A Quart extension to provide secure cookie authentication

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for pgjones from gravatar.com pgjones

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: pgjones

Requires: Python >=3.7

Classifiers

Project description

Build Status docs pypi python license

Quart-Auth is an extension for Quart to provide for secure cookie authentication (session management). It allows for a session to be logged in, authenticated and logged out.

Usage

To use Quart-Auth with a Quart app you have to create an AuthManager and initialise it with the application,

app = Quart(__name__)
AuthManager(app)

or via the factory pattern,

auth_manager = AuthManager()

def create_app():
    app = Quart(__name__)
    auth_manager.init_app(app)
    return app

In addition you will need to configure Quart-Auth, which defaults to the most secure. At a minimum you will need to set secret key,

app.secret_key = "secret key"  # Do not use this key

which you can generate via,

>>> import secrets
>>> secrets.token_urlsafe(16)

Tou may also need to disable secure cookies to use in development, see configuration below.

With AuthManager initialised you can use the login_required function to decorate routes that should only be accessed by authenticated users,

from quart_auth import login_required

@app.route("/")
@login_required
async def restricted_route():
    ...

You can also use the login_user, and logout_user functions to start and end sessions for a specific AuthenticatedUser instance,

from quart_auth import AuthUser, login_user, logout_user

@app.route("/login")
async def login():
    # Check Credentials here, e.g. username & password.
    ...
    # We'll assume the user has an identifying ID equal to 2
    login_user(AuthUser(2))
    ...

@app.route("/logout")
async def logout():
    logout_user()
    ...

The user (authenticated or not) is available via the global current_user including within templates,

from quart import render_template_string
from quart_auth import current_user

@app.route("/")
async def user():
    return await render_template_string("{{ current_user.is_authenticated }}")

Contributing

Quart-Auth is developed on GitLab. You are very welcome to open issues or propose merge requests.

Testing

The best way to test Quart-Auth is with Tox,

$ pip install tox
$ tox

this will check the code style and run the tests.

Help

This README is the best place to start, after that try opening an issue.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for pgjones from gravatar.com pgjones

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: pgjones

Requires: Python >=3.7

Classifiers

Release history Release notifications | RSS feed

0.9.1

0.9.0

0.8.0

0.7.0

0.6.0

0.5.0

0.4.0

This version

0.3.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

quart-auth-0.3.0.tar.gz (5.7 kB view hashes)

Uploaded Source

Built Distribution

quart_auth-0.3.0-py3-none-any.whl (5.6 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page