plain 0.16.1__tar.gz → 0.18.0__tar.gz

{plain-0.16.1 → plain-0.18.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plain
-Version: 0.16.1
+Version: 0.18.0
 Summary: A web framework for building products with Python.
 Author-email: Dave Gaeddert <dave.gaeddert@dropseed.dev>
 License-File: LICENSE

{plain-0.16.1 → plain-0.18.0}/plain/csrf/middleware.py

@@ -180,6 +180,9 @@ class CsrfViewMiddleware:
                 # saved anyways.
                 request.META["CSRF_COOKIE"] = csrf_secret
 
+        if csrf_response := self._get_csrf_response(request):
+            return csrf_response
+
         response = self.get_response(request)
 
         if request.META.get("CSRF_COOKIE_NEEDS_UPDATE"):
@@ -395,23 +398,16 @@ class CsrfViewMiddleware:
             reason = self._bad_token_message("incorrect", token_source)
             raise RejectRequest(reason)
 
-    def process_view(self, request, callback, callback_args, callback_kwargs):
+    def _get_csrf_response(self, request):
         # Wait until request.META["CSRF_COOKIE"] has been manipulated before
         # bailing out, so that get_token still works
-        if getattr(callback, "csrf_exempt", False):
+        if getattr(request, "csrf_exempt", True):
             return None
 
         # Assume that anything not defined as 'safe' by RFC 9110 needs protection
         if request.method in ("GET", "HEAD", "OPTIONS", "TRACE"):
             return None
 
-        if getattr(request, "_dont_enforce_csrf_checks", False):
-            # Mechanism to turn off CSRF checks for test suite. It comes after
-            # the creation of CSRF cookies, so that everything else continues
-            # to work exactly the same (e.g. cookies are sent, etc.), but
-            # before any branches that call the _reject method.
-            return None
-
         # Reject the request if the Origin header doesn't match an allowed
         # value.
         if "HTTP_ORIGIN" in request.META:

plain-0.18.0/plain/csrf/views.py

@@ -0,0 +1,31 @@
+from plain.views import TemplateView
+
+
+class CsrfFailureView(TemplateView):
+    template_name = "403.html"
+
+    def get_response(self):
+        response = super().get_response()
+        response.status_code = 403
+        return response
+
+    def post(self):
+        return self.get()
+
+    def put(self):
+        return self.get()
+
+    def patch(self):
+        return self.get()
+
+    def delete(self):
+        return self.get()
+
+    def head(self):
+        return self.get()
+
+    def options(self):
+        return self.get()
+
+    def trace(self):
+        return self.get()

{plain-0.16.1 → plain-0.18.0}/plain/http/response.py

@@ -187,27 +187,6 @@ class ResponseBase:
             else ""
         )
 
-    def __setitem__(self, header, value):
-        self.headers[header] = value
-
-    def __delitem__(self, header):
-        del self.headers[header]
-
-    def __getitem__(self, header):
-        return self.headers[header]
-
-    def has_header(self, header):
-        """Case-insensitive check for a header."""
-        return header in self.headers
-
-    __contains__ = has_header
-
-    def items(self):
-        return self.headers.items()
-
-    def get(self, header, alternate=None):
-        return self.headers.get(header, alternate)
-
     def set_cookie(
         self,
         key,
@@ -272,10 +251,6 @@ class ResponseBase:
                 raise ValueError('samesite must be "lax", "none", or "strict".')
             self.cookies[key]["samesite"] = samesite
 
-    def setdefault(self, key, value):
-        """Set a header unless it has already been set."""
-        self.headers.setdefault(key, value)
-
     def set_signed_cookie(self, key, value, salt="", **kwargs):
         value = signing.get_cookie_signer(salt=key + salt).sign(value)
         return self.set_cookie(key, value, **kwargs)
@@ -587,14 +562,14 @@ class ResponseRedirectBase(Response):
 
     def __init__(self, redirect_to, *args, **kwargs):
         super().__init__(*args, **kwargs)
-        self["Location"] = iri_to_uri(redirect_to)
+        self.headers["Location"] = iri_to_uri(redirect_to)
         parsed = urlparse(str(redirect_to))
         if parsed.scheme and parsed.scheme not in self.allowed_schemes:
             raise DisallowedRedirect(
                 f"Unsafe redirect to URL with protocol '{parsed.scheme}'"
             )
 
-    url = property(lambda self: self["Location"])
+    url = property(lambda self: self.headers["Location"])
 
     def __repr__(self):
         return (
@@ -627,7 +602,7 @@ class ResponseNotModified(Response):
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
-        del self["content-type"]
+        del self.headers["content-type"]
 
     @Response.content.setter
     def content(self, value):
@@ -663,14 +638,14 @@ class ResponseNotAllowed(Response):
 
     def __init__(self, permitted_methods, *args, **kwargs):
         super().__init__(*args, **kwargs)
-        self["Allow"] = ", ".join(permitted_methods)
+        self.headers["Allow"] = ", ".join(permitted_methods)
 
     def __repr__(self):
         return "<%(cls)s [%(methods)s] status_code=%(status_code)d%(content_type)s>" % {  # noqa: UP031
             "cls": self.__class__.__name__,
             "status_code": self.status_code,
             "content_type": self._content_type_for_repr,
-            "methods": self["Allow"],
+            "methods": self.headers["Allow"],
         }
 
 

{plain-0.16.1 → plain-0.18.0}/plain/internal/handlers/base.py

@@ -23,7 +23,6 @@ BUILTIN_MIDDLEWARE = [
 
 
 class BaseHandler:
-    _view_middleware = None
     _middleware_chain = None
 
     def load_middleware(self):
@@ -32,8 +31,6 @@ class BaseHandler:
 
         Must be called after the environment is fixed (see __call__ in subclasses).
         """
-        self._view_middleware = []
-
         get_response = self._get_response
         handler = convert_exception_to_response(get_response)
 
@@ -48,12 +45,6 @@ class BaseHandler:
                     f"Middleware factory {middleware_path} returned None."
                 )
 
-            if hasattr(mw_instance, "process_view"):
-                self._view_middleware.insert(
-                    0,
-                    mw_instance.process_view,
-                )
-
             handler = convert_exception_to_response(mw_instance)
 
         # We only assign to this when initialization is complete as it is used
@@ -82,19 +73,9 @@ class BaseHandler:
         template_response middleware. This method is everything that happens
         inside the request/response middleware.
         """
-        response = None
         callback, callback_args, callback_kwargs = self.resolve_request(request)
 
-        # Apply view middleware
-        for middleware_method in self._view_middleware:
-            response = middleware_method(
-                request, callback, callback_args, callback_kwargs
-            )
-            if response:
-                break
-
-        if response is None:
-            response = callback(request, *callback_args, **callback_kwargs)
+        response = callback(request, *callback_args, **callback_kwargs)
 
         # Complain if the view returned None (a common error).
         self.check_response(response, callback)

{plain-0.16.1 → plain-0.18.0}/plain/internal/handlers/wsgi.py

@@ -140,7 +140,7 @@ class WSGIHandler(base.BaseHandler):
 
         status = "%d %s" % (response.status_code, response.reason_phrase)  # noqa: UP031
         response_headers = [
-            *response.items(),
+            *response.headers.items(),
             *(("Set-Cookie", c.output(header="")) for c in response.cookies.values()),
         ]
         start_response(status, response_headers)

{plain-0.16.1 → plain-0.18.0}/plain/internal/middleware/headers.py

@@ -19,7 +19,7 @@ class DefaultHeadersMiddleware:
 
         # Add the Content-Length header to non-streaming responses if not
         # already set.
-        if not response.streaming and not response.has_header("Content-Length"):
+        if not response.streaming and "Content-Length" not in response.headers:
             response.headers["Content-Length"] = str(len(response.content))
 
         return response

{plain-0.16.1 → plain-0.18.0}/plain/test/client.py

@@ -177,7 +177,7 @@ class ClientHandler(BaseHandler):
         # CsrfViewMiddleware.  This makes life easier, and is probably
         # required for backwards compatibility with external tests against
         # admin views.
-        request._dont_enforce_csrf_checks = not self.enforce_csrf_checks
+        request.csrf_exempt = not self.enforce_csrf_checks
 
         # Request goes through middleware.
         response = self.get_response(request)
@@ -615,10 +615,10 @@ class ClientMixin:
 
     def _parse_json(self, response, **extra):
         if not hasattr(response, "_json"):
-            if not JSON_CONTENT_TYPE_RE.match(response.get("Content-Type")):
+            if not JSON_CONTENT_TYPE_RE.match(response.headers.get("Content-Type")):
                 raise ValueError(
                     'Content-Type header is "{}", not "application/json"'.format(
-                        response.get("Content-Type")
+                        response.headers.get("Content-Type")
                     )
                 )
             response._json = json.loads(

{plain-0.16.1 → plain-0.18.0}/plain/utils/cache.py

@@ -55,7 +55,7 @@ def patch_cache_control(response, **kwargs):
             return f"{t[0]}={t[1]}"
 
     cc = defaultdict(set)
-    if response.get("Cache-Control"):
+    if response.headers.get("Cache-Control"):
         for field in cc_delim_re.split(response.headers["Cache-Control"]):
             directive, value = dictitem(field)
             if directive == "no-cache":
@@ -102,7 +102,7 @@ def get_max_age(response):
     Return the max-age from the response Cache-Control header as an integer,
     or None if it wasn't found or wasn't an integer.
     """
-    if not response.has_header("Cache-Control"):
+    if "Cache-Control" not in response.headers:
         return
     cc = dict(
         _to_tuple(el) for el in cc_delim_re.split(response.headers["Cache-Control"])
@@ -146,7 +146,7 @@ def _not_modified(request, response=None):
             "Last-Modified",
             "Vary",
         ):
-            if header in response:
+            if header in response.headers:
                 new_response.headers[header] = response.headers[header]
 
         # Preserve cookies as per the cookie specification: "If a proxy server
@@ -278,7 +278,7 @@ def patch_response_headers(response, cache_timeout=None):
         cache_timeout = settings.CACHE_MIDDLEWARE_SECONDS
     if cache_timeout < 0:
         cache_timeout = 0  # Can't have max-age negative
-    if not response.has_header("Expires"):
+    if "Expires" not in response.headers:
         response.headers["Expires"] = http_date(time.time() + cache_timeout)
     patch_cache_control(response, max_age=cache_timeout)
 
@@ -303,7 +303,7 @@ def patch_vary_headers(response, newheaders):
     # Note that we need to keep the original order intact, because cache
     # implementations may rely on the order of the Vary contents in, say,
     # computing an MD5 hash.
-    if response.has_header("Vary"):
+    if "Vary" in response.headers:
         vary_headers = cc_delim_re.split(response.headers["Vary"])
     else:
         vary_headers = []

plain-0.18.0/plain/utils/decorators.py

@@ -0,0 +1,10 @@
+"Functions that help with dynamically creating decorators for views."
+
+
+class classonlymethod(classmethod):
+    def __get__(self, instance, cls=None):
+        if instance is not None:
+            raise AttributeError(
+                "This method is available only on the class, not on instances."
+            )
+        return super().__get__(instance, cls)

{plain-0.16.1 → plain-0.18.0}/plain/views/base.py

@@ -19,6 +19,18 @@ class View:
     url_args: tuple
     url_kwargs: dict
 
+    # By default, any of these are allowed if a method is defined for it.
+    allowed_http_methods = [
+        "get",
+        "post",
+        "put",
+        "patch",
+        "delete",
+        "head",
+        "options",
+        "trace",
+    ]
+
     def __init__(self, *args, **kwargs) -> None:
         # Views can customize their init, which receives
         # the args and kwargs from as_view()
@@ -42,9 +54,6 @@ class View:
             except ResponseException as e:
                 return e.response
 
-        # Copy possible attributes set by decorators, e.g. @csrf_exempt, from
-        # the dispatch method.
-        view.__dict__.update(cls.get_response.__dict__)
         view.view_class = cls
 
         return view
@@ -57,7 +66,7 @@ class View:
 
         handler = getattr(self, self.request.method.lower(), None)
 
-        if not handler:
+        if not handler or self.request.method.lower() not in self.allowed_http_methods:
             logger.warning(
                 "Method Not Allowed (%s): %s",
                 self.request.method,
@@ -100,14 +109,4 @@ class View:
         return response
 
     def _allowed_methods(self) -> list[str]:
-        known_http_method_names = [
-            "get",
-            "post",
-            "put",
-            "patch",
-            "delete",
-            "head",
-            "options",
-            "trace",
-        ]
-        return [m.upper() for m in known_http_method_names if hasattr(self, m)]
+        return [m.upper() for m in self.allowed_http_methods if hasattr(self, m)]

plain-0.18.0/plain/views/csrf.py

@@ -0,0 +1,4 @@
+class CsrfExemptViewMixin:
+    def setup(self, *args, **kwargs):
+        super().setup(*args, **kwargs)
+        self.request.csrf_exempt = True

{plain-0.16.1 → plain-0.18.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "plain"
-version = "0.16.1"
+version = "0.18.0"
 description = "A web framework for building products with Python."
 authors = [{name = "Dave Gaeddert", email = "dave.gaeddert@dropseed.dev"}]
 readme = "README.md"

{plain-0.16.1 → plain-0.18.0}/uv.lock

@@ -102,7 +102,7 @@ wheels = [
 
 [[package]]
 name = "plain"
-version = "0.16.1"
+version = "0.17.0"
 source = { editable = "." }
 dependencies = [
     { name = "click" },

plain-0.16.1/plain/csrf/views.py

@@ -1,10 +0,0 @@
-from plain.views import TemplateView
-
-
-class CsrfFailureView(TemplateView):
-    template_name = "403.html"
-
-    def get(self):
-        response = super().get()
-        response.status_code = 403
-        return response

plain-0.16.1/plain/utils/decorators.py

@@ -1,90 +0,0 @@
-"Functions that help with dynamically creating decorators for views."
-
-from functools import partial, update_wrapper, wraps
-
-
-class classonlymethod(classmethod):
-    def __get__(self, instance, cls=None):
-        if instance is not None:
-            raise AttributeError(
-                "This method is available only on the class, not on instances."
-            )
-        return super().__get__(instance, cls)
-
-
-def _update_method_wrapper(_wrapper, decorator):
-    # _multi_decorate()'s bound_method isn't available in this scope. Cheat by
-    # using it on a dummy function.
-    @decorator
-    def dummy(*args, **kwargs):
-        pass
-
-    update_wrapper(_wrapper, dummy)
-
-
-def _multi_decorate(decorators, method):
-    """
-    Decorate `method` with one or more function decorators. `decorators` can be
-    a single decorator or an iterable of decorators.
-    """
-    if hasattr(decorators, "__iter__"):
-        # Apply a list/tuple of decorators if 'decorators' is one. Decorator
-        # functions are applied so that the call order is the same as the
-        # order in which they appear in the iterable.
-        decorators = decorators[::-1]
-    else:
-        decorators = [decorators]
-
-    def _wrapper(self, *args, **kwargs):
-        # bound_method has the signature that 'decorator' expects i.e. no
-        # 'self' argument, but it's a closure over self so it can call
-        # 'func'. Also, wrap method.__get__() in a function because new
-        # attributes can't be set on bound method objects, only on functions.
-        bound_method = wraps(method)(partial(method.__get__(self, type(self))))
-        for dec in decorators:
-            bound_method = dec(bound_method)
-        return bound_method(*args, **kwargs)
-
-    # Copy any attributes that a decorator adds to the function it decorates.
-    for dec in decorators:
-        _update_method_wrapper(_wrapper, dec)
-    # Preserve any existing attributes of 'method', including the name.
-    update_wrapper(_wrapper, method)
-    return _wrapper
-
-
-def method_decorator(decorator, name=""):
-    """
-    Convert a function decorator into a method decorator
-    """
-
-    # 'obj' can be a class or a function. If 'obj' is a function at the time it
-    # is passed to _dec,  it will eventually be a method of the class it is
-    # defined on. If 'obj' is a class, the 'name' is required to be the name
-    # of the method that will be decorated.
-    def _dec(obj):
-        if not isinstance(obj, type):
-            return _multi_decorate(decorator, obj)
-        if not (name and hasattr(obj, name)):
-            raise ValueError(
-                "The keyword argument `name` must be the name of a method "
-                f"of the decorated class: {obj}. Got '{name}' instead."
-            )
-        method = getattr(obj, name)
-        if not callable(method):
-            raise TypeError(
-                f"Cannot decorate '{name}' as it isn't a callable attribute of "
-                f"{obj} ({method})."
-            )
-        _wrapper = _multi_decorate(decorator, method)
-        setattr(obj, name, _wrapper)
-        return obj
-
-    # Don't worry about making _dec look similar to a list/tuple as it's rather
-    # meaningless.
-    if not hasattr(decorator, "__iter__"):
-        update_wrapper(_dec, decorator)
-    # Change the name to aid debugging.
-    obj = decorator if hasattr(decorator, "__name__") else decorator.__class__
-    _dec.__name__ = f"method_decorator({obj.__name__})"
-    return _dec

plain-0.16.1/plain/views/csrf.py

@@ -1,24 +0,0 @@
-from functools import wraps
-
-from plain.utils.decorators import method_decorator
-
-
-def csrf_exempt(view_func):
-    """Mark a view function as being exempt from the CSRF view protection."""
-
-    # view_func.csrf_exempt = True would also work, but decorators are nicer
-    # if they don't have side effects, so return a new function.
-    @wraps(view_func)
-    def wrapper_view(*args, **kwargs):
-        return view_func(*args, **kwargs)
-
-    wrapper_view.csrf_exempt = True
-    return wrapper_view
-
-
-@method_decorator(csrf_exempt, name="get_response")
-class CsrfExemptViewMixin:
-    """CsrfExemptViewMixin needs to come before View in the class definition"""
-
-    def get_response(self):
-        return super().get_response()