aetos/mail-intake
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
mail-intake/mail_intake/credentials/pickle.py
Vishesh 'ironeagle' Bangotra 4e63c36199 refactor(auth): type auth providers and decouple Google auth from disk storage 
- Make MailIntakeAuthProvider generic over credential type to enforce
  typed auth contracts between providers and adapters
- Refactor Google OAuth provider to use CredentialStore abstraction
  instead of filesystem-based pickle persistence
- Remove node-local state assumptions from Google auth implementation
- Clarify documentation to distinguish credential lifecycle from
  credential persistence responsibilities

This change enables distributed-safe authentication providers and
allows multiple credential persistence strategies without modifying
auth logic.
2026-01-10 16:40:51 +05:30

97 lines
2.9 KiB
Python
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

"""
Local filesystembased credential persistence for Mail Intake.
This module provides a file-backed implementation of the
``CredentialStore`` abstraction using Python's ``pickle`` module.
The pickle-based credential store is intended for local development,
single-node deployments, and controlled environments where credentials
do not need to be shared across processes or machines.
Due to the security and portability risks associated with pickle-based
serialization, this implementation is not suitable for distributed or
untrusted environments.
"""
import pickle
from typing import Optional, TypeVar
from mail_intake.credentials.store import CredentialStore
T = TypeVar("T")
class PickleCredentialStore(CredentialStore[T]):
"""
Filesystem-backed credential store using pickle serialization.
This store persists credentials as a pickled object on the local
filesystem. It is a simple implementation intended primarily for
development, testing, and single-process execution contexts.
This implementation:
- Stores credentials on the local filesystem
- Uses pickle for serialization and deserialization
- Does not provide encryption, locking, or concurrency guarantees
Credential lifecycle management, validation, and refresh logic are
explicitly out of scope for this class.
"""
def __init__(self, path: str):
"""
Initialize a pickle-backed credential store.
Args:
path:
Filesystem path where credentials will be stored.
The file will be created or overwritten as needed.
"""
self.path = path
def load(self) -> Optional[T]:
"""
Load credentials from the local filesystem.
If the credential file does not exist or cannot be successfully
deserialized, this method returns ``None``.
The store does not attempt to validate or interpret the returned
credentials.
Returns:
An instance of type ``T`` if credentials are present and
successfully deserialized; otherwise ``None``.
"""
try:
with open(self.path, "rb") as fh:
return pickle.load(fh)
except Exception:
return None
def save(self, credentials: T) -> None:
"""
Persist credentials to the local filesystem.
Any previously stored credentials at the configured path are
overwritten.
Args:
credentials:
The credential object to persist.
"""
with open(self.path, "wb") as fh:
pickle.dump(credentials, fh)
def clear(self) -> None:
"""
Remove persisted credentials from the local filesystem.
This method deletes the credential file if it exists and should
be treated as an idempotent operation.
"""
import os
if os.path.exists(self.path):
os.remove(self.path)
Reference in New Issue View Git Blame Copy Permalink