diff options
author | Felix Gruber <felgru@posteo.net> | 2023-03-26 19:43:31 +0000 |
---|---|---|
committer | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2023-03-29 13:23:45 -0400 |
commit | 4bff240e9b38e2398282a7f214e4a37be749e8f0 (patch) | |
tree | 61a50229cd45c1febb91975706872a5b37baf2d8 /gnu/packages | |
parent | 6d00909968ae7ad40ed80acb987c170931648038 (diff) | |
download | guix-4bff240e9b38e2398282a7f214e4a37be749e8f0.tar.gz |
gnu: Add python-asgi-csrf.
* gnu/packages/python-web.scm (python-asgi-csrf): New variable. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Diffstat (limited to 'gnu/packages')
-rw-r--r-- | gnu/packages/python-web.scm | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm index c16ba0d089..495e13acfe 100644 --- a/gnu/packages/python-web.scm +++ b/gnu/packages/python-web.scm @@ -570,6 +570,45 @@ communicate with each other, and positioned as an asynchronous successor to WSGI. This package includes libraries for implementing ASGI servers.") (license license:bsd-3))) +(define-public python-asgi-csrf + (package + (name "python-asgi-csrf") + (version "0.9") + (source (origin + (method git-fetch) ;for tests + (uri (git-reference + (url "https://github.com/simonw/asgi-csrf") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1j134mjh0ff61rvkm3q67m463j1bhyxc9dwsdany3scnd4vsqqws")))) + (build-system pyproject-build-system) + (arguments + (list #:test-flags + ;; Provide a null config to avoid the extraneous dependency on + ;; python-pytest-coverage. + #~(list "-c" "/dev/null" + ;; Disable two failing tests (see: + ;; https://github.com/simonw/asgi-csrf/issues/24). + "-k" (string-append + "not (test_multipart " + "or test_multipart_failure_wrong_token)")))) + (propagated-inputs (list python-itsdangerous python-multipart)) + (native-inputs (list python-asgi-lifespan + python-httpx + python-pytest + python-pytest-asyncio + python-starlette)) + (home-page "https://github.com/simonw/asgi-csrf") + (synopsis "ASGI middleware for protecting against CSRF attacks") + (description "This Asynchronous Server Gateway Interface (ASGI) +middleware protects against Cross-site request forgery (CSRF) attacks. +It implements the Double Submit Cookie pattern, where a cookie is set +that is then compared to a @code{csrftoken} hidden form field or a +@code{x-csrftoken} HTTP header.") + (license license:asl2.0))) + (define-public python-asgi-lifespan (package (name "python-asgi-lifespan") |