yezz123 / authx Goto Github PK

https://github.com/yezz123/authx-extra

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

While working on new features, We find the best solution is to switch to Nextra a Next.js-based static site generator.

It supports Markdown and React components (MDX), automatically generated sidebar and anchor links, file-system-based routing, built-in syntax highlighting, image optimization, custom layouts, i18n, and all the features you love about Next.js.

FAILED tests/routers/test_routers_auth.py::test_register
FAILED tests/routers/test_routers_auth.py::test_login
FAILED tests/routers/test_routers_auth.py::test_logout
FAILED tests/routers/test_routers_auth.py::test_refresh_access_token
FAILED tests/routers/test_routers_social.py::test_callback[google]
FAILED tests/routers/test_routers_social.py::test_callback[facebook]

Discussed in #96

Working on Adding multiple database providers or ORMs and using them as pluggings.

• Missed 2 required arguments in the routers tests (auth, password)

Automate the using of All contributors in AuthX

First Check

• I added a very descriptive title to this issue.
• I already read and followed all the tutorial in the docs and didn't find an answer.
• I already checked if it is not related to AuthX but to Pydantic.
• I already checked if it is not related to AuthX but to FastAPI.

Example Code

while True: 
     resolved_username = f"{username}{postfix}" 
     existing_username = await self._repo.get_by_username(resolved_username) 
     if not existing_username: 
         break

Description

Could you please some one check this below code base where loop is indicating something ambiguous .

Operating System

macOS

Operating System Details

No response

FastAPI Version

0.85.0

Python Version

3.9

Additional Context

No response

I'm getting "Invalid format string" with datetime field. After debug, I've isolated the error at UserPrivateInfo class, set_format method. Sample value:

2021-11-06 15:43:18.021855 Invalid format string

Configuration

• Python version : 3.8
• FastAPI version : 0.70.0
• AuthX version : 0.1.1

The bot created this issue to inform you that pyup.io has been set up on this repo.
Once you have closed it, the bot will open pull requests for updates as soon as they are available.

The .json doesn’t generate, after running the example, that is why I'm thinking of having some problems related to it, I use the last version of fastAPI

I just merge the improvement here in the dev branch under this commit fd06930

Discussed in #124

First Check

• I added a very descriptive title to this issue.
• I already read and followed all the tutorial in the docs and didn't find an answer.
• I already checked if it is not related to AuthX but to Pydantic.
• I already checked if it is not related to AuthX but to FastAPI.

Example Code

from urllib.parse import quote_plus

from authx import MongoDBBackend

from fastapi import APIRouter, Depends, FastAPI
from starlette.config import Config

from authx import Authentication, User

app = FastAPI(
    title="AuthX",
    description="AuthX is a simple authentication system for fastapi.",
    version="0.1.0",
)

config = Config(".env")
auth = Authentication(
    database_backend=MongoDBBackend(database_name='test'),
    debug=config("DEBUG", default=False, cast=bool),
    base_url=config("BASE_URL", default="mongodb://%s:%s@%s" \
                                        % (quote_plus('spb0'),  # user
                                           quote_plus('dcaGRzkJp'),  # password
                                           '127.0.0.1')),
    site=config("SITE", default="authx"),
    callbacks=[],
    access_cookie_name=config("ACCESS_COOKIE_NAME", default="access_token"),
    refresh_cookie_name=config("REFRESH_COOKIE_NAME", default="refresh_token"),
    private_key=config("PRIVATE_KEY", default="private_key"),
    public_key=config("PUBLIC_KEY", default="public_key"),
    access_expiration=config("ACCESS_EXPIRATION", default=3600),
    refresh_expiration=config("REFRESH_EXPIRATION", default=86400),
    smtp_username=config("SMTP_USERNAME", default="username"),
    smtp_password=config("SMTP_PASSWORD", default="password"),
    smtp_host=config("SMTP_HOST", default="smtp.gmail.com"),
    smtp_tls=config("SMTP_TLS", default=True),
    display_name=config("DISPLAY_NAME", default="AuthX"),
    recaptcha_secret=config("RECAPTCHA_SECRET", default="secret"),
    social_providers=[],
    social_creds=None,
)
router = APIRouter()

app.include_router(auth.auth_router, prefix="/api/auth", tags=["auth"])
app.include_router(auth.password_router, prefix="/api/password", tags=["password"])
app.include_router(auth.admin_router, prefix="/api/admin", tags=["admin"])
app.include_router(auth.search_router, prefix="/api/search", tags=["search"])


# Set Anonymous User
@router.get("/anonym")
def anonym_test(user: User = Depends(auth.get_user)):
    pass


# Set Authenticated User
@router.get("/user")
def user_test(user: User = Depends(auth.get_authenticated_user)):
    pass


# Set Admin User
@router.get("/admin", dependencies=[Depends(auth.admin_required)])
def admin_test():
    pass

Description

Refer to the official documentation, including code examples, none of them can run

Operating System

Linux

Operating System Details

Ubantu 20 tls

FastAPI Version

0.70.1

Python Version

Python 3.8.10

Additional Context

error:
/usr/bin/python3.8 /home/Documents/code/my/a/main.py
Traceback (most recent call last):
File "/home/Documents/code/my/a/main.py", line 3, in
from authx import Authentication, MongoDBBackend
File "/home/.local/lib/python3.8/site-packages/authx/init.py", line 5, in
from authx.api import UsersRepo as UsersRepo
File "/home/.local/lib/python3.8/site-packages/authx/api/init.py", line 1, in
from authx.api.users import UsersRepo
File "/home/.local/lib/python3.8/site-packages/authx/api/users.py", line 18, in
from authx.database import BaseDBBackend
File "/home/.local/lib/python3.8/site-packages/authx/database/init.py", line 1, in
from authx.database.base import BaseDBBackend
File "/home/.local/lib/python3.8/site-packages/authx/database/base.py", line 5, in
class BaseDBBackend:
File "/home/.local/lib/python3.8/site-packages/authx/database/base.py", line 39, in BaseDBBackend
async def search(self, f: dict, p: int, size: int) -> tuple[dict, int]:
TypeError: 'type' object is not subscriptable

进程已结束,退出代码1

First Check

• I added a very descriptive title to this issue.
• I already read and followed all the tutorial in the docs and didn't find an answer.
• I already checked if it is not related to AuthX but to Pydantic.
• I already checked if it is not related to AuthX but to FastAPI.

Example Code

from fastapi import FastAPI
from authx import Authentication, MongoDBBackend
from authx.services.auth import AuthService
from authx.core.jwt import JWTBackend
from authx.backend import UsersRepo
import uvicorn


def app():
    app = FastAPI()

    auth = Authentication(
        debug=True,
        base_url="http://localhost:8000",
        site="http://localhost:8000",
        database_backend=MongoDBBackend(database_name="TravelMonk"),
        callbacks=["http://localhost:8000/callback"],
        access_cookie_name="access_token",
        refresh_cookie_name="refresh_token",
        private_key="private.pem",
        public_key="public.pem",
        access_expiration=3600,
        refresh_expiration=86400,
        smtp_username=None,
        smtp_host=None,
        smtp_password=None,
        smtp_tls=False,
        display_name="travelmonk",
        recaptcha_secret=None,
        social_creds=None,
        social_providers=None,
    )

    app.include_router(auth.auth_router, prefix="/api/users")
    return app

if __name__ == "__main__":
    app = app()
    uvicorn.run(app, host="0.0.0.0", port=8000, debug=True)

Description

Call the endpoint /register
With the request body as

{
    "email": "[email protected]",
    "username": "johndoe",
    "password1": "password",
    "password2": "password"
}

It should set access_token and return_token

But it returns

{
    "detail": "Username must be only in latin or cyrillic"
}

Operating System

Windows

Operating System Details

No response

FastAPI Version

0.77.1

Python Version

3.9

Additional Context

The problem possibly is in the check_username method in the file authx/models/user.py

def check_username(v: str) -> str:
    v = v.strip()
    if len(v) < USERNAME_MIN_LENGTH or len(v) > USERNAME_MAX_LENGTH:
        raise ValueError("username length")
    for letter in v:
        if letter not in USERNAME_CHARS:
            raise ValueError("username special characters")
    if v in WRONG_USERNAMES:
        raise ValueError("username wrong")
    if any(letter in ascii_letters for letter in v):
        raise ValueError("username different letters")
    return v

The last if clause should be

if any(letter not in ascii_letters for letter in v):
        raise ValueError("username different letters")

First Check

• I added a very descriptive title to this issue.
• I already read and followed all the tutorial in the docs and didn't find an answer.
• I already checked if it is not related to AuthX but to Pydantic.
• I already checked if it is not related to AuthX but to FastAPI.

Example Code

Following this example: https://github.com/yezz123/authx/blob/main/example/app/main.py

Description

I cloned the repository, and I'm trying out AuthX as it looks to be what I want. I've run into the following issues:

1. A sqlite DB isn't generated. I can see in the BaseDBBackend class, there are a bunch of raise NotImplementedError, does this mean the BaseDBBackend isn't finished yet?
2. When starting the app and navigating to /docs, I can see a bunch of endpoints, but the register endpoint, for example, doesn't let me put it any parameters.

When will the sqlite DB backend be finished?

Operating System

Linux

Operating System Details

No response

FastAPI Version

0.77.1

Python Version

3.10.4

Additional Context

In that situation, it is crucial to address the security of the backend system for the package.

This involves ensuring that we thoroughly adhere to each step we take in the process of token creation.

config = AuthXConfig(
     JWT_ALGORITHM = "HS256",
     JWT_SECRET_KEY = "SECRET_KEY",
     # Here in the JWT Location
     JWT_TOKEN_LOCATION = ["headers"],
)

Funding

• You can sponsor this specific effort via a Polar.sh pledge below
• We receive the pledge once the issue is completed & verified

First Check

• I added a very descriptive title to this issue.
• I already read and followed all the tutorial in the docs and didn't find an answer.
• I already checked if it is not related to AuthX but to Pydantic.
• I already checked if it is not related to AuthX but to FastAPI.

Example Code

from authx import Authentication, MongoDBBackend
import motor.motor_asyncio
import asyncio

auth = Authentication(
    backend=MongoDBBackend(
        client=motor.motor_asyncio.AsyncIOMotorClient(
            'mongodb://localhost:27017',
            io_loop=asyncio.get_event_loop()
        ),
        database='authx',
        collection='users'
    )
)

Description

This should ideally create an auth object that can be used to include routers. Instead this gives an error

    backend=MongoDBBackend(
TypeError: __init__() got an unexpected keyword argument 'client'

Operating System

Windows

Operating System Details

No response

FastAPI Version

0.77.1

Python Version

Python 3.9.0

Additional Context

This problem is arising as the MongoDBBackend class is not excepting any other parameters other than the database_name

class MongoDBBackend(BaseDBBackend):
    """
    Setup Database for authx using MongoDB & Motor
    """

    def __init__(self, database_name: str = "test") -> None:
        self._database_name = database_name

    def set_client(self, client: AsyncIOMotorClient) -> None:
        self._client = client
        self.init()

    def init(self) -> None:
        self._db: AsyncIOMotorDatabase = self._client[self._database_name]
        self._users: AsyncIOMotorCollection = self._db["users"]
        self._email_confirmations: AsyncIOMotorCollection = self._db[
            "email_confirmations"
        ]
        self._counters: AsyncIOMotorCollection = self._db["counters"]

        self._settings: AsyncIOMotorCollection = self._db["settings"]

First Check

• I added a very descriptive title to this issue.
• I already read and followed all the tutorial in the docs and didn't find an answer.
• I already checked if it is not related to AuthX but to Pydantic.
• I already checked if it is not related to AuthX but to FastAPI.

Example Code

from authx import RedisCacheBackend, JWTBackend, RedisBackend
from fastapi import Depends, FastAPI
from fastapi.security import HTTPBearer
from starlette.config import Config

app = FastAPI(
    title="AuthX",
    description="AuthX authentication system for fastapi.",
    version="0.1.0",
)

config = Config(".env")

SecurityConfig = JWTBackend(
    cache_backend=RedisBackend,
    private_key=config("PRIVATE_KEY", default="private_key"),
    public_key=config("PUBLIC_KEY", default="public_key"),
    access_expiration=3600,
    refresh_expiration=3600
)

oauth_token_scheme = HTTPBearer()


# app.include_router(starlette_app.router) # pygeoapi

# Set Anonymous User
@app.get("/anonym")
def anonym_test():
    pass


# Set Authenticated User
@app.get("/user")
async def user_test(token=Depends(oauth_token_scheme)):
    is_verified = await SecurityConfig.decode_token(token)
    print(is_verified)
    pass

Description

as specified in the documentation for jwt implementation https://authx.yezz.codes/configuration/security/jwt/ , from authx import RedisCacheBackend, JWTBackend should not return an error. as shown below

• i want to use JWTBackend to verify token using FastAPI dependency injection. a token should be passed to the swaggerUI docs from fastapi. and should be accessible via the oauth_token_scheme.
• is_verified should return a boolean showing the verification state of the token, returns None instead of a boolean

Suspected problem
RedisCacheBackend is not an exported class from the module - not part of the module, but that is what was shown according to the documentation.
using RedisBackend(this is exported from the module) instead, returns TypeError `Expected Type 'RedisBackend', got Type[RedisBackend] instead. in the JWTBackend class

Operating System

Linux

Operating System Details

No response

FastAPI Version

0.75.1

Python Version

python 3.8.10

Additional Context

No response

I still support some old features here as an external service, you can help with extending the level of the documentation, such as update for the documentation ( more user-friendly 😞)

External Features:

• Instrument/profiler - https://authx-v0.yezz.me/configuration/middleware/profiling/
• Redis - https://authx-v0.yezz.me/configuration/cache/HTTPCache/
• Metrics - https://authx-v0.yezz.me/configuration/middleware/metrics/
• OAuth2 support - https://authx-v0.yezz.me/configuration/middleware/ (Bunch of Extra changes, that need my review)

We can depend on this PR from @tiangolo to build something with Pydantic V2 in Authx - tiangolo/fastapi#9500

After trying to create and test some examples, using swaggerUI, the playground doesn't show the fields where we add the data & Get it to test the API.
I provide all my tests before on Postman but now it shows this weird error.

this is my code copyed in document authx document
method: refresh_token_required raise Exception authx.exceptions.MissingTokenError: No token found in request from '[]'

from pydantic import BaseModel
from fastapi import FastAPI, Depends, HTTPException
from authx import AuthX, TokenPayload, AuthXConfig

auth_config = AuthXConfig()

auth_config.JWT_ALGORITHM = 'HS256'
auth_config.JWT_SECRET_KEY = 'SECRET_KEY'

auth_config.JWT_TOKEN_LOCATION = ['headers']

app = FastAPI()
security = AuthX(auth_config)


class LoginForm(BaseModel):
    username: str
    password: str


@app.post('/login')
def login(data: LoginForm):
    if data.username == "test" and data.password == "test":
        access_token = security.create_access_token(data.username)
        refresh_token = security.create_refresh_token(data.username)
        return {
            "access_token": access_token,
            "refresh_token": refresh_token
        }
    raise HTTPException(401, "Bad username/password")


@app.post('/refresh')
def refresh(
    refresh_payload: TokenPayload = Depends(security.refresh_token_required)
):
    """
    TODO refresh_token_required error
    """
    access_token = security.create_access_token(refresh_payload.sub)
    return {"access_token": access_token}


@app.get('/protected', dependencies=[Depends(security.access_token_required)])
def protected():
    return "You have access to this protected resource"


if __name__ == '__main__':
    import uvicorn
    uvicorn.run(app, port=8000)

Introducing AuthX V1.0.0, our redesigned authentication system. This version incorporates numerous fresh functionalities and improvements aimed at enhancing security, usability, and performance.

Core Functionality:

• JWT encoding/decoding for application authentication
• Automatic detection of JWTs in requests:
  • JWTs in headers
  • JWTs in cookies
  • JWTs in query strings
  • JWTs in JSON bodies
• Implicit/explicit token refresh mechanism
• Tracking the freshness state of tokens
• Route protection:
  • Protection based on token type (access/refresh)
  • Protection based on token freshness
  • Partial route protection
• Handling custom user logic for revoked token validation
• Handling custom logic for token recipient retrieval (ORM, pydantic serialization...)
• Providing FastAPI-compliant dependency injection API
• Automatic error handling

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

Thinking about adding a reference page, where people can see how AuthX was built & share most of the resources that I collect 🤔

we should include it so we can have a reference at the level of the API

When I Test The Core Files relate to jwt and users i got this error :

_________________ ERROR collecting tests/core/test_core_jwt.py _________________
tests/core/test_core_jwt.py:10: in <module>
    sample_access_token = jwt_backend.create_access_token({"id": 1})
AuthX/core/jwt.py:77: in create_access_token
    return self._create_token(payload, self._access_expiration, "access")
AuthX/core/jwt.py:68: in _create_token
    exp = datetime.utcnow() + timedelta(seconds=expiration_delta)
E   TypeError: unsupported type for timedelta seconds component: str
________________ ERROR collecting tests/core/test_core_user.py _________________
tests/core/test_core_user.py:12: in <module>
    sample_access_token = jwt_backend.create_access_token(
AuthX/core/jwt.py:77: in create_access_token
    return self._create_token(payload, self._access_expiration, "access")
AuthX/core/jwt.py:68: in _create_token
    exp = datetime.utcnow() + timedelta(seconds=expiration_delta)
E   TypeError: unsupported type for timedelta seconds component: str
=========================== short test summary info ============================
ERROR tests/core/test_core_jwt.py - TypeError: unsupported type for timedelta...
ERROR tests/core/test_core_user.py - TypeError: unsupported type for timedelt...
!!!!!!!!!!!!!!!!!!! Interrupted: 2 errors during collection !!!!!!!!!!!!!!!!!!!!
============================== 2 errors in 1.84s ===============================

https://stackoverflow.com/questions/30608939/pyjwt-expecting-a-pem-formatted-key
https://stackoverflow.com/questions/11629552/typeerror-unsupported-type-for-timedelta-days-component-datetime-datetime
https://community.auth0.com/t/i-getting-expecting-a-pem-formatted-key/52055

First Check

• I added a very descriptive title to this issue.
• I already read and followed all the tutorial in the docs and didn't find an answer.
• I already checked if it is not related to AuthX but to Pydantic.
• I already checked if it is not related to AuthX but to FastAPI.

Example Code

from fastapi import APIRouter, Depends, FastAPI
from starlette.config import Config

from authx import Authentication, User

app = FastAPI(
    title="AuthX",
    description="AuthX is a simple authentication system for fastapi.",
    version="0.1.0",
)

config = Config(".env")

auth = Authentication(
    debug=config("DEBUG", default=False, cast=bool),
    base_url=config("BASE_URL", default="http://localhost:8000"),
    site=config("SITE", default="authx"),
    database_backend=config("DATABASE_BACKEND", default="sqlite"),
    callbacks=[],
    access_cookie_name=config("ACCESS_COOKIE_NAME", default="access_token"),
    refresh_cookie_name=config("REFRESH_COOKIE_NAME", default="refresh_token"),
    private_key=config("PRIVATE_KEY", default="private_key"),
    public_key=config("PUBLIC_KEY", default="public_key"),
    access_expiration=config("ACCESS_EXPIRATION", default=3600),
    refresh_expiration=config("REFRESH_EXPIRATION", default=86400),
    smtp_username=config("SMTP_USERNAME", default="username"),
    smtp_password=config("SMTP_PASSWORD", default="password"),
    smtp_host=config("SMTP_HOST", default="smtp.gmail.com"),
    smtp_tls=config("SMTP_TLS", default=True),
    display_name=config("DISPLAY_NAME", default="AuthX"),
    recaptcha_secret=config("RECAPTCHA_SECRET", default="secret"),
    social_providers=[],
    social_creds=None,
)

router = APIRouter()


app.include_router(auth.auth_router, prefix="/api/auth", tags=["auth"])
app.include_router(auth.password_router, prefix="/api/password", tags=["password"])
app.include_router(auth.admin_router, prefix="/api/admin", tags=["admin"])
app.include_router(auth.search_router, prefix="/api/search", tags=["search"])

# Set Anonymous User
@router.get("/anonym")
def anonym_test(user: User = Depends(auth.get_user)):
    pass


# Set Authenticated User
@router.get("/user")
def user_test(user: User = Depends(auth.get_authenticated_user)):
    pass


# Set Admin User
@router.get("/admin", dependencies=[Depends(auth.admin_required)])
def admin_test():
    pass

---
# authx/routers/auth.py
    ...
    router = APIRouter()

    @router.post("/register", name="auth:register")
    async def register(*, request: Request, response: Response):
        """
        register a new user
        Args:
            request: Request
            response: Response

        Returns:
            Response
        """
        data = await request.json()
        service = AuthService()

        tokens = await service.register(data)
        set_tokens_in_response(response, tokens)
        return None
        ...

Description

Running either the new example/cache or example/main (modified for dependencies) one finds that the API docs are without parameter suggestions for most endpoints.

Operating System

Linux

Operating System Details

Using Docker within Arch distro.

FastAPI Version

0.68.1

Python Version

3.9, 3.8

Additional Context

The project looks promising in many ways, and I hope it gets there.

#532

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

When i try to run the test of Service relates to this PR #23 I got some weird issues:

FAILED tests/services/test_services_auth.py::test_register[[email protected]] - fastapi.exceptions.HTTPException: 400
FAILED tests/services/test_services_auth.py::test_register[[email protected]] - AssertionError: expected await not found.
FAILED tests/services/test_services_auth.py::test_change_username - fastapi.exceptions.HTTPException: 400