vhi-python 0.1.1__tar.gz → 0.1.3__tar.gz

{vhi_python-0.1.1 → vhi_python-0.1.3}/PKG-INFO

@@ -1,9 +1,9 @@
 Metadata-Version: 2.4
 Name: vhi-python
-Version: 0.1.1
+Version: 0.1.3
 Summary: A Python client library for the Vhi API, handling authentication, MFA callbacks, claims retrieval, and document downloads.
 Author-email: Agent <agent@example.com>
-License-Expression: MIT
+License: MIT
 Project-URL: Homepage, https://github.com/agent/vhi-python
 Project-URL: Repository, https://github.com/agent/vhi-python.git
 Classifier: Programming Language :: Python :: 3

{vhi_python-0.1.1 → vhi_python-0.1.3}/pyproject.toml

@@ -4,13 +4,13 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "vhi-python"
-version = "0.1.1"
+version = "0.1.3"
 description = "A Python client library for the Vhi API, handling authentication, MFA callbacks, claims retrieval, and document downloads."
 readme = "README.md"
 authors = [
     { name = "Agent", email = "agent@example.com" }
 ]
-license = "MIT"
+license = { text = "MIT" }
 classifiers = [
     "Programming Language :: Python :: 3",
     "Operating System :: OS Independent",

{vhi_python-0.1.1 → vhi_python-0.1.3}/src/vhi/client.py

@@ -1,5 +1,7 @@
 import requests
 import os
+import uuid
+import json
 from typing import Callable, Optional, List
 from .exceptions import VhiAuthenticationError, VhiMfaRequiredError, VhiApiError
 from .models import ClaimStatement
@@ -29,8 +31,10 @@ class VhiClient:
         
         # Default Browser Headers to mimic browser and avoid WAF
         self.session.headers.update({
-            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36",
-            "Accept-Language": "en-US,en;q=0.9",
+            "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36",
+            "sec-ch-ua": '"Chromium";v="146", "Not-A.Brand";v="24", "Google Chrome";v="146"',
+            "sec-ch-ua-mobile": "?0",
+            "sec-ch-ua-platform": '"Windows"',
         })
         
         self.is_authenticated = False
@@ -52,53 +56,70 @@ class VhiClient:
         """
         Performs the login flow. Handles the MFA challenge if required.
         """
-        # Set proper fetch headers
+        # Set proper fetch headers mimicking trace exactly
         headers = {
-            "Content-Type": "application/json",
-            "Accept": "application/json",
-            "Origin": "https://www.vhi.ie",
-            "Referer": "https://www.vhi.ie/",
-            "Sec-Fetch-Mode": "cors",
-            "Sec-Fetch-Site": "same-site",
+            "accept": "application/json, text/plain, */*",
+            "accept-language": "en-IE,en-US;q=0.9,en;q=0.8,ja;q=0.7,en-GB;q=0.6,de;q=0.5",
+            "cache-control": "no-cache",
+            "content-type": "application/json",
+            "dnt": "1",
+            "origin": "https://app.vhi.ie",
+            "pragma": "no-cache",
+            "priority": "u=1, i",
+            "referer": "https://app.vhi.ie/",
+            "sec-fetch-dest": "empty",
+            "sec-fetch-mode": "cors",
+            "sec-fetch-site": "same-site",
+            "user-session-id": str(uuid.uuid4())
         }
         
         payload = {
             "username": self.username,
-            "password": self.password
+            "usercred": self.password
         }
         
+        # Format strictly without spaces to bypass strict WAF parsers
+        raw_payload = json.dumps(payload, separators=(',', ':'))
+        
         # 1. Primary Authentication
-        # The path here is a presumed standard, will likely be updated if the actual path varies
-        login_url = f"{self.apis_base_url}/auth/v1/login"
+        login_url = f"{self.apis_base_url}/api/myvhilogin/login"
         
-        response = self.session.post(login_url, json=payload, headers=headers)
+        response = self.session.post(login_url, data=raw_payload, headers=headers)
         
         if response.status_code == 200:
-            self.is_authenticated = True
-            return
-            
-        elif response.status_code == 202:
-            # MFA Challenge Required
             try:
                 data = response.json()
             except ValueError:
-                raise VhiApiError("MFA response was not valid JSON", status_code=response.status_code)
+                raise VhiApiError("Login response was not valid JSON", status_code=response.status_code)
                 
-            if data.get("mfa_required"):
-                state_token = data.get("state_token")
+            # The HAR trace uses a deeply nested response structure or a flattened one depending on Gateway
+            status_val = data.get("status") or data.get("data", {}).get("status")
+            
+            if status_val == "MFA_REQUIRED":
+                state_token = data.get("stateToken") or data.get("data", {}).get("stateToken")
+                
+                # Attempt to extract the verify url from the first factor
+                try:
+                    factors = data.get("factors") or data.get("data", {}).get("_embedded", {}).get("factors", [])
+                    verify_url = factors[0]["_links"]["verify"]["href"]
+                except (IndexError, KeyError):
+                    # Fallback URL if extraction fails
+                    verify_url = f"https://admin-digital.vhi.ie/api/v1/authn/factors/verify"
+                    
                 if not state_token:
                     raise VhiApiError("MFA required but no state_token provided in response")
                     
-                self._handle_mfa_challenge(state_token, headers)
+                self._handle_mfa_challenge(state_token, verify_url, headers)
             else:
-                raise VhiApiError("Received 202 but not MFA challenge", status_code=response.status_code, response=response)
+                self.is_authenticated = True
+                return
                 
         elif response.status_code == 401:
             raise VhiAuthenticationError("Invalid credentials provided.")
         else:
-            raise VhiApiError(f"Login failed with status {response.status_code}", status_code=response.status_code, response=response)
+            raise VhiApiError(f"Login failed with status {response.status_code}: {response.text}", status_code=response.status_code, response=response)
             
-    def _handle_mfa_challenge(self, state_token: str, base_headers: dict):
+    def _handle_mfa_challenge(self, state_token: str, verify_url: str, base_headers: dict):
         """
         Internal method to submit the MFA code.
         """
@@ -111,13 +132,12 @@ class VhiClient:
         if not otp_code:
             raise VhiAuthenticationError("MFA callback did not return a valid OTP code.")
             
-        mfa_url = f"{self.apis_base_url}/auth/v1/mfa/verify"
         payload = {
-            "otp": otp_code,
-            "state_token": state_token
+            "passCode": otp_code,
+            "stateToken": state_token
         }
         
-        response = self.session.post(mfa_url, json=payload, headers=base_headers)
+        response = self.session.post(verify_url, json=payload, headers=base_headers)
         
         if response.status_code == 200:
             self.is_authenticated = True

{vhi_python-0.1.1 → vhi_python-0.1.3}/src/vhi_python.egg-info/PKG-INFO

@@ -1,9 +1,9 @@
 Metadata-Version: 2.4
 Name: vhi-python
-Version: 0.1.1
+Version: 0.1.3
 Summary: A Python client library for the Vhi API, handling authentication, MFA callbacks, claims retrieval, and document downloads.
 Author-email: Agent <agent@example.com>
-License-Expression: MIT
+License: MIT
 Project-URL: Homepage, https://github.com/agent/vhi-python
 Project-URL: Repository, https://github.com/agent/vhi-python.git
 Classifier: Programming Language :: Python :: 3

{vhi_python-0.1.1 → vhi_python-0.1.3}/src/vhi_python.egg-info/SOURCES.txt

@@ -9,4 +9,5 @@ src/vhi_python.egg-info/SOURCES.txt
 src/vhi_python.egg-info/dependency_links.txt
 src/vhi_python.egg-info/requires.txt
 src/vhi_python.egg-info/top_level.txt
-tests/test_client.py
+tests/test_client.py
+tests/test_integration.py

{vhi_python-0.1.1 → vhi_python-0.1.3}/tests/test_client.py

@@ -11,8 +11,8 @@ def test_login_success_no_mfa():
     
     responses.add(
         responses.POST,
-        "https://apis.vhi.ie/auth/v1/login",
-        json={"token": "test-token"},
+        "https://apis.vhi.ie/api/myvhilogin/login",
+        json={"status": "SUCCESS", "sessionToken": "test-token"},
         status=200
     )
     
@@ -26,19 +26,23 @@ def test_login_requires_mfa_success():
         
     client = VhiClient("test@example.com", "password", mfa_callback=mfa_callback)
     
-    # Mock primary login returning 202
+    # Mock primary login returning 200 with MFA_REQUIRED
     responses.add(
         responses.POST,
-        "https://apis.vhi.ie/auth/v1/login",
-        json={"mfa_required": True, "state_token": "state-123"},
-        status=202
+        "https://apis.vhi.ie/api/myvhilogin/login",
+        json={
+            "status": "MFA_REQUIRED", 
+            "stateToken": "state-123",
+            "factors": [{"_links": {"verify": {"href": "https://admin-digital.vhi.ie/api/v1/authn/factors/verify"}}}]
+        },
+        status=200
     )
     
-    # Mock MFA verify returning 200
+    # Mock MFA verify returning 200 SUCCESS
     responses.add(
         responses.POST,
-        "https://apis.vhi.ie/auth/v1/mfa/verify",
-        json={"token": "final-token"},
+        "https://admin-digital.vhi.ie/api/v1/authn/factors/verify",
+        json={"status": "SUCCESS", "sessionToken": "final-token"},
         status=200
     )
     
@@ -51,7 +55,7 @@ def test_login_invalid_credentials():
     
     responses.add(
         responses.POST,
-        "https://apis.vhi.ie/auth/v1/login",
+        "https://apis.vhi.ie/api/myvhilogin/login",
         status=401
     )
     

vhi_python-0.1.3/tests/test_integration.py

@@ -0,0 +1,31 @@
+import os
+import pytest
+from vhi.client import VhiClient
+from vhi.exceptions import VhiMfaRequiredError, VhiAuthenticationError
+
+@pytest.mark.skipif(
+    not os.getenv("VHI_USERNAME") or not os.getenv("VHI_PASSWORD"),
+    reason="Integration tests require VHI_USERNAME and VHI_PASSWORD environment variables"
+)
+def test_live_login():
+    """
+    Test live login against Vhi API.
+    We expect to hit either a successful login or an MFA challenge.
+    """
+    username = os.environ["VHI_USERNAME"]
+    password = os.environ["VHI_PASSWORD"]
+    
+    # We initialize without an mfa_callback to ensure it raises VhiMfaRequiredError
+    # if MFA is prompted, which validates the primary credentials were correct.
+    client = VhiClient(username, password)
+    
+    try:
+        client.login()
+        # If it succeeds without MFA, we are authenticated.
+        assert client.is_authenticated is True
+    except VhiMfaRequiredError:
+        # If it throws MFA required, the API accepted the usercred and triggered Okta MFA.
+        # This confirms our primary login endpoint and payload reverse-engineering is correct.
+        pass
+    except VhiAuthenticationError as e:
+         pytest.fail(f"Integration login failed - incorrect credentials: {e}")