Compare commits
	
		
			50 Commits
		
	
	
		
			v0.2.2
			...
			f04ea7ac18
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| f04ea7ac18 | |||
| 15ea650ddd | |||
| 5b255b6504 | |||
| 919b8d0dc3 | |||
| 604ed0be27 | |||
| 9e0a06bd4c | |||
| e861cae2e0 | |||
| 264ba158ee | |||
| d1fd0c3693 | |||
| bc15a578cb | |||
| cedff68247 | |||
| 769ca7dddd | |||
| 33eb81f368 | |||
| 5faf51c49b | |||
| d5a8bb3acd | |||
| 27d27127f6 | |||
| 5ebdea6d0a | |||
| ea31bb9579 | |||
| 4f30756dc5 | |||
| cdc057f851 | |||
| 574ecade05 | |||
| 84b9c5f62e | |||
| 4990de085c | |||
| 51e51ae4e2 | |||
| 2de770aed0 | |||
| 9ab413d583 | |||
| aeb93a60e5 | |||
| a07118ef9c | |||
| 514e9255aa | |||
| 79abdc9cde | |||
| 038e7a8352 | |||
| 0387abb4f6 | |||
| 10e8add9e6 | |||
| c004e28c37 | |||
| 46f05a1022 | |||
| b9384150b7 | |||
| 4296756ae7 | |||
| 83cf83a67c | |||
| 7aaa7b9abe | |||
| 14b90de059 | |||
| e9013017fb | |||
| 6e6ac8bbe7 | |||
| 7ec56ee52d | |||
| b348c872dc | |||
| d78093ab53 | |||
| c6b8569543 | |||
| a1c48beb32 | |||
| a88fdf81fa | |||
| 4993bfdd9b | |||
| 696f350a44 | 
							
								
								
									
										40
									
								
								.readthedocs.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										40
									
								
								.readthedocs.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,40 @@ | |||||||
|  | # The Flask HTTP Digest Authentication Project. | ||||||
|  | # Author: imacat@mail.imacat.idv.tw (imacat), 2023/4/5 | ||||||
|  |  | ||||||
|  | #  Copyright (c) 2023 imacat. | ||||||
|  | # | ||||||
|  | #  Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  | #  you may not use this file except in compliance with the License. | ||||||
|  | #  You may obtain a copy of the License at | ||||||
|  | # | ||||||
|  | #      http://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  | # | ||||||
|  | #  Unless required by applicable law or agreed to in writing, software | ||||||
|  | #  distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  | #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  | #  See the License for the specific language governing permissions and | ||||||
|  | #  limitations under the License. | ||||||
|  |  | ||||||
|  | # .readthedocs.yaml | ||||||
|  | # Read the Docs configuration file | ||||||
|  | # See https://docs.readthedocs.io/en/stable/config-file/v2.html for details | ||||||
|  |  | ||||||
|  | # Required | ||||||
|  | version: 2 | ||||||
|  |  | ||||||
|  | # Set the version of Python and other tools you might need | ||||||
|  | build: | ||||||
|  |   os: ubuntu-22.04 | ||||||
|  |   tools: | ||||||
|  |     python: "3.8" | ||||||
|  |  | ||||||
|  | # Build documentation in the docs/ directory with Sphinx | ||||||
|  |  | ||||||
|  | # If using Sphinx, optionally build your docs in additional formats such as PDF | ||||||
|  | formats: all | ||||||
|  |  | ||||||
|  | # Optionally declare the Python requirements required to build your docs | ||||||
|  | python: | ||||||
|  |    install: | ||||||
|  |    - method: pip | ||||||
|  |      path: . | ||||||
| @@ -15,8 +15,7 @@ | |||||||
| #  See the License for the specific language governing permissions and | #  See the License for the specific language governing permissions and | ||||||
| #  limitations under the License. | #  limitations under the License. | ||||||
|  |  | ||||||
| include docs/* | recursive-include docs * | ||||||
| include docs/source/* | recursive-exclude docs/build * | ||||||
| include docs/source/_static/* | recursive-include tests * | ||||||
| include docs/source/_templates/* | recursive-exclude tests *.pyc | ||||||
| include tests/* |  | ||||||
|   | |||||||
							
								
								
									
										355
									
								
								README.rst
									
									
									
									
									
								
							
							
						
						
									
										355
									
								
								README.rst
									
									
									
									
									
								
							| @@ -6,14 +6,12 @@ Flask HTTP Digest Authentication | |||||||
| Description | Description | ||||||
| =========== | =========== | ||||||
|  |  | ||||||
| *Flask-Digest-Auth* is an `HTTP Digest Authentication`_ implementation | *Flask-DigestAuth* is an `HTTP Digest Authentication`_ implementation | ||||||
| for Flask_ applications.  It authenticates the user for the protected | for Flask_ applications.  It authenticates the user for the protected | ||||||
| views. | views. | ||||||
|  |  | ||||||
| HTTP Digest Authentication is specified in `RFC 2617`_. | HTTP Digest Authentication is specified in `RFC 2617`_. | ||||||
|  |  | ||||||
| Refer to the full `Flask-Digest-Auth readthedocs documentation`_. |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Why HTTP Digest Authentication? | Why HTTP Digest Authentication? | ||||||
| ------------------------------- | ------------------------------- | ||||||
| @@ -30,7 +28,7 @@ own challenge-response log in form, but then you are reinventing the | |||||||
| wheels.  If a pretty log in form is not critical to your project, HTTP | wheels.  If a pretty log in form is not critical to your project, HTTP | ||||||
| Digest Authentication should be a good choice. | Digest Authentication should be a good choice. | ||||||
|  |  | ||||||
| Flask-Digest-Auth works with Flask-Login_.  Log in protection can be | Flask-DigestAuth works with Flask-Login_.  Log in protection can be | ||||||
| separated with the authentication mechanism.  You can create protected | separated with the authentication mechanism.  You can create protected | ||||||
| Flask modules without knowing the actual authentication mechanisms. | Flask modules without knowing the actual authentication mechanisms. | ||||||
|  |  | ||||||
| @@ -38,358 +36,36 @@ Flask modules without knowing the actual authentication mechanisms. | |||||||
| Installation | Installation | ||||||
| ============ | ============ | ||||||
|  |  | ||||||
| You can install Flask-Digest-Auth with ``pip``: | You can install Flask-DigestAuth with ``pip``: | ||||||
|  |  | ||||||
| :: | :: | ||||||
|  |  | ||||||
|     pip install Flask-Digest-Auth |     pip install Flask-DigestAuth | ||||||
|  |  | ||||||
| You may also install the latest source from the | You may also install the latest source from the | ||||||
| `Flask-Digest-Auth GitHub repository`_. | `Flask-DigestAuth GitHub repository`_. | ||||||
|  |  | ||||||
| :: | :: | ||||||
|  |  | ||||||
|     pip install git+https://github.com/imacat/flask-digest-auth.git |     pip install git+https://github.com/imacat/flask-digestauth.git | ||||||
|  |  | ||||||
|  |  | ||||||
| Setting the Password | Documentation | ||||||
| ==================== | ============= | ||||||
|  |  | ||||||
| The password hash of the HTTP Digest Authentication is composed of the | Refer to the `documentation on Read the Docs`_. | ||||||
| realm, the username, and the password.  Example for setting the |  | ||||||
| password: |  | ||||||
|  |  | ||||||
| :: |  | ||||||
|  |  | ||||||
|     from flask_digest_auth import make_password_hash | Change Log | ||||||
|  | ========== | ||||||
|  |  | ||||||
|     user.password = make_password_hash(realm, username, password) | Refer to the `change log`_. | ||||||
|  |  | ||||||
| The username is part of the hash.  If the user changes their username, |  | ||||||
| you need to ask their password, to generate and store the new password |  | ||||||
| hash. |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Flask-Digest-Auth Alone |  | ||||||
| ======================= |  | ||||||
|  |  | ||||||
| Flask-Digest-Auth can authenticate the users alone. |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Simple Applications with Flask-Digest-Auth Alone |  | ||||||
| ------------------------------------------------ |  | ||||||
|  |  | ||||||
| In your ``my_app.py``: |  | ||||||
|  |  | ||||||
| :: |  | ||||||
|  |  | ||||||
|     from flask import Flask, request, redirect |  | ||||||
|     from flask_digest_auth import DigestAuth |  | ||||||
|  |  | ||||||
|     app: flask = Flask(__name__) |  | ||||||
|     ... (Configure the Flask application) ... |  | ||||||
|  |  | ||||||
|     auth: DigestAuth = DigestAuth(realm="Admin") |  | ||||||
|     auth.init_app(app) |  | ||||||
|  |  | ||||||
|     @auth.register_get_password |  | ||||||
|     def get_password_hash(username: str) -> t.Optional[str]: |  | ||||||
|         ... (Load the password hash) ... |  | ||||||
|  |  | ||||||
|     @auth.register_get_user |  | ||||||
|     def get_user(username: str) -> t.Optional[t.Any]: |  | ||||||
|         ... (Load the user) ... |  | ||||||
|  |  | ||||||
|     @app.get("/admin") |  | ||||||
|     @auth.login_required |  | ||||||
|     def admin(): |  | ||||||
|         return f"Hello, {g.user.username}!" |  | ||||||
|  |  | ||||||
|     @app.post("/logout") |  | ||||||
|     @auth.login_required |  | ||||||
|     def logout(): |  | ||||||
|         auth.logout() |  | ||||||
|         return redirect(request.form.get("next")) |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Larger Applications with ``create_app()`` with Flask-Digest-Auth Alone |  | ||||||
| ---------------------------------------------------------------------- |  | ||||||
|  |  | ||||||
| In your ``my_app/__init__.py``: |  | ||||||
|  |  | ||||||
| :: |  | ||||||
|  |  | ||||||
|     from flask import Flask |  | ||||||
|     from flask_digest_auth import DigestAuth |  | ||||||
|  |  | ||||||
|     auth: DigestAuth = DigestAuth() |  | ||||||
|  |  | ||||||
|     def create_app(test_config = None) -> Flask: |  | ||||||
|         app: flask = Flask(__name__) |  | ||||||
|         ... (Configure the Flask application) ... |  | ||||||
|  |  | ||||||
|         auth.realm = app.config["REALM"] |  | ||||||
|         auth.init_app(app) |  | ||||||
|  |  | ||||||
|         @auth.register_get_password |  | ||||||
|         def get_password_hash(username: str) -> t.Optional[str]: |  | ||||||
|             ... (Load the password hash) ... |  | ||||||
|  |  | ||||||
|         @auth.register_get_user |  | ||||||
|         def get_user(username: str) -> t.Optional[t.Any]: |  | ||||||
|             ... (Load the user) ... |  | ||||||
|  |  | ||||||
|         return app |  | ||||||
|  |  | ||||||
| In your ``my_app/views.py``: |  | ||||||
|  |  | ||||||
| :: |  | ||||||
|  |  | ||||||
|     from my_app import auth |  | ||||||
|     from flask import Flask, Blueprint, request, redirect |  | ||||||
|  |  | ||||||
|     bp = Blueprint("admin", __name__, url_prefix="/admin") |  | ||||||
|  |  | ||||||
|     @bp.get("/admin") |  | ||||||
|     @auth.login_required |  | ||||||
|     def admin(): |  | ||||||
|         return f"Hello, {g.user.username}!" |  | ||||||
|  |  | ||||||
|     @app.post("/logout") |  | ||||||
|     @auth.login_required |  | ||||||
|     def logout(): |  | ||||||
|         auth.logout() |  | ||||||
|         return redirect(request.form.get("next")) |  | ||||||
|  |  | ||||||
|     def init_app(app: Flask) -> None: |  | ||||||
|         app.register_blueprint(bp) |  | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Flask-Login Integration |  | ||||||
| ======================= |  | ||||||
|  |  | ||||||
| Flask-Digest-Auth works with Flask-Login_.  You can write a Flask |  | ||||||
| module that requires log in, without specifying how to log in.  The |  | ||||||
| application can use either HTTP Digest Authentication, or the log in |  | ||||||
| forms, as needed. |  | ||||||
|  |  | ||||||
| To use Flask-Login with Flask-Digest-Auth, |  | ||||||
| ``login_manager.init_app(app)`` must be called before |  | ||||||
| ``auth.init_app(app)``. |  | ||||||
|  |  | ||||||
| The currently logged-in user can be retrieved at |  | ||||||
| ``flask_login.current_user``, if any. |  | ||||||
|  |  | ||||||
| The views only depend on Flask-Login, but not the Flask-Digest-Auth. |  | ||||||
| You can change the actual authentication mechanism without changing |  | ||||||
| the views. |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Simple Applications with Flask-Login Integration |  | ||||||
| ------------------------------------------------ |  | ||||||
|  |  | ||||||
| In your ``my_app.py``: |  | ||||||
|  |  | ||||||
| :: |  | ||||||
|  |  | ||||||
|     import flask_login |  | ||||||
|     from flask import Flask, request, redirect |  | ||||||
|     from flask_digest_auth import DigestAuth |  | ||||||
|  |  | ||||||
|     app: flask = Flask(__name__) |  | ||||||
|     ... (Configure the Flask application) ... |  | ||||||
|  |  | ||||||
|     login_manager: flask_login.LoginManager = flask_login.LoginManager() |  | ||||||
|     login_manager.init_app(app) |  | ||||||
|  |  | ||||||
|     @login_manager.user_loader |  | ||||||
|     def load_user(user_id: str) -> t.Optional[User]: |  | ||||||
|         ... (Load the user with the username) ... |  | ||||||
|  |  | ||||||
|     auth: DigestAuth = DigestAuth(realm="Admin") |  | ||||||
|     auth.init_app(app) |  | ||||||
|  |  | ||||||
|     @auth.register_get_password |  | ||||||
|     def get_password_hash(username: str) -> t.Optional[str]: |  | ||||||
|         ... (Load the password hash) ... |  | ||||||
|  |  | ||||||
|     @app.get("/admin") |  | ||||||
|     @flask_login.login_required |  | ||||||
|     def admin(): |  | ||||||
|         return f"Hello, {flask_login.current_user.get_id()}!" |  | ||||||
|  |  | ||||||
|     @app.post("/logout") |  | ||||||
|     @flask_login.login_required |  | ||||||
|     def logout(): |  | ||||||
|         auth.logout() |  | ||||||
|         # Do not call flask_login.logout_user() |  | ||||||
|         return redirect(request.form.get("next")) |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Larger Applications with ``create_app()`` with Flask-Login Integration |  | ||||||
| ---------------------------------------------------------------------- |  | ||||||
|  |  | ||||||
| In your ``my_app/__init__.py``: |  | ||||||
|  |  | ||||||
| :: |  | ||||||
|  |  | ||||||
|     from flask import Flask |  | ||||||
|     from flask_digest_auth import DigestAuth |  | ||||||
|     from flask_login import LoginManager |  | ||||||
|  |  | ||||||
|     auth: DigestAuth = DigestAuth() |  | ||||||
|  |  | ||||||
|     def create_app(test_config = None) -> Flask: |  | ||||||
|         app: flask = Flask(__name__) |  | ||||||
|         ... (Configure the Flask application) ... |  | ||||||
|  |  | ||||||
|         login_manager: LoginManager = LoginManager() |  | ||||||
|         login_manager.init_app(app) |  | ||||||
|  |  | ||||||
|         @login_manager.user_loader |  | ||||||
|         def load_user(user_id: str) -> t.Optional[User]: |  | ||||||
|             ... (Load the user with the username) ... |  | ||||||
|  |  | ||||||
|         auth.realm = app.config["REALM"] |  | ||||||
|         auth.init_app(app) |  | ||||||
|  |  | ||||||
|         @auth.register_get_password |  | ||||||
|         def get_password_hash(username: str) -> t.Optional[str]: |  | ||||||
|             ... (Load the password hash) ... |  | ||||||
|  |  | ||||||
|         return app |  | ||||||
|  |  | ||||||
| In your ``my_app/views.py``: |  | ||||||
|  |  | ||||||
| :: |  | ||||||
|  |  | ||||||
|     import flask_login |  | ||||||
|     from flask import Flask, Blueprint, request, redirect |  | ||||||
|     from my_app import auth |  | ||||||
|  |  | ||||||
|     bp = Blueprint("admin", __name__, url_prefix="/admin") |  | ||||||
|  |  | ||||||
|     @bp.get("/admin") |  | ||||||
|     @flask_login.login_required |  | ||||||
|     def admin(): |  | ||||||
|         return f"Hello, {flask_login.current_user.get_id()}!" |  | ||||||
|  |  | ||||||
|     @app.post("/logout") |  | ||||||
|     @flask_login.login_required |  | ||||||
|     def logout(): |  | ||||||
|         auth.logout() |  | ||||||
|         # Do not call flask_login.logout_user() |  | ||||||
|         return redirect(request.form.get("next")) |  | ||||||
|  |  | ||||||
|     def init_app(app: Flask) -> None: |  | ||||||
|         app.register_blueprint(bp) |  | ||||||
|  |  | ||||||
| The views only depend on Flask-Login, but not the actual |  | ||||||
| authentication mechanism.  You can change the actual authentication |  | ||||||
| mechanism without changing the views. |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Session Integration |  | ||||||
| =================== |  | ||||||
|  |  | ||||||
| Flask-Digest-Auth features session integration.  The user log in |  | ||||||
| is remembered in the session.  The authentication information is not |  | ||||||
| requested again.  This is different to the practice of the HTTP Digest |  | ||||||
| Authentication, but is convenient for the log in accounting. |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Log In Bookkeeping |  | ||||||
| ================== |  | ||||||
|  |  | ||||||
| You can register a callback to run when the user logs in, for ex., |  | ||||||
| logging the log in event, adding the log in counter, etc. |  | ||||||
|  |  | ||||||
| :: |  | ||||||
|  |  | ||||||
|     @auth.register_on_login |  | ||||||
|     def on_login(user: User) -> None: |  | ||||||
|         user.visits = user.visits + 1 |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Log Out |  | ||||||
| ======= |  | ||||||
|  |  | ||||||
| Flask-Digest-Auth supports log out.  The user will be prompted for the |  | ||||||
| new username and password. |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Test Client |  | ||||||
| =========== |  | ||||||
|  |  | ||||||
| Flask-Digest-Auth comes with a test client that supports HTTP digest |  | ||||||
| authentication. |  | ||||||
|  |  | ||||||
|  |  | ||||||
| A unittest Test Case |  | ||||||
| -------------------- |  | ||||||
|  |  | ||||||
| :: |  | ||||||
|  |  | ||||||
|     from flask import Flask |  | ||||||
|     from flask_digest_auth import Client |  | ||||||
|     from flask_testing import TestCase |  | ||||||
|     from my_app import create_app |  | ||||||
|  |  | ||||||
|     class MyTestCase(TestCase): |  | ||||||
|  |  | ||||||
|         def create_app(self): |  | ||||||
|             app: Flask = create_app({ |  | ||||||
|                 "SECRET_KEY": token_urlsafe(32), |  | ||||||
|                 "TESTING": True |  | ||||||
|             }) |  | ||||||
|             app.test_client_class = Client |  | ||||||
|             return app |  | ||||||
|  |  | ||||||
|         def test_admin(self): |  | ||||||
|             response = self.client.get("/admin") |  | ||||||
|             self.assertEqual(response.status_code, 401) |  | ||||||
|             response = self.client.get( |  | ||||||
|                 "/admin", digest_auth=("my_name", "my_pass")) |  | ||||||
|             self.assertEqual(response.status_code, 200) |  | ||||||
|  |  | ||||||
|  |  | ||||||
| A pytest Test |  | ||||||
| ------------- |  | ||||||
|  |  | ||||||
| :: |  | ||||||
|  |  | ||||||
|     import pytest |  | ||||||
|     from flask import Flask |  | ||||||
|     from flask_digest_auth import Client |  | ||||||
|     from my_app import create_app |  | ||||||
|  |  | ||||||
|     @pytest.fixture() |  | ||||||
|     def app(): |  | ||||||
|         app: Flask = create_app({ |  | ||||||
|             "SECRET_KEY": token_urlsafe(32), |  | ||||||
|             "TESTING": True |  | ||||||
|         }) |  | ||||||
|         app.test_client_class = Client |  | ||||||
|         yield app |  | ||||||
|  |  | ||||||
|     @pytest.fixture() |  | ||||||
|     def client(app): |  | ||||||
|         return app.test_client() |  | ||||||
|  |  | ||||||
|     def test_admin(app: Flask, client: Client): |  | ||||||
|         with app.app_context(): |  | ||||||
|             response = self.client.get("/admin") |  | ||||||
|             assert response.status_code == 401 |  | ||||||
|             response = self.client.get( |  | ||||||
|                 "/admin", digest_auth=("my_name", "my_pass")) |  | ||||||
|             assert response.status_code == 200 |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Copyright | Copyright | ||||||
| ========= | ========= | ||||||
|  |  | ||||||
|  Copyright (c) 2022 imacat. |  Copyright (c) 2022-2023 imacat. | ||||||
|  |  | ||||||
|  Licensed under the Apache License, Version 2.0 (the "License"); |  Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  you may not use this file except in compliance with the License. |  you may not use this file except in compliance with the License. | ||||||
| @@ -414,6 +90,7 @@ Authors | |||||||
| .. _HTTP Digest Authentication: https://en.wikipedia.org/wiki/Digest_access_authentication | .. _HTTP Digest Authentication: https://en.wikipedia.org/wiki/Digest_access_authentication | ||||||
| .. _RFC 2617: https://www.rfc-editor.org/rfc/rfc2617 | .. _RFC 2617: https://www.rfc-editor.org/rfc/rfc2617 | ||||||
| .. _Flask: https://flask.palletsprojects.com | .. _Flask: https://flask.palletsprojects.com | ||||||
| .. _Flask-Digest-Auth GitHub repository: https://github.com/imacat/flask-digest-auth | .. _Flask-DigestAuth GitHub repository: https://github.com/imacat/flask-digestauth | ||||||
| .. _Flask-Digest-Auth readthedocs documentation: https://flask-digest-auth.readthedocs.io |  | ||||||
| .. _Flask-Login: https://flask-login.readthedocs.io | .. _Flask-Login: https://flask-login.readthedocs.io | ||||||
|  | .. _documentation on Read the Docs: https://flask-digestauth.readthedocs.io | ||||||
|  | .. _change log: https://flask-digestauth.readthedocs.io/en/latest/changelog.html | ||||||
|   | |||||||
| @@ -10,8 +10,6 @@ if "%SPHINXBUILD%" == "" ( | |||||||
| set SOURCEDIR=source | set SOURCEDIR=source | ||||||
| set BUILDDIR=build | set BUILDDIR=build | ||||||
|  |  | ||||||
| if "%1" == "" goto help |  | ||||||
|  |  | ||||||
| %SPHINXBUILD% >NUL 2>NUL | %SPHINXBUILD% >NUL 2>NUL | ||||||
| if errorlevel 9009 ( | if errorlevel 9009 ( | ||||||
| 	echo. | 	echo. | ||||||
| @@ -21,10 +19,12 @@ if errorlevel 9009 ( | |||||||
| 	echo.may add the Sphinx directory to PATH. | 	echo.may add the Sphinx directory to PATH. | ||||||
| 	echo. | 	echo. | ||||||
| 	echo.If you don't have Sphinx installed, grab it from | 	echo.If you don't have Sphinx installed, grab it from | ||||||
| 	echo.http://sphinx-doc.org/ | 	echo.https://www.sphinx-doc.org/ | ||||||
| 	exit /b 1 | 	exit /b 1 | ||||||
| ) | ) | ||||||
|  |  | ||||||
|  | if "%1" == "" goto help | ||||||
|  |  | ||||||
| %SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% | %SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% | ||||||
| goto end | goto end | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										130
									
								
								docs/source/changelog.rst
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										130
									
								
								docs/source/changelog.rst
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,130 @@ | |||||||
|  | Change Log | ||||||
|  | ========== | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Version 0.6.1 | ||||||
|  | ------------- | ||||||
|  |  | ||||||
|  | Released 2023/5/3 | ||||||
|  |  | ||||||
|  | * Revised the code for the upcoming Werkzeug 2.4. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Version 0.6.0 | ||||||
|  | ------------- | ||||||
|  |  | ||||||
|  | Released 2023/4/26 | ||||||
|  |  | ||||||
|  | * Updated the minimal Python version to 3.8. | ||||||
|  | * Switched from ``setup.cfg`` to ``pyproject.toml``. | ||||||
|  | * Added the change log. | ||||||
|  | * Simplified ``README.rst``. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Version 0.5.0 | ||||||
|  | ------------- | ||||||
|  |  | ||||||
|  | Released 2023/1/6 | ||||||
|  |  | ||||||
|  | * Added the ``DIGEST_AUTH_REALM`` configuration variable as the | ||||||
|  |   recommended way to set the authentication realm. | ||||||
|  | * Changed the default realm from an empty string to | ||||||
|  |   ``Login Required``. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Version 0.4.0 | ||||||
|  | ------------- | ||||||
|  |  | ||||||
|  | Released 2023/1/4 | ||||||
|  |  | ||||||
|  | * Changed the package name from ``flask-digest-auth`` to | ||||||
|  |   ``Flask-DigestAuth``, according to the Flask recommended extension | ||||||
|  |   guidelines | ||||||
|  |   https://flask.palletsprojects.com/en/latest/extensiondev/ . | ||||||
|  | * Replaced ``app.digest_auth`` with ``app.extensions["digest-auth"]`` | ||||||
|  |   to store the ``DigestAuth`` instance. | ||||||
|  | * Replaced ``auth.app`` with ``current_app``, to prevent circular | ||||||
|  |   imports. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Version 0.3.1 | ||||||
|  | ------------- | ||||||
|  |  | ||||||
|  | Released 2022/12/29 | ||||||
|  |  | ||||||
|  | Fixed the missing authentication state with disabled users. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Version 0.3.0 | ||||||
|  | ------------- | ||||||
|  |  | ||||||
|  | Released 2022/12/7 | ||||||
|  |  | ||||||
|  | Changed the visibility of several methods and properties of the | ||||||
|  | DigestAuth class that should be private to private. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Version 0.2.4 | ||||||
|  | ------------- | ||||||
|  |  | ||||||
|  | Released 2022/12/6 | ||||||
|  |  | ||||||
|  | Fixed the pytest example in the documentation. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Version 0.2.3 | ||||||
|  | ------------- | ||||||
|  |  | ||||||
|  | Released 2022/12/6 | ||||||
|  |  | ||||||
|  | Fixed the dependencies for the documentation hosted on Read the Docs. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Version 0.2.2 | ||||||
|  | ------------- | ||||||
|  |  | ||||||
|  | Released 2022/12/6 | ||||||
|  |  | ||||||
|  | Added the Sphinx documentation, and hosted the documentation on | ||||||
|  | Read the Docs. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Version 0.2.1 | ||||||
|  | ------------- | ||||||
|  |  | ||||||
|  | Released 2022/12/6 | ||||||
|  |  | ||||||
|  | Various fixes, with the help from SonarQube. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Version 0.2.0 | ||||||
|  | ------------- | ||||||
|  |  | ||||||
|  | Released 2022/11/27 | ||||||
|  |  | ||||||
|  | * Added log out support.  User can log out. | ||||||
|  | * Added on-login event handler.  You can do some accounting when the | ||||||
|  |   user logs in. | ||||||
|  |  | ||||||
|  | This release is written in Sydney and on the international flight, | ||||||
|  | and released in Taipei. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Version 0.1.1 | ||||||
|  | ------------- | ||||||
|  |  | ||||||
|  | Released 2022/11/24 | ||||||
|  |  | ||||||
|  | Changed the minimal Python version to 3.7. | ||||||
|  |  | ||||||
|  | Released at Sydney, Australia on vacation. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Version 0.1.0 | ||||||
|  | ------------- | ||||||
|  |  | ||||||
|  | Released 2022/11/24 | ||||||
|  |  | ||||||
|  | The initial release. | ||||||
|  |  | ||||||
|  | Released at Sydney, Australia on vacation. | ||||||
| @@ -1,59 +1,33 @@ | |||||||
| # Configuration file for the Sphinx documentation builder. | # Configuration file for the Sphinx documentation builder. | ||||||
| # | # | ||||||
| # This file only contains a selection of the most common options. For a full | # For the full list of built-in configuration values, see the documentation: | ||||||
| # list see the documentation: |  | ||||||
| # https://www.sphinx-doc.org/en/master/usage/configuration.html | # https://www.sphinx-doc.org/en/master/usage/configuration.html | ||||||
| import os | import os | ||||||
| # -- Path setup -------------------------------------------------------------- |  | ||||||
|  |  | ||||||
| # If extensions (or modules to document with autodoc) are in another directory, |  | ||||||
| # add these directories to sys.path here. If the directory is relative to the |  | ||||||
| # documentation root, use os.path.abspath to make it absolute, like shown here. |  | ||||||
| # |  | ||||||
| import sys | import sys | ||||||
|  |  | ||||||
| sys.path.insert(0, os.path.abspath('../../src/')) | sys.path.insert(0, os.path.abspath('../../src/')) | ||||||
|  | import flask_digest_auth | ||||||
|  |  | ||||||
| # -- Project information ----------------------------------------------------- | # -- Project information ----------------------------------------------------- | ||||||
|  | # https://www.sphinx-doc.org/en/master/usage/configuration.html#project-information | ||||||
|  |  | ||||||
| project = 'Flask-Digest-Auth' | project = 'Flask-DigestAuth' | ||||||
| copyright = '2022, imacat' | copyright = '2022-2023, imacat' | ||||||
| author = 'imacat' | author = 'imacat' | ||||||
|  | release = flask_digest_auth.VERSION | ||||||
| # The full version, including alpha/beta/rc tags |  | ||||||
| release = '0.2.1' |  | ||||||
|  |  | ||||||
|  |  | ||||||
| # -- General configuration --------------------------------------------------- | # -- General configuration --------------------------------------------------- | ||||||
|  | # https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration | ||||||
|  |  | ||||||
| # Add any Sphinx extension module names here, as strings. They can be | extensions = ["sphinx.ext.autodoc"] | ||||||
| # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom |  | ||||||
| # ones. |  | ||||||
| extensions = [ |  | ||||||
|     "sphinx.ext.autodoc" |  | ||||||
| ] |  | ||||||
|  |  | ||||||
| # Add any paths that contain templates here, relative to this directory. |  | ||||||
| templates_path = ['_templates'] | templates_path = ['_templates'] | ||||||
|  |  | ||||||
| # List of patterns, relative to source directory, that match files and |  | ||||||
| # directories to ignore when looking for source files. |  | ||||||
| # This pattern also affects html_static_path and html_extra_path. |  | ||||||
| exclude_patterns = [] | exclude_patterns = [] | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| # -- Options for HTML output ------------------------------------------------- | # -- Options for HTML output ------------------------------------------------- | ||||||
|  | # https://www.sphinx-doc.org/en/master/usage/configuration.html#options-for-html-output | ||||||
|  |  | ||||||
| # The theme to use for HTML and HTML Help pages.  See the documentation for |  | ||||||
| # a list of builtin themes. |  | ||||||
| # |  | ||||||
| html_theme = 'sphinx_rtd_theme' | html_theme = 'sphinx_rtd_theme' | ||||||
|  |  | ||||||
| # Add any paths that contain custom static files (such as style sheets) here, |  | ||||||
| # relative to this directory. They are copied after the builtin static files, |  | ||||||
| # so a file named "default.css" will overwrite the builtin "default.css". |  | ||||||
| html_static_path = ['_static'] | html_static_path = ['_static'] | ||||||
|  |  | ||||||
| # For readthedocs.io to work properly. |  | ||||||
| master_doc = 'index' |  | ||||||
|   | |||||||
| @@ -4,8 +4,8 @@ Examples | |||||||
|  |  | ||||||
| .. _example-alone-simple: | .. _example-alone-simple: | ||||||
|  |  | ||||||
| Simple Applications with Flask-Digest-Auth Alone | Simple Applications with Flask-DigestAuth Alone | ||||||
| ------------------------------------------------ | ----------------------------------------------- | ||||||
|  |  | ||||||
| In your ``my_app.py``: | In your ``my_app.py``: | ||||||
|  |  | ||||||
| @@ -17,7 +17,7 @@ In your ``my_app.py``: | |||||||
|     app: flask = Flask(__name__) |     app: flask = Flask(__name__) | ||||||
|     ... (Configure the Flask application) ... |     ... (Configure the Flask application) ... | ||||||
|  |  | ||||||
|     auth: DigestAuth = DigestAuth(realm="Admin") |     auth: DigestAuth = DigestAuth() | ||||||
|     auth.init_app(app) |     auth.init_app(app) | ||||||
|  |  | ||||||
|     @auth.register_get_password |     @auth.register_get_password | ||||||
| @@ -42,8 +42,8 @@ In your ``my_app.py``: | |||||||
|  |  | ||||||
| .. _example-alone-large: | .. _example-alone-large: | ||||||
|  |  | ||||||
| Larger Applications with ``create_app()`` with Flask-Digest-Auth Alone | Larger Applications with ``create_app()`` with Flask-DigestAuth Alone | ||||||
| ---------------------------------------------------------------------- | --------------------------------------------------------------------- | ||||||
|  |  | ||||||
| In your ``my_app/__init__.py``: | In your ``my_app/__init__.py``: | ||||||
|  |  | ||||||
| @@ -58,7 +58,6 @@ In your ``my_app/__init__.py``: | |||||||
|         app: flask = Flask(__name__) |         app: flask = Flask(__name__) | ||||||
|         ... (Configure the Flask application) ... |         ... (Configure the Flask application) ... | ||||||
|  |  | ||||||
|         auth.realm = app.config["REALM"] |  | ||||||
|         auth.init_app(app) |         auth.init_app(app) | ||||||
|  |  | ||||||
|         @auth.register_get_password |         @auth.register_get_password | ||||||
| @@ -118,7 +117,7 @@ In your ``my_app.py``: | |||||||
|     def load_user(user_id: str) -> t.Optional[User]: |     def load_user(user_id: str) -> t.Optional[User]: | ||||||
|         ... (Load the user with the username) ... |         ... (Load the user with the username) ... | ||||||
|  |  | ||||||
|     auth: DigestAuth = DigestAuth(realm="Admin") |     auth: DigestAuth = DigestAuth() | ||||||
|     auth.init_app(app) |     auth.init_app(app) | ||||||
|  |  | ||||||
|     @auth.register_get_password |     @auth.register_get_password | ||||||
| @@ -164,7 +163,6 @@ In your ``my_app/__init__.py``: | |||||||
|         def load_user(user_id: str) -> t.Optional[User]: |         def load_user(user_id: str) -> t.Optional[User]: | ||||||
|             ... (Load the user with the username) ... |             ... (Load the user with the username) ... | ||||||
|  |  | ||||||
|         auth.realm = app.config["REALM"] |  | ||||||
|         auth.init_app(app) |         auth.init_app(app) | ||||||
|  |  | ||||||
|         @auth.register_get_password |         @auth.register_get_password | ||||||
| @@ -219,8 +217,9 @@ A unittest Test Case | |||||||
|  |  | ||||||
|         def create_app(self): |         def create_app(self): | ||||||
|             app: Flask = create_app({ |             app: Flask = create_app({ | ||||||
|  |                 "TESTING": True, | ||||||
|                 "SECRET_KEY": token_urlsafe(32), |                 "SECRET_KEY": token_urlsafe(32), | ||||||
|                 "TESTING": True |                 "DIGEST_AUTH_REALM": "admin", | ||||||
|             }) |             }) | ||||||
|             app.test_client_class = Client |             app.test_client_class = Client | ||||||
|             return app |             return app | ||||||
| @@ -229,7 +228,7 @@ A unittest Test Case | |||||||
|             response = self.client.get("/admin") |             response = self.client.get("/admin") | ||||||
|             self.assertEqual(response.status_code, 401) |             self.assertEqual(response.status_code, 401) | ||||||
|             response = self.client.get( |             response = self.client.get( | ||||||
|                 "/admin", digest_auth=("my_name", "my_pass")) |                 "/admin", digest_auth=(USERNAME, PASSWORD)) | ||||||
|             self.assertEqual(response.status_code, 200) |             self.assertEqual(response.status_code, 200) | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -249,8 +248,9 @@ A pytest Test | |||||||
|     @pytest.fixture() |     @pytest.fixture() | ||||||
|     def app(): |     def app(): | ||||||
|         app: Flask = create_app({ |         app: Flask = create_app({ | ||||||
|  |             "TESTING": True, | ||||||
|             "SECRET_KEY": token_urlsafe(32), |             "SECRET_KEY": token_urlsafe(32), | ||||||
|             "TESTING": True |             "DIGEST_AUTH_REALM": "admin", | ||||||
|         }) |         }) | ||||||
|         app.test_client_class = Client |         app.test_client_class = Client | ||||||
|         yield app |         yield app | ||||||
| @@ -261,8 +261,8 @@ A pytest Test | |||||||
|  |  | ||||||
|     def test_admin(app: Flask, client: Client): |     def test_admin(app: Flask, client: Client): | ||||||
|         with app.app_context(): |         with app.app_context(): | ||||||
|             response = self.client.get("/admin") |             response = client.get("/admin") | ||||||
|             assert response.status_code == 401 |             assert response.status_code == 401 | ||||||
|             response = self.client.get( |             response = client.get( | ||||||
|                 "/admin", digest_auth=("my_name", "my_pass")) |                 "/admin", digest_auth=(USERNAME, PASSWORD)) | ||||||
|             assert response.status_code == 200 |             assert response.status_code == 200 | ||||||
|   | |||||||
| @@ -1,24 +1,37 @@ | |||||||
| flask\_digest\_auth package | flask\_digest\_auth package | ||||||
| =========================== | =========================== | ||||||
|  |  | ||||||
| The ``DigestAuth`` Class | Submodules | ||||||
| ------------------------ | ---------- | ||||||
| .. autoclass:: flask_digest_auth.DigestAuth |  | ||||||
|  | flask\_digest\_auth.algo module | ||||||
|  | ------------------------------- | ||||||
|  |  | ||||||
|  | .. automodule:: flask_digest_auth.algo | ||||||
|    :members: |    :members: | ||||||
|    :undoc-members: |    :undoc-members: | ||||||
|    :show-inheritance: |    :show-inheritance: | ||||||
|  |  | ||||||
| The ``make_password_hash`` Function | flask\_digest\_auth.auth module | ||||||
| ----------------------------------- | ------------------------------- | ||||||
| .. autofunction:: flask_digest_auth.make_password_hash |  | ||||||
|  |  | ||||||
| The ``calc_response`` Function | .. automodule:: flask_digest_auth.auth | ||||||
| ------------------------------ |    :members: | ||||||
| .. autofunction:: flask_digest_auth.calc_response |    :undoc-members: | ||||||
|  |    :show-inheritance: | ||||||
| The ``Client`` Test Class |  | ||||||
| ------------------------- | flask\_digest\_auth.test module | ||||||
| .. autoclass:: flask_digest_auth.Client | ------------------------------- | ||||||
|  |  | ||||||
|  | .. automodule:: flask_digest_auth.test | ||||||
|  |    :members: | ||||||
|  |    :undoc-members: | ||||||
|  |    :show-inheritance: | ||||||
|  |  | ||||||
|  | Module contents | ||||||
|  | --------------- | ||||||
|  |  | ||||||
|  | .. automodule:: flask_digest_auth | ||||||
|    :members: |    :members: | ||||||
|    :undoc-members: |    :undoc-members: | ||||||
|    :show-inheritance: |    :show-inheritance: | ||||||
|   | |||||||
| @@ -1,12 +1,12 @@ | |||||||
| .. flask-digest-auth documentation master file, created by | .. Flask-DigestAuth documentation master file, created by | ||||||
|    sphinx-quickstart on Tue Dec  6 15:15:08 2022. |    sphinx-quickstart on Wed Dec  7 09:40:48 2022. | ||||||
|    You can adapt this file completely to your liking, but it should at least |    You can adapt this file completely to your liking, but it should at least | ||||||
|    contain the root `toctree` directive. |    contain the root `toctree` directive. | ||||||
|  |  | ||||||
| Welcome to Flask-Digest-Auth's documentation! | Welcome to Flask-DigestAuth's documentation! | ||||||
| ============================================= | ============================================ | ||||||
|  |  | ||||||
| *Flask-Digest-Auth* is an `HTTP Digest Authentication`_ implementation | *Flask-DigestAuth* is an `HTTP Digest Authentication`_ implementation | ||||||
| for Flask_ applications.  It authenticates the user for the protected | for Flask_ applications.  It authenticates the user for the protected | ||||||
| views. | views. | ||||||
|  |  | ||||||
| @@ -19,6 +19,7 @@ HTTP Digest Authentication is specified in `RFC 2617`_. | |||||||
|    intro |    intro | ||||||
|    flask_digest_auth |    flask_digest_auth | ||||||
|    examples |    examples | ||||||
|  |    changelog | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
|   | |||||||
| @@ -2,7 +2,7 @@ Introduction | |||||||
| ============ | ============ | ||||||
|  |  | ||||||
|  |  | ||||||
| *Flask-Digest-Auth* is an `HTTP Digest Authentication`_ implementation | *Flask-DigestAuth* is an `HTTP Digest Authentication`_ implementation | ||||||
| for Flask_ applications.  It authenticates the user for the protected | for Flask_ applications.  It authenticates the user for the protected | ||||||
| views. | views. | ||||||
|  |  | ||||||
| @@ -24,7 +24,7 @@ own challenge-response log in form, but then you are reinventing the | |||||||
| wheels.  If a pretty log in form is not critical to your project, HTTP | wheels.  If a pretty log in form is not critical to your project, HTTP | ||||||
| Digest Authentication should be a good choice. | Digest Authentication should be a good choice. | ||||||
|  |  | ||||||
| Flask-Digest-Auth works with Flask-Login_.  Log in protection can be | Flask-DigestAuth works with Flask-Login_.  Log in protection can be | ||||||
| separated with the authentication mechanism.  You can create protected | separated with the authentication mechanism.  You can create protected | ||||||
| Flask modules without knowing the actual authentication mechanisms. | Flask modules without knowing the actual authentication mechanisms. | ||||||
|  |  | ||||||
| @@ -32,18 +32,25 @@ Flask modules without knowing the actual authentication mechanisms. | |||||||
| Installation | Installation | ||||||
| ------------ | ------------ | ||||||
|  |  | ||||||
| You can install Flask-Digest-Auth with ``pip``: | You can install Flask-DigestAuth with ``pip``: | ||||||
|  |  | ||||||
| :: | :: | ||||||
|  |  | ||||||
|     pip install Flask-Digest-Auth |     pip install Flask-DigestAuth | ||||||
|  |  | ||||||
| You may also install the latest source from the | You may also install the latest source from the | ||||||
| `Flask-Digest-Auth GitHub repository`_. | `Flask-DigestAuth GitHub repository`_. | ||||||
|  |  | ||||||
| :: | :: | ||||||
|  |  | ||||||
|     pip install git+https://github.com/imacat/flask-digest-auth.git |     pip install git+https://github.com/imacat/flask-digestauth.git | ||||||
|  |  | ||||||
|  |  | ||||||
|  | Configuration | ||||||
|  | ------------- | ||||||
|  |  | ||||||
|  | Flask-DigestAuth takes the configuration ``DIGEST_AUTH_REALM`` as the | ||||||
|  | realm.  The default realm is ``Login Required``. | ||||||
|  |  | ||||||
|  |  | ||||||
| Setting the Password | Setting the Password | ||||||
| @@ -63,13 +70,13 @@ The username is part of the hash.  If the user changes their username, | |||||||
| you need to ask their password, to generate and store the new password | you need to ask their password, to generate and store the new password | ||||||
| hash. | hash. | ||||||
|  |  | ||||||
| See :meth:`flask_digest_auth.make_password_hash`. | See :func:`flask_digest_auth.algo.make_password_hash`. | ||||||
|  |  | ||||||
|  |  | ||||||
| Flask-Digest-Auth Alone | Flask-DigestAuth Alone | ||||||
| ----------------------- | ---------------------- | ||||||
|  |  | ||||||
| Flask-Digest-Auth can authenticate the users alone. | Flask-DigestAuth can authenticate the users alone. | ||||||
|  |  | ||||||
| See :ref:`example-alone-simple` and :ref:`example-alone-large`. | See :ref:`example-alone-simple` and :ref:`example-alone-large`. | ||||||
|  |  | ||||||
| @@ -77,12 +84,12 @@ See :ref:`example-alone-simple` and :ref:`example-alone-large`. | |||||||
| Flask-Login Integration | Flask-Login Integration | ||||||
| ----------------------- | ----------------------- | ||||||
|  |  | ||||||
| Flask-Digest-Auth works with Flask-Login_.  You can write a Flask | Flask-DigestAuth works with Flask-Login_.  You can write a Flask | ||||||
| module that requires log in, without specifying how to log in.  The | module that requires log in, without specifying how to log in.  The | ||||||
| application can use either HTTP Digest Authentication, or the log in | application can use either HTTP Digest Authentication, or the log in | ||||||
| forms, as needed. | forms, as needed. | ||||||
|  |  | ||||||
| To use Flask-Login with Flask-Digest-Auth, | To use Flask-Login with Flask-DigestAuth, | ||||||
| ``login_manager.init_app(app)`` must be called before | ``login_manager.init_app(app)`` must be called before | ||||||
| ``auth.init_app(app)``. | ``auth.init_app(app)``. | ||||||
|  |  | ||||||
| @@ -92,7 +99,7 @@ The currently logged-in user can be retrieved at | |||||||
| See :ref:`example-flask-login-simple` and | See :ref:`example-flask-login-simple` and | ||||||
| :ref:`example-flask-login-large`. | :ref:`example-flask-login-large`. | ||||||
|  |  | ||||||
| The views only depend on Flask-Login, but not the Flask-Digest-Auth. | The views only depend on Flask-Login, but not the Flask-DigestAuth. | ||||||
| You can change the actual authentication mechanism without changing | You can change the actual authentication mechanism without changing | ||||||
| the views. | the views. | ||||||
|  |  | ||||||
| @@ -100,7 +107,7 @@ the views. | |||||||
| Session Integration | Session Integration | ||||||
| ------------------- | ------------------- | ||||||
|  |  | ||||||
| Flask-Digest-Auth features session integration.  The user log in | Flask-DigestAuth features session integration.  The user log in | ||||||
| is remembered in the session.  The authentication information is not | is remembered in the session.  The authentication information is not | ||||||
| requested again.  This is different to the practice of the HTTP Digest | requested again.  This is different to the practice of the HTTP Digest | ||||||
| Authentication, but is convenient for the log in accounting. | Authentication, but is convenient for the log in accounting. | ||||||
| @@ -118,25 +125,25 @@ logging the log in event, adding the log in counter, etc. | |||||||
|     def on_login(user: User) -> None: |     def on_login(user: User) -> None: | ||||||
|         user.visits = user.visits + 1 |         user.visits = user.visits + 1 | ||||||
|  |  | ||||||
| See :meth:`flask_digest_auth.DigestAuth.register_on_login`. | See :meth:`flask_digest_auth.auth.DigestAuth.register_on_login`. | ||||||
|  |  | ||||||
|  |  | ||||||
| Log Out | Log Out | ||||||
| ------- | ------- | ||||||
|  |  | ||||||
| Flask-Digest-Auth supports log out.  The user will be prompted for the | Flask-DigestAuth supports log out.  The user will be prompted for the | ||||||
| new username and password. | new username and password. | ||||||
|  |  | ||||||
| See :meth:`flask_digest_auth.DigestAuth.logout`. | See :meth:`flask_digest_auth.auth.DigestAuth.logout`. | ||||||
|  |  | ||||||
|  |  | ||||||
| Test Client | Test Client | ||||||
| ----------- | ----------- | ||||||
|  |  | ||||||
| Flask-Digest-Auth comes with a test client that supports HTTP digest | Flask-DigestAuth comes with a test client that supports HTTP digest | ||||||
| authentication. | authentication. | ||||||
|  |  | ||||||
| See :class:`flask_digest_auth.Client`. | See :class:`flask_digest_auth.test.Client`. | ||||||
|  |  | ||||||
| Also see :ref:`example-unittest` and :ref:`example-pytest`. | Also see :ref:`example-unittest` and :ref:`example-pytest`. | ||||||
|  |  | ||||||
| @@ -145,4 +152,4 @@ Also see :ref:`example-unittest` and :ref:`example-pytest`. | |||||||
| .. _RFC 2617: https://www.rfc-editor.org/rfc/rfc2617 | .. _RFC 2617: https://www.rfc-editor.org/rfc/rfc2617 | ||||||
| .. _Flask: https://flask.palletsprojects.com | .. _Flask: https://flask.palletsprojects.com | ||||||
| .. _Flask-Login: https://flask-login.readthedocs.io | .. _Flask-Login: https://flask-login.readthedocs.io | ||||||
| .. _Flask-Digest-Auth GitHub repository: https://github.com/imacat/flask-digest-auth | .. _Flask-DigestAuth GitHub repository: https://github.com/imacat/flask-digestauth | ||||||
|   | |||||||
							
								
								
									
										7
									
								
								docs/source/modules.rst
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								docs/source/modules.rst
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | |||||||
|  | src | ||||||
|  | === | ||||||
|  |  | ||||||
|  | .. toctree:: | ||||||
|  |    :maxdepth: 4 | ||||||
|  |  | ||||||
|  |    flask_digest_auth | ||||||
| @@ -1,7 +1,7 @@ | |||||||
| # The Flask HTTP Digest Authentication Project. | # The Flask HTTP Digest Authentication Project. | ||||||
| # Author: imacat@mail.imacat.idv.tw (imacat), 2022/11/23 | # Author: imacat@mail.imacat.idv.tw (imacat), 2022/11/23 | ||||||
|  |  | ||||||
| #  Copyright (c) 2022 imacat. | #  Copyright (c) 2022-2023 imacat. | ||||||
| # | # | ||||||
| #  Licensed under the Apache License, Version 2.0 (the "License"); | #  Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
| #  you may not use this file except in compliance with the License. | #  you may not use this file except in compliance with the License. | ||||||
| @@ -15,6 +15,43 @@ | |||||||
| #  See the License for the specific language governing permissions and | #  See the License for the specific language governing permissions and | ||||||
| #  limitations under the License. | #  limitations under the License. | ||||||
|  |  | ||||||
|  | [project] | ||||||
|  | name = "Flask-DigestAuth" | ||||||
|  | dynamic = ["version"] | ||||||
|  | description = "The Flask HTTP Digest Authentication project." | ||||||
|  | readme = "README.rst" | ||||||
|  | requires-python = ">=3.8" | ||||||
|  | authors = [ | ||||||
|  |     {name = "imacat", email = "imacat@mail.imacat.idv.tw"}, | ||||||
|  | ] | ||||||
|  | keywords = ["flask", "digest-authentication"] | ||||||
|  | classifiers = [ | ||||||
|  |     "Programming Language :: Python :: 3", | ||||||
|  |     "License :: OSI Approved :: Apache Software License", | ||||||
|  |     "Operating System :: OS Independent", | ||||||
|  |     "Framework :: Flask", | ||||||
|  |     "Topic :: System :: Systems Administration :: Authentication/Directory", | ||||||
|  |     "Intended Audience :: Developers", | ||||||
|  | ] | ||||||
|  | dependencies = [ | ||||||
|  |     "flask", | ||||||
|  | ] | ||||||
|  |  | ||||||
|  | [project.optional-dependencies] | ||||||
|  | test = [ | ||||||
|  |     "unittest", | ||||||
|  |     "flask-testing", | ||||||
|  | ] | ||||||
|  |  | ||||||
|  | [project.urls] | ||||||
|  | "Documentation" = "https://flask-digestauth.readthedocs.io" | ||||||
|  | "Change Log" = "https://mia-accounting.readthedocs.io/en/latest/changelog.html" | ||||||
|  | "Repository" = "https://github.com/imacat/flask-digestauth" | ||||||
|  | "Bug Tracker" = "https://github.com/imacat/flask-digestauth/issues" | ||||||
|  |  | ||||||
| [build-system] | [build-system] | ||||||
| requires = ["setuptools>=42"] | requires = ["setuptools>=42"] | ||||||
| build-backend = "setuptools.build_meta" | build-backend = "setuptools.build_meta" | ||||||
|  |  | ||||||
|  | [tool.setuptools.dynamic] | ||||||
|  | version = {attr = "flask_digest_auth.VERSION"} | ||||||
|   | |||||||
							
								
								
									
										53
									
								
								setup.cfg
									
									
									
									
									
								
							
							
						
						
									
										53
									
								
								setup.cfg
									
									
									
									
									
								
							| @@ -1,53 +0,0 @@ | |||||||
| # The Flask HTTP Digest Authentication Project. |  | ||||||
| # Author: imacat@mail.imacat.idv.tw (imacat), 2022/11/23 |  | ||||||
|  |  | ||||||
| #  Copyright (c) 2022 imacat. |  | ||||||
| # |  | ||||||
| #  Licensed under the Apache License, Version 2.0 (the "License"); |  | ||||||
| #  you may not use this file except in compliance with the License. |  | ||||||
| #  You may obtain a copy of the License at |  | ||||||
| # |  | ||||||
| #      http://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| # |  | ||||||
| #  Unless required by applicable law or agreed to in writing, software |  | ||||||
| #  distributed under the License is distributed on an "AS IS" BASIS, |  | ||||||
| #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |  | ||||||
| #  See the License for the specific language governing permissions and |  | ||||||
| #  limitations under the License. |  | ||||||
|  |  | ||||||
| [metadata] |  | ||||||
| name = flask-digest-auth |  | ||||||
| version = 0.2.2 |  | ||||||
| author = imacat |  | ||||||
| author_email = imacat@mail.imacat.idv.tw |  | ||||||
| description = The Flask HTTP Digest Authentication project. |  | ||||||
| long_description = file: README.rst |  | ||||||
| long_description_content_type = text/x-rst |  | ||||||
| url = https://github.com/imacat/flask-digest-auth |  | ||||||
| project_urls = |  | ||||||
|     Bug Tracker = https://github.com/imacat/flask-digest-auth/issues |  | ||||||
| classifiers = |  | ||||||
|     Programming Language :: Python :: 3 |  | ||||||
|     License :: OSI Approved :: Apache Software License |  | ||||||
|     Operating System :: OS Independent |  | ||||||
|     Framework :: Flask |  | ||||||
|     Topic :: System :: Systems Administration :: Authentication/Directory |  | ||||||
|     Intended Audience :: Developers |  | ||||||
|  |  | ||||||
| [options] |  | ||||||
| package_dir = |  | ||||||
|     = src |  | ||||||
| packages = find: |  | ||||||
| python_requires = >=3.7 |  | ||||||
| install_requires = |  | ||||||
|   flask |  | ||||||
| tests_require = |  | ||||||
|   unittest |  | ||||||
|   flask-testing |  | ||||||
|  |  | ||||||
| [options.packages.find] |  | ||||||
| where = src |  | ||||||
|  |  | ||||||
| [options.extras_require] |  | ||||||
| flask_login = |  | ||||||
|     flask-login |  | ||||||
| @@ -21,3 +21,6 @@ | |||||||
| from flask_digest_auth.algo import make_password_hash, calc_response | from flask_digest_auth.algo import make_password_hash, calc_response | ||||||
| from flask_digest_auth.auth import DigestAuth | from flask_digest_auth.auth import DigestAuth | ||||||
| from flask_digest_auth.test import Client | from flask_digest_auth.test import Client | ||||||
|  |  | ||||||
|  | VERSION: str = "0.6.1" | ||||||
|  | """The package version.""" | ||||||
|   | |||||||
| @@ -20,15 +20,15 @@ | |||||||
| """ | """ | ||||||
| from __future__ import annotations | from __future__ import annotations | ||||||
|  |  | ||||||
| import typing as t |  | ||||||
| from hashlib import md5 | from hashlib import md5 | ||||||
|  | from typing import Optional, Literal | ||||||
|  |  | ||||||
|  |  | ||||||
| def make_password_hash(realm: str, username: str, password: str) -> str: | def make_password_hash(realm: str, username: str, password: str) -> str: | ||||||
|     """Calculates the password hash for the HTTP digest authentication. |     """Calculates the password hash for the HTTP digest authentication. | ||||||
|     Use this function to set the password for the user. |     Use this function to set the password for the user. | ||||||
|  |  | ||||||
|     For example: |     :Example: | ||||||
|  |  | ||||||
|     :: |     :: | ||||||
|  |  | ||||||
| @@ -44,17 +44,17 @@ def make_password_hash(realm: str, username: str, password: str) -> str: | |||||||
|  |  | ||||||
| def calc_response( | def calc_response( | ||||||
|         method: str, uri: str, password_hash: str, |         method: str, uri: str, password_hash: str, | ||||||
|         nonce: str, qop: t.Optional[t.Literal["auth", "auth-int"]] = None, |         nonce: str, qop: Optional[Literal["auth", "auth-int"]] = None, | ||||||
|         algorithm: t.Optional[t.Literal["MD5", "MD5-sess"]] = "MD5-sess", |         algorithm: Optional[Literal["MD5", "MD5-sess"]] = "MD5-sess", | ||||||
|         cnonce: t.Optional[str] = None, nc: t.Optional[str] = None, |         cnonce: Optional[str] = None, nc: Optional[str] = None, | ||||||
|         body: t.Optional[bytes] = None) -> str: |         body: Optional[bytes] = None) -> str: | ||||||
|     """Calculates the response value of the HTTP digest authentication. |     """Calculates the response value of the HTTP digest authentication. | ||||||
|  |  | ||||||
|     :param method: The request method. |     :param method: The request method. | ||||||
|     :param uri: The request URI. |     :param uri: The request URI. | ||||||
|     :param password_hash: The password hash for the HTTP digest authentication. |     :param password_hash: The password hash for the HTTP digest authentication. | ||||||
|     :param nonce: The nonce. |     :param nonce: The nonce. | ||||||
|     :param qop: the quality of protection, either ``auth`` or ``auth-int``. |     :param qop: The quality of protection, either ``auth`` or ``auth-int``. | ||||||
|     :param algorithm: The algorithm, either ``MD5`` or ``MD5-sess``. |     :param algorithm: The algorithm, either ``MD5`` or ``MD5-sess``. | ||||||
|     :param cnonce: The client nonce, which must exists when qop exists or |     :param cnonce: The client nonce, which must exists when qop exists or | ||||||
|         algorithm is ``MD5-sess``. |         algorithm is ``MD5-sess``. | ||||||
|   | |||||||
| @@ -1,7 +1,7 @@ | |||||||
| # The Flask HTTP Digest Authentication Project. | # The Flask HTTP Digest Authentication Project. | ||||||
| # Author: imacat@mail.imacat.idv.tw (imacat), 2022/10/22 | # Author: imacat@mail.imacat.idv.tw (imacat), 2022/10/22 | ||||||
|  |  | ||||||
| #  Copyright (c) 2022 imacat. | #  Copyright (c) 2022-2023 imacat. | ||||||
| # | # | ||||||
| #  Licensed under the Apache License, Version 2.0 (the "License"); | #  Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
| #  you may not use this file except in compliance with the License. | #  you may not use this file except in compliance with the License. | ||||||
| @@ -16,17 +16,19 @@ | |||||||
| #  limitations under the License. | #  limitations under the License. | ||||||
|  |  | ||||||
| """The HTTP Digest Authentication. | """The HTTP Digest Authentication. | ||||||
| See RFC 2617 HTTP Authentication: Basic and Digest Access Authentication | See `RFC 2617`_ HTTP Authentication: Basic and Digest Access Authentication | ||||||
|  |  | ||||||
|  | .. _RFC 2617: https://www.rfc-editor.org/rfc/rfc2617 | ||||||
| """ | """ | ||||||
| from __future__ import annotations | from __future__ import annotations | ||||||
|  |  | ||||||
| import sys | import sys | ||||||
| import typing as t |  | ||||||
| from functools import wraps | from functools import wraps | ||||||
| from secrets import token_urlsafe, randbits | from secrets import token_urlsafe, randbits | ||||||
|  | from typing import Any, Optional, Literal, Callable, List | ||||||
|  |  | ||||||
| from flask import g, request, Response, session, abort, Flask, Request | from flask import g, request, Response, session, abort, Flask, Request, \ | ||||||
|  |     current_app | ||||||
| from itsdangerous import URLSafeTimedSerializer, BadData | from itsdangerous import URLSafeTimedSerializer, BadData | ||||||
| from werkzeug.datastructures import Authorization | from werkzeug.datastructures import Authorization | ||||||
|  |  | ||||||
| @@ -36,32 +38,43 @@ from flask_digest_auth.algo import calc_response | |||||||
| class DigestAuth: | class DigestAuth: | ||||||
|     """The HTTP digest authentication.""" |     """The HTTP digest authentication.""" | ||||||
|  |  | ||||||
|     def __init__(self, realm: t.Optional[str] = None): |     def __init__(self, realm: Optional[str] = None): | ||||||
|         """Constructs the HTTP digest authentication. |         """Constructs the HTTP digest authentication. | ||||||
|  |  | ||||||
|         :param realm: The realm. |         :param realm: The realm. | ||||||
|         """ |         """ | ||||||
|         self.secret_key: str = token_urlsafe(32) |         self.__serializer: URLSafeTimedSerializer \ | ||||||
|         self.serializer: URLSafeTimedSerializer \ |             = URLSafeTimedSerializer(token_urlsafe(32)) | ||||||
|             = URLSafeTimedSerializer(self.secret_key) |         """The serializer to generate and validate the nonce and opaque.""" | ||||||
|         self.realm: str = "" if realm is None else realm |         self.realm: str = "Login Required" if realm is None else realm | ||||||
|         self.algorithm: t.Optional[str] = None |         """The realm.  Default is "Login Required".""" | ||||||
|  |         self.algorithm: Optional[Literal["MD5", "MD5-sess"]] = None | ||||||
|  |         """The algorithm, either None, ``MD5``, or ``MD5-sess``.  Default is | ||||||
|  |         None.""" | ||||||
|         self.use_opaque: bool = True |         self.use_opaque: bool = True | ||||||
|         self.domain: t.List[str] = [] |         """Whether to use an opaque.  Default is True.""" | ||||||
|         self.qop: t.List[str] = ["auth", "auth-int"] |         self.__domain: List[str] = [] | ||||||
|         self.app: t.Optional[Flask] = None |         """A list of directories that this username and password applies to. | ||||||
|  |         Default is empty.""" | ||||||
|  |         self.__qop: List[Literal["auth", "auth-int"]] = ["auth", "auth-int"] | ||||||
|  |         """A list of supported quality of protection supported, either | ||||||
|  |         ``qop``, ``auth-int``, both, or empty.  Default is both.""" | ||||||
|         self.__get_password_hash: BasePasswordHashGetter \ |         self.__get_password_hash: BasePasswordHashGetter \ | ||||||
|             = BasePasswordHashGetter() |             = BasePasswordHashGetter() | ||||||
|  |         """The callback to return the password hash.""" | ||||||
|         self.__get_user: BaseUserGetter = BaseUserGetter() |         self.__get_user: BaseUserGetter = BaseUserGetter() | ||||||
|  |         """The callback to return the user.""" | ||||||
|         self.__on_login: BaseOnLogInCallback = BaseOnLogInCallback() |         self.__on_login: BaseOnLogInCallback = BaseOnLogInCallback() | ||||||
|  |         """The callback to run when the user logs in.""" | ||||||
|  |  | ||||||
|     def login_required(self, view) -> t.Callable: |     def login_required(self, view) -> Callable: | ||||||
|         """The view decorator for HTTP digest authentication. |         """The view decorator for the HTTP digest authentication. | ||||||
|  |  | ||||||
|         For example: |         :Example: | ||||||
|  |  | ||||||
|         :: |         :: | ||||||
|  |  | ||||||
|  |             @app.get("/admin") | ||||||
|             @auth.login_required |             @auth.login_required | ||||||
|             def admin(): |             def admin(): | ||||||
|                 return f"Hello, {g.user.username}!" |                 return f"Hello, {g.user.username}!" | ||||||
| @@ -75,7 +88,7 @@ class DigestAuth: | |||||||
|         class NoLogInException(Exception): |         class NoLogInException(Exception): | ||||||
|             """The exception thrown when the user is not authorized.""" |             """The exception thrown when the user is not authorized.""" | ||||||
|  |  | ||||||
|         def get_logged_in_user() -> t.Any: |         def get_logged_in_user() -> Any: | ||||||
|             """Returns the currently logged-in user. |             """Returns the currently logged-in user. | ||||||
|  |  | ||||||
|             :return: The currently logged-in user. |             :return: The currently logged-in user. | ||||||
| @@ -83,13 +96,13 @@ class DigestAuth: | |||||||
|             """ |             """ | ||||||
|             if "user" not in session: |             if "user" not in session: | ||||||
|                 raise NoLogInException |                 raise NoLogInException | ||||||
|             user: t.Optional[t.Any] = self.__get_user(session["user"]) |             user: Optional[Any] = self.__get_user(session["user"]) | ||||||
|             if user is None: |             if user is None: | ||||||
|                 del session["user"] |                 del session["user"] | ||||||
|                 raise NoLogInException |                 raise NoLogInException | ||||||
|             return user |             return user | ||||||
|  |  | ||||||
|         def auth_user(state: AuthState) -> t.Any: |         def auth_user(state: AuthState) -> Any: | ||||||
|             """Authenticates a user. |             """Authenticates a user. | ||||||
|  |  | ||||||
|             :param state: The authentication state. |             :param state: The authentication state. | ||||||
| @@ -107,7 +120,7 @@ class DigestAuth: | |||||||
|             return self.__get_user(authorization.username) |             return self.__get_user(authorization.username) | ||||||
|  |  | ||||||
|         @wraps(view) |         @wraps(view) | ||||||
|         def login_required_view(*args, **kwargs) -> t.Any: |         def login_required_view(*args, **kwargs) -> Any: | ||||||
|             """The login-protected view. |             """The login-protected view. | ||||||
|  |  | ||||||
|             :param args: The positional arguments of the view. |             :param args: The positional arguments of the view. | ||||||
| @@ -152,12 +165,12 @@ class DigestAuth: | |||||||
|                 raise UnauthorizedException( |                 raise UnauthorizedException( | ||||||
|                     "Missing \"opaque\" in the Authorization header") |                     "Missing \"opaque\" in the Authorization header") | ||||||
|             try: |             try: | ||||||
|                 self.serializer.loads( |                 self.__serializer.loads( | ||||||
|                     authorization.opaque, salt="opaque", max_age=1800) |                     authorization.opaque, salt="opaque", max_age=1800) | ||||||
|             except BadData: |             except BadData: | ||||||
|                 raise UnauthorizedException("Invalid opaque") |                 raise UnauthorizedException("Invalid opaque") | ||||||
|             state.opaque = authorization.opaque |             state.opaque = authorization.opaque | ||||||
|         password_hash: t.Optional[str] \ |         password_hash: Optional[str] \ | ||||||
|             = self.__get_password_hash(authorization.username) |             = self.__get_password_hash(authorization.username) | ||||||
|         if password_hash is None: |         if password_hash is None: | ||||||
|             raise UnauthorizedException( |             raise UnauthorizedException( | ||||||
| @@ -173,7 +186,7 @@ class DigestAuth: | |||||||
|             state.stale = False |             state.stale = False | ||||||
|             raise UnauthorizedException("Incorrect response value") |             raise UnauthorizedException("Incorrect response value") | ||||||
|         try: |         try: | ||||||
|             self.serializer.loads( |             self.__serializer.loads( | ||||||
|                 authorization.nonce, |                 authorization.nonce, | ||||||
|                 salt="nonce" if authorization.opaque is None |                 salt="nonce" if authorization.opaque is None | ||||||
|                 else f"nonce-{authorization.opaque}") |                 else f"nonce-{authorization.opaque}") | ||||||
| @@ -188,7 +201,7 @@ class DigestAuth: | |||||||
|         :return: The ``WWW-Authenticate`` response header. |         :return: The ``WWW-Authenticate`` response header. | ||||||
|         """ |         """ | ||||||
|  |  | ||||||
|         def get_opaque() -> t.Optional[str]: |         def get_opaque() -> Optional[str]: | ||||||
|             """Returns the opaque value. |             """Returns the opaque value. | ||||||
|  |  | ||||||
|             :return: The opaque value. |             :return: The opaque value. | ||||||
| @@ -197,34 +210,34 @@ class DigestAuth: | |||||||
|                 return None |                 return None | ||||||
|             if state.opaque is not None: |             if state.opaque is not None: | ||||||
|                 return state.opaque |                 return state.opaque | ||||||
|             return self.serializer.dumps(randbits(32), salt="opaque") |             return self.__serializer.dumps(randbits(32), salt="opaque") | ||||||
|  |  | ||||||
|         opaque: t.Optional[str] = get_opaque() |         opaque: Optional[str] = get_opaque() | ||||||
|         nonce: str = self.serializer.dumps( |         nonce: str = self.__serializer.dumps( | ||||||
|             randbits(32), |             randbits(32), | ||||||
|             salt="nonce" if opaque is None else f"nonce-{opaque}") |             salt="nonce" if opaque is None else f"nonce-{opaque}") | ||||||
|  |  | ||||||
|         header: str = f"Digest realm=\"{self.realm}\"" |         header: str = f"Digest realm=\"{self.realm}\"" | ||||||
|         if len(self.domain) > 0: |         if len(self.__domain) > 0: | ||||||
|             domain_list: str = ",".join(self.domain) |             domain_list: str = ",".join(self.__domain) | ||||||
|             header += f", domain=\"{domain_list}\"" |             header += f", domain=\"{domain_list}\"" | ||||||
|         header += f", nonce=\"{nonce}\"" |         header += f", nonce=\"{nonce}\"" | ||||||
|         if opaque is not None: |         if opaque is not None: | ||||||
|             header += f", opaque=\"{opaque}\"" |             header += f", opaque=\"{opaque}\"" | ||||||
|         if state.stale is not None: |         if state.stale is not None: | ||||||
|             header += f", stale=TRUE" if state.stale else f", stale=FALSE" |             header += ", stale=TRUE" if state.stale else ", stale=FALSE" | ||||||
|         if self.algorithm is not None: |         if self.algorithm is not None: | ||||||
|             header += f", algorithm=\"{self.algorithm}\"" |             header += f", algorithm=\"{self.algorithm}\"" | ||||||
|         if len(self.qop) > 0: |         if len(self.__qop) > 0: | ||||||
|             qop_list: str = ",".join(self.qop) |             qop_list: str = ",".join(self.__qop) | ||||||
|             header += f", qop=\"{qop_list}\"" |             header += f", qop=\"{qop_list}\"" | ||||||
|         return header |         return header | ||||||
|  |  | ||||||
|     def register_get_password(self, func: t.Callable[[str], t.Optional[str]])\ |     def register_get_password(self, func: Callable[[str], Optional[str]]) \ | ||||||
|             -> None: |             -> None: | ||||||
|         """The decorator to register the callback to obtain the password hash. |         """The decorator to register the callback to obtain the password hash. | ||||||
|  |  | ||||||
|         For example: |         :Example: | ||||||
|  |  | ||||||
|         :: |         :: | ||||||
|  |  | ||||||
| @@ -242,7 +255,7 @@ class DigestAuth: | |||||||
|             """The base password hash getter.""" |             """The base password hash getter.""" | ||||||
|  |  | ||||||
|             @staticmethod |             @staticmethod | ||||||
|             def __call__(username: str) -> t.Optional[str]: |             def __call__(username: str) -> Optional[str]: | ||||||
|                 """Returns the password hash of a user. |                 """Returns the password hash of a user. | ||||||
|  |  | ||||||
|                 :param username: The username. |                 :param username: The username. | ||||||
| @@ -252,11 +265,10 @@ class DigestAuth: | |||||||
|  |  | ||||||
|         self.__get_password_hash = PasswordHashGetter() |         self.__get_password_hash = PasswordHashGetter() | ||||||
|  |  | ||||||
|     def register_get_user(self, func: t.Callable[[str], t.Optional[t.Any]])\ |     def register_get_user(self, func: Callable[[str], Optional[Any]]) -> None: | ||||||
|             -> None: |  | ||||||
|         """The decorator to register the callback to obtain the user. |         """The decorator to register the callback to obtain the user. | ||||||
|  |  | ||||||
|         For example: |         :Example: | ||||||
|  |  | ||||||
|         :: |         :: | ||||||
|  |  | ||||||
| @@ -273,7 +285,7 @@ class DigestAuth: | |||||||
|             """The user getter.""" |             """The user getter.""" | ||||||
|  |  | ||||||
|             @staticmethod |             @staticmethod | ||||||
|             def __call__(username: str) -> t.Optional[t.Any]: |             def __call__(username: str) -> Optional[Any]: | ||||||
|                 """Returns a user. |                 """Returns a user. | ||||||
|  |  | ||||||
|                 :param username: The username. |                 :param username: The username. | ||||||
| @@ -283,10 +295,10 @@ class DigestAuth: | |||||||
|  |  | ||||||
|         self.__get_user = UserGetter() |         self.__get_user = UserGetter() | ||||||
|  |  | ||||||
|     def register_on_login(self, func: t.Callable[[t.Any], None]) -> None: |     def register_on_login(self, func: Callable[[Any], None]) -> None: | ||||||
|         """The decorator to register the callback to run when the user logs in. |         """The decorator to register the callback to run when the user logs in. | ||||||
|  |  | ||||||
|         For example: |         :Example: | ||||||
|  |  | ||||||
|         :: |         :: | ||||||
|  |  | ||||||
| @@ -302,7 +314,7 @@ class DigestAuth: | |||||||
|             """The callback when the user logs in.""" |             """The callback when the user logs in.""" | ||||||
|  |  | ||||||
|             @staticmethod |             @staticmethod | ||||||
|             def __call__(user: t.Any) -> None: |             def __call__(user: Any) -> None: | ||||||
|                 """Runs the callback when the user logs in. |                 """Runs the callback when the user logs in. | ||||||
|  |  | ||||||
|                 :param user: The logged-in user. |                 :param user: The logged-in user. | ||||||
| @@ -313,26 +325,34 @@ class DigestAuth: | |||||||
|         self.__on_login = OnLogInCallback() |         self.__on_login = OnLogInCallback() | ||||||
|  |  | ||||||
|     def init_app(self, app: Flask) -> None: |     def init_app(self, app: Flask) -> None: | ||||||
|         """Initializes the Flask application. |         """Initializes the Flask application.  The DigestAuth instance will | ||||||
|  |         be stored in ``app.extensions["digest_auth"]``. | ||||||
|  |  | ||||||
|         For example: |         :Example: | ||||||
|  |  | ||||||
|         :: |         :: | ||||||
|  |  | ||||||
|             app: flask = Flask(__name__) |             app: flask = Flask(__name__) | ||||||
|             auth: DigestAuth = DigestAuth() |             auth: DigestAuth = DigestAuth() | ||||||
|             auth.realm = "My Admin" |  | ||||||
|             auth.init_app(app) |             auth.init_app(app) | ||||||
|  |  | ||||||
|         :param app: The Flask application. |         :param app: The Flask application. | ||||||
|         :return: None. |         :return: None. | ||||||
|         """ |         """ | ||||||
|         app.digest_auth = self |         app.extensions["digest_auth"] = self | ||||||
|         self.app = app |         if "DIGEST_AUTH_REALM" in app.config: | ||||||
|  |             self.realm = app.config["DIGEST_AUTH_REALM"] | ||||||
|  |  | ||||||
|         if hasattr(app, "login_manager"): |         if hasattr(app, "login_manager"): | ||||||
|             from flask_login import LoginManager, login_user |             self.__init_login_manager(app) | ||||||
|  |  | ||||||
|  |     def __init_login_manager(self, app: Flask) -> None: | ||||||
|  |         """Initializes the Flask-Login login manager. | ||||||
|  |  | ||||||
|  |         :param app: The Flask application. | ||||||
|  |         :return: None. | ||||||
|  |         """ | ||||||
|  |         from flask_login import LoginManager, login_user | ||||||
|         login_manager: LoginManager = getattr(app, "login_manager") |         login_manager: LoginManager = getattr(app, "login_manager") | ||||||
|  |  | ||||||
|         @login_manager.unauthorized_handler |         @login_manager.unauthorized_handler | ||||||
| @@ -341,21 +361,24 @@ class DigestAuth: | |||||||
|  |  | ||||||
|             :return: None. |             :return: None. | ||||||
|             """ |             """ | ||||||
|  |             state: AuthState = getattr(request, "_digest_auth_state") \ | ||||||
|  |                 if hasattr(request, "_digest_auth_state") \ | ||||||
|  |                 else AuthState() | ||||||
|             response: Response = Response() |             response: Response = Response() | ||||||
|             response.status = 401 |             response.status = 401 | ||||||
|             response.headers["WWW-Authenticate"] \ |             response.headers["WWW-Authenticate"] \ | ||||||
|                     = self.__make_response_header(g.digest_auth_state) |                 = self.__make_response_header(state) | ||||||
|             abort(response) |             abort(response) | ||||||
|  |  | ||||||
|         @login_manager.request_loader |         @login_manager.request_loader | ||||||
|             def load_user_from_request(req: Request) -> t.Optional[t.Any]: |         def load_user_from_request(req: Request) -> Optional[Any]: | ||||||
|             """Loads the user from the request header. |             """Loads the user from the request header. | ||||||
|  |  | ||||||
|             :param req: The request. |             :param req: The request. | ||||||
|             :return: The authenticated user, or None if the |             :return: The authenticated user, or None if the | ||||||
|                 authentication fails |                 authentication fails | ||||||
|             """ |             """ | ||||||
|                 g.digest_auth_state = AuthState() |             request._digest_auth_state = AuthState() | ||||||
|             authorization: Authorization = req.authorization |             authorization: Authorization = req.authorization | ||||||
|             try: |             try: | ||||||
|                 if authorization is None: |                 if authorization is None: | ||||||
| @@ -363,9 +386,8 @@ class DigestAuth: | |||||||
|                 if authorization.type != "digest": |                 if authorization.type != "digest": | ||||||
|                     raise UnauthorizedException( |                     raise UnauthorizedException( | ||||||
|                         "Not an HTTP digest authorization") |                         "Not an HTTP digest authorization") | ||||||
|                     self.__authenticate(g.digest_auth_state) |                 self.__authenticate(request._digest_auth_state) | ||||||
|                     user = login_manager.user_callback( |                 user = login_manager.user_callback(authorization.username) | ||||||
|                         authorization.username) |  | ||||||
|                 login_user(user) |                 login_user(user) | ||||||
|                 self.__on_login(user) |                 self.__on_login(user) | ||||||
|                 return user |                 return user | ||||||
| @@ -379,7 +401,7 @@ class DigestAuth: | |||||||
|         This actually causes the next authentication to fail, which forces |         This actually causes the next authentication to fail, which forces | ||||||
|         the browser to ask the user for the username and password again. |         the browser to ask the user for the username and password again. | ||||||
|  |  | ||||||
|         For example: |         :Example: | ||||||
|  |  | ||||||
|         :: |         :: | ||||||
|  |  | ||||||
| @@ -394,7 +416,7 @@ class DigestAuth: | |||||||
|         if "user" in session: |         if "user" in session: | ||||||
|             del session["user"] |             del session["user"] | ||||||
|         try: |         try: | ||||||
|             if hasattr(self.app, "login_manager"): |             if hasattr(current_app, "login_manager"): | ||||||
|                 from flask_login import logout_user |                 from flask_login import logout_user | ||||||
|                 logout_user() |                 logout_user() | ||||||
|         except ModuleNotFoundError: |         except ModuleNotFoundError: | ||||||
| @@ -403,24 +425,33 @@ class DigestAuth: | |||||||
|  |  | ||||||
|  |  | ||||||
| class AuthState: | class AuthState: | ||||||
|     """The authorization state.""" |     """The authentication state.  It keeps the status in the earlier | ||||||
|  |     authentication stage, so that the latter response stage knows how to | ||||||
|  |     response. | ||||||
|  |     """ | ||||||
|  |  | ||||||
|     def __init__(self): |     def __init__(self): | ||||||
|         """Constructs the authorization state.""" |         """Constructs the authorization state.""" | ||||||
|         self.opaque: t.Optional[str] = None |         self.opaque: Optional[str] = None | ||||||
|         self.stale: t.Optional[bool] = None |         """The opaque value specified by the client, if valid.""" | ||||||
|  |         self.stale: Optional[bool] = None | ||||||
|  |         """The stale value, if there is a previous log in attempt.""" | ||||||
|  |  | ||||||
|  |  | ||||||
| class UnauthorizedException(Exception): | class UnauthorizedException(Exception): | ||||||
|     """The exception thrown when the authentication is failed.""" |     """The exception thrown when the authentication fails.""" | ||||||
|     pass |  | ||||||
|  |  | ||||||
|  |  | ||||||
| class BasePasswordHashGetter: | class BasePasswordHashGetter: | ||||||
|     """The base password hash getter.""" |     """The base callback that given the username, returns the password hash, | ||||||
|  |     or None if the user does not exist.  The default is to raise an | ||||||
|  |     :class:`UnboundLocalError` if the callback is not registered yet. | ||||||
|  |  | ||||||
|  |     See :meth:`flask_digest_auth.auth.DigestAuth.register_get_password` | ||||||
|  |     """ | ||||||
|  |  | ||||||
|     @staticmethod |     @staticmethod | ||||||
|     def __call__(username: str) -> t.Optional[str]: |     def __call__(username: str) -> Optional[str]: | ||||||
|         """Returns the password hash of a user. |         """Returns the password hash of a user. | ||||||
|  |  | ||||||
|         :param username: The username. |         :param username: The username. | ||||||
| @@ -433,10 +464,15 @@ class BasePasswordHashGetter: | |||||||
|  |  | ||||||
|  |  | ||||||
| class BaseUserGetter: | class BaseUserGetter: | ||||||
|     """The base user getter.""" |     """The base callback that given the username, returns the user, or None if | ||||||
|  |     the user does not exist.  The default is to raise an | ||||||
|  |     :class:`UnboundLocalError` if the callback is not registered yet. | ||||||
|  |  | ||||||
|  |     See :meth:`flask_digest_auth.auth.DigestAuth.register_get_user` | ||||||
|  |     """ | ||||||
|  |  | ||||||
|     @staticmethod |     @staticmethod | ||||||
|     def __call__(username: str) -> t.Optional[t.Any]: |     def __call__(username: str) -> Optional[Any]: | ||||||
|         """Returns a user. |         """Returns a user. | ||||||
|  |  | ||||||
|         :param username: The username. |         :param username: The username. | ||||||
| @@ -449,10 +485,14 @@ class BaseUserGetter: | |||||||
|  |  | ||||||
|  |  | ||||||
| class BaseOnLogInCallback: | class BaseOnLogInCallback: | ||||||
|     """The base callback when the user logs in.""" |     """The base callback to run when the user logs in, given the logged-in | ||||||
|  |     user.  The default does nothing. | ||||||
|  |  | ||||||
|  |     See :meth:`flask_digest_auth.auth.DigestAuth.register_on_login` | ||||||
|  |     """ | ||||||
|  |  | ||||||
|     @staticmethod |     @staticmethod | ||||||
|     def __call__(user: t.Any) -> None: |     def __call__(user: Any) -> None: | ||||||
|         """Runs the callback when the user logs in. |         """Runs the callback when the user logs in. | ||||||
|  |  | ||||||
|         :param user: The logged-in user. |         :param user: The logged-in user. | ||||||
|   | |||||||
| @@ -18,11 +18,12 @@ | |||||||
| """The test client with HTTP digest authentication enabled. | """The test client with HTTP digest authentication enabled. | ||||||
|  |  | ||||||
| """ | """ | ||||||
| import typing as t |  | ||||||
| from secrets import token_urlsafe | from secrets import token_urlsafe | ||||||
|  | from typing import Optional, Literal, Tuple, Dict | ||||||
|  |  | ||||||
| from flask import g | from flask import g | ||||||
| from werkzeug.datastructures import Authorization, WWWAuthenticate | from werkzeug.datastructures import Authorization, WWWAuthenticate | ||||||
|  | from werkzeug.http import parse_set_header | ||||||
| from werkzeug.test import TestResponse, Client as WerkzeugClient | from werkzeug.test import TestResponse, Client as WerkzeugClient | ||||||
|  |  | ||||||
| from flask_digest_auth.algo import calc_response, make_password_hash | from flask_digest_auth.algo import calc_response, make_password_hash | ||||||
| @@ -31,7 +32,9 @@ from flask_digest_auth.algo import calc_response, make_password_hash | |||||||
| class Client(WerkzeugClient): | class Client(WerkzeugClient): | ||||||
|     """The test client with HTTP digest authentication enabled. |     """The test client with HTTP digest authentication enabled. | ||||||
|  |  | ||||||
|     For unittest example: |     :Example: | ||||||
|  |  | ||||||
|  |     For unittest_: | ||||||
|  |  | ||||||
|     :: |     :: | ||||||
|  |  | ||||||
| @@ -49,10 +52,10 @@ class Client(WerkzeugClient): | |||||||
|                 response = self.client.get("/admin") |                 response = self.client.get("/admin") | ||||||
|                 self.assertEqual(response.status_code, 401) |                 self.assertEqual(response.status_code, 401) | ||||||
|                 response = self.client.get( |                 response = self.client.get( | ||||||
|                     "/admin", digest_auth=("my_name", "my_pass")) |                     "/admin", digest_auth=(USERNAME, PASSWORD)) | ||||||
|                 self.assertEqual(response.status_code, 200) |                 self.assertEqual(response.status_code, 200) | ||||||
|  |  | ||||||
|     For pytest example: |     For pytest_: | ||||||
|  |  | ||||||
|     :: |     :: | ||||||
|  |  | ||||||
| @@ -71,19 +74,22 @@ class Client(WerkzeugClient): | |||||||
|  |  | ||||||
|         def test_admin(app: Flask, client: Client): |         def test_admin(app: Flask, client: Client): | ||||||
|             with app.app_context(): |             with app.app_context(): | ||||||
|                 response = self.client.get("/admin") |                 response = client.get("/admin") | ||||||
|                 assert response.status_code == 401 |                 assert response.status_code == 401 | ||||||
|                 response = self.client.get( |                 response = client.get( | ||||||
|                     "/admin", digest_auth=("my_name", "my_pass")) |                     "/admin", digest_auth=(USERNAME, PASSWORD)) | ||||||
|                 assert response.status_code == 200 |                 assert response.status_code == 200 | ||||||
|  |  | ||||||
|  |     .. _unittest: https://docs.python.org/3/library/unittest.html | ||||||
|  |     .. _pytest: https://pytest.org | ||||||
|     """ |     """ | ||||||
|  |  | ||||||
|     def open(self, *args, digest_auth: t.Optional[t.Tuple[str, str]] = None, |     def open(self, *args, digest_auth: Optional[Tuple[str, str]] = None, | ||||||
|              **kwargs) -> TestResponse: |              **kwargs) -> TestResponse: | ||||||
|         """Opens a request. |         """Opens a request. | ||||||
|  |  | ||||||
|         :param args: The arguments. |         :param args: The arguments. | ||||||
|         :param digest_auth: A tuple of the username and password for the HTTP |         :param digest_auth: The (*username*, *password*) tuple for the HTTP | ||||||
|             digest authentication. |             digest authentication. | ||||||
|         :param kwargs: The keyword arguments. |         :param kwargs: The keyword arguments. | ||||||
|         :return: The response. |         :return: The response. | ||||||
| @@ -112,14 +118,14 @@ class Client(WerkzeugClient): | |||||||
|         :param password: The password. |         :param password: The password. | ||||||
|         :return: The request authorization. |         :return: The request authorization. | ||||||
|         """ |         """ | ||||||
|         qop: t.Optional[t.Literal["auth", "auth-int"]] = None |         qop: Optional[Literal["auth", "auth-int"]] = None | ||||||
|         if www_authenticate.qop is not None and "auth" in www_authenticate.qop: |         if "auth" in parse_set_header(www_authenticate.get("qop")): | ||||||
|             qop = "auth" |             qop = "auth" | ||||||
|  |  | ||||||
|         cnonce: t.Optional[str] = None |         cnonce: Optional[str] = None | ||||||
|         if qop is not None or www_authenticate.algorithm == "MD5-sess": |         if qop is not None or www_authenticate.algorithm == "MD5-sess": | ||||||
|             cnonce = token_urlsafe(8) |             cnonce = token_urlsafe(8) | ||||||
|         nc: t.Optional[str] = None |         nc: Optional[str] = None | ||||||
|         count: int = 1 |         count: int = 1 | ||||||
|         if qop is not None: |         if qop is not None: | ||||||
|             nc: str = hex(count)[2:].zfill(8) |             nc: str = hex(count)[2:].zfill(8) | ||||||
| @@ -132,7 +138,7 @@ class Client(WerkzeugClient): | |||||||
|             algorithm=www_authenticate.algorithm, cnonce=cnonce, nc=nc, |             algorithm=www_authenticate.algorithm, cnonce=cnonce, nc=nc, | ||||||
|             body=None) |             body=None) | ||||||
|  |  | ||||||
|         data: t.Dict[str, str] = { |         data: Dict[str, str] = { | ||||||
|             "username": username, "realm": www_authenticate.realm, |             "username": username, "realm": www_authenticate.realm, | ||||||
|             "nonce": www_authenticate.nonce, "uri": uri, "response": expected} |             "nonce": www_authenticate.nonce, "uri": uri, "response": expected} | ||||||
|         if www_authenticate.algorithm is not None: |         if www_authenticate.algorithm is not None: | ||||||
|   | |||||||
| @@ -18,8 +18,8 @@ | |||||||
| """The test case for the HTTP digest authentication algorithm. | """The test case for the HTTP digest authentication algorithm. | ||||||
|  |  | ||||||
| """ | """ | ||||||
| import typing as t |  | ||||||
| import unittest | import unittest | ||||||
|  | from typing import Optional, Literal | ||||||
|  |  | ||||||
| from flask_digest_auth import make_password_hash, calc_response | from flask_digest_auth import make_password_hash, calc_response | ||||||
|  |  | ||||||
| @@ -39,11 +39,11 @@ class AlgorithmTestCase(unittest.TestCase): | |||||||
|         method: str = "GET" |         method: str = "GET" | ||||||
|         uri: str = "/dir/index.html" |         uri: str = "/dir/index.html" | ||||||
|         nonce: str = "dcd98b7102dd2f0e8b11d0f600bfb0c093" |         nonce: str = "dcd98b7102dd2f0e8b11d0f600bfb0c093" | ||||||
|         qop: t.Optional[t.Literal["auth", "auth-int"]] = "auth" |         qop: Optional[Literal["auth", "auth-int"]] = "auth" | ||||||
|         algorithm: t.Optional[t.Literal["MD5", "MD5-sess"]] = None |         algorithm: Optional[Literal["MD5", "MD5-sess"]] = None | ||||||
|         cnonce: t.Optional[str] = "0a4f113b" |         cnonce: Optional[str] = "0a4f113b" | ||||||
|         nc: t.Optional[str] = "00000001" |         nc: Optional[str] = "00000001" | ||||||
|         body: t.Optional[bytes] = None |         body: Optional[bytes] = None | ||||||
|  |  | ||||||
|         password_hash: str = make_password_hash(realm, username, password) |         password_hash: str = make_password_hash(realm, username, password) | ||||||
|         response: str = calc_response(method, uri, password_hash, nonce, qop, |         response: str = calc_response(method, uri, password_hash, nonce, qop, | ||||||
|   | |||||||
| @@ -1,7 +1,7 @@ | |||||||
| # The Flask HTTP Digest Authentication Project. | # The Flask HTTP Digest Authentication Project. | ||||||
| # Author: imacat@mail.imacat.idv.tw (imacat), 2022/10/22 | # Author: imacat@mail.imacat.idv.tw (imacat), 2022/10/22 | ||||||
|  |  | ||||||
| #  Copyright (c) 2022 imacat. | #  Copyright (c) 2022-2023 imacat. | ||||||
| # | # | ||||||
| #  Licensed under the Apache License, Version 2.0 (the "License"); | #  Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
| #  you may not use this file except in compliance with the License. | #  you may not use this file except in compliance with the License. | ||||||
| @@ -18,8 +18,8 @@ | |||||||
| """The test case for the HTTP digest authentication. | """The test case for the HTTP digest authentication. | ||||||
|  |  | ||||||
| """ | """ | ||||||
| import typing as t |  | ||||||
| from secrets import token_urlsafe | from secrets import token_urlsafe | ||||||
|  | from typing import Any, Optional, Dict | ||||||
|  |  | ||||||
| from flask import Response, Flask, g, redirect, request | from flask import Response, Flask, g, redirect, request | ||||||
| from flask_testing import TestCase | from flask_testing import TestCase | ||||||
| @@ -57,18 +57,19 @@ class AuthenticationTestCase(TestCase): | |||||||
|         """ |         """ | ||||||
|         app: Flask = Flask(__name__) |         app: Flask = Flask(__name__) | ||||||
|         app.config.from_mapping({ |         app.config.from_mapping({ | ||||||
|  |             "TESTING": True, | ||||||
|             "SECRET_KEY": token_urlsafe(32), |             "SECRET_KEY": token_urlsafe(32), | ||||||
|             "TESTING": True |             "DIGEST_AUTH_REALM": _REALM, | ||||||
|         }) |         }) | ||||||
|         app.test_client_class = Client |         app.test_client_class = Client | ||||||
|  |  | ||||||
|         auth: DigestAuth = DigestAuth(realm=_REALM) |         auth: DigestAuth = DigestAuth() | ||||||
|         auth.init_app(app) |         auth.init_app(app) | ||||||
|         self.user: User = User(_USERNAME, _PASSWORD) |         self.user: User = User(_USERNAME, _PASSWORD) | ||||||
|         user_db: t.Dict[str, User] = {_USERNAME: self.user} |         user_db: Dict[str, User] = {_USERNAME: self.user} | ||||||
|  |  | ||||||
|         @auth.register_get_password |         @auth.register_get_password | ||||||
|         def get_password_hash(username: str) -> t.Optional[str]: |         def get_password_hash(username: str) -> Optional[str]: | ||||||
|             """Returns the password hash of a user. |             """Returns the password hash of a user. | ||||||
|  |  | ||||||
|             :param username: The username. |             :param username: The username. | ||||||
| @@ -78,7 +79,7 @@ class AuthenticationTestCase(TestCase): | |||||||
|                 else None |                 else None | ||||||
|  |  | ||||||
|         @auth.register_get_user |         @auth.register_get_user | ||||||
|         def get_user(username: str) -> t.Optional[t.Any]: |         def get_user(username: str) -> Optional[Any]: | ||||||
|             """Returns a user. |             """Returns a user. | ||||||
|  |  | ||||||
|             :param username: The username. |             :param username: The username. | ||||||
| @@ -157,7 +158,7 @@ class AuthenticationTestCase(TestCase): | |||||||
|         self.assertEqual(response.status_code, 401) |         self.assertEqual(response.status_code, 401) | ||||||
|         www_authenticate = response.www_authenticate |         www_authenticate = response.www_authenticate | ||||||
|         self.assertEqual(www_authenticate.type, "digest") |         self.assertEqual(www_authenticate.type, "digest") | ||||||
|         self.assertEqual(www_authenticate.stale, None) |         self.assertIsNone(www_authenticate.get("stale")) | ||||||
|         opaque: str = www_authenticate.opaque |         opaque: str = www_authenticate.opaque | ||||||
|  |  | ||||||
|         www_authenticate.nonce = "bad" |         www_authenticate.nonce = "bad" | ||||||
| @@ -166,7 +167,7 @@ class AuthenticationTestCase(TestCase): | |||||||
|         response = super(Client, self.client).get(admin_uri, auth=auth_data) |         response = super(Client, self.client).get(admin_uri, auth=auth_data) | ||||||
|         self.assertEqual(response.status_code, 401) |         self.assertEqual(response.status_code, 401) | ||||||
|         www_authenticate = response.www_authenticate |         www_authenticate = response.www_authenticate | ||||||
|         self.assertEqual(www_authenticate.stale, True) |         self.assertEqual(www_authenticate.get("stale"), "TRUE") | ||||||
|         self.assertEqual(www_authenticate.opaque, opaque) |         self.assertEqual(www_authenticate.opaque, opaque) | ||||||
|  |  | ||||||
|         auth_data = Client.make_authorization( |         auth_data = Client.make_authorization( | ||||||
| @@ -174,7 +175,7 @@ class AuthenticationTestCase(TestCase): | |||||||
|         response = super(Client, self.client).get(admin_uri, auth=auth_data) |         response = super(Client, self.client).get(admin_uri, auth=auth_data) | ||||||
|         self.assertEqual(response.status_code, 401) |         self.assertEqual(response.status_code, 401) | ||||||
|         www_authenticate = response.www_authenticate |         www_authenticate = response.www_authenticate | ||||||
|         self.assertEqual(www_authenticate.stale, False) |         self.assertEqual(www_authenticate.get("stale"), "FALSE") | ||||||
|         self.assertEqual(www_authenticate.opaque, opaque) |         self.assertEqual(www_authenticate.opaque, opaque) | ||||||
|  |  | ||||||
|         auth_data = Client.make_authorization( |         auth_data = Client.make_authorization( | ||||||
|   | |||||||
| @@ -1,7 +1,7 @@ | |||||||
| # The Flask HTTP Digest Authentication Project. | # The Flask HTTP Digest Authentication Project. | ||||||
| # Author: imacat@mail.imacat.idv.tw (imacat), 2022/11/23 | # Author: imacat@mail.imacat.idv.tw (imacat), 2022/11/23 | ||||||
|  |  | ||||||
| #  Copyright (c) 2022 imacat. | #  Copyright (c) 2022-2023 imacat. | ||||||
| # | # | ||||||
| #  Licensed under the Apache License, Version 2.0 (the "License"); | #  Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
| #  you may not use this file except in compliance with the License. | #  you may not use this file except in compliance with the License. | ||||||
| @@ -18,8 +18,8 @@ | |||||||
| """The test case for the Flask-Login integration. | """The test case for the Flask-Login integration. | ||||||
|  |  | ||||||
| """ | """ | ||||||
| import typing as t |  | ||||||
| from secrets import token_urlsafe | from secrets import token_urlsafe | ||||||
|  | from typing import Optional, Dict | ||||||
|  |  | ||||||
| from flask import Response, Flask, g, redirect, request | from flask import Response, Flask, g, redirect, request | ||||||
| from flask_testing import TestCase | from flask_testing import TestCase | ||||||
| @@ -45,7 +45,6 @@ class User: | |||||||
|         self.password_hash: str = make_password_hash( |         self.password_hash: str = make_password_hash( | ||||||
|             _REALM, username, password) |             _REALM, username, password) | ||||||
|         self.visits: int = 0 |         self.visits: int = 0 | ||||||
|         self.is_authenticated: bool = True |  | ||||||
|         self.is_active: bool = True |         self.is_active: bool = True | ||||||
|         self.is_anonymous: bool = False |         self.is_anonymous: bool = False | ||||||
|  |  | ||||||
| @@ -57,6 +56,16 @@ class User: | |||||||
|         """ |         """ | ||||||
|         return self.username |         return self.username | ||||||
|  |  | ||||||
|  |     @property | ||||||
|  |     def is_authenticated(self) -> bool: | ||||||
|  |         """Returns whether the user is authenticated. | ||||||
|  |         This is required by Flask-Login. | ||||||
|  |         This should return self.is_active. | ||||||
|  |  | ||||||
|  |         :return: True if the user is active, or False otherwise. | ||||||
|  |         """ | ||||||
|  |         return self.is_active | ||||||
|  |  | ||||||
|  |  | ||||||
| class FlaskLoginTestCase(TestCase): | class FlaskLoginTestCase(TestCase): | ||||||
|     """The test case with the Flask-Login integration.""" |     """The test case with the Flask-Login integration.""" | ||||||
| @@ -68,8 +77,9 @@ class FlaskLoginTestCase(TestCase): | |||||||
|         """ |         """ | ||||||
|         app: Flask = Flask(__name__) |         app: Flask = Flask(__name__) | ||||||
|         app.config.from_mapping({ |         app.config.from_mapping({ | ||||||
|  |             "TESTING": True, | ||||||
|             "SECRET_KEY": token_urlsafe(32), |             "SECRET_KEY": token_urlsafe(32), | ||||||
|             "TESTING": True |             "DIGEST_AUTH_REALM": _REALM, | ||||||
|         }) |         }) | ||||||
|         app.test_client_class = Client |         app.test_client_class = Client | ||||||
|  |  | ||||||
| @@ -83,14 +93,14 @@ class FlaskLoginTestCase(TestCase): | |||||||
|         login_manager: flask_login.LoginManager = flask_login.LoginManager() |         login_manager: flask_login.LoginManager = flask_login.LoginManager() | ||||||
|         login_manager.init_app(app) |         login_manager.init_app(app) | ||||||
|  |  | ||||||
|         auth: DigestAuth = DigestAuth(realm=_REALM) |         auth: DigestAuth = DigestAuth() | ||||||
|         auth.init_app(app) |         auth.init_app(app) | ||||||
|  |  | ||||||
|         self.user: User = User(_USERNAME, _PASSWORD) |         self.user: User = User(_USERNAME, _PASSWORD) | ||||||
|         user_db: t.Dict[str, User] = {_USERNAME: self.user} |         user_db: Dict[str, User] = {_USERNAME: self.user} | ||||||
|  |  | ||||||
|         @auth.register_get_password |         @auth.register_get_password | ||||||
|         def get_password_hash(username: str) -> t.Optional[str]: |         def get_password_hash(username: str) -> Optional[str]: | ||||||
|             """Returns the password hash of a user. |             """Returns the password hash of a user. | ||||||
|  |  | ||||||
|             :param username: The username. |             :param username: The username. | ||||||
| @@ -109,7 +119,7 @@ class FlaskLoginTestCase(TestCase): | |||||||
|             user.visits = user.visits + 1 |             user.visits = user.visits + 1 | ||||||
|  |  | ||||||
|         @login_manager.user_loader |         @login_manager.user_loader | ||||||
|         def load_user(user_id: str) -> t.Optional[User]: |         def load_user(user_id: str) -> Optional[User]: | ||||||
|             """Loads a user. |             """Loads a user. | ||||||
|  |  | ||||||
|             :param user_id: The username. |             :param user_id: The username. | ||||||
| @@ -185,7 +195,7 @@ class FlaskLoginTestCase(TestCase): | |||||||
|         self.assertEqual(response.status_code, 401) |         self.assertEqual(response.status_code, 401) | ||||||
|         www_authenticate = response.www_authenticate |         www_authenticate = response.www_authenticate | ||||||
|         self.assertEqual(www_authenticate.type, "digest") |         self.assertEqual(www_authenticate.type, "digest") | ||||||
|         self.assertEqual(www_authenticate.stale, None) |         self.assertIsNone(www_authenticate.get("stale")) | ||||||
|         opaque: str = www_authenticate.opaque |         opaque: str = www_authenticate.opaque | ||||||
|  |  | ||||||
|         if hasattr(g, "_login_user"): |         if hasattr(g, "_login_user"): | ||||||
| @@ -196,7 +206,7 @@ class FlaskLoginTestCase(TestCase): | |||||||
|         response = super(Client, self.client).get(admin_uri, auth=auth_data) |         response = super(Client, self.client).get(admin_uri, auth=auth_data) | ||||||
|         self.assertEqual(response.status_code, 401) |         self.assertEqual(response.status_code, 401) | ||||||
|         www_authenticate = response.www_authenticate |         www_authenticate = response.www_authenticate | ||||||
|         self.assertEqual(www_authenticate.stale, True) |         self.assertEqual(www_authenticate.get("stale"), "TRUE") | ||||||
|         self.assertEqual(www_authenticate.opaque, opaque) |         self.assertEqual(www_authenticate.opaque, opaque) | ||||||
|  |  | ||||||
|         if hasattr(g, "_login_user"): |         if hasattr(g, "_login_user"): | ||||||
| @@ -206,7 +216,7 @@ class FlaskLoginTestCase(TestCase): | |||||||
|         response = super(Client, self.client).get(admin_uri, auth=auth_data) |         response = super(Client, self.client).get(admin_uri, auth=auth_data) | ||||||
|         self.assertEqual(response.status_code, 401) |         self.assertEqual(response.status_code, 401) | ||||||
|         www_authenticate = response.www_authenticate |         www_authenticate = response.www_authenticate | ||||||
|         self.assertEqual(www_authenticate.stale, False) |         self.assertEqual(www_authenticate.get("stale"), "FALSE") | ||||||
|         self.assertEqual(www_authenticate.opaque, opaque) |         self.assertEqual(www_authenticate.opaque, opaque) | ||||||
|  |  | ||||||
|         if hasattr(g, "_login_user"): |         if hasattr(g, "_login_user"): | ||||||
| @@ -256,3 +266,34 @@ class FlaskLoginTestCase(TestCase): | |||||||
|         response = self.client.get(admin_uri) |         response = self.client.get(admin_uri) | ||||||
|         self.assertEqual(response.status_code, 200) |         self.assertEqual(response.status_code, 200) | ||||||
|         self.assertEqual(self.user.visits, 2) |         self.assertEqual(self.user.visits, 2) | ||||||
|  |  | ||||||
|  |     def test_disabled(self) -> None: | ||||||
|  |         """Tests the disabled user. | ||||||
|  |  | ||||||
|  |         :return: None. | ||||||
|  |         """ | ||||||
|  |         if not self.has_flask_login: | ||||||
|  |             self.skipTest("Skipped without Flask-Login.") | ||||||
|  |  | ||||||
|  |         response: Response | ||||||
|  |  | ||||||
|  |         self.user.is_active = False | ||||||
|  |         response = self.client.get(self.app.url_for("admin-1")) | ||||||
|  |         self.assertEqual(response.status_code, 401) | ||||||
|  |         response = self.client.get(self.app.url_for("admin-1"), | ||||||
|  |                                    digest_auth=(_USERNAME, _PASSWORD)) | ||||||
|  |         self.assertEqual(response.status_code, 401) | ||||||
|  |  | ||||||
|  |         self.user.is_active = True | ||||||
|  |         response = self.client.get(self.app.url_for("admin-1"), | ||||||
|  |                                    digest_auth=(_USERNAME, _PASSWORD)) | ||||||
|  |         self.assertEqual(response.status_code, 200) | ||||||
|  |         response = self.client.get(self.app.url_for("admin-1")) | ||||||
|  |         self.assertEqual(response.status_code, 200) | ||||||
|  |  | ||||||
|  |         self.user.is_active = False | ||||||
|  |         response = self.client.get(self.app.url_for("admin-1")) | ||||||
|  |         self.assertEqual(response.status_code, 401) | ||||||
|  |         response = self.client.get(self.app.url_for("admin-1"), | ||||||
|  |                                    digest_auth=(_USERNAME, _PASSWORD)) | ||||||
|  |         self.assertEqual(response.status_code, 401) | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user