Merge pull request #109 from ahopkins/dev

Merge v1.1 into Master

.gitignore

@@ -41,6 +41,7 @@ htmlcov/
 .coverage
 .coverage.*
 .cache
+.pytest_cache/
 nosetests.xml
 coverage.xml
 *.cover

Makefile

@@ -10,14 +10,17 @@ help:
 	@echo "test - run tests with coverage"
 	@echo "release - package and upload a release"
 
-.PHONY: help Makefile
+.PHONY: black help Makefile
 
 %: Makefile
 	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
 
 test:
 	python setup.py test
 
+black:
+	black ./ -l 79 --safe
+
 release: clean
 	python setup.py sdist upload
 	python setup.py bdist_wheel upload

README.md

@@ -15,11 +15,17 @@
 Sanic JWT adds authentication protection and endpoints to [Sanic].
 
 It is both **easy** to get up and running, and **extensible** for the
-developer. It can act to protect endpoints and also provide authentication scoping, all wrapped into a nice [JWT].
+developer. It can act to **protect endpoints** and also provide **authentication scoping**, all wrapped into a nice [JWT].
 
-[Read the documentation](http://sanic-jwt.rtfd.io/)
+[Read the documentation](http://sanic-jwt.rtfd.io/) | [View the source code](https://github.com/ahopkins/sanic-jwt/)
 
-Install:
+------
+
+**What do I do?**
+
+It's easy: (1) install, (2) initialize, and (3) authenticate.
+
+**Install:**
 
 ```
 pip install sanic-jwt
@@ -28,7 +34,7 @@ pip install sanic-jwt
   [Sanic]: http://sanic.readthedocs.io
   [JWT]: https://jwt.io
 
-Initialize:
+**Initialize:**
 
 ```python
 from sanic import Sanic
@@ -44,6 +50,12 @@ Initialize(
 )
 ```
 
-Authenticate:
+**Authenticate:**
 
     http://localhost/auth
+
+------
+
+**Can I customize it?**
+
+Definitely! Sanic JWT is made to allow developers to customize the operation to fit their needs. [Check out the documentation](http://sanic-jwt.rtfd.io/) to learn how.

docs/source/conf.py

@@ -30,35 +30,33 @@
 # Add any Sphinx extension module names here, as strings. They can be
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
-extensions = ['sphinx.ext.autodoc',
-    'sphinx.ext.todo',
-    'sphinx.ext.viewcode']
+extensions = ["sphinx.ext.autodoc", "sphinx.ext.todo", "sphinx.ext.viewcode"]
 
 # Add any paths that contain templates here, relative to this directory.
-templates_path = ['_templates']
+templates_path = ["_templates"]
 
 # The suffix(es) of source filenames.
 # You can specify multiple suffix as a list of string:
 #
 # source_suffix = ['.rst', '.md']
-source_suffix = '.rst'
+source_suffix = ".rst"
 
 # The master toctree document.
-master_doc = 'index'
+master_doc = "index"
 
 # General information about the project.
-project = u'sanic-jwt'
-copyright = u'2018, Adam Hopkins'
-author = u'Adam Hopkins'
+project = u"sanic-jwt"
+copyright = u"2018, Adam Hopkins"
+author = u"Adam Hopkins"
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
 # built documents.
 #
 # The short X.Y version.
-version = u'1.0'
+version = u"1.1"
 # The full version, including alpha/beta/rc tags.
-release = u'1.0.2'
+release = u"1.1.0"
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
@@ -73,7 +71,7 @@
 exclude_patterns = []
 
 # The name of the Pygments (syntax highlighting) style to use.
-pygments_style = 'sphinx'
+pygments_style = "sphinx"
 
 # If true, `todo` and `todoList` produce output, else they produce nothing.
 todo_include_todos = True
@@ -84,7 +82,7 @@
 # The theme to use for HTML and HTML Help pages.  See the documentation for
 # a list of builtin themes.
 #
-html_theme = 'sphinx_rtd_theme'
+html_theme = "sphinx_rtd_theme"
 
 # Theme options are theme-specific and customize the look and feel of a theme
 # further.  For a list of options available for each theme, see the
@@ -95,25 +93,25 @@
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
-html_static_path = ['_static']
+html_static_path = ["_static"]
 
 # Custom sidebar templates, must be a dictionary that maps document names
 # to template names.
 #
 # This is required for the alabaster theme
 # refs: http://alabaster.readthedocs.io/en/latest/installation.html#sidebars
 html_sidebars = {
-    '**': [
-        'relations.html',  # needs 'show_related': True theme option to display
-        'searchbox.html',
+    "**": [
+        "relations.html",  # needs 'show_related': True theme option to display
+        "searchbox.html",
     ]
 }
 
 
 # -- Options for HTMLHelp output ------------------------------------------
 
 # Output file base name for HTML help builder.
-htmlhelp_basename = 'sanic-jwtdoc'
+htmlhelp_basename = "sanic-jwtdoc"
 
 
 # -- Options for LaTeX output ---------------------------------------------
@@ -122,15 +120,12 @@
     # The paper size ('letterpaper' or 'a4paper').
     #
     # 'papersize': 'letterpaper',
-
     # The font size ('10pt', '11pt' or '12pt').
     #
     # 'pointsize': '10pt',
-
     # Additional stuff for the LaTeX preamble.
     #
     # 'preamble': '',
-
     # Latex figure (float) alignment
     #
     # 'figure_align': 'htbp',
@@ -140,8 +135,13 @@
 # (source start file, target name, title,
 #  author, documentclass [howto, manual, or own class]).
 latex_documents = [
-    (master_doc, 'sanic-jwt.tex', u'sanic-jwt Documentation',
-     u'Adam Hopkins', 'manual'),
+    (
+        master_doc,
+        "sanic-jwt.tex",
+        u"sanic-jwt Documentation",
+        u"Adam Hopkins",
+        "manual",
+    )
 ]
 
 
@@ -150,8 +150,7 @@
 # One entry per manual page. List of tuples
 # (source start file, name, description, authors, manual section).
 man_pages = [
-    (master_doc, 'sanic-jwt', u'sanic-jwt Documentation',
-     [author], 1)
+    (master_doc, "sanic-jwt", u"sanic-jwt Documentation", [author], 1)
 ]
 
 
@@ -161,10 +160,13 @@
 # (source start file, target name, title, author,
 #  dir menu entry, description, category)
 texinfo_documents = [
-    (master_doc, 'sanic-jwt', u'sanic-jwt Documentation',
-     author, 'sanic-jwt', 'One line description of project.',
-     'Miscellaneous'),
+    (
+        master_doc,
+        "sanic-jwt",
+        u"sanic-jwt Documentation",
+        author,
+        "sanic-jwt",
+        "One line description of project.",
+        "Miscellaneous",
+    )
 ]
-
-
-

docs/source/index.rst

@@ -12,6 +12,8 @@ It is both **easy** to get up and running, and **extensible** for the developer.
 
 Pick your favorite user management system, run :doc:`a single class to initialize <pages/initialization>`, and you are all set.
 
+`Open source code on GitHub <https://github.com/ahopkins/sanic-jwt>`_
+
 ------------
 
 .. toctree::
@@ -36,6 +38,16 @@ Pick your favorite user management system, run :doc:`a single class to initializ
 
 ------------
 
++++++++++++++++++++++++++++
+What is new in Version 1.1?
++++++++++++++++++++++++++++
+
+The biggest changes are under the hood relating to how configuration settings are implemented. They are now fully dynamic allowing you to not only dynamically set them at run time, but also have them evaluated at the last minute to give you flexibility when needed.
+
+Flexibility is really the name of the game for v. 1.1. Most of the features are to enable the developer that wants to dig deeper and gain more control. For example, the ``Authentication`` now has a number of new renamed methods. Checkout the source code to see what they are (hint: they are the ones NOT with an ``_`` at the beginning.)
+
+Checkout the changelog for a more detailed description.
+
 +++++++++++++++++++++++++++
 What is new in Version 1.0?
 +++++++++++++++++++++++++++

docs/source/pages/changelog.rst

@@ -4,6 +4,35 @@ Changelog
 
 The format is based on `Keep a Changelog <http://keepachangelog.com/en/1.0.0/>`_ and this project adheres to `Semantic Versioning <http://semver.org/spec/v2.0.0.html>`_.
 
++++++++++++++++++++++++++
+Version 1.1 - 2018-06-03
++++++++++++++++++++++++++
+
+| **Added**
+| - New handler method: ``override_scope_validator``
+| - New handler method: ``destructure_scopes``
+| - New decorator method: ``inject_user``
+| - Decorator methods copied to ``Initialize`` class for convenience
+| - New convenience method for extracting ``user_id`` from request
+| - Feature for decoupling authentication mode for microservices
+| - Ability to have custom generated refresh tokens
+| - Subclasses are tested for consistency on ``Initialize``
+|
+
+| **Changed**
+| - ``Authentication.is_authenticated`` to ``Authentication._check_authentication``
+| - ``Authentication.verify`` to ``Authentication._verify``
+| - ``Authentication.get_access_token`` to ``Authentication.generate_access_token``
+| - ``Authentication.get_refresh_token`` to ``Authentication.generate_refresh_token``
+| - ``Authentication.retrieve_scopes`` to ``Authentication.extract_scopes``
+| - Method for getting and setting configurations made dynamic
+|
+
+| **Fixed**
+| - Verification that a custom payload extender supplies all of the enabled claims
+| - ``abort`` bug when using Sanic's convenience method for exceptions
+|
+
 
 ++++++++++++++++++++++++++
 Version 1.0.2 - 2018-03-04

docs/source/pages/configuration.rst

@@ -66,6 +66,42 @@ What if you need to calculate a setting? No problem. Each of the settings can be
         app,
         configuration_class=MyConfiguration)
 
+But, it does not need to be a callable. This works too:
+
+.. code-block:: python
+
+    from sanic_jwt import Configuration
+
+    class MyConfiguration(Configuration):
+        set_access_token_name = 'jwt'
+
+    Initialize(
+        app,
+        configuration_class=MyConfiguration)
+
+Okay ... need to go even **further**? You can also have a setting evaluated on each request with the ``get_<setting>()`` method:
+
+.. code-block:: python
+
+    auth_header_key = "x-authorization-header"
+
+    class MyConfig(Configuration):
+
+        def get_authorization_header(self, request):
+            if auth_header_key in request.headers:
+                return request.headers.get(auth_header_key)
+
+            return "authorization"
+
+    Initialize(
+        app,
+        configuration_class=MyConfig
+    )
+
+This brings up an important point. If you go with the getter method, then in order to not waste resources, it will be evaluated only **one** time per request. The output of your getter will be cached for the lifespan of that request only.
+
+As you can see, the getter method is passed the ``request`` object as a parameter.
+
 ------------
 
 ++++++++
@@ -104,6 +140,15 @@ Settings
     PS512 - RSASSA-PSS signature using SHA-512 and MGF1 padding with SHA-512
 
 
+-------------
+``auth_mode``
+-------------
+
+| **Purpose**: Whether to enable the ``/auth`` endpoints or not. Helpful for microservice applications.
+| **Default**: ``True``
+|
+
+
 ------------------------
 ``authorization_header``
 ------------------------
@@ -226,7 +271,7 @@ Alias for ``cookie_access_token_name``
 ``debug``
 ---------
 
-| **Purpose**: Used for development and testing of the package.
+| **Purpose**: Used for development and testing of the package. You will likely never need this.
 | **Default**: ``False``
 |
 
@@ -238,6 +283,14 @@ Alias for ``cookie_access_token_name``
 | **Default**: ``60 * 5 * 6``, aka 30 minutes
 |
 
+--------------------------
+``generate_refresh_token``
+--------------------------
+
+| **Purpose**: A method to create and return a refresh token.
+| **Default**: ``sanic_jwt.utils.generate_refresh_token``
+|
+
 ----------
 ``leeway``
 ----------
@@ -345,7 +398,7 @@ Alias for ``secret``
 --------------
 
 | **Purpose**: The url prefix used for all URL endpoints. Note, the placement of ``/``.
-| **Default**: ``'/'``
+| **Default**: ``'/auth'``
 |
 
 -----------