pypomes-iam 0.3.4__tar.gz → 0.3.6__tar.gz

{pypomes_iam-0.3.4 → pypomes_iam-0.3.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_iam
-Version: 0.3.4
+Version: 0.3.6
 Summary: A collection of Python pomes, penyeach (IAM modules)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues

{pypomes_iam-0.3.4 → pypomes_iam-0.3.6}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "pypomes_iam"
-version = "0.3.4"
+version = "0.3.6"
 authors = [
   { name="GT Nunes", email="wisecoder01@gmail.com" }
 ]

{pypomes_iam-0.3.4 → pypomes_iam-0.3.6}/src/pypomes_iam/iam_common.py

@@ -1,12 +1,11 @@
-import json
 import requests
 import sys
-from cachetools import Cache
 from datetime import datetime
 from enum import StrEnum
 from logging import Logger
 from pypomes_core import TZ_LOCAL, exc_format
 from pypomes_crypto import crypto_jwk_convert
+from threading import Lock
 from typing import Any, Final
 
 
@@ -18,7 +17,8 @@ class IamServer(StrEnum):
     IAM_KEYCLOAK = "iam-keycloak"
 
 
-# the logger for IAM operations
+# the logger for IAM service operations
+# (used exclusively at the HTTP endpoint - all other functions receive the lgger as parameter)
 __IAM_LOGGER: Logger | None = None
 
 # registry structure:
@@ -53,11 +53,18 @@ __IAM_LOGGER: Logger | None = None
 # }
 _IAM_SERVERS: Final[dict[IamServer, dict[str, Any]]] = {}
 
+# the lock protecting the data in '_IAM_SERVER'
+# (because it is 'Final' and set at declaration time, it can be accessed through simple imports)
+_iam_lock: Final[Lock] = Lock()
+
 
 def _get_logger() -> Logger | None:
     """
     Retrieve the registered logger for *IAM* operations.
 
+    This function is invoked exclusively from the HTTP endpoints.
+    All other functions receive the logger as parameter.
+
     :return: the registered logger for *IAM* operations.
     """
     return __IAM_LOGGER
@@ -175,11 +182,10 @@ def _get_user_data(iam_server: IamServer,
     # initialize the return variable
     result: dict[str, Any] | None = None
 
-    cache: Cache = _get_iam_cache(iam_server=iam_server,
-                                  errors=errors,
-                                  logger=logger)
-    if cache:
-        users: dict[str, dict[str, Any]] = cache.get("users")
+    users: dict[str, dict[str, Any]] = _get_iam_users(iam_server=iam_server,
+                                                      errors=errors,
+                                                      logger=logger)
+    if users:
         result = users.get(user_id)
         if not result:
             result = {
@@ -256,9 +262,9 @@ def _get_iam_registry(iam_server: IamServer,
     return result
 
 
-def _get_iam_cache(iam_server: IamServer,
+def _get_iam_users(iam_server: IamServer,
                    errors: list[str] | None,
-                   logger: Logger | None) -> Cache:
+                   logger: Logger | None) -> dict[str, dict[str, Any]]:
     """
     Retrieve the cache storage in *iam_server*'s registry.
 
@@ -270,97 +276,4 @@ def _get_iam_cache(iam_server: IamServer,
     registry: dict[str, Any] = _get_iam_registry(iam_server=iam_server,
                                                  errors=errors,
                                                  logger=logger)
-    return registry["cache"] if registry else None
-
-
-def _post_for_token(iam_server: IamServer,
-                    body_data: dict[str, Any],
-                    errors: list[str] | None,
-                    logger: Logger | None) -> dict[str, Any] | None:
-    """
-    Send a POST request to obtain the authentication token data, and return the data received.
-
-    For token acquisition, *body_data* will have the attributes:
-        - "grant_type": "authorization_code"
-        - "code": <16-character-random-code>
-        - "redirect_uri": <redirect-uri>
-
-    For token refresh, *body_data* will have the attributes:
-        - "grant_type": "refresh_token"
-        - "refresh_token": <current-refresh-token>
-
-    For token exchange, *body_data* will have the attributes:
-        - "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
-        - "subject_token": <token-to-be-exchanged>,
-        - "subject_token_type": "urn:ietf:params:oauth:token-type:access_token",
-        - "requested_token_type": "urn:ietf:params:oauth:token-type:access_token",
-        - "audience": <client-id>,
-        - "subject_issuer": "oidc"
-
-    These attributes are then added to *body_data*:
-        - "client_id": <client-id>,
-        - "client_secret": <client-secret>,
-
-    If the operation is successful, the token data is stored in the registry.
-    Otherwise, *errors* will contain the appropriate error message.
-
-    :param iam_server: the reference registered *IAM* server
-    :param body_data: the data to send in the body of the request
-    :param errors: incidental errors
-    :param logger: optional logger
-    :return: the access token obtained, or *None* if error
-    """
-    # initialize the return variable
-    result: dict[str, Any] | None = None
-
-    # PBTAIN THE iam SERVER'S REGISTRY
-    registry: dict[str, Any] = _get_iam_registry(iam_server=iam_server,
-                                                 errors=errors,
-                                                 logger=logger)
-    err_msg: str | None = None
-    if registry:
-        # complete the data to send in body of request
-        body_data["client_id"] = registry["client-id"]
-        client_secret: str = registry["client-secret"]
-        if client_secret:
-            body_data["client_secret"] = client_secret
-
-        # obtain the token
-        url: str = registry["base-url"] + "/protocol/openid-connect/token"
-        if logger:
-            logger.debug(msg=f"POST '{url}', data {json.dumps(obj=body_data,
-                                                              ensure_ascii=False)}")
-        try:
-            # typical return on a token request:
-            # {
-            #   "token_type": "Bearer",
-            #   "access_token": <str>,
-            #   "expires_in": <number-of-seconds>,
-            #   "refresh_token": <str>,
-            #   "refesh_expires_in": <number-of-seconds>
-            # }
-            response: requests.Response = requests.post(url=url,
-                                                        data=body_data)
-            if response.status_code == 200:
-                # request succeeded
-                if logger:
-                    logger.debug(msg=f"POST success, status {response.status_code}")
-                result = response.json()
-            else:
-                # request resulted in error
-                err_msg = f"POST failure, status {response.status_code}, reason '{response.reason}'"
-                if hasattr(response, "content") and response.content:
-                    err_msg += f", content '{response.content}'"
-                if logger:
-                    logger.error(msg=err_msg)
-        except Exception as e:
-            # the operation raised an exception
-            err_msg = exc_format(exc=e,
-                                 exc_info=sys.exc_info())
-            if logger:
-                logger.error(msg=err_msg)
-
-    if err_msg and isinstance(errors, list):
-        errors.append(err_msg)
-
-    return result
+    return registry["cache"]["users"] if registry else None