pypomes-iam 0.4.1__py3-none-any.whl → 0.4.2__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of pypomes-iam might be problematic. Click here for more details.
- pypomes_iam/iam_common.py +1 -1
- pypomes_iam/iam_pomes.py +21 -11
- pypomes_iam/iam_services.py +27 -11
- {pypomes_iam-0.4.1.dist-info → pypomes_iam-0.4.2.dist-info}/METADATA +1 -1
- pypomes_iam-0.4.2.dist-info/RECORD +12 -0
- pypomes_iam-0.4.1.dist-info/RECORD +0 -12
- {pypomes_iam-0.4.1.dist-info → pypomes_iam-0.4.2.dist-info}/WHEEL +0 -0
- {pypomes_iam-0.4.1.dist-info → pypomes_iam-0.4.2.dist-info}/licenses/LICENSE +0 -0
pypomes_iam/iam_common.py
CHANGED
|
@@ -159,7 +159,7 @@ def _get_user_data(iam_server: IamServer,
|
|
|
159
159
|
users: dict[str, dict[str, Any]] = _get_iam_users(iam_server=iam_server,
|
|
160
160
|
errors=errors,
|
|
161
161
|
logger=logger)
|
|
162
|
-
if users:
|
|
162
|
+
if isinstance(users, dict):
|
|
163
163
|
result = users.get(user_id)
|
|
164
164
|
if not result:
|
|
165
165
|
result = {
|
pypomes_iam/iam_pomes.py
CHANGED
|
@@ -5,6 +5,7 @@ import string
|
|
|
5
5
|
import sys
|
|
6
6
|
from datetime import datetime
|
|
7
7
|
from logging import Logger
|
|
8
|
+
from urllib import parse
|
|
8
9
|
from pypomes_core import TZ_LOCAL, exc_format
|
|
9
10
|
from typing import Any
|
|
10
11
|
|
|
@@ -19,9 +20,17 @@ from .token_pomes import token_validate
|
|
|
19
20
|
def user_login(iam_server: IamServer,
|
|
20
21
|
args: dict[str, Any],
|
|
21
22
|
errors: list[str] = None,
|
|
22
|
-
logger: Logger = None) ->
|
|
23
|
+
logger: Logger = None) -> str:
|
|
23
24
|
"""
|
|
24
|
-
Build the
|
|
25
|
+
Build the URL for redirecting the request to *iam_server*'s authentication page.
|
|
26
|
+
|
|
27
|
+
These are the expected attributes in *args*:
|
|
28
|
+
- user-id: optional, identifies the reference user (aliases: 'user_id', 'login')
|
|
29
|
+
- redirect-uri: a parameter to be added to the query part of the returned URL
|
|
30
|
+
|
|
31
|
+
If provided, the user identification will be validated against the authorization data
|
|
32
|
+
returned by *iam_server* upon login. On success, the appropriate URL for invoking
|
|
33
|
+
the IAM server's authentication page is returned.
|
|
25
34
|
|
|
26
35
|
:param iam_server: the reference registered *IAM* server
|
|
27
36
|
:param args: the arguments passed when requesting the service
|
|
@@ -30,7 +39,7 @@ def user_login(iam_server: IamServer,
|
|
|
30
39
|
:return: the callback URL, with the appropriate parameters, of *None* if error
|
|
31
40
|
"""
|
|
32
41
|
# initialize the return variable
|
|
33
|
-
result:
|
|
42
|
+
result: str | None = None
|
|
34
43
|
|
|
35
44
|
# obtain the optional user's identification
|
|
36
45
|
user_id: str = args.get("user-id") or args.get("user_id") or args.get("login")
|
|
@@ -61,11 +70,11 @@ def user_login(iam_server: IamServer,
|
|
|
61
70
|
logger=logger)
|
|
62
71
|
if registry:
|
|
63
72
|
registry["redirect-uri"] = redirect_uri
|
|
64
|
-
result =
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
73
|
+
result = parse.quote(f"{registry["base-url"]}/protocol/openid-connect/auth"
|
|
74
|
+
f"?response_type=code&scope=openid"
|
|
75
|
+
f"&client_id={registry["client-id"]}"
|
|
76
|
+
f"&redirect_uri={redirect_uri}"
|
|
77
|
+
f"&state={oauth_state}")
|
|
69
78
|
return result
|
|
70
79
|
|
|
71
80
|
|
|
@@ -77,7 +86,8 @@ def user_logout(iam_server: IamServer,
|
|
|
77
86
|
Logout the user, by removing all data associating it from *iam_server*'s registry.
|
|
78
87
|
|
|
79
88
|
The user is identified by the attribute *user-id*, *user_id*, or "login", provided in *args*.
|
|
80
|
-
If
|
|
89
|
+
If successful, remove all data relating to the user from the *IAM* server's registry.
|
|
90
|
+
Otherwise, this operation fails silently, unless an error has ocurred.
|
|
81
91
|
|
|
82
92
|
:param iam_server: the reference registered *IAM* server
|
|
83
93
|
:param args: the arguments passed when requesting the service
|
|
@@ -192,7 +202,7 @@ def login_callback(iam_server: IamServer,
|
|
|
192
202
|
"""
|
|
193
203
|
Entry point for the callback from *iam_server* via the front-end application, on authentication operations.
|
|
194
204
|
|
|
195
|
-
The relevant arguments
|
|
205
|
+
The relevant expected arguments in *args* are:
|
|
196
206
|
- *state*: used to enhance security during the authorization process, typically to provide *CSRF* protection
|
|
197
207
|
- *code*: the temporary authorization code, to be exchanged for the token
|
|
198
208
|
|
|
@@ -264,7 +274,7 @@ def token_exchange(iam_server: IamServer,
|
|
|
264
274
|
Request *iam_server* to issue a token in exchange for the token obtained from another *IAM* server.
|
|
265
275
|
|
|
266
276
|
The expected parameters in *args* are:
|
|
267
|
-
-
|
|
277
|
+
- user-id: identification for the reference user (aliases: 'user_id', 'login')
|
|
268
278
|
- token: the token to be exchanged
|
|
269
279
|
|
|
270
280
|
The typical data set returned contains the following attributes:
|
pypomes_iam/iam_services.py
CHANGED
|
@@ -32,7 +32,16 @@ def service_login() -> Response:
|
|
|
32
32
|
"""
|
|
33
33
|
Entry point for the IAM server's login service.
|
|
34
34
|
|
|
35
|
-
|
|
35
|
+
These are the expected request parameters:
|
|
36
|
+
- user-id: optional, identifies the reference user (aliases: 'user_id', 'login')
|
|
37
|
+
- redirect-uri: a parameter to be added to the query part of the returned URL
|
|
38
|
+
|
|
39
|
+
If provided, the user identification will be validated against the authorization data
|
|
40
|
+
returned by *iam_server* upon login. On success, the following JSON, containing the appropriate
|
|
41
|
+
URL for invoking the IAM server's authentication page, is returned:
|
|
42
|
+
{
|
|
43
|
+
"login-url": <login-url>
|
|
44
|
+
}
|
|
36
45
|
|
|
37
46
|
:return: *Response* with the URL for invoking the IAM server's authentication page, or *BAD REQUEST* if error
|
|
38
47
|
"""
|
|
@@ -51,13 +60,12 @@ def service_login() -> Response:
|
|
|
51
60
|
logger=__IAM_LOGGER)
|
|
52
61
|
if iam_server:
|
|
53
62
|
# obtain the login URL
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
if
|
|
59
|
-
result = jsonify(
|
|
60
|
-
|
|
63
|
+
login_url: str = user_login(iam_server=iam_server,
|
|
64
|
+
args=request.args,
|
|
65
|
+
errors=errors,
|
|
66
|
+
logger=__IAM_LOGGER)
|
|
67
|
+
if login_url:
|
|
68
|
+
result = jsonify({"login-url": login_url})
|
|
61
69
|
if errors:
|
|
62
70
|
result = Response("; ".join(errors))
|
|
63
71
|
result.status_code = 400
|
|
@@ -77,7 +85,9 @@ def service_logout() -> Response:
|
|
|
77
85
|
"""
|
|
78
86
|
Entry point for the JusBR logout service.
|
|
79
87
|
|
|
80
|
-
|
|
88
|
+
The user is identified by the attribute *user-id*, *user_id*, or "login", provided as a request parameter.
|
|
89
|
+
If successful, remove all data relating to the user from the *IAM* server's registry.
|
|
90
|
+
Otherwise, this operation fails silently, unless an error has ocurred.
|
|
81
91
|
|
|
82
92
|
:return: *Response NO CONTENT*, or *BAD REQUEST* if error
|
|
83
93
|
"""
|
|
@@ -125,6 +135,10 @@ def service_callback() -> Response:
|
|
|
125
135
|
*IAM* server's login page, forwarding the data received. In a typical OAuth2 flow faction,
|
|
126
136
|
this data is then used to effectively obtain the token from the *IAM* server.
|
|
127
137
|
|
|
138
|
+
The relevant expected request arguments are:
|
|
139
|
+
- *state*: used to enhance security during the authorization process, typically to provide *CSRF* protection
|
|
140
|
+
- *code*: the temporary authorization code, to be exchanged for the token
|
|
141
|
+
|
|
128
142
|
On success, the returned *Response* will contain the following JSON:
|
|
129
143
|
{
|
|
130
144
|
"user-id": <reference-user-identification>,
|
|
@@ -174,6 +188,8 @@ def service_token() -> Response:
|
|
|
174
188
|
"""
|
|
175
189
|
Entry point for retrieving a token from the *IAM* server.
|
|
176
190
|
|
|
191
|
+
The user is identified by the attribute *user-id*, *user_id*, or "login", provided as a request parameter.
|
|
192
|
+
|
|
177
193
|
On success, the returned *Response* will contain the following JSON:
|
|
178
194
|
{
|
|
179
195
|
"user-id": <reference-user-identification>,
|
|
@@ -232,8 +248,8 @@ def service_exchange() -> Response:
|
|
|
232
248
|
Entry point for requesting the *IAM* server to exchange the token.
|
|
233
249
|
|
|
234
250
|
This is currently limited to the *KEYCLOAK* server. The token itself is stored in *KEYCLOAK*'s registry.
|
|
235
|
-
The expected parameters
|
|
236
|
-
-
|
|
251
|
+
The expected request parameters are:
|
|
252
|
+
- user-id: identification for the reference user (aliases: 'user_id', 'login')
|
|
237
253
|
- token: the token to be exchanged
|
|
238
254
|
|
|
239
255
|
If the exchange is successful, the token data is stored in the *IAM* server's registry, and returned.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: pypomes_iam
|
|
3
|
-
Version: 0.4.
|
|
3
|
+
Version: 0.4.2
|
|
4
4
|
Summary: A collection of Python pomes, penyeach (IAM modules)
|
|
5
5
|
Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
|
|
6
6
|
Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
pypomes_iam/__init__.py,sha256=KX_QLdqAD-dNUl3G1mDeutxL9e58S9OsMoJlrgM9R28,1027
|
|
2
|
+
pypomes_iam/iam_common.py,sha256=RRWWhoqJZTx8sOHF-wQsu5yymMxAi5LB46Wz3kN54lQ,9348
|
|
3
|
+
pypomes_iam/iam_pomes.py,sha256=b84W-2qxaEUEFiPjCF5S2UxEs6RasM2pOE_-U0yyV78,24282
|
|
4
|
+
pypomes_iam/iam_services.py,sha256=cNmnBd98ixd4o_4wyimRoY0QyUJ2Fm5UB1sTW8YBl6k,11578
|
|
5
|
+
pypomes_iam/jusbr_pomes.py,sha256=G-COBstBeQeD7dPgvf2MI1E8r2-ACHHwzhyfsphhKgw,5758
|
|
6
|
+
pypomes_iam/keycloak_pomes.py,sha256=JxVVFdhXJypK5x9ocn7283pB1xJbS-yPgStkSFS12HM,6775
|
|
7
|
+
pypomes_iam/provider_pomes.py,sha256=vfVaLGYCKSAjoB58CTw4hnUQHriMONHql_5hxjCEeHE,6358
|
|
8
|
+
pypomes_iam/token_pomes.py,sha256=1g6PMNNMbmdwLrsvSXvpO8-zdRhso1IFnwAyndNmV4Q,5332
|
|
9
|
+
pypomes_iam-0.4.2.dist-info/METADATA,sha256=_30PGiVrgDhSRLMofmHyvHuCacNuOXJsZhBt7y4R3Bs,694
|
|
10
|
+
pypomes_iam-0.4.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
|
|
11
|
+
pypomes_iam-0.4.2.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
|
|
12
|
+
pypomes_iam-0.4.2.dist-info/RECORD,,
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
pypomes_iam/__init__.py,sha256=KX_QLdqAD-dNUl3G1mDeutxL9e58S9OsMoJlrgM9R28,1027
|
|
2
|
-
pypomes_iam/iam_common.py,sha256=S_xTRwnF-zzAVTKaH1oaY34kn8YRvWEqvGvO6peF8-Q,9330
|
|
3
|
-
pypomes_iam/iam_pomes.py,sha256=s0bvf4zAt4-zZbfPw7Y_nACEK50Qq4ZDhEleEHbiWO8,23748
|
|
4
|
-
pypomes_iam/iam_services.py,sha256=81GrfIg-Hc_lK4BAotSkfopzSzkmuRce_aPNKdvyNnI,10612
|
|
5
|
-
pypomes_iam/jusbr_pomes.py,sha256=G-COBstBeQeD7dPgvf2MI1E8r2-ACHHwzhyfsphhKgw,5758
|
|
6
|
-
pypomes_iam/keycloak_pomes.py,sha256=JxVVFdhXJypK5x9ocn7283pB1xJbS-yPgStkSFS12HM,6775
|
|
7
|
-
pypomes_iam/provider_pomes.py,sha256=vfVaLGYCKSAjoB58CTw4hnUQHriMONHql_5hxjCEeHE,6358
|
|
8
|
-
pypomes_iam/token_pomes.py,sha256=1g6PMNNMbmdwLrsvSXvpO8-zdRhso1IFnwAyndNmV4Q,5332
|
|
9
|
-
pypomes_iam-0.4.1.dist-info/METADATA,sha256=orzkuYJMdb3gsVyfhTqcut8ZZHyVF8NJREcFeb53GUw,694
|
|
10
|
-
pypomes_iam-0.4.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
|
|
11
|
-
pypomes_iam-0.4.1.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
|
|
12
|
-
pypomes_iam-0.4.1.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|