PyPI - pypomes-iam - Versions diffs - 0.1.8__py3-none-any.whl → 0.2.0__py3-none-any.whl - Mend

pypomes-iam 0.1.8py3-none-any.whl → 0.2.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pypomes-iam might be problematic. Click here for more details.

Files changed (10) hide show

pypomes_iam/__init__.py +5 -0
pypomes_iam/common_pomes.py +331 -19
pypomes_iam/iam_pomes.py +176 -0
pypomes_iam/jusbr_pomes.py +34 -358
pypomes_iam/keycloak_pomes.py +43 -208
{pypomes_iam-0.1.8.dist-info → pypomes_iam-0.2.0.dist-info}/METADATA +2 -2
pypomes_iam-0.2.0.dist-info/RECORD +11 -0
pypomes_iam-0.1.8.dist-info/RECORD +0 -10
{pypomes_iam-0.1.8.dist-info → pypomes_iam-0.2.0.dist-info}/WHEEL +0 -0
{pypomes_iam-0.1.8.dist-info → pypomes_iam-0.2.0.dist-info}/licenses/LICENSE +0 -0

pypomes_iam/keycloak_pomes.py CHANGED Viewed

@@ -1,18 +1,13 @@
-import secrets
-import string
-# import sys
 from cachetools import FIFOCache
 from datetime import datetime
-from flask import Flask, Response, redirect, request, jsonify
+from flask import Flask
 from logging import Logger
 from pypomes_core import (
     APP_PREFIX, TZ_LOCAL, env_get_int, env_get_str
 )
 from typing import Any, Final
-from .common_pomes import (
-    _get_login_timeout, _get_public_key, _get_user_data, _user_logout, _log_init
-)
+from .common_pomes import _service_token, _get_user_data
 KEYCLOAK_CLIENT_ID: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_CLIENT_ID")
 KEYCLOAK_CLIENT_SECRET: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_CLIENT_SECRET")
@@ -43,22 +38,25 @@ KEYCLOAK_URL_AUTH_CALLBACK: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK
 #    "key-expiration": <int>,
 #    "base-url": <str>,
 #    "callback-url": <str>,
+#    "safe-cache": <FIFOCache>
+# }
+# data in "safe-cache":
+# {
 #    "users": {
 #       "<user-id>": {
-#         "cache-obj": <FIFOCache>,
+#         "access-token": <str>
+#         "refresh-token": <str>
 #         "access-expiration": <timestamp>,
-#         "login-expiration": <int>,  <-- transient
-#         "login-id": <str>,          <-- transient
-#         data in <FIFOCache>:
-#           "access-token": <str>
-#           "refresh-token": <str>
+#         "login-expiration": <timestamp>,   <-- transient
+#         "login-id": <str>,                 <-- transient
+#         "oauth-scope": <str>               <-- optional
 #       }
 #    }
 # }
 _keycloak_registry: dict[str, Any] = {}
 # dafault logger
-_logger: Logger | None = None
+_keycloak_logger: Logger | None = None
 def keycloak_setup(flask_app: Flask,
@@ -93,11 +91,11 @@ def keycloak_setup(flask_app: Flask,
     :param callback_url: URL for Keycloak to callback on login
     :param logger: optional logger
     """
-    global _keycloak_registry
+    from .iam_pomes import service_login, service_logout, service_callback, service_token
+    global _keycloak_logger, _keycloak_registry
     # establish the logger
-    global _logger
-    _logger = logger
+    _keycloak_logger = logger
     # configure the JusBR registry
     _keycloak_registry = {
@@ -108,7 +106,7 @@ def keycloak_setup(flask_app: Flask,
         "callback-url": callback_url,
         "key-expiration": int(datetime.now(tz=TZ_LOCAL).timestamp()),
         "key-lifetime": public_key_lifetime,
-        "users": []
+        "safe-cache": FIFOCache(maxsize=1048576)
     }
     # establish the endpoints
@@ -134,207 +132,44 @@ def keycloak_setup(flask_app: Flask,
                                methods=["POST"])
-# @flask_app.route(rule=<login_endpoint>,  # KEYCLOAK_LOGIN_ENDPOINT: /iam/keycloak:login
-#                  methods=["GET"])
-def service_login() -> Response:
-    """
-    Entry point for the Keycloak login service.
-    Redirect the request to the Keycloak authentication page, with the appropriate parameters.
-    :return: the response from the redirect operation
-    """
-    global _keycloak_registry
-    # log the request
-    if _logger:
-        msg: str = _log_init(request=request)
-        _logger.debug(msg=msg)
-    # build the OAuth2 state, and temporarily use it as 'user_id'
-    oauth_state: str = "".join(secrets.choice(string.ascii_letters + string.digits) for _ in range(16))
-    # obtain the user data
-    user_data: dict[str, Any] = _get_user_data(registry=_keycloak_registry,
-                                               user_id=oauth_state,
-                                               logger=_logger)
-    # build the redirect url
-    timeout: int = _get_login_timeout(registry=_keycloak_registry)
-    safe_cache: FIFOCache
-    if timeout:
-        safe_cache = FIFOCache(maxsize=16)
-    else:
-        safe_cache = FIFOCache(maxsize=16)
-    safe_cache["valid"] = True
-    user_data["cache-obj"] = safe_cache
-    auth_url: str = (
-        f"{_keycloak_registry["base-url"]}/protocol/openid-connect/auth"
-        f"?client_id={_keycloak_registry["client-id"]}"
-        f"&response_type=code"
-        f"&scope=openid"
-        f"&redirect_uri={_keycloak_registry["callback-url"]}"
-    )
-    # redirect the request
-    result: Response = redirect(location=auth_url)
-    # log the response
-    if _logger:
-        _logger.debug(msg=f"Response {result}")
-    return result
-# @flask_app.route(rule=<login_endpoint>,  # KEYCLOAK_LOGIN_ENDPOINT: /iam/keycloak:logout
-#                  methods=["GET"])
-def service_logout() -> Response:
-    """
-    Entry point for the Keycloak logout service.
-    Remove all data associating the user with Keycloak from the registry.
-    :return: response *OK*
-    """
-    global _keycloak_registry
-    # log the request
-    if _logger:
-        msg: str = _log_init(request=request)
-        _logger.debug(msg=msg)
-    # retrieve the user id
-    input_params: dict[str, Any] = request.args
-    user_id: str = input_params.get("user-id") or input_params.get("login")
-    # logout the user
-    _user_logout(registry=_keycloak_registry,
-                 user_id=user_id,
-                 logger=_logger)
-    result: Response = Response(status=200)
-    # log the response
-    if _logger:
-        _logger.debug(msg=f"Response {result}")
-    return result
-# @flask_app.route(rule=<callback_endpoint>,  # KEYCLOAK_CALLBACK_ENDPOINT: /iam/keycloak:callback
-#                  methods=["POST"])
-def service_callback() -> Response:
+def keycloak_get_token(user_id: str,
+                       errors: list[str] = None,
+                       logger: Logger = None) -> str:
     """
-    Entry point for the callback from Keycloak on authentication operation.
+    Retrieve a Keycloak authentication token for *user_id*.
-    :return: the response containing the token, or *NOT AUTHORIZED*
+    :param user_id: the user's identification
+    :param errors: incidental errors
+    :param logger: optional logger
+    :return: the uthentication tokem
     """
     global _keycloak_registry
-    from .token_pomes import token_validate
-    # log the request
-    if _logger:
-        msg: str = _log_init(request=request)
-        _logger.debug(msg=msg)
-    # validate the OAuth2 state
-    oauth_state: str = request.args.get("state")
-    user_id: str | None = None
-    user_data: dict[str, Any] | None = None
-    if oauth_state:
-        for user, data in _keycloak_registry.get("users").items():
-            safe_cache: FIFOCache = data.get("cache-obj")
-            if user == oauth_state:
-                if data.get("valid"):
-                    user_id = user
-                    user_data = data
-                else:
-                    msg = "Operation timeout"
-                break
-    # exchange 'code' for the token
-    token: str | None = None
-    errors: list[str] = []
-    if user_data:
-        code: str = request.args.get("code")
-        body_data: dict[str, Any] = {
-            "grant_type": "authorization_code",
-            "code": code,
-            "redirec_url": _keycloak_registry.get("callback-url"),
-        }
-        # token = __post_jusbr(user_data=user_data,
-        #                      body_data=body_data,
-        #                      errors=errors,
-        #                      logger=_logger)
-        # retrieve the token's claims
-        if not errors:
-            public_key: bytes = _get_public_key(registry=_keycloak_registry,
-                                                url=_keycloak_registry["base-url"],
-                                                logger=_logger)
-            token_claims: dict[str, dict[str, Any]] = token_validate(token=token,
-                                                                     issuer=_keycloak_registry["base-url"],
-                                                                     public_key=public_key,
-                                                                     errors=errors,
-                                                                     logger=_logger)
-            if not errors:
-                token_user: str = token_claims["payload"].get("preferred_username")
-                if user_id == oauth_state:
-                    user_id = token_user
-                    _keycloak_registry["users"][user_id] = _keycloak_registry["users"].pop(oauth_state)
-                elif token_user != user_id:
-                    errors.append(f"Token was issued to user '{token_user}'")
-    else:
-        msg: str = "Unknown OAuth2 code received"
-        if _get_login_timeout(registry=_keycloak_registry):
-            msg += " - possible operation timeout"
-        errors.append(msg)
-    result: Response
-    if errors:
-        result = jsonify({"errors": "; ".join(errors)})
-        result.status_code = 400
-    else:
-        result = jsonify({
-            "user_id": user_id,
-            "access_token": token})
+    # retrieve the token
+    args: dict[str, Any] = {"user-id": user_id}
+    return _service_token(registry=_keycloak_registry,
+                          args=args,
+                          errors=errors,
+                          logger=logger)
-    # log the response
-    if _logger:
-        _logger.debug(msg=f"Response {result}")
-    return result
-# @flask_app.route(rule=<token_endpoint>,  # JUSBR_TOKEN_ENDPOINT: /iam/jusbr:get-token
-#                  methods=["GET"])
-def service_token() -> Response:
-    """
-    Entry point for retrieving the Keycloak token.
-    :return: the response containing the token, or *UNAUTHORIZED*
-    """
-    # log the request
-    if _logger:
-        msg: str = _log_init(request=request)
-        _logger.debug(msg=msg)
-    # retrieve the user id
-    input_params: dict[str, Any] = request.args
-    _user_id: str = input_params.get("user-id") or input_params.get("login")
-    return Response()
-def keycloak_get_token(user_id: str,
-                       errors: list[str] = None,
-                       logger: Logger = None) -> str:
+def keycloak_set_scope(user_id: str,
+                       scope: str,
+                       logger: Logger | None) -> None:
     """
-    Retrieve the authentication token for user *user_id*.
+    Set the OAuth2 scope of *user_id* to *scope*.
     :param user_id: the user's identification
-    :param errors: incidental error messages
+    :param scope: the OAuth2 scope to set to the user
     :param logger: optional logger
-    :return: the token for *user_id*, or *None* if error
     """
     global _keycloak_registry
-    # initialize the return variable
-    result: str | None = None
-    return result
+    # retrieve user data
+    user_data: dict[str, Any] = _get_user_data(registry=_keycloak_registry,
+                                               user_id=user_id,
+                                               logger=logger)
+    # set the OAuth2 scope
+    user_data["oauth-scope"] = scope
+    if logger:
+        logger.debug(msg=f"Scope for user '{user_id}' set to '{scope}'")

{pypomes_iam-0.1.8.dist-info → pypomes_iam-0.2.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_iam
-Version: 0.1.8
+Version: 0.2.0
 Summary: A collection of Python pomes, penyeach (IAM modules)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues
@@ -13,6 +13,6 @@ Requires-Python: >=3.12
 Requires-Dist: cachetools>=6.2.1
 Requires-Dist: flask>=3.1.2
 Requires-Dist: pyjwt>=2.10.1
-Requires-Dist: pypomes-core>=2.8.0
+Requires-Dist: pypomes-core>=2.8.1
 Requires-Dist: pypomes-crypto>=0.4.8
 Requires-Dist: requests>=2.32.5

pypomes_iam-0.2.0.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,11 @@
+pypomes_iam/__init__.py,sha256=ieysDaKOQc3B50PvChh8DLDG5R3XgbTzX3bU0ekGoUk,760
+pypomes_iam/common_pomes.py,sha256=bLDaoWM5KLccxsNSyiK5UbXRNBgqsQ7TB0Q4Nc72QoI,16415
+pypomes_iam/iam_pomes.py,sha256=THztlEWObDY4_L8GHQem2uX5J8_44XEP-mUg2Fi_Gx0,5527
+pypomes_iam/jusbr_pomes.py,sha256=R-i0FatmlvTp3UszUrrz2L3BQRkZue8F9Nfy0i4cKHw,7084
+pypomes_iam/keycloak_pomes.py,sha256=TCye3E4xijyisgG-vKoJOhXywNgdyzTuuVzFjNbaJ3I,7490
+pypomes_iam/provider_pomes.py,sha256=eP8XzjTUEpwejTkO0wmDiqKjqbIEOzRNCR2ju5E15og,5856
+pypomes_iam/token_pomes.py,sha256=McjKB8omCjuicenwvDVPiWYu3-7gQeLg1AzgAVKK32M,4309
+pypomes_iam-0.2.0.dist-info/METADATA,sha256=nnSivBbIIMIyu5rSSXr5aQq8S1HhcF9xgb3WFeIx-jA,694
+pypomes_iam-0.2.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+pypomes_iam-0.2.0.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
+pypomes_iam-0.2.0.dist-info/RECORD,,

pypomes_iam-0.1.8.dist-info/RECORD DELETED Viewed

@@ -1,10 +0,0 @@
-pypomes_iam/__init__.py,sha256=lHnqNqW1stQjcM6cr9wf3GGnw5_zGf1HN3zyHGb8PCA,577
-pypomes_iam/common_pomes.py,sha256=kdzyEJX275SmMa_zi6AJaC9gVxlXcOailyantPvNOyQ,3908
-pypomes_iam/jusbr_pomes.py,sha256=kNgAgQAMDdODoNO4XKrSggFwQ7R2ID-LLz7tmT3PXH4,19510
-pypomes_iam/keycloak_pomes.py,sha256=m4jM_4c_McVg74T7JG7j3tbMo9Yxp6IKgt8TuauIp7o,13204
-pypomes_iam/provider_pomes.py,sha256=eP8XzjTUEpwejTkO0wmDiqKjqbIEOzRNCR2ju5E15og,5856
-pypomes_iam/token_pomes.py,sha256=McjKB8omCjuicenwvDVPiWYu3-7gQeLg1AzgAVKK32M,4309
-pypomes_iam-0.1.8.dist-info/METADATA,sha256=fjisTEC7XbvWn37I-2Jez6vtk7Uo83Q1WCjq172hOok,694
-pypomes_iam-0.1.8.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-pypomes_iam-0.1.8.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
-pypomes_iam-0.1.8.dist-info/RECORD,,

{pypomes_iam-0.1.8.dist-info → pypomes_iam-0.2.0.dist-info}/WHEEL RENAMED Viewed

File without changes

{pypomes_iam-0.1.8.dist-info → pypomes_iam-0.2.0.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

pypomes-iam 0.1.8__py3-none-any.whl → 0.2.0__py3-none-any.whl

Potentially problematic release.

pypomes-iam 0.1.8py3-none-any.whl → 0.2.0py3-none-any.whl