sanic-security 1.13.4__py3-none-any.whl → 1.14.0__py3-none-any.whl

sanic_security/authentication.py

@@ -223,7 +223,7 @@ async def authenticate(request: Request) -> AuthenticationSession:
             authentication_session.bearer.validate()
     except ExpiredError:
         authentication_session = await authentication_session.refresh(request)
-    request.ctx.authentication_session = authentication_session
+    request.ctx.session = authentication_session
     return authentication_session
 
 
@@ -293,34 +293,33 @@ def initialize_security(app: Sanic, create_root=True) -> None:
 
     @app.on_response
     async def response_handler_middleware(request, response):
-        secure_headers.set_headers(response)
-        if hasattr(request.ctx, "authentication_session"):
-            authentication_session = request.ctx.authentication_session
-            if authentication_session.is_refresh:
-                authentication_session.encode(response)
+        if hasattr(request.ctx, "session"):
+            secure_headers.set_headers(response)
+            if request.ctx.session.is_refresh:
+                request.ctx.session.encode(response)
 
     @app.listener("before_server_start")
     async def audit_configuration(app, loop):
         if security_config.SECRET == DEFAULT_CONFIG["SECRET"]:
-            warnings.warn("Secret should be changed from default.", AuditWarning)
+            warnings.warn("Secret should be changed from default.", AuditWarning, 2)
         if not security_config.SESSION_HTTPONLY:
-            warnings.warn("HttpOnly should be enabled.", AuditWarning)
+            warnings.warn("HttpOnly should be enabled.", AuditWarning, 2)
         if not security_config.SESSION_SECURE:
-            warnings.warn("Secure should be enabled.", AuditWarning)
+            warnings.warn("Secure should be enabled.", AuditWarning, 2)
         if (
             not security_config.SESSION_SAMESITE
             or security_config.SESSION_SAMESITE.lower() == "none"
         ):
-            warnings.warn("SameSite should not be none.", AuditWarning)
+            warnings.warn("SameSite should not be none.", AuditWarning, 2)
         if not security_config.SESSION_DOMAIN:
-            warnings.warn("Domain should not be none.", AuditWarning)
+            warnings.warn("Domain should not be none.", AuditWarning, 2)
         if (
             create_root
             and security_config.INITIAL_ADMIN_EMAIL
             == DEFAULT_CONFIG["INITIAL_ADMIN_EMAIL"]
         ):
             warnings.warn(
-                "Initial admin email should be changed from default.", AuditWarning
+                "Initial admin email should be changed from default.", AuditWarning, 2
             )
         if (
             create_root
@@ -328,7 +327,9 @@ def initialize_security(app: Sanic, create_root=True) -> None:
             == DEFAULT_CONFIG["INITIAL_ADMIN_PASSWORD"]
         ):
             warnings.warn(
-                "Initial admin password should be changed from default.", AuditWarning
+                "Initial admin password should be changed from default.",
+                AuditWarning,
+                2,
             )
 
     @app.listener("before_server_start")

sanic_security/authorization.py

@@ -69,6 +69,7 @@ async def check_permissions(
             required_permissions, role.permissions.split(", ")
         ):
             if fnmatch(required_permission, role_permission):
+                request.ctx.session = authentication_session
                 return authentication_session
     logger.warning(
         f"Client {get_ip(request)} with account {authentication_session.bearer.id} attempted an unauthorized action."
@@ -107,6 +108,7 @@ async def check_roles(request: Request, *required_roles: str) -> AuthenticationS
     roles = await authentication_session.bearer.roles.filter(deleted=False).all()
     for role in roles:
         if role.name in required_roles:
+            request.ctx.session = authentication_session
             return authentication_session
     logger.warning(
         f"Client {get_ip(request)} with account {authentication_session.bearer.id} attempted an unauthorized action. "
@@ -168,9 +170,7 @@ def require_permissions(*required_permissions: str):
     def decorator(func):
         @functools.wraps(func)
         async def wrapper(request, *args, **kwargs):
-            request.ctx.authentication_session = await check_permissions(
-                request, *required_permissions
-            )
+            await check_permissions(request, *required_permissions)
             return await func(request, *args, **kwargs)
 
         return wrapper
@@ -208,9 +208,7 @@ def require_roles(*required_roles: str):
     def decorator(func):
         @functools.wraps(func)
         async def wrapper(request, *args, **kwargs):
-            request.ctx.authentication_session = await check_roles(
-                request, *required_roles
-            )
+            await check_roles(request, *required_roles)
             return await func(request, *args, **kwargs)
 
         return wrapper

sanic_security/test/server.py

@@ -144,16 +144,15 @@ async def on_logout(request):
 @requires_authentication
 async def on_authenticate(request):
     """Authenticate client session and account."""
-    authentication_session = request.ctx.authentication_session
     response = json(
         "Authenticated!",
         {
             "bearer": (
-                authentication_session.bearer.json
-                if not authentication_session.anonymous
+                request.ctx.session.bearer.json
+                if not request.ctx.session.anonymous
                 else None
             ),
-            "refresh": authentication_session.is_refresh,
+            "refresh": request.ctx.session.is_refresh,
         },
     )
     return response
@@ -163,10 +162,9 @@ async def on_authenticate(request):
 @requires_authentication
 async def on_authentication_expire(request):
     """Expire client's session."""
-    authentication_session = request.ctx.authentication_session
-    authentication_session.expiration_date = datetime.datetime.now(datetime.UTC)
-    await authentication_session.save(update_fields=["expiration_date"])
-    return json("Authentication expired!", authentication_session.json)
+    request.ctx.session.expiration_date = datetime.datetime.now(datetime.UTC)
+    await request.ctx.session.save(update_fields=["expiration_date"])
+    return json("Authentication expired!", request.ctx.session.json)
 
 
 @app.post("api/test/auth/associated")
@@ -174,7 +172,7 @@ async def on_authentication_expire(request):
 async def on_get_associated_authentication_sessions(request):
     """Retrieves authentication sessions associated with logged in account."""
     authentication_sessions = await AuthenticationSession.get_associated(
-        request.ctx.authentication_session.bearer
+        request.ctx.session.bearer
     )
     return json(
         "Associated authentication sessions retrieved!",
@@ -209,7 +207,7 @@ async def on_captcha_audio(request):
 @requires_captcha
 async def on_captcha_attempt(request):
     """Attempt captcha challenge."""
-    return json("Captcha attempt successful!", request.ctx.captcha_session.json)
+    return json("Captcha attempt successful!", request.ctx.session.json)
 
 
 @app.post("api/test/two-step/request")
@@ -225,9 +223,7 @@ async def on_request_verification(request):
 @requires_two_step_verification
 async def on_verification_attempt(request):
     """Attempt two-step verification challenge."""
-    return json(
-        "Two step verification attempt successful!", request.ctx.two_step_session.json
-    )
+    return json("Two step verification attempt successful!", request.ctx.session.json)
 
 
 @app.post("api/test/auth/roles")
@@ -248,7 +244,7 @@ async def on_role_assign(request):
     """Assign authenticated account a role."""
     await assign_role(
         request.form.get("name"),
-        request.ctx.authentication_session.bearer,
+        request.ctx.session.bearer,
         request.form.get("permissions"),
         "Role used for testing.",
     )

sanic_security/verification.py

@@ -102,6 +102,7 @@ async def two_step_verification(request: Request) -> TwoStepSession:
     logger.info(
         f"Client {get_ip(request)} has completed two-step session {two_step_session.id} challenge."
     )
+    request.ctx.session = two_step_session
     return two_step_session
 
 
@@ -133,7 +134,7 @@ def requires_two_step_verification(arg=None):
     def decorator(func):
         @functools.wraps(func)
         async def wrapper(request, *args, **kwargs):
-            request.ctx.two_step_session = await two_step_verification(request)
+            await two_step_verification(request)
             return await func(request, *args, **kwargs)
 
         return wrapper
@@ -229,6 +230,7 @@ async def captcha(request: Request) -> CaptchaSession:
     logger.info(
         f"Client {get_ip(request)} has completed captcha session {captcha_session.id} challenge."
     )
+    request.ctx.session = captcha_session
     return captcha_session
 
 
@@ -257,7 +259,7 @@ def requires_captcha(arg=None):
     def decorator(func):
         @functools.wraps(func)
         async def wrapper(request, *args, **kwargs):
-            request.ctx.captcha_session = await captcha(request)
+            await captcha(request)
             return await func(request, *args, **kwargs)
 
         return wrapper

{sanic_security-1.13.4.dist-info → sanic_security-1.14.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: sanic-security
-Version: 1.13.4
+Version: 1.14.0
 Summary: An async security library for the Sanic framework.
 Author-email: Aidan Stewart <me@na-stewart.com>
 Project-URL: Documentation, https://security.na-stewart.com/
@@ -309,46 +309,15 @@ async def on_authenticate(request):
 @app.post("api/security/auth")
 @requires_authentication
 async def on_authenticate(request):
-    authentication_session = request.ctx.authentication_session
-    response = json(
-        "You have been authenticated.",
-        authentication_session.json,
-    )
+    response = json("You have been authenticated.", request.ctx.session.json)
     return response
 ```
 
 ## CAPTCHA
 
-Protects against spam and malicious activities by ensuring that only real humans can complete certain actions, like 
-submitting a form or creating an account.
-
-* Fonts
-
-A font for captcha challenges is included in the repository. You can set a custom font by downloading a .ttf file and 
-specifying its path in the configuration.
-
-[1001 Free Fonts](https://www.1001fonts.com/)
-
-* Voice Library
-
-A voice library for captcha challenges is included in the repository. You can generate your own using `espeak` and 
-`ffmpeg`, then specify the library's directory in the configuration.
-
-```bash
-# Set the language code
-export ESLANG=en
-
-# Create a directory for the specified language code
-mkdir "$ESLANG"
-
-# Loop through each character (A-Z, 0-9) and create a directory for each
-for i in {A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7,8,9}; do
-    mkdir "$ESLANG/$i"
-    espeak -a 150 -s 100 -p 15 -v "$ESLANG" "$i" -w "$ESLANG/$i/orig_default.wav"
-    ffmpeg -i "$ESLANG/$i/orig_default.wav" -ar 8000 -ac 1 -acodec pcm_u8 "$ESLANG/$i/default.wav"
-    rm "$ESLANG/$i/orig_default.wav"
-done
-```
+Protects against spam and malicious activities by ensuring that only real humans can complete certain actions like 
+submitting a form or creating an account. A font and voice library for CAPTCHA challenges is included in the repository, 
+or you can download/create your own and specify its path in the configuration.
 
 * Request CAPTCHA
 
@@ -393,7 +362,7 @@ async def on_captcha(request):
 @app.post("api/security/captcha")
 @requires_captcha
 async def on_captcha(request):
-    return json("Captcha attempt successful!", request.ctx.captcha_session.json)
+    return json("Captcha attempt successful!", request.ctx.session.json)
 ```
 
 ## Two-step Verification
@@ -455,8 +424,7 @@ async def on_two_step_verification(request):
 @requires_two_step_verification
 async def on_two_step_verification(request):
     response = json(
-        "Two-step verification attempt successful!",
-        request.ctx.two_step_session.json,
+        "Two-step verification attempt successful!", request.ctx.session.json
     )
     return response
 ```

sanic_security-1.14.0.dist-info/RECORD

@@ -0,0 +1,16 @@
+sanic_security/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+sanic_security/authentication.py,sha256=dq7Yt_1xm9_LSZgMZkyzgcvG46NUQsysEb3s5pgO7BE,13165
+sanic_security/authorization.py,sha256=QvLsaOWu3te0Y75tqChrEXQP5CR92nsRU7LXiUWy5cw,7541
+sanic_security/configuration.py,sha256=h-Kh4PalJpjbDcZvVHCzxX5l-GnldP3Fr8OlgGCZNHY,5680
+sanic_security/exceptions.py,sha256=JiCaBR2kjE1Cj0fc_08y-32fqJJXa_1UCw205T4_RTY,5493
+sanic_security/models.py,sha256=bK5daR6Iq7V7aqNSzksH6DGrCXMj2e4feNRhlxlFQMg,22722
+sanic_security/utils.py,sha256=tgewsCAkNl_NkobHaDlZNIgVopQPiD8SWb6UC6tBYNs,3151
+sanic_security/verification.py,sha256=olmpP2AwXKILRVRnDf7AMRJuK5Fs_i5ESHXSH94A-Yk,8694
+sanic_security/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+sanic_security/test/server.py,sha256=hLvT2mG1VXeV7nE6r1avoSOTa1qMSS6jL0qTizyCdOY,12029
+sanic_security/test/tests.py,sha256=bW5fHJfsCrg8eBmcSqVMLm0R5XRL1ou-XJJRgz09GOE,21993
+sanic_security-1.14.0.dist-info/LICENSE,sha256=sXlJs9_mG-dCkPfWsDnuzydJWagS82E2gYtkVH9enHA,1100
+sanic_security-1.14.0.dist-info/METADATA,sha256=ynu6jYXbs9s7ZQi8l2Z2Ilm93Yu8JxQukx-swbOcQIc,23306
+sanic_security-1.14.0.dist-info/WHEEL,sha256=R06PA3UVYHThwHvxuRWMqaGcr-PuniXahwjmQRFMEkY,91
+sanic_security-1.14.0.dist-info/top_level.txt,sha256=ZybkhHXSjfzhmv8XeqLvnNmLmv21Z0oPX6Ep4DJN8b0,15
+sanic_security-1.14.0.dist-info/RECORD,,

sanic_security-1.13.4.dist-info/RECORD

@@ -1,16 +0,0 @@
-sanic_security/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-sanic_security/authentication.py,sha256=6pOiZJmnej0no-at7irkrh8YCupAdJVQOJEgfT2cc5k,13214
-sanic_security/authorization.py,sha256=ddJWqGJbFIqII5pUW5SxI7h4EyVB-EhrbGM7jsQutOI,7559
-sanic_security/configuration.py,sha256=h-Kh4PalJpjbDcZvVHCzxX5l-GnldP3Fr8OlgGCZNHY,5680
-sanic_security/exceptions.py,sha256=JiCaBR2kjE1Cj0fc_08y-32fqJJXa_1UCw205T4_RTY,5493
-sanic_security/models.py,sha256=bK5daR6Iq7V7aqNSzksH6DGrCXMj2e4feNRhlxlFQMg,22722
-sanic_security/utils.py,sha256=tgewsCAkNl_NkobHaDlZNIgVopQPiD8SWb6UC6tBYNs,3151
-sanic_security/verification.py,sha256=js2PkqJU6o46atslJ76n-_cYoY5iz5fbyiV0OFwoySo,8668
-sanic_security/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-sanic_security/test/server.py,sha256=Rh_L12HPCfagvAyqkHziBD1C4WHAKZ9ht4mTCpX2Yik,12240
-sanic_security/test/tests.py,sha256=bW5fHJfsCrg8eBmcSqVMLm0R5XRL1ou-XJJRgz09GOE,21993
-sanic_security-1.13.4.dist-info/LICENSE,sha256=sXlJs9_mG-dCkPfWsDnuzydJWagS82E2gYtkVH9enHA,1100
-sanic_security-1.13.4.dist-info/METADATA,sha256=T_LTsAXGsFWZFSntcTzKoEaoPRpz1JIHwLjcPc0Havc,24248
-sanic_security-1.13.4.dist-info/WHEEL,sha256=R06PA3UVYHThwHvxuRWMqaGcr-PuniXahwjmQRFMEkY,91
-sanic_security-1.13.4.dist-info/top_level.txt,sha256=ZybkhHXSjfzhmv8XeqLvnNmLmv21Z0oPX6Ep4DJN8b0,15
-sanic_security-1.13.4.dist-info/RECORD,,