pypomes-iam 0.4.4__py3-none-any.whl → 0.4.6__py3-none-any.whl

pypomes_iam/iam_common.py

@@ -28,8 +28,7 @@ class IamServer(StrEnum):
 #       "pk-lifetime": <int>,
 #       "pk-expiration": <int>,
 #       "base-url": <str>,
-#       "cache": <FIFOCache>,
-#       "redirect-uri": <str>  <-- transient
+#       "cache": <FIFOCache>
 #    },
 #    ...
 # }
@@ -41,8 +40,10 @@ class IamServer(StrEnum):
 #          "refresh-token": <str>
 #          "access-expiration": <timestamp>,
 #          "refresh-expiration": <timestamp>,
-#          "login-expiration": <timestamp>,    <-- transient
-#          "login-id": <str>,                  <-- transient
+#          # transient attributes:
+#          "login-expiration": <timestamp>,
+#          "login-id": <str>,
+#          "redirect-uri": <str>
 #       }
 #    },
 #   ...

pypomes_iam/iam_pomes.py

@@ -62,13 +62,13 @@ def user_login(iam_server: IamServer,
                 user_data["login-expiration"] = int(datetime.now(tz=TZ_LOCAL).timestamp()) + timeout \
                     if timeout else None
                 redirect_uri: str = args.get("redirect-uri")
+                user_data["redirect-uri"] = redirect_uri
 
                 # build the login url
                 registry: dict[str, Any] = _get_iam_registry(iam_server=iam_server,
                                                              errors=errors,
                                                              logger=logger)
                 if registry:
-                    registry["redirect-uri"] = redirect_uri
                     result = (f"{registry["base-url"]}/protocol/openid-connect/auth"
                               f"?response_type=code&scope=openid"
                               f"&client_id={registry["client-id"]}"
@@ -203,7 +203,7 @@ def login_callback(iam_server: IamServer,
 
     The relevant expected arguments in *args* are:
         - *state*: used to enhance security during the authorization process, typically to provide *CSRF* protection
-        - *code*: the temporary authorization code, to be exchanged for the token
+        - *code*: the temporary authorization code provided by *iam_server*, to be exchanged for the token
 
     :param iam_server: the reference registered *IAM* server
     :param args: the arguments passed when requesting the service
@@ -215,11 +215,10 @@ def login_callback(iam_server: IamServer,
     result: tuple[str, str] | None = None
 
     with _iam_lock:
-        # retrieve the IAM server's registry and the data for all users therein
-        registry: dict[str, Any] = _get_iam_registry(iam_server=iam_server,
-                                                     errors=errors,
-                                                     logger=logger)
-        users: dict[str, dict[str, Any]] = (registry["cache"]["users"] or {}) if registry else {}
+        # retrieve the IAM server's data for all users
+        users: dict[str, dict[str, Any]] = _get_iam_users(iam_server=iam_server,
+                                                          errors=errors,
+                                                          logger=logger) or {}
         # retrieve the OAuth2 state
         oauth_state: str = args.get("state")
         user_data: dict[str, Any] | None = None
@@ -240,7 +239,7 @@ def login_callback(iam_server: IamServer,
                 body_data: dict[str, Any] = {
                     "grant_type": "authorization_code",
                     "code": code,
-                    "redirect_uri": registry["redirect-uri"]
+                    "redirect_uri": user_data.pop("redirect-uri")
                 }
                 now: int = int(datetime.now(tz=TZ_LOCAL).timestamp())
                 token_data: dict[str, Any] = __post_for_token(iam_server=iam_server,
@@ -256,7 +255,7 @@ def login_callback(iam_server: IamServer,
                                                   errors=errors,
                                                   logger=logger)
         else:
-            msg: str = "Unknown state received"
+            msg: str = f"State '{oauth_state}' not found in {iam_server}'s registry"
             if logger:
                 logger.error(msg=msg)
             if isinstance(errors, list):
@@ -399,14 +398,16 @@ def __post_for_token(iam_server: IamServer,
             # complete the data to send in body of request
             body_data["client_id"] = registry["client-id"]
             client_secret: str = registry["client-secret"]
-            if client_secret:
-                body_data["client_secret"] = client_secret
 
             # obtain the token
             url: str = registry["base-url"] + "/protocol/openid-connect/token"
+
+            # log the POST ('client_secret' data must not be shown in log)
             if logger:
                 logger.debug(msg=f"POST '{url}', data {json.dumps(obj=body_data,
                                                                   ensure_ascii=False)}")
+            if client_secret:
+                body_data["client_secret"] = client_secret
             try:
                 # typical return on a token request:
                 # {

pypomes_iam/iam_services.py

@@ -72,7 +72,7 @@ def service_login() -> Response:
 
     # log the response
     if __IAM_LOGGER:
-        __IAM_LOGGER.debug(msg=f"Response {result}")
+        __IAM_LOGGER.debug(msg=f"Response {result}, {result.get_data(as_text=True)}")
 
     return result
 
@@ -137,7 +137,7 @@ def service_callback() -> Response:
 
     The relevant expected request arguments are:
         - *state*: used to enhance security during the authorization process, typically to provide *CSRF* protection
-        - *code*: the temporary authorization code, to be exchanged for the token
+        - *code*: the temporary authorization code provided by the IAM server, to be exchanged for the token
 
     On success, the returned *Response* will contain the following JSON:
         {
@@ -173,7 +173,7 @@ def service_callback() -> Response:
                           "token": token_data[1]})
     # log the response
     if __IAM_LOGGER:
-        __IAM_LOGGER.debug(msg=f"Response {result}")
+        __IAM_LOGGER.debug(msg=f"Response {result}, {result.get_data(as_text=True)}")
 
     return result
 
@@ -234,7 +234,7 @@ def service_token() -> Response:
                           "token": token})
     # log the response
     if __IAM_LOGGER:
-        __IAM_LOGGER.debug(msg=f"Response {result}")
+        __IAM_LOGGER.debug(msg=f"Response {result}, {result.get_data(as_text=True)}")
 
     return result
 
@@ -291,7 +291,7 @@ def service_exchange() -> Response:
 
     # log the response
     if __IAM_LOGGER:
-        __IAM_LOGGER.debug(msg=f"Response {result}")
+        __IAM_LOGGER.debug(msg=f"Response {result}, {result.get_data(as_text=True)}")
 
     return result
 

pypomes_iam/jusbr_pomes.py

@@ -72,8 +72,7 @@ def jusbr_setup(flask_app: Flask,
             "base-url": base_url,
             "pk-expiration": sys.maxsize,
             "pk-lifetime": public_key_lifetime,
-            "cache": cache,
-            "redirect-uri": None
+            "cache": cache
         }
 
     # establish the endpoints

pypomes_iam/keycloak_pomes.py

@@ -81,8 +81,7 @@ def keycloak_setup(flask_app: Flask,
             "base-url": f"{base_url}/realms/{realm}",
             "pk-expiration": sys.maxsize,
             "pk-lifetime": public_key_lifetime,
-            "cache": cache,
-            "redirect-uri": None
+            "cache": cache
         }
 
     # establish the endpoints

{pypomes_iam-0.4.4.dist-info → pypomes_iam-0.4.6.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_iam
-Version: 0.4.4
+Version: 0.4.6
 Summary: A collection of Python pomes, penyeach (IAM modules)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues

pypomes_iam-0.4.6.dist-info/RECORD

@@ -0,0 +1,12 @@
+pypomes_iam/__init__.py,sha256=KX_QLdqAD-dNUl3G1mDeutxL9e58S9OsMoJlrgM9R28,1027
+pypomes_iam/iam_common.py,sha256=duAi5kUpJZTm_66DcamdARLIIhfTvFZLuLcNd4QPel8,9323
+pypomes_iam/iam_pomes.py,sha256=JkvdDZbkcg-xfwcYeUHpvVfpaLcd1pHnCfaVY2NlUyo,24240
+pypomes_iam/iam_services.py,sha256=lNJUwJHGGdcTKtbSzdGH5FeD9yjvXGYjNHApuzyXgxc,11651
+pypomes_iam/jusbr_pomes.py,sha256=lZ_NhHbYj17hI9o_hdxvGiKaIlxRu3y1jVypb57VX4E,5723
+pypomes_iam/keycloak_pomes.py,sha256=GSqCEa82r5t0Rz9Tp5GI0eJHjfA3dqufgFZIzOO_Z2o,6740
+pypomes_iam/provider_pomes.py,sha256=vfVaLGYCKSAjoB58CTw4hnUQHriMONHql_5hxjCEeHE,6358
+pypomes_iam/token_pomes.py,sha256=1g6PMNNMbmdwLrsvSXvpO8-zdRhso1IFnwAyndNmV4Q,5332
+pypomes_iam-0.4.6.dist-info/METADATA,sha256=wKKN0cityUzE8n6OoxFEmjcIaVaULSrgPCnF0bWeZok,694
+pypomes_iam-0.4.6.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+pypomes_iam-0.4.6.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
+pypomes_iam-0.4.6.dist-info/RECORD,,

pypomes_iam-0.4.4.dist-info/RECORD

@@ -1,12 +0,0 @@
-pypomes_iam/__init__.py,sha256=KX_QLdqAD-dNUl3G1mDeutxL9e58S9OsMoJlrgM9R28,1027
-pypomes_iam/iam_common.py,sha256=RRWWhoqJZTx8sOHF-wQsu5yymMxAi5LB46Wz3kN54lQ,9348
-pypomes_iam/iam_pomes.py,sha256=9VXp2qq80hop7vb8echAlvpCnAE2zKilEUd7aA3Y6xA,24201
-pypomes_iam/iam_services.py,sha256=jZVMp37KYuV1C0YWG1yZ3vCoMmW95vkR7b4qASXhjyI,11492
-pypomes_iam/jusbr_pomes.py,sha256=G-COBstBeQeD7dPgvf2MI1E8r2-ACHHwzhyfsphhKgw,5758
-pypomes_iam/keycloak_pomes.py,sha256=JxVVFdhXJypK5x9ocn7283pB1xJbS-yPgStkSFS12HM,6775
-pypomes_iam/provider_pomes.py,sha256=vfVaLGYCKSAjoB58CTw4hnUQHriMONHql_5hxjCEeHE,6358
-pypomes_iam/token_pomes.py,sha256=1g6PMNNMbmdwLrsvSXvpO8-zdRhso1IFnwAyndNmV4Q,5332
-pypomes_iam-0.4.4.dist-info/METADATA,sha256=FiPANYywqOSOlBTww7wW2AICPia3ULbplX4WCzDdgcs,694
-pypomes_iam-0.4.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-pypomes_iam-0.4.4.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
-pypomes_iam-0.4.4.dist-info/RECORD,,