django-pfx 1.4.dev40__tar.gz → 1.4.dev44__tar.gz

{django_pfx-1.4.dev40 → django_pfx-1.4.dev44}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: django-pfx
-Version: 1.4.dev40
+Version: 1.4.dev44
 Summary: Django PFX is a toolkit designed to streamline the development of RESTful APIs using the Django framework.
 Author: Hervé Martinet
 Author-email: herve.martinet@gmail.com

{django_pfx-1.4.dev40 → django_pfx-1.4.dev44}/django_pfx.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: django-pfx
-Version: 1.4.dev40
+Version: 1.4.dev44
 Summary: Django PFX is a toolkit designed to streamline the development of RESTful APIs using the Django framework.
 Author: Hervé Martinet
 Author-email: herve.martinet@gmail.com

{django_pfx-1.4.dev40 → django_pfx-1.4.dev44}/pfx/pfxcore/locale/fr/LC_MESSAGES/django.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-04-18 14:37+0200\n"
+"POT-Creation-Date: 2024-04-23 14:41+0200\n"
 "PO-Revision-Date: 2021-06-22 23:31+0200\n"
 "Last-Translator: \n"
 "Language-Team: \n"
@@ -59,23 +59,23 @@ msgstr ""
 "Format non valide, il peut s’agir d’un nombre en heures, « 1:05 », « :05 », "
 "« 1h 5m », « 1.5h » ou « 30m »."
 
-#: models/login_ban.py:43
+#: models/login_ban.py:45
 msgid "Username"
 msgstr "Nom d’utilisateur"
 
-#: models/login_ban.py:44
+#: models/login_ban.py:46
 msgid "Failed counter"
 msgstr "Compteur d’échec"
 
-#: models/login_ban.py:45
+#: models/login_ban.py:47
 msgid "Last failed"
 msgstr "Dernier échec"
 
-#: models/login_ban.py:50
+#: models/login_ban.py:52
 msgid "Login ban"
 msgstr "Login banni"
 
-#: models/login_ban.py:51
+#: models/login_ban.py:53
 msgid "Login bans"
 msgstr "Login bannis"
 
@@ -95,7 +95,7 @@ msgstr "Compte HOTP"
 msgid "HOTP expiry"
 msgstr "Expiration HOTP"
 
-#: models/otp_user_mixin.py:29 views/authentication_views.py:489
+#: models/otp_user_mixin.py:29 views/authentication_views.py:496
 msgid "OTP enabled"
 msgstr "OTP activé"
 
@@ -205,7 +205,11 @@ msgstr ""
 "Votre connexion est temporairement désactivée après plusieurs tentatives "
 "infructueuses, veuillez réessayer dans {seconds} secondes."
 
-#: views/authentication_views.py:243 views/authentication_views.py:408
+#: views/authentication_views.py:173
+msgid "Successful login"
+msgstr "Connexion réussie"
+
+#: views/authentication_views.py:243 views/authentication_views.py:413
 msgid "password updated successfully"
 msgstr "le mot de passe a été mis à jour avec succès"
 
@@ -213,31 +217,31 @@ msgstr "le mot de passe a été mis à jour avec succès"
 msgid "Incorrect password"
 msgstr "Mot de passe incorrect"
 
-#: views/authentication_views.py:251 views/authentication_views.py:417
+#: views/authentication_views.py:251 views/authentication_views.py:422
 msgid "Empty password is not allowed"
 msgstr "Un mot de passe vide n’est pas autorisé"
 
-#: views/authentication_views.py:342
+#: views/authentication_views.py:347
 msgid "User and token are valid"
 msgstr "L'utilisateur et le token sont valides"
 
-#: views/authentication_views.py:344
+#: views/authentication_views.py:349
 msgid "User or token is invalid"
 msgstr "L'utilisateur ou le token est invalide"
 
-#: views/authentication_views.py:451
+#: views/authentication_views.py:456
 msgid "OTP is already enabled"
 msgstr "OTP est déjà activé"
 
-#: views/authentication_views.py:490 views/authentication_views.py:524
+#: views/authentication_views.py:497 views/authentication_views.py:533
 msgid "Invalid code"
 msgstr "Code invalide"
 
-#: views/authentication_views.py:523
+#: views/authentication_views.py:532
 msgid "OTP disabled"
 msgstr "OTP désactivé"
 
-#: views/authentication_views.py:783
+#: views/authentication_views.py:792
 msgid ""
 "If the email address you entered is correct, you will receive an email from "
 "us with instructions to reset your password."
@@ -246,7 +250,7 @@ msgstr ""
 "un courrier électronique de notre part contenant des instructions pour "
 "réinitialiser votre mot de passe."
 
-#: views/authentication_views.py:857
+#: views/authentication_views.py:866
 msgid "A new authentication code has been sent by email."
 msgstr "Un nouveau code d'authentification a été envoyé par e-mail."
 

{django_pfx-1.4.dev40 → django_pfx-1.4.dev44}/pfx/pfxcore/middleware/authentication.py

@@ -58,12 +58,10 @@ class JWTTokenDecodeMixin:
                 user.get_user_jwt_signature_key() + settings.PFX_SECRET_KEY,
                 options=dict(require=["exp"]),
                 algorithms="HS256")
-            if 'otp_login' in decoded:
-                if otp_login:
-                    return user, *decoded['otp_login']
+            if decoded.get('pfx_otp_login') and not otp_login:
                 raise jwt.InvalidTokenError(
                     "This token is reserved for OTP login")
-            return user
+            return user, *decoded.get('pfx_login_options', ['jwt', False])
         except (get_user_model().DoesNotExist, jwt.ExpiredSignatureError,
                 jwt.InvalidTokenError, jwt.InvalidSignatureError,
                 DecodeError) as e:
@@ -93,7 +91,8 @@ class AuthenticationMiddleware(JWTTokenDecodeMixin, MiddlewareMixin):
             except ValueError:
                 token = ""
             try:
-                request.user = self.decode_jwt(token)
+                request.user, request.login_mode, request.login_remember_me = (
+                    self.decode_jwt(token))
             except Exception:
                 request.user = AnonymousUser()
         else:
@@ -122,7 +121,8 @@ class CookieAuthenticationMiddleware(JWTTokenDecodeMixin, MiddlewareMixin):
         token = request.COOKIES.get('token', "")
         if token:
             try:
-                request.user = self.decode_jwt(token)
+                request.user, request.login_mode, request.login_remember_me = (
+                    self.decode_jwt(token))
             except Exception:
                 request.user = AnonymousUser()
                 request.delete_cookie = True

{django_pfx-1.4.dev40 → django_pfx-1.4.dev44}/pfx/pfxcore/models/login_ban.py

@@ -17,7 +17,9 @@ class LoginBanQuerySet(models.QuerySet):
             return False
         if ban.failed_counter % settings.PFX_LOGIN_BAN_FAILED_NUMBER == 0:
             seconds = settings.PFX_LOGIN_BAN_SECONDS_START + (
-                settings.PFX_LOGIN_BAN_SECONDS_STEP * (ban.failed_counter - 1))
+                settings.PFX_LOGIN_BAN_SECONDS_STEP * (
+                    ban.failed_counter //
+                    settings.PFX_LOGIN_BAN_FAILED_NUMBER - 1))
             ban_time = ban.last_failed + timedelta(seconds=seconds)
             now = timezone.now()
             if now < ban_time:

{django_pfx-1.4.dev40 → django_pfx-1.4.dev44}/pfx/pfxcore/views/authentication_views.py

@@ -151,9 +151,9 @@ class AuthenticationView(
             return self._login_need_otp_response(user, mode, remember_me)
         return self._login_success(user, mode, remember_me)
 
-    def _login_success(self, user, mode, remember_me=False):
-        token = self._prepare_token(
-            user, token_validity('long' if remember_me else 'short'))
+    def _login_success(
+            self, user, mode, remember_me=False, message=None):
+        token = self._prepare_token(user, mode, remember_me)
         if mode == 'cookie':
             if remember_me:
                 expires = datetime.now(
@@ -170,6 +170,7 @@ class AuthenticationView(
                 httponly=True, samesite=settings.PFX_COOKIE_SAMESITE)
             return res
         return JsonResponse(dict(
+            message=message or _("Successful login"),
             need_otp=False,
             token=token,
             user=self.get_user_information(user)))
@@ -178,8 +179,7 @@ class AuthenticationView(
         """Return the response for login if OTP login is needed.
 
         Can be overridden to customize the response."""
-        token = self._prepare_token(user, token_validity('otp'), otp_login=[
-            mode, remember_me])
+        token = self._prepare_token(user, mode, remember_me, otp_login=True)
         return JsonResponse(dict(need_otp=True, token=token))
 
     @method_decorator(never_cache)
@@ -252,10 +252,15 @@ class AuthenticationView(
         return JsonResponse(
             ValidationError(errors), status=422)
 
-    def _prepare_token(self, user, validity, **extra_payload):
-        exp = datetime.now(tz=timezone.utc) + validity
+    def _prepare_token(
+            self, user, mode='jwt', remember_me=False, otp_login=False,
+            **extra_payload):
+        exp = datetime.now(tz=timezone.utc) + token_validity(
+            otp_login and 'otp' or (remember_me and 'long' or 'short'))
         payload = dict(
             exp=exp,
+            pfx_login_options=[mode, remember_me],
+            pfx_otp_login=otp_login,
             **self.get_extra_payload(user), **extra_payload)
         return jwt.encode(
             payload,
@@ -486,7 +491,9 @@ class AuthenticationView(
             raise NotFoundError()
         data = self.deserialize_body()
         if self.request.user.confirm_otp(data.get('otp_code')):
-            return JsonResponse(dict(message=_("OTP enabled")))
+            return self._login_success(
+                self.request.user, self.request.login_mode,
+                self.request.login_remember_me, message=_("OTP enabled"))
         return JsonResponse(dict(otp_code=[_("Invalid code")]), status=422)
 
     @method_decorator(never_cache)
@@ -520,7 +527,9 @@ class AuthenticationView(
         data = self.deserialize_body()
         if self.request.user.is_otp_valid(data.get('otp_code')):
             self.request.user.disable_otp()
-            return JsonResponse(dict(message=_("OTP disabled")))
+            return self._login_success(
+                self.request.user, self.request.login_mode,
+                self.request.login_remember_me, message=_("OTP disabled"))
         return JsonResponse(dict(otp_code=[_("Invalid code")]), status=422)
 
     @method_decorator(never_cache)

{django_pfx-1.4.dev40 → django_pfx-1.4.dev44}/tests/tests/test_auth_api.py

@@ -88,7 +88,7 @@ class AuthAPITest(TestAssertMixin, TransactionTestCase):
 
     @override_settings(
         PFX_TOKEN_SHORT_VALIDITY={'minutes': 30},
-        PFX_LOGIN_BAN_FAILED_NUMBER=1,
+        PFX_LOGIN_BAN_FAILED_NUMBER=2,
         PFX_LOGIN_BAN_SECONDS_START=30,
         PFX_LOGIN_BAN_SECONDS_STEP=60)
     def test_login_ban(self):
@@ -98,6 +98,11 @@ class AuthAPITest(TestAssertMixin, TransactionTestCase):
                     'username': 'jrr.tolkien',
                     'password': 'BAD PASSWORD'})
             self.assertRC(response, 422)
+            response = self.client.post(
+                '/api/auth/login', {
+                    'username': 'jrr.tolkien',
+                    'password': 'BAD PASSWORD'})
+            self.assertRC(response, 422)
 
             response = self.client.post(
                 '/api/auth/login', {
@@ -128,6 +133,11 @@ class AuthAPITest(TestAssertMixin, TransactionTestCase):
                     'username': 'jrr.tolkien',
                     'password': 'BAD PASSWORD'})
             self.assertRC(response, 422)
+            response = self.client.post(
+                '/api/auth/login', {
+                    'username': 'jrr.tolkien',
+                    'password': 'BAD PASSWORD'})
+            self.assertRC(response, 422)
 
             response = self.client.post(
                 '/api/auth/login', {
@@ -1072,7 +1082,7 @@ class AuthAPITest(TestAssertMixin, TransactionTestCase):
 
     @override_settings(
         PFX_TOKEN_SHORT_VALIDITY={'minutes': 30},
-        PFX_LOGIN_BAN_FAILED_NUMBER=1,
+        PFX_LOGIN_BAN_FAILED_NUMBER=2,
         PFX_LOGIN_BAN_SECONDS_START=30,
         PFX_LOGIN_BAN_SECONDS_STEP=60)
     def test_otp_login_ban(self):
@@ -1085,6 +1095,9 @@ class AuthAPITest(TestAssertMixin, TransactionTestCase):
             self.assertRC(response, 200)
             token = self.get_val(response, 'token')
 
+            response = self.client.post('/api/auth/otp/login', dict(
+                token=token, otp_code='-'))
+            self.assertRC(response, 422)
             response = self.client.post('/api/auth/otp/login', dict(
                 token=token, otp_code='-'))
             self.assertRC(response, 422)
@@ -1112,6 +1125,9 @@ class AuthAPITest(TestAssertMixin, TransactionTestCase):
             response = self.client.post('/api/auth/otp/login', dict(
                 token=token, otp_code='-'))
             self.assertRC(response, 422)
+            response = self.client.post('/api/auth/otp/login', dict(
+                token=token, otp_code='-'))
+            self.assertRC(response, 422)
 
             response = self.client.post('/api/auth/otp/login', dict(
                 token=token, otp_code='-'))

{django_pfx-1.4.dev40 → django_pfx-1.4.dev44}/tests/tests/test_settings.py

@@ -1,5 +1,3 @@
-from datetime import timedelta
-
 from django.core.exceptions import ImproperlyConfigured
 from django.test import TestCase, override_settings
 
@@ -20,4 +18,4 @@ class TestSettings(TestAssertMixin, TestCase):
             last_name='Test')
 
         with self.assertRaises(ImproperlyConfigured):
-            AuthenticationView()._prepare_token(user, timedelta())
+            AuthenticationView()._prepare_token(user)