square-authentication 6.0.4__tar.gz → 6.1.0__tar.gz

{square_authentication-6.0.4 → square_authentication-6.1.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: square_authentication
-Version: 6.0.4
+Version: 6.1.0
 Summary: authentication layer for my personal server.
 Home-page: https://github.com/thepmsquare/square_authentication
 Author: thePmSquare
@@ -53,6 +53,16 @@ pip install square_authentication
 
 ## changelog
 
+### v6.1.0
+
+- add validation to username in register_username_v0 and update_username_v0.
+- add test cases for register_username_v0.
+
+### v6.0.5
+
+- env
+    - add ALLOW_ORIGINS
+
 ### v6.0.4
 
 - mock ini file for pytest.

{square_authentication-6.0.4 → square_authentication-6.1.0}/README.md

@@ -16,6 +16,16 @@ pip install square_authentication
 
 ## changelog
 
+### v6.1.0
+
+- add validation to username in register_username_v0 and update_username_v0.
+- add test cases for register_username_v0.
+
+### v6.0.5
+
+- env
+    - add ALLOW_ORIGINS
+
 ### v6.0.4
 
 - mock ini file for pytest.

{square_authentication-6.0.4 → square_authentication-6.1.0}/setup.py

@@ -4,7 +4,7 @@ package_name = "square_authentication"
 
 setup(
     name=package_name,
-    version="6.0.4",
+    version="6.1.0",
     packages=find_packages(),
     package_data={
         package_name: ["data/*"],

{square_authentication-6.0.4 → square_authentication-6.1.0}/square_authentication/configuration.py

@@ -22,6 +22,9 @@ try:
     # environment
     config_str_host_ip = ldict_configuration["ENVIRONMENT"]["HOST_IP"]
     config_int_host_port = int(ldict_configuration["ENVIRONMENT"]["HOST_PORT"])
+    config_list_allow_origins = eval(
+        ldict_configuration["ENVIRONMENT"]["ALLOW_ORIGINS"]
+    )
     config_str_log_file_name = ldict_configuration["ENVIRONMENT"]["LOG_FILE_NAME"]
     config_str_secret_key_for_access_token = ldict_configuration["ENVIRONMENT"][
         "SECRET_KEY_FOR_ACCESS_TOKEN"

{square_authentication-6.0.4 → square_authentication-6.1.0}/square_authentication/data/config.ini

@@ -4,6 +4,7 @@ MODULE_NAME = square_authentication
 [ENVIRONMENT]
 HOST_IP = 0.0.0.0
 HOST_PORT = 10011
+ALLOW_ORIGINS = ["http://localhost:10011"]
 
 LOG_FILE_NAME = square_authentication
 

{square_authentication-6.0.4 → square_authentication-6.1.0}/square_authentication/data/config.testing.ini

@@ -4,6 +4,7 @@ MODULE_NAME = square_authentication
 [ENVIRONMENT]
 HOST_IP = 0.0.0.0
 HOST_PORT = 10011
+ALLOW_ORIGINS = ["http://localhost:10011"]
 
 LOG_FILE_NAME = square_authentication
 

{square_authentication-6.0.4 → square_authentication-6.1.0}/square_authentication/main.py

@@ -13,6 +13,7 @@ from square_authentication.configuration import (
     config_str_module_name,
     config_str_ssl_key_file_path,
     config_str_ssl_crt_file_path,
+    config_list_allow_origins,
 )
 from square_authentication.routes import core, utility, profile
 
@@ -21,7 +22,7 @@ app = FastAPI()
 app.add_middleware(
     CORSMiddleware,
     allow_credentials=True,
-    allow_origins=["*"],
+    allow_origins=config_list_allow_origins,
     allow_methods=["*"],
     allow_headers=["*"],
 )

{square_authentication-6.0.4 → square_authentication-6.1.0}/square_authentication/messages.py

@@ -5,6 +5,7 @@ messages = {
     "INCORRECT_USERNAME": "the username you entered does not exist.",
     "INCORRECT_PASSWORD": "the password you entered is incorrect. please try again.",
     "INCORRECT_USER_ID": "the user ID you provided does not exist or is invalid.",
+    "USERNAME_INVALID": "username must start and end with a lowercase letter and can include only lowercase letters, digits, underscores, or hyphens. no spaces, no dots, and no consecutive special characters.",
     "USERNAME_ALREADY_EXISTS": "the username you entered is already taken. please choose a different one.",
     "INCORRECT_ACCESS_TOKEN": "the access token provided is invalid or expired.",
     "INCORRECT_REFRESH_TOKEN": "the refresh token provided is invalid or expired.",

{square_authentication-6.0.4 → square_authentication-6.1.0}/square_authentication/routes/core.py

@@ -1,4 +1,5 @@
 import copy
+import re
 from datetime import datetime, timedelta, timezone
 from typing import Annotated, List
 
@@ -67,6 +68,22 @@ async def register_username_v0(
         validation
         """
         # validation for username
+        # ^(?!.*[_-]{2})           # no consecutive _ or -
+        # [a-z]                    # must start with a lowercase letter
+        # (?:[a-z0-9_-]{1,18})     # 1–18 of lowercase, digits, _ or -
+        # [a-z]$                   # must end with a lowercase letter
+        username_pattern = re.compile(r"^(?!.*[._-]{2})[a-z][a-z0-9_-]{1,18}[a-z]$")
+        if not username_pattern.match(username):
+            output_content = get_api_output_in_standard_format(
+                message=messages["USERNAME_INVALID"],
+                log=f"username '{username}' is invalid. it must start and end with a letter, "
+                f"contain only lowercase letters, numbers, underscores, or hyphens, "
+                f"and not have consecutive separators.",
+            )
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=output_content,
+            )
         local_list_response_user_creds = (
             global_object_square_database_helper.get_rows_v0(
                 database_name=global_string_database_name,
@@ -1098,6 +1115,25 @@ async def update_username_v0(
             )
         user_id = local_dict_access_token_payload["user_id"]
 
+        # validation for username
+        # ^(?!.*[_-]{2})           # no consecutive _ or -
+        # [a-z]                    # must start with a lowercase letter
+        # (?:[a-z0-9_-]{1,18})     # 1–18 of lowercase, digits, _ or -
+        # [a-z]$                   # must end with a lowercase letter
+        new_username = new_username.lower()
+        username_pattern = re.compile(r"^(?!.*[._-]{2})[a-z][a-z0-9_-]{1,18}[a-z]$")
+        if not username_pattern.match(new_username):
+            output_content = get_api_output_in_standard_format(
+                message=messages["USERNAME_INVALID"],
+                log=f"username '{new_username}' is invalid. it must start and end with a letter, "
+                f"contain only lowercase letters, numbers, underscores, or hyphens, "
+                f"and not have consecutive separators.",
+            )
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=output_content,
+            )
+
         # validate user_id
         local_list_user_response = global_object_square_database_helper.get_rows_v0(
             database_name=global_string_database_name,

{square_authentication-6.0.4 → square_authentication-6.1.0}/square_authentication.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: square_authentication
-Version: 6.0.4
+Version: 6.1.0
 Summary: authentication layer for my personal server.
 Home-page: https://github.com/thepmsquare/square_authentication
 Author: thePmSquare
@@ -53,6 +53,16 @@ pip install square_authentication
 
 ## changelog
 
+### v6.1.0
+
+- add validation to username in register_username_v0 and update_username_v0.
+- add test cases for register_username_v0.
+
+### v6.0.5
+
+- env
+    - add ALLOW_ORIGINS
+
 ### v6.0.4
 
 - mock ini file for pytest.

{square_authentication-6.0.4 → square_authentication-6.1.0}/square_authentication.egg-info/SOURCES.txt

@@ -20,4 +20,5 @@ square_authentication/routes/utility.py
 square_authentication/utils/__init__.py
 square_authentication/utils/encryption.py
 square_authentication/utils/token.py
-tests/test_1.py
+tests/test_1.py
+tests/test_username.py

square_authentication-6.1.0/tests/test_username.py

@@ -0,0 +1,111 @@
+from square_authentication.messages import messages
+
+
+def test_register_username_invalid(create_client_and_cleanup):
+    payload = {
+        "username": "invalid..name",
+        "password": "testpass123",
+        "app_id": 1,
+    }
+    response = create_client_and_cleanup.post("/register_username/v0", json=payload)
+    assert response.status_code == 400
+    assert "username" in response.json()["log"]
+
+
+def test_username_starts_with_number(create_client_and_cleanup):
+    payload = {
+        "username": "1username",
+        "password": "testpass123",
+        "app_id": 1,
+    }
+    response = create_client_and_cleanup.post("/register_username/v0", json=payload)
+    assert response.status_code == 400
+    assert "username" in response.json()["log"]
+
+
+def test_username_ends_with_number(create_client_and_cleanup):
+    payload = {
+        "username": "username1",
+        "password": "testpass123",
+        "app_id": 1,
+    }
+    response = create_client_and_cleanup.post("/register_username/v0", json=payload)
+    assert response.status_code == 400
+    assert "username" in response.json()["log"]
+
+
+def test_username_with_space(create_client_and_cleanup):
+    payload = {
+        "username": "user name",
+        "password": "testpass123",
+        "app_id": 1,
+    }
+    response = create_client_and_cleanup.post("/register_username/v0", json=payload)
+    assert response.status_code == 400
+    assert "username" in response.json()["log"]
+
+
+def test_username_too_short(create_client_and_cleanup):
+    payload = {
+        "username": "a",
+        "password": "testpass123",
+        "app_id": 1,
+    }
+    response = create_client_and_cleanup.post("/register_username/v0", json=payload)
+    assert response.status_code == 400
+    assert "username" in response.json()["log"]
+
+
+def test_username_simple_valid(create_client_and_cleanup):
+    payload = {
+        "username": "johnsmith",
+        "password": "testpass123",
+        "app_id": 1,
+    }
+    response = create_client_and_cleanup.post("/register_username/v0", json=payload)
+    assert response.status_code == 201
+    assert response.json()["message"] == messages["REGISTRATION_SUCCESSFUL"]
+
+
+def test_username_with_uppercase(create_client_and_cleanup):
+    payload = {
+        "username": "User_Name",
+        "password": "testpass123",
+        "app_id": 1,
+    }
+    response = create_client_and_cleanup.post("/register_username/v0", json=payload)
+    assert response.status_code == 201
+    assert response.json()["message"] == messages["REGISTRATION_SUCCESSFUL"]
+
+
+def test_username_with_digits(create_client_and_cleanup):
+    payload = {
+        "username": "john123smith",
+        "password": "testpass123",
+        "app_id": 1,
+    }
+    response = create_client_and_cleanup.post("/register_username/v0", json=payload)
+    assert response.status_code == 201
+    assert response.json()["message"] == messages["REGISTRATION_SUCCESSFUL"]
+
+
+def test_username_with_underscore_hyphen(create_client_and_cleanup):
+    payload = {
+        "username": "john_smith-doe",
+        "password": "testpass123",
+        "app_id": 1,
+    }
+    response = create_client_and_cleanup.post("/register_username/v0", json=payload)
+    assert response.status_code == 201
+    assert response.json()["message"] == messages["REGISTRATION_SUCCESSFUL"]
+
+
+def test_username_max_length(create_client_and_cleanup):
+    payload = {
+        "username": "a1234567890_b-cdefgh",
+        "password": "testpass123",
+        "app_id": 1,
+    }
+    response = create_client_and_cleanup.post("/register_username/v0", json=payload)
+    assert response.status_code == 201
+    assert response.json()["message"] == messages["REGISTRATION_SUCCESSFUL"]