Version 4.2.0 (#81)

* Introduce 'delete' permission to Grant * Implement v2 signatures. Update PAM endpoints to /v2. Update PAM tests to support v2 signatures and /v2 endpoints. * Add TokenManager. Implement GrantToken method. Add cbor2 library to dependencies. * Resolve test warnings due to use of deprecated method. * Remove PAM audit tests. Resolve Codacy errors. * Resolve logger deprecation warnings. Add delete_enabled field to PAMv2 Grant tests. * Resolved import errors in older Python versions. * Resolve unused variable warning. * Add cbor2 dependency to PyPy. * Prepare for release 4.1.8. * Refactor token manager properties code. * Update .pubnub.yml. * Bumping minor version - David Co-authored-by: Stefan QSD <[email protected]> Co-authored-by: David Lin <[email protected]>
pubnub · Dec 30, 2019 · 30b3663 · 30b3663
1 parent ff2563f
commit 30b3663
Show file tree

Hide file tree

Showing 77 changed files with 1,230 additions and 540 deletions.
diff --git a/.pubnub.yml b/.pubnub.yml
@@ -1,8 +1,21 @@
 name: python
-version: 4.1.7
+version: 4.2.0
 schema: 1
 scm: github.com/pubnub/python
 changelog:
+  - version: v4.2.0
+    date: Dec 24, 2019
+    changes:
+      - type: improvement
+        text: Introduced delete permission to Grant endpoint. Migrated to v2 enpdoints for old PAM methods.
+      - type: feature
+        text: Added TokenManager and GrantToken method.
+      - type: improvement
+        text: Resolved warnings caused by the use of deprecated methods.
+      - type: bug
+        text: Removed Audit tests.
+      - type: bug
+        text: Resolved incorrectly reported SDK version.
   - version: v4.1.7
     date: Dec 2, 2019
     changes:
@@ -137,6 +150,10 @@ changelog:
 features:
   access:
     - ACCESS-GRANT
+    - ACCESS-GRANT-MANAGE
+    - ACCESS-GRANT-DELETE
+    - ACCESS-GRANT-V3
+    - ACCESS-TOKEN-MANAGEMENT
     - ACCESS-SECRET-KEY-ALL-ACCESS    
   channel-groups:
     - CHANNEL-GROUPS-ADD-CHANNELS
@@ -159,8 +176,10 @@ features:
     - PUBLISH-RAW-JSON
     - PUBLISH-WITH-METADATA
     - PUBLISH-GET
+    - PUBLISH-POST
     - PUBLISH-ASYNC
     - PUBLISH-FIRE
+    - PUBLISH-REPLICATION-FLAG
   storage:
     - STORAGE-REVERSE
     - STORAGE-INCLUDE-TIMETOKEN
@@ -195,6 +214,8 @@ features:
     - OBJECTS-UPDATE-SPACE
     - OBJECTS-DELETE-SPACE
     - OBJECTS-GET-MEMBERSHIPS
+    - OBJECTS-MANAGE-MEMBERSHIPS
+    - OBJECTS-MANAGE-MEMBERS
     - OBJECTS-JOIN-SPACES
     - OBJECTS-UPDATE-MEMBERSHIPS
     - OBJECTS-LEAVE-SPACES

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,13 @@
+## [4.2.0](https://github.com/pubnub/python/tree/v4.2.0)
+
+  [Full Changelog](https://github.com/pubnub/python/compare/v4.1.7...v4.2.0)
+
+- 🌟 Introduced delete permission to Grant endpoint. Migrated to v2 enpdoints for old PAM methods.
+- 🌟 Added TokenManager and GrantToken method.
+- 🌟Resolved warnings caused by the use of deprecated methods.
+- 🐛Removed Audit tests.
+- 🐛Resolved incorrectly reported SDK version.
+
 ## [4.1.7](https://github.com/pubnub/python/tree/v4.1.7)
 
   [Full Changelog](https://github.com/pubnub/python/compare/v4.1.6...v4.1.7)

diff --git a/pubnub/endpoints/access/audit.py b/pubnub/endpoints/access/audit.py
@@ -5,7 +5,7 @@
 
 
 class Audit(Endpoint):
-    AUDIT_PATH = "/v1/auth/audit/sub-key/%s"
+    AUDIT_PATH = "/v2/auth/audit/sub-key/%s"
 
     def __init__(self, pubnub):
         Endpoint.__init__(self, pubnub)

diff --git a/pubnub/endpoints/access/grant.py b/pubnub/endpoints/access/grant.py
@@ -7,7 +7,7 @@
 
 
 class Grant(Endpoint):
-    GRANT_PATH = "/v1/auth/grant/sub-key/%s"
+    GRANT_PATH = "/v2/auth/grant/sub-key/%s"
 
     def __init__(self, pubnub):
         Endpoint.__init__(self, pubnub)
@@ -17,6 +17,7 @@ def __init__(self, pubnub):
         self._read = None
         self._write = None
         self._manage = None
+        self._delete = None
         self._ttl = None
 
         self._sort_params = True
@@ -45,6 +46,10 @@ def manage(self, flag):
         self._manage = flag
         return self
 
+    def delete(self, flag):
+        self._delete = flag
+        return self
+
     def ttl(self, ttl):
         self._ttl = ttl
         return self
@@ -58,6 +63,8 @@ def custom_params(self):
             params['w'] = '1' if self._write is True else '0'
         if self._manage is not None:
             params['m'] = '1' if self._manage is True else '0'
+        if self._delete is not None:
+            params['d'] = '1' if self._delete is True else '0'
 
         if len(self._auth_keys) > 0:
             params['auth'] = utils.join_items_and_encode(self._auth_keys)

diff --git a/pubnub/endpoints/access/grant_token.py b/pubnub/endpoints/access/grant_token.py
@@ -0,0 +1,120 @@
+from pubnub import utils
+from pubnub.endpoints.endpoint import Endpoint
+from pubnub.errors import PNERR_RESOURCES_MISSING, PNERR_TTL_MISSING, PNERR_INVALID_META
+from pubnub.exceptions import PubNubException
+from pubnub.enums import HttpMethod, PNOperationType
+from pubnub.models.consumer.v3.access_manager import PNGrantTokenResult
+
+
+class GrantToken(Endpoint):
+    GRANT_TOKEN_PATH = "/v3/pam/%s/grant"
+
+    READ = 1
+    WRITE = 2
+    MANAGE = 4
+    DELETE = 8
+    CREATE = 16
+
+    def __init__(self, pubnub):
+        Endpoint.__init__(self, pubnub)
+        self._ttl = None
+        self._meta = None
+        self._channelList = []
+        self._groupList = []
+        self._userList = []
+        self._spaceList = []
+
+        self._sort_params = True
+
+    def ttl(self, ttl):
+        self._ttl = ttl
+        return self
+
+    def meta(self, meta):
+        self._meta = meta
+        return self
+
+    def users(self, users):
+        self._userList = users
+        return self
+
+    def spaces(self, spaces):
+        self._spaceList = spaces
+        return self
+
+    def custom_params(self):
+        return {}
+
+    def build_data(self):
+        params = {'ttl': str(int(self._ttl))}
+
+        permissions = {}
+        resources = {}
+        patterns = {}
+
+        utils.parse_resources(self._channelList, "channels", resources, patterns)
+        utils.parse_resources(self._groupList, "groups", resources, patterns)
+        utils.parse_resources(self._userList, "users", resources, patterns)
+        utils.parse_resources(self._spaceList, "spaces", resources, patterns)
+
+        permissions['resources'] = resources
+        permissions['patterns'] = patterns
+
+        if self._meta is not None:
+            if isinstance(self._meta, dict):
+                permissions['meta'] = self._meta
+            else:
+                raise PubNubException(pn_error=PNERR_INVALID_META)
+        else:
+            permissions['meta'] = {}
+
+        params['permissions'] = permissions
+
+        return utils.write_value_as_string(params)
+
+    def build_path(self):
+        return GrantToken.GRANT_TOKEN_PATH % self.pubnub.config.subscribe_key
+
+    def http_method(self):
+        return HttpMethod.POST
+
+    def validate_params(self):
+        self.validate_subscribe_key()
+        self.validate_secret_key()
+        self.validate_ttl()
+        self.validate_resources()
+
+    def create_response(self, envelope):
+        return PNGrantTokenResult.from_json(envelope['data'])
+
+    def is_auth_required(self):
+        return False
+
+    def affected_channels(self):
+        # generate a list of channels when they become supported in PAMv3
+        return None
+
+    def affected_channels_groups(self):
+        # generate a list of groups when they become supported in PAMv3
+        return None
+
+    def request_timeout(self):
+        return self.pubnub.config.non_subscribe_request_timeout
+
+    def connect_timeout(self):
+        return self.pubnub.config.connect_timeout
+
+    def operation_type(self):
+        return PNOperationType.PNAccessManagerGrantToken
+
+    def name(self):
+        return "Grant Token"
+
+    def validate_resources(self):
+        if (self._userList is None or len(self._userList) == 0) and \
+           (self._spaceList is None or len(self._spaceList) == 0):
+            raise PubNubException(pn_error=PNERR_RESOURCES_MISSING)
+
+    def validate_ttl(self):
+        if self._ttl is None:
+            raise PubNubException(pn_error=PNERR_TTL_MISSING)
diff --git a/pubnub/endpoints/endpoint.py b/pubnub/endpoints/endpoint.py
@@ -1,5 +1,7 @@
 from abc import ABCMeta, abstractmethod
 
+import logging
+
 from pubnub import utils
 from pubnub.enums import PNStatusCategory, PNOperationType
 from pubnub.errors import PNERR_SUBSCRIBE_KEY_MISSING, PNERR_PUBLISH_KEY_MISSING, PNERR_CHANNEL_OR_GROUP_MISSING, \
@@ -9,6 +11,8 @@
 from pubnub.models.consumer.pn_error_data import PNErrorData
 from ..structures import RequestOptions, ResponseInfo
 
+logger = logging.getLogger("pubnub")
+
 
 class Endpoint(object):
     SERVER_RESPONSE_SUCCESS = 200
@@ -90,7 +94,6 @@ def options(self):
 
     def sync(self):
         self.validate_params()
-
         envelope = self.pubnub.request_sync(self.options())
 
         if envelope.status.is_error():
@@ -154,22 +157,17 @@ def callback(params_to_merge):
             if self.is_auth_required() and self.pubnub.config.auth_key is not None:
                 custom_params['auth'] = self.pubnub.config.auth_key
 
-            if self.pubnub.config.secret_key is not None:
-                custom_params['timestamp'] = str(self.pubnub.timestamp())
-                signed_input = (self.pubnub.config.subscribe_key + "\n" + self.pubnub.config.publish_key + "\n")
-
-                if operation_type == PNOperationType.PNAccessManagerAudit:
-                    signed_input += 'audit\n'
-                elif operation_type == PNOperationType.PNAccessManagerGrant or \
-                        operation_type == PNOperationType.PNAccessManagerRevoke:
-                    signed_input += 'grant\n'
-                else:
-                    signed_input += self.build_path() + "\n"
+            if self.pubnub.config.disable_token_manager is False and self.pubnub.config.auth_key is None:
+                tms_properties = self.get_tms_properties()
+                if tms_properties is not None:
+                    token = self.pubnub.get_token(tms_properties)
+                    if token is not None:
+                        custom_params['auth'] = token
+                    else:
+                        logger.warning("No token found for: " + str(tms_properties))
 
-                signed_input += utils.prepare_pam_arguments(custom_params)
-                signature = utils.sign_sha256(self.pubnub.config.secret_key, signed_input)
-
-                custom_params['signature'] = signature
+            if self.pubnub.config.secret_key is not None:
+                utils.sign_request(self, self.pubnub, custom_params, self.http_method(), self.build_data())
 
             # REVIEW: add encoder map to not hardcode encoding here
             if operation_type == PNOperationType.PNPublishOperation and 'meta' in custom_params:
@@ -248,3 +246,6 @@ def create_exception(self, category, response, response_info, exception):
         exception.status = status
 
         return exception
+
+    def get_tms_properties(self):
+        return None
diff --git a/pubnub/endpoints/membership/get_members.py b/pubnub/endpoints/membership/get_members.py
@@ -2,8 +2,9 @@
 
 from pubnub import utils
 from pubnub.endpoints.endpoint import Endpoint
+from pubnub.managers import TokenManagerProperties
 from pubnub.models.consumer.membership import PNGetMembersResult
-from pubnub.enums import HttpMethod, PNOperationType
+from pubnub.enums import HttpMethod, PNOperationType, PNResourceType
 from pubnub.exceptions import PubNubException
 
 
@@ -98,3 +99,9 @@ def operation_type(self):
 
     def name(self):
         return 'Get members'
+
+    def get_tms_properties(self):
+        return TokenManagerProperties(
+            resource_type=PNResourceType.SPACE,
+            resource_id=self._space_id if self._space_id is not None else ""
+        )
diff --git a/pubnub/endpoints/membership/get_space_memberships.py b/pubnub/endpoints/membership/get_space_memberships.py
@@ -2,8 +2,9 @@
 
 from pubnub import utils
 from pubnub.endpoints.endpoint import Endpoint
+from pubnub.managers import TokenManagerProperties
 from pubnub.models.consumer.membership import PNGetSpaceMembershipsResult
-from pubnub.enums import HttpMethod, PNOperationType
+from pubnub.enums import HttpMethod, PNOperationType, PNResourceType
 from pubnub.exceptions import PubNubException
 
 
@@ -98,3 +99,9 @@ def operation_type(self):
 
     def name(self):
         return 'Get space membership'
+
+    def get_tms_properties(self):
+        return TokenManagerProperties(
+            resource_type=PNResourceType.USER,
+            resource_id=self._user_id if self._user_id is not None else ""
+        )
diff --git a/pubnub/endpoints/membership/manage_members.py b/pubnub/endpoints/membership/manage_members.py
@@ -2,8 +2,9 @@
 
 from pubnub import utils
 from pubnub.endpoints.endpoint import Endpoint
+from pubnub.managers import TokenManagerProperties
 from pubnub.models.consumer.membership import PNManageMembersResult
-from pubnub.enums import HttpMethod, PNOperationType
+from pubnub.enums import HttpMethod, PNOperationType, PNResourceType
 from pubnub.exceptions import PubNubException
 
 
@@ -108,3 +109,9 @@ def operation_type(self):
 
     def name(self):
         return 'Update members'
+
+    def get_tms_properties(self):
+        return TokenManagerProperties(
+            resource_type=PNResourceType.SPACE,
+            resource_id=self._space_id if self._space_id is not None else ""
+        )
diff --git a/pubnub/endpoints/membership/manage_memberships.py b/pubnub/endpoints/membership/manage_memberships.py
@@ -2,8 +2,9 @@
 
 from pubnub import utils
 from pubnub.endpoints.endpoint import Endpoint
+from pubnub.managers import TokenManagerProperties
 from pubnub.models.consumer.membership import PNManageMembershipsResult
-from pubnub.enums import HttpMethod, PNOperationType
+from pubnub.enums import HttpMethod, PNOperationType, PNResourceType
 from pubnub.exceptions import PubNubException
 
 
@@ -108,3 +109,9 @@ def operation_type(self):
 
     def name(self):
         return 'Update space memberships'
+
+    def get_tms_properties(self):
+        return TokenManagerProperties(
+            resource_type=PNResourceType.USER,
+            resource_id=self._user_id if self._user_id is not None else ""
+        )