Skip to content

Guards

litestar_auth.guards

Public authorization guard exports.

Guards enforce authentication and coarse account state (active, verified, superuser) on Litestar routes. They are intended for use in route guards= lists and compose with application-specific authorization policies.

is_active(connection, _handler)

Ensure the authenticated user is active.

Parameters:

Name Type Description Default
connection ASGIConnection[Any, Any, Any, Any]

Incoming ASGI connection (Litestar request scope).

 required
_handler BaseRouteHandler

Route handler being guarded; unused but required by Litestar guard signature.

 required

Raises:

Type Description
NotAuthorizedException

Raised when no authenticated user is attached to the connection.
PermissionDeniedException

Raised when the user does not expose guard account state, or is inactive.
Source code in litestar_auth/guards/_guards.py 
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
def is_active(
    connection: ASGIConnection[Any, Any, Any, Any],
    _handler: BaseRouteHandler,
) -> None:
    """Ensure the authenticated user is active.

    Args:
        connection: Incoming ASGI connection (Litestar request scope).
        _handler: Route handler being guarded; unused but required by Litestar guard signature.

    Raises:
        NotAuthorizedException: Raised when no authenticated user is attached to the connection.
        PermissionDeniedException: Raised when the user does not expose guard account state, or is
            inactive.
    """
    user = connection.user
    if user is None:
        msg = "Authentication credentials were not provided."
        raise NotAuthorizedException(detail=msg)

    guarded = _require_guarded_user(user)
    if guarded.is_active:
        return

    msg = "The authenticated user is inactive."
    raise PermissionDeniedException(detail=msg)

is_authenticated(connection, _handler)

Ensure the request has an authenticated user.

Parameters:

Name Type Description Default
connection ASGIConnection[Any, Any, Any, Any]

Incoming ASGI connection (Litestar request scope).

 required
_handler BaseRouteHandler

Route handler being guarded; unused but required by Litestar guard signature.

 required

Raises:

Type Description
NotAuthorizedException

Raised when no authenticated user is attached to the connection.
Source code in litestar_auth/guards/_guards.py 
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
def is_authenticated(
    connection: ASGIConnection[Any, Any, Any, Any],
    _handler: BaseRouteHandler,
) -> None:
    """Ensure the request has an authenticated user.

    Args:
        connection: Incoming ASGI connection (Litestar request scope).
        _handler: Route handler being guarded; unused but required by Litestar guard signature.

    Raises:
        NotAuthorizedException: Raised when no authenticated user is attached to the connection.
    """
    if connection.user is not None:
        return

    msg = "Authentication credentials were not provided."
    raise NotAuthorizedException(detail=msg)

is_superuser(connection, _handler)

Ensure the authenticated user has superuser privileges.

Parameters:

Name Type Description Default
connection ASGIConnection[Any, Any, Any, Any]

Incoming ASGI connection (Litestar request scope).

 required
_handler BaseRouteHandler

Route handler being guarded; unused but required by Litestar guard signature.

 required

Raises:

Type Description
NotAuthorizedException

Raised when no authenticated user is attached to the connection.
PermissionDeniedException

Raised when the user is missing account state, or lacks superuser privileges.
Source code in litestar_auth/guards/_guards.py 
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
def is_superuser(
    connection: ASGIConnection[Any, Any, Any, Any],
    _handler: BaseRouteHandler,
) -> None:
    """Ensure the authenticated user has superuser privileges.

    Args:
        connection: Incoming ASGI connection (Litestar request scope).
        _handler: Route handler being guarded; unused but required by Litestar guard signature.

    Raises:
        NotAuthorizedException: Raised when no authenticated user is attached to the connection.
        PermissionDeniedException: Raised when the user is missing account state, or lacks superuser
            privileges.
    """
    is_active(connection, _handler)
    user = connection.user
    if user is None:
        msg = "Authentication credentials were not provided."
        raise NotAuthorizedException(detail=msg)
    guarded = _require_guarded_user(user)
    if guarded.is_superuser:
        return

    msg = "The authenticated user does not have sufficient privileges."
    raise PermissionDeniedException(detail=msg)

is_verified(connection, _handler)

Ensure the authenticated user has a verified account.

Parameters:

Name Type Description Default
connection ASGIConnection[Any, Any, Any, Any]

Incoming ASGI connection (Litestar request scope).

 required
_handler BaseRouteHandler

Route handler being guarded; unused but required by Litestar guard signature.

 required

Raises:

Type Description
NotAuthorizedException

Raised when no authenticated user is attached to the connection.
PermissionDeniedException

Raised when the user is missing account state, or is unverified.
Source code in litestar_auth/guards/_guards.py 
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
def is_verified(
    connection: ASGIConnection[Any, Any, Any, Any],
    _handler: BaseRouteHandler,
) -> None:
    """Ensure the authenticated user has a verified account.

    Args:
        connection: Incoming ASGI connection (Litestar request scope).
        _handler: Route handler being guarded; unused but required by Litestar guard signature.

    Raises:
        NotAuthorizedException: Raised when no authenticated user is attached to the connection.
        PermissionDeniedException: Raised when the user is missing account state, or is unverified.
    """
    is_active(connection, _handler)
    user = connection.user
    if user is None:
        msg = "Authentication credentials were not provided."
        raise NotAuthorizedException(detail=msg)
    guarded = _require_guarded_user(user)
    if guarded.is_verified:
        return

    msg = "The authenticated user is not verified."
    raise PermissionDeniedException(detail=msg)