sanic-security 1.11.7__py3-none-any.whl → 1.12.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- sanic_security/authentication.py +144 -140
- sanic_security/authorization.py +50 -42
- sanic_security/configuration.py +26 -20
- sanic_security/exceptions.py +48 -22
- sanic_security/models.py +114 -64
- sanic_security/test/server.py +78 -26
- sanic_security/test/tests.py +82 -15
- sanic_security/utils.py +24 -20
- sanic_security/verification.py +20 -19
- sanic_security-1.12.1.dist-info/LICENSE +21 -0
- {sanic_security-1.11.7.dist-info → sanic_security-1.12.1.dist-info}/METADATA +622 -591
- sanic_security-1.12.1.dist-info/RECORD +16 -0
- {sanic_security-1.11.7.dist-info → sanic_security-1.12.1.dist-info}/WHEEL +2 -1
- sanic_security-1.12.1.dist-info/top_level.txt +1 -0
- sanic_security-1.11.7.dist-info/LICENSE +0 -661
- sanic_security-1.11.7.dist-info/RECORD +0 -15
sanic_security/test/tests.py
CHANGED
@@ -7,21 +7,25 @@ import httpx
|
|
7
7
|
from sanic_security.configuration import Config
|
8
8
|
|
9
9
|
"""
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
10
|
+
Copyright (c) 2020-present Nicholas Aidan Stewart
|
11
|
+
|
12
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
13
|
+
of this software and associated documentation files (the "Software"), to deal
|
14
|
+
in the Software without restriction, including without limitation the rights
|
15
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
16
|
+
copies of the Software, and to permit persons to whom the Software is
|
17
|
+
furnished to do so, subject to the following conditions:
|
18
|
+
|
19
|
+
The above copyright notice and this permission notice shall be included in all
|
20
|
+
copies or substantial portions of the Software.
|
21
|
+
|
22
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
23
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
24
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
25
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
26
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
27
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
28
|
+
SOFTWARE.
|
25
29
|
"""
|
26
30
|
|
27
31
|
|
@@ -290,6 +294,21 @@ class LoginTest(TestCase):
|
|
290
294
|
)
|
291
295
|
assert authenticate_response.status_code == 200, authenticate_response.text
|
292
296
|
|
297
|
+
def test_anonymous_login(self):
|
298
|
+
"""
|
299
|
+
Test login of anonymous user.
|
300
|
+
"""
|
301
|
+
anon_login_response = self.client.post(
|
302
|
+
"http://127.0.0.1:8000/api/test/auth/login/anon"
|
303
|
+
)
|
304
|
+
assert anon_login_response.status_code == 200, anon_login_response.text
|
305
|
+
authenticate_response = self.client.post(
|
306
|
+
"http://127.0.0.1:8000/api/test/auth",
|
307
|
+
)
|
308
|
+
assert authenticate_response.status_code == 200, authenticate_response.text
|
309
|
+
logout_response = self.client.post("http://127.0.0.1:8000/api/test/auth/logout")
|
310
|
+
assert logout_response.status_code == 200, logout_response.text
|
311
|
+
|
293
312
|
|
294
313
|
class VerificationTest(TestCase):
|
295
314
|
"""
|
@@ -468,6 +487,23 @@ class AuthorizationTest(TestCase):
|
|
468
487
|
prohibited_authorization_response.status_code == 403
|
469
488
|
), prohibited_authorization_response.text
|
470
489
|
|
490
|
+
def test_anonymous_authorization(self):
|
491
|
+
anon_login_response = self.client.post(
|
492
|
+
"http://127.0.0.1:8000/api/test/auth/login/anon"
|
493
|
+
)
|
494
|
+
assert anon_login_response.status_code == 200, anon_login_response.text
|
495
|
+
authenticate_response = self.client.post(
|
496
|
+
"http://127.0.0.1:8000/api/test/auth",
|
497
|
+
)
|
498
|
+
assert authenticate_response.status_code == 200, authenticate_response.text
|
499
|
+
prohibited_authorization_response = self.client.post(
|
500
|
+
"http://127.0.0.1:8000/api/test/auth/roles",
|
501
|
+
data={"role": "AuthTestPerms"},
|
502
|
+
)
|
503
|
+
assert (
|
504
|
+
prohibited_authorization_response.status_code == 403
|
505
|
+
), prohibited_authorization_response.text
|
506
|
+
|
471
507
|
|
472
508
|
class MiscTest(TestCase):
|
473
509
|
"""
|
@@ -511,3 +547,34 @@ class MiscTest(TestCase):
|
|
511
547
|
assert (
|
512
548
|
retrieve_associated_response.status_code == 200
|
513
549
|
), retrieve_associated_response.text
|
550
|
+
|
551
|
+
def test_authentication_refresh(self):
|
552
|
+
"""
|
553
|
+
Test automatic authentication refresh.
|
554
|
+
"""
|
555
|
+
self.client.post(
|
556
|
+
"http://127.0.0.1:8000/api/test/account",
|
557
|
+
data={
|
558
|
+
"email": "refreshed@misc.test",
|
559
|
+
"username": "refreshed",
|
560
|
+
},
|
561
|
+
)
|
562
|
+
login_response = self.client.post(
|
563
|
+
"http://127.0.0.1:8000/api/test/auth/login",
|
564
|
+
auth=("refreshed@misc.test", "password"),
|
565
|
+
)
|
566
|
+
assert login_response.status_code == 200, login_response.text
|
567
|
+
expire_response = self.client.post("http://127.0.0.1:8000/api/test/auth/expire")
|
568
|
+
assert expire_response.status_code == 200, expire_response.text
|
569
|
+
authenticate_refresh_response = self.client.post(
|
570
|
+
"http://127.0.0.1:8000/api/test/auth",
|
571
|
+
)
|
572
|
+
assert (
|
573
|
+
json.loads(authenticate_refresh_response.text)["data"]["refresh"] is True
|
574
|
+
), authenticate_refresh_response.text
|
575
|
+
authenticate_response = self.client.post(
|
576
|
+
"http://127.0.0.1:8000/api/test/auth",
|
577
|
+
) # Since session refresh handling is complete, it will be returned as a regular session now.
|
578
|
+
assert (
|
579
|
+
json.loads(authenticate_response.text)["data"]["refresh"] is False
|
580
|
+
), authenticate_response.text
|
sanic_security/utils.py
CHANGED
@@ -1,27 +1,29 @@
|
|
1
1
|
import datetime
|
2
2
|
import random
|
3
|
-
import string
|
4
3
|
|
5
4
|
from sanic.request import Request
|
6
5
|
from sanic.response import json as sanic_json, HTTPResponse
|
7
6
|
|
8
|
-
|
9
7
|
"""
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
8
|
+
Copyright (c) 2020-Present Nicholas Aidan Stewart
|
9
|
+
|
10
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
11
|
+
of this software and associated documentation files (the "Software"), to deal
|
12
|
+
in the Software without restriction, including without limitation the rights
|
13
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
14
|
+
copies of the Software, and to permit persons to whom the Software is
|
15
|
+
furnished to do so, subject to the following conditions:
|
16
|
+
|
17
|
+
The above copyright notice and this permission notice shall be included in all
|
18
|
+
copies or substantial portions of the Software.
|
19
|
+
|
20
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
21
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
22
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
23
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
24
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
25
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
26
|
+
SOFTWARE.
|
25
27
|
"""
|
26
28
|
|
27
29
|
|
@@ -45,10 +47,12 @@ def get_code() -> str:
|
|
45
47
|
Returns:
|
46
48
|
code
|
47
49
|
"""
|
48
|
-
return
|
50
|
+
return str(random.randint(100000, 999999))
|
49
51
|
|
50
52
|
|
51
|
-
def json(
|
53
|
+
def json(
|
54
|
+
message: str, data, status_code: int = 200
|
55
|
+
) -> HTTPResponse: # May be causing fixture error bc of json property
|
52
56
|
"""
|
53
57
|
A preformatted Sanic json response.
|
54
58
|
|
@@ -76,7 +80,7 @@ def get_expiration_date(seconds: int) -> datetime.datetime:
|
|
76
80
|
expiration_date
|
77
81
|
"""
|
78
82
|
return (
|
79
|
-
datetime.datetime.
|
83
|
+
datetime.datetime.now(datetime.UTC) + datetime.timedelta(seconds=seconds)
|
80
84
|
if seconds > 0
|
81
85
|
else None
|
82
86
|
)
|
sanic_security/verification.py
CHANGED
@@ -15,21 +15,25 @@ from sanic_security.models import (
|
|
15
15
|
)
|
16
16
|
|
17
17
|
"""
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
18
|
+
Copyright (c) 2020-present Nicholas Aidan Stewart
|
19
|
+
|
20
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
21
|
+
of this software and associated documentation files (the "Software"), to deal
|
22
|
+
in the Software without restriction, including without limitation the rights
|
23
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
24
|
+
copies of the Software, and to permit persons to whom the Software is
|
25
|
+
furnished to do so, subject to the following conditions:
|
26
|
+
|
27
|
+
The above copyright notice and this permission notice shall be included in all
|
28
|
+
copies or substantial portions of the Software.
|
29
|
+
|
30
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
31
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
32
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
33
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
34
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
35
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
36
|
+
SOFTWARE.
|
33
37
|
"""
|
34
38
|
|
35
39
|
|
@@ -122,10 +126,7 @@ def requires_two_step_verification(arg=None):
|
|
122
126
|
|
123
127
|
return wrapper
|
124
128
|
|
125
|
-
if callable(arg)
|
126
|
-
return decorator(arg)
|
127
|
-
else:
|
128
|
-
return decorator
|
129
|
+
return decorator(arg) if callable(arg) else decorator
|
129
130
|
|
130
131
|
|
131
132
|
async def verify_account(request: Request) -> TwoStepSession:
|
@@ -0,0 +1,21 @@
|
|
1
|
+
MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2024 Nicholas Aidan Stewart
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|