pypomes-jwt 1.3.7__tar.gz → 1.3.9__tar.gz

{pypomes_jwt-1.3.7 → pypomes_jwt-1.3.9}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_jwt
-Version: 1.3.7
+Version: 1.3.9
 Summary: A collection of Python pomes, penyeach (JWT module)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-JWT
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-JWT/issues
@@ -10,7 +10,8 @@ Classifier: License :: OSI Approved :: MIT License
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python :: 3
 Requires-Python: >=3.12
-Requires-Dist: cryptography>=46.0.2
+Requires-Dist: cryptography>=46.0.3
 Requires-Dist: flask>=3.1.2
 Requires-Dist: pyjwt>=2.10.1
-Requires-Dist: pypomes-core>=2.7.6
+Requires-Dist: pypomes-core>=2.7.8
+Requires-Dist: pypomes-db>=2.8.1

{pypomes_jwt-1.3.7 → pypomes_jwt-1.3.9}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "pypomes_jwt"
-version = "1.3.7"
+version = "1.3.9"
 authors = [
   { name="GT Nunes", email="wisecoder01@gmail.com" }
 ]
@@ -19,11 +19,11 @@ classifiers = [
     "Operating System :: OS Independent"
 ]
 dependencies = [
-    "cryptography>=46.0.2",
+    "cryptography>=46.0.3",
     "Flask>=3.1.2",
     "PyJWT>=2.10.1",
-    "pypomes_core>=2.7.6"
-    # "pypomes_db>=2.7.6"
+    "pypomes_core>=2.7.8",
+    "pypomes_db>=2.8.1"
 ]
 
 [project.urls]

{pypomes_jwt-1.3.7 → pypomes_jwt-1.3.9}/src/pypomes_jwt/__init__.py

@@ -7,20 +7,15 @@ from .jwt_pomes import (
     jwt_issue_token, jwt_issue_tokens, jwt_refresh_tokens,
     jwt_get_claims, jwt_validate_token, jwt_revoke_token
 )
-from .jwt_providers import (
-    provider_register, provider_get_token
-)
 
 __all__ = [
-    # jwt_constants
+    # jwt_config
     "JwtConfig", "JwtDbConfig", "JwtAlgorithm",
     # jwt_pomes
     "jwt_needed", "jwt_verify_request",
     "jwt_assert_account", "jwt_set_account", "jwt_remove_account",
     "jwt_issue_token", "jwt_issue_tokens", "jwt_refresh_tokens",
-    "jwt_get_claims", "jwt_validate_token", "jwt_revoke_token",
-    # jwt_providers
-    "provider_register", "provider_get_token"
+    "jwt_get_claims", "jwt_validate_token", "jwt_revoke_token"
 ]
 
 from importlib.metadata import version

{pypomes_jwt-1.3.7 → pypomes_jwt-1.3.9}/src/pypomes_jwt/jwt_config.py

@@ -66,7 +66,7 @@ del _encoding_key
 del _default_algorithm
 
 
-# database access is not be necessary, if handling only externally provided JWT tokens
+# database access is not be necessary, if only handling externally provided JWT tokens
 class JwtDbConfig(StrEnum):
     """
     Parameters for JWT database connection.

{pypomes_jwt-1.3.7 → pypomes_jwt-1.3.9}/src/pypomes_jwt/jwt_pomes.py

@@ -52,7 +52,7 @@ def jwt_verify_request(request: Request) -> Response:
     # validate the authorization token
     bad_token: bool = True
     if auth_header and auth_header.startswith("Bearer "):
-        # yes, extract and validate the JWT access token
+        # extract and validate the JWT access token
         token: str = auth_header.split(" ")[1]
         claims: dict[str, Any] = jwt_validate_token(token=token,
                                                     nature="A")
@@ -224,14 +224,17 @@ def jwt_validate_token(token: str,
                 #   InvalidIssuedAtError: 'iat' claim is non-numeric
                 #   MissingRequiredClaimError: a required claim is not contained in the claimset
                 payload: dict[str, Any] = jwt.decode(jwt=token,
+                                                     key=token_decoder,
+                                                     algorithms=token_alg,
                                                      options={
-                                                         "verify_signature": True,
+                                                         "require": ["iat", "iss", "exp", "sub"],
+                                                         "verify_aud": False,
                                                          "verify_exp": True,
-                                                         "verify_nbf": True
-                                                     },
-                                                     key=token_decoder,
-                                                     require=["iat", "iss", "exp", "sub"],
-                                                     algorithms=token_alg)
+                                                         "verify_iat": True,
+                                                         "verify_iss": False,
+                                                         "verify_nbf": True,
+                                                         "verify_signature": True
+                                                     })
                 if account_id and payload.get("sub") != account_id:
                     if logger:
                         logger.error(msg=f"Token does not belong to account '{account_id}'")
@@ -505,7 +508,7 @@ def jwt_refresh_tokens(account_id: str,
 
 def jwt_get_claims(token: str,
                    errors: list[str] = None,
-                   logger: Logger = None) -> dict[str, Any] | None:
+                   logger: Logger = None) -> dict[str, dict[str, Any]] | None:
     """
     Retrieve the claims set of a JWT *token*.
 
@@ -520,8 +523,6 @@ def jwt_get_claims(token: str,
           "kid": "A1234"
         },
         "payload": {
-          "valid-from": <YYYY-MM-DDThh:mm:ss+00:00>
-          "valid-until": <YYYY-MM-DDThh:mm:ss+00:00>
           "birthdate": "1980-01-01",
           "email": "jdoe@mail.com",
           "exp": 1516640454,
@@ -539,13 +540,13 @@ def jwt_get_claims(token: str,
         }
       }
 
-    :param token: the token to be inspected for claims
+    :param token: the reference token
     :param errors: incidental error messages
     :param logger: optional logger
     :return: the token's claimset, or *None* if error
     """
     # initialize the return variable
-    result: dict[str, Any] | None = None
+    result: dict[str, dict[str, Any]] | None = None
 
     if logger:
         logger.debug(msg="Retrieve claims for token")
@@ -562,7 +563,7 @@ def jwt_get_claims(token: str,
         exc_err: str = exc_format(exc=e,
                                   exc_info=sys.exc_info())
         if logger:
-            logger.error(msg=f"Error retrieving the token's claimsn: {exc_err}")
+            logger.error(msg=f"Error retrieving the token's claims: {exc_err}")
         if isinstance(errors, list):
             errors.append(exc_err)
 

pypomes_jwt-1.3.7/src/pypomes_jwt/jwt_providers.py

@@ -1,137 +0,0 @@
-import requests
-import sys
-from base64 import b64encode
-from datetime import datetime
-from logging import Logger
-from pypomes_core import TZ_LOCAL, exc_format
-from typing import Any
-
-# structure:
-# {
-#    <provider-id>: {
-#      "url": <strl>,
-#      "user": <str>,
-#      "pwd": <str>,
-#      "basic-auth": <bool>,
-#      "headers-data": <dict[str, str]>,
-#      "body-data": <dict[str, str],
-#      "token": <str>,
-#      "expiration": <timestamp>
-#    }
-# }
-_provider_registry: dict[str, dict[str, Any]] = {}
-
-
-def provider_register(provider_id: str,
-                      access_url: str,
-                      auth_user: str,
-                      auth_pwd: str,
-                      custom_auth: tuple[str, str] = None,
-                      headers_data: dict[str, str] = None,
-                      body_data: dict[str, str] = None) -> None:
-    """
-    Register an external authentication token provider.
-
-    If specified, *custom_auth* provides key names for sending credentials (username and password, in this order)
-    as key-value pairs in the body of the request. Otherwise, the external provider *provider_id* uses the standard
-    HTTP Basic Authorization scheme, wherein the credentials are B64-encoded and send in the request headers.
-
-    Optional constant key-value pairs (such as ['Content-Type', 'application/x-www-form-urlencoded']), to be
-    added to the request headers, may be specified in *headers_data*. Likewise, optional constant key-value pairs
-    (such as ['grant_type', 'client_credentials']), to be added to the request body, may be specified in *body_data*.
-
-    :param provider_id: the provider's identification
-    :param access_url: the url to request authentication tokens with
-    :param auth_user: the basic authorization user
-    :param auth_pwd: the basic authorization password
-    :param custom_auth: optional key names for sending the credentials as key-value pairs in the body of the request
-    :param headers_data: optional key-value pairs to be added to the request headers
-    :param body_data: optional key-value pairs to be added to the request body
-    """
-    global _provider_registry  # noqa: PLW0602
-    _provider_registry[provider_id] = {
-        "url": access_url,
-        "user": auth_user,
-        "pwd": auth_pwd,
-        "custom-auth": custom_auth,
-        "headers-data": headers_data,
-        "body-data": body_data,
-        "token": None,
-        "expiration": datetime.now(tz=TZ_LOCAL).timestamp()
-    }
-
-
-def provider_get_token(provider_id: str,
-                       errors: list[str] = None,
-                       logger: Logger = None) -> str | None:
-    """
-    Obtain an authentication token from the external provider *provider_id*.
-
-    :param provider_id: the provider's identification
-    :param errors: incidental error messages
-    :param logger: optional logger
-    """
-    # initialize the return variable
-    result: str | None = None
-
-    global _provider_registry  # noqa: PLW0602
-    err_msg: str | None = None
-    provider: dict[str, Any] = _provider_registry.get(provider_id)
-    if provider:
-        now: float = datetime.now(tz=TZ_LOCAL).timestamp()
-        if now > provider.get("expiration"):
-            user: str = provider.get("user")
-            pwd: str = provider.get("pwd")
-            headers_data: dict[str, str] = provider.get("headers-data") or {}
-            body_data: dict[str, str] = provider.get("body-data") or {}
-            custom_auth: tuple[str, str] = provider.get("custom-auth")
-            if custom_auth:
-                body_data[custom_auth[0]] = user
-                body_data[custom_auth[1]] = pwd
-            else:
-                enc_bytes: bytes = b64encode(f"{user}:{pwd}".encode())
-                headers_data["Authorization"] = f"Basic {enc_bytes.decode()}"
-            url: str = provider.get("url")
-            try:
-                # typical return on a token request:
-                # {
-                #   "token_type": "Bearer",
-                #   "access_token": <str>,
-                #   "expires_in": <number-of-seconds>,
-                #   optional data:
-                #   "refresh_token": <str>,
-                #   "refresh_expires_in": <number-of-seconds>
-                # }
-                response: requests.Response = requests.post(url=url,
-                                                            data=body_data,
-                                                            headers=headers_data,
-                                                            timeout=None)
-                if response.status_code < 200 or response.status_code >= 300:
-                    # request resulted in error, report the problem
-                    err_msg = (f"POST '{url}': failed, "
-                               f"status {response.status_code}, reason '{response.reason}'")
-                else:
-                    reply: dict[str, Any] = response.json()
-                    provider["token"] = reply.get("access_token")
-                    provider["expiration"] = now + int(reply.get("expires_in"))
-                    if logger:
-                        logger.debug(msg=f"POST '{url}': status {response.status_code}")
-            except Exception as e:
-                # the operation raised an exception
-                err_msg = exc_format(exc=e,
-                                     exc_info=sys.exc_info())
-                err_msg = f"POST '{url}': error, '{err_msg}'"
-    else:
-        err_msg: str = f"Provider '{provider_id}' not registered"
-
-    if err_msg:
-        if isinstance(errors, list):
-            errors.append(err_msg)
-        if logger:
-            logger.error(msg=err_msg)
-    else:
-        result = provider.get("token")
-
-    return result
-
-