Merge branch 'feat/session-grants' into feat/ev-claim

Author: KShivendu

supertokens_python/recipe/session/asyncio/__init__.py

@@ -24,14 +24,14 @@
     SessionInformationResult,
     SessionClaim,
     SessionClaimValidator,
-    SessionDoesnotExistError,
+    SessionDoesNotExistError,
     ClaimsValidationResult,
     JSONObject,
     GetClaimValueOkResult,
 )
 from supertokens_python.recipe.session.recipe import SessionRecipe
 from supertokens_python.types import MaybeAwaitable
-from supertokens_python.utils import FRAMEWORKS, resolve
+from supertokens_python.utils import FRAMEWORKS, resolve, deprecated_warn
 from ..utils import get_required_claim_validators
 from ...jwt.interfaces import (
     CreateJwtOkResult,
@@ -53,12 +53,31 @@ async def create_new_session(
 ) -> SessionContainer:
     if user_context is None:
         user_context = {}
+    if session_data is None:
+        session_data = {}
+    if access_token_payload is None:
+        access_token_payload = {}
+
+    claims_added_by_other_recipes = (
+        SessionRecipe.get_instance().get_claims_added_by_other_recipes()
+    )
+    final_access_token_payload = access_token_payload
+
+    for claim in claims_added_by_other_recipes:
+        update = await claim.build(user_id, user_context)
+        final_access_token_payload = {**final_access_token_payload, **update}
+
     if not hasattr(request, "wrapper_used") or not request.wrapper_used:
         request = FRAMEWORKS[
             SessionRecipe.get_instance().app_info.framework
         ].wrap_request(request)
+
     return await SessionRecipe.get_instance().recipe_implementation.create_new_session(
-        request, user_id, access_token_payload, session_data, user_context=user_context
+        request,
+        user_id,
+        final_access_token_payload,
+        session_data,
+        user_context=user_context,
     )
 
 
@@ -75,7 +94,7 @@ async def validate_claims_for_session_handle(
         ]
     ] = None,
     user_context: Union[None, Dict[str, Any]] = None,
-) -> Union[SessionDoesnotExistError, ClaimsValidationResult]:
+) -> Union[SessionDoesNotExistError, ClaimsValidationResult]:
     if user_context is None:
         user_context = {}
 
@@ -85,10 +104,10 @@ async def validate_claims_for_session_handle(
     )
 
     if session_info is None:
-        return SessionDoesnotExistError()
+        return SessionDoesNotExistError()
 
     claim_validators_added_by_other_recipes = (
-        SessionRecipe.get_claim_validators_added_by_other_recipes()
+        SessionRecipe.get_instance().get_claim_validators_added_by_other_recipes()
     )
     global_claim_validators = await resolve(
         recipe_impl.get_global_claim_validators(
@@ -133,7 +152,7 @@ async def validate_claims_in_jwt_payload(
     recipe_impl = SessionRecipe.get_instance().recipe_implementation
 
     claim_validators_added_by_other_recipes = (
-        SessionRecipe.get_claim_validators_added_by_other_recipes()
+        SessionRecipe.get_instance().get_claim_validators_added_by_other_recipes()
     )
     global_claim_validators = await resolve(
         recipe_impl.get_global_claim_validators(
@@ -173,7 +192,7 @@ async def get_claim_value(
     session_handle: str,
     claim: SessionClaim[_T],
     user_context: Union[None, Dict[str, Any]] = None,
-) -> Union[SessionDoesnotExistError, GetClaimValueOkResult[_T]]:
+) -> Union[SessionDoesNotExistError, GetClaimValueOkResult[_T]]:
     if user_context is None:
         user_context = {}
     return await SessionRecipe.get_instance().recipe_implementation.get_claim_value(
@@ -325,6 +344,11 @@ async def update_access_token_payload(
 ) -> bool:
     if user_context is None:
         user_context = {}
+
+    deprecated_warn(
+        "update_access_token_payload is deprecated. Use merge_into_access_token_payload instead"
+    )
+
     return await SessionRecipe.get_instance().recipe_implementation.update_access_token_payload(
         session_handle, new_access_token_payload, user_context
     )
@@ -337,7 +361,7 @@ async def merge_into_access_token_payload(
 ) -> bool:
     if user_context is None:
         user_context = {}
-    # TODO:
+
     return await SessionRecipe.get_instance().recipe_implementation.merge_into_access_token_payload(
         session_handle, new_access_token_payload, user_context
     )

supertokens_python/recipe/session/claim_base_classes/boolean_claim.py

@@ -41,5 +41,4 @@ def __init__(
         ],
     ):
         super().__init__(key, fetch_value)
-        claim = self
-        self.validators = BooleanClaimValidators(claim)
+        self.validators = BooleanClaimValidators(claim=self)

supertokens_python/recipe/session/claim_base_classes/primitive_claim.py

@@ -29,10 +29,10 @@
 
 
 class HasValueSCV(SessionClaimValidator):
-    def __init__(self, id_: str, claim: SessionClaim[_T], params: Dict[str, Any]):
+    def __init__(self, id_: str, claim: SessionClaim[_T], val: _T):
         super().__init__(id_)
-        self.claim: SessionClaim[_T] = claim
-        self.params = params
+        self.claim: SessionClaim[_T] = claim  # Required to fix the type for pyright
+        self.val = val
 
     def should_refetch(
         self,
@@ -46,9 +46,9 @@ async def validate(
         payload: JSONObject,
         user_context: Dict[str, Any],
     ):
-        val = self.params["val"]
+        val = self.val
         claim_val = self.claim.get_value_from_payload(payload, user_context)
-        is_valid = claim_val == val
+        is_valid = claim_val == val  # type: ignore
         if is_valid:
             return ClaimValidationResult(is_valid=True)
 
@@ -63,17 +63,18 @@ async def validate(
 
 
 class HasFreshValueSCV(SessionClaimValidator):
-    def __init__(self, id_: str, claim: SessionClaim[_T], params: Dict[str, Any]):
+    def __init__(self, id_: str, claim: SessionClaim[_T], val: _T, max_age_in_sec: int):
         super().__init__(id_)
         self.claim: SessionClaim[_T] = claim
-        self.params = params
+        self.val = val
+        self.max_age_in_sec = max_age_in_sec
 
     def should_refetch(
         self,
         payload: JSONObject,
         user_context: Dict[str, Any],
     ):
-        max_age_in_sec: int = self.params["max_age_in_sec"]
+        max_age_in_sec: int = self.max_age_in_sec
 
         # (claim value is None) OR (value has expired)
         return (self.claim.get_value_from_payload(payload, user_context) is None) or (
@@ -85,8 +86,8 @@ async def validate(
         payload: JSONObject,
         user_context: Dict[str, Any],
     ):
-        val: str = self.params["val"]
-        max_age_in_sec: int = self.params["max_age_in_sec"]
+        val = self.val
+        max_age_in_sec = self.max_age_in_sec
 
         claim_val = self.claim.get_value_from_payload(payload, user_context)
         if claim_val is None:
@@ -113,7 +114,7 @@ async def validate(
                 },
             )
 
-        if claim_val != val:
+        if claim_val != val:  # type: ignore
             return ClaimValidationResult(
                 is_valid=False,
                 reason={
@@ -132,15 +133,16 @@ def __init__(self, claim: SessionClaim[_T]) -> None:
         self.claim = claim
 
     def has_value(self, val: _T, id_: Union[str, None] = None) -> SessionClaimValidator:
-        return HasValueSCV((id_ or self.claim.key), self.claim, {"val": val})
+        return HasValueSCV((id_ or self.claim.key), self.claim, val=val)
 
     def has_fresh_value(
         self, val: _T, max_age_in_sec: int, id_: Union[str, None] = None
     ) -> SessionClaimValidator:
         return HasFreshValueSCV(
             (id_ or (self.claim.key + "-fresh-val")),
             self.claim,
-            {"val": val, "max_age_in_sec": max_age_in_sec},
+            val=val,
+            max_age_in_sec=max_age_in_sec,
         )
 
 

supertokens_python/recipe/session/exceptions.py

@@ -13,7 +13,7 @@
 # under the License.
 from __future__ import annotations
 
-from typing import Union, Any, List, Dict
+from typing import Union, Any, List, Dict, Optional
 
 from supertokens_python.exceptions import SuperTokensError
 
@@ -56,13 +56,18 @@ class TryRefreshTokenError(SuperTokensSessionError):
 class InvalidClaimsError(SuperTokensSessionError):
     def __init__(self, msg: str, payload: List[ClaimValidationError]):
         super().__init__(msg)
-        self.payload = [
-            p.__dict__ for p in payload
-        ]  # Must be JSON serializable as it will be used in response
+        self.payload: List[Dict[str, Any]] = []
+        for p in payload:
+            res = (
+                p.__dict__.copy()
+            )  # Must be JSON serializable as it will be used in response
+            if p.reason is None:
+                res.pop("reason")
+            self.payload.append(res)
 
 
 class ClaimValidationError:
-    def __init__(self, id_: str, reason: Dict[str, Any]):
+    def __init__(self, id_: str, reason: Optional[Dict[str, Any]]):
         self.id = id_
         self.reason = reason
 

supertokens_python/recipe/session/interfaces.py

@@ -82,7 +82,7 @@ def __init__(
 FetchValueReturnType = Union[_T, None]
 
 
-class SessionDoesnotExistError:
+class SessionDoesNotExistError:
     pass
 
 
@@ -145,7 +145,7 @@ async def validate_claims_for_session_handle(
         session_info: SessionInformationResult,
         claim_validators: List[SessionClaimValidator],
         user_context: Dict[str, Any],
-    ) -> Union[ClaimsValidationResult, SessionDoesnotExistError]:
+    ) -> Union[ClaimsValidationResult, SessionDoesNotExistError]:
         pass
 
     @abstractmethod
@@ -210,8 +210,6 @@ async def update_access_token_payload(
         new_access_token_payload: Dict[str, Any],
         user_context: Dict[str, Any],
     ) -> bool:
-        # TODO: Deprecate this method.
-        # TODO: need to mark updateAccessTokenPayload as deprecated
         """DEPRECATED: Use merge_into_access_token_payload instead"""
 
     @abstractmethod
@@ -256,7 +254,7 @@ async def get_claim_value(
         session_handle: str,
         claim: SessionClaim[Any],
         user_context: Dict[str, Any],
-    ) -> Union[SessionDoesnotExistError, GetClaimValueOkResult[Any]]:
+    ) -> Union[SessionDoesNotExistError, GetClaimValueOkResult[Any]]:
         pass
 
     @abstractmethod
@@ -451,7 +449,9 @@ async def get_claim_value(
 
     @abstractmethod
     async def remove_claim(
-        self, claim: SessionClaim[Any], user_context: Union[Dict[str, Any], None] = None
+        self,
+        claim: SessionClaim[Any],
+        user_context: Union[Dict[str, Any], None] = None,
     ) -> None:
         pass
 
@@ -473,6 +473,15 @@ def sync_get_time_created(
     ) -> int:
         return sync(self.get_time_created(user_context))
 
+    def sync_merge_into_access_token_payload(
+        self, access_token_payload_update: Dict[str, Any], user_context: Dict[str, Any]
+    ) -> None:
+        return sync(
+            self.merge_into_access_token_payload(
+                access_token_payload_update, user_context
+            )
+        )
+
     def sync_update_access_token_payload(
         self,
         new_access_token_payload: Dict[str, Any],
@@ -590,23 +599,20 @@ def __init__(self, is_valid: bool, reason: Optional[Dict[str, Any]] = None):
 
 
 class SessionClaimValidator(ABC):
-    def __init__(self, id_: str):
+    def __init__(
+        self,
+        id_: str,
+    ) -> None:
         self.id = id_
-        self.claim: Optional[
-            SessionClaim[Any]
-        ] = None  # Child class must set this if required.
+        self.claim: Optional[SessionClaim[Any]] = None
 
     @abstractmethod
     async def validate(
         self, payload: JSONObject, user_context: Dict[str, Any]
     ) -> ClaimValidationResult:
         pass
 
-    def should_refetch(  # pylint: disable=no-self-use
+    def should_refetch(
         self, payload: JSONObject, user_context: Dict[str, Any]
     ) -> MaybeAwaitable[bool]:
-        # TODO: https://github.com/supertokens/supertokens-python/pull/209#discussion_r932121943
-        # TODO: This should also be an abstractmethod
-        # TODO: This should also be async
-        _, __ = payload, user_context
-        return False
+        raise NotImplementedError()

supertokens_python/recipe/session/recipe.py

@@ -66,9 +66,6 @@ class SessionRecipe(RecipeModule):
     recipe_id = "session"
     __instance = None
 
-    claims_added_by_other_recipes: List[SessionClaim[Any]] = []
-    claim_validators_added_by_other_recipes: List[SessionClaimValidator] = []
-
     def __init__(
         self,
         recipe_id: str,
@@ -156,6 +153,9 @@ def __init__(
             else self.config.override.apis(api_implementation)
         )
 
+        self.claims_added_by_other_recipes: List[SessionClaim[Any]] = []
+        self.claim_validators_added_by_other_recipes: List[SessionClaimValidator] = []
+
     def is_error_from_this_recipe_based_on_instance(self, err: Exception) -> bool:
         return isinstance(err, SuperTokensError) and (
             isinstance(err, SuperTokensSessionError)
@@ -302,31 +302,28 @@ def reset():
         ):
             raise_general_exception("calling testing function in non testing env")
         SessionRecipe.__instance = None
-        # FIXME: Discovered its requirement while running tests. Confirm if this is correct:
-        SessionRecipe.claims_added_by_other_recipes = []
-        SessionRecipe.claim_validators_added_by_other_recipes = []
 
-    @staticmethod
-    def add_claim_from_other_recipe(claim: SessionClaim[Any]):
+    def add_claim_from_other_recipe(self, claim: SessionClaim[Any]):
         # We are throwing here (and not in addClaimValidatorFromOtherRecipe) because if multiple
         # claims are added with the same key they will overwrite each other. Validators will all run
         # and work as expected even if they are added multiple times.
-        if claim.key in [c.key for c in SessionRecipe.claims_added_by_other_recipes]:
+        if claim.key in [c.key for c in self.claims_added_by_other_recipes]:
             raise Exception("Claim added by multiple recipes")
 
-        SessionRecipe.claims_added_by_other_recipes.append(claim)
+        self.claims_added_by_other_recipes.append(claim)
 
-    @staticmethod
-    def get_claims_added_by_other_recipes() -> List[SessionClaim[Any]]:
-        return SessionRecipe.claims_added_by_other_recipes
+    def get_claims_added_by_other_recipes(self) -> List[SessionClaim[Any]]:
+        return self.claims_added_by_other_recipes
 
-    @staticmethod
-    def add_claim_validator_from_other_recipe(claim_validator: SessionClaimValidator):
-        SessionRecipe.claim_validators_added_by_other_recipes.append(claim_validator)
+    def add_claim_validator_from_other_recipe(
+        self, claim_validator: SessionClaimValidator
+    ):
+        self.claim_validators_added_by_other_recipes.append(claim_validator)
 
-    @staticmethod
-    def get_claim_validators_added_by_other_recipes() -> List[SessionClaimValidator]:
-        return SessionRecipe.claim_validators_added_by_other_recipes
+    def get_claim_validators_added_by_other_recipes(
+        self,
+    ) -> List[SessionClaimValidator]:
+        return self.claim_validators_added_by_other_recipes
 
     async def verify_session(
         self,