PyPI - usso - Versions diffs - 0.27.11__py3-none-any.whl → 0.27.13__py3-none-any.whl - Mend

usso 0.27.11py3-none-any.whl → 0.27.13py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

usso/core.py +64 -141
usso/exceptions.py +4 -4
usso/schemas.py +29 -1
usso/session/async_session.py +12 -12
usso/session/base_session.py +6 -0
usso/session/session.py +12 -13
{usso-0.27.11.dist-info → usso-0.27.13.dist-info}/METADATA +1 -1
{usso-0.27.11.dist-info → usso-0.27.13.dist-info}/RECORD +12 -12
{usso-0.27.11.dist-info → usso-0.27.13.dist-info}/LICENSE.txt +0 -0
{usso-0.27.11.dist-info → usso-0.27.13.dist-info}/WHEEL +0 -0
{usso-0.27.11.dist-info → usso-0.27.13.dist-info}/entry_points.txt +0 -0
{usso-0.27.11.dist-info → usso-0.27.13.dist-info}/top_level.txt +0 -0

usso/core.py CHANGED Viewed

@@ -5,13 +5,11 @@ from datetime import datetime, timedelta
 from urllib.parse import urlparse
 import cachetools.func
+import httpx
 import jwt
-import requests
-from cachetools import TTLCache, cached
-from pydantic import BaseModel, model_validator
 from .exceptions import USSOException
-from .schemas import UserData
+from .schemas import JWTConfig, UserData
 logger = logging.getLogger("usso")
@@ -26,36 +24,34 @@ def get_authorization_scheme_param(
 def decode_token(key, token: str, algorithms=["RS256"], **kwargs) -> dict:
+    """Decode a JWT token."""
     try:
         decoded = jwt.decode(token, key, algorithms=algorithms)
-        decoded["data"] = decoded
-        decoded["token"] = token
+        decoded.update({"data": decoded, "token": token})
         return UserData(**decoded)
-    except jwt.exceptions.ExpiredSignatureError:
-        if kwargs.get("raise_exception", True):
-            raise USSOException(status_code=401, error="expired_signature")
-    except jwt.exceptions.InvalidSignatureError:
-        if kwargs.get("raise_exception", True):
-            raise USSOException(status_code=401, error="invalid_signature")
-    except jwt.exceptions.InvalidAlgorithmError:
-        if kwargs.get("raise_exception", True):
-            raise USSOException(status_code=401, error="invalid_algorithm")
-    except jwt.exceptions.InvalidIssuedAtError:
-        if kwargs.get("raise_exception", True):
-            raise USSOException(status_code=401, error="invalid_issued_at")
-    except jwt.exceptions.InvalidTokenError:
-        if kwargs.get("raise_exception", True):
-            raise USSOException(status_code=401, error="invalid_token")
-    except jwt.exceptions.InvalidKeyError:
-        if kwargs.get("raise_exception", True):
-            raise USSOException(status_code=401, error="invalid_key")
-    except USSOException as e:
-        if kwargs.get("raise_exception", True):
-            raise e
+    except jwt.ExpiredSignatureError:
+        _handle_exception("expired_signature", **kwargs)
+    except jwt.InvalidSignatureError:
+        _handle_exception("invalid_signature", **kwargs)
+    except jwt.InvalidAlgorithmError:
+        _handle_exception("invalid_algorithm", **kwargs)
+    except jwt.InvalidIssuedAtError:
+        _handle_exception("invalid_issued_at", **kwargs)
+    except jwt.InvalidTokenError:
+        _handle_exception("invalid_token", **kwargs)
+    except jwt.InvalidKeyError:
+        _handle_exception("invalid_key", **kwargs)
     except Exception as e:
-        if kwargs.get("raise_exception", True):
-            raise USSOException(status_code=401, error="error", message=str(e))
-        logger.error(e)
+        _handle_exception("error", message=str(e), **kwargs)
+def _handle_exception(error_type: str, **kwargs):
+    """Handle JWT-related exceptions."""
+    if kwargs.get("raise_exception", True):
+        raise USSOException(
+            status_code=401, error=error_type, message=kwargs.get("message")
+        )
+    logger.error(kwargs.get("message") or error_type)
 def is_expired(token: str, **kwargs) -> bool:
@@ -66,69 +62,31 @@ def is_expired(token: str, **kwargs) -> bool:
     return exp < now
-@cached(TTLCache(maxsize=128, ttl=10 * 60))
+@cachetools.func.ttl_cache(maxsize=128, ttl=10 * 60)
 def get_jwk_keys(jwk_url: str) -> jwt.PyJWKClient:
     return jwt.PyJWKClient(jwk_url, headers={"User-Agent": "usso-python"})
-def decode_token_jwk(jwk_url: str, token: str, **kwargs) -> UserData | None:
+def decode_token_with_jwk(jwk_url: str, token: str, **kwargs) -> UserData | None:
     """Return the user associated with a token value."""
     try:
         jwk_client = get_jwk_keys(jwk_url)
         signing_key = jwk_client.get_signing_key_from_jwt(token)
         return decode_token(signing_key.key, token, **kwargs)
-    except USSOException as e:
-        if kwargs.get("raise_exception", True):
-            raise e
-        logger.error(e)
     except Exception as e:
-        if kwargs.get("raise_exception", True):
-            raise USSOException(
-                status_code=401,
-                error="error",
-                message=str(e),
-            )
-        logger.error(e)
+        _handle_exception("error", message=str(e), **kwargs)
-@cached(TTLCache(maxsize=128, ttl=10 * 60))
-def get_api_key_data(jwk_url: str, api_key: str):
+@cachetools.func.ttl_cache(maxsize=128, ttl=10 * 60)
+def fetch_api_key_data(jwk_url: str, api_key: str):
     parsed = urlparse(jwk_url)
     url = f"{parsed.scheme}://{parsed.netloc}/api_key/verify"
-    response = requests.post(url, json={"api_key": api_key})
+    response = httpx.post(url, json={"api_key": api_key})
     response.raise_for_status()
     return UserData(**response.json())
-class JWTConfig(BaseModel):
-    jwk_url: str | None = None
-    secret: str | None = None
-    type: str = "RS256"
-    header: dict[str, str] = {"type": "Cookie", "name": "usso_access_token"}
-    def __hash__(self):
-        return hash(self.model_dump_json())
-    @model_validator(mode="before")
-    def validate_secret(cls, data: dict):
-        if not data.get("jwk_url") and not data.get("secret"):
-            raise ValueError("Either jwk_url or secret must be provided")
-        return data
-    @classmethod
-    @cachetools.func.ttl_cache(maxsize=128, ttl=10 * 60)
-    def get_jwk_keys(cls, jwk_url):
-        return get_jwk_keys(jwk_url)
-    @cachetools.func.ttl_cache(maxsize=128, ttl=10 * 60)
-    def decode(self, token: str):
-        if self.jwk_url:
-            return decode_token_jwk(self.jwk_url, token)
-        return decode_token(self.secret, token, algorithms=[self.type])
 class Usso:
     def __init__(
         self,
         *,
@@ -138,45 +96,44 @@ class Usso:
         jwk_url: str | None = None,
         secret: str | None = None,
     ):
+        self.jwt_configs = self._initialize_configs(jwt_config, jwk_url, secret)
+    def _initialize_configs(
+        self,
+        jwt_config: (
+            str | dict | JWTConfig | list[str] | list[dict] | list[JWTConfig] | None
+        ) = None,
+        jwk_url: str | None = None,
+        secret: str | None = None,
+    ):
+        """Initialize JWT configurations."""
         if jwt_config is None:
             jwt_config = os.getenv("USSO_JWT_CONFIG")
         if jwt_config is None:
-            if not jwk_url:
-                jwk_url = os.getenv("USSO_JWK_URL") or os.getenv("USSO_JWKS_URL")
+            jwk_url = jwk_url or os.getenv("USSO_JWK_URL") or os.getenv("USSO_JWKS_URL")
+            secret = secret or os.getenv("USSO_SECRET")
             if jwk_url:
-                self.jwt_configs = [JWTConfig(jwk_url=jwk_url)]
-                return
-            if not secret:
-                secret = os.getenv("USSO_SECRET")
+                return [JWTConfig(jwk_url=jwk_url)]
             if secret:
-                self.jwt_configs = [JWTConfig(secret=secret)]
-                return
+                return [JWTConfig(secret=secret)]
             raise ValueError(
-                "\n".join(
-                    [
-                        "jwt_config or jwk_url or secret must be provided",
-                        "or set the environment variable USSO_JWT_CONFIG or USSO_JWK_URL or USSO_SECRET",
-                    ]
-                )
+                "Provide jwt_config, jwk_url, or secret, or set the appropriate environment variables."
             )
-        def _get_config(jwt_config):
-            if isinstance(jwt_config, str):
-                jwt_config = json.loads(jwt_config)
-            if isinstance(jwt_config, dict):
-                jwt_config = JWTConfig(**jwt_config)
-            return jwt_config
+        if isinstance(jwt_config, (str, dict, JWTConfig)):
+            return [self._parse_config(jwt_config)]
+        if isinstance(jwt_config, list):
+            return [self._parse_config(config) for config in jwt_config]
+        raise ValueError("Invalid jwt_config format")
-        if isinstance(jwt_config, str | dict | JWTConfig):
-            jwt_config = [_get_config(jwt_config)]
-        elif isinstance(jwt_config, list):
-            jwt_config = [_get_config(j) for j in jwt_config]
-        # self.jwk_url = jwt_config
-        self.jwt_configs = jwt_config
+    def _parse_config(self, config):
+        """Parse a single JWT configuration."""
+        if isinstance(config, str):
+            config = json.loads(config)
+        if isinstance(config, dict):
+            return JWTConfig(**config)
+        return config
     def user_data_from_token(self, token: str, **kwargs) -> UserData | None:
         """Return the user associated with a token value."""
@@ -185,49 +142,15 @@ class Usso:
             try:
                 user_data = jwk_config.decode(token)
                 if user_data.token_type.lower() != kwargs.get("token_type", "access"):
-                    raise USSOException(
-                        status_code=401,
-                        error="invalid_token_type",
-                        message="Token type must be 'access'",
-                    )
+                    _handle_exception("invalid_token_type", **kwargs)
                 return user_data
             except USSOException as e:
                 exp = e
         if kwargs.get("raise_exception", True):
             if exp:
-                raise exp
-            raise USSOException(
-                status_code=401,
-                error="unauthorized",
-            )
-    def user_data_api_key(self, api_key: str, **kwargs) -> UserData | None:
-        """get user data from auth server by api_key."""
-        for jwk_config in self.jwt_configs:
-            try:
-                user_data = jwk_config.decode(api_key)
-                if user_data.token_type.lower() != kwargs.get("token_type", "access"):
-                    raise USSOException(
-                        status_code=401,
-                        error="invalid_token_type",
-                        message="Token type must be 'access'",
-                    )
-                return user_data
-            except USSOException as e:
-                exp = e
-        if kwargs.get("raise_exception", True):
-            if exp:
-                raise exp
-            raise USSOException(
-                status_code=401,
-                error="unauthorized",
-            )
+                _handle_exception(exp.error, message=str(exp), **kwargs)
+            _handle_exception("unauthorized", **kwargs)
     def user_data_from_api_key(self, api_key: str):
-        return get_api_key_data(self.jwt_configs[0].jwk_url, api_key)
+        return fetch_api_key_data(self.jwt_configs[0].jwk_url, api_key)

usso/exceptions.py CHANGED Viewed

@@ -1,8 +1,9 @@
 error_messages = {
-    "invalid_signature": "Invalid signature",
-    "invalid_token": "Invalid token",
-    "expired_signature": "Expired signature",
+    "invalid_signature": "Unauthorized. The JWT signature is invalid.",
+    "invalid_token": "Unauthorized. The JWT is invalid or not provided.",
+    "expired_signature": "Unauthorized. The JWT is expired.",
     "unauthorized": "Unauthorized",
+    "invalid_token_type": "Unauthorized. Token type must be 'access'",
 }
@@ -14,4 +15,3 @@ class USSOException(Exception):
         if message is None:
             self.message = error_messages[error]
         super().__init__(message)

usso/schemas.py CHANGED Viewed

@@ -1,6 +1,7 @@
 import uuid
-from pydantic import BaseModel
+import cachetools.func
+from pydantic import BaseModel, model_validator
 from . import b64tools
@@ -37,3 +38,30 @@ class UserData(BaseModel):
     @property
     def b64id(self) -> uuid.UUID:
         return b64tools.b64_encode_uuid_strip(self.uid)
+class JWTConfig(BaseModel):
+    """Configuration for JWT processing."""
+    jwk_url: str | None = None
+    secret: str | None = None
+    algorithm: str = "RS256"
+    header: dict[str, str] = {"type": "Cookie", "name": "usso_access_token"}
+    def __hash__(self):
+        return hash(self.model_dump_json())
+    @model_validator(mode="before")
+    def validate_config(cls, data: dict):
+        if not data.get("jwk_url") and not data.get("secret"):
+            raise ValueError("Either jwk_url or secret must be provided")
+        return data
+    @cachetools.func.ttl_cache(maxsize=128, ttl=600)
+    def decode(self, token: str):
+        """Decode a token using the configured method."""
+        from .core import decode_token, decode_token_with_jwk
+        if self.jwk_url:
+            return decode_token_with_jwk(self.jwk_url, token)
+        return decode_token(self.secret, token, algorithms=[self.algorithm])

usso/session/async_session.py CHANGED Viewed

@@ -1,5 +1,7 @@
 import os
 import httpx
 from ..core import is_expired
 from .base_session import BaseUssoSession
@@ -17,18 +19,16 @@ class AsyncUssoSession(httpx.AsyncClient, BaseUssoSession):
         client: "AsyncUssoSession" | None = None,
     ):
         httpx.AsyncClient.__init__(self)
-        if client:
-            self.copy_attributes_from(client)
-        else:
-            BaseUssoSession.__init__(
-                self,
-                usso_base_url=usso_base_url,
-                api_key=api_key,
-                usso_refresh_url=usso_refresh_url,
-                refresh_token=refresh_token,
-                usso_api_key=usso_api_key,
-                user_id=user_id,
-            )
+        BaseUssoSession.__init__(
+            self,
+            usso_base_url=usso_base_url,
+            api_key=api_key,
+            usso_refresh_url=usso_refresh_url,
+            refresh_token=refresh_token,
+            usso_api_key=usso_api_key,
+            user_id=user_id,
+            client=client,
+        )
         self._refresh_sync()
     def _prepare_refresh_request(self) -> tuple[dict, dict]:

usso/session/base_session.py CHANGED Viewed

@@ -1,5 +1,6 @@
 import os
 from urllib.parse import urlparse
 from usso.core import is_expired
@@ -13,7 +14,12 @@ class BaseUssoSession:
         refresh_token: str | None = os.getenv("USSO_REFRESH_TOKEN"),
         usso_api_key: str | None = os.getenv("USSO_ADMIN_API_KEY"),
         user_id: str | None = None,
+        client: "BaseUssoSession" | None = None,
     ):
+        if client:
+            self.copy_attributes_from(client)
+            return
         assert (
             usso_base_url or usso_refresh_url
         ), "usso_base_url or usso_refresh_url is required"

usso/session/session.py CHANGED Viewed

@@ -1,12 +1,13 @@
 import os
 import httpx
 from usso.core import is_expired
 from .base_session import BaseUssoSession
-class UssoSession(BaseUssoSession, httpx.Client):
+class UssoSession(httpx.Client, BaseUssoSession):
     def __init__(
         self,
@@ -21,18 +22,16 @@ class UssoSession(BaseUssoSession, httpx.Client):
     ):
         httpx.Client.__init__(self)
-        if client:
-            self.copy_attributes_from(client)
-        else:
-            BaseUssoSession.__init__(
-                self,
-                usso_base_url=usso_base_url,
-                api_key=api_key,
-                usso_refresh_url=usso_refresh_url,
-                refresh_token=refresh_token,
-                usso_api_key=usso_api_key,
-                user_id=user_id,
-            )
+        BaseUssoSession.__init__(
+            self,
+            usso_base_url=usso_base_url,
+            api_key=api_key,
+            usso_refresh_url=usso_refresh_url,
+            refresh_token=refresh_token,
+            usso_api_key=usso_api_key,
+            user_id=user_id,
+            client=client,
+        )
         self._refresh()
     def _refresh_api(self):

{usso-0.27.11.dist-info → usso-0.27.13.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: usso
-Version: 0.27.11
+Version: 0.27.13
 Summary: A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
 Author-email: Mahdi Kiani <mahdikiany@gmail.com>
 Maintainer-email: Mahdi Kiani <mahdikiany@gmail.com>

{usso-0.27.11.dist-info → usso-0.27.13.dist-info}/RECORD RENAMED Viewed

@@ -1,8 +1,8 @@
 usso/__init__.py,sha256=NnOS_S1a-JKTOlGe1nw-kCL3m0y82mA2mDraus7BQ2o,120
 usso/b64tools.py,sha256=HGQ0E59vzjrQo2-4jrcY03ebtTaYwTtCZ7KgJaEmxO0,610
-usso/core.py,sha256=akOET-sKPhdFQLdXCi8zDhEI2sBKjsdDqkUy7h0IBTE,8042
-usso/exceptions.py,sha256=syb8V6ysKivFk52NyPAkeMSMQkNi0h8yxDnz_uI2VkA,505
-usso/schemas.py,sha256=nYFqBMtnGJw13cSKSIMIZdxKVz3AIbnETDuiENHdl5g,850
+usso/core.py,sha256=R4WrOn5bkBJzAnvJZldfihfwNvMn0BnjoKkO5eCnDTA,5533
+usso/exceptions.py,sha256=ogJsjdUK0HoZdQv5uCnzIVoG-bTTMHBqyvB4swAMsiE,653
+usso/schemas.py,sha256=aK_UWZvqjZLz5r1yBIZX_nL2yPCNUjxpZ93AsV9mAes,1810
 usso/client/__init__.py,sha256=ilGFrugI7bhGXVIcETdbRAye8S7k2mVjkEeziToVzSs,100
 usso/client/api.py,sha256=xlDq2nZNpq3mhAvqIbGEfANHNjJpPquSeULBfS7iMJw,5094
 usso/client/async_api.py,sha256=VBmuUsx9vBy-naeiVNhsGgJOTpD1z7VgH_23lazz3_4,5156
@@ -11,12 +11,12 @@ usso/django/middleware.py,sha256=EEEpHvMQ6QiWw2HY8zQ2Aec0RCATcLWsCKeyiPWJKio,324
 usso/fastapi/__init__.py,sha256=0EcdOzb4f3yu9nILIdGWnlyUz-0VaVX2az1e3f2BusI,201
 usso/fastapi/integration.py,sha256=IonxxNj_B9sG2j672rIzE047qo972vk7ch4-eGENp3Q,2638
 usso/session/__init__.py,sha256=tE4qWUdSI7iN_pywm47Mg8NKOTBa2nCNwCy3wCZWRmU,124
-usso/session/async_session.py,sha256=Q7Rbw5z5tiiagNEvRR26SP7zCvwtV5DTWnanQWghvms,3577
-usso/session/base_session.py,sha256=Hs5ZEME04TJF3qNfk2gqD81Ib9UTZw_ArDRELxnSYVM,2829
-usso/session/session.py,sha256=PHVkDACeSCP7h2Pn38SEl905akwyRbk38gk6-KD8fqI,2450
-usso-0.27.11.dist-info/LICENSE.txt,sha256=ceC9ZJOV9H6CtQDcYmHOS46NA3dHJ_WD4J9blH513pc,1081
-usso-0.27.11.dist-info/METADATA,sha256=Q3t58tigwCVoN4dI5bYZ08wdz7IIjM_1ndH0CIuwaLk,4518
-usso-0.27.11.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
-usso-0.27.11.dist-info/entry_points.txt,sha256=4Zgpm5ELaAWPf0jPGJFz1_X69H7un8ycT3WdGoJ0Vvk,35
-usso-0.27.11.dist-info/top_level.txt,sha256=g9Jf6h1Oyidh0vPiFni7UHInTJjSvu6cUalpLTIvthg,5
-usso-0.27.11.dist-info/RECORD,,
+usso/session/async_session.py,sha256=7n-Gp7mfW2W4X24qPo8bWSBj4BT1VJ3tfWia9cR7OSA,3491
+usso/session/base_session.py,sha256=rUYKWO9UtDfDAv-WrUPMz99LRgf2ilZ9EGtq6B5NDcA,2964
+usso/session/session.py,sha256=PUGfki7dfJrGBJ6VC_KKTzcYI7NC3stLPf0BgTWd_ss,2363
+usso-0.27.13.dist-info/LICENSE.txt,sha256=ceC9ZJOV9H6CtQDcYmHOS46NA3dHJ_WD4J9blH513pc,1081
+usso-0.27.13.dist-info/METADATA,sha256=syYQdcLcUBNeLlqwZoj8GBTTGn1jUG1-mt-awGeFKTY,4518
+usso-0.27.13.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+usso-0.27.13.dist-info/entry_points.txt,sha256=4Zgpm5ELaAWPf0jPGJFz1_X69H7un8ycT3WdGoJ0Vvk,35
+usso-0.27.13.dist-info/top_level.txt,sha256=g9Jf6h1Oyidh0vPiFni7UHInTJjSvu6cUalpLTIvthg,5
+usso-0.27.13.dist-info/RECORD,,

{usso-0.27.11.dist-info → usso-0.27.13.dist-info}/LICENSE.txt RENAMED Viewed

File without changes

{usso-0.27.11.dist-info → usso-0.27.13.dist-info}/WHEEL RENAMED Viewed

File without changes

{usso-0.27.11.dist-info → usso-0.27.13.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{usso-0.27.11.dist-info → usso-0.27.13.dist-info}/top_level.txt RENAMED Viewed

File without changes

usso 0.27.11__py3-none-any.whl → 0.27.13__py3-none-any.whl

usso 0.27.11py3-none-any.whl → 0.27.13py3-none-any.whl