Added unit tests and updated requirements and docs

Author: michaels0m

CHANGELOG.md

@@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [Unreleased]
 ### Changed
 - Uses flask `before_request` to protect all endpoints rather than protecting routes present at instantiation time
+- Allows user to use user-defined authorization python function instead of a dictionary/list of usernames and passwords
 
 ## [2.0.0] - 2023-03-10
 ### Removed

README.md

@@ -41,3 +41,20 @@ USER_PWD = {
 }
 BasicAuth(app, USER_PWD)
 ```
+
+One can also use an authorization python function instead of a dictionary/list of usernames and passwords:
+
+```python
+from dash import Dash
+from dash_auth import BasicAuth
+
+def authorization_function(username, password):
+    if (username == "hello") and (password == "world"):
+        return True
+    else:
+        return False
+
+
+app = Dash(__name__)
+BasicAuth(app, auth_func = authorization_function)
+```

dev-requirements.txt

@@ -2,3 +2,4 @@ dash[testing]>=2
 requests[security]
 flake8
 flask
+pytest

tests/test_basic_auth_integration_auth_func.py

@@ -0,0 +1,91 @@
+from dash import Dash, Input, Output, dcc, html
+import requests
+import pytest
+
+from dash_auth import basic_auth
+
+TEST_USERS = {
+    "valid": [
+        ["hello", "world"],
+        ["hello2", "wo:rld"]
+    ],
+    "invalid": [
+        ["hello", "password"]
+    ],
+}
+
+
+# Test using auth_func instead of TEST_USERS directly
+def auth_function(username, password):
+    if [username, password] in TEST_USERS["valid"]:
+        return True
+    else:
+        return False
+
+
+def test_ba002_basic_auth_login_flow(dash_br, dash_thread_server):
+    app = Dash(__name__)
+    app.layout = html.Div([
+        dcc.Input(id="input", value="initial value"),
+        html.Div(id="output")
+    ])
+
+    @app.callback(Output("output", "children"), Input("input", "value"))
+    def update_output(new_value):
+        return new_value
+
+    basic_auth.BasicAuth(app, auth_func=auth_function)
+
+    dash_thread_server(app)
+    base_url = dash_thread_server.url
+
+    def test_failed_views(url):
+        assert requests.get(url).status_code == 401
+        assert requests.get(url.strip("/") + "/_dash-layout").status_code == 401
+
+    test_failed_views(base_url)
+
+    for user, password in TEST_USERS["invalid"]:
+        test_failed_views(base_url.replace("//", f"//{user}:{password}@"))
+
+    # Test login for each user:
+    for user, password in TEST_USERS["valid"]:
+        # login using the URL instead of the alert popup
+        # selenium has no way of accessing the alert popup
+        dash_br.driver.get(base_url.replace("//", f"//{user}:{password}@"))
+
+        # the username:password@host url doesn"t work right now for dash
+        # routes, but it saves the credentials as part of the browser.
+        # visiting the page again will use the saved credentials
+        dash_br.driver.get(base_url)
+        dash_br.wait_for_text_to_equal("#output", "initial value")
+
+
+# Test incorrect initialization of BasicAuth
+def both_dict_and_func(dash_br, dash_thread_server):
+    app = Dash(__name__)
+    app.layout = html.Div([
+        dcc.Input(id="input", value="initial value"),
+        html.Div(id="output")
+    ])
+
+    basic_auth.BasicAuth(app, TEST_USERS["valid"], auth_func=auth_function)
+    return True
+
+
+def both_no_auth_func_or_dict(dash_br, dash_thread_server):
+    app = Dash(__name__)
+    app.layout = html.Div([
+        dcc.Input(id="input", value="initial value"),
+        html.Div(id="output")
+    ])
+    basic_auth.BasicAuth(app)
+    return True
+
+
+def test_ba003_basic_auth_login_flow(dash_br, dash_thread_server):
+    with pytest.raises(ValueError):
+        both_dict_and_func(dash_br, dash_thread_server)
+    with pytest.raises(ValueError):
+        both_no_auth_func_or_dict(dash_br, dash_thread_server)
+    return