na-stewart / sanic-security Goto Github PK
View Code? Open in Web Editor NEWAn effective, simple, and async security library for the Sanic framework.
Home Page: https://security.na-stewart.com
License: MIT License
An effective, simple, and async security library for the Sanic framework.
Home Page: https://security.na-stewart.com
License: MIT License
Remove role method.
Error: AttributeError: 'ImageDraw' object has no attribute 'textsize'
generating captcha.
Downgrading pillow
to 9.5.0 fixes this issue for now.
=> you have a license mismatch (https://github.com/sunset-developer/sanic-security/blob/main/setup.py#L15)
=> you default to HTTP cookies that do not have secure flag set (https://github.com/sunset-developer/sanic-security/blob/main/sanic_security/configuration.py#L29)
=> your project requires phone number, and the regex doesnt support any non US format (https://github.com/sunset-developer/sanic-security/blob/main/sanic_security/authentication.py#L74)
=> your project does not check for common passwords such as "password", "qwerty", etc
In order to rip out Tortoise, we need to convert the current ORM objects into regular objects in models.py
.
I began the process by converting the BaseModel
and Account
objects.
This commit provides a demonstration as to what was changed and what was removed.
Simply, any line of code that uses Tortoise must be removed or changed in a way that can have a similar function but without requiring retrieving the object from the database, for example: requiring a parameter in a method so the object has to be passed in.
Use request.context to pass sessions instead of an arg parameter in an endpoint method.
sessions = await cls.filter(bearer=account).prefetch_related("bearer").all()
bearer doesn't need to be retrieved as it can be assumed account is already available
DEPRECATION: sanic-security is being installed using the legacy 'setup.py install' method, because it does not have a 'pyproject.toml' and the 'wheel' package is not installed. pip 23.1 will enforce this behaviour change. A possible replacement is to enable the '--use-pep517' option. Discussion can be found at pypa/pip#8559
Only localhost is retrieved when hosted on AWS EB.
Describe the bug
sanic response cookie seems need type str rather than bytes,
or got TypeError
// tested with sanic 20.12.3, 21.6.2
To Reproduce
server use test/server.py
client use curl:
//1. reg user //ok
curl -sv http://127.0.0.1:8000/api/test/auth/register [email protected] \
-Fusername=test -Fpassword=testtest -Fverified=true
//2. login user // fail TypeError
// should login success
curl -sv http://127.0.0.1:8000/api/test/auth/login --user '[email protected]:testtest' -d ''
[2022-01-22 09:34:03 +0800] [1732395] [ERROR] Exception occurred while handling uri: 'http://127.0.0.1:8000/api/test/auth/login'
Traceback (most recent call last):
File "/home/chen/.local/lib/python3.8/site-packages/sanic/server.py", line 509, in write_response
response.output(
File "/home/chen/.local/lib/python3.8/site-packages/sanic/response.py", line 169, in output
return self.get_headers(version, keep_alive, keep_alive_timeout, body)
File "/home/chen/.local/lib/python3.8/site-packages/sanic/response.py", line 64, in get_headers
return format_http1_response(self.status, self.headers.items(), body)
File "/home/chen/.local/lib/python3.8/site-packages/sanic/headers.py", line 194, in format_http1_response
headerbytes = format_http1(headers)
File "/home/chen/.local/lib/python3.8/site-packages/sanic/headers.py", line 184, in format_http1
return "".join(f"{name}: {val}\r\n" for name, val in headers).encode()
File "/home/chen/.local/lib/python3.8/site-packages/sanic/headers.py", line 184, in <genexpr>
return "".join(f"{name}: {val}\r\n" for name, val in headers).encode()
File "/home/chen/.local/lib/python3.8/site-packages/sanic/cookies.py", line 137, in __str__
output = ["%s=%s" % (self.key, _quote(self.value))]
File "/home/chen/.local/lib/python3.8/site-packages/sanic/cookies.py", line 30, in _quote
if str is None or _is_legal_key(str):
TypeError: cannot use a string pattern on a bytes-like object
Version
// sanic-security 1.4.7
Workaround
seems in sanic 20.12.3, 21.6.2
response.cookie should be str type.
https://github.com/sunset-developer/sanic-security/blob/v1.4.7/sanic_security/models.py#L288
changes:
response.cookies[cookie] = jwt.encode(
payload, security_config.SECRET, security_config.SESSION_ENCODING_ALGORITHM
- )
+ ).decode('utf-8')
.disable
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.