sanic-security 1.13.2__py3-none-any.whl → 1.13.4__py3-none-any.whl

sanic_security/authentication.py

@@ -2,12 +2,11 @@ import functools
 import re
 import warnings
 
-from argon2 import PasswordHasher
 from argon2.exceptions import VerifyMismatchError
 from sanic import Sanic
 from sanic.log import logger
 from sanic.request import Request
-from tortoise.exceptions import DoesNotExist
+from tortoise.exceptions import DoesNotExist, ValidationError, IntegrityError
 
 from sanic_security.configuration import config as security_config, DEFAULT_CONFIG
 from sanic_security.exceptions import (
@@ -18,7 +17,7 @@ from sanic_security.exceptions import (
     AuditWarning,
 )
 from sanic_security.models import Account, AuthenticationSession, Role, TwoStepSession
-from sanic_security.utils import get_ip
+from sanic_security.utils import get_ip, password_hasher, secure_headers
 
 """
 Copyright (c) 2020-present Nicholas Aidan Stewart
@@ -42,8 +41,6 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 """
 
-password_hasher = PasswordHasher()
-
 
 async def register(
     request: Request, verified: bool = False, disabled: bool = False
@@ -62,32 +59,31 @@ async def register(
     Raises:
         CredentialsError
     """
-    email_lower = validate_email(request.form.get("email").lower())
-    if await Account.filter(email=email_lower).exists():
-        raise CredentialsError("An account with this email may already exist.", 409)
-    elif await Account.filter(
-        username=validate_username(request.form.get("username"))
-    ).exists():
-        raise CredentialsError("An account with this username may already exist.", 409)
-    elif (
-        request.form.get("phone")
-        and await Account.filter(
-            phone=validate_phone(request.form.get("phone"))
-        ).exists()
-    ):
+    try:
+        account = await Account.create(
+            email=request.form.get("email").lower(),
+            username=request.form.get("username"),
+            password=password_hasher.hash(
+                validate_password(request.form.get("password"))
+            ),
+            phone=request.form.get("phone"),
+            verified=verified,
+            disabled=disabled,
+        )
+        logger.info(f"Client {get_ip(request)} has registered account {account.id}.")
+        return account
+    except ValidationError as e:
         raise CredentialsError(
-            "An account with this phone number may already exist.", 409
+            "Username must be 3-32 characters long and can only include _ or -."
+            if "username" in e.args[0]
+            else "Invalid email or phone number."
+        )
+    except IntegrityError as e:
+        raise CredentialsError(
+            f"An account with this {"username" if "username" in str(e.args[0]) else "email or phone number"} "
+            "may already exist.",
+            409,
         )
-    account = await Account.create(
-        email=email_lower,
-        username=request.form.get("username"),
-        password=password_hasher.hash(validate_password(request.form.get("password"))),
-        phone=request.form.get("phone"),
-        verified=verified,
-        disabled=disabled,
-    )
-    logger.info(f"Client {get_ip(request)} has registered account {account.id}.")
-    return account
 
 
 async def login(
@@ -194,8 +190,7 @@ async def fulfill_second_factor(request: Request) -> AuthenticationSession:
     authentication_session.requires_second_factor = False
     await authentication_session.save(update_fields=["requires_second_factor"])
     logger.info(
-        f"Client {get_ip(request)} has fulfilled authentication session {authentication_session.id} "
-        "second factor."
+        f"Client {get_ip(request)} has fulfilled authentication session {authentication_session.id} second factor."
     )
     return authentication_session
 
@@ -266,65 +261,6 @@ def requires_authentication(arg=None):
     return decorator(arg) if callable(arg) else decorator
 
 
-def validate_email(email: str) -> str:
-    """
-    Validates email format.
-
-    Args:
-        email (str): Email being validated.
-
-    Returns:
-        email
-
-    Raises:
-        CredentialsError
-    """
-    if not re.search(r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$", email):
-        raise CredentialsError("Please use a valid email address.", 400)
-    return email
-
-
-def validate_username(username: str) -> str:
-    """
-    Validates username format.
-
-    Args:
-        username (str): Username being validated.
-
-    Returns:
-        username
-
-    Raises:
-        CredentialsError
-    """
-    if not re.search(r"^[A-Za-z0-9_-]{3,32}$", username):
-        raise CredentialsError(
-            "Username must be between 3-32 characters and not contain any special characters other than _ or -.",
-            400,
-        )
-    return username
-
-
-def validate_phone(phone: str) -> str:
-    """
-    Validates phone number format.
-
-    Args:
-        phone (str): Phone number being validated.
-
-    Returns:
-        phone
-
-    Raises:
-        CredentialsError
-    """
-    if phone and not re.search(
-        r"^(\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]?\d{3}[\s.-]?\d{4}$", phone
-    ):
-        raise CredentialsError("Please use a valid phone number.", 400)
-    return phone
-
-
 def validate_password(password: str) -> str:
     """
     Validates password requirements.
@@ -348,7 +284,7 @@ def validate_password(password: str) -> str:
 
 def initialize_security(app: Sanic, create_root=True) -> None:
     """
-    Audits configuration, creates root administrator account, and attaches refresh encoder middleware.
+    Audits configuration, creates root administrator account, and attaches response handler middleware.
 
     Args:
         app (Sanic): The main Sanic application instance.
@@ -356,7 +292,8 @@ def initialize_security(app: Sanic, create_root=True) -> None:
     """
 
     @app.on_response
-    async def refresh_encoder_middleware(request, response):
+    async def response_handler_middleware(request, response):
+        secure_headers.set_headers(response)
         if hasattr(request.ctx, "authentication_session"):
             authentication_session = request.ctx.authentication_session
             if authentication_session.is_refresh:
@@ -370,8 +307,13 @@ def initialize_security(app: Sanic, create_root=True) -> None:
             warnings.warn("HttpOnly should be enabled.", AuditWarning)
         if not security_config.SESSION_SECURE:
             warnings.warn("Secure should be enabled.", AuditWarning)
-        if security_config.SESSION_SAMESITE.lower() == "none":
-            warnings.warn("SameSite should not be set to none.", AuditWarning)
+        if (
+            not security_config.SESSION_SAMESITE
+            or security_config.SESSION_SAMESITE.lower() == "none"
+        ):
+            warnings.warn("SameSite should not be none.", AuditWarning)
+        if not security_config.SESSION_DOMAIN:
+            warnings.warn("Domain should not be none.", AuditWarning)
         if (
             create_root
             and security_config.INITIAL_ADMIN_EMAIL

sanic_security/authorization.py

@@ -71,7 +71,7 @@ async def check_permissions(
             if fnmatch(required_permission, role_permission):
                 return authentication_session
     logger.warning(
-        f"Client {get_ip(request)} with account {authentication_session.bearer.id} attempted an unauthorized action. "
+        f"Client {get_ip(request)} with account {authentication_session.bearer.id} attempted an unauthorized action."
     )
     raise AuthorizationError("Insufficient permissions required for this action.")
 
@@ -123,14 +123,16 @@ async def assign_role(
     Args:
         name (str):  The name of the role associated with the account.
         account (Account): The account associated with the created role.
-        permissions (str):  The permissions of the role associated with the account. Permissions must be separated via comma and in wildcard format.
+        permissions (str):  The permissions of the role associated with the account. Permissions must be separated via ", " and in wildcard format.
         description (str):  The description of the role associated with the account.
     """
     try:
         role = await Role.filter(name=name).get()
     except DoesNotExist:
         role = await Role.create(
-            description=description, permissions=permissions, name=name
+            name=name,
+            description=description,
+            permissions=permissions,
         )
     await account.roles.add(role)
     return role

sanic_security/configuration.py

@@ -36,6 +36,7 @@ DEFAULT_CONFIG = {
     "MAX_CHALLENGE_ATTEMPTS": 5,
     "CAPTCHA_SESSION_EXPIRATION": 60,
     "CAPTCHA_FONT": "captcha-font.ttf",
+    "CAPTCHA_VOICE": "captcha-voice/",
     "TWO_STEP_SESSION_EXPIRATION": 300,
     "AUTHENTICATION_SESSION_EXPIRATION": 86400,
     "AUTHENTICATION_REFRESH_EXPIRATION": 604800,
@@ -62,6 +63,7 @@ class Config(dict):
         MAX_CHALLENGE_ATTEMPTS (str): The maximum amount of session challenge attempts allowed.
         CAPTCHA_SESSION_EXPIRATION (int): The amount of seconds till captcha session expiration on creation. Setting to 0 will disable expiration.
         CAPTCHA_FONT (str): The file path to the font being used for captcha generation.
+        CAPTCHA_VOICE (str): The directory of the voice library being used for audio captcha generation.
         TWO_STEP_SESSION_EXPIRATION (int):  The amount of seconds till two-step session expiration on creation. Setting to 0 will disable expiration.
         AUTHENTICATION_SESSION_EXPIRATION (int): The amount of seconds till authentication session expiration on creation. Setting to 0 will disable expiration.
         AUTHENTICATION_REFRESH_EXPIRATION (int): The amount of seconds till authentication session refresh expiration. Setting to 0 will disable refresh mechanism.
@@ -82,6 +84,7 @@ class Config(dict):
     MAX_CHALLENGE_ATTEMPTS: int
     CAPTCHA_SESSION_EXPIRATION: int
     CAPTCHA_FONT: str
+    CAPTCHA_VOICE: str
     TWO_STEP_SESSION_EXPIRATION: int
     AUTHENTICATION_SESSION_EXPIRATION: int
     AUTHENTICATION_REFRESH_EXPIRATION: int

sanic_security/models.py

@@ -1,19 +1,25 @@
 import base64
 import datetime
-from io import BytesIO
+import re
 from typing import Union
 
 import jwt
-from captcha.image import ImageCaptcha
 from jwt import DecodeError
 from sanic.request import Request
 from sanic.response import HTTPResponse, raw
 from tortoise import fields, Model
-from tortoise.exceptions import DoesNotExist
+from tortoise.exceptions import DoesNotExist, ValidationError
+from tortoise.validators import RegexValidator
 
 from sanic_security.configuration import config as security_config
 from sanic_security.exceptions import *
-from sanic_security.utils import get_ip, get_code, get_expiration_date
+from sanic_security.utils import (
+    get_ip,
+    get_code,
+    get_expiration_date,
+    image_generator,
+    audio_generator,
+)
 
 """
 Copyright (c) 2020-present Nicholas Aidan Stewart
@@ -66,7 +72,7 @@ class BaseModel(Model):
     @property
     def json(self) -> dict:
         """
-        A JSON serializable dict to be used in a HTTP request or response.
+        A JSON serializable dict to be used in an HTTP request or response.
 
         Example:
             Below is an example of this method returning a dict to be used for JSON serialization.
@@ -103,9 +109,26 @@ class Account(BaseModel):
         roles (ManyToManyRelation[Role]): Roles associated with this account.
     """
 
-    username: str = fields.CharField(unique=True, max_length=32)
-    email: str = fields.CharField(unique=True, max_length=255)
-    phone: str = fields.CharField(unique=True, max_length=14, null=True)
+    username: str = fields.CharField(
+        unique=security_config.ALLOW_LOGIN_WITH_USERNAME,
+        max_length=32,
+        validators=[RegexValidator(r"^[A-Za-z0-9_-]*$", re.I)],
+    )
+    email: str = fields.CharField(
+        unique=True,
+        max_length=255,
+        validators=[
+            RegexValidator(r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$", re.I)
+        ],
+    )
+    phone: str = fields.CharField(
+        unique=True,
+        max_length=15,
+        null=True,
+        validators=[
+            RegexValidator(r"^(\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]?\d{3}[\s.-]?\d{4}$", re.I)
+        ],
+    )
     password: str = fields.CharField(max_length=255)
     disabled: bool = fields.BooleanField(default=False)
     verified: bool = fields.BooleanField(default=False)
@@ -170,9 +193,8 @@ class Account(BaseModel):
             NotFoundError
         """
         try:
-            account = await Account.filter(email=email, deleted=False).get()
-            return account
-        except DoesNotExist:
+            return await Account.filter(email=email, deleted=False).get()
+        except (DoesNotExist, ValidationError):
             raise NotFoundError("Account with this email does not exist.")
 
     @staticmethod
@@ -190,9 +212,8 @@ class Account(BaseModel):
             NotFoundError
         """
         try:
-            account = await Account.filter(username=username, deleted=False).get()
-            return account
-        except DoesNotExist:
+            return await Account.filter(username=username, deleted=False).get()
+        except (DoesNotExist, ValidationError):
             raise NotFoundError("Account with this username does not exist.")
 
     @staticmethod
@@ -262,9 +283,8 @@ class Account(BaseModel):
             NotFoundError
         """
         try:
-            account = await Account.filter(phone=phone, deleted=False).get()
-            return account
-        except DoesNotExist:
+            return await Account.filter(phone=phone, deleted=False).get()
+        except (DoesNotExist, ValidationError):
             raise NotFoundError("Account with this phone number does not exist.")
 
 
@@ -348,19 +368,14 @@ class Session(BaseModel):
             httponly=security_config.SESSION_HTTPONLY,
             samesite=security_config.SESSION_SAMESITE,
             secure=security_config.SESSION_SECURE,
-        )
-        if self.expiration_date:  # Overrides refresh expiration.
-            response.cookies.get_cookie(cookie).expires = (
+            domain=security_config.SESSION_DOMAIN,
+            expires=(
                 self.refresh_expiration_date
-                if (
-                    hasattr(self, "refresh_expiration_date")
-                    and self.refresh_expiration_date
-                )
+                if hasattr(self, "refresh_expiration_date")
+                and self.refresh_expiration_date
                 else self.expiration_date
-            )
-
-        if security_config.SESSION_DOMAIN:
-            response.cookies.get_cookie(cookie).domain = security_config.SESSION_DOMAIN
+            ),
+        )
 
     @property
     def json(self) -> dict:
@@ -369,9 +384,7 @@ class Session(BaseModel):
             "date_created": str(self.date_created),
             "date_updated": str(self.date_updated),
             "expiration_date": str(self.expiration_date),
-            "bearer": (
-                self.bearer.username if isinstance(self.bearer, Account) else None
-            ),
+            "bearer": self.bearer.id if isinstance(self.bearer, Account) else None,
             "active": self.active,
         }
 
@@ -491,7 +504,7 @@ class VerificationSession(Session):
     """
 
     attempts: int = fields.IntField(default=0)
-    code: str = fields.CharField(max_length=10, default=get_code, null=True)
+    code: str = fields.CharField(max_length=6, default=get_code, null=True)
 
     async def check_code(self, code: str) -> None:
         """
@@ -562,10 +575,21 @@ class CaptchaSession(VerificationSession):
         Returns:
             captcha_image
         """
-        image = ImageCaptcha(190, 90, fonts=[security_config.CAPTCHA_FONT])
-        with BytesIO() as output:
-            image.generate_image(self.code).save(output, format="JPEG")
-            return raw(output.getvalue(), content_type="image/jpeg")
+        return raw(
+            image_generator.generate(self.code, "jpeg").getvalue(),
+            content_type="image/jpeg",
+        )
+
+    def get_audio(self) -> HTTPResponse:
+        """
+        Retrieves captcha audio file.
+
+        Returns:
+            captcha_audio
+        """
+        return raw(
+            bytes(audio_generator.generate(self.code)), content_type="audio/mpeg"
+        )
 
     class Meta:
         table = "captcha_session"

sanic_security/test/server.py

@@ -195,9 +195,14 @@ async def on_captcha_request(request):
 async def on_captcha_image(request):
     """Request captcha image."""
     captcha_session = await CaptchaSession.decode(request)
-    response = captcha_session.get_image()
-    captcha_session.encode(response)
-    return response
+    return captcha_session.get_image()
+
+
+@app.get("api/test/capt/audio")
+async def on_captcha_audio(request):
+    """Request captcha audio."""
+    captcha_session = await CaptchaSession.decode(request)
+    return captcha_session.get_audio()
 
 
 @app.post("api/test/capt")

sanic_security/utils.py

@@ -2,8 +2,14 @@ import datetime
 import random
 import string
 
+from argon2 import PasswordHasher
+from captcha.audio import AudioCaptcha
+from captcha.image import ImageCaptcha
 from sanic.request import Request
 from sanic.response import json as sanic_json, HTTPResponse
+from secure import Secure
+
+from sanic_security.configuration import config
 
 """
 Copyright (c) 2020-Present Nicholas Aidan Stewart
@@ -27,6 +33,13 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 """
 
+image_generator = ImageCaptcha(
+    190, 90, fonts=config.CAPTCHA_FONT.replace(" ", "").split(",")
+)
+audio_generator = AudioCaptcha(voicedir=config.CAPTCHA_VOICE)
+password_hasher = PasswordHasher()
+secure_headers = Secure.with_default_headers()
+
 
 def get_ip(request: Request) -> str:
     """

{sanic_security-1.13.2.dist-info → sanic_security-1.13.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: sanic-security
-Version: 1.13.2
+Version: 1.13.4
 Summary: An async security library for the Sanic framework.
 Author-email: Aidan Stewart <me@na-stewart.com>
 Project-URL: Documentation, https://security.na-stewart.com/
@@ -20,6 +20,7 @@ Requires-Dist: captcha>=0.4
 Requires-Dist: pillow>=9.5.0
 Requires-Dist: argon2-cffi>=20.1.0
 Requires-Dist: sanic>=21.3.0
+Requires-Dist: secure>=1.0.1
 Provides-Extra: crypto
 Requires-Dist: cryptography>=3.3.1; extra == "crypto"
 Provides-Extra: dev
@@ -63,7 +64,7 @@ Requires-Dist: cryptography; extra == "dev"
   * [Configuration](#configuration)
 * [Usage](#usage)
     * [Authentication](#authentication)
-    * [Captcha](#captcha)
+    * [CAPTCHA](#captcha)
     * [Two-step Verification](#two-step-verification)
     * [Authorization](#authorization)
     * [Testing](#testing)
@@ -76,21 +77,22 @@ Requires-Dist: cryptography; extra == "dev"
 <!-- ABOUT THE PROJECT -->
 ## About The Project
 
-Sanic Security is an authentication, authorization, and verification library designed for use with [Sanic](https://github.com/huge-success/sanic).
+Sanic Security is an authentication, authorization, and verification library designed for use with the 
+[Sanic](https://github.com/huge-success/sanic) framework.
 
 * Login, registration, and authentication with refresh mechanisms
 * Role based authorization with wildcard permissions
+* Image & audio CAPTCHA
 * Two-factor authentication
 * Two-step verification
-* Captcha
-* Logging
+* Logging & auditing
 
 Visit [security.na-stewart.com](https://security.na-stewart.com) for documentation.
 
 <!-- GETTING STARTED -->
 ## Getting Started
 
-In order to get started, please install [Pip](https://pypi.org/).
+In order to get started, please install [PyPI](https://pypi.org/).
 
 ### Installation
 
@@ -109,14 +111,9 @@ as an extra requirement.
 pip3 install sanic-security[crypto]
 ````
 
-* For developers, fork Sanic Security and install development dependencies.
-```shell
-pip3 install -e ".[dev]"
-````
-
 * Update sanic-security if already installed.
 ```shell
-pip3 install --upgrade sanic-security
+pip3 install sanic-security --upgrade
 ```
 
 ### Configuration
@@ -154,11 +151,12 @@ You can load environment variables with a different prefix via `config.load_envi
 | **SESSION_PREFIX**                    | tkn                          | Prefix attached to the beginning of session cookies.                                                                             |
 | **MAX_CHALLENGE_ATTEMPTS**            | 5                            | The maximum amount of session challenge attempts allowed.                                                                        |
 | **CAPTCHA_SESSION_EXPIRATION**        | 60                           | The amount of seconds till captcha session expiration on creation. Setting to 0 will disable expiration.                         |
-| **CAPTCHA_FONT**                      | captcha-font.ttf             | The file path to the font being used for captcha generation.                                                                     |
+| **CAPTCHA_FONT**                      | captcha-font.ttf             | The file path to the font being used for captcha generation. Several fonts can be used by separating them via comma.             |
+| **CAPTCHA_VOICE**                     | captcha-voice/               | The directory of the voice library being used for audio captcha generation.                                                      |
 | **TWO_STEP_SESSION_EXPIRATION**       | 200                          | The amount of seconds till two-step session expiration on creation. Setting to 0 will disable expiration.                        |
 | **AUTHENTICATION_SESSION_EXPIRATION** | 86400                        | The amount of seconds till authentication session expiration on creation. Setting to 0 will disable expiration.                  |
 | **AUTHENTICATION_REFRESH_EXPIRATION** | 604800                       | The amount of seconds till authentication refresh expiration. Setting to 0 will disable refresh mechanism.                       |
-| **ALLOW_LOGIN_WITH_USERNAME**         | False                        | Allows login via username and email.                                                                                             |
+| **ALLOW_LOGIN_WITH_USERNAME**         | False                        | Allows login via username; unique constraint is disabled when set to false.                                                      |
 | **INITIAL_ADMIN_EMAIL**               | admin@example.com            | Email used when creating the initial admin account.                                                                              |
 | **INITIAL_ADMIN_PASSWORD**            | admin123                     | Password used when creating the initial admin account.                                                                           |
 
@@ -319,16 +317,40 @@ async def on_authenticate(request):
     return response
 ```
 
-## Captcha
+## CAPTCHA
+
+Protects against spam and malicious activities by ensuring that only real humans can complete certain actions, like 
+submitting a form or creating an account.
 
-A pre-existing font for captcha challenges is included in the Sanic Security repository. You may set your own font by 
-downloading a .ttf font and defining the file's path in the configuration.
+* Fonts
+
+A font for captcha challenges is included in the repository. You can set a custom font by downloading a .ttf file and 
+specifying its path in the configuration.
 
 [1001 Free Fonts](https://www.1001fonts.com/)
 
-[Recommended Font](https://www.1001fonts.com/source-sans-pro-font.html)
+* Voice Library
+
+A voice library for captcha challenges is included in the repository. You can generate your own using `espeak` and 
+`ffmpeg`, then specify the library's directory in the configuration.
 
-* Request Captcha
+```bash
+# Set the language code
+export ESLANG=en
+
+# Create a directory for the specified language code
+mkdir "$ESLANG"
+
+# Loop through each character (A-Z, 0-9) and create a directory for each
+for i in {A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7,8,9}; do
+    mkdir "$ESLANG/$i"
+    espeak -a 150 -s 100 -p 15 -v "$ESLANG" "$i" -w "$ESLANG/$i/orig_default.wav"
+    ffmpeg -i "$ESLANG/$i/orig_default.wav" -ar 8000 -ac 1 -acodec pcm_u8 "$ESLANG/$i/default.wav"
+    rm "$ESLANG/$i/orig_default.wav"
+done
+```
+
+* Request CAPTCHA
 
 ```python
 @app.get("api/security/captcha")
@@ -339,7 +361,16 @@ async def on_captcha_img_request(request):
     return response
 ```
 
-* Captcha
+* Request CAPTCHA Audio
+
+```python
+@app.get("api/security/captcha/audio")
+async def on_captcha_audio_request(request):
+    captcha_session = await CaptchaSession.decode(request)
+    return captcha_session.get_audio()  # Captcha: LJ0F3U
+```
+
+* Attempt CAPTCHA
 
 | Key         | Value  |
 |-------------|--------|
@@ -352,7 +383,7 @@ async def on_captcha(request):
     return json("Captcha attempt successful!", captcha_session.json)
 ```
 
-* Requires Captcha (This method is not called directly and instead used as a decorator)
+* Requires CAPTCHA (This method is not called directly and instead used as a decorator)
 
 | Key         | Value  |
 |-------------|--------|
@@ -367,7 +398,7 @@ async def on_captcha(request):
 
 ## Two-step Verification
 
-Two-step verification should be integrated with other custom functionality. For example, account verification during registration.
+Two-step verification should be integrated with other custom functionalities, such as account verification during registration.
 
 * Request Two-step Verification
 
@@ -399,7 +430,7 @@ async def on_two_step_resend(request):
     return json("Verification code resend successful!", two_step_session.json)
 ```
 
-* Two-step Verification
+* Attempt Two-step Verification
 
 | Key      | Value  |
 |----------|--------|
@@ -442,13 +473,14 @@ user's account; this simplifies common operations, such as adding a user, or cha
 
 Wildcard permissions support the concept of multiple levels or parts. For example, you could grant a user the permission
 `printer:query`, `printer:query,delete`, or `printer:*`.
+
 * Assign Role
 
 ```python
 await assign_role(
     "Chat Room Moderator",
     account,
-    "channels:view,delete, account:suspend,mute, voice:*",
+    "channels:view,delete, voice:*, account:suspend,mute",
     "Can read and delete messages in all chat rooms, suspend and mute accounts, and control voice chat.",
 )
 ```
@@ -497,7 +529,7 @@ async def on_check_roles(request):
 
 * Make sure the test Sanic instance (`test/server.py`) is running on your machine.
 
-* Run the unit test client (`test/tests.py`) for results.
+* Run the test client (`test/tests.py`) for results.
 
 ## Tortoise
 

sanic_security-1.13.4.dist-info/RECORD

@@ -0,0 +1,16 @@
+sanic_security/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+sanic_security/authentication.py,sha256=6pOiZJmnej0no-at7irkrh8YCupAdJVQOJEgfT2cc5k,13214
+sanic_security/authorization.py,sha256=ddJWqGJbFIqII5pUW5SxI7h4EyVB-EhrbGM7jsQutOI,7559
+sanic_security/configuration.py,sha256=h-Kh4PalJpjbDcZvVHCzxX5l-GnldP3Fr8OlgGCZNHY,5680
+sanic_security/exceptions.py,sha256=JiCaBR2kjE1Cj0fc_08y-32fqJJXa_1UCw205T4_RTY,5493
+sanic_security/models.py,sha256=bK5daR6Iq7V7aqNSzksH6DGrCXMj2e4feNRhlxlFQMg,22722
+sanic_security/utils.py,sha256=tgewsCAkNl_NkobHaDlZNIgVopQPiD8SWb6UC6tBYNs,3151
+sanic_security/verification.py,sha256=js2PkqJU6o46atslJ76n-_cYoY5iz5fbyiV0OFwoySo,8668
+sanic_security/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+sanic_security/test/server.py,sha256=Rh_L12HPCfagvAyqkHziBD1C4WHAKZ9ht4mTCpX2Yik,12240
+sanic_security/test/tests.py,sha256=bW5fHJfsCrg8eBmcSqVMLm0R5XRL1ou-XJJRgz09GOE,21993
+sanic_security-1.13.4.dist-info/LICENSE,sha256=sXlJs9_mG-dCkPfWsDnuzydJWagS82E2gYtkVH9enHA,1100
+sanic_security-1.13.4.dist-info/METADATA,sha256=T_LTsAXGsFWZFSntcTzKoEaoPRpz1JIHwLjcPc0Havc,24248
+sanic_security-1.13.4.dist-info/WHEEL,sha256=R06PA3UVYHThwHvxuRWMqaGcr-PuniXahwjmQRFMEkY,91
+sanic_security-1.13.4.dist-info/top_level.txt,sha256=ZybkhHXSjfzhmv8XeqLvnNmLmv21Z0oPX6Ep4DJN8b0,15
+sanic_security-1.13.4.dist-info/RECORD,,

sanic_security-1.13.2.dist-info/RECORD

@@ -1,16 +0,0 @@
-sanic_security/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-sanic_security/authentication.py,sha256=h0Yq2hWFv1GZoqhPQBmoJnqywGQd6fOYu7zyaqfv6wQ,14432
-sanic_security/authorization.py,sha256=1SHx4cU_ibC0o_nEDDYURH_l_K6Q66M0SLzpRQrsIXc,7534
-sanic_security/configuration.py,sha256=br2hI3MHsTBh3yfPer5f3bkKSWfQdCeqfLqWmaDNVoM,5510
-sanic_security/exceptions.py,sha256=JiCaBR2kjE1Cj0fc_08y-32fqJJXa_1UCw205T4_RTY,5493
-sanic_security/models.py,sha256=l3cO5-S1bmE0tqhFXBC9z4IWTCnYNeRvw1VzIFLeaHE,22363
-sanic_security/utils.py,sha256=XAUNalcTi53qTz0D8xiDyDyRlq7Z7ffNBzUONJZqe90,2705
-sanic_security/verification.py,sha256=js2PkqJU6o46atslJ76n-_cYoY5iz5fbyiV0OFwoySo,8668
-sanic_security/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-sanic_security/test/server.py,sha256=79HaNIH1skWTrh2gIbh8WWVNxvYqPA5GlQ8AqRaCsXQ,12094
-sanic_security/test/tests.py,sha256=bW5fHJfsCrg8eBmcSqVMLm0R5XRL1ou-XJJRgz09GOE,21993
-sanic_security-1.13.2.dist-info/LICENSE,sha256=sXlJs9_mG-dCkPfWsDnuzydJWagS82E2gYtkVH9enHA,1100
-sanic_security-1.13.2.dist-info/METADATA,sha256=mcHljpRvZGGTk_hRi2Sf-lqF-QyZIrhn_lNZGkbNjUI,23011
-sanic_security-1.13.2.dist-info/WHEEL,sha256=R06PA3UVYHThwHvxuRWMqaGcr-PuniXahwjmQRFMEkY,91
-sanic_security-1.13.2.dist-info/top_level.txt,sha256=ZybkhHXSjfzhmv8XeqLvnNmLmv21Z0oPX6Ep4DJN8b0,15
-sanic_security-1.13.2.dist-info/RECORD,,