[binary]~=3.1.18
 Pillow~=10.3.0
 cryptography~=42.0.5
@@ -11,11 +11,12 @@ werkzeug~=3.0.1
 argon2-cffi~=23.1.0
 pyotp~=2.9.0
 qrcode~=7.4.2
-gunicorn~=21.2.0
+gunicorn~=23.0.0
 gevent~=24.2.1
-requests~=2.31.0
+requests~=2.32.3
 pyzbar~=0.1.9
-parsys-requests-unixsocket~=0.3.1
+parsys-requests-unixsocket~=0.3.2
 selenium~=4.18.1
 twine~=5.0.0
-urllib3~=2.2.1
+urllib3~=2.3.0
+jwcrypto~=1.5.6