pypomes-iam 0.4.1__py3-none-any.whl → 0.4.3__py3-none-any.whl

pypomes_iam/iam_common.py

@@ -159,7 +159,7 @@ def _get_user_data(iam_server: IamServer,
     users: dict[str, dict[str, Any]] = _get_iam_users(iam_server=iam_server,
                                                       errors=errors,
                                                       logger=logger)
-    if users:
+    if isinstance(users, dict):
         result = users.get(user_id)
         if not result:
             result = {

pypomes_iam/iam_pomes.py

@@ -5,6 +5,7 @@ import string
 import sys
 from datetime import datetime
 from logging import Logger
+from urllib import parse
 from pypomes_core import TZ_LOCAL, exc_format
 from typing import Any
 
@@ -19,9 +20,17 @@ from .token_pomes import token_validate
 def user_login(iam_server: IamServer,
                args: dict[str, Any],
                errors: list[str] = None,
-               logger: Logger = None) -> dict[str, str]:
+               logger: Logger = None) -> str:
     """
-    Build the callback URL for redirecting the request to *iam_server*'s authentication page.
+    Build the URL for redirecting the request to *iam_server*'s authentication page.
+
+    These are the expected attributes in *args*:
+        - user-id: optional, identifies the reference user (aliases: 'user_id', 'login')
+        - redirect-uri: a parameter to be added to the query part of the returned URL
+
+    If provided, the user identification will be validated against the authorization data
+    returned by *iam_server* upon login. On success, the appropriate URL for invoking
+    the IAM server's authentication page is returned.
 
     :param iam_server: the reference registered *IAM* server
     :param args: the arguments passed when requesting the service
@@ -30,7 +39,7 @@ def user_login(iam_server: IamServer,
     :return: the callback URL, with the appropriate parameters, of *None* if error
     """
     # initialize the return variable
-    result: dict[str, str] | None = None
+    result: str | None = None
 
     # obtain the optional user's identification
     user_id: str = args.get("user-id") or args.get("user_id") or args.get("login")
@@ -61,11 +70,11 @@ def user_login(iam_server: IamServer,
                                                              logger=logger)
                 if registry:
                     registry["redirect-uri"] = redirect_uri
-                    result = {"login-url": (f"{registry["base-url"]}/protocol/openid-connect/auth"
-                                            f"?response_type=code&scope=openid"
-                                            f"&client_id={registry["client-id"]}"
-                                            f"&redirect_uri={redirect_uri}"
-                                            f"&state={oauth_state}")}
+                    result = parse.quote(f"{registry["base-url"]}/protocol/openid-connect/auth"
+                                         f"?response_type=code&scope=openid"
+                                         f"&client_id={registry["client-id"]}"
+                                         f"&redirect_uri={redirect_uri}"
+                                         f"&state={oauth_state}")
     return result
 
 
@@ -77,7 +86,8 @@ def user_logout(iam_server: IamServer,
     Logout the user, by removing all data associating it from *iam_server*'s registry.
 
     The user is identified by the attribute *user-id*, *user_id*, or "login", provided in *args*.
-    If unsuccessful, this operation fails silently, unless an error has ocurred.
+    If successful, remove all data relating to the user from the *IAM* server's registry.
+    Otherwise, this operation fails silently, unless an error has ocurred.
 
     :param iam_server: the reference registered *IAM* server
     :param args: the arguments passed when requesting the service
@@ -192,7 +202,7 @@ def login_callback(iam_server: IamServer,
     """
     Entry point for the callback from *iam_server* via the front-end application, on authentication operations.
 
-    The relevant arguments received are:
+    The relevant expected arguments in *args* are:
         - *state*: used to enhance security during the authorization process, typically to provide *CSRF* protection
         - *code*: the temporary authorization code, to be exchanged for the token
 
@@ -264,7 +274,7 @@ def token_exchange(iam_server: IamServer,
     Request *iam_server* to issue a token in exchange for the token obtained from another *IAM* server.
 
     The expected parameters in *args* are:
-        - client-id: identification for the reference user (aliases: 'client_id', 'login')
+        - user-id: identification for the reference user (aliases: 'user_id', 'login')
         - token: the token to be exchanged
 
     The typical data set returned contains the following attributes:

pypomes_iam/iam_services.py

@@ -32,7 +32,16 @@ def service_login() -> Response:
     """
     Entry point for the IAM server's login service.
 
-    Return the URL for invoking the IAM server's authentication page, with the appropriate parameters.
+    These are the expected request parameters:
+        - user-id: optional, identifies the reference user (aliases: 'user_id', 'login')
+        - redirect-uri: a parameter to be added to the query part of the returned URL
+
+    If provided, the user identification will be validated against the authorization data
+    returned by *iam_server* upon login. On success, the following JSON, containing the appropriate
+    URL for invoking the IAM server's authentication page, is returned:
+        {
+            "login-url": <login-url>
+        }
 
     :return: *Response* with the URL for invoking the IAM server's authentication page, or *BAD REQUEST* if error
     """
@@ -51,13 +60,12 @@ def service_login() -> Response:
                                                 logger=__IAM_LOGGER)
         if iam_server:
             # obtain the login URL
-            login_data: dict[str,  str] = user_login(iam_server=iam_server,
-                                                     args=request.args,
-                                                     errors=errors,
-                                                     logger=__IAM_LOGGER)
-            if login_data:
-                result = jsonify(login_data)
-
+            login_url: str = user_login(iam_server=iam_server,
+                                        args=request.args,
+                                        errors=errors,
+                                        logger=__IAM_LOGGER)
+            if login_url:
+                result = jsonify({"login-url": login_url})
     if errors:
         result = Response("; ".join(errors))
         result.status_code = 400
@@ -77,7 +85,9 @@ def service_logout() -> Response:
     """
     Entry point for the JusBR logout service.
 
-    Remove all data associating the user from the *IAM* server's registry.
+    The user is identified by the attribute *user-id*, *user_id*, or "login", provided as a request parameter.
+    If successful, remove all data relating to the user from the *IAM* server's registry.
+    Otherwise, this operation fails silently, unless an error has ocurred.
 
     :return: *Response NO CONTENT*, or *BAD REQUEST* if error
     """
@@ -125,6 +135,10 @@ def service_callback() -> Response:
     *IAM* server's login page, forwarding the data received. In a typical OAuth2 flow faction,
     this data is then used to effectively obtain the token from the *IAM* server.
 
+    The relevant expected request arguments are:
+        - *state*: used to enhance security during the authorization process, typically to provide *CSRF* protection
+        - *code*: the temporary authorization code, to be exchanged for the token
+
     On success, the returned *Response* will contain the following JSON:
         {
             "user-id": <reference-user-identification>,
@@ -154,8 +168,6 @@ def service_callback() -> Response:
     if errors:
         result = jsonify({"errors": "; ".join(errors)})
         result.status_code = 400
-        if __IAM_LOGGER:
-            __IAM_LOGGER.error(msg=json.dumps(obj=result))
     else:
         result = jsonify({"user-id": token_data[0],
                           "token": token_data[1]})
@@ -174,6 +186,8 @@ def service_token() -> Response:
     """
     Entry point for retrieving a token from the *IAM* server.
 
+    The user is identified by the attribute *user-id*, *user_id*, or "login", provided as a request parameter.
+
     On success, the returned *Response* will contain the following JSON:
         {
             "user-id": <reference-user-identification>,
@@ -232,8 +246,8 @@ def service_exchange() -> Response:
     Entry point for requesting the *IAM* server to exchange the token.
 
     This is currently limited to the *KEYCLOAK* server. The token itself is stored in *KEYCLOAK*'s registry.
-    The expected parameters in the request are:
-        - client-id: identification for the reference user (aliases: 'client_id', 'login')
+    The expected request parameters are:
+        - user-id: identification for the reference user (aliases: 'user_id', 'login')
         - token: the token to be exchanged
 
     If the exchange is successful, the token data is stored in the *IAM* server's registry, and returned.

{pypomes_iam-0.4.1.dist-info → pypomes_iam-0.4.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_iam
-Version: 0.4.1
+Version: 0.4.3
 Summary: A collection of Python pomes, penyeach (IAM modules)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues

pypomes_iam-0.4.3.dist-info/RECORD

@@ -0,0 +1,12 @@
+pypomes_iam/__init__.py,sha256=KX_QLdqAD-dNUl3G1mDeutxL9e58S9OsMoJlrgM9R28,1027
+pypomes_iam/iam_common.py,sha256=RRWWhoqJZTx8sOHF-wQsu5yymMxAi5LB46Wz3kN54lQ,9348
+pypomes_iam/iam_pomes.py,sha256=b84W-2qxaEUEFiPjCF5S2UxEs6RasM2pOE_-U0yyV78,24282
+pypomes_iam/iam_services.py,sha256=jZVMp37KYuV1C0YWG1yZ3vCoMmW95vkR7b4qASXhjyI,11492
+pypomes_iam/jusbr_pomes.py,sha256=G-COBstBeQeD7dPgvf2MI1E8r2-ACHHwzhyfsphhKgw,5758
+pypomes_iam/keycloak_pomes.py,sha256=JxVVFdhXJypK5x9ocn7283pB1xJbS-yPgStkSFS12HM,6775
+pypomes_iam/provider_pomes.py,sha256=vfVaLGYCKSAjoB58CTw4hnUQHriMONHql_5hxjCEeHE,6358
+pypomes_iam/token_pomes.py,sha256=1g6PMNNMbmdwLrsvSXvpO8-zdRhso1IFnwAyndNmV4Q,5332
+pypomes_iam-0.4.3.dist-info/METADATA,sha256=iXiArH1kwovRmjxJa0vPImF59b8R0CeN_HtD-CaBr8A,694
+pypomes_iam-0.4.3.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+pypomes_iam-0.4.3.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
+pypomes_iam-0.4.3.dist-info/RECORD,,

pypomes_iam-0.4.1.dist-info/RECORD

@@ -1,12 +0,0 @@
-pypomes_iam/__init__.py,sha256=KX_QLdqAD-dNUl3G1mDeutxL9e58S9OsMoJlrgM9R28,1027
-pypomes_iam/iam_common.py,sha256=S_xTRwnF-zzAVTKaH1oaY34kn8YRvWEqvGvO6peF8-Q,9330
-pypomes_iam/iam_pomes.py,sha256=s0bvf4zAt4-zZbfPw7Y_nACEK50Qq4ZDhEleEHbiWO8,23748
-pypomes_iam/iam_services.py,sha256=81GrfIg-Hc_lK4BAotSkfopzSzkmuRce_aPNKdvyNnI,10612
-pypomes_iam/jusbr_pomes.py,sha256=G-COBstBeQeD7dPgvf2MI1E8r2-ACHHwzhyfsphhKgw,5758
-pypomes_iam/keycloak_pomes.py,sha256=JxVVFdhXJypK5x9ocn7283pB1xJbS-yPgStkSFS12HM,6775
-pypomes_iam/provider_pomes.py,sha256=vfVaLGYCKSAjoB58CTw4hnUQHriMONHql_5hxjCEeHE,6358
-pypomes_iam/token_pomes.py,sha256=1g6PMNNMbmdwLrsvSXvpO8-zdRhso1IFnwAyndNmV4Q,5332
-pypomes_iam-0.4.1.dist-info/METADATA,sha256=orzkuYJMdb3gsVyfhTqcut8ZZHyVF8NJREcFeb53GUw,694
-pypomes_iam-0.4.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-pypomes_iam-0.4.1.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
-pypomes_iam-0.4.1.dist-info/RECORD,,