timedctl 5.9.2__tar.gz → 5.10.2__tar.gz

{timedctl-5.9.2 → timedctl-5.10.2}/PKG-INFO

@@ -1,8 +1,9 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: timedctl
-Version: 5.9.2
+Version: 5.10.2
 Summary: CLI for timed
 License: AGPL-3.0-only
+License-File: LICENSE
 Author: Arthur Deierlein
 Author-email: arthur.deierlein@adfinis.com
 Requires-Python: >=3.11,<4.0
@@ -10,10 +11,15 @@ Classifier: License :: OSI Approved :: GNU Affero General Public License v3
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Requires-Dist: click (>=8.1.3,<9.0.0)
 Requires-Dist: click-aliases (>=1.0.1,<2.0.0)
+Requires-Dist: keyring (>=24.1,<26.0)
 Requires-Dist: libtimed (>=0.6.4,<0.7.0)
 Requires-Dist: pyfzf (>=0.3.1,<0.4.0)
+Requires-Dist: pyjwt (>=2.8.0,<3.0.0)
+Requires-Dist: requests (>=2.31.0,<3.0.0)
 Requires-Dist: rich (>=13.4.2,<14.0.0)
 Requires-Dist: tomlkit (>=0.11.8,<0.13.0)
 Description-Content-Type: text/markdown
@@ -94,8 +100,7 @@ If this isn't the case you can see the default config options below:
 ```toml
 username = "<your username>"
 timed_url = "<timed url>"
-sso_url = "<sso url>"
-sso_realm = "<sso realm>"
+sso_discovery_url = "<sso url>"
 sso_client_id = "<client id>"
 ```
 

{timedctl-5.9.2 → timedctl-5.10.2}/README.md

@@ -74,8 +74,7 @@ If this isn't the case you can see the default config options below:
 ```toml
 username = "<your username>"
 timed_url = "<timed url>"
-sso_url = "<sso url>"
-sso_realm = "<sso realm>"
+sso_discovery_url = "<sso url>"
 sso_client_id = "<client id>"
 ```
 

timedctl-5.10.2/pyproject.toml

@@ -0,0 +1,116 @@
+[tool.poetry]
+name = "timedctl"
+version = "5.10.2"
+description = "CLI for timed"
+authors = [
+    "Arthur Deierlein <arthur.deierlein@adfinis.com>",
+    "Gian Klug <gian.klug@adfinis.com>",
+]
+readme = "README.md"
+license = "AGPL-3.0-only"
+
+[tool.poetry.dependencies]
+python = "^3.11"
+click = "^8.1.3"
+pyfzf = "^0.3.1"
+rich = "^13.4.2"
+tomlkit = ">=0.11.8,<0.13.0"
+click-aliases = "^1.0.1"
+libtimed = "^0.6.4"
+keyring = ">=24.1,<26.0"
+requests = "^2.31.0"
+pyjwt = "^2.8.0"
+
+
+[tool.poetry.group.dev.dependencies]
+pytest = ">=7.3.2,<9.0.0"
+isort = "^5.12.0"
+ruff = "v0.3.4"
+pytest-cov = ">=4.1,<6.0"
+
+[build-system]
+requires = ["poetry-core"]
+build-backend = "poetry.core.masonry.api"
+
+[tool.poetry.scripts]
+timedctl = "timedctl.cli:timedctl"
+
+[tool.semantic_release]
+version_toml = ["pyproject.toml:tool.poetry.version"]
+major_on_zero = false
+branch = "main"
+build_command = "pip install poetry && poetry build"
+
+[tool.ruff]
+line-length = 88
+
+[tool.ruff.format]
+quote-style = "double"
+indent-style = "space"
+docstring-code-format = true
+
+[tool.ruff.lint]
+# TODO: add "ANN" again in the future
+select = [
+    "E",
+    "F",
+    "C4",
+    "PL",
+    "C90",
+    "I",
+    "N",
+    "UP",
+    "B",
+    "S",
+    "A",
+    "COM",
+    "PT",
+    "Q",
+    "T20",
+    "SLF",
+    "TD",
+    "FIX",
+    "PIE",
+]
+fixable = ["ALL"]
+ignore = [
+    # make docstrings optional
+    "D100",
+    "D101",
+    "D102",
+    "D103",
+    "D104",
+    "D105",
+    "D106",
+    "D107",
+    "D211",
+    "D213",
+    "RUF012",
+    # line length is handled by formatter
+    "E501",
+    # disable this for now
+    "SLF001",
+    # https://docs.astral.sh/ruff/formatter/#conflicting-lint-rules
+    "W191",
+    "E111",
+    "E114",
+    "E117",
+    "D206",
+    "D300",
+    "Q000",
+    "Q001",
+    "Q002",
+    "Q003",
+    "COM812",
+    "COM819",
+    "ISC001",
+    "ISC002",
+    # this conflicts for some reason
+    "D203"
+]
+
+[tool.ruff.lint.pylint]
+max-args = 7
+
+[tool.ruff.lint.per-file-ignores]
+"tests/*" = ["S101"]

{timedctl-5.9.2 → timedctl-5.10.2}/timedctl/helpers.py

@@ -1,6 +1,7 @@
 """
 API unrelated helper functions.
 """
+
 import json
 import re
 import sys

{timedctl-5.9.2 → timedctl-5.10.2}/timedctl/timedctl.py

@@ -3,15 +3,18 @@
 
 import os
 import re
+import time
+import webbrowser
 from datetime import datetime, timedelta
 
 import click
+import jwt
+import keyring
 import pyfzf
 import requests
 import tomllib
 from libtimed import TimedAPIClient
-from libtimed.oidc import OIDCClient
-from rich import print
+from rich import print as rprint
 from rich.table import Table
 from tomlkit import dump
 
@@ -23,6 +26,8 @@ from timedctl.helpers import (
     time_picker,
 )
 
+TIMEOUT = 30
+
 
 class Timedctl:
     def __init__(self):
@@ -33,8 +38,7 @@ class Timedctl:
         cfg = {
             "username": "test",
             "timed_url": "https://timed.example.com",
-            "sso_url": "https://sso.example.com",
-            "sso_realm": "example",
+            "sso_discovery_url": "https://sso.example.com/realms/example",
             "sso_client_id": "timedctl",
         }
 
@@ -56,13 +60,29 @@ class Timedctl:
         if not os.path.isfile(config_file):
             os.makedirs(config_dir, exist_ok=True)
             click.echo("No config file found. Please enter the following infos.")
-            for key in cfg:
-                cfg[key] = input(f"{key} ({cfg[key]}): ")
+            for key, value in cfg.items():
+                cfg[key] = input(f"{key} ({value}): ")
             with open(config_file, "w", encoding="utf-8") as file:
                 dump(cfg, file)
         else:
             with open(config_file, "rb") as file:
                 user_config = tomllib.load(file)
+
+            # Migration from sso_url & sso_realm to sso_discovery_url
+            if (
+                "sso_discovery_url" not in user_config
+                and "sso_url" in user_config
+                and "sso_realm" in user_config
+            ):
+                user_config["sso_discovery_url"] = (
+                    user_config["sso_url"] + "/realms/" + user_config["sso_realm"]
+                )
+                del user_config["sso_url"]
+                del user_config["sso_realm"]
+
+                with open(config_file, "w", encoding="utf-8") as file:
+                    dump(user_config, file)
+
             for key in user_config:
                 cfg[key] = user_config[key]
         self.config = cfg
@@ -72,24 +92,138 @@ class Timedctl:
         # initialize libtimed
         url = self.config.get("timed_url")
         api_namespace = "api/v1"
+        client_id = self.config["sso_client_id"]
+
+        access_token = keyring.get_password(
+            "system", "timedctl_token_" + client_id + "_access"
+        )
+        decode_options = {"verify_signature": False, "verify_exp": "verify_signature"}
+        try:
+            # Check if access_token is valid
+            jwt.decode(access_token, leeway=-30, options=decode_options)
+
+        except (jwt.exceptions.ExpiredSignatureError, jwt.exceptions.DecodeError):
+            # Access token expired or missing
+            refresh_token = keyring.get_password(
+                "system", "timedctl_token_" + client_id + "_refresh"
+            )
+            try:
+                jwt.decode(refresh_token, leeway=-10, options=decode_options)
+                access_token = self.refresh_token(refresh_token, no_renew_token)
+
+            except (jwt.exceptions.ExpiredSignatureError, jwt.exceptions.DecodeError):
+                # Refresh token expired or missing
+                if no_renew_token:
+                    error_handler("ERR_TOKEN_MISSING_OR_EXPIRED")
+
+                access_token = self.login()
 
-        # Auth stuff
+        self.timed = TimedAPIClient(access_token, url, api_namespace)
+
+    def get_openid_configuration(self):
+        """Return the OpenID configuration."""
+        sso_discovery_url = self.config.get("sso_discovery_url")
+
+        # Retrieve OpenID configuration
+        openid_configuration = requests.get(
+            f"{sso_discovery_url}/.well-known/openid-configuration", timeout=TIMEOUT
+        ).json()
+        if "error" in openid_configuration:
+            error_handler("ERR_COULD_NOT_GET_OPENID_CONFIGURATION")
+
+        return openid_configuration
+
+    def login(self):
+        """Authenticates using device code."""
         client_id = self.config.get("sso_client_id")
-        sso_url = self.config.get("sso_url")
-        sso_realm = self.config.get("sso_realm")
-        auth_path = "timedctl/auth"
-        self.oidc_client = OIDCClient(client_id, sso_url, sso_realm, auth_path)
-
-        # don't auto-refresh the token if asked
-        if no_renew_token:
-            token = self.oidc_client.keyring_get()
-            if not token:
-                error_handler("ERR_NO_TOKEN")
-            if not self.oidc_client.check_expired(token):
-                error_handler("ERR_TOKEN_EXPIRED")
-
-        token = self.oidc_client.authorize()
-        self.timed = TimedAPIClient(token, url, api_namespace)
+        openid_configuration = self.get_openid_configuration()
+
+        if (
+            "urn:ietf:params:oauth:grant-type:device_code"
+            not in openid_configuration["grant_types_supported"]
+        ):
+            error_handler("ERR_SSO_DOES_NOT_SUPPORT_DEVICE_CODE")
+
+        device_code_payload = {"client_id": client_id, "scope": "openid"}
+        device_code_response = requests.post(
+            openid_configuration["device_authorization_endpoint"],
+            data=device_code_payload,
+            timeout=TIMEOUT,
+        )
+
+        if device_code_response.status_code != requests.codes.ok:
+            error_handler("ERR_GENERATING_DEVICE_CODE")
+
+        device_code_data = device_code_response.json()
+        rprint(
+            "A web browser was opened at {}. Please continue the login in the web browser.".format(
+                device_code_data["verification_uri_complete"]
+            )
+        )
+        webbrowser.open_new(device_code_data["verification_uri_complete"])
+
+        token_payload = {
+            "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
+            "device_code": device_code_data["device_code"],
+            "client_id": client_id,
+        }
+
+        while True:
+            token_response = requests.post(
+                openid_configuration["token_endpoint"],
+                data=token_payload,
+                timeout=TIMEOUT,
+            )
+            token_data = token_response.json()
+
+            if token_response.status_code == requests.codes.ok:
+                keyring.set_password(
+                    "system",
+                    "timedctl_token_" + client_id + "_access",
+                    token_data["access_token"],
+                )
+                keyring.set_password(
+                    "system",
+                    "timedctl_token_" + client_id + "_refresh",
+                    token_data["refresh_token"],
+                )
+                return token_data["access_token"]
+            elif token_data["error"] not in ("authorization_pending", "slow_down"):
+                rprint(token_data["error_description"])
+                error_handler("ERR_AUTHORIZATION_FAILED")
+            else:
+                time.sleep(device_code_data["interval"])
+
+    def refresh_token(self, token, no_renew_token=False):
+        """Refresh token."""
+        client_id = self.config.get("sso_client_id")
+        openid_configuration = self.get_openid_configuration()
+
+        if "refresh_token" not in openid_configuration["grant_types_supported"]:
+            error_handler("ERR_SSO_DOES_NOT_SUPPORT_REFRESH")
+
+        token_payload = {
+            "grant_type": "refresh_token",
+            "refresh_token": token,
+            "client_id": client_id,
+        }
+        token_response = requests.post(
+            openid_configuration["token_endpoint"], data=token_payload, timeout=TIMEOUT
+        )
+        token_data = token_response.json()
+
+        if token_response.status_code != requests.codes.ok:
+            if no_renew_token:
+                error_handler("ERR_REFRESHING_TOKEN")
+
+            return self.login()
+
+        keyring.set_password(
+            "system",
+            "timedctl_token_" + client_id + "_access",
+            token_data["access_token"],
+        )
+        return token_data["access_token"]
 
     def force_renew(self):
         """Force a token renewal."""
@@ -384,7 +518,7 @@ class Timedctl:
 
             table.add_row(customer, project, task, comment, str(duration))
         table.add_row("", "", "", "", str(total))
-        print(table)
+        rprint(table)
 
     def get_activities(self, date):
         """Get activities."""
@@ -428,7 +562,7 @@ class Timedctl:
 
             table.add_row(activity_fmt, comment, from_time_fmt, to_time_fmt)
 
-        print(table)
+        rprint(table)
         msg(f"Total: {total_time}")
 
     def delete_report(self, date):

timedctl-5.9.2/pyproject.toml

@@ -1,53 +0,0 @@
-[tool.poetry]
-name = "timedctl"
-version = "5.9.2"
-description = "CLI for timed"
-authors = ["Arthur Deierlein <arthur.deierlein@adfinis.com>", "Gian Klug <gian.klug@adfinis.com>"]
-readme = "README.md"
-license = "AGPL-3.0-only"
-
-[tool.poetry.dependencies]
-python = "^3.11"
-click = "^8.1.3"
-pyfzf = "^0.3.1"
-rich = "^13.4.2"
-tomlkit = ">=0.11.8,<0.13.0"
-click-aliases = "^1.0.1"
-libtimed = "^0.6.4"
-
-
-[tool.poetry.group.dev.dependencies]
-black = "^23.3.0"
-pytest = "^7.3.2"
-isort = "^5.12.0"
-flake8 = "^6.0.0"
-ruff = "v0.1.5"
-pytest-cov = "^4.1.0"
-
-[build-system]
-requires = ["poetry-core"]
-build-backend = "poetry.core.masonry.api"
-
-[tool.poetry.scripts]
-timedctl = "timedctl.cli:timedctl"
-
-[tool.semantic_release]
-version_toml = [
-    "pyproject.toml:tool.poetry.version"
-]
-major_on_zero = false
-branch = "main"
-build_command = "pip install poetry && poetry build"
-
-[tool.ruff]
-# TODO: add "ANN" again in the future
-select = ["E", "F", "C4", "PL", "C90", "I", "N", "UP", "B", "S", "A",  "COM", "PT", "Q", "T20", "SLF", "TD", "FIX",  "PIE"]
-# same as black
-line-length = 88
-output-format = "github"
-fixable = ["ALL"]
-# ignore these for now
-ignore = ["PLR0913"]
-
-[tool.ruff.per-file-ignores]
-"tests/*" = ["S101"]