usso 0.24.8__py3-none-any.whl → 0.24.10__py3-none-any.whl

usso/async_session.py

@@ -1,4 +1,6 @@
+from contextlib import asynccontextmanager
 from datetime import datetime
+
 import aiohttp
 import jwt
 
@@ -52,35 +54,33 @@ class AsyncUssoSession:
         if self.session:
             await self.session.close()  # Close the session properly
 
+    @asynccontextmanager
     async def _request(self, method: str, url: str, **kwargs):
         await self._ensure_valid_token()  # Ensure valid token before any request
-        return await self.session.request(method, url, **kwargs)
+        async with self.session.request(method, url, **kwargs) as response:
+            yield response
+
+    def get(self, url: str, **kwargs):
+        return self._request("GET", url, **kwargs)
 
-    async def get(self, url: str, **kwargs):
-        return await self._request("GET", url, **kwargs)
+    def post(self, url: str, **kwargs):
+        return self._request("POST", url, **kwargs)
 
-    async def post(self, url: str, **kwargs):
-        return await self._request("POST", url, **kwargs)
+    def put(self, url: str, **kwargs):
+        return self._request("PUT", url, **kwargs)
 
-    async def put(self, url: str, **kwargs):
-        return await self._request("PUT", url, **kwargs)
+    def patch(self, url: str, **kwargs):
+        return self._request("PATCH", url, **kwargs)
 
-    async def patch(self, url: str, **kwargs):
-        return await self._request("PATCH", url, **kwargs)
+    def delete(self, url: str, **kwargs):
+        return self._request("DELETE", url, **kwargs)
 
-    async def delete(self, url: str, **kwargs):
-        return await self._request("DELETE", url, **kwargs)
+    def head(self, url: str, **kwargs):
+        return self._request("HEAD", url, **kwargs)
 
-    async def head(self, url: str, **kwargs):
-        return await self._request("HEAD", url, **kwargs)
+    def options(self, url: str, **kwargs):
+        return self._request("OPTIONS", url, **kwargs)
 
-    async def options(self, url: str, **kwargs):
-        return await self._request("OPTIONS", url, **kwargs)
-    
     async def close(self):
         await self.session.close()
         self.session = None
-
-    async def __del__(self):
-        if self.session:
-            await self.session.close()

usso/fastapi/auth_middleware.py

@@ -0,0 +1,176 @@
+import json
+import logging
+import os
+
+import cachetools.func
+import jwt
+from fastapi import Request, WebSocket
+from pydantic import BaseModel, model_validator
+from starlette.status import HTTP_401_UNAUTHORIZED
+
+from usso.core import UserData
+from usso.exceptions import USSOException
+
+logger = logging.getLogger("usso")
+
+
+class JWTConfig(BaseModel):
+    jwk_url: str | None = None
+    secret: str | None = None
+    type: str = "RS256"
+    header: dict[str, str] = {"type": "Cookie", "name": "usso_access_token"}
+
+    def __hash__(self):
+        return hash(self.model_dump_json())
+
+    @model_validator(mode="before")
+    def validate_secret(cls, data: dict):
+        if not data.get("jwk_url") and not data.get("secret"):
+            raise ValueError("Either jwk_url or secret must be provided")
+        return data
+
+    @classmethod
+    @cachetools.func.ttl_cache(maxsize=128, ttl=10 * 60)
+    def get_jwk_keys(cls, jwk_url):
+        return jwt.PyJWKClient(
+            jwk_url,
+            headers={
+                "User-Agent": "usso-python",
+            },
+        )
+
+    @cachetools.func.ttl_cache(maxsize=128, ttl=10 * 60)
+    def decode(self, token: str):
+        if self.jwk_url:
+            jwk_client = self.get_jwk_keys(self.jwk_url)
+            signing_key = jwk_client.get_signing_key_from_jwt(token)
+            return jwt.decode(token, signing_key.key, algorithms=[self.type])
+
+        return jwt.decode(token, self.secret, algorithms=[self.type])
+
+
+class Usso:
+
+    def __init__(self, jwt_config: str | dict | JWTConfig | None = None):
+        if jwt_config is None:
+            self.jwk_url = os.getenv("USSO_JWK_URL")
+            return
+
+        if isinstance(jwt_config, str):
+            jwt_config = json.loads(jwt_config)
+        if isinstance(jwt_config, dict):
+            jwt_config = JWTConfig(**jwt_config)
+
+        self.jwk_url = jwt_config
+        self.jwt_config = jwt_config
+
+    def get_authorization_scheme_param(
+        self,
+        authorization_header_value: str | None,
+    ) -> tuple[str, str]:
+        if not authorization_header_value:
+            return "", ""
+        scheme, _, param = authorization_header_value.partition(" ")
+        return scheme, param
+
+    def user_data_from_token(self, token: str, **kwargs) -> UserData | None:
+        """Return the user associated with a token value."""
+        try:
+            decoded = self.jwk_url.decode(token)
+            if decoded["token_type"] != "access":
+                raise USSOException(
+                    status_code=401,
+                    error="invalid_token_type",
+                )
+            decoded["token"] = token
+            return UserData(**decoded)
+        except jwt.exceptions.ExpiredSignatureError:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(status_code=401, error="expired_signature")
+        except jwt.exceptions.InvalidSignatureError:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(status_code=401, error="invalid_signature")
+        except jwt.exceptions.InvalidAlgorithmError:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(
+                    status_code=401,
+                    error="invalid_algorithm",
+                )
+        except jwt.exceptions.InvalidIssuedAtError:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(
+                    status_code=401,
+                    error="invalid_issued_at",
+                )
+        except jwt.exceptions.InvalidTokenError:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(
+                    status_code=401,
+                    error="invalid_token",
+                )
+        except jwt.exceptions.InvalidKeyError:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(
+                    status_code=401,
+                    error="invalid_key",
+                )
+        except KeyError as e:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(
+                    status_code=401,
+                    error="key_error",
+                    message=str(e),
+                )
+        except USSOException as e:
+            if kwargs.get("raise_exception", True):
+                raise e
+        except Exception as e:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(
+                    status_code=401,
+                    error="error",
+                    message=str(e),
+                )
+            logger.error(e)
+
+    async def jwt_access_security(self, request: Request) -> UserData | None:
+        """Return the user associated with a token value."""
+        kwargs = {}
+        authorization = request.headers.get("Authorization")
+        if authorization:
+            scheme, credentials = self.get_authorization_scheme_param(authorization)
+            if scheme.lower() == "bearer":
+                token = credentials
+                return self.user_data_from_token(token, **kwargs)
+
+        cookie_token = request.cookies.get("usso_access_token")
+        if cookie_token:
+            return self.user_data_from_token(cookie_token, **kwargs)
+
+        if kwargs.get("raise_exception", True):
+            raise USSOException(
+                status_code=HTTP_401_UNAUTHORIZED,
+                error="unauthorized",
+            )
+        return None
+
+    async def jwt_access_security_ws(self, websocket: WebSocket) -> UserData | None:
+        """Return the user associated with a token value."""
+        kwargs = {}
+        authorization = websocket.headers.get("Authorization")
+        if authorization:
+            scheme, credentials = self.get_authorization_scheme_param(authorization)
+            if scheme.lower() == "bearer":
+                token = credentials
+                return self.user_data_from_token(token, **kwargs)
+
+        cookie_token = websocket.cookies.get("usso_access_token")
+        if cookie_token:
+            return self.user_data_from_token(cookie_token, **kwargs)
+
+        if kwargs.get("raise_exception", True):
+            raise USSOException(
+                status_code=HTTP_401_UNAUTHORIZED,
+                error="unauthorized",
+            )
+        return None

{usso-0.24.8.dist-info → usso-0.24.10.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: usso
-Version: 0.24.8
+Version: 0.24.10
 Summary: A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
 Author-email: Mahdi Kiani <mahdikiany@gmail.com>
 Maintainer-email: Mahdi Kiani <mahdikiany@gmail.com>

{usso-0.24.8.dist-info → usso-0.24.10.dist-info}/RECORD

@@ -1,7 +1,7 @@
 usso/__init__.py,sha256=NnOS_S1a-JKTOlGe1nw-kCL3m0y82mA2mDraus7BQ2o,120
 usso/api.py,sha256=xlDq2nZNpq3mhAvqIbGEfANHNjJpPquSeULBfS7iMJw,5094
 usso/async_api.py,sha256=rb-Xh5oudmZrPYM_iH_B75b5Z0Fvi1V1uurdcKE51w0,5551
-usso/async_session.py,sha256=8cNVmbzQ_mh33JCe0NqdmCkIXBJOkFpSH1TOZb1y8NA,3102
+usso/async_session.py,sha256=EPHT0wjwGuRg3NLvtUlLNSVZCgvAvRyUGx21XBsEBHk,3028
 usso/b64tools.py,sha256=HGQ0E59vzjrQo2-4jrcY03ebtTaYwTtCZ7KgJaEmxO0,610
 usso/core.py,sha256=m6Y-g70FuPYZM3AMtsEVVToQkYrf4WwNVH8C4HZRzl8,4103
 usso/exceptions.py,sha256=hawOAuVbvQtjgRfwp1KFZ4SmV7fh720y5Gom9JVA8W8,504
@@ -10,10 +10,11 @@ usso/session.py,sha256=S3dFXzar0Pcwxj5TGqadKwGdmzmzgp4H2W3brfOwJ6A,1184
 usso/django/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 usso/django/middleware.py,sha256=EEEpHvMQ6QiWw2HY8zQ2Aec0RCATcLWsCKeyiPWJKio,3245
 usso/fastapi/__init__.py,sha256=0EcdOzb4f3yu9nILIdGWnlyUz-0VaVX2az1e3f2BusI,201
+usso/fastapi/auth_middleware.py,sha256=5JnDHvBM_xfasSHpBIFlrxFsZTLS2AhMuvyzr0tyI8k,6323
 usso/fastapi/integration.py,sha256=VAUWaa7ChQ1jTtn8A136VgyG6t2kDo5pGK-3RgmNDVs,1669
-usso-0.24.8.dist-info/LICENSE.txt,sha256=ceC9ZJOV9H6CtQDcYmHOS46NA3dHJ_WD4J9blH513pc,1081
-usso-0.24.8.dist-info/METADATA,sha256=94xpCS11SWweVYRuhOg_l38LLQwR4DWVWoGYaoXshNQ,4231
-usso-0.24.8.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
-usso-0.24.8.dist-info/entry_points.txt,sha256=4Zgpm5ELaAWPf0jPGJFz1_X69H7un8ycT3WdGoJ0Vvk,35
-usso-0.24.8.dist-info/top_level.txt,sha256=g9Jf6h1Oyidh0vPiFni7UHInTJjSvu6cUalpLTIvthg,5
-usso-0.24.8.dist-info/RECORD,,
+usso-0.24.10.dist-info/LICENSE.txt,sha256=ceC9ZJOV9H6CtQDcYmHOS46NA3dHJ_WD4J9blH513pc,1081
+usso-0.24.10.dist-info/METADATA,sha256=11Of45nfG3Y5of89Q3WY8ITH3FEJBgBLCZhyLlWmEfw,4232
+usso-0.24.10.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+usso-0.24.10.dist-info/entry_points.txt,sha256=4Zgpm5ELaAWPf0jPGJFz1_X69H7un8ycT3WdGoJ0Vvk,35
+usso-0.24.10.dist-info/top_level.txt,sha256=g9Jf6h1Oyidh0vPiFni7UHInTJjSvu6cUalpLTIvthg,5
+usso-0.24.10.dist-info/RECORD,,