square-authentication 1.0.0__py3-none-any.whl → 2.0.0__py3-none-any.whl

square_authentication/configuration.py

@@ -6,11 +6,11 @@ from square_logger.main import SquareLogger
 
 try:
     config_file_path = (
-            os.path.dirname(os.path.abspath(__file__))
-            + os.sep
-            + "data"
-            + os.sep
-            + "config.ini"
+        os.path.dirname(os.path.abspath(__file__))
+        + os.sep
+        + "data"
+        + os.sep
+        + "config.ini"
     )
     ldict_configuration = ConfigReader(config_file_path).read_configuration()
 

square_authentication/main.py

@@ -3,6 +3,7 @@ import os.path
 from fastapi import FastAPI, status
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import JSONResponse
+from square_commons import get_api_output_in_standard_format
 from uvicorn import run
 
 from square_authentication.configuration import (
@@ -31,15 +32,14 @@ app.include_router(utility.router)
 @app.get("/")
 @global_object_square_logger.async_auto_logger
 async def root():
-    return JSONResponse(
-        status_code=status.HTTP_200_OK, content={"text": config_str_module_name}
-    )
+    output_content = get_api_output_in_standard_format(log=config_str_module_name)
+    return JSONResponse(status_code=status.HTTP_200_OK, content=output_content)
 
 
 if __name__ == "__main__":
     try:
         if os.path.exists(config_str_ssl_key_file_path) and os.path.exists(
-                config_str_ssl_crt_file_path
+            config_str_ssl_crt_file_path
         ):
             run(
                 app,

square_authentication/messages.py

@@ -0,0 +1,16 @@
+messages = {
+    "REGISTRATION_SUCCESSFUL": "registration was successful. welcome aboard!",
+    "LOGIN_SUCCESSFUL": "you have logged in successfully.",
+    "LOGOUT_SUCCESSFUL": "you have logged out successfully.",
+    "INCORRECT_USERNAME": "the username you entered does not exist.",
+    "INCORRECT_PASSWORD": "the password you entered is incorrect. please try again.",
+    "INCORRECT_USER_ID": "the user ID you provided does not exist or is invalid.",
+    "USERNAME_ALREADY_EXISTS": "the username you entered is already taken. please choose a different one.",
+    "INCORRECT_ACCESS_TOKEN": "the access token provided is invalid or expired.",
+    "INCORRECT_REFRESH_TOKEN": "the refresh token provided is invalid or expired.",
+    "GENERIC_READ_SUCCESSFUL": "data retrieved successfully.",
+    "GENERIC_CREATION_SUCCESSFUL": "records created successfully.",
+    "GENERIC_UPDATE_SUCCESSFUL": "your information has been updated successfully.",
+    "GENERIC_400": "the request is invalid or cannot be processed.",
+    "GENERIC_500": "an internal server error occurred. please try again later.",
+}

square_authentication/routes/core.py

@@ -1,22 +1,29 @@
 from datetime import datetime, timedelta, timezone
-from typing import Annotated, Union
+from typing import Annotated, List
+from uuid import UUID
 
 import bcrypt
 import jwt
-from fastapi import APIRouter, status, Header
+from fastapi import APIRouter, status, Header, HTTPException
 from fastapi.responses import JSONResponse
-from requests.exceptions import HTTPError
+from square_commons import get_api_output_in_standard_format
+from square_database.pydantic_models.pydantic_models import (
+    FiltersV0,
+    FilterConditionsV0,
+)
 from square_database_helper.main import SquareDatabaseHelper
-from square_database_structure.square.authentication.enums import UserLogEventEnum
+from square_database_structure.square import global_string_database_name
+from square_database_structure.square.authentication import global_string_schema_name
 from square_database_structure.square.authentication.tables import (
-    local_string_database_name,
-    local_string_schema_name,
     User,
-    UserLog,
     UserCredential,
-    UserProfile,
     UserSession,
+    UserApp,
+)
+from square_database_structure.square.public import (
+    global_string_schema_name as global_string_public_schema_name,
 )
+from square_database_structure.square.public.tables import App
 
 from square_authentication.configuration import (
     global_object_square_logger,
@@ -28,6 +35,7 @@ from square_authentication.configuration import (
     config_int_square_database_port,
     config_str_square_database_protocol,
 )
+from square_authentication.messages import messages
 from square_authentication.utils.token import get_jwt_payload
 
 router = APIRouter(
@@ -41,66 +49,441 @@ global_object_square_database_helper = SquareDatabaseHelper(
 )
 
 
-@router.get("/register_username/")
+@router.post("/register_username/v0")
 @global_object_square_logger.async_auto_logger
-async def register_username(username: str, password: str):
+async def register_username_v0(username: str, password: str):
     local_str_user_id = None
+    username = username.lower()
     try:
-        # ======================================================================================
+        """
+        validation
+        """
+
+        # validation for username
+        local_list_response_user_creds = global_object_square_database_helper.get_rows_v0(
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
+            table_name=UserCredential.__tablename__,
+            filters=FiltersV0(
+                {
+                    UserCredential.user_credential_username.name: FilterConditionsV0(
+                        eq=username
+                    )
+                }
+            ),
+        )[
+            "data"
+        ][
+            "main"
+        ]
+        if len(local_list_response_user_creds) > 0:
+            output_content = get_api_output_in_standard_format(
+                message=messages["USERNAME_ALREADY_EXISTS"],
+                log=f"an account with the username {username} already exists.",
+            )
+            raise HTTPException(
+                status_code=status.HTTP_409_CONFLICT,
+                detail=output_content,
+            )
+
+        """
+        main process
+        """
         # entry in user table
-        local_list_response_user = global_object_square_database_helper.insert_rows(
+        local_list_response_user = global_object_square_database_helper.insert_rows_v0(
             data=[{}],
-            database_name=local_string_database_name,
-            schema_name=local_string_schema_name,
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
             table_name=User.__tablename__,
-        )
+        )["data"]["main"]
         local_str_user_id = local_list_response_user[0][User.user_id.name]
-        # ======================================================================================
 
-        # ======================================================================================
-        # entry in user log
-        local_list_response_user_log = global_object_square_database_helper.insert_rows(
+        # entry in credential table
+
+        # hash password
+        local_str_hashed_password = bcrypt.hashpw(
+            password.encode("utf-8"), bcrypt.gensalt()
+        ).decode("utf-8")
+
+        global_object_square_database_helper.insert_rows_v0(
             data=[
                 {
-                    UserLog.user_id.name: local_str_user_id,
-                    UserLog.user_log_event.name: UserLogEventEnum.CREATED.value,
+                    UserCredential.user_id.name: local_str_user_id,
+                    UserCredential.user_credential_username.name: username,
+                    UserCredential.user_credential_hashed_password.name: local_str_hashed_password,
                 }
             ],
-            database_name=local_string_database_name,
-            schema_name=local_string_schema_name,
-            table_name=UserLog.__tablename__,
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
+            table_name=UserCredential.__tablename__,
         )
-        # ======================================================================================
 
-        # ======================================================================================
-        # entry in user profile
-        local_list_response_user_profile = (
-            global_object_square_database_helper.insert_rows(
-                data=[{UserProfile.user_id.name: local_str_user_id}],
-                database_name=local_string_database_name,
-                schema_name=local_string_schema_name,
-                table_name=UserProfile.__tablename__,
+        """
+        return value
+        """
+        output_content = get_api_output_in_standard_format(
+            message=messages["REGISTRATION_SUCCESSFUL"],
+            data={"main": {"user_id": local_str_user_id, "username": username}},
+        )
+        return JSONResponse(
+            status_code=status.HTTP_201_CREATED,
+            content=output_content,
+        )
+    except HTTPException as http_exception:
+        return JSONResponse(
+            status_code=http_exception.status_code, content=http_exception.detail
+        )
+    except Exception as e:
+        global_object_square_logger.logger.error(e, exc_info=True)
+        """
+        rollback logic
+        """
+        if local_str_user_id:
+            global_object_square_database_helper.delete_rows_v0(
+                database_name=global_string_database_name,
+                schema_name=global_string_schema_name,
+                table_name=User.__tablename__,
+                filters=FiltersV0(
+                    {User.user_id.name: FilterConditionsV0(eq=local_str_user_id)}
+                ),
             )
+        output_content = get_api_output_in_standard_format(
+            message=messages["GENERIC_500"],
+            log=str(e),
+        )
+        return JSONResponse(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, content=output_content
         )
 
-        # ======================================================================================
 
-        # ======================================================================================
-        # entry in credential table
+@router.get("/get_user_app_ids/v0")
+@global_object_square_logger.async_auto_logger
+async def get_user_app_ids_v0(user_id: UUID):
+    try:
+        local_string_user_id = str(user_id)
+        """
+        validation
+        """
+
+        local_list_response_user = global_object_square_database_helper.get_rows_v0(
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
+            table_name=User.__tablename__,
+            filters=FiltersV0(
+                {User.user_id.name: FilterConditionsV0(eq=local_string_user_id)}
+            ),
+        )["data"]["main"]
+        if len(local_list_response_user) != 1:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_USER_ID"],
+                log=f"invalid user_id: {local_string_user_id}",
+            )
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=output_content,
+            )
+        """
+        main process
+        """
+        local_list_response_user_app = global_object_square_database_helper.get_rows_v0(
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
+            table_name=UserApp.__tablename__,
+            filters=FiltersV0(
+                {UserApp.user_id.name: FilterConditionsV0(eq=local_string_user_id)}
+            ),
+        )["data"]["main"]
+        """
+        return value
+        """
+        output_content = get_api_output_in_standard_format(
+            message=messages["GENERIC_READ_SUCCESSFUL"],
+            data={
+                "main": [x[UserApp.app_id.name] for x in local_list_response_user_app]
+            },
+        )
+        return JSONResponse(
+            status_code=status.HTTP_200_OK,
+            content=output_content,
+        )
+    except HTTPException as http_exception:
+        return JSONResponse(
+            status_code=http_exception.status_code, content=http_exception.detail
+        )
+    except Exception as e:
+        """
+        rollback logic
+        """
+        global_object_square_logger.logger.error(e, exc_info=True)
+        output_content = get_api_output_in_standard_format(
+            message=messages["GENERIC_500"],
+            log=str(e),
+        )
+        return JSONResponse(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            content=output_content,
+        )
+
+
+@router.patch("/update_user_app_ids/v0")
+@global_object_square_logger.async_auto_logger
+async def update_user_app_ids_v0(
+    user_id: UUID,
+    app_ids_to_add: List[int],
+    app_ids_to_remove: List[int],
+):
+    try:
+        local_string_user_id = str(user_id)
+        """
+        validation
+        """
+
+        app_ids_to_add = list(set(app_ids_to_add))
+        app_ids_to_remove = list(set(app_ids_to_remove))
+
+        # check if app_ids_to_add and app_ids_to_remove don't have common ids.
+        local_list_common_app_ids = set(app_ids_to_add) & set(app_ids_to_remove)
+        if len(local_list_common_app_ids) > 0:
+            output_content = get_api_output_in_standard_format(
+                message=messages["GENERIC_400"],
+                log=f"invalid app_ids: {list(local_list_common_app_ids)}, present in both add list and remove list.",
+            )
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=output_content,
+            )
+        # validate access token
+        # TBD
+
+        # check if user id is in user table
+        local_list_response_user = global_object_square_database_helper.get_rows_v0(
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
+            table_name=User.__tablename__,
+            filters=FiltersV0(
+                {User.user_id.name: FilterConditionsV0(eq=local_string_user_id)}
+            ),
+        )["data"]["main"]
+        if len(local_list_response_user) != 1:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_USER_ID"],
+                log=f"invalid user_id: {local_string_user_id}",
+            )
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=output_content,
+            )
+
+        # check if all app_ids are valid
+        local_list_all_app_ids = [*app_ids_to_add, *app_ids_to_remove]
+        local_list_response_app = global_object_square_database_helper.get_rows_v0(
+            database_name=global_string_database_name,
+            schema_name=global_string_public_schema_name,
+            table_name=App.__tablename__,
+            apply_filters=False,
+            filters=FiltersV0({}),
+        )["data"]["main"]
+        local_list_invalid_ids = [
+            x
+            for x in local_list_all_app_ids
+            if x not in [y[App.app_id.name] for y in local_list_response_app]
+        ]
+        if len(local_list_invalid_ids) > 0:
+            output_content = get_api_output_in_standard_format(
+                message=messages["GENERIC_400"],
+                log=f"invalid app_ids: {local_list_invalid_ids}.",
+            )
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=output_content,
+            )
+        """
+        main process
+        """
+        # logic for adding new app_ids
+        local_list_response_user_app = global_object_square_database_helper.get_rows_v0(
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
+            table_name=UserApp.__tablename__,
+            filters=FiltersV0(
+                {UserApp.user_id.name: FilterConditionsV0(eq=local_string_user_id)}
+            ),
+        )["data"]["main"]
+        local_list_new_app_ids = [
+            {
+                UserApp.user_id.name: local_string_user_id,
+                UserApp.app_id.name: x,
+            }
+            for x in app_ids_to_add
+            if x not in [y[UserApp.app_id.name] for y in local_list_response_user_app]
+        ]
+        if len(local_list_new_app_ids) > 0:
+            global_object_square_database_helper.insert_rows_v0(
+                database_name=global_string_database_name,
+                schema_name=global_string_schema_name,
+                table_name=UserApp.__tablename__,
+                data=local_list_new_app_ids,
+            )
+
+        # logic for removing app_ids
+        for app_id in app_ids_to_remove:
+            global_object_square_database_helper.delete_rows_v0(
+                database_name=global_string_database_name,
+                schema_name=global_string_schema_name,
+                table_name=UserApp.__tablename__,
+                filters=FiltersV0(
+                    {
+                        UserApp.user_id.name: FilterConditionsV0(
+                            eq=local_string_user_id
+                        ),
+                        UserApp.app_id.name: FilterConditionsV0(eq=app_id),
+                    }
+                ),
+            )
+            global_object_square_database_helper.delete_rows_v0(
+                database_name=global_string_database_name,
+                schema_name=global_string_schema_name,
+                table_name=UserSession.__tablename__,
+                filters=FiltersV0(
+                    {
+                        UserSession.user_id.name: FilterConditionsV0(
+                            eq=local_string_user_id
+                        ),
+                        UserSession.app_id.name: FilterConditionsV0(eq=app_id),
+                    }
+                ),
+            )
+
+        """
+        return value
+        """
+        # get latest app ids
+        local_list_response_user_app = global_object_square_database_helper.get_rows_v0(
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
+            table_name=UserApp.__tablename__,
+            filters=FiltersV0(
+                {UserApp.user_id.name: FilterConditionsV0(eq=local_string_user_id)}
+            ),
+        )["data"]["main"]
+        output_content = get_api_output_in_standard_format(
+            message=messages["GENERIC_UPDATE_SUCCESSFUL"],
+            data={
+                "main": [x[UserApp.app_id.name] for x in local_list_response_user_app]
+            },
+        )
+        return JSONResponse(
+            status_code=status.HTTP_200_OK,
+            content=output_content,
+        )
+    except HTTPException as http_exception:
+        return JSONResponse(
+            status_code=http_exception.status_code, content=http_exception.detail
+        )
+    except Exception as e:
+        """
+        rollback logic
+        """
+        global_object_square_logger.logger.error(e, exc_info=True)
+        output_content = get_api_output_in_standard_format(
+            message=messages["GENERIC_500"],
+            log=str(e),
+        )
+        return JSONResponse(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            content=output_content,
+        )
 
-        # hash password
-        local_str_hashed_password = bcrypt.hashpw(
-            password.encode("utf-8"), bcrypt.gensalt()
-        ).decode("utf-8")
+
+@router.get("/login_username/v0")
+@global_object_square_logger.async_auto_logger
+async def login_username_v0(username: str, password: str, app_id: int):
+    username = username.lower()
+    try:
+        """
+        validation
+        """
+        # validation for username
+        local_list_authentication_user_response = global_object_square_database_helper.get_rows_v0(
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
+            table_name=UserCredential.__tablename__,
+            filters=FiltersV0(
+                {
+                    UserCredential.user_credential_username.name: FilterConditionsV0(
+                        eq=username
+                    )
+                }
+            ),
+        )[
+            "data"
+        ][
+            "main"
+        ]
+        if len(local_list_authentication_user_response) != 1:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_USERNAME"],
+                log=f"incorrect username {username}",
+            )
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST, content=output_content
+            )
+        # validate if app_id is assigned to user
+        # this will also validate if app_id is valid
+        local_dict_user = local_list_authentication_user_response[0]
+        local_str_user_id = local_dict_user[UserCredential.user_id.name]
+        local_list_user_app_response = global_object_square_database_helper.get_rows_v0(
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
+            table_name=UserApp.__tablename__,
+            filters=FiltersV0(
+                {
+                    UserApp.user_id.name: FilterConditionsV0(eq=local_str_user_id),
+                    UserApp.app_id.name: FilterConditionsV0(eq=app_id),
+                }
+            ),
+        )["data"]["main"]
+        if len(local_list_user_app_response) != 1:
+            output_content = get_api_output_in_standard_format(
+                message=messages["GENERIC_400"],
+                log=f"user_id {local_str_user_id}({username}) not assigned to app {app_id}.",
+            )
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST, content=output_content
+            )
+
+        # validate password
+        if not (
+            bcrypt.checkpw(
+                password.encode("utf-8"),
+                local_dict_user[
+                    UserCredential.user_credential_hashed_password.name
+                ].encode("utf-8"),
+            )
+        ):
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_PASSWORD"],
+                log=f"incorrect password for user_id {local_str_user_id}({username}).",
+            )
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                content=output_content,
+            )
+        """
+        main process
+        """
+        # return new access token and refresh token
 
         # create access token
         local_dict_access_token_payload = {
+            "app_id": app_id,
             "user_id": local_str_user_id,
             "exp": datetime.now(timezone.utc)
-                   + timedelta(minutes=config_int_access_token_valid_minutes),
+            + timedelta(minutes=config_int_access_token_valid_minutes),
         }
         local_str_access_token = jwt.encode(
-            local_dict_access_token_payload, config_str_secret_key_for_access_token
+            local_dict_access_token_payload,
+            config_str_secret_key_for_access_token,
         )
 
         # create refresh token
@@ -109,222 +492,141 @@ async def register_username(username: str, password: str):
         )
 
         local_dict_refresh_token_payload = {
+            "app_id": app_id,
             "user_id": local_str_user_id,
             "exp": local_object_refresh_token_expiry_time,
         }
         local_str_refresh_token = jwt.encode(
-            local_dict_refresh_token_payload, config_str_secret_key_for_refresh_token
+            local_dict_refresh_token_payload,
+            config_str_secret_key_for_refresh_token,
         )
-        try:
-            local_list_response_authentication_username = global_object_square_database_helper.insert_rows(
-                data=[
-                    {
-                        UserCredential.user_id.name: local_str_user_id,
-                        UserCredential.user_credential_username.name: username,
-                        UserCredential.user_credential_hashed_password.name: local_str_hashed_password,
-                    }
-                ],
-                database_name=local_string_database_name,
-                schema_name=local_string_schema_name,
-                table_name=UserCredential.__tablename__,
-            )
-        except HTTPError as http_error:
-            if http_error.response.status_code == 400:
-                return JSONResponse(
-                    status_code=status.HTTP_409_CONFLICT,
-                    content=f"an account with the username {username} already exists.",
-                )
-            else:
-                raise http_error
-        # ======================================================================================
-
-        # ======================================================================================
         # entry in user session table
-        local_list_response_user_session = global_object_square_database_helper.insert_rows(
+        global_object_square_database_helper.insert_rows_v0(
             data=[
                 {
                     UserSession.user_id.name: local_str_user_id,
+                    UserSession.app_id.name: app_id,
                     UserSession.user_session_refresh_token.name: local_str_refresh_token,
                     UserSession.user_session_expiry_time.name: local_object_refresh_token_expiry_time.strftime(
                         "%Y-%m-%d %H:%M:%S.%f+00"
                     ),
                 }
             ],
-            database_name=local_string_database_name,
-            schema_name=local_string_schema_name,
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
             table_name=UserSession.__tablename__,
         )
-        # ======================================================================================
-        return JSONResponse(
-            status_code=status.HTTP_200_OK,
-            content={
-                "user_id": local_str_user_id,
-                "access_token": local_str_access_token,
-                "refresh_token": local_str_refresh_token,
+        """
+        return value
+        """
+        output_content = get_api_output_in_standard_format(
+            data={
+                "main": {
+                    "user_id": local_str_user_id,
+                    "access_token": local_str_access_token,
+                    "refresh_token": local_str_refresh_token,
+                }
             },
+            message=messages["LOGIN_SUCCESSFUL"],
         )
-    except Exception as e:
-        global_object_square_logger.logger.error(e, exc_info=True)
-        if local_str_user_id:
-            global_object_square_database_helper.delete_rows(
-                database_name=local_string_database_name,
-                schema_name=local_string_schema_name,
-                table_name=User.__tablename__,
-                filters={User.user_id.name: local_str_user_id},
-            )
         return JSONResponse(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, content=str(e)
+            status_code=status.HTTP_200_OK,
+            content=output_content,
         )
-
-
-@router.get("/login_username/")
-@global_object_square_logger.async_auto_logger
-async def login_username(username: str, password: str):
-    try:
-        # ======================================================================================
-        # get entry from authentication_username table
-        local_list_authentication_user_response = (
-            global_object_square_database_helper.get_rows(
-                database_name=local_string_database_name,
-                schema_name=local_string_schema_name,
-                table_name=UserCredential.__tablename__,
-                filters={UserCredential.user_credential_username.name: username},
-            )
+    except HTTPException as http_exception:
+        return JSONResponse(
+            status_code=http_exception.status_code, content=http_exception.detail
         )
-        # ======================================================================================
-
-        # ======================================================================================
-        # validate username
-        # ======================================================================================
-        if len(local_list_authentication_user_response) != 1:
-            return JSONResponse(
-                status_code=status.HTTP_400_BAD_REQUEST, content="incorrect username."
-            )
-        # ======================================================================================
-        # validate password
-        # ======================================================================================
-        else:
-            if not (
-                    bcrypt.checkpw(
-                        password.encode("utf-8"),
-                        local_list_authentication_user_response[0][
-                            UserCredential.user_credential_hashed_password.name
-                        ].encode("utf-8"),
-                    )
-            ):
-                return JSONResponse(
-                    status_code=status.HTTP_400_BAD_REQUEST,
-                    content="incorrect password.",
-                )
-
-            # ======================================================================================
-            # return new access token and refresh token
-            # ======================================================================================
-            else:
-                local_str_user_id = local_list_authentication_user_response[0][
-                    UserCredential.user_id.name
-                ]
-                # create access token
-                local_dict_access_token_payload = {
-                    "user_id": local_str_user_id,
-                    "exp": datetime.now(timezone.utc)
-                           + timedelta(minutes=config_int_access_token_valid_minutes),
-                }
-                local_str_access_token = jwt.encode(
-                    local_dict_access_token_payload,
-                    config_str_secret_key_for_access_token,
-                )
-
-                # create refresh token
-                local_object_refresh_token_expiry_time = datetime.now(
-                    timezone.utc
-                ) + timedelta(minutes=config_int_refresh_token_valid_minutes)
-
-                local_dict_refresh_token_payload = {
-                    "user_id": local_str_user_id,
-                    "exp": local_object_refresh_token_expiry_time,
-                }
-                local_str_refresh_token = jwt.encode(
-                    local_dict_refresh_token_payload,
-                    config_str_secret_key_for_refresh_token,
-                )
-                # ======================================================================================
-                # entry in user session table
-                local_list_response_user_session = global_object_square_database_helper.insert_rows(
-                    data=[
-                        {
-                            UserSession.user_id.name: local_str_user_id,
-                            UserSession.user_session_refresh_token.name: local_str_refresh_token,
-                            UserSession.user_session_expiry_time.name: local_object_refresh_token_expiry_time.strftime(
-                                "%Y-%m-%d %H:%M:%S.%f+00"
-                            ),
-                        }
-                    ],
-                    database_name=local_string_database_name,
-                    schema_name=local_string_schema_name,
-                    table_name=UserSession.__tablename__,
-                )
-                # ======================================================================================
-                return JSONResponse(
-                    status_code=status.HTTP_200_OK,
-                    content={
-                        "user_id": local_str_user_id,
-                        "access_token": local_str_access_token,
-                        "refresh_token": local_str_refresh_token,
-                    },
-                )
-        # ======================================================================================
-
     except Exception as e:
+        """
+        rollback logic
+        """
         global_object_square_logger.logger.error(e, exc_info=True)
+        output_content = get_api_output_in_standard_format(
+            message=messages["GENERIC_500"],
+            log=str(e),
+        )
         return JSONResponse(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, content=str(e)
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, content=output_content
         )
 
 
-@router.get("/generate_access_token/")
+@router.get("/generate_access_token/v0")
 @global_object_square_logger.async_auto_logger
-async def generate_access_token(
-        user_id: str, refresh_token: Annotated[Union[str, None], Header()]
+async def generate_access_token_v0(
+    user_id: str, app_id: int, refresh_token: Annotated[str, Header()]
 ):
     try:
-        # ======================================================================================
+        """
+        validation
+        """
         # validate user_id
-        local_list_user_response = global_object_square_database_helper.get_rows(
-            database_name=local_string_database_name,
-            schema_name=local_string_schema_name,
+        local_list_user_response = global_object_square_database_helper.get_rows_v0(
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
             table_name=User.__tablename__,
-            filters={User.user_id.name: user_id},
-        )
+            filters=FiltersV0({User.user_id.name: FilterConditionsV0(eq=user_id)}),
+        )["data"]["main"]
 
         if len(local_list_user_response) != 1:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_USER_ID"],
+                log=f"incorrect user_id: {user_id}.",
+            )
             return JSONResponse(
                 status_code=status.HTTP_400_BAD_REQUEST,
-                content=f"incorrect user_id: {user_id}.",
+                content=output_content,
+            )
+        # validate if app_id is assigned to user
+        # this will also validate if app_id is valid
+        local_dict_user = local_list_user_response[0]
+        local_str_user_id = local_dict_user[User.user_id.name]
+        local_list_user_app_response = global_object_square_database_helper.get_rows_v0(
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
+            table_name=UserApp.__tablename__,
+            filters=FiltersV0(
+                {
+                    UserApp.user_id.name: FilterConditionsV0(eq=local_str_user_id),
+                    UserApp.app_id.name: FilterConditionsV0(eq=app_id),
+                }
+            ),
+        )["data"]["main"]
+        if len(local_list_user_app_response) != 1:
+            output_content = get_api_output_in_standard_format(
+                message=messages["GENERIC_400"],
+                log=f"user_id {local_str_user_id} not assigned to app {app_id}.",
+            )
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST, content=output_content
             )
-        # ======================================================================================
-
-        # ======================================================================================
         # validate refresh token
-
-        # validating if a session refresh token exists in the database.
+        # validating if a session refresh token exists in the database for provided app id.
         local_list_user_session_response = (
-            global_object_square_database_helper.get_rows(
-                database_name=local_string_database_name,
-                schema_name=local_string_schema_name,
+            global_object_square_database_helper.get_rows_v0(
+                database_name=global_string_database_name,
+                schema_name=global_string_schema_name,
                 table_name=UserSession.__tablename__,
-                filters={
-                    UserSession.user_id.name: user_id,
-                    UserSession.user_session_refresh_token.name: refresh_token,
-                },
-            )
+                filters=FiltersV0(
+                    {
+                        UserSession.user_id.name: FilterConditionsV0(eq=user_id),
+                        UserSession.user_session_refresh_token.name: FilterConditionsV0(
+                            eq=refresh_token
+                        ),
+                        UserSession.app_id.name: FilterConditionsV0(eq=app_id),
+                    }
+                ),
+            )["data"]["main"]
         )
 
         if len(local_list_user_session_response) != 1:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_REFRESH_TOKEN"],
+                log=f"incorrect refresh token: {refresh_token} for user_id: {user_id} for app_id: {app_id}.",
+            )
             return JSONResponse(
                 status_code=status.HTTP_400_BAD_REQUEST,
-                content=f"incorrect refresh token: {refresh_token} for user_id: {user_id}."
-                        f"for user_id: {user_id}.",
+                content=output_content,
             )
         # validating if the refresh token is valid, active and of the same user.
         try:
@@ -332,133 +634,238 @@ async def generate_access_token(
                 refresh_token, config_str_secret_key_for_refresh_token
             )
         except Exception as error:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_REFRESH_TOKEN"], log=str(error)
+            )
             return JSONResponse(
                 status_code=status.HTTP_400_BAD_REQUEST,
-                content=str(error),
+                content=output_content,
             )
 
         if local_dict_refresh_token_payload["user_id"] != user_id:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_REFRESH_TOKEN"],
+                log=f"refresh token and user_id mismatch.",
+            )
             return JSONResponse(
                 status_code=status.HTTP_400_BAD_REQUEST,
-                content=f"refresh token and user_id mismatch.",
+                content=output_content,
             )
-
-        # ======================================================================================
-        # ======================================================================================
+        if local_dict_refresh_token_payload["app_id"] != app_id:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_REFRESH_TOKEN"],
+                log=f"refresh token and app_id mismatch.",
+            )
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                content=output_content,
+            )
+        """
+        main process
+        """
         # create and send access token
         local_dict_access_token_payload = {
+            "app_id": app_id,
             "user_id": user_id,
             "exp": datetime.now(timezone.utc)
-                   + timedelta(minutes=config_int_access_token_valid_minutes),
+            + timedelta(minutes=config_int_access_token_valid_minutes),
         }
         local_str_access_token = jwt.encode(
             local_dict_access_token_payload, config_str_secret_key_for_access_token
         )
-
+        """
+        return value
+        """
+        output_content = get_api_output_in_standard_format(
+            data={"main": {"access_token": local_str_access_token}},
+            message=messages["GENERIC_CREATION_SUCCESSFUL"],
+        )
         return JSONResponse(
             status_code=status.HTTP_200_OK,
-            content={"access_token": local_str_access_token},
+            content=output_content,
+        )
+    except HTTPException as http_exception:
+        return JSONResponse(
+            status_code=http_exception.status_code, content=http_exception.detail
         )
-        # ======================================================================================
-
     except Exception as e:
+        """
+        rollback logic
+        """
         global_object_square_logger.logger.error(e, exc_info=True)
+        output_content = get_api_output_in_standard_format(
+            message=messages["GENERIC_500"],
+            log=str(e),
+        )
         return JSONResponse(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, content=str(e)
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, content=output_content
         )
 
 
-@router.delete("/logout/")
+@router.delete("/logout/v0")
 @global_object_square_logger.async_auto_logger
-async def logout(
-        user_id: str,
-        access_token: Annotated[Union[str, None], Header()],
-        refresh_token: Annotated[Union[str, None], Header()],
+async def logout_v0(
+    user_id: str,
+    app_id: int,
+    access_token: Annotated[str, Header()],
+    refresh_token: Annotated[str, Header()],
 ):
     try:
-        # ======================================================================================
+        """
+        validation
+        """
         # validate user_id
-        local_list_user_response = global_object_square_database_helper.get_rows(
-            database_name=local_string_database_name,
-            schema_name=local_string_schema_name,
+        local_list_user_response = global_object_square_database_helper.get_rows_v0(
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
             table_name=User.__tablename__,
-            filters={User.user_id.name: user_id},
-        )
+            filters=FiltersV0(
+                {
+                    User.user_id.name: FilterConditionsV0(eq=user_id),
+                }
+            ),
+        )["data"]["main"]
 
         if len(local_list_user_response) != 1:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_USER_ID"],
+                log=f"incorrect user_id: {user_id}.",
+            )
             return JSONResponse(
                 status_code=status.HTTP_400_BAD_REQUEST,
-                content=f"incorrect user_id: {user_id}.",
+                content=output_content,
             )
-        # ======================================================================================
 
-        # ======================================================================================
-        # validate refresh token
+        # validate if app_id is assigned to user
+        # this will also validate if app_id is valid
+        local_dict_user = local_list_user_response[0]
+        local_str_user_id = local_dict_user[User.user_id.name]
+        local_list_user_app_response = global_object_square_database_helper.get_rows_v0(
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
+            table_name=UserApp.__tablename__,
+            filters=FiltersV0(
+                {
+                    UserApp.user_id.name: FilterConditionsV0(eq=local_str_user_id),
+                    UserApp.app_id.name: FilterConditionsV0(eq=app_id),
+                }
+            ),
+        )["data"]["main"]
+        if len(local_list_user_app_response) != 1:
+            output_content = get_api_output_in_standard_format(
+                message=messages["GENERIC_400"],
+                log=f"user_id {local_str_user_id} not assigned to app {app_id}.",
+            )
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST, content=output_content
+            )
 
+        # validate refresh token
         # validating if a session refresh token exists in the database.
         local_list_user_session_response = (
-            global_object_square_database_helper.get_rows(
-                database_name=local_string_database_name,
-                schema_name=local_string_schema_name,
+            global_object_square_database_helper.get_rows_v0(
+                database_name=global_string_database_name,
+                schema_name=global_string_schema_name,
                 table_name=UserSession.__tablename__,
-                filters={
-                    UserSession.user_id.name: user_id,
-                    UserSession.user_session_refresh_token.name: refresh_token,
-                },
-            )
+                filters=FiltersV0(
+                    {
+                        UserSession.user_id.name: FilterConditionsV0(eq=user_id),
+                        UserSession.user_session_refresh_token.name: FilterConditionsV0(
+                            eq=refresh_token
+                        ),
+                        UserSession.app_id.name: FilterConditionsV0(eq=app_id),
+                    }
+                ),
+            )["data"]["main"]
         )
 
         if len(local_list_user_session_response) != 1:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_REFRESH_TOKEN"],
+                log=f"incorrect refresh token: {refresh_token} for user_id: {user_id} for app_id: {app_id}.",
+            )
             return JSONResponse(
                 status_code=status.HTTP_400_BAD_REQUEST,
-                content=f"incorrect refresh token: {refresh_token} for user_id: {user_id}."
-                        f"for user_id: {user_id}.",
+                content=output_content,
             )
-        # not validating if the refresh token is valid, active and of the same user.
-        # ======================================================================================
+        # **not validating if the refresh token is valid, active, of the same user and of the provided app id.**
 
-        # ======================================================================================
         # validate access token
-        # validating if the access token is valid, active and of the same user.
+        # validating if the access token is valid, active, of the same user and of the provided app.
         try:
             local_dict_access_token_payload = get_jwt_payload(
                 access_token, config_str_secret_key_for_access_token
             )
         except Exception as error:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_ACCESS_TOKEN"], log=str(error)
+            )
             return JSONResponse(
                 status_code=status.HTTP_400_BAD_REQUEST,
-                content=str(error),
+                content=output_content,
             )
         if local_dict_access_token_payload["user_id"] != user_id:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_ACCESS_TOKEN"],
+                log=f"access token and user_id mismatch.",
+            )
             return JSONResponse(
                 status_code=status.HTTP_400_BAD_REQUEST,
-                content=f"access token and user_id mismatch.",
+                content=output_content,
+            )
+        if local_dict_access_token_payload["app_id"] != app_id:
+            output_content = get_api_output_in_standard_format(
+                message=messages["INCORRECT_ACCESS_TOKEN"],
+                log=f"access token and app_id mismatch.",
+            )
+            return JSONResponse(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                content=output_content,
             )
-
         # ======================================================================================
 
         # NOTE: if both access token and refresh token have expired for a user,
         # it can be assumed that user session only needs to be removed from the front end.
 
         # ======================================================================================
+        """
+        main process
+        """
         # delete session for user
-        global_object_square_database_helper.delete_rows(
-            database_name=local_string_database_name,
-            schema_name=local_string_schema_name,
+        global_object_square_database_helper.delete_rows_v0(
+            database_name=global_string_database_name,
+            schema_name=global_string_schema_name,
             table_name=UserSession.__tablename__,
-            filters={
-                UserSession.user_id.name: user_id,
-                UserSession.user_session_refresh_token.name: refresh_token,
-            },
+            filters=FiltersV0(
+                {
+                    UserSession.user_id.name: FilterConditionsV0(eq=user_id),
+                    UserSession.user_session_refresh_token.name: FilterConditionsV0(
+                        eq=refresh_token
+                    ),
+                    UserSession.app_id.name: FilterConditionsV0(eq=app_id),
+                }
+            ),
         )
-
+        """
+        return value
+        """
+        output_content = get_api_output_in_standard_format(
+            message=messages["LOGOUT_SUCCESSFUL"],
+        )
+        return JSONResponse(status_code=status.HTTP_200_OK, content=output_content)
+    except HTTPException as http_exception:
         return JSONResponse(
-            status_code=status.HTTP_200_OK, content="Log out successful."
+            status_code=http_exception.status_code, content=http_exception.detail
         )
-        # ======================================================================================
-
     except Exception as e:
+        """
+        rollback logic
+        """
         global_object_square_logger.logger.error(e, exc_info=True)
+        output_content = get_api_output_in_standard_format(
+            message=messages["GENERIC_500"],
+            log=str(e),
+        )
         return JSONResponse(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, content=str(e)
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, content=output_content
         )

square_authentication/routes/utility.py

@@ -1,3 +1,5 @@
 from fastapi import APIRouter
 
-router = APIRouter(tags=["utility"], )
+router = APIRouter(
+    tags=["utility"],
+)

{square_authentication-1.0.0.dist-info → square_authentication-2.0.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: square-authentication
-Version: 1.0.0
+Version: 2.0.0
 Summary: authentication layer for my personal server.
 Home-page: https://github.com/thepmsquare/square_authentication
 Author: thePmSquare
@@ -20,10 +20,10 @@ Requires-Dist: bcrypt>=4.1.2
 Requires-Dist: pyjwt>=2.8.0
 Requires-Dist: requests>=2.32.3
 Requires-Dist: cryptography>=42.0.7
-Requires-Dist: square-commons>=0.0.1
+Requires-Dist: square-commons>=1.0.0
 Requires-Dist: square-logger>=1.0.0
-Requires-Dist: square-database-helper>=0.0.5
-Requires-Dist: square-database-structure>=0.0.11
+Requires-Dist: square-database-helper>=2.0.0
+Requires-Dist: square-database-structure>=1.0.0
 
 # square_authentication
 
@@ -43,6 +43,21 @@ pip install square_authentication
 
 ## changelog
 
+### v2.0.0
+
+- authentication module needs to be used across applications so
+    - register_username: will not create sessions and therefore will not auto login.
+    - login: added validation if app is assigned to user before assigning it and added app_id in session row.
+    - logout: added app_id as new parameter and validation for that.
+    - generate_access_token: added app_id as new parameter and validation for that.
+- added 2 new endpoints
+    - get user app ids: **access token validation pending**.
+    - change user app ids: **access token validation pending**.
+- add versions for all endpoint paths.
+- make it compatible with square_database_helper 2.x.
+- username in database will always be lowercase.
+- standardise output formats for all api.
+
 ### v1.0.0
 
 - initial implementation.

square_authentication-2.0.0.dist-info/RECORD

@@ -0,0 +1,15 @@
+square_authentication/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+square_authentication/configuration.py,sha256=i0uNtNSQd-n1rBxFM6jsIz1Wy3d090RcdTViSqHKc7Y,2973
+square_authentication/main.py,sha256=JK9KBmN73KL8EpKrXrjrwwf37bmC4AXrFHtfl2roYwQ,1636
+square_authentication/messages.py,sha256=NHJLnaB-qj69VJrMkmbMXDHJUnakQLht14ZBrw4dGgg,1094
+square_authentication/data/config.ini,sha256=_740RvKpL5W2bUDGwZ7ePwuP-mAasr5cXXB81yq_Jv8,906
+square_authentication/routes/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+square_authentication/routes/core.py,sha256=gwfNQcMvT5DdbZQBotLPwy1Actr7SBSgrimfHfMviYs,33617
+square_authentication/routes/utility.py,sha256=Kx4S4tZ1GKsPoC8CoZ4fkLEebvr02KeFEPePtTHtpnQ,75
+square_authentication/utils/__init__.py,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
+square_authentication/utils/encryption.py,sha256=T6BShoUr_xeGpbfPgTK-GxTlXPwcjwU4c4KW7KPzrF8,1865
+square_authentication/utils/token.py,sha256=Y_arg5LegX-aprMj9YweUK8jjNZLGDjLUGgxbUA12w4,560
+square_authentication-2.0.0.dist-info/METADATA,sha256=BrxsipcwD1dQNTUeM7pXXtAOZMPXBO1i4n7tRRbXx7s,1966
+square_authentication-2.0.0.dist-info/WHEEL,sha256=eOLhNAGa2EW3wWl_TU484h7q1UNgy0JXjjoqKoxAAQc,92
+square_authentication-2.0.0.dist-info/top_level.txt,sha256=wDssVJIl9KIEJPj5rR3rv4uRI7yCndMBrvHd_6BGXQA,22
+square_authentication-2.0.0.dist-info/RECORD,,

square_authentication-1.0.0.dist-info/RECORD

@@ -1,14 +0,0 @@
-square_authentication/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-square_authentication/configuration.py,sha256=9rRznQcfsUd_o-OnYjdBJSiLa30_5o5BXJjzhZPLUqc,2993
-square_authentication/main.py,sha256=01bu19koJNkJoz2VadPiV9M6TaIRoFEs5UabJfD6Tjo,1528
-square_authentication/data/config.ini,sha256=_740RvKpL5W2bUDGwZ7ePwuP-mAasr5cXXB81yq_Jv8,906
-square_authentication/routes/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-square_authentication/routes/core.py,sha256=cZduu9VUMrrkrBYsR9elorQ6aPqpVAkV2f_4P8tKEto,20210
-square_authentication/routes/utility.py,sha256=qFvXfmWqBhUAEQQq9StmY9tERVUoVE7Fe07dhVPZPoU,70
-square_authentication/utils/__init__.py,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
-square_authentication/utils/encryption.py,sha256=T6BShoUr_xeGpbfPgTK-GxTlXPwcjwU4c4KW7KPzrF8,1865
-square_authentication/utils/token.py,sha256=Y_arg5LegX-aprMj9YweUK8jjNZLGDjLUGgxbUA12w4,560
-square_authentication-1.0.0.dist-info/METADATA,sha256=vBdyC4c-vg7SWkg4GnxnAOtoRVPmAGzNBa4nD8LU60U,1209
-square_authentication-1.0.0.dist-info/WHEEL,sha256=eOLhNAGa2EW3wWl_TU484h7q1UNgy0JXjjoqKoxAAQc,92
-square_authentication-1.0.0.dist-info/top_level.txt,sha256=wDssVJIl9KIEJPj5rR3rv4uRI7yCndMBrvHd_6BGXQA,22
-square_authentication-1.0.0.dist-info/RECORD,,