PyPI - plain.auth - Versions diffs - 0.13.0__tar.gz → 0.15.0__tar.gz - Mend

plain.auth 0.13.0tar.gz → 0.15.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

{plain_auth-0.13.0 → plain_auth-0.15.0}/.gitignore RENAMED Viewed

@@ -4,7 +4,6 @@
 *.py[co]
 __pycache__
 *.DS_Store
-.coverage
 # Test apps
 plain*/tests/.plain
@@ -16,3 +15,5 @@ plain*/tests/.plain
 # Plain temp dirs
 .plain
+.vscode

{plain_auth-0.13.0 → plain_auth-0.15.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plain.auth
-Version: 0.13.0
+Version: 0.15.0
 Summary: User authentication and authorization for Plain.
 Author-email: Dave Gaeddert <dave.gaeddert@dropseed.dev>
 License-File: LICENSE

plain_auth-0.15.0/plain/auth/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,32 @@
+# plain-auth changelog
+## [0.15.0](https://github.com/dropseed/plain/releases/plain-auth@0.15.0) (2025-07-22)
+### What's changed
+- Replaced `pk` field references with `id` field references in session management ([4b8fa6a](https://github.com/dropseed/plain/commit/4b8fa6aef1))
+- Simplified user ID handling in sessions by using direct integer storage instead of field serialization ([4b8fa6a](https://github.com/dropseed/plain/commit/4b8fa6aef1))
+### Upgrade instructions
+- No changes required
+## [0.14.0](https://github.com/dropseed/plain/releases/plain-auth@0.14.0) (2025-07-18)
+### What's changed
+- Added OpenTelemetry tracing support with automatic user ID attribute setting in auth middleware ([b0224d0](https://github.com/dropseed/plain/commit/b0224d0418))
+### Upgrade instructions
+- No changes required
+## [0.13.0](https://github.com/dropseed/plain/releases/plain-auth@0.13.0) (2025-06-23)
+### What's changed
+- Added `login_client` and `logout_client` helpers to `plain.auth.test` for easily logging users in and out of the Django test client ([eb8a023](https://github.com/dropseed/plain/commit/eb8a023)).
+### Upgrade instructions
+- No changes required

{plain_auth-0.13.0 → plain_auth-0.15.0}/plain/auth/middleware.py RENAMED Viewed

@@ -1,3 +1,6 @@
+from opentelemetry import trace
+from opentelemetry.semconv._incubating.attributes.user_attributes import USER_ID
 from plain import auth
 from plain.exceptions import ImproperlyConfigured
 from plain.utils.functional import SimpleLazyObject
@@ -6,6 +9,8 @@ from plain.utils.functional import SimpleLazyObject
 def get_user(request):
     if not hasattr(request, "_cached_user"):
         request._cached_user = auth.get_user(request)
+        if request._cached_user:
+            trace.get_current_span().set_attribute(USER_ID, request._cached_user.id)
     return request._cached_user

{plain_auth-0.13.0 → plain_auth-0.15.0}/plain/auth/sessions.py RENAMED Viewed

@@ -8,12 +8,6 @@ USER_ID_SESSION_KEY = "_auth_user_id"
 USER_HASH_SESSION_KEY = "_auth_user_hash"
-def _get_user_id_from_session(request):
-    # This value in the session is always serialized to a string, so we need
-    # to convert it back to Python whenever we access it.
-    return get_user_model()._meta.pk.to_python(request.session[USER_ID_SESSION_KEY])
 def get_session_auth_hash(user):
     """
     Return an HMAC of the password field.
@@ -62,7 +56,7 @@ def login(request, user):
         session_auth_hash = ""
     if USER_ID_SESSION_KEY in request.session:
-        if _get_user_id_from_session(request) != user.pk:
+        if int(request.session[USER_ID_SESSION_KEY]) != user.id:
             # To avoid reusing another user's session, create a new, empty
             # session if the existing session corresponds to a different
             # authenticated user.
@@ -78,7 +72,7 @@ def login(request, user):
         # typically done after user login to prevent session fixation attacks.
         request.session.cycle_key()
-    request.session[USER_ID_SESSION_KEY] = user._meta.pk.value_to_string(user)
+    request.session[USER_ID_SESSION_KEY] = user.id
     request.session[USER_HASH_SESSION_KEY] = session_auth_hash
     if hasattr(request, "user"):
         request.user = user
@@ -121,11 +115,9 @@ def get_user(request):
     if USER_ID_SESSION_KEY not in request.session:
         return None
-    user_id = _get_user_id_from_session(request)
     UserModel = get_user_model()
     try:
-        user = UserModel._default_manager.get(pk=user_id)
+        user = UserModel._default_manager.get(id=request.session[USER_ID_SESSION_KEY])
     except UserModel.DoesNotExist:
         return None

{plain_auth-0.13.0 → plain_auth-0.15.0}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "plain.auth"
-version = "0.13.0"
+version = "0.15.0"
 description = "User authentication and authorization for Plain."
 authors = [{name = "Dave Gaeddert", email = "dave.gaeddert@dropseed.dev"}]
 readme = "README.md"
@@ -13,6 +13,11 @@ dependencies = [
     "plain.sessions<1.0.0",
 ]
+[tool.uv]
+dev-dependencies = [
+    "plain.pytest<1.0.0",
+]
 [tool.hatch.build.targets.wheel]
 packages = ["plain"]

plain_auth-0.15.0/tests/app/settings.py ADDED Viewed

@@ -0,0 +1,14 @@
+SECRET_KEY = "test"
+URLS_ROUTER = "app.urls.AppRouter"
+INSTALLED_PACKAGES = [
+    "plain.auth",
+    "plain.sessions",
+    "plain.models",
+    "app.users",
+]
+MIDDLEWARE = [
+    "plain.sessions.middleware.SessionMiddleware",
+    "plain.auth.middleware.AuthenticationMiddleware",
+]
+AUTH_LOGIN_URL = "login"
+AUTH_USER_MODEL = "users.User"

plain_auth-0.15.0/tests/app/urls.py ADDED Viewed

@@ -0,0 +1,45 @@
+from plain.auth.views import AuthViewMixin
+from plain.urls import Router, path
+from plain.views import View
+class LoginView(View):
+    def get(self):
+        return "login"
+class ProtectedView(AuthViewMixin, View):
+    def get(self):
+        return "protected"
+class OpenView(AuthViewMixin, View):
+    login_required = False
+    def get(self):
+        return "open"
+class AdminView(AuthViewMixin, View):
+    admin_required = True
+    def get(self):
+        return "admin"
+class NoLoginUrlView(AuthViewMixin, View):
+    login_url = None
+    def get(self):
+        return "none"
+class AppRouter(Router):
+    namespace = ""
+    urls = [
+        path("login/", LoginView, name="login"),
+        path("protected/", ProtectedView, name="protected"),
+        path("open/", OpenView, name="open"),
+        path("admin/", AdminView, name="admin"),
+        path("nolink/", NoLoginUrlView, name="nolink"),
+    ]

plain_auth-0.15.0/tests/app/users/migrations/0001_initial.py ADDED Viewed

@@ -0,0 +1,21 @@
+# Generated by Plain 0.21.5 on 2025-02-17 04:12
+from plain import models
+from plain.models import migrations
+class Migration(migrations.Migration):
+    initial = True
+    dependencies = []
+    operations = [
+        migrations.CreateModel(
+            name="User",
+            fields=[
+                ("id", models.PrimaryKeyField()),
+                ("username", models.CharField(max_length=255)),
+                ("is_admin", models.BooleanField(default=False)),
+            ],
+        ),
+    ]

plain_auth-0.15.0/tests/app/users/migrations/__init__.py ADDED Viewed

File without changes

plain_auth-0.15.0/tests/app/users/models.py ADDED Viewed

@@ -0,0 +1,7 @@
+from plain import models
+@models.register_model
+class User(models.Model):
+    username = models.CharField(max_length=255)
+    is_admin = models.BooleanField(default=False)

plain_auth-0.15.0/tests/test_views.py ADDED Viewed

@@ -0,0 +1,41 @@
+from plain.auth import get_user_model
+from plain.test import Client
+def test_login_required_redirect(db):
+    client = Client()
+    response = client.get("/protected/")
+    assert response.status_code == 302
+    assert response.url == "/login/?next=/protected/"
+def test_view_without_login_required(db):
+    client = Client()
+    response = client.get("/open/")
+    assert response.status_code == 200
+    assert response.content == b"open"
+    assert response.headers["Cache-Control"] == "private"
+def test_admin_required(db):
+    client = Client()
+    # login required first
+    assert client.get("/admin/").status_code == 302
+    user = get_user_model().objects.create(username="user")
+    client.force_login(user)
+    # not admin -> 404
+    assert client.get("/admin/").status_code == 404
+    user.is_admin = True
+    user.save()
+    # now admin -> success
+    resp = client.get("/admin/")
+    assert resp.status_code == 200
+    assert resp.content == b"admin"
+def test_no_login_url_forbidden(db):
+    client = Client()
+    response = client.get("/nolink/")
+    assert response.status_code == 403

plain_auth-0.13.0/plain/auth/CHANGELOG.md DELETED Viewed

@@ -1,11 +0,0 @@
-# plain-auth changelog
-## [0.13.0](https://github.com/dropseed/plain/releases/plain-auth@0.13.0) (2025-06-23)
-### What's changed
-- Added `login_client` and `logout_client` helpers to `plain.auth.test` for easily logging users in and out of the Django test client ([eb8a023](https://github.com/dropseed/plain/commit/eb8a023)).
-### Upgrade instructions
-- No changes required