From 75a5c65f36bade8a48b036578db04bceadcc4e98 Mon Sep 17 00:00:00 2001 From: Jung Hun-soo Date: Mon, 30 Sep 2024 21:24:04 +0900 Subject: [PATCH 1/4] Add optional parameter samesite for set_cookie --- examples/demonstration/router_api.py | 1 + src/fastapi_oauth2/config.py | 3 +++ src/fastapi_oauth2/core.py | 1 + src/fastapi_oauth2/middleware.py | 2 ++ tests/conftest.py | 1 + 5 files changed, 8 insertions(+) diff --git a/examples/demonstration/router_api.py b/examples/demonstration/router_api.py index 984382e..6f18ddb 100644 --- a/examples/demonstration/router_api.py +++ b/examples/demonstration/router_api.py @@ -28,5 +28,6 @@ def sim_auth(request: Request): max_age=request.auth.expires, expires=request.auth.expires, httponly=request.auth.http, + samesite=request.auth.samesite, ) return response diff --git a/src/fastapi_oauth2/config.py b/src/fastapi_oauth2/config.py index 6bdcac9..954247c 100644 --- a/src/fastapi_oauth2/config.py +++ b/src/fastapi_oauth2/config.py @@ -10,6 +10,7 @@ class OAuth2Config: enable_ssr: bool allow_http: bool + samesite: str jwt_secret: str jwt_expires: int jwt_algorithm: str @@ -20,6 +21,7 @@ def __init__( *, enable_ssr: bool = True, allow_http: bool = False, + samesite: str = "lax", jwt_secret: str = "", jwt_expires: Union[int, str] = 900, jwt_algorithm: str = "HS256", @@ -29,6 +31,7 @@ def __init__( os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1" self.enable_ssr = enable_ssr self.allow_http = allow_http + self.samesite = samesite self.jwt_secret = jwt_secret self.jwt_expires = int(jwt_expires) self.jwt_algorithm = jwt_algorithm diff --git a/src/fastapi_oauth2/core.py b/src/fastapi_oauth2/core.py index 1dbfaa3..c226e55 100644 --- a/src/fastapi_oauth2/core.py +++ b/src/fastapi_oauth2/core.py @@ -145,6 +145,7 @@ async def token_redirect(self, request: Request, **kwargs) -> RedirectResponse: expires=request.auth.expires, secure=not request.auth.http, httponly=True, + samesite=request.auth.samesite, ) return response diff --git a/src/fastapi_oauth2/middleware.py b/src/fastapi_oauth2/middleware.py index 76ee47e..6ff5eb8 100644 --- a/src/fastapi_oauth2/middleware.py +++ b/src/fastapi_oauth2/middleware.py @@ -37,6 +37,7 @@ class Auth(AuthCredentials): ssr: bool http: bool + samesite: str secret: str expires: int algorithm: str @@ -90,6 +91,7 @@ def __init__( ) -> None: Auth.ssr = config.enable_ssr Auth.http = config.allow_http + Auth.samesite = config.samesite Auth.secret = config.jwt_secret Auth.expires = config.jwt_expires Auth.algorithm = config.jwt_algorithm diff --git a/tests/conftest.py b/tests/conftest.py index 5766231..709b882 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -75,6 +75,7 @@ def auth(request: Request): max_age=request.auth.expires, expires=request.auth.expires, httponly=request.auth.http, + samesite=request.auth.samesite, ) return response From 3d0d3580387f8ec61b0d850329ed7618699d3372 Mon Sep 17 00:00:00 2001 From: Artyom Vancyan Date: Mon, 30 Sep 2024 21:40:45 +0400 Subject: [PATCH 2/4] Rename the property name to get rid of IDE warnings --- examples/demonstration/router_api.py | 2 +- src/fastapi_oauth2/config.py | 6 +++--- src/fastapi_oauth2/core.py | 2 +- src/fastapi_oauth2/middleware.py | 4 ++-- tests/conftest.py | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/examples/demonstration/router_api.py b/examples/demonstration/router_api.py index 6f18ddb..537c15a 100644 --- a/examples/demonstration/router_api.py +++ b/examples/demonstration/router_api.py @@ -28,6 +28,6 @@ def sim_auth(request: Request): max_age=request.auth.expires, expires=request.auth.expires, httponly=request.auth.http, - samesite=request.auth.samesite, + samesite=request.auth.same_site, ) return response diff --git a/src/fastapi_oauth2/config.py b/src/fastapi_oauth2/config.py index 954247c..da9ffea 100644 --- a/src/fastapi_oauth2/config.py +++ b/src/fastapi_oauth2/config.py @@ -10,7 +10,7 @@ class OAuth2Config: enable_ssr: bool allow_http: bool - samesite: str + same_site: str jwt_secret: str jwt_expires: int jwt_algorithm: str @@ -21,7 +21,7 @@ def __init__( *, enable_ssr: bool = True, allow_http: bool = False, - samesite: str = "lax", + same_site: str = "lax", jwt_secret: str = "", jwt_expires: Union[int, str] = 900, jwt_algorithm: str = "HS256", @@ -31,7 +31,7 @@ def __init__( os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1" self.enable_ssr = enable_ssr self.allow_http = allow_http - self.samesite = samesite + self.same_site = same_site self.jwt_secret = jwt_secret self.jwt_expires = int(jwt_expires) self.jwt_algorithm = jwt_algorithm diff --git a/src/fastapi_oauth2/core.py b/src/fastapi_oauth2/core.py index c226e55..9f27ed3 100644 --- a/src/fastapi_oauth2/core.py +++ b/src/fastapi_oauth2/core.py @@ -145,7 +145,7 @@ async def token_redirect(self, request: Request, **kwargs) -> RedirectResponse: expires=request.auth.expires, secure=not request.auth.http, httponly=True, - samesite=request.auth.samesite, + samesite=request.auth.same_site, ) return response diff --git a/src/fastapi_oauth2/middleware.py b/src/fastapi_oauth2/middleware.py index 6ff5eb8..b3166b4 100644 --- a/src/fastapi_oauth2/middleware.py +++ b/src/fastapi_oauth2/middleware.py @@ -37,9 +37,9 @@ class Auth(AuthCredentials): ssr: bool http: bool - samesite: str secret: str expires: int + same_site: str algorithm: str scopes: List[str] provider: OAuth2Core @@ -91,9 +91,9 @@ def __init__( ) -> None: Auth.ssr = config.enable_ssr Auth.http = config.allow_http - Auth.samesite = config.samesite Auth.secret = config.jwt_secret Auth.expires = config.jwt_expires + Auth.same_site = config.same_site Auth.algorithm = config.jwt_algorithm Auth.clients = { client.backend.name: OAuth2Core(client) diff --git a/tests/conftest.py b/tests/conftest.py index 709b882..a71bc0e 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -75,7 +75,7 @@ def auth(request: Request): max_age=request.auth.expires, expires=request.auth.expires, httponly=request.auth.http, - samesite=request.auth.samesite, + samesite=request.auth.same_site, ) return response From 21676b8e27841ebe8121408bee3fc550a2daf779 Mon Sep 17 00:00:00 2001 From: Artyom Vancyan Date: Mon, 30 Sep 2024 21:55:32 +0400 Subject: [PATCH 3/4] Add `same_site` property in docs --- docs/integration/configuration.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/integration/configuration.md b/docs/integration/configuration.md index c7c18bf..2485ea3 100644 --- a/docs/integration/configuration.md +++ b/docs/integration/configuration.md @@ -10,6 +10,9 @@ The `OAuth2Config` class is used to define the middleware configuration, and it - `enable_ssr` - Whether enable server-side rendering or not. Defaults to `True`. - `allow_http` - Whether allow HTTP requests or not. Defaults to `False`. +- `same_site` - + The [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value) attribute + of the session cookie. Defaults to `lax`. - `jwt_secret` - Secret used to sign the JWT tokens. Defaults to an empty string. - `jwt_expires` - JWT lifetime in seconds. Defaults to 900 (15 minutes). - `jwt_algorithm` - The algorithm used to sign the JWT tokens. Defaults to `HS256`. From d076d9e56714e38932b40d058a32e3f73f7a33cb Mon Sep 17 00:00:00 2001 From: Artyom Vancyan Date: Mon, 30 Sep 2024 21:55:48 +0400 Subject: [PATCH 4/4] Upgrade the version to `1.3.0` --- src/fastapi_oauth2/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fastapi_oauth2/__init__.py b/src/fastapi_oauth2/__init__.py index c68196d..67bc602 100644 --- a/src/fastapi_oauth2/__init__.py +++ b/src/fastapi_oauth2/__init__.py @@ -1 +1 @@ -__version__ = "1.2.0" +__version__ = "1.3.0"