mdb-engine 0.2.1__py3-none-any.whl → 0.2.4__py3-none-any.whl

mdb_engine/auth/shared_users.py

@@ -45,7 +45,7 @@ import logging
 import os
 import secrets
 from datetime import datetime, timedelta
-from typing import TYPE_CHECKING, Any, Dict, List, Optional
+from typing import TYPE_CHECKING, Any
 
 import bcrypt
 import jwt
@@ -114,8 +114,8 @@ class SharedUserPool:
     def __init__(
         self,
         mongo_db: AsyncIOMotorDatabase,
-        jwt_secret: Optional[str] = None,
-        jwt_public_key: Optional[str] = None,
+        jwt_secret: str | None = None,
+        jwt_public_key: str | None = None,
         jwt_algorithm: str = DEFAULT_JWT_ALGORITHM,
         token_expiry_hours: int = DEFAULT_TOKEN_EXPIRY_HOURS,
         allow_insecure_dev: bool = False,
@@ -285,9 +285,9 @@ class SharedUserPool:
         self,
         email: str,
         password: str,
-        app_roles: Optional[Dict[str, List[str]]] = None,
+        app_roles: dict[str, list[str]] | None = None,
         is_active: bool = True,
-    ) -> Dict[str, Any]:
+    ) -> dict[str, Any]:
         """
         Create a new shared user.
 
@@ -332,10 +332,10 @@ class SharedUserPool:
         self,
         email: str,
         password: str,
-        ip_address: Optional[str] = None,
-        fingerprint: Optional[str] = None,
-        session_binding: Optional[Dict[str, Any]] = None,
-    ) -> Optional[str]:
+        ip_address: str | None = None,
+        fingerprint: str | None = None,
+        session_binding: dict[str, Any] | None = None,
+    ) -> str | None:
         """
         Authenticate user and return JWT token.
 
@@ -390,7 +390,7 @@ class SharedUserPool:
         logger.info(f"User '{email}' authenticated successfully")
         return token
 
-    async def validate_token(self, token: str) -> Optional[Dict[str, Any]]:
+    async def validate_token(self, token: str) -> dict[str, Any] | None:
         """
         Validate JWT token and return user data.
 
@@ -547,7 +547,7 @@ class SharedUserPool:
         )
         logger.info(f"All tokens revoked for user {user_id}: {reason}")
 
-    async def get_user_by_email(self, email: str) -> Optional[Dict[str, Any]]:
+    async def get_user_by_email(self, email: str) -> dict[str, Any] | None:
         """Get user by email."""
         user = await self._collection.find_one({"email": email})
         if user:
@@ -558,7 +558,7 @@ class SharedUserPool:
         self,
         email: str,
         app_slug: str,
-        roles: List[str],
+        roles: list[str],
     ) -> bool:
         """
         Update a user's roles for a specific app.
@@ -638,10 +638,10 @@ class SharedUserPool:
 
     @staticmethod
     def user_has_role(
-        user: Dict[str, Any],
+        user: dict[str, Any],
         app_slug: str,
         required_role: str,
-        role_hierarchy: Optional[Dict[str, List[str]]] = None,
+        role_hierarchy: dict[str, list[str]] | None = None,
     ) -> bool:
         """
         Check if user has a required role for an app.
@@ -673,16 +673,16 @@ class SharedUserPool:
 
     @staticmethod
     def get_user_roles_for_app(
-        user: Dict[str, Any],
+        user: dict[str, Any],
         app_slug: str,
-    ) -> List[str]:
+    ) -> list[str]:
         """Get user's roles for a specific app."""
         return user.get("app_roles", {}).get(app_slug, [])
 
     def _generate_token(
         self,
-        user: Dict[str, Any],
-        extra_claims: Optional[Dict[str, Any]] = None,
+        user: dict[str, Any],
+        extra_claims: dict[str, Any] | None = None,
     ) -> str:
         """
         Generate JWT token for user with unique JTI for revocation support.
@@ -718,7 +718,7 @@ class SharedUserPool:
         return jwt.encode(payload, self._signing_key, algorithm=self._jwt_algorithm)
 
     @staticmethod
-    def _sanitize_user(user: Dict[str, Any]) -> Dict[str, Any]:
+    def _sanitize_user(user: dict[str, Any]) -> dict[str, Any]:
         """Remove sensitive fields from user document."""
         sanitized = dict(user)
         sanitized.pop("password_hash", None)
@@ -727,7 +727,7 @@ class SharedUserPool:
             sanitized["_id"] = str(sanitized["_id"])
         return sanitized
 
-    def get_secure_cookie_config(self, request: "Request") -> Dict[str, Any]:
+    def get_secure_cookie_config(self, request: "Request") -> dict[str, Any]:
         """
         Get secure cookie settings for auth tokens.
 

mdb_engine/auth/token_lifecycle.py

@@ -8,7 +8,7 @@ This module is part of MDB_ENGINE - MongoDB Engine.
 
 import logging
 from datetime import datetime
-from typing import Any, Dict, Optional
+from typing import Any
 
 from ..config import ACCESS_TOKEN_TTL as CONFIG_ACCESS_TTL
 from .jwt import extract_token_metadata
@@ -16,7 +16,7 @@ from .jwt import extract_token_metadata
 logger = logging.getLogger(__name__)
 
 
-def get_token_expiry_time(token: str, secret_key: str) -> Optional[datetime]:
+def get_token_expiry_time(token: str, secret_key: str) -> datetime | None:
     """
     Get the expiration time of a token.
 
@@ -31,7 +31,7 @@ def get_token_expiry_time(token: str, secret_key: str) -> Optional[datetime]:
         metadata = extract_token_metadata(token, secret_key)
         if metadata and metadata.get("exp"):
             exp_timestamp = metadata["exp"]
-            if isinstance(exp_timestamp, (int, float)):
+            if isinstance(exp_timestamp, int | float):
                 return datetime.utcfromtimestamp(exp_timestamp)
         return None
     except (ValueError, TypeError, AttributeError, KeyError) as e:
@@ -40,7 +40,7 @@ def get_token_expiry_time(token: str, secret_key: str) -> Optional[datetime]:
 
 
 def is_token_expiring_soon(
-    token: str, secret_key: str, threshold_seconds: Optional[int] = None
+    token: str, secret_key: str, threshold_seconds: int | None = None
 ) -> bool:
     """
     Check if a token is expiring soon.
@@ -68,9 +68,7 @@ def is_token_expiring_soon(
         return False
 
 
-def should_refresh_token(
-    token: str, secret_key: str, refresh_threshold: Optional[int] = None
-) -> bool:
+def should_refresh_token(token: str, secret_key: str, refresh_threshold: int | None = None) -> bool:
     """
     Determine if a token should be refreshed.
 
@@ -97,7 +95,7 @@ def should_refresh_token(
         return False
 
 
-def get_token_age(token: str, secret_key: str) -> Optional[float]:
+def get_token_age(token: str, secret_key: str) -> float | None:
     """
     Get the age of a token in seconds.
 
@@ -112,7 +110,7 @@ def get_token_age(token: str, secret_key: str) -> Optional[float]:
         metadata = extract_token_metadata(token, secret_key)
         if metadata and metadata.get("iat"):
             iat_timestamp = metadata["iat"]
-            if isinstance(iat_timestamp, (int, float)):
+            if isinstance(iat_timestamp, int | float):
                 issued_at = datetime.utcfromtimestamp(iat_timestamp)
                 age = (datetime.utcnow() - issued_at).total_seconds()
                 return age
@@ -122,7 +120,7 @@ def get_token_age(token: str, secret_key: str) -> Optional[float]:
         return None
 
 
-def get_time_until_expiry(token: str, secret_key: str) -> Optional[float]:
+def get_time_until_expiry(token: str, secret_key: str) -> float | None:
     """
     Get time until token expiry in seconds.
 
@@ -146,7 +144,7 @@ def get_time_until_expiry(token: str, secret_key: str) -> Optional[float]:
 
 
 def validate_token_version(
-    token: str, secret_key: str, required_version: Optional[str] = None
+    token: str, secret_key: str, required_version: str | None = None
 ) -> bool:
     """
     Validate token version compatibility.
@@ -177,7 +175,7 @@ def validate_token_version(
         return False
 
 
-def get_token_info(token: str, secret_key: str) -> Optional[Dict[str, Any]]:
+def get_token_info(token: str, secret_key: str) -> dict[str, Any] | None:
     """
     Get comprehensive token information.
 

mdb_engine/auth/token_store.py

@@ -8,7 +8,6 @@ This module is part of MDB_ENGINE - MongoDB Engine.
 
 import logging
 from datetime import datetime, timedelta
-from typing import Optional
 
 try:
     from pymongo.errors import (
@@ -79,9 +78,9 @@ class TokenBlacklist:
     async def revoke_token(
         self,
         jti: str,
-        user_id: Optional[str] = None,
-        expires_at: Optional[datetime] = None,
-        reason: Optional[str] = None,
+        user_id: str | None = None,
+        expires_at: datetime | None = None,
+        reason: str | None = None,
     ) -> bool:
         """
         Revoke a token by adding it to the blacklist.
@@ -161,7 +160,7 @@ class TokenBlacklist:
             # On error, assume not revoked (fail open for availability)
             return False
 
-    async def revoke_all_user_tokens(self, user_id: str, reason: Optional[str] = None) -> int:
+    async def revoke_all_user_tokens(self, user_id: str, reason: str | None = None) -> int:
         """
         Revoke all tokens for a specific user.
 

mdb_engine/auth/users.py

@@ -13,8 +13,9 @@ This module is part of MDB_ENGINE - MongoDB Engine.
 import logging
 import os
 import uuid
+from collections.abc import Awaitable, Callable
 from datetime import datetime, timedelta
-from typing import Any, Awaitable, Callable, Dict, List, Optional, Tuple
+from typing import Any
 
 import bcrypt
 import jwt
@@ -49,9 +50,9 @@ def _is_auth_route(request_path: str) -> bool:
 async def _get_app_user_config(
     request: Request,
     slug_id: str,
-    config: Optional[Dict[str, Any]],
-    get_app_config_func: Optional[Callable[[Request, str, Dict], Awaitable[Dict]]],
-) -> Optional[Dict[str, Any]]:
+    config: dict[str, Any] | None,
+    get_app_config_func: Callable[[Request, str, dict], Awaitable[dict]] | None,
+) -> dict[str, Any] | None:
     """Fetch and validate app user config."""
     if config is None:
         if not get_app_config_func:
@@ -72,7 +73,7 @@ async def _get_app_user_config(
     return config
 
 
-def _convert_user_id_to_objectid(user_id: Any) -> Tuple[Any, Optional[str]]:
+def _convert_user_id_to_objectid(user_id: Any) -> tuple[Any, str | None]:
     """
     Convert user_id to ObjectId if valid, otherwise keep as string.
 
@@ -104,7 +105,7 @@ def _convert_user_id_to_objectid(user_id: Any) -> Tuple[Any, Optional[str]]:
 
 async def _validate_and_decode_session_token(
     session_token: str, slug_id: str
-) -> Tuple[Optional[Dict[str, Any]], Optional[Exception]]:
+) -> tuple[dict[str, Any] | None, Exception | None]:
     """Validate and decode session token."""
     try:
         from .jwt import decode_jwt_token
@@ -135,9 +136,7 @@ async def _validate_and_decode_session_token(
         return None, e
 
 
-async def _fetch_app_user_from_db(
-    db, collection_name: str, user_id: Any
-) -> Optional[Dict[str, Any]]:
+async def _fetch_app_user_from_db(db, collection_name: str, user_id: Any) -> dict[str, Any] | None:
     """Fetch user from database."""
     # Use getattr for attribute access (works with both AppDB and ScopedMongoWrapper)
     collection = getattr(db, collection_name)
@@ -155,10 +154,10 @@ async def get_app_user(
     request: Request,
     slug_id: str,
     db,
-    config: Optional[Dict[str, Any]] = None,
+    config: dict[str, Any] | None = None,
     allow_demo_fallback: bool = False,
-    get_app_config_func: Optional[Callable[[Request, str, Dict], Awaitable[Dict]]] = None,
-) -> Optional[Dict[str, Any]]:
+    get_app_config_func: Callable[[Request, str, dict], Awaitable[dict]] | None = None,
+) -> dict[str, Any] | None:
     """
     Get app-level user from session cookie.
 
@@ -234,8 +233,8 @@ async def get_app_user(
 
 
 async def _try_demo_mode(
-    request: Request, slug_id: str, db, config: Dict[str, Any]
-) -> Optional[Dict[str, Any]]:
+    request: Request, slug_id: str, db, config: dict[str, Any]
+) -> dict[str, Any] | None:
     """
     Internal helper: Try to authenticate as demo user if demo mode is enabled.
 
@@ -318,9 +317,9 @@ async def create_app_session(
     request: Request,
     slug_id: str,
     user_id: str,
-    config: Optional[Dict[str, Any]] = None,
-    response: Optional[Response] = None,
-    get_app_config_func: Optional[Callable[[Request, str, Dict], Awaitable[Dict]]] = None,
+    config: dict[str, Any] | None = None,
+    response: Response | None = None,
+    get_app_config_func: Callable[[Request, str, dict], Awaitable[dict]] | None = None,
 ) -> str:
     """
     Create a app-specific session token and set cookie.
@@ -402,9 +401,9 @@ async def authenticate_app_user(
     db,
     email: str,
     password: str,
-    store_id: Optional[str] = None,
+    store_id: str | None = None,
     collection_name: str = "users",
-) -> Optional[Dict[str, Any]]:
+) -> dict[str, Any] | None:
     """
     Authenticate a user against app-specific users collection.
 
@@ -484,9 +483,9 @@ async def create_app_user(
     email: str,
     password: str,
     role: str = "user",
-    store_id: Optional[str] = None,
+    store_id: str | None = None,
     collection_name: str = "users",
-) -> Optional[Dict[str, Any]]:
+) -> dict[str, Any] | None:
     """
     Create a new user in app-specific users collection.
 
@@ -573,9 +572,9 @@ async def get_or_create_anonymous_user(
     request: Request,
     slug_id: str,
     db,
-    config: Optional[Dict[str, Any]] = None,
-    get_app_config_func: Optional[Callable[[Request, str, Dict], Awaitable[Dict]]] = None,
-) -> Optional[Dict[str, Any]]:
+    config: dict[str, Any] | None = None,
+    get_app_config_func: Callable[[Request, str, dict], Awaitable[dict]] | None = None,
+) -> dict[str, Any] | None:
     """
     Get or create an anonymous user for anonymous_session strategy.
 
@@ -640,7 +639,7 @@ async def get_or_create_anonymous_user(
     return user
 
 
-async def get_platform_demo_user(mongo_uri: str, db_name: str) -> Optional[Dict[str, Any]]:
+async def get_platform_demo_user(mongo_uri: str, db_name: str) -> dict[str, Any] | None:
     """
     Get platform demo user information from top-level database.
 
@@ -693,7 +692,7 @@ async def get_platform_demo_user(mongo_uri: str, db_name: str) -> Optional[Dict[
 
 async def _link_platform_demo_user(
     db, slug_id: str, collection_name: str, mongo_uri: str, db_name: str
-) -> Optional[Dict[str, Any]]:
+) -> dict[str, Any] | None:
     """Link platform demo user to app demo user."""
     import datetime
 
@@ -761,7 +760,7 @@ async def _link_platform_demo_user(
 
 def _validate_demo_user_config(
     demo_user_config: Any, slug_id: str
-) -> Tuple[Optional[Dict[str, Any]], Optional[str]]:
+) -> tuple[dict[str, Any] | None, str | None]:
     """Validate demo user configuration."""
     if not isinstance(demo_user_config, dict):
         return None, f"Invalid demo_user_config entry (not a dict): {demo_user_config}"
@@ -782,12 +781,12 @@ def _validate_demo_user_config(
 
 
 async def _resolve_demo_user_email_password(
-    email: Optional[str],
-    password: Optional[str],
-    mongo_uri: Optional[str],
-    db_name: Optional[str],
+    email: str | None,
+    password: str | None,
+    mongo_uri: str | None,
+    db_name: str | None,
     slug_id: str,
-) -> Tuple[Optional[str], Optional[str]]:
+) -> tuple[str | None, str | None]:
     """Resolve email and password from config or platform demo."""
     # If email not specified, try platform demo
     if not email:
@@ -834,11 +833,11 @@ async def _create_demo_user_from_config(
     email: str,
     password: str,
     role: str,
-    extra_data: Dict[str, Any],
+    extra_data: dict[str, Any],
     link_to_platform: bool,
-    mongo_uri: Optional[str],
-    db_name: Optional[str],
-) -> Optional[Dict[str, Any]]:
+    mongo_uri: str | None,
+    db_name: str | None,
+) -> dict[str, Any] | None:
     """Create a demo user from configuration."""
     import datetime
 
@@ -933,10 +932,10 @@ async def _create_demo_user_from_config(
 async def ensure_demo_users_exist(
     db,
     slug_id: str,
-    config: Optional[Dict[str, Any]] = None,
-    mongo_uri: Optional[str] = None,
-    db_name: Optional[str] = None,
-) -> List[Dict[str, Any]]:
+    config: dict[str, Any] | None = None,
+    mongo_uri: str | None = None,
+    db_name: str | None = None,
+) -> list[dict[str, Any]]:
     """
     Intelligently ensure demo users exist for a app based on manifest configuration.
 
@@ -1058,9 +1057,9 @@ async def get_or_create_demo_user_for_request(
     request: Request,
     slug_id: str,
     db,
-    config: Optional[Dict[str, Any]] = None,
-    get_app_config_func: Optional[Callable[[Request, str, Dict], Awaitable[Dict]]] = None,
-) -> Optional[Dict[str, Any]]:
+    config: dict[str, Any] | None = None,
+    get_app_config_func: Callable[[Request, str, dict], Awaitable[dict]] | None = None,
+) -> dict[str, Any] | None:
     """
     Get or create a demo user for the current request context.
 
@@ -1150,10 +1149,10 @@ async def get_or_create_demo_user_for_request(
 async def get_or_create_demo_user(
     db,
     slug_id: str,
-    config: Dict[str, Any],
-    mongo_uri: Optional[str] = None,
-    db_name: Optional[str] = None,
-) -> Optional[Dict[str, Any]]:
+    config: dict[str, Any],
+    mongo_uri: str | None = None,
+    db_name: str | None = None,
+) -> dict[str, Any] | None:
     """
     Get or create a demo user for an app.
 
@@ -1252,7 +1251,7 @@ async def get_or_create_demo_user(
 
 async def ensure_demo_users_for_actor(
     db, slug_id: str, mongo_uri: str, db_name: str
-) -> List[Dict[str, Any]]:
+) -> list[dict[str, Any]]:
     """
     Convenience function for actors to ensure demo users exist.
 
@@ -1351,10 +1350,10 @@ async def ensure_demo_users_for_actor(
 
 
 async def sync_app_user_to_casbin(
-    user: Dict[str, Any],
+    user: dict[str, Any],
     authz_provider,
-    role: Optional[str] = None,
-    app_slug: Optional[str] = None,
+    role: str | None = None,
+    app_slug: str | None = None,
 ) -> bool:
     """
     Sync app-level user to Casbin by assigning a role.
@@ -1428,7 +1427,7 @@ async def sync_app_user_to_casbin(
         return False
 
 
-def get_app_user_role(user: Dict[str, Any], config: Optional[Dict[str, Any]] = None) -> str:
+def get_app_user_role(user: dict[str, Any], config: dict[str, Any] | None = None) -> str:
     """
     Determine Casbin role for app-level user.
 

mdb_engine/auth/utils.py

@@ -11,7 +11,7 @@ import logging
 import re
 import uuid
 from datetime import datetime
-from typing import Any, Dict, List, Optional, Tuple
+from typing import Any
 
 import bcrypt
 from fastapi import Request, Response
@@ -43,7 +43,7 @@ def _detect_browser(user_agent: str) -> str:
     return "unknown"
 
 
-def _detect_os_and_device_type(user_agent: str) -> Tuple[str, str]:
+def _detect_os_and_device_type(user_agent: str) -> tuple[str, str]:
     """Detect OS and device type from user agent string."""
     if not user_agent:
         return "unknown", "desktop"
@@ -64,7 +64,7 @@ def _detect_os_and_device_type(user_agent: str) -> Tuple[str, str]:
     return "unknown", "desktop"
 
 
-def get_device_info(request: Request) -> Dict[str, Any]:
+def get_device_info(request: Request) -> dict[str, Any]:
     """
     Extract device information from request.
 
@@ -236,15 +236,15 @@ async def check_password_breach(password: str) -> bool:
 
 def validate_password_strength(
     password: str,
-    min_length: Optional[int] = None,
-    require_uppercase: Optional[bool] = None,
-    require_lowercase: Optional[bool] = None,
-    require_numbers: Optional[bool] = None,
-    require_special: Optional[bool] = None,
-    min_entropy_bits: Optional[int] = None,
-    check_common_passwords: Optional[bool] = None,
-    config: Optional[Dict[str, Any]] = None,
-) -> Tuple[bool, List[str]]:
+    min_length: int | None = None,
+    require_uppercase: bool | None = None,
+    require_lowercase: bool | None = None,
+    require_numbers: bool | None = None,
+    require_special: bool | None = None,
+    min_entropy_bits: int | None = None,
+    check_common_passwords: bool | None = None,
+    config: dict[str, Any] | None = None,
+) -> tuple[bool, list[str]]:
     """
     Validate password strength with configurable rules.
 
@@ -338,9 +338,9 @@ def validate_password_strength(
 
 async def validate_password_strength_async(
     password: str,
-    config: Optional[Dict[str, Any]] = None,
-    check_breaches: Optional[bool] = None,
-) -> Tuple[bool, List[str]]:
+    config: dict[str, Any] | None = None,
+    check_breaches: bool | None = None,
+) -> tuple[bool, list[str]]:
     """
     Async version of validate_password_strength with breach checking.
 
@@ -404,10 +404,10 @@ async def login_user(
     email: str,
     password: str,
     db,
-    config: Optional[Dict[str, Any]] = None,
+    config: dict[str, Any] | None = None,
     remember_me: bool = False,
-    redirect_url: Optional[str] = None,
-) -> Dict[str, Any]:
+    redirect_url: str | None = None,
+) -> dict[str, Any]:
     """
     Handle user login with automatic token generation and cookie setting.
 
@@ -571,8 +571,8 @@ def _validate_email_format(email: str) -> bool:
 
 
 def _get_password_policy_from_config(
-    request: Request, config: Optional[Dict[str, Any]]
-) -> Optional[Dict[str, Any]]:
+    request: Request, config: dict[str, Any] | None
+) -> dict[str, Any] | None:
     """Get password policy from config or request."""
     if config:
         security = config.get("security", {})
@@ -585,8 +585,8 @@ def _get_password_policy_from_config(
 
 
 async def _create_user_document(
-    email: str, password: str, extra_data: Optional[Dict[str, Any]]
-) -> Dict[str, Any]:
+    email: str, password: str, extra_data: dict[str, Any] | None
+) -> dict[str, Any]:
     """Create user document with hashed password."""
     password_hash = bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt())
     user_doc = {
@@ -600,9 +600,7 @@ async def _create_user_document(
     return user_doc
 
 
-def _create_registration_response(
-    user_doc: Dict[str, Any], redirect_url: Optional[str]
-) -> Response:
+def _create_registration_response(user_doc: dict[str, Any], redirect_url: str | None) -> Response:
     """Create response for registration."""
     if redirect_url:
         return RedirectResponse(url=redirect_url, status_code=302)
@@ -622,10 +620,10 @@ async def register_user(
     email: str,
     password: str,
     db,
-    config: Optional[Dict[str, Any]] = None,
-    extra_data: Optional[Dict[str, Any]] = None,
-    redirect_url: Optional[str] = None,
-) -> Dict[str, Any]:
+    config: dict[str, Any] | None = None,
+    extra_data: dict[str, Any] | None = None,
+    redirect_url: str | None = None,
+) -> dict[str, Any]:
     """
     Handle user registration with automatic token generation.
 
@@ -710,7 +708,7 @@ async def register_user(
         return {"success": False, "error": "Registration failed. Please try again."}
 
 
-async def _get_user_id_from_request(request: Request, user_id: Optional[str]) -> Optional[str]:
+async def _get_user_id_from_request(request: Request, user_id: str | None) -> str | None:
     """Extract user_id from request if not provided."""
     if user_id:
         return user_id
@@ -773,9 +771,7 @@ async def _revoke_session(request: Request) -> None:
             await session_mgr.revoke_session_by_refresh_token(refresh_jti)
 
 
-async def logout_user(
-    request: Request, response: Response, user_id: Optional[str] = None
-) -> Response:
+async def logout_user(request: Request, response: Response, user_id: str | None = None) -> Response:
     """
     Handle user logout with token revocation and cookie clearing.