lojack-api 0.7.0__tar.gz → 0.7.2__tar.gz

{lojack_api-0.7.0 → lojack_api-0.7.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: lojack_api
-Version: 0.7.0
+Version: 0.7.2
 Summary: An async Python client library for the LoJack API, designed for Home Assistant integrations.
 Author: Devin Slick
 License: MIT

{lojack_api-0.7.0 → lojack_api-0.7.2}/lojack_api/__init__.py

@@ -45,7 +45,7 @@ from .models import (
 )
 from .transport import AiohttpTransport
 
-__version__ = "0.7.0"
+__version__ = "0.7.2"
 
 __all__ = [
     # Main client

{lojack_api-0.7.0 → lojack_api-0.7.2}/lojack_api/api.py

@@ -338,7 +338,14 @@ class LoJackClient:
             A list of Location objects.
         """
         headers = await self._get_headers()
-        params: dict[str, Any] = {}
+        params: dict[str, Any] = {
+            # Sort by date descending so the most recent event is first.
+            # Without this, the Spireon API may return events in an order
+            # where real-time AUTO_LOC events are buried behind older
+            # trip/sleep events, causing the integration to report stale
+            # location data.
+            "sort": "-date",
+        }
 
         if limit != -1:
             params["limit"] = limit

{lojack_api-0.7.0 → lojack_api-0.7.2}/lojack_api/auth.py

@@ -12,10 +12,11 @@ The Spireon LoJack API uses:
 from __future__ import annotations
 
 import base64
+import json
 import uuid
 from dataclasses import dataclass
 from datetime import datetime, timedelta, timezone
-from typing import TYPE_CHECKING, Any
+from typing import TYPE_CHECKING, Any, cast
 
 from .exceptions import AuthenticationError
 
@@ -183,6 +184,19 @@ class AuthManager:
             user_id=self._user_id,
         )
 
+    @staticmethod
+    def _extract_user_id_from_jwt(token: str) -> str | None:
+        """Extract user ID from Spireon JWT ns:u claim (no signature verification needed)."""
+        try:
+            parts = token.split(".")
+            if len(parts) != 3:
+                return None
+            padding = "=" * (4 - len(parts[1]) % 4)
+            payload = json.loads(base64.urlsafe_b64decode(parts[1] + padding))
+            return cast("str | None", payload.get("ns:u") or payload.get("sub"))
+        except Exception:
+            return None
+
     async def login(self) -> str:
         """Authenticate with the identity service using Basic Auth.
 
@@ -215,21 +229,30 @@ class AuthManager:
 
         token: str = str(token_value)
         self._access_token = token
-        self._user_id = data.get("userId") or data.get("user_id")
+        self._user_id = (
+            self._extract_user_id_from_jwt(token)
+            or data.get("userId")
+            or data.get("user_id")
+        )
 
-        # Parse expiration - tokens typically expire after some time
-        expires_in = data.get("expiresIn") or data.get("expires_in")
-        if expires_in:
+        # Parse expiration - prefer ISO 8601 expiresOn, fall back to expiresIn seconds
+        expires_on = data.get("expiresOn")
+        if expires_on:
             try:
-                self._expires_at = datetime.now(timezone.utc) + timedelta(
-                    seconds=int(expires_in)
-                )
-            except (ValueError, TypeError):
-                # Default to 1 hour if not specified
+                self._expires_at = datetime.fromisoformat(expires_on.replace("Z", "+00:00"))
+            except ValueError:
                 self._expires_at = datetime.now(timezone.utc) + timedelta(hours=1)
         else:
-            # Default expiration if not provided
-            self._expires_at = datetime.now(timezone.utc) + timedelta(hours=1)
+            expires_in = data.get("expiresIn") or data.get("expires_in")
+            if expires_in:
+                try:
+                    self._expires_at = datetime.now(timezone.utc) + timedelta(
+                        seconds=int(expires_in)
+                    )
+                except (ValueError, TypeError):
+                    self._expires_at = datetime.now(timezone.utc) + timedelta(hours=1)
+            else:
+                self._expires_at = datetime.now(timezone.utc) + timedelta(hours=1)
 
         return token
 

{lojack_api-0.7.0 → lojack_api-0.7.2}/lojack_api/device.py

@@ -86,9 +86,13 @@ class Device:
     async def refresh(self, *, force: bool = False) -> None:
         """Refresh the device's cached location.
 
-        Fetches location from the asset's lastLocation for coordinates,
-        then enriches it with telemetry data from the latest event
-        (speed, battery_voltage, signal_strength, etc.).
+        Fetches location from the asset's lastLocation for coordinates
+        AND the latest event (sorted newest-first). Compares timestamps
+        and uses whichever source is more recent.
+
+        The asset's ``lastLocation`` / ``locationLastReported`` can lag
+        behind real-time ``AUTO_LOC`` events by 30+ minutes, so we must
+        check both and pick the freshest.
 
         Args:
             force: If True, always fetch new data even if cached.
@@ -96,20 +100,34 @@ class Device:
         if not force and self._cached_location is not None:
             return
 
-        # First try to get current location from asset's lastLocation
-        location = await self._client.get_current_location(self.id)
-
-        # Always fetch latest event for telemetry data
+        # Fetch both sources in parallel-safe order
+        asset_location = await self._client.get_current_location(self.id)
         events = await self._client.get_locations(self.id, limit=1)
         latest_event = events[0] if events else None
 
-        if location and location.latitude is not None:
-            # Enrich the lastLocation with telemetry from the event
+        # Determine which source is freshest by comparing timestamps.
+        # The events endpoint (now sorted by -date) returns AUTO_LOC and
+        # other real-time pings that the asset endpoint may not reflect.
+        asset_ts = asset_location.timestamp if asset_location else None
+        event_ts = latest_event.timestamp if latest_event else None
+
+        use_event = False
+        if latest_event and latest_event.latitude is not None:
+            if asset_ts is None and event_ts is not None:
+                use_event = True
+            elif event_ts is not None and asset_ts is not None:
+                use_event = event_ts >= asset_ts
+
+        if use_event and latest_event is not None:
+            # Event is newer — use it directly (it already has telemetry)
+            self._cached_location = latest_event
+        elif asset_location and asset_location.latitude is not None:
+            # Asset is newer or event unavailable — enrich with telemetry
             if latest_event:
-                _enrich_location_from_event(location, latest_event)
-            self._cached_location = location
+                _enrich_location_from_event(asset_location, latest_event)
+            self._cached_location = asset_location
         elif latest_event:
-            # Use the event location directly (it has all the telemetry)
+            # Fallback to event even without coordinates comparison
             self._cached_location = latest_event
         else:
             self._cached_location = None

{lojack_api-0.7.0 → lojack_api-0.7.2}/lojack_api.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: lojack_api
-Version: 0.7.0
+Version: 0.7.2
 Summary: An async Python client library for the LoJack API, designed for Home Assistant integrations.
 Author: Devin Slick
 License: MIT

{lojack_api-0.7.0 → lojack_api-0.7.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "lojack_api"
-version = "0.7.0"
+version = "0.7.2"
 description = "An async Python client library for the LoJack API, designed for Home Assistant integrations."
 readme = "README.md"
 authors = [{ name = "Devin Slick" }]

{lojack_api-0.7.0 → lojack_api-0.7.2}/tests/test_auth.py

@@ -100,7 +100,7 @@ class TestAuthManager:
 
     @pytest.mark.asyncio
     async def test_login_success(self, auth, transport):
-        """Test successful login."""
+        """Test successful login with legacy userId field."""
         transport.request.return_value = {
             "token": "new-token",
             "expiresIn": 3600,
@@ -114,6 +114,83 @@ class TestAuthManager:
         assert auth.user_id == "user-123"
         transport.request.assert_called_once()
 
+    @pytest.mark.asyncio
+    async def test_login_user_id_from_jwt(self, auth, transport):
+        """Test that user_id is extracted from JWT ns:u claim (real API response shape)."""
+        import base64
+        import json
+
+        claims = {"sub": "fnmrihikdnykh7rng", "ns:u": "da05c72d-6a30-466f-8d86-763bd1e8844a"}
+        payload = base64.urlsafe_b64encode(
+            json.dumps(claims).encode()
+        ).decode().rstrip("=")
+        jwt_token = f"header.{payload}.signature"
+
+        transport.request.return_value = {
+            "token": jwt_token,
+            "scope": "ACCOUNT_USER_SCOPE",
+            "expiresOn": "2026-03-27T03:12:54Z",
+            "refreshBy": "2026-03-27T03:11:54Z",
+            "refreshInSeconds": 86339,
+        }
+
+        token = await auth.login()
+
+        assert token == jwt_token
+        assert auth.user_id == "da05c72d-6a30-466f-8d86-763bd1e8844a"
+
+    @pytest.mark.asyncio
+    async def test_login_user_id_falls_back_to_sub(self, auth, transport):
+        """Test that user_id falls back to JWT sub claim when ns:u is absent."""
+        import base64
+        import json
+
+        payload = base64.urlsafe_b64encode(
+            json.dumps({"sub": "fallback-sub-id"}).encode()
+        ).decode().rstrip("=")
+        jwt_token = f"header.{payload}.signature"
+
+        transport.request.return_value = {
+            "token": jwt_token,
+            "expiresOn": "2026-03-27T03:12:54Z",
+        }
+
+        await auth.login()
+
+        assert auth.user_id == "fallback-sub-id"
+
+    @pytest.mark.asyncio
+    async def test_login_expires_on_parsed(self, auth, transport):
+        """Test that expiresOn ISO 8601 timestamp is parsed correctly."""
+        transport.request.return_value = {
+            "token": "new-token",
+            "expiresOn": "2026-03-27T03:12:54Z",
+        }
+
+        await auth.login()
+
+        assert auth._expires_at is not None
+        assert auth._expires_at.year == 2026
+        assert auth._expires_at.month == 3
+        assert auth._expires_at.day == 27
+
+    @pytest.mark.asyncio
+    async def test_login_expires_on_invalid_falls_back(self, auth, transport):
+        """Test that an invalid expiresOn falls back to 1-hour default."""
+        from datetime import datetime, timezone
+
+        transport.request.return_value = {
+            "token": "new-token",
+            "expiresOn": "not-a-timestamp",
+        }
+
+        before = datetime.now(timezone.utc)
+        await auth.login()
+
+        assert auth._expires_at is not None
+        delta = auth._expires_at - before
+        assert 3590 < delta.total_seconds() < 3610  # ~1 hour
+
     @pytest.mark.asyncio
     async def test_login_missing_credentials(self, transport):
         """Test login without credentials."""
@@ -361,6 +438,22 @@ class TestGetSpireonHeaders:
         assert headers["Authorization"] == "Basic base64-credentials"
 
 
+class TestExtractUserIdFromJwt:
+    """Tests for AuthManager._extract_user_id_from_jwt."""
+
+    def test_returns_none_for_non_three_part_token(self):
+        """Token without three dot-separated parts returns None."""
+        from lojack_api.auth import AuthManager
+        assert AuthManager._extract_user_id_from_jwt("not.a.valid.jwt.parts") is None
+
+    def test_returns_none_for_invalid_json_payload(self):
+        """Payload that is valid base64 but not JSON triggers except and returns None."""
+        import base64
+        from lojack_api.auth import AuthManager
+        bad_payload = base64.urlsafe_b64encode(b"not-json").decode().rstrip("=")
+        assert AuthManager._extract_user_id_from_jwt(f"header.{bad_payload}.sig") is None
+
+
 class TestEncodeBasicAuth:
     """Tests for encode_basic_auth function."""