Coverage for src / local_deep_research / database / temp_auth.py: 92%

24 statements  

« prev     ^ index     » next       coverage.py v7.12.0, created at 2026-01-11 00:51 +0000

1""" 

2Temporary authentication storage for handling post-registration flow. 

3Stores passwords briefly in memory to allow database access after redirect. 

4Note: Passwords are stored in plain text in memory (encryption removed as it 

5provided no real security benefit - see issue #593). 

6""" 

7 

8import secrets 

9from typing import Optional, Tuple 

10 

11from loguru import logger 

12 

13from .credential_store_base import CredentialStoreBase 

14 

15 

16class TemporaryAuthStore(CredentialStoreBase): 

17 """ 

18 Stores authentication temporarily for post-registration/login flow. 

19 Passwords are stored in plain text in memory and expire after a short time. 

20 """ 

21 

22 def __init__(self, ttl_seconds: int = 30): 

23 """ 

24 Initialize the temporary auth store. 

25 

26 Args: 

27 ttl_seconds: How long to keep auth data (default 30 seconds) 

28 """ 

29 super().__init__(ttl_seconds) 

30 

31 def store_auth(self, username: str, password: str) -> str: 

32 """ 

33 Store authentication temporarily. 

34 

35 Args: 

36 username: Username 

37 password: Password to store 

38 

39 Returns: 

40 Token to retrieve the auth data 

41 """ 

42 token = secrets.token_urlsafe(32) 

43 self._store_credentials( 

44 token, {"username": username, "password": password} 

45 ) 

46 logger.debug(f"Stored temporary auth for {username}") 

47 return token 

48 

49 def retrieve_auth(self, token: str) -> Optional[Tuple[str, str]]: 

50 """ 

51 Retrieve and remove authentication data. 

52 

53 Args: 

54 token: Token from store_auth 

55 

56 Returns: 

57 Tuple of (username, password) or None if expired/not found 

58 """ 

59 result = self._retrieve_credentials(token, remove=True) 

60 if result: 

61 logger.debug(f"Retrieved temporary auth for {result[0]}") 

62 return result 

63 

64 def peek_auth(self, token: str) -> Optional[Tuple[str, str]]: 

65 """ 

66 Peek at authentication data without removing it. 

67 

68 Args: 

69 token: Token from store_auth 

70 

71 Returns: 

72 Tuple of (username, password) or None if expired/not found 

73 """ 

74 return self._retrieve_credentials(token, remove=False) 

75 

76 # Implement abstract methods for compatibility 

77 def store(self, username: str, password: str) -> str: 

78 """Alias for store_auth.""" 

79 return self.store_auth(username, password) 

80 

81 def retrieve(self, token: str) -> Optional[Tuple[str, str]]: 

82 """Alias for retrieve_auth.""" 

83 return self.retrieve_auth(token) 

84 

85 

86# Global instance 

87temp_auth_store = TemporaryAuthStore()