souleyez 2.43.29__py3-none-any.whl → 2.43.34__py3-none-any.whl

souleyez/auth/user_manager.py

@@ -7,6 +7,7 @@ Handles:
 - Default admin user creation
 - Tier management for licensing
 """
+
 import sqlite3
 import hashlib
 import secrets
@@ -27,6 +28,7 @@ MIN_PASSWORD_LENGTH = 8
 @dataclass
 class User:
     """User account model."""
+
     id: str
     username: str
     email: Optional[str]
@@ -95,10 +97,7 @@ class UserManager:
             Hex-encoded password hash
         """
         key = hashlib.pbkdf2_hmac(
-            'sha256',
-            password.encode('utf-8'),
-            bytes.fromhex(salt),
-            HASH_ITERATIONS
+            "sha256", password.encode("utf-8"), bytes.fromhex(salt), HASH_ITERATIONS
         )
         return key.hex()
 
@@ -125,13 +124,13 @@ class UserManager:
         if len(password) < MIN_PASSWORD_LENGTH:
             return False, f"Password must be at least {MIN_PASSWORD_LENGTH} characters"
 
-        if not re.search(r'[A-Z]', password):
+        if not re.search(r"[A-Z]", password):
             return False, "Password must contain at least one uppercase letter"
 
-        if not re.search(r'[a-z]', password):
+        if not re.search(r"[a-z]", password):
             return False, "Password must contain at least one lowercase letter"
 
-        if not re.search(r'\d', password):
+        if not re.search(r"\d", password):
             return False, "Password must contain at least one digit"
 
         if not re.search(r'[!@#$%^&*(),.?":{}|<>]', password):
@@ -154,7 +153,7 @@ class UserManager:
         email: Optional[str] = None,
         role: Role = Role.ANALYST,
         tier: Tier = Tier.FREE,
-        skip_password_validation: bool = False
+        skip_password_validation: bool = False,
     ) -> tuple[Optional[User], str]:
         """
         Create a new user account.
@@ -174,8 +173,11 @@ class UserManager:
         if not username or len(username) < 3:
             return None, "Username must be at least 3 characters"
 
-        if not re.match(r'^[a-zA-Z0-9_-]+$', username):
-            return None, "Username can only contain letters, numbers, underscores, and hyphens"
+        if not re.match(r"^[a-zA-Z0-9_-]+$", username):
+            return (
+                None,
+                "Username can only contain letters, numbers, underscores, and hyphens",
+            )
 
         # Validate password
         if not skip_password_validation:
@@ -192,15 +194,26 @@ class UserManager:
 
         try:
             conn = self._get_conn()
-            conn.execute("""
+            conn.execute(
+                """
                 INSERT INTO users (
                     id, username, password_hash, salt, email, role, tier,
                     is_active, created_at, updated_at
                 ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-            """, (
-                user_id, username.lower(), password_hash, salt, email,
-                role.value, tier.value, True, now, now
-            ))
+            """,
+                (
+                    user_id,
+                    username.lower(),
+                    password_hash,
+                    salt,
+                    email,
+                    role.value,
+                    tier.value,
+                    True,
+                    now,
+                    now,
+                ),
+            )
             conn.commit()
             conn.close()
 
@@ -214,9 +227,7 @@ class UserManager:
     def get_user_by_id(self, user_id: str) -> Optional[User]:
         """Get user by ID."""
         conn = self._get_conn()
-        row = conn.execute(
-            "SELECT * FROM users WHERE id = ?", (user_id,)
-        ).fetchone()
+        row = conn.execute("SELECT * FROM users WHERE id = ?", (user_id,)).fetchone()
         conn.close()
 
         if row is None:
@@ -257,7 +268,7 @@ class UserManager:
         email: Optional[str] = None,
         role: Optional[Role] = None,
         tier: Optional[Tier] = None,
-        is_active: Optional[bool] = None
+        is_active: Optional[bool] = None,
     ) -> tuple[bool, str]:
         """
         Update user fields.
@@ -295,7 +306,7 @@ class UserManager:
             conn = self._get_conn()
             result = conn.execute(
                 f"UPDATE users SET {', '.join(updates)} WHERE id = ?",  # nosec B608 - column names are whitelisted, not user input
-                params
+                params,
             )
             conn.commit()
             conn.close()
@@ -309,10 +320,7 @@ class UserManager:
             return False, f"Failed to update user: {e}"
 
     def change_password(
-        self,
-        user_id: str,
-        new_password: str,
-        skip_validation: bool = False
+        self, user_id: str, new_password: str, skip_validation: bool = False
     ) -> tuple[bool, str]:
         """Change user password."""
         if not skip_validation:
@@ -325,11 +333,14 @@ class UserManager:
 
         try:
             conn = self._get_conn()
-            result = conn.execute("""
+            result = conn.execute(
+                """
                 UPDATE users
                 SET password_hash = ?, salt = ?, updated_at = ?
                 WHERE id = ?
-            """, (password_hash, salt, datetime.now().isoformat(), user_id))
+            """,
+                (password_hash, salt, datetime.now().isoformat(), user_id),
+            )
             conn.commit()
             conn.close()
 
@@ -397,11 +408,14 @@ class UserManager:
             return None, "Invalid username or password"
 
         # Successful login - reset failed attempts and update last_login
-        conn.execute("""
+        conn.execute(
+            """
             UPDATE users
             SET failed_login_attempts = 0, locked_until = NULL, last_login = ?
             WHERE id = ?
-        """, (datetime.now().isoformat(), user.id))
+        """,
+            (datetime.now().isoformat(), user.id),
+        )
         conn.commit()
         conn.close()
 
@@ -412,11 +426,14 @@ class UserManager:
         MAX_ATTEMPTS = 5
         LOCKOUT_MINUTES = 15
 
-        conn.execute("""
+        conn.execute(
+            """
             UPDATE users
             SET failed_login_attempts = failed_login_attempts + 1
             WHERE id = ?
-        """, (user_id,))
+        """,
+            (user_id,),
+        )
 
         # Check if we need to lock the account
         row = conn.execute(
@@ -425,10 +442,14 @@ class UserManager:
 
         if row and row[0] >= MAX_ATTEMPTS:
             from datetime import timedelta
+
             locked_until = datetime.now() + timedelta(minutes=LOCKOUT_MINUTES)
-            conn.execute("""
+            conn.execute(
+                """
                 UPDATE users SET locked_until = ? WHERE id = ?
-            """, (locked_until.isoformat(), user_id))
+            """,
+                (locked_until.isoformat(), user_id),
+            )
 
         conn.commit()
 
@@ -462,7 +483,7 @@ class UserManager:
             password=default_password,
             role=Role.ADMIN,
             tier=Tier.FREE,  # Start FREE, upgrade when license is activated
-            skip_password_validation=True
+            skip_password_validation=True,
         )
 
         if user is None:
@@ -488,7 +509,7 @@ class UserManager:
         tier: Tier,
         license_key: Optional[str] = None,
         expires_at: Optional[datetime] = None,
-        _bypass_validation: bool = False
+        _bypass_validation: bool = False,
     ) -> tuple[bool, str]:
         """
         Set user's license tier.
@@ -510,10 +531,14 @@ class UserManager:
         if tier == Tier.PRO and not _bypass_validation:
             try:
                 from souleyez.licensing import get_active_license
+
                 license_info = get_active_license()
 
                 if not license_info or not license_info.is_valid:
-                    return False, "Valid license required for Pro tier. Use 'souleyez license activate <key>'"
+                    return (
+                        False,
+                        "Valid license required for Pro tier. Use 'souleyez license activate <key>'",
+                    )
 
                 # Use license info for expiration
                 expires_at = license_info.expires_at
@@ -525,17 +550,20 @@ class UserManager:
 
         try:
             conn = self._get_conn()
-            conn.execute("""
+            conn.execute(
+                """
                 UPDATE users
                 SET tier = ?, license_key = ?, license_expires_at = ?, updated_at = ?
                 WHERE id = ?
-            """, (
-                tier.value,
-                license_key,
-                expires_at.isoformat() if expires_at else None,
-                datetime.now().isoformat(),
-                user_id
-            ))
+            """,
+                (
+                    tier.value,
+                    license_key,
+                    expires_at.isoformat() if expires_at else None,
+                    datetime.now().isoformat(),
+                    user_id,
+                ),
+            )
             conn.commit()
             conn.close()
             return True, ""
@@ -554,15 +582,14 @@ class UserManager:
         """
         try:
             conn = self._get_conn()
-            cursor = conn.execute("""
+            cursor = conn.execute(
+                """
                 UPDATE users
                 SET tier = ?, license_key = NULL, license_expires_at = NULL, updated_at = ?
                 WHERE tier = ?
-            """, (
-                Tier.FREE.value,
-                datetime.now().isoformat(),
-                Tier.PRO.value
-            ))
+            """,
+                (Tier.FREE.value, datetime.now().isoformat(), Tier.PRO.value),
+            )
             count = cursor.rowcount
             conn.commit()
             conn.close()
@@ -577,21 +604,39 @@ class UserManager:
     def _row_to_user(self, row: sqlite3.Row) -> User:
         """Convert database row to User object."""
         user = User(
-            id=row['id'],
-            username=row['username'],
-            email=row['email'],
-            role=Role(row['role']),
-            tier=Tier(row['tier']),
-            is_active=bool(row['is_active']),
-            created_at=datetime.fromisoformat(row['created_at']) if row['created_at'] else datetime.now(),
-            updated_at=datetime.fromisoformat(row['updated_at']) if row['updated_at'] else datetime.now(),
-            last_login=datetime.fromisoformat(row['last_login']) if row['last_login'] else None,
-            license_key=row['license_key'],
-            license_expires_at=datetime.fromisoformat(row['license_expires_at']) if row['license_expires_at'] else None,
-            failed_login_attempts=row['failed_login_attempts'] or 0,
-            locked_until=datetime.fromisoformat(row['locked_until']) if row['locked_until'] else None,
+            id=row["id"],
+            username=row["username"],
+            email=row["email"],
+            role=Role(row["role"]),
+            tier=Tier(row["tier"]),
+            is_active=bool(row["is_active"]),
+            created_at=(
+                datetime.fromisoformat(row["created_at"])
+                if row["created_at"]
+                else datetime.now()
+            ),
+            updated_at=(
+                datetime.fromisoformat(row["updated_at"])
+                if row["updated_at"]
+                else datetime.now()
+            ),
+            last_login=(
+                datetime.fromisoformat(row["last_login"]) if row["last_login"] else None
+            ),
+            license_key=row["license_key"],
+            license_expires_at=(
+                datetime.fromisoformat(row["license_expires_at"])
+                if row["license_expires_at"]
+                else None
+            ),
+            failed_login_attempts=row["failed_login_attempts"] or 0,
+            locked_until=(
+                datetime.fromisoformat(row["locked_until"])
+                if row["locked_until"]
+                else None
+            ),
         )
         # Set password fields (private)
-        user._password_hash = row['password_hash']
-        user._salt = row['salt']
+        user._password_hash = row["password_hash"]
+        user._salt = row["salt"]
         return user

souleyez/commands/audit.py

@@ -7,6 +7,7 @@ Commands:
 - souleyez audit stats          - Show audit statistics
 - souleyez audit export         - Export audit logs
 """
+
 import click
 from datetime import datetime
 from rich.console import Console
@@ -38,11 +39,7 @@ def audit_list(limit, user, action):
     """List recent audit log entries."""
     logger = get_audit_logger()
 
-    entries = logger.query(
-        username=user,
-        action=action,
-        limit=limit
-    )
+    entries = logger.query(username=user, action=action, limit=limit)
 
     if not entries:
         console.print("[yellow]No audit entries found[/yellow]")
@@ -58,45 +55,45 @@ def audit_list(limit, user, action):
 
     for e in entries:
         # Parse timestamp
-        ts = e['timestamp'][:19].replace('T', ' ')
+        ts = e["timestamp"][:19].replace("T", " ")
 
         # Format resource
         resource = ""
-        if e['resource_type']:
+        if e["resource_type"]:
             resource = f"{e['resource_type']}"
-            if e['resource_id']:
+            if e["resource_id"]:
                 resource += f":{e['resource_id']}"
 
         # Format details (truncate if long)
         details = ""
-        if e['details']:
+        if e["details"]:
             try:
-                d = json.loads(e['details'])
+                d = json.loads(e["details"])
                 details = str(d)[:30]
             except:
-                details = e['details'][:30]
+                details = e["details"][:30]
 
         # Success indicator
-        success = "[green]✓[/green]" if e['success'] else "[red]✗[/red]"
+        success = "[green]✓[/green]" if e["success"] else "[red]✗[/red]"
 
         # Color action by category
-        action_str = e['action']
-        if action_str.startswith('auth.') or action_str.startswith('permission.'):
+        action_str = e["action"]
+        if action_str.startswith("auth.") or action_str.startswith("permission."):
             action_str = f"[red]{action_str}[/red]"
-        elif action_str.startswith('user.'):
+        elif action_str.startswith("user."):
             action_str = f"[cyan]{action_str}[/cyan]"
-        elif action_str.startswith('scan.'):
+        elif action_str.startswith("scan."):
             action_str = f"[yellow]{action_str}[/yellow]"
-        elif action_str.startswith('engagement.'):
+        elif action_str.startswith("engagement."):
             action_str = f"[green]{action_str}[/green]"
 
         table.add_row(
             ts,
-            e['username'] or '-',
+            e["username"] or "-",
             action_str,
-            resource or '-',
-            details or '-',
-            success
+            resource or "-",
+            details or "-",
+            success,
         )
 
     console.print(table)
@@ -126,7 +123,7 @@ def audit_search(user, action, resource, start, end, failed, limit):
         start_date=start_date,
         end_date=end_date,
         success_only=not failed,
-        limit=limit
+        limit=limit,
     )
 
     if not entries:
@@ -136,18 +133,18 @@ def audit_search(user, action, resource, start, end, failed, limit):
     console.print(f"[green]Found {len(entries)} entries[/green]\n")
 
     for e in entries:
-        ts = e['timestamp'][:19].replace('T', ' ')
-        success = "✓" if e['success'] else "✗"
+        ts = e["timestamp"][:19].replace("T", " ")
+        success = "✓" if e["success"] else "✗"
 
         console.print(f"[dim]{ts}[/dim] [{success}] [bold]{e['action']}[/bold]")
         console.print(f"  User: {e['username'] or 'system'}")
 
-        if e['resource_type']:
+        if e["resource_type"]:
             console.print(f"  Resource: {e['resource_type']}:{e['resource_id'] or ''}")
 
-        if e['details']:
+        if e["details"]:
             try:
-                details = json.loads(e['details'])
+                details = json.loads(e["details"])
                 console.print(f"  Details: {details}")
             except:
                 console.print(f"  Details: {e['details']}")
@@ -164,22 +161,24 @@ def audit_stats(days):
     logger = get_audit_logger()
     stats = logger.get_stats(days)
 
-    console.print(Panel(
-        f"[bold]Period:[/bold] Last {stats['period_days']} days\n"
-        f"[bold]Total Events:[/bold] {stats['total_events']}\n"
-        f"[bold]Failed Events:[/bold] [red]{stats['failed_events']}[/red]\n"
-        f"[bold]Unique Users:[/bold] {stats['unique_users']}",
-        title="📊 Audit Statistics",
-        border_style="blue"
-    ))
+    console.print(
+        Panel(
+            f"[bold]Period:[/bold] Last {stats['period_days']} days\n"
+            f"[bold]Total Events:[/bold] {stats['total_events']}\n"
+            f"[bold]Failed Events:[/bold] [red]{stats['failed_events']}[/red]\n"
+            f"[bold]Unique Users:[/bold] {stats['unique_users']}",
+            title="📊 Audit Statistics",
+            border_style="blue",
+        )
+    )
 
-    if stats['by_category']:
+    if stats["by_category"]:
         console.print("\n[bold]Events by Category:[/bold]")
         table = Table(show_header=False, box=None)
         table.add_column("Category", width=20)
         table.add_column("Count", justify="right")
 
-        for cat, count in sorted(stats['by_category'].items(), key=lambda x: -x[1]):
+        for cat, count in sorted(stats["by_category"].items(), key=lambda x: -x[1]):
             bar = "█" * min(count // 10, 30)
             table.add_row(cat, f"{count} {bar}")
 
@@ -203,9 +202,7 @@ def audit_export(start, end, format, output):
     end_date = datetime.fromisoformat(end) if end else datetime.now()
 
     entries = logger.query(
-        start_date=start_date,
-        end_date=end_date,
-        limit=10000  # Large limit for export
+        start_date=start_date, end_date=end_date, limit=10000  # Large limit for export
     )
 
     if not entries:
@@ -214,14 +211,14 @@ def audit_export(start, end, format, output):
 
     # Generate filename if not provided
     if not output:
-        date_str = start_date.strftime('%Y%m%d')
+        date_str = start_date.strftime("%Y%m%d")
         output = f"audit_log_{date_str}.{format}"
 
     if format == "json":
-        with open(output, 'w') as f:
+        with open(output, "w") as f:
             json.dump(entries, f, indent=2, default=str)
     else:
-        with open(output, 'w', newline='') as f:
+        with open(output, "w", newline="") as f:
             writer = csv.DictWriter(f, fieldnames=entries[0].keys())
             writer.writeheader()
             writer.writerows(entries)

souleyez/commands/auth.py

@@ -6,6 +6,7 @@ Commands:
 - souleyez logout    - Log out of current session
 - souleyez whoami    - Show current user info
 """
+
 import click
 import getpass
 from rich.console import Console
@@ -51,17 +52,21 @@ def login():
     # Check for first-run (no users exist)
     user_mgr = UserManager(get_db().db_path)
     if user_mgr.get_user_count() == 0:
-        console.print("[yellow]No users found. Creating default admin account...[/yellow]")
+        console.print(
+            "[yellow]No users found. Creating default admin account...[/yellow]"
+        )
         created, password = user_mgr.ensure_default_admin()
         if created:
-            console.print(Panel(
-                f"[green]Default admin account created![/green]\n\n"
-                f"Username: [bold]admin[/bold]\n"
-                f"Password: [bold]{password}[/bold]\n\n"
-                f"[red]⚠️  Save this password! It will not be shown again.[/red]",
-                title="🔐 First Run Setup",
-                border_style="green"
-            ))
+            console.print(
+                Panel(
+                    f"[green]Default admin account created![/green]\n\n"
+                    f"Username: [bold]admin[/bold]\n"
+                    f"Password: [bold]{password}[/bold]\n\n"
+                    f"[red]⚠️  Save this password! It will not be shown again.[/red]",
+                    title="🔐 First Run Setup",
+                    border_style="green",
+                )
+            )
 
     # Prompt for credentials
     console.print("\n[bold]🔐 SoulEyez Login[/bold]\n")
@@ -88,7 +93,9 @@ def login():
     console.print(f"\n[green]✅ Welcome, {user.username}![/green]")
     console.print(f"   Role: [cyan]{user.role.value.upper()}[/cyan]")
     console.print(f"   Tier: [magenta]{tier_badge}[/magenta]")
-    console.print(f"   Session expires: {session.expires_at.strftime('%Y-%m-%d %H:%M')}\n")
+    console.print(
+        f"   Session expires: {session.expires_at.strftime('%Y-%m-%d %H:%M')}\n"
+    )
 
 
 @click.command()
@@ -134,11 +141,21 @@ def whoami():
     table.add_row("Role", f"[cyan]{user.role.value.upper()}[/cyan]")
     table.add_row("Tier", f"[magenta]{tier_badge}[/magenta]")
     table.add_row("Email", user.email or "[dim]Not set[/dim]")
-    table.add_row("Last Login", user.last_login.strftime('%Y-%m-%d %H:%M') if user.last_login else "[dim]Never[/dim]")
-    table.add_row("Account Status", "[green]Active[/green]" if user.is_active else "[red]Disabled[/red]")
+    table.add_row(
+        "Last Login",
+        (
+            user.last_login.strftime("%Y-%m-%d %H:%M")
+            if user.last_login
+            else "[dim]Never[/dim]"
+        ),
+    )
+    table.add_row(
+        "Account Status",
+        "[green]Active[/green]" if user.is_active else "[red]Disabled[/red]",
+    )
 
     if user.license_expires_at:
-        table.add_row("License Expires", user.license_expires_at.strftime('%Y-%m-%d'))
+        table.add_row("License Expires", user.license_expires_at.strftime("%Y-%m-%d"))
 
     console.print(Panel(table, title="👤 Current User", border_style="blue"))
 
@@ -150,10 +167,13 @@ def _log_audit(action: str, user_id: str, username: str, details: str = None):
 
     try:
         conn = sqlite3.connect(get_db().db_path)
-        conn.execute("""
+        conn.execute(
+            """
             INSERT INTO audit_log (user_id, username, action, details, timestamp)
             VALUES (?, ?, ?, ?, ?)
-        """, (user_id, username, action, details, datetime.now().isoformat()))
+        """,
+            (user_id, username, action, details, datetime.now().isoformat()),
+        )
         conn.commit()
         conn.close()
     except Exception: