yhttp-auth 9.3.0__tar.gz → 9.3.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. {yhttp_auth-9.3.0/yhttp_auth.egg-info → yhttp_auth-9.3.2}/PKG-INFO +2 -2
  2. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/setup.py +1 -1
  3. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/tests/test_accesstoken.py +2 -1
  4. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/tests/test_csrftoken.py +2 -0
  5. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/tests/test_oauth2.py +2 -0
  6. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/tests/test_refreshtoken.py +10 -7
  7. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/yhttp/ext/auth/__init__.py +1 -1
  8. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/yhttp/ext/auth/authenticator.py +3 -13
  9. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2/yhttp_auth.egg-info}/PKG-INFO +2 -2
  10. yhttp_auth-9.3.2/yhttp_auth.egg-info/requires.txt +3 -0
  11. yhttp_auth-9.3.0/yhttp_auth.egg-info/requires.txt +0 -3
  12. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/LICENSE +0 -0
  13. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/README.md +0 -0
  14. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/setup.cfg +0 -0
  15. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/tests/test_authenticator.py +0 -0
  16. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/tests/test_cli.py +0 -0
  17. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/tests/test_token.py +0 -0
  18. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/yhttp/ext/auth/cli.py +0 -0
  19. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/yhttp/ext/auth/exceptions.py +0 -0
  20. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/yhttp/ext/auth/install.py +0 -0
  21. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/yhttp/ext/auth/token.py +0 -0
  22. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/yhttp_auth.egg-info/SOURCES.txt +0 -0
  23. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/yhttp_auth.egg-info/dependency_links.txt +0 -0
  24. {yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/yhttp_auth.egg-info/top_level.txt +0 -0
{yhttp_auth-9.3.0/yhttp_auth.egg-info → yhttp_auth-9.3.2}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: yhttp-auth
3
- Version: 9.3.0
3
+ Version: 9.3.2
4
4
  Summary: A very micro http framework.
5
5
  Home-page: http://github.com/yhttp/yhttp-auth
6
6
  Author: Vahid Mardani
@@ -22,7 +22,7 @@ Classifier: Topic :: Software Development :: Libraries
22
22
  Classifier: Topic :: Software Development :: Libraries :: Python Modules
23
23
  Description-Content-Type: text/markdown
24
24
  License-File: LICENSE
25
- Requires-Dist: yhttp<8,>=7.16.4
25
+ Requires-Dist: yhttp<8,>=7.20.1
26
26
  Requires-Dist: pyjwt
27
27
  Requires-Dist: redis
28
28
  Dynamic: author
{yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/setup.py RENAMED
@@ -18,7 +18,7 @@ with open(
18
18
 
19
19
 
20
20
  dependencies = [
21
- 'yhttp >= 7.16.4, < 8',
21
+ 'yhttp >= 7.20.1, < 8',
22
22
  'pyjwt',
23
23
  'redis',
24
24
  ]
{yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/tests/test_accesstoken.py RENAMED
@@ -13,6 +13,7 @@ def test_accesstoken(app, httpreq, redis):
13
13
  domain: example.com
14
14
  accesstoken:
15
15
  maxage: 30
16
+ leeway: 4
16
17
  refreshtoken:
17
18
  enabled: false
18
19
  ''')
@@ -65,7 +66,7 @@ def test_accesstoken(app, httpreq, redis):
65
66
  assert status == 201
66
67
  assert response.cookies['yhttp-accesstoken'] == \
67
68
  f'{accesstoken_expected}; ' \
68
- 'Domain=example.com; HttpOnly; Max-Age=30; Path=/; ' \
69
+ 'Domain=example.com; HttpOnly; Max-Age=34; Path=/; ' \
69
70
  'SameSite=Strict'
70
71
  assert 'yhttp-refreshtoken' not in response.cookies
71
72
  accesstoken = response.cookies['yhttp-accesstoken'].split(';', 1)[0]
{yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/tests/test_csrftoken.py RENAMED
@@ -11,6 +11,8 @@ def test_csrftoken(app, httpreq, redis, mocker):
11
11
  domain: example.com
12
12
  csrftoken:
13
13
  size: 32
14
+ cookie:
15
+ path: /red
14
16
  ''')
15
17
  app.ready()
16
18
  mocker.patch(
{yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/tests/test_oauth2.py RENAMED
@@ -21,6 +21,8 @@ def test_oauth2_state(app, httpreq, redis, mocker):
21
21
  domain: example.com
22
22
  csrftoken:
23
23
  size: 32
24
+ cookie:
25
+ path: /red
24
26
  ''')
25
27
  app.ready()
26
28
  mocker.patch(
{yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/tests/test_refreshtoken.py RENAMED
@@ -15,10 +15,13 @@ def test_refreshtoken(app, httpreq, redis):
15
15
  domain: example.com
16
16
  accesstoken:
17
17
  maxage: 30
18
+ leeway: 4
18
19
  refreshtoken:
19
20
  enabled: true
20
21
  maxage: 3600
21
- path: /tokens
22
+ leeway: 20
23
+ cookie:
24
+ path: /tokens
22
25
  ''')
23
26
  app.ready()
24
27
 
@@ -66,11 +69,11 @@ def test_refreshtoken(app, httpreq, redis):
66
69
  assert status == 201
67
70
  assert response.cookies['yhttp-accesstoken'] == \
68
71
  f'{accesstoken_expected}; ' \
69
- 'Domain=example.com; HttpOnly; Max-Age=30; Path=/; ' \
72
+ 'Domain=example.com; HttpOnly; Max-Age=34; Path=/; ' \
70
73
  'SameSite=Strict'
71
74
  assert response.cookies['yhttp-refreshtoken'] == \
72
75
  f'{refreshtoken_expected}; ' \
73
- 'Domain=example.com; HttpOnly; Max-Age=3600; Path=/tokens; ' \
76
+ 'Domain=example.com; HttpOnly; Max-Age=3620; Path=/tokens; ' \
74
77
  'SameSite=Strict'
75
78
  accesstoken = response.cookies['yhttp-accesstoken'].split(';', 1)[0]
76
79
  refreshtoken = response.cookies['yhttp-refreshtoken'].split(';', 1)[0]
@@ -94,7 +97,7 @@ def test_refreshtoken(app, httpreq, redis):
94
97
  cookies={
95
98
  'yhttp-refreshtoken': refreshtoken,
96
99
  })
97
- assert status == 401
100
+ assert status == 201
98
101
 
99
102
  when(title='Try to refresh token with access token but without the '
100
103
  'refreshtoken',
@@ -135,7 +138,7 @@ def test_refreshtoken(app, httpreq, redis):
135
138
  'yhttp-accesstoken': accesstoken,
136
139
  'yhttp-refreshtoken': bob_refreshtoken,
137
140
  })
138
- assert status == 401
141
+ assert status == 201
139
142
 
140
143
  when(title='Try to refresh the access-token',
141
144
  path='/tokens',
@@ -147,11 +150,11 @@ def test_refreshtoken(app, httpreq, redis):
147
150
  assert status == 201
148
151
  assert response.cookies['yhttp-accesstoken'] == \
149
152
  f'{accesstoken_expected}; ' \
150
- 'Domain=example.com; HttpOnly; Max-Age=30; Path=/; ' \
153
+ 'Domain=example.com; HttpOnly; Max-Age=34; Path=/; ' \
151
154
  'SameSite=Strict'
152
155
  assert response.cookies['yhttp-refreshtoken'] == \
153
156
  f'{refreshtoken_expected}; ' \
154
- 'Domain=example.com; HttpOnly; Max-Age=3600; Path=/tokens; ' \
157
+ 'Domain=example.com; HttpOnly; Max-Age=3620; Path=/tokens; ' \
155
158
  'SameSite=Strict'
156
159
  accesstoken = response.cookies['yhttp-accesstoken'].split(';', 1)[0]
157
160
 
{yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/yhttp/ext/auth/__init__.py RENAMED
@@ -4,4 +4,4 @@ from .exceptions import AuthException, TokenDecodeError, TokenExpiredError, \
4
4
  TokenMissmatchError, TokenMissingError, HeaderMissingError, BlacklistError
5
5
 
6
6
 
7
- __version__ = '9.3.0'
7
+ __version__ = '9.3.2'
{yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/yhttp/ext/auth/authenticator.py RENAMED
@@ -93,7 +93,7 @@ class Authenticator:
93
93
  httponly=settings.cookie.httponly,
94
94
  domain=self._settings.domain,
95
95
  samesite=settings.cookie.samesite,
96
- path=settings.cookie.path or req.path,
96
+ path=settings.cookie.path,
97
97
  expires='Thu, 01 Jan 1970 00:00:00 GMT'
98
98
  )
99
99
 
@@ -135,11 +135,11 @@ class Authenticator:
135
135
  httponly=settings.cookie.httponly,
136
136
  domain=self._settings.domain,
137
137
  samesite=settings.cookie.samesite,
138
- path=settings.cookie.path or req.path,
138
+ path=settings.cookie.path,
139
139
  )
140
140
 
141
141
  if hasattr(settings, 'maxage'):
142
- entry['max-age'] = settings.maxage
142
+ entry['max-age'] = settings.maxage + settings.leeway
143
143
  elif hasattr(settings.cookie, 'maxage'):
144
144
  entry['max-age'] = settings.cookie.maxage
145
145
 
@@ -183,21 +183,11 @@ class Authenticator:
183
183
  )
184
184
 
185
185
  def session_refresh(self, req):
186
- # ensure the access token (even expired) but not invalid
187
- accesstoken = self.token_fromcookie(
188
- req,
189
- AccessToken,
190
- verifyexp=False
191
- )
192
-
193
186
  refreshtoken = self.token_fromcookie(
194
187
  req,
195
188
  RefreshToken
196
189
  )
197
190
 
198
- if refreshtoken.id != accesstoken.id:
199
- raise TokenMissmatchError()
200
-
201
191
  accesstoken = AccessToken.create_from(refreshtoken)
202
192
  self.session_new(req, accesstoken)
203
193
 
{yhttp_auth-9.3.0 → yhttp_auth-9.3.2/yhttp_auth.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: yhttp-auth
3
- Version: 9.3.0
3
+ Version: 9.3.2
4
4
  Summary: A very micro http framework.
5
5
  Home-page: http://github.com/yhttp/yhttp-auth
6
6
  Author: Vahid Mardani
@@ -22,7 +22,7 @@ Classifier: Topic :: Software Development :: Libraries
22
22
  Classifier: Topic :: Software Development :: Libraries :: Python Modules
23
23
  Description-Content-Type: text/markdown
24
24
  License-File: LICENSE
25
- Requires-Dist: yhttp<8,>=7.16.4
25
+ Requires-Dist: yhttp<8,>=7.20.1
26
26
  Requires-Dist: pyjwt
27
27
  Requires-Dist: redis
28
28
  Dynamic: author
yhttp_auth-9.3.2/yhttp_auth.egg-info/requires.txt ADDED
@@ -0,0 +1,3 @@
1
+ yhttp<8,>=7.20.1
2
+ pyjwt
3
+ redis
yhttp_auth-9.3.0/yhttp_auth.egg-info/requires.txt DELETED
@@ -1,3 +0,0 @@
1
- yhttp<8,>=7.16.4
2
- pyjwt
3
- redis
{yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/LICENSE RENAMED
File without changes
{yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/README.md RENAMED
File without changes
{yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/setup.cfg RENAMED
File without changes
{yhttp_auth-9.3.0 → yhttp_auth-9.3.2}/tests/test_cli.py RENAMED
File without changes