PyPI - pypomes-iam - Versions diffs - 0.1.9__tar.gz → 0.2.1__tar.gz - Mend

pypomes-iam 0.1.9tar.gz → 0.2.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pypomes-iam might be problematic. Click here for more details.

Files changed (12) hide show

{pypomes_iam-0.1.9 → pypomes_iam-0.2.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_iam
-Version: 0.1.9
+Version: 0.2.1
 Summary: A collection of Python pomes, penyeach (IAM modules)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues

{pypomes_iam-0.1.9 → pypomes_iam-0.2.1}/pyproject.toml RENAMED Viewed

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 [project]
 name = "pypomes_iam"
-version = "0.1.9"
+version = "0.2.1"
 authors = [
   { name="GT Nunes", email="wisecoder01@gmail.com" }
 ]

{pypomes_iam-0.1.9 → pypomes_iam-0.2.1}/src/pypomes_iam/__init__.py RENAMED Viewed

@@ -1,8 +1,8 @@
 from .jusbr_pomes import (
-    jusbr_setup, jusbr_get_token, jusbr_set_scope
+    jusbr_setup, jusbr_get_token
 )
 from .keycloak_pomes import (
-    keycloak_setup, keycloak_get_token, keycloak_set_scope
+    keycloak_setup, keycloak_get_token
 )
 from .provider_pomes import (
     provider_register, provider_get_token
@@ -13,9 +13,9 @@ from .token_pomes import (
 __all__ = [
     # jusbr_pomes
-    "jusbr_setup", "jusbr_get_token", "jusbr_set_scope",
+    "jusbr_setup", "jusbr_get_token",
     # keycloak_pomes
-    "keycloak_setup", "keycloak_get_token", "keycloak_set_scope",
+    "keycloak_setup", "keycloak_get_token",
     # provider_pomes
     "provider_register", "provider_get_token",
     # token_pomes

{pypomes_iam-0.1.9 → pypomes_iam-0.2.1}/src/pypomes_iam/common_pomes.py RENAMED Viewed

@@ -31,7 +31,6 @@ from typing import Any
 #         "access-expiration": <timestamp>,
 #         "login-expiration": <timestamp>,   <-- transient
 #         "login-id": <str>,                 <-- transient
-#         "oauth-scope": <str>               <-- optional
 #       }
 #    }
 # }
@@ -132,15 +131,11 @@ def _service_login(registry: dict[str, Any],
     user_data["login-expiration"] = int(datetime.now(tz=TZ_LOCAL).timestamp()) + timeout if timeout else None
     # build the redirect url
-    result: str = (f"{registry["base-url"]}/protocol/openid-connect/auth?response_type=code"
+    result: str = (f"{registry["base-url"]}/protocol/openid-connect/auth"
+                   f"?response_type=code&scope=openid"
                    f"&client_id={registry["client-id"]}"
                    f"&redirect_uri={registry["callback-url"]}"
                    f"&state={oauth_state}")
-    scope: str = _get_user_scope(registry=registry,
-                                 user_id=user_id)
-    if scope:
-        user_data["oauth-scope"] = scope
-        result += f"&scope={scope}"
     # logout the user
     _service_logout(registry=registry,
@@ -304,27 +299,6 @@ def _get_user_data(registry: dict[str, Any],
     return result
-def _get_user_scope(registry: dict[str, Any],
-                    user_id: str) -> str | None:
-    """
-    Retrieve the OAuth2 scope associated with *user_id*.
-    :param registry: the registry holding the authentication data
-    :param user_id:
-    :return: the OAuth2 scope associated with *user_id*, or *None* if it does not exist
-    """
-    # initialize the return variable
-    result: str | None = None
-    if user_id:
-        cache: Cache = registry["safe-cache"]
-        users: dict[str, dict[str, Any]] = cache.get("users")
-        if user_id in users:
-            result = users[user_id].get("oauth2-scope")
-    return result
 def _post_for_token(registry: dict[str, Any],
                     user_data: dict[str, Any],
                     body_data: dict[str, Any],

pypomes_iam-0.2.1/src/pypomes_iam/iam_pomes.py ADDED Viewed

@@ -0,0 +1,176 @@
+from flask import Response, redirect, request, jsonify
+from logging import Logger
+from typing import Any
+from .common_pomes import (
+    _service_login, _service_logout,
+    _service_callback, _service_token, _log_init
+)
+from .jusbr_pomes import _jusbr_logger, _jusbr_registry
+from .keycloak_pomes import _keycloak_logger, _keycloak_registry
+# @flask_app.route(rule=<login_endpoint>,  # JUSBR_LOGIN_ENDPOINT: /iam/jusbr:login
+#                  methods=["GET"])
+# @flask_app.route(rule=<login_endpoint>,  # KEYCLOAK_LOGIN_ENDPOINT: /iam/keycloak:logout
+#                  methods=["GET"])
+def service_login() -> Response:
+    """
+    Entry point for the JusBR login service.
+    Redirect the request to the JusBR authentication page, with the appropriate parameters.
+    :return: the response from the redirect operation
+    """
+    logger: Logger
+    registry: dict[str, Any]
+    if request.endpoint == "jusbr-login":
+        logger = _jusbr_logger
+        registry = _jusbr_registry
+    else:
+        logger = _keycloak_logger
+        registry = _keycloak_registry
+    # log the request
+    if logger:
+        logger.debug(msg=_log_init(request=request))
+    # obtain the redirect URL
+    auth_url: str = _service_login(registry=registry,
+                                   args=request.args,
+                                   logger=logger)
+    # redirect the request
+    result: Response = redirect(location=auth_url)
+    # log the response
+    if logger:
+        logger.debug(msg=f"Response {result}")
+    return result
+# @flask_app.route(rule=<logout_endpoint>,  # JUSBR_LOGOUT_ENDPOINT: /iam/jusbr:logout
+#                  methods=["GET"])
+# @flask_app.route(rule=<login_endpoint>,  # KEYCLOAK_LOGOUT_ENDPOINT: /iam/keycloak:logout
+#                  methods=["GET"])
+def service_logout() -> Response:
+    """
+    Entry point for the JusBR logout service.
+    Remove all data associating the user with JusBR from the registry.
+    :return: response *OK*
+    """
+    logger: Logger
+    registry: dict[str, Any]
+    if request.endpoint == "jusbr-logout":
+        logger = _jusbr_logger
+        registry = _jusbr_registry
+    else:
+        logger = _keycloak_logger
+        registry = _keycloak_registry
+    # log the request
+    if logger:
+        logger.debug(msg=_log_init(request=request))
+    # logout the user
+    _service_logout(registry=registry,
+                    args=request.args,
+                    logger=logger)
+    result: Response = Response(status=200)
+    # log the response
+    if logger:
+        logger.debug(msg=f"Response {result}")
+    return result
+# @flask_app.route(rule=<callback_endpoint>,  # JUSBR_CALLBACK_ENDPOINT: /iam/jusbr:callback
+#                  methods=["GET", "POST"])
+# @flask_app.route(rule=<callback_endpoint>,  # KEYCLOAK_CALLBACK_ENDPOINT: /iam/keycloak:callback
+#                  methods=["POST"])
+def service_callback() -> Response:
+    """
+    Entry point for the callback from JusBR on authentication operation.
+    :return: the response containing the token, or *BAD REQUEST*
+    """
+    logger: Logger
+    registry: dict[str, Any]
+    if request.endpoint == "jusbr-callback":
+        logger = _jusbr_logger
+        registry = _jusbr_registry
+    else:
+        logger = _keycloak_logger
+        registry = _keycloak_registry
+    # log the request
+    if logger:
+        logger.debug(msg=_log_init(request=request))
+    # process the callback operation
+    errors: list[str] = []
+    token_data: tuple[str, str] = _service_callback(registry=registry,
+                                                    args=request.args,
+                                                    errors=errors,
+                                                    logger=logger)
+    result: Response
+    if errors:
+        result = jsonify({"errors": "; ".join(errors)})
+        result.status_code = 400
+    else:
+        result = jsonify({
+            "user_id": token_data[0],
+            "access_token": token_data[1]})
+    # log the response
+    if logger:
+        logger.debug(msg=f"Response {result}")
+    return result
+# @flask_app.route(rule=<token_endpoint>,  # JUSBR_TOKEN_ENDPOINT: /iam/jusbr:get-token
+#                  methods=["GET"])
+# @flask_app.route(rule=<token_endpoint>,  # JUSBR_TOKEN_ENDPOINT: /iam/jusbr:get-token
+#                  methods=["GET"])
+def service_token() -> Response:
+    """
+    Entry point for retrieving the JusBR token.
+    :return: the response containing the token, or *UNAUTHORIZED*
+    """
+    logger: Logger
+    registry: dict[str, Any]
+    if request.endpoint == "jusbr-token":
+        logger = _jusbr_logger
+        registry = _jusbr_registry
+    else:
+        logger = _keycloak_logger
+        registry = _keycloak_registry
+    # log the request
+    if logger:
+        logger.debug(msg=_log_init(request=request))
+    # retrieve the token
+    errors: list[str] = []
+    token: str = _service_token(registry=registry,
+                                args=request.args,
+                                errors=errors,
+                                logger=logger)
+    result: Response
+    if token:
+        result = jsonify({"token": token})
+    else:
+        result = Response("; ".join(errors))
+        result.status_code = 401
+    # log the response
+    if logger:
+        logger.debug(msg=f"Response {result}")
+    return result

{pypomes_iam-0.1.9 → pypomes_iam-0.2.1}/src/pypomes_iam/jusbr_pomes.py RENAMED Viewed

@@ -1,17 +1,13 @@
 from cachetools import FIFOCache
 from datetime import datetime
-from flask import Flask, Response, redirect, request, jsonify
+from flask import Flask
 from logging import Logger
 from pypomes_core import (
     APP_PREFIX, TZ_LOCAL, env_get_int, env_get_str
 )
 from typing import Any, Final
-from .common_pomes import (
-    _service_login, _service_logout,
-    _service_callback, _service_token,
-    _get_user_data, _log_init
-)
+from .common_pomes import _service_token
 JUSBR_CLIENT_ID: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_CLIENT_ID")
 JUSBR_CLIENT_SECRET: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_CLIENT_SECRET")
@@ -52,14 +48,13 @@ JUSBR_URL_AUTH_CALLBACK: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_URL_A
 #         "access-expiration": <timestamp>,
 #         "login-expiration": <timestamp>,   <-- transient
 #         "login-id": <str>,                 <-- transient
-#         "oauth-scope": <str>               <-- optional
 #       }
 #    }
 # }
 _jusbr_registry: dict[str, Any] | None = None
 # dafault logger
-_logger: Logger | None = None
+_jusbr_logger: Logger | None = None
 def jusbr_setup(flask_app: Flask,
@@ -92,12 +87,13 @@ def jusbr_setup(flask_app: Flask,
     :param callback_url: URL for JusBR to callback on login
     :param logger: optional logger
     """
+    from .iam_pomes import service_login, service_logout, service_callback, service_token
+    global _jusbr_logger, _jusbr_registry
     # establish the logger
-    global _logger
     _logger = logger
     # configure the JusBR registry
-    global _jusbr_registry
     _jusbr_registry = {
         "client-id": client_id,
         "client-secret": client_secret,
@@ -110,11 +106,6 @@ def jusbr_setup(flask_app: Flask,
     }
     # establish the endpoints
-    if token_endpoint:
-        flask_app.add_url_rule(rule=token_endpoint,
-                               endpoint="jusbr-token",
-                               view_func=service_token,
-                               methods=["GET"])
     if login_endpoint:
         flask_app.add_url_rule(rule=login_endpoint,
                                endpoint="jusbr-login",
@@ -130,136 +121,11 @@ def jusbr_setup(flask_app: Flask,
                                endpoint="jusbr-callback",
                                view_func=service_callback,
                                methods=["GET", "POST"])
-# @flask_app.route(rule=<login_endpoint>,  # JUSBR_LOGIN_ENDPOINT: /iam/jusbr:login
-#                  methods=["GET"])
-def service_login() -> Response:
-    """
-    Entry point for the JusBR login service.
-    Redirect the request to the JusBR authentication page, with the appropriate parameters.
-    :return: the response from the redirect operation
-    """
-    global _jusbr_registry
-    # log the request
-    if _logger:
-        _logger.debug(msg=_log_init(request=request))
-    # obtain the redirect URL
-    auth_url: str = _service_login(registry=_jusbr_registry,
-                                   args=request.args,
-                                   logger=_logger)
-    # redirect the request
-    result: Response = redirect(location=auth_url)
-    # log the response
-    if _logger:
-        _logger.debug(msg=f"Response {result}")
-    return result
-# @flask_app.route(rule=<login_endpoint>,  # JUSBR_LOGIN_ENDPOINT: /iam/jusbr:logout
-#                  methods=["GET"])
-def service_logout() -> Response:
-    """
-    Entry point for the JusBR logout service.
-    Remove all data associating the user with JusBR from the registry.
-    :return: response *OK*
-    """
-    global _jusbr_registry
-    # log the request
-    if _logger:
-        _logger.debug(msg=_log_init(request=request))
-    # logout the user
-    _service_logout(registry=_jusbr_registry,
-                    args=request.args,
-                    logger=_logger)
-    result: Response = Response(status=200)
-    # log the response
-    if _logger:
-        _logger.debug(msg=f"Response {result}")
-    return result
-# @flask_app.route(rule=<callback_endpoint>,  # JUSBR_CALLBACK_ENDPOINT: /iam/jusbr:callback
-#                  methods=["GET", "POST"])
-def service_callback() -> Response:
-    """
-    Entry point for the callback from JusBR on authentication operation.
-    :return: the response containing the token, or *BAD REQUEST*
-    """
-    global _jusbr_registry
-    # log the request
-    if _logger:
-        _logger.debug(msg=_log_init(request=request))
-    # process the callback operation
-    errors: list[str] = []
-    token_data: tuple[str, str] = _service_callback(registry=_jusbr_registry,
-                                                    args=request.args,
-                                                    errors=errors,
-                                                    logger=_logger)
-    result: Response
-    if errors:
-        result = jsonify({"errors": "; ".join(errors)})
-        result.status_code = 400
-    else:
-        result = jsonify({
-            "user_id": token_data[0],
-            "access_token": token_data[1]})
-    # log the response
-    if _logger:
-        _logger.debug(msg=f"Response {result}")
-    return result
-# @flask_app.route(rule=<token_endpoint>,  # JUSBR_TOKEN_ENDPOINT: /iam/jusbr:get-token
-#                  methods=["GET"])
-def service_token() -> Response:
-    """
-    Entry point for retrieving the JusBR token.
-    :return: the response containing the token, or *UNAUTHORIZED*
-    """
-    global _jusbr_registry
-    # log the request
-    if _logger:
-        _logger.debug(msg=_log_init(request=request))
-    # retrieve the token
-    errors: list[str] = []
-    token: str = _service_token(registry=_jusbr_registry,
-                                args=request.args,
-                                errors=errors,
-                                logger=_logger)
-    result: Response
-    if token:
-        result = jsonify({"token": token})
-    else:
-        result = Response("; ".join(errors))
-        result.status_code = 401
-    # log the response
-    if _logger:
-        _logger.debug(msg=f"Response {result}")
-    return result
+    if token_endpoint:
+        flask_app.add_url_rule(rule=token_endpoint,
+                               endpoint="jusbr-token",
+                               view_func=service_token,
+                               methods=["GET"])
 def jusbr_get_token(user_id: str,
@@ -281,25 +147,3 @@ def jusbr_get_token(user_id: str,
                           args=args,
                           errors=errors,
                           logger=logger)
-def jusbr_set_scope(user_id: str,
-                    scope: str,
-                    logger: Logger = None) -> None:
-    """
-    Set the OAuth2 scope of *user_id* to *scope*.
-    :param user_id: the user's identification
-    :param scope: the OAuth2 scope to set to the user
-    :param logger: optional logger
-    """
-    global _jusbr_registry
-    # retrieve user data
-    user_data: dict[str, Any] = _get_user_data(registry=_jusbr_registry,
-                                               user_id=user_id,
-                                               logger=logger)
-    # set the OAuth2 scope
-    user_data["oauth-scope"] = scope
-    if logger:
-        logger.debug(msg=f"Scope for user '{user_id}' set to '{scope}'")

{pypomes_iam-0.1.9 → pypomes_iam-0.2.1}/src/pypomes_iam/keycloak_pomes.py RENAMED Viewed

@@ -1,17 +1,13 @@
 from cachetools import FIFOCache
 from datetime import datetime
-from flask import Flask, Response, redirect, request, jsonify
+from flask import Flask
 from logging import Logger
 from pypomes_core import (
     APP_PREFIX, TZ_LOCAL, env_get_int, env_get_str
 )
 from typing import Any, Final
-from .common_pomes import (
-    _service_login, _service_logout,
-    _service_callback, _service_token,
-    _get_user_data, _log_init
-)
+from .common_pomes import _service_token
 KEYCLOAK_CLIENT_ID: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_CLIENT_ID")
 KEYCLOAK_CLIENT_SECRET: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_CLIENT_SECRET")
@@ -53,14 +49,13 @@ KEYCLOAK_URL_AUTH_CALLBACK: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK
 #         "access-expiration": <timestamp>,
 #         "login-expiration": <timestamp>,   <-- transient
 #         "login-id": <str>,                 <-- transient
-#         "oauth-scope": <str>               <-- optional
 #       }
 #    }
 # }
 _keycloak_registry: dict[str, Any] = {}
 # dafault logger
-_logger: Logger | None = None
+_keycloak_logger: Logger | None = None
 def keycloak_setup(flask_app: Flask,
@@ -95,11 +90,11 @@ def keycloak_setup(flask_app: Flask,
     :param callback_url: URL for Keycloak to callback on login
     :param logger: optional logger
     """
-    global _keycloak_registry
+    from .iam_pomes import service_login, service_logout, service_callback, service_token
+    global _keycloak_logger, _keycloak_registry
     # establish the logger
-    global _logger
-    _logger = logger
+    _keycloak_logger = logger
     # configure the JusBR registry
     _keycloak_registry = {
@@ -136,136 +131,6 @@ def keycloak_setup(flask_app: Flask,
                                methods=["POST"])
-# @flask_app.route(rule=<login_endpoint>,  # KEYCLOAK_LOGIN_ENDPOINT: /iam/keycloak:login
-#                  methods=["GET"])
-def service_login() -> Response:
-    """
-    Entry point for the Keycloak login service.
-    Redirect the request to the Keycloak authentication page, with the appropriate parameters.
-    :return: the response from the redirect operation
-    """
-    global _keycloak_registry
-    # log the request
-    if _logger:
-        _logger.debug(msg=_log_init(request=request))
-    # obtain the redirect URL
-    auth_url: str = _service_login(registry=_keycloak_registry,
-                                   args=request.args,
-                                   logger=_logger)
-    # redirect the request
-    result: Response = redirect(location=auth_url)
-    # log the response
-    if _logger:
-        _logger.debug(msg=f"Response {result}")
-    return result
-# @flask_app.route(rule=<login_endpoint>,  # KEYCLOAK_LOGIN_ENDPOINT: /iam/keycloak:logout
-#                  methods=["GET"])
-def service_logout() -> Response:
-    """
-    Entry point for the Keycloak logout service.
-    Remove all data associating the user with Keycloak from the registry.
-    :return: response *OK*
-    """
-    global _keycloak_registry
-    # log the request
-    if _logger:
-        _logger.debug(msg=_log_init(request=request))
-    # logout the user
-    _service_logout(registry=_keycloak_registry,
-                    args=request.args,
-                    logger=_logger)
-    result: Response = Response(status=200)
-    # log the response
-    if _logger:
-        _logger.debug(msg=f"Response {result}")
-    return result
-# @flask_app.route(rule=<callback_endpoint>,  # KEYCLOAK_CALLBACK_ENDPOINT: /iam/keycloak:callback
-#                  methods=["POST"])
-def service_callback() -> Response:
-    """
-    Entry point for the callback from Keycloak on authentication operation.
-    :return: the response containing the token, or *NOT AUTHORIZED*
-    """
-    global _keycloak_registry
-    # log the request
-    if _logger:
-        _logger.debug(msg=_log_init(request=request))
-    # process the callback operation
-    errors: list[str] = []
-    token_data: tuple[str, str] = _service_callback(registry=_keycloak_registry,
-                                                    args=request.args,
-                                                    errors=errors,
-                                                    logger=_logger)
-    result: Response
-    if errors:
-        result = jsonify({"errors": "; ".join(errors)})
-        result.status_code = 400
-    else:
-        result = jsonify({
-            "user_id": token_data[0],
-            "access_token": token_data[1]})
-    # log the response
-    if _logger:
-        _logger.debug(msg=f"Response {result}")
-    return result
-# @flask_app.route(rule=<token_endpoint>,  # JUSBR_TOKEN_ENDPOINT: /iam/jusbr:get-token
-#                  methods=["GET"])
-def service_token() -> Response:
-    """
-    Entry point for retrieving the Keycloak token.
-    :return: the response containing the token, or *UNAUTHORIZED*
-    """
-    global _keycloak_registry
-    # log the request
-    if _logger:
-        _logger.debug(msg=_log_init(request=request))
-    # retrieve the token
-    errors: list[str] = []
-    token: str = _service_token(registry=_keycloak_registry,
-                                args=request.args,
-                                errors=errors,
-                                logger=_logger)
-    result: Response
-    if token:
-        result = jsonify({"token": token})
-    else:
-        result = Response("; ".join(errors))
-        result.status_code = 401
-    # log the response
-    if _logger:
-        _logger.debug(msg=f"Response {result}")
-    return result
 def keycloak_get_token(user_id: str,
                        errors: list[str] = None,
                        logger: Logger = None) -> str:
@@ -285,25 +150,3 @@ def keycloak_get_token(user_id: str,
                           args=args,
                           errors=errors,
                           logger=logger)
-def keycloak_set_scope(user_id: str,
-                       scope: str,
-                       logger: Logger | None) -> None:
-    """
-    Set the OAuth2 scope of *user_id* to *scope*.
-    :param user_id: the user's identification
-    :param scope: the OAuth2 scope to set to the user
-    :param logger: optional logger
-    """
-    global _keycloak_registry
-    # retrieve user data
-    user_data: dict[str, Any] = _get_user_data(registry=_keycloak_registry,
-                                               user_id=user_id,
-                                               logger=logger)
-    # set the OAuth2 scope
-    user_data["oauth-scope"] = scope
-    if logger:
-        logger.debug(msg=f"Scope for user '{user_id}' set to '{scope}'")

{pypomes_iam-0.1.9 → pypomes_iam-0.2.1}/.gitignore RENAMED Viewed

File without changes

{pypomes_iam-0.1.9 → pypomes_iam-0.2.1}/LICENSE RENAMED Viewed

File without changes

{pypomes_iam-0.1.9 → pypomes_iam-0.2.1}/README.md RENAMED Viewed

File without changes

{pypomes_iam-0.1.9 → pypomes_iam-0.2.1}/src/pypomes_iam/provider_pomes.py RENAMED Viewed

File without changes

{pypomes_iam-0.1.9 → pypomes_iam-0.2.1}/src/pypomes_iam/token_pomes.py RENAMED Viewed

File without changes

pypomes-iam 0.1.9__tar.gz → 0.2.1__tar.gz

Potentially problematic release.

pypomes-iam 0.1.9tar.gz → 0.2.1tar.gz