pypomes-jwt 1.1.1__tar.gz → 1.1.2__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of pypomes-jwt might be problematic. Click here for more details.
- {pypomes_jwt-1.1.1 → pypomes_jwt-1.1.2}/PKG-INFO +1 -1
- {pypomes_jwt-1.1.1 → pypomes_jwt-1.1.2}/pyproject.toml +1 -1
- {pypomes_jwt-1.1.1 → pypomes_jwt-1.1.2}/src/pypomes_jwt/jwt_configuration.py +8 -8
- {pypomes_jwt-1.1.1 → pypomes_jwt-1.1.2}/src/pypomes_jwt/jwt_pomes.py +15 -19
- {pypomes_jwt-1.1.1 → pypomes_jwt-1.1.2}/src/pypomes_jwt/jwt_registry.py +30 -32
- {pypomes_jwt-1.1.1 → pypomes_jwt-1.1.2}/.gitignore +0 -0
- {pypomes_jwt-1.1.1 → pypomes_jwt-1.1.2}/LICENSE +0 -0
- {pypomes_jwt-1.1.1 → pypomes_jwt-1.1.2}/README.md +0 -0
- {pypomes_jwt-1.1.1 → pypomes_jwt-1.1.2}/src/pypomes_jwt/__init__.py +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: pypomes_jwt
|
|
3
|
-
Version: 1.1.
|
|
3
|
+
Version: 1.1.2
|
|
4
4
|
Summary: A collection of Python pomes, penyeach (JWT module)
|
|
5
5
|
Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-JWT
|
|
6
6
|
Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-JWT/issues
|
|
@@ -74,12 +74,12 @@ class JwtDbConfig(Enum):
|
|
|
74
74
|
|
|
75
75
|
# define and validate the database engine
|
|
76
76
|
# noinspection PyTypeChecker
|
|
77
|
-
if not db_setup(engine=
|
|
78
|
-
db_name=JwtDbConfig.NAME,
|
|
79
|
-
db_user=JwtDbConfig.USER,
|
|
80
|
-
db_pwd=JwtDbConfig.PWD,
|
|
81
|
-
db_host=JwtDbConfig.HOST,
|
|
82
|
-
db_port=JwtDbConfig.PORT,
|
|
83
|
-
db_client=JwtDbConfig.CLIENT,
|
|
84
|
-
db_driver=JwtDbConfig.DRIVER):
|
|
77
|
+
if not db_setup(engine=JwtDbConfig.ENGINE.value,
|
|
78
|
+
db_name=JwtDbConfig.NAME.value,
|
|
79
|
+
db_user=JwtDbConfig.USER.value,
|
|
80
|
+
db_pwd=JwtDbConfig.PWD.value,
|
|
81
|
+
db_host=JwtDbConfig.HOST.value,
|
|
82
|
+
db_port=JwtDbConfig.PORT.value,
|
|
83
|
+
db_client=JwtDbConfig.CLIENT.value,
|
|
84
|
+
db_driver=JwtDbConfig.DRIVER.value):
|
|
85
85
|
stderr.write("Invalid database parameters\n")
|
|
@@ -75,8 +75,8 @@ def jwt_assert_account(account_id: str) -> bool:
|
|
|
75
75
|
|
|
76
76
|
def jwt_set_account(account_id: str,
|
|
77
77
|
claims: dict[str, Any],
|
|
78
|
-
access_max_age: int = JwtConfig.ACCESS_MAX_AGE,
|
|
79
|
-
refresh_max_age: int = JwtConfig.REFRESH_MAX_AGE,
|
|
78
|
+
access_max_age: int = JwtConfig.ACCESS_MAX_AGE.value,
|
|
79
|
+
refresh_max_age: int = JwtConfig.REFRESH_MAX_AGE.value,
|
|
80
80
|
grace_interval: int = None,
|
|
81
81
|
logger: Logger = None) -> None:
|
|
82
82
|
"""
|
|
@@ -177,15 +177,13 @@ def jwt_validate_token(errors: list[str] | None,
|
|
|
177
177
|
elif token_kid and len(token_kid) > 1 and \
|
|
178
178
|
token_kid[0:1] in ["A", "R"] and token_kid[1:].isdigit():
|
|
179
179
|
# token was likely issued locally
|
|
180
|
-
where_data: dict[str, Any] = {
|
|
181
|
-
str(JwtDbConfig.COL_KID): int(token_kid[1:])
|
|
182
|
-
}
|
|
180
|
+
where_data: dict[str, Any] = {JwtDbConfig.COL_KID.value: int(token_kid[1:])}
|
|
183
181
|
if account_id:
|
|
184
|
-
where_data[
|
|
182
|
+
where_data[JwtDbConfig.COL_ACCOUNT.value] = account_id
|
|
185
183
|
recs: list[tuple[str]] = db_select(errors=op_errors,
|
|
186
|
-
sel_stmt=f"SELECT {JwtDbConfig.COL_ALGORITHM}, "
|
|
187
|
-
f"{JwtDbConfig.COL_DECODER} "
|
|
188
|
-
f"FROM {JwtDbConfig.TABLE}",
|
|
184
|
+
sel_stmt=f"SELECT {JwtDbConfig.COL_ALGORITHM.value}, "
|
|
185
|
+
f"{JwtDbConfig.COL_DECODER.value} "
|
|
186
|
+
f"FROM {JwtDbConfig.TABLE.value}",
|
|
189
187
|
where_data=where_data,
|
|
190
188
|
logger=logger)
|
|
191
189
|
if recs:
|
|
@@ -199,10 +197,8 @@ def jwt_validate_token(errors: list[str] | None,
|
|
|
199
197
|
logger.error(msg="Token not in the database")
|
|
200
198
|
op_errors.append("Invalid token")
|
|
201
199
|
else:
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
# noinspection PyTypeChecker
|
|
205
|
-
token_decoder = JwtConfig.DECODING_KEY
|
|
200
|
+
token_alg = JwtConfig.DEFAULT_ALGORITHM.value
|
|
201
|
+
token_decoder = JwtConfig.DECODING_KEY.value
|
|
206
202
|
|
|
207
203
|
# validate the token
|
|
208
204
|
if not op_errors:
|
|
@@ -282,10 +278,10 @@ def jwt_revoke_token(errors: list[str] | None,
|
|
|
282
278
|
op_errors.append("Invalid token")
|
|
283
279
|
else:
|
|
284
280
|
db_delete(errors=op_errors,
|
|
285
|
-
delete_stmt=f"DELETE FROM {JwtDbConfig.TABLE}",
|
|
281
|
+
delete_stmt=f"DELETE FROM {JwtDbConfig.TABLE.value}",
|
|
286
282
|
where_data={
|
|
287
|
-
|
|
288
|
-
|
|
283
|
+
JwtDbConfig.COL_KID.value: int(token_kid[1:]),
|
|
284
|
+
JwtDbConfig.COL_ACCOUNT.value: account_id
|
|
289
285
|
},
|
|
290
286
|
logger=logger)
|
|
291
287
|
if op_errors:
|
|
@@ -456,10 +452,10 @@ def jwt_refresh_tokens(errors: list[str] | None,
|
|
|
456
452
|
if db_conn:
|
|
457
453
|
# delete current refresh token
|
|
458
454
|
db_delete(errors=op_errors,
|
|
459
|
-
delete_stmt=f"DELETE FROM {JwtDbConfig.TABLE}",
|
|
455
|
+
delete_stmt=f"DELETE FROM {JwtDbConfig.TABLE.value}",
|
|
460
456
|
where_data={
|
|
461
|
-
|
|
462
|
-
|
|
457
|
+
JwtDbConfig.COL_KID.value: int(token_kid[1:]),
|
|
458
|
+
JwtDbConfig.COL_ACCOUNT.value: account_id
|
|
463
459
|
},
|
|
464
460
|
connection=db_conn,
|
|
465
461
|
committable=False,
|
|
@@ -139,8 +139,8 @@ class JwtRegistry:
|
|
|
139
139
|
|
|
140
140
|
# remove from database
|
|
141
141
|
db_delete(errors=None,
|
|
142
|
-
delete_stmt=f"DELETE FROM {JwtDbConfig.
|
|
143
|
-
where_data={
|
|
142
|
+
delete_stmt=f"DELETE FROM {JwtDbConfig.value}",
|
|
143
|
+
where_data={JwtDbConfig.COL_ACCOUNT.value: account_id},
|
|
144
144
|
logger=logger)
|
|
145
145
|
if logger:
|
|
146
146
|
if account_data:
|
|
@@ -214,8 +214,8 @@ class JwtRegistry:
|
|
|
214
214
|
tz=timezone.utc).isoformat()
|
|
215
215
|
# may raise an exception
|
|
216
216
|
return jwt.encode(payload=current_claims,
|
|
217
|
-
key=JwtConfig.ENCODING_KEY,
|
|
218
|
-
algorithm=JwtConfig.DEFAULT_ALGORITHM,
|
|
217
|
+
key=JwtConfig.ENCODING_KEY.value,
|
|
218
|
+
algorithm=JwtConfig.DEFAULT_ALGORITHM.value,
|
|
219
219
|
headers={"kid": nature})
|
|
220
220
|
|
|
221
221
|
def issue_tokens(self,
|
|
@@ -275,8 +275,8 @@ class JwtRegistry:
|
|
|
275
275
|
tz=timezone.utc).isoformat()
|
|
276
276
|
# may raise an exception
|
|
277
277
|
refresh_token: str = jwt.encode(payload=current_claims,
|
|
278
|
-
key=JwtConfig.ENCODING_KEY,
|
|
279
|
-
algorithm=JwtConfig.DEFAULT_ALGORITHM,
|
|
278
|
+
key=JwtConfig.ENCODING_KEY.value,
|
|
279
|
+
algorithm=JwtConfig.DEFAULT_ALGORITHM.value,
|
|
280
280
|
headers={"kid": "R0"})
|
|
281
281
|
|
|
282
282
|
# make sure to have a database connection
|
|
@@ -291,14 +291,14 @@ class JwtRegistry:
|
|
|
291
291
|
logger=logger)
|
|
292
292
|
# issue the definitive refresh token
|
|
293
293
|
refresh_token = jwt.encode(payload=current_claims,
|
|
294
|
-
key=JwtConfig.ENCODING_KEY,
|
|
295
|
-
algorithm=JwtConfig.DEFAULT_ALGORITHM,
|
|
294
|
+
key=JwtConfig.ENCODING_KEY.value,
|
|
295
|
+
algorithm=JwtConfig.DEFAULT_ALGORITHM.value,
|
|
296
296
|
headers={"kid": f"R{token_id}"})
|
|
297
297
|
# persist it
|
|
298
298
|
db_update(errors=errors,
|
|
299
|
-
update_stmt=f"UPDATE {JwtDbConfig.TABLE}",
|
|
300
|
-
update_data={
|
|
301
|
-
where_data={
|
|
299
|
+
update_stmt=f"UPDATE {JwtDbConfig.TABLE.value}",
|
|
300
|
+
update_data={JwtDbConfig.COL_TOKEN.value: refresh_token},
|
|
301
|
+
where_data={JwtDbConfig.COL_KID.value: token_id},
|
|
302
302
|
connection=curr_conn,
|
|
303
303
|
committable=False,
|
|
304
304
|
logger=logger)
|
|
@@ -320,8 +320,8 @@ class JwtRegistry:
|
|
|
320
320
|
current_claims["exp"] = just_now + account_data.get("access-max-age")
|
|
321
321
|
# may raise an exception
|
|
322
322
|
access_token: str = jwt.encode(payload=current_claims,
|
|
323
|
-
key=JwtConfig.ENCODING_KEY,
|
|
324
|
-
algorithm=JwtConfig.DEFAULT_ALGORITHM,
|
|
323
|
+
key=JwtConfig.ENCODING_KEY.value,
|
|
324
|
+
algorithm=JwtConfig.DEFAULT_ALGORITHM.value,
|
|
325
325
|
headers={"kid": f"A{token_id}"})
|
|
326
326
|
# return the token data
|
|
327
327
|
return {
|
|
@@ -379,9 +379,9 @@ def _jwt_persist_token(account_id: str,
|
|
|
379
379
|
# noinspection PyTypeChecker
|
|
380
380
|
recs: list[tuple[int, str, str, str]] = \
|
|
381
381
|
db_select(errors=errors,
|
|
382
|
-
sel_stmt=f"SELECT {JwtDbConfig.COL_KID}, {JwtDbConfig.COL_TOKEN} "
|
|
383
|
-
f"FROM {JwtDbConfig.TABLE}",
|
|
384
|
-
where_data={
|
|
382
|
+
sel_stmt=f"SELECT {JwtDbConfig.COL_KID.value}, {JwtDbConfig.COL_TOKEN.value} "
|
|
383
|
+
f"FROM {JwtDbConfig.TABLE.value}",
|
|
384
|
+
where_data={JwtDbConfig.COL_ACCOUNT.value: account_id},
|
|
385
385
|
connection=db_conn,
|
|
386
386
|
committable=False,
|
|
387
387
|
logger=logger)
|
|
@@ -422,8 +422,8 @@ def _jwt_persist_token(account_id: str,
|
|
|
422
422
|
# remove expired tokens from persistence
|
|
423
423
|
if expired:
|
|
424
424
|
db_delete(errors=errors,
|
|
425
|
-
delete_stmt=f"DELETE FROM {JwtDbConfig.TABLE}",
|
|
426
|
-
where_data={
|
|
425
|
+
delete_stmt=f"DELETE FROM {JwtDbConfig.TABLE.value}",
|
|
426
|
+
where_data={JwtDbConfig.COL_KID.value: expired},
|
|
427
427
|
connection=db_conn,
|
|
428
428
|
committable=False,
|
|
429
429
|
logger=logger)
|
|
@@ -433,12 +433,11 @@ def _jwt_persist_token(account_id: str,
|
|
|
433
433
|
logger.debug(msg=f"{len(expired)} tokens of account "
|
|
434
434
|
f"'{account_id}' removed from storage")
|
|
435
435
|
|
|
436
|
-
|
|
437
|
-
if 0 < JwtConfig.ACCOUNT_LIMIT <= len(recs) - len(expired):
|
|
436
|
+
if 0 < JwtConfig.ACCOUNT_LIMIT.value <= len(recs) - len(expired):
|
|
438
437
|
# delete the oldest token to make way for the new one
|
|
439
438
|
db_delete(errors=errors,
|
|
440
|
-
delete_stmt=f"DELETE FROM {JwtDbConfig.TABLE}",
|
|
441
|
-
where_data={
|
|
439
|
+
delete_stmt=f"DELETE FROM {JwtDbConfig.TABLE.value}",
|
|
440
|
+
where_data={JwtDbConfig.COL_KID.value: oldest_id},
|
|
442
441
|
connection=db_conn,
|
|
443
442
|
committable=False,
|
|
444
443
|
logger=logger)
|
|
@@ -448,14 +447,13 @@ def _jwt_persist_token(account_id: str,
|
|
|
448
447
|
logger.debug(msg="Oldest active token of account "
|
|
449
448
|
f"'{account_id}' removed from storage")
|
|
450
449
|
# persist token
|
|
451
|
-
# noinspection PyTypeChecker
|
|
452
450
|
db_insert(errors=errors,
|
|
453
|
-
insert_stmt=f"INSERT INTO {JwtDbConfig.TABLE}",
|
|
451
|
+
insert_stmt=f"INSERT INTO {JwtDbConfig.TABLE.value}",
|
|
454
452
|
insert_data={
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
453
|
+
JwtDbConfig.COL_ACCOUNT.value: account_id,
|
|
454
|
+
JwtDbConfig.COL_TOKEN.value: jwt_token,
|
|
455
|
+
JwtDbConfig.COL_ALGORITHM.value: JwtConfig.DEFAULT_ALGORITHM.value,
|
|
456
|
+
JwtDbConfig.COL_DECODER.value: urlsafe_b64encode(s=JwtConfig.DECODING_KEY.value).decode()
|
|
459
457
|
},
|
|
460
458
|
connection=db_conn,
|
|
461
459
|
committable=False,
|
|
@@ -467,13 +465,13 @@ def _jwt_persist_token(account_id: str,
|
|
|
467
465
|
# HAZARD: JWT_DB_COL_TOKEN's column type might prevent it for being used in a WHERE clause
|
|
468
466
|
where_clause: str | None = None
|
|
469
467
|
if existing_ids:
|
|
470
|
-
where_clause = f"{JwtDbConfig.COL_KID} NOT IN {existing_ids}"
|
|
468
|
+
where_clause = f"{JwtDbConfig.COL_KID.value} NOT IN {existing_ids}"
|
|
471
469
|
where_clause = where_clause.replace("[", "(", 1).replace("]", ")", 1)
|
|
472
470
|
reply: list[tuple[int]] = db_select(errors=errors,
|
|
473
|
-
sel_stmt=f"SELECT {JwtDbConfig.COL_KID} "
|
|
474
|
-
f"FROM {JwtDbConfig.TABLE}",
|
|
471
|
+
sel_stmt=f"SELECT {JwtDbConfig.COL_KID.value} "
|
|
472
|
+
f"FROM {JwtDbConfig.TABLE.value}",
|
|
475
473
|
where_clause=where_clause,
|
|
476
|
-
where_data={
|
|
474
|
+
where_data={JwtDbConfig.COL_ACCOUNT.value: account_id},
|
|
477
475
|
require_count=1,
|
|
478
476
|
connection=db_conn,
|
|
479
477
|
committable=False,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|