PyPI - pypomes-iam - Versions diffs - 0.2.3__py3-none-any.whl → 0.7.0__py3-none-any.whl - Mend

pypomes-iam 0.2.3py3-none-any.whl → 0.7.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pypomes-iam might be problematic. Click here for more details.

Files changed (15) hide show

pypomes_iam/__init__.py +20 -8
pypomes_iam/iam_actions.py +878 -0
pypomes_iam/iam_common.py +388 -0
pypomes_iam/iam_pomes.py +137 -157
pypomes_iam/iam_services.py +394 -0
pypomes_iam/provider_pomes.py +175 -72
pypomes_iam/token_pomes.py +63 -8
{pypomes_iam-0.2.3.dist-info → pypomes_iam-0.7.0.dist-info}/METADATA +1 -2
pypomes_iam-0.7.0.dist-info/RECORD +11 -0
pypomes_iam/common_pomes.py +0 -397
pypomes_iam/jusbr_pomes.py +0 -167
pypomes_iam/keycloak_pomes.py +0 -170
pypomes_iam-0.2.3.dist-info/RECORD +0 -11
{pypomes_iam-0.2.3.dist-info → pypomes_iam-0.7.0.dist-info}/WHEEL +0 -0
{pypomes_iam-0.2.3.dist-info → pypomes_iam-0.7.0.dist-info}/licenses/LICENSE +0 -0

pypomes_iam/iam_pomes.py CHANGED Viewed

@@ -1,176 +1,156 @@
-from flask import Response, redirect, request, jsonify
+from flask import Flask
 from logging import Logger
+from pypomes_core import APP_PREFIX, env_get_int, env_get_str
 from typing import Any
-from .common_pomes import (
-    _service_login, _service_logout,
-    _service_callback, _service_token, _log_init
+from .iam_common import (
+    _IAM_SERVERS, IamServer, IamParam, _iam_lock
+)
+from .iam_actions import action_token
+from .iam_services import (
+    service_login, service_logout, service_callback, service_exchange, service_token
 )
-from .jusbr_pomes import _jusbr_get_logger, _jusbr_get_registry
-from .keycloak_pomes import _keycloak_get_logger, _keycloak_get_registry
-# @flask_app.route(rule=<login_endpoint>,  # JUSBR_LOGIN_ENDPOINT: /iam/jusbr:login
-#                  methods=["GET"])
-# @flask_app.route(rule=<login_endpoint>,  # KEYCLOAK_LOGIN_ENDPOINT: /iam/keycloak:logout
-#                  methods=["GET"])
-def service_login() -> Response:
+def iam_setup(flask_app: Flask,
+              iam_server: IamServer,
+              base_url: str,
+              client_id: str,
+              client_realm: str,
+              client_secret: str | None,
+              recipient_attribute: str,
+              admin_id: str = None,
+              admin_secret: str = None,
+              login_timeout: int = None,
+              public_key_lifetime: int = None,
+              callback_endpoint: str = None,
+              exchange_endpoint: str = None,
+              login_endpoint: str = None,
+              logout_endpoint: str = None,
+              token_endpoint: str = None) -> None:
     """
-    Entry point for the JusBR login service.
-    Redirect the request to the JusBR authentication page, with the appropriate parameters.
-    :return: the response from the redirect operation
+    Establish the provided parameters for configuring the *IAM* server *iam_server*.
+    The parameters *admin_id* and *admin_* are required only if administrative are task are planned.
+    The optional parameter *client_timeout* refers to the maximum time in seconds allowed for the
+    user to login at the *IAM* server's login page, and defaults to no time limit.
+    The parameter *client_secret* is required in most requests to the *IAM* server. In the case
+    it is not provided, but *admin_id* and *admin_secret* are, it is obtained from the *IAM* server itself
+    the first time it is needed.
+    :param flask_app: the Flask application
+    :param iam_server: identifies the supported *IAM* server (currently, *jusbr* or *keycloak*)
+    :param base_url: base URL to request services
+    :param client_id: the client's identification with the *IAM* server
+    :param client_realm: the client realm
+    :param client_secret: the client's password with the *IAM* server
+    :param recipient_attribute: attribute in the token's payload holding the token's subject
+    :param admin_id: identifies the realm administrator
+    :param admin_secret: password for the realm administrator
+    :param login_timeout: timeout for login authentication (in seconds,defaults to no timeout)
+    :param public_key_lifetime: how long to use *IAM* server's public key, before refreshing it (in seconds)
+    :param callback_endpoint: endpoint for the callback from the front end
+    :param exchange_endpoint: endpoint for requesting token exchange
+    :param login_endpoint: endpoint for redirecting user to the *IAM* server's login page
+    :param logout_endpoint: endpoint for terminating user access
+    :param token_endpoint: endpoint for retrieving authentication token
     """
-    logger: Logger
-    registry: dict[str, Any]
-    if request.endpoint == "jusbr-login":
-        logger = _jusbr_get_logger()
-        registry = _jusbr_get_registry()
-    else:
-        logger = _keycloak_get_logger()
-        registry = _keycloak_get_registry()
-    # log the request
-    if logger:
-        logger.debug(msg=_log_init(request=request))
-    # obtain the redirect URL
-    auth_url: str = _service_login(registry=registry,
-                                   args=request.args,
-                                   logger=logger)
-    # redirect the request
-    result: Response = redirect(location=auth_url)
-    # log the response
-    if logger:
-        logger.debug(msg=f"Response {result}")
-    return result
-# @flask_app.route(rule=<logout_endpoint>,  # JUSBR_LOGOUT_ENDPOINT: /iam/jusbr:logout
-#                  methods=["GET"])
-# @flask_app.route(rule=<login_endpoint>,  # KEYCLOAK_LOGOUT_ENDPOINT: /iam/keycloak:logout
-#                  methods=["GET"])
-def service_logout() -> Response:
-    """
-    Entry point for the JusBR logout service.
-    Remove all data associating the user with JusBR from the registry.
-    :return: response *OK*
+    # configure the Keycloak registry
+    with _iam_lock:
+        _IAM_SERVERS[iam_server] = {
+            IamParam.URL_BASE: base_url,
+            IamParam.CLIENT_ID: client_id,
+            IamParam.CLIENT_REALM: client_realm,
+            IamParam.CLIENT_SECRET: client_secret,
+            IamParam.RECIPIENT_ATTR: recipient_attribute,
+            IamParam.ADMIN_ID: admin_id,
+            IamParam.ADMIN_SECRET: admin_secret,
+            IamParam.LOGIN_TIMEOUT: login_timeout,
+            IamParam.PK_LIFETIME: public_key_lifetime,
+            IamParam.PK_EXPIRATION: 0,
+            IamParam.PUBLIC_KEY: None,
+            IamParam.USERS: {}
+        }
+    # establish the endpoints
+    if callback_endpoint:
+        flask_app.add_url_rule(rule=callback_endpoint,
+                               endpoint=f"{iam_server}-callback",
+                               view_func=service_callback,
+                               methods=["GET"])
+    if login_endpoint:
+        flask_app.add_url_rule(rule=login_endpoint,
+                               endpoint=f"{iam_server}-login",
+                               view_func=service_login,
+                               methods=["GET"])
+    if logout_endpoint:
+        flask_app.add_url_rule(rule=logout_endpoint,
+                               endpoint=f"{iam_server}-logout",
+                               view_func=service_logout,
+                               methods=["GET"])
+    if token_endpoint:
+        flask_app.add_url_rule(rule=token_endpoint,
+                               endpoint=f"{iam_server}-token",
+                               view_func=service_token,
+                               methods=["GET"])
+    if exchange_endpoint:
+        flask_app.add_url_rule(rule=exchange_endpoint,
+                               endpoint=f"{iam_server}-exchange",
+                               view_func=service_exchange,
+                               methods=["POST"])
+def iam_get_env_parameters(iam_prefix: str = None) -> dict[str, Any]:
     """
-    logger: Logger
-    registry: dict[str, Any]
-    if request.endpoint == "jusbr-logout":
-        logger = _jusbr_get_logger()
-        registry = _jusbr_get_registry()
-    else:
-        logger = _keycloak_get_logger()
-        registry = _keycloak_get_registry()
-    # log the request
-    if logger:
-        logger.debug(msg=_log_init(request=request))
-    # logout the user
-    _service_logout(registry=registry,
-                    args=request.args,
-                    logger=logger)
-    result: Response = Response(status=200)
-    # log the response
-    if logger:
-        logger.debug(msg=f"Response {result}")
-    return result
+    Retrieve the set parameters for a *IAM* server from the environment.
+    the parameters are returned ready to be used as a '**kwargs' parameter set in a call to *iam_setup()*,
+    and sorted in the order appropriate to use them instead with a '*args' parameter set.
-# @flask_app.route(rule=<callback_endpoint>,  # JUSBR_CALLBACK_ENDPOINT: /iam/jusbr:callback
-#                  methods=["GET", "POST"])
-# @flask_app.route(rule=<callback_endpoint>,  # KEYCLOAK_CALLBACK_ENDPOINT: /iam/keycloak:callback
-#                  methods=["POST"])
-def service_callback() -> Response:
+    :param iam_prefix: the prefix classifying the parameters
+    :return: the sorted parameters classified by *prefix*
     """
-    Entry point for the callback from JusBR on authentication operation.
-    :return: the response containing the token, or *BAD REQUEST*
+    return {
+        "base_url": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_URL_AUTH_BASE"),
+        "client_id": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_CLIENT_ID"),
+        "client_realm": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_CLIENT_REALM"),
+        "client_secret": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_CLIENT_SECRET"),
+        "recipient_attribute": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_RECIPIENT_ATTR"),
+        "admin_id": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_ADMIN_ID"),
+        "admin_secret": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_ADMIN_SECRET"),
+        "login_timeout": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_LOGIN_TIMEOUT"),
+        "public_key_lifetime": env_get_int(key=f"{APP_PREFIX}_{iam_prefix}_PUBLIC_KEY_LIFETIME"),
+        "callback_endpoint": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_ENDPOINT_CALLBACK"),
+        "exchange_endpoint": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_ENDPOINT_EXCHANGE"),
+        "login_endpoint": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_ENDPOINT_LOGIN"),
+        "logout_endpoint": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_ENDPOINT_LOGOUT"),
+        "token_endpoint": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_ENDPOINT_TOKEN")
+    }
+def iam_get_token(iam_server: IamServer,
+                  user_id: str,
+                  errors: list[str] = None,
+                  logger: Logger = None) -> str:
     """
-    logger: Logger
-    registry: dict[str, Any]
-    if request.endpoint == "jusbr-callback":
-        logger = _jusbr_get_logger()
-        registry = _jusbr_get_registry()
-    else:
-        logger = _keycloak_get_logger()
-        registry = _keycloak_get_registry()
-    # log the request
-    if logger:
-        logger.debug(msg=_log_init(request=request))
-    # process the callback operation
-    errors: list[str] = []
-    token_data: tuple[str, str] = _service_callback(registry=registry,
-                                                    args=request.args,
-                                                    errors=errors,
-                                                    logger=logger)
-    result: Response
-    if errors:
-        result = jsonify({"errors": "; ".join(errors)})
-        result.status_code = 400
-    else:
-        result = jsonify({
-            "user_id": token_data[0],
-            "access_token": token_data[1]})
-    # log the response
-    if logger:
-        logger.debug(msg=f"Response {result}")
-    return result
+    Retrieve an authentication token for *user_id*.
-# @flask_app.route(rule=<token_endpoint>,  # JUSBR_TOKEN_ENDPOINT: /iam/jusbr:get-token
-#                  methods=["GET"])
-# @flask_app.route(rule=<token_endpoint>,  # JUSBR_TOKEN_ENDPOINT: /iam/jusbr:get-token
-#                  methods=["GET"])
-def service_token() -> Response:
-    """
-    Entry point for retrieving the JusBR token.
-    :return: the response containing the token, or *UNAUTHORIZED*
+    :param iam_server: identifies the *IAM* server
+    :param user_id: identifies the user
+    :param errors: incidental errors
+    :param logger: optional logger
+    :return: the uthentication tokem
     """
-    logger: Logger
-    registry: dict[str, Any]
-    if request.endpoint == "jusbr-token":
-        logger = _jusbr_get_logger()
-        registry = _jusbr_get_registry()
-    else:
-        logger = _keycloak_get_logger()
-        registry = _keycloak_get_registry()
-    # log the request
-    if logger:
-        logger.debug(msg=_log_init(request=request))
+    # declare the return variable
+    result: str
     # retrieve the token
-    errors: list[str] = []
-    token: str = _service_token(registry=registry,
-                                args=request.args,
-                                errors=errors,
-                                logger=logger)
-    result: Response
-    if token:
-        result = jsonify({"token": token})
-    else:
-        result = Response("; ".join(errors))
-        result.status_code = 401
-    # log the response
-    if logger:
-        logger.debug(msg=f"Response {result}")
+    args: dict[str, Any] = {"user-id": user_id}
+    with _iam_lock:
+        result = action_token(iam_server=iam_server,
+                              args=args,
+                              errors=errors,
+                              logger=logger)
     return result

pypomes-iam 0.2.3__py3-none-any.whl → 0.7.0__py3-none-any.whl

Potentially problematic release.

pypomes-iam 0.2.3py3-none-any.whl → 0.7.0py3-none-any.whl