trovesuite 1.0.11__py3-none-any.whl → 1.0.12__py3-none-any.whl

trovesuite/auth/auth_service.py

@@ -77,7 +77,7 @@ class AuthService:
             )
 
             if not is_tenant_verified or len(is_tenant_verified) == 0:
-                logger.warning("Login failed - tenant not found: %s", tenant_id)
+                logger.warning("Authorization failed - tenant not found: %s", tenant_id)
                 return Respons[AuthServiceReadDto](
                     detail=f"Tenant '{tenant_id}' not found or has been deleted",
                     data=[],
@@ -87,7 +87,7 @@ class AuthService:
                 )
 
             if not is_tenant_verified[0]['is_verified']:
-                logger.warning("Login failed - tenant not verified for user: %s, tenant: %s", user_id, tenant_id)
+                logger.warning("Authorization failed - tenant not verified for user: %s, tenant: %s", user_id, tenant_id)
                 return Respons[AuthServiceReadDto](
                     detail=f"Tenant '{tenant_id}' is not verified. Please contact your administrator.",
                     data=[],
@@ -146,35 +146,54 @@ class AuthService:
                     error="USER_SUSPENDED"
                 )
 
+            # ✅ UPDATED: Mutually exclusive login restrictions logic
             if not login_settings_details[0]['can_always_login']:
-                current_day = datetime.now().strftime("%A").upper()
+                # Get from database (should already be datetime objects)
+                login_on = login_settings_details[0]['login_on']
+                logout_on = login_settings_details[0]['logout_on']
+                working_days = login_settings_details[0]['working_days']
 
-                if current_day not in login_settings_details[0]['working_days']:
-                    logger.warning("Authorization failed - outside working days for user: %s checking custom login period", user_id)
+                # Only ONE restriction type can be active at a time:
+                # 1. working_days restriction (if login_on/logout_on are NULL)
+                # 2. time period restriction (if login_on/logout_on are set)
 
-                    # Get current datetime (full date and time) with timezone
-                    current_datetime = datetime.now(timezone.utc).replace(microsecond=0, second=0)
-
-                    # Get from database (should already be datetime objects)
-                    login_on = login_settings_details[0]['login_on']
-                    logout_on = login_settings_details[0]['logout_on']
+                if login_on and logout_on:
+                    # Time period restriction is active
+                    logger.info(f"Checking time period restriction for user: {user_id}")
 
-                    # Set defaults if None (with timezone awareness)
-                    if not login_on:
-                        login_on = datetime.min.replace(tzinfo=timezone.utc)
-                    if not logout_on:
-                        logout_on = datetime.max.replace(tzinfo=timezone.utc)
+                    # Get current datetime (full date and time) with timezone
+                    current_datetime = datetime.now(timezone.utc).replace(
+                        microsecond=0, second=0
+                    )
 
                     # Compare full datetime objects (both date and time)
                     if not (login_on <= current_datetime <= logout_on):
-                        logger.warning("Authorization failed - outside allowed period for user: %s", user_id)
+                        logger.warning(
+                            f"Authorization failed - outside allowed period for user: {user_id}"
+                        )
                         return Respons[AuthServiceReadDto](
-                            detail="Login is not allowed at this time. Please check your access schedule.",
+                            detail="Access is not allowed at this time. Please check your access schedule.",
                             data=[],
                             success=False,
                             status_code=403,
                             error="LOGIN_TIME_RESTRICTED"
                         )
+                elif working_days:
+                    # Working days restriction is active
+                    logger.info(f"Checking working days restriction for user: {user_id}")
+                    current_day = datetime.now().strftime("%A").upper()
+
+                    if current_day not in working_days:
+                        logger.warning(
+                            f"Authorization failed - not a working day for user: {user_id}"
+                        )
+                        return Respons[AuthServiceReadDto](
+                            detail="Access is not allowed on this day. Please contact your administrator.",
+                            data=[],
+                            success=False,
+                            status_code=403,
+                            error="LOGIN_DAY_RESTRICTED"
+                        )
 
             # 4️⃣ Build query dynamically to include groups (if any) + user
             # ⚠️ CHANGED: Simplified to new schema - only select user_id, group_id, role_id, resource_type

{trovesuite-1.0.11.dist-info → trovesuite-1.0.12.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: trovesuite
-Version: 1.0.11
+Version: 1.0.12
 Summary: TroveSuite services package providing authentication, authorization, notifications, Azure Storage, and other enterprise services for TroveSuite applications
 Home-page: https://dev.azure.com/brightgclt/trovesuite/_git/packages
 Author: Bright Debrah Owusu

{trovesuite-1.0.11.dist-info → trovesuite-1.0.12.dist-info}/RECORD

@@ -3,7 +3,7 @@ trovesuite/auth/__init__.py,sha256=OjZllVvjul1glDazJ-d5TrNjgHFigFlQQi1G99DYshk,2
 trovesuite/auth/auth_base.py,sha256=rZHQVLeJRBQ8GClgF5UwG-er4_HXVX5-nt8o6_Z29uY,75
 trovesuite/auth/auth_controller.py,sha256=PAgaVlf5TYEfkSfK4vGGsvO84i8zEmeVVXyUF2YBppI,420
 trovesuite/auth/auth_read_dto.py,sha256=e27JqKVPVUM83A_mYF452QCflsvGNo7aKje7q_urwFc,571
-trovesuite/auth/auth_service.py,sha256=CRGGXCdaAknznwq68ghmhtZ13NM73tu32OPJK8JJ2_Y,14488
+trovesuite/auth/auth_service.py,sha256=cow-bSq1AB1VoSrFHqBleGJnFETZDZ6HRoMgaSOKFNo,15412
 trovesuite/auth/auth_write_dto.py,sha256=rdwI7w6-9QZGv1H0PAGrjkLBCzaMHjgPIXeLb9RmNec,234
 trovesuite/configs/__init__.py,sha256=h1mSZOaZ3kUy1ZMO_m9O9KklsxywM0RfMVZLh9h9WvQ,328
 trovesuite/configs/database.py,sha256=IPSu8fXjxyYeJ3bFknJG06Qm2L2ub6Ht19xhKv8g7nA,11731
@@ -26,8 +26,8 @@ trovesuite/storage/storage_service.py,sha256=V7LIePIV6b_iuhm-9x8r4zwpZHgeRPL1YIe
 trovesuite/storage/storage_write_dto.py,sha256=vl1iCZ93bpFmpvkCrn587QtMtOA_TPDseXSoTuj9RTQ,1355
 trovesuite/utils/__init__.py,sha256=3UPKTz9cluTgAM-ldNsJxsnoPTZiqacXlAmzUEHy6q8,143
 trovesuite/utils/helper.py,sha256=lvZ1mvaqY84dkIPB5Ov0uwYDOWBziAS8twobEJZh2Ik,1002
-trovesuite-1.0.11.dist-info/licenses/LICENSE,sha256=EJT35ct-Q794JYPdAQy3XNczQGKkU1HzToLeK1YVw2s,1070
-trovesuite-1.0.11.dist-info/METADATA,sha256=HTQhhc9Yps3NbrJz8JqfP493kSVIMux4ToJB2F31_-8,21737
-trovesuite-1.0.11.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-trovesuite-1.0.11.dist-info/top_level.txt,sha256=GzKhG_-MTaxeHrIgkGkBH_nof2vroGFBrjeHKWUIwNc,11
-trovesuite-1.0.11.dist-info/RECORD,,
+trovesuite-1.0.12.dist-info/licenses/LICENSE,sha256=EJT35ct-Q794JYPdAQy3XNczQGKkU1HzToLeK1YVw2s,1070
+trovesuite-1.0.12.dist-info/METADATA,sha256=SGNnZq4p8Cz2762qF93uK51YscvjZYob_4X-2FAme8c,21737
+trovesuite-1.0.12.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+trovesuite-1.0.12.dist-info/top_level.txt,sha256=GzKhG_-MTaxeHrIgkGkBH_nof2vroGFBrjeHKWUIwNc,11
+trovesuite-1.0.12.dist-info/RECORD,,