sanic-security 1.12.4__tar.gz → 1.12.6__tar.gz

{sanic_security-1.12.4/sanic_security.egg-info → sanic_security-1.12.6}/PKG-INFO

@@ -1,8 +1,8 @@
 Metadata-Version: 2.1
 Name: sanic-security
-Version: 1.12.4
+Version: 1.12.6
 Summary: An async security library for the Sanic framework.
-Author-email: Aidan Stewart <na.stewart365@gmail.com>
+Author-email: Aidan Stewart <me@na-stewart.com>
 Project-URL: Documentation, https://security.na-stewart.com/
 Project-URL: Repository, https://github.com/na-stewart/sanic-security
 Keywords: security,authentication,authorization,verification,async,sanic
@@ -197,7 +197,7 @@ async def on_register(request):
     account = await register(request)
     two_step_session = await request_two_step_verification(request, account)
     await email_code(
-        account.email, two_step_session.code  # Code = 197251
+        account.email, two_step_session.code  # Code = 24KF19
     )  # Custom method for emailing verification code.
     response = json(
         "Registration successful! Email verification required.",
@@ -213,7 +213,7 @@ Verifies the client's account via two-step session code.
 
 | Key      | Value  |
 |----------|--------|
-| **code** | 197251 |
+| **code** | 24KF19 |
 
 ```python
 @app.post("api/security/verify")
@@ -237,7 +237,7 @@ async def on_login(request):
         request, authentication_session.bearer
     )
     await email_code(
-        authentication_session.bearer.email, two_step_session.code  # Code = 197251
+        authentication_session.bearer.email, two_step_session.code  # Code = XGED2U
     )  # Custom method for emailing verification code.
     response = json(
         "Login successful! Two-factor authentication required.",
@@ -248,7 +248,7 @@ async def on_login(request):
     return response
 ```
 
-If this isn't desired, you can pass an account and password attempt directly into the login instead.
+If this isn't desired, you can pass an account and password attempt directly into the login method instead.
 
 * Fulfill Second Factor
 
@@ -256,7 +256,7 @@ Fulfills client authentication session's second factor requirement via two-step
 
 | Key      | Value  |
 |----------|--------|
-| **code** | 197251 |
+| **code** | XGED2U |
 
 ```python
 @app.post("api/security/fulfill-2fa")
@@ -321,19 +321,15 @@ async def on_authenticate(request):
     return response
 ```
 
-* Authentication Middleware
+* Refresh Encoder
 
-New/Refreshed session returned if client's session expired during authentication, requires encoding.
-
-Middleware is recommended to automatically encode the refreshed session.
+A new/refreshed session is returned during authentication when the client's current session expires and it
+requires encoding. This should be be done automatically via middleware.
 
 ```python
-@app.on_response
-async def authentication_refresh_encoder(request, response):
-    if hasattr(request.ctx, "authentication_session"):
-        authentication_session = request.ctx.authentication_session
-        if authentication_session.is_refresh:
-            authentication_session.encode(response)
+attach_refresh_encoder(app)
+if __name__ == "__main__":
+    app.run(host="127.0.0.1", port=8000)
 ```
 
 ## Captcha
@@ -351,7 +347,7 @@ downloading a .ttf font and defining the file's path in the configuration.
 @app.get("api/security/captcha")
 async def on_captcha_img_request(request):
     captcha_session = await request_captcha(request)
-    response = captcha_session.get_image()  # Captcha: 192731
+    response = captcha_session.get_image()  # Captcha: LJ0F3U
     captcha_session.encode(response)
     return response
 ```
@@ -360,7 +356,7 @@ async def on_captcha_img_request(request):
 
 | Key         | Value  |
 |-------------|--------|
-| **captcha** | 192731 |
+| **captcha** | LJ0F3U |
 
 ```python
 @app.post("api/security/captcha")
@@ -373,7 +369,7 @@ async def on_captcha(request):
 
 | Key         | Value  |
 |-------------|--------|
-| **captcha** | 192731 |
+| **captcha** | LJ0F3U |
 
 ```python
 @app.post("api/security/captcha")
@@ -395,7 +391,7 @@ Two-step verification should be integrated with other custom functionality. For
 ```python
 @app.post("api/security/two-step/request")
 async def on_two_step_request(request):
-    two_step_session = await request_two_step_verification(request)  # Code = 197251
+    two_step_session = await request_two_step_verification(request)  # Code = T2I58I
     await email_code(
         two_step_session.bearer.email, two_step_session.code
     )  # Custom method for emailing verification code.
@@ -409,7 +405,7 @@ async def on_two_step_request(request):
 ```python
 @app.post("api/security/two-step/resend")
 async def on_two_step_resend(request):
-    two_step_session = await TwoStepSession.decode(request)  # Code = 197251
+    two_step_session = await TwoStepSession.decode(request)  # Code = T2I58I
     await email_code(
         two_step_session.bearer.email, two_step_session.code
     )  # Custom method for emailing verification code.
@@ -420,7 +416,7 @@ async def on_two_step_resend(request):
 
 | Key      | Value  |
 |----------|--------|
-| **code** | 197251 |
+| **code** | T2I58I |
 
 ```python
 @app.post("api/security/two-step")
@@ -434,7 +430,7 @@ async def on_two_step_verification(request):
 
 | Key      | Value  |
 |----------|--------|
-| **code** | 197251 |
+| **code** | T2I58I |
 
 ```python
 @app.post("api/security/two-step")

{sanic_security-1.12.4 → sanic_security-1.12.6}/README.md

@@ -166,7 +166,7 @@ async def on_register(request):
     account = await register(request)
     two_step_session = await request_two_step_verification(request, account)
     await email_code(
-        account.email, two_step_session.code  # Code = 197251
+        account.email, two_step_session.code  # Code = 24KF19
     )  # Custom method for emailing verification code.
     response = json(
         "Registration successful! Email verification required.",
@@ -182,7 +182,7 @@ Verifies the client's account via two-step session code.
 
 | Key      | Value  |
 |----------|--------|
-| **code** | 197251 |
+| **code** | 24KF19 |
 
 ```python
 @app.post("api/security/verify")
@@ -206,7 +206,7 @@ async def on_login(request):
         request, authentication_session.bearer
     )
     await email_code(
-        authentication_session.bearer.email, two_step_session.code  # Code = 197251
+        authentication_session.bearer.email, two_step_session.code  # Code = XGED2U
     )  # Custom method for emailing verification code.
     response = json(
         "Login successful! Two-factor authentication required.",
@@ -217,7 +217,7 @@ async def on_login(request):
     return response
 ```
 
-If this isn't desired, you can pass an account and password attempt directly into the login instead.
+If this isn't desired, you can pass an account and password attempt directly into the login method instead.
 
 * Fulfill Second Factor
 
@@ -225,7 +225,7 @@ Fulfills client authentication session's second factor requirement via two-step
 
 | Key      | Value  |
 |----------|--------|
-| **code** | 197251 |
+| **code** | XGED2U |
 
 ```python
 @app.post("api/security/fulfill-2fa")
@@ -290,19 +290,15 @@ async def on_authenticate(request):
     return response
 ```
 
-* Authentication Middleware
+* Refresh Encoder
 
-New/Refreshed session returned if client's session expired during authentication, requires encoding.
-
-Middleware is recommended to automatically encode the refreshed session.
+A new/refreshed session is returned during authentication when the client's current session expires and it
+requires encoding. This should be be done automatically via middleware.
 
 ```python
-@app.on_response
-async def authentication_refresh_encoder(request, response):
-    if hasattr(request.ctx, "authentication_session"):
-        authentication_session = request.ctx.authentication_session
-        if authentication_session.is_refresh:
-            authentication_session.encode(response)
+attach_refresh_encoder(app)
+if __name__ == "__main__":
+    app.run(host="127.0.0.1", port=8000)
 ```
 
 ## Captcha
@@ -320,7 +316,7 @@ downloading a .ttf font and defining the file's path in the configuration.
 @app.get("api/security/captcha")
 async def on_captcha_img_request(request):
     captcha_session = await request_captcha(request)
-    response = captcha_session.get_image()  # Captcha: 192731
+    response = captcha_session.get_image()  # Captcha: LJ0F3U
     captcha_session.encode(response)
     return response
 ```
@@ -329,7 +325,7 @@ async def on_captcha_img_request(request):
 
 | Key         | Value  |
 |-------------|--------|
-| **captcha** | 192731 |
+| **captcha** | LJ0F3U |
 
 ```python
 @app.post("api/security/captcha")
@@ -342,7 +338,7 @@ async def on_captcha(request):
 
 | Key         | Value  |
 |-------------|--------|
-| **captcha** | 192731 |
+| **captcha** | LJ0F3U |
 
 ```python
 @app.post("api/security/captcha")
@@ -364,7 +360,7 @@ Two-step verification should be integrated with other custom functionality. For
 ```python
 @app.post("api/security/two-step/request")
 async def on_two_step_request(request):
-    two_step_session = await request_two_step_verification(request)  # Code = 197251
+    two_step_session = await request_two_step_verification(request)  # Code = T2I58I
     await email_code(
         two_step_session.bearer.email, two_step_session.code
     )  # Custom method for emailing verification code.
@@ -378,7 +374,7 @@ async def on_two_step_request(request):
 ```python
 @app.post("api/security/two-step/resend")
 async def on_two_step_resend(request):
-    two_step_session = await TwoStepSession.decode(request)  # Code = 197251
+    two_step_session = await TwoStepSession.decode(request)  # Code = T2I58I
     await email_code(
         two_step_session.bearer.email, two_step_session.code
     )  # Custom method for emailing verification code.
@@ -389,7 +385,7 @@ async def on_two_step_resend(request):
 
 | Key      | Value  |
 |----------|--------|
-| **code** | 197251 |
+| **code** | T2I58I |
 
 ```python
 @app.post("api/security/two-step")
@@ -403,7 +399,7 @@ async def on_two_step_verification(request):
 
 | Key      | Value  |
 |----------|--------|
-| **code** | 197251 |
+| **code** | T2I58I |
 
 ```python
 @app.post("api/security/two-step")

{sanic_security-1.12.4 → sanic_security-1.12.6}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "sanic-security"
-version = "1.12.4"
+version = "1.12.6"
 requires-python = ">=3.8"
 dependencies = [
     "tortoise-orm>=0.17.0",
@@ -16,7 +16,7 @@ dependencies = [
 ]
 description = "An async security library for the Sanic framework."
 authors = [
-  { name="Aidan Stewart", email="na.stewart365@gmail.com" },
+  { name="Aidan Stewart", email="me@na-stewart.com" },
 ]
 readme = "README.md"
 keywords = ["security", "authentication", "authorization", "verification", "async", "sanic"]

{sanic_security-1.12.4 → sanic_security-1.12.6}/sanic_security/authentication.py

@@ -249,6 +249,22 @@ def requires_authentication(arg=None):
     return decorator(arg) if callable(arg) else decorator
 
 
+def attach_refresh_encoder(app: Sanic):
+    """
+    Automatically encodes the new/refreshed session returned during authentication when client's current session expires.
+
+    Args:
+        app: (Sanic): The main Sanic application instance.
+    """
+
+    @app.on_response
+    async def refresh_encoder_middleware(request, response):
+        if hasattr(request.ctx, "authentication_session"):
+            authentication_session = request.ctx.authentication_session
+            if authentication_session.is_refresh:
+                authentication_session.encode(response)
+
+
 def create_initial_admin_account(app: Sanic) -> None:
     """
     Creates the initial admin account that can be logged into and has complete authoritative access.

{sanic_security-1.12.4 → sanic_security-1.12.6}/sanic_security/exceptions.py

@@ -130,7 +130,7 @@ class DeactivatedError(SessionError):
 
     def __init__(
         self,
-        message: str = "Session has been deactivated or refreshed.",
+        message: str = "Session has been deactivated.",
         code: int = 401,
     ):
         super().__init__(message, code)

{sanic_security-1.12.4 → sanic_security-1.12.6}/sanic_security/test/server.py

@@ -12,6 +12,7 @@ from sanic_security.authentication import (
     logout,
     create_initial_admin_account,
     fulfill_second_factor,
+    attach_refresh_encoder,
 )
 from sanic_security.authorization import (
     assign_role,
@@ -173,14 +174,6 @@ async def on_authenticate(request):
     return response
 
 
-@app.on_response
-async def authentication_refresh_encoder(request, response):
-    if hasattr(request.ctx, "authentication_session"):
-        authentication_session = request.ctx.authentication_session
-        if authentication_session.is_refresh:
-            authentication_session.encode(response)
-
-
 @app.post("api/test/auth/expire")
 @requires_authentication
 async def on_authentication_expire(request):
@@ -351,6 +344,7 @@ register_tortoise(
     modules={"models": ["sanic_security.models"]},
     generate_schemas=True,
 )
+attach_refresh_encoder(app)
 create_initial_admin_account(app)
 if __name__ == "__main__":
     app.run(host="127.0.0.1", port=8000, workers=1, debug=True)

{sanic_security-1.12.4 → sanic_security-1.12.6}/sanic_security/test/tests.py

@@ -576,6 +576,4 @@ class MiscTest(TestCase):
         authenticate_response = self.client.post(
             "http://127.0.0.1:8000/api/test/auth",
         )  # Since session refresh handling is complete, it will be returned as a regular session now.
-        assert (
-            json.loads(authenticate_response.text)["data"]["refresh"] is False
-        ), authenticate_response.text
+        assert authenticate_response.status_code == 200, authenticate_response.text

{sanic_security-1.12.4 → sanic_security-1.12.6}/sanic_security/utils.py

@@ -1,5 +1,6 @@
 import datetime
 import random
+import string
 
 from sanic.request import Request
 from sanic.response import json as sanic_json, HTTPResponse
@@ -47,7 +48,9 @@ def get_code() -> str:
     Returns:
         code
     """
-    return str(random.randint(100000, 999999))
+    return "".join(
+        random.choice(string.ascii_uppercase + string.digits) for _ in range(6)
+    )
 
 
 def json(

{sanic_security-1.12.4 → sanic_security-1.12.6/sanic_security.egg-info}/PKG-INFO

@@ -1,8 +1,8 @@
 Metadata-Version: 2.1
 Name: sanic-security
-Version: 1.12.4
+Version: 1.12.6
 Summary: An async security library for the Sanic framework.
-Author-email: Aidan Stewart <na.stewart365@gmail.com>
+Author-email: Aidan Stewart <me@na-stewart.com>
 Project-URL: Documentation, https://security.na-stewart.com/
 Project-URL: Repository, https://github.com/na-stewart/sanic-security
 Keywords: security,authentication,authorization,verification,async,sanic
@@ -197,7 +197,7 @@ async def on_register(request):
     account = await register(request)
     two_step_session = await request_two_step_verification(request, account)
     await email_code(
-        account.email, two_step_session.code  # Code = 197251
+        account.email, two_step_session.code  # Code = 24KF19
     )  # Custom method for emailing verification code.
     response = json(
         "Registration successful! Email verification required.",
@@ -213,7 +213,7 @@ Verifies the client's account via two-step session code.
 
 | Key      | Value  |
 |----------|--------|
-| **code** | 197251 |
+| **code** | 24KF19 |
 
 ```python
 @app.post("api/security/verify")
@@ -237,7 +237,7 @@ async def on_login(request):
         request, authentication_session.bearer
     )
     await email_code(
-        authentication_session.bearer.email, two_step_session.code  # Code = 197251
+        authentication_session.bearer.email, two_step_session.code  # Code = XGED2U
     )  # Custom method for emailing verification code.
     response = json(
         "Login successful! Two-factor authentication required.",
@@ -248,7 +248,7 @@ async def on_login(request):
     return response
 ```
 
-If this isn't desired, you can pass an account and password attempt directly into the login instead.
+If this isn't desired, you can pass an account and password attempt directly into the login method instead.
 
 * Fulfill Second Factor
 
@@ -256,7 +256,7 @@ Fulfills client authentication session's second factor requirement via two-step
 
 | Key      | Value  |
 |----------|--------|
-| **code** | 197251 |
+| **code** | XGED2U |
 
 ```python
 @app.post("api/security/fulfill-2fa")
@@ -321,19 +321,15 @@ async def on_authenticate(request):
     return response
 ```
 
-* Authentication Middleware
+* Refresh Encoder
 
-New/Refreshed session returned if client's session expired during authentication, requires encoding.
-
-Middleware is recommended to automatically encode the refreshed session.
+A new/refreshed session is returned during authentication when the client's current session expires and it
+requires encoding. This should be be done automatically via middleware.
 
 ```python
-@app.on_response
-async def authentication_refresh_encoder(request, response):
-    if hasattr(request.ctx, "authentication_session"):
-        authentication_session = request.ctx.authentication_session
-        if authentication_session.is_refresh:
-            authentication_session.encode(response)
+attach_refresh_encoder(app)
+if __name__ == "__main__":
+    app.run(host="127.0.0.1", port=8000)
 ```
 
 ## Captcha
@@ -351,7 +347,7 @@ downloading a .ttf font and defining the file's path in the configuration.
 @app.get("api/security/captcha")
 async def on_captcha_img_request(request):
     captcha_session = await request_captcha(request)
-    response = captcha_session.get_image()  # Captcha: 192731
+    response = captcha_session.get_image()  # Captcha: LJ0F3U
     captcha_session.encode(response)
     return response
 ```
@@ -360,7 +356,7 @@ async def on_captcha_img_request(request):
 
 | Key         | Value  |
 |-------------|--------|
-| **captcha** | 192731 |
+| **captcha** | LJ0F3U |
 
 ```python
 @app.post("api/security/captcha")
@@ -373,7 +369,7 @@ async def on_captcha(request):
 
 | Key         | Value  |
 |-------------|--------|
-| **captcha** | 192731 |
+| **captcha** | LJ0F3U |
 
 ```python
 @app.post("api/security/captcha")
@@ -395,7 +391,7 @@ Two-step verification should be integrated with other custom functionality. For
 ```python
 @app.post("api/security/two-step/request")
 async def on_two_step_request(request):
-    two_step_session = await request_two_step_verification(request)  # Code = 197251
+    two_step_session = await request_two_step_verification(request)  # Code = T2I58I
     await email_code(
         two_step_session.bearer.email, two_step_session.code
     )  # Custom method for emailing verification code.
@@ -409,7 +405,7 @@ async def on_two_step_request(request):
 ```python
 @app.post("api/security/two-step/resend")
 async def on_two_step_resend(request):
-    two_step_session = await TwoStepSession.decode(request)  # Code = 197251
+    two_step_session = await TwoStepSession.decode(request)  # Code = T2I58I
     await email_code(
         two_step_session.bearer.email, two_step_session.code
     )  # Custom method for emailing verification code.
@@ -420,7 +416,7 @@ async def on_two_step_resend(request):
 
 | Key      | Value  |
 |----------|--------|
-| **code** | 197251 |
+| **code** | T2I58I |
 
 ```python
 @app.post("api/security/two-step")
@@ -434,7 +430,7 @@ async def on_two_step_verification(request):
 
 | Key      | Value  |
 |----------|--------|
-| **code** | 197251 |
+| **code** | T2I58I |
 
 ```python
 @app.post("api/security/two-step")