PyPI - pypomes-iam - Versions diffs - 0.0.2__py3-none-any.whl → 0.0.4__py3-none-any.whl - Mend

pypomes-iam 0.0.2py3-none-any.whl → 0.0.4py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pypomes-iam might be problematic. Click here for more details.

Files changed (7) hide show

pypomes_iam/__init__.py CHANGED Viewed

@@ -1,5 +1,5 @@
 from iam_jusbr import (
-    jusbr_setup, jusbr_get_token
+    jusbr_setup, jusbr_get_token, jusbr_set_scope
 )
 from .iam_provider import (
     provider_register, provider_get_token
@@ -7,7 +7,7 @@ from .iam_provider import (
 __all__ = [
     # iam_jusbr
-    "jusbr_setup", "jusbr_get_token",
+    "jusbr_setup", "jusbr_get_token", "jusbr_set_scope",
     # jwt_provider
     "provider_register", "provider_get_token"
 ]

pypomes_iam/iam_jusbr.py CHANGED Viewed

@@ -110,28 +110,28 @@ def jusbr_setup(flask_app: Flask,
     if token_endpoint:
         flask_app.add_url_rule(rule=token_endpoint,
                                endpoint="jusbr-token",
-                               view_func=jusbr_token,
+                               view_func=service_token,
                                methods=["GET"])
     if login_endpoint:
         flask_app.add_url_rule(rule=login_endpoint,
                                endpoint="jusbr-login",
-                               view_func=jusbr_login,
+                               view_func=service_login,
                                methods=["GET"])
     if logout_endpoint:
         flask_app.add_url_rule(rule=logout_endpoint,
                                endpoint="jusbr-logout",
-                               view_func=jusbr_logout,
+                               view_func=service_logout,
                                methods=["GET"])
     if callback_endpoint:
         flask_app.add_url_rule(rule=callback_endpoint,
                                endpoint="jusbr-callback",
-                               view_func=jusbr_callback,
+                               view_func=service_callback,
                                methods=["POST"])
 # @flask_app.route(rule=<login_endpoint>,  # JUSBR_LOGIN_ENDPOINT: /iam/jusbr:login
 #                  methods=["GET"])
-def jusbr_login() -> Response:
+def service_login() -> Response:
     """
     Entry point for the JusBR login service.
@@ -139,22 +139,20 @@ def jusbr_login() -> Response:
     :return: the response from the redirect operation
     """
+    global _jusbr_registry
     # retrieve user id
     input_params: dict[str, Any] = request.values
     user_id: str = input_params.get("user-id") or input_params.get("login")
     # retrieve user data
-    global _jusbr_registry
-    user_data: dict[str, Any] = _jusbr_registry["users"].get(user_id)
-    if not user_data:
-        user_data = {"access-expiration": int(datetime.now(tz=TZ_LOCAL).timestamp())}
-        _jusbr_registry["users"][user_id] = user_data
+    user_data: dict[str, Any] = __get_user_data(user_id=user_id,
+                                                logger=_logger)
     # build redirect url
     oauth_state: str = "".join(secrets.choice(string.ascii_letters + string.digits) for _ in range(16))
-    login_timeout: int = _jusbr_registry.get("login-timeout")
+    timeout: int = __get_login_timeout()
     safe_cache: Cache
-    if isinstance(login_timeout, int) and login_timeout > 0:
+    if timeout:
         safe_cache = TTLCache(maxsize=16,
                               ttl=600)
     else:
@@ -174,32 +172,32 @@ def jusbr_login() -> Response:
 # @flask_app.route(rule=<login_endpoint>,  # JUSBR_LOGIN_ENDPOINT: /iam/jusbr:logout
 #                  methods=["GET"])
-def jusbr_logout() -> Response:
+def service_logout() -> Response:
     """
     Entry point for the JusBR logout service.
-    Delete all data associating the user with JusBR.
+    Remove all data associating the user with JusBR from the registry.
     :return: the response from the redirect operation
     """
+    global _jusbr_registry
     # retrieve user id
     input_params: dict[str, Any] = request.values
     user_id: str = input_params.get("user-id") or input_params.get("login")
-    # retrieve user data
-    global _jusbr_registry
+    # remove user data
     if user_id in _jusbr_registry.get("users"):
         _jusbr_registry.pop(user_id)
-        logger: Logger = _jusbr_registry.get("logger")
-        if logger:
-            logger.debug(f"User '{user_id}' removed from the registry")
+        if _logger:
+            _logger.debug(f"User '{user_id}' removed from the registry")
     return Response(status=200)
 # @flask_app.route(rule=<callback_endpoint>,  # JUSBR_CALLBACK_ENDPOINT: /iam/jusbr:callback
 #                  methods=["POST"])
-def jusbr_callback() -> Response:
+def service_callback() -> Response:
     """
     Entry point for the callback from JusBR on authentication.
@@ -211,10 +209,10 @@ def jusbr_callback() -> Response:
     oauth_state: str = request.args.get("state")
     user_data: dict[str, Any] | None = None
     if oauth_state:
-        for user in _jusbr_registry.get("users"):
+        for data in _jusbr_registry.get("users"):
             safe_cache: Cache = user_data.get("cache-obj")
             if safe_cache and oauth_state == safe_cache.get("oauth-state"):
-                user_data = user
+                user_data = data
                 # 'oauth-state' is to be used only once
                 safe_cache["oauth-state"] = None
                 break
@@ -231,10 +229,12 @@ def jusbr_callback() -> Response:
         __post_jusbr(user_data=user_data,
                      body_data=body_data,
                      errors=errors,
-                     logger=_jusbr_registry.get("logger"))
+                     logger=_logger)
     else:
-        # login operation timed-out
-        errors.append("Operation timeout")
+        msg: str = "Unknown OAuth2 code received"
+        if __get_login_timeout():
+            msg += " - possible operation timeout"
+        errors.append(msg)
     result: Response
     if errors:
@@ -248,7 +248,7 @@ def jusbr_callback() -> Response:
 # @flask_app.route(rule=<token_endpoint>,  # JUSBR_TOKEN_ENDPOINT: /iam/jusbr:get-token
 #                  methods=["GET"])
-def jusbr_token() -> Response:
+def service_token() -> Response:
     """
     Entry point for retrieving the JusBR token.
@@ -260,7 +260,7 @@ def jusbr_token() -> Response:
     # retrieve the token
     token: str = jusbr_get_token(user_id=user_id,
-                                 logger=_jusbr_registry.get("logger"))
+                                 logger=_logger)
     result: Response
     if token:
         result = jsonify({"token": token})
@@ -318,17 +318,81 @@ def jusbr_get_token(user_id: str,
     return result
+def jusbr_set_scope(user_id: str,
+                    scope: str,
+                    logger: Logger | None) -> None:
+    """
+    Set the OAuth2 scope of *user_id* to *scope*.
+    :param user_id: the user's identification
+    :param scope: the OAuth2 scope to set to the user
+    :param logger: optional logger
+    """
+    global _jusbr_registry
+    # retrieve user data
+    user_data: dict[str, Any] = __get_user_data(user_id=user_id,
+                                                logger=logger)
+    # set the OAuth2 scope
+    user_data["oauth-scope"] = scope
+    if logger:
+        logger.debug(f"Scope for user '{user_id}' set to '{scope}'")
+def __get_login_timeout() -> int | None:
+    """
+    Retrieve the timeout currently applicable for the login operation.
+    :return: the current login timeout, or *None* if none has been set.
+    """
+    global _jusbr_registry
+    timeout: int = _jusbr_registry.get("login-timeout")
+    return timeout if isinstance(timeout, int) and timeout > 0 else None
+def __get_user_data(user_id: str,
+                    logger: Logger | None) -> dict[str, Any]:
+    """
+    Retrieve the data for *user_id* from the registry.
+    If an entry is not found for *user_id* in the registry, it is created.
+    It will remain there until the user is logged out.
+    :param user_id:
+    :return: the data for *user_id* in the registry
+    """
+    global _jusbr_registry
+    result: dict[str, Any] = _jusbr_registry["users"].get(user_id)
+    if not result:
+        result = {"access-expiration": int(datetime.now(tz=TZ_LOCAL).timestamp())}
+        _jusbr_registry["users"][user_id] = result
+        if logger:
+            logger.debug(f"Entry for user '{user_id}' added to registry")
+    return result
 def __post_jusbr(user_data: dict[str, Any],
                  body_data: dict[str, Any],
                  errors: list[str] | None,
                  logger: Logger | None) -> None:
     """
-    Send a POST request to JusBR to obtain the authorization token.
+    Send a POST request to JusBR to obtain the authentication tokens.
+    For code for token exchange, *body_data* will have the attributes
+        - "grant_type": "authorization_code"
+        - "code": <16-character-random-code>
+        - "redirect_url": <callback-url>
+    For token refresh, *body_data* will have the attributes
+        - "grant_type": "refresh_token"
+        - "refresh_token": <current-refresh-token>
-    If successful, the token data is stored in the registry, and the token itself is returned.
+    If the operation is successful, the token data is stored in the registry.
     Otherwise, *errors* will contain the appropriate error message.
-    :param user_data: the user data in the registry
+    :param user_data: the user's data in the registry
     :param body_data: the data to send in the body of the request
     :param errors: incidental errors
     :param logger: optional logger
@@ -355,28 +419,30 @@ def __post_jusbr(user_data: dict[str, Any],
         # }
         response: requests.Response = requests.post(url=url,
                                                     data=body_data)
-        if response.status_code < 200 or response.status_code >= 300:
-            # request resulted in error, report the problem
-            err_msg = (f"POST '{url}': failed, "
-                       f"status {response.status_code}, reason '{response.reason}'")
-            if response.status_code == 401 and "refresh_token" in body_data:
-                # refresh token is no longer valid
-                safe_cache["refresh-token"] = None
-        else:
+        if response.status_code == 200:
+            # request succeeded
             reply: dict[str, Any] = response.json()
             result = reply.get("access_token")
             safe_cache: Cache = FIFOCache(maxsize=1024)
             safe_cache["access-token"] = result
-            safe_cache["refresh-token"] = reply.get("refresh_token")
+            # on token refresh, keep current refresh token if a new one is not provided
+            safe_cache["refresh-token"] = reply.get("refresh_token") or body_data.get("refresh_token")
             user_data["cache-obj"] = safe_cache
             user_data["access-expiration"] = now + reply.get("expires_in")
             if logger:
                 logger.debug(msg=f"POST '{url}': status {response.status_code}")
+        else:
+            # request resulted in error
+            err_msg = (f"POST '{url}': failed, "
+                       f"status {response.status_code}, reason '{response.reason}'")
+            if response.status_code == 401 and "refresh_token" in body_data:
+                # refresh token is no longer valid
+                safe_cache["refresh-token"] = None
     except Exception as e:
         # the operation raised an exception
         err_msg = exc_format(exc=e,
                              exc_info=sys.exc_info())
-        err_msg = f"POST '{url}': error, '{err_msg}'"
+        err_msg = f"POST '{url}': error '{err_msg}'"
     if err_msg:
         if isinstance(errors, list):

{pypomes_iam-0.0.2.dist-info → pypomes_iam-0.0.4.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_iam
-Version: 0.0.2
+Version: 0.0.4
 Summary: A collection of Python pomes, penyeach (IAM modules)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues

pypomes_iam-0.0.4.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,7 @@
+pypomes_iam/__init__.py,sha256=mOQCIgHLA7a-_7gkWoDCzaPYtaj48KPhcAlLJKe6lPo,475
+pypomes_iam/iam_jusbr.py,sha256=uAozBLp7FjZhLyLYrh-QLX_ero5odeRdN0larJ_C28k,17000
+pypomes_iam/iam_provider.py,sha256=eP8XzjTUEpwejTkO0wmDiqKjqbIEOzRNCR2ju5E15og,5856
+pypomes_iam-0.0.4.dist-info/METADATA,sha256=28FoyyBfzPQdngdU_Jxe6C7n8OQAdSA9k2_pcj-aHhc,628
+pypomes_iam-0.0.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+pypomes_iam-0.0.4.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
+pypomes_iam-0.0.4.dist-info/RECORD,,

pypomes_iam-0.0.2.dist-info/RECORD DELETED Viewed

@@ -1,7 +0,0 @@
-pypomes_iam/__init__.py,sha256=LoBYDB2Jl5urH8HK2S5bPCPwb4O417xmCkoz6rF0VG4,439
-pypomes_iam/iam_jusbr.py,sha256=VSXWTOhdXU-UwBY2swU8FSu90iaRJeZtGkyqai0bMVQ,14897
-pypomes_iam/iam_provider.py,sha256=eP8XzjTUEpwejTkO0wmDiqKjqbIEOzRNCR2ju5E15og,5856
-pypomes_iam-0.0.2.dist-info/METADATA,sha256=292VOclyq-Y0kyrPDGsBEb8tUhxGcK_Mxz8CCslr_1U,628
-pypomes_iam-0.0.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-pypomes_iam-0.0.2.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
-pypomes_iam-0.0.2.dist-info/RECORD,,

{pypomes_iam-0.0.2.dist-info → pypomes_iam-0.0.4.dist-info}/WHEEL RENAMED Viewed

File without changes

{pypomes_iam-0.0.2.dist-info → pypomes_iam-0.0.4.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

pypomes-iam 0.0.2__py3-none-any.whl → 0.0.4__py3-none-any.whl

Potentially problematic release.

pypomes-iam 0.0.2py3-none-any.whl → 0.0.4py3-none-any.whl