sanic-security 1.12.1__tar.gz → 1.12.3__tar.gz

{sanic_security-1.12.1/sanic_security.egg-info → sanic_security-1.12.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: sanic-security
-Version: 1.12.1
+Version: 1.12.3
 Summary: An async security library for the Sanic framework.
 Author-email: Aidan Stewart <na.stewart365@gmail.com>
 Project-URL: Documentation, https://security.na-stewart.com/
@@ -156,7 +156,7 @@ You can load environment variables with a different prefix via `config.load_envi
 | **CAPTCHA_FONT**                      | captcha-font.ttf             | The file path to the font being used for captcha generation.                                                                     |
 | **TWO_STEP_SESSION_EXPIRATION**       | 200                          | The amount of seconds till two-step session expiration on creation. Setting to 0 will disable expiration.                        |
 | **AUTHENTICATION_SESSION_EXPIRATION** | 86400                        | The amount of seconds till authentication session expiration on creation. Setting to 0 will disable expiration.                  |
-| **AUTHENTICATION_REFRESH_EXPIRATION** | 2592000                      | The amount of seconds till authentication refresh expiration.                                                                    |
+| **AUTHENTICATION_REFRESH_EXPIRATION** | 604800                       | The amount of seconds till authentication refresh expiration. Setting to 0 will disable refresh mechanism.                       |
 | **ALLOW_LOGIN_WITH_USERNAME**         | False                        | Allows login via username and email.                                                                                             |
 | **INITIAL_ADMIN_EMAIL**               | admin@example.com            | Email used when creating the initial admin account.                                                                              |
 | **INITIAL_ADMIN_PASSWORD**            | admin123                     | Password used when creating the initial admin account.                                                                           |
@@ -295,8 +295,6 @@ async def on_logout(request):
 
 * Authenticate
 
-New/Refreshed session will be returned if expired, requires encoding.
-
 ```python
 @app.post("api/security/auth")
 async def on_authenticate(request):
@@ -305,15 +303,11 @@ async def on_authenticate(request):
         "You have been authenticated.",
         authentication_session.json,
     )
-    if authentication_session.is_refresh:
-        authentication_session.encode(response)
     return response
 ```
 
 * Requires Authentication (This method is not called directly and instead used as a decorator)
 
-New/Refreshed session will be returned if expired, requires encoding.
-
 ```python
 @app.post("api/security/auth")
 @requires_authentication
@@ -323,24 +317,22 @@ async def on_authenticate(request):
         "You have been authenticated.",
         authentication_session.json,
     )
-    if authentication_session.is_refresh:
-        authentication_session.encode(response)
     return response
 ```
 
-* Authentication Refresh Middleware
+* Authentication Middleware
+
+New/Refreshed session returned if client's session expired during authentication, requires encoding.
 
-If it's inconvenient to encode the refreshed session during authentication, it can also be done automatically via middleware.
+Middleware is recommended to automatically encode the refreshed session.
 
 ```python
 @app.on_response
 async def authentication_refresh_encoder(request, response):
-    try:
+    if hasattr(request.ctx, "authentication_session"):
         authentication_session = request.ctx.authentication_session
         if authentication_session.is_refresh:
             authentication_session.encode(response)
-    except AttributeError:
-        pass
 ```
 
 ## Captcha

{sanic_security-1.12.1 → sanic_security-1.12.3}/README.md

@@ -125,7 +125,7 @@ You can load environment variables with a different prefix via `config.load_envi
 | **CAPTCHA_FONT**                      | captcha-font.ttf             | The file path to the font being used for captcha generation.                                                                     |
 | **TWO_STEP_SESSION_EXPIRATION**       | 200                          | The amount of seconds till two-step session expiration on creation. Setting to 0 will disable expiration.                        |
 | **AUTHENTICATION_SESSION_EXPIRATION** | 86400                        | The amount of seconds till authentication session expiration on creation. Setting to 0 will disable expiration.                  |
-| **AUTHENTICATION_REFRESH_EXPIRATION** | 2592000                      | The amount of seconds till authentication refresh expiration.                                                                    |
+| **AUTHENTICATION_REFRESH_EXPIRATION** | 604800                       | The amount of seconds till authentication refresh expiration. Setting to 0 will disable refresh mechanism.                       |
 | **ALLOW_LOGIN_WITH_USERNAME**         | False                        | Allows login via username and email.                                                                                             |
 | **INITIAL_ADMIN_EMAIL**               | admin@example.com            | Email used when creating the initial admin account.                                                                              |
 | **INITIAL_ADMIN_PASSWORD**            | admin123                     | Password used when creating the initial admin account.                                                                           |
@@ -264,8 +264,6 @@ async def on_logout(request):
 
 * Authenticate
 
-New/Refreshed session will be returned if expired, requires encoding.
-
 ```python
 @app.post("api/security/auth")
 async def on_authenticate(request):
@@ -274,15 +272,11 @@ async def on_authenticate(request):
         "You have been authenticated.",
         authentication_session.json,
     )
-    if authentication_session.is_refresh:
-        authentication_session.encode(response)
     return response
 ```
 
 * Requires Authentication (This method is not called directly and instead used as a decorator)
 
-New/Refreshed session will be returned if expired, requires encoding.
-
 ```python
 @app.post("api/security/auth")
 @requires_authentication
@@ -292,24 +286,22 @@ async def on_authenticate(request):
         "You have been authenticated.",
         authentication_session.json,
     )
-    if authentication_session.is_refresh:
-        authentication_session.encode(response)
     return response
 ```
 
-* Authentication Refresh Middleware
+* Authentication Middleware
+
+New/Refreshed session returned if client's session expired during authentication, requires encoding.
 
-If it's inconvenient to encode the refreshed session during authentication, it can also be done automatically via middleware.
+Middleware is recommended to automatically encode the refreshed session.
 
 ```python
 @app.on_response
 async def authentication_refresh_encoder(request, response):
-    try:
+    if hasattr(request.ctx, "authentication_session"):
         authentication_session = request.ctx.authentication_session
         if authentication_session.is_refresh:
             authentication_session.encode(response)
-    except AttributeError:
-        pass
 ```
 
 ## Captcha

{sanic_security-1.12.1 → sanic_security-1.12.3}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "sanic-security"
-version = "1.12.1"
+version = "1.12.3"
 requires-python = ">=3.8"
 dependencies = [
     "tortoise-orm>=0.17.0",

{sanic_security-1.12.1 → sanic_security-1.12.3}/sanic_security/authentication.py

@@ -198,7 +198,7 @@ async def fulfill_second_factor(request: Request) -> AuthenticationSession:
 async def authenticate(request: Request) -> AuthenticationSession:
     """
     Validates client's authentication session and account. New/Refreshed session automatically returned
-    if expired during authentication, requires encoding.
+    if client's session expired during authentication, requires encoding.
 
     Args:
         request (Request): Sanic request parameter.
@@ -223,13 +223,14 @@ async def authenticate(request: Request) -> AuthenticationSession:
             authentication_session.bearer.validate()
     except ExpiredError:
         authentication_session = await authentication_session.refresh(request)
+    request.ctx.authentication_session = authentication_session
     return authentication_session
 
 
 def requires_authentication(arg=None):
     """
-    Validates client's authentication session and account. New/Refreshed session automatically returned if expired
-    during authentication, requires encoding.
+    Validates client's authentication session and account. New/Refreshed session automatically returned
+    if client's session expired during authentication, requires encoding.
 
     Example:
         This method is not called directly and instead used as a decorator:

{sanic_security-1.12.1 → sanic_security-1.12.3}/sanic_security/configuration.py

@@ -39,7 +39,7 @@ DEFAULT_CONFIG = {
     "CAPTCHA_FONT": "captcha-font.ttf",
     "TWO_STEP_SESSION_EXPIRATION": 300,
     "AUTHENTICATION_SESSION_EXPIRATION": 86400,
-    "AUTHENTICATION_REFRESH_EXPIRATION": 2592000,
+    "AUTHENTICATION_REFRESH_EXPIRATION": 604800,
     "ALLOW_LOGIN_WITH_USERNAME": False,
     "INITIAL_ADMIN_EMAIL": "admin@example.com",
     "INITIAL_ADMIN_PASSWORD": "admin123",
@@ -65,7 +65,7 @@ class Config(dict):
         CAPTCHA_FONT (str): The file path to the font being used for captcha generation.
         TWO_STEP_SESSION_EXPIRATION (int):  The amount of seconds till two-step session expiration on creation. Setting to 0 will disable expiration.
         AUTHENTICATION_SESSION_EXPIRATION (int): The amount of seconds till authentication session expiration on creation. Setting to 0 will disable expiration.
-        AUTHENTICATION_REFRESH_EXPIRATION (int): The amount of seconds till authentication session refresh expiration.
+        AUTHENTICATION_REFRESH_EXPIRATION (int): The amount of seconds till authentication session refresh expiration. Setting to 0 will disable refresh mechanism.
         ALLOW_LOGIN_WITH_USERNAME (bool): Allows login via username and email.
         INITIAL_ADMIN_EMAIL (str): Email used when creating the initial admin account.
         INITIAL_ADMIN_PASSWORD (str): Password used when creating the initial admin account.

{sanic_security-1.12.1 → sanic_security-1.12.3}/sanic_security/models.py

@@ -296,8 +296,13 @@ class Session(BaseModel):
             samesite=security_config.SESSION_SAMESITE,
             secure=security_config.SESSION_SECURE,
         )
-        if self.expiration_date:
-            response.cookies.get_cookie(cookie).expires = self.expiration_date
+        if self.expiration_date:  # Overrides refresh expiration.
+            if hasattr(self, "refresh_expiration_date"):
+                response.cookies.get_cookie(cookie).expires = (
+                    self.refresh_expiration_date
+                )
+            else:
+                response.cookies.get_cookie(cookie).expires = self.expiration_date
         if security_config.SESSION_DOMAIN:
             response.cookies.get_cookie(cookie).domain = security_config.SESSION_DOMAIN
 
@@ -566,7 +571,8 @@ class AuthenticationSession(Session):
             raise NotExpiredError()
         except ExpiredError as e:
             if (
-                datetime.datetime.now(datetime.timezone.utc)
+                self.refresh_expiration_date
+                and datetime.datetime.now(datetime.timezone.utc)
                 <= self.refresh_expiration_date
             ):
                 self.active = False

{sanic_security-1.12.1 → sanic_security-1.12.3}/sanic_security/test/server.py

@@ -175,12 +175,10 @@ async def on_authenticate(request):
 
 @app.on_response
 async def authentication_refresh_encoder(request, response):
-    try:
+    if hasattr(request.ctx, "authentication_session"):
         authentication_session = request.ctx.authentication_session
         if authentication_session.is_refresh:
             authentication_session.encode(response)
-    except AttributeError:
-        pass
 
 
 @app.post("api/test/auth/expire")

{sanic_security-1.12.1 → sanic_security-1.12.3}/sanic_security/test/tests.py

@@ -570,8 +570,9 @@ class MiscTest(TestCase):
             "http://127.0.0.1:8000/api/test/auth",
         )
         assert (
-            json.loads(authenticate_refresh_response.text)["data"]["refresh"] is True
+            authenticate_refresh_response.status_code == 200
         ), authenticate_refresh_response.text
+        assert json.loads(authenticate_refresh_response.text)["data"]["refresh"] is True
         authenticate_response = self.client.post(
             "http://127.0.0.1:8000/api/test/auth",
         )  # Since session refresh handling is complete, it will be returned as a regular session now.

{sanic_security-1.12.1 → sanic_security-1.12.3/sanic_security.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: sanic-security
-Version: 1.12.1
+Version: 1.12.3
 Summary: An async security library for the Sanic framework.
 Author-email: Aidan Stewart <na.stewart365@gmail.com>
 Project-URL: Documentation, https://security.na-stewart.com/
@@ -156,7 +156,7 @@ You can load environment variables with a different prefix via `config.load_envi
 | **CAPTCHA_FONT**                      | captcha-font.ttf             | The file path to the font being used for captcha generation.                                                                     |
 | **TWO_STEP_SESSION_EXPIRATION**       | 200                          | The amount of seconds till two-step session expiration on creation. Setting to 0 will disable expiration.                        |
 | **AUTHENTICATION_SESSION_EXPIRATION** | 86400                        | The amount of seconds till authentication session expiration on creation. Setting to 0 will disable expiration.                  |
-| **AUTHENTICATION_REFRESH_EXPIRATION** | 2592000                      | The amount of seconds till authentication refresh expiration.                                                                    |
+| **AUTHENTICATION_REFRESH_EXPIRATION** | 604800                       | The amount of seconds till authentication refresh expiration. Setting to 0 will disable refresh mechanism.                       |
 | **ALLOW_LOGIN_WITH_USERNAME**         | False                        | Allows login via username and email.                                                                                             |
 | **INITIAL_ADMIN_EMAIL**               | admin@example.com            | Email used when creating the initial admin account.                                                                              |
 | **INITIAL_ADMIN_PASSWORD**            | admin123                     | Password used when creating the initial admin account.                                                                           |
@@ -295,8 +295,6 @@ async def on_logout(request):
 
 * Authenticate
 
-New/Refreshed session will be returned if expired, requires encoding.
-
 ```python
 @app.post("api/security/auth")
 async def on_authenticate(request):
@@ -305,15 +303,11 @@ async def on_authenticate(request):
         "You have been authenticated.",
         authentication_session.json,
     )
-    if authentication_session.is_refresh:
-        authentication_session.encode(response)
     return response
 ```
 
 * Requires Authentication (This method is not called directly and instead used as a decorator)
 
-New/Refreshed session will be returned if expired, requires encoding.
-
 ```python
 @app.post("api/security/auth")
 @requires_authentication
@@ -323,24 +317,22 @@ async def on_authenticate(request):
         "You have been authenticated.",
         authentication_session.json,
     )
-    if authentication_session.is_refresh:
-        authentication_session.encode(response)
     return response
 ```
 
-* Authentication Refresh Middleware
+* Authentication Middleware
+
+New/Refreshed session returned if client's session expired during authentication, requires encoding.
 
-If it's inconvenient to encode the refreshed session during authentication, it can also be done automatically via middleware.
+Middleware is recommended to automatically encode the refreshed session.
 
 ```python
 @app.on_response
 async def authentication_refresh_encoder(request, response):
-    try:
+    if hasattr(request.ctx, "authentication_session"):
         authentication_session = request.ctx.authentication_session
         if authentication_session.is_refresh:
             authentication_session.encode(response)
-    except AttributeError:
-        pass
 ```
 
 ## Captcha