yhttp-auth 9.3.1__tar.gz → 9.3.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. {yhttp_auth-9.3.1/yhttp_auth.egg-info → yhttp_auth-9.3.2}/PKG-INFO +1 -1
  2. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/tests/test_accesstoken.py +2 -1
  3. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/tests/test_refreshtoken.py +8 -6
  4. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/yhttp/ext/auth/__init__.py +1 -1
  5. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/yhttp/ext/auth/authenticator.py +1 -11
  6. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2/yhttp_auth.egg-info}/PKG-INFO +1 -1
  7. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/LICENSE +0 -0
  8. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/README.md +0 -0
  9. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/setup.cfg +0 -0
  10. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/setup.py +0 -0
  11. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/tests/test_authenticator.py +0 -0
  12. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/tests/test_cli.py +0 -0
  13. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/tests/test_csrftoken.py +0 -0
  14. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/tests/test_oauth2.py +0 -0
  15. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/tests/test_token.py +0 -0
  16. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/yhttp/ext/auth/cli.py +0 -0
  17. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/yhttp/ext/auth/exceptions.py +0 -0
  18. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/yhttp/ext/auth/install.py +0 -0
  19. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/yhttp/ext/auth/token.py +0 -0
  20. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/yhttp_auth.egg-info/SOURCES.txt +0 -0
  21. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/yhttp_auth.egg-info/dependency_links.txt +0 -0
  22. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/yhttp_auth.egg-info/requires.txt +0 -0
  23. {yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/yhttp_auth.egg-info/top_level.txt +0 -0
{yhttp_auth-9.3.1/yhttp_auth.egg-info → yhttp_auth-9.3.2}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: yhttp-auth
3
- Version: 9.3.1
3
+ Version: 9.3.2
4
4
  Summary: A very micro http framework.
5
5
  Home-page: http://github.com/yhttp/yhttp-auth
6
6
  Author: Vahid Mardani
{yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/tests/test_accesstoken.py RENAMED
@@ -13,6 +13,7 @@ def test_accesstoken(app, httpreq, redis):
13
13
  domain: example.com
14
14
  accesstoken:
15
15
  maxage: 30
16
+ leeway: 4
16
17
  refreshtoken:
17
18
  enabled: false
18
19
  ''')
@@ -65,7 +66,7 @@ def test_accesstoken(app, httpreq, redis):
65
66
  assert status == 201
66
67
  assert response.cookies['yhttp-accesstoken'] == \
67
68
  f'{accesstoken_expected}; ' \
68
- 'Domain=example.com; HttpOnly; Max-Age=30; Path=/; ' \
69
+ 'Domain=example.com; HttpOnly; Max-Age=34; Path=/; ' \
69
70
  'SameSite=Strict'
70
71
  assert 'yhttp-refreshtoken' not in response.cookies
71
72
  accesstoken = response.cookies['yhttp-accesstoken'].split(';', 1)[0]
{yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/tests/test_refreshtoken.py RENAMED
@@ -15,9 +15,11 @@ def test_refreshtoken(app, httpreq, redis):
15
15
  domain: example.com
16
16
  accesstoken:
17
17
  maxage: 30
18
+ leeway: 4
18
19
  refreshtoken:
19
20
  enabled: true
20
21
  maxage: 3600
22
+ leeway: 20
21
23
  cookie:
22
24
  path: /tokens
23
25
  ''')
@@ -67,11 +69,11 @@ def test_refreshtoken(app, httpreq, redis):
67
69
  assert status == 201
68
70
  assert response.cookies['yhttp-accesstoken'] == \
69
71
  f'{accesstoken_expected}; ' \
70
- 'Domain=example.com; HttpOnly; Max-Age=30; Path=/; ' \
72
+ 'Domain=example.com; HttpOnly; Max-Age=34; Path=/; ' \
71
73
  'SameSite=Strict'
72
74
  assert response.cookies['yhttp-refreshtoken'] == \
73
75
  f'{refreshtoken_expected}; ' \
74
- 'Domain=example.com; HttpOnly; Max-Age=3600; Path=/tokens; ' \
76
+ 'Domain=example.com; HttpOnly; Max-Age=3620; Path=/tokens; ' \
75
77
  'SameSite=Strict'
76
78
  accesstoken = response.cookies['yhttp-accesstoken'].split(';', 1)[0]
77
79
  refreshtoken = response.cookies['yhttp-refreshtoken'].split(';', 1)[0]
@@ -95,7 +97,7 @@ def test_refreshtoken(app, httpreq, redis):
95
97
  cookies={
96
98
  'yhttp-refreshtoken': refreshtoken,
97
99
  })
98
- assert status == 401
100
+ assert status == 201
99
101
 
100
102
  when(title='Try to refresh token with access token but without the '
101
103
  'refreshtoken',
@@ -136,7 +138,7 @@ def test_refreshtoken(app, httpreq, redis):
136
138
  'yhttp-accesstoken': accesstoken,
137
139
  'yhttp-refreshtoken': bob_refreshtoken,
138
140
  })
139
- assert status == 401
141
+ assert status == 201
140
142
 
141
143
  when(title='Try to refresh the access-token',
142
144
  path='/tokens',
@@ -148,11 +150,11 @@ def test_refreshtoken(app, httpreq, redis):
148
150
  assert status == 201
149
151
  assert response.cookies['yhttp-accesstoken'] == \
150
152
  f'{accesstoken_expected}; ' \
151
- 'Domain=example.com; HttpOnly; Max-Age=30; Path=/; ' \
153
+ 'Domain=example.com; HttpOnly; Max-Age=34; Path=/; ' \
152
154
  'SameSite=Strict'
153
155
  assert response.cookies['yhttp-refreshtoken'] == \
154
156
  f'{refreshtoken_expected}; ' \
155
- 'Domain=example.com; HttpOnly; Max-Age=3600; Path=/tokens; ' \
157
+ 'Domain=example.com; HttpOnly; Max-Age=3620; Path=/tokens; ' \
156
158
  'SameSite=Strict'
157
159
  accesstoken = response.cookies['yhttp-accesstoken'].split(';', 1)[0]
158
160
 
{yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/yhttp/ext/auth/__init__.py RENAMED
@@ -4,4 +4,4 @@ from .exceptions import AuthException, TokenDecodeError, TokenExpiredError, \
4
4
  TokenMissmatchError, TokenMissingError, HeaderMissingError, BlacklistError
5
5
 
6
6
 
7
- __version__ = '9.3.1'
7
+ __version__ = '9.3.2'
{yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/yhttp/ext/auth/authenticator.py RENAMED
@@ -139,7 +139,7 @@ class Authenticator:
139
139
  )
140
140
 
141
141
  if hasattr(settings, 'maxage'):
142
- entry['max-age'] = settings.maxage
142
+ entry['max-age'] = settings.maxage + settings.leeway
143
143
  elif hasattr(settings.cookie, 'maxage'):
144
144
  entry['max-age'] = settings.cookie.maxage
145
145
 
@@ -183,21 +183,11 @@ class Authenticator:
183
183
  )
184
184
 
185
185
  def session_refresh(self, req):
186
- # ensure the access token (even expired) but not invalid
187
- accesstoken = self.token_fromcookie(
188
- req,
189
- AccessToken,
190
- verifyexp=False
191
- )
192
-
193
186
  refreshtoken = self.token_fromcookie(
194
187
  req,
195
188
  RefreshToken
196
189
  )
197
190
 
198
- if refreshtoken.id != accesstoken.id:
199
- raise TokenMissmatchError()
200
-
201
191
  accesstoken = AccessToken.create_from(refreshtoken)
202
192
  self.session_new(req, accesstoken)
203
193
 
{yhttp_auth-9.3.1 → yhttp_auth-9.3.2/yhttp_auth.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: yhttp-auth
3
- Version: 9.3.1
3
+ Version: 9.3.2
4
4
  Summary: A very micro http framework.
5
5
  Home-page: http://github.com/yhttp/yhttp-auth
6
6
  Author: Vahid Mardani
{yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/LICENSE RENAMED
File without changes
{yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/README.md RENAMED
File without changes
{yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/setup.cfg RENAMED
File without changes
{yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/setup.py RENAMED
File without changes
{yhttp_auth-9.3.1 → yhttp_auth-9.3.2}/tests/test_cli.py RENAMED
File without changes