usso 0.24.9__tar.gz → 0.24.11__tar.gz

{usso-0.24.9/src/usso.egg-info → usso-0.24.11}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: usso
-Version: 0.24.9
+Version: 0.24.11
 Summary: A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
 Author-email: Mahdi Kiani <mahdikiany@gmail.com>
 Maintainer-email: Mahdi Kiani <mahdikiany@gmail.com>
@@ -43,13 +43,14 @@ Requires-Python: >=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE.txt
 Requires-Dist: peppercorn
-Requires-Dist: pydantic>=1.8.2
+Requires-Dist: pydantic>=2
 Requires-Dist: requests>=2.26.0
 Requires-Dist: pyjwt[crypto]
 Requires-Dist: singleton_package
 Provides-Extra: fastapi
 Requires-Dist: fastapi>=0.65.0; extra == "fastapi"
 Requires-Dist: uvicorn[standard]>=0.13.0; extra == "fastapi"
+Requires-Dist: cachetools; extra == "fastapi"
 Provides-Extra: django
 Requires-Dist: Django>=3.2; extra == "django"
 Provides-Extra: dev

{usso-0.24.9 → usso-0.24.11}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "usso"
-version = "0.24.9"
+version = "0.24.11"
 description = "A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices."
 readme = "README.md"
 requires-python = ">=3.9"
@@ -29,12 +29,12 @@ classifiers = [
 ]
 dependencies = [
   "peppercorn",  # Example main dependency
-  "pydantic>=1.8.2",
+  "pydantic>=2",
   "requests>=2.26.0",
   "pyjwt[crypto]",
-  "singleton_package"
+  "singleton_package",
 ]
-optional-dependencies = {"fastapi" = ["fastapi>=0.65.0", "uvicorn[standard]>=0.13.0"],"django" = ["Django>=3.2"],"dev" = ["check-manifest"],"test" = ["coverage"]}
+optional-dependencies = {"fastapi" = ["fastapi>=0.65.0", "uvicorn[standard]>=0.13.0", "cachetools"],"django" = ["Django>=3.2"],"dev" = ["check-manifest"],"test" = ["coverage"]}
 
 [project.urls]
 "Homepage" = "https://github.com/ussoio/usso-python"

{usso-0.24.9 → usso-0.24.11}/src/usso/async_session.py

@@ -1,7 +1,8 @@
 from contextlib import asynccontextmanager
+from datetime import datetime
+
 import aiohttp
 import jwt
-from datetime import datetime
 
 
 class AsyncUssoSession:

usso-0.24.11/src/usso/fastapi/auth_middleware.py

@@ -0,0 +1,176 @@
+import json
+import logging
+import os
+
+import cachetools.func
+import jwt
+from fastapi import Request, WebSocket
+from pydantic import BaseModel, model_validator
+from starlette.status import HTTP_401_UNAUTHORIZED
+
+from usso.core import UserData
+from usso.exceptions import USSOException
+
+logger = logging.getLogger("usso")
+
+
+class JWTConfig(BaseModel):
+    jwk_url: str | None = None
+    secret: str | None = None
+    type: str = "RS256"
+    header: dict[str, str] = {"type": "Cookie", "name": "usso_access_token"}
+
+    def __hash__(self):
+        return hash(self.model_dump_json())
+
+    @model_validator(mode="before")
+    def validate_secret(cls, data: dict):
+        if not data.get("jwk_url") and not data.get("secret"):
+            raise ValueError("Either jwk_url or secret must be provided")
+        return data
+
+    @classmethod
+    @cachetools.func.ttl_cache(maxsize=128, ttl=10 * 60)
+    def get_jwk_keys(cls, jwk_url):
+        return jwt.PyJWKClient(
+            jwk_url,
+            headers={
+                "User-Agent": "usso-python",
+            },
+        )
+
+    @cachetools.func.ttl_cache(maxsize=128, ttl=10 * 60)
+    def decode(self, token: str):
+        if self.jwk_url:
+            jwk_client = self.get_jwk_keys(self.jwk_url)
+            signing_key = jwk_client.get_signing_key_from_jwt(token)
+            return jwt.decode(token, signing_key.key, algorithms=[self.type])
+
+        return jwt.decode(token, self.secret, algorithms=[self.type])
+
+
+class Usso:
+
+    def __init__(self, jwt_config: str | dict | JWTConfig | None = None):
+        if jwt_config is None:
+            self.jwk_url = os.getenv("USSO_JWK_URL")
+            return
+
+        if isinstance(jwt_config, str):
+            jwt_config = json.loads(jwt_config)
+        if isinstance(jwt_config, dict):
+            jwt_config = JWTConfig(**jwt_config)
+
+        self.jwk_url = jwt_config
+        self.jwt_config = jwt_config
+
+    def get_authorization_scheme_param(
+        self,
+        authorization_header_value: str | None,
+    ) -> tuple[str, str]:
+        if not authorization_header_value:
+            return "", ""
+        scheme, _, param = authorization_header_value.partition(" ")
+        return scheme, param
+
+    def user_data_from_token(self, token: str, **kwargs) -> UserData | None:
+        """Return the user associated with a token value."""
+        try:
+            decoded = self.jwk_url.decode(token)
+            if decoded["token_type"] != "access":
+                raise USSOException(
+                    status_code=401,
+                    error="invalid_token_type",
+                )
+            decoded["token"] = token
+            return UserData(**decoded)
+        except jwt.exceptions.ExpiredSignatureError:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(status_code=401, error="expired_signature")
+        except jwt.exceptions.InvalidSignatureError:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(status_code=401, error="invalid_signature")
+        except jwt.exceptions.InvalidAlgorithmError:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(
+                    status_code=401,
+                    error="invalid_algorithm",
+                )
+        except jwt.exceptions.InvalidIssuedAtError:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(
+                    status_code=401,
+                    error="invalid_issued_at",
+                )
+        except jwt.exceptions.InvalidTokenError:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(
+                    status_code=401,
+                    error="invalid_token",
+                )
+        except jwt.exceptions.InvalidKeyError:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(
+                    status_code=401,
+                    error="invalid_key",
+                )
+        except KeyError as e:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(
+                    status_code=401,
+                    error="key_error",
+                    message=str(e),
+                )
+        except USSOException as e:
+            if kwargs.get("raise_exception", True):
+                raise e
+        except Exception as e:
+            if kwargs.get("raise_exception", True):
+                raise USSOException(
+                    status_code=401,
+                    error="error",
+                    message=str(e),
+                )
+            logger.error(e)
+
+    async def jwt_access_security(self, request: Request) -> UserData | None:
+        """Return the user associated with a token value."""
+        kwargs = {}
+        authorization = request.headers.get("Authorization")
+        if authorization:
+            scheme, credentials = self.get_authorization_scheme_param(authorization)
+            if scheme.lower() == "bearer":
+                token = credentials
+                return self.user_data_from_token(token, **kwargs)
+
+        cookie_token = request.cookies.get("usso_access_token")
+        if cookie_token:
+            return self.user_data_from_token(cookie_token, **kwargs)
+
+        if kwargs.get("raise_exception", True):
+            raise USSOException(
+                status_code=HTTP_401_UNAUTHORIZED,
+                error="unauthorized",
+            )
+        return None
+
+    async def jwt_access_security_ws(self, websocket: WebSocket) -> UserData | None:
+        """Return the user associated with a token value."""
+        kwargs = {}
+        authorization = websocket.headers.get("Authorization")
+        if authorization:
+            scheme, credentials = self.get_authorization_scheme_param(authorization)
+            if scheme.lower() == "bearer":
+                token = credentials
+                return self.user_data_from_token(token, **kwargs)
+
+        cookie_token = websocket.cookies.get("usso_access_token")
+        if cookie_token:
+            return self.user_data_from_token(cookie_token, **kwargs)
+
+        if kwargs.get("raise_exception", True):
+            raise USSOException(
+                status_code=HTTP_401_UNAUTHORIZED,
+                error="unauthorized",
+            )
+        return None

{usso-0.24.9 → usso-0.24.11/src/usso.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: usso
-Version: 0.24.9
+Version: 0.24.11
 Summary: A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
 Author-email: Mahdi Kiani <mahdikiany@gmail.com>
 Maintainer-email: Mahdi Kiani <mahdikiany@gmail.com>
@@ -43,13 +43,14 @@ Requires-Python: >=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE.txt
 Requires-Dist: peppercorn
-Requires-Dist: pydantic>=1.8.2
+Requires-Dist: pydantic>=2
 Requires-Dist: requests>=2.26.0
 Requires-Dist: pyjwt[crypto]
 Requires-Dist: singleton_package
 Provides-Extra: fastapi
 Requires-Dist: fastapi>=0.65.0; extra == "fastapi"
 Requires-Dist: uvicorn[standard]>=0.13.0; extra == "fastapi"
+Requires-Dist: cachetools; extra == "fastapi"
 Provides-Extra: django
 Requires-Dist: Django>=3.2; extra == "django"
 Provides-Extra: dev

{usso-0.24.9 → usso-0.24.11}/src/usso.egg-info/SOURCES.txt

@@ -19,6 +19,7 @@ src/usso.egg-info/top_level.txt
 src/usso/django/__init__.py
 src/usso/django/middleware.py
 src/usso/fastapi/__init__.py
+src/usso/fastapi/auth_middleware.py
 src/usso/fastapi/integration.py
 tests/test_api.py
 tests/test_core.py

{usso-0.24.9 → usso-0.24.11}/src/usso.egg-info/requires.txt

@@ -1,5 +1,5 @@
 peppercorn
-pydantic>=1.8.2
+pydantic>=2
 requests>=2.26.0
 pyjwt[crypto]
 singleton_package
@@ -13,6 +13,7 @@ Django>=3.2
 [fastapi]
 fastapi>=0.65.0
 uvicorn[standard]>=0.13.0
+cachetools
 
 [test]
 coverage