Release 0.3.0 (#6)

* Update to the latest Esmerald version
* Update to the new security implementation
* Update to PyJWT as internal
* Move to Python 3.9 and BSD
* Update to the latest httpx in testing

.github/workflows/publish.yml

@@ -4,7 +4,7 @@ name: Publish
 on:
   push:
     tags:
-      - '*'
+      - "*"
 
 jobs:
   publish:
@@ -15,7 +15,7 @@ jobs:
       - uses: "actions/checkout@v3"
       - uses: "actions/setup-python@v4"
         with:
-          python-version: 3.8
+          python-version: 3.9
       - name: "Install dependencies"
         run: "scripts/install"
       - name: Install build dependencies
@@ -30,4 +30,4 @@ jobs:
           TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
       - name: "Deploy docs"
         run: |
-          curl -X POST '${{ secrets.DEPLOY_DOCS }}'
+          curl -X POST '${{ secrets.DEPLOY_DOCS }}'

.github/workflows/test-suite.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: "ubuntu-latest"
     strategy:
       matrix:
-        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+        python-version: ["3.9", "3.10", "3.11", "3.12"]
 
     services:
       postgres:

LICENSE

@@ -1,9 +1,11 @@
-The MIT License (MIT)
+Copyright © 2024, Dymmond Ltd. All rights reserved.
 
-Copyright (c) 2023 Tiago Silva
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
 
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
 
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

docs/release-notes.md

@@ -1,5 +1,56 @@
 # Release Notes
 
+## 0.3.0
+
+### Changed
+
+- Stop support for Python 3.8
+- Update to the latest Esmerald 3.6.0+ with the new security implementation
+- Moved to BSD-3 Clause license compliance.
+
+### Breaking
+
+- Since Esmerald SimpleJWT is now using PyJWT from Esmerald, the way the claims are made is different
+from what is was but not too different, you will need to change from:
+
+```python
+# In the authentication
+token = Token(sub=str(user.id), exp=later)
+return token.encode(
+    key=settings.simple_jwt.signing_key,
+    algorithm=settings.simple_jwt.algorithm,
+    token_type=token_type,
+)
+
+# In the refresh
+access_token = new_token.encode(
+    key=settings.simple_jwt.signing_key,
+    algorithm=settings.simple_jwt.algorithm,
+    token_type=settings.simple_jwt.access_token_name,
+)
+```
+
+to
+
+```python
+# Authentication
+token = Token(sub=str(user.id), exp=later)
+claims_extra = {"token_type": token_type}
+return token.encode(
+    key=settings.simple_jwt.signing_key,
+    algorithm=settings.simple_jwt.algorithm,
+    claims_extra=claims_extra,
+)
+
+# Refresh
+claims_extra = {"token_type": settings.simple_jwt.access_token_name}
+access_token = new_token.encode(
+    key=settings.simple_jwt.signing_key,
+    algorithm=settings.simple_jwt.algorithm,
+    claims_extra=claims_extra,
+)
+```
+
 ## 0.2.0
 
 ### Changed

docs_src/quickstart/backend_auth.py

@@ -68,8 +68,10 @@ def generate_user_token(self, user: User, token_type: str, time: datetime = None
             later = time
 
         token = Token(sub=str(user.id), exp=later)
+
+        claims_extra = {"token_type": token_type}
         return token.encode(
             key=settings.simple_jwt.signing_key,
             algorithm=settings.simple_jwt.algorithm,
-            token_type=token_type,
+            claims_extra=claims_extra,
         )

docs_src/quickstart/backend_refresh.py

@@ -2,7 +2,7 @@
 
 from esmerald.conf import settings
 from esmerald.exceptions import AuthenticationError, NotAuthorized
-from jose import JWSError, JWTError
+from jwt.exceptions import PyJWTError
 
 from esmerald_simple_jwt.backends import BaseRefreshAuthentication
 from esmerald_simple_jwt.schemas import AccessToken, RefreshToken
@@ -28,7 +28,7 @@ async def refresh(self) -> AccessToken:
                 key=settings.simple_jwt.signing_key,
                 algorithms=[settings.simple_jwt.algorithm],
             )
-        except (JWSError, JWTError) as e:
+        except PyJWTError as e:
             raise AuthenticationError(str(e)) from e
 
         if token.token_type != settings.simple_jwt.refresh_token_name:
@@ -41,10 +41,11 @@ async def refresh(self) -> AccessToken:
         new_token = Token(sub=token.sub, exp=expiry_date)
 
         # Encode the token
+        claims_extra = {"token_type": settings.simple_jwt.access_token_name}
         access_token = new_token.encode(
             key=settings.simple_jwt.signing_key,
             algorithm=settings.simple_jwt.algorithm,
-            token_type=settings.simple_jwt.access_token_name,
+            claims_extra=claims_extra,
         )
 
         return AccessToken(access_token=access_token)

esmerald_simple_jwt/__init__.py

@@ -1 +1 @@
-__version__ = "0.2.0"
+__version__ = "0.3.0"

esmerald_simple_jwt/backends.py

@@ -4,7 +4,7 @@
 
 from esmerald.conf import settings
 from esmerald.exceptions import AuthenticationError, NotAuthorized
-from jose import JWSError, JWTError
+from jwt.exceptions import PyJWTError
 from pydantic import BaseModel, EmailStr
 
 from esmerald_simple_jwt.schemas import AccessToken, RefreshToken
@@ -72,7 +72,7 @@ async def refresh(self) -> AccessToken:
                 key=settings.simple_jwt.signing_key,
                 algorithms=[settings.simple_jwt.algorithm],
             )  # type: ignore
-        except (JWSError, JWTError) as e:
+        except PyJWTError as e:
             raise AuthenticationError(str(e)) from e
 
         if token.token_type != settings.simple_jwt.refresh_token_name:
@@ -84,11 +84,13 @@ async def refresh(self) -> AccessToken:
         # New token object
         new_token = Token(sub=token.sub, exp=expiry_date)
 
+        claims_extra = {"token_type": settings.simple_jwt.access_token_name}
+
         # Encode the token
         access_token = new_token.encode(
             key=settings.simple_jwt.signing_key,
             algorithm=settings.simple_jwt.algorithm,
-            token_type=settings.simple_jwt.access_token_name,
+            claims_extra=claims_extra,
         )
 
         return AccessToken(access_token=access_token)

esmerald_simple_jwt/config.py

@@ -1,13 +1,15 @@
 from typing import Any, List, Type, Union
 
 from esmerald.config.jwt import JWTConfig
-from esmerald.openapi.security.http import Bearer
+from esmerald.security.http import HTTPBearer
 from pydantic import BaseModel
 from typing_extensions import Annotated, Doc
 
 from esmerald_simple_jwt.backends import BaseBackendAuthentication, BaseRefreshAuthentication
 from esmerald_simple_jwt.schemas import AccessToken, LoginEmailIn, RefreshToken, TokenAccess
 
+security = HTTPBearer()
+
 
 class SimpleJWT(JWTConfig):
     """
@@ -202,4 +204,4 @@ class AppSettings(EsmeraldAPISettings):
             ```
             """
         ),
-    ] = [Bearer]
+    ] = [security]

pyproject.toml

@@ -7,9 +7,8 @@ name = "esmerald_simple_jwt"
 description = "The Simple JWT integration with Esmerald"
 long_description = "The Simple JWT integration with Esmerald"
 readme = "README.md"
-requires-python = ">=3.8"
+requires-python = ">=3.9"
 dynamic = ['version']
-license = "MIT"
 authors = [{ name = "Tiago Silva", email = "[email protected]" }]
 classifiers = [
     "Intended Audience :: Information Technology",
@@ -28,17 +27,16 @@ classifiers = [
     "Framework :: AsyncIO",
     "Framework :: AnyIO",
     "Intended Audience :: Developers",
-    "License :: OSI Approved :: MIT License",
+    "License :: OSI Approved :: BSD License",
     "Programming Language :: Python :: 3 :: Only",
-    "Programming Language :: Python :: 3.8",
     "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
     "Topic :: Internet :: WWW/HTTP :: HTTP Servers",
     "Topic :: Internet :: WWW/HTTP",
 ]
-dependencies = ["esmerald[jwt]>=3.1.0"]
+dependencies = ["esmerald[jwt]>=3.6.0"]
 keywords = [
     "esmerald_simple_jwt",
     "jwt",
@@ -144,7 +142,7 @@ ignore_missing_imports = true
 check_untyped_defs = true
 
 [[tool.mypy.overrides]]
-module = ["jose.*", "passlib.*"]
+module = ["passlib.*"]
 ignore_missing_imports = true
 ignore_errors = true
 

scripts/check

@@ -13,6 +13,6 @@ export MAIN="esmerald_simple_jwt"
 set -x
 
 ${PREFIX}mypy $MAIN
-${PREFIX}ruff $SOURCE_FILES --line-length 99
+${PREFIX}ruff check $SOURCE_FILES --line-length 99
 ${PREFIX}black $SOURCE_FILES --check --diff --check --line-length 99
 ${PREFIX}isort $SOURCE_FILES --check --diff --project=esmerald_simple_jwt --line-length 99

scripts/lint

@@ -10,7 +10,7 @@ fi
 export SOURCE_FILES="esmerald_simple_jwt tests"
 set -x
 
-${PREFIX}ruff $SOURCE_FILES --fix --line-length 99
+${PREFIX}ruff check $SOURCE_FILES --fix --line-length 99
 ${PREFIX}black $SOURCE_FILES --line-length 99
 ${PREFIX}isort $SOURCE_FILES --project=esmerald_simple_jwt --line-length 99
 ${PREFIX}mypy esmerald_simple_jwt

tests/conftest.py

@@ -25,18 +25,19 @@ def app():
     return create_app()
 
 
-@pytest.fixture(autouse=True, scope="module")
+@pytest.fixture(autouse=True, scope="function")
 async def create_test_database():
     try:
-        await models.create_all()
-        yield
-        await models.drop_all()
+        async with database:
+            await models.create_all()
+            yield
+            if not database.drop:
+                await models.drop_all()
     except Exception:
         pytest.skip("No database available")
 
 
 @pytest.fixture(autouse=True)
 async def rollback_transactions():
-    with database.force_rollback():
-        async with database:
-            yield
+    async with models.database:
+        yield

tests/models.py

@@ -14,20 +14,3 @@ class User(AbstractUser):
 
     class Meta:
         registry = models
-
-
-@pytest.fixture(autouse=True, scope="module")
-async def create_test_database():
-    try:
-        await models.create_all()
-        yield
-        await models.drop_all()
-    except Exception:
-        pytest.skip("No database available")
-
-
-@pytest.fixture(autouse=True)
-async def rollback_transactions():
-    with database.force_rollback():
-        async with database:
-            yield