pypomes-iam 0.2.1__tar.gz → 0.2.2__tar.gz

{pypomes_iam-0.2.1 → pypomes_iam-0.2.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_iam
-Version: 0.2.1
+Version: 0.2.2
 Summary: A collection of Python pomes, penyeach (IAM modules)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues

{pypomes_iam-0.2.1 → pypomes_iam-0.2.2}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "pypomes_iam"
-version = "0.2.1"
+version = "0.2.2"
 authors = [
   { name="GT Nunes", email="wisecoder01@gmail.com" }
 ]

{pypomes_iam-0.2.1 → pypomes_iam-0.2.2}/src/pypomes_iam/common_pomes.py

@@ -8,6 +8,7 @@ from datetime import datetime
 from flask import Request
 from logging import Logger
 from pypomes_core import TZ_LOCAL, exc_format
+from pypomes_crypto import crypto_jwk_convert
 from typing import Any
 
 # registry structure:
@@ -36,75 +37,6 @@ from typing import Any
 # }
 
 
-def _service_callback(registry: dict[str, Any],
-                      args: dict[str, Any],
-                      errors: list[str],
-                      logger: Logger | None) -> tuple[str, str]:
-    """
-    Entry point for the callback from JusBR on authentication operation.
-
-    :param registry: the registry holding the authentication data
-    :param args: the arguments passed when requesting the service
-    :param errors: incidental errors
-    :param logger: optional logger
-    """
-    from .token_pomes import token_validate
-
-    # initialize the return variable
-    result: tuple[str, str] | None = None
-
-    # retrieve the users authentication data
-    cache: Cache = registry["safe-cache"]
-    users: dict[str, dict[str, Any]] = cache.get("users")
-
-    # validate the OAuth2 state
-    oauth_state: str = args.get("state")
-    user_data: dict[str, Any] | None = None
-    if oauth_state:
-        for user, data in users.items():
-            if user == oauth_state:
-                user_data = data
-                break
-
-    # exchange 'code' for the token
-    if user_data:
-        users.pop(oauth_state)
-        code: str = args.get("code")
-        body_data: dict[str, Any] = {
-            "grant_type": "authorization_code",
-            "code": code,
-            "redirect_uri": registry.get("callback-url"),
-        }
-        token = _post_for_token(registry=registry,
-                                user_data=user_data,
-                                body_data=body_data,
-                                errors=errors,
-                                logger=logger)
-        # retrieve the token's claims
-        if not errors:
-            public_key: bytes = _get_public_key(registry=registry,
-                                                logger=logger)
-            token_claims: dict[str, dict[str, Any]] = token_validate(token=token,
-                                                                     issuer=registry["base-url"],
-                                                                     public_key=public_key,
-                                                                     errors=errors,
-                                                                     logger=logger)
-            if not errors:
-                token_user: str = token_claims["payload"].get("preferred_username")
-                if token_user == oauth_state:
-                    users[token_user] = user_data
-                    result = (token_user, token)
-                else:
-                    errors.append(f"Token was issued to user '{token_user}'")
-    else:
-        msg: str = "Unknown OAuth2 code received"
-        if _get_login_timeout(registry=registry):
-            msg += " - possible operation timeout"
-        errors.append(msg)
-
-    return result
-
-
 def _service_login(registry: dict[str, Any],
                    args: dict[str, Any],
                    logger: Logger | None) -> str:
@@ -165,6 +97,76 @@ def _service_logout(registry: dict[str, Any],
                 logger.debug(msg=f"User '{user_id}' removed from the registry")
 
 
+def _service_callback(registry: dict[str, Any],
+                      args: dict[str, Any],
+                      errors: list[str],
+                      logger: Logger | None) -> tuple[str, str]:
+    """
+    Entry point for the callback from JusBR on authentication operation.
+
+    :param registry: the registry holding the authentication data
+    :param args: the arguments passed when requesting the service
+    :param errors: incidental errors
+    :param logger: optional logger
+    """
+    from .token_pomes import token_validate
+
+    # initialize the return variable
+    result: tuple[str, str] | None = None
+
+    # retrieve the users authentication data
+    cache: Cache = registry["safe-cache"]
+    users: dict[str, dict[str, Any]] = cache.get("users")
+
+    # validate the OAuth2 state
+    oauth_state: str = args.get("state")
+    user_data: dict[str, Any] | None = None
+    if oauth_state:
+        for user, data in users.items():
+            if user == oauth_state:
+                user_data = data
+                break
+
+    # exchange 'code' for the token
+    if user_data:
+        expiration: int = user_data["login-expiration"] or sys.maxsize
+        if int(datetime.now(tz=TZ_LOCAL).timestamp()) > expiration:
+            errors.append("Operation timeout")
+        else:
+            users.pop(oauth_state)
+            code: str = args.get("code")
+            body_data: dict[str, Any] = {
+                "grant_type": "authorization_code",
+                "code": code,
+                "redirect_uri": registry.get("callback-url"),
+            }
+            token = _post_for_token(registry=registry,
+                                    user_data=user_data,
+                                    body_data=body_data,
+                                    errors=errors,
+                                    logger=logger)
+            # retrieve the token's claims
+            if not errors:
+                public_key: bytes = _get_public_key(registry=registry,
+                                                    logger=logger)
+                token_claims: dict[str, dict[str, Any]] = token_validate(token=token,
+                                                                         issuer=registry["base-url"],
+                                                                         public_key=public_key,
+                                                                         errors=errors,
+                                                                         logger=logger)
+                if not errors:
+                    token_user: str = token_claims["payload"].get("preferred_username")
+                    if token_user == oauth_state:
+                        users[token_user] = user_data
+                        result = (token_user, token)
+                    else:
+                        errors.append(f"Token was issued to user '{token_user}'")
+    else:
+        errors.append("Unknown state received")
+
+    return result
+
+
 def _service_token(registry: dict[str, Any],
                    args: dict[str, Any],
                    errors: list[str] = None,
@@ -225,8 +227,6 @@ def _get_public_key(registry: dict[str, Any],
     :param registry: the registry holding the authentication data
     :return: the public key, in *DER* format
     """
-    from pypomes_crypto import crypto_jwk_convert
-
     # initialize the return variable
     result: bytes | None = None
 

{pypomes_iam-0.2.1 → pypomes_iam-0.2.2}/src/pypomes_iam/iam_pomes.py

@@ -6,8 +6,8 @@ from .common_pomes import (
     _service_login, _service_logout,
     _service_callback, _service_token, _log_init
 )
-from .jusbr_pomes import _jusbr_logger, _jusbr_registry
-from .keycloak_pomes import _keycloak_logger, _keycloak_registry
+from .jusbr_pomes import _jusbr_get_logger, _jusbr_get_registry
+from .keycloak_pomes import _keycloak_get_logger, _keycloak_get_registry
 
 
 # @flask_app.route(rule=<login_endpoint>,  # JUSBR_LOGIN_ENDPOINT: /iam/jusbr:login
@@ -25,11 +25,11 @@ def service_login() -> Response:
     logger: Logger
     registry: dict[str, Any]
     if request.endpoint == "jusbr-login":
-        logger = _jusbr_logger
-        registry = _jusbr_registry
+        logger = _jusbr_get_logger()
+        registry = _jusbr_get_registry()
     else:
-        logger = _keycloak_logger
-        registry = _keycloak_registry
+        logger = _keycloak_get_logger()
+        registry = _keycloak_get_registry()
 
     # log the request
     if logger:
@@ -64,11 +64,11 @@ def service_logout() -> Response:
     logger: Logger
     registry: dict[str, Any]
     if request.endpoint == "jusbr-logout":
-        logger = _jusbr_logger
-        registry = _jusbr_registry
+        logger = _jusbr_get_logger()
+        registry = _jusbr_get_registry()
     else:
-        logger = _keycloak_logger
-        registry = _keycloak_registry
+        logger = _keycloak_get_logger()
+        registry = _keycloak_get_registry()
 
     # log the request
     if logger:
@@ -101,11 +101,11 @@ def service_callback() -> Response:
     logger: Logger
     registry: dict[str, Any]
     if request.endpoint == "jusbr-callback":
-        logger = _jusbr_logger
-        registry = _jusbr_registry
+        logger = _jusbr_get_logger()
+        registry = _jusbr_get_registry()
     else:
-        logger = _keycloak_logger
-        registry = _keycloak_registry
+        logger = _keycloak_get_logger()
+        registry = _keycloak_get_registry()
 
     # log the request
     if logger:
@@ -146,11 +146,11 @@ def service_token() -> Response:
     logger: Logger
     registry: dict[str, Any]
     if request.endpoint == "jusbr-token":
-        logger = _jusbr_logger
-        registry = _jusbr_registry
+        logger = _jusbr_get_logger()
+        registry = _jusbr_get_registry()
     else:
-        logger = _keycloak_logger
-        registry = _keycloak_registry
+        logger = _keycloak_get_logger()
+        registry = _keycloak_get_registry()
 
     # log the request
     if logger:

{pypomes_iam-0.2.1 → pypomes_iam-0.2.2}/src/pypomes_iam/jusbr_pomes.py

@@ -147,3 +147,19 @@ def jusbr_get_token(user_id: str,
                           args=args,
                           errors=errors,
                           logger=logger)
+
+
+def _jusbr_get_logger() -> Logger:
+    """
+    Retrieve the logger for JusBR operations.
+    :return: the Keycloak logger
+    """
+    return _jusbr_logger
+
+
+def _jusbr_get_registry() -> dict[str, Any]:
+    """
+    Retrieve the registry holding user authentication data related to JusBR operations.
+    :return: the Keycloak registry
+    """
+    return _jusbr_registry

{pypomes_iam-0.2.1 → pypomes_iam-0.2.2}/src/pypomes_iam/keycloak_pomes.py

@@ -150,3 +150,19 @@ def keycloak_get_token(user_id: str,
                           args=args,
                           errors=errors,
                           logger=logger)
+
+
+def _keycloak_get_logger() -> Logger:
+    """
+    Retrieve the logger for Keycloak operations.
+    :return: the Keycloak logger
+    """
+    return _keycloak_logger
+
+
+def _keycloak_get_registry() -> dict[str, Any]:
+    """
+    Retrieve the registry holding user authentication data related to Keycloak operations.
+    :return: the Keycloak registry
+    """
+    return _keycloak_registry