feat: tomasvotava 186 insecure race conditions

.gitignore

@@ -1,3 +1,8 @@
+# We need requirements.txt for tox, but it may not be updated properly, so let's keep it all in pyproject.toml
+requirements.txt
+
+.python-version
+
 .vscode/
 main.py
 

CONTRIBUTING.md

@@ -90,12 +90,6 @@ Run the tests by calling:
 poe test
 ```
 
-Or using `tox`:
-
-```console
-tox
-```
-
 ## Documentation
 
 Please try to provide documentation for your code. I use `mkdocs` to generate the documentation.

docs/how-to-guides/additional-query-params.md

@@ -11,15 +11,15 @@ E.g. sometimes you want to specify `access_type=offline` or `prompt=consent` in
 
 @app.get("/google/login")
 async def google_login(request: Request):
-    with google_sso:
+    async with google_sso:
         return await google_sso.get_login_redirect(
             redirect_uri=request.url_for("google_callback"),
             params={"prompt": "consent", "access_type": "offline"}
             )
 
 @app.get("/google/callback")
 async def google_callback(request: Request):
-    with google_sso:
+    async with google_sso:
         user = await google_sso.verify_and_process(request)
     # you may now use google_sso.refresh_token to refresh the access token
 ```

docs/how-to-guides/additional-scopes.md

@@ -14,12 +14,12 @@ sso = GoogleSSO(client_id="client-id", client_secret="client-secret", scope=["op
 
 @app.get("/google/login")
 async def google_login():
-    with sso:
+    async with sso:
         return await sso.get_login_redirect(redirect_uri=request.url_for("google_callback"))
 
 @app.get("/google/callback")
 async def google_callback(request: Request):
-    with sso:
+    async with sso:
         await sso.verify_and_process(request)
     # you may now use sso.access_token to access user's Google calendar
     async with httpx.AsyncClient() as client:

docs/how-to-guides/redirect-uri-request-time.md

@@ -11,7 +11,7 @@ google_sso = GoogleSSO("my-client-id", "my-client-secret")
 @app.get("/google/login")
 async def google_login(request: Request):
     """Dynamically generate login url and return redirect"""
-    with google_sso:
+    async with google_sso:
         return await google_sso.get_login_redirect(redirect_uri=request.url_for("google_callback"))
 
 @app.get("/google/callback")

docs/how-to-guides/state-return-url.md

@@ -15,12 +15,12 @@ google_sso = GoogleSSO("client-id", "client-secret")
 
 # E.g. https://example.com/auth/login?return_url=https://example.com/welcome
 async def google_login(return_url: str):
-    with google_sso:
+    async with google_sso:
         # Send return_url to Google as a state so that Google knows to return it back to us
         return await google_sso.get_login_redirect(redirect_uri=request.url_for("google_callback"), state=return_url)
 
 async def google_callback(request: Request):
-    with google_sso:
+    async with google_sso:
         user = await google_sso.verify_and_process(request)
         # google_sso.state now holds your return_url (https://example.com/welcome)
         return RedirectResponse(google_sso.state)

docs/how-to-guides/use-with-fastapi-security.md

@@ -71,7 +71,7 @@ async def protected_endpoint(user: OpenID = Depends(get_logged_user)):
 @app.get("/auth/login")
 async def login():
     """Redirect the user to the Google login page."""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect()
 
 
@@ -86,7 +86,7 @@ async def logout():
 @app.get("/auth/callback")
 async def login_callback(request: Request):
     """Process login and redirect the user to the protected endpoint."""
-    with sso:
+    async with sso:
         openid = await sso.verify_and_process(request)
         if not openid:
             raise HTTPException(status_code=401, detail="Authentication failed")

docs/tutorials.md

@@ -26,12 +26,12 @@ google_sso = GoogleSSO(CLIENT_ID, CLIENT_SECRET, "http://localhost:3000/google/c
 
 @app.get("/google/login")
 async def google_login():
-    with google_sso:
+    async with google_sso:
         return await google_sso.get_login_redirect()
 
 @app.get("/google/callback")
 async def google_callback(request: Request):
-    with google_sso:
+    async with google_sso:
         user = await google_sso.verify_and_process(request)
     return user
 ```

examples/facebook.py

@@ -23,14 +23,14 @@
 @get("/auth/login")
 async def auth_init():
     """Initialize auth and redirect"""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect(params={"prompt": "consent", "access_type": "offline"})
 
 
 @get("/auth/callback")
 async def auth_callback(request: Request):
     """Verify login"""
-    with sso:
+    async with sso:
         user = await sso.verify_and_process(request)
     return user
 

examples/fitbit.py

@@ -23,14 +23,14 @@
 @get("/auth/login")
 async def auth_init():
     """Initialize auth and redirect"""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect()
 
 
 @get("/auth/callback")
 async def auth_callback(request: Request):
     """Verify login"""
-    with sso:
+    async with sso:
         return await sso.verify_and_process(request)
 
 

examples/generic.py

@@ -47,14 +47,14 @@ def convert_openid(response: Dict[str, Any], _client: Union[AsyncClient, None])
 @get("/login")
 async def sso_login():
     """Generate login url and redirect"""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect()
 
 
 @get("/callback")
 async def sso_callback(request: Request):
     """Process login response from OIDC and return user info"""
-    with sso:
+    async with sso:
         user = await sso.verify_and_process(request)
     if user is None:
         raise HTTPException(401, "Failed to fetch user information")

examples/github.py

@@ -23,14 +23,14 @@
 @get("/auth/login")
 async def auth_init():
     """Initialize auth and redirect"""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect()
 
 
 @get("/auth/callback")
 async def auth_callback(request: Request):
     """Verify login"""
-    with sso:
+    async with sso:
         user = await sso.verify_and_process(request)
         return user
 

examples/gitlab.py

@@ -25,14 +25,14 @@
 @get("/auth/login")
 async def auth_init():
     """Initialize auth and redirect"""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect()
 
 
 @get("/auth/callback")
 async def auth_callback(request: Request):
     """Verify login"""
-    with sso:
+    async with sso:
         user = await sso.verify_and_process(request)
         return user
 

examples/google.py

@@ -23,14 +23,14 @@
 @get("/auth/login")
 async def auth_init():
     """Initialize auth and redirect"""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect(params={"prompt": "consent", "access_type": "offline"})
 
 
 @get("/auth/callback")
 async def auth_callback(request: Request):
     """Verify login"""
-    with sso:
+    async with sso:
         user = await sso.verify_and_process(request)
     return user
 

examples/kakao.py

@@ -23,14 +23,14 @@
 @get("/auth/login")
 async def auth_init():
     """Initialize auth and redirect"""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect()
 
 
 @get("/auth/callback")
 async def auth_callback(request: Request):
     """Verify login"""
-    with sso:
+    async with sso:
         return await sso.verify_and_process(request, params={"client_secret": CLIENT_SECRET})
 
 

examples/line.py

@@ -23,14 +23,14 @@
 @get("/auth/login")
 async def auth_init():
     """Initialize auth and redirect"""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect(state="randomstate")
 
 
 @get("/auth/callback")
 async def auth_callback(request: Request):
     """Verify login"""
-    with sso:
+    async with sso:
         user = await sso.verify_and_process(request)
     return user
 

examples/linkedin.py

@@ -23,14 +23,14 @@
 @get("/auth/login")
 async def auth_init():
     """Initialize auth and redirect"""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect()
 
 
 @get("/auth/callback")
 async def auth_callback(request: Request):
     """Verify login"""
-    with sso:
+    async with sso:
         user = await sso.verify_and_process(request)
         return user
 

examples/microsoft.py

@@ -25,14 +25,14 @@
 @get("/auth/login")
 async def auth_init():
     """Initialize auth and redirect"""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect()
 
 
 @get("/auth/callback")
 async def auth_callback(request: Request):
     """Verify login"""
-    with sso:
+    async with sso:
         return await sso.verify_and_process(request)
 
 

examples/naver.py

@@ -23,14 +23,14 @@
 @get("/auth/login")
 async def auth_init():
     """Initialize auth and redirect"""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect()
 
 
 @get("/auth/callback")
 async def auth_callback(request: Request):
     """Verify login"""
-    with sso:
+    async with sso:
         return await sso.verify_and_process(request, params={"client_secret": CLIENT_SECRET})
 
 

examples/notion.py

@@ -23,14 +23,14 @@
 @get("/oauth2/login")
 async def auth_init():
     """Initialize auth and redirect"""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect()
 
 
 @get("/oauth2/callback")
 async def auth_callback(request: Request):
     """Verify login"""
-    with sso:
+    async with sso:
         user = await sso.verify_and_process(request)
         return user
 

examples/twitter.py

@@ -23,14 +23,14 @@
 @get("/auth/login")
 async def auth_init():
     """Initialize auth and redirect"""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect()
 
 
 @get("/auth/callback")
 async def auth_callback(request: Request):
     """Verify login"""
-    with sso:
+    async with sso:
         user = await sso.verify_and_process(request)
         return user
 

examples/yandex.py

@@ -23,14 +23,14 @@
 @get("/auth/login")
 async def auth_init():
     """Initialize auth and redirect"""
-    with sso:
+    async with sso:
         return await sso.get_login_redirect()
 
 
 @get("/auth/callback")
 async def auth_callback(request: Request):
     """Verify login"""
-    with sso:
+    async with sso:
         user = await sso.verify_and_process(request)
         return user