fix: reorder imports and use ty-compatible type suppression

src/porchlight/app.py

@@ -110,16 +110,16 @@ def create_app(settings: Settings | None = None) -> FastAPI:
     # Session middleware
     session_secret = settings.session_secret or secrets.token_hex(32)
     app.add_middleware(
-        CSRFMiddleware,
+        CSRFMiddleware,  # ty: ignore[invalid-argument-type]
         exempt_paths={"/token", "/userinfo"},
         check_origin=settings.issuer,
     )
     app.add_middleware(
-        SessionMiddleware,
+        SessionMiddleware,  # ty: ignore[invalid-argument-type]
         secret_key=session_secret,
         same_site="lax",
         https_only=settings.session_https_only,
-    )  # type: ignore[arg-type]
+    )
 
     # Templates
     templates = Jinja2Templates(directory=str(PACKAGE_DIR / "templates"))

tests/test_auth_routes/test_last_credential_guard.py

@@ -4,9 +4,9 @@ from datetime import UTC, datetime
 from argon2 import PasswordHasher
 from httpx import AsyncClient
 
-from tests.conftest import get_csrf_token
 from porchlight.authn.password import PasswordService
 from porchlight.models import PasswordCredential, User, WebAuthnCredential
+from tests.conftest import get_csrf_token
 
 
 async def _create_user_and_login(client: AsyncClient) -> str:

tests/test_auth_routes/test_manage_credentials_page.py

@@ -3,9 +3,9 @@ from datetime import UTC, datetime
 from argon2 import PasswordHasher
 from httpx import AsyncClient
 
-from tests.conftest import get_csrf_token
 from porchlight.authn.password import PasswordService
 from porchlight.models import PasswordCredential, User
+from tests.conftest import get_csrf_token
 
 
 async def _login(client: AsyncClient, username: str = "alice", password: str = "testpass") -> None:

tests/test_auth_routes/test_manage_password_credential.py

@@ -3,9 +3,9 @@ from datetime import UTC, datetime
 from argon2 import PasswordHasher
 from httpx import AsyncClient
 
-from tests.conftest import get_csrf_token
 from porchlight.authn.password import PasswordService
 from porchlight.models import PasswordCredential, User, WebAuthnCredential
+from tests.conftest import get_csrf_token
 
 
 async def _create_user_and_login(client: AsyncClient) -> str:

tests/test_auth_routes/test_manage_webauthn_credential.py

@@ -17,9 +17,9 @@ from fido2.webauthn import (
 )
 from httpx import AsyncClient
 
-from tests.conftest import get_csrf_token
 from porchlight.authn.password import PasswordService
 from porchlight.models import PasswordCredential, User, WebAuthnCredential
+from tests.conftest import get_csrf_token
 
 RP_ID = "localhost"
 ORIGIN = "http://localhost:8000"

tests/test_auth_routes/test_password_login.py

@@ -3,9 +3,9 @@ from datetime import UTC, datetime
 from argon2 import PasswordHasher
 from httpx import AsyncClient
 
-from tests.conftest import get_csrf_token
 from porchlight.authn.password import PasswordService
 from porchlight.models import PasswordCredential, User
+from tests.conftest import get_csrf_token
 
 
 async def test_password_login_unknown_user_returns_error_fragment(client: AsyncClient) -> None:

tests/test_auth_routes/test_webauthn_login.py

@@ -6,8 +6,8 @@ from fido2.cose import ES256
 from fido2.webauthn import Aaguid, AttestedCredentialData
 from httpx import AsyncClient
 
-from tests.conftest import get_csrf_token
 from porchlight.models import User, WebAuthnCredential
+from tests.conftest import get_csrf_token
 
 RP_ID = "localhost"
 ORIGIN = "http://localhost:8000"

tests/test_oidc/test_consent_flow.py

@@ -5,9 +5,9 @@ from urllib.parse import parse_qs, urlparse
 from argon2 import PasswordHasher
 from httpx import AsyncClient
 
-from tests.conftest import get_csrf_token
 from porchlight.authn.password import PasswordService
 from porchlight.models import PasswordCredential, User
+from tests.conftest import get_csrf_token
 
 
 async def test_authorization_shows_consent_for_new_client(client: AsyncClient) -> None:

tests/test_oidc/test_e2e_flow.py

@@ -9,9 +9,9 @@ from cryptojwt.jwk.jwk import key_from_jwk_dict
 from cryptojwt.jws.jws import JWS
 from httpx import AsyncClient
 
-from tests.conftest import get_csrf_token
 from porchlight.authn.password import PasswordService
 from porchlight.models import PasswordCredential, User
+from tests.conftest import get_csrf_token
 
 
 async def test_full_authorization_code_flow(client: AsyncClient) -> None:

tests/test_oidc/test_login_oidc_redirect.py

@@ -4,9 +4,9 @@ from datetime import UTC, datetime
 from argon2 import PasswordHasher
 from httpx import AsyncClient
 
-from tests.conftest import get_csrf_token
 from porchlight.authn.password import PasswordService
 from porchlight.models import PasswordCredential, User
+from tests.conftest import get_csrf_token
 
 
 def _register_test_client(client: AsyncClient) -> None:

tests/test_oidc/test_token.py

@@ -6,9 +6,9 @@ from urllib.parse import parse_qs, urlparse
 from argon2 import PasswordHasher
 from httpx import AsyncClient
 
-from tests.conftest import get_csrf_token
 from porchlight.authn.password import PasswordService
 from porchlight.models import PasswordCredential, User
+from tests.conftest import get_csrf_token
 
 
 def _register_test_client(client: AsyncClient) -> str:

tests/test_oidc/test_userinfo.py

@@ -6,9 +6,9 @@ from urllib.parse import parse_qs, urlparse
 from argon2 import PasswordHasher
 from httpx import AsyncClient
 
-from tests.conftest import get_csrf_token
 from porchlight.authn.password import PasswordService
 from porchlight.models import PasswordCredential, User
+from tests.conftest import get_csrf_token
 
 
 def _register_test_client(client: AsyncClient) -> str: