dusktreader / flask-praetorian Goto Github PK
View Code? Open in Web Editor NEWStrong, Simple, and Precise security for Flask APIs (using jwt)
Home Page: http://flask-praetorian.readthedocs.io/en/latest/
License: MIT License
flask-praetorian's Issues
FileNotFoundError: [Errno 2] No such file or directory: '.project_metadata.json'
After executing pip install:
File "/tmp/pip-build-79fz6d8x/flask-praetorian/setup.py", line 7, in
with open('.project_metadata.json') as meta_file:
FileNotFoundError: [Errno 2] No such file or directory: '.project_metadata.json'
Fix issue with eternal tokens and setting the JWT_*_LIFESPAN variables
Eternal tokens don't work because the value of the max interval is too great to add to the current time. So just use a very large interval instead of the maximum one.
Also, there isn't an easy way to parse a string to an Interval. So, instead of having the JWT_*_LIFESPAN variables expect to be an Interval, instead make them a dict that can be used to create an interval
Update README
- Add build-status image
- Replace 'included' text with...sigh...copy
update long_description for pypi
pypi no longer uses the README by default. Fix that up
get flask-praetorian up on pypi
Add github links to the docs
Add in continuous-integration for pull-requests
Add lots of function and class documentation
Lots of docstrings need to be added. Docstrings should only be added when the behavior of the function and or class is not completely self-explanatory
Revise exceptions to derive from flask-buzz
Fix flake8 error
$ flake8 tests
tests/conftest.py:27:9: E722 do not use bare except'
Make sure that the correct naming convention is used for the flask extension
(especially when it is added to the app via app.extensions)
Add a call to optional user method 'validate'
It should be possible for the User class used by the client code to have a validate method. This method could be used to make sure that a user is still active, hasn't changed username, etc.
The method should raise an exception if it fails
Add a method to fetch just the user id from the current jwt
That way, the application can do what it wants with the user id and won't have to go through the extra steps (hitting the db) to get the user instance.
Add current_user_id to __init__.py
Otherwise, you can't import current_user_id from flask_praetorian
Get document generation going
Create the necessary elements to get document generation working via Sphinx
move jwt library to flask-jwt-extended
See if flask-jwt-extended can be a drop-in replacement for flask-jwt
add url to setup.py
Find some line-art for the documentation
It should depict either a Roman guard or a Roman soldier's helmet and fit in relatively well with the rest of the flask ecosystem
Create a new exception for missing users
The code that identifies the user based on id should raise a custom exception when the user cannot be found
Add override expiration arguments for pack_header_for_user
Update documentation for internal support for jwt
Make sure the documentation doesn't talk about flask-jwt or flask-jwt-extended.
Also, make sure that it's removed from the requirements
Let jwt be passed in as a parameter to init_app
So that a user supplied jwt instance can be used as an alternative to Praetorian's own instance
Allow pack_header_for_user to be used outside of tests
Add argon2 support
When passlib1.7 is released, add argon2 support so that it may be used as the encryption scheme. It should also become the default at that point.
Document that praetorian uses pendulum.utcnow
This issue requested by dev.
Add a tutorial or expand the example section
The tutorial/example needs to cover:
- refreshing a token
- error handling
- blacklisting
Add tests for a few of the non-plaintext hash methods
To make the testing more robust, include a few integration tests that verify behavior with some non-plaintext hashing methods
Quickstart Typo
Hello, I'm going through the quickstart guide for the first time to give flask-praetorian a try. In the quickstart,
POST /auth HTTP/1.1
Host: localhost:5000
Content-Type: application/json
{
"username": "TheDude",
"password": "abides"
}
should be
POST /login
for the current example as it does not have /auth endpoint. The docs should also reflect that.
Allow client code to override status codes for exceptions
The jsonify method of the exceptions currently uses the exception's default status code. We should allow the client code to override this
Add pypi install instructions to docs
Allow provisioning of tokens without an expiration
It should be possible to provision tokens that never expire. It should be possible also to have a token's refresh window never expire.
Figure out how to register /auth endpoint with swagger
Figure out what needs to be done so that the /auth endpoint inherited from flask_jwt is available to swagger for projects that use it to automatically document their api. Make sure that the swagger documentation includes some good explanation of how the endpoint works
Expand the quickstart documentation a bit
Perhaps a bit more description of things and better examples
Switch back to bcrpyt as the default
Turns out that argon2 has a dependency in Ubuntu for libffi-dev. Installing via pip will not resolve this dependency.
Try adding cffi as an explicit install requirement or some of the other approaches mentioned here:
Kozea/cairocffi#14
If there is not a solution that resolves all dependencies without having to install anything but python and pip on the system, switch the default back to bcrypt
Add documentation about the order of decorators
In both the decorator docstring, call out the necessary order of the decorators. Make sure it has an example as well
Add verify_and_update support
We will need the ability to verify a password using it's encryption algorithm and then re-encrypt with a new algorithm. This is necessary if an application decides to switch encryption methods but still needs current passwords to function correctly.
Add flask-praetorian to curated lists of python/flask pacakges
Add checks for the jwt/praetorian required decorator in the roles_* decorators
The @roles_required and @roles_accepted decorators should do some error checking to make sure that the @jwt.jwt_required or @auth_required decorators have already been applied. If they have not, a sensible exception should be raised indicating that
revise travis configuration
- should deploy only on the latest version of python build
- should do builds for python 3.5, 3.6, 3.7
format license as restructuredtext
follow this template:
The MIT License (MIT)
=====================
Copyright © `<year>` `<copyright holders>`
<license text>
Describe requirements for user_class in the documentation
There should be a brief description of the required properties and attributes of the user class in the README
Also update the README example to show requirements for lookup and identify
Further improve user validation
InvalidUserError's status_code should be 403
Change default password hashing scheme to pbfdk2_sha512
the bcrypt dependency (and default setting) causes some issue on systems where there are issues installing cffi.
by switching to sha512, we can eliminate that dependency problem
Use buzz-lightyear for exception base
Trim down PraetorianError accordingly. add dependencies in setup.py
fix warnings
When running the test suite, the following warnings come up:
pytest-capturelog plugin has been merged into the core, please remove it from your requirements.
tests/test_base.py::TestPraetorian::()::test_encrypt_password
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/flask_sqlalchemy/__init__.py:794: FSADeprecationWarning: SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and will be disabled by default in the future. Set it to True or False to suppress this warning.
'SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and '
tests/test_base.py::TestPraetorian::()::test_validate_jwt_data
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
tests/test_base.py::TestPraetorian::()::test_encode_jwt_token
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
tests/test_base.py::TestPraetorian::()::test_encode_eternal_jwt_token
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
tests/test_base.py::TestPraetorian::()::test_refresh_jwt_token
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
tests/test_base.py::TestPraetorian::()::test_read_token_from_header
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
tests/test_base.py::TestPraetorian::()::test_pack_header_for_user
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
tests/test_decorators.py::TestPraetorianDecorators::()::test_auth_required
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/work/flask-praetorian/tests/test_decorators.py:77: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
default_guard.access_lifespan
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2064: PendulumDeprecationWarning: The subtract_timedelta() method will be removed in version 2.0.
return self.subtract_timedelta(other)
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
tests/test_decorators.py::TestPraetorianDecorators::()::test_roles_required
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
tests/test_decorators.py::TestPraetorianDecorators::()::test_roles_accepted
/Users/tbeck/.virtualenvs/praetorian/lib/python3.6/site-packages/pendulum/pendulum.py:2081: PendulumDeprecationWarning: The add_timedelta() method will be removed in version 2.0.
return self.add_timedelta(other)
-- Docs: http://doc.pytest.org/en/latest/warnings.html
Make a new exception to raise when a user lacks sufficient role
Add error handling to init_app
The init_app method of the Praetorian class should have some good, robust error handling
Speed up the tests
Rearrange docs a little bit
- Make the link from README to the document pages more samless
- Drop the links to the raw sphinx docs
- Update badges in README
- Fix conf.py inclusion of base package
- Fixup setup.py while at it
- Add classifiers to setup.py
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.