PyPI - plain.auth - Versions diffs - 0.15.0__py3-none-any.whl → 0.17.0__py3-none-any.whl - Mend

plain.auth 0.15.0py3-none-any.whl → 0.17.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

plain/auth/CHANGELOG.md +22 -0
plain/auth/README.md +72 -17
plain/auth/sessions.py +1 -3
plain_auth-0.17.0.dist-info/METADATA +183 -0
{plain_auth-0.15.0.dist-info → plain_auth-0.17.0.dist-info}/RECORD +7 -7
plain_auth-0.15.0.dist-info/METADATA +0 -128
{plain_auth-0.15.0.dist-info → plain_auth-0.17.0.dist-info}/WHEEL +0 -0
{plain_auth-0.15.0.dist-info → plain_auth-0.17.0.dist-info}/licenses/LICENSE +0 -0

plain/auth/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,27 @@
 # plain-auth changelog
+## [0.17.0](https://github.com/dropseed/plain/releases/plain-auth@0.17.0) (2025-09-12)
+### What's changed
+- Model managers are now accessed via `.query` instead of `.objects` ([037a239](https://github.com/dropseed/plain/commit/037a239ef4))
+- Updated to require Python 3.13 minimum ([d86e307](https://github.com/dropseed/plain/commit/d86e307efb))
+### Upgrade instructions
+- Replace any usage of `Model.objects` with `Model.query` in your code (e.g., `User.objects.get()` becomes `User.query.get()`)
+## [0.16.0](https://github.com/dropseed/plain/releases/plain-auth@0.16.0) (2025-08-19)
+### What's changed
+- Removed automatic CSRF token rotation on login as part of CSRF system refactor using Sec-Fetch-Site headers ([9551508](https://github.com/dropseed/plain/commit/955150800c))
+- Updated README with improved documentation, examples, and better package description ([4ebecd1](https://github.com/dropseed/plain/commit/4ebecd1856))
+### Upgrade instructions
+- No changes required
 ## [0.15.0](https://github.com/dropseed/plain/releases/plain-auth@0.15.0) (2025-07-22)
 ### What's changed

plain/auth/README.md CHANGED Viewed

@@ -1,23 +1,53 @@
 # plain.auth
-Add users to your app and define which views they can access.
+**Add users to your app and decide what they can access.**
-To log a user in, you'll want to pair this package with:
+- [Overview](#overview)
+- [Authentication setup](#authentication-setup)
+    - [Settings configuration](#settings-configuration)
+    - [Creating a user model](#creating-a-user-model)
+    - [Login views](#login-views)
+- [Checking if a user is logged in](#checking-if-a-user-is-logged-in)
+- [Restricting views](#restricting-views)
+- [Installation](#installation)
-- `plain-passwords`
-- `plain-oauth`
-- `plain-passkeys` (TBD)
-- `plain-passlinks` (TBD)
+## Overview
-## Installation
+The `plain.auth` package provides user authentication and authorization for Plain applications. Here's a basic example of checking if a user is logged in:
+```python
+# In a view
+if request.user:
+    print(f"Hello, {request.user.email}!")
+else:
+    print("You are not logged in.")
+```
+And restricting a view to logged-in users:
+```python
+from plain.auth.views import AuthViewMixin
+from plain.views import View
+class ProfileView(AuthViewMixin, View):
+    login_required = True
+    def get(self):
+        return f"Welcome, {self.request.user.email}!"
+```
+## Authentication setup
+### Settings configuration
+Configure your authentication settings in `app/settings.py`:
 ```python
-# app/settings.py
 INSTALLED_PACKAGES = [
     # ...
     "plain.auth",
     "plain.sessions",
-    "plain.passwords",
+    "plain.passwords",  # Or another auth method
 ]
 MIDDLEWARE = [
@@ -29,7 +59,9 @@ AUTH_USER_MODEL = "users.User"
 AUTH_LOGIN_URL = "login"
 ```
-Create your own user model (`plain create users`).
+### Creating a user model
+Create your own user model using `plain create users` or manually:
 ```python
 # app/users/models.py
@@ -47,12 +79,21 @@ class User(models.Model):
         return self.email
 ```
-Define your URL/view where users can log in.
+### Login views
+To log users in, you'll need to pair this package with an authentication method:
+- `plain-passwords` - Username/password authentication
+- `plain-oauth` - OAuth provider authentication
+- `plain-passkeys` (TBD) - WebAuthn/passkey authentication
+- `plain-passlinks` (TBD) - Magic link authentication
+Example with password authentication:
 ```python
 # app/urls.py
-from plain.auth.views import LoginView, LogoutView
-from plain.urls import include, path
+from plain.auth.views import LogoutView
+from plain.urls import path
 from plain.passwords.views import PasswordLoginView
@@ -68,9 +109,9 @@ urlpatterns = [
 ## Checking if a user is logged in
-A `request.user` will either be `None` or point to an instance of a your `AUTH_USER_MODEL`.
+A `request.user` will either be `None` or point to an instance of your `AUTH_USER_MODEL`.
-So in templates you can do:
+In templates:
 ```html
 {% if request.user %}
@@ -80,7 +121,7 @@ So in templates you can do:
 {% endif %}
 ```
-Or in Python:
+In Python code:
 ```python
 if request.user:
@@ -91,7 +132,7 @@ else:
 ## Restricting views
-Use the `AuthViewMixin` to restrict views to logged in users, admin users, or custom logic.
+Use the [`AuthViewMixin`](./views.py#AuthViewMixin) to restrict views to logged-in users, admin users, or custom logic:
 ```python
 from plain.auth.views import AuthViewMixin
@@ -114,3 +155,17 @@ class CustomPermissionView(AuthViewMixin, View):
         if not self.request.user.is_special:
             raise PermissionDenied("You're not special!")
 ```
+The [`AuthViewMixin`](./views.py#AuthViewMixin) provides:
+- `login_required` - Requires a logged-in user
+- `admin_required` - Requires `user.is_admin` to be True
+- `check_auth()` - Override for custom authorization logic
+## Installation
+Install the `plain.auth` package from [PyPI](https://pypi.org/project/plain.auth/):
+```bash
+uv add plain.auth
+```

plain/auth/sessions.py CHANGED Viewed

@@ -1,4 +1,3 @@
-from plain.csrf.middleware import rotate_token
 from plain.exceptions import ImproperlyConfigured
 from plain.models import models_registry
 from plain.runtime import settings
@@ -76,7 +75,6 @@ def login(request, user):
     request.session[USER_HASH_SESSION_KEY] = session_auth_hash
     if hasattr(request, "user"):
         request.user = user
-    rotate_token(request)
 def logout(request):
@@ -117,7 +115,7 @@ def get_user(request):
     UserModel = get_user_model()
     try:
-        user = UserModel._default_manager.get(id=request.session[USER_ID_SESSION_KEY])
+        user = UserModel.query.get(id=request.session[USER_ID_SESSION_KEY])
     except UserModel.DoesNotExist:
         return None

plain_auth-0.17.0.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,183 @@
+Metadata-Version: 2.4
+Name: plain.auth
+Version: 0.17.0
+Summary: Add users to your app and decide what they can access.
+Author-email: Dave Gaeddert <dave.gaeddert@dropseed.dev>
+License-File: LICENSE
+Requires-Python: >=3.13
+Requires-Dist: plain-models<1.0.0
+Requires-Dist: plain-sessions<1.0.0
+Requires-Dist: plain<1.0.0
+Description-Content-Type: text/markdown
+# plain.auth
+**Add users to your app and decide what they can access.**
+- [Overview](#overview)
+- [Authentication setup](#authentication-setup)
+    - [Settings configuration](#settings-configuration)
+    - [Creating a user model](#creating-a-user-model)
+    - [Login views](#login-views)
+- [Checking if a user is logged in](#checking-if-a-user-is-logged-in)
+- [Restricting views](#restricting-views)
+- [Installation](#installation)
+## Overview
+The `plain.auth` package provides user authentication and authorization for Plain applications. Here's a basic example of checking if a user is logged in:
+```python
+# In a view
+if request.user:
+    print(f"Hello, {request.user.email}!")
+else:
+    print("You are not logged in.")
+```
+And restricting a view to logged-in users:
+```python
+from plain.auth.views import AuthViewMixin
+from plain.views import View
+class ProfileView(AuthViewMixin, View):
+    login_required = True
+    def get(self):
+        return f"Welcome, {self.request.user.email}!"
+```
+## Authentication setup
+### Settings configuration
+Configure your authentication settings in `app/settings.py`:
+```python
+INSTALLED_PACKAGES = [
+    # ...
+    "plain.auth",
+    "plain.sessions",
+    "plain.passwords",  # Or another auth method
+]
+MIDDLEWARE = [
+    "plain.sessions.middleware.SessionMiddleware",
+    "plain.auth.middleware.AuthenticationMiddleware",
+]
+AUTH_USER_MODEL = "users.User"
+AUTH_LOGIN_URL = "login"
+```
+### Creating a user model
+Create your own user model using `plain create users` or manually:
+```python
+# app/users/models.py
+from plain import models
+from plain.passwords.models import PasswordField
+class User(models.Model):
+    email = models.EmailField()
+    password = PasswordField()
+    is_admin = models.BooleanField(default=False)
+    created_at = models.DateTimeField(auto_now_add=True)
+    def __str__(self):
+        return self.email
+```
+### Login views
+To log users in, you'll need to pair this package with an authentication method:
+- `plain-passwords` - Username/password authentication
+- `plain-oauth` - OAuth provider authentication
+- `plain-passkeys` (TBD) - WebAuthn/passkey authentication
+- `plain-passlinks` (TBD) - Magic link authentication
+Example with password authentication:
+```python
+# app/urls.py
+from plain.auth.views import LogoutView
+from plain.urls import path
+from plain.passwords.views import PasswordLoginView
+class LoginView(PasswordLoginView):
+    template_name = "login.html"
+urlpatterns = [
+    path("logout/", LogoutView, name="logout"),
+    path("login/", LoginView, name="login"),
+]
+```
+## Checking if a user is logged in
+A `request.user` will either be `None` or point to an instance of your `AUTH_USER_MODEL`.
+In templates:
+```html
+{% if request.user %}
+    <p>Hello, {{ request.user.email }}!</p>
+{% else %}
+    <p>You are not logged in.</p>
+{% endif %}
+```
+In Python code:
+```python
+if request.user:
+    print(f"Hello, {request.user.email}!")
+else:
+    print("You are not logged in.")
+```
+## Restricting views
+Use the [`AuthViewMixin`](./views.py#AuthViewMixin) to restrict views to logged-in users, admin users, or custom logic:
+```python
+from plain.auth.views import AuthViewMixin
+from plain.exceptions import PermissionDenied
+from plain.views import View
+class LoggedInView(AuthViewMixin, View):
+    login_required = True
+class AdminOnlyView(AuthViewMixin, View):
+    login_required = True
+    admin_required = True
+class CustomPermissionView(AuthViewMixin, View):
+    def check_auth(self):
+        super().check_auth()
+        if not self.request.user.is_special:
+            raise PermissionDenied("You're not special!")
+```
+The [`AuthViewMixin`](./views.py#AuthViewMixin) provides:
+- `login_required` - Requires a logged-in user
+- `admin_required` - Requires `user.is_admin` to be True
+- `check_auth()` - Override for custom authorization logic
+## Installation
+Install the `plain.auth` package from [PyPI](https://pypi.org/project/plain.auth/):
+```bash
+uv add plain.auth
+```

{plain_auth-0.15.0.dist-info → plain_auth-0.17.0.dist-info}/RECORD RENAMED Viewed

@@ -1,13 +1,13 @@
-plain/auth/CHANGELOG.md,sha256=0P03xkDAmY9b6X2bnifK9ZRB0egyPEVhl8pFzB0VDhk,1174
-plain/auth/README.md,sha256=RJ8ry-ukLtLqcjRVAZ5cd1JgCr-JcUTi_9Kkg4kGmHc,2408
+plain/auth/CHANGELOG.md,sha256=1gj4LvlYaXd55IRraPNP9gBbWVa1mjc85kRJyy_KbgU,2162
+plain/auth/README.md,sha256=zPG1AY8pTREu0clHVZDul1fdnv2eqXhMOdwxlnE85sI,3998
 plain/auth/__init__.py,sha256=Id4ON6caLuZoZhu_kL6aMrwnN3Y8gPGVrVGs_V3ofAE,142
 plain/auth/default_settings.py,sha256=65VzDn3j61OMn78Lg6Zuds4A8QKzJJ_0G9KoFqAOIRo,466
 plain/auth/middleware.py,sha256=yiuJ6jg4PW5FpGFEzOzg5SLTjcheRTVPvo4NlmeBKws,1186
-plain/auth/sessions.py,sha256=6G9-DGzenzx5yjc6wf7_giPuCo7IqIyc5_n8GLHnFAA,5498
+plain/auth/sessions.py,sha256=ZVNHy_uqz74uJr54AqtlfgAWucCuIbtV6hwm_iMxMQQ,5414
 plain/auth/test.py,sha256=KfZSiX9S0p3AtCFAS4dUz4ctGIpOmLAGR-8nxAtM2TY,1163
 plain/auth/utils.py,sha256=eEON0Mo928l-aW5tqBuoTdVke8aP4majxVtAFoLroSE,1280
 plain/auth/views.py,sha256=_igztEBQKSM4CZro2lvlK0m01eIksqbmyux4w8gY1ks,4095
-plain_auth-0.15.0.dist-info/METADATA,sha256=pEpCQM-cGEihqHFhgPzDKxrO7uyKkaRiPCINdD0sUEA,2762
-plain_auth-0.15.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-plain_auth-0.15.0.dist-info/licenses/LICENSE,sha256=m0D5O7QoH9l5Vz_rrX_9r-C8d9UNr_ciK6Qwac7o6yo,3175
-plain_auth-0.15.0.dist-info/RECORD,,
+plain_auth-0.17.0.dist-info/METADATA,sha256=oQz9ux8GoKp4U-xt5eYfnAXbq-afrw2QO-XSx9DY1S0,4358
+plain_auth-0.17.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+plain_auth-0.17.0.dist-info/licenses/LICENSE,sha256=m0D5O7QoH9l5Vz_rrX_9r-C8d9UNr_ciK6Qwac7o6yo,3175
+plain_auth-0.17.0.dist-info/RECORD,,

plain_auth-0.15.0.dist-info/METADATA DELETED Viewed

@@ -1,128 +0,0 @@
-Metadata-Version: 2.4
-Name: plain.auth
-Version: 0.15.0
-Summary: User authentication and authorization for Plain.
-Author-email: Dave Gaeddert <dave.gaeddert@dropseed.dev>
-License-File: LICENSE
-Requires-Python: >=3.11
-Requires-Dist: plain-models<1.0.0
-Requires-Dist: plain-sessions<1.0.0
-Requires-Dist: plain<1.0.0
-Description-Content-Type: text/markdown
-# plain.auth
-Add users to your app and define which views they can access.
-To log a user in, you'll want to pair this package with:
-- `plain-passwords`
-- `plain-oauth`
-- `plain-passkeys` (TBD)
-- `plain-passlinks` (TBD)
-## Installation
-```python
-# app/settings.py
-INSTALLED_PACKAGES = [
-    # ...
-    "plain.auth",
-    "plain.sessions",
-    "plain.passwords",
-]
-MIDDLEWARE = [
-    "plain.sessions.middleware.SessionMiddleware",
-    "plain.auth.middleware.AuthenticationMiddleware",
-]
-AUTH_USER_MODEL = "users.User"
-AUTH_LOGIN_URL = "login"
-```
-Create your own user model (`plain create users`).
-```python
-# app/users/models.py
-from plain import models
-from plain.passwords.models import PasswordField
-class User(models.Model):
-    email = models.EmailField()
-    password = PasswordField()
-    is_admin = models.BooleanField(default=False)
-    created_at = models.DateTimeField(auto_now_add=True)
-    def __str__(self):
-        return self.email
-```
-Define your URL/view where users can log in.
-```python
-# app/urls.py
-from plain.auth.views import LoginView, LogoutView
-from plain.urls import include, path
-from plain.passwords.views import PasswordLoginView
-class LoginView(PasswordLoginView):
-    template_name = "login.html"
-urlpatterns = [
-    path("logout/", LogoutView, name="logout"),
-    path("login/", LoginView, name="login"),
-]
-```
-## Checking if a user is logged in
-A `request.user` will either be `None` or point to an instance of a your `AUTH_USER_MODEL`.
-So in templates you can do:
-```html
-{% if request.user %}
-    <p>Hello, {{ request.user.email }}!</p>
-{% else %}
-    <p>You are not logged in.</p>
-{% endif %}
-```
-Or in Python:
-```python
-if request.user:
-    print(f"Hello, {request.user.email}!")
-else:
-    print("You are not logged in.")
-```
-## Restricting views
-Use the `AuthViewMixin` to restrict views to logged in users, admin users, or custom logic.
-```python
-from plain.auth.views import AuthViewMixin
-from plain.exceptions import PermissionDenied
-from plain.views import View
-class LoggedInView(AuthViewMixin, View):
-    login_required = True
-class AdminOnlyView(AuthViewMixin, View):
-    login_required = True
-    admin_required = True
-class CustomPermissionView(AuthViewMixin, View):
-    def check_auth(self):
-        super().check_auth()
-        if not self.request.user.is_special:
-            raise PermissionDenied("You're not special!")
-```

{plain_auth-0.15.0.dist-info → plain_auth-0.17.0.dist-info}/WHEEL RENAMED Viewed

File without changes

{plain_auth-0.15.0.dist-info → plain_auth-0.17.0.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

plain.auth 0.15.0__py3-none-any.whl → 0.17.0__py3-none-any.whl

plain.auth 0.15.0py3-none-any.whl → 0.17.0py3-none-any.whl