pysportbot 0.0.19__py3-none-any.whl → 0.0.20__py3-none-any.whl

pysportbot/authenticator.py

@@ -1,7 +1,4 @@
 import json
-from urllib.parse import parse_qs, urlparse
-
-from bs4 import BeautifulSoup
 
 from .endpoints import Endpoints
 from .session import Session
@@ -12,206 +9,296 @@ logger = get_logger(__name__)
 
 
 class Authenticator:
-    """Handles user authentication and Nubapp login functionality."""
+    """
+    Handles user authentication and Nubapp login functionality.
 
-    def __init__(self, session: Session, centre: str) -> None:
-        """
-        Initialize the Authenticator.
+    Flow overview:
 
-        Args:
-            session (Session): An instance of the Session class.
-            centre (str): The centre selected by the user.
-        """
+      1. Login to Resasocial (api.resasocial.com) via /user/login
+         -> get Resasocial JWT + (id_user, id_application).
+
+      2. Store (id_user, id_application) in self.creds for use by Activities.
+
+      3. Call /secure/user/getSportUserToken with the Resasocial JWT
+         -> get Nubapp (sport.nubapp.com) JWT.
+
+      4. Store Nubapp JWT in self.headers["Authorization"].
+
+      5. Use Nubapp JWT to call /api/v4/users/getUser.php and verify the user.
+    """
+
+    def __init__(self, session: Session, centre: str) -> None:
         self.session = session.session
+        # Base headers; will be enriched with Nubapp JWT after login
         self.headers = session.headers
-        self.creds: dict[str, str] = {}
+        # Centre is still passed in from the bot, but not used in the new flow
         self.centre = centre
         self.timeout = (5, 10)
 
         # Authentication state
-        self.authenticated = False
+        self.authenticated: bool = False
         self.user_id: str | None = None
 
-    def is_session_valid(self) -> bool:
-        """
-        Check if the current session is still valid.
+        # Minimal "credentials" object used by Activities
+        # (id_application, id_user) are filled after /user/login.
+        self.creds: dict[str, str] = {}
 
-        Returns:
-            bool: True if session is valid, False otherwise.
-        """
-        try:
-            response = self.session.post(Endpoints.USER, headers=self.headers, timeout=self.timeout)
-            if response.status_code == 200:
-                response_dict = json.loads(response.content.decode("utf-8"))
-                return bool(response_dict.get("user"))
+        # Resasocial (resasports) JWT state
+        self.resasocial_jwt: str | None = None
+        self.resasocial_refresh: str | None = None
+        self.id_user: str | None = None
+        self.id_application: str | None = None
 
-        except Exception as e:
-            logger.debug(f"Session validation failed with exception: {e}")
-            return False
+        # Nubapp JWT tokens used for authenticated sport.nubapp.com requests
+        self.sport_jwt: str | None = None
+        self.sport_refresh: str | None = None
 
-        logger.debug(f"Session validation failed with status code: {response.status_code}")
-        return False
+    # ------------------------------------------------------------------
+    # Public API
+    # ------------------------------------------------------------------
 
     def login(self, email: str, password: str) -> None:
         """
-        Authenticate the user with email and password and log in to Nubapp.
-
-        Args:
-            email (str): The user's email address.
-            password (str): The user's password.
+        Full login flow:
 
-        Raises:
-            ValueError: If login credentials are invalid or authentication fails.
-            RuntimeError: If the login process fails due to system errors.
+          1. Resasocial JSON login (/user/login)
+          2. Fill self.creds with (id_application, id_user) for Activities
+          3. /secure/user/getSportUserToken -> Nubapp JWT
+          4. Store Nubapp JWT in headers and fetch user info to confirm identity
         """
         logger.info("Starting login process...")
 
         try:
-            # Fetch the CSRF token and perform login
-            csrf_token = self._fetch_csrf_token()
-            # Resasport login with CSRF token
-            self._resasports_login(email, password, csrf_token)
-            # Retrieve Nubapp credentials
-            self._retrieve_nubapp_credentials()
-            bearer_token = self._login_to_nubapp()
-            # Authenticate with the bearer token
-            self._authenticate_with_bearer_token(bearer_token)
-            # Fetch user information to complete the login process
+            self._resasocial_jwt_login(email, password)
+
+            # Expose IDs in the same structure Activities expects
+            self.creds = {
+                "id_application": str(self.id_application),
+                "id_user": str(self.id_user),
+            }
+
+            self._get_sport_user_token()
+            self._authenticate_with_bearer_token(self.sport_jwt)
             self._fetch_user_information()
 
+            self.authenticated = True
             logger.info("Login process completed successfully!")
 
-        except Exception as e:
+        except Exception as exc:
             self.authenticated = False
             self.user_id = None
-            logger.error(f"Login process failed: {e}")
-            raise
+            logger.error(f"Login process failed: {exc}")
+            # Normalize to a consistent login error for callers/tests
+            raise ValueError(ErrorMessages.failed_login()) from exc
 
-    def _fetch_csrf_token(self) -> str:
-        """Fetch CSRF token from the login page."""
-        logger.debug(f"Fetching CSRF token from {Endpoints.USER_LOGIN}")
+    def is_session_valid(self) -> bool:
+        """
+        Check whether the current Nubapp JWT is still valid by probing USER.
+        """
+        if not self.sport_jwt:
+            return False
 
-        response = self.session.get(Endpoints.USER_LOGIN, headers=self.headers, timeout=self.timeout)
-        if response.status_code != 200:
-            raise RuntimeError(ErrorMessages.failed_fetch("login popup"))
-
-        soup = BeautifulSoup(response.text, "html.parser")
-        csrf_tag = soup.find("input", {"name": "_csrf_token"})
-        if csrf_tag is None:
-            raise ValueError("CSRF token input not found on the page")
-
-        csrf_token = str(csrf_tag["value"])  # type: ignore[index]
-        logger.debug("CSRF token fetched successfully")
-        return csrf_token
-
-    def _resasports_login(self, email: str, password: str, csrf_token: str) -> None:
-        """Perform login to the main site."""
-        logger.debug("Performing site login")
-
-        payload = {
-            "_username": email,
-            "_password": password,
-            "_csrf_token": csrf_token,
-            "_submit": "",
-            "_force": "true",
-        }
+        try:
+            # At this point self.headers already contains Nubapp Authorization
+            response = self.session.post(
+                Endpoints.USER,
+                headers=self.headers,
+                timeout=self.timeout,
+            )
+
+            if response.status_code != 200:
+                return False
+
+            data = response.json()
+            return bool(data.get("data", {}).get("user"))
+
+        except Exception as exc:
+            logger.debug(f"Session validation failed: {exc}")
+            return False
 
+    # ------------------------------------------------------------------
+    # Step 1: Resasocial JWT login
+    # ------------------------------------------------------------------
+
+    def _resasocial_jwt_login(self, email: str, password: str) -> None:
+        """Perform login via the /user/login JSON endpoint on api.resasocial.com."""
+        logger.debug("Logging in via Resasocial /user/login (JWT flow)")
+
+        payload = {"username": email, "password": password}
+        # Use a copy of the base headers: no Authorization here.
         headers = self.headers.copy()
-        headers.update({"Content-Type": "application/x-www-form-urlencoded"})
 
-        response = self.session.post(Endpoints.LOGIN_CHECK, data=payload, headers=headers, timeout=self.timeout)
+        response = self.session.post(
+            Endpoints.USER_LOGIN,
+            json=payload,
+            headers=headers,
+            timeout=self.timeout,
+        )
 
         if response.status_code != 200:
-            logger.error(f"Site login failed: {response.status_code}")
+            logger.error(
+                "JWT login failed with status %s. Body (truncated): %r",
+                response.status_code,
+                response.text[:200],
+            )
             raise ValueError(ErrorMessages.failed_login())
 
-        logger.info("Site login successful!")
+        try:
+            data = response.json()
+        except Exception as exc:
+            logger.error(
+                "JWT login returned non-JSON response. Body (truncated): %r",
+                response.text[:200],
+            )
+            raise ValueError(ErrorMessages.failed_login()) from exc
+
+        logger.debug(
+            "/user/login response keys: %s; applications count=%d",
+            list(data.keys()),
+            len(data.get("applications") or []),
+        )
 
-    def _retrieve_nubapp_credentials(self) -> None:
-        """Retrieve Nubapp credentials from the centre endpoint."""
-        logger.debug("Retrieving Nubapp credentials")
+        self.resasocial_jwt = data.get("jwt_token")
+        self.resasocial_refresh = data.get("refresh_token")
 
-        cred_endpoint = Endpoints.get_cred_endpoint(self.centre)
-        response = self.session.get(cred_endpoint, headers=self.headers, timeout=self.timeout)
+        apps = data.get("applications") or []
+        if not apps:
+            logger.error("No applications returned in /user/login response")
+            raise ValueError(ErrorMessages.failed_login())
 
-        if response.status_code != 200:
-            raise RuntimeError(ErrorMessages.failed_fetch("credentials"))
+        first_app = apps[0]
+        self.id_application = first_app.get("id_application")
+        self.id_user = first_app.get("id_user")
 
-        try:
-            response_data = json.loads(response.content.decode("utf-8"))
-            creds_payload = response_data.get("payload", "")
-            creds = {k: v[0] for k, v in parse_qs(creds_payload).items()}
-            creds.update({"platform": "resasocial", "network": "resasports"})
+        if not self.resasocial_jwt or not self.id_user or not self.id_application:
+            logger.error(
+                "Missing required fields in /user/login response: "
+                f"jwt_token={self.resasocial_jwt}, id_user={self.id_user}, "
+                f"id_application={self.id_application}"
+            )
+            raise ValueError(ErrorMessages.failed_login())
+
+        logger.info(
+            "JWT login successful. id_user=%s, id_application=%s",
+            self.id_user,
+            self.id_application,
+        )
+
+    # ------------------------------------------------------------------
+    # Step 3: getSportUserToken -> Nubapp JWT
+    # ------------------------------------------------------------------
 
-            self.creds = creds
-            logger.debug("Nubapp credentials retrieved successfully")
+    def _get_sport_user_token(self) -> None:
+        """
+        Request the Nubapp JWT token using the Resasocial JWT.
+        This replaces the old login_from_social.php redirect method.
+        """
+        logger.debug("Fetching Nubapp JWT via getSportUserToken")
 
-        except (ValueError, KeyError, SyntaxError) as e:
-            raise RuntimeError(f"Failed to parse credentials: {e}") from e
+        if not self.resasocial_jwt or not self.id_user or not self.id_application:
+            logger.error("Cannot fetch sport user token without resasocial_jwt, id_user, id_application")
+            raise ValueError(ErrorMessages.failed_login())
 
-    def _login_to_nubapp(self) -> str:
-        """Login to Nubapp and extract bearer token."""
-        logger.debug("Logging in to Nubapp")
+        # Local headers specific to this Resasocial-authenticated call
+        social_auth_headers = self.headers.copy()
+        social_auth_headers["Authorization"] = f"Bearer {self.resasocial_jwt}"
+
+        params = {
+            "id_user": self.id_user,
+            "id_application": self.id_application,
+        }
 
         response = self.session.get(
-            Endpoints.NUBAPP_LOGIN,
-            headers=self.headers,
-            params=self.creds,
+            Endpoints.SPORT_USER_TOKEN,
+            params=params,
+            headers=social_auth_headers,
             timeout=self.timeout,
-            allow_redirects=False,
         )
 
-        if response.status_code != 302:
-            logger.error(f"Nubapp login failed: {response.status_code}")
+        if response.status_code != 200:
+            logger.error(
+                "getSportUserToken failed with status %s. Body (truncated): %r",
+                response.status_code,
+                response.text[:200],
+            )
             raise ValueError(ErrorMessages.failed_login())
 
-        # Extract bearer token from redirect URL
-        redirect_url = response.headers.get("Location", "")
-        if not redirect_url:
+        try:
+            data = response.json()
+        except Exception as exc:
+            logger.error(
+                "getSportUserToken returned non-JSON response. Body (truncated): %r",
+                response.text[:200],
+            )
+            raise ValueError(ErrorMessages.failed_login()) from exc
+
+        logger.debug("response keys: %s", list(data.keys()))
+
+        self.sport_jwt = data.get("jwt_token")
+        self.sport_refresh = data.get("refresh_token")
+
+        if not self.sport_jwt:
+            logger.error("No jwt_token found in getSportUserToken response")
             raise ValueError(ErrorMessages.failed_login())
 
-        parsed_url = urlparse(redirect_url)
-        token = parse_qs(parsed_url.query).get("token", [None])[0]
+        logger.info("Nubapp JWT obtained successfully.")
+
+    # ------------------------------------------------------------------
+    # Step 4: Set Authorization header for Nubapp
+    # ------------------------------------------------------------------
 
+    def _authenticate_with_bearer_token(self, token: str | None) -> None:
+        """
+        Store the Nubapp JWT in self.headers so that all subsequent
+        Nubapp API calls (including Activities) share the same auth.
+        """
         if not token:
             raise ValueError(ErrorMessages.failed_login())
 
-        logger.info("Nubapp login successful!")
-        return token
-
-    def _authenticate_with_bearer_token(self, token: str) -> None:
-        """Add bearer token to headers for authentication."""
-        logger.debug("Setting up bearer token authentication")
+        logger.debug("Setting Nubapp Authorization header")
         self.headers["Authorization"] = f"Bearer {token}"
 
+    # ------------------------------------------------------------------
+    # Step 5: Nubapp User info
+    # ------------------------------------------------------------------
+
     def _fetch_user_information(self) -> None:
-        """Fetch and validate user information."""
-        logger.debug("Fetching user information")
+        """
+        Fetch and validate user information from Nubapp.
 
-        payload = {
-            "id_application": self.creds["id_application"],
-            "id_user": self.creds["id_user"],
-        }
+        No extra payload — we just rely on the Nubapp JWT already set in self.headers.
+        """
+        logger.debug("Fetching user info from Nubapp")
+
+        if not self.sport_jwt:
+            raise ValueError(ErrorMessages.failed_login())
 
-        response = self.session.post(Endpoints.USER, headers=self.headers, data=payload, timeout=self.timeout)
+        response = self.session.post(
+            Endpoints.USER,
+            headers=self.headers,
+            timeout=self.timeout,
+        )
 
         if response.status_code != 200:
+            logger.error(
+                "Fetching user info failed with status %s. Body (truncated): %r",
+                response.status_code,
+                response.text[:200],
+            )
             raise ValueError(ErrorMessages.failed_login())
 
         try:
-            response_dict = json.loads(response.content.decode("utf-8"))
-            user_data = response_dict.get("data", {}).get("user")
+            data = response.json()
+        except (json.JSONDecodeError, ValueError) as exc:
+            raise ValueError(f"Failed to parse user information: {exc}") from exc
 
-            if not user_data:
-                raise ValueError("No user data found in response")
+        user_data = data.get("data", {}).get("user")
+        if not user_data:
+            raise ValueError("No user data found in response")
 
-            user_id = user_data.get("id_user")
-            if not user_id:
-                raise ValueError("No user ID found in response")
-
-            self.user_id = str(user_id)
-            self.authenticated = True
-            logger.info(f"Authentication successful. User ID: {self.user_id}")
+        user_id = user_data.get("id_user")
+        if not user_id:
+            raise ValueError("No user ID found in response")
 
-        except (json.JSONDecodeError, KeyError) as e:
-            raise ValueError(f"Failed to parse user information: {e}") from e
+        self.user_id = str(user_id)
+        logger.info("Authentication successful. User ID: %s", self.user_id)

pysportbot/endpoints.py

@@ -3,56 +3,67 @@ from enum import Enum
 
 class Endpoints(str, Enum):
     """
-    API endpoints used throughout the application.
+    Centralized collection of API endpoints used by the bot.
 
-    This enum provides type-safe access to all API endpoints with clear organization
-    and automatic string conversion for use in HTTP requests.
+    This enum provides type-safe access to all URLs with clear structure.
     """
 
-    # === Base URLs ===
-    BASE_SOCIAL = "https://social.resasports.com"
+    # ============================================================
+    # Base URLs
+    # ============================================================
+
+    # Resasocial / Resasports API (used for login, centre data, etc.)
+    BASE_SOCIAL = "https://api.resasocial.com"
+
+    # Nubapp API (used for bookings, user data, etc.)
     BASE_NUBAPP = "https://sport.nubapp.com"
 
-    # === URL Components ===
-    NUBAPP_RESOURCES = "web/resources"
+    # Path used for all Nubapp JSON API endpoints
     NUBAPP_API = "api/v4"
 
-    # === Centre Management ===
+    # ============================================================
+    # Centre Management
+    # ============================================================
+
+    # Returns the list of centres with their bounds / metadata.
+    # Used by Centres.fetch_centres() to populate the centre list (slug, name, etc).
     CENTRE = f"{BASE_SOCIAL}/ajax/applications/bounds/"
 
-    # === Authentication ===
-    USER_LOGIN = f"{BASE_SOCIAL}/popup/login"
-    LOGIN_CHECK = f"{BASE_SOCIAL}/popup/login_check"
-    NUBAPP_LOGIN = f"{BASE_NUBAPP}/{NUBAPP_RESOURCES}/login_from_social.php"
+    # ============================================================
+    # Authentication
+    # ============================================================
+
+    # Resasports login endpoint
+    USER_LOGIN = f"{BASE_SOCIAL}/user/login"
+
+    # Nubapp authentification via JWT token
+    SPORT_USER_TOKEN = f"{BASE_SOCIAL}/secure/user/getSportUserToken"
+
+    # ============================================================
+    # Nubapp User & Application
+    # ============================================================
 
-    # === User Management ===
+    # User information endpoint (requires Nubapp JWT)
     USER = f"{BASE_NUBAPP}/{NUBAPP_API}/users/getUser.php"
 
-    # === Activities & Scheduling ===
+    # ============================================================
+    # Activities & Scheduling
+    # ============================================================
+
     ACTIVITIES = f"{BASE_NUBAPP}/{NUBAPP_API}/activities/getActivities.php"
     SLOTS = f"{BASE_NUBAPP}/{NUBAPP_API}/activities/getActivitiesCalendar.php"
 
-    # === Booking Management ===
+    # ============================================================
+    # Booking
+    # ============================================================
+
     BOOKING = f"{BASE_NUBAPP}/{NUBAPP_API}/activities/bookActivityCalendar.php"
     CANCELLATION = f"{BASE_NUBAPP}/{NUBAPP_API}/activities/leaveActivityCalendar.php"
 
-    @classmethod
-    def get_cred_endpoint(cls, centre_slug: str) -> str:
-        """
-        Generate the credentials endpoint for a specific centre.
-
-        Args:
-            centre_slug (str): The unique identifier for the sports centre
-
-        Returns:
-            str: Complete URL for fetching centre credentials
-
-        Example:
-            >>> Endpoints.get_cred_endpoint("kirolklub")
-            "https://social.resasports.com/ajax/application/kirolklub/book/request"
-        """
-        return f"{cls.BASE_SOCIAL}/ajax/application/{centre_slug}/book/request"
+    # ============================================================
+    # Utility
+    # ============================================================
 
     def __str__(self) -> str:
-        """Return the URL string for direct use in HTTP requests."""
+        """Return URL string for direct HTTP usage."""
         return str(self.value)

{pysportbot-0.0.19.dist-info → pysportbot-0.0.20.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pysportbot
-Version: 0.0.19
+Version: 0.0.20
 Summary: A python-based bot for automatic resasports slot booking
 License-File: LICENSE
 Author: Joshua Falco Beirer
@@ -11,7 +11,6 @@ Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
-Requires-Dist: beautifulsoup4 (>=4.13.5,<5.0.0)
 Requires-Dist: pandas (>=2.3.2,<3.0.0)
 Requires-Dist: pytz (>=2025.2,<2026.0)
 Requires-Dist: requests (>=2.32.5,<3.0.0)

{pysportbot-0.0.19.dist-info → pysportbot-0.0.20.dist-info}/RECORD

@@ -1,9 +1,9 @@
 pysportbot/__init__.py,sha256=PdDUmkEBSOkdw3BaKMv1sXAUgYSTl6_qUOnAEj9UDBM,6570
 pysportbot/activities.py,sha256=fvj1Pnf3xxDuNY2FBGDOaach6tcZ_HJxCfoyGVju0oM,7598
-pysportbot/authenticator.py,sha256=MadHojTiDRcpPNABgT76j-fJ4cw9yydibHbEtDNktPg,7950
+pysportbot/authenticator.py,sha256=vsY_ZZ9ONfv5qNAk0stNshKbXckj8JulLN91Nt_bpK8,10891
 pysportbot/bookings.py,sha256=yJPgCTECXBEVtQzwj3lUJ8QR3h43ycCUw80mTx-Ck60,3189
 pysportbot/centres.py,sha256=FTK-tXUOxiJvLCHP6Bk9XEQKODQZOwwkYLlioSJPBEk,3399
-pysportbot/endpoints.py,sha256=vysTBx6fEn6LtjOlYx2Dj-LLe1ts7JmeEbFZiWcE5qU,1965
+pysportbot/endpoints.py,sha256=yLhejLpyI5tP1PtxeIkbKszUqah_hwtSHjLfmV1EF70,2548
 pysportbot/service/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pysportbot/service/__main__.py,sha256=gsKfDMOmsVC3LHCQs0Dmp7YWJBlZeGcTsX-Mx4mk6ro,1496
 pysportbot/service/booking.py,sha256=ifeo1LbtPvls-hpQOZW5TvoqeZ1MJxIipim4RHTH7nI,5908
@@ -17,7 +17,7 @@ pysportbot/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,
 pysportbot/utils/errors.py,sha256=hPbWJT_uOIgYjxqm5VojlRy3wWnFj9HLZGIcbv9tq8c,4956
 pysportbot/utils/logger.py,sha256=ANayMEeeAIVGKvITAxOFm2EdCbzBBTpNywuytAr4Z90,5366
 pysportbot/utils/time.py,sha256=GKfFU5WwRSaWz2xNJ6EM0w1lHOVo8of5qhqnfh9xbJM,1926
-pysportbot-0.0.19.dist-info/METADATA,sha256=rOfr_KIlMFExYU7vYIuPaXE9aVfwdIu1vRebsNnq65s,8191
-pysportbot-0.0.19.dist-info/WHEEL,sha256=M5asmiAlL6HEcOq52Yi5mmk9KmTVjY2RDPtO4p9DMrc,88
-pysportbot-0.0.19.dist-info/licenses/LICENSE,sha256=6ov3DypdEVYpp2pn_B1MniKWO5C9iDA4O6PGcbork6c,1077
-pysportbot-0.0.19.dist-info/RECORD,,
+pysportbot-0.0.20.dist-info/METADATA,sha256=rqdC7PNwFSPswnq8vpJQcbJXTdZZDdpRhOJFNCsHCVM,8143
+pysportbot-0.0.20.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
+pysportbot-0.0.20.dist-info/licenses/LICENSE,sha256=6ov3DypdEVYpp2pn_B1MniKWO5C9iDA4O6PGcbork6c,1077
+pysportbot-0.0.20.dist-info/RECORD,,

{pysportbot-0.0.19.dist-info → pysportbot-0.0.20.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: poetry-core 2.2.0
+Generator: poetry-core 2.2.1
 Root-Is-Purelib: true
 Tag: py3-none-any