feat: Add primitive claim and its tests for session grants

Author: KShivendu

supertokens_python/recipe/session/claim_base_classes/__init__.py

@@ -0,0 +1,13 @@
+# Copyright (c) 2021, VRAI Labs and/or its affiliates. All rights reserved.
+#
+# This software is licensed under the Apache License, Version 2.0 (the
+# "License") as published by the Apache Software Foundation.
+#
+# You may not use this file except in compliance with the License. You may
+# obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.

supertokens_python/recipe/session/claim_base_classes/boolean_claim.py

@@ -0,0 +1,19 @@
+# Copyright (c) 2021, VRAI Labs and/or its affiliates. All rights reserved.
+#
+# This software is licensed under the Apache License, Version 2.0 (the
+# "License") as published by the Apache Software Foundation.
+#
+# You may not use this file except in compliance with the License. You may
+# obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from .primitive_claim import PrimitiveClaim
+
+
+class BooleanClaim(PrimitiveClaim):
+    pass

supertokens_python/recipe/session/claim_base_classes/primitive_claim.py

@@ -0,0 +1,160 @@
+# Copyright (c) 2021, VRAI Labs and/or its affiliates. All rights reserved.
+#
+# This software is licensed under the Apache License, Version 2.0 (the
+# "License") as published by the Apache Software Foundation.
+#
+# You may not use this file except in compliance with the License. You may
+# obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import time
+from typing import Any, Dict, TypeVar, Union
+
+from ..interfaces import JSONObject, JSONPrimitive, SessionClaim, SessionClaimValidator
+
+_T = TypeVar("_T")
+
+
+class PrimitiveClaim(SessionClaim[JSONPrimitive]):
+    def __init__(self, key: str, fetch_value: Any) -> None:
+        super().__init__(key)
+        self.fetch_value = fetch_value
+
+        claim = self
+
+        def has_value(
+            val: JSONPrimitive, id_: Union[str, None] = None
+        ) -> SessionClaimValidator:
+            class HasValueSCV(SessionClaimValidator):
+                def __init__(self):
+                    self.claim = claim
+                    self.id_ = id_ or claim.key
+
+                def should_refetch(
+                    self,
+                    payload: JSONObject,
+                    user_context: Union[Dict[str, Any], None] = None,
+                ):
+                    return claim.get_value_from_payload(payload, user_context) is None
+
+                def validate(
+                    self,
+                    payload: JSONObject,
+                    user_context: Union[Dict[str, Any], None] = None,
+                ):
+                    claim_val = claim.get_value_from_payload(payload, user_context)
+                    is_valid = claim_val == val
+                    if is_valid:
+                        return {"isValid": True}
+
+                    return {
+                        "isValid": False,
+                        "reason": {
+                            "message": "wrong value",
+                            "expectedValue": val,
+                            "actualValue": claim_val,
+                        },
+                    }
+
+            scv = HasValueSCV()
+            return scv
+
+        def has_fresh_value(
+            val: JSONPrimitive, max_age_in_sec: int, id_: Union[str, None] = None
+        ) -> SessionClaimValidator:
+            class HasFreshValueSCV(SessionClaimValidator):
+                def __init__(self):
+                    self.claim = claim
+                    self.id_ = id_ or (claim.key + "-fresh-val")
+
+                def should_refetch(
+                    self,
+                    payload: JSONObject,
+                    user_context: Union[Dict[str, Any], None] = None,
+                ):
+                    # (claim value is None) OR (value has expired)
+                    return (
+                        claim.get_value_from_payload(payload, user_context) is None
+                    ) or (payload[claim.key]["t"] < time.time() - max_age_in_sec * 1000)
+
+                def validate(
+                    self,
+                    payload: JSONObject,
+                    user_context: Union[Dict[str, Any], None] = None,
+                ):
+                    claim_val = claim.get_value_from_payload(payload, user_context)
+                    if claim_val != val:
+                        return {
+                            "isValid": False,
+                            "reason": {
+                                "message": "wrong value",
+                                "expectedValue": val,
+                                "actualValue": claim_val,
+                            },
+                        }
+
+                    age_in_sec = (time.time() - payload[claim.key]["t"]) / 1000
+                    if age_in_sec > max_age_in_sec:
+                        return {
+                            "isValid": False,
+                            "reason": {
+                                "message": "expired",
+                                "ageInSeconds": age_in_sec,
+                                "maxAgeInSeconds": max_age_in_sec,
+                            },
+                        }
+
+                    return {"isValid": True}
+
+            scv = HasFreshValueSCV()
+            return scv
+
+        class Validators:
+            def __init__(self) -> None:
+                self.has_value = has_value
+                self.has_fresh_value = has_fresh_value
+
+        self.validators = Validators()
+
+    def add_to_payload_(
+        self,
+        payload: Any,
+        value: JSONPrimitive,
+        user_context: Union[Dict[str, Any], None] = None,
+    ) -> JSONObject:
+        payload[self.key] = {"v": value, "t": time.time()}
+        _ = user_context
+
+        return payload
+
+    def remove_from_payload_by_merge_(
+        self, payload: JSONObject, user_context: Dict[str, Any]
+    ) -> JSONObject:
+        _ = user_context
+
+        payload[self.key] = None
+        return payload
+
+    def remove_from_payload(
+        self, payload: JSONObject, user_context: Dict[str, Any]
+    ) -> JSONObject:
+        _ = user_context
+        del payload[self.key]
+        return payload
+
+    def get_value_from_payload(
+        self, payload: JSONObject, user_context: Union[Dict[str, Any], None] = None
+    ) -> Union[JSONPrimitive, None]:
+        _ = user_context
+        return payload.get(self.key, {}).get("v")
+
+    def get_last_refetch_time(
+        self, payload: JSONObject, user_context: Union[Dict[str, Any], None] = None
+    ) -> Union[int, None]:
+        _ = user_context
+        return payload.get(self.key, {}).get("t")

supertokens_python/recipe/session/claims.py

@@ -0,0 +1,20 @@
+# Copyright (c) 2021, VRAI Labs and/or its affiliates. All rights reserved.
+#
+# This software is licensed under the Apache License, Version 2.0 (the
+# "License") as published by the Apache Software Foundation.
+#
+# You may not use this file except in compliance with the License. You may
+# obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from . import interfaces
+from .claim_base_classes import boolean_claim, primitive_claim
+
+SessionClaim = interfaces.SessionClaim
+BooleanClaim = boolean_claim.BooleanClaim
+PrimitiveClaim = primitive_claim.PrimitiveClaim

supertokens_python/recipe/session/interfaces.py

@@ -14,7 +14,8 @@
 from __future__ import annotations
 
 from abc import ABC, abstractmethod
-from typing import TYPE_CHECKING, Any, Dict, List, Union
+from asyncio import iscoroutinefunction
+from typing import TYPE_CHECKING, Any, Dict, Generic, List, TypeVar, Union
 
 from supertokens_python.async_to_sync_wrapper import sync
 from supertokens_python.types import APIResponse, GeneralErrorResponse
@@ -327,3 +328,88 @@ def sync_update_session_data(
     # This is there so that we can do session["..."] to access some of the members of this class
     def __getitem__(self, item: str):
         return getattr(self, item)
+
+
+# Session claims:
+_T = TypeVar("_T")
+JSONObject = Dict[str, Any]
+
+
+JSONPrimitive = Union[str, int, bool, None, Dict[str, Any]]
+
+FetchValueReturnType = Union[_T, None]
+
+
+class SessionClaim(ABC, Generic[_T]):
+    def __init__(self, key: str) -> None:
+        self.key = key
+
+    # fetchValue(userId: string, userContext: any): Promise<T | undefined> | T | undefined;
+    # Union[Promise[FetchValueReturnType], FetchValueReturnType]
+    def fetch_value(
+        self, user_id: str, user_context: Union[Dict[str, Any], None] = None
+    ) -> Any:
+        pass
+
+    @abstractmethod
+    def add_to_payload_(
+        self,
+        payload: JSONObject,
+        value: _T,
+        user_context: Union[Dict[str, Any], None] = None,
+    ) -> JSONObject:
+        """Saves the provided value into the payload, by cloning and updating the entire object"""
+
+    @abstractmethod
+    def remove_from_payload_by_merge_(
+        self, payload: JSONObject, user_context: Dict[str, Any]
+    ) -> JSONObject:
+        """Removes the claim from the payload by setting it to null, so mergeIntoAccessTokenPayload clears it"""
+
+    @abstractmethod
+    def remove_from_payload(
+        self, payload: JSONObject, user_context: Dict[str, Any]
+    ) -> JSONObject:
+        """Gets the value of the claim stored in the payload
+
+        Returns:
+            JSONObject: Claim value
+        """
+
+    @abstractmethod
+    def get_value_from_payload(
+        self, payload: JSONObject, user_context: Union[Dict[str, Any], None] = None
+    ) -> Union[_T, None]:
+        pass
+
+    async def build(
+        self, user_id: str, user_context: Union[Dict[str, Any], None] = None
+    ) -> JSONObject:
+        if iscoroutinefunction(self.fetch_value):
+            value = await self.fetch_value(user_id, user_context)
+        else:
+            value = self.fetch_value(  # pylint: disable=assignment-from-no-return
+                user_id, user_context
+            )
+
+        if value is None:
+            return {}
+
+        return self.add_to_payload_({}, value, user_context)
+
+
+class SessionClaimValidator(ABC):
+    id: str
+    claim: SessionClaim[Any]
+
+    @abstractmethod
+    def should_refetch(
+        self, payload: JSONObject, user_context: Union[Dict[str, Any], None] = None
+    ) -> Any:
+        pass
+
+    @abstractmethod
+    def validate(
+        self, payload: JSONObject, user_context: Union[Dict[str, Any], None] = None
+    ) -> Any:
+        pass

tests/sessions/claims/__init__.py

@@ -0,0 +1,3 @@
+import nest_asyncio  # type: ignore
+
+nest_asyncio.apply()  # type: ignore