Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix session config #465

Merged
merged 4 commits into from
Dec 27, 2024
Merged

fix session config #465

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ba34315
fix session config
devkral Dec 27, 2024
d76b986
Changes:
devkral Dec 27, 2024
22a3177
bump lilya version, fix cookie data type
devkral Dec 27, 2024
768385c
Merge branch 'main' into devkral/fixes/sessionconfig
tarsil Dec 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions docs/en/docs/release-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,12 @@ hide:

# Release Notes

## 3.6.3

### Fixed

- SessionConfig has a unneccessarily heavily restricted secret_key parameter.

## 3.6.2

### Added
Expand Down
14 changes: 5 additions & 9 deletions esmerald/config/session.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,7 @@
Total seconds in a day.
"""
),
] = (
60 * 60 * 24
)
] = 60 * 60 * 24


class SessionConfig(BaseModel):
Expand All @@ -41,7 +39,7 @@ class SessionConfig(BaseModel):
model_config = ConfigDict(arbitrary_types_allowed=True)

secret_key: Annotated[
Union[str, Secret],
Union[str, bytes, Secret],
Doc(
"""
The string used for the encryption/decryption and used to create an HMAC to sign.
Expand Down Expand Up @@ -74,9 +72,7 @@ class SessionConfig(BaseModel):
The number in seconds until the cookie expires.
"""
),
] = (
SECONDS_IN_A_DAY * 180
)
] = SECONDS_IN_A_DAY * 180
https_only: Annotated[
bool,
Doc(
Expand Down Expand Up @@ -108,6 +104,6 @@ def validate_secret(
),
],
) -> Secret:
if len(value) not in [16, 24, 32]:
raise ValueError("secret length must be 16 (128 bit), 24 (192 bit) or 32 (256 bit)")
if not value:
raise ValueError("secret_key is empty")
return value
4 changes: 2 additions & 2 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ dependencies = [
"email-validator >=2.2.0,<3.0.0",
"itsdangerous>=2.1.2,<3.0.0",
"jinja2>=3.1.2,<4.0.0",
"lilya>=0.11.9",
"lilya>=0.11.11",
"loguru>=0.7.0,<0.8.0",
"pydantic>=2.10,<3.0.0",
"pydantic-settings>=2.0.0,<3.0.0",
Expand Down Expand Up @@ -147,7 +147,7 @@ clean_pyc = "find . -type f -name \"*.pyc\" -delete"
clean_pyi = "find . -type f -name \"*.pyi\" -delete"
clean_pycache = "find . -type d -name \"*__pycache__*\" -delete"
build_with_check = "hatch build; twine check dist/*"
lint = "ruff check --fix --line-length 99 esmerald tests docs_src {args}; hatch run test:check_types"
lint = "ruff check --fix esmerald tests docs_src {args}; hatch run test:check_types"

[tool.hatch.envs.docs]
features = ["all", "docs"]
Expand Down
16 changes: 8 additions & 8 deletions tests/handlers/test_to_response_data.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -200,8 +200,8 @@ def test_function() -> Redirect:

cookies = response.headers.getlist("set-cookie")
assert len(cookies) == 2
assert cookies[0] == b"redirect-cookie=xyz; Path=/; SameSite=lax"
assert cookies[1] == b"general-cookie=xxx; Path=/; SameSite=lax"
assert cookies[0] == "redirect-cookie=xyz; Path=/; SameSite=lax"
assert cookies[1] == "general-cookie=xxx; Path=/; SameSite=lax"
assert response.background == background_task


Expand Down Expand Up @@ -266,8 +266,8 @@ def test_function() -> File:

cookies = response.headers.getlist("set-cookie")
assert len(cookies) == 3
assert cookies[0] == b"file-cookie=xyz; Path=/; SameSite=lax"
assert cookies[1] == b"general-cookie=xxx; Path=/; SameSite=lax"
assert cookies[0] == "file-cookie=xyz; Path=/; SameSite=lax"
assert cookies[1] == "general-cookie=xxx; Path=/; SameSite=lax"
assert response.background == background_task


Expand Down Expand Up @@ -317,8 +317,8 @@ def test_function() -> Stream:

cookies = response.headers.getlist("set-cookie")
assert len(cookies) == 3
assert cookies[0] == b"streaming-cookie=xyz; Path=/; SameSite=lax"
assert cookies[1] == b"general-cookie=xxx; Path=/; SameSite=lax"
assert cookies[0] == "streaming-cookie=xyz; Path=/; SameSite=lax"
assert cookies[1] == "general-cookie=xxx; Path=/; SameSite=lax"
assert response.background == background_task
else:
with pytest.raises(ValidationError):
Expand Down Expand Up @@ -356,6 +356,6 @@ def test_function() -> Template:

cookies = response.headers.getlist("set-cookie")
assert len(cookies) == 2
assert cookies[0] == b"template-cookie=xyz; Path=/; SameSite=lax"
assert cookies[1] == b"general-cookie=xxx; Path=/; SameSite=lax"
assert cookies[0] == "template-cookie=xyz; Path=/; SameSite=lax"
assert cookies[1] == "general-cookie=xxx; Path=/; SameSite=lax"
assert response.background == background_task
3 changes: 0 additions & 3 deletions tests/middleware/test_session_middleware.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,6 @@
[os.urandom(16), False],
[os.urandom(24), False],
[os.urandom(32), False],
[os.urandom(17), True],
[os.urandom(4), True],
[os.urandom(100), True],
[b"", True],
],
)
Expand Down
Loading