Merge pull request #38 from cicekhayri/load-user-middleware

Load user middleware

Author: cicekhayri

inspira/auth/mixins/user_mixin.py

@@ -25,3 +25,17 @@ def set_password(self, password):
 
     def check_password_hash(self, password):
         return bcrypt.checkpw(password.encode(UTF8), self.password.encode(UTF8))
+
+
+class AnonymousUserMixin:
+    @property
+    def is_authenticated(self):
+        return False
+
+    @property
+    def is_active(self):
+        return False
+
+    @property
+    def is_anonymous(self):
+        return True

inspira/middlewares/sessions.py

@@ -9,30 +9,29 @@
 
 
 class SessionMiddleware:
-    def __init__(self, secret_key):
-        self.secret_key = secret_key
-        self.config = get_global_app().config or Config()
+    def __init__(self):
+        self.app = get_global_app()
 
     def build_set_cookie_header(self, session_data):
-        encoded_payload = encode_session_data(session_data, self.secret_key)
+        encoded_payload = encode_session_data(session_data, self.app.secret_key)
         expires_date = datetime.datetime.utcnow() + datetime.timedelta(
-            seconds=self.config["SESSION_MAX_AGE"]
+            seconds=self.app.config["SESSION_MAX_AGE"]
         )
         formatted_expires = expires_date.strftime("%a, %d %b %Y %H:%M:%S GMT")
 
         cookie_value = (
-            f"{self.config['SESSION_COOKIE_NAME']}={encoded_payload}; "
-            f"Expires={formatted_expires}; Path={self.config['SESSION_COOKIE_PATH'] or '/'}; HttpOnly"
+            f"{self.app.config['SESSION_COOKIE_NAME']}={encoded_payload}; "
+            f"Expires={formatted_expires}; Path={self.app.config['SESSION_COOKIE_PATH'] or '/'}; HttpOnly"
         )
 
-        if self.config["SESSION_COOKIE_DOMAIN"]:
-            cookie_value += f"; Domain={self.config['SESSION_COOKIE_DOMAIN']}"
+        if self.app.config["SESSION_COOKIE_DOMAIN"]:
+            cookie_value += f"; Domain={self.app.config['SESSION_COOKIE_DOMAIN']}"
 
-        if self.config["SESSION_COOKIE_SECURE"]:
+        if self.app.config["SESSION_COOKIE_SECURE"]:
             cookie_value += "; Secure"
 
-        if self.config["SESSION_COOKIE_SAMESITE"]:
-            cookie_value += f"; SameSite={self.config['SESSION_COOKIE_SAMESITE']}"
+        if self.app.config["SESSION_COOKIE_SAMESITE"]:
+            cookie_value += f"; SameSite={self.app.config['SESSION_COOKIE_SAMESITE']}"
 
         return cookie_value
 
@@ -44,12 +43,12 @@ async def send_wrapper(message):
                     request = RequestContext().get_request()
 
                     cookies = SimpleCookie(request.get_headers().get("cookie", ""))
-                    session_cookie = cookies.get(self.config["SESSION_COOKIE_NAME"])
+                    session_cookie = cookies.get(self.app.config["SESSION_COOKIE_NAME"])
                     decoded_session = {}
 
                     if session_cookie:
                         decoded_session = decode_session_data(
-                            session_cookie.value, self.secret_key
+                            session_cookie.value, self.app.secret_key
                         )
 
                     if not request.session or decoded_session != request.session:
@@ -58,7 +57,7 @@ async def send_wrapper(message):
 
                             headers.append((b"Set-Cookie", cookie_value.encode()))
                         else:
-                            cookie_value = f"{self.config['SESSION_COOKIE_NAME']}=; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path={self.config['SESSION_COOKIE_PATH'] or '/'}; HttpOnly"
+                            cookie_value = f"{self.app.config['SESSION_COOKIE_NAME']}=; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path={self.app.config['SESSION_COOKIE_PATH'] or '/'}; HttpOnly"
 
                             headers.append((b"Set-Cookie", cookie_value.encode()))
 

inspira/middlewares/user_loader.py

@@ -0,0 +1,36 @@
+from http.cookies import SimpleCookie
+from typing import Dict, Any, Callable
+
+from inspira.auth.auth_utils import decode_auth_token
+from inspira.auth.mixins.user_mixin import AnonymousUserMixin
+from inspira.config import Config
+from inspira.globals import get_global_app
+from inspira.requests import RequestContext
+from inspira.utils.session_utils import decode_session_data
+
+
+class UserLoaderMiddleware:
+    def __init__(self, user_model):
+        self.user_model = user_model
+        self.app = get_global_app()
+
+    async def __call__(self, handler):
+        async def middleware(scope: Dict[str, Any], receive: Callable, send: Callable):
+            request = RequestContext().get_request()
+            cookies = SimpleCookie(request.get_headers().get("cookie", ""))
+            token = cookies.get(self.app.config["SESSION_COOKIE_NAME"])
+
+            user = None
+
+            if token:
+                decoded_session = decode_session_data(token.value, self.app.secret_key)
+                user_id = decode_auth_token(decoded_session.get("token", None))
+
+                if user_id:
+                    user = self.user_model.query.get(user_id)
+            RequestContext.set_current_user(user or AnonymousUserMixin())
+            request.user = RequestContext.get_current_user()
+
+            await handler(scope, receive, send)
+
+        return middleware

inspira/requests.py

@@ -7,6 +7,7 @@
 
 class RequestContext:
     _current_request = None
+    _current_user = None
 
     @classmethod
     def set_request(cls, request):
@@ -16,6 +17,14 @@ def set_request(cls, request):
     def get_request(cls):
         return cls._current_request
 
+    @classmethod
+    def get_current_user(cls):
+        return cls._current_user
+
+    @classmethod
+    def set_current_user(cls, user):
+        cls._current_user = user
+
 
 class Request:
     def __init__(self, scope: Dict[str, Any], receive: Callable, send: Callable):
@@ -25,6 +34,7 @@ def __init__(self, scope: Dict[str, Any], receive: Callable, send: Callable):
         self._session = {}
         self._headers = {}
         self._forbidden = False
+        self.user = None
 
     def is_forbidden(self):
         return self._forbidden

tests/conftest.py

@@ -10,22 +10,14 @@
 from inspira.testclient import TestClient
 
 
-@pytest.fixture
-def app():
-    return Inspira()
-
-
 @pytest.fixture
 def secret_key():
     return "your_secret_key"
 
 
 @pytest.fixture
-def app_with_secret_token(secret_key):
-    app = Inspira()
-    app.secret_key = secret_key
-
-    return app
+def app(secret_key):
+    return Inspira(secret_key)
 
 
 @pytest.fixture
@@ -34,8 +26,8 @@ def client(app):
 
 
 @pytest.fixture
-def client_session(app_with_secret_token):
-    return TestClient(app_with_secret_token)
+def client_session(app):
+    return TestClient(app)
 
 
 @pytest.fixture
@@ -84,3 +76,12 @@ def mock_scope():
 @pytest.fixture
 def sample_config():
     return Config()
+
+
+@pytest.fixture
+def user_mock():
+    class User:
+        def __init__(self, id):
+            self.id = id
+
+    return User

tests/test_middleware.py

@@ -3,11 +3,15 @@
 
 import pytest
 
+from inspira.auth.auth_utils import login_user, decode_auth_token
+from inspira.auth.decorators import login_required
+from inspira.auth.mixins.user_mixin import AnonymousUserMixin
 from inspira.decorators.http_methods import get
 from inspira.enums import HttpMethod
 from inspira.middlewares.cors import CORSMiddleware
 from inspira.middlewares.sessions import SessionMiddleware
-from inspira.requests import Request
+from inspira.middlewares.user_loader import UserLoaderMiddleware
+from inspira.requests import Request, RequestContext
 from inspira.responses import JsonResponse, HttpResponse
 from inspira.utils.session_utils import decode_session_data
 
@@ -93,8 +97,8 @@ async def test_route(request: Request):
 
 
 @pytest.mark.asyncio
-async def test_set_session_success(app, client):
-    session_middleware = SessionMiddleware(secret_key="dummy")
+async def test_set_session_success(app, secret_key, client):
+    session_middleware = SessionMiddleware()
 
     app.add_middleware(session_middleware)
 
@@ -113,7 +117,7 @@ async def test_route(request: Request):
 
     assert session_cookie is not None
 
-    decoded_session = decode_session_data(session_cookie.value, "dummy")
+    decoded_session = decode_session_data(session_cookie.value, secret_key)
     expected_session = {"message": "Hej"}
 
     assert decoded_session == expected_session
@@ -122,7 +126,7 @@ async def test_route(request: Request):
 
 @pytest.mark.asyncio
 async def test_invalid_signature_exception(app, client):
-    session_middleware = SessionMiddleware(secret_key="dummy")
+    session_middleware = SessionMiddleware()
 
     app.add_middleware(session_middleware)
 
@@ -149,7 +153,7 @@ async def test_route(request: Request):
 
 @pytest.mark.asyncio
 async def test_remove_session_success(app, client):
-    session_middleware = SessionMiddleware(secret_key="dummy")
+    session_middleware = SessionMiddleware()
 
     app.add_middleware(session_middleware)
 
@@ -184,7 +188,7 @@ async def remove_route(request: Request):
 
 @pytest.mark.asyncio
 async def test_get_session_success(app, client):
-    session_middleware = SessionMiddleware(secret_key="dummy")
+    session_middleware = SessionMiddleware()
 
     app.add_middleware(session_middleware)
 
@@ -203,7 +207,7 @@ async def get_route(request: Request):
 
 @pytest.mark.asyncio
 async def test_remove_nonexistent_key(app, client):
-    session_middleware = SessionMiddleware(secret_key="dummy")
+    session_middleware = SessionMiddleware()
 
     app.add_middleware(session_middleware)
 
@@ -224,3 +228,80 @@ async def remove_route(request: Request):
 
     assert session_cookie.value == ""
     assert response.status_code == HTTPStatus.OK
+
+
+@pytest.mark.asyncio
+async def test_user_loader_middleware(app, client, user_mock, secret_key):
+    session_middleware = SessionMiddleware()
+
+    user_loader_middleware = UserLoaderMiddleware(user_mock)
+
+    app.add_middleware(session_middleware)
+    app.add_middleware(user_loader_middleware)
+
+    @get("/get")
+    async def get_route(request: Request):
+        user = user_mock(id=1)
+        login_user(user.id)
+        return HttpResponse(f"User ID: 1323")
+
+    app.add_route("/get", HttpMethod.GET, get_route)
+
+    response = await client.get("/get")
+    set_cookie_header = response.headers.get("set-cookie", "")
+
+    assert set_cookie_header is not None
+    assert "session=" in set_cookie_header
+
+    cookies = SimpleCookie(set_cookie_header)
+    session_cookie = cookies.get("session")
+
+    assert session_cookie is not None
+
+    decoded_session = decode_session_data(session_cookie.value, secret_key)
+    get_user_id = decode_auth_token(decoded_session["token"])
+
+    assert get_user_id == 1
+
+
+@pytest.mark.asyncio
+async def test_user_not_logged_in(app, client, secret_key, user_mock):
+    session_middleware = SessionMiddleware()
+    user_loader_middleware = UserLoaderMiddleware(user_mock)
+    app.add_middleware(session_middleware)
+    app.add_middleware(user_loader_middleware)
+
+    @get("/protected")
+    @login_required
+    async def protected(request: Request):
+        return HttpResponse("Protected Route")
+
+    app.add_route("/protected", HttpMethod.GET, protected)
+
+    response = await client.get("/protected")
+
+    assert response.status_code == HTTPStatus.UNAUTHORIZED.value
+    assert "Unauthorized" in response.text
+
+
+@pytest.mark.asyncio
+async def test_user_loader_middleware_anonymous_user(
+    app, client, secret_key, user_mock
+):
+    user_loader_middleware = UserLoaderMiddleware(user_mock)
+    app.add_middleware(user_loader_middleware)
+
+    @get("/protected")
+    async def protected(request: Request):
+        user_authenticated = request.user.is_authenticated
+        return JsonResponse({"user_authenticated": user_authenticated})
+
+    app.add_route("/protected", HttpMethod.GET, protected)
+
+    response = await client.get("/protected")
+
+    assert response.status_code == 200
+    assert response.json() == {"user_authenticated": False}
+
+    user_in_method = RequestContext.get_current_user()
+    assert isinstance(user_in_method, AnonymousUserMixin)

tests/test_responses.py

@@ -69,7 +69,7 @@ async def home(request):
 
 
 @pytest.mark.asyncio
-async def test_set_multiple_cookie(app_with_secret_token, client_session):
+async def test_set_multiple_cookie(app, client_session):
     @get("/home")
     async def home(request):
         http_response = HttpResponse("This is a test endpoint")
@@ -78,7 +78,7 @@ async def home(request):
 
         return http_response
 
-    app_with_secret_token.add_route("/home", HttpMethod.GET, home)
+    app.add_route("/home", HttpMethod.GET, home)
 
     response = await client_session.get("/home")
     headers_dict = dict(response.headers)