kaggle 1.7.4.5__py3-none-any.whl → 1.8.0__py3-none-any.whl

kagglesdk/kaggle_oauth.py

@@ -0,0 +1,200 @@
+import base64
+import hashlib
+import http.server
+import logging
+import os
+import platform
+import random
+import secrets
+import socketserver
+import uuid
+import urllib.parse
+import webbrowser
+from datetime import datetime, timedelta, timezone
+from kagglesdk.kaggle_client import KaggleClient
+from kagglesdk.kaggle_creds import KaggleCredentials
+from kagglesdk.security.types.oauth_service import ExchangeOAuthTokenRequest
+
+
+class KaggleOAuth:
+    OAUTH_CLIENT_ID = "kagglesdk"
+
+    def __init__(self, client: KaggleClient):
+        self._client = client
+        self._http_client = client.http_client()
+        self._server_running = False
+        self._creds = None
+        self._logger = logging.getLogger(__name__)
+
+    class OAuthState:
+        def __init__(self):
+            self.state = str(uuid.uuid4())
+            self.code_verifier = KaggleOAuth.OAuthState._generate_code_verifier()
+            self.code_challenge = KaggleOAuth.OAuthState._generate_code_challenge(self.code_verifier)
+
+        def _generate_state(length: int = 32):
+            return secrets.token_urlsafe(length)
+
+        def _generate_code_verifier(length: int = 64) -> str:
+            if not 42 <= length <= 128:
+                raise ValueError("Code verifier length must be between 42 and 128 characters.")
+            return secrets.token_urlsafe(length)
+
+        def _generate_code_challenge(code_verifier: str) -> str:
+            code_verifier_bytes = code_verifier.encode("utf-8")
+            code_challenge_bytes = hashlib.sha256(code_verifier_bytes).digest()
+            code_challenge_base64 = base64.urlsafe_b64encode(code_challenge_bytes).decode("utf-8")
+            return code_challenge_base64
+
+    class OAuthCallbackHandler(http.server.BaseHTTPRequestHandler):
+        def __init__(
+            self,
+            *args,
+            oauth: "KaggleOAuth" = None,
+            oauth_state: "KaggleOAuth.OAuthState" = None,
+            on_success=None,
+            logger=None,
+            **kwargs,
+        ):
+            self._oauth = oauth
+            self._oauth_state = oauth_state
+            self._on_success = on_success
+            self._logger = logger
+            super().__init__(*args, **kwargs)
+
+        def do_GET(self):
+            if self.path == "/favicon.ico":
+                return
+            try:
+                self._handle_oauth_callback()
+            finally:
+                self._stop_server()
+
+        def _handle_oauth_callback(self):
+            parsed_url = urllib.parse.urlparse(self.path)
+            query_params = urllib.parse.parse_qs(parsed_url.query)
+            if "code" in query_params and "state" in query_params:
+                code = query_params["code"][0]
+                state = query_params["state"][0]
+                self._logger.debug(f"\nReceived OAuth Callback:")
+                self._logger.debug(f"  code : {code}")
+                self._logger.debug(f"  state: {state}")
+                if state == self._oauth_state.state:
+                    self.send_response(200)
+                    self.send_header("Content-type", "text/html")
+                    self.end_headers()
+                    self.wfile.write(
+                        b"<html><body><h1>Authentication Successful!</h1><p>You can close this window.</p></body></html>"
+                    )
+                    self._on_success(code)
+                else:
+                    self._logger.error(f"Invalid state! Expected: {self._oauth_state.state}, Received: {state}")
+                    self.send_response(400)
+                    self.send_header("Content-type", "text/html")
+                    self.end_headers()
+                    self.wfile.write(b"<html><body><h1>Authentication Failed!</h1></body></html>")
+            else:
+                self._logger.debug(f"\nReceived Invalid OAuth Callback: {self.path}")
+                self.send_response(400)
+                self.send_header("Content-type", "text/html")
+                self.end_headers()
+                self.wfile.write(
+                    b"<html><body><h1>Authentication Failed!</h1><p>Invalid callback parameters.</p></body></html>"
+                )
+
+        def _stop_server(self):
+            self._oauth.stop_server()
+
+    @staticmethod
+    def _can_open_browser():
+        if platform.system() in ["Windows", "Darwin"]:
+            return True  # Assume GUI on Windows/Mac
+
+        if "DISPLAY" in os.environ and os.environ["DISPLAY"] != "":
+            return True  # X11 display available
+
+        return False
+
+    def _exchange_oauth_token(self, code: str, scopes: list[str], oauth_state: "KaggleOAuth.OAuthState"):
+        request = ExchangeOAuthTokenRequest()
+        request.code = code
+        request.code_verifier = oauth_state.code_verifier
+        request.grant_type = "authorization_code"
+
+        response = self._client.security.oauth_client.exchange_oauth_token(request)
+        self._creds = KaggleCredentials(
+            client=self._client,
+            refresh_token=response.refreshToken,
+            access_token=response.accessToken,
+            access_token_expiration=datetime.now(timezone.utc) + timedelta(seconds=response.expires_in),
+            username=response.username,
+            scopes=scopes,
+        )
+
+    def _run_oauth_flow(self, scopes: list[str], no_launch_browser: bool) -> KaggleCredentials:
+        use_browser = not no_launch_browser and KaggleOAuth._can_open_browser()
+        redirect_uri = self._http_client.get_oauth_default_redirect_url()
+        if use_browser:
+            port = random.randint(8000, 9000)
+            redirect_uri = f"http://localhost:{port}"
+            self._logger.debug(f"Will listen for the callback at: {redirect_uri}")
+
+        oauth_state = KaggleOAuth.OAuthState()
+        oauth_start_url = self._http_client.build_start_oauth_url(
+            client_id=KaggleOAuth.OAUTH_CLIENT_ID,
+            redirect_uri=redirect_uri,
+            scope=scopes,
+            state=oauth_state.state,
+            code_challenge=oauth_state.code_challenge,
+        )
+
+        if use_browser:
+            webbrowser.open(oauth_start_url)
+            print("Your browser has been opened to visit:")
+            print(f"  {oauth_start_url}\n\n")
+
+            def exchange_oauth_token(code: str):
+                self._exchange_oauth_token(code, scopes, oauth_state)
+
+            def handler_factory(*args, **kwargs):
+                return KaggleOAuth.OAuthCallbackHandler(
+                    *args,
+                    oauth=self,
+                    oauth_state=oauth_state,
+                    on_success=exchange_oauth_token,
+                    logger=self._logger,
+                    **kwargs,
+                )
+
+            self._server_running = True
+            with socketserver.TCPServer(("127.0.0.1", port), handler_factory) as httpd:
+                self._logger.debug(f"Listening for callback on port {port}...")
+                while self._server_running:
+                    httpd.handle_request()
+                self._logger.debug("OAuth flow completed (or server stopped).")
+        else:
+            print("\nGo to the following link in your browser, and complete the sign-in prompts at Kaggle:\n")
+            print(f"  {oauth_start_url}")
+            print(
+                "\nOnce finished, enter the verification code provided in your browser: ",
+                end="",
+            )
+            code = input()
+            self._exchange_oauth_token(code, scopes, oauth_state)
+
+        return self._creds
+
+    def stop_server(self):
+        self._server_running = False
+
+    def _ensure_creds_valid(self, creds: KaggleCredentials):
+        if not creds:
+            raise Exception("Authentication failed.")
+        return creds.introspect()
+
+    def authenticate(self, scopes: list[str], no_launch_browser: bool = False) -> KaggleCredentials:
+        creds = self._run_oauth_flow(scopes, no_launch_browser)
+        username = self._ensure_creds_valid(creds)
+        creds.save()
+        print(f"\nYou are now logged in as [{username}]\n")
+        return creds