Merge pull request #21 from SUNET/lundberg_bump_reqs

Bump requirements

.github/workflows/run-tests.yaml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [3.9]
+        python-version: ["3.11"]
     env:
       PIP_INDEX_URL: https://pypi.sunet.se/simple/
 
@@ -44,10 +44,10 @@ jobs:
     steps:
       - uses: actions/checkout@v2
 
-      - name: Set up Python 3.9
+      - name: Set up Python 3.11
         uses: actions/setup-python@v2
         with:
-          python-version: 3.9
+          python-version: "3.11"
 
       - name: Install dependencies
         run: |

Makefile

@@ -1,17 +1,17 @@
 SOURCE=src
 PYTHON=$(shell which python)
-PIPCOMPILE=pip-compile --generate-hashes --upgrade --extra-index-url https://pypi.sunet.se/simple
+PIPCOMPILE=pip-compile -v --generate-hashes --upgrade --extra-index-url https://pypi.sunet.se/simple
 PIPSYNC=pip-sync --index-url https://pypi.sunet.se/simple --python-executable $(PYTHON)
 
 test:
 	pytest --log-cli-level DEBUG
 
 reformat:
 	isort --line-width 120 --atomic --project auth_server $(SOURCE)
-	black --line-length 120 --target-version py39 $(SOURCE)
+	black --line-length 120 --target-version py310 $(SOURCE)
 
 typecheck:
-	mypy --ignore-missing-imports $(SOURCE)
+	mypy --install-types --non-interactive --pretty --ignore-missing-imports --warn-unused-ignores $(SOURCE)
 
 sync_deps:
 	$(PIPSYNC) requirements.txt

constraints.txt

@@ -1,2 +1,2 @@
-pydantic>=1.8.2
+pydantic>=1.8.2,<2
 aiohttp>=3.7.4

requirements.in

@@ -1,5 +1,4 @@
 -c constraints.txt
--r sub_requirements.in
 fastapi
 python-multipart
 aiohttp[speedups]

src/auth_server/config.py

@@ -74,7 +74,7 @@ class AuthServerConfig(BaseSettings):
     transaction_state_expires_in: timedelta = Field(default="PT5M")
     pysaml2_config_path: Optional[Path] = Field(default=None)
     pysaml2_config_name: str = "SAML_CONFIG"
-    saml2_discovery_service_url: Optional[AnyUrl]
+    saml2_discovery_service_url: Optional[AnyUrl] = None
 
     @validator("application_root")
     def application_root_must_not_end_with_slash(cls, v: str):
@@ -106,7 +106,8 @@ def load_config() -> AuthServerConfig:
             data = read_config_file(config_file=config_file, config_ns=config_ns)
             config = AuthServerConfig.parse_obj(data)
         else:
-            config = AuthServerConfig()
+            # config will be instantiated with env vars if there is no config file
+            config = AuthServerConfig()  # type: ignore[call-arg]
         # Save config to a file in /dev/shm for introspection
         fd_int = os.open(f"/dev/shm/{config.app_name}_config.yaml", os.O_WRONLY | os.O_CREAT | os.O_TRUNC, 0o600)
         with open(fd_int, "w") as fd:

src/auth_server/db/client.py

@@ -39,7 +39,6 @@ class BaseDB(object):
     """Base class for common db operations"""
 
     def __init__(self, db_client: AsyncIOMotorClient, db_name: str, collection: str, safe_writes: bool = False):
-
         self._conn = db_client
         self._db_name = db_name
         self._coll_name = collection

src/auth_server/db/mongo_cache.py

@@ -17,7 +17,6 @@ class MongoCacheDB(object):
     def __init__(
         self, db_client: MongoClient, db_name: str, collection: str, expire_after: timedelta, safe_writes: bool = False
     ):
-
         self._conn = db_client
         self._db_name = db_name
         self._coll_name = collection

src/auth_server/db/transaction_state.py

@@ -11,7 +11,7 @@
 
 from auth_server.db.client import BaseDB, get_motor_client
 from auth_server.mdq import MDQData
-from auth_server.models.gnap import Access, GNAPJOSEHeader, GrantRequest, GrantResponse
+from auth_server.models.gnap import Access, GrantRequest, GrantResponse
 from auth_server.saml2 import SessionInfo
 from auth_server.time_utils import utc_now
 from auth_server.tls_fed_auth import MetadataEntity
@@ -41,17 +41,17 @@ class TransactionState(BaseModel, ABC):
     flow_state: FlowState = Field(default=FlowState.PROCESSING)
     grant_request: GrantRequest
     grant_response: GrantResponse = Field(default_factory=GrantResponse)
-    key_reference: Optional[str]
+    key_reference: Optional[str] = None
     proof_ok: bool = False
     requested_access: List[Union[str, Access]] = Field(default_factory=list)
-    saml_assertion: Optional[SessionInfo]
-    interaction_reference: Optional[str]
-    user_code: Optional[str]
-    continue_reference: Optional[str]
-    continue_access_token: Optional[str]
+    saml_assertion: Optional[SessionInfo] = None
+    interaction_reference: Optional[str] = None
+    user_code: Optional[str] = None
+    continue_reference: Optional[str] = None
+    continue_access_token: Optional[str] = None
     # meta
     flow_name: str
-    flow_step: Optional[str]
+    flow_step: Optional[str] = None
     created_at: datetime = Field(default_factory=utc_now)
     expires_at: datetime = Field(default_factory=utc_now)  # default to now, set new expire_at when saving the state
 

src/auth_server/flows.py

@@ -3,12 +3,11 @@
 
 import logging
 from abc import ABC
-from typing import Any, List, Mapping, Optional, Union, cast
+from typing import Any, List, Mapping, Optional, Union
 
 from fastapi import HTTPException
 from jwcrypto import jwt
 from jwcrypto.jwk import JWK
-from pydantic import AnyUrl
 
 from auth_server.config import AuthServerConfig
 from auth_server.context import ContextRequest
@@ -296,16 +295,16 @@ async def handle_interaction(self) -> Optional[GrantResponse]:
 
         # return all mutually supported interaction methods according to draft
         if StartInteractionMethod.REDIRECT in start_methods:
-            interaction_response.redirect = cast(
-                AnyUrl, self.request.url_for("redirect", transaction_id=self.state.transaction_id)
+            interaction_response.redirect = str(
+                self.request.url_for("redirect", transaction_id=self.state.transaction_id)
             )
         if StartInteractionMethod.USER_CODE in start_methods or StartInteractionMethod.USER_CODE_URI in start_methods:
             self.state.user_code = get_hex_uuid4(length=8)
             if StartInteractionMethod.USER_CODE in start_methods:
                 interaction_response.user_code = self.state.user_code
             if StartInteractionMethod.USER_CODE_URI in start_methods:
                 interaction_response.user_code_uri = UserCodeURI(
-                    code=self.state.user_code, uri=cast(AnyUrl, self.request.url_for("user_code_input"))
+                    code=self.state.user_code, uri=str(self.request.url_for("user_code_input"))
                 )
 
         # finish method can be one or zero
@@ -329,7 +328,7 @@ async def handle_interaction(self) -> Optional[GrantResponse]:
         # TODO: create jwt for continue access token?
         self.state.continue_access_token = get_hex_uuid4()
         continue_response = Continue(
-            uri=cast(AnyUrl, continue_url),
+            uri=str(continue_url),
             wait=wait,
             access_token=ContinueAccessToken(value=self.state.continue_access_token),
         )

src/auth_server/mdq.py

@@ -15,7 +15,7 @@
 if TYPE_CHECKING:
     from pydantic.typing import AbstractSetIntStr, MappingIntStrAny, DictStrAny
 
-from auth_server.models.gnap import Key, ProofMethod
+from auth_server.models.gnap import Key, Proof, ProofMethod
 from auth_server.utils import get_values, hash_with, load_cert_from_str, serialize_certificate
 
 __author__ = "lundberg"
@@ -49,10 +49,10 @@ def deserialize_cert(cls, v: str) -> Certificate:
     def dict(
         self,
         *,
-        include: Union["AbstractSetIntStr", "MappingIntStrAny"] = None,
-        exclude: Union["AbstractSetIntStr", "MappingIntStrAny"] = None,
+        include: Optional[Union["AbstractSetIntStr", "MappingIntStrAny"]] = None,
+        exclude: Optional[Union["AbstractSetIntStr", "MappingIntStrAny"]] = None,
         by_alias: bool = False,
-        skip_defaults: bool = None,
+        skip_defaults: Optional[bool] = None,
         exclude_unset: bool = False,
         exclude_defaults: bool = False,
         exclude_none: bool = False,
@@ -120,9 +120,9 @@ async def mdq_data_to_key(mdq_data: MDQData) -> Optional[Key]:
     signing_cert = [item.cert for item in mdq_data.certs if item.use == KeyUse.SIGNING]
     # There should only be one or zero signing certs
     if signing_cert:
-        logger.info(f"Found cert in metadata")
-        return Key(
-            proof=ProofMethod.MTLS,
+        logger.info("Found cert in metadata")
+        return Key(  # type: ignore[call-arg]
+            proof=Proof(method=ProofMethod.MTLS),
             cert_S256=b64encode(signing_cert[0].fingerprint(algorithm=SHA256())).decode("utf-8"),
         )
     return None

src/auth_server/models/claims.py

@@ -14,10 +14,10 @@ class Claims(RegisteredClaims):
     source: Optional[str] = None
     origins: Optional[List[str]] = None  # What should we use this for?
     requested_access: Optional[List[Union[str, Access]]] = None
-    saml_issuer: Optional[str]
-    saml_eppn: Optional[str]
-    saml_unique_id: Optional[str]
-    saml_targeted_id: Optional[str]
+    saml_issuer: Optional[str] = None
+    saml_eppn: Optional[str] = None
+    saml_unique_id: Optional[str] = None
+    saml_targeted_id: Optional[str] = None
 
 
 class ConfigClaims(Claims):