PyPI - pypomes-iam - Versions diffs - 0.2.0__py3-none-any.whl → 0.2.2__py3-none-any.whl - Mend

pypomes-iam 0.2.0py3-none-any.whl → 0.2.2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pypomes-iam might be problematic. Click here for more details.

Files changed (10) hide show

pypomes_iam/__init__.py +4 -4
pypomes_iam/common_pomes.py +73 -99
pypomes_iam/iam_pomes.py +18 -18
pypomes_iam/jusbr_pomes.py +12 -19
pypomes_iam/keycloak_pomes.py +12 -19
{pypomes_iam-0.2.0.dist-info → pypomes_iam-0.2.2.dist-info}/METADATA +1 -1
pypomes_iam-0.2.2.dist-info/RECORD +11 -0
pypomes_iam-0.2.0.dist-info/RECORD +0 -11
{pypomes_iam-0.2.0.dist-info → pypomes_iam-0.2.2.dist-info}/WHEEL +0 -0
{pypomes_iam-0.2.0.dist-info → pypomes_iam-0.2.2.dist-info}/licenses/LICENSE +0 -0

pypomes_iam/__init__.py CHANGED Viewed

@@ -1,8 +1,8 @@
 from .jusbr_pomes import (
-    jusbr_setup, jusbr_get_token, jusbr_set_scope
+    jusbr_setup, jusbr_get_token
 )
 from .keycloak_pomes import (
-    keycloak_setup, keycloak_get_token, keycloak_set_scope
+    keycloak_setup, keycloak_get_token
 )
 from .provider_pomes import (
     provider_register, provider_get_token
@@ -13,9 +13,9 @@ from .token_pomes import (
 __all__ = [
     # jusbr_pomes
-    "jusbr_setup", "jusbr_get_token", "jusbr_set_scope",
+    "jusbr_setup", "jusbr_get_token",
     # keycloak_pomes
-    "keycloak_setup", "keycloak_get_token", "keycloak_set_scope",
+    "keycloak_setup", "keycloak_get_token",
     # provider_pomes
     "provider_register", "provider_get_token",
     # token_pomes

pypomes_iam/common_pomes.py CHANGED Viewed

@@ -8,6 +8,7 @@ from datetime import datetime
 from flask import Request
 from logging import Logger
 from pypomes_core import TZ_LOCAL, exc_format
+from pypomes_crypto import crypto_jwk_convert
 from typing import Any
 # registry structure:
@@ -31,81 +32,11 @@ from typing import Any
 #         "access-expiration": <timestamp>,
 #         "login-expiration": <timestamp>,   <-- transient
 #         "login-id": <str>,                 <-- transient
-#         "oauth-scope": <str>               <-- optional
 #       }
 #    }
 # }
-def _service_callback(registry: dict[str, Any],
-                      args: dict[str, Any],
-                      errors: list[str],
-                      logger: Logger | None) -> tuple[str, str]:
-    """
-    Entry point for the callback from JusBR on authentication operation.
-    :param registry: the registry holding the authentication data
-    :param args: the arguments passed when requesting the service
-    :param errors: incidental errors
-    :param logger: optional logger
-    """
-    from .token_pomes import token_validate
-    # initialize the return variable
-    result: tuple[str, str] | None = None
-    # retrieve the users authentication data
-    cache: Cache = registry["safe-cache"]
-    users: dict[str, dict[str, Any]] = cache.get("users")
-    # validate the OAuth2 state
-    oauth_state: str = args.get("state")
-    user_data: dict[str, Any] | None = None
-    if oauth_state:
-        for user, data in users.items():
-            if user == oauth_state:
-                user_data = data
-                break
-    # exchange 'code' for the token
-    if user_data:
-        users.pop(oauth_state)
-        code: str = args.get("code")
-        body_data: dict[str, Any] = {
-            "grant_type": "authorization_code",
-            "code": code,
-            "redirect_uri": registry.get("callback-url"),
-        }
-        token = _post_for_token(registry=registry,
-                                user_data=user_data,
-                                body_data=body_data,
-                                errors=errors,
-                                logger=logger)
-        # retrieve the token's claims
-        if not errors:
-            public_key: bytes = _get_public_key(registry=registry,
-                                                logger=logger)
-            token_claims: dict[str, dict[str, Any]] = token_validate(token=token,
-                                                                     issuer=registry["base-url"],
-                                                                     public_key=public_key,
-                                                                     errors=errors,
-                                                                     logger=logger)
-            if not errors:
-                token_user: str = token_claims["payload"].get("preferred_username")
-                if token_user == oauth_state:
-                    users[token_user] = user_data
-                    result = (token_user, token)
-                else:
-                    errors.append(f"Token was issued to user '{token_user}'")
-    else:
-        msg: str = "Unknown OAuth2 code received"
-        if _get_login_timeout(registry=registry):
-            msg += " - possible operation timeout"
-        errors.append(msg)
-    return result
 def _service_login(registry: dict[str, Any],
                    args: dict[str, Any],
                    logger: Logger | None) -> str:
@@ -132,15 +63,11 @@ def _service_login(registry: dict[str, Any],
     user_data["login-expiration"] = int(datetime.now(tz=TZ_LOCAL).timestamp()) + timeout if timeout else None
     # build the redirect url
-    result: str = (f"{registry["base-url"]}/protocol/openid-connect/auth?response_type=code"
+    result: str = (f"{registry["base-url"]}/protocol/openid-connect/auth"
+                   f"?response_type=code&scope=openid"
                    f"&client_id={registry["client-id"]}"
                    f"&redirect_uri={registry["callback-url"]}"
                    f"&state={oauth_state}")
-    scope: str = _get_user_scope(registry=registry,
-                                 user_id=user_id)
-    if scope:
-        user_data["oauth-scope"] = scope
-        result += f"&scope={scope}"
     # logout the user
     _service_logout(registry=registry,
@@ -170,6 +97,76 @@ def _service_logout(registry: dict[str, Any],
                 logger.debug(msg=f"User '{user_id}' removed from the registry")
+def _service_callback(registry: dict[str, Any],
+                      args: dict[str, Any],
+                      errors: list[str],
+                      logger: Logger | None) -> tuple[str, str]:
+    """
+    Entry point for the callback from JusBR on authentication operation.
+    :param registry: the registry holding the authentication data
+    :param args: the arguments passed when requesting the service
+    :param errors: incidental errors
+    :param logger: optional logger
+    """
+    from .token_pomes import token_validate
+    # initialize the return variable
+    result: tuple[str, str] | None = None
+    # retrieve the users authentication data
+    cache: Cache = registry["safe-cache"]
+    users: dict[str, dict[str, Any]] = cache.get("users")
+    # validate the OAuth2 state
+    oauth_state: str = args.get("state")
+    user_data: dict[str, Any] | None = None
+    if oauth_state:
+        for user, data in users.items():
+            if user == oauth_state:
+                user_data = data
+                break
+    # exchange 'code' for the token
+    if user_data:
+        expiration: int = user_data["login-expiration"] or sys.maxsize
+        if int(datetime.now(tz=TZ_LOCAL).timestamp()) > expiration:
+            errors.append("Operation timeout")
+        else:
+            users.pop(oauth_state)
+            code: str = args.get("code")
+            body_data: dict[str, Any] = {
+                "grant_type": "authorization_code",
+                "code": code,
+                "redirect_uri": registry.get("callback-url"),
+            }
+            token = _post_for_token(registry=registry,
+                                    user_data=user_data,
+                                    body_data=body_data,
+                                    errors=errors,
+                                    logger=logger)
+            # retrieve the token's claims
+            if not errors:
+                public_key: bytes = _get_public_key(registry=registry,
+                                                    logger=logger)
+                token_claims: dict[str, dict[str, Any]] = token_validate(token=token,
+                                                                         issuer=registry["base-url"],
+                                                                         public_key=public_key,
+                                                                         errors=errors,
+                                                                         logger=logger)
+                if not errors:
+                    token_user: str = token_claims["payload"].get("preferred_username")
+                    if token_user == oauth_state:
+                        users[token_user] = user_data
+                        result = (token_user, token)
+                    else:
+                        errors.append(f"Token was issued to user '{token_user}'")
+    else:
+        errors.append("Unknown state received")
+    return result
 def _service_token(registry: dict[str, Any],
                    args: dict[str, Any],
                    errors: list[str] = None,
@@ -230,8 +227,6 @@ def _get_public_key(registry: dict[str, Any],
     :param registry: the registry holding the authentication data
     :return: the public key, in *DER* format
     """
-    from pypomes_crypto import crypto_jwk_convert
     # initialize the return variable
     result: bytes | None = None
@@ -304,27 +299,6 @@ def _get_user_data(registry: dict[str, Any],
     return result
-def _get_user_scope(registry: dict[str, Any],
-                    user_id: str) -> str | None:
-    """
-    Retrieve the OAuth2 scope associated with *user_id*.
-    :param registry: the registry holding the authentication data
-    :param user_id:
-    :return: the OAuth2 scope associated with *user_id*, or *None* if it does not exist
-    """
-    # initialize the return variable
-    result: str | None = None
-    if user_id:
-        cache: Cache = registry["safe-cache"]
-        users: dict[str, dict[str, Any]] = cache.get("users")
-        if user_id in users:
-            result = users[user_id].get("oauth2-scope")
-    return result
 def _post_for_token(registry: dict[str, Any],
                     user_data: dict[str, Any],
                     body_data: dict[str, Any],

pypomes_iam/iam_pomes.py CHANGED Viewed

@@ -6,8 +6,8 @@ from .common_pomes import (
     _service_login, _service_logout,
     _service_callback, _service_token, _log_init
 )
-from .jusbr_pomes import _jusbr_logger, _jusbr_registry
-from .keycloak_pomes import _keycloak_logger, _keycloak_registry
+from .jusbr_pomes import _jusbr_get_logger, _jusbr_get_registry
+from .keycloak_pomes import _keycloak_get_logger, _keycloak_get_registry
 # @flask_app.route(rule=<login_endpoint>,  # JUSBR_LOGIN_ENDPOINT: /iam/jusbr:login
@@ -25,11 +25,11 @@ def service_login() -> Response:
     logger: Logger
     registry: dict[str, Any]
     if request.endpoint == "jusbr-login":
-        logger = _jusbr_logger
-        registry = _jusbr_registry
+        logger = _jusbr_get_logger()
+        registry = _jusbr_get_registry()
     else:
-        logger = _keycloak_logger
-        registry = _keycloak_registry
+        logger = _keycloak_get_logger()
+        registry = _keycloak_get_registry()
     # log the request
     if logger:
@@ -64,11 +64,11 @@ def service_logout() -> Response:
     logger: Logger
     registry: dict[str, Any]
     if request.endpoint == "jusbr-logout":
-        logger = _jusbr_logger
-        registry = _jusbr_registry
+        logger = _jusbr_get_logger()
+        registry = _jusbr_get_registry()
     else:
-        logger = _keycloak_logger
-        registry = _keycloak_registry
+        logger = _keycloak_get_logger()
+        registry = _keycloak_get_registry()
     # log the request
     if logger:
@@ -101,11 +101,11 @@ def service_callback() -> Response:
     logger: Logger
     registry: dict[str, Any]
     if request.endpoint == "jusbr-callback":
-        logger = _jusbr_logger
-        registry = _jusbr_registry
+        logger = _jusbr_get_logger()
+        registry = _jusbr_get_registry()
     else:
-        logger = _keycloak_logger
-        registry = _keycloak_registry
+        logger = _keycloak_get_logger()
+        registry = _keycloak_get_registry()
     # log the request
     if logger:
@@ -146,11 +146,11 @@ def service_token() -> Response:
     logger: Logger
     registry: dict[str, Any]
     if request.endpoint == "jusbr-token":
-        logger = _jusbr_logger
-        registry = _jusbr_registry
+        logger = _jusbr_get_logger()
+        registry = _jusbr_get_registry()
     else:
-        logger = _keycloak_logger
-        registry = _keycloak_registry
+        logger = _keycloak_get_logger()
+        registry = _keycloak_get_registry()
     # log the request
     if logger:

pypomes_iam/jusbr_pomes.py CHANGED Viewed

@@ -7,7 +7,7 @@ from pypomes_core import (
 )
 from typing import Any, Final
-from .common_pomes import _service_token, _get_user_data
+from .common_pomes import _service_token
 JUSBR_CLIENT_ID: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_CLIENT_ID")
 JUSBR_CLIENT_SECRET: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_CLIENT_SECRET")
@@ -48,7 +48,6 @@ JUSBR_URL_AUTH_CALLBACK: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_URL_A
 #         "access-expiration": <timestamp>,
 #         "login-expiration": <timestamp>,   <-- transient
 #         "login-id": <str>,                 <-- transient
-#         "oauth-scope": <str>               <-- optional
 #       }
 #    }
 # }
@@ -150,23 +149,17 @@ def jusbr_get_token(user_id: str,
                           logger=logger)
-def jusbr_set_scope(user_id: str,
-                    scope: str,
-                    logger: Logger = None) -> None:
+def _jusbr_get_logger() -> Logger:
     """
-    Set the OAuth2 scope of *user_id* to *scope*.
-    :param user_id: the user's identification
-    :param scope: the OAuth2 scope to set to the user
-    :param logger: optional logger
+    Retrieve the logger for JusBR operations.
+    :return: the Keycloak logger
     """
-    global _jusbr_registry
+    return _jusbr_logger
-    # retrieve user data
-    user_data: dict[str, Any] = _get_user_data(registry=_jusbr_registry,
-                                               user_id=user_id,
-                                               logger=logger)
-    # set the OAuth2 scope
-    user_data["oauth-scope"] = scope
-    if logger:
-        logger.debug(msg=f"Scope for user '{user_id}' set to '{scope}'")
+def _jusbr_get_registry() -> dict[str, Any]:
+    """
+    Retrieve the registry holding user authentication data related to JusBR operations.
+    :return: the Keycloak registry
+    """
+    return _jusbr_registry

pypomes_iam/keycloak_pomes.py CHANGED Viewed

@@ -7,7 +7,7 @@ from pypomes_core import (
 )
 from typing import Any, Final
-from .common_pomes import _service_token, _get_user_data
+from .common_pomes import _service_token
 KEYCLOAK_CLIENT_ID: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_CLIENT_ID")
 KEYCLOAK_CLIENT_SECRET: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_CLIENT_SECRET")
@@ -49,7 +49,6 @@ KEYCLOAK_URL_AUTH_CALLBACK: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK
 #         "access-expiration": <timestamp>,
 #         "login-expiration": <timestamp>,   <-- transient
 #         "login-id": <str>,                 <-- transient
-#         "oauth-scope": <str>               <-- optional
 #       }
 #    }
 # }
@@ -153,23 +152,17 @@ def keycloak_get_token(user_id: str,
                           logger=logger)
-def keycloak_set_scope(user_id: str,
-                       scope: str,
-                       logger: Logger | None) -> None:
+def _keycloak_get_logger() -> Logger:
     """
-    Set the OAuth2 scope of *user_id* to *scope*.
-    :param user_id: the user's identification
-    :param scope: the OAuth2 scope to set to the user
-    :param logger: optional logger
+    Retrieve the logger for Keycloak operations.
+    :return: the Keycloak logger
     """
-    global _keycloak_registry
+    return _keycloak_logger
-    # retrieve user data
-    user_data: dict[str, Any] = _get_user_data(registry=_keycloak_registry,
-                                               user_id=user_id,
-                                               logger=logger)
-    # set the OAuth2 scope
-    user_data["oauth-scope"] = scope
-    if logger:
-        logger.debug(msg=f"Scope for user '{user_id}' set to '{scope}'")
+def _keycloak_get_registry() -> dict[str, Any]:
+    """
+    Retrieve the registry holding user authentication data related to Keycloak operations.
+    :return: the Keycloak registry
+    """
+    return _keycloak_registry

{pypomes_iam-0.2.0.dist-info → pypomes_iam-0.2.2.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_iam
-Version: 0.2.0
+Version: 0.2.2
 Summary: A collection of Python pomes, penyeach (IAM modules)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues

pypomes_iam-0.2.2.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,11 @@
+pypomes_iam/__init__.py,sha256=u-gNGbsayMf-2SWTB8VcoTCADoczZuwNEH50BPxTZZ8,682
+pypomes_iam/common_pomes.py,sha256=08G8-Rcpuld4JxciEEhzORMt575kErHGEVk8_QC1uC4,15710
+pypomes_iam/iam_pomes.py,sha256=-2XppbAAuY58jYKd4ZN2MMjQd7wh6n9I8cofgAt0_9s,5639
+pypomes_iam/jusbr_pomes.py,sha256=IveckiFrNntkuD6G_vxXld3D_bjX9Mib-tz9oj6Djwc,6647
+pypomes_iam/keycloak_pomes.py,sha256=GY3o2J_hSI8T6_7WMTSSPkDY1L8ow0JjbEFLURSHa50,7056
+pypomes_iam/provider_pomes.py,sha256=eP8XzjTUEpwejTkO0wmDiqKjqbIEOzRNCR2ju5E15og,5856
+pypomes_iam/token_pomes.py,sha256=McjKB8omCjuicenwvDVPiWYu3-7gQeLg1AzgAVKK32M,4309
+pypomes_iam-0.2.2.dist-info/METADATA,sha256=cdjTGq41Ufb0yFN0lGyWrYwp_Xz4DLyH1QGQ-w5-_8o,694
+pypomes_iam-0.2.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+pypomes_iam-0.2.2.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
+pypomes_iam-0.2.2.dist-info/RECORD,,

pypomes_iam-0.2.0.dist-info/RECORD DELETED Viewed

@@ -1,11 +0,0 @@
-pypomes_iam/__init__.py,sha256=ieysDaKOQc3B50PvChh8DLDG5R3XgbTzX3bU0ekGoUk,760
-pypomes_iam/common_pomes.py,sha256=bLDaoWM5KLccxsNSyiK5UbXRNBgqsQ7TB0Q4Nc72QoI,16415
-pypomes_iam/iam_pomes.py,sha256=THztlEWObDY4_L8GHQem2uX5J8_44XEP-mUg2Fi_Gx0,5527
-pypomes_iam/jusbr_pomes.py,sha256=R-i0FatmlvTp3UszUrrz2L3BQRkZue8F9Nfy0i4cKHw,7084
-pypomes_iam/keycloak_pomes.py,sha256=TCye3E4xijyisgG-vKoJOhXywNgdyzTuuVzFjNbaJ3I,7490
-pypomes_iam/provider_pomes.py,sha256=eP8XzjTUEpwejTkO0wmDiqKjqbIEOzRNCR2ju5E15og,5856
-pypomes_iam/token_pomes.py,sha256=McjKB8omCjuicenwvDVPiWYu3-7gQeLg1AzgAVKK32M,4309
-pypomes_iam-0.2.0.dist-info/METADATA,sha256=nnSivBbIIMIyu5rSSXr5aQq8S1HhcF9xgb3WFeIx-jA,694
-pypomes_iam-0.2.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-pypomes_iam-0.2.0.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
-pypomes_iam-0.2.0.dist-info/RECORD,,

{pypomes_iam-0.2.0.dist-info → pypomes_iam-0.2.2.dist-info}/WHEEL RENAMED Viewed

File without changes

{pypomes_iam-0.2.0.dist-info → pypomes_iam-0.2.2.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

pypomes-iam 0.2.0__py3-none-any.whl → 0.2.2__py3-none-any.whl

Potentially problematic release.

pypomes-iam 0.2.0py3-none-any.whl → 0.2.2py3-none-any.whl