π Enhance CSRF token error handling and simplify token location#779
Merged
π Enhance CSRF token error handling and simplify token location#779
Conversation
- Removed unused flake8-pyi error codes from the ignore list in `pyproject.toml`. - Changed `log_cli` value from string to boolean in `pytest` configuration. - Added resolution markers for Python version compatibility in `uv.lock`. - Introduced new packages `async-asgi-testclient` and `async-timeout` with their respective versions and dependencies. - Updated `authx` version from 1.4.1 to 1.4.3 in `uv.lock`. - Expanded dev-dependencies and extra dependencies for improved development tooling. - Updated `pytz` version constraint in `uv.lock` to allow for future updates.
β¦guration - Improved the error message for missing CSRF tokens to provide clearer guidance on expected headers and cookie settings. - Simplified the logic for determining token locations by directly using the configured JWT token locations.
β¦ss token validation - Introduced a new test to verify that refresh tokens can be correctly retrieved from headers when configured, addressing a previous issue with token location settings. - Enhanced existing tests to ensure proper validation of access and refresh tokens from headers, ensuring consistent behavior across token types.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Codecov Reportβ
All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #779 +/- ##
==========================================
- Coverage 96.66% 96.65% -0.01%
==========================================
Files 15 15
Lines 779 778 -1
Branches 76 76
==========================================
- Hits 753 752 -1
Misses 20 20
Partials 6 6 β View full report in Codecov by Sentry. π New features to boost your workflow:
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #572
Note
authx/core.pynow raises a detailedMissingCSRFTokenErrorexplaining expected header (<...CSRF_HEADER_NAME>), cookie setup viaset_*_cookies, and how to disable CSRF (JWT_COOKIE_CSRF_PROTECT=False).AuthX._get_token_from_requestinauthx/main.pynow usesconfig.JWT_TOKEN_LOCATIONas-is, enabling refresh-token retrieval fromheaderswhen configured._auth_requiredtests to validate header-based access/refresh flows.pyproject.tomlsetspytestlog_cli=trueand removes some lint rules.Written by Cursor Bugbot for commit 15a0c4d. This will update automatically on new commits. Configure here.