Updated the Sphinx version that is used to create the document template.

docs/make.bat

@@ -10,8 +10,6 @@ if "%SPHINXBUILD%" == "" (
 set SOURCEDIR=source
 set BUILDDIR=build
 
-if "%1" == "" goto help
-
 %SPHINXBUILD% >NUL 2>NUL
 if errorlevel 9009 (
 	echo.
@@ -21,10 +19,12 @@ if errorlevel 9009 (
 	echo.may add the Sphinx directory to PATH.
 	echo.
 	echo.If you don't have Sphinx installed, grab it from
-	echo.http://sphinx-doc.org/
+	echo.https://www.sphinx-doc.org/
 	exit /b 1
 )
 
+if "%1" == "" goto help
+
 %SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
 goto end
 

docs/source/conf.py

@@ -1,59 +1,32 @@
 # Configuration file for the Sphinx documentation builder.
 #
-# This file only contains a selection of the most common options. For a full
-# list see the documentation:
+# For the full list of built-in configuration values, see the documentation:
 # https://www.sphinx-doc.org/en/master/usage/configuration.html
 import os
-# -- Path setup --------------------------------------------------------------
-
-# If extensions (or modules to document with autodoc) are in another directory,
-# add these directories to sys.path here. If the directory is relative to the
-# documentation root, use os.path.abspath to make it absolute, like shown here.
-#
 import sys
 
 sys.path.insert(0, os.path.abspath('../../src/'))
 
-
 # -- Project information -----------------------------------------------------
+# https://www.sphinx-doc.org/en/master/usage/configuration.html#project-information
 
 project = 'Flask-Digest-Auth'
 copyright = '2022, imacat'
 author = 'imacat'
-
-# The full version, including alpha/beta/rc tags
-release = '0.2.4'
-
+release = '0.3.0'
 
 # -- General configuration ---------------------------------------------------
+# https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration
 
-# Add any Sphinx extension module names here, as strings. They can be
-# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
-# ones.
-extensions = [
-    "sphinx.ext.autodoc"
-]
+extensions = ["sphinx.ext.autodoc"]
 
-# Add any paths that contain templates here, relative to this directory.
 templates_path = ['_templates']
-
-# List of patterns, relative to source directory, that match files and
-# directories to ignore when looking for source files.
-# This pattern also affects html_static_path and html_extra_path.
 exclude_patterns = []
 
 
+
 # -- Options for HTML output -------------------------------------------------
+# https://www.sphinx-doc.org/en/master/usage/configuration.html#options-for-html-output
 
-# The theme to use for HTML and HTML Help pages.  See the documentation for
-# a list of builtin themes.
-#
 html_theme = 'sphinx_rtd_theme'
-
-# Add any paths that contain custom static files (such as style sheets) here,
-# relative to this directory. They are copied after the builtin static files,
-# so a file named "default.css" will overwrite the builtin "default.css".
 html_static_path = ['_static']
-
-# For readthedocs.io to work properly.
-master_doc = 'index'

docs/source/index.rst

@@ -1,5 +1,5 @@
-.. flask-digest-auth documentation master file, created by
-   sphinx-quickstart on Tue Dec  6 15:15:08 2022.
+.. Flask-Digest-Auth documentation master file, created by
+   sphinx-quickstart on Wed Dec  7 09:40:48 2022.
    You can adapt this file completely to your liking, but it should at least
    contain the root `toctree` directive.
 

setup.cfg

@@ -17,7 +17,7 @@
 
 [metadata]
 name = flask-digest-auth
-version = 0.2.4
+version = 0.3.0
 author = imacat
 author_email = imacat@mail.imacat.idv.tw
 description = The Flask HTTP Digest Authentication project.

src/flask_digest_auth/algo.py

@@ -28,7 +28,7 @@ def make_password_hash(realm: str, username: str, password: str) -> str:
     """Calculates the password hash for the HTTP digest authentication.
     Use this function to set the password for the user.
 
-    For example:
+    :Example:
 
     ::
 
@@ -54,7 +54,7 @@ def calc_response(
     :param uri: The request URI.
     :param password_hash: The password hash for the HTTP digest authentication.
     :param nonce: The nonce.
-    :param qop: the quality of protection, either ``auth`` or ``auth-int``.
+    :param qop: The quality of protection, either ``auth`` or ``auth-int``.
     :param algorithm: The algorithm, either ``MD5`` or ``MD5-sess``.
     :param cnonce: The client nonce, which must exists when qop exists or
         algorithm is ``MD5-sess``.

src/flask_digest_auth/auth.py

@@ -41,27 +41,41 @@ class DigestAuth:
 
         :param realm: The realm.
         """
-        self.secret_key: str = token_urlsafe(32)
-        self.serializer: URLSafeTimedSerializer \
-            = URLSafeTimedSerializer(self.secret_key)
+        self.__serializer: URLSafeTimedSerializer \
+            = URLSafeTimedSerializer(token_urlsafe(32))
+        """The serializer to generate and validate the nonce and opaque."""
         self.realm: str = "" if realm is None else realm
-        self.algorithm: t.Optional[str] = None
+        """The realm.  Default is an empty string."""
+        self.algorithm: t.Optional[t.Literal["MD5", "MD5-sess"]] = None
+        """The algorithm, either None, ``MD5``, or ``MD5-sess``.  Default is
+        None."""
         self.use_opaque: bool = True
-        self.domain: t.List[str] = []
-        self.qop: t.List[str] = ["auth", "auth-int"]
+        """Whether to use an opaque.  Default is True."""
+        self.__domain: t.List[str] = []
+        """A list of directories that this username and password applies to.
+        Default is empty."""
+        self.__qop: t.List[t.Literal["auth", "auth-int"]] \
+            = ["auth", "auth-int"]
+        """A list of supported quality of protection supported, either
+        ``qop``, ``auth-int``, both, or empty.  Default is both."""
         self.app: t.Optional[Flask] = None
+        """The current Flask application."""
         self.__get_password_hash: BasePasswordHashGetter \
             = BasePasswordHashGetter()
+        """The callback to return the password hash."""
         self.__get_user: BaseUserGetter = BaseUserGetter()
+        """The callback to return the user."""
         self.__on_login: BaseOnLogInCallback = BaseOnLogInCallback()
+        """The callback to run when the user logs in."""
 
     def login_required(self, view) -> t.Callable:
         """The view decorator for HTTP digest authentication.
 
-        For example:
+        :Example:
 
         ::
 
+            @app.get("/admin")
             @auth.login_required
             def admin():
                 return f"Hello, {g.user.username}!"
@@ -152,7 +166,7 @@ class DigestAuth:
                 raise UnauthorizedException(
                     "Missing \"opaque\" in the Authorization header")
             try:
-                self.serializer.loads(
+                self.__serializer.loads(
                     authorization.opaque, salt="opaque", max_age=1800)
             except BadData:
                 raise UnauthorizedException("Invalid opaque")
@@ -173,7 +187,7 @@ class DigestAuth:
             state.stale = False
             raise UnauthorizedException("Incorrect response value")
         try:
-            self.serializer.loads(
+            self.__serializer.loads(
                 authorization.nonce,
                 salt="nonce" if authorization.opaque is None
                 else f"nonce-{authorization.opaque}")
@@ -197,16 +211,16 @@ class DigestAuth:
                 return None
             if state.opaque is not None:
                 return state.opaque
-            return self.serializer.dumps(randbits(32), salt="opaque")
+            return self.__serializer.dumps(randbits(32), salt="opaque")
 
         opaque: t.Optional[str] = get_opaque()
-        nonce: str = self.serializer.dumps(
+        nonce: str = self.__serializer.dumps(
             randbits(32),
             salt="nonce" if opaque is None else f"nonce-{opaque}")
 
         header: str = f"Digest realm=\"{self.realm}\""
-        if len(self.domain) > 0:
-            domain_list: str = ",".join(self.domain)
+        if len(self.__domain) > 0:
+            domain_list: str = ",".join(self.__domain)
             header += f", domain=\"{domain_list}\""
         header += f", nonce=\"{nonce}\""
         if opaque is not None:
@@ -215,8 +229,8 @@ class DigestAuth:
             header += f", stale=TRUE" if state.stale else f", stale=FALSE"
         if self.algorithm is not None:
             header += f", algorithm=\"{self.algorithm}\""
-        if len(self.qop) > 0:
-            qop_list: str = ",".join(self.qop)
+        if len(self.__qop) > 0:
+            qop_list: str = ",".join(self.__qop)
             header += f", qop=\"{qop_list}\""
         return header
 
@@ -224,7 +238,7 @@ class DigestAuth:
             -> None:
         """The decorator to register the callback to obtain the password hash.
 
-        For example:
+        :Example:
 
         ::
 
@@ -256,7 +270,7 @@ class DigestAuth:
             -> None:
         """The decorator to register the callback to obtain the user.
 
-        For example:
+        :Example:
 
         ::
 
@@ -286,7 +300,7 @@ class DigestAuth:
     def register_on_login(self, func: t.Callable[[t.Any], None]) -> None:
         """The decorator to register the callback to run when the user logs in.
 
-        For example:
+        :Example:
 
         ::
 
@@ -315,7 +329,7 @@ class DigestAuth:
     def init_app(self, app: Flask) -> None:
         """Initializes the Flask application.
 
-        For example:
+        :Example:
 
         ::
 
@@ -379,7 +393,7 @@ class DigestAuth:
         This actually causes the next authentication to fail, which forces
         the browser to ask the user for the username and password again.
 
-        For example:
+        :Example:
 
         ::
 

src/flask_digest_auth/test.py

@@ -31,7 +31,9 @@ from flask_digest_auth.algo import calc_response, make_password_hash
 class Client(WerkzeugClient):
     """The test client with HTTP digest authentication enabled.
 
-    For unittest example:
+    :Example:
+
+    For unittest_:
 
     ::
 
@@ -52,7 +54,7 @@ class Client(WerkzeugClient):
                     "/admin", digest_auth=("my_name", "my_pass"))
                 self.assertEqual(response.status_code, 200)
 
-    For pytest example:
+    For pytest_:
 
     ::
 
@@ -76,12 +78,19 @@ class Client(WerkzeugClient):
                 response = client.get(
                     "/admin", digest_auth=("my_name", "my_pass"))
                 assert response.status_code == 200
+
+    .. _unittest: https://docs.python.org/3/library/unittest.html
+    .. _pytest: https://pytest.org
     """
 
     def open(self, *args, digest_auth: t.Optional[t.Tuple[str, str]] = None,
              **kwargs) -> TestResponse:
         """Opens a request.
 
+        .. warning::
+            This is to override the parent ``open`` method.  You should call
+            the ``get``, ``post``, ``put``, and ``delete`` methods instead.
+
         :param args: The arguments.
         :param digest_auth: A tuple of the username and password for the HTTP
             digest authentication.
@@ -106,6 +115,9 @@ class Client(WerkzeugClient):
                            username: str, password: str) -> Authorization:
         """Composes and returns the request authorization.
 
+        .. warning::
+            This method is not for public.
+
         :param www_authenticate: The ``WWW-Authenticate`` response.
         :param uri: The request URI.
         :param username: The username.