sanic-security 1.13.2__py3-none-any.whl → 1.13.3__py3-none-any.whl

sanic_security/authentication.py

@@ -7,7 +7,7 @@ from argon2.exceptions import VerifyMismatchError
 from sanic import Sanic
 from sanic.log import logger
 from sanic.request import Request
-from tortoise.exceptions import DoesNotExist
+from tortoise.exceptions import DoesNotExist, ValidationError, IntegrityError
 
 from sanic_security.configuration import config as security_config, DEFAULT_CONFIG
 from sanic_security.exceptions import (
@@ -62,32 +62,31 @@ async def register(
     Raises:
         CredentialsError
     """
-    email_lower = validate_email(request.form.get("email").lower())
-    if await Account.filter(email=email_lower).exists():
-        raise CredentialsError("An account with this email may already exist.", 409)
-    elif await Account.filter(
-        username=validate_username(request.form.get("username"))
-    ).exists():
-        raise CredentialsError("An account with this username may already exist.", 409)
-    elif (
-        request.form.get("phone")
-        and await Account.filter(
-            phone=validate_phone(request.form.get("phone"))
-        ).exists()
-    ):
+    try:
+        account = await Account.create(
+            email=request.form.get("email").lower(),
+            username=request.form.get("username"),
+            password=password_hasher.hash(
+                validate_password(request.form.get("password"))
+            ),
+            phone=request.form.get("phone"),
+            verified=verified,
+            disabled=disabled,
+        )
+        logger.info(f"Client {get_ip(request)} has registered account {account.id}.")
+        return account
+    except ValidationError as e:
         raise CredentialsError(
-            "An account with this phone number may already exist.", 409
+            "Username must be 3-32 characters long and can only include _ or -."
+            if "username" in e.args[0]
+            else "Invalid email or phone number."
+        )
+    except IntegrityError as e:
+        raise CredentialsError(
+            f"An account with this {"username" if "username" in str(e.args[0]) else "email or phone number"} "
+            "may already exist.",
+            409,
         )
-    account = await Account.create(
-        email=email_lower,
-        username=request.form.get("username"),
-        password=password_hasher.hash(validate_password(request.form.get("password"))),
-        phone=request.form.get("phone"),
-        verified=verified,
-        disabled=disabled,
-    )
-    logger.info(f"Client {get_ip(request)} has registered account {account.id}.")
-    return account
 
 
 async def login(
@@ -266,65 +265,6 @@ def requires_authentication(arg=None):
     return decorator(arg) if callable(arg) else decorator
 
 
-def validate_email(email: str) -> str:
-    """
-    Validates email format.
-
-    Args:
-        email (str): Email being validated.
-
-    Returns:
-        email
-
-    Raises:
-        CredentialsError
-    """
-    if not re.search(r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$", email):
-        raise CredentialsError("Please use a valid email address.", 400)
-    return email
-
-
-def validate_username(username: str) -> str:
-    """
-    Validates username format.
-
-    Args:
-        username (str): Username being validated.
-
-    Returns:
-        username
-
-    Raises:
-        CredentialsError
-    """
-    if not re.search(r"^[A-Za-z0-9_-]{3,32}$", username):
-        raise CredentialsError(
-            "Username must be between 3-32 characters and not contain any special characters other than _ or -.",
-            400,
-        )
-    return username
-
-
-def validate_phone(phone: str) -> str:
-    """
-    Validates phone number format.
-
-    Args:
-        phone (str): Phone number being validated.
-
-    Returns:
-        phone
-
-    Raises:
-        CredentialsError
-    """
-    if phone and not re.search(
-        r"^(\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]?\d{3}[\s.-]?\d{4}$", phone
-    ):
-        raise CredentialsError("Please use a valid phone number.", 400)
-    return phone
-
-
 def validate_password(password: str) -> str:
     """
     Validates password requirements.
@@ -370,8 +310,13 @@ def initialize_security(app: Sanic, create_root=True) -> None:
             warnings.warn("HttpOnly should be enabled.", AuditWarning)
         if not security_config.SESSION_SECURE:
             warnings.warn("Secure should be enabled.", AuditWarning)
-        if security_config.SESSION_SAMESITE.lower() == "none":
-            warnings.warn("SameSite should not be set to none.", AuditWarning)
+        if (
+            not security_config.SESSION_SAMESITE
+            or security_config.SESSION_SAMESITE.lower() == "none"
+        ):
+            warnings.warn("SameSite should not be none.", AuditWarning)
+        if not security_config.SESSION_DOMAIN:
+            warnings.warn("Domain should not be none.", AuditWarning)
         if (
             create_root
             and security_config.INITIAL_ADMIN_EMAIL

sanic_security/models.py

@@ -1,5 +1,6 @@
 import base64
 import datetime
+import re
 from io import BytesIO
 from typing import Union
 
@@ -9,7 +10,8 @@ from jwt import DecodeError
 from sanic.request import Request
 from sanic.response import HTTPResponse, raw
 from tortoise import fields, Model
-from tortoise.exceptions import DoesNotExist
+from tortoise.exceptions import DoesNotExist, ValidationError
+from tortoise.validators import RegexValidator
 
 from sanic_security.configuration import config as security_config
 from sanic_security.exceptions import *
@@ -103,9 +105,26 @@ class Account(BaseModel):
         roles (ManyToManyRelation[Role]): Roles associated with this account.
     """
 
-    username: str = fields.CharField(unique=True, max_length=32)
-    email: str = fields.CharField(unique=True, max_length=255)
-    phone: str = fields.CharField(unique=True, max_length=14, null=True)
+    username: str = fields.CharField(
+        unique=security_config.ALLOW_LOGIN_WITH_USERNAME,
+        max_length=32,
+        validators=[RegexValidator(r"^[A-Za-z0-9_-]*$", re.I)],
+    )
+    email: str = fields.CharField(
+        unique=True,
+        max_length=255,
+        validators=[
+            RegexValidator(r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$", re.I)
+        ],
+    )
+    phone: str = fields.CharField(
+        unique=True,
+        max_length=14,
+        null=True,
+        validators=[
+            RegexValidator(r"^(\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]?\d{3}[\s.-]?\d{4}$", re.I)
+        ],
+    )
     password: str = fields.CharField(max_length=255)
     disabled: bool = fields.BooleanField(default=False)
     verified: bool = fields.BooleanField(default=False)
@@ -192,7 +211,7 @@ class Account(BaseModel):
         try:
             account = await Account.filter(username=username, deleted=False).get()
             return account
-        except DoesNotExist:
+        except (DoesNotExist, ValidationError):
             raise NotFoundError("Account with this username does not exist.")
 
     @staticmethod
@@ -211,7 +230,7 @@ class Account(BaseModel):
         """
         try:
             account = await Account.get_via_email(credential)
-        except NotFoundError as e:
+        except (NotFoundError, ValidationError) as e:
             if security_config.ALLOW_LOGIN_WITH_USERNAME:
                 account = await Account.get_via_username(credential)
             else:
@@ -348,19 +367,14 @@ class Session(BaseModel):
             httponly=security_config.SESSION_HTTPONLY,
             samesite=security_config.SESSION_SAMESITE,
             secure=security_config.SESSION_SECURE,
-        )
-        if self.expiration_date:  # Overrides refresh expiration.
-            response.cookies.get_cookie(cookie).expires = (
+            domain=security_config.SESSION_DOMAIN,
+            expires=(
                 self.refresh_expiration_date
-                if (
-                    hasattr(self, "refresh_expiration_date")
-                    and self.refresh_expiration_date
-                )
+                if hasattr(self, "refresh_expiration_date")
+                and self.refresh_expiration_date
                 else self.expiration_date
-            )
-
-        if security_config.SESSION_DOMAIN:
-            response.cookies.get_cookie(cookie).domain = security_config.SESSION_DOMAIN
+            ),
+        )
 
     @property
     def json(self) -> dict:
@@ -369,9 +383,7 @@ class Session(BaseModel):
             "date_created": str(self.date_created),
             "date_updated": str(self.date_updated),
             "expiration_date": str(self.expiration_date),
-            "bearer": (
-                self.bearer.username if isinstance(self.bearer, Account) else None
-            ),
+            "bearer": self.bearer.id if isinstance(self.bearer, Account) else None,
             "active": self.active,
         }
 
@@ -491,7 +503,7 @@ class VerificationSession(Session):
     """
 
     attempts: int = fields.IntField(default=0)
-    code: str = fields.CharField(max_length=10, default=get_code, null=True)
+    code: str = fields.CharField(max_length=6, default=get_code, null=True)
 
     async def check_code(self, code: str) -> None:
         """

{sanic_security-1.13.2.dist-info → sanic_security-1.13.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: sanic-security
-Version: 1.13.2
+Version: 1.13.3
 Summary: An async security library for the Sanic framework.
 Author-email: Aidan Stewart <me@na-stewart.com>
 Project-URL: Documentation, https://security.na-stewart.com/
@@ -82,8 +82,8 @@ Sanic Security is an authentication, authorization, and verification library des
 * Role based authorization with wildcard permissions
 * Two-factor authentication
 * Two-step verification
+* Logging & Auditing
 * Captcha
-* Logging
 
 Visit [security.na-stewart.com](https://security.na-stewart.com) for documentation.
 
@@ -158,7 +158,7 @@ You can load environment variables with a different prefix via `config.load_envi
 | **TWO_STEP_SESSION_EXPIRATION**       | 200                          | The amount of seconds till two-step session expiration on creation. Setting to 0 will disable expiration.                        |
 | **AUTHENTICATION_SESSION_EXPIRATION** | 86400                        | The amount of seconds till authentication session expiration on creation. Setting to 0 will disable expiration.                  |
 | **AUTHENTICATION_REFRESH_EXPIRATION** | 604800                       | The amount of seconds till authentication refresh expiration. Setting to 0 will disable refresh mechanism.                       |
-| **ALLOW_LOGIN_WITH_USERNAME**         | False                        | Allows login via username and email.                                                                                             |
+| **ALLOW_LOGIN_WITH_USERNAME**         | False                        | Allows login via username; unique constraint is disabled when set to false.                                                      |
 | **INITIAL_ADMIN_EMAIL**               | admin@example.com            | Email used when creating the initial admin account.                                                                              |
 | **INITIAL_ADMIN_PASSWORD**            | admin123                     | Password used when creating the initial admin account.                                                                           |
 

{sanic_security-1.13.2.dist-info → sanic_security-1.13.3.dist-info}/RECORD

@@ -1,16 +1,16 @@
 sanic_security/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-sanic_security/authentication.py,sha256=h0Yq2hWFv1GZoqhPQBmoJnqywGQd6fOYu7zyaqfv6wQ,14432
+sanic_security/authentication.py,sha256=Rc2QqAjY17EialuML-wAThIrOxK8FKIFq927bst70IU,13218
 sanic_security/authorization.py,sha256=1SHx4cU_ibC0o_nEDDYURH_l_K6Q66M0SLzpRQrsIXc,7534
 sanic_security/configuration.py,sha256=br2hI3MHsTBh3yfPer5f3bkKSWfQdCeqfLqWmaDNVoM,5510
 sanic_security/exceptions.py,sha256=JiCaBR2kjE1Cj0fc_08y-32fqJJXa_1UCw205T4_RTY,5493
-sanic_security/models.py,sha256=l3cO5-S1bmE0tqhFXBC9z4IWTCnYNeRvw1VzIFLeaHE,22363
+sanic_security/models.py,sha256=XF9u3RIU76M19QzNiM4C7LoLHe4uv6tfcELGH4W7L5k,22637
 sanic_security/utils.py,sha256=XAUNalcTi53qTz0D8xiDyDyRlq7Z7ffNBzUONJZqe90,2705
 sanic_security/verification.py,sha256=js2PkqJU6o46atslJ76n-_cYoY5iz5fbyiV0OFwoySo,8668
 sanic_security/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 sanic_security/test/server.py,sha256=79HaNIH1skWTrh2gIbh8WWVNxvYqPA5GlQ8AqRaCsXQ,12094
 sanic_security/test/tests.py,sha256=bW5fHJfsCrg8eBmcSqVMLm0R5XRL1ou-XJJRgz09GOE,21993
-sanic_security-1.13.2.dist-info/LICENSE,sha256=sXlJs9_mG-dCkPfWsDnuzydJWagS82E2gYtkVH9enHA,1100
-sanic_security-1.13.2.dist-info/METADATA,sha256=mcHljpRvZGGTk_hRi2Sf-lqF-QyZIrhn_lNZGkbNjUI,23011
-sanic_security-1.13.2.dist-info/WHEEL,sha256=R06PA3UVYHThwHvxuRWMqaGcr-PuniXahwjmQRFMEkY,91
-sanic_security-1.13.2.dist-info/top_level.txt,sha256=ZybkhHXSjfzhmv8XeqLvnNmLmv21Z0oPX6Ep4DJN8b0,15
-sanic_security-1.13.2.dist-info/RECORD,,
+sanic_security-1.13.3.dist-info/LICENSE,sha256=sXlJs9_mG-dCkPfWsDnuzydJWagS82E2gYtkVH9enHA,1100
+sanic_security-1.13.3.dist-info/METADATA,sha256=PUPuAXTXIRtjpdBzYWl9Pz8S3m-VdJB2skIEnHqQdGM,23022
+sanic_security-1.13.3.dist-info/WHEEL,sha256=R06PA3UVYHThwHvxuRWMqaGcr-PuniXahwjmQRFMEkY,91
+sanic_security-1.13.3.dist-info/top_level.txt,sha256=ZybkhHXSjfzhmv8XeqLvnNmLmv21Z0oPX6Ep4DJN8b0,15
+sanic_security-1.13.3.dist-info/RECORD,,