From 455f695f520d646389767bcde3b0fe7c8b2f9b4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Voron?= Date: Thu, 20 May 2021 08:52:03 +0200 Subject: [PATCH] Fix #630: relative tokenUrl (#636) * Fix #630: use relative tokenUrl as per the official recommendations * Improve following review comments * Fix unmatching backtick * Improve consistency of authentication backend documentation --- docs/configuration/authentication/cookie.md | 26 ++++++++++----------- docs/configuration/authentication/jwt.md | 24 ++++++++++--------- docs/src/full_mongodb.py | 2 +- docs/src/full_ormar.py | 2 +- docs/src/full_sqlalchemy.py | 2 +- docs/src/full_tortoise.py | 2 +- docs/src/oauth_full_mongodb.py | 2 +- docs/src/oauth_full_sqlalchemy.py | 2 +- docs/src/oauth_full_tortoise.py | 2 +- fastapi_users/authentication/jwt.py | 2 +- 10 files changed, 33 insertions(+), 33 deletions(-) diff --git a/docs/configuration/authentication/cookie.md b/docs/configuration/authentication/cookie.md index e3fe888a..a1040b68 100644 --- a/docs/configuration/authentication/cookie.md +++ b/docs/configuration/authentication/cookie.md @@ -16,27 +16,25 @@ cookie_authentication = CookieAuthentication(secret=SECRET, lifetime_seconds=360 auth_backends.append(cookie_authentication) ``` -As you can see, instantiation is quite simple. You just have to define a constant `SECRET` which is used to encode the token and the lifetime of the cookie (in seconds). - -You can also define the parameters for the generated cookie: +As you can see, instantiation is quite simple. It accepts the following arguments: +* `secret` (`str`): A constant secret which is used to encode the cookie. **Use a strong passphrase and keep it secure.** +* `lifetime_seconds` (`int`): The lifetime of the cookie in seconds. * `cookie_name` (`fastapiusersauth`): Name of the cookie. * `cookie_path` (`/`): Cookie path. * `cookie_domain` (`None`): Cookie domain. * `cookie_secure` (`True`): Whether to only send the cookie to the server via SSL request. * `cookie_httponly` (`True`): Whether to prevent access to the cookie via JavaScript. -* `cookie_samesite` (`lax`): A string that specifies the samesite strategy for the cookie. Valid values are 'lax', 'strict' and 'none'. Defaults to 'lax'. +* `cookie_samesite` (`lax`): A string that specifies the samesite strategy for the cookie. Valid values are `lax`, `strict` and `none`. Defaults to `lax`. +* `name` (`Optional[str]`): Name of the backend. It's useful in the case you wish to have several backends of the same class. Each backend should have a unique name. Defaults to `cookie`. -!!! tip - You can also optionally define the `name`. It's useful in the case you wish to have several backends of the same class. Each backend should have a unique name. **Defaults to `cookie`**. - - ```py - cookie_authentication = CookieAuthentication( - secret=SECRET, - lifetime_seconds=3600, - name="my-cookie", - ) - ``` +```py +cookie_authentication = CookieAuthentication( + secret=SECRET, + lifetime_seconds=3600, + name="my-cookie", +) +``` !!! tip The value of the cookie is actually a JWT. This authentication backend shares most of its logic with the [JWT](./jwt.md) one. diff --git a/docs/configuration/authentication/jwt.md b/docs/configuration/authentication/jwt.md index 953905e1..f0508894 100644 --- a/docs/configuration/authentication/jwt.md +++ b/docs/configuration/authentication/jwt.md @@ -11,23 +11,25 @@ SECRET = "SECRET" auth_backends = [] -jwt_authentication = JWTAuthentication(secret=SECRET, lifetime_seconds=3600) +jwt_authentication = JWTAuthentication(secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login") auth_backends.append(jwt_authentication) ``` -As you can see, instantiation is quite simple. You just have to define a constant `SECRET` which is used to encode the token and the lifetime of token (in seconds). +As you can see, instantiation is quite simple. It accepts the following arguments: -!!! tip - You can also optionally define the `name`. It's useful in the case you wish to have several backends of the same class. Each backend should have a unique name. **Defaults to `jwt`**. +* `secret` (`str`): A constant secret which is used to encode the token. **Use a strong passphrase and keep it secure.** +* `lifetime_seconds` (`int`): The lifetime of the token in seconds. +* `tokenUrl` (`Optional[str]`): The exact path of your login endpoint. It'll allow the interactive documentation to automatically discover it and get a working *Authorize* button. In most cases, you'll probably need a **relative** path, not absolute. You can read more details about this in the [FastAPI documentation](https://fastapi.tiangolo.com/tutorial/security/first-steps/#fastapis-oauth2passwordbearer). Defaults to `auth/jwt/login`. +* `name` (`Optional[str]`): Name of the backend. It's useful in the case you wish to have several backends of the same class. Each backend should have a unique name. Defaults to `jwt`. - ```py - jwt_authentication = JWTAuthentication( - secret=SECRET, - lifetime_seconds=3600, - name="my-jwt", - ) - ``` +```py +jwt_authentication = JWTAuthentication( + secret=SECRET, + lifetime_seconds=3600, + name="my-jwt", +) +``` ## Login diff --git a/docs/src/full_mongodb.py b/docs/src/full_mongodb.py index b93311e4..fadad450 100644 --- a/docs/src/full_mongodb.py +++ b/docs/src/full_mongodb.py @@ -45,7 +45,7 @@ def after_verification_request(user: UserDB, token: str, request: Request): jwt_authentication = JWTAuthentication( - secret=SECRET, lifetime_seconds=3600, tokenUrl="/auth/jwt/login" + secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login" ) app = FastAPI() diff --git a/docs/src/full_ormar.py b/docs/src/full_ormar.py index 5b1a2555..c2eada18 100644 --- a/docs/src/full_ormar.py +++ b/docs/src/full_ormar.py @@ -54,7 +54,7 @@ def after_verification_request(user: UserDB, token: str, request: Request): jwt_authentication = JWTAuthentication( - secret=SECRET, lifetime_seconds=3600, tokenUrl="/auth/jwt/login" + secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login" ) app = FastAPI() diff --git a/docs/src/full_sqlalchemy.py b/docs/src/full_sqlalchemy.py index 2b28c5d0..3302a6f7 100644 --- a/docs/src/full_sqlalchemy.py +++ b/docs/src/full_sqlalchemy.py @@ -56,7 +56,7 @@ def after_verification_request(user: UserDB, token: str, request: Request): jwt_authentication = JWTAuthentication( - secret=SECRET, lifetime_seconds=3600, tokenUrl="/auth/jwt/login" + secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login" ) app = FastAPI() diff --git a/docs/src/full_tortoise.py b/docs/src/full_tortoise.py index f474b2bc..d6f2679e 100644 --- a/docs/src/full_tortoise.py +++ b/docs/src/full_tortoise.py @@ -54,7 +54,7 @@ def after_verification_request(user: UserDB, token: str, request: Request): jwt_authentication = JWTAuthentication( - secret=SECRET, lifetime_seconds=3600, tokenUrl="/auth/jwt/login" + secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login" ) fastapi_users = FastAPIUsers( diff --git a/docs/src/oauth_full_mongodb.py b/docs/src/oauth_full_mongodb.py index 0159e062..b0fd9037 100644 --- a/docs/src/oauth_full_mongodb.py +++ b/docs/src/oauth_full_mongodb.py @@ -49,7 +49,7 @@ def after_verification_request(user: UserDB, token: str, request: Request): jwt_authentication = JWTAuthentication( - secret=SECRET, lifetime_seconds=3600, tokenUrl="/auth/jwt/login" + secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login" ) app = FastAPI() diff --git a/docs/src/oauth_full_sqlalchemy.py b/docs/src/oauth_full_sqlalchemy.py index fdd22540..83510898 100644 --- a/docs/src/oauth_full_sqlalchemy.py +++ b/docs/src/oauth_full_sqlalchemy.py @@ -69,7 +69,7 @@ def after_verification_request(user: UserDB, token: str, request: Request): jwt_authentication = JWTAuthentication( - secret=SECRET, lifetime_seconds=3600, tokenUrl="/auth/jwt/login" + secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login" ) app = FastAPI() diff --git a/docs/src/oauth_full_tortoise.py b/docs/src/oauth_full_tortoise.py index 02789e5e..651b9b67 100644 --- a/docs/src/oauth_full_tortoise.py +++ b/docs/src/oauth_full_tortoise.py @@ -67,7 +67,7 @@ def after_verification_request(user: UserDB, token: str, request: Request): jwt_authentication = JWTAuthentication( - secret=SECRET, lifetime_seconds=3600, tokenUrl="/auth/jwt/login" + secret=SECRET, lifetime_seconds=3600, tokenUrl="auth/jwt/login" ) fastapi_users = FastAPIUsers( diff --git a/fastapi_users/authentication/jwt.py b/fastapi_users/authentication/jwt.py index 24cb5d74..006bc773 100644 --- a/fastapi_users/authentication/jwt.py +++ b/fastapi_users/authentication/jwt.py @@ -30,7 +30,7 @@ class JWTAuthentication(BaseAuthentication[str]): self, secret: str, lifetime_seconds: int, - tokenUrl: str = "/login", + tokenUrl: str = "auth/jwt/login", name: str = "jwt", ): super().__init__(name, logout=False)