square-administration 2.2.0__py3-none-any.whl → 2.3.0__py3-none-any.whl

square_administration/configuration.py

@@ -42,6 +42,7 @@ try:
     config_str_ssl_key_file_path = ldict_configuration["ENVIRONMENT"][
         "SSL_KEY_FILE_PATH"
     ]
+    config_str_cookie_domain = ldict_configuration["ENVIRONMENT"]["COOKIE_DOMAIN"]
     # ===========================================
 
     # ===========================================

square_administration/data/config.ini

@@ -14,6 +14,8 @@ ADMIN_PASSWORD_HASH = $2b$12$tDw4ZR0guiF5s5oVve5PcuELhlWO.lUH.OChPoeWVn95ac7QJln
 SSL_CRT_FILE_PATH = ssl.crt
 SSL_KEY_FILE_PATH = ssl.key
 
+COOKIE_DOMAIN = localhost
+
 [SQUARE_LOGGER]
 
 # | Log Level | Value |

square_administration/main.py

@@ -1,5 +1,3 @@
-import os.path
-
 from fastapi import FastAPI, status
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import JSONResponse
@@ -15,6 +13,7 @@ from square_administration.configuration import (
     config_str_ssl_crt_file_path,
 )
 from square_administration.routes import core, authentication
+from square_administration.utils.common import is_https
 
 app = FastAPI()
 
@@ -39,9 +38,7 @@ async def root():
 
 if __name__ == "__main__":
     try:
-        if os.path.exists(config_str_ssl_key_file_path) and os.path.exists(
-            config_str_ssl_crt_file_path
-        ):
+        if is_https():
             run(
                 app,
                 host=config_str_host_ip,

square_administration/routes/authentication.py

@@ -1,10 +1,12 @@
 import json
+from datetime import datetime
 from typing import Annotated
 
 import bcrypt
 from fastapi import APIRouter, status, HTTPException, Header, Request
 from fastapi.responses import JSONResponse
 from requests import HTTPError
+from square_authentication_helper import TokenType
 from square_commons import get_api_output_in_standard_format
 from square_commons.api_utils import create_cookie
 
@@ -13,12 +15,14 @@ from square_administration.configuration import (
     config_str_admin_password_hash,
     global_object_square_authentication_helper,
     global_int_app_id,
+    config_str_cookie_domain,
 )
 from square_administration.messages import messages
 from square_administration.pydantic_models.authentication import (
     RegisterUsernameV0,
     LoginUsernameV0,
 )
+from square_administration.utils.common import is_https
 
 router = APIRouter(
     tags=["authentication"],
@@ -68,7 +72,11 @@ async def register_username_v0(
         return value
         """
         refresh_token = response["data"]["main"]["refresh_token"]
+        refresh_token_expiry_time = response["data"]["main"][
+            "refresh_token_expiry_time"
+        ]
         del response["data"]["main"]["refresh_token"]
+        del response["data"]["main"]["refresh_token_expiry_time"]
         output_content = get_api_output_in_standard_format(
             message=messages["REGISTRATION_SUCCESSFUL"],
             data={"main": response["data"]["main"]},
@@ -81,6 +89,10 @@ async def register_username_v0(
             **create_cookie(
                 key="refresh_token|" + str(global_int_app_id),
                 value=refresh_token,
+                domain=config_str_cookie_domain,
+                expires=datetime.fromisoformat(refresh_token_expiry_time),
+                secure=is_https(),
+                http_only=True,
             )
         )
         return json_response
@@ -144,7 +156,11 @@ async def login_username_v0(
         return value
         """
         refresh_token = response["data"]["main"]["refresh_token"]
+        refresh_token_expiry_time = response["data"]["main"][
+            "refresh_token_expiry_time"
+        ]
         del response["data"]["main"]["refresh_token"]
+        del response["data"]["main"]["refresh_token_expiry_time"]
         output_content = get_api_output_in_standard_format(
             message=messages["LOGIN_SUCCESSFUL"],
             data={"main": response["data"]["main"]},
@@ -157,6 +173,10 @@ async def login_username_v0(
             **create_cookie(
                 key="refresh_token|" + str(global_int_app_id),
                 value=refresh_token,
+                domain=config_str_cookie_domain,
+                expires=datetime.fromisoformat(refresh_token_expiry_time),
+                secure=is_https(),
+                http_only=True,
             )
         )
         return json_response
@@ -277,6 +297,22 @@ async def logout_v0(request: Request):
                 status_code=status.HTTP_400_BAD_REQUEST,
                 content=output_content,
             )
+        refresh_token_payload = global_object_square_authentication_helper.validate_and_get_payload_from_token_v0(
+            refresh_token, TokenType.refresh_token
+        )[
+            "data"
+        ][
+            "main"
+        ]
+        if refresh_token_payload["app_id"] != global_int_app_id:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_REFRESH_TOKEN"],
+                log=f"refresh token is for different app id. intended app id: {global_int_app_id}, actual app id: {refresh_token_payload['app_id']}.",
+            )
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                content=output_content,
+            )
         """
         main process
         """
@@ -345,6 +381,22 @@ async def generate_access_token_v0(
                 status_code=status.HTTP_400_BAD_REQUEST,
                 content=output_content,
             )
+        refresh_token_payload = global_object_square_authentication_helper.validate_and_get_payload_from_token_v0(
+            refresh_token, TokenType.refresh_token
+        )[
+            "data"
+        ][
+            "main"
+        ]
+        if refresh_token_payload["app_id"] != global_int_app_id:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_REFRESH_TOKEN"],
+                log=f"refresh token is for different app id. intended app id: {global_int_app_id}, actual app id: {refresh_token_payload['app_id']}.",
+            )
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                content=output_content,
+            )
         """
         main process
         """

square_administration/utils/common.py

@@ -0,0 +1,12 @@
+import os
+
+from square_administration.configuration import (
+    config_str_ssl_key_file_path,
+    config_str_ssl_crt_file_path,
+)
+
+
+def is_https() -> bool:
+    return os.path.exists(config_str_ssl_key_file_path) and os.path.exists(
+        config_str_ssl_crt_file_path
+    )

{square_administration-2.2.0.dist-info → square_administration-2.3.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: square-administration
-Version: 2.2.0
+Version: 2.3.0
 Summary: common business layer for my personal server.
 Home-page: https://github.com/thepmsquare/square_administration
 Author: thePmSquare
@@ -42,6 +42,20 @@ pip install square_administration
 
 ## changelog
 
+### v2.3.0
+
+- env
+    - add new variable COOKIE_DOMAIN.
+- util
+    - add is_https.
+- authentication
+    - add domain, exp_time, secure and http_only flags for cookies generated in login_username_v0, register_username_v0.
+
+### v2.2.1
+
+- authentication
+    - add validation for refresh token app id in logout_v0, generate_access_token_v0.
+
 ### v2.2.0
 
 - authentication

{square_administration-2.2.0.dist-info → square_administration-2.3.0.dist-info}/RECORD

@@ -1,16 +1,17 @@
 square_administration/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-square_administration/configuration.py,sha256=ldSmVp3FWOndN4u-dH-pf4i0olRZx1-uORJAj1qW-g8,4733
-square_administration/main.py,sha256=L4MM_7yimRLB8J1ltgXPnrN3j_UXKVtp8o8S46MSqrY,1678
+square_administration/configuration.py,sha256=k4ZxGB-RBvHLWQ5ksv-fj0UfAXJ25bSNu5uLNn_rnVc,4816
+square_administration/main.py,sha256=YHala3fQjbj4wQuIzCWEZ3xeeVsidPLHabCUsADr4tE,1613
 square_administration/messages.py,sha256=VYjJGW0Kvtjrx1Mw7ekksLVMoxcexLol2OckvqhZ3n0,1063
-square_administration/data/config.ini,sha256=NMpUnBSPEdwCW1Y-z5DOjpTQgXGjt4ZcqP4QQiAXr_U,997
+square_administration/data/config.ini,sha256=sTWBnaNGXqLi0Ckk2cNzBC7pqrlboyU_ClLl04luOZY,1024
 square_administration/pydantic_models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 square_administration/pydantic_models/authentication.py,sha256=DWXctw5UWzkSVY7nMIQZsRhmgW3OK455OVcoUpJrPY0,202
 square_administration/pydantic_models/core.py,sha256=HUMrBmfKrXeL-126gE5j2povdVmktn8XLg2tHEdeXTk,344
 square_administration/routes/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-square_administration/routes/authentication.py,sha256=jGyQJkX6LMnNbOFqbWdEyOnMGUHNdK-PoeGriTNt-XM,11862
+square_administration/routes/authentication.py,sha256=wq1JFXVfbVEy3_HGdFVk2823YgMs8qhWl_gR6Cqv_ik,14237
 square_administration/routes/core.py,sha256=65_FIZilintZvbHx7r25UQbgN-oKdQ92-Nv3kpwKX6s,5374
 square_administration/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-square_administration-2.2.0.dist-info/METADATA,sha256=jKs3X8MSBrYx4YGeC-P7_arkADCzp29S8p7JMz4tN-k,1686
-square_administration-2.2.0.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
-square_administration-2.2.0.dist-info/top_level.txt,sha256=8WFipDrMQUPRDo5AvipxU1YK3wZtWZyCUMWaR416zAw,22
-square_administration-2.2.0.dist-info/RECORD,,
+square_administration/utils/common.py,sha256=amCGhwizka1MgM-Xlw_8f07V54Br7pOvCDtevJfz98M,276
+square_administration-2.3.0.dist-info/METADATA,sha256=Xv5LDFtx2fBxk7MI0e0_5z8aBCjdSNs6_ncGrrgB0mk,2024
+square_administration-2.3.0.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
+square_administration-2.3.0.dist-info/top_level.txt,sha256=8WFipDrMQUPRDo5AvipxU1YK3wZtWZyCUMWaR416zAw,22
+square_administration-2.3.0.dist-info/RECORD,,