tortoise-auth 0.2.0__tar.gz

tortoise_auth-0.2.0/.github/workflows/python-publish.yml

@@ -0,0 +1,25 @@
+name: Publish to PyPI
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  id-token: write
+
+jobs:
+  publish:
+    name: Build & publish
+    runs-on: ubuntu-latest
+    environment: pypi
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: astral-sh/setup-uv@v4
+
+      - name: Build package
+        run: uv build
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

tortoise_auth-0.2.0/.gitignore

@@ -0,0 +1,209 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py.cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# UV
+#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#uv.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+#poetry.toml
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+#pdm.lock
+#pdm.toml
+.pdm-python
+.pdm-build/
+
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+#pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.envrc
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+# Abstra
+# Abstra is an AI-powered process automation framework.
+# Ignore directories containing user credentials, local state, and settings.
+# Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
+#  that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#  and can be added to the global gitignore or merged into this file. However, if you prefer,
+#  you could uncomment the following to ignore the entire vscode folder
+# .vscode/
+
+# Ruff stuff:
+.ruff_cache/
+
+# PyPI configuration file
+.pypirc
+
+# Cursor
+#  Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
+#  exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
+#  refer to https://docs.cursor.com/context/ignore-files
+.cursorignore
+.cursorindexingignore
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/
+
+.idea

tortoise_auth-0.2.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Software Family
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

tortoise_auth-0.2.0/PKG-INFO

@@ -0,0 +1,30 @@
+Metadata-Version: 2.4
+Name: tortoise-auth
+Version: 0.2.0
+Summary: Async authentication and user management for Tortoise ORM. Framework-agnostic, extensible, secure by default.
+Project-URL: Homepage, https://github.com/elie/tortoise-auth
+Project-URL: Documentation, https://elie.github.io/tortoise-auth
+Project-URL: Repository, https://github.com/elie/tortoise-auth
+Project-URL: Issues, https://github.com/elie/tortoise-auth/issues
+Author: Elie
+License-Expression: MIT
+License-File: LICENSE
+Keywords: 2fa,api-keys,async,auth,authentication,tortoise-orm,totp,user-management
+Classifier: Development Status :: 3 - Alpha
+Classifier: Framework :: AsyncIO
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Typing :: Typed
+Requires-Python: >=3.12
+Requires-Dist: pwdlib[argon2,bcrypt]>=0.2
+Requires-Dist: pyjwt>=2.8
+Requires-Dist: pyotp>=2.9
+Requires-Dist: qrcode[pil]>=7.4
+Requires-Dist: tortoise-orm>=0.21
+Provides-Extra: starlette
+Requires-Dist: starlette>=0.27; extra == 'starlette'

tortoise_auth-0.2.0/README.md

@@ -0,0 +1,93 @@
+# tortoise-auth
+
+![Development Status](https://img.shields.io/badge/status-alpha-orange)
+![Python](https://img.shields.io/badge/python-3.12%2B-blue)
+![License](https://img.shields.io/badge/license-MIT-green)
+
+**Async authentication and user management for Tortoise ORM.**
+Framework-agnostic, extensible, secure by default.
+
+**tortoise-auth** is a pure-async authentication library built on top of
+[Tortoise ORM](https://tortoise.github.io/). It provides a complete user
+authentication stack — password hashing, token issuance, session management,
+HMAC signing, and lifecycle events — without coupling you to any particular web
+framework. Define your user model, call `configure()`, and you have a
+production-ready auth layer that works with FastAPI, Starlette, Sanic, or any
+other async Python framework.
+
+> [!WARNING]
+> **This project is under active development (v0.2.0, Alpha).** The public API
+> may change between releases. Use in production at your own risk.
+
+## Features
+
+- **Abstract User model** — extend `AbstractUser` to get email-based
+  authentication, password hashing, `is_active` / `is_verified` flags, and
+  timestamp tracking out of the box.
+- **AuthService** — high-level async API for `login`, `authenticate`,
+  `refresh`, `logout`, and `logout_all`.
+- **Pluggable token backends** — choose between stateless **JWT** tokens or
+  server-side **database** tokens, swappable with a single config flag.
+- **Multi-algorithm password hashing** — Argon2id (primary), Bcrypt, and
+  PBKDF2-SHA256 with transparent auto-migration to the strongest hasher.
+- **Password validation** — four built-in validators (minimum length, common
+  password list, numeric-only, user-attribute similarity) plus custom validators
+  via the `PasswordValidator` Protocol.
+- **HMAC signing** — `Signer`, `TimestampSigner`, and convenience helpers
+  `make_token` / `verify_token` for email-confirmation links, password-reset
+  URLs, and other signed payloads.
+- **Event system** — subscribe to `user_login`, `user_login_failed`,
+  `user_logout`, and `password_changed` events with async handlers.
+- **Fully async** — every I/O operation uses `await`; no hidden synchronous
+  calls.
+
+## Installation
+
+```bash
+pip install tortoise-auth
+```
+
+or with [uv](https://docs.astral.sh/uv/):
+
+```bash
+uv add tortoise-auth
+```
+
+## Quick Start
+
+```python
+from tortoise_auth import AbstractUser, AuthConfig, AuthService, configure
+
+
+class User(AbstractUser):
+    """Application user model."""
+
+    class Meta:
+        table = "users"
+
+
+# Configure the library
+configure(AuthConfig(
+    user_model="models.User",
+    jwt_secret="your-secret-key",
+))
+
+
+# Usage (inside an async context)
+auth = AuthService()
+result = await auth.login("user@example.com", "password123")
+user = await auth.authenticate(result.access_token)
+```
+
+> [!CAUTION]
+> The snippet above uses a literal `jwt_secret` for brevity. In production,
+> always load secrets from environment variables or a dedicated secrets manager.
+
+## Requirements
+
+- Python 3.12+
+- Tortoise ORM 0.21+
+
+## License
+
+MIT — see [LICENSE](LICENSE) for details.

tortoise_auth-0.2.0/docs/getting-started/installation.md

@@ -0,0 +1,95 @@
+# Installation
+
+## Requirements
+
+Before installing `tortoise-auth`, make sure your environment meets the following minimum
+requirements:
+
+| Dependency      | Minimum version |
+|-----------------|-----------------|
+| Python          | 3.12+           |
+| Tortoise ORM    | 0.21+           |
+
+!!! note
+    `tortoise-auth` uses modern Python features such as type aliases, `type` statements,
+    and generic built-in types that require **Python 3.12 or later**.
+
+## Install tortoise-auth
+
+=== "pip"
+
+    ```bash
+    pip install tortoise-auth
+    ```
+
+=== "uv"
+
+    ```bash
+    uv add tortoise-auth
+    ```
+
+## Transitive dependencies
+
+When you install `tortoise-auth`, the following packages are pulled in automatically.
+You do **not** need to install them separately.
+
+| Package                   | Purpose                                                                                              |
+|---------------------------|------------------------------------------------------------------------------------------------------|
+| `tortoise-orm` >=0.21    | Async ORM built on top of `asyncio`. Provides the model layer that `tortoise-auth` extends.          |
+| `pwdlib[argon2,bcrypt]` >=0.2 | Password hashing library. Includes the **Argon2** and **bcrypt** backends out of the box.       |
+| `pyotp` >=2.9            | One-time password generation and verification for TOTP-based two-factor authentication.              |
+| `qrcode[pil]` >=7.4      | QR code generation used when setting up TOTP with authenticator apps.                                |
+
+## Database driver
+
+Tortoise ORM requires an async database driver. `tortoise-auth` does not bundle one because the
+choice depends on which database you use in your project.
+
+Install the driver that matches your database:
+
+=== "SQLite (development)"
+
+    ```bash
+    pip install aiosqlite
+    ```
+
+=== "PostgreSQL"
+
+    ```bash
+    pip install asyncpg
+    ```
+
+=== "MySQL / MariaDB"
+
+    ```bash
+    pip install asyncmy
+    ```
+
+!!! warning
+    SQLite is convenient for local development and testing, but it is **not recommended for
+    production**. Use PostgreSQL or MySQL for production deployments.
+
+## Verify the installation
+
+Open a Python shell and confirm that the package is importable and reports the expected version:
+
+```python
+import tortoise_auth
+
+print(tortoise_auth.__version__)
+```
+
+You should see output similar to:
+
+```text
+0.1.0
+```
+
+!!! tip
+    If the import fails with a `ModuleNotFoundError`, make sure you are running the Python
+    interpreter from the same virtual environment where you installed the package.
+
+---
+
+Next step: head over to the [Quick Start](quickstart.md) guide to configure `tortoise-auth` and
+create your first user.