jamlib 3.2.0rc0__tar.gz → 3.2.0rc2__tar.gz

{jamlib-3.2.0rc0/src/jamlib.egg-info → jamlib-3.2.0rc2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: jamlib
-Version: 3.2.0rc0
+Version: 3.2.0rc2
 Summary: Simple and universal library for authorization.
 Author-email: Makridenko Adrian <adrianmakridenko@duck.com>, Ksenia Travnikova <kseniatravnikova@duck.com>
 License: Apache-2.0
@@ -77,7 +77,7 @@ from jam import Jam
 
 jam = Jam(config="config.toml")
 
-jwt = jam.jwt_create({"user": 1})
+jwt = jam.jwt_encode(payload={"user": 1})
 session_id = jam.session_create(session_key="username", data={"user": 1})
 otp_code = jam.otp_code(secret="3DB7FOAOFBCI3WFDRE7EPF43CA")
 ```
@@ -85,7 +85,7 @@ otp_code = jam.otp_code(secret="3DB7FOAOFBCI3WFDRE7EPF43CA")
 ## Why Jam?
 Jam is a library that provides the most popular AUTH* mechanisms right out of the box.
 
-* [JOSE](https://jam.makridenko.ru/usage/jose/index/)
+* [JOSE](https://jam.makridenko.ru/usage/jose/)
 * [PASETO](https://jam.makridenko.ru/usage/paseto/)
 * [Server side sessions](https://jam.makridenko.ru/usage/sessions/)
 * [OTP](https://jam.makridenko.ru/usage/otp/)

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/README.md

@@ -24,7 +24,7 @@ from jam import Jam
 
 jam = Jam(config="config.toml")
 
-jwt = jam.jwt_create({"user": 1})
+jwt = jam.jwt_encode(payload={"user": 1})
 session_id = jam.session_create(session_key="username", data={"user": 1})
 otp_code = jam.otp_code(secret="3DB7FOAOFBCI3WFDRE7EPF43CA")
 ```
@@ -32,7 +32,7 @@ otp_code = jam.otp_code(secret="3DB7FOAOFBCI3WFDRE7EPF43CA")
 ## Why Jam?
 Jam is a library that provides the most popular AUTH* mechanisms right out of the box.
 
-* [JOSE](https://jam.makridenko.ru/usage/jose/index/)
+* [JOSE](https://jam.makridenko.ru/usage/jose/)
 * [PASETO](https://jam.makridenko.ru/usage/paseto/)
 * [Server side sessions](https://jam.makridenko.ru/usage/sessions/)
 * [OTP](https://jam.makridenko.ru/usage/otp/)

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "jamlib"
-version = "3.2.0rc0"
+version = "3.2.0rc2"
 description = "Simple and universal library for authorization."
 authors = [
     {name = "Makridenko Adrian",email = "adrianmakridenko@duck.com"},

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/__init__.py

@@ -10,5 +10,5 @@ from jam.__base__ import BaseJam
 from jam.instance import Jam
 
 
-__version__ = "3.2.0rc0"
+__version__ = "3.2.0rc2"
 __all__ = ["Jam", "BaseJam"]

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/aio/__base__.py

@@ -4,6 +4,7 @@ from abc import abstractmethod
 from typing import Any
 
 from jam.__base__ import BaseJam
+from jam.__deprecated__ import deprecated
 from jam.aio.oauth2.__base__ import BaseAsyncOAuth2Client
 from jam.aio.sessions.__base__ import BaseAsyncSessionModule
 from jam.jose.__base__ import BaseJWE, BaseJWS
@@ -21,11 +22,17 @@ class BaseAsyncJam(BaseJam):
     jwe: BaseJWE | None = None  # type: ignore[override]
 
     @abstractmethod
+    @deprecated(
+        "This method is deprecated; the JWT payload is generated automatically in accordance with the specification."
+    )
     async def jwt_make_payload(  # type: ignore[override]
         self, exp: int | None, data: dict[str, Any]
     ) -> dict[str, Any]:
         """Make JWT-specific payload.
 
+        !!! Deprecated
+                This method is deprecated; the JWT payload is generated automatically in accordance with the specification.
+
         Args:
             exp (int | None): Token expire, if None -> use default
             data (dict[str, Any]): Data to payload
@@ -36,6 +43,7 @@ class BaseAsyncJam(BaseJam):
         raise NotImplementedError
 
     @abstractmethod
+    @deprecated("Use jam.jwt_encode")
     async def jwt_create(  # type: ignore[override]
         self, payload: dict[str, Any]
     ) -> str:

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/aio/instance.py

@@ -1,10 +1,10 @@
 # -*- coding: utf-8 -*-
 
-import datetime
 import time
 from typing import Any
 import uuid
 
+from jam.__deprecated__ import deprecated
 from jam.aio.__base__ import BaseAsyncJam
 from jam.exceptions import (
     JamConfigurationError,
@@ -30,11 +30,17 @@ class Jam(BaseAsyncJam):
         "otp": "jam.otp.__base__.OTPConfig",
     }
 
+    @deprecated(
+        "This method is deprecated; the JWT payload is generated automatically in accordance with the specification."
+    )
     async def jwt_make_payload(
         self, exp: int | None, data: dict[str, Any]
     ) -> dict[str, Any]:
         """Make JWT-specific payload.
 
+        !!! Deprecated
+                This method is deprecated; the JWT payload is generated automatically in accordance with the specification.
+
         Args:
             exp (int | None): Token expire
             data (dict[str, Any]): Data to payload
@@ -42,17 +48,22 @@ class Jam(BaseAsyncJam):
         Returns:
             dict[str, Any]: Payload
         """
+        now = time.time()
         payload = {
-            "iat": datetime.datetime.now().timestamp(),
-            "exp": (datetime.datetime.now().timestamp() + exp) if exp else None,
+            "iat": now,
+            "exp": (now + exp) if exp else None,
             "jti": str(uuid.uuid4()),
         }
         payload = payload | data
         return payload
 
+    @deprecated("Use jam.jwt_encode")
     async def jwt_create(self, payload: dict[str, Any]) -> str:
         """Create JWT token.
 
+        !!! Deprecated
+                Use Jam.jwt_encode
+
         Args:
             payload (dict[str, Any]): Data payload
 
@@ -244,7 +255,10 @@ class Jam(BaseAsyncJam):
         """
         assert self.jwe is not None
         self._logger.debug(f"Encrypting data with JWE, header: {header}")
-        token = self.jwe.encrypt(data, header)
+        token = self.jwe.encrypt(
+            self._serializer.dumps(data) if isinstance(data, dict) else data,
+            header,
+        )
         self._logger.debug(f"JWE token created, length: {len(token)}")
         return token
 
@@ -369,8 +383,8 @@ class Jam(BaseAsyncJam):
     async def otp_uri(
         self,
         secret: str,
-        name: str | None = None,
-        issuer: str | None = None,
+        name: str,
+        issuer: str,
         counter: int | None = None,
     ) -> str:
         """Generates an otpauth:// URI for Google Authenticator.
@@ -388,9 +402,7 @@ class Jam(BaseAsyncJam):
         assert self._otp is not None
         return self._otp(
             secret=secret, digits=self.otp.digits, digest=self.otp.digest
-        ).provisioning_uri(
-            name=name or "", issuer=issuer or "", counter=counter
-        )
+        ).provisioning_uri(name=name, issuer=issuer, counter=counter)
 
     async def otp_verify_code(
         self,

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/aio/sessions/__base__.py

@@ -7,9 +7,11 @@ from uuid import uuid4
 
 from cryptography.fernet import Fernet
 
-from jam.encoders import BaseEncoder, JsonEncoder
+from jam.__base_encoder__ import BaseEncoder
+from jam.encoders import JsonEncoder
 from jam.exceptions import JamSessionEmptyAESKey
 from jam.logger import BaseLogger
+from jam.utils.config_maker import __key_loader__
 
 
 class BaseAsyncSessionModule(ABC):
@@ -32,6 +34,8 @@ class BaseAsyncSessionModule(ABC):
             raise JamSessionEmptyAESKey
         if is_session_crypt:
             assert session_aes_secret is not None
+            if isinstance(session_aes_secret, str):
+                session_aes_secret = __key_loader__(session_aes_secret)
             self._code_session_key = Fernet(session_aes_secret)
 
     def __encode_session_id__(self, data: str) -> str:

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/ext/flask/extensions.py

@@ -89,6 +89,8 @@ class BaseAuthExtension(BaseExtension):
         _config: dict[str, Any] | None = (
             __config_maker__(config, pointer) if config else None
         )
+        if _config and _config.get("jose", None) and self.MODULE == create_jwt:
+            _config = _config["jose"]
 
         params = _config.pop(self._CONFIG_KEY) if _config else kwargs
         super().__init__(app=app, **params)

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/ext/litestar/plugins.py

@@ -76,6 +76,9 @@ class BasePlugin(InitPlugin):
             __config_maker__(config, pointer) if config else None
         )
 
+        # FIXME: Make config wrapper
+        if _config and _config.get("jose", None) and self.MODULE == create_jwt:
+            _config = _config["jose"]
         params = _config.pop(self._CONFIG_KEY) if _config else kwargs
         self._setup_config(params)
         self._middleware = None

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/ext/starlette/backends.py

@@ -81,6 +81,8 @@ class BaseBackend(AuthenticationBackend):
         try:
             if config:
                 config_ = __config_maker__(config, pointer)[self._CONFIG_KEY]
+                if config_.get("jose", None) and self.MODULE == create_jwt:
+                    config_ = config_["jose"]
                 self._auth = self.MODULE(**config_)
             else:
                 self._auth = self.MODULE(**kwargs)

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/jose/__base__.py

@@ -73,34 +73,39 @@ class BaseJWT(ABC):
     @abstractmethod
     def encrypt(
         self,
-        payload: dict[str, Any] | str,
+        plaintext: bytes | str | dict[str, Any],
         header: dict[str, Any] | None = None,
     ) -> str:
-        """Encrypt payload using JWE.
+        """Encrypt plaintext.
 
-        Creates JWE or JWS+JWE token (sign then encrypt).
+        Produces JWE Compact Serialization:
+        BASE64URL(header).BASE64URL(encrypted_key).BASE64URL(iv).BASE64URL(ciphertext).BASE64URL(tag)
 
         Args:
-            payload: Data to encrypt. If dict, will be JSON encoded.
-            header: Additional JWE header.
+            plaintext: Data to encrypt. If str, will be encoded to UTF-8.
+                If dict, will be JSON encoded.
+            header: JWE header (must include 'alg' and 'enc').
 
         Returns:
-            str: Encrypted JWT (JWE or JWS+JWE).
+            JWE compact serialization string.
+
+        Raises:
+            JamJWEEncryptionError: If encryption fails.
         """
         raise NotImplementedError
 
     @abstractmethod
-    def decrypt(self, token: str) -> dict[str, Any]:
-        """Decrypt JWE or JWS+JWE token.
+    def decrypt(self, token: str) -> dict[str, Any] | bytes:
+        """Decrypt JWE token.
 
         Args:
-            token: Encrypted JWT token.
+            token: JWE compact serialization string.
 
         Returns:
-            dict[str, Any]: Decrypted payload.
+            bytes: Decrypted plaintext.
 
         Raises:
-            ValueError: If token is invalid or decryption fails.
+            JamJWEDecryptionError: If decryption fails.
         """
         raise NotImplementedError
 

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/jose/jws.py

@@ -15,6 +15,7 @@ from jam.jose.__algorithms__ import (
 from jam.jose.__base__ import BaseJWS
 from jam.jose.utils import __base64url_decode__, __base64url_encode__
 from jam.logger import BaseLogger, logger
+from jam.utils.config_maker import __key_loader__
 
 
 if TYPE_CHECKING:
@@ -46,6 +47,9 @@ class JWS(BaseJWS):
         self._alg = alg.upper()
         self._validate_algorithm(self._alg)
 
+        if isinstance(key, str):
+            key = __key_loader__(key)
+
         if isinstance(key, JWKClass):
             key = key._to_keylike()
 

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/jose/jwt.py

@@ -9,12 +9,12 @@ import uuid
 from jam.__base_encoder__ import BaseEncoder
 from jam.encoders import JsonEncoder
 from jam.exceptions import (
+    JamConfigurationError,
     JamJWTExpired,
     JamJWTNotYetValid,
     JamJWTUnsupportedAlgorithm,
 )
 from jam.exceptions.jose import (
-    JamConfigurationError,
     JamInvalidKeyTypeError,
     JamJWSVerificationError,
 )
@@ -30,6 +30,7 @@ from jam.jose.jwe import JWE
 from jam.jose.jws import JWS
 from jam.jose.lists import BaseJWTList
 from jam.logger import BaseLogger, logger
+from jam.utils.config_maker import __key_loader__
 
 
 if TYPE_CHECKING:
@@ -153,6 +154,7 @@ class JWT(BaseJWT):
         if isinstance(key, JWKClass):
             return key._to_keylike()
         if isinstance(key, str):
+            key = __key_loader__(key)
             return key.encode() if key else key
         return key
 
@@ -498,7 +500,7 @@ class JWT(BaseJWT):
 
     def encrypt(
         self,
-        payload: dict[str, Any] | str,
+        plaintext: bytes | str | dict[str, Any],
         header: dict[str, Any] | None = None,
     ) -> str:
         """Encrypt payload using JWE.
@@ -508,8 +510,8 @@ class JWT(BaseJWT):
         2. Use JWS result as plaintext for JWE (encrypt)
 
         Args:
-            payload: Data to encrypt. If dict, will be JSON encoded.
-            header: Additional JWE header.
+            plaintext (bytes | str | dict[str, Any]): Data to encrypt. If dict, will be JSON encoded.
+            header (dict[str, Any] | None): Additional JWE header.
 
         Returns:
             str: Encrypted JWT (JWE or JWS+JWE).
@@ -522,12 +524,12 @@ class JWT(BaseJWT):
                 message="JWE not configured. Provide 'enc' parameter."
             )
 
-        if isinstance(payload, dict):
-            payload_bytes = self._serializer.dumps(payload)
-        elif isinstance(payload, str):
-            payload_bytes = payload.encode("utf-8")
+        if isinstance(plaintext, dict):
+            payload_bytes = self._serializer.dumps(plaintext)
+        elif isinstance(plaintext, str):
+            payload_bytes = plaintext.encode("utf-8")
         else:
-            payload_bytes = payload
+            payload_bytes = plaintext
 
         if self.jws and self.jwe:
             _base_header = {"alg": self._alg, "typ": "JWT"}
@@ -538,7 +540,7 @@ class JWT(BaseJWT):
         else:
             return self.jwe.encrypt(payload_bytes, header)
 
-    def decrypt(self, token: str) -> dict[str, Any]:
+    def decrypt(self, token: str) -> dict[str, Any] | bytes:
         """Decrypt JWE or JWS+JWE token.
 
         If token is JWS+JWE (sign then encrypt):

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/paseto/v1.py

@@ -29,6 +29,7 @@ from jam.paseto.utils import (
     base64url_decode,
     base64url_encode,
 )
+from jam.utils.config_maker import __key_loader__
 
 
 class PASETOv1(BasePASETO):
@@ -59,6 +60,7 @@ class PASETOv1(BasePASETO):
 
         if purpose == "local":
             if isinstance(secret_key, str):
+                secret_key = __key_loader__(secret_key)
                 raw = base64url_decode(secret_key.encode("utf-8"))
             else:
                 raw = secret_key
@@ -75,6 +77,8 @@ class PASETOv1(BasePASETO):
             return inst
 
         elif purpose == "public":
+            if isinstance(secret_key, str):
+                secret_key = __key_loader__(secret_key)
             if isinstance(secret_key, RSAPrivateKey):
                 inst._secret = secret_key
                 inst._public_key = secret_key.public_key()

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/paseto/v2.py

@@ -19,6 +19,7 @@ from jam.exceptions import (
 )
 from jam.paseto.__base__ import PASETO, BasePASETO
 from jam.paseto.utils import __pae__, base64url_decode, base64url_encode
+from jam.utils.config_maker import __key_loader__
 from jam.utils.xchacha20poly1305 import (
     xchacha20poly1305_decrypt,
     xchacha20poly1305_encrypt,
@@ -42,6 +43,7 @@ class PASETOv2(BasePASETO):
 
         if purpose == "local":
             if isinstance(secret_key, str):
+                secret_key = __key_loader__(secret_key)
                 secret_key = base64.urlsafe_b64decode(secret_key + "==")
             if not isinstance(secret_key, bytes) or len(secret_key) != 32:
                 raise ValueError("v2.local key must be 32 bytes")
@@ -49,6 +51,8 @@ class PASETOv2(BasePASETO):
             return k
 
         elif purpose == "public":
+            if isinstance(secret_key, str):
+                secret_key = __key_loader__(secret_key)
             if isinstance(secret_key, Ed25519PrivateKey):
                 k._secret = secret_key
                 k._public_key = secret_key.public_key()

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/paseto/v3.py

@@ -30,6 +30,7 @@ from jam.paseto.utils import (
     base64url_decode,
     base64url_encode,
 )
+from jam.utils.config_maker import __key_loader__
 
 
 class PASETOv3(BasePASETO):
@@ -56,6 +57,7 @@ class PASETOv3(BasePASETO):
 
         if purpose == "local":
             if isinstance(secret_key, str):
+                secret_key = __key_loader__(secret_key)
                 try:
                     raw = base64url_decode(secret_key.encode("utf-8"))
                 except Exception:
@@ -72,6 +74,8 @@ class PASETOv3(BasePASETO):
             return inst
 
         elif purpose == "public":
+            if isinstance(secret_key, str):
+                secret_key = __key_loader__(secret_key)
             if hasattr(secret_key, "sign") and isinstance(
                 secret_key, ec.EllipticCurvePrivateKey
             ):

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/paseto/v4.py

@@ -21,6 +21,7 @@ from jam.exceptions import (
 )
 from jam.paseto.__base__ import PASETO, BasePASETO
 from jam.paseto.utils import __pae__, base64url_decode, base64url_encode
+from jam.utils.config_maker import __key_loader__
 from jam.utils.xchacha20poly1305 import (
     xchacha20poly1305_decrypt,
     xchacha20poly1305_encrypt,
@@ -53,6 +54,7 @@ class PASETOv4(BasePASETO):
 
         if purpose == "local":
             if isinstance(secret_key, str):
+                secret_key = __key_loader__(secret_key)
                 raw = base64url_decode(secret_key.encode("utf-8"))
             else:
                 raw = secret_key
@@ -65,6 +67,8 @@ class PASETOv4(BasePASETO):
 
         elif purpose == "public":
             # Ed25519 objects
+            if isinstance(secret_key, str):
+                secret_key = __key_loader__(secret_key)
             if isinstance(secret_key, Ed25519PrivateKey):
                 inst._secret = secret_key
                 inst._public_key = secret_key.public_key()

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/sessions/__base__.py

@@ -7,9 +7,11 @@ from uuid import uuid4
 
 from cryptography.fernet import Fernet
 
-from jam.encoders import BaseEncoder, JsonEncoder
+from jam.__base_encoder__ import BaseEncoder
+from jam.encoders import JsonEncoder
 from jam.exceptions import JamSessionEmptyAESKey
 from jam.logger import BaseLogger
+from jam.utils.config_maker import __key_loader__
 
 
 class BaseSessionModule(ABC):
@@ -76,6 +78,8 @@ class BaseSessionModule(ABC):
             raise JamSessionEmptyAESKey
         if is_session_crypt:
             assert session_aes_secret is not None
+            if isinstance(session_aes_secret, str):
+                session_aes_secret = __key_loader__(session_aes_secret)
             self._code_session_key = Fernet(session_aes_secret)
 
     def __encode_session_id__(self, data: str) -> str:

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/tests/clients.py

@@ -5,6 +5,7 @@ import json
 from typing import Any, Union
 import uuid
 
+from jam.__deprecated__ import deprecated
 from jam.aio import Jam as AioJam
 from jam.instance import Jam
 from jam.jose.utils import __base64url_decode__ as base64url_decode
@@ -66,6 +67,9 @@ class TestJam(Jam):
         self._sessions: dict[str, dict[str, Any]] = {}
         self._session_keys: dict[str, str] = {}
 
+    @deprecated(
+        "This method is deprecated; the JWT payload is generated automatically in accordance with the specification."
+    )
     def jwt_make_payload(
         self, exp: int | None, data: dict[str, Any]
     ) -> dict[str, Any]:

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2}/src/jam/utils/config_maker.py

@@ -413,3 +413,18 @@ def __module_loader__(path: str) -> Callable:
     module_path, class_name = path.rsplit(".", 1)
     module = import_module(module_path)
     return getattr(module, class_name)
+
+
+def __key_loader__(key: str) -> str:
+    """Loads a key from file, if `key` is a path to a file.
+
+    Args:
+        key (str): Key to load. If it is a path to a file, the file will be loaded.
+
+    Returns:
+        str: Loaded key or original key if not a file path.
+    """
+    if os.path.isfile(key):
+        with open(key) as f:
+            return f.read().strip()
+    return key

{jamlib-3.2.0rc0 → jamlib-3.2.0rc2/src/jamlib.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: jamlib
-Version: 3.2.0rc0
+Version: 3.2.0rc2
 Summary: Simple and universal library for authorization.
 Author-email: Makridenko Adrian <adrianmakridenko@duck.com>, Ksenia Travnikova <kseniatravnikova@duck.com>
 License: Apache-2.0
@@ -77,7 +77,7 @@ from jam import Jam
 
 jam = Jam(config="config.toml")
 
-jwt = jam.jwt_create({"user": 1})
+jwt = jam.jwt_encode(payload={"user": 1})
 session_id = jam.session_create(session_key="username", data={"user": 1})
 otp_code = jam.otp_code(secret="3DB7FOAOFBCI3WFDRE7EPF43CA")
 ```
@@ -85,7 +85,7 @@ otp_code = jam.otp_code(secret="3DB7FOAOFBCI3WFDRE7EPF43CA")
 ## Why Jam?
 Jam is a library that provides the most popular AUTH* mechanisms right out of the box.
 
-* [JOSE](https://jam.makridenko.ru/usage/jose/index/)
+* [JOSE](https://jam.makridenko.ru/usage/jose/)
 * [PASETO](https://jam.makridenko.ru/usage/paseto/)
 * [Server side sessions](https://jam.makridenko.ru/usage/sessions/)
 * [OTP](https://jam.makridenko.ru/usage/otp/)