feat: Wrap up features and tests related to basic session claims

Author: KShivendu

supertokens_python/recipe/session/api/implementation.py

@@ -13,13 +13,15 @@
 # under the License.
 from __future__ import annotations
 
-from typing import TYPE_CHECKING, Union
+from typing import TYPE_CHECKING, Union, List, Callable, Optional
 
 from supertokens_python.normalised_url_path import NormalisedURLPath
 from supertokens_python.recipe.session.interfaces import (
     APIInterface,
     SignOutOkayResponse,
+    SessionClaimValidator,
 )
+from supertokens_python.types import MaybeAwaitable
 from supertokens_python.utils import normalise_http_method
 
 if TYPE_CHECKING:
@@ -48,6 +50,7 @@ async def signout_post(
                 user_context=user_context,
                 anti_csrf_check=None,
                 session_required=True,
+                override_global_claim_validators=lambda _, __, ___: [],
             )
         except UnauthorisedError:
             return SignOutOkayResponse()
@@ -62,6 +65,12 @@ async def verify_session(
         api_options: APIOptions,
         anti_csrf_check: Union[bool, None],
         session_required: bool,
+        override_global_claim_validators: Optional[
+            Callable[
+                [SessionContainer, List[SessionClaimValidator], Dict[str, Any]],
+                MaybeAwaitable[List[SessionClaimValidator]],
+            ]
+        ],
         user_context: Dict[str, Any],
     ) -> Union[SessionContainer, None]:
         method = normalise_http_method(api_options.request.method())
@@ -73,6 +82,19 @@ async def verify_session(
             return await api_options.recipe_implementation.refresh_session(
                 api_options.request, user_context
             )
-        return await api_options.recipe_implementation.get_session(
-            api_options.request, anti_csrf_check, session_required, user_context
+        session = await api_options.recipe_implementation.get_session(
+            api_options.request,
+            anti_csrf_check,
+            session_required,
+            override_global_claim_validators,
+            user_context,
         )
+
+        if session is not None:
+            await api_options.recipe_implementation.assert_claims(
+                session,
+                override_global_claim_validators,
+                user_context,
+            )
+
+        return session

supertokens_python/recipe/session/asyncio/__init__.py

@@ -11,7 +11,7 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
-from typing import Any, Dict, List, Union, TypeVar
+from typing import Any, Dict, List, Union, TypeVar, Callable, Optional
 
 from supertokens_python.recipe.openid.interfaces import (
     GetOpenIdDiscoveryConfigurationResult,
@@ -21,8 +21,10 @@
     SessionContainer,
     SessionInformationResult,
     SessionClaim,
+    SessionClaimValidator,
 )
 from supertokens_python.recipe.session.recipe import SessionRecipe
+from supertokens_python.types import MaybeAwaitable
 from supertokens_python.utils import FRAMEWORKS
 from ...jwt.interfaces import (
     CreateJwtOkResult,
@@ -92,6 +94,12 @@ async def get_session(
     request: Any,
     anti_csrf_check: Union[bool, None] = None,
     session_required: bool = True,
+    override_global_claim_validators: Optional[
+        Callable[
+            [SessionContainer, List[SessionClaimValidator], Dict[str, Any]],
+            MaybeAwaitable[List[SessionClaimValidator]],
+        ]
+    ] = None,
     user_context: Union[None, Dict[str, Any]] = None,
 ) -> Union[SessionContainer, None]:
     if user_context is None:
@@ -100,10 +108,23 @@ async def get_session(
         request = FRAMEWORKS[
             SessionRecipe.get_instance().app_info.framework
         ].wrap_request(request)
-    return await SessionRecipe.get_instance().recipe_implementation.get_session(
-        request, anti_csrf_check, session_required, user_context
+
+    session_recipe_impl = SessionRecipe.get_instance().recipe_implementation
+    session = await session_recipe_impl.get_session(
+        request,
+        anti_csrf_check,
+        session_required,
+        override_global_claim_validators,
+        user_context,
     )
 
+    if session is not None:
+        await session_recipe_impl.assert_claims(
+            session, override_global_claim_validators, user_context
+        )
+
+    return session
+
 
 async def refresh_session(
     request: Any, user_context: Union[None, Dict[str, Any]] = None

supertokens_python/recipe/session/claim_base_classes/primitive_claim.py

@@ -13,17 +13,28 @@
 # under the License.
 
 import time
-from typing import Any, Dict, TypeVar, Union
+from typing import Any, Dict, TypeVar, Union, Callable, Optional
 
+from supertokens_python.types import MaybeAwaitable
 from ..interfaces import JSONObject, JSONPrimitive, SessionClaim, SessionClaimValidator
 
 _T = TypeVar("_T")
 
 
 class PrimitiveClaim(SessionClaim[JSONPrimitive]):
-    def __init__(self, key: str, fetch_value: Any) -> None:
+    def __init__(
+        self,
+        key: str,
+        fetch_value: Optional[
+            Callable[
+                [str, Optional[Dict[str, Any]]],
+                MaybeAwaitable[Optional[JSONPrimitive]],
+            ]
+        ] = None,
+    ) -> None:
         super().__init__(key)
-        self.fetch_value = fetch_value
+        if fetch_value is not None:
+            self.fetch_value = fetch_value  # type: ignore
 
         claim = self
 
@@ -32,8 +43,8 @@ def has_value(
         ) -> SessionClaimValidator:
             class HasValueSCV(SessionClaimValidator):
                 def __init__(self):
+                    super().__init__(id_ or claim.key)
                     self.claim = claim
-                    self.id_ = id_ or claim.key
 
                 def should_refetch(
                     self,
@@ -69,8 +80,8 @@ def has_fresh_value(
         ) -> SessionClaimValidator:
             class HasFreshValueSCV(SessionClaimValidator):
                 def __init__(self):
+                    super().__init__(id_ or (claim.key + "-fresh-val"))
                     self.claim = claim
-                    self.id_ = id_ or (claim.key + "-fresh-val")
 
                 def should_refetch(
                     self,
@@ -119,6 +130,9 @@ def __init__(self) -> None:
                 self.has_value = has_value
                 self.has_fresh_value = has_fresh_value
 
+            # def __setattr__(self, k: str, v: Any):
+            #     super().__setattr__(k, v)
+
         self.validators = Validators()
 
     def add_to_payload_(

supertokens_python/recipe/session/exceptions.py

@@ -13,7 +13,7 @@
 # under the License.
 from __future__ import annotations
 
-from typing import Union
+from typing import Union, Any, List
 
 from supertokens_python.exceptions import SuperTokensError
 
@@ -51,3 +51,21 @@ def __init__(self, msg: str, clear_cookies: bool = True):
 
 class TryRefreshTokenError(SuperTokensSessionError):
     pass
+
+
+class InvalidClaimsError(SuperTokensSessionError):
+    def __init__(self, msg: str, payload: List[ClaimValidationError]):
+        super().__init__(msg)
+        self.payload = [
+            p.__dict__ for p in payload
+        ]  # Must be JSON serializable as it will be used in response
+
+
+class ClaimValidationError:
+    def __init__(self, id_: str, reason: Any):
+        self.id = id_
+        self.reason = reason
+
+
+def raise_invalid_claims_exception(msg: str, payload: List[ClaimValidationError]):
+    raise InvalidClaimsError(msg, payload)

supertokens_python/recipe/session/framework/django/asyncio/__init__.py

@@ -12,13 +12,15 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 from functools import wraps
-from typing import Any, Callable, Dict, TypeVar, Union, cast
+from typing import Any, Callable, Dict, TypeVar, Union, cast, List, Optional
 
 from supertokens_python import Supertokens
 from supertokens_python.exceptions import SuperTokensError
 from supertokens_python.framework.django.django_request import DjangoRequest
 from supertokens_python.framework.django.django_response import DjangoResponse
-from supertokens_python.recipe.session import SessionRecipe
+from supertokens_python.recipe.session import SessionRecipe, SessionContainer
+from supertokens_python.recipe.session.interfaces import SessionClaimValidator
+from supertokens_python.types import MaybeAwaitable
 
 _T = TypeVar("_T", bound=Callable[..., Any])
 
@@ -27,6 +29,12 @@ def verify_session(
     anti_csrf_check: Union[bool, None] = None,
     session_required: bool = True,
     user_context: Union[None, Dict[str, Any]] = None,
+    override_global_claim_validators: Optional[
+        Callable[
+            [SessionContainer, List[SessionClaimValidator], Dict[str, Any]],
+            MaybeAwaitable[List[SessionClaimValidator]],
+        ]
+    ] = None,
 ) -> Callable[[_T], _T]:
     if user_context is None:
         user_context = {}
@@ -42,7 +50,11 @@ async def wrapped_function(request: HttpRequest, *args: Any, **kwargs: Any):
                 baseRequest = DjangoRequest(request)
                 recipe = SessionRecipe.get_instance()
                 session = await recipe.verify_session(
-                    baseRequest, anti_csrf_check, session_required, user_context
+                    baseRequest,
+                    anti_csrf_check,
+                    session_required,
+                    override_global_claim_validators,
+                    user_context,
                 )
                 if session is None:
                     if session_required:

supertokens_python/recipe/session/framework/django/syncio/__init__.py

@@ -12,14 +12,16 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 from functools import wraps
-from typing import Any, Callable, Dict, TypeVar, Union, cast
+from typing import Any, Callable, Dict, TypeVar, Union, cast, List, Optional
 
 from supertokens_python import Supertokens
 from supertokens_python.async_to_sync_wrapper import sync
 from supertokens_python.exceptions import SuperTokensError
 from supertokens_python.framework.django.django_request import DjangoRequest
 from supertokens_python.framework.django.django_response import DjangoResponse
-from supertokens_python.recipe.session import SessionRecipe
+from supertokens_python.recipe.session import SessionRecipe, SessionContainer
+from supertokens_python.recipe.session.interfaces import SessionClaimValidator
+from supertokens_python.types import MaybeAwaitable
 
 _T = TypeVar("_T", bound=Callable[..., Any])
 
@@ -28,6 +30,12 @@ def verify_session(
     anti_csrf_check: Union[bool, None] = None,
     session_required: bool = True,
     user_context: Union[None, Dict[str, Any]] = None,
+    override_global_claim_validators: Optional[
+        Callable[
+            [SessionContainer, List[SessionClaimValidator], Dict[str, Any]],
+            MaybeAwaitable[List[SessionClaimValidator]],
+        ]
+    ] = None,
 ) -> Callable[[_T], _T]:
     if user_context is None:
         user_context = {}
@@ -44,7 +52,11 @@ def wrapped_function(request: HttpRequest, *args: Any, **kwargs: Any):
                 recipe = SessionRecipe.get_instance()
                 session = sync(
                     recipe.verify_session(
-                        baseRequest, anti_csrf_check, session_required, user_context
+                        baseRequest,
+                        anti_csrf_check,
+                        session_required,
+                        override_global_claim_validators,
+                        user_context,
                     )
                 )
                 if session is None:

supertokens_python/recipe/session/framework/fastapi/__init__.py

@@ -11,18 +11,25 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
-from typing import Any, Callable, Coroutine, Dict, Union
+from typing import Any, Callable, Coroutine, Dict, Union, List, Optional
 
 from supertokens_python.framework.fastapi.fastapi_request import FastApiRequest
 from supertokens_python.recipe.session import SessionRecipe
+from supertokens_python.types import MaybeAwaitable
 
-from ...interfaces import SessionContainer
+from ...interfaces import SessionContainer, SessionClaimValidator
 
 
 def verify_session(
     anti_csrf_check: Union[bool, None] = None,
     session_required: bool = True,
     user_context: Union[None, Dict[str, Any]] = None,
+    override_global_claim_validators: Optional[
+        Callable[
+            [SessionContainer, List[SessionClaimValidator], Dict[str, Any]],
+            MaybeAwaitable[List[SessionClaimValidator]],
+        ]
+    ] = None,
 ) -> Callable[..., Coroutine[Any, Any, Union[SessionContainer, None]]]:
     if user_context is None:
         user_context = {}
@@ -32,7 +39,11 @@ async def func(request: Request) -> Union[SessionContainer, None]:
         baseRequest = FastApiRequest(request)
         recipe = SessionRecipe.get_instance()
         session = await recipe.verify_session(
-            baseRequest, anti_csrf_check, session_required, user_context
+            baseRequest,
+            anti_csrf_check,
+            session_required,
+            override_global_claim_validators,
+            user_context,
         )
         if session is None:
             if session_required:

supertokens_python/recipe/session/framework/flask/__init__.py

@@ -12,11 +12,13 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 from functools import wraps
-from typing import Any, Callable, Dict, TypeVar, Union, cast
+from typing import Any, Callable, Dict, TypeVar, Union, cast, List, Optional
 
 from supertokens_python.async_to_sync_wrapper import sync
 from supertokens_python.framework.flask.flask_request import FlaskRequest
-from supertokens_python.recipe.session import SessionRecipe
+from supertokens_python.recipe.session import SessionRecipe, SessionContainer
+from supertokens_python.recipe.session.interfaces import SessionClaimValidator
+from supertokens_python.types import MaybeAwaitable
 
 _T = TypeVar("_T", bound=Callable[..., Any])
 
@@ -25,6 +27,12 @@ def verify_session(
     anti_csrf_check: Union[bool, None] = None,
     session_required: bool = True,
     user_context: Union[None, Dict[str, Any]] = None,
+    override_global_claim_validators: Optional[
+        Callable[
+            [SessionContainer, List[SessionClaimValidator], Dict[str, Any]],
+            MaybeAwaitable[List[SessionClaimValidator]],
+        ]
+    ] = None,
 ) -> Callable[[_T], _T]:
     if user_context is None:
         user_context = {}
@@ -38,7 +46,11 @@ def wrapped_function(*args: Any, **kwargs: Any):
             recipe = SessionRecipe.get_instance()
             session = sync(
                 recipe.verify_session(
-                    baseRequest, anti_csrf_check, session_required, user_context
+                    baseRequest,
+                    anti_csrf_check,
+                    session_required,
+                    override_global_claim_validators,
+                    user_context,
                 )
             )
             if session is None: