splunk-soar-sdk 3.6.1__py3-none-any.whl → 3.8.0__py3-none-any.whl

soar_sdk/auth/flows.py

@@ -0,0 +1,172 @@
+from __future__ import annotations
+
+import time
+from abc import ABC, abstractmethod
+from collections.abc import Callable
+from typing import TYPE_CHECKING, Any
+
+from soar_sdk.auth.client import (
+    AuthorizationRequiredError,
+    OAuthClientError,
+    SOARAssetOAuthClient,
+    TokenExpiredError,
+)
+from soar_sdk.auth.models import OAuthConfig, OAuthGrantType, OAuthToken
+from soar_sdk.logging import getLogger
+
+if TYPE_CHECKING:
+    from soar_sdk.asset_state import AssetState
+
+logger = getLogger()
+
+
+class OAuthFlow(ABC):
+    """Abstract base class for OAuth authentication flows."""
+
+    @abstractmethod
+    def authenticate(self) -> OAuthToken:
+        """Execute the authentication flow and return a valid token."""
+
+    @abstractmethod
+    def get_token(self) -> OAuthToken:
+        """Get a valid token, refreshing if necessary."""
+
+
+class ClientCredentialsFlow(OAuthFlow):
+    """OAuth 2.0 Client Credentials flow."""
+
+    def __init__(
+        self,
+        auth_state: AssetState,
+        *,
+        client_id: str,
+        client_secret: str,
+        token_endpoint: str,
+        scope: str | list[str] | None = None,
+        extra_params: dict[str, Any] | None = None,
+    ) -> None:
+        self._auth_state = auth_state
+        self._extra_params = extra_params
+
+        self._config = OAuthConfig(
+            client_id=client_id,
+            client_secret=client_secret,
+            token_endpoint=token_endpoint,
+            scope=scope,
+            grant_type=OAuthGrantType.CLIENT_CREDENTIALS,
+        )
+
+        self._client = SOARAssetOAuthClient(self._config, auth_state)
+
+    def authenticate(self) -> OAuthToken:
+        """Authenticate using client credentials."""
+        return self._client.fetch_token_with_client_credentials(
+            extra_params=self._extra_params,
+        )
+
+    def get_token(self) -> OAuthToken:
+        """Get a valid token, fetching a new one if expired."""
+        try:
+            return self._client.get_valid_token(auto_refresh=False)
+        except (AuthorizationRequiredError, TokenExpiredError):
+            return self.authenticate()
+
+
+class AuthorizationCodeFlow(OAuthFlow):
+    """OAuth 2.0 Authorization Code flow."""
+
+    def __init__(
+        self,
+        auth_state: AssetState,
+        asset_id: str,
+        *,
+        client_id: str,
+        client_secret: str | None = None,
+        authorization_endpoint: str,
+        token_endpoint: str,
+        redirect_uri: str,
+        scope: str | list[str] | None = None,
+        use_pkce: bool = False,
+        extra_auth_params: dict[str, Any] | None = None,
+        extra_token_params: dict[str, Any] | None = None,
+        poll_timeout: int = 300,
+        poll_interval: int = 3,
+    ) -> None:
+        self._auth_state = auth_state
+        self._asset_id = asset_id
+        self._use_pkce = use_pkce
+        self._extra_auth_params = extra_auth_params
+        self._extra_token_params = extra_token_params
+        self._poll_timeout = poll_timeout
+        self._poll_interval = poll_interval
+
+        self._config = OAuthConfig(
+            client_id=client_id,
+            client_secret=client_secret,
+            authorization_endpoint=authorization_endpoint,
+            token_endpoint=token_endpoint,
+            redirect_uri=redirect_uri,
+            scope=scope,
+            grant_type=OAuthGrantType.AUTHORIZATION_CODE,
+        )
+
+        self._client = SOARAssetOAuthClient(self._config, auth_state)
+
+    @property
+    def client(self) -> SOARAssetOAuthClient:
+        """Return the OAuth client."""
+        return self._client
+
+    def get_authorization_url(self) -> str:
+        """Generate the authorization URL."""
+        auth_url, _ = self._client.create_authorization_url(
+            self._asset_id,
+            use_pkce=self._use_pkce,
+            extra_params=self._extra_auth_params,
+        )
+        return auth_url
+
+    def set_authorization_code(self, code: str) -> None:
+        """Store authorization code in state (called by webhook)."""
+        self._client.set_authorization_code(code)
+
+    def exchange_code_for_token(self, code: str) -> OAuthToken:
+        """Exchange an authorization code for tokens."""
+        return self._client.fetch_token_with_authorization_code(
+            code,
+            extra_params=self._extra_token_params,
+        )
+
+    def wait_for_authorization(
+        self,
+        on_progress: Callable[[int], None] | None = None,
+    ) -> OAuthToken:
+        """Wait for user authorization to complete by polling state."""
+        start_time = time.time()
+        iteration = 0
+
+        while time.time() - start_time < self._poll_timeout:
+            time.sleep(self._poll_interval)
+            iteration += 1
+
+            if on_progress:
+                on_progress(iteration)
+
+            code = self._client.get_authorization_code(force_reload=True)
+            if code:
+                return self.exchange_code_for_token(code)
+
+        raise OAuthClientError(
+            f"Authorization timed out after {self._poll_timeout} seconds"
+        )
+
+    def authenticate(self) -> OAuthToken:
+        """Execute the full authorization code flow."""
+        auth_url = self.get_authorization_url()
+        raise AuthorizationRequiredError(
+            f"User authorization required. Please visit: {auth_url}"
+        )
+
+    def get_token(self) -> OAuthToken:
+        """Get a valid token, refreshing if necessary."""
+        return self._client.get_valid_token(auto_refresh=True)

soar_sdk/auth/httpx_auth.py

@@ -0,0 +1,97 @@
+from __future__ import annotations
+
+import base64
+from collections.abc import Generator
+
+import httpx
+
+from soar_sdk.auth.client import SOARAssetOAuthClient
+from soar_sdk.auth.models import OAuthToken
+
+
+class BasicAuth(httpx.Auth):
+    """HTTPX authentication using HTTP Basic Authentication."""
+
+    def __init__(self, username: str, password: str) -> None:
+        self._username = username
+        self._password = password
+
+    def auth_flow(
+        self,
+        request: httpx.Request,
+    ) -> Generator[httpx.Request, httpx.Response]:
+        """Add Basic authentication header to the request."""
+        credentials = f"{self._username}:{self._password}"
+        encoded = base64.b64encode(credentials.encode()).decode("ascii")
+        request.headers["Authorization"] = f"Basic {encoded}"
+        yield request
+
+
+class StaticTokenAuth(httpx.Auth):
+    """HTTPX authentication using a static token."""
+
+    def __init__(
+        self,
+        token: OAuthToken | str,
+        *,
+        token_type: str = "Bearer",  # noqa: S107
+        header_name: str = "Authorization",
+    ) -> None:
+        if isinstance(token, str):
+            self._access_token = token
+        else:
+            self._access_token = token.access_token
+            token_type = token.token_type or token_type
+        self._token_type = token_type
+        self._header_name = header_name
+
+    def auth_flow(
+        self,
+        request: httpx.Request,
+    ) -> Generator[httpx.Request, httpx.Response]:
+        """Add authentication header to the request."""
+        if self._token_type:
+            request.headers[self._header_name] = (
+                f"{self._token_type} {self._access_token}"
+            )
+        else:
+            request.headers[self._header_name] = self._access_token
+        yield request
+
+
+class OAuthBearerAuth(httpx.Auth):
+    """HTTPX authentication using OAuth Bearer tokens."""
+
+    requires_response_body = True
+
+    def __init__(
+        self,
+        oauth_client: SOARAssetOAuthClient,
+        *,
+        auto_refresh: bool = True,
+    ) -> None:
+        self._oauth_client = oauth_client
+        self._auto_refresh = auto_refresh
+        self._token: OAuthToken | None = None
+
+    def auth_flow(
+        self,
+        request: httpx.Request,
+    ) -> Generator[httpx.Request, httpx.Response]:
+        """Handle authentication flow for a request."""
+        if self._token is None or self._token.is_expired():
+            self._token = self._oauth_client.get_valid_token(
+                auto_refresh=self._auto_refresh
+            )
+
+        request.headers["Authorization"] = f"Bearer {self._token.access_token}"
+        response = yield request
+
+        if (
+            response.status_code == 401
+            and self._auto_refresh
+            and self._token.refresh_token
+        ):
+            self._token = self._oauth_client.refresh_token(self._token.refresh_token)
+            request.headers["Authorization"] = f"Bearer {self._token.access_token}"
+            yield request

soar_sdk/auth/models.py

@@ -0,0 +1,101 @@
+from __future__ import annotations
+
+import time
+from enum import StrEnum
+
+from pydantic import BaseModel, ConfigDict, Field
+
+
+class OAuthGrantType(StrEnum):
+    """Supported OAuth 2.0 grant types."""
+
+    AUTHORIZATION_CODE = "authorization_code"
+    CLIENT_CREDENTIALS = "client_credentials"
+    REFRESH_TOKEN = "refresh_token"  # noqa: S105
+
+
+class OAuthToken(BaseModel):
+    """OAuth 2.0 token response."""
+
+    model_config = ConfigDict(extra="allow")
+
+    _DEFAULT_TOKEN_TYPE = "Bearer"  # noqa: S105
+
+    access_token: str
+    token_type: str = _DEFAULT_TOKEN_TYPE
+    expires_in: int | None = None
+    refresh_token: str | None = None
+    scope: str | None = None
+    expires_at: float | None = None
+
+    def model_post_init(self, __context: object) -> None:
+        """Calculate expires_at if not provided but expires_in is available."""
+        if self.expires_at is None and self.expires_in is not None:
+            self.expires_at = time.time() + self.expires_in
+
+    def is_expired(self, leeway: int = 30) -> bool:
+        """Check if the token is expired."""
+        if self.expires_at is None:
+            return False
+        return time.time() >= (self.expires_at - leeway)
+
+
+class OAuthConfig(BaseModel):
+    """Configuration for OAuth 2.0 authentication."""
+
+    model_config = ConfigDict(extra="forbid")
+
+    client_id: str
+    client_secret: str | None = None
+    authorization_endpoint: str | None = None
+    token_endpoint: str
+    redirect_uri: str | None = None
+    scope: str | list[str] | None = None
+    grant_type: OAuthGrantType = OAuthGrantType.AUTHORIZATION_CODE
+
+    def get_scope_string(self) -> str | None:
+        """Return scope as a space-separated string."""
+        if self.scope is None:
+            return None
+        if isinstance(self.scope, list):
+            return " ".join(self.scope)
+        return self.scope
+
+
+class OAuthSession(BaseModel):
+    """Represents an active OAuth authentication session."""
+
+    model_config = ConfigDict(extra="forbid")
+
+    session_id: str
+    asset_id: str
+    auth_pending: bool = True
+    auth_complete: bool = False
+    auth_code: str | None = None
+    error: str | None = None
+    error_description: str | None = None
+    state: str | None = None
+    code_verifier: str | None = None
+
+
+class OAuthState(BaseModel):
+    """State persisted in auth_state for OAuth authentication."""
+
+    model_config = ConfigDict(extra="forbid")
+
+    token: OAuthToken | None = None
+    session: OAuthSession | None = None
+    client_id: str | None = Field(
+        default=None,
+        description="Stored client_id to detect credential changes",
+    )
+
+
+class CertificateCredentials(BaseModel):
+    """Certificate-based authentication credentials."""
+
+    model_config = ConfigDict(extra="forbid")
+
+    certificate_thumbprint: str
+    private_key: str
+    tenant_id: str | None = None

soar_sdk/cli/package/cli.py

@@ -66,10 +66,12 @@ async def collect_all_wheels(wheels: list[DependencyWheel]) -> list[tuple[str, b
     cache = dict(gathered_results)
 
     for key, wheel_group in dedupe_map.items():
-        for path, _ in cache[key]:
-            wheel_name = Path(path).name
-            for wheel in wheel_group:
-                wheel._record_built_wheel(wheel_name)
+        representative = wheel_group[0]
+        if representative.sdist is not None or representative.source_dir is not None:
+            for path, _ in cache[key]:
+                wheel_name = Path(path).name
+                for wheel in wheel_group:
+                    wheel._record_built_wheel(wheel_name)
 
     return list(chain.from_iterable(cache.values()))
 

soar_sdk/shims/phantom/base_connector.py

@@ -121,6 +121,13 @@ if TYPE_CHECKING or not _soar_is_available:
         def get_config(self) -> dict:
             return self.config
 
+        def get_app_id(self) -> str:
+            return self.__app_json.get("appid", "")
+
+        def get_state_dir(self) -> str:
+            phantom_home = os.getenv("PHANTOM_HOME", "/opt/phantom")
+            return f"{phantom_home}/local_data/app_states/{self.get_app_id()}/"
+
         def save_state(self, state: dict) -> None:
             self.__state = state
 

{splunk_soar_sdk-3.6.1.dist-info → splunk_soar_sdk-3.8.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: splunk-soar-sdk
-Version: 3.6.1
+Version: 3.8.0
 Summary: The official framework for developing and testing Splunk SOAR Apps
 Project-URL: Homepage, https://github.com/phantomcyber/splunk-soar-sdk
 Project-URL: Documentation, https://github.com/phantomcyber/splunk-soar-sdk
@@ -17,6 +17,7 @@ Classifier: Programming Language :: Python :: 3
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Typing :: Typed
 Requires-Python: <3.15,>=3.13
+Requires-Dist: authlib>=1.3.0
 Requires-Dist: beautifulsoup4>=4.10.0
 Requires-Dist: bleach>=6.2.0
 Requires-Dist: build>=1.3.0
@@ -29,6 +30,7 @@ Requires-Dist: humanize>=4.12.2
 Requires-Dist: jinja2>=3.1.0
 Requires-Dist: packaging>=25.0
 Requires-Dist: pydantic<3,>=2
+Requires-Dist: pyjwt[crypto]>=2.8.0
 Requires-Dist: requests<3
 Requires-Dist: setuptools>=80.9.0
 Requires-Dist: toml<1,>=0.10.2

{splunk_soar_sdk-3.6.1.dist-info → splunk_soar_sdk-3.8.0.dist-info}/RECORD

@@ -1,12 +1,12 @@
 soar_sdk/__init__.py,sha256=RzAng-ARqpK01SY82lNy4uYJFVG0yW6Q3CccEqbToJ4,726
 soar_sdk/abstract.py,sha256=GycJhTrSNDa7eDg8hOD7hJjIt5eHEykZhpza-jh_Veo,7787
 soar_sdk/action_results.py,sha256=eL4qBj2nXDKurzs733z_nnpNREc0SLLYJP2lPTpMKf0,11911
-soar_sdk/actions_manager.py,sha256=jfTTa8Rq06GXpJ_UHCA0MFli5bLgYFbcjpgbAW-ZSKo,5684
-soar_sdk/app.py,sha256=1tPd1bFe9abSzNJCqAmw7sexeuSHwSKGdggyrPjkVQA,35122
+soar_sdk/actions_manager.py,sha256=8IYOi2k8i9LHXEhQVZ0Ig3IS1gD3iAmOJ9q0bi14g-o,7179
+soar_sdk/app.py,sha256=2bUWx1BgWS9Kwkp0aUzVWM8LTdVUq1JI2eXR0LhwEMU,37092
 soar_sdk/app_cli_runner.py,sha256=K1ATWyGs0iNgPfIjMthsN72laOXqXCFZNEXfuzAMOM4,11645
 soar_sdk/app_client.py,sha256=hbe1R2QwXDmoS4959a-ay9oylD1Qk-oPJvJRnxvICz0,6281
-soar_sdk/asset.py,sha256=au_P8YS5SUJaZm98DJVpmHlX5BhBhAPnpoYnmj095cU,12236
-soar_sdk/asset_state.py,sha256=Qj9Ku9OyAr5rL7N_ifpaEdpA27eu5qggSIbUob2L_VI,2101
+soar_sdk/asset.py,sha256=CUCFjUVAawrk3hyGvQn_qNApqJx8J4VxzD--iGEE2pc,12123
+soar_sdk/asset_state.py,sha256=qh4n8IoabVObIZXRPyM0zznwC5LcJpbADcybmDdQABc,2318
 soar_sdk/async_utils.py,sha256=Dz7RagIRjyIagA9vivHWSb18S96J2WOuDB8B5Zy64AE,1428
 soar_sdk/colors.py,sha256=--i_iXqfyITUz4O95HMjfZQGbwFZ34bLmBhtfpXXqlQ,1095
 soar_sdk/compat.py,sha256=N4bG1wqISICV92K1jLx7v5JGrHC08Bdn3Gx3Cx1lEmE,3062
@@ -32,6 +32,12 @@ soar_sdk/app_templates/basic_app/logo.svg,sha256=_JTop6spn5oPWPk-w6Tzumx_FTSBanO
 soar_sdk/app_templates/basic_app/logo_dark.svg,sha256=PTxIs_1CKK9ZY3v-K1QoGwaUng9ZUL2MhUeO2jeHu_0,291
 soar_sdk/app_templates/basic_app/uv.lock,sha256=AfgaIBg88KH-0iyXpCXacXAwHYKm0c-on2gWXjV9L-Y,80216
 soar_sdk/app_templates/basic_app/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+soar_sdk/auth/__init__.py,sha256=Z6pSzWMd49aY4H-9IxdCeWxCEC8_K4kT7i4buyv03sw,896
+soar_sdk/auth/client.py,sha256=QmQ2dcTpke7hI7aff4usgbM_LQ0Prw2PILEb56jQFII,17077
+soar_sdk/auth/factories.py,sha256=lNDxhrJtQpEEVV_dGEarwHHdU64oNPCxcZTrv0L4GEY,3994
+soar_sdk/auth/flows.py,sha256=ahSOdr129s-GQjGUK8e2kNaLmjLTRzkxEJG3IwUws78,5457
+soar_sdk/auth/httpx_auth.py,sha256=b_ldXjRxqZZiCjCnR3eZvUiDWTqYZShZKhu9NBn1Vns,3009
+soar_sdk/auth/models.py,sha256=vSgRqHxyga2W8FGQZLjqHtk0yEQHkbEREshDePfJXgo,2856
 soar_sdk/cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 soar_sdk/cli/cli.py,sha256=9OqjVFPoIBdsO-Zmijcf0yBnjk3ggBPEOaCxKfvvw6g,998
 soar_sdk/cli/path_utils.py,sha256=aJy3fzw2MIU-WHZn21H021B4sjGkKxW61l02QIFVGJ8,1087
@@ -43,7 +49,7 @@ soar_sdk/cli/manifests/cli.py,sha256=cly5xVdj4bBIdZVMQPIWTXRgUfd1ON3qKO-76Fwql18
 soar_sdk/cli/manifests/deserializers.py,sha256=kwgPAMgUEXtIn4AuQOh1nkLfWFqe4qnYPZ1czB-FQTU,16516
 soar_sdk/cli/manifests/processors.py,sha256=soiRTbfLQuetstt1Xk7vKmWzOUhgVON5JxjWMvnGN7w,5141
 soar_sdk/cli/manifests/serializers.py,sha256=ulpq3nS8g1YrIP371XoQC3_kpz-9v2Ln_mqPyMtpWn8,3632
-soar_sdk/cli/package/cli.py,sha256=_SlMNfqEyjAAWQy8AU4KhDpqxbV0jnjTQX1c3uULAtk,9945
+soar_sdk/cli/package/cli.py,sha256=hdpVBRvVGWaYDYhpDILlA7LRhunfElLbNdh21jviKrM,10087
 soar_sdk/cli/package/utils.py,sha256=fl6PMcrdC2zA7A16byQuxxPyAI2Z-BqBLfLlF2ZNnQ4,1712
 soar_sdk/cli/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 soar_sdk/cli/test/cli.py,sha256=iDrthN8L7B1RplLhq0EI69MndaOhvAXn7bqv3XzlfpM,7655
@@ -83,7 +89,7 @@ soar_sdk/models/vault_attachment.py,sha256=sdRnQdPiwgaZDojpap4ohH7u1Q5TYGP-drs8K
 soar_sdk/models/view.py,sha256=BUuz6VVVe78hg7irGgZCbvBcycOmuPqplkagdi3T4Dg,779
 soar_sdk/shims/phantom/action_result.py,sha256=Nddc9oswAfHU7I2q0pLm3HZ2YiLUQZUEIqqAjToZWnM,1606
 soar_sdk/shims/phantom/app.py,sha256=uvE7Hsz5KudARpwaye7cx9lEOTMmPsJlZdunmkV8_lY,303
-soar_sdk/shims/phantom/base_connector.py,sha256=59Eh9D6cFOfVNf6OfN6Q8ds-QnnUp8zO_S3HlgDmQo8,4872
+soar_sdk/shims/phantom/base_connector.py,sha256=2Tbh5nHnP6euilRiQL9NaVtmrgQIiY0eIkkzu-ah8_Y,5152
 soar_sdk/shims/phantom/connector_result.py,sha256=b6yrR1uUXBhfwpUf8HzESItPgfaiHxNTXF8FaGdQNsk,640
 soar_sdk/shims/phantom/consts.py,sha256=eq6AIuDhb2Z-CJORwv98D3JbcIOW8CC673zx5dNPFKU,404
 soar_sdk/shims/phantom/encryption_helper.py,sha256=20VqqSFuftjB8bMriP6mjgvYWpYqYZyokYzq_aydkqU,1503
@@ -110,8 +116,8 @@ soar_sdk/views/components/pie_chart.py,sha256=LVTeHVJN6nf2vjUs9y7PDBhS0U1fKW750l
 soar_sdk/webhooks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 soar_sdk/webhooks/models.py,sha256=j3kbvYmcOlcj3gQYKtrv7iS-lDavMKYNLdCNMy_I2Hc,4542
 soar_sdk/webhooks/routing.py,sha256=OjezhuAb8wzW0MnbGSnIWeAH3uJcu-Sb7s3w9zoiPVM,6873
-splunk_soar_sdk-3.6.1.dist-info/METADATA,sha256=1Y4gKBFsYMfCL1vPPxCCLCDvz16iQ9EmjhdjY0prJg0,7478
-splunk_soar_sdk-3.6.1.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-splunk_soar_sdk-3.6.1.dist-info/entry_points.txt,sha256=CgBjo2ZWpYNkt9TgvToL26h2Tg1yt8FbvYTb5NVgNuc,51
-splunk_soar_sdk-3.6.1.dist-info/licenses/LICENSE,sha256=gNCGrGhrSQb1PUzBOByVUN1tvaliwLZfna-QU2r2hQ8,11345
-splunk_soar_sdk-3.6.1.dist-info/RECORD,,
+splunk_soar_sdk-3.8.0.dist-info/METADATA,sha256=Sulxm0L7rnkY_17tCaITHItSmYiHA2J26kYLZ2ymxcw,7544
+splunk_soar_sdk-3.8.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+splunk_soar_sdk-3.8.0.dist-info/entry_points.txt,sha256=CgBjo2ZWpYNkt9TgvToL26h2Tg1yt8FbvYTb5NVgNuc,51
+splunk_soar_sdk-3.8.0.dist-info/licenses/LICENSE,sha256=gNCGrGhrSQb1PUzBOByVUN1tvaliwLZfna-QU2r2hQ8,11345
+splunk_soar_sdk-3.8.0.dist-info/RECORD,,