imacat/flask-digestauth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 16 Wiki Activity

Compare commits

base: imacat:0387abb4f665ecd382a7d347d77111d93ca3f2a1
Branches Tags
imacat:main
imacat:v0.7.1 imacat:v0.7.0 imacat:v0.6.2 imacat:v0.6.1 imacat:v0.6.0 imacat:v0.5.0 imacat:v0.4.0 imacat:v0.3.1 imacat:v0.3.0 imacat:v0.2.4 imacat:v0.2.3 imacat:v0.2.2 imacat:v0.2.1 imacat:v0.2.0 imacat:v0.1.1 imacat:v0.1.0
...
compare: imacat:v0.4.0
Branches Tags
imacat:main
imacat:v0.7.1 imacat:v0.7.0 imacat:v0.6.2 imacat:v0.6.1 imacat:v0.6.0 imacat:v0.5.0 imacat:v0.4.0 imacat:v0.3.1 imacat:v0.3.0 imacat:v0.2.4 imacat:v0.2.3 imacat:v0.2.2 imacat:v0.2.1 imacat:v0.2.0 imacat:v0.1.1 imacat:v0.1.0

13 Commits
0387abb4f6 ... v0.4.0

Author SHA1 Message Date
依瑪貓
4f30756dc5 Advanced to version 0.4.0. 2023-01-04 21:29:51 +08:00
依瑪貓
cdc057f851 Renamed the package from flask-digest-auth to Flask-DigestAuth, by the Flask recommended extension guidelines https://flask.palletsprojects.com/en/latest/extensiondev/. 2023-01-04 21:29:12 +08:00
依瑪貓
574ecade05 Revised the copyright year in auth.py. 2023-01-04 21:29:04 +08:00
依瑪貓
84b9c5f62e Renamed digest_auth_state to _digest_auth_state as the state stored in the request instance. 2023-01-04 20:48:45 +08:00
依瑪貓
4990de085c Changed to store the DigestAuth instance from app.digest_auth to app.extensions["digest_auth"]. 2023-01-04 20:42:51 +08:00
依瑪貓
51e51ae4e2 Replaced auth.app with current_app. 2023-01-04 20:37:57 +08:00
imacat
2de770aed0 Advanced to version 0.3.1. 2022-12-29 23:49:28 +08:00
imacat
9ab413d583 Added the test_disabled test to the FlaskLoginTestCase test case. 2022-12-29 23:44:02 +08:00
imacat
aeb93a60e5 Fixed to store the auth state in request instead of the g global object in the flask_login load_user_from_request and unauthorized handlers in the init_app method of the DigestAuth class. This is so that the auth state is always reset in the lifecycle of request even if g stays. Revised the unauthorized to create a new auth state if it is not available in the current request, in the case that the load_user_from_request handler was not run previously. 2022-12-29 23:43:35 +08:00
依瑪貓
a07118ef9c Revised the documentation for digest_auth parameter of the open method in the test client, to be clear. 2022-12-07 18:59:41 +08:00
依瑪貓
514e9255aa Replaced "my_user" and "my_pass" with USERNAME and PASSWORD in the examples of the test client in the documentation, to avoid GitGuardian from detecting them as real passwords. 2022-12-07 18:55:52 +08:00
依瑪貓
79abdc9cde Fixed the documentation of the login_required decorator in the DigestAuth class. 2022-12-07 18:48:39 +08:00
依瑪貓
038e7a8352 Removed the warnings in the documentation of the test client. It is API document now. All content, for public or not, are available. There is no need to warn now. 2022-12-07 18:45:06 +08:00
9 changed files with 117 additions and 82 deletions
Expand all files Collapse all files

50
README.rst
View File

@ -6,13 +6,13 @@ Flask HTTP Digest Authentication
Description
===========
*Flask-Digest-Auth* is an `HTTP Digest Authentication`_ implementation
*Flask-DigestAuth* is an `HTTP Digest Authentication`_ implementation
for Flask_ applications. It authenticates the user for the protected
views.
HTTP Digest Authentication is specified in `RFC 2617`_.
Refer to the full `Flask-Digest-Auth readthedocs documentation`_.
Refer to the full `Flask-DigestAuth readthedocs documentation`_.
Why HTTP Digest Authentication?
@ -30,7 +30,7 @@ own challenge-response log in form, but then you are reinventing the
wheels. If a pretty log in form is not critical to your project, HTTP
Digest Authentication should be a good choice.
Flask-Digest-Auth works with Flask-Login_. Log in protection can be
Flask-DigestAuth works with Flask-Login_. Log in protection can be
separated with the authentication mechanism. You can create protected
Flask modules without knowing the actual authentication mechanisms.
@ -38,18 +38,18 @@ Flask modules without knowing the actual authentication mechanisms.
Installation
============
You can install Flask-Digest-Auth with ``pip``:
You can install Flask-DigestAuth with ``pip``:
::
pip install Flask-Digest-Auth
pip install Flask-DigestAuth
You may also install the latest source from the
`Flask-Digest-Auth GitHub repository`_.
`Flask-DigestAuth GitHub repository`_.
::
pip install git+https://github.com/imacat/flask-digest-auth.git
pip install git+https://github.com/imacat/flask-digestauth.git
Setting the Password
@ -70,14 +70,14 @@ you need to ask their password, to generate and store the new password
hash.
Flask-Digest-Auth Alone
=======================
Flask-DigestAuth Alone
======================
Flask-Digest-Auth can authenticate the users alone.
Flask-DigestAuth can authenticate the users alone.
Simple Applications with Flask-Digest-Auth Alone
------------------------------------------------
Simple Applications with Flask-DigestAuth Alone
-----------------------------------------------
In your ``my_app.py``:
@ -112,8 +112,8 @@ In your ``my_app.py``:
return redirect(request.form.get("next"))
Larger Applications with ``create_app()`` with Flask-Digest-Auth Alone
----------------------------------------------------------------------
Larger Applications with ``create_app()`` with Flask-DigestAuth Alone
---------------------------------------------------------------------
In your ``my_app/__init__.py``:
@ -169,19 +169,19 @@ In your ``my_app/views.py``:
Flask-Login Integration
=======================
Flask-Digest-Auth works with Flask-Login_. You can write a Flask
Flask-DigestAuth works with Flask-Login_. You can write a Flask
module that requires log in, without specifying how to log in. The
application can use either HTTP Digest Authentication, or the log in
forms, as needed.
To use Flask-Login with Flask-Digest-Auth,
To use Flask-Login with Flask-DigestAuth,
``login_manager.init_app(app)`` must be called before
``auth.init_app(app)``.
The currently logged-in user can be retrieved at
``flask_login.current_user``, if any.
The views only depend on Flask-Login, but not the Flask-Digest-Auth.
The views only depend on Flask-Login, but not the Flask-DigestAuth.
You can change the actual authentication mechanism without changing
the views.
@ -293,7 +293,7 @@ mechanism without changing the views.
Session Integration
===================
Flask-Digest-Auth features session integration. The user log in
Flask-DigestAuth features session integration. The user log in
is remembered in the session. The authentication information is not
requested again. This is different to the practice of the HTTP Digest
Authentication, but is convenient for the log in accounting.
@ -315,14 +315,14 @@ logging the log in event, adding the log in counter, etc.
Log Out
=======
Flask-Digest-Auth supports log out. The user will be prompted for the
Flask-DigestAuth supports log out. The user will be prompted for the
new username and password.
Test Client
===========
Flask-Digest-Auth comes with a test client that supports HTTP digest
Flask-DigestAuth comes with a test client that supports HTTP digest
authentication.
@ -350,7 +350,7 @@ A unittest Test Case
response = self.client.get("/admin")
self.assertEqual(response.status_code, 401)
response = self.client.get(
"/admin", digest_auth=("my_name", "my_pass"))
"/admin", digest_auth=(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 200)
@ -382,14 +382,14 @@ A pytest Test
response = client.get("/admin")
assert response.status_code == 401
response = client.get(
"/admin", digest_auth=("my_name", "my_pass"))
"/admin", digest_auth=(USERNAME, PASSWORD))
assert response.status_code == 200
Copyright
=========
Copyright (c) 2022 imacat.
Copyright (c) 2022-2023 imacat.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -414,6 +414,6 @@ Authors
.. _HTTP Digest Authentication: https://en.wikipedia.org/wiki/Digest_access_authentication
.. _RFC 2617: https://www.rfc-editor.org/rfc/rfc2617
.. _Flask: https://flask.palletsprojects.com
.. _Flask-Digest-Auth GitHub repository: https://github.com/imacat/flask-digest-auth
.. _Flask-Digest-Auth readthedocs documentation: https://flask-digest-auth.readthedocs.io
.. _Flask-DigestAuth GitHub repository: https://github.com/imacat/flask-digestauth
.. _Flask-DigestAuth readthedocs documentation: https://flask-digestauth.readthedocs.io
.. _Flask-Login: https://flask-login.readthedocs.io

6
docs/source/conf.py
View File

@ -10,10 +10,10 @@ sys.path.insert(0, os.path.abspath('../../src/'))
# -- Project information -----------------------------------------------------
# https://www.sphinx-doc.org/en/master/usage/configuration.html#project-information
project = 'Flask-Digest-Auth'
copyright = '2022, imacat'
project = 'Flask-DigestAuth'
copyright = '2022-2023, imacat'
author = 'imacat'
release = '0.3.0'
release = '0.4.0'
# -- General configuration ---------------------------------------------------
# https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration

12
docs/source/examples.rst
View File

@ -4,8 +4,8 @@ Examples
.. _example-alone-simple:
Simple Applications with Flask-Digest-Auth Alone
------------------------------------------------
Simple Applications with Flask-DigestAuth Alone
-----------------------------------------------
In your ``my_app.py``:
@ -42,8 +42,8 @@ In your ``my_app.py``:
.. _example-alone-large:
Larger Applications with ``create_app()`` with Flask-Digest-Auth Alone
----------------------------------------------------------------------
Larger Applications with ``create_app()`` with Flask-DigestAuth Alone
---------------------------------------------------------------------
In your ``my_app/__init__.py``:
@ -229,7 +229,7 @@ A unittest Test Case
response = self.client.get("/admin")
self.assertEqual(response.status_code, 401)
response = self.client.get(
"/admin", digest_auth=("my_name", "my_pass"))
"/admin", digest_auth=(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 200)
@ -264,5 +264,5 @@ A pytest Test
response = client.get("/admin")
assert response.status_code == 401
response = client.get(
"/admin", digest_auth=("my_name", "my_pass"))
"/admin", digest_auth=(USERNAME, PASSWORD))
assert response.status_code == 200

8
docs/source/index.rst
View File

@ -1,12 +1,12 @@
.. Flask-Digest-Auth documentation master file, created by
.. Flask-DigestAuth documentation master file, created by
sphinx-quickstart on Wed Dec 7 09:40:48 2022.
You can adapt this file completely to your liking, but it should at least
contain the root `toctree` directive.
Welcome to Flask-Digest-Auth's documentation!
=============================================
Welcome to Flask-DigestAuth's documentation!
============================================
*Flask-Digest-Auth* is an `HTTP Digest Authentication`_ implementation
*Flask-DigestAuth* is an `HTTP Digest Authentication`_ implementation
for Flask_ applications. It authenticates the user for the protected
views.

32
docs/source/intro.rst
View File

@ -2,7 +2,7 @@ Introduction
============
*Flask-Digest-Auth* is an `HTTP Digest Authentication`_ implementation
*Flask-DigestAuth* is an `HTTP Digest Authentication`_ implementation
for Flask_ applications. It authenticates the user for the protected
views.
@ -24,7 +24,7 @@ own challenge-response log in form, but then you are reinventing the
wheels. If a pretty log in form is not critical to your project, HTTP
Digest Authentication should be a good choice.
Flask-Digest-Auth works with Flask-Login_. Log in protection can be
Flask-DigestAuth works with Flask-Login_. Log in protection can be
separated with the authentication mechanism. You can create protected
Flask modules without knowing the actual authentication mechanisms.
@ -32,18 +32,18 @@ Flask modules without knowing the actual authentication mechanisms.
Installation
------------
You can install Flask-Digest-Auth with ``pip``:
You can install Flask-DigestAuth with ``pip``:
::
pip install Flask-Digest-Auth
pip install Flask-DigestAuth
You may also install the latest source from the
`Flask-Digest-Auth GitHub repository`_.
`Flask-DigestAuth GitHub repository`_.
::
pip install git+https://github.com/imacat/flask-digest-auth.git
pip install git+https://github.com/imacat/flask-digestauth.git
Setting the Password
@ -66,10 +66,10 @@ hash.
See :func:`flask_digest_auth.algo.make_password_hash`.
Flask-Digest-Auth Alone
-----------------------
Flask-DigestAuth Alone
----------------------
Flask-Digest-Auth can authenticate the users alone.
Flask-DigestAuth can authenticate the users alone.
See :ref:`example-alone-simple` and :ref:`example-alone-large`.
@ -77,12 +77,12 @@ See :ref:`example-alone-simple` and :ref:`example-alone-large`.
Flask-Login Integration
-----------------------
Flask-Digest-Auth works with Flask-Login_. You can write a Flask
Flask-DigestAuth works with Flask-Login_. You can write a Flask
module that requires log in, without specifying how to log in. The
application can use either HTTP Digest Authentication, or the log in
forms, as needed.
To use Flask-Login with Flask-Digest-Auth,
To use Flask-Login with Flask-DigestAuth,
``login_manager.init_app(app)`` must be called before
``auth.init_app(app)``.
@ -92,7 +92,7 @@ The currently logged-in user can be retrieved at
See :ref:`example-flask-login-simple` and
:ref:`example-flask-login-large`.
The views only depend on Flask-Login, but not the Flask-Digest-Auth.
The views only depend on Flask-Login, but not the Flask-DigestAuth.
You can change the actual authentication mechanism without changing
the views.
@ -100,7 +100,7 @@ the views.
Session Integration
-------------------
Flask-Digest-Auth features session integration. The user log in
Flask-DigestAuth features session integration. The user log in
is remembered in the session. The authentication information is not
requested again. This is different to the practice of the HTTP Digest
Authentication, but is convenient for the log in accounting.
@ -124,7 +124,7 @@ See :meth:`flask_digest_auth.auth.DigestAuth.register_on_login`.
Log Out
-------
Flask-Digest-Auth supports log out. The user will be prompted for the
Flask-DigestAuth supports log out. The user will be prompted for the
new username and password.
See :meth:`flask_digest_auth.auth.DigestAuth.logout`.
@ -133,7 +133,7 @@ See :meth:`flask_digest_auth.auth.DigestAuth.logout`.
Test Client
-----------
Flask-Digest-Auth comes with a test client that supports HTTP digest
Flask-DigestAuth comes with a test client that supports HTTP digest
authentication.
See :class:`flask_digest_auth.test.Client`.
@ -145,4 +145,4 @@ Also see :ref:`example-unittest` and :ref:`example-pytest`.
.. _RFC 2617: https://www.rfc-editor.org/rfc/rfc2617
.. _Flask: https://flask.palletsprojects.com
.. _Flask-Login: https://flask-login.readthedocs.io
.. _Flask-Digest-Auth GitHub repository: https://github.com/imacat/flask-digest-auth
.. _Flask-DigestAuth GitHub repository: https://github.com/imacat/flask-digestauth

10
setup.cfg
View File

@ -1,7 +1,7 @@
# The Flask HTTP Digest Authentication Project.
# Author: imacat@mail.imacat.idv.tw (imacat), 2022/11/23
# Copyright (c) 2022 imacat.
# Copyright (c) 2022-2023 imacat.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -16,16 +16,16 @@
# limitations under the License.
[metadata]
name = flask-digest-auth
version = 0.3.0
name = Flask-DigestAuth
version = 0.4.0
author = imacat
author_email = imacat@mail.imacat.idv.tw
description = The Flask HTTP Digest Authentication project.
long_description = file: README.rst
long_description_content_type = text/x-rst
url = https://github.com/imacat/flask-digest-auth
url = https://github.com/imacat/flask-digestauth
project_urls =
Bug Tracker = https://github.com/imacat/flask-digest-auth/issues
Bug Tracker = https://github.com/imacat/flask-digestauth/issues
classifiers =
Programming Language :: Python :: 3
License :: OSI Approved :: Apache Software License

26
src/flask_digest_auth/auth.py
View File

@ -1,7 +1,7 @@
# The Flask HTTP Digest Authentication Project.
# Author: imacat@mail.imacat.idv.tw (imacat), 2022/10/22
# Copyright (c) 2022 imacat.
# Copyright (c) 2022-2023 imacat.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -27,7 +27,8 @@ import typing as t
from functools import wraps
from secrets import token_urlsafe, randbits
from flask import g, request, Response, session, abort, Flask, Request
from flask import g, request, Response, session, abort, Flask, Request, \
current_app
from itsdangerous import URLSafeTimedSerializer, BadData
from werkzeug.datastructures import Authorization
@ -59,8 +60,6 @@ class DigestAuth:
= ["auth", "auth-int"]
"""A list of supported quality of protection supported, either
``qop``, ``auth-int``, both, or empty. Default is both."""
self.app: t.Optional[Flask] = None
"""The current Flask application."""
self.__get_password_hash: BasePasswordHashGetter \
= BasePasswordHashGetter()
"""The callback to return the password hash."""
@ -70,7 +69,7 @@ class DigestAuth:
"""The callback to run when the user logs in."""
def login_required(self, view) -> t.Callable:
"""The view decorator for HTTP digest authentication.
"""The view decorator for the HTTP digest authentication.
:Example:
@ -328,7 +327,8 @@ class DigestAuth:
self.__on_login = OnLogInCallback()
def init_app(self, app: Flask) -> None:
"""Initializes the Flask application.
"""Initializes the Flask application. The DigestAuth instance will
be stored in ``app.extensions["digest_auth"]``.
:Example:
@ -342,8 +342,7 @@ class DigestAuth:
:param app: The Flask application.
:return: None.
"""
app.digest_auth = self
self.app = app
app.extensions["digest_auth"] = self
if hasattr(app, "login_manager"):
from flask_login import LoginManager, login_user
@ -356,10 +355,13 @@ class DigestAuth:
:return: None.
"""
state: AuthState = getattr(request, "_digest_auth_state") \
if hasattr(request, "_digest_auth_state") \
else AuthState()
response: Response = Response()
response.status = 401
response.headers["WWW-Authenticate"] \
= self.__make_response_header(g.digest_auth_state)
= self.__make_response_header(state)
abort(response)
@login_manager.request_loader
@ -370,7 +372,7 @@ class DigestAuth:
:return: The authenticated user, or None if the
authentication fails
"""
g.digest_auth_state = AuthState()
request._digest_auth_state = AuthState()
authorization: Authorization = req.authorization
try:
if authorization is None:
@ -378,7 +380,7 @@ class DigestAuth:
if authorization.type != "digest":
raise UnauthorizedException(
"Not an HTTP digest authorization")
self.__authenticate(g.digest_auth_state)
self.__authenticate(request._digest_auth_state)
user = login_manager.user_callback(
authorization.username)
login_user(user)
@ -409,7 +411,7 @@ class DigestAuth:
if "user" in session:
del session["user"]
try:
if hasattr(self.app, "login_manager"):
if hasattr(current_app, "login_manager"):
from flask_login import logout_user
logout_user()
except ModuleNotFoundError:

13
src/flask_digest_auth/test.py
View File

@ -51,7 +51,7 @@ class Client(WerkzeugClient):
response = self.client.get("/admin")
self.assertEqual(response.status_code, 401)
response = self.client.get(
"/admin", digest_auth=("my_name", "my_pass"))
"/admin", digest_auth=(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 200)
For pytest_:
@ -76,7 +76,7 @@ class Client(WerkzeugClient):
response = client.get("/admin")
assert response.status_code == 401
response = client.get(
"/admin", digest_auth=("my_name", "my_pass"))
"/admin", digest_auth=(USERNAME, PASSWORD))
assert response.status_code == 200
.. _unittest: https://docs.python.org/3/library/unittest.html
@ -87,12 +87,8 @@ class Client(WerkzeugClient):
**kwargs) -> TestResponse:
"""Opens a request.
.. warning::
This is to override the parent ``open`` method. You should call
the ``get``, ``post``, ``put``, and ``delete`` methods instead.
:param args: The arguments.
:param digest_auth: A tuple of the username and password for the HTTP
:param digest_auth: The (*username*, *password*) tuple for the HTTP
digest authentication.
:param kwargs: The keyword arguments.
:return: The response.
@ -115,9 +111,6 @@ class Client(WerkzeugClient):
username: str, password: str) -> Authorization:
"""Composes and returns the request authorization.
.. warning::
This method is not for public.
:param www_authenticate: The ``WWW-Authenticate`` response.
:param uri: The request URI.
:param username: The username.

42
tests/test_flask_login.py
View File

@ -45,7 +45,6 @@ class User:
self.password_hash: str = make_password_hash(
_REALM, username, password)
self.visits: int = 0
self.is_authenticated: bool = True
self.is_active: bool = True
self.is_anonymous: bool = False
@ -57,6 +56,16 @@ class User:
"""
return self.username
@property
def is_authenticated(self) -> bool:
"""Returns whether the user is authenticated.
This is required by Flask-Login.
This should return self.is_active.
:return: True if the user is active, or False otherwise.
"""
return self.is_active
class FlaskLoginTestCase(TestCase):
"""The test case with the Flask-Login integration."""
@ -256,3 +265,34 @@ class FlaskLoginTestCase(TestCase):
response = self.client.get(admin_uri)
self.assertEqual(response.status_code, 200)
self.assertEqual(self.user.visits, 2)
def test_disabled(self) -> None:
"""Tests the disabled user.
:return: None.
"""
if not self.has_flask_login:
self.skipTest("Skipped without Flask-Login.")
response: Response
self.user.is_active = False
response = self.client.get(self.app.url_for("admin-1"))
self.assertEqual(response.status_code, 401)
response = self.client.get(self.app.url_for("admin-1"),
digest_auth=(_USERNAME, _PASSWORD))
self.assertEqual(response.status_code, 401)
self.user.is_active = True
response = self.client.get(self.app.url_for("admin-1"),
digest_auth=(_USERNAME, _PASSWORD))
self.assertEqual(response.status_code, 200)
response = self.client.get(self.app.url_for("admin-1"))
self.assertEqual(response.status_code, 200)
self.user.is_active = False
response = self.client.get(self.app.url_for("admin-1"))
self.assertEqual(response.status_code, 401)
response = self.client.get(self.app.url_for("admin-1"),
digest_auth=(_USERNAME, _PASSWORD))
self.assertEqual(response.status_code, 401)