imacat/flask-digestauth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 16 Wiki Activity

Compare commits

base: imacat:v0.6.0
Branches Tags
imacat:main
imacat:v0.7.1 imacat:v0.7.0 imacat:v0.6.2 imacat:v0.6.1 imacat:v0.6.0 imacat:v0.5.0 imacat:v0.4.0 imacat:v0.3.1 imacat:v0.3.0 imacat:v0.2.4 imacat:v0.2.3 imacat:v0.2.2 imacat:v0.2.1 imacat:v0.2.0 imacat:v0.1.1 imacat:v0.1.0
...
compare: imacat:a5188c9aa1e7ba35690cc68d43d9ff7c23e942ca
Branches Tags
imacat:main
imacat:v0.7.1 imacat:v0.7.0 imacat:v0.6.2 imacat:v0.6.1 imacat:v0.6.0 imacat:v0.5.0 imacat:v0.4.0 imacat:v0.3.1 imacat:v0.3.0 imacat:v0.2.4 imacat:v0.2.3 imacat:v0.2.2 imacat:v0.2.1 imacat:v0.2.0 imacat:v0.1.1 imacat:v0.1.0

10 Commits
v0.6.0 ... a5188c9aa1

Author SHA1 Message Date
依瑪貓
a5188c9aa1 Advanced to version 0.6.2. 2023-06-10 16:26:39 +08:00
imacat
b62b98bd51 Changed the properties of the test cases from public to private. 2023-06-08 17:28:35 +08:00
imacat
877f02fe82 Added missing documentation to the global variables and class and object properties. 2023-06-08 17:20:24 +08:00
依瑪貓
bc888195ad Disabled logging in the AuthenticationTestCase and FlaskLoginTestCase test cases, for clearer test output. 2023-05-03 08:08:51 +08:00
依瑪貓
8e69733cf6 Updated the login_required view decorator of the DigestAuth class, replaced writing to STDERR directly with warning through the Flask logger. 2023-05-03 08:05:28 +08:00
依瑪貓
f04ea7ac18 Advanced to version 0.6.1. 2023-05-03 06:59:27 +08:00
依瑪貓
15ea650ddd Revised the code that handles the "qop" and "stale" parameters of the "WWW-Authenticate" response HTTP header for the upcoming Werkzeug 2.4. 2023-05-03 06:58:14 +08:00
依瑪貓
5b255b6504 Split the Flask-Login login manager initialization from the init_app method to the __init_login_manager method in the DigestAuth class, to simplify the code. 2023-04-29 11:17:11 +08:00
依瑪貓
919b8d0dc3 Removed the unnecessary f-string in the __make_response_header method of the DigestAuth class. 2023-04-29 10:44:15 +08:00
依瑪貓
604ed0be27 Updated the Python version in the Read the Docs configuration. 2023-04-27 09:09:00 +08:00
7 changed files with 118 additions and 71 deletions
Expand all files Collapse all files

2
.readthedocs.yaml
View File

@ -26,7 +26,7 @@ version: 2
build: build:
os: ubuntu-22.04 os: ubuntu-22.04
tools: tools:
python: "3.7" python: "3.8"
# Build documentation in the docs/ directory with Sphinx # Build documentation in the docs/ directory with Sphinx

20
docs/source/changelog.rst
View File

@ -2,6 +2,26 @@ Change Log
========== ==========
Version 0.6.2
-------------
Released 2023/6/10
* Changed logging from STDERR to the Flask logger.
* Test case updates:
* Added missing documentation.
* Changed properties from public to private.
* Disabled logging.
Version 0.6.1
-------------
Released 2023/5/3
* Revised the code for the upcoming Werkzeug 2.4.
Version 0.6.0 Version 0.6.0
------------- -------------

2
src/flask_digest_auth/__init__.py
View File

@ -22,5 +22,5 @@ from flask_digest_auth.algo import make_password_hash, calc_response
from flask_digest_auth.auth import DigestAuth from flask_digest_auth.auth import DigestAuth
from flask_digest_auth.test import Client from flask_digest_auth.test import Client
VERSION: str = "0.6.0" VERSION: str = "0.6.2"
"""The package version.""" """The package version."""

89
src/flask_digest_auth/auth.py
View File

@ -140,7 +140,7 @@ class DigestAuth:
return view(*args, **kwargs) return view(*args, **kwargs)
except UnauthorizedException as e: except UnauthorizedException as e:
if len(e.args) > 0: if len(e.args) > 0:
sys.stderr.write(e.args[0] + "\n") current_app.logger.warning(e.args[0])
response: Response = Response() response: Response = Response()
response.status = 401 response.status = 401
response.headers["WWW-Authenticate"] \ response.headers["WWW-Authenticate"] \
@ -225,7 +225,7 @@ class DigestAuth:
if opaque is not None: if opaque is not None:
header += f", opaque=\"{opaque}\"" header += f", opaque=\"{opaque}\""
if state.stale is not None: if state.stale is not None:
header += f", stale=TRUE" if state.stale else f", stale=FALSE" header += ", stale=TRUE" if state.stale else ", stale=FALSE"
if self.algorithm is not None: if self.algorithm is not None:
header += f", algorithm=\"{self.algorithm}\"" header += f", algorithm=\"{self.algorithm}\""
if len(self.__qop) > 0: if len(self.__qop) > 0:
@ -344,50 +344,57 @@ class DigestAuth:
self.realm = app.config["DIGEST_AUTH_REALM"] self.realm = app.config["DIGEST_AUTH_REALM"]
if hasattr(app, "login_manager"): if hasattr(app, "login_manager"):
from flask_login import LoginManager, login_user self.__init_login_manager(app)
login_manager: LoginManager = getattr(app, "login_manager") def __init_login_manager(self, app: Flask) -> None:
"""Initializes the Flask-Login login manager.
@login_manager.unauthorized_handler :param app: The Flask application.
def unauthorized() -> None: :return: None.
"""Handles when the user is unauthorized. """
from flask_login import LoginManager, login_user
login_manager: LoginManager = getattr(app, "login_manager")
:return: None. @login_manager.unauthorized_handler
""" def unauthorized() -> None:
state: AuthState = getattr(request, "_digest_auth_state") \ """Handles when the user is unauthorized.
if hasattr(request, "_digest_auth_state") \
else AuthState()
response: Response = Response()
response.status = 401
response.headers["WWW-Authenticate"] \
= self.__make_response_header(state)
abort(response)
@login_manager.request_loader :return: None.
def load_user_from_request(req: Request) -> Optional[Any]: """
"""Loads the user from the request header. state: AuthState = getattr(request, "_digest_auth_state") \
if hasattr(request, "_digest_auth_state") \
else AuthState()
response: Response = Response()
response.status = 401
response.headers["WWW-Authenticate"] \
= self.__make_response_header(state)
abort(response)
:param req: The request. @login_manager.request_loader
:return: The authenticated user, or None if the def load_user_from_request(req: Request) -> Optional[Any]:
authentication fails """Loads the user from the request header.
"""
request._digest_auth_state = AuthState() :param req: The request.
authorization: Authorization = req.authorization :return: The authenticated user, or None if the
try: authentication fails
if authorization is None: """
raise UnauthorizedException request._digest_auth_state = AuthState()
if authorization.type != "digest": authorization: Authorization = req.authorization
raise UnauthorizedException( try:
"Not an HTTP digest authorization") if authorization is None:
self.__authenticate(request._digest_auth_state) raise UnauthorizedException
user = login_manager.user_callback(authorization.username) if authorization.type != "digest":
login_user(user) raise UnauthorizedException(
self.__on_login(user) "Not an HTTP digest authorization")
return user self.__authenticate(request._digest_auth_state)
except UnauthorizedException as e: user = login_manager.user_callback(authorization.username)
if str(e) != "": login_user(user)
app.logger.warning(str(e)) self.__on_login(user)
return None return user
except UnauthorizedException as e:
if str(e) != "":
app.logger.warning(str(e))
return None
def logout(self) -> None: def logout(self) -> None:
"""Logs out the user. """Logs out the user.

3
src/flask_digest_auth/test.py
View File

@ -23,6 +23,7 @@ from typing import Optional, Literal, Tuple, Dict
from flask import g from flask import g
from werkzeug.datastructures import Authorization, WWWAuthenticate from werkzeug.datastructures import Authorization, WWWAuthenticate
from werkzeug.http import parse_set_header
from werkzeug.test import TestResponse, Client as WerkzeugClient from werkzeug.test import TestResponse, Client as WerkzeugClient
from flask_digest_auth.algo import calc_response, make_password_hash from flask_digest_auth.algo import calc_response, make_password_hash
@ -118,7 +119,7 @@ class Client(WerkzeugClient):
:return: The request authorization. :return: The request authorization.
""" """
qop: Optional[Literal["auth", "auth-int"]] = None qop: Optional[Literal["auth", "auth-int"]] = None
if www_authenticate.qop is not None and "auth" in www_authenticate.qop: if "auth" in parse_set_header(www_authenticate.get("qop")):
qop = "auth" qop = "auth"
cnonce: Optional[str] = None cnonce: Optional[str] = None

26
tests/test_auth.py
View File

@ -18,6 +18,7 @@
"""The test case for the HTTP digest authentication. """The test case for the HTTP digest authentication.
""" """
import logging
from secrets import token_urlsafe from secrets import token_urlsafe
from typing import Any, Optional, Dict from typing import Any, Optional, Dict
@ -28,8 +29,11 @@ from werkzeug.datastructures import WWWAuthenticate, Authorization
from flask_digest_auth import DigestAuth, make_password_hash, Client from flask_digest_auth import DigestAuth, make_password_hash, Client
_REALM: str = "testrealm@host.com" _REALM: str = "testrealm@host.com"
"""The realm."""
_USERNAME: str = "Mufasa" _USERNAME: str = "Mufasa"
"""The username."""
_PASSWORD: str = "Circle Of Life" _PASSWORD: str = "Circle Of Life"
"""The password."""
class User: class User:
@ -42,9 +46,11 @@ class User:
:param password: The clear-text password. :param password: The clear-text password.
""" """
self.username: str = username self.username: str = username
self.password_hash: str = make_password_hash( """The username."""
_REALM, username, password) self.password_hash: str = make_password_hash(_REALM, username, password)
"""The password hash."""
self.visits: int = 0 self.visits: int = 0
"""The number of visits."""
class AuthenticationTestCase(TestCase): class AuthenticationTestCase(TestCase):
@ -55,6 +61,7 @@ class AuthenticationTestCase(TestCase):
:return: The Flask application. :return: The Flask application.
""" """
logging.getLogger("test_auth").addHandler(logging.NullHandler())
app: Flask = Flask(__name__) app: Flask = Flask(__name__)
app.config.from_mapping({ app.config.from_mapping({
"TESTING": True, "TESTING": True,
@ -65,8 +72,9 @@ class AuthenticationTestCase(TestCase):
auth: DigestAuth = DigestAuth() auth: DigestAuth = DigestAuth()
auth.init_app(app) auth.init_app(app)
self.user: User = User(_USERNAME, _PASSWORD) self.__user: User = User(_USERNAME, _PASSWORD)
user_db: Dict[str, User] = {_USERNAME: self.user} """The user account."""
user_db: Dict[str, User] = {_USERNAME: self.__user}
@auth.register_get_password @auth.register_get_password
def get_password_hash(username: str) -> Optional[str]: def get_password_hash(username: str) -> Optional[str]:
@ -142,7 +150,7 @@ class AuthenticationTestCase(TestCase):
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(response.data.decode("UTF-8"), self.assertEqual(response.data.decode("UTF-8"),
f"Hello, {_USERNAME}! #2") f"Hello, {_USERNAME}! #2")
self.assertEqual(self.user.visits, 1) self.assertEqual(self.__user.visits, 1)
def test_stale_opaque(self) -> None: def test_stale_opaque(self) -> None:
"""Tests the stale and opaque value. """Tests the stale and opaque value.
@ -158,7 +166,7 @@ class AuthenticationTestCase(TestCase):
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.type, "digest") self.assertEqual(www_authenticate.type, "digest")
self.assertEqual(www_authenticate.stale, None) self.assertIsNone(www_authenticate.get("stale"))
opaque: str = www_authenticate.opaque opaque: str = www_authenticate.opaque
www_authenticate.nonce = "bad" www_authenticate.nonce = "bad"
@ -167,7 +175,7 @@ class AuthenticationTestCase(TestCase):
response = super(Client, self.client).get(admin_uri, auth=auth_data) response = super(Client, self.client).get(admin_uri, auth=auth_data)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.stale, True) self.assertEqual(www_authenticate.get("stale"), "TRUE")
self.assertEqual(www_authenticate.opaque, opaque) self.assertEqual(www_authenticate.opaque, opaque)
auth_data = Client.make_authorization( auth_data = Client.make_authorization(
@ -175,7 +183,7 @@ class AuthenticationTestCase(TestCase):
response = super(Client, self.client).get(admin_uri, auth=auth_data) response = super(Client, self.client).get(admin_uri, auth=auth_data)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.stale, False) self.assertEqual(www_authenticate.get("stale"), "FALSE")
self.assertEqual(www_authenticate.opaque, opaque) self.assertEqual(www_authenticate.opaque, opaque)
auth_data = Client.make_authorization( auth_data = Client.make_authorization(
@ -219,4 +227,4 @@ class AuthenticationTestCase(TestCase):
response = self.client.get(admin_uri) response = self.client.get(admin_uri)
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(self.user.visits, 2) self.assertEqual(self.__user.visits, 2)

47
tests/test_flask_login.py
View File

@ -18,6 +18,7 @@
"""The test case for the Flask-Login integration. """The test case for the Flask-Login integration.
""" """
import logging
from secrets import token_urlsafe from secrets import token_urlsafe
from typing import Optional, Dict from typing import Optional, Dict
@ -28,8 +29,11 @@ from werkzeug.datastructures import WWWAuthenticate, Authorization
from flask_digest_auth import DigestAuth, make_password_hash, Client from flask_digest_auth import DigestAuth, make_password_hash, Client
_REALM: str = "testrealm@host.com" _REALM: str = "testrealm@host.com"
"""The realm."""
_USERNAME: str = "Mufasa" _USERNAME: str = "Mufasa"
"""The username."""
_PASSWORD: str = "Circle Of Life" _PASSWORD: str = "Circle Of Life"
"""The password."""
class User: class User:
@ -42,11 +46,15 @@ class User:
:param password: The clear-text password. :param password: The clear-text password.
""" """
self.username: str = username self.username: str = username
self.password_hash: str = make_password_hash( """The username."""
_REALM, username, password) self.password_hash: str = make_password_hash(_REALM, username, password)
"""The password hash."""
self.visits: int = 0 self.visits: int = 0
"""The number of visits."""
self.is_active: bool = True self.is_active: bool = True
"""True if the account is active, or False otherwise."""
self.is_anonymous: bool = False self.is_anonymous: bool = False
"""True if the account is anonymous, or False otherwise."""
def get_id(self) -> str: def get_id(self) -> str:
"""Returns the username. """Returns the username.
@ -75,6 +83,7 @@ class FlaskLoginTestCase(TestCase):
:return: The Flask application. :return: The Flask application.
""" """
logging.getLogger("test_flask_login").addHandler(logging.NullHandler())
app: Flask = Flask(__name__) app: Flask = Flask(__name__)
app.config.from_mapping({ app.config.from_mapping({
"TESTING": True, "TESTING": True,
@ -83,11 +92,12 @@ class FlaskLoginTestCase(TestCase):
}) })
app.test_client_class = Client app.test_client_class = Client
self.has_flask_login: bool = True self.__has_flask_login: bool = True
"""Whether the Flask-Login package is installed."""
try: try:
import flask_login import flask_login
except ModuleNotFoundError: except ModuleNotFoundError:
self.has_flask_login = False self.__has_flask_login = False
return app return app
login_manager: flask_login.LoginManager = flask_login.LoginManager() login_manager: flask_login.LoginManager = flask_login.LoginManager()
@ -96,8 +106,9 @@ class FlaskLoginTestCase(TestCase):
auth: DigestAuth = DigestAuth() auth: DigestAuth = DigestAuth()
auth.init_app(app) auth.init_app(app)
self.user: User = User(_USERNAME, _PASSWORD) self.__user: User = User(_USERNAME, _PASSWORD)
user_db: Dict[str, User] = {_USERNAME: self.user} """The user account."""
user_db: Dict[str, User] = {_USERNAME: self.__user}
@auth.register_get_password @auth.register_get_password
def get_password_hash(username: str) -> Optional[str]: def get_password_hash(username: str) -> Optional[str]:
@ -162,7 +173,7 @@ class FlaskLoginTestCase(TestCase):
:return: None. :return: None.
""" """
if not self.has_flask_login: if not self.__has_flask_login:
self.skipTest("Skipped without Flask-Login.") self.skipTest("Skipped without Flask-Login.")
response: Response = self.client.get(self.app.url_for("admin-1")) response: Response = self.client.get(self.app.url_for("admin-1"))
@ -176,14 +187,14 @@ class FlaskLoginTestCase(TestCase):
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(response.data.decode("UTF-8"), self.assertEqual(response.data.decode("UTF-8"),
f"Hello, {_USERNAME}! #2") f"Hello, {_USERNAME}! #2")
self.assertEqual(self.user.visits, 1) self.assertEqual(self.__user.visits, 1)
def test_stale_opaque(self) -> None: def test_stale_opaque(self) -> None:
"""Tests the stale and opaque value. """Tests the stale and opaque value.
:return: None. :return: None.
""" """
if not self.has_flask_login: if not self.__has_flask_login:
self.skipTest("Skipped without Flask-Login.") self.skipTest("Skipped without Flask-Login.")
admin_uri: str = self.app.url_for("admin-1") admin_uri: str = self.app.url_for("admin-1")
@ -195,7 +206,7 @@ class FlaskLoginTestCase(TestCase):
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.type, "digest") self.assertEqual(www_authenticate.type, "digest")
self.assertEqual(www_authenticate.stale, None) self.assertIsNone(www_authenticate.get("stale"))
opaque: str = www_authenticate.opaque opaque: str = www_authenticate.opaque
if hasattr(g, "_login_user"): if hasattr(g, "_login_user"):
@ -206,7 +217,7 @@ class FlaskLoginTestCase(TestCase):
response = super(Client, self.client).get(admin_uri, auth=auth_data) response = super(Client, self.client).get(admin_uri, auth=auth_data)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.stale, True) self.assertEqual(www_authenticate.get("stale"), "TRUE")
self.assertEqual(www_authenticate.opaque, opaque) self.assertEqual(www_authenticate.opaque, opaque)
if hasattr(g, "_login_user"): if hasattr(g, "_login_user"):
@ -216,7 +227,7 @@ class FlaskLoginTestCase(TestCase):
response = super(Client, self.client).get(admin_uri, auth=auth_data) response = super(Client, self.client).get(admin_uri, auth=auth_data)
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
www_authenticate = response.www_authenticate www_authenticate = response.www_authenticate
self.assertEqual(www_authenticate.stale, False) self.assertEqual(www_authenticate.get("stale"), "FALSE")
self.assertEqual(www_authenticate.opaque, opaque) self.assertEqual(www_authenticate.opaque, opaque)
if hasattr(g, "_login_user"): if hasattr(g, "_login_user"):
@ -231,7 +242,7 @@ class FlaskLoginTestCase(TestCase):
:return: None. :return: None.
""" """
if not self.has_flask_login: if not self.__has_flask_login:
self.skipTest("Skipped without Flask-Login.") self.skipTest("Skipped without Flask-Login.")
admin_uri: str = self.app.url_for("admin-1") admin_uri: str = self.app.url_for("admin-1")
@ -265,33 +276,33 @@ class FlaskLoginTestCase(TestCase):
response = self.client.get(admin_uri) response = self.client.get(admin_uri)
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(self.user.visits, 2) self.assertEqual(self.__user.visits, 2)
def test_disabled(self) -> None: def test_disabled(self) -> None:
"""Tests the disabled user. """Tests the disabled user.
:return: None. :return: None.
""" """
if not self.has_flask_login: if not self.__has_flask_login:
self.skipTest("Skipped without Flask-Login.") self.skipTest("Skipped without Flask-Login.")
response: Response response: Response
self.user.is_active = False self.__user.is_active = False
response = self.client.get(self.app.url_for("admin-1")) response = self.client.get(self.app.url_for("admin-1"))
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
response = self.client.get(self.app.url_for("admin-1"), response = self.client.get(self.app.url_for("admin-1"),
digest_auth=(_USERNAME, _PASSWORD)) digest_auth=(_USERNAME, _PASSWORD))
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
self.user.is_active = True self.__user.is_active = True
response = self.client.get(self.app.url_for("admin-1"), response = self.client.get(self.app.url_for("admin-1"),
digest_auth=(_USERNAME, _PASSWORD)) digest_auth=(_USERNAME, _PASSWORD))
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
response = self.client.get(self.app.url_for("admin-1")) response = self.client.get(self.app.url_for("admin-1"))
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.user.is_active = False self.__user.is_active = False
response = self.client.get(self.app.url_for("admin-1")) response = self.client.get(self.app.url_for("admin-1"))
self.assertEqual(response.status_code, 401) self.assertEqual(response.status_code, 401)
response = self.client.get(self.app.url_for("admin-1"), response = self.client.get(self.app.url_for("admin-1"),