Creation & manipulation of PyPI tokens

Overview

PyPIToken: Manipulate PyPI API tokens

Deployed to PyPI Deployed to PyPI GitHub Repository Continuous Integration Documentation Coverage MIT License Contributor Covenant

PyPIToken is an open-source Python 3.6+ library for generating and manipulating PyPI tokens.

PyPI tokens are very powerful, as that they are based on Macaroons. They allow the bearer to add additional restrictions to an existing token. For example, given a PyPI token that can upload releases for any project of its owner, you can generate a token that will only allow some projects, or even a single one.

Here's an example:

$ pip install pypitoken
import pypitoken

token = pypitoken.Token.load("pypi-foobartoken")

print(token.restrictions)
# [NoopRestriction()]

token.restrict(projects=["requests"])

print(token.restrictions)
# [NoopRestriction(), ProjectsRestriction(projects=["requests"])]

token.dump()
# pypi-newfoobartoken

This token we've created above will be restricted to uploading releases of requests. Of course, your PyPI user will still need to have upload permissions on requests for this to happen.

The aim of this library is to provide a simple toolbelt for manipulating PyPI tokens. Ideally, someday, PyPI (Warehouse) itself may generate their tokens using this library too. This should make it easier to iterate on new kinds of restrictions for PyPI tokens, such as those discussed in the original implementation issue.

A discussion for integrating this library to the Warehouse environment is ongoing:

Where to go from here

The complete docs is probably the best place to learn about the project.

If you encounter a bug, or want to get in touch, you're always welcome to open a ticket.

Comments
  • Add DateRestrictions

    Add DateRestrictions

    Closes #92

    Hey @fschulze :) Do you think you could do a round of code review ? Also, I haven't taken the time to try the new macaroons against (Test)PyPI, so if you want to give it a try, feel free :) (you can generate an unscoped token on TestPyPI, then use this PR to create 2 tokens with time restrictions: one that includes now and one that excludes now. PyPI should let you upload with the first one and not with the 2nd one)

    Checklist:

    • [x] Tests
      • [ ] (not applicable?)
    • [x] Documentation
      • [ ] (not applicable?)
    opened by ewjoachim 5
  • Bump dunamai from 1.5.5 to 1.7.0

    Bump dunamai from 1.5.5 to 1.7.0

    Bumps dunamai from 1.5.5 to 1.7.0.

    Release notes

    Sourced from dunamai's releases.

    v1.7.0 (2021-10-31)

    • Broadened the default version tag pattern to allow more separator styles recognized in PEP 440 pre-normalized forms (-, ., and _).
    • Enhanced serialize_pep440() to normalize the alternative prerelease names (alpha -> a, beta -> b, c/pre/preview -> rc) and capitalizations (RC -> rc, etc).
    • Added a py.typed file for PEP-561. (Contributed by wwuck)
    • Replaced pkg_resources dependency with packaging and importlib_metadata. (Contributed by flying-sheep)
    • Added some missing public items to __all__.

    v1.6.0 (2021-08-09)

    • Fixed an oversight where the default version tag pattern would only find tags with exactly three parts in the base (e.g., v1.0.0 and v1.2.3). This is now relaxed so that v1, v1.2.3.4, and so on are also recognized.

      If you prefer the old default, you can pass a custom --pattern on the command line or a custom pattern to the Version.from_* methods. Specifically, the previous default used ^v(?P<base>\d+\.\d+\.\d+) instead of the new ^v(?P<base>\d+(\.\d+)*), but the rest of the pattern is the same in both defaults.

    • Added support for execution via python -m dunamai. (Contributed by jstriebel)

    Changelog

    Sourced from dunamai's changelog.

    v1.7.0 (2021-10-31)

    • Broadened the default version tag pattern to allow more separator styles recognized in PEP 440 pre-normalized forms (-, ., and _).
    • Enhanced serialize_pep440() to normalize the alternative prerelease names (alpha -> a, beta -> b, c/pre/preview -> rc) and capitalizations (RC -> rc, etc).
    • Added a py.typed file for PEP-561. (Contributed by wwuck)
    • Replaced pkg_resources dependency with packaging and importlib_metadata. (Contributed by flying-sheep)
    • Added some missing public items to __all__.

    v1.6.0 (2021-08-09)

    • Fixed an oversight where the default version tag pattern would only find tags with exactly three parts in the base (e.g., v1.0.0 and v1.2.3). This is now relaxed so that v1, v1.2.3.4, and so on are also recognized.
    • Added support for execution via python -m dunamai. (Contributed by jstriebel)
    Commits
    • 3e2173e Release v1.7.0
    • 0f8c364 Allow more separator styles in tags and normalize certain alternative stage n...
    • 6e4e290 Add workaround for Git 2.21.0 tests
    • be765c6 Fix pre-commit hook issue and newer Git compatibility in tests
    • 1c16f9b Merge pull request #29 from flying-sheep/no-pkg-resources
    • 7e0c312 Merge pull request #25 from wwuck/feature/pep561
    • 71dbec5 Apparently old pytest doesn’t support tool.pytest.ini_options
    • 9a8729d Switch to packaging and importlib_metadata
    • 19760aa Add py.typed file for PEP-561
    • 18dfa02 Release v1.6.0
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 4
  • Bump pytest-cov from 2.11.1 to 3.0.0

    Bump pytest-cov from 2.11.1 to 3.0.0

    Bumps pytest-cov from 2.11.1 to 3.0.0.

    Changelog

    Sourced from pytest-cov's changelog.

    3.0.0 (2021-10-04)

    Note that this release drops support for Python 2.7 and Python 3.5.

    • Added support for Python 3.10 and updated various test dependencies. Contributed by Hugo van Kemenade in [#500](https://github.com/pytest-dev/pytest-cov/issues/500) <https://github.com/pytest-dev/pytest-cov/pull/500>_.
    • Switched from Travis CI to GitHub Actions. Contributed by Hugo van Kemenade in [#494](https://github.com/pytest-dev/pytest-cov/issues/494) <https://github.com/pytest-dev/pytest-cov/pull/494>_ and [#495](https://github.com/pytest-dev/pytest-cov/issues/495) <https://github.com/pytest-dev/pytest-cov/pull/495>_.
    • Add a --cov-reset CLI option. Contributed by Danilo Šegan in [#459](https://github.com/pytest-dev/pytest-cov/issues/459) <https://github.com/pytest-dev/pytest-cov/pull/459>_.
    • Improved validation of --cov-fail-under CLI option. Contributed by ... Ronny Pfannschmidt's desire for skark in [#480](https://github.com/pytest-dev/pytest-cov/issues/480) <https://github.com/pytest-dev/pytest-cov/pull/480>_.
    • Dropped Python 2.7 support. Contributed by Thomas Grainger in [#488](https://github.com/pytest-dev/pytest-cov/issues/488) <https://github.com/pytest-dev/pytest-cov/pull/488>_.
    • Updated trove classifiers. Contributed by Michał Bielawski in [#481](https://github.com/pytest-dev/pytest-cov/issues/481) <https://github.com/pytest-dev/pytest-cov/pull/481>_.

    2.13.0 (2021-06-01)

    • Changed the toml requirement to be always be directly required (instead of being required through a coverage extra). This fixes issues with pip-compile (pip-tools#1300 <https://github.com/jazzband/pip-tools/issues/1300>). Contributed by Sorin Sbarnea in [#472](https://github.com/pytest-dev/pytest-cov/issues/472) <https://github.com/pytest-dev/pytest-cov/pull/472>.
    • Documented show_contexts. Contributed by Brian Rutledge in [#473](https://github.com/pytest-dev/pytest-cov/issues/473) <https://github.com/pytest-dev/pytest-cov/pull/473>_.

    2.12.1 (2021-06-01)

    • Changed the toml requirement to be always be directly required (instead of being required through a coverage extra). This fixes issues with pip-compile (pip-tools#1300 <https://github.com/jazzband/pip-tools/issues/1300>). Contributed by Sorin Sbarnea in [#472](https://github.com/pytest-dev/pytest-cov/issues/472) <https://github.com/pytest-dev/pytest-cov/pull/472>.
    • Documented show_contexts. Contributed by Brian Rutledge in [#473](https://github.com/pytest-dev/pytest-cov/issues/473) <https://github.com/pytest-dev/pytest-cov/pull/473>_.

    2.12.0 (2021-05-14)

    • Added coverage's toml extra to install requirements in setup.py. Contributed by Christian Riedel in [#410](https://github.com/pytest-dev/pytest-cov/issues/410) <https://github.com/pytest-dev/pytest-cov/pull/410>_.
    • Fixed pytest_cov.__version__ to have the right value (string with version instead of a string including __version__ =).

    ... (truncated)

    Commits
    • 560b955 Bump version: 2.12.1 → 3.0.0
    • e988a6c Update changelog.
    • f015932 Merge pull request #500 from hugovk/add-3.10
    • 60a3cc1 No need to build universal wheels for Python 3-only
    • 0bc997a Add support for Python 3.10
    • 679935b Merge pull request #494 from hugovk/test-on-github-actions
    • 96f9aad Add 'all good' job to be added as a required build
    • 6395ece Test conditional collection on PyPy and CPython
    • f4a88d6 Test both PyPy3.6 and PyPy3.7
    • a948e89 Test both PyPy3.6 and PyPy3.7
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 3
  • Handle new Caveat format

    Handle new Caveat format

    We introduced a new caveat format in https://github.com/pypi/warehouse/pull/11903, which currently pypitoken can't handle:

    >>> token.restrictions
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "/home/di/git/ewjoachim/pypitoken/pypitoken/token.py", line 671, in restrictions
        return [
      File "/home/di/git/ewjoachim/pypitoken/pypitoken/token.py", line 672, in <listcomp>
        Restriction.load_json(caveat=caveat.caveat_id)
      File "/home/di/git/ewjoachim/pypitoken/pypitoken/token.py", line 137, in load_json
        return cls.load(caveat=caveat_obj)
      File "/home/di/git/ewjoachim/pypitoken/pypitoken/token.py", line 118, in load
        raise exceptions.LoaderError(
    pypitoken.exceptions.LoaderError: Could not find matching Restriction for [4, '89e9fdb4-1a5f-49d4-8bc5-d5840a14a311']
    
    opened by di 2
  • Bump dunamai from 1.11.0 to 1.11.1

    Bump dunamai from 1.11.0 to 1.11.1

    Bumps dunamai from 1.11.0 to 1.11.1.

    Release notes

    Sourced from dunamai's releases.

    v1.11.1 (2022-04-05)

    • Fixed the --bump CLI option and the bump argument of Version.serialize bumping even on a commit with a version tag. Now, no bumping occurs on such a commit.
    Changelog

    Sourced from dunamai's changelog.

    v1.11.1 (2022-04-05)

    • Fixed the --bump CLI option and the bump argument of Version.serialize bumping even on a commit with a version tag. Now, no bumping occurs on such a commit.
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 2
  • Bump sphinx from 3.5.4 to 4.4.0

    Bump sphinx from 3.5.4 to 4.4.0

    Bumps sphinx from 3.5.4 to 4.4.0.

    Release notes

    Sourced from sphinx's releases.

    v4.4.0

    Changelog: https://www.sphinx-doc.org/en/master/changes.html

    v4.3.1

    No release notes provided.

    Changelog

    Sourced from sphinx's changelog.

    Release 4.4.0 (released Jan 17, 2022)

    Dependencies

    • #10007: Use importlib_metadata for python-3.9 or older
    • #10007: Drop setuptools

    Features added

    • #9075: autodoc: Add a config variable :confval:autodoc_typehints_format to suppress the leading module names of typehints of function signatures (ex. io.StringIO -> StringIO)
    • #9831: Autosummary now documents only the members specified in a module's __all__ attribute if :confval:autosummary_ignore_module_all is set to False. The default behaviour is unchanged. Autogen also now supports this behavior with the --respect-module-all switch.
    • #9555: autosummary: Improve error messages on failure to load target object
    • #9800: extlinks: Emit warning if a hardcoded link is replaceable by an extlink, suggesting a replacement.
    • #9961: html: Support nested HTML elements in other HTML builders
    • #10013: html: Allow to change the loading method of JS via loading_method parameter for :meth:Sphinx.add_js_file()
    • #9551: html search: "Hide Search Matches" link removes "highlight" parameter from URL
    • #9815: html theme: Wrap sidebar components in div to allow customizing their layout via CSS
    • #9827: i18n: Sort items in glossary by translated terms
    • #9899: py domain: Allows to specify cross-reference specifier (. and ~) as :type: option
    • #9894: linkcheck: add option linkcheck_exclude_documents to disable link checking in matched documents.
    • #9793: sphinx-build: Allow to use the parallel build feature in macOS on macOS and Python3.8+
    • #10055: sphinx-build: Create directories when -w option given
    • #9993: std domain: Allow to refer an inline target (ex. ``_target name```) via :rst:role:ref` role
    • #9981: std domain: Strip value part of the option directive from general index
    • #9391: texinfo: improve variable in samp role
    • #9578: texinfo: Add :confval:texinfo_cross_references to disable cross references for readability with standalone readers
    • #9822 (and #9062), add new Intersphinx role :rst:role:external for explict lookup in the external projects, without resolving to the local project.

    Bugs fixed

    • #9866: autodoc: doccomment for the imported class was ignored

    ... (truncated)

    Commits
    • 88f9647 Bump to 4.4.0 final
    • fc428ad Merge pull request #9822 from jakobandersen/intersphinx_role
    • 5d595ec intersphinx role, simplify role_name check
    • 6ee0ecb intersphinx role, simplify role name matching
    • 3bf8bcd intersphinx role, update docs
    • c11b109 intersphinx role: :external+inv:: instead of :external:inv+:
    • 9589a2b intersphinx role, remove redundant method
    • 941db55 intersphinx role, fix flake8 warnings
    • 9a3f2b8 intersphinx role, CHANGES
    • 540d760 intersphinx role, documentation
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 2
  • Bump jsonschema from 4.17.0 to 4.17.1

    Bump jsonschema from 4.17.0 to 4.17.1

    Bumps jsonschema from 4.17.0 to 4.17.1.

    Release notes

    Sourced from jsonschema's releases.

    v4.17.1

    Full Changelog: https://github.com/python-jsonschema/jsonschema/compare/v4.17.0...v4.17.1

    Changelog

    Sourced from jsonschema's changelog.

    v4.17.1

    • The error message when using unevaluatedProperties with a non-trivial schema value (i.e. something other than false) has been improved (#996).
    Commits
    • 46fdb98 v4.17.1 -> CHANGELOG
    • 000dd3d Remove making believe we are ReadTheDocs in CI builds.
    • 5563044 Skip the rest of the docs builds on Windows in CI.
    • 198d1af Run more things with 3.11 in CI.
    • da35584 Suppress epub warnings for duplicated ToC entries.
    • be86aad Temporarily evade wpilibsuite/sphinxext-opengraph#87
    • 9069484 Update docs requirements.
    • 4f8f346 Un-bundle single-vocabulary meta-schemas.
    • 7830605 Emit a better error message for unevaluatedProperties with a subschema.
    • 75903d8 Merge commit '62e69b2c3be9e30c50bea2e595eb2afcd13666ec'
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 1
  • Bump actions/cache from 2 to 3.0.1

    Bump actions/cache from 2 to 3.0.1

    Bumps actions/cache from 2 to 3.0.1.

    Release notes

    Sourced from actions/cache's releases.

    v3.0.1

    • Added support for caching from GHES 3.5.
    • Fixed download issue for files > 2GB during restore.

    v3.0.0

    • This change adds a minimum runner version(node12 -> node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via github connect or manually copying the repo to their GHES instance.

    • Few dependencies and cache action usage examples have also been updated.

    v2.1.7

    Support 10GB cache upload using the latest version 1.0.8 of @actions/cache

    v2.1.6

    • Catch unhandled "bad file descriptor" errors that sometimes occurs when the cache server returns non-successful response (actions/cache#596)

    v2.1.5

    • Fix permissions error seen when extracting caches with GNU tar that were previously created using BSD tar (actions/cache#527)

    v2.1.4

    • Make caching more verbose #650
    • Use GNU tar on macOS if available #701

    v2.1.3

    • Upgrades @actions/core to v1.2.6 for CVE-2020-15228. This action was not using the affected methods.
    • Fix error handling in uploadChunk where 400-level errors were not being detected and handled correctly

    v2.1.2

    • Adds input to limit the chunk upload size, useful for self-hosted runners with slower upload speeds
    • No-op when executing on GHES

    v2.1.1

    • Update @actions/cache package to v1.0.2 which allows cache action to use posix format when taring files.

    v2.1.0

    • Replaces the http-client with the Azure Storage SDK for NodeJS when downloading cache content from Azure. This should help improve download performance and reliability as the SDK downloads files in 4 MB chunks, which can be parallelized and retried independently
    • Display download progress and speed
    Changelog

    Sourced from actions/cache's changelog.

    3.0.1

    • Added support for caching from GHES 3.5.
    • Fixed download issue for files > 2GB during restore.
    Commits
    • 136d96b Enabling actions/cache for GHES based on presence of AC service (#774)
    • 7d4f40b Bumping up the version to fix download issue for files > 2 GB. (#775)
    • 2d8d0d1 Updated what's new. (#771)
    • 7799d86 Updated the usage and docs to the major version release. (#770)
    • 4b0cf6c Merge pull request #769 from actions/users/ashwinsangem/bump_major_version
    • 60c606a Update licensed files
    • b6e9a91 Revert "Updated to the latest version."
    • c842503 Updated to the latest version.
    • 2b7da2a Bumped up to a major version.
    • deae296 Merge pull request #651 from magnetikonline/fix-golang-windows-example
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies github_actions 
    opened by dependabot[bot] 1
  • Bump actions/cache from 2 to 3

    Bump actions/cache from 2 to 3

    Bumps actions/cache from 2 to 3.

    Release notes

    Sourced from actions/cache's releases.

    v3.0.0

    • This change adds a minimum runner version(node12 -> node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via github connect or manually copying the repo to their GHES instance.

    • Few dependencies and cache action usage examples have also been updated.

    v2.1.7

    Support 10GB cache upload using the latest version 1.0.8 of @actions/cache

    v2.1.6

    • Catch unhandled "bad file descriptor" errors that sometimes occurs when the cache server returns non-successful response (actions/cache#596)

    v2.1.5

    • Fix permissions error seen when extracting caches with GNU tar that were previously created using BSD tar (actions/cache#527)

    v2.1.4

    • Make caching more verbose #650
    • Use GNU tar on macOS if available #701

    v2.1.3

    • Upgrades @actions/core to v1.2.6 for CVE-2020-15228. This action was not using the affected methods.
    • Fix error handling in uploadChunk where 400-level errors were not being detected and handled correctly

    v2.1.2

    • Adds input to limit the chunk upload size, useful for self-hosted runners with slower upload speeds
    • No-op when executing on GHES

    v2.1.1

    • Update @actions/cache package to v1.0.2 which allows cache action to use posix format when taring files.

    v2.1.0

    • Replaces the http-client with the Azure Storage SDK for NodeJS when downloading cache content from Azure. This should help improve download performance and reliability as the SDK downloads files in 4 MB chunks, which can be parallelized and retried independently
    • Display download progress and speed
    Commits
    • 4b0cf6c Merge pull request #769 from actions/users/ashwinsangem/bump_major_version
    • 60c606a Update licensed files
    • b6e9a91 Revert "Updated to the latest version."
    • c842503 Updated to the latest version.
    • 2b7da2a Bumped up to a major version.
    • deae296 Merge pull request #651 from magnetikonline/fix-golang-windows-example
    • c7c46bc Merge pull request #707 from duxtland/main
    • 6535c5f Regenerated examples.md TOC
    • 3fdafa4 Update GitHub Actions status badge markdown in README.md
    • 341e6d7 Merge branch 'actions:main' into fix-golang-windows-example
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies github_actions 
    opened by dependabot[bot] 1
  • Bump sphinx-material from 0.0.32 to 0.0.35

    Bump sphinx-material from 0.0.32 to 0.0.35

    Bumps sphinx-material from 0.0.32 to 0.0.35.

    Release notes

    Sourced from sphinx-material's releases.

    Release 0.0.35

    Add option to not strip tables

    Release 0.0.34

    Fix for space in citation labels.

    Release 0.0.33

    This release contains a number of minor fixes.

    Commits
    • 6e0ef82 Merge pull request #120 from danwos/danwos_table_strip
    • 9c5df4a Theme option fo deactivating table handling
    • 8aba3ac Merge pull request #118 from bashtage/citation-fix
    • ff14603 ENH: Improve spacing around citations
    • f94eccf Merge pull request #117 from bashtage/doc-global-toc
    • c9506a9 DOC: Emphasize globaltoc
    • 5432f24 Merge pull request #116 from bashtage/role-search
    • fdf8810 ENH: Add support for RTD search
    • 7b15906 Merge pull request #115 from bashtage/generate-docs
    • edb47be MAINT: Enable doc generation
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 1
  • Bump sphinx from 3.5.4 to 4.3.0

    Bump sphinx from 3.5.4 to 4.3.0

    Bumps sphinx from 3.5.4 to 4.3.0.

    Changelog

    Sourced from sphinx's changelog.

    Release 4.3.0 (released Nov 11, 2021)

    Dependencies

    • Support Python 3.10

    Incompatible changes

    • #9649: searchindex.js: the embedded data has changed format to allow objects with the same name in different domains.
    • #9672: The rendering of Python domain declarations is implemented with more docutils nodes to allow better CSS styling. It may break existing styling.
    • #9672: the signature of :py:meth:domains.py.PyObject.get_signature_prefix has changed to return a list of nodes instead of a plain string.
    • #9695: domains.js.JSObject.display_prefix has been changed into a method get_display_prefix which now returns a list of nodes instead of a plain string.
    • #9695: The rendering of Javascript domain declarations is implemented with more docutils nodes to allow better CSS styling. It may break existing styling.
    • #9450: mathjax: Load MathJax via "defer" strategy

    Deprecated

    • sphinx.ext.autodoc.AttributeDocumenter._datadescriptor
    • sphinx.writers.html.HTMLTranslator._fieldlist_row_index
    • sphinx.writers.html.HTMLTranslator._table_row_index
    • sphinx.writers.html5.HTML5Translator._fieldlist_row_index
    • sphinx.writers.html5.HTML5Translator._table_row_index

    Features added

    • #9639: autodoc: Support asynchronous generator functions
    • #9664: autodoc: autodoc-process-bases supports to inject reST snippet as a base class
    • #9691: C, added new info-field retval for :rst:dir:c:function and :rst:dir:c:macro.
    • C++, added new info-field retval for :rst:dir:cpp:function.
    • #9618: i18n: Add :confval:gettext_allow_fuzzy_translations to allow "fuzzy" messages for translation
    • #9672: More CSS classes on Python domain descriptions
    • #9695: More CSS classes on Javascript domain descriptions
    • #9683: Revert the removal of add_stylesheet() API. It will be kept until

    ... (truncated)

    Commits
    • 3001cc9 Bump to 4.3.0 final
    • d321a97 Merge pull request #9837 from tk0miya/9833_RemovedInSphinx60Warning
    • 5339636 Fix the type of deprecation warning for get_signature_prefix (refs: #9833)
    • 5999cdb Merge pull request #9833 from jakobandersen/py_get_signature_prefix
    • 63bd4b8 Use warnings.warn and deprecation warning
    • 096e286 Merge pull request #9628 from tk0miya/9623_suppress_warnings_for_excluded_doc...
    • 1317eee Merge pull request #9828 from tk0miya/9618_gettext_allow_fuzzy_translations
    • 7357b17 Merge branch '4.x' into 9623_suppress_warnings_for_excluded_document_in_toctree
    • 22bec4f Fix #9623: Separate warning type 'toc.not_readable' to 'toc.excluded'
    • 563936b Merge pull request #9829 from tk0miya/9450_load_mathjax_as_defer
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 1
Releases(6.0.1)
  • 6.0.1(Nov 6, 2022)

  • 6.0.0(Nov 6, 2022)

    Breaking Changes !

    • Add new format for restrictions (#133) See https://pypitoken.readthedocs.io/en/latest/howto.html#version-6-x-upgrade for details on how to upgrade from a previous version.

    Other changes

    • Pre-commit (#97, #99, #104, #106, #109, #112, #118, #120, #121, #123, #125, #127, #131)
    • Dependabot (#96, #98, #100, #101, #102, #103, #105, #107, #108, #110, #111, #113, #114, #115, #116, #117, #119, #122, #124, #126, #128, #129, #130)
    Source code(tar.gz)
    Source code(zip)
  • 5.0.0(May 29, 2022)

  • 4.0.0(May 29, 2022)

    • Add DateRestrictions (#94)
    • Add black/isort/mypy in pypoetry, but ensure their versions are synchronized with pre-commit (#93)

    And

    • Dependencies auto-upgrade (#91, #89, #90, #86, #88, #83, #82, #81, #80, #79, #78, #77, #76, #75, #74, #73, #71)
    Source code(tar.gz)
    Source code(zip)
  • 3.0.7(Jan 11, 2022)

  • 3.0.6(Jan 11, 2022)

  • 3.0.5(Jan 11, 2022)

    • [pre-commit.ci] pre-commit autoupdate (#70)
    • [pre-commit.ci] pre-commit autoupdate (#69)
    • Bump sphinx from 4.3.1 to 4.3.2 (#68)
    • Bump lxml from 4.6.3 to 4.6.5 (#67)
    • [pre-commit.ci] pre-commit autoupdate (#66)
    • Bump sphinx from 4.3.0 to 4.3.1 (#65)
    • [pre-commit.ci] pre-commit autoupdate (#64)
    • [pre-commit.ci] pre-commit autoupdate (#63)
    • Bump dunamai from 1.5.5 to 1.7.0 (#59)
    • Bump pytest-cov from 2.11.1 to 3.0.0 (#57)
    • Bump sphinx-material from 0.0.32 to 0.0.35 (#61)
    • Bump jsonschema from 3.2.0 to 4.0.0 (#62)
    • Bump sphinx from 3.5.4 to 4.3.0 (#60)
    • Bump pytest from 5.4.3 to 6.2.5 (#58)
    • Bump urllib3 from 1.26.4 to 1.26.5 (#56)
    • [pre-commit.ci] pre-commit autoupdate (#55)
    • [pre-commit.ci] pre-commit autoupdate (#54)
    • [pre-commit.ci] pre-commit autoupdate (#53)
    • [pre-commit.ci] pre-commit autoupdate (#52)
    • [pre-commit.ci] pre-commit autoupdate (#51)
    • Replace codecov with coverage-comment (#50)
    • [pre-commit.ci] pre-commit autoupdate (#49)
    • [pre-commit.ci] pre-commit autoupdate (#48)
    • [pre-commit.ci] pre-commit autoupdate (#47)
    • [pre-commit.ci] pre-commit autoupdate (#46)
    • Fix python-version on ci (#45)
    Source code(tar.gz)
    Source code(zip)
  • 3.0.4(Aug 11, 2021)

    • [pre-commit.ci] pre-commit autoupdate (#44)
    • [pre-commit.ci] pre-commit autoupdate (#43)
    • [pre-commit.ci] pre-commit autoupdate (#42)
    • [pre-commit.ci] pre-commit autoupdate (#41)
    • [pre-commit.ci] pre-commit autoupdate (#40)
    • [pre-commit.ci] pre-commit autoupdate (#39)
    • [pre-commit.ci] pre-commit autoupdate (#38)
    • [pre-commit.ci] pre-commit autoupdate (#37)
    • [pre-commit.ci] pre-commit autoupdate (#36)
    • [pre-commit.ci] pre-commit autoupdate (#35)
    • [pre-commit.ci] pre-commit autoupdate (#34)
    • [pre-commit.ci] pre-commit autoupdate (#33)
    • [pre-commit.ci] pre-commit autoupdate (#32)
    • [pre-commit.ci] pre-commit autoupdate (#31)
    Source code(tar.gz)
    Source code(zip)
  • 3.0.3(May 9, 2021)

  • 3.0.2(Mar 18, 2021)

  • 3.0.1(Mar 18, 2021)

  • 3.0.0(Mar 17, 2021)

    New public API for restriction. No breaking but enough change to warrant a major release.

    • Move dangling methods into class methods (#25)
    • Public API for Restrictions (#24)
    Source code(tar.gz)
    Source code(zip)
  • 2.0.0(Mar 14, 2021)

  • 1.1.0(Mar 14, 2021)

    • Create a context object, remove MissingContextError (#22)
    • Adding discussion topics & tighten implementation regarding extraneous caveat params (#21)

    Minor version for refactoring some aspects, but no breaking changes.

    Source code(tar.gz)
    Source code(zip)
  • 1.0.6(Mar 14, 2021)

  • 1.0.5(Mar 12, 2021)

  • 1.0.4(Mar 8, 2021)

  • 1.0.3(Mar 8, 2021)

  • 1.0.2(Mar 8, 2021)

  • 1.0.1(Mar 8, 2021)

  • 1.0.0(Mar 8, 2021)

    • Fix readthedocs (#9)
    • Rename "derive" as "restrict" (#8)
    • Improve PR template (#7)
    • Fix CI cache (#6)
    • Sphinx doc (#5)
    • Working tox & CI (#3)
    • Add first implementation (#1)
    Source code(tar.gz)
    Source code(zip)
Owner
Joachim Jablon
Python / Django :heart:, @PyPA / @psf / DSF
Joachim Jablon
Flask JWT Router is a Python library that adds authorised routes to a Flask app.

Read the docs: Flask-JWT-Router Flask JWT Router Flask JWT Router is a Python library that adds authorised routes to a Flask app. Both basic & Google'

Joe Gasewicz 52 Jan 03, 2023
Phishing Abusing Microsoft 365 OAuth Authorization Flow

Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an at

bigb0ss 11 Dec 11, 2022
Get inside your stronghold and make all your Django views default login_required

Stronghold Get inside your stronghold and make all your Django views default login_required Stronghold is a very small and easy to use django app that

Mike Grouchy 384 Nov 23, 2022
OAuth2 goodies for the Djangonauts!

Django OAuth Toolkit OAuth2 goodies for the Djangonauts! If you are facing one or more of the following: Your Django app exposes a web API you want to

Jazzband 2.7k Dec 31, 2022
Imia is an authentication library for Starlette and FastAPI (python 3.8+).

Imia Imia (belarussian for "a name") is an authentication library for Starlette and FastAPI (python 3.8+). Production status The library is considered

Alex Oleshkevich 91 Nov 24, 2022
examify-io is an online examination system that offers automatic grading , exam statistics , proctoring and programming tests , multiple user roles

examify-io is an online examination system that offers automatic grading , exam statistics , proctoring and programming tests , multiple user roles ( Examiner , Supervisor , Student )

Ameer Nasser 4 Oct 28, 2021
Authentication Module for django rest auth

django-rest-knox Authentication Module for django rest auth Knox provides easy to use authentication for Django REST Framework The aim is to allow for

James McMahon 878 Jan 04, 2023
Use this to create (admin) personal access token in gitlab database. Mainly used for automation.

gitlab-personal-access-token Ensure PAT is present in gitlab database. This tool is mainly used when you need to automate gitlab installation and conf

CINAQ Internet Technologies 1 Jan 30, 2022
An extension of django rest framework, providing a configurable password reset strategy

Django Rest Password Reset This python package provides a simple password reset strategy for django rest framework, where users can request password r

Anexia 363 Dec 24, 2022
Simple two factor authemtication system, made by me.

Simple two factor authemtication system, made by me. Honestly, i don't even know How 2FAs work I just used my knowledge and did whatever i could. Send

Refined 5 Jan 04, 2022
Todo app with authentication system.

todo list web app with authentication system. User can register, login, logout. User can login and create, delete, update task Home Page here you will

Anurag verma 3 Aug 18, 2022
Django server for Travel Mate (Project: nomad)

Travel Mate Server (Project: Nomad) Django 2.0 server for Travel Mate Contribute For new feature request in the app, open a new feature request on the

Travel Mate 41 May 29, 2022
Creation & manipulation of PyPI tokens

PyPIToken: Manipulate PyPI API tokens PyPIToken is an open-source Python 3.6+ library for generating and manipulating PyPI tokens. PyPI tokens are ver

Joachim Jablon 8 Nov 01, 2022
Django Rest Framework App wih JWT Authentication and other DRF stuff

Django Queries App with JWT authentication, Class Based Views, Serializers, Swagger UI, CI/CD and other cool DRF stuff API Documentaion /swagger - Swa

Rafael Salimov 4 Jan 29, 2022
Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes

Flask-HTTPAuth Simple extension that provides Basic and Digest HTTP authentication for Flask routes. Installation The easiest way to install this is t

Miguel Grinberg 1.1k Jan 05, 2023
A Python inplementation for OAuth2

OAuth2-Python Discord Inplementation for OAuth2 login systems. This is a simple Python 'app' made to inplement in your programs that require (shitty)

Prifixy 0 Jan 06, 2022
Luca Security Concept

Luca Security Concept This is the document source of luca's security concept. Please go here for the HTML version: https://luca-app.de/securityconcept

luca 43 Oct 22, 2022
This python package provides a simple password reset strategy for django rest framework

Django Rest Password Reset This python package provides a simple password reset strategy for django rest framework, where users can request password r

Anexia 363 Dec 24, 2022
Multi-user accounts for Django projects

django-organizations Summary Groups and multi-user account management Author Ben Lopatin (http://benlopatin.com) Status Separate individual user ident

Ben Lopatin 1.1k Jan 02, 2023
Authentication with fastapi and jwt cd realistic

Authentication with fastapi and jwt cd realistic Dependencies bcrypt==3.1.7 data

Fredh Macau 1 Jan 04, 2022