usso 0.28.16__py3-none-any.whl → 0.28.18__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- usso/auth/api_key.py +4 -7
- usso/auth/authorization.py +35 -1
- usso/auth/client.py +4 -1
- usso/auth/config.py +1 -1
- usso/models/user.py +0 -1
- {usso-0.28.16.dist-info → usso-0.28.18.dist-info}/METADATA +1 -1
- {usso-0.28.16.dist-info → usso-0.28.18.dist-info}/RECORD +11 -11
- {usso-0.28.16.dist-info → usso-0.28.18.dist-info}/WHEEL +0 -0
- {usso-0.28.16.dist-info → usso-0.28.18.dist-info}/entry_points.txt +0 -0
- {usso-0.28.16.dist-info → usso-0.28.18.dist-info}/licenses/LICENSE.txt +0 -0
- {usso-0.28.16.dist-info → usso-0.28.18.dist-info}/top_level.txt +0 -0
usso/auth/api_key.py
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import logging
|
|
2
|
-
from urllib.parse import urlparse
|
|
3
2
|
|
|
4
3
|
import cachetools.func
|
|
5
4
|
import httpx
|
|
@@ -19,12 +18,12 @@ def _handle_exception(error_type: str, **kwargs):
|
|
|
19
18
|
logger.error(kwargs.get("message") or error_type)
|
|
20
19
|
|
|
21
20
|
|
|
22
|
-
@cachetools.func.ttl_cache(maxsize=128, ttl=
|
|
23
|
-
def fetch_api_key_data(
|
|
21
|
+
@cachetools.func.ttl_cache(maxsize=128, ttl=60)
|
|
22
|
+
def fetch_api_key_data(api_key_verify_url: str, api_key: str):
|
|
24
23
|
"""Fetch user data using an API key.
|
|
25
24
|
|
|
26
25
|
Args:
|
|
27
|
-
|
|
26
|
+
api_key_verify_url: The API key verify URL to use for verification
|
|
28
27
|
api_key: The API key to verify
|
|
29
28
|
|
|
30
29
|
Returns:
|
|
@@ -34,9 +33,7 @@ def fetch_api_key_data(jwks_url: str, api_key: str):
|
|
|
34
33
|
USSOException: If the API key is invalid or verification fails
|
|
35
34
|
"""
|
|
36
35
|
try:
|
|
37
|
-
|
|
38
|
-
url = f"{parsed.scheme}://{parsed.netloc}/api_key/verify"
|
|
39
|
-
response = httpx.post(url, json={"api_key": api_key})
|
|
36
|
+
response = httpx.post(api_key_verify_url, json={"api_key": api_key})
|
|
40
37
|
response.raise_for_status()
|
|
41
38
|
return UserData(**response.json())
|
|
42
39
|
except Exception as e:
|
usso/auth/authorization.py
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import fnmatch
|
|
2
|
+
import logging
|
|
2
3
|
from urllib.parse import parse_qs, urlparse
|
|
3
4
|
|
|
4
5
|
PRIVILEGE_LEVELS = {
|
|
@@ -136,7 +137,7 @@ def is_authorized(
|
|
|
136
137
|
return False
|
|
137
138
|
|
|
138
139
|
if requested_action:
|
|
139
|
-
user_level = PRIVILEGE_LEVELS.get(user_action or "
|
|
140
|
+
user_level = PRIVILEGE_LEVELS.get(user_action or "read", 10)
|
|
140
141
|
req_level = PRIVILEGE_LEVELS.get(requested_action, 0)
|
|
141
142
|
return user_level >= req_level
|
|
142
143
|
|
|
@@ -181,3 +182,36 @@ def check_access(
|
|
|
181
182
|
print(f"auth failed {filter}, {scope}")
|
|
182
183
|
|
|
183
184
|
return False
|
|
185
|
+
|
|
186
|
+
|
|
187
|
+
def is_subset_scope(*, subset_scope: str, super_scope: str) -> bool:
|
|
188
|
+
child_action, child_path, child_filters = parse_scope(subset_scope)
|
|
189
|
+
parent_action, parent_path, parent_filters = parse_scope(super_scope)
|
|
190
|
+
|
|
191
|
+
# 1. Compare privilege levels
|
|
192
|
+
child_level = PRIVILEGE_LEVELS.get(child_action or "read", 10)
|
|
193
|
+
parent_level = PRIVILEGE_LEVELS.get(parent_action or "read", 10)
|
|
194
|
+
if parent_level < child_level:
|
|
195
|
+
return False
|
|
196
|
+
|
|
197
|
+
# 2. Compare path
|
|
198
|
+
child_path_str = "/".join(child_path)
|
|
199
|
+
parent_path_str = "/".join(parent_path)
|
|
200
|
+
if not is_path_match(parent_path_str, child_path_str):
|
|
201
|
+
return False
|
|
202
|
+
|
|
203
|
+
# 3. Compare filters: parent_filters ⊆ child_filters
|
|
204
|
+
for k, v in parent_filters.items():
|
|
205
|
+
if child_filters.get(k) != v:
|
|
206
|
+
return False
|
|
207
|
+
|
|
208
|
+
logging.error(f"{parent_level}, {child_level}")
|
|
209
|
+
|
|
210
|
+
return True
|
|
211
|
+
|
|
212
|
+
|
|
213
|
+
def has_subset_scope(*, subset_scope: str, user_scopes: list[str]) -> bool:
|
|
214
|
+
for user_scope in user_scopes:
|
|
215
|
+
if is_subset_scope(subset_scope=subset_scope, super_scope=user_scope):
|
|
216
|
+
return True
|
|
217
|
+
return False
|
usso/auth/client.py
CHANGED
usso/auth/config.py
CHANGED
|
@@ -42,7 +42,7 @@ class HeaderConfig(BaseModel):
|
|
|
42
42
|
|
|
43
43
|
|
|
44
44
|
class APIHeaderConfig(HeaderConfig):
|
|
45
|
-
verify_endpoint: str = "https://sso.usso.io/
|
|
45
|
+
verify_endpoint: str = "https://sso.usso.io/api/sso/v1/apikeys/verify"
|
|
46
46
|
|
|
47
47
|
|
|
48
48
|
class AuthConfig(usso_jwt.config.JWTConfig):
|
usso/models/user.py
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: usso
|
|
3
|
-
Version: 0.28.
|
|
3
|
+
Version: 0.28.18
|
|
4
4
|
Summary: A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
|
|
5
5
|
Author-email: Mahdi Kiani <mahdikiany@gmail.com>
|
|
6
6
|
Maintainer-email: Mahdi Kiani <mahdikiany@gmail.com>
|
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
usso/__init__.py,sha256=t3tYcw4qtGFpk7iakXTqEj5RlzIc8D2fs0I3FZcOmGs,571
|
|
2
2
|
usso/exceptions.py,sha256=cBzmMCwpNQKMjCUXO3bCcFwZJQQvbvJ5RxTH987ZlCI,1012
|
|
3
3
|
usso/auth/__init__.py,sha256=Dthv-iZTgsHTGcJrkJsnAtDCbRR5dNCx0Ut7MufoAXY,270
|
|
4
|
-
usso/auth/api_key.py,sha256=
|
|
5
|
-
usso/auth/authorization.py,sha256=
|
|
6
|
-
usso/auth/client.py,sha256=
|
|
7
|
-
usso/auth/config.py,sha256=
|
|
4
|
+
usso/auth/api_key.py,sha256=EIW9yCOu52EzF9I16yOmBHtIJQAXZ6YhMwJUsBtuWVA,1162
|
|
5
|
+
usso/auth/authorization.py,sha256=kXp8O1pGtCaeuLWsWgxCIHRwhZTyRQd7o1slDrdBU6Y,6605
|
|
6
|
+
usso/auth/client.py,sha256=WFB7I9_fzr_P-oK_elaiCe5EIZZ9kY_LkkJls6BGWZk,2645
|
|
7
|
+
usso/auth/config.py,sha256=SQMr6Y0zJFA9jvx8UKKv6PPJ0GVBzlwKXfAhwQn2fjU,3750
|
|
8
8
|
usso/integrations/django/__init__.py,sha256=dKpbffHS5ouGtW6ooI2ivzjPmH_1rOBny85htR-KqrY,97
|
|
9
9
|
usso/integrations/django/middleware.py,sha256=AZKYZ4UPNmyxcD3ANgp0y_fdrFvVQdHBqyYxo5XhQUs,3445
|
|
10
10
|
usso/integrations/fastapi/__init__.py,sha256=ohToiqutHu3Okr8naunssDkamj1OdiG4OpPdBW0rt7U,204
|
|
11
11
|
usso/integrations/fastapi/dependency.py,sha256=Cq-rkCrmNIC8OT1OkdMxfIEkmQkl_pwqV7N7CiNnDSA,2801
|
|
12
12
|
usso/integrations/fastapi/handler.py,sha256=MNDoBYdySumFsBgVw-xir3jXXH63KehFXKCh-pNnNZQ,386
|
|
13
|
-
usso/models/user.py,sha256=
|
|
13
|
+
usso/models/user.py,sha256=YD109KyK0W7LWIH-bXYgtJ53b7Ipb9tLLhwXvwQWyrs,3759
|
|
14
14
|
usso/session/__init__.py,sha256=tE4qWUdSI7iN_pywm47Mg8NKOTBa2nCNwCy3wCZWRmU,124
|
|
15
15
|
usso/session/async_session.py,sha256=eQQh2DXiaHdballRjePa8GSI9GmGsxNDU7vTfwh8mRQ,3971
|
|
16
16
|
usso/session/base_session.py,sha256=O3tEltMhlwkEz1GGbjE4iXPwSlLaUW2juUt9RDSLrHI,2559
|
|
@@ -18,9 +18,9 @@ usso/session/session.py,sha256=briCgDMoF-b59H6Aie_Lmjy4qnPBBSmKnVhAwef34F0,1637
|
|
|
18
18
|
usso/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
19
19
|
usso/utils/method_utils.py,sha256=1NMN4le04PWXDSJZK-nf7q2IFqOMkwYcCnslFXAzlH8,355
|
|
20
20
|
usso/utils/string_utils.py,sha256=7tziAa2Cwa7xhwM_NF4DSY3BHoqVaWgJ21VuV8LvhrY,253
|
|
21
|
-
usso-0.28.
|
|
22
|
-
usso-0.28.
|
|
23
|
-
usso-0.28.
|
|
24
|
-
usso-0.28.
|
|
25
|
-
usso-0.28.
|
|
26
|
-
usso-0.28.
|
|
21
|
+
usso-0.28.18.dist-info/licenses/LICENSE.txt,sha256=ceC9ZJOV9H6CtQDcYmHOS46NA3dHJ_WD4J9blH513pc,1081
|
|
22
|
+
usso-0.28.18.dist-info/METADATA,sha256=P34MmMqYpsJtLO7OsNTb19tStTN5kf7h9HKRnczdWH0,5061
|
|
23
|
+
usso-0.28.18.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
|
|
24
|
+
usso-0.28.18.dist-info/entry_points.txt,sha256=4Zgpm5ELaAWPf0jPGJFz1_X69H7un8ycT3WdGoJ0Vvk,35
|
|
25
|
+
usso-0.28.18.dist-info/top_level.txt,sha256=g9Jf6h1Oyidh0vPiFni7UHInTJjSvu6cUalpLTIvthg,5
|
|
26
|
+
usso-0.28.18.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|