Update trove classifiers

* aiohttp_session is not required

* fix code coverage

* has_aiohttp_session -> HAS_AIOHTTP_SESSION

.pyup.yml

@@ -0,0 +1,4 @@
+# Label PRs with `deps-update` label
+label_prs: deps-update
+
+schedule: every week

.travis.yml

@@ -1,7 +1,9 @@
 language: python
 python:
-  - 3.4
+  - 3.4.3
   - 3.5
+  - 3.6
+  - 3.7-dev
   - nightly
 
 install:
@@ -10,8 +12,7 @@ install:
 - pip install codecov
 
 script:
-- flake8 aiohttp_security tests
-- coverage run --source=aiohttp_security setup.py test
+- make coverage
 
 after_success:
 - codecov
@@ -20,3 +21,14 @@ env:
   matrix:
   - PYTHONASYNCIODEBUG=x
   - PYTHONASYNCIODEBUG=
+
+deploy:
+  provider: pypi
+  user: andrew.svetlov
+  password:
+    secure: "JdBvuOBA/198ognVDOY/qZpIKGXfCx47725kyJo/SpQ3nP+x0GLZb3PMQkR0jfSWWkx6Sisk3vOCYsoWclPyPzp+o4ZpfM8yAjHNFmtbr+k+XJdUEApEiWb6/Y3g7DCyY2Qa/L8IYlyABPWrrJI/nld2sKm5kmhFpR/z3HfeFtINP6Ivp34dUOkeRP6kOvCi9d6GyWnvTRnhlybAnk/Ngrroh8XrbKHdDv0zkQkshF8+pmxVzwao4C6S5ld5cFXIYZHLBA9lNC3zgvOMuFeGPUEN9vab3q77MvaiMIuTC9QjcgIhfw3gabH2u7knqfFzqqzXMaVptx5z8o1JtsxMyYt5NVBqS4NPIljpZjaoS/CASHJlRxniJiYfjvjOtFEcfGMNtZj8ZYsGR0nuP2jwzgpEHHWIs4qL0Y8h9t7pGirxCuQcnY10sr+Y+JKaZNJsugNLgbqE2aaZUye5gjDcEj9WY8kKNZXucLP7c0McJuwPqplDEO4CQouMttcKSYkA0QoETmpAFqaXCaMs3p/glOoU2ZyHSH9mXWir69yo84ymb2NlGPMTAstXlv/g/oLmLMSq7lbl6cSUnO1/wxBGlyfv5AAq/75YUaqsgYofzN5CjUgA3m6NedvbWxLUJaxVQ7nduYGEQKDvGEBmzCNv6CdVRCjQ9J1xX3XzkVheQGc="
+  distributions: "sdist bdist_wheel"
+  on:
+    tags: true
+    all_branches: true
+    python: 3.6

CHANGES.txt

@@ -1,2 +1,7 @@
 Changes
 =======
+
+0.1.2 (2017-10-17)
+------------------
+
+- Make aiohttp-session optional dependency (#107)

README.rst

@@ -1,5 +1,13 @@
 aiohttp_security
 ================
+.. image:: https://travis-ci.org/aio-libs/aiohttp-security.svg?branch=master
+    :target: https://travis-ci.org/aio-libs/aiohttp-security
+.. image:: https://codecov.io/github/aio-libs/aiohttp-security/coverage.svg?branch=master
+    :target: https://codecov.io/github/aio-libs/aiohttp-security
+.. image:: https://readthedocs.org/projects/aiohttp-security/badge/?version=latest
+    :target: https://aiohttp-security.readthedocs.io/
+.. image:: https://img.shields.io/pypi/v/aiohttp-security.svg
+    :target: https://pypi.python.org/pypi/aiohttp-security
 
 The library provides identity and autorization for `aiohttp.web`__.
 
@@ -13,6 +21,11 @@ To install type ``pip install aiohttp_security``.
 Launch ``make doc`` and see examples or look under **demo** directory for a
 sample project.
 
+Documentation
+-------------
+
+https://aiohttp-security.readthedocs.io/
+
 Develop
 -------
 

aiohttp_security/__init__.py

@@ -4,7 +4,7 @@ from .cookies_identity import CookiesIdentityPolicy
 from .session_identity import SessionIdentityPolicy
 
 
-__version__ = '0.1.1'
+__version__ = '0.1.2'
 
 
 __all__ = ('AbstractIdentityPolicy', 'AbstractAuthorizationPolicy',

aiohttp_security/session_identity.py

@@ -6,7 +6,11 @@ to configure aiohttp_session properly.
 
 import asyncio
 
-from aiohttp_session import get_session
+try:
+    from aiohttp_session import get_session
+    HAS_AIOHTTP_SESSION = True
+except ImportError:  # pragma: no cover
+    HAS_AIOHTTP_SESSION = False
 
 from .abc import AbstractIdentityPolicy
 
@@ -16,6 +20,10 @@ class SessionIdentityPolicy(AbstractIdentityPolicy):
     def __init__(self, session_key='AIOHTTP_SECURITY'):
         self._session_key = session_key
 
+        if not HAS_AIOHTTP_SESSION:  # pragma: no cover
+            raise ImportError(
+                'SessionIdentityPolicy requires `aiohttp_session`')
+
     @asyncio.coroutine
     def identify(self, request):
         session = yield from get_session(request)

demo/dictionary_auth/authz.py

@@ -0,0 +1,34 @@
+from aiohttp_security.abc import AbstractAuthorizationPolicy
+
+
+class DictionaryAuthorizationPolicy(AbstractAuthorizationPolicy):
+    def __init__(self, user_map):
+        super().__init__()
+        self.user_map = user_map
+
+    async def authorized_userid(self, identity):
+        """Retrieve authorized user id.
+        Return the user_id of the user identified by the identity
+        or 'None' if no user exists related to the identity.
+        """
+        if identity in self.user_map:
+            return identity
+
+    async def permits(self, identity, permission, context=None):
+        """Check user permissions.
+        Return True if the identity is allowed the permission in the
+        current context, else return False.
+        """
+        # pylint: disable=unused-argument
+        user = self.user_map.get(identity)
+        if not user:
+            return False
+        return permission in user.permissions
+
+
+async def check_credentials(user_map, username, password):
+    user = user_map.get(username)
+    if not user:
+        return False
+
+    return user.password == password

demo/dictionary_auth/handlers.py

@@ -0,0 +1,107 @@
+import asyncio
+import functools
+from textwrap import dedent
+
+from aiohttp import web
+
+from aiohttp_security import remember, forget, authorized_userid, permits
+
+from .authz import check_credentials
+
+
+def require(permission):
+    def wrapper(f):
+        @asyncio.coroutine
+        @functools.wraps(f)
+        def wrapped(request):
+            has_perm = yield from permits(request, permission)
+            if not has_perm:
+                message = 'User has no permission {}'.format(permission)
+                raise web.HTTPForbidden(body=message.encode())
+            return (yield from f(request))
+        return wrapped
+    return wrapper
+
+
+index_template = dedent("""
+    <!doctype html>
+    <head>
+    </head>
+    <body>
+    <p>{message}</p>
+    <form action="/login" method="post">
+      Login:
+      <input type="text" name="username">
+      Password:
+      <input type="password" name="password">
+      <input type="submit" value="Login">
+    </form>
+    <a href="/logout">Logout</a>
+    </body>
+    """)
+
+
+async def index(request):
+    username = await authorized_userid(request)
+    if username:
+        template = index_template.format(
+            message='Hello, {username}!'.format(username=username))
+    else:
+        template = index_template.format(message='You need to login')
+    return web.Response(
+        text=template,
+        content_type='text/html',
+    )
+
+
+async def login(request):
+    response = web.HTTPFound('/')
+    form = await request.post()
+    username = form.get('username')
+    password = form.get('password')
+
+    verified = await check_credentials(request.app.user_map, username, password)
+    if verified:
+        await remember(request, response, username)
+        return response
+
+    return web.HTTPUnauthorized(body='Invalid username / password combination')
+
+
+@require('public')
+async def logout(request):
+    response = web.Response(
+        text='You have been logged out',
+        content_type='text/html',
+    )
+    await forget(request, response)
+    return response
+
+
+@require('public')
+async def internal_page(request):
+    # pylint: disable=unused-argument
+    response = web.Response(
+        text='This page is visible for all registered users',
+        content_type='text/html',
+    )
+    return response
+
+
+@require('protected')
+async def protected_page(request):
+    # pylint: disable=unused-argument
+    response = web.Response(
+        text='You are on protected page',
+        content_type='text/html',
+    )
+    return response
+
+
+def configure_handlers(app):
+    router = app.router
+    router.add_get('/', index, name='index')
+    router.add_post('/login', login, name='login')
+    router.add_get('/logout', logout, name='logout')
+    router.add_get('/public', internal_page, name='public')
+    router.add_get('/protected', protected_page, name='protected')

demo/dictionary_auth/main.py

@@ -0,0 +1,33 @@
+import base64
+from cryptography import fernet
+from aiohttp import web
+from aiohttp_session import setup as setup_session
+from aiohttp_session.cookie_storage import EncryptedCookieStorage
+from aiohttp_security import setup as setup_security
+from aiohttp_security import SessionIdentityPolicy
+
+from .authz import DictionaryAuthorizationPolicy
+from .handlers import configure_handlers
+from .users import user_map
+
+
+def make_app():
+    app = web.Application()
+    app.user_map = user_map
+    configure_handlers(app)
+
+    # secret_key must be 32 url-safe base64-encoded bytes
+    fernet_key = fernet.Fernet.generate_key()
+    secret_key = base64.urlsafe_b64decode(fernet_key)
+
+    storage = EncryptedCookieStorage(secret_key, cookie_name='API_SESSION')
+    setup_session(app, storage)
+
+    policy = SessionIdentityPolicy()
+    setup_security(app, policy, DictionaryAuthorizationPolicy(user_map))
+
+    return app
+
+
+if __name__ == '__main__':
+    web.run_app(make_app(), port=9000)

demo/dictionary_auth/users.py

@@ -0,0 +1,10 @@
+from collections import namedtuple
+
+User = namedtuple('User', ['username', 'password', 'permissions'])
+
+user_map = {
+    user.username: user for user in [
+        User('devin', 'password', ('public',)),
+        User('jack', 'password', ('public', 'protected',)),
+    ]
+}

docs/conf.py

@@ -142,9 +142,9 @@ html_theme_options = {
     'logo': 'aiohttp-icon-128x128.png',
     'description': 'Authorization and identity for aoihttp',
     'github_user': 'aio-libs',
-    'github_repo': 'aiohttp_security',
+    'github_repo': 'aiohttp-security',
     'github_button': True,
-    'github_style': 'star',
+    'github_type': 'star',
     'github_banner': True,
     'travis_button': True,
     'codecov_button': True,

docs/example_db_auth.rst

@@ -12,7 +12,7 @@ the `demo source`_.
     https://github.com/aio-libs/aiohttp_security/tree/master/demo
 
 .. _passlib:
-    https://pythonhosted.org/passlib/
+    https://passlib.readthedocs.io
 
 Database
 --------

requirements-dev.txt

@@ -1,14 +1,14 @@
 -e .
-flake8
-pytest
-pytest-cov
-coverage
-sphinx
-pep257
-aiohttp_session
-aiopg[sa]
-aioredis==0.2.8
+flake8==3.4.1
+pytest==3.2.3
+pytest-cov==2.5.1
+coverage==4.4.1
+sphinx==1.6.4
+pep257==0.7.0
+aiohttp-session==1.0.1
+aiopg[sa]==0.13.1
+aioredis==0.3.3
 hiredis==0.2.0
-passlib==1.6.5
-aiohttp
-pytest-aiohttp
+passlib==1.7.1
+aiohttp==2.2.5
+pytest-aiohttp==0.1.3

setup.py

@@ -27,10 +27,12 @@ with codecs.open(os.path.join(os.path.abspath(os.path.dirname(
 def read(f):
     return open(os.path.join(os.path.dirname(__file__), f)).read().strip()
 
+
 install_requires = ['aiohttp>=0.18']
 tests_require = install_requires + ['pytest']
 extras_require = {'session': 'aiohttp-session'}
 
+
 setup(name='aiohttp-security',
       version=version,
       description=("security for aiohttp.web"),
@@ -40,9 +42,12 @@ setup(name='aiohttp-security',
           'Intended Audience :: Developers',
           'Programming Language :: Python',
           'Programming Language :: Python :: 3',
-          'Programming Language :: Python :: 3.3',
           'Programming Language :: Python :: 3.4',
-          'Topic :: Internet :: WWW/HTTP'],
+          'Programming Language :: Python :: 3.5',
+          'Programming Language :: Python :: 3.6',
+          'Topic :: Internet :: WWW/HTTP',
+          'Framework :: AsyncIO',
+      ],
       author='Andrew Svetlov',
       author_email='andrew.svetlov@gmail.com',
       url='https://github.com/aio-libs/aiohttp_security/',

tests/test_cookies_identity.py

@@ -94,14 +94,14 @@ def test_forget(loop, test_client):
     client = yield from test_client(app)
     resp = yield from client.post('/login')
     assert 200 == resp.status
-    assert resp.url.endswith('/')
+    assert str(resp.url).endswith('/')
     cookies = client.session.cookie_jar.filter_cookies(
         client.make_url('/'))
     assert 'Andrew' == cookies['AIOHTTP_SECURITY'].value
     yield from resp.release()
     resp = yield from client.post('/logout')
     assert 200 == resp.status
-    assert resp.url.endswith('/')
+    assert str(resp.url).endswith('/')
     cookies = client.session.cookie_jar.filter_cookies(
         client.make_url('/'))
     assert 'AIOHTTP_SECURITY' not in cookies

tests/test_session_identity.py

@@ -116,14 +116,14 @@ def test_forget(make_app, test_client):
 
     resp = yield from client.post('/login')
     assert 200 == resp.status
-    assert resp.url.endswith('/')
+    assert str(resp.url).endswith('/')
     txt = yield from resp.text()
     assert 'Andrew' == txt
     yield from resp.release()
 
     resp = yield from client.post('/logout')
     assert 200 == resp.status
-    assert resp.url.endswith('/')
+    assert str(resp.url).endswith('/')
     txt = yield from resp.text()
     assert '' == txt
     yield from resp.release()