sanic-security 1.11.7__py3-none-any.whl → 1.16.6__py3-none-any.whl

sanic_security/verification.py

@@ -1,35 +1,42 @@
 import functools
 from contextlib import suppress
 
+from sanic.log import logger
 from sanic.request import Request
 
 from sanic_security.exceptions import (
     JWTDecodeError,
     NotFoundError,
     VerifiedError,
+    MaxedOutChallengeError,
 )
 from sanic_security.models import (
     Account,
     TwoStepSession,
     CaptchaSession,
 )
+from sanic_security.utils import get_ip
 
 """
-An effective, simple, and async security library for the Sanic framework.
-Copyright (C) 2020-present Aidan Stewart
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU Affero General Public License as published
-by the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU Affero General Public License for more details.
-
-You should have received a copy of the GNU Affero General Public License
-along with this program.  If not, see <https://www.gnu.org/licenses/>.
+Copyright (c) 2020-present Nicholas Aidan Stewart
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
 """
 
 
@@ -58,6 +65,7 @@ async def request_two_step_verification(
     if request.form.get("email") or not account:
         account = await Account.get_via_email(request.form.get("email"))
     two_step_session = await TwoStepSession.new(request, account)
+    request.ctx.session = two_step_session
     return two_step_session
 
 
@@ -85,7 +93,16 @@ async def two_step_verification(request: Request) -> TwoStepSession:
     two_step_session = await TwoStepSession.decode(request)
     two_step_session.validate()
     two_step_session.bearer.validate()
-    await two_step_session.check_code(request, request.form.get("code"))
+    try:
+        await two_step_session.check_code(request.form.get("code"))
+    except MaxedOutChallengeError as e:
+        logger.warning(
+            f"Client {get_ip(request)} has exceeded maximum two-step session {two_step_session.id} challenge attempts."
+        )
+        raise e
+    logger.info(
+        f"Client {get_ip(request)} has completed two-step session {two_step_session.id} challenge."
+    )
     return two_step_session
 
 
@@ -117,15 +134,12 @@ def requires_two_step_verification(arg=None):
     def decorator(func):
         @functools.wraps(func)
         async def wrapper(request, *args, **kwargs):
-            request.ctx.two_step_session = await two_step_verification(request)
+            await two_step_verification(request)
             return await func(request, *args, **kwargs)
 
         return wrapper
 
-    if callable(arg):
-        return decorator(arg)
-    else:
-        return decorator
+    return decorator(arg) if callable(arg) else decorator
 
 
 async def verify_account(request: Request) -> TwoStepSession:
@@ -150,31 +164,24 @@ async def verify_account(request: Request) -> TwoStepSession:
     """
     two_step_session = await TwoStepSession.decode(request)
     if two_step_session.bearer.verified:
-        raise VerifiedError()
+        raise VerifiedError
     two_step_session.validate()
-    await two_step_session.check_code(request, request.form.get("code"))
+    try:
+        await two_step_session.check_code(request.form.get("code"))
+    except MaxedOutChallengeError as e:
+        logger.warning(
+            f"Client {get_ip(request)} has exceeded maximum two-step session {two_step_session.id} challenge attempts "
+            "during account verification."
+        )
+        raise e
     two_step_session.bearer.verified = True
     await two_step_session.bearer.save(update_fields=["verified"])
+    logger.info(
+        f"Client {get_ip(request)} has verified account {two_step_session.bearer.id}."
+    )
     return two_step_session
 
 
-async def request_captcha(request: Request) -> CaptchaSession:
-    """
-    Creates a captcha session and deactivates the client's current captcha session if found.
-
-    Args:
-        request (Request): Sanic request parameter.
-
-    Returns:
-        captcha_session
-    """
-    with suppress(NotFoundError, JWTDecodeError):
-        captcha_session = await CaptchaSession.decode(request)
-        if captcha_session.active:
-            await captcha_session.deactivate()
-    return await CaptchaSession.new(request)
-
-
 async def captcha(request: Request) -> CaptchaSession:
     """
     Validates a captcha challenge attempt.
@@ -196,7 +203,16 @@ async def captcha(request: Request) -> CaptchaSession:
     """
     captcha_session = await CaptchaSession.decode(request)
     captcha_session.validate()
-    await captcha_session.check_code(request, request.form.get("captcha"))
+    try:
+        await captcha_session.check_code(request.form.get("captcha"))
+    except MaxedOutChallengeError as e:
+        logger.warning(
+            f"Client {get_ip(request)} has exceeded maximum captcha session {captcha_session.id} challenge attempts."
+        )
+        raise e
+    logger.info(
+        f"Client {get_ip(request)} has completed captcha session {captcha_session.id} challenge."
+    )
     return captcha_session
 
 
@@ -225,12 +241,9 @@ def requires_captcha(arg=None):
     def decorator(func):
         @functools.wraps(func)
         async def wrapper(request, *args, **kwargs):
-            request.ctx.captcha_session = await captcha(request)
+            await captcha(request)
             return await func(request, *args, **kwargs)
 
         return wrapper
 
-    if callable(arg):
-        return decorator(arg)
-    else:
-        return decorator
+    return decorator(arg) if callable(arg) else decorator

sanic_security-1.16.6.dist-info/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Nicholas Aidan Stewart
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.