Improve webauthn docs, prep for 5.4.4, fix mypy (#971)

update to codecov v4 and grab secret upload token - this should improve failures due to rate limiting.
pallets-eco · May 1, 2024 · 362ec76 · 362ec76
1 parent e816489
commit 362ec76
Show file tree

Hide file tree

Showing 11 changed files with 32 additions and 17 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -96,10 +96,11 @@ jobs:
             pip install tox coverage
             tox -e coverage
         - name: Upload coverage to Codecov
-          uses: codecov/codecov-action@v3
+          uses: codecov/codecov-action@v4
           with:
             fail_ci_if_error: false
             verbose: true
+            token: ${{ secrets.CODECOV_TOKEN }}
   realdb:
       runs-on: ubuntu-latest
 

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -4,7 +4,7 @@ default_language_version:
     python: python3.11
 repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v4.6.0
     hooks:
     -   id: trailing-whitespace
     -   id: end-of-file-fixer
@@ -14,12 +14,12 @@ repos:
     -   id: check-merge-conflict
     -   id: fix-byte-order-marker
 -   repo: https://github.com/asottile/pyupgrade
-    rev: v3.15.1
+    rev: v3.15.2
     hooks:
     -   id: pyupgrade
         args: [--py38-plus]
 -   repo: https://github.com/psf/black
-    rev: 24.3.0
+    rev: 24.4.2
     hooks:
     -   id: black
 -   repo: https://github.com/pycqa/flake8

diff --git a/docs/models.rst b/docs/models.rst
@@ -141,6 +141,8 @@ that are then assigned to users, the ``Role`` model requires:
 
 * ``permissions`` (list of UnicodeText, nullable)
 
+.. _webauthn_model:
+
 WebAuthn
 ^^^^^^^^
 Flask Security can act as a WebAuthn Relying Party by enabling

diff --git a/docs/webauthn.rst b/docs/webauthn.rst
@@ -16,6 +16,15 @@ and something you are (think a mobile device with face-Id). Flask-Security suppo
 
 .. _W3C standard: https://www.w3.org/TR/webauthn-2/
 
+Getting Started
++++++++++++++++
+To add WebAuthn support to your application you will need:
+
+    - Install the `webauthn`_ package (the Flask-Security pip 'extra' [mfa] will do this).
+    - Add/modify your DB models as described :ref:`here <webauthn_model>`.
+
+.. _webauthn: https://pypi.org/project/webauthn/
+
 Key Concepts
 +++++++++++++
 

diff --git a/flask_security/__init__.py b/flask_security/__init__.py
@@ -136,4 +136,4 @@
 )
 from .webauthn_util import WebauthnUtil
 
-__version__ = "5.4.3"
+__version__ = "5.4.4"
diff --git a/flask_security/changeable.py b/flask_security/changeable.py
@@ -68,7 +68,7 @@ def change_user_password(
         send_password_changed_notice(user)
     password_changed.send(
         current_app._get_current_object(),  # type: ignore
-        _async_wrapper=current_app.ensure_sync,
+        _async_wrapper=current_app.ensure_sync,  # type: ignore[arg-type]
         user=user,
     )
 

diff --git a/flask_security/registerable.py b/flask_security/registerable.py
@@ -133,7 +133,7 @@ def register_existing(form: ConfirmRegisterForm) -> bool:
     if form.existing_email_user:
         user_not_registered.send(
             current_app._get_current_object(),  # type: ignore
-            _async_wrapper=current_app.ensure_sync,
+            _async_wrapper=current_app.ensure_sync,  # type: ignore[arg-type]
             user=form.existing_email_user,
             existing_email=True,
             existing_username=form.existing_username_user is not None,
@@ -158,7 +158,7 @@ def register_existing(form: ConfirmRegisterForm) -> bool:
         # to enumerate usernames (slowly).
         user_not_registered.send(
             current_app._get_current_object(),  # type: ignore[attr-defined]
-            _async_wrapper=current_app.ensure_sync,
+            _async_wrapper=current_app.ensure_sync,  # type: ignore[arg-type]
             user=None,
             existing_email=False,
             existing_username=True,

diff --git a/flask_security/unified_signin.py b/flask_security/unified_signin.py
@@ -829,7 +829,7 @@ def us_setup() -> ResponseValue:
             form.delete_method.data = None
             us_profile_changed.send(
                 current_app._get_current_object(),  # type: ignore
-                _async_wrapper=current_app.ensure_sync,
+                _async_wrapper=current_app.ensure_sync,  # type: ignore[arg-type]
                 user=current_user,
                 methods=delete_method,
                 delete=True,
@@ -982,7 +982,7 @@ def us_setup_validate(token: str) -> ResponseValue:
 
         us_profile_changed.send(
             current_app._get_current_object(),  # type: ignore
-            _async_wrapper=current_app.ensure_sync,
+            _async_wrapper=current_app.ensure_sync,  # type: ignore[arg-type]
             user=current_user,
             methods=[method],
             delete=False,

diff --git a/flask_security/utils.py b/flask_security/utils.py
@@ -25,6 +25,7 @@
 import warnings
 
 from flask import (
+    Response,
     after_this_request,
     current_app,
     flash,
@@ -50,7 +51,7 @@
 from .signals import user_authenticated
 
 if t.TYPE_CHECKING:  # pragma: no cover
-    from flask import Flask, Response
+    from flask import Flask
     from flask.typing import ResponseValue
     from .datastore import User
 
@@ -205,13 +206,13 @@ def login_user(
 
     identity_changed.send(
         current_app._get_current_object(),  # type: ignore[attr-defined]
-        _async_wrapper=current_app.ensure_sync,
+        _async_wrapper=current_app.ensure_sync,  # type: ignore[arg-type]
         identity=Identity(user.fs_uniquifier),
     )
 
     user_authenticated.send(
         current_app._get_current_object(),  # type: ignore[attr-defined]
-        _async_wrapper=current_app.ensure_sync,
+        _async_wrapper=current_app.ensure_sync,  # type: ignore[arg-type]
         user=user,
         authn_via=authn_via,
     )

diff --git a/flask_security/webauthn.py b/flask_security/webauthn.py
@@ -549,7 +549,7 @@ def webauthn_register_response(token: str) -> ResponseValue:
         )
         wan_registered.send(
             current_app._get_current_object(),  # type: ignore
-            _async_wrapper=current_app.ensure_sync,
+            _async_wrapper=current_app.ensure_sync,  # type: ignore[arg-type]
             user=current_user,
             name=state["name"],
         )
@@ -598,7 +598,9 @@ def _signin_common(user: User | None, usage: list[str]) -> tuple[t.Any, str]:
     }
 
     o_json = json.loads(webauthn.options_to_json(options))
-    state_token = t.cast(str, _security.wan_serializer.dumps(state))
+    state_token = t.cast(  # type: ignore[redundant-cast]
+        str, _security.wan_serializer.dumps(state)
+    )
     return o_json, state_token
 
 
@@ -767,7 +769,7 @@ def webauthn_delete() -> ResponseValue:
 
         wan_deleted.send(
             current_app._get_current_object(),  # type: ignore
-            _async_wrapper=current_app.ensure_sync,
+            _async_wrapper=current_app.ensure_sync,  # type: ignore[arg-type]
             user=current_user,
             name=cred.name,
         )

diff --git a/tox.ini b/tox.ini
@@ -153,7 +153,7 @@ deps =
     jinja2
 skip_install = true
 commands =
-    pybabel extract --version 5.4.3 --keyword=_fsdomain --project=Flask-Security \
+    pybabel extract --version 5.4.4 --keyword=_fsdomain --project=Flask-Security \
         -o flask_security/translations/flask_security.pot \
         --msgid-bugs-address[email protected] --mapping-file=babel.ini \
         --add-comments=NOTE flask_security