[ BB2-1142 ] Hook Work Together (#5)

* Update package version/naming

* Rename to cms_bluebutton

* Move test files in to src/tests/

* Update for cms-bluebutton and move fixtures to test

* Reorganize package directory structure

* Add package __init__.py files

* Update requests,add FHIR wrappers,add tests

* Update refresh_access_token use data in post()

* Refactor auth

- Remove AuthRequest class and convert needed methods to functions in auth.py

- Rename functions to better match the Node SDK in auth.py

- Add methods to BlueButton class for refresh_auth_token(), generate_auth_data(), generate_authorize_url(), get_authorization_token()

- Update tests in test_auth.py for changes.

BB2-1142

* Refactor fhir_request

- Update refresh_auth_token() in auth.py to use DATA
  instead of PARAMS for the post() call. This improves security.

- Update fhir_request() in fhir_request.py to utilize
  AuthorizationToken class object.

- Remove refresh_token() function fhir_request.py to utilize
  BlueButton refresh_auth_token() method instead.

- Add AuthorizationToken to __init__.py for import
  from cms_bluebutton module.

- Update MOCK_BB_CONFIG in tests to utilize AuthorizationToken
  class object in test_fhir_request.py

BB2-1142

* Update README.md for package dir change

* Add SDK_HEADER to auth calls

Author: dtisza1

README.md

@@ -29,7 +29,7 @@ Introduction goes here!
 
 ## Build
 
-To build the cms-bb2 package do the following:
+To build the cms_bluebutton package do the following:
 
 - Build the package:
 
@@ -49,42 +49,39 @@ $ pip install -e .
 
 ## Usage
 
-To test it out with Python interactively:
+Usage goes here!
 
-```
-$ python
-Python 3.10.1 ...
-Type "help", "copyright", "credits" or "license" for more information.
->>> from bb2 import Bb2
->>>
->>> a = Bb2()
->>>
->>> a.hello()
-Hello from BB2 SDK Class method!!!
->>>
-```
-
-## Developing the Blue Button 2.0 SDK (for BB2 devs)
+## Developing the Blue Button 2.0 SDK (for BB2 team SDK developers)
 
 ### Install Development
 
 To install with the tools you need to develop and run tests do the following:
 
+From the repository base directory:
+
 ```
 $ pip install -e .[dev]
 ```
 
 To run the tests, use the following commands:
 
+From the package base directory:
+
 ```
-# From the repo base directory
+$ cd src/cms_bluebutton
+
+$ # To run all tests:
 $ pytest
+
+$ # To run a specific test and show console debugging output:
+$ pytest tests/test_fhir_request.py -s
 ```
 
 To run the tests with coverage, use the following commands:
 
+From the package base directory:
+
 ```
-# From the repo base directory
 $ coverage run -m pytest
 
 # Check report
@@ -95,6 +92,8 @@ $ coverage report -m
 
 To create a distribution run the following command:
 
+From the repository base directory:
+
 ```
 $ python setup.py sdist
 ```
@@ -111,5 +110,4 @@ To create a MANIFEST.in file run the following commands:
 $ pip install check-manifest  # If not already installed.
 $ check-manifest --create
 $ python setup.py sdist
-```
-
+```

setup.py

@@ -5,8 +5,8 @@
     long_description = fh.read()
 
 setup(
-    name="cms-bb2",
-    version="0.0.1",
+    name="cms_bluebutton",
+    version="1.0.0",
     author="CMS Blue Button 2.0 Team",
     author_email="[email protected]",  # TODO: Do we want to include?
     license="Apache Software License",
@@ -25,7 +25,7 @@
         "Topic :: Software Development",
         "Topic :: Software Development :: Libraries :: Python Modules",
     ],
-    py_modules=["blueButton"],
+    py_modules=["cms_bluebutton"],
     package_dir={"": "src"},
     python_requires=">=3.6",
     install_requires=[

src/auth.py

@@ -0,0 +1,2 @@
+from .cms_bluebutton import BlueButton  # NOQA
+from .auth import AuthorizationToken  # NOQA

src/cms_bluebutton/__init__.py

@@ -0,0 +1,137 @@
+import base64
+import hashlib
+import requests
+import random
+import string
+import datetime
+import urllib
+from requests_toolbelt.multipart.encoder import MultipartEncoder
+
+from .constants import SDK_HEADER, SDK_HEADER_KEY
+
+
+class AuthorizationToken:
+    def __init__(self, auth_token):
+        self.access_token = auth_token.get("access_token")
+        self.expires_in = auth_token.get("expires_in")
+        self.expires_at = (
+            auth_token.get("expires_at")
+            if auth_token.get("expires_at")
+            else datetime.datetime.now(datetime.timezone.utc)
+            + datetime.timedelta(seconds=self.expires_in)
+        )
+        self.patient = auth_token.get("patient")
+        self.refresh_token = auth_token.get("refresh_token")
+        self.scope = auth_token.get("scope")
+        self.token_type = auth_token.get("token_type")
+
+    def access_token_expired(self):
+        return self.expires_at < datetime.datetime.now(datetime.timezone.utc)
+
+
+def refresh_auth_token(bb, auth_token):
+    data = {
+        "client_id": bb.client_id,
+        "grant_type": "refresh_token",
+        "refresh_token": auth_token.refresh_token,
+    }
+
+    headers = {
+        SDK_HEADER_KEY: SDK_HEADER,
+    }
+
+    token_response = requests.post(
+        url=bb.auth_token_url,
+        data=data,
+        headers=headers,
+        auth=(bb.client_id, bb.client_secret),
+    )
+
+    token_response.raise_for_status()
+    return AuthorizationToken(token_response.json())
+
+
+def generate_authorize_url(bb, auth_data):
+    params = {
+        "client_id": bb.client_id,
+        "redirect_uri": bb.client_secret,
+        "state": auth_data["state"],
+        "response_type": "code",
+        "code_challenge_method": "S256",
+        "code_challenge": auth_data["code_challenge"],
+    }
+
+    return (
+        bb.auth_base_url
+        + "?"
+        + urllib.parse.urlencode(params, quote_via=urllib.parse.quote)
+    )
+
+
+def base64_url_encode(buffer):
+    buffer_bytes = base64.urlsafe_b64encode(buffer.encode("utf-8"))
+    buffer_result = str(buffer_bytes, "utf-8")
+    return buffer_result
+
+
+def get_random_string(length):
+    letters = string.ascii_letters + string.digits + string.punctuation
+    result = "".join(random.choice(letters) for i in range(length))
+    return result
+
+
+def generate_pkce_data():
+    verifier = generate_random_state(32)
+    code_challenge = base64.urlsafe_b64encode(
+        hashlib.sha256(verifier.encode("ASCII")).digest()
+    )
+    return {"code_challenge": code_challenge.decode("utf-8"), "verifier": verifier}
+
+
+def generate_random_state(num):
+    return base64_url_encode(get_random_string(num))
+
+
+def generate_auth_data():
+    auth_data = {"state": generate_random_state(32)}
+    auth_data.update(generate_pkce_data())
+    return auth_data
+
+
+def get_access_token_from_code(bb, auth_data, callback_code):
+    data = {
+        "client_id": bb.client_id,
+        "client_secret": bb.client_secret,
+        "code": callback_code,
+        "grant_type": "authorization_code",
+        "redirect_uri": bb.callback_url,
+        "code_verifier": auth_data["verifier"],
+        "code_challenge": auth_data["code_challenge"],
+    }
+
+    mp_encoder = MultipartEncoder(data)
+    token_response = requests.post(
+        url=bb.auth_token_url,
+        data=mp_encoder,
+        headers={"content-type": mp_encoder.content_type, SDK_HEADER_KEY: SDK_HEADER},
+    )
+    token_response.raise_for_status()
+    token_dict = token_response.json()
+    token_dict["expires_at"] = datetime.datetime.now(
+        datetime.timezone.utc
+    ) + datetime.timedelta(seconds=token_dict["expires_in"])
+
+    return token_dict
+
+
+def get_authorization_token(bb, auth_data, callback_code, callback_state):
+    if callback_code is None:
+        raise ValueError("Authorization code missing.")
+
+    if callback_state is None:
+        raise ValueError("Callback parameter 'state' missing.")
+
+    if callback_state != auth_data["state"]:
+        raise ValueError("Provided callback state does not match.")
+
+    return AuthorizationToken(get_access_token_from_code(bb, auth_data, callback_code))