rename auth_sync to auth_token

Author: Archmonger

pyproject.toml

@@ -160,8 +160,8 @@ runserver = [
 makemigrations = ["cd tests && python manage.py makemigrations"]
 clean = ["cd tests && python manage.py clean_reactpy -v 3"]
 clean_sessions = ["cd tests && python manage.py clean_reactpy --sessions -v 3"]
-clean_auth_sync = [
-  "cd tests && python manage.py clean_reactpy --auth-sync -v 3",
+clean_auth_tokens = [
+  "cd tests && python manage.py clean_reactpy --auth-tokens -v 3",
 ]
 clean_user_data = [
   "cd tests && python manage.py clean_reactpy --user-data -v 3",

src/reactpy_django/auth/components.py

@@ -7,10 +7,10 @@
 from uuid import uuid4
 
 from django.urls import reverse
-from reactpy import component, hooks, html
+from reactpy import component, hooks
 
 from reactpy_django.javascript_components import HttpRequest
-from reactpy_django.models import SynchronizeSession
+from reactpy_django.models import AuthToken
 
 if TYPE_CHECKING:
     from django.contrib.sessions.backends.base import SessionBase
@@ -39,13 +39,13 @@ async def rerender():
 @component
 def session_manager():
     """This component can force the client (browser) to switch HTTP sessions,
-    making it match the websocket session.
+    making it match the websocket session, by using a authentication token.
 
     Used to force persistent authentication between Django's websocket and HTTP stack."""
     from reactpy_django import config
 
     synchronize_requested, set_synchronize_requested = hooks.use_state(False)
-    uuid = hooks.use_ref("")
+    token = hooks.use_ref("")
     scope = hooks.use_connection().scope
 
     @hooks.use_effect(dependencies=[])
@@ -61,33 +61,32 @@ async def synchronize_session_watchdog():
         This effect will automatically be cancelled if the session is successfully
         switched (via effect dependencies)."""
         if synchronize_requested:
-            await asyncio.sleep(config.REACTPY_AUTH_SYNC_TIMEOUT + 0.1)
+            await asyncio.sleep(config.REACTPY_AUTH_TOKEN_TIMEOUT + 0.1)
             await asyncio.to_thread(
                 _logger.warning,
-                f"Client did not switch sessions within {config.REACTPY_AUTH_SYNC_TIMEOUT} (REACTPY_AUTH_SYNC_TIMEOUT) seconds.",
+                f"Client did not switch sessions within {config.REACTPY_AUTH_TOKEN_TIMEOUT} (REACTPY_AUTH_TOKEN_TIMEOUT) seconds.",
             )
             set_synchronize_requested(False)
 
     async def synchronize_session():
-        """Event that can command the client to switch HTTP sessions (to match the websocket sessions)."""
+        """Event that can command the client to switch HTTP sessions (to match the websocket session)."""
         session: SessionBase | None = scope.get("session")
         if not session or not session.session_key:
             return
 
-        # Delete any sessions currently associated with the previous UUID.
-        # This exists to fix scenarios where...
-        # 1) Login is called multiple times before the first one is completed.
-        # 2) Login was called, but the server failed to respond to the HTTP request.
-        if uuid.current:
-            with contextlib.suppress(SynchronizeSession.DoesNotExist):
-                obj = await SynchronizeSession.objects.aget(uuid=uuid.current)
+        # Delete previous token to resolve race conditions where...
+        # 1. Login was called multiple times before the first one is completed.
+        # 2. Login was called, but the server failed to respond to the HTTP request.
+        if token.current:
+            with contextlib.suppress(AuthToken.DoesNotExist):
+                obj = await AuthToken.objects.aget(value=token.current)
                 await obj.adelete()
 
-        # Create a fresh UUID
-        uuid.set_current(str(uuid4()))
+        # Create a fresh token
+        token.set_current(str(uuid4()))
 
         # Begin the process of synchronizing HTTP and websocket sessions
-        obj = await SynchronizeSession.objects.acreate(uuid=uuid.current, session_key=session.session_key)
+        obj = await AuthToken.objects.acreate(value=token.current, session_key=session.session_key)
         await obj.asave()
         set_synchronize_requested(True)
 
@@ -107,7 +106,7 @@ async def synchronize_session_callback(status_code: int, response: str):
         return HttpRequest(
             {
                 "method": "GET",
-                "url": reverse("reactpy:session_manager", args=[uuid.current]),
+                "url": reverse("reactpy:session_manager", args=[token.current]),
                 "body": None,
                 "callback": synchronize_session_callback,
             },

src/reactpy_django/config.py

@@ -39,9 +39,9 @@
     "REACTPY_SESSION_MAX_AGE",
     259200,  # Default to 3 days
 )
-REACTPY_AUTH_SYNC_TIMEOUT: int = getattr(
+REACTPY_AUTH_TOKEN_TIMEOUT: int = getattr(
     settings,
-    "REACTPY_AUTH_SYNC_TIMEOUT",
+    "REACTPY_AUTH_TOKEN_TIMEOUT",
     30,  # Default to 30 seconds
 )
 REACTPY_CACHE: str = getattr(
@@ -126,9 +126,9 @@
     "REACTPY_CLEAN_SESSIONS",
     True,
 )
-REACTPY_CLEAN_AUTH_SYNC: bool = getattr(
+REACTPY_CLEAN_AUTH_TOKENS: bool = getattr(
     settings,
-    "REACTPY_CLEAN_AUTH_SYNC",
+    "REACTPY_CLEAN_AUTH_TOKENS",
     True,
 )
 REACTPY_CLEAN_USER_DATA: bool = getattr(

src/reactpy_django/http/views.py

@@ -48,37 +48,37 @@ async def session_manager(request: HttpRequest, uuid: str) -> HttpResponse:
     """Switches the client's active session to match ReactPy.
 
     This view exists because ReactPy is rendered via WebSockets, and browsers do not
-    allow active WebSocket connections to modify HTTP cookies. Django's authentication
+    allow active WebSocket connections to modify cookies. Django's authentication
     design requires HTTP cookies to persist state changes.
     """
-    from reactpy_django.models import SynchronizeSession
+    from reactpy_django.models import AuthToken
 
-    # Find out what session the client wants to switch
-    data = await SynchronizeSession.objects.aget(uuid=uuid)
+    # Find out what session the client wants to switch to
+    token = await AuthToken.objects.aget(value=uuid)
 
-    # CHECK: Session has expired?
-    if data.expired:
+    # CHECK: Token has expired?
+    if token.expired:
         msg = "Session expired."
-        await data.adelete()
+        await token.adelete()
         raise SuspiciousOperation(msg)
 
-    # CHECK: Session does not exist?
+    # CHECK: Token does not exist?
     exists_method = getattr(request.session, "aexists", request.session.exists)
-    if not await ensure_async(exists_method)(data.session_key):
+    if not await ensure_async(exists_method)(token.session_key):
         msg = "Attempting to switch to a session that does not exist."
         raise SuspiciousOperation(msg)
 
-    # CHECK: Client already using the correct session?
-    if request.session.session_key == data.session_key:
-        await data.adelete()
+    # CHECK: Client already using the correct session key?
+    if request.session.session_key == token.session_key:
+        await token.adelete()
         return HttpResponse(status=204)
 
     # Switch the client's session
-    request.session = type(request.session)(session_key=data.session_key)
+    request.session = type(request.session)(session_key=token.session_key)
     load_method = getattr(request.session, "aload", request.session.load)
     await ensure_async(load_method)()
     request.session.modified = True
     save_method = getattr(request.session, "asave", request.session.save)
     await ensure_async(save_method)()
-    await data.adelete()
+    await token.adelete()
     return HttpResponse(status=204)

src/reactpy_django/management/commands/clean_reactpy.py

@@ -12,7 +12,7 @@ def handle(self, *_args, **options):
         from reactpy_django.tasks import CleaningArgs, clean
 
         verbosity = options.pop("verbosity", 1)
-        valid_args: set[CleaningArgs] = {"all", "sessions", "auth_sync", "user_data"}
+        valid_args: set[CleaningArgs] = {"all", "sessions", "auth_tokens", "user_data"}
         cleaning_args: set[CleaningArgs] = {arg for arg in options if arg in valid_args and options[arg]} or {"all"}
 
         clean(*cleaning_args, immediate=True, verbosity=verbosity)
@@ -32,7 +32,7 @@ def add_arguments(self, parser):
             help="Clean user data. This value can be combined with other cleaning options.",
         )
         parser.add_argument(
-            "--auth-sync",
+            "--auth-tokens",
             action="store_true",
-            help="Clean authentication synchronizer data. This value can be combined with other cleaning options.",
+            help="Clean authentication tokens. This value can be combined with other cleaning options.",
         )

src/reactpy_django/migrations/0010_rename_synchronizesession_authtoken_and_more.py

@@ -0,0 +1,22 @@
+# Generated by Django 5.1.4 on 2024-12-25 05:52
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('reactpy_django', '0009_rename_switchsession_synchronizesession'),
+    ]
+
+    operations = [
+        migrations.RenameModel(
+            old_name='SynchronizeSession',
+            new_name='AuthToken',
+        ),
+        migrations.RenameField(
+            model_name='authtoken',
+            old_name='uuid',
+            new_name='value',
+        ),
+    ]

src/reactpy_django/models.py

@@ -20,24 +20,24 @@ class ComponentSession(models.Model):
     last_accessed = models.DateTimeField(auto_now=True)
 
 
-class SynchronizeSession(models.Model):
+class AuthToken(models.Model):
     """A model that contains any relevant data needed to force Django's HTTP session to
     match the websocket session.
 
-    This data is tied to an arbitrary UUID for security (obfuscation) purposes.
+    The session key is tied to an arbitrary UUID token for security (obfuscation) purposes.
 
     Source code must be written to respect the expiration property of this model."""
 
-    uuid = models.UUIDField(primary_key=True, editable=False, unique=True)
+    value = models.UUIDField(primary_key=True, editable=False, unique=True)
     session_key = models.CharField(max_length=40, editable=False)
     created_at = models.DateTimeField(auto_now_add=True, editable=False)
 
     @property
     def expired(self) -> bool:
         """Check the client has exceeded the max timeout."""
-        from reactpy_django.config import REACTPY_AUTH_SYNC_TIMEOUT
+        from reactpy_django.config import REACTPY_AUTH_TOKEN_TIMEOUT
 
-        return self.created_at < (timezone.now() - timedelta(seconds=REACTPY_AUTH_SYNC_TIMEOUT))
+        return self.created_at < (timezone.now() - timedelta(seconds=REACTPY_AUTH_TOKEN_TIMEOUT))
 
 
 class Config(models.Model):

src/reactpy_django/tasks.py

@@ -13,12 +13,12 @@
     from reactpy_django.models import Config
 
 CLEAN_NEEDED_BY: datetime = datetime(year=1, month=1, day=1, tzinfo=timezone.now().tzinfo)
-CleaningArgs: TypeAlias = Literal["all", "sessions", "auth_sync", "user_data"]
+CleaningArgs: TypeAlias = Literal["all", "sessions", "auth_tokens", "user_data"]
 
 
 def clean(*args: CleaningArgs, immediate: bool = False, verbosity: int = 1):
     from reactpy_django.config import (
-        REACTPY_CLEAN_AUTH_SYNC,
+        REACTPY_CLEAN_AUTH_TOKENS,
         REACTPY_CLEAN_SESSIONS,
         REACTPY_CLEAN_USER_DATA,
     )
@@ -28,19 +28,21 @@ def clean(*args: CleaningArgs, immediate: bool = False, verbosity: int = 1):
     if immediate or clean_is_needed(config):
         config.cleaned_at = timezone.now()
         config.save()
+
+        # If no args are provided, use the default settings.
         sessions = REACTPY_CLEAN_SESSIONS
-        auth_sync = REACTPY_CLEAN_AUTH_SYNC
+        auth_tokens = REACTPY_CLEAN_AUTH_TOKENS
         user_data = REACTPY_CLEAN_USER_DATA
 
         if args:
             sessions = any(value in args for value in ("sessions", "all"))
-            auth_sync = any(value in args for value in ("auth_sync", "all"))
+            auth_tokens = any(value in args for value in ("auth_tokens", "all"))
             user_data = any(value in args for value in ("user_data", "all"))
 
         if sessions:
             clean_component_sessions(verbosity)
-        if auth_sync:
-            clean_auth_synchronizer(verbosity)
+        if auth_tokens:
+            clean_auth_tokens(verbosity)
         if user_data:
             clean_user_data(verbosity)
 
@@ -69,23 +71,23 @@ def clean_component_sessions(verbosity: int = 1):
         inspect_clean_duration(start_time, "component sessions", verbosity)
 
 
-def clean_auth_synchronizer(verbosity: int = 1):
-    from reactpy_django.config import DJANGO_DEBUG, REACTPY_AUTH_SYNC_TIMEOUT
-    from reactpy_django.models import SynchronizeSession
+def clean_auth_tokens(verbosity: int = 1):
+    from reactpy_django.config import DJANGO_DEBUG, REACTPY_AUTH_TOKEN_TIMEOUT
+    from reactpy_django.models import AuthToken
 
     if verbosity >= 2:
-        _logger.info("Cleaning ReactPy auth sync data...")
+        _logger.info("Cleaning ReactPy auth tokens...")
     start_time = timezone.now()
-    expiration_date = timezone.now() - timedelta(seconds=REACTPY_AUTH_SYNC_TIMEOUT)
-    synchronizer_objects = SynchronizeSession.objects.filter(created_at__lte=expiration_date)
+    expiration_date = timezone.now() - timedelta(seconds=REACTPY_AUTH_TOKEN_TIMEOUT)
+    synchronizer_objects = AuthToken.objects.filter(created_at__lte=expiration_date)
 
     if verbosity >= 2:
-        _logger.info("Deleting %d expired auth sync objects...", synchronizer_objects.count())
+        _logger.info("Deleting %d expired auth token objects...", synchronizer_objects.count())
 
     synchronizer_objects.delete()
 
     if DJANGO_DEBUG or verbosity >= 2:
-        inspect_clean_duration(start_time, "auth sync", verbosity)
+        inspect_clean_duration(start_time, "auth tokens", verbosity)
 
 
 def clean_user_data(verbosity: int = 1):