sanic-security 1.12.0__py3-none-any.whl → 1.12.2__py3-none-any.whl

sanic_security/authentication.py

@@ -195,10 +195,10 @@ async def fulfill_second_factor(request: Request) -> AuthenticationSession:
     return authentication_session
 
 
-async def authenticate(request: Request) -> tuple[bool, AuthenticationSession]:
+async def authenticate(request: Request) -> AuthenticationSession:
     """
     Validates client's authentication session and account. New/Refreshed session automatically returned
-    if expired during authentication, requires encoding.
+    if client's session expired during authentication, requires encoding.
 
     Args:
         request (Request): Sanic request parameter.
@@ -214,6 +214,7 @@ async def authenticate(request: Request) -> tuple[bool, AuthenticationSession]:
         UnverifiedError
         DisabledError
         SecondFactorRequiredError
+        ExpiredError
     """
     authentication_session = await AuthenticationSession.decode(request)
     try:
@@ -227,8 +228,8 @@ async def authenticate(request: Request) -> tuple[bool, AuthenticationSession]:
 
 def requires_authentication(arg=None):
     """
-    Validates client's authentication session and account. New/Refreshed session automatically returned if expired
-    during authentication, requires encoding.
+    Validates client's authentication session and account. New/Refreshed session automatically returned
+    if client's session expired during authentication, requires encoding.
 
     Example:
         This method is not called directly and instead used as a decorator:
@@ -245,6 +246,7 @@ def requires_authentication(arg=None):
         DeactivatedError
         UnverifiedError
         DisabledError
+        ExpiredError
     """
 
     def decorator(func):
@@ -272,7 +274,7 @@ def create_initial_admin_account(app: Sanic) -> None:
             role = await Role.filter(name="Head Admin").get()
         except DoesNotExist:
             role = await Role.create(
-                description="Has the ability to control any aspect of the API, assign sparingly.",
+                description="Has root abilities, assign sparingly.",
                 permissions="*:*",
                 name="Head Admin",
             )
@@ -283,9 +285,7 @@ def create_initial_admin_account(app: Sanic) -> None:
             await account.fetch_related("roles")
             if role not in account.roles:
                 await account.roles.add(role)
-                logger.warning(
-                    'The initial admin account role "Head Admin" was removed and has been reinstated.'
-                )
+                logger.warning("Initial admin account role has been reinstated.")
         except DoesNotExist:
             account = await Account.create(
                 username="Head-Admin",

sanic_security/configuration.py

@@ -39,7 +39,7 @@ DEFAULT_CONFIG = {
     "CAPTCHA_FONT": "captcha-font.ttf",
     "TWO_STEP_SESSION_EXPIRATION": 300,
     "AUTHENTICATION_SESSION_EXPIRATION": 86400,
-    "AUTHENTICATION_REFRESH_EXPIRATION": 2592000,
+    "AUTHENTICATION_REFRESH_EXPIRATION": 604800,
     "ALLOW_LOGIN_WITH_USERNAME": False,
     "INITIAL_ADMIN_EMAIL": "admin@example.com",
     "INITIAL_ADMIN_PASSWORD": "admin123",
@@ -65,7 +65,7 @@ class Config(dict):
         CAPTCHA_FONT (str): The file path to the font being used for captcha generation.
         TWO_STEP_SESSION_EXPIRATION (int):  The amount of seconds till two-step session expiration on creation. Setting to 0 will disable expiration.
         AUTHENTICATION_SESSION_EXPIRATION (int): The amount of seconds till authentication session expiration on creation. Setting to 0 will disable expiration.
-        AUTHENTICATION_REFRESH_EXPIRATION (int): The amount of seconds till authentication session refresh expiration.
+        AUTHENTICATION_REFRESH_EXPIRATION (int): The amount of seconds till authentication session refresh expiration. Setting to 0 will disable refresh mechanism.
         ALLOW_LOGIN_WITH_USERNAME (bool): Allows login via username and email.
         INITIAL_ADMIN_EMAIL (str): Email used when creating the initial admin account.
         INITIAL_ADMIN_PASSWORD (str): Password used when creating the initial admin account.

sanic_security/exceptions.py

@@ -128,7 +128,11 @@ class DeactivatedError(SessionError):
     Raised when session is deactivated.
     """
 
-    def __init__(self, message: str = "Session is deactivated.", code: int = 401):
+    def __init__(
+        self,
+        message: str = "Session has been deactivated or refreshed.",
+        code: int = 401,
+    ):
         super().__init__(message, code)
 
 

sanic_security/models.py

@@ -524,13 +524,13 @@ class AuthenticationSession(Session):
     Used to authenticate and identify a client.
 
     Attributes:
-        requires_second_factor (bool): Determines if session requires a second factor.
         refresh_expiration_date (bool): Date and time the session can no longer be refreshed.
-        is_refresh (bool): Will only be true when instantiated during refresh of expired session.
+        requires_second_factor (bool): Determines if session requires a second factor.
+        is_refresh (bool): Will only be true once when instantiated during refresh of expired session.
     """
 
-    requires_second_factor: bool = fields.BooleanField(default=False)
     refresh_expiration_date: datetime.datetime = fields.DatetimeField(null=True)
+    requires_second_factor: bool = fields.BooleanField(default=False)
     is_refresh: bool = False
 
     def validate(self) -> None:
@@ -549,7 +549,7 @@ class AuthenticationSession(Session):
 
     async def refresh(self, request: Request):
         """
-        Seamlessly creates new session if within refresh date.
+        Refreshes session if expired and within refresh date.
 
         Raises:
             DeletedError
@@ -566,7 +566,8 @@ class AuthenticationSession(Session):
             raise NotExpiredError()
         except ExpiredError as e:
             if (
-                datetime.datetime.now(datetime.timezone.utc)
+                self.refresh_expiration_date
+                and datetime.datetime.now(datetime.timezone.utc)
                 <= self.refresh_expiration_date
             ):
                 self.active = False

sanic_security/test/server.py

@@ -19,7 +19,7 @@ from sanic_security.authorization import (
     check_roles,
 )
 from sanic_security.configuration import config as security_config
-from sanic_security.exceptions import SecurityError, CredentialsError
+from sanic_security.exceptions import SecurityError
 from sanic_security.models import Account, CaptchaSession, AuthenticationSession
 from sanic_security.utils import json
 from sanic_security.verification import (
@@ -110,7 +110,7 @@ async def on_login(request):
         )
         two_step_session.encode(response)
     else:
-        response = json("Login successful!", authentication_session.bearer.json)
+        response = json("Login successful!", authentication_session.json)
     authentication_session.encode(response)
     return response
 
@@ -148,7 +148,7 @@ async def on_logout(request):
     Logout of currently logged in account.
     """
     authentication_session = await logout(request)
-    response = json("Logout successful!", authentication_session.bearer.json)
+    response = json("Logout successful!", authentication_session.json)
     return response
 
 
@@ -170,11 +170,19 @@ async def on_authenticate(request):
             "refresh": authentication_session.is_refresh,
         },
     )
-    if authentication_session.is_refresh:
-        request.ctx.authentication_session.encode(response)
     return response
 
 
+@app.on_response
+async def authentication_refresh_encoder(request, response):
+    try:
+        authentication_session = request.ctx.authentication_session
+        if authentication_session.is_refresh:
+            authentication_session.encode(response)
+    except AttributeError:
+        pass
+
+
 @app.post("api/test/auth/expire")
 @requires_authentication
 async def on_authentication_expire(request):

sanic_security/test/tests.py

@@ -306,6 +306,8 @@ class LoginTest(TestCase):
             "http://127.0.0.1:8000/api/test/auth",
         )
         assert authenticate_response.status_code == 200, authenticate_response.text
+        logout_response = self.client.post("http://127.0.0.1:8000/api/test/auth/logout")
+        assert logout_response.status_code == 200, logout_response.text
 
 
 class VerificationTest(TestCase):
@@ -568,8 +570,9 @@ class MiscTest(TestCase):
             "http://127.0.0.1:8000/api/test/auth",
         )
         assert (
-            json.loads(authenticate_refresh_response.text)["data"]["refresh"] is True
+            authenticate_refresh_response.status_code == 200
         ), authenticate_refresh_response.text
+        assert json.loads(authenticate_refresh_response.text)["data"]["refresh"] is True
         authenticate_response = self.client.post(
             "http://127.0.0.1:8000/api/test/auth",
         )  # Since session refresh handling is complete, it will be returned as a regular session now.

{sanic_security-1.12.0.dist-info → sanic_security-1.12.2.dist-info}/METADATA

@@ -1,7 +1,7 @@
 Metadata-Version: 2.1
 Name: sanic-security
-Version: 1.12.0
-Summary: An effective, simple, and async security library for the Sanic framework.
+Version: 1.12.2
+Summary: An async security library for the Sanic framework.
 Author-email: Aidan Stewart <na.stewart365@gmail.com>
 Project-URL: Documentation, https://security.na-stewart.com/
 Project-URL: Repository, https://github.com/na-stewart/sanic-security
@@ -48,7 +48,7 @@ Requires-Dist: cryptography ; extra == 'dev'
 <p align="center">
   <h3 align="center">Sanic Security</h3>
   <p align="center">
-   An effective, simple, and async security library for the Sanic framework.
+   An async security library for the Sanic framework.
   </p>
 </p>
 
@@ -77,7 +77,6 @@ Requires-Dist: cryptography ; extra == 'dev'
 ## About The Project
 
 Sanic Security is an authentication, authorization, and verification library designed for use with [Sanic](https://github.com/huge-success/sanic).
-This library contains a variety of features including:
 
 * Login, registration, and authentication with refresh mechanisms
 * Two-factor authentication
@@ -85,7 +84,7 @@ This library contains a variety of features including:
 * Two-step verification
 * Role based authorization with wildcard permissions
 
-Please visit [security.na-stewart.com](https://security.na-stewart.com) for documentation and [click here for a comprehensive implementation guide](https://blog.na-stewart.com/entry?id=3).
+Please visit [security.na-stewart.com](https://security.na-stewart.com) for documentation and [here for an implementation guide](https://blog.na-stewart.com/entry?id=3).
 
 <!-- GETTING STARTED -->
 ## Getting Started
@@ -103,7 +102,7 @@ pip3 install sanic-security
 
 If you are planning on encoding or decoding JWTs using certain digital signature algorithms (like RSA or ECDSA which use 
 the public secret and private secret), you will need to install the `cryptography` library. This can be installed explicitly, or 
-as a required extra in the `sanic-security` requirement.
+as an extra requirement.
 
 ```shell
 pip3 install sanic-security[crypto]
@@ -138,7 +137,7 @@ You can also use the update() method like on regular dictionaries.
 Any environment variables defined with the SANIC_SECURITY_ prefix will be applied to the config. For example, setting 
 SANIC_SECURITY_SECRET will be loaded by the application automatically and fed into the SECRET config variable.
 
-You can load environment variables with a different prefix via calling the `config.load_environment_variables("NEW_PREFIX_")` method.
+You can load environment variables with a different prefix via `config.load_environment_variables("NEW_PREFIX_")` method.
 
 * Default configuration values:
 
@@ -157,7 +156,7 @@ You can load environment variables with a different prefix via calling the `conf
 | **CAPTCHA_FONT**                      | captcha-font.ttf             | The file path to the font being used for captcha generation.                                                                     |
 | **TWO_STEP_SESSION_EXPIRATION**       | 200                          | The amount of seconds till two-step session expiration on creation. Setting to 0 will disable expiration.                        |
 | **AUTHENTICATION_SESSION_EXPIRATION** | 86400                        | The amount of seconds till authentication session expiration on creation. Setting to 0 will disable expiration.                  |
-| **AUTHENTICATION_REFRESH_EXPIRATION** | 2592000                      | The amount of seconds till authentication refresh expiration.                                                                    |
+| **AUTHENTICATION_REFRESH_EXPIRATION** | 604800                       | The amount of seconds till authentication refresh expiration. Setting to 0 will disable refresh mechanism.                       |
 | **ALLOW_LOGIN_WITH_USERNAME**         | False                        | Allows login via username and email.                                                                                             |
 | **INITIAL_ADMIN_EMAIL**               | admin@example.com            | Email used when creating the initial admin account.                                                                              |
 | **INITIAL_ADMIN_PASSWORD**            | admin123                     | Password used when creating the initial admin account.                                                                           |
@@ -181,7 +180,7 @@ This account can be logged into and has complete authoritative access. Login cre
       app.run(host="127.0.0.1", port=8000)
   ```
   
-* Registration (With Two-step Verification)
+* Registration (With two-step account verification)
 
 Phone can be null or empty.
 
@@ -214,7 +213,7 @@ Verifies the client's account via two-step session code.
 
 | Key      | Value  |
 |----------|--------|
-| **code** | AJ8HGD |
+| **code** | 197251 |
 
 ```python
 @app.post("api/security/verify")
@@ -223,7 +222,7 @@ async def on_verify(request):
     return json("You have verified your account and may login!", two_step_session.json)
 ```
 
-* Login (With Two-factor Authentication)
+* Login (With two-factor authentication)
 
 Login credentials are retrieved via the Authorization header. Credentials are constructed by first combining the 
 username and the password with a colon (aladdin:opensesame), and then by encoding the resulting string in base64 
@@ -256,7 +255,7 @@ Fulfills client authentication session's second factor requirement via two-step
 
 | Key      | Value  |
 |----------|--------|
-| **code** | BG5KLP |
+| **code** | 197251 |
 
 ```python
 @app.post("api/security/fulfill-2fa")
@@ -296,7 +295,7 @@ async def on_logout(request):
 
 * Authenticate
 
-New/Refreshed session automatically returned if expired during authentication, requires encoding.
+New/Refreshed session returned if client's session expired during authentication, requires encoding.
 
 ```python
 @app.post("api/security/auth")
@@ -311,15 +310,15 @@ async def on_authenticate(request):
     return response
 ```
 
-* Requires Authentication (This method is not called directly and instead used as a decorator.)
+* Requires Authentication (This method is not called directly and instead used as a decorator)
 
-New/Refreshed session automatically returned if expired during authentication, requires encoding.
+New/Refreshed session returned if client's session expired during authentication, requires encoding.
 
 ```python
 @app.post("api/security/auth")
 @requires_authentication
 async def on_authenticate(request):
-    authentication_session = request.ctx.authentication_session.json
+    authentication_session = request.ctx.authentication_session
     response = json(
         "You have been authenticated.",
         authentication_session.json,
@@ -329,6 +328,21 @@ async def on_authenticate(request):
     return response
 ```
 
+* Authentication Middleware
+
+Refreshed session can be encoded automatically via middleware.
+
+```python
+@app.on_response
+async def authentication_refresh_encoder(request, response):
+    try:
+        authentication_session = request.ctx.authentication_session
+        if authentication_session.is_refresh:
+            authentication_session.encode(response)
+    except AttributeError:
+        pass
+```
+
 ## Captcha
 
 A pre-existing font for captcha challenges is included in the Sanic Security repository. You may set your own font by 
@@ -344,7 +358,7 @@ downloading a .ttf font and defining the file's path in the configuration.
 @app.get("api/security/captcha")
 async def on_captcha_img_request(request):
     captcha_session = await request_captcha(request)
-    response = captcha_session.get_image()  # Captcha: FV9NMQ
+    response = captcha_session.get_image()  # Captcha: 192731
     captcha_session.encode(response)
     return response
 ```
@@ -353,7 +367,7 @@ async def on_captcha_img_request(request):
 
 | Key         | Value  |
 |-------------|--------|
-| **captcha** | FV9NMQ |
+| **captcha** | 192731 |
 
 ```python
 @app.post("api/security/captcha")
@@ -362,11 +376,11 @@ async def on_captcha(request):
     return json("Captcha attempt successful!", captcha_session.json)
 ```
 
-* Requires Captcha (This method is not called directly and instead used as a decorator.)
+* Requires Captcha (This method is not called directly and instead used as a decorator)
 
 | Key         | Value  |
 |-------------|--------|
-| **captcha** | FV9NMQ |
+| **captcha** | 192731 |
 
 ```python
 @app.post("api/security/captcha")
@@ -388,9 +402,9 @@ Two-step verification should be integrated with other custom functionality. For
 ```python
 @app.post("api/security/two-step/request")
 async def on_two_step_request(request):
-    two_step_session = await request_two_step_verification(request)
+    two_step_session = await request_two_step_verification(request)  # Code = 197251
     await email_code(
-        two_step_session.bearer.email, two_step_session.code  # Code = 197251
+        two_step_session.bearer.email, two_step_session.code
     )  # Custom method for emailing verification code.
     response = json("Verification request successful!", two_step_session.json)
     two_step_session.encode(response)
@@ -402,9 +416,9 @@ async def on_two_step_request(request):
 ```python
 @app.post("api/security/two-step/resend")
 async def on_two_step_resend(request):
-    two_step_session = await TwoStepSession.decode(request)
+    two_step_session = await TwoStepSession.decode(request)  # Code = 197251
     await email_code(
-        two_step_session.bearer.email, two_step_session.code  # Code = 197251
+        two_step_session.bearer.email, two_step_session.code
     )  # Custom method for emailing verification code.
     return json("Verification code resend successful!", two_step_session.json)
 ```
@@ -413,7 +427,7 @@ async def on_two_step_resend(request):
 
 | Key      | Value  |
 |----------|--------|
-| **code** | DT6JZX |
+| **code** | 197251 |
 
 ```python
 @app.post("api/security/two-step")
@@ -423,11 +437,11 @@ async def on_two_step_verification(request):
     return response
 ```
 
-* Requires Two-step Verification (This method is not called directly and instead used as a decorator.)
+* Requires Two-step Verification (This method is not called directly and instead used as a decorator)
 
 | Key      | Value  |
 |----------|--------|
-| **code** | DT6JZX |
+| **code** | 197251 |
 
 ```python
 @app.post("api/security/two-step")
@@ -492,7 +506,7 @@ async def on_check_roles(request):
     return text("Account is authorized.")
 ```
 
-* Require Roles (This method is not called directly and instead used as a decorator.)
+* Require Roles (This method is not called directly and instead used as a decorator)
 
 ```python
 @app.post("api/security/roles")

sanic_security-1.12.2.dist-info/RECORD

@@ -0,0 +1,16 @@
+sanic_security/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+sanic_security/authentication.py,sha256=j-nFOLuNBcacKH34J04JIbsKSZ2JMH33ZqnS6vipwfQ,12508
+sanic_security/authorization.py,sha256=aQztMiZG9LDctr_C6QEzO5qScwbxpiLk96XVxwdCChM,6921
+sanic_security/configuration.py,sha256=p44nTSrBQQSJZYN6qJEod_Ettf90rRNlmPxmNzxqQ9A,5514
+sanic_security/exceptions.py,sha256=8c3xoQSiIKfSiOQOtw49RG8Qdlc3vZDzqjrEnPad4Ds,5411
+sanic_security/models.py,sha256=aB1fFCutUHDAg8jG3_VdZijOblXnSYh99gyA5fOm1u4,20528
+sanic_security/utils.py,sha256=Zgde7W69ixwv_H8eTs7indO5_U2Jvq62YUpG6ipN768,2629
+sanic_security/verification.py,sha256=vrxYborEOBKEirOHczul9WYub5j6T2ldXE1gsoA8iyY,7503
+sanic_security/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+sanic_security/test/server.py,sha256=qQtbQh8m9QYf4g1SL8QJbOyyJzAXFaNmDyBxU8b6RBc,12627
+sanic_security/test/tests.py,sha256=Hg40wlZfC-CDZX6lIjeT6uXy-3BJMc4ChJsnCRCBIu8,22459
+sanic_security-1.12.2.dist-info/LICENSE,sha256=sXlJs9_mG-dCkPfWsDnuzydJWagS82E2gYtkVH9enHA,1100
+sanic_security-1.12.2.dist-info/METADATA,sha256=YRKIzZgdU5Ka7QXR3Q0DdAj5dnNgHVh4P9vaVi03wV0,23954
+sanic_security-1.12.2.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91
+sanic_security-1.12.2.dist-info/top_level.txt,sha256=ZybkhHXSjfzhmv8XeqLvnNmLmv21Z0oPX6Ep4DJN8b0,15
+sanic_security-1.12.2.dist-info/RECORD,,

{sanic_security-1.12.0.dist-info → sanic_security-1.12.2.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (70.1.0)
+Generator: setuptools (70.1.1)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

sanic_security-1.12.0.dist-info/RECORD

@@ -1,16 +0,0 @@
-sanic_security/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-sanic_security/authentication.py,sha256=haCrLHF6S-goSmsgQAvI8m59ccSAqjdYVK1ObS2oE_k,12546
-sanic_security/authorization.py,sha256=aQztMiZG9LDctr_C6QEzO5qScwbxpiLk96XVxwdCChM,6921
-sanic_security/configuration.py,sha256=U-xUgceT5ZRjbxYocrzhxyJYFBkobCrlxLNMVGJNX2k,5470
-sanic_security/exceptions.py,sha256=D_7uq9wubZL2C6F4-jxGWUaXUdJtyR6V0tGL_JWw82k,5357
-sanic_security/models.py,sha256=RET2FjOgO-bOdmTYeKgR3zmdSScu9Z6PV52rVGd1fJI,20474
-sanic_security/utils.py,sha256=Zgde7W69ixwv_H8eTs7indO5_U2Jvq62YUpG6ipN768,2629
-sanic_security/verification.py,sha256=vrxYborEOBKEirOHczul9WYub5j6T2ldXE1gsoA8iyY,7503
-sanic_security/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-sanic_security/test/server.py,sha256=Tv9KR_BiSb-6Fx7BCxPPPOeWyKUOEFLTptn9dysEbAo,12458
-sanic_security/test/tests.py,sha256=lAI-yd4HVttYKazSxOmyRMCcL_d8eIxciBMrRKE1v4o,22231
-sanic_security-1.12.0.dist-info/LICENSE,sha256=sXlJs9_mG-dCkPfWsDnuzydJWagS82E2gYtkVH9enHA,1100
-sanic_security-1.12.0.dist-info/METADATA,sha256=UdYofgFLFs331K0j8m0PXJ83bDKjGGjv_lnDmKQdpkw,23698
-sanic_security-1.12.0.dist-info/WHEEL,sha256=cpQTJ5IWu9CdaPViMhC9YzF8gZuS5-vlfoFihTBC86A,91
-sanic_security-1.12.0.dist-info/top_level.txt,sha256=ZybkhHXSjfzhmv8XeqLvnNmLmv21Z0oPX6Ep4DJN8b0,15
-sanic_security-1.12.0.dist-info/RECORD,,