A Quart extension to provide secure cookie authentication

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for pgjones from gravatar.com pgjones

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: pgjones
  • Requires: Python >=3.9
  • Provides-Extra: docs
Classifiers
Report project as malware

Project description

Build Status docs pypi python license

Quart-Auth is an extension for Quart to provide for secure cookie authentication (session management). It allows for a session to be logged in, authenticated and logged out.

Usage

To use Quart-Auth with a Quart app you have to create an QuartAuth and initialise it with the application,

app = Quart(__name__)
QuartAuth(app)

or via the factory pattern,

auth_manager = QuartAuth()

def create_app():
    app = Quart(__name__)
    auth_manager.init_app(app)
    return app

In addition you will need to configure Quart-Auth, which defaults to the most secure. At a minimum you will need to set secret key,

app.secret_key = "secret key"  # Do not use this key

which you can generate via,

>>> import secrets
>>> secrets.token_urlsafe(16)

You may also need to disable secure cookies to use in development, see configuration below.

With QuartAuth initialised you can use the login_required function to decorate routes that should only be accessed by authenticated users,

from quart_auth import login_required

@app.route("/")
@login_required
async def restricted_route():
    ...

If no user is logged in, an Unauthorized exception is raised. To catch it, install an error handler,

@app.errorhandler(Unauthorized)
async def redirect_to_login(*_: Exception) -> ResponseReturnValue:
    return redirect(url_for("login"))

You can also use the login_user, and logout_user functions to start and end sessions for a specific AuthenticatedUser instance,

from quart_auth import AuthUser, login_user, logout_user

@app.route("/login")
async def login():
    # Check Credentials here, e.g. username & password.
    ...
    # We'll assume the user has an identifying ID equal to 2
    login_user(AuthUser(2))
    ...

@app.route("/logout")
async def logout():
    logout_user()
    ...

The user (authenticated or not) is available via the global current_user including within templates,

from quart import render_template_string
from quart_auth import current_user

@app.route("/")
async def user():
    return await render_template_string("{{ current_user.is_authenticated }}")

Contributing

Quart-Auth is developed on GitHub. You are very welcome to open issues or propose pull requests.

Testing

The best way to test Quart-Auth is with Tox,

$ pip install tox
$ tox

this will check the code style and run the tests.

Help

The Quart-Auth documentation is the best places to start, after that try searching stack overflow or ask for help on gitter. If you still can’t find an answer please open an issue.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for pgjones from gravatar.com pgjones

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: pgjones
  • Requires: Python >=3.9
  • Provides-Extra: docs
Classifiers

Release history Release notifications | RSS feed

This version

0.11.0

0.10.1

0.10.0

0.9.1

0.9.0

0.8.0

0.7.0

0.6.0

0.5.0

0.4.0

0.3.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

quart_auth-0.11.0.tar.gz (11.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

quart_auth-0.11.0-py3-none-any.whl (10.0 kB view details)

Uploaded Python 3

File details

Details for the file quart_auth-0.11.0.tar.gz.

File metadata

  • Download URL: quart_auth-0.11.0.tar.gz
  • Upload date:
  • Size: 11.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.0.1 CPython/3.12.8

File hashes

Hashes for quart_auth-0.11.0.tar.gz
Algorithm Hash digest
SHA256 7703df693d795b3ec43a634efe4118c6adbddd98e7b8195008ca6def6d45cb47
MD5 3acb385843284aef4f921b66fbf8660c
BLAKE2b-256 458dd965905118fe612e7520f8a1014e4988842d8ed9fd68de4471999f7d968b

See more details on using hashes here.

Provenance

The following attestation bundles were made for quart_auth-0.11.0.tar.gz:

Publisher: publish.yml on pgjones/quart-auth

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file quart_auth-0.11.0-py3-none-any.whl.

File metadata

  • Download URL: quart_auth-0.11.0-py3-none-any.whl
  • Upload date:
  • Size: 10.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.0.1 CPython/3.12.8

File hashes

Hashes for quart_auth-0.11.0-py3-none-any.whl
Algorithm Hash digest
SHA256 dd342ea39475a9b32b79d83e2b6820ddaa358e77f01dedbba47d50529f2c8c74
MD5 08834256f340d7f647d8fba83697f151
BLAKE2b-256 cfa38ca9235569f39e471a9a319ba1665a27cb9cea8c48c688966460db67d48f

See more details on using hashes here.

Provenance

The following attestation bundles were made for quart_auth-0.11.0-py3-none-any.whl:

Publisher: publish.yml on pgjones/quart-auth

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page