Add build_encrypted_persistence() factory

Author: rayluo

msal_extensions/__init__.py

@@ -3,6 +3,7 @@
 
 from .persistence import (
     FilePersistence,
+    build_encrypted_persistence,
     FilePersistenceWithDataProtection,
     KeychainPersistence,
     LibsecretPersistence,

msal_extensions/persistence.py

@@ -83,6 +83,22 @@ class PersistenceDecryptionError(PersistenceError):
     """This could be raised by persistence.load()"""
 
 
+def build_encrypted_persistence(location):
+    """Build a suitable encrypted persistence instance based your current OS.
+
+    If you do not need encryption, then simply use ``FilePersistence`` constructor.
+    """
+    # Does not (yet?) support fallback_to_plaintext flag,
+    # because the persistence on Windows and macOS do not support built-in trial_run().
+    if sys.platform.startswith('win'):
+        return FilePersistenceWithDataProtection(location)
+    if sys.platform.startswith('darwin'):
+        return KeychainPersistence(location)
+    if sys.platform.startswith('linux'):
+        return LibsecretPersistence(location)
+    raise RuntimeError("Unsupported platform: {}".format(sys.platform))  # pylint: disable=consider-using-f-string
+
+
 class BasePersistence(ABC):
     """An abstract persistence defining the common interface of this family"""
 

msal_extensions/token_cache.py

@@ -1,15 +1,12 @@
 """Generic functions and types for working with a TokenCache that is not platform specific."""
 import os
-import warnings
 import time
 import logging
 
 import msal
 
 from .cache_lock import CrossPlatLock
-from .persistence import (
-    _mkdir_p, PersistenceNotFound, FilePersistence,
-    FilePersistenceWithDataProtection, KeychainPersistence)
+from .persistence import _mkdir_p, PersistenceNotFound
 
 
 logger = logging.getLogger(__name__)

sample/persistence_sample.py

@@ -1,32 +1,21 @@
-import sys
 import logging
 import json
 
-from msal_extensions import *
+from msal_extensions import build_encrypted_persistence, FilePersistence, CrossPlatLock
 
 
 def build_persistence(location, fallback_to_plaintext=False):
     """Build a suitable persistence instance based your current OS"""
-    if sys.platform.startswith('win'):
-        return FilePersistenceWithDataProtection(location)
-    if sys.platform.startswith('darwin'):
-        return KeychainPersistence(location)
-    if sys.platform.startswith('linux'):
-        try:
-            return LibsecretPersistence(
-                # By using same location as the fall back option below,
-                # this would override the unencrypted data stored by the
-                # fall back option.  It is probably OK, or even desirable
-                # (in order to aggressively wipe out plain-text persisted data),
-                # unless there would frequently be a desktop session and
-                # a remote ssh session being active simultaneously.
-                location,
-                )
-        except:  # pylint: disable=bare-except
-            if not fallback_to_plaintext:
-                raise
-            logging.warning("Encryption unavailable. Opting in to plain text.")
-    return FilePersistence(location)
+    # Note: This sample stores both encrypted persistence and plaintext persistence
+    # into same location, therefore their data would likely override with each other.
+    try:
+        return build_encrypted_persistence(location)
+    except:  # pylint: disable=bare-except
+        # Known issue: Currently, only Linux
+        if not fallback_to_plaintext:
+            raise
+        logging.warning("Encryption unavailable. Opting in to plain text.")
+        return FilePersistence(location)
 
 persistence = build_persistence("storage.bin", fallback_to_plaintext=False)
 print("Type of persistence: {}".format(persistence.__class__.__name__))

sample/token_cache_sample.py

@@ -2,31 +2,21 @@
 import logging
 import json
 
-from msal_extensions import *
+from msal_extensions import build_encrypted_persistence, FilePersistence
 
 
 def build_persistence(location, fallback_to_plaintext=False):
     """Build a suitable persistence instance based your current OS"""
-    if sys.platform.startswith('win'):
-        return FilePersistenceWithDataProtection(location)
-    if sys.platform.startswith('darwin'):
-        return KeychainPersistence(location)
-    if sys.platform.startswith('linux'):
-        try:
-            return LibsecretPersistence(
-                # By using same location as the fall back option below,
-                # this would override the unencrypted data stored by the
-                # fall back option.  It is probably OK, or even desirable
-                # (in order to aggressively wipe out plain-text persisted data),
-                # unless there would frequently be a desktop session and
-                # a remote ssh session being active simultaneously.
-                location,
-                )
-        except:  # pylint: disable=bare-except
-            if not fallback_to_plaintext:
-                raise
-            logging.exception("Encryption unavailable. Opting in to plain text.")
-    return FilePersistence(location)
+    # Note: This sample stores both encrypted persistence and plaintext persistence
+    # into same location, therefore their data would likely override with each other.
+    try:
+        return build_encrypted_persistence(location)
+    except:  # pylint: disable=bare-except
+        # Known issue: Currently, only Linux
+        if not fallback_to_plaintext:
+            raise
+        logging.warning("Encryption unavailable. Opting in to plain text.")
+        return FilePersistence(location)
 
 persistence = build_persistence("token_cache.bin")
 print("Type of persistence: {}".format(persistence.__class__.__name__))

tests/test_agnostic_backend.py

@@ -34,18 +34,16 @@ def _test_token_cache_roundtrip(cache):
     assert token1['access_token'] == token2['access_token']
 
 def test_file_token_cache_roundtrip(temp_location):
-    from msal_extensions.token_cache import FileTokenCache
-    _test_token_cache_roundtrip(FileTokenCache(temp_location))
+    _test_token_cache_roundtrip(PersistedTokenCache(FilePersistence(temp_location)))
 
-def test_current_platform_cache_roundtrip_with_alias_class(temp_location):
-    from msal_extensions import TokenCache
-    _test_token_cache_roundtrip(TokenCache(temp_location))
+def test_current_platform_cache_roundtrip_with_persistence_builder(temp_location):
+    _test_token_cache_roundtrip(PersistedTokenCache(build_encrypted_persistence(temp_location)))
 
 def test_persisted_token_cache(temp_location):
     _test_token_cache_roundtrip(PersistedTokenCache(FilePersistence(temp_location)))
 
 def test_file_not_found_error_is_not_raised():
     persistence = FilePersistence('non_existing_file')
-    cache = PersistedTokenCache(persistence=persistence)
+    cache = PersistedTokenCache(persistence)
     # An exception raised here will fail the test case as it is supposed to be a NO-OP
     cache.find('')