usso 0.28.25__py3-none-any.whl → 0.28.27__py3-none-any.whl

usso/api_key.py

@@ -10,7 +10,7 @@ from .user import UserData
 logger = logging.getLogger("usso")
 
 
-def _handle_exception(error_type: str, **kwargs):
+def _handle_exception(error_type: str, **kwargs: dict) -> None:
     """Handle API key related exceptions."""
     if kwargs.get("raise_exception", True):
         raise USSOException(
@@ -20,7 +20,7 @@ def _handle_exception(error_type: str, **kwargs):
 
 
 @cachetools.func.ttl_cache(maxsize=128, ttl=60)
-def fetch_api_key_data(api_key_verify_url: str, api_key: str):
+def fetch_api_key_data(api_key_verify_url: str, api_key: str) -> UserData:
     """Fetch user data using an API key.
 
     Args:

usso/authorization.py

@@ -26,6 +26,9 @@ def parse_scope(scope: str) -> tuple[str, list[str], dict[str, str]]:
         "*:*" ->
             ("*", ["*"], {})
 
+        "media//files" ->
+            ("", ["media", "*", "files"], {})
+
     Returns:
         - action: str (could be empty string if no scheme present)
         - path_parts: list[str]
@@ -47,78 +50,58 @@ def parse_scope(scope: str) -> tuple[str, list[str], dict[str, str]]:
     query = scope[question_idx + 1 :]
     filters = {k: v[0] for k, v in parse_qs(query).items()}
     resource_path_parts = resource_path.split("/") if resource_path else ["*"]
-    return action, resource_path_parts, filters
+    return action, [rp or "*" for rp in resource_path_parts], filters
 
 
-def is_path_match(
-    user_path: list[str] | str,
-    requested_path: list[str] | str,
-    strict: bool = False,
-) -> bool:
-    """
-    Match resource paths from right to left, supporting wildcards (*).
-
-    Rules:
-    - The final resource name must match exactly or via fnmatch.
-    - Upper-level path parts are matched from right to left.
-    - Wildcards are allowed in any part.
-
-    Examples = [
-        ("files", "files", True),
-        ("file-manager/files", "files", True),
-        ("media/file-manager/files", "files", True),
-        ("media//files", "files", True),
-        ("media//files", "file-manager/files", True),
-        ("files", "file-manager/files", True),
-        ("*/files", "file-manager/files", True),
-        ("*//files", "file-manager/files", True),
-        ("//files", "file-manager/files", True),
-        ("//files", "media/file-manager/files", True),
-        ("media//files", "media/file-manager/files", True),
-        ("media/files/*", "media/files/transactions", True),
-        ("*/*/transactions", "media/files/transactions", True),
-        ("media/*/transactions", "media/images/transactions", True),
-        ("media//files", "media/files", True), # attention
-
-        ("files", "file", False),
-        ("files", "files/transactions", False),
-        ("files", "media/files/transactions", False),
-        ("media/files", "media/files/transactions", False),
-    ]
-    """
-    if isinstance(user_path, str):
-        user_parts = user_path.split("/")
-    elif isinstance(user_path, list):
-        user_parts = user_path
+def _normalize_path(path: list[str] | str) -> list[str]:
+    if isinstance(path, str):
+        return path.split("/")
+    elif isinstance(path, list):
+        return path
     else:
-        raise ValueError(f"Invalid path type: {type(user_path)}")
+        raise ValueError(f"Invalid path type: {type(path)}")
 
-    if isinstance(requested_path, str):
-        req_parts = requested_path.split("/")
-    elif isinstance(requested_path, list):
-        req_parts = requested_path
-    else:
-        raise ValueError(f"Invalid path type: {type(requested_path)}")
 
+def _match_path_parts(
+    user_parts: list[str], req_parts: list[str], strict: bool
+) -> bool:
+    wildcard_found = False
     # Match resource name (rightmost)
     if not fnmatch.fnmatch(req_parts[-1], user_parts[-1]):
         return False
-
+    if "*" in user_parts[-1]:
+        wildcard_found = True
     # Match rest of the path from right to left
     user_path_parts = user_parts[:-1]
     req_path_parts = req_parts[:-1]
-
     for u, r in zip(
-        reversed(user_path_parts),
-        reversed(req_path_parts),
-        strict=strict,
+        reversed(user_path_parts), reversed(req_path_parts), strict=strict
     ):
         if r and u and r != "*" and not fnmatch.fnmatch(r, u):
             return False
-
+        if "*" in u:
+            wildcard_found = True
+    offset = len(user_path_parts) - len(req_path_parts)
+    if offset > 0 and wildcard_found:
+        for u in user_path_parts[:offset]:
+            if u != "*":
+                return False
     return True
 
 
+def is_path_match(
+    user_path: list[str] | str,
+    requested_path: list[str] | str,
+    strict: bool = False,
+) -> bool:
+    """
+    Match resource paths from right to left, supporting wildcards (*).
+    """
+    user_parts = _normalize_path(user_path)
+    req_parts = _normalize_path(requested_path)
+    return _match_path_parts(user_parts, req_parts, strict)
+
+
 def is_filter_match(user_filters: dict, requested_filters: dict) -> bool:
     """All user filters must match requested filters."""
     for k, v in user_filters.items():
@@ -209,7 +192,7 @@ def is_authorized(
     if not is_path_match(user_path, requested_path, strict=strict):
         return False
 
-    if not is_filter_match(user_filters, reuested_filter):
+    if not is_filter_match(user_filters, reuested_filter or {}):
         return False
 
     if requested_action:
@@ -243,15 +226,15 @@ def check_access(
     if isinstance(filters, dict):
         filters = [{k: v} for k, v in filters.items()]
     elif filters is None:
-        filters = ["*"]
+        filters = [{}]
 
     for scope in user_scopes:
-        for filter in filters:
+        for filt in filters:
             if is_authorized(
                 user_scope=scope,
                 requested_path=resource_path,
                 requested_action=action,
-                reuested_filter=filter,
+                reuested_filter=filt,
                 strict=strict,
             ):
                 return True

usso/client.py

@@ -22,7 +22,7 @@ class UssoAuth:
         self,
         *,
         jwt_config: AvailableJwtConfigs | None = None,
-    ):
+    ) -> None:
         """Initialize the USSO authentication client.
 
         Args:
@@ -38,7 +38,7 @@ class UssoAuth:
         *,
         expected_token_type: str | None = "access",
         raise_exception: bool = True,
-        **kwargs,
+        **kwargs: dict,
     ) -> UserData | None:
         """Get user data from a JWT token.
 

usso/config.py

@@ -13,7 +13,7 @@ class HeaderConfig(BaseModel):
     name: str = "usso_access_token"
 
     @model_validator(mode="before")
-    def validate_header(cls, data: dict):
+    def validate_header(cls, data: dict) -> dict:
         if data.get("type") == "Authorization" and not data.get("name"):
             data["name"] = "Bearer"
         elif data.get("type") == "Cookie":
@@ -22,10 +22,10 @@ class HeaderConfig(BaseModel):
             data["name"] = data.get("name", "x-usso-access-token")
         return data
 
-    def __hash__(self):
+    def __hash__(self) -> int:
         return hash(self.model_dump_json())
 
-    def get_key(self, request) -> str | None:
+    def get_key(self, request: object) -> str | None:  # type: ignore
         headers: dict[str, Any] = getattr(request, "headers", {})
         cookies: dict[str, str] = getattr(
             request, "cookies", headers.get("Cookie", {})
@@ -54,18 +54,18 @@ class AuthConfig(usso_jwt.config.JWTConfig):
     jwt_header: HeaderConfig | None = HeaderConfig()
     static_api_keys: list[str] | None = None
 
-    def get_api_key(self, request) -> str | None:
+    def get_api_key(self, request: object) -> str | None:
         if self.api_key_header:
             return self.api_key_header.get_key(request)
         return None
 
-    def get_jwt(self, request) -> str | None:
+    def get_jwt(self, request: object) -> str | None:
         if self.jwt_header:
             return self.jwt_header.get_key(request)
         return None
 
     def verify_token(
-        self, token: str, *, raise_exception: bool = True, **kwargs
+        self, token: str, *, raise_exception: bool = True, **kwargs: dict
     ) -> bool:
         from usso_jwt import exceptions as jwt_exceptions
         from usso_jwt import schemas

usso/exceptions.py

@@ -14,30 +14,44 @@ error_messages = {
 
 class USSOException(Exception):
     def __init__(
-        self, status_code: int, error: str, message: dict | None = None
-    ):
+        self,
+        status_code: int,
+        error: str,
+        detail: str | None = None,
+        message: dict | None = None,
+        **kwargs: dict,
+    ) -> None:
         self.status_code = status_code
         self.error = error
-        self.message = message
+        msg: dict = {}
         if message is None:
-            self.message = error_messages[error]
-        super().__init__(message)
+            if detail:
+                msg["en"] = detail
+            else:
+                msg["en"] = error_messages.get(error, error)
+        else:
+            msg = message
+
+        self.message = msg
+        self.detail = detail or str(self.message)
+        self.data = kwargs
+        super().__init__(detail)
 
 
 class PermissionDenied(USSOException):
     def __init__(
         self,
         error: str = "permission_denied",
-        message: dict = None,
-        detail: str = None,
-        **kwargs,
-    ):
+        detail: str | None = None,
+        message: dict | None = None,
+        **kwargs: dict,
+    ) -> None:
         super().__init__(
             403, error=error, message=message, detail=detail, **kwargs
         )
 
 
-def _handle_exception(error_type: str, **kwargs):
+def _handle_exception(error_type: str, **kwargs: dict) -> None:
     """Handle JWT-related exceptions."""
     if kwargs.get("raise_exception", True):
         raise USSOException(

usso/integrations/django/middleware.py

@@ -17,7 +17,7 @@ class USSOAuthenticationMiddleware(MiddlewareMixin):
     def jwt_config(self) -> AuthConfig:
         return settings.USSO_JWT_CONFIG
 
-    def process_request(self, request: HttpRequest):
+    def process_request(self, request: HttpRequest) -> None:
         """
         Middleware to authenticate users by JWT token and create or
         return a user in the database.

usso/integrations/fastapi/dependency.py

@@ -16,7 +16,7 @@ class USSOAuthentication(UssoAuth):
         jwt_config: AvailableJwtConfigs | None = None,
         raise_exception: bool = True,
         expected_token_type: str = "access",
-    ):
+    ) -> None:
         if jwt_config is None:
             jwt_config = AuthConfig()
 

usso/integrations/fastapi/handler.py

@@ -4,10 +4,17 @@ from fastapi.responses import JSONResponse
 from ...exceptions import USSOException
 
 
-async def usso_exception_handler(request: Request, exc: USSOException):
+async def usso_exception_handler(
+    request: Request, exc: USSOException
+) -> JSONResponse:
     return JSONResponse(
         status_code=exc.status_code,
-        content={"message": exc.message, "error": exc.error},
+        content={
+            "message": exc.message,
+            "error": exc.error,
+            "detail": exc.detail,
+            **exc.data,
+        },
     )
 
 

usso/session/async_session.py

@@ -17,8 +17,9 @@ class AsyncUssoSession(httpx.AsyncClient, BaseUssoSession):
         usso_api_key: str | None = os.getenv("USSO_ADMIN_API_KEY"),
         user_id: str | None = None,
         client: "AsyncUssoSession" = None,
-    ):
-        httpx.AsyncClient.__init__(self)
+        **kwargs: dict,
+    ) -> None:
+        httpx.AsyncClient.__init__(self, **kwargs)
         BaseUssoSession.__init__(
             self,
             usso_base_url=usso_base_url,
@@ -100,7 +101,7 @@ class AsyncUssoSession(httpx.AsyncClient, BaseUssoSession):
         )
         return self._handle_refresh_response(response)
 
-    async def get_session(self):
+    async def get_session(self) -> "AsyncUssoSession":
         if hasattr(self, "api_key") and self.api_key:
             return self
 
@@ -108,6 +109,8 @@ class AsyncUssoSession(httpx.AsyncClient, BaseUssoSession):
             await self._refresh()
         return self
 
-    async def _request(self, method: str, url: str, **kwargs):
+    async def _request(
+        self, method: str, url: str, **kwargs: dict
+    ) -> httpx.Response:
         session = await self.get_session()
         return await session.request(method, url, **kwargs)

usso/session/base_session.py

@@ -14,7 +14,7 @@ class BaseUssoSession:
         app_secret: str | None = None,
         usso_url: str = "https://sso.usso.io",
         client: Optional["BaseUssoSession"] = None,
-    ):
+    ) -> None:
         if client:
             self.copy_attributes_from(client)
             return
@@ -54,7 +54,7 @@ class BaseUssoSession:
         self.access_token = None
         self.headers = getattr(self, "headers", {})
 
-    def copy_attributes_from(self, client: "BaseUssoSession"):
+    def copy_attributes_from(self, client: "BaseUssoSession") -> None:
         self.usso_url = client.usso_url
         self.usso_refresh_url = client.usso_refresh_url
         self._refresh_token = client._refresh_token
@@ -64,7 +64,7 @@ class BaseUssoSession:
         self.headers = client.headers.copy()
 
     @property
-    def refresh_token(self):
+    def refresh_token(self) -> JWT:
         if (
             self._refresh_token
             and self._refresh_token.verify(  # noqa: W503

usso/session/session.py

@@ -14,8 +14,8 @@ class UssoSession(httpx.Client, BaseUssoSession):
         refresh_token: str | None = os.getenv("USSO_REFRESH_TOKEN"),
         usso_url: str | None = os.getenv("USSO_URL"),
         client: "UssoSession" = None,
-        **kwargs,
-    ):
+        **kwargs: dict,
+    ) -> None:
         httpx.Client.__init__(self, **kwargs)
 
         BaseUssoSession.__init__(
@@ -28,7 +28,7 @@ class UssoSession(httpx.Client, BaseUssoSession):
         if not self.api_key:
             self._refresh()
 
-    def _refresh(self):
+    def _refresh(self) -> dict:
         assert self.refresh_token, "refresh_token is required"
 
         response = httpx.post(
@@ -43,7 +43,7 @@ class UssoSession(httpx.Client, BaseUssoSession):
         self.headers.update({"Authorization": f"Bearer {self.access_token}"})
         return response.json()
 
-    def get_session(self):
+    def get_session(self) -> "UssoSession":
         if self.api_key:
             return self
 
@@ -51,6 +51,8 @@ class UssoSession(httpx.Client, BaseUssoSession):
             self._refresh()
         return self
 
-    def _request(self, method: str, url: str, **kwargs):
+    def _request(
+        self, method: str, url: str, **kwargs: dict
+    ) -> httpx.Response:
         self.get_session()
         return super().request(self, method, url, **kwargs)

usso/user.py

@@ -55,8 +55,8 @@ class UserData(BaseModel):
         acr: str | None = None,
         amr: list[str] | None = None,
         signing_level: str | None = None,
-        **kwargs,
-    ):
+        **kwargs: dict,
+    ) -> None:
         super().__init__(
             jti=jti,
             token_type=token_type,
@@ -109,9 +109,9 @@ class UserData(BaseModel):
         self,
         *,
         mode: Literal["json", "python"] | str = "python",
-        include=None,
-        exclude=None,
-        context: Any | None = None,
+        include: set[str] | list[str] | None = None,
+        exclude: set[str] | list[str] | None = None,
+        context: object | None = None,
         by_alias: bool | None = None,
         exclude_unset: bool = False,
         exclude_defaults: bool = False,
@@ -120,7 +120,7 @@ class UserData(BaseModel):
         warnings: bool | Literal["none", "warn", "error"] = True,
         fallback: Callable[[Any], Any] | None = None,
         serialize_as_any: bool = False,
-    ):
+    ) -> dict:
         return super().model_dump(
             mode=mode,
             include=include,

{usso-0.28.25.dist-info → usso-0.28.27.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: usso
-Version: 0.28.25
+Version: 0.28.27
 Summary: A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
 Author-email: Mahdi Kiani <mahdikiany@gmail.com>
 Maintainer-email: Mahdi Kiani <mahdikiany@gmail.com>

usso-0.28.27.dist-info/RECORD

@@ -0,0 +1,24 @@
+usso/__init__.py,sha256=ot4Q5ouLGe505DGFAxQP4p4yZLLaBLqbHmCF1OvHG1M,585
+usso/api_key.py,sha256=LtBY86HE27xTk-GCixTL2gyikuIV4XBYWY4OknjUgTk,1262
+usso/authorization.py,sha256=5cROjDZkmUs7eYav32h20WxOexucaF2d4i3_MuKhQ9A,8264
+usso/client.py,sha256=kN6RgYQv08jAiBJ6Z9O89LvWdN_3RXI7O-L89zzLVck,2650
+usso/config.py,sha256=zdiEFqfBhl6eAbfSXuoCZFsfiWBG0tnmozridxSIZ0E,3802
+usso/exceptions.py,sha256=hDxw475zvF55FTEqkfhZfciVXXGiB8pyWgqF2HiUiio,1743
+usso/user.py,sha256=uWL5fkD1QSV6H5qC690iS9MJWX5AvDze6c24l3sXvB0,3846
+usso/integrations/django/__init__.py,sha256=dKpbffHS5ouGtW6ooI2ivzjPmH_1rOBny85htR-KqrY,97
+usso/integrations/django/middleware.py,sha256=LEPb2LkGET47cgGpydcylfBabndX4Hycyzj-xdfREug,3453
+usso/integrations/fastapi/__init__.py,sha256=ohToiqutHu3Okr8naunssDkamj1OdiG4OpPdBW0rt7U,204
+usso/integrations/fastapi/dependency.py,sha256=u7jV3xAo3iW1_a8nu7c2Y2lrq5J8TN3PllYPXu-Oqos,2707
+usso/integrations/fastapi/handler.py,sha256=FcYRWcYsiKNygjAWS1elcy_QQ6neCNsUEE8WyMDtMgA,501
+usso/session/__init__.py,sha256=tE4qWUdSI7iN_pywm47Mg8NKOTBa2nCNwCy3wCZWRmU,124
+usso/session/async_session.py,sha256=iu-bnZHe9_ODSXax_WsclJxtwZ9ClVt7KBl3RysYE-U,4073
+usso/session/base_session.py,sha256=M35m_jBkdGHVPL4R3djuJDdE1aONZnoRvMv-FVrhyaU,2582
+usso/session/session.py,sha256=6f0zz1F_p4hbZgvCAdcMur__U_RaTsZ5R2658e1W-t8,1714
+usso/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+usso/utils/string_utils.py,sha256=7tziAa2Cwa7xhwM_NF4DSY3BHoqVaWgJ21VuV8LvhrY,253
+usso-0.28.27.dist-info/licenses/LICENSE.txt,sha256=ceC9ZJOV9H6CtQDcYmHOS46NA3dHJ_WD4J9blH513pc,1081
+usso-0.28.27.dist-info/METADATA,sha256=MscismYOkLXNAART0H5HHurMpAt2pf3ePanpJQizyHM,5061
+usso-0.28.27.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+usso-0.28.27.dist-info/entry_points.txt,sha256=4Zgpm5ELaAWPf0jPGJFz1_X69H7un8ycT3WdGoJ0Vvk,35
+usso-0.28.27.dist-info/top_level.txt,sha256=g9Jf6h1Oyidh0vPiFni7UHInTJjSvu6cUalpLTIvthg,5
+usso-0.28.27.dist-info/RECORD,,

usso-0.28.25.dist-info/RECORD

@@ -1,24 +0,0 @@
-usso/__init__.py,sha256=ot4Q5ouLGe505DGFAxQP4p4yZLLaBLqbHmCF1OvHG1M,585
-usso/api_key.py,sha256=tL5aqrmNHs9GKhCQ5NdbSchvR0qCjdZYZdkHwNONwno,1236
-usso/authorization.py,sha256=tzGhOy3-avVx0WIRDHADgWR42TxWd4z38X_lDKBdFpo,9022
-usso/client.py,sha256=9YTyvro3oz24Pr3i1Dit2R2dpIPsGsuIOol66-8VEyI,2636
-usso/config.py,sha256=7GDAh-yHGYppfkhvrwJykhwJp4HH8P_qPAoGcK8_PZQ,3741
-usso/exceptions.py,sha256=ggYczQ2eGUH9nBxRYVmOk-6IRSwY8NgEKjMPcE0E5YM,1385
-usso/user.py,sha256=YD109KyK0W7LWIH-bXYgtJ53b7Ipb9tLLhwXvwQWyrs,3759
-usso/integrations/django/__init__.py,sha256=dKpbffHS5ouGtW6ooI2ivzjPmH_1rOBny85htR-KqrY,97
-usso/integrations/django/middleware.py,sha256=AZKYZ4UPNmyxcD3ANgp0y_fdrFvVQdHBqyYxo5XhQUs,3445
-usso/integrations/fastapi/__init__.py,sha256=ohToiqutHu3Okr8naunssDkamj1OdiG4OpPdBW0rt7U,204
-usso/integrations/fastapi/dependency.py,sha256=Ik1x1tP1QiZ2czr6CYD0gS9Q3P4eUD35gQEANYuESII,2699
-usso/integrations/fastapi/handler.py,sha256=MNDoBYdySumFsBgVw-xir3jXXH63KehFXKCh-pNnNZQ,386
-usso/session/__init__.py,sha256=tE4qWUdSI7iN_pywm47Mg8NKOTBa2nCNwCy3wCZWRmU,124
-usso/session/async_session.py,sha256=eQQh2DXiaHdballRjePa8GSI9GmGsxNDU7vTfwh8mRQ,3971
-usso/session/base_session.py,sha256=O3tEltMhlwkEz1GGbjE4iXPwSlLaUW2juUt9RDSLrHI,2559
-usso/session/session.py,sha256=briCgDMoF-b59H6Aie_Lmjy4qnPBBSmKnVhAwef34F0,1637
-usso/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-usso/utils/string_utils.py,sha256=7tziAa2Cwa7xhwM_NF4DSY3BHoqVaWgJ21VuV8LvhrY,253
-usso-0.28.25.dist-info/licenses/LICENSE.txt,sha256=ceC9ZJOV9H6CtQDcYmHOS46NA3dHJ_WD4J9blH513pc,1081
-usso-0.28.25.dist-info/METADATA,sha256=SAquyBkbkvGoVC8QvjrvJrMUkkfXtI6phOUI6qH_xzU,5061
-usso-0.28.25.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-usso-0.28.25.dist-info/entry_points.txt,sha256=4Zgpm5ELaAWPf0jPGJFz1_X69H7un8ycT3WdGoJ0Vvk,35
-usso-0.28.25.dist-info/top_level.txt,sha256=g9Jf6h1Oyidh0vPiFni7UHInTJjSvu6cUalpLTIvthg,5
-usso-0.28.25.dist-info/RECORD,,