Update CI (#372)

.flake8

@@ -0,0 +1,25 @@
+[flake8]
+enable-extensions = G
+max-doc-length = 90
+max-line-length = 90
+select = A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,B901,B902,B903,B950
+# E226: Missing whitespace around arithmetic operators can help group things together.
+# E501: Superseeded by B950 (from Bugbear)
+# E722: Superseeded by B001 (from Bugbear)
+# W503: Mutually exclusive with W504.
+ignore = E226,E501,E722,W503
+per-file-ignores =
+    # S101: Pytest uses assert
+    tests/*:S101
+    # I900: Don't need demo requirements to be installed
+    demo/*:I900
+
+# flake8-import-order
+application-import-names = aiohttp_security
+import-order-style = pycharm
+
+# flake8-quotes
+inline-quotes = "
+
+# flake8-requirements
+requirements-file = requirements-dev.txt

.github/workflows/ci.yaml

@@ -0,0 +1,119 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - master
+      - '[0-9].[0-9]+'
+    tags: [ 'v*' ]
+  pull_request:
+    branches:
+      - master
+      - '[0-9].[0-9]+'
+
+jobs:
+  lint:
+    name: Linter
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Setup Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: 3.9
+        cache: 'pip'
+        cache-dependency-path: '**/requirements*.txt'
+    - name: Install dependencies
+      uses: py-actions/py-dependency-install@v3
+      with:
+        path: requirements-dev.txt
+    - name: Install itself
+      run: |
+        pip install .
+    - name: Run linter
+      run: |
+        make lint
+    - name: Prepare twine checker
+      run: |
+        pip install -U build twine wheel
+        python -m build
+    - name: Run twine checker
+      run: |
+        twine check dist/*
+
+  test:
+    name: Tests
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        pyver: ['3.7', '3.8', '3.9', '3.10']
+        include:
+          - pyver: pypy-3.8
+    timeout-minutes: 15
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v4
+      with:
+        python-version: ${{ matrix.pyver }}
+        cache: 'pip'
+        cache-dependency-path: '**/requirements*.txt'
+    - name: Install dependencies
+      uses: py-actions/py-dependency-install@v3
+      with:
+        path: requirements-dev.txt
+    - name: Run unittests
+      env:
+        COLOR: 'yes'
+      run: |
+        pytest tests --cov-report xml
+        python -m coverage xml
+    - name: Upload coverage
+      uses: codecov/codecov-action@v1
+      with:
+        file: ./coverage.xml
+        flags: unit
+        fail_ci_if_error: false
+
+  check:  # This job does nothing and is only used for the branch protection
+    if: always()
+
+    needs: [lint, test]
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Decide whether the needed jobs succeeded or failed
+      uses: re-actors/alls-green@release/v1
+      with:
+        jobs: ${{ toJSON(needs) }}
+
+  deploy:
+    name: Deploy
+    environment: release
+    if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
+    needs: [check]
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Update pip, wheel, setuptools, build, twine
+      run: |
+        python -m pip install -U pip wheel setuptools build twine
+    - name: Build dists
+      run: |
+        python -m build
+    - name: Make Release
+      uses: aio-libs/create-release@v1
+      with:
+        changes_file: CHANGES.txt
+        name: aiohttp-security
+        version_file: aiohttp_security/__init__.py
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        pypi_token: ${{ secrets.PYPI_API_TOKEN }}
+        dist_dir: dist
+        fix_issue_regex: "`#(\\d+) <https://github.com/aio-libs/aiohttp-security/issues/\\1>`"
+        fix_issue_repl: "(#\\1)"

Makefile

@@ -1,17 +1,16 @@
 # Some simple testing tasks (sorry, UNIX only).
 
-flake:
-	flake8 aiohttp_security tests 
-
+lint:
+	flake8
 
 test: flake
-	py.test -s -q ./tests/
+	pytest -s -q ./tests/
 
 vtest: flake
-	py.test -s ./tests/
+	pytest -s ./tests/
 
 cov cover coverage: flake
-	py.test -s ./tests/ --cov=aiohttp_security --cov=tests --cov-report=html --cov-report=term
+	pytest -s ./tests/ --cov-report=term
 	@echo "open file://`pwd`/coverage/index.html"
 
 clean:

aiohttp_security/__init__.py

@@ -1,10 +1,9 @@
 from .abc import AbstractAuthorizationPolicy, AbstractIdentityPolicy
-from .api import (authorized_userid, forget, has_permission,
-                  is_anonymous, login_required, permits, remember,
-                  setup, check_authorized, check_permission)
+from .api import (authorized_userid, check_authorized, check_permission, forget, has_permission,
+                  is_anonymous, login_required, permits, remember, setup)
 from .cookies_identity import CookiesIdentityPolicy
-from .session_identity import SessionIdentityPolicy
 from .jwt_identity import JWTIdentityPolicy
+from .session_identity import SessionIdentityPolicy
 
 __version__ = '0.4.0'
 

aiohttp_security/api.py

@@ -1,10 +1,11 @@
 import enum
 import warnings
-from aiohttp import web
-from aiohttp_security.abc import (AbstractIdentityPolicy,
-                                  AbstractAuthorizationPolicy)
 from functools import wraps
 
+from aiohttp import web
+
+from aiohttp_security.abc import AbstractAuthorizationPolicy, AbstractIdentityPolicy
+
 IDENTITY_KEY = 'aiohttp_security_identity_policy'
 AUTZ_KEY = 'aiohttp_security_autz_policy'
 
@@ -17,8 +18,8 @@ async def remember(request, response, identity, **kwargs):
     Usually the identity is stored in user cookies somehow but may be
     pushed into custom header also.
     """
-    assert isinstance(identity, str), identity
-    assert identity
+    if not identity or not isinstance(identity, str):
+        raise ValueError("Identity should be a str value.")
     identity_policy = request.config_dict.get(IDENTITY_KEY)
     if identity_policy is None:
         text = ("Security subsystem is not initialized, "
@@ -60,8 +61,8 @@ async def authorized_userid(request):
 
 
 async def permits(request, permission, context=None):
-    assert isinstance(permission, (str, enum.Enum)), permission
-    assert permission
+    if not permission or not isinstance(permission, (str, enum.Enum)):
+        raise ValueError("Permission should be a str or enum value.")
     identity_policy = request.config_dict.get(IDENTITY_KEY)
     autz_policy = request.config_dict.get(AUTZ_KEY)
     if identity_policy is None or autz_policy is None:
@@ -167,8 +168,10 @@ async def wrapped(*args, **kwargs):
 
 
 def setup(app, identity_policy, autz_policy):
-    assert isinstance(identity_policy, AbstractIdentityPolicy), identity_policy
-    assert isinstance(autz_policy, AbstractAuthorizationPolicy), autz_policy
+    if not isinstance(identity_policy, AbstractIdentityPolicy):
+        raise ValueError("Identity policy is not subclass of AbstractIdentityPolicy")
+    if not isinstance(autz_policy, AbstractAuthorizationPolicy):
+        raise ValueError("Authentication policy is not subclass of AbstractAuthorizationPolicy")
 
     app[IDENTITY_KEY] = identity_policy
     app[AUTZ_KEY] = autz_policy

aiohttp_security/jwt_identity.py

@@ -28,8 +28,7 @@ async def identify(self, request):
             return
 
         if not header_identity.startswith(AUTH_SCHEME):
-            raise ValueError('Invalid authorization scheme. ' +
-                             'Should be `Bearer <token>`')
+            raise ValueError("Invalid authorization scheme. Should be `Bearer <token>`")
 
         token = header_identity.split(' ')[1].strip()
 

demo/database_auth/db_auth.py

@@ -1,8 +1,7 @@
 import sqlalchemy as sa
-
-from aiohttp_security.abc import AbstractAuthorizationPolicy
 from passlib.hash import sha256_crypt
 
+from aiohttp_security.abc import AbstractAuthorizationPolicy
 from . import db
 
 

demo/database_auth/handlers.py

@@ -2,11 +2,8 @@
 
 from aiohttp import web
 
-from aiohttp_security import (
-    remember, forget, authorized_userid,
-    check_permission, check_authorized,
-)
-
+from aiohttp_security import (authorized_userid, check_authorized, check_permission, forget,
+                              remember)
 from .db_auth import check_credentials
 
 

demo/database_auth/main.py

@@ -3,22 +3,20 @@
 from aiohttp import web
 from aiohttp_session import setup as setup_session
 from aiohttp_session.redis_storage import RedisStorage
-from aiohttp_security import setup as setup_security
-from aiohttp_security import SessionIdentityPolicy
 from aiopg.sa import create_engine
 from aioredis import create_pool
 
-
-from demo.database_auth.db_auth import DBAuthorizationPolicy
-from demo.database_auth.handlers import Web
+from aiohttp_security import SessionIdentityPolicy
+from aiohttp_security import setup as setup_security
+from .db_auth import DBAuthorizationPolicy
+from .handlers import Web
 
 
 async def init(loop):
     redis_pool = await create_pool(('localhost', 6379))
-    db_engine = await create_engine(user='aiohttp_security',
-                                    password='aiohttp_security',
-                                    database='aiohttp_security',
-                                    host='127.0.0.1')
+    db_engine = await create_engine(  # noqa: S106
+        user="aiohttp_security", password="aiohttp_security",
+        database="aiohttp_security", host="127.0.0.1")
     app = web.Application()
     app.db_engine = db_engine
     setup_session(app, RedisStorage(redis_pool))

demo/dictionary_auth/handlers.py

@@ -2,11 +2,8 @@
 
 from aiohttp import web
 
-from aiohttp_security import (
-    remember, forget, authorized_userid,
-    check_permission, check_authorized,
-)
-
+from aiohttp_security import (authorized_userid, check_authorized, check_permission, forget,
+                              remember)
 from .authz import check_credentials
 
 

demo/dictionary_auth/main.py

@@ -1,14 +1,15 @@
 import base64
-from cryptography import fernet
+
 from aiohttp import web
 from aiohttp_session import setup as setup_session
 from aiohttp_session.cookie_storage import EncryptedCookieStorage
-from aiohttp_security import setup as setup_security
-from aiohttp_security import SessionIdentityPolicy
+from cryptography import fernet
 
-from demo.dictionary_auth.authz import DictionaryAuthorizationPolicy
-from demo.dictionary_auth.handlers import configure_handlers
-from demo.dictionary_auth.users import user_map
+from aiohttp_security import SessionIdentityPolicy
+from aiohttp_security import setup as setup_security
+from .authz import DictionaryAuthorizationPolicy
+from .handlers import configure_handlers
+from .users import user_map
 
 
 def make_app():