sanic-security 1.13.5__py3-none-any.whl → 1.14.1__py3-none-any.whl

sanic_security/authentication.py

@@ -223,7 +223,7 @@ async def authenticate(request: Request) -> AuthenticationSession:
             authentication_session.bearer.validate()
     except ExpiredError:
         authentication_session = await authentication_session.refresh(request)
-    request.ctx.authentication_session = authentication_session
+    request.ctx.session = authentication_session
     return authentication_session
 
 
@@ -291,13 +291,6 @@ def initialize_security(app: Sanic, create_root=True) -> None:
         create_root (bool): Determines root account creation on initialization.
     """
 
-    @app.on_response
-    async def response_handler_middleware(request, response):
-        if hasattr(request.ctx, "authentication_session"):
-            secure_headers.set_headers(response)
-            if request.ctx.authentication_session.is_refresh:
-                request.ctx.authentication_session.encode(response)
-
     @app.listener("before_server_start")
     async def audit_configuration(app, loop):
         if security_config.SECRET == DEFAULT_CONFIG["SECRET"]:
@@ -361,3 +354,13 @@ def initialize_security(app: Sanic, create_root=True) -> None:
             )
             await account.roles.add(role)
             logger.info("Initial admin account created.")
+
+        @app.on_response
+        async def response_handler_middleware(request, response):
+            if hasattr(request.ctx, "session"):
+                secure_headers.set_headers(response)
+                if (
+                    hasattr(request.ctx.session, "is_refresh")
+                    and request.ctx.session.is_refresh
+                ):
+                    request.ctx.session.encode(response)

sanic_security/authorization.py

@@ -69,6 +69,7 @@ async def check_permissions(
             required_permissions, role.permissions.split(", ")
         ):
             if fnmatch(required_permission, role_permission):
+                request.ctx.session = authentication_session
                 return authentication_session
     logger.warning(
         f"Client {get_ip(request)} with account {authentication_session.bearer.id} attempted an unauthorized action."
@@ -107,6 +108,7 @@ async def check_roles(request: Request, *required_roles: str) -> AuthenticationS
     roles = await authentication_session.bearer.roles.filter(deleted=False).all()
     for role in roles:
         if role.name in required_roles:
+            request.ctx.session = authentication_session
             return authentication_session
     logger.warning(
         f"Client {get_ip(request)} with account {authentication_session.bearer.id} attempted an unauthorized action. "
@@ -168,9 +170,7 @@ def require_permissions(*required_permissions: str):
     def decorator(func):
         @functools.wraps(func)
         async def wrapper(request, *args, **kwargs):
-            request.ctx.authentication_session = await check_permissions(
-                request, *required_permissions
-            )
+            await check_permissions(request, *required_permissions)
             return await func(request, *args, **kwargs)
 
         return wrapper
@@ -208,9 +208,7 @@ def require_roles(*required_roles: str):
     def decorator(func):
         @functools.wraps(func)
         async def wrapper(request, *args, **kwargs):
-            request.ctx.authentication_session = await check_roles(
-                request, *required_roles
-            )
+            await check_roles(request, *required_roles)
             return await func(request, *args, **kwargs)
 
         return wrapper

sanic_security/test/server.py

@@ -128,7 +128,6 @@ async def on_two_factor_authentication(request):
         "Authentication session second-factor fulfilled! You are now authenticated.",
         authentication_session.bearer.json,
     )
-    authentication_session.encode(response)
     return response
 
 
@@ -144,16 +143,15 @@ async def on_logout(request):
 @requires_authentication
 async def on_authenticate(request):
     """Authenticate client session and account."""
-    authentication_session = request.ctx.authentication_session
     response = json(
         "Authenticated!",
         {
             "bearer": (
-                authentication_session.bearer.json
-                if not authentication_session.anonymous
+                request.ctx.session.bearer.json
+                if not request.ctx.session.anonymous
                 else None
             ),
-            "refresh": authentication_session.is_refresh,
+            "refresh": request.ctx.session.is_refresh,
         },
     )
     return response
@@ -163,10 +161,9 @@ async def on_authenticate(request):
 @requires_authentication
 async def on_authentication_expire(request):
     """Expire client's session."""
-    authentication_session = request.ctx.authentication_session
-    authentication_session.expiration_date = datetime.datetime.now(datetime.UTC)
-    await authentication_session.save(update_fields=["expiration_date"])
-    return json("Authentication expired!", authentication_session.json)
+    request.ctx.session.expiration_date = datetime.datetime.now(datetime.UTC)
+    await request.ctx.session.save(update_fields=["expiration_date"])
+    return json("Authentication expired!", request.ctx.session.json)
 
 
 @app.post("api/test/auth/associated")
@@ -174,7 +171,7 @@ async def on_authentication_expire(request):
 async def on_get_associated_authentication_sessions(request):
     """Retrieves authentication sessions associated with logged in account."""
     authentication_sessions = await AuthenticationSession.get_associated(
-        request.ctx.authentication_session.bearer
+        request.ctx.session.bearer
     )
     return json(
         "Associated authentication sessions retrieved!",
@@ -209,7 +206,7 @@ async def on_captcha_audio(request):
 @requires_captcha
 async def on_captcha_attempt(request):
     """Attempt captcha challenge."""
-    return json("Captcha attempt successful!", request.ctx.captcha_session.json)
+    return json("Captcha attempt successful!", request.ctx.session.json)
 
 
 @app.post("api/test/two-step/request")
@@ -225,9 +222,7 @@ async def on_request_verification(request):
 @requires_two_step_verification
 async def on_verification_attempt(request):
     """Attempt two-step verification challenge."""
-    return json(
-        "Two step verification attempt successful!", request.ctx.two_step_session.json
-    )
+    return json("Two step verification attempt successful!", request.ctx.session.json)
 
 
 @app.post("api/test/auth/roles")
@@ -248,7 +243,7 @@ async def on_role_assign(request):
     """Assign authenticated account a role."""
     await assign_role(
         request.form.get("name"),
-        request.ctx.authentication_session.bearer,
+        request.ctx.session.bearer,
         request.form.get("permissions"),
         "Role used for testing.",
     )

sanic_security/verification.py

@@ -102,6 +102,7 @@ async def two_step_verification(request: Request) -> TwoStepSession:
     logger.info(
         f"Client {get_ip(request)} has completed two-step session {two_step_session.id} challenge."
     )
+    request.ctx.session = two_step_session
     return two_step_session
 
 
@@ -133,7 +134,7 @@ def requires_two_step_verification(arg=None):
     def decorator(func):
         @functools.wraps(func)
         async def wrapper(request, *args, **kwargs):
-            request.ctx.two_step_session = await two_step_verification(request)
+            await two_step_verification(request)
             return await func(request, *args, **kwargs)
 
         return wrapper
@@ -229,6 +230,7 @@ async def captcha(request: Request) -> CaptchaSession:
     logger.info(
         f"Client {get_ip(request)} has completed captcha session {captcha_session.id} challenge."
     )
+    request.ctx.session = captcha_session
     return captcha_session
 
 
@@ -257,7 +259,7 @@ def requires_captcha(arg=None):
     def decorator(func):
         @functools.wraps(func)
         async def wrapper(request, *args, **kwargs):
-            request.ctx.captcha_session = await captcha(request)
+            await captcha(request)
             return await func(request, *args, **kwargs)
 
         return wrapper

{sanic_security-1.13.5.dist-info → sanic_security-1.14.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: sanic-security
-Version: 1.13.5
+Version: 1.14.1
 Summary: An async security library for the Sanic framework.
 Author-email: Aidan Stewart <me@na-stewart.com>
 Project-URL: Documentation, https://security.na-stewart.com/
@@ -21,14 +21,14 @@ Requires-Dist: pillow>=9.5.0
 Requires-Dist: argon2-cffi>=20.1.0
 Requires-Dist: sanic>=21.3.0
 Requires-Dist: secure>=1.0.1
-Provides-Extra: crypto
-Requires-Dist: cryptography>=3.3.1; extra == "crypto"
 Provides-Extra: dev
 Requires-Dist: httpx; extra == "dev"
 Requires-Dist: black; extra == "dev"
 Requires-Dist: blacken-docs; extra == "dev"
 Requires-Dist: pdoc3; extra == "dev"
 Requires-Dist: cryptography; extra == "dev"
+Provides-Extra: crypto
+Requires-Dist: cryptography>=3.3.1; extra == "crypto"
 
 <!-- PROJECT SHIELDS -->
 <!--
@@ -212,7 +212,7 @@ Verifies the client's account via two-step session code.
 | **code** | 24KF19 |
 
 ```python
-@app.post("api/security/verify")
+@app.put("api/security/verify")
 async def on_verify(request):
     two_step_session = await verify_account(request)
     return json("You have verified your account and may login!", two_step_session.json)
@@ -255,14 +255,13 @@ Fulfills client authentication session's second factor requirement via two-step
 | **code** | XGED2U |
 
 ```python
-@app.post("api/security/fulfill-2fa")
+@app.put("api/security/fulfill-2fa")
 async def on_two_factor_authentication(request):
     authentication_session = await fulfill_second_factor(request)
     response = json(
         "Authentication session second-factor fulfilled! You are now authenticated.",
         authentication_session.json,
     )
-    authentication_session.encode(response)
     return response
 ```
 
@@ -309,46 +308,15 @@ async def on_authenticate(request):
 @app.post("api/security/auth")
 @requires_authentication
 async def on_authenticate(request):
-    authentication_session = request.ctx.authentication_session
-    response = json(
-        "You have been authenticated.",
-        authentication_session.json,
-    )
+    response = json("You have been authenticated.", request.ctx.session.json)
     return response
 ```
 
 ## CAPTCHA
 
-Protects against spam and malicious activities by ensuring that only real humans can complete certain actions, like 
-submitting a form or creating an account.
-
-* Fonts
-
-A font for captcha challenges is included in the repository. You can set a custom font by downloading a .ttf file and 
-specifying its path in the configuration.
-
-[1001 Free Fonts](https://www.1001fonts.com/)
-
-* Voice Library
-
-A voice library for captcha challenges is included in the repository. You can generate your own using `espeak` and 
-`ffmpeg`, then specify the library's directory in the configuration.
-
-```bash
-# Set the language code
-export ESLANG=en
-
-# Create a directory for the specified language code
-mkdir "$ESLANG"
-
-# Loop through each character (A-Z, 0-9) and create a directory for each
-for i in {A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7,8,9}; do
-    mkdir "$ESLANG/$i"
-    espeak -a 150 -s 100 -p 15 -v "$ESLANG" "$i" -w "$ESLANG/$i/orig_default.wav"
-    ffmpeg -i "$ESLANG/$i/orig_default.wav" -ar 8000 -ac 1 -acodec pcm_u8 "$ESLANG/$i/default.wav"
-    rm "$ESLANG/$i/orig_default.wav"
-done
-```
+Protects against spam and malicious activities by ensuring that only real humans can complete certain actions like 
+submitting a form or creating an account. A font and voice library for CAPTCHA challenges is included in the repository, 
+or you can download/create your own and specify its path in the configuration.
 
 * Request CAPTCHA
 
@@ -393,7 +361,7 @@ async def on_captcha(request):
 @app.post("api/security/captcha")
 @requires_captcha
 async def on_captcha(request):
-    return json("Captcha attempt successful!", request.ctx.captcha_session.json)
+    return json("Captcha attempt successful!", request.ctx.session.json)
 ```
 
 ## Two-step Verification
@@ -455,8 +423,7 @@ async def on_two_step_verification(request):
 @requires_two_step_verification
 async def on_two_step_verification(request):
     response = json(
-        "Two-step verification attempt successful!",
-        request.ctx.two_step_session.json,
+        "Two-step verification attempt successful!", request.ctx.session.json
     )
     return response
 ```

sanic_security-1.14.1.dist-info/RECORD

@@ -0,0 +1,16 @@
+sanic_security/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+sanic_security/authentication.py,sha256=ksHa4E82kNXNRKGSqeO28xfQWdF2pJDxUaaQy9snKwU,13299
+sanic_security/authorization.py,sha256=QvLsaOWu3te0Y75tqChrEXQP5CR92nsRU7LXiUWy5cw,7541
+sanic_security/configuration.py,sha256=h-Kh4PalJpjbDcZvVHCzxX5l-GnldP3Fr8OlgGCZNHY,5680
+sanic_security/exceptions.py,sha256=JiCaBR2kjE1Cj0fc_08y-32fqJJXa_1UCw205T4_RTY,5493
+sanic_security/models.py,sha256=bK5daR6Iq7V7aqNSzksH6DGrCXMj2e4feNRhlxlFQMg,22722
+sanic_security/utils.py,sha256=tgewsCAkNl_NkobHaDlZNIgVopQPiD8SWb6UC6tBYNs,3151
+sanic_security/verification.py,sha256=olmpP2AwXKILRVRnDf7AMRJuK5Fs_i5ESHXSH94A-Yk,8694
+sanic_security/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+sanic_security/test/server.py,sha256=RjL9Kfvkfqpm5TXWwFQKKa0J4hfTKgwI6U0s_TAKO8w,11984
+sanic_security/test/tests.py,sha256=bW5fHJfsCrg8eBmcSqVMLm0R5XRL1ou-XJJRgz09GOE,21993
+sanic_security-1.14.1.dist-info/LICENSE,sha256=sXlJs9_mG-dCkPfWsDnuzydJWagS82E2gYtkVH9enHA,1100
+sanic_security-1.14.1.dist-info/METADATA,sha256=It9-aEffADsbk5GJGO0SEG2DUd1wTq7FRl64l5oMcdA,23259
+sanic_security-1.14.1.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+sanic_security-1.14.1.dist-info/top_level.txt,sha256=ZybkhHXSjfzhmv8XeqLvnNmLmv21Z0oPX6Ep4DJN8b0,15
+sanic_security-1.14.1.dist-info/RECORD,,

{sanic_security-1.13.5.dist-info → sanic_security-1.14.1.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.5.0)
+Generator: setuptools (75.6.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

sanic_security-1.13.5.dist-info/RECORD

@@ -1,16 +0,0 @@
-sanic_security/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-sanic_security/authentication.py,sha256=SbPFze7s86xDsKOwoy37nGB8xffK3pSHGnmGUdlnexA,13225
-sanic_security/authorization.py,sha256=ddJWqGJbFIqII5pUW5SxI7h4EyVB-EhrbGM7jsQutOI,7559
-sanic_security/configuration.py,sha256=h-Kh4PalJpjbDcZvVHCzxX5l-GnldP3Fr8OlgGCZNHY,5680
-sanic_security/exceptions.py,sha256=JiCaBR2kjE1Cj0fc_08y-32fqJJXa_1UCw205T4_RTY,5493
-sanic_security/models.py,sha256=bK5daR6Iq7V7aqNSzksH6DGrCXMj2e4feNRhlxlFQMg,22722
-sanic_security/utils.py,sha256=tgewsCAkNl_NkobHaDlZNIgVopQPiD8SWb6UC6tBYNs,3151
-sanic_security/verification.py,sha256=js2PkqJU6o46atslJ76n-_cYoY5iz5fbyiV0OFwoySo,8668
-sanic_security/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-sanic_security/test/server.py,sha256=Rh_L12HPCfagvAyqkHziBD1C4WHAKZ9ht4mTCpX2Yik,12240
-sanic_security/test/tests.py,sha256=bW5fHJfsCrg8eBmcSqVMLm0R5XRL1ou-XJJRgz09GOE,21993
-sanic_security-1.13.5.dist-info/LICENSE,sha256=sXlJs9_mG-dCkPfWsDnuzydJWagS82E2gYtkVH9enHA,1100
-sanic_security-1.13.5.dist-info/METADATA,sha256=WBdJdWbBOUphyj-RaEioPjEl8ksycafckhJTF2COCQU,24248
-sanic_security-1.13.5.dist-info/WHEEL,sha256=R06PA3UVYHThwHvxuRWMqaGcr-PuniXahwjmQRFMEkY,91
-sanic_security-1.13.5.dist-info/top_level.txt,sha256=ZybkhHXSjfzhmv8XeqLvnNmLmv21Z0oPX6Ep4DJN8b0,15
-sanic_security-1.13.5.dist-info/RECORD,,