requests-cache 1.3.1__tar.gz → 1.3.2__tar.gz

{requests_cache-1.3.1 → requests_cache-1.3.2}/.gitignore

@@ -33,6 +33,7 @@ package.json
 .coverage.*
 .COVERAGE.*
 .mypy_cache/
+.pytest_cache/
 .nox/
 test-reports/
 

{requests_cache-1.3.1 → requests_cache-1.3.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: requests-cache
-Version: 1.3.1
+Version: 1.3.2
 Summary: A persistent cache for python requests
 Project-URL: homepage, https://github.com/requests-cache/requests-cache
 Project-URL: repository, https://github.com/requests-cache/requests-cache
@@ -32,7 +32,7 @@ Provides-Extra: all
 Requires-Dist: boto3>=1.15; extra == 'all'
 Requires-Dist: botocore>=1.18; extra == 'all'
 Requires-Dist: itsdangerous>=2.0; extra == 'all'
-Requires-Dist: orjson>=3.0; extra == 'all'
+Requires-Dist: orjson>=3.0; (python_version < '3.14') and extra == 'all'
 Requires-Dist: pymongo>=3; extra == 'all'
 Requires-Dist: pyyaml>=6.0.1; extra == 'all'
 Requires-Dist: redis>=3; extra == 'all'
@@ -72,25 +72,25 @@ Complete project documentation can be found at [requests-cache.readthedocs.io](h
 <!-- END-RTD-IGNORE -->
 
 ## Features
-* 🍰 **Ease of use:** Keep using the `requests` library you're already familiar with. Add caching
+* **Ease of use:** Keep using the `requests` library you're already familiar with. Add caching
   with a [drop-in replacement](https://requests-cache.readthedocs.io/en/stable/user_guide/general.html#sessions)
   for `requests.Session`, or
   [install globally](https://requests-cache.readthedocs.io/en/stable/user_guide/general.html#patching)
   to add transparent caching to all `requests` functions.
-* 🚀 **Performance:** Get sub-millisecond response times for cached responses. When they expire, you
+* **Performance:** Get sub-millisecond response times for cached responses. When they expire, you
   still save time with
   [conditional requests](https://requests-cache.readthedocs.io/en/stable/user_guide/headers.html#conditional-requests).
-* 💾 **Persistence:** Works with several
+* **Persistence:** Works with several
   [storage backends](https://requests-cache.readthedocs.io/en/stable/user_guide/backends.html)
   including SQLite, Redis, MongoDB, and DynamoDB; or save responses as plain JSON files, YAML,
   and more
-* 🕗 **Expiration:** Use
+* **Expiration:** Use
   [Cache-Control](https://requests-cache.readthedocs.io/en/stable/user_guide/headers.html#cache-control)
   and other standard HTTP headers, define your own expiration schedule, keep your cache clutter-free
   with backends that natively support TTL, or any combination of strategies
-* ⚙️ **Customization:** Works out of the box with zero config, but with a robust set of features for
+* **Customization:** Works out of the box with zero config, but with a robust set of features for
   configuring and extending the library to suit your needs
-* 🧩 **Compatibility:** Can be combined with other
+* **Compatibility:** Can be combined with other
   [popular libraries based on requests](https://requests-cache.readthedocs.io/en/stable/user_guide/compatibility.html)
 
 ## Quickstart

{requests_cache-1.3.1 → requests_cache-1.3.2}/README.md

@@ -20,25 +20,25 @@ Complete project documentation can be found at [requests-cache.readthedocs.io](h
 <!-- END-RTD-IGNORE -->
 
 ## Features
-* 🍰 **Ease of use:** Keep using the `requests` library you're already familiar with. Add caching
+* **Ease of use:** Keep using the `requests` library you're already familiar with. Add caching
   with a [drop-in replacement](https://requests-cache.readthedocs.io/en/stable/user_guide/general.html#sessions)
   for `requests.Session`, or
   [install globally](https://requests-cache.readthedocs.io/en/stable/user_guide/general.html#patching)
   to add transparent caching to all `requests` functions.
-* 🚀 **Performance:** Get sub-millisecond response times for cached responses. When they expire, you
+* **Performance:** Get sub-millisecond response times for cached responses. When they expire, you
   still save time with
   [conditional requests](https://requests-cache.readthedocs.io/en/stable/user_guide/headers.html#conditional-requests).
-* 💾 **Persistence:** Works with several
+* **Persistence:** Works with several
   [storage backends](https://requests-cache.readthedocs.io/en/stable/user_guide/backends.html)
   including SQLite, Redis, MongoDB, and DynamoDB; or save responses as plain JSON files, YAML,
   and more
-* 🕗 **Expiration:** Use
+* **Expiration:** Use
   [Cache-Control](https://requests-cache.readthedocs.io/en/stable/user_guide/headers.html#cache-control)
   and other standard HTTP headers, define your own expiration schedule, keep your cache clutter-free
   with backends that natively support TTL, or any combination of strategies
-* ⚙️ **Customization:** Works out of the box with zero config, but with a robust set of features for
+* **Customization:** Works out of the box with zero config, but with a robust set of features for
   configuring and extending the library to suit your needs
-* 🧩 **Compatibility:** Can be combined with other
+* **Compatibility:** Can be combined with other
   [popular libraries based on requests](https://requests-cache.readthedocs.io/en/stable/user_guide/compatibility.html)
 
 ## Quickstart

{requests_cache-1.3.1 → requests_cache-1.3.2}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = 'requests-cache'
-version = '1.3.1'
+version = '1.3.2'
 description = 'A persistent cache for python requests'
 authors = [{name='Jordan Cook'}, {name='Roman Haritonov'}]
 license = 'BSD-2-Clause'
@@ -61,7 +61,7 @@ all = [
     'boto3          >=1.15',
     'botocore       >=1.18',
     'itsdangerous   >=2.0',
-    'orjson         >=3.0',
+    'orjson         >=3.0; python_version < "3.14"',
     'pymongo        >=3',
     'pyyaml         >=6.0.1',
     'redis          >=3',
@@ -79,6 +79,7 @@ dev = [
     'pytest-pretty          >=1.2',
     'pytest-rerunfailures   >=10.1',
     'pytest-xdist           >=2.2',
+    'requests               >=2.22.0.dev0',   # Use a prerelease if it's the latest version
     'requests-mock          ~=1.12',
     'responses              >=0.19',
     'tenacity               ~=8.0',

{requests_cache-1.3.1 → requests_cache-1.3.2}/requests_cache/backends/base.py

@@ -12,9 +12,11 @@ from collections import UserDict
 from datetime import datetime
 from logging import getLogger
 from pickle import PickleError
-from typing import TYPE_CHECKING, Iterable, Iterator, List, MutableMapping, Optional, TypeVar
+from typing import TYPE_CHECKING, Iterable, Iterator, List, MutableMapping, Optional, TypeVar, Union
 from warnings import warn
 
+from pathlib import Path
+
 from requests import Request, Response
 
 from ..cache_keys import create_key, redact_response
@@ -55,6 +57,15 @@ class BaseCache:
         self.redirects: BaseStorage[str, str] = DictStorage()
         self._settings = CacheSettings()  # Init and public access is done in CachedSession
 
+    @property
+    def db_path(self) -> Union[str, Path]:
+        """Path to the cache database file.
+
+        Raises:
+            NotImplementedError: For backends that do not use a file-based database.
+        """
+        raise NotImplementedError
+
     # Main cache operations
     # ---------------------
 

{requests_cache-1.3.1 → requests_cache-1.3.2}/requests_cache/cache_keys.py

@@ -66,8 +66,9 @@ def create_key(
         request: Request object to generate a cache key from
         ignored_parameters: Request parameters, headers, and/or JSON body params to exclude
         match_headers: Match only the specified headers, or ``True`` to match all headers
-        request_kwargs: Additional keyword arguments for :py:func:`~requests.request`
+        serializer: Serializer name or instance
         content_root_key: root element in the request body to apply ignored_parameters to
+        request_kwargs: Additional keyword arguments for :py:func:`~requests.request`
     """
     # Normalize and gather all relevant request info to match against
     request = normalize_request(request, ignored_parameters, content_root_key)
@@ -142,7 +143,8 @@ def normalize_request(
 
 
 def normalize_headers(
-    headers: MutableMapping[str, str], ignored_parameters: ParamList = None
+    headers: MutableMapping[str, str],
+    ignored_parameters: ParamList = None,
 ) -> CaseInsensitiveDict:
     """Sort and filter request headers, and normalize minor variations in multi-value headers"""
     headers = {k: decode(v) for (k, v) in headers.items()}
@@ -160,7 +162,7 @@ def normalize_url(url: str, ignored_parameters: ParamList) -> str:
     port, etc.
     """
     url = filter_url(url, ignored_parameters)
-    return url_normalize(url)
+    return url_normalize(url) or ''
 
 
 def normalize_body(
@@ -257,7 +259,8 @@ def filter_sort_json(data: Union[List, Mapping], ignored_parameters: ParamList):
 
 
 def filter_sort_dict(
-    data: Mapping[str, str], ignored_parameters: ParamList = None
+    data: Mapping[str, str],
+    ignored_parameters: ParamList = None,
 ) -> Dict[str, str]:
     # Note: Any ignored_parameters present will have their values replaced instead of removing the
     # parameter, so the cache key will still match whether the parameter was present or not.
@@ -265,7 +268,10 @@ def filter_sort_dict(
     return {k: ('REDACTED' if k in ignored_parameters else v) for k, v in sorted(data.items())}
 
 
-def filter_sort_multidict(data: KVList, ignored_parameters: ParamList = None) -> KVList:
+def filter_sort_multidict(
+    data: KVList,
+    ignored_parameters: ParamList = None,
+) -> KVList:
     ignored_parameters = set(ignored_parameters or [])
     return [(k, 'REDACTED' if k in ignored_parameters else v) for k, v in sorted(data)]
 

{requests_cache-1.3.1 → requests_cache-1.3.2}/requests_cache/policy/actions.py

@@ -350,9 +350,20 @@ class CacheActions(RichMixin):
                 logger.debug('Failed Vary check: cookies do not match')
                 return False
             match_headers.remove('cookie')
+
         if not match_headers:
             return True
 
+        # If a Vary header is in ignored_parameters and on the request, treat it as a cache miss
+        # rather than potentially returning an invalid response
+        ignored = {h.lower() for h in (self._settings.ignored_parameters or [])}
+        ignore_overlap = ignored & set(match_headers)
+        if ignore_overlap and any(h in self._request.headers for h in ignore_overlap):
+            logger.debug(
+                f'Failed Vary check: Vary header(s) are in ignored_parameters: {ignore_overlap}'
+            )
+            return False
+
         key_kwargs['match_headers'] = match_headers
         vary_key_cached = create_key(vary_request, **key_kwargs)
         vary_key_current = create_key(self._request, **key_kwargs)

{requests_cache-1.3.1 → requests_cache-1.3.2}/requests_cache/policy/settings.py

@@ -11,8 +11,17 @@ DEFAULT_CACHE_NAME = 'http_cache'
 DEFAULT_METHODS = ('GET', 'HEAD')
 DEFAULT_STATUS_CODES = (200,)
 
-# Default params and/or headers that are excluded from cache keys and redacted from cached responses
-DEFAULT_IGNORED_PARAMS = ('Authorization', 'X-API-KEY', 'access_token', 'api_key')
+# Common auth headers and params that are excluded from cache keys and redacted from cached responses
+AUTH_HEADERS = (
+    'Authorization',
+    'Proxy-Authorization',
+    'X-API-Key',
+    'X-Auth-Token',
+    'X-API-Token',
+    'X-Access-Token',
+)
+AUTH_PARAMS = ('access_token', 'api_key', 'apikey')
+DEFAULT_IGNORED_PARAMS = AUTH_HEADERS + AUTH_PARAMS
 
 
 @define(repr=False)

{requests_cache-1.3.1 → requests_cache-1.3.2}/requests_cache/serializers/cattrs.py

@@ -21,7 +21,9 @@ from functools import singledispatchmethod
 from json import JSONDecodeError
 from typing import Callable, Dict, ForwardRef, List, Optional, Union
 
+import attrs
 from cattrs import Converter
+from requests.adapters import HTTPAdapter
 from requests.cookies import RequestsCookieJar, cookiejar_from_dict
 from requests.exceptions import RequestException
 from requests.structures import CaseInsensitiveDict
@@ -30,6 +32,15 @@ from .._utils import is_json_content_type
 from ..models import CachedResponse, DecodedContent
 from .pipeline import Stage
 
+# requests/models.py uses `from __future__ import annotations` and imports RequestsCookieJar
+# and HTTPAdapter under TYPE_CHECKING only, so get_type_hints() can't find them at runtime
+# when traversing Response's MRO. Pre-resolve CachedResponse field types now so cattrs
+# won't call resolve_types() without the necessary localns.
+attrs.resolve_types(
+    CachedResponse,
+    localns={'RequestsCookieJar': RequestsCookieJar, 'HTTPAdapter': HTTPAdapter},
+)
+
 try:
     import ujson as json
 except ImportError:

{requests_cache-1.3.1 → requests_cache-1.3.2}/tests/unit/test_session.py

@@ -406,6 +406,29 @@ def test_match_headers__vary_alternating(mock_session):
     assert mock_session.get(MOCKED_URL_VARY, headers=headers_html).from_cache is True
 
 
+def test_match_headers__vary_authorization(mock_session):
+    """When Vary headers overlaps with ignored_parameters and the header is present on the
+    request, it's always a cache miss (prevents cross-user cache leakage).
+    """
+    url = f'{MOCKED_URL}/vary-auth'
+    mock_session.mock_adapter.register_uri(
+        'GET', url, headers={'Vary': 'Authorization'}, text='mock response', status_code=200
+    )
+    mock_session.settings.ignored_parameters = ['Authorization']
+
+    # Header present: always a miss
+    r1 = mock_session.get(url, headers={'Authorization': 'Bearer user-1-token'})
+    r2 = mock_session.get(url, headers={'Authorization': 'Bearer user-1-token'})
+    assert r1.from_cache is False
+    assert r2.from_cache is False
+
+    # Header missing: no collision risk, proceed as normal
+    r3 = mock_session.get(url)
+    r4 = mock_session.get(url)
+    assert r3.from_cache is False
+    assert r4.from_cache is True
+
+
 @pytest.mark.parametrize(
     'headers, expected_from_cache',
     [