lonelyvikingmichael / litestar-users Goto Github PK
View Code? Open in Web Editor NEWAuthentication and user management for the Litestar framework
Home Page: https://lonelyvikingmichael.github.io/litestar-users/
License: MIT License
Authentication and user management for the Litestar framework
Home Page: https://lonelyvikingmichael.github.io/litestar-users/
License: MIT License
We need to set up an autocommit config option and propagate the value to UserRepository.autocommit
An alternative is to point consumers to advanced alchemy's autocommit_before_send_handler
but this might not suite everyone's needs.
Currently we're using factory patterns to inject configurations into route handlers and service layers.
This can be cleaned up somewhat by storing the StarliteUsersConfig
object in app.state
and using dependency injection to retrieve values.
With the merge of #23 , role based authorization is no longer a given. We should remove the roles
relationship from the User
mixin and make it a seperate opt-in.
Not only will this be cleaner, it will also allow for something like this wherever roles are integrated:
if not hasattr(request.user, 'roles'):
raise ImproperlyConfiguredException("user roles are not set up")
Since it isn't forbidden to specify custom auth_backend_class in LitestarUsersConfig, I'd like to redefine authentication_middleware_class with a custom middleware like this:
class CustomSessionAuthMiddleware(SessionAuthMiddleware):
async def authenticate_request(self, connection: ASGIConnection[Any, Any, Any, Any]) -> AuthenticationResult:
# custom logic here...
return AuthenticationResult(user=user, auth=connection.session)
@dataclass
class MyCustomAppJWTAuth[User](JWTCookieAuth):
authentication_middleware_class = CustomSessionAuthMiddleware
litestar_users_config = LitestarUsersConfig(
auth_backend_class=MyCustomAppJWTAuth,
...
but litestar-users is still using the default one.
I can add CustomSessionAuthMiddleware on the app layer, but thought that litestar-users itself could use it.
from the docs it seems you can use litestar cli however:
❯ litestar users
Usage: litestar [OPTIONS] COMMAND [ARGS]...
╭─ Error ──────────────────────────────────────────────────────────────────────╮
│ No such command 'users'. │
╰──────────────────────────────────────────────────────────────────────────────╯
my pyproject:
[tool.poetry.dependencies]
python = "^3.11"
litestar-users = "^1.2.3"
aiosqlite = "^0.20.0"
[build-system]
requires = ["poetry-core"]
build-backend = "poetry.core.masonry.api"
Add a configurable Role
table, as well as a RoleUser
association object. We'll use this to implement authorisation logic via Starlite Guards.
Add two new handlers forgot_password
and reset_password
- the former emits a token, the later verifies and consumes a token.
It would be great to have an explicit option for JWT token TTL in LitestarUsersConfig.
As discussed, it can be the same value as for cookie expiry (for JWTCookieAuth), but since we don't have to setup a session backend config with JWTAuth, it may be better to have a separated option.
The user will be verified if "is_verified": true
is part of the JSON payload
A mechanism should be put in place to address this, with care when a user might be created programmatically outside of the REST API scope by an administrator who wishes to bypass verification case by case.
This should be enhanced to be more dynamic - there is nothing in place to avoid collisions on user creation if user_auth_identifier
has a custom value.
Look into allowing users to log in with a custom identifier, i.e. username
instead of just via email
.
Use mkdocs for documentation once the API is stable
If you run the code in the examples, the user's changes are not saved in the database. Should I use session.commit() or auto_commit=True myself, and where exactly?
All primary keys are currently bound to SQLAlchemy/Postgresql UUID types, we should support generic DB back ends and perhaps allow for auto-incrementing integers.
A few typos that may confuse the user (at least they confused me):
https://lonelyvikingmichael.github.io/litestar-users/usage/0-configuration/
LitestarUsers -> LitestarUsersPlugin
litestar_users = LitestarUsers(
config=LitestarUsersConfig(
https://lonelyvikingmichael.github.io/litestar-users/usage/6-command-line-interface/
--is_verified -> --is-verified, --is_active -> --is-active
--is_verified
Set the user as being verified.
--is_active
Set the user as active.
We need a strategy to implement SQLA 2.0 mixins while maintaining backwards compatibility with 1.4
Leverage Starlite's CLI tools to create users/roles
Support for MFA would be another essential feature. Integration could be done with passlib as well, using its TOTP capabilities.
So far we're pretty much only testing the API endpoints, and even then not for all common scenarios.
There should be unit tests for the repositories, services, guards etc.
Typing is not terrible, but can definitely improve. MyPy will surely fail
Route handler typing was not updated after JWT support was added, this should be addressed.
Currently it's only possible to create roles manually or via seeding scripts. We should add role based methods to UserService
at the very least and create new route handlers at most.
Edit: The same applies to adding/revoking roles to/from users
As it is, the user service and repository only caters for SQLAlchemy models.
Other implementations to consider:
Developers will need to subclass UserService
in order to write their own pre/post operation hooks for login, register, update etc. This likely requires an update to config and typing.
https://lonelyvikingmichael.github.io/litestar-users/usage/0-configuration/
I see rename LitestarUsers class to LitestarUsersPlugin so I changed it and get now:
config=LitestarUsersConfig(
^^^^^^^^^^^^^^^^^^^^
File "<string>", line 27, in __init__
File "/home/lotso/.cache/pypoetry/virtualenvs/ollama-liteproxy-wn7kqDdW-py3.11/lib/python3.11/site-packages/litestar_users/config.py", line 279, in __post_init__
raise ImproperlyConfiguredException(
litestar.exceptions.http_exceptions.ImproperlyConfiguredException: 500: session_backend_config must be set when auth_backend is set to "session"
other examples in the examples folder work fine oob ;) will play with that for now
Needs investigation.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.