imacat/flask-digestauth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 16 Wiki Activity

Compare commits

base: imacat:v0.4.0
Branches Tags
imacat:main
imacat:v0.7.1 imacat:v0.7.0 imacat:v0.6.2 imacat:v0.6.1 imacat:v0.6.0 imacat:v0.5.0 imacat:v0.4.0 imacat:v0.3.1 imacat:v0.3.0 imacat:v0.2.4 imacat:v0.2.3 imacat:v0.2.2 imacat:v0.2.1 imacat:v0.2.0 imacat:v0.1.1 imacat:v0.1.0
...
compare: imacat:v0.6.2
Branches Tags
imacat:main
imacat:v0.7.1 imacat:v0.7.0 imacat:v0.6.2 imacat:v0.6.1 imacat:v0.6.0 imacat:v0.5.0 imacat:v0.4.0 imacat:v0.3.1 imacat:v0.3.0 imacat:v0.2.4 imacat:v0.2.3 imacat:v0.2.2 imacat:v0.2.1 imacat:v0.2.0 imacat:v0.1.1 imacat:v0.1.0

23 Commits
v0.4.0 ... v0.6.2

Author SHA1 Message Date
依瑪貓
a5188c9aa1 Advanced to version 0.6.2. 2023-06-10 16:26:39 +08:00
imacat
b62b98bd51 Changed the properties of the test cases from public to private. 2023-06-08 17:28:35 +08:00
imacat
877f02fe82 Added missing documentation to the global variables and class and object properties. 2023-06-08 17:20:24 +08:00
依瑪貓
bc888195ad Disabled logging in the AuthenticationTestCase and FlaskLoginTestCase test cases, for clearer test output. 2023-05-03 08:08:51 +08:00
依瑪貓
8e69733cf6 Updated the login_required view decorator of the DigestAuth class, replaced writing to STDERR directly with warning through the Flask logger. 2023-05-03 08:05:28 +08:00
依瑪貓
f04ea7ac18 Advanced to version 0.6.1. 2023-05-03 06:59:27 +08:00
依瑪貓
15ea650ddd Revised the code that handles the "qop" and "stale" parameters of the "WWW-Authenticate" response HTTP header for the upcoming Werkzeug 2.4. 2023-05-03 06:58:14 +08:00
依瑪貓
5b255b6504 Split the Flask-Login login manager initialization from the init_app method to the __init_login_manager method in the DigestAuth class, to simplify the code. 2023-04-29 11:17:11 +08:00
依瑪貓
919b8d0dc3 Removed the unnecessary f-string in the __make_response_header method of the DigestAuth class. 2023-04-29 10:44:15 +08:00
依瑪貓
604ed0be27 Updated the Python version in the Read the Docs configuration. 2023-04-27 09:09:00 +08:00
依瑪貓
9e0a06bd4c Advanced to version 0.6.0. 2023-04-27 09:08:21 +08:00
依瑪貓
e861cae2e0 Replaced importing the "typing" module as "t" with importing the individual names in the "typing" module. We do not have as many names to import. This is also to be consistent with the practices of most major and standard packages and examples. 2023-04-27 09:08:10 +08:00
依瑪貓
264ba158ee Updated minimal Python version to 3.8. As "typing.Literal" is used from the beginning of the project, it is never compatible with Python 3.7. I suppose it was ignored by Python 3.7 when importing the "typing" package but not the name "Literal" itself for type hints. 2023-04-26 23:30:27 +08:00
依瑪貓
d1fd0c3693 Simplified README.rst. 2023-04-23 22:43:56 +08:00
依瑪貓
bc15a578cb Added the change log. 2023-04-23 22:36:31 +08:00
依瑪貓
cedff68247 Added the "VERSION" constant to the "flask_digest_auth" module for the package version, and revised "pyproject.toml" and "conf.py" to read the version from it. 2023-04-23 22:15:11 +08:00
依瑪貓
769ca7dddd Replaced the requirements.txt in the docs directory with the Read the Docs configuration file. 2023-04-05 23:52:43 +08:00
依瑪貓
33eb81f368 Replaced setup.cfg with pyproject.toml for the package settings, and rewrote the packaging rules in MANIFEST.in. 2023-04-05 23:09:44 +08:00
依瑪貓
5faf51c49b Removed the realm from the example in the documentation of the init_app method of the DigestAuth class. 2023-01-07 15:03:37 +08:00
依瑪貓
d5a8bb3acd Advanced to version 0.5.0. 2023-01-06 00:21:19 +08:00
依瑪貓
27d27127f6 Added the DIGEST_AUTH_REALM configuration variable as the recommended way to set the authentication realm. Changed the default realm from an empty string to "Login Required". 2023-01-06 00:20:40 +08:00
依瑪貓
5ebdea6d0a Reordered the code in the create_app methods of the AuthenticationTestCase and FlaskLoginTestCase test cases. 2023-01-05 22:50:59 +08:00
依瑪貓
ea31bb9579 Revised the coding style in the init_app method of the DigestAuth class. 2023-01-05 22:42:59 +08:00
18 changed files with 406 additions and 526 deletions
Expand all files Collapse all files

40
.readthedocs.yaml Normal file
View File

@ -0,0 +1,40 @@
# The Flask HTTP Digest Authentication Project.
# Author: imacat@mail.imacat.idv.tw (imacat), 2023/4/5
# Copyright (c) 2023 imacat.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# .readthedocs.yaml
# Read the Docs configuration file
# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
# Required
version: 2
# Set the version of Python and other tools you might need
build:
os: ubuntu-22.04
tools:
python: "3.8"
# Build documentation in the docs/ directory with Sphinx
# If using Sphinx, optionally build your docs in additional formats such as PDF
formats: all
# Optionally declare the Python requirements required to build your docs
python:
install:
- method: pip
path: .

9
MANIFEST.in
View File

@ -15,8 +15,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
include docs/*
include docs/source/*
include docs/source/_static/*
include docs/source/_templates/*
include tests/*
recursive-include docs *
recursive-exclude docs/build *
recursive-include tests *
recursive-exclude tests *.pyc

339
README.rst
View File

@ -12,8 +12,6 @@ views.
HTTP Digest Authentication is specified in `RFC 2617`_.
Refer to the full `Flask-DigestAuth readthedocs documentation`_.
Why HTTP Digest Authentication?
-------------------------------
@ -52,338 +50,16 @@ You may also install the latest source from the
pip install git+https://github.com/imacat/flask-digestauth.git
Setting the Password
====================
Documentation
=============
The password hash of the HTTP Digest Authentication is composed of the
realm, the username, and the password. Example for setting the
password:
Refer to the `documentation on Read the Docs`_.
::
from flask_digest_auth import make_password_hash
Change Log
==========
user.password = make_password_hash(realm, username, password)
The username is part of the hash. If the user changes their username,
you need to ask their password, to generate and store the new password
hash.
Flask-DigestAuth Alone
======================
Flask-DigestAuth can authenticate the users alone.
Simple Applications with Flask-DigestAuth Alone
-----------------------------------------------
In your ``my_app.py``:
::
from flask import Flask, request, redirect
from flask_digest_auth import DigestAuth
app: flask = Flask(__name__)
... (Configure the Flask application) ...
auth: DigestAuth = DigestAuth(realm="Admin")
auth.init_app(app)
@auth.register_get_password
def get_password_hash(username: str) -> t.Optional[str]:
... (Load the password hash) ...
@auth.register_get_user
def get_user(username: str) -> t.Optional[t.Any]:
... (Load the user) ...
@app.get("/admin")
@auth.login_required
def admin():
return f"Hello, {g.user.username}!"
@app.post("/logout")
@auth.login_required
def logout():
auth.logout()
return redirect(request.form.get("next"))
Larger Applications with ``create_app()`` with Flask-DigestAuth Alone
---------------------------------------------------------------------
In your ``my_app/__init__.py``:
::
from flask import Flask
from flask_digest_auth import DigestAuth
auth: DigestAuth = DigestAuth()
def create_app(test_config = None) -> Flask:
app: flask = Flask(__name__)
... (Configure the Flask application) ...
auth.realm = app.config["REALM"]
auth.init_app(app)
@auth.register_get_password
def get_password_hash(username: str) -> t.Optional[str]:
... (Load the password hash) ...
@auth.register_get_user
def get_user(username: str) -> t.Optional[t.Any]:
... (Load the user) ...
return app
In your ``my_app/views.py``:
::
from my_app import auth
from flask import Flask, Blueprint, request, redirect
bp = Blueprint("admin", __name__, url_prefix="/admin")
@bp.get("/admin")
@auth.login_required
def admin():
return f"Hello, {g.user.username}!"
@app.post("/logout")
@auth.login_required
def logout():
auth.logout()
return redirect(request.form.get("next"))
def init_app(app: Flask) -> None:
app.register_blueprint(bp)
Flask-Login Integration
=======================
Flask-DigestAuth works with Flask-Login_. You can write a Flask
module that requires log in, without specifying how to log in. The
application can use either HTTP Digest Authentication, or the log in
forms, as needed.
To use Flask-Login with Flask-DigestAuth,
``login_manager.init_app(app)`` must be called before
``auth.init_app(app)``.
The currently logged-in user can be retrieved at
``flask_login.current_user``, if any.
The views only depend on Flask-Login, but not the Flask-DigestAuth.
You can change the actual authentication mechanism without changing
the views.
Simple Applications with Flask-Login Integration
------------------------------------------------
In your ``my_app.py``:
::
import flask_login
from flask import Flask, request, redirect
from flask_digest_auth import DigestAuth
app: flask = Flask(__name__)
... (Configure the Flask application) ...
login_manager: flask_login.LoginManager = flask_login.LoginManager()
login_manager.init_app(app)
@login_manager.user_loader
def load_user(user_id: str) -> t.Optional[User]:
... (Load the user with the username) ...
auth: DigestAuth = DigestAuth(realm="Admin")
auth.init_app(app)
@auth.register_get_password
def get_password_hash(username: str) -> t.Optional[str]:
... (Load the password hash) ...
@app.get("/admin")
@flask_login.login_required
def admin():
return f"Hello, {flask_login.current_user.get_id()}!"
@app.post("/logout")
@flask_login.login_required
def logout():
auth.logout()
# Do not call flask_login.logout_user()
return redirect(request.form.get("next"))
Larger Applications with ``create_app()`` with Flask-Login Integration
----------------------------------------------------------------------
In your ``my_app/__init__.py``:
::
from flask import Flask
from flask_digest_auth import DigestAuth
from flask_login import LoginManager
auth: DigestAuth = DigestAuth()
def create_app(test_config = None) -> Flask:
app: flask = Flask(__name__)
... (Configure the Flask application) ...
login_manager: LoginManager = LoginManager()
login_manager.init_app(app)
@login_manager.user_loader
def load_user(user_id: str) -> t.Optional[User]:
... (Load the user with the username) ...
auth.realm = app.config["REALM"]
auth.init_app(app)
@auth.register_get_password
def get_password_hash(username: str) -> t.Optional[str]:
... (Load the password hash) ...
return app
In your ``my_app/views.py``:
::
import flask_login
from flask import Flask, Blueprint, request, redirect
from my_app import auth
bp = Blueprint("admin", __name__, url_prefix="/admin")
@bp.get("/admin")
@flask_login.login_required
def admin():
return f"Hello, {flask_login.current_user.get_id()}!"
@app.post("/logout")
@flask_login.login_required
def logout():
auth.logout()
# Do not call flask_login.logout_user()
return redirect(request.form.get("next"))
def init_app(app: Flask) -> None:
app.register_blueprint(bp)
The views only depend on Flask-Login, but not the actual
authentication mechanism. You can change the actual authentication
mechanism without changing the views.
Session Integration
===================
Flask-DigestAuth features session integration. The user log in
is remembered in the session. The authentication information is not
requested again. This is different to the practice of the HTTP Digest
Authentication, but is convenient for the log in accounting.
Log In Bookkeeping
==================
You can register a callback to run when the user logs in, for ex.,
logging the log in event, adding the log in counter, etc.
::
@auth.register_on_login
def on_login(user: User) -> None:
user.visits = user.visits + 1
Log Out
=======
Flask-DigestAuth supports log out. The user will be prompted for the
new username and password.
Test Client
===========
Flask-DigestAuth comes with a test client that supports HTTP digest
authentication.
A unittest Test Case
--------------------
::
from flask import Flask
from flask_digest_auth import Client
from flask_testing import TestCase
from my_app import create_app
class MyTestCase(TestCase):
def create_app(self):
app: Flask = create_app({
"SECRET_KEY": token_urlsafe(32),
"TESTING": True
})
app.test_client_class = Client
return app
def test_admin(self):
response = self.client.get("/admin")
self.assertEqual(response.status_code, 401)
response = self.client.get(
"/admin", digest_auth=(USERNAME, PASSWORD))
self.assertEqual(response.status_code, 200)
A pytest Test
-------------
::
import pytest
from flask import Flask
from flask_digest_auth import Client
from my_app import create_app
@pytest.fixture()
def app():
app: Flask = create_app({
"SECRET_KEY": token_urlsafe(32),
"TESTING": True
})
app.test_client_class = Client
yield app
@pytest.fixture()
def client(app):
return app.test_client()
def test_admin(app: Flask, client: Client):
with app.app_context():
response = client.get("/admin")
assert response.status_code == 401
response = client.get(
"/admin", digest_auth=(USERNAME, PASSWORD))
assert response.status_code == 200
Refer to the `change log`_.
Copyright
@ -415,5 +91,6 @@ Authors
.. _RFC 2617: https://www.rfc-editor.org/rfc/rfc2617
.. _Flask: https://flask.palletsprojects.com
.. _Flask-DigestAuth GitHub repository: https://github.com/imacat/flask-digestauth
.. _Flask-DigestAuth readthedocs documentation: https://flask-digestauth.readthedocs.io
.. _Flask-Login: https://flask-login.readthedocs.io
.. _documentation on Read the Docs: https://flask-digestauth.readthedocs.io
.. _change log: https://flask-digestauth.readthedocs.io/en/latest/changelog.html

1
docs/requirements.txt
View File

@ -1 +0,0 @@
flask

142
docs/source/changelog.rst Normal file
View File

@ -0,0 +1,142 @@
Change Log
==========
Version 0.6.2
-------------
Released 2023/6/10
* Changed logging from STDERR to the Flask logger.
* Test case updates:
* Added missing documentation.
* Changed properties from public to private.
* Disabled logging.
Version 0.6.1
-------------
Released 2023/5/3
* Revised the code for the upcoming Werkzeug 2.4.
Version 0.6.0
-------------
Released 2023/4/26
* Updated the minimal Python version to 3.8.
* Switched from ``setup.cfg`` to ``pyproject.toml``.
* Added the change log.
* Simplified ``README.rst``.
Version 0.5.0
-------------
Released 2023/1/6
* Added the ``DIGEST_AUTH_REALM`` configuration variable as the
recommended way to set the authentication realm.
* Changed the default realm from an empty string to
``Login Required``.
Version 0.4.0
-------------
Released 2023/1/4
* Changed the package name from ``flask-digest-auth`` to
``Flask-DigestAuth``, according to the Flask recommended extension
guidelines
https://flask.palletsprojects.com/en/latest/extensiondev/ .
* Replaced ``app.digest_auth`` with ``app.extensions["digest-auth"]``
to store the ``DigestAuth`` instance.
* Replaced ``auth.app`` with ``current_app``, to prevent circular
imports.
Version 0.3.1
-------------
Released 2022/12/29
Fixed the missing authentication state with disabled users.
Version 0.3.0
-------------
Released 2022/12/7
Changed the visibility of several methods and properties of the
DigestAuth class that should be private to private.
Version 0.2.4
-------------
Released 2022/12/6
Fixed the pytest example in the documentation.
Version 0.2.3
-------------
Released 2022/12/6
Fixed the dependencies for the documentation hosted on Read the Docs.
Version 0.2.2
-------------
Released 2022/12/6
Added the Sphinx documentation, and hosted the documentation on
Read the Docs.
Version 0.2.1
-------------
Released 2022/12/6
Various fixes, with the help from SonarQube.
Version 0.2.0
-------------
Released 2022/11/27
* Added log out support. User can log out.
* Added on-login event handler. You can do some accounting when the
user logs in.
This release is written in Sydney and on the international flight,
and released in Taipei.
Version 0.1.1
-------------
Released 2022/11/24
Changed the minimal Python version to 3.7.
Released at Sydney, Australia on vacation.
Version 0.1.0
-------------
Released 2022/11/24
The initial release.
Released at Sydney, Australia on vacation.

3
docs/source/conf.py
View File

@ -6,6 +6,7 @@ import os
import sys
sys.path.insert(0, os.path.abspath('../../src/'))
import flask_digest_auth
# -- Project information -----------------------------------------------------
# https://www.sphinx-doc.org/en/master/usage/configuration.html#project-information
@ -13,7 +14,7 @@ sys.path.insert(0, os.path.abspath('../../src/'))
project = 'Flask-DigestAuth'
copyright = '2022-2023, imacat'
author = 'imacat'
release = '0.4.0'
release = flask_digest_auth.VERSION
# -- General configuration ---------------------------------------------------
# https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration

12
docs/source/examples.rst
View File

@ -17,7 +17,7 @@ In your ``my_app.py``:
app: flask = Flask(__name__)
... (Configure the Flask application) ...
auth: DigestAuth = DigestAuth(realm="Admin")
auth: DigestAuth = DigestAuth()
auth.init_app(app)
@auth.register_get_password
@ -58,7 +58,6 @@ In your ``my_app/__init__.py``:
app: flask = Flask(__name__)
... (Configure the Flask application) ...
auth.realm = app.config["REALM"]
auth.init_app(app)
@auth.register_get_password
@ -118,7 +117,7 @@ In your ``my_app.py``:
def load_user(user_id: str) -> t.Optional[User]:
... (Load the user with the username) ...
auth: DigestAuth = DigestAuth(realm="Admin")
auth: DigestAuth = DigestAuth()
auth.init_app(app)
@auth.register_get_password
@ -164,7 +163,6 @@ In your ``my_app/__init__.py``:
def load_user(user_id: str) -> t.Optional[User]:
... (Load the user with the username) ...
auth.realm = app.config["REALM"]
auth.init_app(app)
@auth.register_get_password
@ -219,8 +217,9 @@ A unittest Test Case
def create_app(self):
app: Flask = create_app({
"TESTING": True,
"SECRET_KEY": token_urlsafe(32),
"TESTING": True
"DIGEST_AUTH_REALM": "admin",
})
app.test_client_class = Client
return app
@ -249,8 +248,9 @@ A pytest Test
@pytest.fixture()
def app():
app: Flask = create_app({
"TESTING": True,
"SECRET_KEY": token_urlsafe(32),
"TESTING": True
"DIGEST_AUTH_REALM": "admin",
})
app.test_client_class = Client
yield app

1
docs/source/index.rst
View File

@ -19,6 +19,7 @@ HTTP Digest Authentication is specified in `RFC 2617`_.
intro
flask_digest_auth
examples
changelog

7
docs/source/intro.rst
View File

@ -46,6 +46,13 @@ You may also install the latest source from the
pip install git+https://github.com/imacat/flask-digestauth.git
Configuration
-------------
Flask-DigestAuth takes the configuration ``DIGEST_AUTH_REALM`` as the
realm. The default realm is ``Login Required``.
Setting the Password
--------------------

39
pyproject.toml
View File

@ -1,7 +1,7 @@
# The Flask HTTP Digest Authentication Project.
# Author: imacat@mail.imacat.idv.tw (imacat), 2022/11/23
# Copyright (c) 2022 imacat.
# Copyright (c) 2022-2023 imacat.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -15,6 +15,43 @@
# See the License for the specific language governing permissions and
# limitations under the License.
[project]
name = "Flask-DigestAuth"
dynamic = ["version"]
description = "The Flask HTTP Digest Authentication project."
readme = "README.rst"
requires-python = ">=3.8"
authors = [
{name = "imacat", email = "imacat@mail.imacat.idv.tw"},
]
keywords = ["flask", "digest-authentication"]
classifiers = [
"Programming Language :: Python :: 3",
"License :: OSI Approved :: Apache Software License",
"Operating System :: OS Independent",
"Framework :: Flask",
"Topic :: System :: Systems Administration :: Authentication/Directory",
"Intended Audience :: Developers",
]
dependencies = [
"flask",
]
[project.optional-dependencies]
test = [
"unittest",
"flask-testing",
]
[project.urls]
"Documentation" = "https://flask-digestauth.readthedocs.io"
"Change Log" = "https://mia-accounting.readthedocs.io/en/latest/changelog.html"
"Repository" = "https://github.com/imacat/flask-digestauth"
"Bug Tracker" = "https://github.com/imacat/flask-digestauth/issues"
[build-system]
requires = ["setuptools>=42"]
build-backend = "setuptools.build_meta"
[tool.setuptools.dynamic]
version = {attr = "flask_digest_auth.VERSION"}

53
setup.cfg
View File

@ -1,53 +0,0 @@
# The Flask HTTP Digest Authentication Project.
# Author: imacat@mail.imacat.idv.tw (imacat), 2022/11/23
# Copyright (c) 2022-2023 imacat.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[metadata]
name = Flask-DigestAuth
version = 0.4.0
author = imacat
author_email = imacat@mail.imacat.idv.tw
description = The Flask HTTP Digest Authentication project.
long_description = file: README.rst
long_description_content_type = text/x-rst
url = https://github.com/imacat/flask-digestauth
project_urls =
Bug Tracker = https://github.com/imacat/flask-digestauth/issues
classifiers =
Programming Language :: Python :: 3
License :: OSI Approved :: Apache Software License
Operating System :: OS Independent
Framework :: Flask
Topic :: System :: Systems Administration :: Authentication/Directory
Intended Audience :: Developers
[options]
package_dir =
= src
packages = find:
python_requires = >=3.7
install_requires =
flask
tests_require =
unittest
flask-testing
[options.packages.find]
where = src
[options.extras_require]
flask_login =
flask-login

3
src/flask_digest_auth/__init__.py
View File

@ -21,3 +21,6 @@
from flask_digest_auth.algo import make_password_hash, calc_response
from flask_digest_auth.auth import DigestAuth
from flask_digest_auth.test import Client
VERSION: str = "0.6.2"
"""The package version."""

10
src/flask_digest_auth/algo.py
View File

@ -20,8 +20,8 @@
"""
from __future__ import annotations
import typing as t
from hashlib import md5
from typing import Optional, Literal
def make_password_hash(realm: str, username: str, password: str) -> str:
@ -44,10 +44,10 @@ def make_password_hash(realm: str, username: str, password: str) -> str:
def calc_response(
method: str, uri: str, password_hash: str,
nonce: str, qop: t.Optional[t.Literal["auth", "auth-int"]] = None,
algorithm: t.Optional[t.Literal["MD5", "MD5-sess"]] = "MD5-sess",
cnonce: t.Optional[str] = None, nc: t.Optional[str] = None,
body: t.Optional[bytes] = None) -> str:
nonce: str, qop: Optional[Literal["auth", "auth-int"]] = None,
algorithm: Optional[Literal["MD5", "MD5-sess"]] = "MD5-sess",
cnonce: Optional[str] = None, nc: Optional[str] = None,
body: Optional[bytes] = None) -> str:
"""Calculates the response value of the HTTP digest authentication.
:param method: The request method.

147
src/flask_digest_auth/auth.py
View File

@ -23,9 +23,9 @@ See `RFC 2617`_ HTTP Authentication: Basic and Digest Access Authentication
from __future__ import annotations
import sys
import typing as t
from functools import wraps
from secrets import token_urlsafe, randbits
from typing import Any, Optional, Literal, Callable, List
from flask import g, request, Response, session, abort, Flask, Request, \
current_app
@ -38,7 +38,7 @@ from flask_digest_auth.algo import calc_response
class DigestAuth:
"""The HTTP digest authentication."""
def __init__(self, realm: t.Optional[str] = None):
def __init__(self, realm: Optional[str] = None):
"""Constructs the HTTP digest authentication.
:param realm: The realm.
@ -46,18 +46,17 @@ class DigestAuth:
self.__serializer: URLSafeTimedSerializer \
= URLSafeTimedSerializer(token_urlsafe(32))
"""The serializer to generate and validate the nonce and opaque."""
self.realm: str = "" if realm is None else realm
"""The realm. Default is an empty string."""
self.algorithm: t.Optional[t.Literal["MD5", "MD5-sess"]] = None
self.realm: str = "Login Required" if realm is None else realm
"""The realm. Default is "Login Required"."""
self.algorithm: Optional[Literal["MD5", "MD5-sess"]] = None
"""The algorithm, either None, ``MD5``, or ``MD5-sess``. Default is
None."""
self.use_opaque: bool = True
"""Whether to use an opaque. Default is True."""
self.__domain: t.List[str] = []
self.__domain: List[str] = []
"""A list of directories that this username and password applies to.
Default is empty."""
self.__qop: t.List[t.Literal["auth", "auth-int"]] \
= ["auth", "auth-int"]
self.__qop: List[Literal["auth", "auth-int"]] = ["auth", "auth-int"]
"""A list of supported quality of protection supported, either
``qop``, ``auth-int``, both, or empty. Default is both."""
self.__get_password_hash: BasePasswordHashGetter \
@ -68,7 +67,7 @@ class DigestAuth:
self.__on_login: BaseOnLogInCallback = BaseOnLogInCallback()
"""The callback to run when the user logs in."""
def login_required(self, view) -> t.Callable:
def login_required(self, view) -> Callable:
"""The view decorator for the HTTP digest authentication.
:Example:
@ -89,7 +88,7 @@ class DigestAuth:
class NoLogInException(Exception):
"""The exception thrown when the user is not authorized."""
def get_logged_in_user() -> t.Any:
def get_logged_in_user() -> Any:
"""Returns the currently logged-in user.
:return: The currently logged-in user.
@ -97,13 +96,13 @@ class DigestAuth:
"""
if "user" not in session:
raise NoLogInException
user: t.Optional[t.Any] = self.__get_user(session["user"])
user: Optional[Any] = self.__get_user(session["user"])
if user is None:
del session["user"]
raise NoLogInException
return user
def auth_user(state: AuthState) -> t.Any:
def auth_user(state: AuthState) -> Any:
"""Authenticates a user.
:param state: The authentication state.
@ -121,7 +120,7 @@ class DigestAuth:
return self.__get_user(authorization.username)
@wraps(view)
def login_required_view(*args, **kwargs) -> t.Any:
def login_required_view(*args, **kwargs) -> Any:
"""The login-protected view.
:param args: The positional arguments of the view.
@ -141,7 +140,7 @@ class DigestAuth:
return view(*args, **kwargs)
except UnauthorizedException as e:
if len(e.args) > 0:
sys.stderr.write(e.args[0] + "\n")
current_app.logger.warning(e.args[0])
response: Response = Response()
response.status = 401
response.headers["WWW-Authenticate"] \
@ -171,7 +170,7 @@ class DigestAuth:
except BadData:
raise UnauthorizedException("Invalid opaque")
state.opaque = authorization.opaque
password_hash: t.Optional[str] \
password_hash: Optional[str] \
= self.__get_password_hash(authorization.username)
if password_hash is None:
raise UnauthorizedException(
@ -202,7 +201,7 @@ class DigestAuth:
:return: The ``WWW-Authenticate`` response header.
"""
def get_opaque() -> t.Optional[str]:
def get_opaque() -> Optional[str]:
"""Returns the opaque value.
:return: The opaque value.
@ -213,7 +212,7 @@ class DigestAuth:
return state.opaque
return self.__serializer.dumps(randbits(32), salt="opaque")
opaque: t.Optional[str] = get_opaque()
opaque: Optional[str] = get_opaque()
nonce: str = self.__serializer.dumps(
randbits(32),
salt="nonce" if opaque is None else f"nonce-{opaque}")
@ -226,7 +225,7 @@ class DigestAuth:
if opaque is not None:
header += f", opaque=\"{opaque}\""
if state.stale is not None:
header += f", stale=TRUE" if state.stale else f", stale=FALSE"
header += ", stale=TRUE" if state.stale else ", stale=FALSE"
if self.algorithm is not None:
header += f", algorithm=\"{self.algorithm}\""
if len(self.__qop) > 0:
@ -234,7 +233,7 @@ class DigestAuth:
header += f", qop=\"{qop_list}\""
return header
def register_get_password(self, func: t.Callable[[str], t.Optional[str]])\
def register_get_password(self, func: Callable[[str], Optional[str]]) \
-> None:
"""The decorator to register the callback to obtain the password hash.
@ -256,7 +255,7 @@ class DigestAuth:
"""The base password hash getter."""
@staticmethod
def __call__(username: str) -> t.Optional[str]:
def __call__(username: str) -> Optional[str]:
"""Returns the password hash of a user.
:param username: The username.
@ -266,8 +265,7 @@ class DigestAuth:
self.__get_password_hash = PasswordHashGetter()
def register_get_user(self, func: t.Callable[[str], t.Optional[t.Any]])\
-> None:
def register_get_user(self, func: Callable[[str], Optional[Any]]) -> None:
"""The decorator to register the callback to obtain the user.
:Example:
@ -287,7 +285,7 @@ class DigestAuth:
"""The user getter."""
@staticmethod
def __call__(username: str) -> t.Optional[t.Any]:
def __call__(username: str) -> Optional[Any]:
"""Returns a user.
:param username: The username.
@ -297,7 +295,7 @@ class DigestAuth:
self.__get_user = UserGetter()
def register_on_login(self, func: t.Callable[[t.Any], None]) -> None:
def register_on_login(self, func: Callable[[Any], None]) -> None:
"""The decorator to register the callback to run when the user logs in.
:Example:
@ -316,7 +314,7 @@ class DigestAuth:
"""The callback when the user logs in."""
@staticmethod
def __call__(user: t.Any) -> None:
def __call__(user: Any) -> None:
"""Runs the callback when the user logs in.
:param user: The logged-in user.
@ -336,60 +334,67 @@ class DigestAuth:
app: flask = Flask(__name__)
auth: DigestAuth = DigestAuth()
auth.realm = "My Admin"
auth.init_app(app)
:param app: The Flask application.
:return: None.
"""
app.extensions["digest_auth"] = self
if "DIGEST_AUTH_REALM" in app.config:
self.realm = app.config["DIGEST_AUTH_REALM"]
if hasattr(app, "login_manager"):
from flask_login import LoginManager, login_user
self.__init_login_manager(app)
login_manager: LoginManager = getattr(app, "login_manager")
def __init_login_manager(self, app: Flask) -> None:
"""Initializes the Flask-Login login manager.
@login_manager.unauthorized_handler
def unauthorized() -> None:
"""Handles when the user is unauthorized.
:param app: The Flask application.
:return: None.
"""
from flask_login import LoginManager, login_user
login_manager: LoginManager = getattr(app, "login_manager")
:return: None.
"""
state: AuthState = getattr(request, "_digest_auth_state") \
if hasattr(request, "_digest_auth_state") \
else AuthState()
response: Response = Response()
response.status = 401
response.headers["WWW-Authenticate"] \
= self.__make_response_header(state)
abort(response)
@login_manager.unauthorized_handler
def unauthorized() -> None:
"""Handles when the user is unauthorized.
@login_manager.request_loader
def load_user_from_request(req: Request) -> t.Optional[t.Any]:
"""Loads the user from the request header.
:return: None.
"""
state: AuthState = getattr(request, "_digest_auth_state") \
if hasattr(request, "_digest_auth_state") \
else AuthState()
response: Response = Response()
response.status = 401
response.headers["WWW-Authenticate"] \
= self.__make_response_header(state)
abort(response)
:param req: The request.
:return: The authenticated user, or None if the
authentication fails
"""
request._digest_auth_state = AuthState()
authorization: Authorization = req.authorization
try:
if authorization is None:
raise UnauthorizedException
if authorization.type != "digest":
raise UnauthorizedException(
"Not an HTTP digest authorization")
self.__authenticate(request._digest_auth_state)
user = login_manager.user_callback(
authorization.username)
login_user(user)
self.__on_login(user)
return user
except UnauthorizedException as e:
if str(e) != "":
app.logger.warning(str(e))
return None
@login_manager.request_loader
def load_user_from_request(req: Request) -> Optional[Any]:
"""Loads the user from the request header.
:param req: The request.
:return: The authenticated user, or None if the
authentication fails
"""
request._digest_auth_state = AuthState()
authorization: Authorization = req.authorization
try:
if authorization is None:
raise UnauthorizedException
if authorization.type != "digest":
raise UnauthorizedException(
"Not an HTTP digest authorization")
self.__authenticate(request._digest_auth_state)
user = login_manager.user_callback(authorization.username)
login_user(user)
self.__on_login(user)
return user
except UnauthorizedException as e:
if str(e) != "":
app.logger.warning(str(e))
return None
def logout(self) -> None:
"""Logs out the user.
@ -427,9 +432,9 @@ class AuthState:
def __init__(self):
"""Constructs the authorization state."""
self.opaque: t.Optional[str] = None
self.opaque: Optional[str] = None
"""The opaque value specified by the client, if valid."""
self.stale: t.Optional[bool] = None
self.stale: Optional[bool] = None
"""The stale value, if there is a previous log in attempt."""
@ -446,7 +451,7 @@ class BasePasswordHashGetter:
"""
@staticmethod
def __call__(username: str) -> t.Optional[str]:
def __call__(username: str) -> Optional[str]:
"""Returns the password hash of a user.
:param username: The username.
@ -467,7 +472,7 @@ class BaseUserGetter:
"""
@staticmethod
def __call__(username: str) -> t.Optional[t.Any]:
def __call__(username: str) -> Optional[Any]:
"""Returns a user.
:param username: The username.
@ -487,7 +492,7 @@ class BaseOnLogInCallback:
"""
@staticmethod
def __call__(user: t.Any) -> None:
def __call__(user: Any) -> None:
"""Runs the callback when the user logs in.
:param user: The logged-in user.

15
src/flask_digest_auth/test.py
View File

@ -18,11 +18,12 @@
"""The test client with HTTP digest authentication enabled.
"""
import typing as t
from secrets import token_urlsafe
from typing import Optional, Literal, Tuple, Dict
from flask import g
from werkzeug.datastructures import Authorization, WWWAuthenticate
from werkzeug.http import parse_set_header
from werkzeug.test import TestResponse, Client as WerkzeugClient
from flask_digest_auth.algo import calc_response, make_password_hash
@ -83,7 +84,7 @@ class Client(WerkzeugClient):
.. _pytest: https://pytest.org
"""
def open(self, *args, digest_auth: t.Optional[t.Tuple[str, str]] = None,
def open(self, *args, digest_auth: Optional[Tuple[str, str]] = None,
**kwargs) -> TestResponse:
"""Opens a request.
@ -117,14 +118,14 @@ class Client(WerkzeugClient):
:param password: The password.
:return: The request authorization.
"""
qop: t.Optional[t.Literal["auth", "auth-int"]] = None
if www_authenticate.qop is not None and "auth" in www_authenticate.qop:
qop: Optional[Literal["auth", "auth-int"]] = None
if "auth" in parse_set_header(www_authenticate.get("qop")):
qop = "auth"
cnonce: t.Optional[str] = None
cnonce: Optional[str] = None
if qop is not None or www_authenticate.algorithm == "MD5-sess":
cnonce = token_urlsafe(8)
nc: t.Optional[str] = None
nc: Optional[str] = None
count: int = 1
if qop is not None:
nc: str = hex(count)[2:].zfill(8)
@ -137,7 +138,7 @@ class Client(WerkzeugClient):
algorithm=www_authenticate.algorithm, cnonce=cnonce, nc=nc,
body=None)
data: t.Dict[str, str] = {
data: Dict[str, str] = {
"username": username, "realm": www_authenticate.realm,
"nonce": www_authenticate.nonce, "uri": uri, "response": expected}
if www_authenticate.algorithm is not None:

12
tests/test_algo.py
View File

@ -18,8 +18,8 @@
"""The test case for the HTTP digest authentication algorithm.
"""
import typing as t
import unittest
from typing import Optional, Literal
from flask_digest_auth import make_password_hash, calc_response
@ -39,11 +39,11 @@ class AlgorithmTestCase(unittest.TestCase):
method: str = "GET"
uri: str = "/dir/index.html"
nonce: str = "dcd98b7102dd2f0e8b11d0f600bfb0c093"
qop: t.Optional[t.Literal["auth", "auth-int"]] = "auth"
algorithm: t.Optional[t.Literal["MD5", "MD5-sess"]] = None
cnonce: t.Optional[str] = "0a4f113b"
nc: t.Optional[str] = "00000001"
body: t.Optional[bytes] = None
qop: Optional[Literal["auth", "auth-int"]] = "auth"
algorithm: Optional[Literal["MD5", "MD5-sess"]] = None
cnonce: Optional[str] = "0a4f113b"
nc: Optional[str] = "00000001"
body: Optional[bytes] = None
password_hash: str = make_password_hash(realm, username, password)
response: str = calc_response(method, uri, password_hash, nonce, qop,

39
tests/test_auth.py
View File

@ -1,7 +1,7 @@
# The Flask HTTP Digest Authentication Project.
# Author: imacat@mail.imacat.idv.tw (imacat), 2022/10/22
# Copyright (c) 2022 imacat.
# Copyright (c) 2022-2023 imacat.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -18,8 +18,9 @@
"""The test case for the HTTP digest authentication.
"""
import typing as t
import logging
from secrets import token_urlsafe
from typing import Any, Optional, Dict
from flask import Response, Flask, g, redirect, request
from flask_testing import TestCase
@ -28,8 +29,11 @@ from werkzeug.datastructures import WWWAuthenticate, Authorization
from flask_digest_auth import DigestAuth, make_password_hash, Client
_REALM: str = "testrealm@host.com"
"""The realm."""
_USERNAME: str = "Mufasa"
"""The username."""
_PASSWORD: str = "Circle Of Life"
"""The password."""
class User:
@ -42,9 +46,11 @@ class User:
:param password: The clear-text password.
"""
self.username: str = username
self.password_hash: str = make_password_hash(
_REALM, username, password)
"""The username."""
self.password_hash: str = make_password_hash(_REALM, username, password)
"""The password hash."""
self.visits: int = 0
"""The number of visits."""
class AuthenticationTestCase(TestCase):
@ -55,20 +61,23 @@ class AuthenticationTestCase(TestCase):
:return: The Flask application.
"""
logging.getLogger("test_auth").addHandler(logging.NullHandler())
app: Flask = Flask(__name__)
app.config.from_mapping({
"TESTING": True,
"SECRET_KEY": token_urlsafe(32),
"TESTING": True
"DIGEST_AUTH_REALM": _REALM,
})
app.test_client_class = Client
auth: DigestAuth = DigestAuth(realm=_REALM)
auth: DigestAuth = DigestAuth()
auth.init_app(app)
self.user: User = User(_USERNAME, _PASSWORD)
user_db: t.Dict[str, User] = {_USERNAME: self.user}
self.__user: User = User(_USERNAME, _PASSWORD)
"""The user account."""
user_db: Dict[str, User] = {_USERNAME: self.__user}
@auth.register_get_password
def get_password_hash(username: str) -> t.Optional[str]:
def get_password_hash(username: str) -> Optional[str]:
"""Returns the password hash of a user.
:param username: The username.
@ -78,7 +87,7 @@ class AuthenticationTestCase(TestCase):
else None
@auth.register_get_user
def get_user(username: str) -> t.Optional[t.Any]:
def get_user(username: str) -> Optional[Any]:
"""Returns a user.
:param username: The username.
@ -141,7 +150,7 @@ class AuthenticationTestCase(TestCase):
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data.decode("UTF-8"),
f"Hello, {_USERNAME}! #2")
self.assertEqual(self.user.visits, 1)
self.assertEqual(self.__user.visits, 1)
def test_stale_opaque(self) -> None:
"""Tests the stale and opaque value.
@ -157,7 +166,7 @@ class AuthenticationTestCase(TestCase):
self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.type, "digest")
self.assertEqual(www_authenticate.stale, None)
self.assertIsNone(www_authenticate.get("stale"))
opaque: str = www_authenticate.opaque
www_authenticate.nonce = "bad"
@ -166,7 +175,7 @@ class AuthenticationTestCase(TestCase):
response = super(Client, self.client).get(admin_uri, auth=auth_data)
self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.stale, True)
self.assertEqual(www_authenticate.get("stale"), "TRUE")
self.assertEqual(www_authenticate.opaque, opaque)
auth_data = Client.make_authorization(
@ -174,7 +183,7 @@ class AuthenticationTestCase(TestCase):
response = super(Client, self.client).get(admin_uri, auth=auth_data)
self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.stale, False)
self.assertEqual(www_authenticate.get("stale"), "FALSE")
self.assertEqual(www_authenticate.opaque, opaque)
auth_data = Client.make_authorization(
@ -218,4 +227,4 @@ class AuthenticationTestCase(TestCase):
response = self.client.get(admin_uri)
self.assertEqual(response.status_code, 200)
self.assertEqual(self.user.visits, 2)
self.assertEqual(self.__user.visits, 2)

60
tests/test_flask_login.py
View File

@ -1,7 +1,7 @@
# The Flask HTTP Digest Authentication Project.
# Author: imacat@mail.imacat.idv.tw (imacat), 2022/11/23
# Copyright (c) 2022 imacat.
# Copyright (c) 2022-2023 imacat.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -18,8 +18,9 @@
"""The test case for the Flask-Login integration.
"""
import typing as t
import logging
from secrets import token_urlsafe
from typing import Optional, Dict
from flask import Response, Flask, g, redirect, request
from flask_testing import TestCase
@ -28,8 +29,11 @@ from werkzeug.datastructures import WWWAuthenticate, Authorization
from flask_digest_auth import DigestAuth, make_password_hash, Client
_REALM: str = "testrealm@host.com"
"""The realm."""
_USERNAME: str = "Mufasa"
"""The username."""
_PASSWORD: str = "Circle Of Life"
"""The password."""
class User:
@ -42,11 +46,15 @@ class User:
:param password: The clear-text password.
"""
self.username: str = username
self.password_hash: str = make_password_hash(
_REALM, username, password)
"""The username."""
self.password_hash: str = make_password_hash(_REALM, username, password)
"""The password hash."""
self.visits: int = 0
"""The number of visits."""
self.is_active: bool = True
"""True if the account is active, or False otherwise."""
self.is_anonymous: bool = False
"""True if the account is anonymous, or False otherwise."""
def get_id(self) -> str:
"""Returns the username.
@ -75,31 +83,35 @@ class FlaskLoginTestCase(TestCase):
:return: The Flask application.
"""
logging.getLogger("test_flask_login").addHandler(logging.NullHandler())
app: Flask = Flask(__name__)
app.config.from_mapping({
"TESTING": True,
"SECRET_KEY": token_urlsafe(32),
"TESTING": True
"DIGEST_AUTH_REALM": _REALM,
})
app.test_client_class = Client
self.has_flask_login: bool = True
self.__has_flask_login: bool = True
"""Whether the Flask-Login package is installed."""
try:
import flask_login
except ModuleNotFoundError:
self.has_flask_login = False
self.__has_flask_login = False
return app
login_manager: flask_login.LoginManager = flask_login.LoginManager()
login_manager.init_app(app)
auth: DigestAuth = DigestAuth(realm=_REALM)
auth: DigestAuth = DigestAuth()
auth.init_app(app)
self.user: User = User(_USERNAME, _PASSWORD)
user_db: t.Dict[str, User] = {_USERNAME: self.user}
self.__user: User = User(_USERNAME, _PASSWORD)
"""The user account."""
user_db: Dict[str, User] = {_USERNAME: self.__user}
@auth.register_get_password
def get_password_hash(username: str) -> t.Optional[str]:
def get_password_hash(username: str) -> Optional[str]:
"""Returns the password hash of a user.
:param username: The username.
@ -118,7 +130,7 @@ class FlaskLoginTestCase(TestCase):
user.visits = user.visits + 1
@login_manager.user_loader
def load_user(user_id: str) -> t.Optional[User]:
def load_user(user_id: str) -> Optional[User]:
"""Loads a user.
:param user_id: The username.
@ -161,7 +173,7 @@ class FlaskLoginTestCase(TestCase):
:return: None.
"""
if not self.has_flask_login:
if not self.__has_flask_login:
self.skipTest("Skipped without Flask-Login.")
response: Response = self.client.get(self.app.url_for("admin-1"))
@ -175,14 +187,14 @@ class FlaskLoginTestCase(TestCase):
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data.decode("UTF-8"),
f"Hello, {_USERNAME}! #2")
self.assertEqual(self.user.visits, 1)
self.assertEqual(self.__user.visits, 1)
def test_stale_opaque(self) -> None:
"""Tests the stale and opaque value.
:return: None.
"""
if not self.has_flask_login:
if not self.__has_flask_login:
self.skipTest("Skipped without Flask-Login.")
admin_uri: str = self.app.url_for("admin-1")
@ -194,7 +206,7 @@ class FlaskLoginTestCase(TestCase):
self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.type, "digest")
self.assertEqual(www_authenticate.stale, None)
self.assertIsNone(www_authenticate.get("stale"))
opaque: str = www_authenticate.opaque
if hasattr(g, "_login_user"):
@ -205,7 +217,7 @@ class FlaskLoginTestCase(TestCase):
response = super(Client, self.client).get(admin_uri, auth=auth_data)
self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.stale, True)
self.assertEqual(www_authenticate.get("stale"), "TRUE")
self.assertEqual(www_authenticate.opaque, opaque)
if hasattr(g, "_login_user"):
@ -215,7 +227,7 @@ class FlaskLoginTestCase(TestCase):
response = super(Client, self.client).get(admin_uri, auth=auth_data)
self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.stale, False)
self.assertEqual(www_authenticate.get("stale"), "FALSE")
self.assertEqual(www_authenticate.opaque, opaque)
if hasattr(g, "_login_user"):
@ -230,7 +242,7 @@ class FlaskLoginTestCase(TestCase):
:return: None.
"""
if not self.has_flask_login:
if not self.__has_flask_login:
self.skipTest("Skipped without Flask-Login.")
admin_uri: str = self.app.url_for("admin-1")
@ -264,33 +276,33 @@ class FlaskLoginTestCase(TestCase):
response = self.client.get(admin_uri)
self.assertEqual(response.status_code, 200)
self.assertEqual(self.user.visits, 2)
self.assertEqual(self.__user.visits, 2)
def test_disabled(self) -> None:
"""Tests the disabled user.
:return: None.
"""
if not self.has_flask_login:
if not self.__has_flask_login:
self.skipTest("Skipped without Flask-Login.")
response: Response
self.user.is_active = False
self.__user.is_active = False
response = self.client.get(self.app.url_for("admin-1"))
self.assertEqual(response.status_code, 401)
response = self.client.get(self.app.url_for("admin-1"),
digest_auth=(_USERNAME, _PASSWORD))
self.assertEqual(response.status_code, 401)
self.user.is_active = True
self.__user.is_active = True
response = self.client.get(self.app.url_for("admin-1"),
digest_auth=(_USERNAME, _PASSWORD))
self.assertEqual(response.status_code, 200)
response = self.client.get(self.app.url_for("admin-1"))
self.assertEqual(response.status_code, 200)
self.user.is_active = False
self.__user.is_active = False
response = self.client.get(self.app.url_for("admin-1"))
self.assertEqual(response.status_code, 401)
response = self.client.get(self.app.url_for("admin-1"),