Drop Python 3.9 and support 3.14

Author: pgjones

.github/workflows/ci.yml

@@ -14,15 +14,15 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - {name: '3.14', python: '3.14', tox: py314}
           - {name: '3.13', python: '3.13', tox: py313}
           - {name: '3.12', python: '3.12', tox: py312}
           - {name: '3.11', python: '3.11', tox: py311}
           - {name: '3.10', python: '3.10', tox: py310}
-          - {name: '3.9', python: '3.9', tox: py39}
-          - {name: 'format', python: '3.13', tox: format}
-          - {name: 'mypy', python: '3.13', tox: mypy}
-          - {name: 'pep8', python: '3.13', tox: pep8}
-          - {name: 'package', python: '3.13', tox: package}
+          - {name: 'format', python: '3.14', tox: format}
+          - {name: 'mypy', python: '3.14', tox: mypy}
+          - {name: 'pep8', python: '3.14', tox: pep8}
+          - {name: 'package', python: '3.14', tox: package}
 
     steps:
       - uses: actions/checkout@v4

.github/workflows/publish.yml

@@ -11,7 +11,7 @@ jobs:
 
       - uses: actions/setup-python@v5
         with:
-          python-version: 3.13
+          python-version: 3.14
 
       - run: |
           pip install pdm

.readthedocs.yaml

@@ -3,7 +3,7 @@ version: 2
 build:
   os: ubuntu-24.04
   tools:
-    python: "3.13"
+    python: "3.14"
 
 python:
   install:

docs/tutorials/installation.rst

@@ -3,7 +3,7 @@
 Installation
 ============
 
-Quart-Auth is only compatible with Python 3.9 or higher and can be
+Quart-Auth is only compatible with Python 3.10 or higher and can be
 installed using pip or your favorite python package manager.
 
 .. code-block:: sh

pyproject.toml

@@ -13,11 +13,11 @@ classifiers = [
     "Operating System :: OS Independent",
     "Programming Language :: Python",
     "Programming Language :: Python :: 3",
-    "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
     "Programming Language :: Python :: 3.13",
+    "Programming Language :: Python :: 3.14",
     "Topic :: Internet :: WWW/HTTP :: Dynamic Content",
     "Topic :: Software Development :: Libraries :: Python Modules",
 ]
@@ -27,10 +27,8 @@ readme = "README.rst"
 repository = "https://github.com/pgjones/quart-auth/"
 dependencies = [
     "quart >= 0.18",
-    "typing_extensions; python_version < '3.10'",
-
 ]
-requires-python = ">=3.9"
+requires-python = ">=3.10"
 
 [project.optional-dependencies]
 docs = ["pydata_sphinx_theme"]

src/quart_auth/basic_auth.py

@@ -1,16 +1,12 @@
+from collections.abc import Awaitable, Callable
 from functools import wraps
 from secrets import compare_digest
-from typing import Awaitable, Callable, TypeVar
+from typing import ParamSpec, TypeVar
 
 from quart import current_app, has_request_context, has_websocket_context, request, websocket
 from werkzeug.datastructures import WWWAuthenticate
 from werkzeug.exceptions import Unauthorized as WerkzeugUnauthorized
 
-try:
-    from typing import ParamSpec
-except ImportError:
-    from typing_extensions import ParamSpec
-
 T = TypeVar("T")
 P = ParamSpec("P")
 

src/quart_auth/extension.py

@@ -1,8 +1,9 @@
 import warnings
+from collections.abc import AsyncGenerator, Iterable
 from contextlib import asynccontextmanager
 from enum import auto, Enum
 from hashlib import sha512
-from typing import Any, AsyncGenerator, cast, Dict, Iterable, Literal, Optional, Type, Union
+from typing import Any, Literal
 
 from itsdangerous import BadSignature, SignatureExpired, URLSafeTimedSerializer
 from quart import (
@@ -47,7 +48,7 @@ class Action(Enum):
 
 class _AuthSerializer(URLSafeTimedSerializer):
     def __init__(
-        self, secret: Union[str, bytes, Iterable[str], Iterable[bytes]], salt: Union[str, bytes]
+        self, secret: str | bytes | Iterable[str] | Iterable[bytes], salt: str | bytes
     ) -> None:
         super().__init__(secret, salt, signer_kwargs={"digest_method": sha512})
 
@@ -59,12 +60,12 @@ class AuthUser:
     inherit from this.
     """
 
-    def __init__(self, auth_id: Optional[str], action: Action = Action.PASS) -> None:
+    def __init__(self, auth_id: str | None, action: Action = Action.PASS) -> None:
         self._auth_id = auth_id
         self.action = action
 
     @property
-    def auth_id(self) -> Optional[str]:
+    def auth_id(self) -> str | None:
         return self._auth_id
 
     @property
@@ -81,21 +82,21 @@ class QuartAuth:
 
     def __init__(
         self,
-        app: Optional[Quart] = None,
+        app: Quart | None = None,
         *,
         attribute_name: str = None,
-        cookie_domain: Optional[str] = None,
-        cookie_name: Optional[str] = None,
-        cookie_path: Optional[str] = None,
-        cookie_http_only: Optional[bool] = None,
-        cookie_samesite: Optional[Literal["Strict", "Lax"]] = None,
-        cookie_secure: Optional[bool] = None,
-        duration: Optional[int] = None,
-        mode: Optional[Literal["cookie", "bearer"]] = None,
-        salt: Optional[str] = None,
+        cookie_domain: str | None = None,
+        cookie_name: str | None = None,
+        cookie_path: str | None = None,
+        cookie_http_only: bool | None = None,
+        cookie_samesite: Literal["Strict", "Lax"] | None = None,
+        cookie_secure: bool | None = None,
+        duration: int | None = None,
+        mode: Literal["cookie", "bearer"] | None = None,
+        salt: str | None = None,
         singleton: bool = True,
-        serializer_class: Optional[Type[_AuthSerializer]] = None,
-        user_class: Optional[Type[AuthUser]] = None,
+        serializer_class: type[_AuthSerializer] | None = None,
+        user_class: type[AuthUser] | None = None,
     ) -> None:
         self.attribute_name = attribute_name
         self.cookie_domain = cookie_domain
@@ -168,7 +169,7 @@ def resolve_user(self) -> AuthUser:
 
         return self.user_class(auth_id)
 
-    def load_cookie(self) -> Optional[str]:
+    def load_cookie(self) -> str | None:
         try:
             token = ""
             if has_request_context():
@@ -180,7 +181,7 @@ def load_cookie(self) -> Optional[str]:
         else:
             return self.load_token(token)
 
-    def load_bearer(self) -> Optional[str]:
+    def load_bearer(self) -> str | None:
         try:
             if has_request_context():
                 raw = request.headers["Authorization"]
@@ -194,14 +195,14 @@ def load_bearer(self) -> Optional[str]:
             token = raw[6:].strip()
             return self.load_token(token)
 
-    def dump_token(self, auth_id: str, app: Optional[Quart] = None) -> str:
+    def dump_token(self, auth_id: str, app: Quart | None = None) -> str:
         if app is None:
             app = current_app
 
         serializer = self.serializer_class(app.secret_key, self.salt)
         return serializer.dumps(auth_id)
 
-    def load_token(self, token: str, app: Optional[Quart] = None) -> Optional[str]:
+    def load_token(self, token: str, app: Quart | None = None) -> str | None:
         if app is None:
             app = current_app
 
@@ -212,7 +213,7 @@ def load_token(self, token: str, app: Optional[Quart] = None) -> Optional[str]:
 
         keys.append(app.secret_key)  # itsdangerous expects current key at top
 
-        serializer = self.serializer_class(keys, self.salt)  # type: ignore[arg-type]
+        serializer = self.serializer_class(keys, self.salt)
         try:
             return serializer.loads(token, max_age=self.duration)
         except (BadSignature, SignatureExpired):
@@ -230,9 +231,9 @@ async def after_request(self, response: Response) -> Response:
             response.delete_cookie(
                 self.cookie_name,
                 domain=self.cookie_domain,
-                httponly=cast(bool, self.cookie_http_only),
+                httponly=self.cookie_http_only,
                 path=self.cookie_path,
-                secure=cast(bool, self.cookie_secure),
+                secure=self.cookie_secure,
                 samesite=self.cookie_samesite,
             )
         elif user.action in {Action.WRITE, Action.WRITE_PERMANENT}:
@@ -252,14 +253,14 @@ async def after_request(self, response: Response) -> Response:
                 token,
                 domain=self.cookie_domain,
                 max_age=max_age,
-                httponly=cast(bool, self.cookie_http_only),
+                httponly=self.cookie_http_only,
                 path=self.cookie_path,
-                secure=cast(bool, self.cookie_secure),
+                secure=self.cookie_secure,
                 samesite=self.cookie_samesite,
             )
         return response
 
-    async def after_websocket(self, response: Optional[Response]) -> Optional[Response]:
+    async def after_websocket(self, response: Response | None) -> Response | None:
         user = self.load_user()
         if self.mode == "bearer":
             if user.action != Action.PASS:
@@ -330,8 +331,8 @@ async def authenticated_client(
             token,
             path=self.cookie_path,
             domain=self.cookie_domain,
-            secure=cast(bool, self.cookie_secure),
-            httponly=cast(bool, self.cookie_http_only),
+            secure=self.cookie_secure,
+            httponly=self.cookie_http_only,
             samesite=self.cookie_samesite,
         )
         yield
@@ -342,7 +343,7 @@ async def authenticated_client(
             domain=self.cookie_domain,
         )
 
-    def _template_context(self) -> Dict[str, AuthUser]:
+    def _template_context(self) -> dict[str, AuthUser]:
         return {"current_user": self.load_user()}
 
 

src/quart_auth/globals.py

@@ -1,18 +1,14 @@
+from collections.abc import AsyncGenerator, Awaitable, Callable
 from contextlib import asynccontextmanager
 from functools import wraps
-from typing import AsyncGenerator, Awaitable, Callable, Optional, TypeVar
+from typing import ParamSpec, TypeVar
 
 from quart import current_app, Quart
 from quart.typing import TestClientProtocol
 from werkzeug.local import LocalProxy
 
 from .extension import Action, AuthUser, QuartAuth, Unauthorized
 
-try:
-    from typing import ParamSpec
-except ImportError:
-    from typing_extensions import ParamSpec
-
 T = TypeVar("T")
 P = ParamSpec("P")
 
@@ -24,7 +20,7 @@ def _load_user() -> AuthUser:
 current_user: AuthUser = LocalProxy(_load_user)  # type: ignore
 
 
-def _find_extension(app: Optional[Quart] = None) -> QuartAuth:
+def _find_extension(app: Quart | None = None) -> QuartAuth:
     if app is None:
         app = current_app
     extension = next(

tox.ini

@@ -1,5 +1,5 @@
 [tox]
-envlist = docs,format,mypy,py39,py310,py311,py312,py313,pep8,package
+envlist = docs,format,mypy,py310,py311,py312,py313,py314,pep8,package
 isolated_build = True
 
 [testenv]
@@ -11,7 +11,7 @@ deps =
 commands = pytest --cov=quart_auth {posargs}
 
 [testenv:docs]
-basepython = python3.13
+basepython = python3.14
 deps =
     pydata-sphinx-theme
     sphinx<6
@@ -20,7 +20,7 @@ commands =
     sphinx-build -W --keep-going -b html -d {envtmpdir}/doctrees docs/ docs/_build/html/
 
 [testenv:format]
-basepython = python3.13
+basepython = python3.14
 deps =
     black
     isort
@@ -29,23 +29,23 @@ commands =
     isort --check --diff src/quart_auth/ tests
 
 [testenv:pep8]
-basepython = python3.13
+basepython = python3.14
 deps =
     flake8
     pep8-naming
     flake8-print
 commands = flake8 src/quart_auth/ tests/
 
 [testenv:mypy]
-basepython = python3.13
+basepython = python3.14
 deps =
     mypy
     pytest
 commands =
     mypy src/quart_auth/ tests/
 
 [testenv:package]
-basepython = python3.13
+basepython = python3.14
 deps =
     pdm
     twine