pypomes-iam 0.4.8__tar.gz → 0.4.9__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of pypomes-iam might be problematic. Click here for more details.
- {pypomes_iam-0.4.8 → pypomes_iam-0.4.9}/PKG-INFO +1 -1
- {pypomes_iam-0.4.8 → pypomes_iam-0.4.9}/pyproject.toml +1 -1
- {pypomes_iam-0.4.8 → pypomes_iam-0.4.9}/src/pypomes_iam/iam_common.py +4 -4
- {pypomes_iam-0.4.8 → pypomes_iam-0.4.9}/src/pypomes_iam/iam_pomes.py +23 -24
- {pypomes_iam-0.4.8 → pypomes_iam-0.4.9}/src/pypomes_iam/provider_pomes.py +27 -12
- {pypomes_iam-0.4.8 → pypomes_iam-0.4.9}/.gitignore +0 -0
- {pypomes_iam-0.4.8 → pypomes_iam-0.4.9}/LICENSE +0 -0
- {pypomes_iam-0.4.8 → pypomes_iam-0.4.9}/README.md +0 -0
- {pypomes_iam-0.4.8 → pypomes_iam-0.4.9}/src/pypomes_iam/__init__.py +0 -0
- {pypomes_iam-0.4.8 → pypomes_iam-0.4.9}/src/pypomes_iam/iam_services.py +0 -0
- {pypomes_iam-0.4.8 → pypomes_iam-0.4.9}/src/pypomes_iam/jusbr_pomes.py +0 -0
- {pypomes_iam-0.4.8 → pypomes_iam-0.4.9}/src/pypomes_iam/keycloak_pomes.py +0 -0
- {pypomes_iam-0.4.8 → pypomes_iam-0.4.9}/src/pypomes_iam/token_pomes.py +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: pypomes_iam
|
|
3
|
-
Version: 0.4.
|
|
3
|
+
Version: 0.4.9
|
|
4
4
|
Summary: A collection of Python pomes, penyeach (IAM modules)
|
|
5
5
|
Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
|
|
6
6
|
Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues
|
|
@@ -20,14 +20,14 @@ class IamServer(StrEnum):
|
|
|
20
20
|
# registry structure:
|
|
21
21
|
# { <IamServer>:
|
|
22
22
|
# {
|
|
23
|
+
# "base-url": <str>,
|
|
23
24
|
# "client-id": <str>,
|
|
24
25
|
# "client-secret": <str>,
|
|
25
26
|
# "client-timeout": <int>,
|
|
26
27
|
# "recipient-attr": <str>,
|
|
27
|
-
# "
|
|
28
|
+
# "public-key": <str>,
|
|
28
29
|
# "pk-lifetime": <int>,
|
|
29
30
|
# "pk-expiration": <int>,
|
|
30
|
-
# "base-url": <str>,
|
|
31
31
|
# "cache": <FIFOCache>
|
|
32
32
|
# },
|
|
33
33
|
# ...
|
|
@@ -80,7 +80,7 @@ def _get_public_key(iam_server: IamServer,
|
|
|
80
80
|
# obtain a new public key
|
|
81
81
|
url: str = f"{registry["base-url"]}/protocol/openid-connect/certs"
|
|
82
82
|
if logger:
|
|
83
|
-
logger.debug(msg=f"GET
|
|
83
|
+
logger.debug(msg=f"GET {url}")
|
|
84
84
|
try:
|
|
85
85
|
response: requests.Response = requests.get(url=url)
|
|
86
86
|
if response.status_code == 200:
|
|
@@ -96,7 +96,7 @@ def _get_public_key(iam_server: IamServer,
|
|
|
96
96
|
elif logger:
|
|
97
97
|
msg: str = f"GET failure, status {response.status_code}, reason '{response.reason}'"
|
|
98
98
|
if hasattr(response, "content") and response.content:
|
|
99
|
-
msg += f", content
|
|
99
|
+
msg += f", content {response.content}"
|
|
100
100
|
logger.error(msg=msg)
|
|
101
101
|
if isinstance(errors, list):
|
|
102
102
|
errors.append(msg)
|
|
@@ -11,7 +11,7 @@ from typing import Any
|
|
|
11
11
|
from .iam_common import (
|
|
12
12
|
IamServer, _iam_lock,
|
|
13
13
|
_get_iam_users, _get_iam_registry,
|
|
14
|
-
_get_login_timeout, _get_user_data, _get_public_key
|
|
14
|
+
_get_login_timeout, _get_user_data, # _get_public_key
|
|
15
15
|
)
|
|
16
16
|
from .token_pomes import token_validate
|
|
17
17
|
|
|
@@ -404,8 +404,8 @@ def __post_for_token(iam_server: IamServer,
|
|
|
404
404
|
|
|
405
405
|
# log the POST ('client_secret' data must not be shown in log)
|
|
406
406
|
if logger:
|
|
407
|
-
logger.debug(msg=f"POST
|
|
408
|
-
|
|
407
|
+
logger.debug(msg=f"POST {url}, {json.dumps(obj=body_data,
|
|
408
|
+
ensure_ascii=False)}")
|
|
409
409
|
if client_secret:
|
|
410
410
|
body_data["client_secret"] = client_secret
|
|
411
411
|
try:
|
|
@@ -486,25 +486,24 @@ def __validate_and_store(iam_server: IamServer,
|
|
|
486
486
|
user_data["access-expiration"] = now + token_data.get("expires_in")
|
|
487
487
|
refresh_exp: int = user_data.get("refresh_expires_in")
|
|
488
488
|
user_data["refresh-expiration"] = (now + refresh_exp) if refresh_exp else sys.maxsize
|
|
489
|
-
public_key: str = _get_public_key(iam_server=iam_server,
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
|
|
506
|
-
if
|
|
507
|
-
|
|
508
|
-
|
|
509
|
-
result = (user_id, token)
|
|
489
|
+
# public_key: str = _get_public_key(iam_server=iam_server,
|
|
490
|
+
# errors=errors,
|
|
491
|
+
# logger=logger)
|
|
492
|
+
recipient_attr = registry["recipient-attr"]
|
|
493
|
+
login_id = user_data.pop("login-id", None)
|
|
494
|
+
claims: dict[str, dict[str, Any]] = token_validate(token=token,
|
|
495
|
+
issuer=registry["base-url"],
|
|
496
|
+
recipient_id=login_id,
|
|
497
|
+
recipient_attr=recipient_attr,
|
|
498
|
+
# public_key=public_key,
|
|
499
|
+
errors=errors,
|
|
500
|
+
logger=logger)
|
|
501
|
+
if claims:
|
|
502
|
+
users: dict[str, dict[str, Any]] = _get_iam_users(iam_server=iam_server,
|
|
503
|
+
errors=errors,
|
|
504
|
+
logger=logger)
|
|
505
|
+
if users:
|
|
506
|
+
user_id: str = login_id if login_id else claims["payload"][recipient_attr]
|
|
507
|
+
users[user_id] = user_data
|
|
508
|
+
result = (user_id, token)
|
|
510
509
|
return result
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import json
|
|
1
2
|
import requests
|
|
2
3
|
import sys
|
|
3
4
|
from base64 import b64encode
|
|
@@ -16,8 +17,8 @@ from typing import Any, Final
|
|
|
16
17
|
# "basic-auth": <bool>,
|
|
17
18
|
# "headers-data": <dict[str, str]>,
|
|
18
19
|
# "body-data": <dict[str, str],
|
|
19
|
-
# "token": <str>,
|
|
20
|
-
# "expiration": <timestamp>
|
|
20
|
+
# "access-token": <str>,
|
|
21
|
+
# "access-expiration": <timestamp>
|
|
21
22
|
# }
|
|
22
23
|
# }
|
|
23
24
|
_provider_registry: Final[dict[str, dict[str, Any]]] = {}
|
|
@@ -63,8 +64,10 @@ def provider_register(provider_id: str,
|
|
|
63
64
|
"custom-auth": custom_auth,
|
|
64
65
|
"headers-data": headers_data,
|
|
65
66
|
"body-data": body_data,
|
|
66
|
-
"token": None,
|
|
67
|
-
"expiration":
|
|
67
|
+
"access-token": None,
|
|
68
|
+
"access-expiration": 0,
|
|
69
|
+
"refresh-token": None,
|
|
70
|
+
"refresh-expiration": 0
|
|
68
71
|
}
|
|
69
72
|
|
|
70
73
|
|
|
@@ -88,7 +91,7 @@ def provider_get_token(provider_id: str,
|
|
|
88
91
|
provider: dict[str, Any] = _provider_registry.get(provider_id)
|
|
89
92
|
if provider:
|
|
90
93
|
now: float = datetime.now(tz=TZ_LOCAL).timestamp()
|
|
91
|
-
if now > provider.get("expiration"):
|
|
94
|
+
if now > provider.get("access-expiration"):
|
|
92
95
|
user: str = provider.get("user")
|
|
93
96
|
pwd: str = provider.get("pwd")
|
|
94
97
|
headers_data: dict[str, str] = provider.get("headers-data") or {}
|
|
@@ -101,6 +104,9 @@ def provider_get_token(provider_id: str,
|
|
|
101
104
|
enc_bytes: bytes = b64encode(f"{user}:{pwd}".encode())
|
|
102
105
|
headers_data["Authorization"] = f"Basic {enc_bytes.decode()}"
|
|
103
106
|
url: str = provider.get("url")
|
|
107
|
+
if logger:
|
|
108
|
+
logger.debug(msg=f"POST {url}, {json.dumps(obj=body_data,
|
|
109
|
+
ensure_ascii=False)}")
|
|
104
110
|
try:
|
|
105
111
|
# typical return on a token request:
|
|
106
112
|
# {
|
|
@@ -117,19 +123,28 @@ def provider_get_token(provider_id: str,
|
|
|
117
123
|
timeout=None)
|
|
118
124
|
if response.status_code < 200 or response.status_code >= 300:
|
|
119
125
|
# request resulted in error, report the problem
|
|
120
|
-
err_msg = (f"POST
|
|
121
|
-
f"status {response.status_code}, reason
|
|
126
|
+
err_msg = (f"POST failure, "
|
|
127
|
+
f"status {response.status_code}, reason {response.reason}")
|
|
122
128
|
else:
|
|
129
|
+
# request succeeded
|
|
130
|
+
if logger:
|
|
131
|
+
logger.debug(msg=f"POST success, status {response.status_code}")
|
|
123
132
|
reply: dict[str, Any] = response.json()
|
|
124
|
-
provider["token"] = reply.get("access_token")
|
|
125
|
-
provider["expiration"] = now + int(reply.get("expires_in"))
|
|
133
|
+
provider["access-token"] = reply.get("access_token")
|
|
134
|
+
provider["access-expiration"] = now + int(reply.get("expires_in"))
|
|
135
|
+
if reply.get("refresh_token"):
|
|
136
|
+
provider["refresh-token"] = reply["refesh_token"]
|
|
137
|
+
if reply.get("refresh_expires_in"):
|
|
138
|
+
provider["refresh-expiration"] = now + int(reply.get("refresh_expires_in"))
|
|
139
|
+
else:
|
|
140
|
+
provider["refresh-expiration"] = sys.maxsize
|
|
126
141
|
if logger:
|
|
127
|
-
logger.debug(msg=f"POST
|
|
142
|
+
logger.debug(msg=f"POST {url}: status {response.status_code}")
|
|
128
143
|
except Exception as e:
|
|
129
144
|
# the operation raised an exception
|
|
130
145
|
err_msg = exc_format(exc=e,
|
|
131
146
|
exc_info=sys.exc_info())
|
|
132
|
-
err_msg = f"POST
|
|
147
|
+
err_msg = f"POST error, '{err_msg}'"
|
|
133
148
|
else:
|
|
134
149
|
err_msg: str = f"Provider '{provider_id}' not registered"
|
|
135
150
|
|
|
@@ -139,7 +154,7 @@ def provider_get_token(provider_id: str,
|
|
|
139
154
|
if logger:
|
|
140
155
|
logger.error(msg=err_msg)
|
|
141
156
|
else:
|
|
142
|
-
result = provider.get("token")
|
|
157
|
+
result = provider.get("access-token")
|
|
143
158
|
|
|
144
159
|
return result
|
|
145
160
|
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|