summary refs log tree commit diff
path: root/gnu/packages
diff options
context:
space:
mode:
authorFelix Gruber <felgru@posteo.net>2023-03-26 19:43:31 +0000
committerMaxim Cournoyer <maxim.cournoyer@gmail.com>2023-03-29 13:23:45 -0400
commit4bff240e9b38e2398282a7f214e4a37be749e8f0 (patch)
tree61a50229cd45c1febb91975706872a5b37baf2d8 /gnu/packages
parent6d00909968ae7ad40ed80acb987c170931648038 (diff)
downloadguix-4bff240e9b38e2398282a7f214e4a37be749e8f0.tar.gz
gnu: Add python-asgi-csrf.
* gnu/packages/python-web.scm (python-asgi-csrf): New variable.

Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/python-web.scm39
1 files changed, 39 insertions, 0 deletions
diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm
index c16ba0d089..495e13acfe 100644
--- a/gnu/packages/python-web.scm
+++ b/gnu/packages/python-web.scm
@@ -570,6 +570,45 @@ communicate with each other, and positioned as an asynchronous successor to
 WSGI.  This package includes libraries for implementing ASGI servers.")
     (license license:bsd-3)))
 
+(define-public python-asgi-csrf
+  (package
+    (name "python-asgi-csrf")
+    (version "0.9")
+    (source (origin
+              (method git-fetch)        ;for tests
+              (uri (git-reference
+                    (url "https://github.com/simonw/asgi-csrf")
+                    (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1j134mjh0ff61rvkm3q67m463j1bhyxc9dwsdany3scnd4vsqqws"))))
+    (build-system pyproject-build-system)
+    (arguments
+     (list #:test-flags
+           ;; Provide a null config to avoid the extraneous dependency on
+           ;; python-pytest-coverage.
+           #~(list "-c" "/dev/null"
+                   ;; Disable two failing tests (see:
+                   ;; https://github.com/simonw/asgi-csrf/issues/24).
+                   "-k" (string-append
+                         "not (test_multipart "
+                         "or test_multipart_failure_wrong_token)"))))
+    (propagated-inputs (list python-itsdangerous python-multipart))
+    (native-inputs (list python-asgi-lifespan
+                         python-httpx
+                         python-pytest
+                         python-pytest-asyncio
+                         python-starlette))
+    (home-page "https://github.com/simonw/asgi-csrf")
+    (synopsis "ASGI middleware for protecting against CSRF attacks")
+    (description "This Asynchronous Server Gateway Interface (ASGI)
+middleware protects against Cross-site request forgery (CSRF) attacks.
+It implements the Double Submit Cookie pattern, where a cookie is set
+that is then compared to a @code{csrftoken} hidden form field or a
+@code{x-csrftoken} HTTP header.")
+    (license license:asl2.0)))
+
 (define-public python-asgi-lifespan
   (package
     (name "python-asgi-lifespan")