Supertokens-python

Bug fix
- Send FORM_FIELD error with 200 status code instead of 500 on invalid request body or when user passes non-string values as email ID for `/auth/signin`

Changes
- Add to test to ensure that overrides are applying correctly in methods called on SessionContainer instances

Bug fix
- Make `user_context` optional in userroles recipe syncio functions.

Documentation:
- Added `pdoc` template files to project inside `docs-templates` directory
- Updated `build-docs` in Makefile to use `docs-templates` as the template directory while generating docs using `pdoc`
- Updated `html.mako` template to have a single `h1` tag and have a default meta description tag

Changes
- Relax version requirements for `httpx`, `cryptography`, and `asgiref` to fix https://github.com/supertokens/supertokens-python/issues/207

- Update tests to cover `resend_code` feature in `passwordless` and `thirdpartypasswordless` recipe.
- Update usermetadata tests to ensure that utf8 chars are supported.
- Mark tests as skipped if core version requirements are not met.
- Use [black](https://github.com/psf/black) instead of `autopep8` to format code.
- Add frontend integration tests for `django2x`

Bug fix:

- Clears cookies when `revoke_session` is called using the session container, even if the session did not exist from before: https://github.com/supertokens/supertokens-node/issues/343

Breaking changes:
- Change request arg type in session recipe functions from Any to BaseRequest.
- Changes session function recipe interfaces to not throw an `UNAUTHORISED` error when the input is a session_handle: https://github.com/supertokens/backend/issues/83
- `get_session_information` now returns `None` if the session does not exist.
- `update_session_data` now returns `False` if the input `session_handle` does not exist.
- `update_access_token_payload` now returns `False` if the input `session_handle` does not exist.
- `regenerate_access_token` now returns `None` if the input access token's `session_handle` does not exist.
- The `session_class` functions have not changed in behaviour and still throw `UNAUTHORISED` error. This works cause the `session_class` works on the current session and not some other session.


Features:
- Adds default `user_context` for API calls that contains the request object. It can be used in APIs / functions override like this:

python
def apis_override_email_password(param: APIInterface):
og_sign_in_post = param.sign_in_post

async def sign_in_post(
form_fields: List[FormField],
api_options: APIOptions,
user_context: Dict[str, Any],
):
req = user_context.get("_default", {}).get("request")
if req:
do something with the request

return await og_sign_in_post(form_fields, api_options, user_context)

param.sign_in_post = sign_in_post
return param

def functions_override_email_password(param: RecipeInterface):
og_sign_in = param.sign_in

async def sign_in(email: str, password: str, user_context: Dict[str, Any]):
req = user_context.get("_default", {}).get("request")
if req:
do something with the request

return await og_sign_in(email, password, user_context)

param.sign_in = sign_in
return param

init(
...,
recipe_list=[
emailpassword.init(
override=emailpassword.InputOverrideConfig(
apis=apis_override_email_password,
functions=functions_override_email_password,
)
),
session.init(),
],
)



Documentation
- Add more details in the `CONTRIBUTING.md` to make it beginner friendly.

Features:

- Introduce `userroles` recipe.
python
from supertokens_python import InputAppInfo, SupertokensConfig, init
from supertokens_python.recipe import userroles
from supertokens_python.recipe.userroles.asyncio import create_new_role_or_add_permissions, add_role_to_user

init(
supertokens_config=SupertokensConfig('http://localhost:3567'),
app_info=InputAppInfo(
app_name='SuperTokens Demo',
api_domain='https://api.supertokens.io',
website_domain='supertokens.io'
),
framework='flask',
recipe_list=[userroles.init()]
)

user_id = "userId"
role = "role"
permissions = ["perm1", "perm2"]

Functions to use inside your views:
Create a new role with a few permissions:
result = await create_new_role_or_add_permissions(role, permissions)
Add role to the user:
result = await add_role_to_user(user_id, role)
Check documentation for more examples..

Fixes
- Fixes Cookie same_site config validation.
- Remove `<Recipe>(Email|SMS)TemplateVars` in favour of `(Email|SMS)TemplateVars` for better DX.

Breaking change
- https://github.com/supertokens/supertokens-node/issues/220
- Adds `{status: "GENERAL_ERROR", message: string}` as a possible output to all the APIs.
- Changes `FIELD_ERROR` output status in third party recipe API to be `GENERAL_ERROR`.
- Replaced `FIELD_ERROR` status type in third party signinup API with `GENERAL_ERROR`.
- Removed `FIELD_ERROR` status type from third party signinup recipe function.
- If sms or email sending failed in passwordless recipe APIs, we now throw a regular JS error from the API as opposed to returning a `GENERAL_ERROR` to the client.
- If there is an error whilst getting the profile info about a user from a third party provider (in /signinup POST API), then we throw a regular JS error instead of returning a `GENERAL_ERROR` to the client.
- Make email and sms delivery ingredient interfaces developer friendly:
- Remove the need of `SMSDeliveryTwilioConfig`, `EmailDeliverySMTPConfig`, and `SupertokensServiceConfig`.
- Export `(.*)OverrideInput` and `(Email|SMS)DeliveryOverrideInput` from the relevant recipes.
- Rename `Type<Recipe>EmailDeliveryInput` to `<Recipe>EmailTemplateVars`
- Export `EmailTemplateVars` (alias of `<Recipe>EmailTemplateVars`) from all the relevant recipes
- Export `PasswordlessLogin(Email|SMS)TemplateVars`, `PasswordResetEmailTemplateVars`, and `VerificationEmailTemplateVars` from relevant recipes.
- Rename `(.*)ServiceConfig` to `(.*)Settings` for readability.
- Rename arg `input_` to `template_vars` in `EmailDeliveryInterface.send_email` and `SMTPServiceInterface.send_sms` functions.
- Rename arg `input_` to `content` and `template_vars` in `SMTPServiceInterface.send_raw_email` and `SMTPServiceInterface.get_content` functions respectively.
- Rename arg `get_content_result` to `content` and `input_` to `template_vars` in `TwilioServiceInterface.send_raw_email` and `TwilioServiceInterface.get_content` functions respectively.
- Removes support for FDI < 1.14

Changes
- Changes `get_email_for_user_id` function inside thirdpartypasswordless to take into account passwordless emails and return an empty string in case a passwordless email doesn't exist. This helps situations where the dev wants to customise the email verification functions in the thirdpartypasswordless recipe.