pypomes-iam 0.5.4__tar.gz → 0.5.6__tar.gz

{pypomes_iam-0.5.4 → pypomes_iam-0.5.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_iam
-Version: 0.5.4
+Version: 0.5.6
 Summary: A collection of Python pomes, penyeach (IAM modules)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues

{pypomes_iam-0.5.4 → pypomes_iam-0.5.6}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "pypomes_iam"
-version = "0.5.4"
+version = "0.5.6"
 authors = [
   { name="GT Nunes", email="wisecoder01@gmail.com" }
 ]

{pypomes_iam-0.5.4 → pypomes_iam-0.5.6}/src/pypomes_iam/__init__.py

@@ -1,7 +1,12 @@
+from .iam_actions import (
+    action_callback, action_exchange,
+    action_login, action_logout, action_token
+)
+from .iam_common import (
+    IamServer
+)
 from .iam_pomes import (
-    IamServer,
-    login_callback, token_exchange,
-    user_login, user_logout, user_token
+    jwt_required
 )
 from .iam_services import (
      logger_register
@@ -20,10 +25,13 @@ from .token_pomes import (
 )
 
 __all__ = [
-    # iam_pomes
+    # iam_actions
+    "action_callback", "action_exchange",
+    "action_login", "action_logout", "action_token",
+    # iam_commons
     "IamServer",
-    "login_callback", "token_exchange",
-    "user_login", "user_logout", "user_token",
+    # iam_pomes
+    "jwt_required",
     # iam_services
     "logger_register",
     # jusbr_pomes

pypomes_iam-0.5.4/src/pypomes_iam/iam_pomes.py → pypomes_iam-0.5.6/src/pypomes_iam/iam_actions.py

@@ -4,7 +4,6 @@ import secrets
 import string
 import sys
 from datetime import datetime
-from flask import Request, Response, request
 from logging import Logger
 from pypomes_core import TZ_LOCAL, exc_format
 from typing import Any
@@ -12,32 +11,15 @@ from typing import Any
 from .iam_common import (
     IamServer, _iam_lock,
     _get_iam_users, _get_iam_registry,  # _get_public_key,
-    _get_login_timeout, _get_user_data, _iam_server_from_issuer
+    _get_login_timeout, _get_user_data
 )
-from .token_pomes import token_get_claims, token_validate
+from .token_pomes import token_validate
 
 
-def jwt_required(func: callable) -> callable:
-    """
-    Create a decorator to authenticate service endpoints with JWT tokens.
-
-    :param func: the function being decorated
-    """
-    # ruff: noqa: ANN003 - Missing type annotation for *{name}
-    def wrapper(*args, **kwargs) -> Response:
-        response: Response = __request_validate(request=request)
-        return response if response else func(*args, **kwargs)
-
-    # prevent a rogue error ("View function mapping is overwriting an existing endpoint function")
-    wrapper.__name__ = func.__name__
-
-    return wrapper
-
-
-def user_login(iam_server: IamServer,
-               args: dict[str, Any],
-               errors: list[str] = None,
-               logger: Logger = None) -> str:
+def action_login(iam_server: IamServer,
+                 args: dict[str, Any],
+                 errors: list[str] = None,
+                 logger: Logger = None) -> str:
     """
     Build the URL for redirecting the request to *iam_server*'s authentication page.
 
@@ -95,10 +77,10 @@ def user_login(iam_server: IamServer,
     return result
 
 
-def user_logout(iam_server: IamServer,
-                args: dict[str, Any],
-                errors: list[str] = None,
-                logger: Logger = None) -> None:
+def action_logout(iam_server: IamServer,
+                  args: dict[str, Any],
+                  errors: list[str] = None,
+                  logger: Logger = None) -> None:
     """
     Logout the user, by removing all data associating it from *iam_server*'s registry.
 
@@ -126,10 +108,10 @@ def user_logout(iam_server: IamServer,
                     logger.debug(msg=f"User '{user_id}' removed from {iam_server}'s registry")
 
 
-def user_token(iam_server: IamServer,
-               args: dict[str, Any],
-               errors: list[str] = None,
-               logger: Logger = None) -> str:
+def action_token(iam_server: IamServer,
+                 args: dict[str, Any],
+                 errors: list[str] = None,
+                 logger: Logger = None) -> str:
     """
     Retrieve the authentication token for the user, from *iam_server*.
 
@@ -212,10 +194,10 @@ def user_token(iam_server: IamServer,
     return result
 
 
-def login_callback(iam_server: IamServer,
-                   args: dict[str, Any],
-                   errors: list[str] = None,
-                   logger: Logger = None) -> tuple[str, str] | None:
+def action_callback(iam_server: IamServer,
+                    args: dict[str, Any],
+                    errors: list[str] = None,
+                    logger: Logger = None) -> tuple[str, str] | None:
     """
     Entry point for the callback from *iam_server* via the front-end application, on authentication operations.
 
@@ -282,10 +264,10 @@ def login_callback(iam_server: IamServer,
     return result
 
 
-def token_exchange(iam_server: IamServer,
-                   args: dict[str, Any],
-                   errors: list[str] = None,
-                   logger: Logger = None) -> dict[str, Any]:
+def action_exchange(iam_server: IamServer,
+                    args: dict[str, Any],
+                    errors: list[str] = None,
+                    logger: Logger = None) -> dict[str, Any]:
     """
     Request *iam_server* to issue a token in exchange for the token obtained from another *IAM* server.
 
@@ -357,63 +339,6 @@ def token_exchange(iam_server: IamServer,
     return result
 
 
-def __request_validate(request: Request) -> Response:
-    """
-    Verify whether the HTTP *request* has the proper authorization, as per the JWT standard.
-
-    This implementation assumes that HTTP requests are handled with the *Flask* framework.
-
-    :param request: the *request* to be verified
-    :return: *None* if the *request* is valid, otherwise a *Response* reporting the error
-    """
-    # initialize the return variable
-    result: Response | None = None
-
-    # retrieve the authorization from the request header
-    auth_header: str = request.headers.get("Authorization")
-
-    # validate the authorization token
-    bad_token: bool = True
-    if auth_header and auth_header.startswith("Bearer "):
-        # extract and validate the JWT access token
-        token: str = auth_header.split(" ")[1]
-        claims: dict[str, Any] = token_get_claims(token=token)
-        if claims:
-            issuer: str = claims["payload"].get("iss")
-            recipient_attr: str | None = None
-            recipient_id: str = request.values.get("user-id") or request.values.get("login")
-            with _iam_lock:
-                iam_server: IamServer = _iam_server_from_issuer(issuer=issuer,
-                                                                errors=None,
-                                                                logger=None)
-                # public_key: str = _get_public_key(iam_server=iam_server,
-                #                                   errors=errors,
-                #                                   logger=logger)
-                public_key = None
-
-                # validate the token's recipient only if a user identification is provided
-                if recipient_id:
-                    registry: dict[str, Any] = _get_iam_registry(iam_server=iam_server,
-                                                                 errors=None,
-                                                                 logger=None)
-                    recipient_attr = registry["recipient-attr"]
-
-            # validate the token
-            if token_validate(token=token,
-                              issuer=issuer,
-                              recipient_id=recipient_id,
-                              recipient_attr=recipient_attr,
-                              public_key=public_key):
-                # token is valid
-                bad_token = False
-
-    # deny the authorization
-    if bad_token:
-        result = Response(response="Authorization failed",
-                          status=401)
-    return result
-
-
 def __post_for_token(iam_server: IamServer,
                      body_data: dict[str, Any],
                      errors: list[str] | None,

{pypomes_iam-0.5.4 → pypomes_iam-0.5.6}/src/pypomes_iam/iam_common.py

@@ -50,7 +50,7 @@ class IamServer(StrEnum):
 # }
 _IAM_SERVERS: Final[dict[IamServer, dict[str, Any]]] = {}
 
-# the lock protecting the data in '_IAM_SERVER'
+# the lock protecting the data in '_IAM_SERVERS'
 # (because it is 'Final' and set at declaration time, it can be accessed through simple imports)
 _iam_lock: Final[RLock] = RLock()
 

pypomes_iam-0.5.6/src/pypomes_iam/iam_pomes.py

@@ -0,0 +1,82 @@
+from flask import Request, Response, request
+from typing import Any
+
+from .iam_common import (
+    IamServer, _iam_lock, _get_iam_registry,
+    _iam_server_from_issuer  # _get_public_key
+)
+from .token_pomes import token_get_claims, token_validate
+
+
+def jwt_required(func: callable) -> callable:
+    """
+    Create a decorator to authenticate service endpoints with JWT tokens.
+
+    :param func: the function being decorated
+    """
+    # ruff: noqa: ANN003 - Missing type annotation for *{name}
+    def wrapper(*args, **kwargs) -> Response:
+        response: Response = __request_validate(request=request)
+        return response if response else func(*args, **kwargs)
+
+    # prevent a rogue error ("View function mapping is overwriting an existing endpoint function")
+    wrapper.__name__ = func.__name__
+
+    return wrapper
+
+
+def __request_validate(request: Request) -> Response:
+    """
+    Verify whether the HTTP *request* has the proper authorization, as per the JWT standard.
+
+    This implementation assumes that HTTP requests are handled with the *Flask* framework.
+
+    :param request: the *request* to be verified
+    :return: *None* if the *request* is valid, otherwise a *Response* reporting the error
+    """
+    # initialize the return variable
+    result: Response | None = None
+
+    # retrieve the authorization from the request header
+    auth_header: str = request.headers.get("Authorization")
+
+    # validate the authorization token
+    bad_token: bool = True
+    if auth_header and auth_header.startswith("Bearer "):
+        # extract and validate the JWT access token
+        token: str = auth_header.split(" ")[1]
+        claims: dict[str, Any] = token_get_claims(token=token)
+        if claims:
+            issuer: str = claims["payload"].get("iss")
+            recipient_attr: str | None = None
+            recipient_id: str = request.values.get("user-id") or request.values.get("login")
+            with _iam_lock:
+                iam_server: IamServer = _iam_server_from_issuer(issuer=issuer,
+                                                                errors=None,
+                                                                logger=None)
+                # public_key: str = _get_public_key(iam_server=iam_server,
+                #                                   errors=errors,
+                #                                   logger=logger)
+                public_key = None
+
+                # validate the token's recipient only if a user identification is provided
+                if recipient_id:
+                    registry: dict[str, Any] = _get_iam_registry(iam_server=iam_server,
+                                                                 errors=None,
+                                                                 logger=None)
+                    recipient_attr = registry["recipient-attr"]
+
+            # validate the token
+            if token_validate(token=token,
+                              issuer=issuer,
+                              recipient_id=recipient_id,
+                              recipient_attr=recipient_attr,
+                              public_key=public_key):
+                # token is valid
+                bad_token = False
+
+    # deny the authorization
+    if bad_token:
+        result = Response(response="Authorization failed",
+                          status=401)
+    return result

{pypomes_iam-0.5.4 → pypomes_iam-0.5.6}/src/pypomes_iam/iam_services.py

@@ -4,9 +4,9 @@ from logging import Logger
 from typing import Any
 
 from .iam_common import IamServer, _iam_lock, _iam_server_from_endpoint
-from .iam_pomes import (
-    user_login, user_logout,
-    user_token, token_exchange, login_callback
+from .iam_actions import (
+    action_login, action_logout,
+    action_token, action_exchange, action_callback
 )
 
 # the logger for IAM service operations
@@ -60,10 +60,10 @@ def service_login() -> Response:
                                                           logger=__IAM_LOGGER)
         if iam_server:
             # obtain the login URL
-            login_url: str = user_login(iam_server=iam_server,
-                                        args=request.args,
-                                        errors=errors,
-                                        logger=__IAM_LOGGER)
+            login_url: str = action_login(iam_server=iam_server,
+                                          args=request.args,
+                                          errors=errors,
+                                          logger=__IAM_LOGGER)
             if login_url:
                 result = jsonify({"login-url": login_url})
     if errors:
@@ -106,10 +106,10 @@ def service_logout() -> Response:
                                                           logger=__IAM_LOGGER)
         if iam_server:
             # logout the user
-            user_logout(iam_server=iam_server,
-                        args=request.args,
-                        errors=errors,
-                        logger=__IAM_LOGGER)
+            action_logout(iam_server=iam_server,
+                          args=request.args,
+                          errors=errors,
+                          logger=__IAM_LOGGER)
     if errors:
         result = Response(response="; ".join(errors),
                           status=400)
@@ -160,10 +160,10 @@ def service_callback() -> Response:
                                                           logger=__IAM_LOGGER)
         if iam_server:
             # process the callback operation
-            token_data = login_callback(iam_server=iam_server,
-                                        args=request.args,
-                                        errors=errors,
-                                        logger=__IAM_LOGGER)
+            token_data = action_callback(iam_server=iam_server,
+                                         args=request.args,
+                                         errors=errors,
+                                         logger=__IAM_LOGGER)
     result: Response
     if errors:
         result = jsonify({"errors": "; ".join(errors)})
@@ -215,10 +215,10 @@ def service_token() -> Response:
             if iam_server:
                 # retrieve the token
                 errors: list[str] = []
-                token: str = user_token(iam_server=iam_server,
-                                        args=args,
-                                        errors=errors,
-                                        logger=__IAM_LOGGER)
+                token: str = action_token(iam_server=iam_server,
+                                          args=args,
+                                          errors=errors,
+                                          logger=__IAM_LOGGER)
     else:
         msg: str = "User identification not provided"
         errors.append(msg)
@@ -278,10 +278,10 @@ def service_exchange() -> Response:
         token_data: dict[str, Any] | None = None
         if iam_server:
             errors: list[str] = []
-            token_data = token_exchange(iam_server=iam_server,
-                                        args=request.args,
-                                        errors=errors,
-                                        logger=__IAM_LOGGER)
+            token_data = action_exchange(iam_server=iam_server,
+                                         args=request.args,
+                                         errors=errors,
+                                         logger=__IAM_LOGGER)
     result: Response
     if errors:
         result = Response(response="; ".join(errors),

{pypomes_iam-0.5.4 → pypomes_iam-0.5.6}/src/pypomes_iam/jusbr_pomes.py

@@ -7,7 +7,7 @@ from pypomes_core import (
 from typing import Any, Final
 
 from .iam_common import _IAM_SERVERS, IamServer, _iam_lock
-from .iam_pomes import user_token
+from .iam_actions import action_token
 
 JUSBR_CLIENT_ID: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_CLIENT_ID")
 JUSBR_CLIENT_SECRET: Final[str] = env_get_str(key=f"{APP_PREFIX}_JUSBR_CLIENT_SECRET")
@@ -118,8 +118,8 @@ def jusbr_get_token(user_id: str,
     # retrieve the token
     args: dict[str, Any] = {"user-id": user_id}
     with _iam_lock:
-        result = user_token(iam_server=IamServer.IAM_JUSRBR,
-                            args=args,
-                            errors=errors,
-                            logger=logger)
+        result = action_token(iam_server=IamServer.IAM_JUSRBR,
+                              args=args,
+                              errors=errors,
+                              logger=logger)
     return result

{pypomes_iam-0.5.4 → pypomes_iam-0.5.6}/src/pypomes_iam/keycloak_pomes.py

@@ -7,7 +7,7 @@ from pypomes_core import (
 from typing import Any, Final
 
 from .iam_common import _IAM_SERVERS, IamServer, _iam_lock
-from .iam_pomes import user_token
+from .iam_actions import action_token
 
 KEYCLOAK_CLIENT_ID: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_CLIENT_ID")
 KEYCLOAK_CLIENT_SECRET: Final[str] = env_get_str(key=f"{APP_PREFIX}_KEYCLOAK_CLIENT_SECRET")
@@ -129,8 +129,8 @@ def keycloak_get_token(user_id: str,
     # retrieve the token
     args: dict[str, Any] = {"user-id": user_id}
     with _iam_lock:
-        result = user_token(iam_server=IamServer.IAM_KEYCLOAK,
-                            args=args,
-                            errors=errors,
-                            logger=logger)
+        result = action_token(iam_server=IamServer.IAM_KEYCLOAK,
+                              args=args,
+                              errors=errors,
+                              logger=logger)
     return result

{pypomes_iam-0.5.4 → pypomes_iam-0.5.6}/src/pypomes_iam/provider_pomes.py

@@ -5,7 +5,7 @@ from base64 import b64encode
 from datetime import datetime
 from logging import Logger
 from pypomes_core import TZ_LOCAL, exc_format
-from threading import RLock
+from threading import Lock
 from typing import Any, Final
 
 # structure:
@@ -25,7 +25,7 @@ _provider_registry: Final[dict[str, dict[str, Any]]] = {}
 
 # the lock protecting the data in '_provider_registry'
 # (because it is 'Final' and set at declaration time, it can be accessed through simple imports)
-_provider_lock: Final[RLock] = RLock()
+_provider_lock: Final[Lock] = Lock()
 
 
 def provider_register(provider_id: str,
@@ -133,7 +133,7 @@ def provider_get_token(provider_id: str,
                         provider["access-token"] = reply.get("access_token")
                         provider["access-expiration"] = now + int(reply.get("expires_in"))
                         if reply.get("refresh_token"):
-                            provider["refresh-token"] = reply["refesh_token"]
+                            provider["refresh-token"] = reply["refresh_token"]
                             if reply.get("refresh_expires_in"):
                                 provider["refresh-expiration"] = now + int(reply.get("refresh_expires_in"))
                             else: