plotly-cloud 0.1.0rc1__py3-none-any.whl

plotly_cloud/_oauth.py

@@ -0,0 +1,283 @@
+"""OAuth client implementation for Plotly Cloud CLI using WorkOS CLI Auth."""
+
+import asyncio
+import json
+import os
+import time
+import webbrowser
+from pathlib import Path
+from typing import Optional
+
+import httpx
+from rich.console import Console
+from rich.live import Live
+from rich.panel import Panel
+from rich.spinner import Spinner
+
+from .exceptions import (
+    CredentialError,
+    OAuthClientError,
+    TimeoutError,
+    TokenError,
+)
+
+console = Console()
+
+# WorkOS CLI Auth Configuration
+WORKOS_API_BASE_URL = "https://api.workos.com"
+WORKOS_ENDPOINTS = {
+    "DEVICE_AUTHORIZE": "/user_management/authorize/device",
+    "AUTHENTICATE": "/user_management/authenticate",
+    "REFRESH_TOKEN": "/user_management/authenticate",
+    "LOGOUT": "/user_management/sessions/logout",
+}
+
+# OAuth Configuration
+DEFAULT_AUTH_PROVIDER = "authkit"
+
+
+class OAuthClient:
+    """OAuth client for WorkOS CLI Auth using device authorization flow."""
+
+    def __init__(self, client_id: str):
+        self.client_id = client_id
+        self.credentials_path = self._get_credentials_path()
+
+    def _get_credentials_path(self) -> Path:
+        """Get cross-platform credentials file path."""
+        home = Path.home()
+        return home / ".plotly-cloud"
+
+    async def request_device_authorization(self, provider: str = DEFAULT_AUTH_PROVIDER) -> dict:
+        """Request device authorization from WorkOS CLI Auth."""
+        if not self.client_id:
+            raise OAuthClientError("client_id is required")
+
+        device_auth_data = {
+            "client_id": self.client_id,
+            "provider": provider,
+        }
+
+        async with httpx.AsyncClient() as client:
+            response = await client.post(
+                f"{WORKOS_API_BASE_URL}{WORKOS_ENDPOINTS['DEVICE_AUTHORIZE']}",
+                data=device_auth_data,
+                headers={"Content-Type": "application/x-www-form-urlencoded", "user-agent": "PlotlyCloudCLI"},
+            )
+
+            if response.status_code != 200:
+                raise OAuthClientError("Device authorization failed", response.text)
+
+            return response.json()
+
+    async def poll_for_authentication(self, device_code: str, interval: int = 5, timeout: int = 300) -> dict:
+        """Poll for authentication completion with exponential backoff."""
+        start_time = time.time()
+        current_interval = interval
+        max_interval = 30  # Maximum polling interval
+
+        spinner = Spinner("dots", text="⏳ Waiting for authorization...")
+
+        with Live(spinner, console=console, refresh_per_second=4):
+            while time.time() - start_time < timeout:
+                token_data = {
+                    "client_id": self.client_id,
+                    "device_code": device_code,
+                    "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
+                }
+
+                async with httpx.AsyncClient() as client:
+                    response = await client.post(
+                        f"{WORKOS_API_BASE_URL}{WORKOS_ENDPOINTS['AUTHENTICATE']}",
+                        data=token_data,
+                        headers={"Content-Type": "application/x-www-form-urlencoded", "user-agent": "PlotlyCloudCLI"},
+                    )
+
+                    if response.status_code == 200:
+                        return response.json()
+
+                    response_data = response.json()
+                    error = response_data.get("error", "unknown_error")
+
+                    if error == "authorization_pending":
+                        # Continue polling
+                        await asyncio.sleep(current_interval)
+                        # Implement exponential backoff
+                        current_interval = min(current_interval * 1.5, max_interval)
+                        continue
+                    elif error == "slow_down":
+                        # Slow down polling
+                        current_interval = min(current_interval * 2, max_interval)
+                        spinner.text = f"🐌 Slowing down polling to {current_interval}s..."
+                        await asyncio.sleep(current_interval)
+                        spinner.text = "⏳ Waiting for authorization..."
+                        continue
+                    elif error == "expired_token":
+                        raise TokenError("Device code expired. Please try again.")
+                    elif error == "access_denied":
+                        raise OAuthClientError("Access denied by user.")
+                    else:
+                        raise OAuthClientError("Authentication failed", error)
+
+        raise TimeoutError("Authentication timed out. Please try again.")
+
+    async def login(self, open_browser: bool = True, provider: str = DEFAULT_AUTH_PROVIDER) -> dict:
+        """Perform CLI Auth device flow login."""
+
+        # Step 1: Request device authorization
+        device_auth = await self.request_device_authorization(provider)
+
+        device_code = device_auth["device_code"]
+        user_code = device_auth["user_code"]
+        verification_uri = device_auth["verification_uri"]
+        verification_uri_complete = device_auth["verification_uri_complete"]
+        expires_in = device_auth.get("expires_in", 300)
+        interval = device_auth.get("interval", 5)
+
+        # Step 2: Display user code and verification URI in a panel
+        panel_content = (
+            f"\n🌐 Verification URL: "
+            f"[underline blue]{verification_uri}[/underline blue]\n"
+            f"\n🔑 Device Code: [bold yellow]{user_code}[/bold yellow]\n"
+        )
+
+        if open_browser:
+            panel_title = "🔐 Logging in to Plotly Cloud..."
+            webbrowser.open(verification_uri_complete)
+        else:
+            panel_title = "📋 Please open the URL in your browser to authenticate"
+
+        console.print()
+        console.print(
+            Panel(
+                panel_content,
+                title=panel_title,
+                border_style="dim yellow",
+                title_align="left",
+            )
+        )
+        console.print()
+        console.print()
+
+        # Step 3: Poll for authentication completion
+        try:
+            tokens = await self.poll_for_authentication(device_code, interval, expires_in)
+        except (OAuthClientError, TokenError, TimeoutError) as e:
+            console.print(f"✗ Authentication failed: {e}")
+            raise
+
+        # Step 4: Save credentials
+        await self._save_credentials(tokens)
+
+        return tokens
+
+    async def _save_credentials(self, credentials: dict):
+        """Save credentials to file."""
+        try:
+            # Ensure parent directory exists
+            self.credentials_path.parent.mkdir(exist_ok=True)
+
+            # Write credentials
+            with open(self.credentials_path, "w") as f:
+                json.dump(credentials, f, indent=2)
+
+            # Set secure permissions (readable only by owner)
+            os.chmod(self.credentials_path, 0o600)
+
+        except Exception as e:
+            raise CredentialError("Failed to save credentials", str(e)) from e
+
+    async def load_credentials(self) -> Optional[dict]:
+        """Load saved credentials."""
+        try:
+            if not self.credentials_path.exists():
+                return None
+
+            with open(self.credentials_path) as f:
+                return json.load(f)
+
+        except Exception as e:
+            console.print(f"✗ Failed to load credentials: {e}")
+            return None
+
+    async def logout(self):
+        """Logout and clear credentials."""
+        credentials = await self.load_credentials()
+
+        if credentials and "access_token" in credentials:
+            # Call WorkOS logout endpoint
+            try:
+                async with httpx.AsyncClient() as client:
+                    await client.post(
+                        f"{WORKOS_API_BASE_URL}{WORKOS_ENDPOINTS['LOGOUT']}",
+                        headers={
+                            "Authorization": f"Bearer {credentials['access_token']}",
+                            "user-agent": "PlotlyCloudCLI",
+                        },
+                    )
+            except Exception as e:
+                console.print(f"⚠ Failed to logout from remote: {e}")
+                # Continue with local cleanup even if remote logout fails
+
+        # Clear local credentials
+        if self.credentials_path.exists():
+            self.credentials_path.unlink()
+            console.print("Local credentials cleared")
+
+    async def is_authenticated(self) -> bool:
+        """Check if user is authenticated."""
+        credentials = await self.load_credentials()
+        return credentials is not None and "access_token" in credentials
+
+    async def get_access_token(self) -> Optional[str]:
+        """Get current access token."""
+        credentials = await self.load_credentials()
+        if credentials:
+            return credentials.get("access_token")
+        return None
+
+    async def refresh_access_token(self) -> str:
+        """Refresh the access token using the refresh token.
+
+        Raises:
+            TokenError: If no refresh token available or refresh fails
+        """
+        credentials = await self.load_credentials()
+        if not credentials or "refresh_token" not in credentials:
+            raise TokenError("No refresh token available")
+
+        refresh_token = credentials["refresh_token"]
+
+        async with httpx.AsyncClient() as client:
+            response = await client.post(
+                f"{WORKOS_API_BASE_URL}{WORKOS_ENDPOINTS['REFRESH_TOKEN']}",
+                data={
+                    "client_id": self.client_id,
+                    "grant_type": "refresh_token",
+                    "refresh_token": refresh_token,
+                },
+                headers={"Content-Type": "application/x-www-form-urlencoded", "user-agent": "PlotlyCloudCLI"},
+            )
+
+            if response.status_code == 200:
+                new_tokens = response.json()
+                # Update stored credentials with new tokens
+                credentials.update(new_tokens)
+                await self._save_credentials(credentials)
+                return new_tokens["access_token"]
+            else:
+                raise TokenError("Token refresh failed", response.text)
+
+    @property
+    def access_token(self) -> Optional[str]:
+        """Synchronous property to get access token for backward compatibility."""
+        # This is a simplified sync version for compatibility
+        # In practice, you should use get_access_token() async method
+        try:
+            if self.credentials_path.exists():
+                with open(self.credentials_path) as f:
+                    credentials = json.load(f)
+                return credentials.get("access_token")
+        except Exception:
+            pass
+        return None

plotly_cloud/_parser.py

@@ -0,0 +1,171 @@
+"""Simple argument parser to replace argparse."""
+
+import sys
+from typing import Any, List
+
+from plotly_cloud._definitions import CommandArgument
+
+
+class ParsedArguments:
+    """Simple namespace for parsed command arguments."""
+
+    def __init__(self, **kwargs: Any) -> None:
+        object.__setattr__(self, "_data", kwargs)
+
+    def __getattribute__(self, name: str) -> Any:
+        """Get attribute from internal data storage."""
+        if name == "_data":
+            return object.__getattribute__(self, name)
+        data = object.__getattribute__(self, "_data")
+        if name in data:
+            return data[name]
+        raise AttributeError(f"'{self.__class__.__name__}' object has no attribute '{name}'")
+
+    def __setattr__(self, name: str, value: Any) -> None:
+        """Set attribute in internal data storage."""
+        if name == "_data":
+            object.__setattr__(self, name, value)
+        else:
+            if not hasattr(self, "_data"):
+                object.__setattr__(self, "_data", {})
+            self._data[name] = value
+
+
+def parse_group_and_command() -> tuple[str, str, int]:
+    """Parse group and command from command line.
+
+    Returns:
+        Tuple of (group, command, start_index) where start_index is where to start parsing args
+    """
+    args = sys.argv[1:]
+
+    # Parse group and command first (if present)
+    if len(args) >= 2 and not args[0].startswith("-") and not args[1].startswith("-"):
+        return args[0], args[1], 3  # Skip group and command for further parsing
+    elif len(args) >= 1 and not args[0].startswith("-"):
+        return args[0], "help", 2  # Default to help if only group provided
+    else:
+        return "help", "help", 1  # Default to help if no group provided
+
+
+def parse_args(command_arguments: List[CommandArgument], args_index=3) -> ParsedArguments:
+    """Parse command line arguments starting after group and command.
+
+    Args:
+        command_arguments: List of CommandArgument definitions
+
+    Returns:
+        ParsedArguments with all argument keys set
+    """
+    # Start parsing after group and command (sys.argv[3:])
+    args = sys.argv[args_index:]
+    result = {}
+
+    # Separate positional and optional arguments
+    positional_args = [arg for arg in command_arguments if not arg["name"].startswith("-")]
+    optional_args = [arg for arg in command_arguments if arg["name"].startswith("-")]
+
+    # Initialize all arguments with their defaults
+    for arg_spec in command_arguments:
+        name = arg_spec["name"]
+        # Convert argument name to dictionary key (remove -- and convert - to _)
+        if name.startswith("--"):
+            key = name[2:].replace("-", "_")
+        elif name.startswith("-"):
+            key = name[1:].replace("-", "_")
+        else:
+            key = name.replace("-", "_")
+
+        result[key] = arg_spec.get("default")
+
+    # Add global verbose flag and help flag
+    result["verbose"] = False
+    result["help"] = False
+
+    # Check if the first argument is "help" and handle it specially
+    if len(args) > 0 and args[0] == "help":
+        result["help"] = True
+        args = args[1:]  # Skip the "help" argument
+
+    # Track positional arguments
+    positional_index = 0
+    i = 0
+    while i < len(args):
+        arg = args[i]
+
+        if arg in ["--verbose", "-v"]:
+            result["verbose"] = True
+            i += 1
+            continue
+
+        if arg in ["--help", "-h"]:
+            result["help"] = True
+            i += 1
+            continue
+
+        # Check if this is an optional argument
+        if arg.startswith("-"):
+            # Find matching optional argument specification
+            arg_spec = None
+            for spec in optional_args:
+                if spec["name"] == arg:
+                    arg_spec = spec
+                    break
+
+            if not arg_spec:
+                # Skip unknown arguments for now
+                i += 1
+                continue
+
+            # Get the key name
+            name = arg_spec["name"]
+            if name.startswith("--"):
+                key = name[2:].replace("-", "_")
+            elif name.startswith("-"):
+                key = name[1:].replace("-", "_")
+            else:
+                key = name.replace("-", "_")
+
+            action = arg_spec.get("action", "store")
+
+            if action == "store_true":
+                result[key] = True
+                i += 1
+            elif action == "store":
+                # Get the next argument as the value
+                if i + 1 < len(args):
+                    value = args[i + 1]
+                    arg_type = arg_spec.get("type")
+                    if arg_type and callable(arg_type):
+                        try:
+                            value = arg_type(value)
+                        except (ValueError, TypeError):
+                            pass  # Keep as string if conversion fails
+                    result[key] = value
+                    i += 2
+                else:
+                    i += 1
+            else:
+                i += 1
+        else:
+            # This is a positional argument
+            if positional_index < len(positional_args):
+                arg_spec = positional_args[positional_index]
+                name = arg_spec["name"]
+                key = name.replace("-", "_")
+
+                # Apply type conversion if specified
+                value = arg
+                arg_type = arg_spec.get("type")
+                if arg_type and callable(arg_type):
+                    try:
+                        value = arg_type(value)
+                    except (ValueError, TypeError):
+                        pass  # Keep as string if conversion fails
+
+                result[key] = value
+                positional_index += 1
+
+            i += 1
+
+    return ParsedArguments(**result)