Merge pull request #38 from mdsol/develop

Develop => Master for 1.4.0

CHANGELOG.md

@@ -1,3 +1,7 @@
+# 1.4.0
+- Add `MAuthWSGIMiddleware` for authenticating requests in WSGI frameworks like Flask.
+- Remove `FlaskAuthenticator`.
+
 # 1.3.0
 - Add `MAuthASGIMiddleware` for authenticating requests in ASGI frameworks like FastAPI.
 - Remove Support for EOL Python 3.6

README.md

@@ -112,30 +112,37 @@ authentic, status_code, message = authenticator.is_authentic()
 app_uuid = authenticator.get_app_uuid()
 ```
 
-#### Flask applications
+#### WSGI Applications
 
-You will need to create an application instance and initialize it with `FlaskAuthenticator`.
-To specify routes that need to be authenticated use the `requires_authentication` decorator.
+To apply to a WSGI application you should use the `MAuthWSGIMiddleware`. You
+can make certain paths exempt from authentication by passing the `exempt`
+option with a set of paths to exempt.
+
+Here is an example for Flask. Note that requesting app's UUID and the
+protocol version will be added to the request environment for successfully
+authenticated requests.
 
 ```python
-from flask import Flask
-from mauth_client.flask_authenticator import FlaskAuthenticator, requires_authentication
+from flask import Flask, request, jsonify
+from mauth_client.consts import ENV_APP_UUID, ENV_PROTOCOL_VERSION
+from mauth_client.middlewares import MAuthWSGIMiddleware
 
-app = Flask("Some Sample App")
-authenticator = FlaskAuthenticator()
-authenticator.init_app(app)
+app = Flask("MyApp")
+app.wsgi_app = MAuthWSGIMiddleware(app.wsgi_app, exempt={"/app_status"})
 
-@app.route("/some/private/route", methods=["GET"])
-@requires_authentication
-def private_route():
-    return "Wibble"
+@app.get("/")
+def root():
+    return jsonify({
+        "msg": "authenticated",
+        "app_uuid": request.environ[ENV_APP_UUID],
+        "protocol_version": request.environ[ENV_PROTOCOL_VERSION],
+    })
 
-@app.route("/app_status", methods=["GET"])
-def app_status():
-    return "OK"
+@app.get("/app_status")
+    return "this route is exempt from authentication"
 ```
 
-#### ASGI applications
+#### ASGI Applications
 
 To apply to an ASGI application you should use the `MAuthASGIMiddleware`. You
 can make certain paths exempt from authentication by passing the `exempt`
@@ -147,7 +154,7 @@ authenticated requests.
 
 ```python
 from fastapi import FastAPI, Request
-from mauth_client.constants import ENV_APP_UUID, ENV_PROTOCOL_VERSION
+from mauth_client.consts import ENV_APP_UUID, ENV_PROTOCOL_VERSION
 from mauth_client.middlewares import MAuthASGIMiddleware
 
 app = FastAPI()

mauth_client/middlewares/__init__.py

@@ -1 +1,2 @@
 from .asgi import MAuthASGIMiddleware
+from .wsgi import MAuthWSGIMiddleware

mauth_client/middlewares/wsgi.py

@@ -0,0 +1,62 @@
+import json
+import logging
+
+from mauth_client.authenticator import LocalAuthenticator
+from mauth_client.config import Config
+from mauth_client.consts import (
+    ENV_APP_UUID,
+    ENV_AUTHENTIC,
+    ENV_PROTOCOL_VERSION,
+)
+
+from mauth_client.signable import RequestSignable
+from mauth_client.signed import Signed
+
+logger = logging.getLogger("mauth_wsgi")
+
+
+class MAuthWSGIMiddleware:
+    def __init__(self, app, exempt=None):
+        self._validate_configs()
+        self.app = app
+        self.exempt = exempt.copy() if exempt else set()
+
+    def __call__(self, environ, start_response):
+        req = environ["werkzeug.request"]
+
+        if req.path in self.exempt:
+            return self.app(environ, start_response)
+
+        signable = RequestSignable(
+            method=req.method,
+            url=req.url,
+            body=self._read_body(environ),
+        )
+        signed = Signed.from_headers(dict(req.headers))
+        authenticator = LocalAuthenticator(signable, signed, logger)
+        is_authentic, status, message = authenticator.is_authentic()
+
+        if is_authentic:
+            environ[ENV_APP_UUID] = signed.app_uuid
+            environ[ENV_AUTHENTIC] = True
+            environ[ENV_PROTOCOL_VERSION] = signed.protocol_version()
+            return self.app(environ, start_response)
+
+        start_response(status, [("content-type", "application/json")])
+        body = {"errors": {"mauth": [message]}}
+        return [json.dumps(body).encode("utf-8")]
+
+    def _validate_configs(self):
+        # Validate the client settings (APP_UUID, PRIVATE_KEY)
+        if not all([Config.APP_UUID, Config.PRIVATE_KEY]):
+            raise TypeError("MAuthWSGIMiddleware requires APP_UUID and PRIVATE_KEY")
+        # Validate the mauth settings (MAUTH_BASE_URL, MAUTH_API_VERSION)
+        if not all([Config.MAUTH_URL, Config.MAUTH_API_VERSION]):
+            raise TypeError("MAuthWSGIMiddleware requires MAUTH_URL and MAUTH_API_VERSION")
+
+    def _read_body(self, environ):
+        input = environ["wsgi.input"]
+        input.seek(0)
+        body = input.read()
+        input.seek(0)
+        return body

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "mauth-client"
-version = "1.3.0"
+version = "1.4.0"
 description = "MAuth Client for Python"
 repository = "https://github.com/mdsol/mauth-client-python"
 authors = ["Medidata Solutions <[email protected]>"]
@@ -13,10 +13,10 @@ classifiers = [
     "License :: OSI Approved :: MIT License",
     "Operating System :: OS Independent",
     "Programming Language :: Python",
-    "Programming Language :: Python :: 3.6",
     "Programming Language :: Python :: 3.7",
     "Programming Language :: Python :: 3.8",
     "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
     "Topic :: Internet :: WWW/HTTP",
     "Topic :: Software Development :: Libraries :: Python Modules",
 ]