Module supertokens_python.recipe.thirdparty.utils
Expand source code
# Copyright (c) 2021, VRAI Labs and/or its affiliates. All rights reserved.
#
# This software is licensed under the Apache License, Version 2.0 (the
# "License") as published by the Apache Software Foundation.
#
# You may not use this file except in compliance with the License. You may
# obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from __future__ import annotations
from typing import (TYPE_CHECKING, Any, Awaitable, Callable, Dict, List, Set,
Union)
from supertokens_python.exceptions import raise_bad_input_exception
from supertokens_python.recipe.thirdparty.emaildelivery.services.backward_compatibility import \
BackwardCompatibilityService
from supertokens_python.utils import deprecated_warn
from .interfaces import APIInterface, RecipeInterface
if TYPE_CHECKING:
from .recipe import ThirdPartyRecipe
from .provider import Provider
from jwt import PyJWKClient, decode
from supertokens_python.ingredients.emaildelivery.types import (
EmailDeliveryConfig, EmailDeliveryConfigWithService)
from supertokens_python.recipe.emailverification.utils import \
OverrideConfig as EmailVerificationOverrideConfig
from supertokens_python.recipe.emailverification.utils import \
ParentRecipeEmailVerificationConfig
from ..emailverification.types import User as EmailVerificationUser
from .types import EmailTemplateVars, User
class SignInAndUpFeature:
def __init__(self, providers: List[Provider]):
if len(providers) == 0:
raise_bad_input_exception('thirdparty recipe requires atleast 1 provider to be passed in sign_in_and_up_feature.providers config')
default_providers_set: Set[str] = set()
all_providers_set: Set[str] = set()
for provider in providers:
provider_id = provider.id
all_providers_set.add(provider_id)
is_default = provider.is_default
if not is_default:
# if this id is not being used by any other provider, we treat
# this as the is_default
other_providers_with_same_id = list(
filter(lambda p: p.id == provider_id and provider != p, providers))
if len(other_providers_with_same_id) == 0:
# we treat this as the isDefault now.
is_default = True
if is_default:
if provider_id in default_providers_set:
raise_bad_input_exception(
'You have provided multiple third party providers that have the id: "' + provider_id + '" '
'and '
'are '
'marked as "is_default: True". Please only mark one of them as is_default.')
default_providers_set.add(provider_id)
if len(default_providers_set) != len(all_providers_set):
# this means that there is no provider marked as is_default
raise_bad_input_exception(
'The providers array has multiple entries for the same third party provider. Please '
'mark one of them as the default one by using "is_default: true".')
self.providers = providers
class InputEmailVerificationConfig:
def __init__(self,
get_email_verification_url: Union[Callable[[
User, Dict[str, Any]], Awaitable[str]], None] = None,
create_and_send_custom_email: Union[Callable[[
User, str, Dict[str, Any]], Awaitable[None]], None] = None
):
self.get_email_verification_url = get_email_verification_url
self.create_and_send_custom_email = create_and_send_custom_email
if create_and_send_custom_email:
deprecated_warn("create_and_send_custom_email is depricated. Please use email delivery config instead")
def email_verification_create_and_send_custom_email(
recipe: ThirdPartyRecipe, create_and_send_custom_email: Callable[[
User, str, Dict[str, Any]], Awaitable[None]]) -> Callable[[
EmailVerificationUser, str, Dict[str, Any]], Awaitable[None]]:
async def func(user: EmailVerificationUser, link: str, user_context: Dict[str, Any]):
user_info = await recipe.recipe_implementation.get_user_by_id(user.user_id, user_context)
if user_info is None:
raise Exception('Unknown User ID provided')
return await create_and_send_custom_email(user_info, link, user_context)
return func
def email_verification_get_email_verification_url(
recipe: ThirdPartyRecipe, get_email_verification_url: Callable[[
User, Dict[str, Any]], Awaitable[str]]) -> Callable[[
EmailVerificationUser, Any], Awaitable[str]]:
async def func(user: EmailVerificationUser, user_context: Dict[str, Any]):
user_info = await recipe.recipe_implementation.get_user_by_id(user.user_id, user_context)
if user_info is None:
raise Exception('Unknown User ID provided')
return await get_email_verification_url(user_info, user_context)
return func
def validate_and_normalise_email_verification_config(
recipe: ThirdPartyRecipe, config: Union[InputEmailVerificationConfig, None], override: InputOverrideConfig)\
-> ParentRecipeEmailVerificationConfig:
create_and_send_custom_email = None
get_email_verification_url = None
if config is None:
config = InputEmailVerificationConfig()
if config.create_and_send_custom_email is not None:
create_and_send_custom_email = email_verification_create_and_send_custom_email(
recipe, config.create_and_send_custom_email)
if config.get_email_verification_url is not None:
get_email_verification_url = email_verification_get_email_verification_url(recipe,
config.get_email_verification_url)
return ParentRecipeEmailVerificationConfig(
get_email_for_user_id=recipe.get_email_for_user_id,
create_and_send_custom_email=create_and_send_custom_email,
get_email_verification_url=get_email_verification_url,
override=override.email_verification_feature
)
class InputOverrideConfig:
def __init__(self, functions: Union[Callable[[RecipeInterface], RecipeInterface], None] = None,
apis: Union[Callable[[APIInterface],
APIInterface], None] = None,
email_verification_feature: Union[EmailVerificationOverrideConfig, None] = None):
self.functions = functions
self.apis = apis
self.email_verification_feature = email_verification_feature
class OverrideConfig:
def __init__(self, functions: Union[Callable[[RecipeInterface], RecipeInterface], None] = None,
apis: Union[Callable[[APIInterface], APIInterface], None] = None):
self.functions = functions
self.apis = apis
class ThirdPartyConfig:
def __init__(self,
sign_in_and_up_feature: SignInAndUpFeature,
email_verification_feature: ParentRecipeEmailVerificationConfig,
override: OverrideConfig,
get_email_delivery_config: Callable[[RecipeInterface], EmailDeliveryConfigWithService[EmailTemplateVars]],
):
self.sign_in_and_up_feature = sign_in_and_up_feature
self.email_verification_feature = email_verification_feature
self.override = override
self.get_email_delivery_config = get_email_delivery_config
def validate_and_normalise_user_input(
recipe: ThirdPartyRecipe,
sign_in_and_up_feature: SignInAndUpFeature,
email_verification_feature: Union[InputEmailVerificationConfig, None] = None,
override: Union[InputOverrideConfig, None] = None,
email_delivery_config: Union[EmailDeliveryConfig[EmailTemplateVars], None] = None
) -> ThirdPartyConfig:
if not isinstance(sign_in_and_up_feature, SignInAndUpFeature): # type: ignore
raise ValueError('sign_in_and_up_feature must be an instance of SignInAndUpFeature')
if override is not None and not isinstance(override, InputOverrideConfig): # type: ignore
raise ValueError('override must be an instance of InputOverrideConfig or None')
if override is None:
override = InputOverrideConfig()
def get_email_delivery_config(tp_recipe: RecipeInterface
) -> EmailDeliveryConfigWithService[EmailTemplateVars]:
if email_delivery_config and email_delivery_config.service:
return EmailDeliveryConfigWithService(
email_delivery_config.service,
email_delivery_config.override
)
email_service = BackwardCompatibilityService(
recipe.app_info,
tp_recipe,
email_verification_feature,
)
if email_delivery_config is not None and email_delivery_config.override is not None:
override = email_delivery_config.override
else:
override = None
return EmailDeliveryConfigWithService(email_service, override=override)
return ThirdPartyConfig(
sign_in_and_up_feature,
validate_and_normalise_email_verification_config(recipe, email_verification_feature, override),
OverrideConfig(functions=override.functions, apis=override.apis),
get_email_delivery_config
)
def find_right_provider(
providers: List[Provider],
third_party_id: str,
client_id: Union[str, None]
) -> Union[Provider, None]:
for provider in providers:
provider_id = provider.id
if provider_id != third_party_id:
continue
# first if there is only one provider with third_party_id in the
# providers array
other_providers_with_same_id = list(
filter(lambda p: p.id == provider_id and provider != p, providers))
if len(other_providers_with_same_id) == 0:
# then we always return that.
return provider
# otherwise, we look for the is_default provider if client_id is
# missing
if client_id is None and provider.is_default:
return provider
# otherwise, we return a provider that matches based on client Id as
# well.
if provider.get_client_id({}) == client_id:
return provider
return None
def verify_id_token_from_jwks_endpoint(
id_token: str, jwks_uri: str, audience: str, issuers: List[str]) -> Dict[str, Any]:
jwks_client = PyJWKClient(jwks_uri)
signing_key = jwks_client.get_signing_key_from_jwt(id_token)
data: Dict[str, Any] = decode( # type: ignore
id_token,
signing_key.key, # type: ignore
algorithms=["RS256"],
audience=audience,
options={"verify_exp": False})
issuer_found = False
for issuer in issuers:
if data['iss'] == issuer:
issuer_found = True
if not issuer_found:
raise Exception('no required issuer found')
return dataFunctions
def email_verification_create_and_send_custom_email(recipe: ThirdPartyRecipe, create_and_send_custom_email: Callable[[User, str, Dict[str, Any]], Awaitable[None]]) ‑> Callable[[EmailVerificationUser, str, Dict[str, Any]], Awaitable[None]]-
Expand source code
def email_verification_create_and_send_custom_email( recipe: ThirdPartyRecipe, create_and_send_custom_email: Callable[[ User, str, Dict[str, Any]], Awaitable[None]]) -> Callable[[ EmailVerificationUser, str, Dict[str, Any]], Awaitable[None]]: async def func(user: EmailVerificationUser, link: str, user_context: Dict[str, Any]): user_info = await recipe.recipe_implementation.get_user_by_id(user.user_id, user_context) if user_info is None: raise Exception('Unknown User ID provided') return await create_and_send_custom_email(user_info, link, user_context) return func def email_verification_get_email_verification_url(recipe: ThirdPartyRecipe, get_email_verification_url: Callable[[User, Dict[str, Any]], Awaitable[str]]) ‑> Callable[[EmailVerificationUser, Any], Awaitable[str]]-
Expand source code
def email_verification_get_email_verification_url( recipe: ThirdPartyRecipe, get_email_verification_url: Callable[[ User, Dict[str, Any]], Awaitable[str]]) -> Callable[[ EmailVerificationUser, Any], Awaitable[str]]: async def func(user: EmailVerificationUser, user_context: Dict[str, Any]): user_info = await recipe.recipe_implementation.get_user_by_id(user.user_id, user_context) if user_info is None: raise Exception('Unknown User ID provided') return await get_email_verification_url(user_info, user_context) return func def find_right_provider(providers: List[Provider], third_party_id: str, client_id: Union[str, None]) ‑> Union[Provider, None]-
Expand source code
def find_right_provider( providers: List[Provider], third_party_id: str, client_id: Union[str, None] ) -> Union[Provider, None]: for provider in providers: provider_id = provider.id if provider_id != third_party_id: continue # first if there is only one provider with third_party_id in the # providers array other_providers_with_same_id = list( filter(lambda p: p.id == provider_id and provider != p, providers)) if len(other_providers_with_same_id) == 0: # then we always return that. return provider # otherwise, we look for the is_default provider if client_id is # missing if client_id is None and provider.is_default: return provider # otherwise, we return a provider that matches based on client Id as # well. if provider.get_client_id({}) == client_id: return provider return None def validate_and_normalise_email_verification_config(recipe: ThirdPartyRecipe, config: Union[InputEmailVerificationConfig, None], override: InputOverrideConfig) ‑> ParentRecipeEmailVerificationConfig-
Expand source code
def validate_and_normalise_email_verification_config( recipe: ThirdPartyRecipe, config: Union[InputEmailVerificationConfig, None], override: InputOverrideConfig)\ -> ParentRecipeEmailVerificationConfig: create_and_send_custom_email = None get_email_verification_url = None if config is None: config = InputEmailVerificationConfig() if config.create_and_send_custom_email is not None: create_and_send_custom_email = email_verification_create_and_send_custom_email( recipe, config.create_and_send_custom_email) if config.get_email_verification_url is not None: get_email_verification_url = email_verification_get_email_verification_url(recipe, config.get_email_verification_url) return ParentRecipeEmailVerificationConfig( get_email_for_user_id=recipe.get_email_for_user_id, create_and_send_custom_email=create_and_send_custom_email, get_email_verification_url=get_email_verification_url, override=override.email_verification_feature ) def validate_and_normalise_user_input(recipe: ThirdPartyRecipe, sign_in_and_up_feature: SignInAndUpFeature, email_verification_feature: Union[InputEmailVerificationConfig, None] = None, override: Union[InputOverrideConfig, None] = None, email_delivery_config: Union[EmailDeliveryConfig[EmailTemplateVars], None] = None) ‑> ThirdPartyConfig-
Expand source code
def validate_and_normalise_user_input( recipe: ThirdPartyRecipe, sign_in_and_up_feature: SignInAndUpFeature, email_verification_feature: Union[InputEmailVerificationConfig, None] = None, override: Union[InputOverrideConfig, None] = None, email_delivery_config: Union[EmailDeliveryConfig[EmailTemplateVars], None] = None ) -> ThirdPartyConfig: if not isinstance(sign_in_and_up_feature, SignInAndUpFeature): # type: ignore raise ValueError('sign_in_and_up_feature must be an instance of SignInAndUpFeature') if override is not None and not isinstance(override, InputOverrideConfig): # type: ignore raise ValueError('override must be an instance of InputOverrideConfig or None') if override is None: override = InputOverrideConfig() def get_email_delivery_config(tp_recipe: RecipeInterface ) -> EmailDeliveryConfigWithService[EmailTemplateVars]: if email_delivery_config and email_delivery_config.service: return EmailDeliveryConfigWithService( email_delivery_config.service, email_delivery_config.override ) email_service = BackwardCompatibilityService( recipe.app_info, tp_recipe, email_verification_feature, ) if email_delivery_config is not None and email_delivery_config.override is not None: override = email_delivery_config.override else: override = None return EmailDeliveryConfigWithService(email_service, override=override) return ThirdPartyConfig( sign_in_and_up_feature, validate_and_normalise_email_verification_config(recipe, email_verification_feature, override), OverrideConfig(functions=override.functions, apis=override.apis), get_email_delivery_config ) def verify_id_token_from_jwks_endpoint(id_token: str, jwks_uri: str, audience: str, issuers: List[str]) ‑> Dict[str, Any]-
Expand source code
def verify_id_token_from_jwks_endpoint( id_token: str, jwks_uri: str, audience: str, issuers: List[str]) -> Dict[str, Any]: jwks_client = PyJWKClient(jwks_uri) signing_key = jwks_client.get_signing_key_from_jwt(id_token) data: Dict[str, Any] = decode( # type: ignore id_token, signing_key.key, # type: ignore algorithms=["RS256"], audience=audience, options={"verify_exp": False}) issuer_found = False for issuer in issuers: if data['iss'] == issuer: issuer_found = True if not issuer_found: raise Exception('no required issuer found') return data
Classes
class InputEmailVerificationConfig (get_email_verification_url: Union[Callable[[User, Dict[str, Any]], Awaitable[str]], None] = None, create_and_send_custom_email: Union[Callable[[User, str, Dict[str, Any]], Awaitable[None]], None] = None)-
Expand source code
class InputEmailVerificationConfig: def __init__(self, get_email_verification_url: Union[Callable[[ User, Dict[str, Any]], Awaitable[str]], None] = None, create_and_send_custom_email: Union[Callable[[ User, str, Dict[str, Any]], Awaitable[None]], None] = None ): self.get_email_verification_url = get_email_verification_url self.create_and_send_custom_email = create_and_send_custom_email if create_and_send_custom_email: deprecated_warn("create_and_send_custom_email is depricated. Please use email delivery config instead") class InputOverrideConfig (functions: Union[Callable[[RecipeInterface], RecipeInterface], None] = None, apis: Union[Callable[[APIInterface], APIInterface], None] = None, email_verification_feature: Union[EmailVerificationOverrideConfig, None] = None)-
Expand source code
class InputOverrideConfig: def __init__(self, functions: Union[Callable[[RecipeInterface], RecipeInterface], None] = None, apis: Union[Callable[[APIInterface], APIInterface], None] = None, email_verification_feature: Union[EmailVerificationOverrideConfig, None] = None): self.functions = functions self.apis = apis self.email_verification_feature = email_verification_feature class OverrideConfig (functions: Union[Callable[[RecipeInterface], RecipeInterface], None] = None, apis: Union[Callable[[APIInterface], APIInterface], None] = None)-
Expand source code
class OverrideConfig: def __init__(self, functions: Union[Callable[[RecipeInterface], RecipeInterface], None] = None, apis: Union[Callable[[APIInterface], APIInterface], None] = None): self.functions = functions self.apis = apis class SignInAndUpFeature (providers: List[Provider])-
Expand source code
class SignInAndUpFeature: def __init__(self, providers: List[Provider]): if len(providers) == 0: raise_bad_input_exception('thirdparty recipe requires atleast 1 provider to be passed in sign_in_and_up_feature.providers config') default_providers_set: Set[str] = set() all_providers_set: Set[str] = set() for provider in providers: provider_id = provider.id all_providers_set.add(provider_id) is_default = provider.is_default if not is_default: # if this id is not being used by any other provider, we treat # this as the is_default other_providers_with_same_id = list( filter(lambda p: p.id == provider_id and provider != p, providers)) if len(other_providers_with_same_id) == 0: # we treat this as the isDefault now. is_default = True if is_default: if provider_id in default_providers_set: raise_bad_input_exception( 'You have provided multiple third party providers that have the id: "' + provider_id + '" ' 'and ' 'are ' 'marked as "is_default: True". Please only mark one of them as is_default.') default_providers_set.add(provider_id) if len(default_providers_set) != len(all_providers_set): # this means that there is no provider marked as is_default raise_bad_input_exception( 'The providers array has multiple entries for the same third party provider. Please ' 'mark one of them as the default one by using "is_default: true".') self.providers = providers class ThirdPartyConfig (sign_in_and_up_feature: SignInAndUpFeature, email_verification_feature: ParentRecipeEmailVerificationConfig, override: OverrideConfig, get_email_delivery_config: Callable[[RecipeInterface], EmailDeliveryConfigWithService[EmailTemplateVars]])-
Expand source code
class ThirdPartyConfig: def __init__(self, sign_in_and_up_feature: SignInAndUpFeature, email_verification_feature: ParentRecipeEmailVerificationConfig, override: OverrideConfig, get_email_delivery_config: Callable[[RecipeInterface], EmailDeliveryConfigWithService[EmailTemplateVars]], ): self.sign_in_and_up_feature = sign_in_and_up_feature self.email_verification_feature = email_verification_feature self.override = override self.get_email_delivery_config = get_email_delivery_config