[IMP] fastapi_auth_jwt: pre-commit auto fixes

.pre-commit-config.yaml

@@ -11,7 +11,6 @@ exclude: |
   ^datamodel/|
   ^extendable/|
   ^extendable_fastapi/|
-  ^fastapi_auth_jwt/|
   ^fastapi_auth_jwt_demo/|
   ^graphql_base/|
   ^graphql_demo/|

fastapi_auth_jwt/README.rst

@@ -20,16 +20,17 @@ FastAPI Auth JWT support
     :target: https://github.com/OCA/rest-framework/tree/17.0/fastapi_auth_jwt
     :alt: OCA/rest-framework
 .. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
-    :target: https://translation.odoo-community.org/projects/rest-framework-16-0/rest-framework-16-0-fastapi_auth_jwt
+    :target: https://translation.odoo-community.org/projects/rest-framework-17-0/rest-framework-17-0-fastapi_auth_jwt
     :alt: Translate me on Weblate
 .. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
     :target: https://runboat.odoo-community.org/builds?repo=OCA/rest-framework&target_branch=17.0
     :alt: Try me on Runboat
 
 |badge1| |badge2| |badge3| |badge4| |badge5|
 
-This module provides ``FastAPI`` ``Depends`` to allow authentication with `auth_jwt
-<https://github.com/OCA/server-auth/tree/17.0/auth_jwt>`_.
+This module provides ``FastAPI`` ``Depends`` to allow authentication
+with
+`auth_jwt <https://github.com/OCA/server-auth/tree/16.0/auth_jwt>`__.
 
 **Table of contents**
 
@@ -39,62 +40,69 @@ This module provides ``FastAPI`` ``Depends`` to allow authentication with `auth_
 Usage
 =====
 
-The following FastAPI dependencies  are provided and importable from
+The following FastAPI dependencies are provided and importable from
 ``odoo.addons.fastapi_auth_jwt.dependencies``:
 
 ``def auth_jwt_authenticated_payload() -> Payload``
 
-  Return the authenticated JWT payload. Raise a 401 (unauthorized) if absent or invalid.
+   Return the authenticated JWT payload. Raise a 401 (unauthorized) if
+   absent or invalid.
 
 ``def auth_jwt_optionally_authenticated_payload() -> Payload | None``
 
-  Return the authenticated JWT payload, or ``None`` if the ``Authorization`` header and
-  cookie are absent. Raise a 401 (unauthorized) if present and invalid.
+   Return the authenticated JWT payload, or ``None`` if the
+   ``Authorization`` header and cookie are absent. Raise a 401
+   (unauthorized) if present and invalid.
 
 ``def auth_jwt_authenticated_partner() -> Partner``
 
-  Obtain the authenticated partner corresponding to the provided JWT token, according to
-  the partner strategy defined on the ``auth_jwt`` validator. Raise a 401 (unauthorized)
-  if the partner could not be determined for any reason.
+   Obtain the authenticated partner corresponding to the provided JWT
+   token, according to the partner strategy defined on the ``auth_jwt``
+   validator. Raise a 401 (unauthorized) if the partner could not be
+   determined for any reason.
 
-  This is function suitable and intended to override
-  ``odoo.addons.fastapi.dependencies.authenticated_partner_impl``.
+   This is function suitable and intended to override
+   ``odoo.addons.fastapi.dependencies.authenticated_partner_impl``.
 
-  The partner record returned by this function is bound to an environment that uses the
-  Odoo user obtained from the user strategy defined on the ``auth_jwt`` validator. When
-  used ``authenticated_partner_impl`` this in turn ensures that
-  ``odoo.addons.fastapi.dependencies.authenticated_partner_env`` is also bound to the
-  correct Odoo user.
+   The partner record returned by this function is bound to an
+   environment that uses the Odoo user obtained from the user strategy
+   defined on the ``auth_jwt`` validator. When used
+   ``authenticated_partner_impl`` this in turn ensures that
+   ``odoo.addons.fastapi.dependencies.authenticated_partner_env`` is
+   also bound to the correct Odoo user.
 
 ``def auth_jwt_optionally_authenticated_partner() -> Partner``
 
-  Same as ``auth_jwt_partner`` except it returns an empty recordset bound to the
-  ``public`` user if the ``Authorization`` header and cookie are absent, or if the JWT
-  validator could not find the partner and declares that the partner is not required.
+   Same as ``auth_jwt_partner`` except it returns an empty recordset
+   bound to the ``public`` user if the ``Authorization`` header and
+   cookie are absent, or if the JWT validator could not find the partner
+   and declares that the partner is not required.
 
 ``def auth_jwt_authenticated_odoo_env() -> Environment``
 
-  Return an Odoo environment using the the Odoo user obtained from the user strategy
-  defined on the ``auth_jwt`` validator, if the request could be authenticated using a
-  JWT validator. Raise a 401 (unauthorized) otherwise.
+   Return an Odoo environment using the the Odoo user obtained from the
+   user strategy defined on the ``auth_jwt`` validator, if the request
+   could be authenticated using a JWT validator. Raise a 401
+   (unauthorized) otherwise.
 
-  This is function suitable and intended to override
-  ``odoo.addons.fastapi.dependencies.authenticated_odoo_env_impl``.
+   This is function suitable and intended to override
+   ``odoo.addons.fastapi.dependencies.authenticated_odoo_env_impl``.
 
 ``def auth_jwt_default_validator_name() -> str | None``
 
-  Return the name of the default JWT validator to use.
+   Return the name of the default JWT validator to use.
 
-  The default implementation returns ``None`` meaning only one active JWT validator is
-  allowed. This dependency is meant to be overridden.
+   The default implementation returns ``None`` meaning only one active
+   JWT validator is allowed. This dependency is meant to be overridden.
 
 ``def auth_jwt_http_header_authorization() -> str | None``
 
-  By default, return the credentials part of the ``Authorization`` header, or ``None``
-  if absent. This dependency is meant to be overridden, in particular with
-  ``fastapi.security.OAuth2AuthorizationCodeBearer`` to let swagger handle OAuth2
-  authorization (such override is only necessary for comfort when using the swagger
-  interface).
+   By default, return the credentials part of the ``Authorization``
+   header, or ``None`` if absent. This dependency is meant to be
+   overridden, in particular with
+   ``fastapi.security.OAuth2AuthorizationCodeBearer`` to let swagger
+   handle OAuth2 authorization (such override is only necessary for
+   comfort when using the swagger interface).
 
 Bug Tracker
 ===========
@@ -110,12 +118,12 @@ Credits
 =======
 
 Authors
-~~~~~~~
+-------
 
 * ACSONE SA/NV
 
 Maintainers
-~~~~~~~~~~~
+-----------
 
 This module is maintained by the OCA.
 

fastapi_auth_jwt/dependencies.py

@@ -2,7 +2,7 @@
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
 
 import logging
-from typing import Annotated, Any, Dict, Optional, Tuple, Union
+from typing import Annotated, Any
 
 from starlette.status import HTTP_401_UNAUTHORIZED
 
@@ -24,12 +24,11 @@
 
 _logger = logging.getLogger(__name__)
 
-
-Payload = Dict[str, Any]
+Payload = dict[str, Any]
 
 
 def _get_auth_jwt_validator(
-    validator_name: Union[str, None],
+    validator_name: str | None,
     env: Environment,
 ) -> AuthJwtValidator:
     validator = env["auth.jwt.validator"].sudo()._get_validator_by_name(validator_name)
@@ -39,9 +38,9 @@ def _get_auth_jwt_validator(
 
 def _request_has_authentication(
     request: Request,
-    authorization_header: Optional[str],
+    authorization_header: str | None,
     validator: AuthJwtValidator,
-) -> Union[Payload, None]:
+) -> Payload | None:
     if authorization_header is not None:
         return True
     if not validator.cookie_enabled:
@@ -52,7 +51,7 @@ def _request_has_authentication(
 
 def _get_jwt_payload(
     request: Request,
-    authorization_header: Optional[str],
+    authorization_header: str | None,
     validator: AuthJwtValidator,
 ) -> Payload:
     """Obtain and validate the JWT payload from the request authorization header or
@@ -76,9 +75,9 @@ def _get_jwt_payload(
 def _get_jwt_payload_and_validator(
     request: Request,
     response: Response,
-    authorization_header: Optional[str],
+    authorization_header: str | None,
     validator: AuthJwtValidator,
-) -> Tuple[Payload, AuthJwtValidator]:
+) -> tuple[Payload, AuthJwtValidator]:
     try:
         payload = None
         exceptions = {}
@@ -117,24 +116,24 @@ def _get_jwt_payload_and_validator(
         raise HTTPException(status_code=HTTP_401_UNAUTHORIZED) from e
 
 
-def auth_jwt_default_validator_name() -> Union[str, None]:
+def auth_jwt_default_validator_name() -> str | None:
     return None
 
 
 def auth_jwt_http_header_authorization(
     credentials: Annotated[
-        Optional[HTTPAuthorizationCredentials],
+        HTTPAuthorizationCredentials | None,
         Depends(HTTPBearer(auto_error=False)),
-    ]
-):
+    ],
+) -> str | None:
     if credentials is None:
         return None
     return credentials.credentials
 
 
 class BaseAuthJwt:  # noqa: B903
     def __init__(
-        self, validator_name: Optional[str] = None, allow_unauthenticated: bool = False
+        self, validator_name: str | None = None, allow_unauthenticated: bool = False
     ):
         self.validator_name = validator_name
         self.allow_unauthenticated = allow_unauthenticated
@@ -146,18 +145,18 @@ def __call__(
         request: Request,
         response: Response,
         authorization_header: Annotated[
-            Optional[str],
+            str | None,
             Depends(auth_jwt_http_header_authorization),
         ],
         default_validator_name: Annotated[
-            Union[str, None],
+            str | None,
             Depends(auth_jwt_default_validator_name),
         ],
         env: Annotated[
             Environment,
             Depends(odoo_env),
         ],
-    ) -> Optional[Payload]:
+    ) -> Payload | None:
         validator = _get_auth_jwt_validator(
             self.validator_name or default_validator_name, env
         )
@@ -176,11 +175,11 @@ def __call__(
         request: Request,
         response: Response,
         authorization_header: Annotated[
-            Optional[str],
+            str | None,
             Depends(auth_jwt_http_header_authorization),
         ],
         default_validator_name: Annotated[
-            Union[str, None],
+            str | None,
             Depends(auth_jwt_default_validator_name),
         ],
         env: Annotated[
@@ -215,11 +214,11 @@ def __call__(
         request: Request,
         response: Response,
         authorization_header: Annotated[
-            Optional[str],
+            str | None,
             Depends(auth_jwt_http_header_authorization),
         ],
         default_validator_name: Annotated[
-            Union[str, None],
+            str | None,
             Depends(auth_jwt_default_validator_name),
         ],
         env: Annotated[

fastapi_auth_jwt/pyproject.toml

@@ -0,0 +1,3 @@
+[build-system]
+requires = ["whool"]
+build-backend = "whool.buildapi"

fastapi_auth_jwt/readme/DESCRIPTION.md

@@ -0,0 +1,2 @@
+This module provides `FastAPI` `Depends` to allow authentication with
+[auth_jwt](https://github.com/OCA/server-auth/tree/16.0/auth_jwt).

fastapi_auth_jwt/readme/USAGE.md

@@ -0,0 +1,62 @@
+The following FastAPI dependencies are provided and importable from
+`odoo.addons.fastapi_auth_jwt.dependencies`:
+
+`def auth_jwt_authenticated_payload() -> Payload`
+
+> Return the authenticated JWT payload. Raise a 401 (unauthorized) if
+> absent or invalid.
+
+`def auth_jwt_optionally_authenticated_payload() -> Payload | None`
+
+> Return the authenticated JWT payload, or `None` if the `Authorization`
+> header and cookie are absent. Raise a 401 (unauthorized) if present
+> and invalid.
+
+`def auth_jwt_authenticated_partner() -> Partner`
+
+> Obtain the authenticated partner corresponding to the provided JWT
+> token, according to the partner strategy defined on the `auth_jwt`
+> validator. Raise a 401 (unauthorized) if the partner could not be
+> determined for any reason.
+>
+> This is function suitable and intended to override
+> `odoo.addons.fastapi.dependencies.authenticated_partner_impl`.
+>
+> The partner record returned by this function is bound to an
+> environment that uses the Odoo user obtained from the user strategy
+> defined on the `auth_jwt` validator. When used
+> `authenticated_partner_impl` this in turn ensures that
+> `odoo.addons.fastapi.dependencies.authenticated_partner_env` is also
+> bound to the correct Odoo user.
+
+`def auth_jwt_optionally_authenticated_partner() -> Partner`
+
+> Same as `auth_jwt_partner` except it returns an empty recordset bound
+> to the `public` user if the `Authorization` header and cookie are
+> absent, or if the JWT validator could not find the partner and
+> declares that the partner is not required.
+
+`def auth_jwt_authenticated_odoo_env() -> Environment`
+
+> Return an Odoo environment using the the Odoo user obtained from the
+> user strategy defined on the `auth_jwt` validator, if the request
+> could be authenticated using a JWT validator. Raise a 401
+> (unauthorized) otherwise.
+>
+> This is function suitable and intended to override
+> `odoo.addons.fastapi.dependencies.authenticated_odoo_env_impl`.
+
+`def auth_jwt_default_validator_name() -> str | None`
+
+> Return the name of the default JWT validator to use.
+>
+> The default implementation returns `None` meaning only one active JWT
+> validator is allowed. This dependency is meant to be overridden.
+
+`def auth_jwt_http_header_authorization() -> str | None`
+
+> By default, return the credentials part of the `Authorization` header,
+> or `None` if absent. This dependency is meant to be overridden, in
+> particular with `fastapi.security.OAuth2AuthorizationCodeBearer` to
+> let swagger handle OAuth2 authorization (such override is only
+> necessary for comfort when using the swagger interface).