pypomes-iam 0.3.8__tar.gz → 0.4.0__tar.gz

{pypomes_iam-0.3.8 → pypomes_iam-0.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_iam
-Version: 0.3.8
+Version: 0.4.0
 Summary: A collection of Python pomes, penyeach (IAM modules)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues

{pypomes_iam-0.3.8 → pypomes_iam-0.4.0}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "pypomes_iam"
-version = "0.3.8"
+version = "0.4.0"
 authors = [
   { name="GT Nunes", email="wisecoder01@gmail.com" }
 ]

{pypomes_iam-0.3.8 → pypomes_iam-0.4.0}/src/pypomes_iam/__init__.py

@@ -1,8 +1,11 @@
 from .iam_pomes import (
-    IamServer, logger_register,
+    IamServer,
     login_callback, token_exchange,
     user_login, user_logout, user_token
 )
+from .iam_services import (
+     logger_register
+)
 from .jusbr_pomes import (
     jusbr_setup, jusbr_get_token
 )
@@ -18,9 +21,11 @@ from .token_pomes import (
 
 __all__ = [
     # iam_pomes
-    "IamServer", "logger_register",
+    "IamServer",
     "login_callback", "token_exchange",
     "user_login", "user_logout", "user_token",
+    # iam_services
+    "logger_register",
     # jusbr_pomes
     "jusbr_setup", "jusbr_get_token",
     # keycloak_pomes

{pypomes_iam-0.3.8 → pypomes_iam-0.4.0}/src/pypomes_iam/iam_common.py

@@ -17,10 +17,6 @@ class IamServer(StrEnum):
     IAM_KEYCLOAK = "iam-keycloak"
 
 
-# the logger for IAM service operations
-# (used exclusively at the HTTP endpoint - all other functions receive the lgger as parameter)
-__IAM_LOGGER: Logger | None = None
-
 # registry structure:
 # { <IamServer>:
 #    {
@@ -58,28 +54,6 @@ _IAM_SERVERS: Final[dict[IamServer, dict[str, Any]]] = {}
 _iam_lock: Final[Lock] = Lock()
 
 
-def _get_logger() -> Logger | None:
-    """
-    Retrieve the registered logger for *IAM* operations.
-
-    This function is invoked exclusively from the HTTP endpoints.
-    All other functions receive the logger as parameter.
-
-    :return: the registered logger for *IAM* operations.
-    """
-    return __IAM_LOGGER
-
-
-def _register_logger(logger: Logger) -> None:
-    """
-    Register the logger for *IAM* operations
-
-    :param logger: the logger to be rergistered
-    """
-    global __IAM_LOGGER
-    __IAM_LOGGER = logger
-
-
 def _get_public_key(iam_server: IamServer,
                     errors: list[str] | None,
                     logger: Logger | None) -> str:

{pypomes_iam-0.3.8 → pypomes_iam-0.4.0}/src/pypomes_iam/iam_pomes.py

@@ -10,21 +10,12 @@ from typing import Any
 
 from .iam_common import (
     IamServer, _iam_lock,
-    _register_logger, _get_iam_users, _get_iam_registry,
+    _get_iam_users, _get_iam_registry,
     _get_login_timeout, _get_user_data, _get_public_key
 )
 from .token_pomes import token_validate
 
 
-def logger_register(logger: Logger) -> None:
-    """
-    Register the logger for IAM operations.
-
-    :param logger: the logger to be registered
-    """
-    _register_logger(logger=logger)
-
-
 def user_login(iam_server: IamServer,
                args: dict[str, Any],
                errors: list[str] = None,

{pypomes_iam-0.3.8 → pypomes_iam-0.4.0}/src/pypomes_iam/iam_services.py

@@ -3,15 +3,26 @@ from flask import Request, Response, request, jsonify
 from logging import Logger
 from typing import Any
 
-from .iam_common import (
-    IamServer, _iam_lock,
-    _get_logger, _get_iam_server
-)
+from .iam_common import IamServer, _iam_lock, _get_iam_server
 from .iam_pomes import (
     user_login, user_logout,
     user_token, token_exchange, login_callback
 )
 
+# the logger for IAM service operations
+# (used exclusively at the HTTP endpoints - all other functions receive the logger as parameter)
+__IAM_LOGGER: Logger | None = None
+
+
+def logger_register(logger: Logger) -> None:
+    """
+    Register the logger for HTTP services.
+
+    :param logger: the logger to be registered
+    """
+    global __IAM_LOGGER
+    __IAM_LOGGER = logger
+
 
 # @flask_app.route(rule=<login_endpoint>,  # JUSBR_ENDPOINT_LOGIN
 #                  methods=["GET"])
@@ -28,24 +39,22 @@ def service_login() -> Response:
     # declare the return variable
     result: Response | None = None
 
-    # retrieve the operations's logger
-    logger: Logger = _get_logger()
-    if logger:
-        # log the request
-        logger.debug(msg=_log_init(request=request))
+    # log the request
+    if __IAM_LOGGER:
+        __IAM_LOGGER.debug(msg=_log_init(request=request))
 
     errors: list[str] = []
     with _iam_lock:
         # retrieve the IAM server
         iam_server: IamServer = _get_iam_server(endpoint=request.endpoint,
                                                 errors=errors,
-                                                logger=logger)
+                                                logger=__IAM_LOGGER)
         if iam_server:
             # obtain the login URL
             login_data: dict[str,  str] = user_login(iam_server=iam_server,
                                                      args=request.args,
                                                      errors=errors,
-                                                     logger=logger)
+                                                     logger=__IAM_LOGGER)
             if login_data:
                 result = jsonify(login_data)
 
@@ -54,8 +63,8 @@ def service_login() -> Response:
         result.status_code = 400
 
     # log the response
-    if logger:
-        logger.debug(msg=f"Response {result}")
+    if __IAM_LOGGER:
+        __IAM_LOGGER.debug(msg=f"Response {result}")
 
     return result
 
@@ -75,24 +84,22 @@ def service_logout() -> Response:
     # declare the return variable
     result: Response | None
 
-    # retrieve the operations's logger
-    logger: Logger = _get_logger()
-    if logger:
-        # log the request
-        logger.debug(msg=_log_init(request=request))
+    # log the request
+    if __IAM_LOGGER:
+        __IAM_LOGGER.debug(msg=_log_init(request=request))
 
     errors: list[str] = []
     with _iam_lock:
         # retrieve the IAM server
         iam_server: IamServer = _get_iam_server(endpoint=request.endpoint,
                                                 errors=errors,
-                                                logger=logger)
+                                                logger=__IAM_LOGGER)
         if iam_server:
             # logout the user
             user_logout(iam_server=iam_server,
                         args=request.args,
                         errors=errors,
-                        logger=logger)
+                        logger=__IAM_LOGGER)
     if errors:
         result = Response("; ".join(errors))
         result.status_code = 400
@@ -100,8 +107,8 @@ def service_logout() -> Response:
         result = Response(status=204)
 
     # log the response
-    if logger:
-        logger.debug(msg=f"Response {result}")
+    if __IAM_LOGGER:
+        __IAM_LOGGER.debug(msg=f"Response {result}")
 
     return result
 
@@ -126,11 +133,9 @@ def service_callback() -> Response:
 
     :return: *Response* containing the reference user identification and the token, or *BAD REQUEST*
     """
-    # retrieve the operations's logger
-    logger: Logger = _get_logger()
-    if logger:
-        # log the request
-        logger.debug(msg=_log_init(request=request))
+    # log the request
+    if __IAM_LOGGER:
+        __IAM_LOGGER.debug(msg=_log_init(request=request))
 
     errors: list[str] = []
     token_data: tuple[str, str] | None = None
@@ -138,25 +143,25 @@ def service_callback() -> Response:
         # retrieve the IAM server
         iam_server: IamServer = _get_iam_server(endpoint=request.endpoint,
                                                 errors=errors,
-                                                logger=logger)
+                                                logger=__IAM_LOGGER)
         if iam_server:
             # process the callback operation
             token_data = login_callback(iam_server=iam_server,
                                         args=request.args,
                                         errors=errors,
-                                        logger=logger)
+                                        logger=__IAM_LOGGER)
     result: Response
     if errors:
         result = jsonify({"errors": "; ".join(errors)})
         result.status_code = 400
-        if logger:
-            logger.error(msg=json.dumps(obj=result))
+        if __IAM_LOGGER:
+            __IAM_LOGGER.error(msg=json.dumps(obj=result))
     else:
         result = jsonify({"user-id": token_data[0],
                           "token": token_data[1]})
     # log the response
-    if logger:
-        logger.debug(msg=f"Response {result}")
+    if __IAM_LOGGER:
+        __IAM_LOGGER.debug(msg=f"Response {result}")
 
     return result
 
@@ -177,11 +182,9 @@ def service_token() -> Response:
 
     :return: *Response* containing the user reference identification and the token, or *BAD REQUEST*
     """
-    # retrieve the operations's logger
-    logger: Logger = _get_logger()
-    if logger:
-        # log the request
-        logger.debug(msg=_log_init(request=request))
+    # log the request
+    if __IAM_LOGGER:
+        __IAM_LOGGER.debug(msg=_log_init(request=request))
 
     # obtain the user's identification
     args: dict[str, Any] = request.args
@@ -194,19 +197,19 @@ def service_token() -> Response:
             # retrieve the IAM server
             iam_server: IamServer = _get_iam_server(endpoint=request.endpoint,
                                                     errors=errors,
-                                                    logger=logger)
+                                                    logger=__IAM_LOGGER)
             if iam_server:
                 # retrieve the token
                 errors: list[str] = []
                 token: str = user_token(iam_server=iam_server,
                                         args=args,
                                         errors=errors,
-                                        logger=logger)
+                                        logger=__IAM_LOGGER)
     else:
         msg: str = "User identification not provided"
         errors.append(msg)
-        if logger:
-            logger.error(msg=msg)
+        if __IAM_LOGGER:
+            __IAM_LOGGER.error(msg=msg)
 
     result: Response
     if errors:
@@ -216,8 +219,8 @@ def service_token() -> Response:
         result = jsonify({"user-id": user_id,
                           "token": token})
     # log the response
-    if logger:
-        logger.debug(msg=f"Response {result}")
+    if __IAM_LOGGER:
+        __IAM_LOGGER.debug(msg=f"Response {result}")
 
     return result
 
@@ -247,18 +250,16 @@ def service_exchange() -> Response:
 
     :return: *Response* containing the token data, or *BAD REQUEST*
     """
-    # retrieve the operations's logger
-    logger: Logger = _get_logger()
-    if logger:
-        # log the request
-        logger.debug(msg=_log_init(request=request))
+    # log the request
+    if __IAM_LOGGER:
+        __IAM_LOGGER.debug(msg=_log_init(request=request))
 
     errors: list[str] = []
     with _iam_lock:
         # retrieve the IAM server (currently, only 'IAM_KEYCLOAK' is supported)
         iam_server: IamServer = _get_iam_server(endpoint=request.endpoint,
                                                 errors=errors,
-                                                logger=logger)
+                                                logger=__IAM_LOGGER)
         # exchange the token
         token_data: dict[str, Any] | None = None
         if iam_server:
@@ -266,7 +267,7 @@ def service_exchange() -> Response:
             token_data = token_exchange(iam_server=iam_server,
                                         args=request.args,
                                         errors=errors,
-                                        logger=logger)
+                                        logger=__IAM_LOGGER)
     result: Response
     if errors:
         result = Response("; ".join(errors))
@@ -275,8 +276,8 @@ def service_exchange() -> Response:
         result = jsonify(token_data)
 
     # log the response
-    if logger:
-        logger.debug(msg=f"Response {result}")
+    if __IAM_LOGGER:
+        __IAM_LOGGER.debug(msg=f"Response {result}")
 
     return result
 

{pypomes_iam-0.3.8 → pypomes_iam-0.4.0}/src/pypomes_iam/jusbr_pomes.py

@@ -31,32 +31,32 @@ JUSBR_URL_AUTH_BASE: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_URL_AUTH_
 
 
 def jusbr_setup(flask_app: Flask,
+                base_url: str = JUSBR_URL_AUTH_BASE,
                 client_id: str = JUSBR_CLIENT_ID,
                 client_secret: str = JUSBR_CLIENT_SECRET,
                 client_timeout: int = JUSBR_CLIENT_TIMEOUT,
-                public_key_lifetime: int = JUSBR_PUBLIC_KEY_LIFETIME,
-                recipient_attribute: str = JUSBR_RECIPIENT_ATTR,
-                callback_endpoint: str = JUSBR_ENDPOINT_CALLBACK,
-                token_endpoint: str = JUSBR_ENDPOINT_TOKEN,
-                login_endpoint: str = JUSBR_ENDPOINT_LOGIN,
-                logout_endpoint: str = JUSBR_ENDPOINT_LOGOUT,
-                base_url: str = JUSBR_URL_AUTH_BASE) -> None:
+                public_key_lifetime: int | None = JUSBR_PUBLIC_KEY_LIFETIME,
+                recipient_attribute: str | None = JUSBR_RECIPIENT_ATTR,
+                callback_endpoint: str | None = JUSBR_ENDPOINT_CALLBACK,
+                login_endpoint: str | None = JUSBR_ENDPOINT_LOGIN,
+                logout_endpoint: str | None = JUSBR_ENDPOINT_LOGOUT,
+                token_endpoint: str | None = JUSBR_ENDPOINT_TOKEN) -> None:
     """
     Configure the JusBR IAM.
 
     This should be invoked only once, before the first access to a JusBR service.
 
     :param flask_app: the Flask application
+    :param base_url: base URL to request JusBR services
     :param client_id: the client's identification with JusBR
     :param client_secret: the client's password with JusBR
     :param client_timeout: timeout for login authentication (in seconds,defaults to no timeout)
     :param public_key_lifetime: how long to use JusBR's public key, before refreshing it (in seconds)
     :param recipient_attribute: attribute in the token's payload holding the token's subject
     :param callback_endpoint: endpoint for the callback from JusBR
-    :param token_endpoint: endpoint for retrieving JusBR's authentication token
     :param login_endpoint: endpoint for redirecting user to JusBR's login page
     :param logout_endpoint: endpoint for terminating user access to JusBR
-    :param base_url: base URL to request JusBR services
+    :param token_endpoint: endpoint for retrieving JusBR's authentication token
     """
     from .iam_services import service_login, service_logout, service_callback, service_token
 
@@ -77,6 +77,11 @@ def jusbr_setup(flask_app: Flask,
         }
 
     # establish the endpoints
+    if callback_endpoint:
+        flask_app.add_url_rule(rule=callback_endpoint,
+                               endpoint="jusbr-callback",
+                               view_func=service_callback,
+                               methods=["GET"])
     if login_endpoint:
         flask_app.add_url_rule(rule=login_endpoint,
                                endpoint="jusbr-login",
@@ -87,11 +92,6 @@ def jusbr_setup(flask_app: Flask,
                                endpoint="jusbr-logout",
                                view_func=service_logout,
                                methods=["GET"])
-    if callback_endpoint:
-        flask_app.add_url_rule(rule=callback_endpoint,
-                               endpoint="jusbr-callback",
-                               view_func=service_callback,
-                               methods=["GET"])
     if token_endpoint:
         flask_app.add_url_rule(rule=token_endpoint,
                                endpoint="jusbr-token",

{pypomes_iam-0.3.8 → pypomes_iam-0.4.0}/src/pypomes_iam/keycloak_pomes.py

@@ -34,36 +34,36 @@ KEYCLOAK_URL_AUTH_BASE: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_URL
 
 
 def keycloak_setup(flask_app: Flask,
+                   base_url: str = KEYCLOAK_URL_AUTH_BASE,
+                   realm: str = KEYCLOAK_REALM,
                    client_id: str = KEYCLOAK_CLIENT_ID,
                    client_secret: str = KEYCLOAK_CLIENT_SECRET,
                    client_timeout: int = KEYCLOAK_CLIENT_TIMEOUT,
-                   public_key_lifetime: int = KEYCLOAK_PUBLIC_KEY_LIFETIME,
-                   recipient_attribute: str = KEYCLOAK_RECIPIENT_ATTR,
-                   realm: str = KEYCLOAK_REALM,
-                   callback_endpoint: str = KEYCLOAK_ENDPOINT_CALLBACK,
-                   exchange_endpoint: str = KEYCLOAK_ENDPOINT_EXCHANGE,
-                   login_endpoint: str = KEYCLOAK_ENDPOINT_LOGIN,
-                   logout_endpoint: str = KEYCLOAK_ENDPOINT_LOGOUT,
-                   token_endpoint: str = KEYCLOAK_ENDPOINT_TOKEN,
-                   base_url: str = KEYCLOAK_URL_AUTH_BASE) -> None:
+                   public_key_lifetime: int | None = KEYCLOAK_PUBLIC_KEY_LIFETIME,
+                   recipient_attribute: str | None = KEYCLOAK_RECIPIENT_ATTR,
+                   callback_endpoint: str | None = KEYCLOAK_ENDPOINT_CALLBACK,
+                   login_endpoint: str | None = KEYCLOAK_ENDPOINT_LOGIN,
+                   logout_endpoint: str | None = KEYCLOAK_ENDPOINT_LOGOUT,
+                   token_endpoint: str | None = KEYCLOAK_ENDPOINT_TOKEN,
+                   exchange_endpoint: str | None = KEYCLOAK_ENDPOINT_EXCHANGE) -> None:
     """
     Configure the Keycloak IAM.
 
     This should be invoked only once, before the first access to a Keycloak service.
 
     :param flask_app: the Flask application
+    :param base_url: base URL to request Keycloak services
+    :param realm: the Keycloak realm
     :param client_id: the client's identification with JusBR
     :param client_secret: the client's password with JusBR
     :param client_timeout: timeout for login authentication (in seconds,defaults to no timeout)
     :param public_key_lifetime: how long to use Keycloak's public key, before refreshing it (in seconds)
     :param recipient_attribute: attribute in the token's payload holding the token's subject
-    :param realm: the Keycloak realm
     :param callback_endpoint: endpoint for the callback from the front end
-    :param exchange_endpoint: endpoint fro requesting token exchange
-    :param token_endpoint: endpoint for retrieving Keycloak's authentication token
     :param login_endpoint: endpoint for redirecting user to Keycloak's login page
     :param logout_endpoint: endpoint for terminating user access to Keycloak
-    :param base_url: base URL to request Keycloak services
+    :param token_endpoint: endpoint for retrieving Keycloak's authentication token
+    :param exchange_endpoint: endpoint for requesting token exchange
     """
     from .iam_services import (
         service_login, service_logout, service_callback, service_exchange, service_token
@@ -86,6 +86,11 @@ def keycloak_setup(flask_app: Flask,
         }
 
     # establish the endpoints
+    if callback_endpoint:
+        flask_app.add_url_rule(rule=callback_endpoint,
+                               endpoint="keycloak-callback",
+                               view_func=service_callback,
+                               methods=["GET"])
     if login_endpoint:
         flask_app.add_url_rule(rule=login_endpoint,
                                endpoint="keycloak-login",
@@ -96,11 +101,6 @@ def keycloak_setup(flask_app: Flask,
                                endpoint="keycloak-logout",
                                view_func=service_logout,
                                methods=["GET"])
-    if callback_endpoint:
-        flask_app.add_url_rule(rule=callback_endpoint,
-                               endpoint="keycloak-callback",
-                               view_func=service_callback,
-                               methods=["GET"])
     if token_endpoint:
         flask_app.add_url_rule(rule=token_endpoint,
                                endpoint="keycloak-token",