sanic-security 1.13.0__py3-none-any.whl → 1.13.2__py3-none-any.whl

sanic_security/authentication.py

@@ -86,6 +86,7 @@ async def register(
         verified=verified,
         disabled=disabled,
     )
+    logger.info(f"Client {get_ip(request)} has registered account {account.id}.")
     return account
 
 
@@ -128,7 +129,7 @@ async def login(
             request, account, requires_second_factor=require_second_factor
         )
         logger.info(
-            f"Client {get_ip(request)} has logged into account {account.id} with authentication session {authentication_session.id}."
+            f"Client {get_ip(request)} has logged in with authentication session {authentication_session.id}."
         )
         return authentication_session
     except VerifyMismatchError:
@@ -159,8 +160,7 @@ async def logout(request: Request) -> AuthenticationSession:
     authentication_session.active = False
     await authentication_session.save(update_fields=["active"])
     logger.info(
-        f"Client {get_ip(request)} has logged out {"anonymously" if authentication_session.anonymous 
-        else f"of account {authentication_session.bearer.id}"} with authentication session {authentication_session.id}."
+        f"Client {get_ip(request)} has logged out with authentication session {authentication_session.id}."
     )
     return authentication_session
 
@@ -193,6 +193,10 @@ async def fulfill_second_factor(request: Request) -> AuthenticationSession:
     await two_step_session.check_code(request.form.get("code"))
     authentication_session.requires_second_factor = False
     await authentication_session.save(update_fields=["requires_second_factor"])
+    logger.info(
+        f"Client {get_ip(request)} has fulfilled authentication session {authentication_session.id} "
+        "second factor."
+    )
     return authentication_session
 
 

sanic_security/authorization.py

@@ -59,6 +59,9 @@ async def check_permissions(
     """
     authentication_session = await authenticate(request)
     if authentication_session.anonymous:
+        logger.warning(
+            f"Client {get_ip(request)} attempted an unauthorized action anonymously."
+        )
         raise AnonymousError()
     roles = await authentication_session.bearer.roles.filter(deleted=False).all()
     for role in roles:
@@ -68,8 +71,7 @@ async def check_permissions(
             if fnmatch(required_permission, role_permission):
                 return authentication_session
     logger.warning(
-        f"Client {get_ip(request)} with account {authentication_session.bearer.id} has insufficient permissions for "
-        "attempted action."
+        f"Client {get_ip(request)} with account {authentication_session.bearer.id} attempted an unauthorized action. "
     )
     raise AuthorizationError("Insufficient permissions required for this action.")
 
@@ -98,14 +100,16 @@ async def check_roles(request: Request, *required_roles: str) -> AuthenticationS
     """
     authentication_session = await authenticate(request)
     if authentication_session.anonymous:
+        logger.warning(
+            f"Client {get_ip(request)} attempted an unauthorized action anonymously."
+        )
         raise AnonymousError()
     roles = await authentication_session.bearer.roles.filter(deleted=False).all()
     for role in roles:
         if role.name in required_roles:
             return authentication_session
     logger.warning(
-        f"Client {get_ip(request)} with account {authentication_session.bearer.id} has insufficient roles for "
-        "attempted action."
+        f"Client {get_ip(request)} with account {authentication_session.bearer.id} attempted an unauthorized action. "
     )
     raise AuthorizationError("Insufficient roles required for this action.")
 

sanic_security/models.py

@@ -336,6 +336,7 @@ class Session(BaseModel):
                 "id": self.id,
                 "date_created": str(self.date_created),
                 "expiration_date": str(self.expiration_date),
+                "bearer": self.bearer.id if isinstance(self.bearer, Account) else None,
                 "ip": self.ip,
             },
             security_config.SECRET,

sanic_security/test/server.py

@@ -309,4 +309,4 @@ register_tortoise(
 )
 initialize_security(app, True)
 if __name__ == "__main__":
-    app.run(host="127.0.0.1", port=8000, workers=1)
+    app.run(host="127.0.0.1", port=8000, workers=1, debug=True)

sanic_security/verification.py

@@ -1,18 +1,21 @@
 import functools
 from contextlib import suppress
 
+from sanic.log import logger
 from sanic.request import Request
 
 from sanic_security.exceptions import (
     JWTDecodeError,
     NotFoundError,
     VerifiedError,
+    MaxedOutChallengeError,
 )
 from sanic_security.models import (
     Account,
     TwoStepSession,
     CaptchaSession,
 )
+from sanic_security.utils import get_ip
 
 """
 Copyright (c) 2020-present Nicholas Aidan Stewart
@@ -89,7 +92,16 @@ async def two_step_verification(request: Request) -> TwoStepSession:
     two_step_session = await TwoStepSession.decode(request)
     two_step_session.validate()
     two_step_session.bearer.validate()
-    await two_step_session.check_code(request.form.get("code"))
+    try:
+        await two_step_session.check_code(request.form.get("code"))
+    except MaxedOutChallengeError as e:
+        logger.warning(
+            f"Client {get_ip(request)} has exceeded maximum two-step session {two_step_session.id} challenge attempts."
+        )
+        raise e
+    logger.info(
+        f"Client {get_ip(request)} has completed two-step session {two_step_session.id} challenge."
+    )
     return two_step_session
 
 
@@ -153,9 +165,19 @@ async def verify_account(request: Request) -> TwoStepSession:
     if two_step_session.bearer.verified:
         raise VerifiedError()
     two_step_session.validate()
-    await two_step_session.check_code(request.form.get("code"))
+    try:
+        await two_step_session.check_code(request.form.get("code"))
+    except MaxedOutChallengeError as e:
+        logger.warning(
+            f"Client {get_ip(request)} has exceeded maximum two-step session {two_step_session.id} challenge attempts "
+            "during account verification."
+        )
+        raise e
     two_step_session.bearer.verified = True
     await two_step_session.bearer.save(update_fields=["verified"])
+    logger.info(
+        f"Client {get_ip(request)} has verified account {two_step_session.bearer.id}."
+    )
     return two_step_session
 
 
@@ -197,7 +219,16 @@ async def captcha(request: Request) -> CaptchaSession:
     """
     captcha_session = await CaptchaSession.decode(request)
     captcha_session.validate()
-    await captcha_session.check_code(request.form.get("captcha"))
+    try:
+        await captcha_session.check_code(request.form.get("captcha"))
+    except MaxedOutChallengeError as e:
+        logger.warning(
+            f"Client {get_ip(request)} has exceeded maximum captcha session {captcha_session.id} challenge attempts."
+        )
+        raise e
+    logger.info(
+        f"Client {get_ip(request)} has completed captcha session {captcha_session.id} challenge."
+    )
     return captcha_session
 
 

{sanic_security-1.13.0.dist-info → sanic_security-1.13.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: sanic-security
-Version: 1.13.0
+Version: 1.13.2
 Summary: An async security library for the Sanic framework.
 Author-email: Aidan Stewart <me@na-stewart.com>
 Project-URL: Documentation, https://security.na-stewart.com/
@@ -64,7 +64,7 @@ Requires-Dist: cryptography; extra == "dev"
 * [Usage](#usage)
     * [Authentication](#authentication)
     * [Captcha](#captcha)
-    * [Two-Step Verification](#two-step-verification)
+    * [Two-step Verification](#two-step-verification)
     * [Authorization](#authorization)
     * [Testing](#testing)
     * [Tortoise](#tortoise)
@@ -79,10 +79,11 @@ Requires-Dist: cryptography; extra == "dev"
 Sanic Security is an authentication, authorization, and verification library designed for use with [Sanic](https://github.com/huge-success/sanic).
 
 * Login, registration, and authentication with refresh mechanisms
+* Role based authorization with wildcard permissions
 * Two-factor authentication
-* Captcha
 * Two-step verification
-* Role based authorization with wildcard permissions
+* Captcha
+* Logging
 
 Visit [security.na-stewart.com](https://security.na-stewart.com) for documentation.
 

sanic_security-1.13.2.dist-info/RECORD

@@ -0,0 +1,16 @@
+sanic_security/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+sanic_security/authentication.py,sha256=h0Yq2hWFv1GZoqhPQBmoJnqywGQd6fOYu7zyaqfv6wQ,14432
+sanic_security/authorization.py,sha256=1SHx4cU_ibC0o_nEDDYURH_l_K6Q66M0SLzpRQrsIXc,7534
+sanic_security/configuration.py,sha256=br2hI3MHsTBh3yfPer5f3bkKSWfQdCeqfLqWmaDNVoM,5510
+sanic_security/exceptions.py,sha256=JiCaBR2kjE1Cj0fc_08y-32fqJJXa_1UCw205T4_RTY,5493
+sanic_security/models.py,sha256=l3cO5-S1bmE0tqhFXBC9z4IWTCnYNeRvw1VzIFLeaHE,22363
+sanic_security/utils.py,sha256=XAUNalcTi53qTz0D8xiDyDyRlq7Z7ffNBzUONJZqe90,2705
+sanic_security/verification.py,sha256=js2PkqJU6o46atslJ76n-_cYoY5iz5fbyiV0OFwoySo,8668
+sanic_security/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+sanic_security/test/server.py,sha256=79HaNIH1skWTrh2gIbh8WWVNxvYqPA5GlQ8AqRaCsXQ,12094
+sanic_security/test/tests.py,sha256=bW5fHJfsCrg8eBmcSqVMLm0R5XRL1ou-XJJRgz09GOE,21993
+sanic_security-1.13.2.dist-info/LICENSE,sha256=sXlJs9_mG-dCkPfWsDnuzydJWagS82E2gYtkVH9enHA,1100
+sanic_security-1.13.2.dist-info/METADATA,sha256=mcHljpRvZGGTk_hRi2Sf-lqF-QyZIrhn_lNZGkbNjUI,23011
+sanic_security-1.13.2.dist-info/WHEEL,sha256=R06PA3UVYHThwHvxuRWMqaGcr-PuniXahwjmQRFMEkY,91
+sanic_security-1.13.2.dist-info/top_level.txt,sha256=ZybkhHXSjfzhmv8XeqLvnNmLmv21Z0oPX6Ep4DJN8b0,15
+sanic_security-1.13.2.dist-info/RECORD,,

{sanic_security-1.13.0.dist-info → sanic_security-1.13.2.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.3.0)
+Generator: setuptools (75.5.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

sanic_security-1.13.0.dist-info/RECORD

@@ -1,16 +0,0 @@
-sanic_security/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-sanic_security/authentication.py,sha256=ZY4WJDUXbwDdaH_2Ovc9gkR1jCgw52yB9enYp_1LypM,14334
-sanic_security/authorization.py,sha256=XbRrnsx-Yqpiemf3bn_djIYIe1khdnfToB7DsBheLtk,7338
-sanic_security/configuration.py,sha256=br2hI3MHsTBh3yfPer5f3bkKSWfQdCeqfLqWmaDNVoM,5510
-sanic_security/exceptions.py,sha256=JiCaBR2kjE1Cj0fc_08y-32fqJJXa_1UCw205T4_RTY,5493
-sanic_security/models.py,sha256=v3tJyL420HEdZXqJCq9uPPSivuYXuQNtqf9QC9wF0TU,22274
-sanic_security/utils.py,sha256=XAUNalcTi53qTz0D8xiDyDyRlq7Z7ffNBzUONJZqe90,2705
-sanic_security/verification.py,sha256=ebT7QaytHAsw-IKA13W9wyCoqoBAYKgmFA1QJ80N2bE,7476
-sanic_security/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-sanic_security/test/server.py,sha256=DmwP5dBs2Sq2qk4UZgWbAqzm96YXvLGI9jWeqzluy_c,12082
-sanic_security/test/tests.py,sha256=bW5fHJfsCrg8eBmcSqVMLm0R5XRL1ou-XJJRgz09GOE,21993
-sanic_security-1.13.0.dist-info/LICENSE,sha256=sXlJs9_mG-dCkPfWsDnuzydJWagS82E2gYtkVH9enHA,1100
-sanic_security-1.13.0.dist-info/METADATA,sha256=VeYHXoqKPrbNAfub2NW3RT78Rt1WSUBCKj2gVJrHplE,23000
-sanic_security-1.13.0.dist-info/WHEEL,sha256=P9jw-gEje8ByB7_hXoICnHtVCrEwMQh-630tKvQWehc,91
-sanic_security-1.13.0.dist-info/top_level.txt,sha256=ZybkhHXSjfzhmv8XeqLvnNmLmv21Z0oPX6Ep4DJN8b0,15
-sanic_security-1.13.0.dist-info/RECORD,,