pypomes-iam 0.4.9__tar.gz → 0.5.1__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {pypomes_iam-0.4.9 → pypomes_iam-0.5.1}/PKG-INFO +1 -1
- {pypomes_iam-0.4.9 → pypomes_iam-0.5.1}/pyproject.toml +1 -1
- {pypomes_iam-0.4.9 → pypomes_iam-0.5.1}/src/pypomes_iam/iam_common.py +1 -1
- {pypomes_iam-0.4.9 → pypomes_iam-0.5.1}/src/pypomes_iam/iam_pomes.py +17 -15
- {pypomes_iam-0.4.9 → pypomes_iam-0.5.1}/src/pypomes_iam/iam_services.py +10 -10
- {pypomes_iam-0.4.9 → pypomes_iam-0.5.1}/.gitignore +0 -0
- {pypomes_iam-0.4.9 → pypomes_iam-0.5.1}/LICENSE +0 -0
- {pypomes_iam-0.4.9 → pypomes_iam-0.5.1}/README.md +0 -0
- {pypomes_iam-0.4.9 → pypomes_iam-0.5.1}/src/pypomes_iam/__init__.py +0 -0
- {pypomes_iam-0.4.9 → pypomes_iam-0.5.1}/src/pypomes_iam/jusbr_pomes.py +0 -0
- {pypomes_iam-0.4.9 → pypomes_iam-0.5.1}/src/pypomes_iam/keycloak_pomes.py +0 -0
- {pypomes_iam-0.4.9 → pypomes_iam-0.5.1}/src/pypomes_iam/provider_pomes.py +0 -0
- {pypomes_iam-0.4.9 → pypomes_iam-0.5.1}/src/pypomes_iam/token_pomes.py +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: pypomes_iam
|
|
3
|
-
Version: 0.
|
|
3
|
+
Version: 0.5.1
|
|
4
4
|
Summary: A collection of Python pomes, penyeach (IAM modules)
|
|
5
5
|
Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
|
|
6
6
|
Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues
|
|
@@ -198,7 +198,7 @@ def _get_iam_server(endpoint: str,
|
|
|
198
198
|
result = IamServer.IAM_KEYCLOAK
|
|
199
199
|
else:
|
|
200
200
|
result = None
|
|
201
|
-
msg: str = f"
|
|
201
|
+
msg: str = f"Unable to find a IAM server to service endpoint '{endpoint}'"
|
|
202
202
|
if logger:
|
|
203
203
|
logger.error(msg=msg)
|
|
204
204
|
if isinstance(errors, list):
|
|
@@ -24,7 +24,7 @@ def user_login(iam_server: IamServer,
|
|
|
24
24
|
Build the URL for redirecting the request to *iam_server*'s authentication page.
|
|
25
25
|
|
|
26
26
|
These are the expected attributes in *args*:
|
|
27
|
-
- user-id: optional, identifies the reference user (
|
|
27
|
+
- user-id: optional, identifies the reference user (alias: 'login')
|
|
28
28
|
- redirect-uri: a parameter to be added to the query part of the returned URL
|
|
29
29
|
|
|
30
30
|
If provided, the user identification will be validated against the authorization data
|
|
@@ -41,7 +41,7 @@ def user_login(iam_server: IamServer,
|
|
|
41
41
|
result: str | None = None
|
|
42
42
|
|
|
43
43
|
# obtain the optional user's identification
|
|
44
|
-
user_id: str = args.get("user-id") or args.get("
|
|
44
|
+
user_id: str = args.get("user-id") or args.get("login")
|
|
45
45
|
|
|
46
46
|
# build the user data
|
|
47
47
|
# ('oauth_state' is a randomly-generated string, thus 'user_data' is always a new entry)
|
|
@@ -84,7 +84,7 @@ def user_logout(iam_server: IamServer,
|
|
|
84
84
|
"""
|
|
85
85
|
Logout the user, by removing all data associating it from *iam_server*'s registry.
|
|
86
86
|
|
|
87
|
-
The user is identified by the attribute *user-id
|
|
87
|
+
The user is identified by the attribute *user-id* or "login", provided in *args*.
|
|
88
88
|
If successful, remove all data relating to the user from the *IAM* server's registry.
|
|
89
89
|
Otherwise, this operation fails silently, unless an error has ocurred.
|
|
90
90
|
|
|
@@ -94,7 +94,7 @@ def user_logout(iam_server: IamServer,
|
|
|
94
94
|
:param logger: optional logger
|
|
95
95
|
"""
|
|
96
96
|
# obtain the user's identification
|
|
97
|
-
user_id: str = args.get("user-id") or args.get("
|
|
97
|
+
user_id: str = args.get("user-id") or args.get("login")
|
|
98
98
|
|
|
99
99
|
if user_id:
|
|
100
100
|
with _iam_lock:
|
|
@@ -115,19 +115,19 @@ def user_token(iam_server: IamServer,
|
|
|
115
115
|
"""
|
|
116
116
|
Retrieve the authentication token for the user, from *iam_server*.
|
|
117
117
|
|
|
118
|
-
The user is identified by the attribute *user-id
|
|
118
|
+
The user is identified by the attribute *user-id* or *login*, provided in *args*.
|
|
119
119
|
|
|
120
120
|
:param iam_server: the reference registered *IAM* server
|
|
121
121
|
:param args: the arguments passed when requesting the service
|
|
122
122
|
:param errors: incidental error messages
|
|
123
123
|
:param logger: optional logger
|
|
124
|
-
:return: the token for
|
|
124
|
+
:return: the token for user indicated, or *None* if error
|
|
125
125
|
"""
|
|
126
126
|
# initialize the return variable
|
|
127
127
|
result: str | None = None
|
|
128
128
|
|
|
129
129
|
# obtain the user's identification
|
|
130
|
-
user_id: str = args.get("user-id") or args.get("
|
|
130
|
+
user_id: str = args.get("user-id") or args.get("login")
|
|
131
131
|
|
|
132
132
|
err_msg: str | None = None
|
|
133
133
|
if user_id:
|
|
@@ -272,7 +272,7 @@ def token_exchange(iam_server: IamServer,
|
|
|
272
272
|
Request *iam_server* to issue a token in exchange for the token obtained from another *IAM* server.
|
|
273
273
|
|
|
274
274
|
The expected parameters in *args* are:
|
|
275
|
-
- user-id: identification for the reference user (
|
|
275
|
+
- user-id: identification for the reference user (alias: 'login')
|
|
276
276
|
- token: the token to be exchanged
|
|
277
277
|
|
|
278
278
|
The typical data set returned contains the following attributes:
|
|
@@ -294,10 +294,10 @@ def token_exchange(iam_server: IamServer,
|
|
|
294
294
|
result: dict[str, Any] | None = None
|
|
295
295
|
|
|
296
296
|
# obtain the user's identification
|
|
297
|
-
user_id: str = args.get("user-id") or args.get("
|
|
297
|
+
user_id: str = args.get("user-id") or args.get("login")
|
|
298
298
|
|
|
299
|
-
# obtain the token to be
|
|
300
|
-
token: str = args.get("token")
|
|
299
|
+
# obtain the token to be exchanged
|
|
300
|
+
token: str = args.get("access-token")
|
|
301
301
|
|
|
302
302
|
if user_id and token:
|
|
303
303
|
# HAZARD: only 'IAM_KEYCLOAK' is currently supported
|
|
@@ -421,12 +421,13 @@ def __post_for_token(iam_server: IamServer,
|
|
|
421
421
|
data=body_data)
|
|
422
422
|
if response.status_code == 200:
|
|
423
423
|
# request succeeded
|
|
424
|
-
if logger:
|
|
425
|
-
logger.debug(msg=f"POST success, status {response.status_code}")
|
|
426
424
|
result = response.json()
|
|
425
|
+
if logger:
|
|
426
|
+
logger.debug(msg=f"POST success, {json.dumps(obj=result,
|
|
427
|
+
ensure_ascii=False)}")
|
|
427
428
|
else:
|
|
428
429
|
# request resulted in error
|
|
429
|
-
err_msg = f"POST failure, status {response.status_code}, reason
|
|
430
|
+
err_msg = f"POST failure, status {response.status_code}, reason {response.reason}"
|
|
430
431
|
if hasattr(response, "content") and response.content:
|
|
431
432
|
err_msg += f", content '{response.content}'"
|
|
432
433
|
if logger:
|
|
@@ -502,7 +503,8 @@ def __validate_and_store(iam_server: IamServer,
|
|
|
502
503
|
users: dict[str, dict[str, Any]] = _get_iam_users(iam_server=iam_server,
|
|
503
504
|
errors=errors,
|
|
504
505
|
logger=logger)
|
|
505
|
-
|
|
506
|
+
# must test with 'not errors'
|
|
507
|
+
if not errors:
|
|
506
508
|
user_id: str = login_id if login_id else claims["payload"][recipient_attr]
|
|
507
509
|
users[user_id] = user_data
|
|
508
510
|
result = (user_id, token)
|
|
@@ -33,7 +33,7 @@ def service_login() -> Response:
|
|
|
33
33
|
Entry point for the IAM server's login service.
|
|
34
34
|
|
|
35
35
|
These are the expected request parameters:
|
|
36
|
-
- user-id: optional, identifies the reference user (
|
|
36
|
+
- user-id: optional, identifies the reference user (alias: 'login')
|
|
37
37
|
- redirect-uri: a parameter to be added to the query part of the returned URL
|
|
38
38
|
|
|
39
39
|
If provided, the user identification will be validated against the authorization data
|
|
@@ -85,7 +85,7 @@ def service_logout() -> Response:
|
|
|
85
85
|
"""
|
|
86
86
|
Entry point for the JusBR logout service.
|
|
87
87
|
|
|
88
|
-
The user is identified by the attribute *user-id
|
|
88
|
+
The user is identified by the attribute *user-id* or "login", provided as a request parameter.
|
|
89
89
|
If successful, remove all data relating to the user from the *IAM* server's registry.
|
|
90
90
|
Otherwise, this operation fails silently, unless an error has ocurred.
|
|
91
91
|
|
|
@@ -142,7 +142,7 @@ def service_callback() -> Response:
|
|
|
142
142
|
On success, the returned *Response* will contain the following JSON:
|
|
143
143
|
{
|
|
144
144
|
"user-id": <reference-user-identification>,
|
|
145
|
-
"token": <token>
|
|
145
|
+
"access-token": <token>
|
|
146
146
|
}
|
|
147
147
|
|
|
148
148
|
:return: *Response* containing the reference user identification and the token, or *BAD REQUEST*
|
|
@@ -170,7 +170,7 @@ def service_callback() -> Response:
|
|
|
170
170
|
result.status_code = 400
|
|
171
171
|
else:
|
|
172
172
|
result = jsonify({"user-id": token_data[0],
|
|
173
|
-
"token": token_data[1]})
|
|
173
|
+
"access-token": token_data[1]})
|
|
174
174
|
# log the response
|
|
175
175
|
if __IAM_LOGGER:
|
|
176
176
|
__IAM_LOGGER.debug(msg=f"Response {result}, {result.get_data(as_text=True)}")
|
|
@@ -186,12 +186,12 @@ def service_token() -> Response:
|
|
|
186
186
|
"""
|
|
187
187
|
Entry point for retrieving a token from the *IAM* server.
|
|
188
188
|
|
|
189
|
-
The user is identified by the attribute *user-id
|
|
189
|
+
The user is identified by the attribute *user-id* or "login", provided as a request parameter.
|
|
190
190
|
|
|
191
191
|
On success, the returned *Response* will contain the following JSON:
|
|
192
192
|
{
|
|
193
193
|
"user-id": <reference-user-identification>,
|
|
194
|
-
"token": <token>
|
|
194
|
+
"access-token": <token>
|
|
195
195
|
}
|
|
196
196
|
|
|
197
197
|
:return: *Response* containing the user reference identification and the token, or *BAD REQUEST*
|
|
@@ -202,7 +202,7 @@ def service_token() -> Response:
|
|
|
202
202
|
|
|
203
203
|
# obtain the user's identification
|
|
204
204
|
args: dict[str, Any] = request.args
|
|
205
|
-
user_id: str = args.get("user-id") or args.get("
|
|
205
|
+
user_id: str = args.get("user-id") or args.get("login")
|
|
206
206
|
|
|
207
207
|
errors: list[str] = []
|
|
208
208
|
token: str | None = None
|
|
@@ -231,7 +231,7 @@ def service_token() -> Response:
|
|
|
231
231
|
result.status_code = 400
|
|
232
232
|
else:
|
|
233
233
|
result = jsonify({"user-id": user_id,
|
|
234
|
-
"token": token})
|
|
234
|
+
"access-token": token})
|
|
235
235
|
# log the response
|
|
236
236
|
if __IAM_LOGGER:
|
|
237
237
|
__IAM_LOGGER.debug(msg=f"Response {result}, {result.get_data(as_text=True)}")
|
|
@@ -247,8 +247,8 @@ def service_exchange() -> Response:
|
|
|
247
247
|
|
|
248
248
|
This is currently limited to the *KEYCLOAK* server. The token itself is stored in *KEYCLOAK*'s registry.
|
|
249
249
|
The expected request parameters are:
|
|
250
|
-
- user-id: identification for the reference user (
|
|
251
|
-
- token: the token to be exchanged
|
|
250
|
+
- user-id: identification for the reference user (alias: 'login')
|
|
251
|
+
- access-token: the token to be exchanged
|
|
252
252
|
|
|
253
253
|
If the exchange is successful, the token data is stored in the *IAM* server's registry, and returned.
|
|
254
254
|
Otherwise, *errors* will contain the appropriate error message.
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|