PyPI - python3-commons - Versions diffs - 0.17.4__tar.gz → 0.17.5__tar.gz - Mend

python3-commons 0.17.4tar.gz → 0.17.5tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (74) hide show

{python3_commons-0.17.4/src/python3_commons.egg-info → python3_commons-0.17.5}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: python3-commons
-Version: 0.17.4
+Version: 0.17.5
 Summary: Re-usable Python3 code
 Author-email: Oleg Korsak <kamikaze.is.waiting.you@gmail.com>
 License-Expression: GPL-3.0

python3_commons-0.17.5/src/python3_commons/auth.py ADDED Viewed

@@ -0,0 +1,178 @@
+from __future__ import annotations
+import logging
+from collections.abc import Sequence
+from http import HTTPStatus
+from typing import Self, TypeVar
+try:
+    import aiohttp
+except ImportError as e:
+    msg = 'Install python3-commons[authn] to use this feature'
+    raise RuntimeError(msg) from e
+import msgspec
+from python3_commons.conf import oidc_settings
+logger = logging.getLogger(__name__)
+class TokenData(msgspec.Struct):
+    exp: int
+    iat: int
+    iss: str
+    sub: str
+    aud: str | Sequence[str] | None = None
+    email: str | None = None
+    name: str | None = None
+    preferred_username: str | None = None
+    realm_access: dict[str, Sequence[str]] | None = None
+    resource_access: dict[str, dict[str, Sequence[str]]] | None = None
+    @property
+    def roles(self) -> list[str]:
+        roles_list = []
+        if self.realm_access:
+            roles_list.extend(self.realm_access.get('roles', []))
+        if self.resource_access:
+            for client in self.resource_access.values():
+                roles_list.extend(client.get('roles', []))
+        return list(set(roles_list))
+T = TypeVar('T', bound=TokenData)
+OIDC_CONFIG_URL = (
+    f'{oidc_settings.authority_internal_url or oidc_settings.authority_url}/.well-known/openid-configuration'
+)
+class OIDCTokenResponse(msgspec.Struct):
+    access_token: str
+    token_type: str
+    expires_in: int
+    refresh_token: str
+    scope: str
+    id_token: str
+async def fetch_openid_config() -> dict:
+    """
+    Fetch the OpenID configuration (including JWKS URI) from OIDC authority.
+    """
+    async with aiohttp.ClientSession() as session, session.get(OIDC_CONFIG_URL) as response:
+        if response.status != HTTPStatus.OK:
+            _msg = 'Failed to fetch OpenID configuration'
+            raise RuntimeError(_msg)
+        return await response.json()
+async def fetch_jwks(jwks_uri: str) -> dict:
+    """
+    Fetch the JSON Web Key Set (JWKS) for validating the token's signature.
+    """
+    if oidc_settings.authority_internal_url:
+        jwks_uri = jwks_uri.replace(str(oidc_settings.authority_url), str(oidc_settings.authority_internal_url))
+    async with aiohttp.ClientSession() as session, session.get(jwks_uri) as response:
+        if response.status != HTTPStatus.OK:
+            _msg = 'Failed to fetch JWKS'
+            raise RuntimeError(_msg)
+        return await response.json()
+class OIDCError(Exception):
+    pass
+class OIDCAuthError(OIDCError):
+    pass
+class OIDCClient:
+    def __init__(
+            self,
+            token_url: str,
+            client_id: str,
+            client_secret: str | None = None,
+            *,
+            timeout: float = 10.0,
+            session: aiohttp.ClientSession | None = None,
+    ) -> None:
+        self._token_url = token_url
+        self._client_id = client_id
+        self._client_secret = client_secret
+        self._timeout = aiohttp.ClientTimeout(total=timeout)
+        self._session = session
+        self._owns_session = session is None
+    async def __aenter__(self) -> Self:
+        if self._session is None:
+            self._session = aiohttp.ClientSession(timeout=self._timeout)
+        return self
+    async def __aexit__(self, *_: object) -> None:
+        if self._owns_session and self._session:
+            await self._session.close()
+    async def fetch_token(
+            self,
+            *,
+            username: str,
+            password: str,
+            scope: str = 'openid profile email',
+    ) -> OIDCTokenResponse:
+        if self._session is None:
+            msg = 'ClientSession not initialized'
+            raise RuntimeError(msg)
+        data = {
+            'grant_type': 'password',
+            'username': username,
+            'password': password,
+            'client_id': self._client_id,
+            'scope': scope,
+        }
+        if self._client_secret:
+            data['client_secret'] = self._client_secret
+        try:
+            async with self._session.post(
+                    self._token_url,
+                    data=data,
+                    headers={'Content-Type': 'application/x-www-form-urlencoded'},
+            ) as resp:
+                payload = await resp.json(content_type=None)
+        except TimeoutError as e:
+            msg = 'OIDC request timed out'
+            raise OIDCError(msg) from e
+        except aiohttp.ClientError as e:
+            msg = 'OIDC transport error'
+            raise OIDCError(msg) from e
+        if not resp.ok:
+            error = payload.get('error')
+            description = payload.get('error_description')
+            if error in {'invalid_grant', 'invalid_client'}:
+                msg = f'{error}: {description}'
+                raise OIDCAuthError(msg)
+            msg = f'{error}: {description}'
+            raise OIDCError(msg)
+        return payload

{python3_commons-0.17.4 → python3_commons-0.17.5}/src/python3_commons/conf.py RENAMED Viewed

@@ -21,6 +21,7 @@ class OIDCSettings(BaseSettings):
     authority_url: HttpUrl | None = None
     authority_internal_url: HttpUrl | None = None
     client_id: str | None = None
+    client_secret: SecretStr = SecretStr('')
     redirect_uri: str | None = None
     scope: StringSeq = (
         'openid',
@@ -58,11 +59,11 @@ class DBSettings(BaseSettings):
     @model_validator(mode='after')
     def build_dsn_if_missing(self) -> DBSettings:
         if self.dsn is None and all(
-                (
-                        self.user,
-                        self.password,
-                        self.name,
-                )
+            (
+                self.user,
+                self.password,
+                self.name,
+            )
         ):
             self.dsn = PostgresDsn.build(
                 scheme=self.scheme,

{python3_commons-0.17.4 → python3_commons-0.17.5}/src/python3_commons/object_storage.py RENAMED Viewed

@@ -140,7 +140,7 @@ async def list_objects(bucket_name: str, prefix: str, *, recursive: bool = True)
 async def get_object_streams(
-        bucket_name: str, path: str, *, recursive: bool = True
+    bucket_name: str, path: str, *, recursive: bool = True
 ) -> AsyncGenerator[tuple[str, datetime, StreamingBody]]:
     async for obj in list_objects(bucket_name, path, recursive=recursive):
         object_name = obj['Key']
@@ -151,7 +151,7 @@ async def get_object_streams(
 async def get_objects(
-        bucket_name: str, path: str, *, recursive: bool = True
+    bucket_name: str, path: str, *, recursive: bool = True
 ) -> AsyncGenerator[tuple[str, datetime, bytes]]:
     async for object_name, last_modified, stream in get_object_streams(bucket_name, path, recursive=recursive):
         data = await stream.read()
@@ -173,7 +173,7 @@ async def remove_object(bucket_name: str, object_name: str) -> None:
 async def remove_objects(
-        bucket_name: str, prefix: str | None = None, object_names: Iterable[str] | None = None
+    bucket_name: str, prefix: str | None = None, object_names: Iterable[str] | None = None
 ) -> Sequence[Mapping] | None:
     storage = ObjectStorage(s3_settings)
@@ -196,7 +196,7 @@ async def remove_objects(
             chunk_size = 1000
             for i in range(0, len(objects_to_delete), chunk_size):
-                chunk = objects_to_delete[i: i + chunk_size]
+                chunk = objects_to_delete[i : i + chunk_size]
                 response = await s3_client.delete_objects(Bucket=bucket_name, Delete={'Objects': chunk})

{python3_commons-0.17.4 → python3_commons-0.17.5/src/python3_commons.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: python3-commons
-Version: 0.17.4
+Version: 0.17.5
 Summary: Re-usable Python3 code
 Author-email: Oleg Korsak <kamikaze.is.waiting.you@gmail.com>
 License-Expression: GPL-3.0

python3_commons-0.17.4/src/python3_commons/auth.py DELETED Viewed

@@ -1,79 +0,0 @@
-from __future__ import annotations
-import logging
-from collections.abc import Sequence
-from http import HTTPStatus
-from typing import TypeVar
-try:
-    import aiohttp
-except ImportError as e:
-    msg = 'Install python3-commons[authn] to use this feature'
-    raise RuntimeError(msg) from e
-import msgspec
-from python3_commons.conf import oidc_settings
-logger = logging.getLogger(__name__)
-class TokenData(msgspec.Struct):
-    exp: int
-    iat: int
-    iss: str
-    sub: str
-    aud: str | Sequence[str] | None = None
-    email: str | None = None
-    name: str | None = None
-    preferred_username: str | None = None
-    realm_access: dict[str, Sequence[str]] | None = None
-    resource_access: dict[str, dict[str, Sequence[str]]] | None = None
-    @property
-    def roles(self) -> list[str]:
-        roles_list = []
-        if self.realm_access:
-            roles_list.extend(self.realm_access.get('roles', []))
-        if self.resource_access:
-            for client in self.resource_access.values():
-                roles_list.extend(client.get('roles', []))
-        return list(set(roles_list))
-T = TypeVar('T', bound=TokenData)
-OIDC_CONFIG_URL = (
-    f'{oidc_settings.authority_internal_url or oidc_settings.authority_url}/.well-known/openid-configuration'
-)
-async def fetch_openid_config() -> dict:
-    """
-    Fetch the OpenID configuration (including JWKS URI) from OIDC authority.
-    """
-    async with aiohttp.ClientSession() as session, session.get(OIDC_CONFIG_URL) as response:
-        if response.status != HTTPStatus.OK:
-            _msg = 'Failed to fetch OpenID configuration'
-            raise RuntimeError(_msg)
-        return await response.json()
-async def fetch_jwks(jwks_uri: str) -> dict:
-    """
-    Fetch the JSON Web Key Set (JWKS) for validating the token's signature.
-    """
-    if oidc_settings.authority_internal_url:
-        jwks_uri = jwks_uri.replace(str(oidc_settings.authority_url), str(oidc_settings.authority_internal_url))
-    async with aiohttp.ClientSession() as session, session.get(jwks_uri) as response:
-        if response.status != HTTPStatus.OK:
-            _msg = 'Failed to fetch JWKS'
-            raise RuntimeError(_msg)
-        return await response.json()