Django registration and authentication with GraphQL.

Overview

Django GraphQL Auth

Django registration and authentication with GraphQL.

Codecov Coverage Build Status Pypi Documentation Status contributions welcome

Demo

Demo Video

About

Abstract all the basic logic of handling user accounts out of your app, so you don't need to think about it and can get up and running faster.

No lock-in. When you are ready to implement your own code or this package is not up to your expectations , it's easy to extend or switch to your implementation.

Documentation

Documentation is available at read the docs.

Features

  • Awesome docs 🎉
  • Fully compatible with Relay
  • Works with default or custom user model
  • JWT authentication (with Django GraphQL JWT)
  • User query with filters (with Django Filter and Graphene Django)
  • User registration with email verification
  • Add secondary email, with email verification too
  • Resend activation email
  • Retrieve/Update user
  • Archive user
  • Permanently delete user or make it inactive
  • Turn archived user active again on login
  • Track user status (archived, verified, secondary email)
  • Password change
  • Password reset through email
  • Revoke user refresh tokens on account archive/delete/password change/reset
  • All mutations return success and errors
  • Default email templates (you will customize though)
  • Customizable, no lock-in

Full Schema

import graphene

from graphql_auth.schema import UserQuery, MeQuery
from graphql_auth import mutations

class AuthMutation(graphene.ObjectType):
    register = mutations.Register.Field()
    verify_account = mutations.VerifyAccount.Field()
    resend_activation_email = mutations.ResendActivationEmail.Field()
    send_password_reset_email = mutations.SendPasswordResetEmail.Field()
    password_reset = mutations.PasswordReset.Field()
    password_set = mutations.PasswordSet.Field() # For passwordless registration
    password_change = mutations.PasswordChange.Field()
    update_account = mutations.UpdateAccount.Field()
    archive_account = mutations.ArchiveAccount.Field()
    delete_account = mutations.DeleteAccount.Field()
    send_secondary_email_activation =  mutations.SendSecondaryEmailActivation.Field()
    verify_secondary_email = mutations.VerifySecondaryEmail.Field()
    swap_emails = mutations.SwapEmails.Field()
    remove_secondary_email = mutations.RemoveSecondaryEmail.Field()

    # django-graphql-jwt inheritances
    token_auth = mutations.ObtainJSONWebToken.Field()
    verify_token = mutations.VerifyToken.Field()
    refresh_token = mutations.RefreshToken.Field()
    revoke_token = mutations.RevokeToken.Field()


class Query(UserQuery, MeQuery, graphene.ObjectType):
    pass


class Mutation(AuthMutation, graphene.ObjectType):
    pass


schema = graphene.Schema(query=Query, mutation=Mutation)

Relay

Import mutations from the relay module:

from graphql_auth import relay

class AuthMutation(graphene.ObjectType):
   register = relay.Register.Field()
   # ...

Example

Handling user accounts becomes super easy.

mutation {
  register(
    email: "[email protected]",
    username: "new_user",
    password1: "123456super",
    password2: "123456super",
  ) {
    success,
    errors,
    token,
    refreshToken
  }
}

Check the status of the new user:

u = UserModel.objects.last()
u.status.verified
# False

During the registration, an email with a verification link was sent.

mutation {
  verifyAccount(
    token:"<TOKEN ON EMAIL LINK>",
  ) {
    success,
    errors
  }
}

Now user is verified.

u.status.verified
# True

Check the installation guide or jump to the quickstart. Or if you prefer, browse the api.

Contributing

See CONTRIBUTING.md

Comments
  • Add

    Add "me" query

    It would be useful to have a "me" query where the client gets the details of the logged-in user (sending a JWT). The client doesn't have to store the ID in that case.

    This could be done with something like this I think:

    def resolve_me(self, info):
      user = info.context.user
      if user.is_anonymous:
        raise GraphQLError('Not logged in!')
    

    What do you think?

    enhancement good first issue 
    opened by pors 14
  • Support django-graphql-jwt==0.3.1? Maybe resolve issue with info.context.user (permission)

    Support django-graphql-jwt==0.3.1? Maybe resolve issue with info.context.user (permission)

    I try to get id with other model than user (or extend user model) I use

    @login_required
        def resolve_posts_partner(self, info):
            print(info.context.user.id, 'my user partner id')
            return Post.objects.order_by('-updated_at').filter(partner_id=info.context.user.id)
    

    and I have image

    When i delete @login_required

    I have image

    problem with info.context.user.id

    Maybe who help me?

    opened by patrykKlimczak 8
  • Feature/async email support

    Feature/async email support

    This PR follows the guides from https://github.com/PedroBern/django-graphql-auth/issues/11 Adds ASYNC_EMAIL_TASK setting to settings.

    In mixins.py first, if ASYNC_EMAIL_TASK setting is defined and it's a string, will be imported in top. Then before sending each email, first it's checked if the async function is defined and if it is, call the function with the email send function and it's arguments, else just send the email.

    This is done for:

    1. Send activation email
    2. Resend Activation Email
    3. Password reset
    4. Secondary email activation

    Right now when I run tests, there's no test case for async functions, so either a test case needs to be provided, or we need to add async email support in the example app.

    @PedroBern please review and let me know what you think.

    opened by bzhr 8
  • In case of wrong password: Cannot return null for non-nullable field ObtainJSONWebToken.token.

    In case of wrong password: Cannot return null for non-nullable field ObtainJSONWebToken.token."

    Execution of graphql_auth.mutations.ObtainJSONWebToken with wrong credentials leads to error in case if "token" is in requested fields. If just the "success" field requested - everything works fine. image

    opened by 124bit 8
  • Can't exclude user node fields

    Can't exclude user node fields "id" and "pk"

    I have this setting:

    "USER_NODE_EXCLUDE_FIELDS": ["password", "is_superuser", "id", "pk"]

    And I get this warning:

    .../graphene_django/types.py:103: UserWarning: Excluding the custom field "id" on DjangoObjectType "UserNode" has no effect. Either remove the custom field or remove the field from the "exclude" list.
    

    And the same for pk.

    bug 
    opened by pors 8
  • Async email support

    Async email support

    Currently, all emails are sent in the mixins.py but would be great to have async support.

    I think the easiest way to make an optional plug and play support would be creating a new setting to enter a function that wraps each send email call.

    Actually it's not an async email support, but make easy to integrate with your own async solution.

    # settings
    EMAIL_ASYNC_TASK = None
    

    Then it accepts a function path"

    EMAIL_ASYNC_TASK: "path/to/task"
    

    The task need to accept the email send function and its arguments, usage with celery would be something like this:

    from celery import task
     
    @task
    def graphql_auth_async_email(func, *args):
        """
        Task to send an e-mail for the graphql_auth package
        """
     
        return func(*args)
    

    Then, in the mixins.py, we need to change all send email calls, for example:

    # from
    user.status.send_activation_email(info)
    
    # to
    if app_settings.EMAIL_ASYNC_TASK:
        app_settings.EMAIL_ASYNC_TASK(user.status.send_activation_email, info)
    else:
        user.status.send_activation_email(info)
    

    Of course, to make this work we must import the function from its path in the settings.py, probably using:

    from django.utils.module_loading import import_string
    
    enhancement good first issue 
    opened by PedroBern 8
  • Graphql login does not return token

    Graphql login does not return token

    When I try to log in and it does not return a JSON Token

    mutation { tokenAuth(email: "[email protected]", password: "oldskool123") { success, errors, unarchiving, token, refreshToken, unarchiving,

    } }

    { "data": { "tokenAuth": { "success": false, "errors": { "nonFieldErrors": [ { "message": "Please, enter valid credentials.", "code": "invalid_credentials" } ] }, "unarchiving": false, "token": null } } }

    opened by udemezue01 7
  •  Found different types with the same name in the schema: ErrorType, ErrorType.

    Found different types with the same name in the schema: ErrorType, ErrorType.

    I have installed django-graphql-auth with the latest version of graphene-django, but I get the above error because of duplicate types with the same name. ErrorType in graphql_auth/types.py clashes with ErrorType in graphene_django/types.py. I want to use this package in a project, but this here is blocking me.

    bug 
    opened by KINGH242 7
  • User has no status error.

    User has no status error.

    I follow the Quickstart guide and the query

    query {
      users {
        edges {
          node {
            id,
            username,
            archived,
            verified,
            email,
            secondaryEmail,
          }
        }
      }
    }
    

    triggers the following error:

    ERROR 2020-02-24 18:10:10,231 utils 26762 123145366966272 Traceback (most recent call last):
      File "/Users/mark/.pyenv/versions/ve381/lib/python3.8/site-packages/promise/promise.py", line 489, in _resolve_from_executor
        executor(resolve, reject)
      File "/Users/mark/.pyenv/versions/ve381/lib/python3.8/site-packages/promise/promise.py", line 756, in executor
        return resolve(f(*args, **kwargs))
      File "/Users/mark/.pyenv/versions/ve381/lib/python3.8/site-packages/graphql/execution/middleware.py", line 75, in make_it_promise
        return next(*args, **kwargs)
      File "/Users/mark/.pyenv/versions/ve381/lib/python3.8/site-packages/graphql_auth/schema.py", line 26, in resolve_archived
        return self.status.archived
      File "/Users/mark/.pyenv/versions/ve381/lib/python3.8/site-packages/django/db/models/fields/related_descriptors.py", line 420, in __get__
        raise self.RelatedObjectDoesNotExist(
    graphql.error.located_error.GraphQLLocatedError: User has no status.
    

    The graphql result is:

    {
      "errors": [
        {
          "message": "User has no status.",
          "locations": [
            {
              "line": 37,
              "column": 9
            }
          ],
          "path": [
            "users",
            "edges",
            0,
            "node",
            "archived"
          ]
        },
        {
          "message": "User has no status.",
          "locations": [
            {
              "line": 38,
              "column": 9
            }
          ],
          "path": [
            "users",
            "edges",
            0,
            "node",
            "verified"
          ]
        },
        {
          "message": "User has no status.",
          "locations": [
            {
              "line": 40,
              "column": 9
            }
          ],
          "path": [
            "users",
            "edges",
            0,
            "node",
            "secondaryEmail"
          ]
        },
        {
          "message": "User has no status.",
          "locations": [
            {
              "line": 37,
              "column": 9
            }
          ],
          "path": [
            "users",
            "edges",
            1,
            "node",
            "archived"
          ]
        },
        {
          "message": "User has no status.",
          "locations": [
            {
              "line": 38,
              "column": 9
            }
          ],
          "path": [
            "users",
            "edges",
            1,
            "node",
            "verified"
          ]
        },
        {
          "message": "User has no status.",
          "locations": [
            {
              "line": 40,
              "column": 9
            }
          ],
          "path": [
            "users",
            "edges",
            1,
            "node",
            "secondaryEmail"
          ]
        },
        {
          "message": "User has no status.",
          "locations": [
            {
              "line": 37,
              "column": 9
            }
          ],
          "path": [
            "users",
            "edges",
            2,
            "node",
            "archived"
          ]
        },
        {
          "message": "User has no status.",
          "locations": [
            {
              "line": 38,
              "column": 9
            }
          ],
          "path": [
            "users",
            "edges",
            2,
            "node",
            "verified"
          ]
        },
        {
          "message": "User has no status.",
          "locations": [
            {
              "line": 40,
              "column": 9
            }
          ],
          "path": [
            "users",
            "edges",
            2,
            "node",
            "secondaryEmail"
          ]
        }
      ],
      "data": {
        "users": {
          "edges": [
            {
              "node": {
                "id": "VXNlck5vZGU6MQ==",
                "username": "admin",
                "archived": null,
                "verified": null,
                "email": "***",
                "secondaryEmail": null
              }
            },
            {
              "node": {
                "id": "VXNlck5vZGU6Mg==",
                "username": "mark",
                "archived": null,
                "verified": null,
                "email": "***",
                "secondaryEmail": null
              }
            },
            {
              "node": {
                "id": "VXNlck5vZGU6Mw==",
                "username": "user1",
                "archived": null,
                "verified": null,
                "email": "[email protected]",
                "secondaryEmail": null
              }
            },
            {
              "node": {
                "id": "VXNlck5vZGU6NA==",
                "username": "user2",
                "archived": false,
                "verified": true,
                "email": "[email protected]",
                "secondaryEmail": null
              }
            },
            {
              "node": {
                "id": "VXNlck5vZGU6NQ==",
                "username": "user3",
                "archived": true,
                "verified": true,
                "email": "[email protected]",
                "secondaryEmail": null
              }
            },
            {
              "node": {
                "id": "VXNlck5vZGU6Ng==",
                "username": "user4",
                "archived": false,
                "verified": true,
                "email": "[email protected]",
                "secondaryEmail": "[email protected]"
              }
            },
            {
              "node": {
                "id": "VXNlck5vZGU6Nw==",
                "username": "new",
                "archived": false,
                "verified": false,
                "email": "",
                "secondaryEmail": null
              }
            }
          ]
        }
      }
    }
    

    So both an error and a data response. I already had two users and added the fixtures.

    Note that I use a custom user table: users_user, which I have set in the settings as AUTH_USER_MODEL = "users.User". I also changed that in the users.json file.

    Could you please help me to debug this?

    opened by pors 7
  • Unknown field(s) (username) specified for User

    Unknown field(s) (username) specified for User

    I get this error when I implement this into my existing custom user model that does not have a username field attached to it. my custom user model only supports email, full name and password.

    Environment:

    Request Method: GET Request URL: http://127.0.0.1:8000/

    Django Version: 2.2.9 Python Version: 3.8.3 Installed Applications: ['django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'django.contrib.sites', 'accounts', 'post', 'comment', 'userprofile', 'job', 'schedule', 'hashtag', 'billing', 'corsheaders', 'graphene_django', 'django_fsm_log', 'subscriptions.apps.SubscriptionsConfig', 'graphql_auth'] Installed Middleware: ['django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware']

    Traceback:

    File "C:\Users\Udemezue\Desktop\resume-backend\env\lib\site-packages\django\core\handlers\exception.py" in inner 34. response = get_response(request)

    File "C:\Users\Udemezue\Desktop\resume-backend\env\lib\site-packages\django\core\handlers\base.py" in _get_response 115. response = self.process_exception_by_middleware(e, request)

    File "C:\Users\Udemezue\Desktop\resume-backend\env\lib\site-packages\django\core\handlers\base.py" in _get_response 113. response = wrapped_callback(request, *callback_args, **callback_kwargs)

    File "C:\Users\Udemezue\Desktop\resume-backend\env\lib\site-packages\django\views\decorators\csrf.py" in wrapped_view 54. return view_func(*args, **kwargs)

    File "C:\Users\Udemezue\Desktop\resume-backend\env\lib\site-packages\django\views\generic\base.py" in view 62. self = cls(**initkwargs)

    File "C:\Users\Udemezue\Desktop\resume-backend\env\lib\site-packages\graphene_django\views.py" in init 79. schema = graphene_settings.SCHEMA

    File "C:\Users\Udemezue\Desktop\resume-backend\env\lib\site-packages\graphene_django\settings.py" in getattr 117. val = perform_import(val, attr)

    File "C:\Users\Udemezue\Desktop\resume-backend\env\lib\site-packages\graphene_django\settings.py" in perform_import 56. return import_from_string(val, setting_name)

    File "C:\Users\Udemezue\Desktop\resume-backend\env\lib\site-packages\graphene_django\settings.py" in import_from_string 70. module = importlib.import_module(module_path)

    File "C:\Users\Udemezue\AppData\Local\Programs\Python\Python38-32\lib\importlib_init_.py" in import_module 127. return _bootstrap._gcd_import(name[level:], package, level)

    File "" in _gcd_import 1014.

    File "" in _find_and_load 991.

    File "" in _find_and_load_unlocked 975.

    File "" in _load_unlocked 671.

    File "" in exec_module 783.

    File "" in _call_with_frames_removed 219.

    File "C:\Users\Udemezue\Desktop\resume-backend\src\resume\resume\graph\schema.py" in 45. from graphql_auth import mutations

    File "C:\Users\Udemezue\Desktop\resume-backend\env\lib\site-packages\graphql_auth\mutations.py" in 5. from .mixins import (

    File "C:\Users\Udemezue\Desktop\resume-backend\env\lib\site-packages\graphql_auth\mixins.py" in 15. from .forms import RegisterForm, EmailForm, UpdateAccountForm

    File "C:\Users\Udemezue\Desktop\resume-backend\env\lib\site-packages\graphql_auth\forms.py" in 9. class RegisterForm(UserCreationForm):

    File "C:\Users\Udemezue\Desktop\resume-backend\env\lib\site-packages\django\forms\models.py" in new 266. raise FieldError(message)

    Exception Type: FieldError at / Exception Value: Unknown field(s) (username) specified for User

    opened by udemezue01 6
  • Customize error output

    Customize error output

    Hi, This is just a question, is there an easy way to customize error output of mutations ? I would like it to be the same as the rest of my API Because I tried quickly with inheritance and I got MRO errors. Thanks !

    enhancement question 
    opened by boolangery 6
  • psycopg2.errors.UndefinedTable: relation

    psycopg2.errors.UndefinedTable: relation "graphql_auth_userstatus" does not exist

    Prerequisites

    • [ ] Is it a bug?
    • [ ] Is it a new feature?
    • [X] Is it a a question?
    • [X] Can you reproduce the problem?
    • [X] Are you running the latest version?
    • [X] Did you check for similar issues?
    • [ ] Did you perform a cursory search?

    For more information, see the CONTRIBUTING guide.

    Description

    I followed the related procedures and installed Django-GraphQL-Auth from quickstart. After installing django-graphql-auth and running python manage.py migrate, I experienced this issue. Relation graphql_auth_userstatus does not exist.

    Steps to Reproduce

    If we need to reproduce and you don't provide steps for it, it will be closed. Alternatively, you can link a repo with the code to run your issue.

    1. [First Step] -- pip install django-graphql-auth
    2. [Second Step] -- adding graphql_auth to the Installed_apps of setting.py.
    3. [and so on...] -- python manage.py migrate

    Expected behavior

    What you expected to happen

    Actual behavior

    What actually happened

    Requirements

    Paste the packages you are using, you can get this information from executing pip freeze.

    opened by Fujeng 0
  • "Please, enter valid credentials."

    After requesting: mutation { tokenAuth(email: "new_user", password: "supersecretpassword") { success, errors, unarchiving, token, refreshToken, unarchiving, user { id, username, } } }

    I'm getting: { "data": { "tokenAuth": { "success": false, "errors": { "nonFieldErrors": [ { "message": "Please, enter valid credentials.", "code": "invalid_credentials" } ] }, "token": null, "refreshToken": null, "user": null } } }

    When I log in to the admin with these credentials everything works fine.

    Help?

    I have a custom user class that looks like that: class User(AbstractUser): objects = UserManager() REQUIRED_FIELDS = [] USERNAME_FIELD = "email" username = None email = models.EmailField("email address", blank=False, null=False, unique=True)

    opened by gneyal 0
  • How to let users update thier own user profiles with token?

    How to let users update thier own user profiles with token?

    I want users to update thier own user profiles so I used "updateAccount" as shown below but, the error "Unauthenticated" occurred even though the account is verified and logged in. :

    mutation {
      updateAccount(
        firstName: "John"
      ) {
        success,
        errors
      }
    }
    

    So, I added "token" as shown below but the error "Unknown argument "token" on field "updateAccount" of type "Mutation"." occurred:

    mutation {
      updateAccount(
        token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6ImthenlhLml0by5kcmVhbUBnbWFpbC5jb20iLCJleHAiOjE2NTM4NzY0NDgsIm9yaWdJYXQiOjE2NTM4NzYxNDh9.2yyp9k86V_0AoiPJFmxTE6__-q1n4cWNysOw8bNIDqA"
        firstName: "John"
      ) {
        success,
        errors
      }
    }
    

    Are there any ways to let users to update thier own user profiles?

    opened by timytomy 0
  • Bump pyjwt from 1.7.1 to 2.4.0

    Bump pyjwt from 1.7.1 to 2.4.0

    Bumps pyjwt from 1.7.1 to 2.4.0.

    Release notes

    Sourced from pyjwt's releases.

    2.4.0

    Security

    What's Changed

    New Contributors

    Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0

    2.3.0

    What's Changed

    ... (truncated)

    Changelog

    Sourced from pyjwt's changelog.

    v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__

    Security

    
    - [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
    

    Changed

    
    - Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713
    - Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742
    

    Fixed

    
    - Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
    - documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661
    - fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729
    - Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743
    
    Added
    
    • Add support for Python 3.10 by @hugovk in https://github.com/jpadilla/pyjwt/pull/699
    • api_jwk: Add PyJWKSet.getitem by @woodruffw in https://github.com/jpadilla/pyjwt/pull/725
    • Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
    • Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
    • Fixed typo in usage.rst by @israelabraham in https://github.com/jpadilla/pyjwt/pull/738
    • Add detached payload support for JWS encoding and decoding by @fviard in https://github.com/jpadilla/pyjwt/pull/723
    • Replace various string interpolations with f-strings by @akx in https://github.com/jpadilla/pyjwt/pull/744
    • Update CHANGELOG.rst by @hipertracker in https://github.com/jpadilla/pyjwt/pull/751

    v2.3.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&amp;gt;__

    Fixed

    
    - Revert &amp;quot;Remove arbitrary kwargs.&amp;quot; `[#701](https://github.com/jpadilla/pyjwt/issues/701) &amp;lt;https://github.com/jpadilla/pyjwt/pull/701&amp;gt;`__
    
    Added
    
    • Add exception chaining [#702](https://github.com/jpadilla/pyjwt/issues/702) &amp;lt;https://github.com/jpadilla/pyjwt/pull/702&amp;gt;__

    v2.2.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&amp;gt;__

    &lt;/tr&gt;&lt;/table&gt; </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary>

    <ul> <li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653"><code>83ff831</code></a> chore: update changelog</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9"><code>4c1ce8f</code></a> chore: update changelog</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea"><code>96f3f02</code></a> fix: failing advisory test</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc"><code>9c52867</code></a> Merge pull request from GHSA-ffqj-6fqr-9h24</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc"><code>24b29ad</code></a> Update CHANGELOG.rst (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/751">#751</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f"><code>31f5acb</code></a> Replace various string interpolations with f-strings (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/744">#744</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda"><code>5581a31</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/748">#748</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6"><code>3d4d822</code></a> Don't mutate options dictionary in .decode_complete() (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/743">#743</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613"><code>1f1fe15</code></a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e"><code>35fa28e</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/740">#740</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/1.7.1...2.4.0">compare view</a></li> </ul> </details>

    <br />

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump pyjwt from 1.7.1 to 2.4.0 in /quickstart

    Bump pyjwt from 1.7.1 to 2.4.0 in /quickstart

    Bumps pyjwt from 1.7.1 to 2.4.0.

    Release notes

    Sourced from pyjwt's releases.

    2.4.0

    Security

    What's Changed

    New Contributors

    Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0

    2.3.0

    What's Changed

    ... (truncated)

    Changelog

    Sourced from pyjwt's changelog.

    v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__

    Security

    
    - [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
    

    Changed

    
    - Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713
    - Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742
    

    Fixed

    
    - Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
    - documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661
    - fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729
    - Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743
    
    Added
    
    • Add support for Python 3.10 by @hugovk in https://github.com/jpadilla/pyjwt/pull/699
    • api_jwk: Add PyJWKSet.getitem by @woodruffw in https://github.com/jpadilla/pyjwt/pull/725
    • Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
    • Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
    • Fixed typo in usage.rst by @israelabraham in https://github.com/jpadilla/pyjwt/pull/738
    • Add detached payload support for JWS encoding and decoding by @fviard in https://github.com/jpadilla/pyjwt/pull/723
    • Replace various string interpolations with f-strings by @akx in https://github.com/jpadilla/pyjwt/pull/744
    • Update CHANGELOG.rst by @hipertracker in https://github.com/jpadilla/pyjwt/pull/751

    v2.3.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&amp;gt;__

    Fixed

    
    - Revert &amp;quot;Remove arbitrary kwargs.&amp;quot; `[#701](https://github.com/jpadilla/pyjwt/issues/701) &amp;lt;https://github.com/jpadilla/pyjwt/pull/701&amp;gt;`__
    
    Added
    
    • Add exception chaining [#702](https://github.com/jpadilla/pyjwt/issues/702) &amp;lt;https://github.com/jpadilla/pyjwt/pull/702&amp;gt;__

    v2.2.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&amp;gt;__

    &lt;/tr&gt;&lt;/table&gt; </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary>

    <ul> <li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653"><code>83ff831</code></a> chore: update changelog</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9"><code>4c1ce8f</code></a> chore: update changelog</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea"><code>96f3f02</code></a> fix: failing advisory test</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc"><code>9c52867</code></a> Merge pull request from GHSA-ffqj-6fqr-9h24</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc"><code>24b29ad</code></a> Update CHANGELOG.rst (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/751">#751</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f"><code>31f5acb</code></a> Replace various string interpolations with f-strings (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/744">#744</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda"><code>5581a31</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/748">#748</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6"><code>3d4d822</code></a> Don't mutate options dictionary in .decode_complete() (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/743">#743</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613"><code>1f1fe15</code></a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e"><code>35fa28e</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/740">#740</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/1.7.1...2.4.0">compare view</a></li> </ul> </details>

    <br />

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • django-graphql-auth is not compatible with Django 4.0 because it doesn't require the latest version of django-graphql-jwt

    django-graphql-auth is not compatible with Django 4.0 because it doesn't require the latest version of django-graphql-jwt

    Prerequisites

    • [x] Is it a bug?
    • [ ] Is it a new feature?
    • [ ] Is it a a question?
    • [x] Can you reproduce the problem?
    • [x] Are you running the latest version? (0.3.16)
    • [x] Did you check for similar issues?
    • [ ] Did you perform a cursory search?

    Description

    I am running Django 4.0.4 and I am unable to use the latest version of django-graphql-jwt which is 0.3.4 (which is the compatible version with Django 4.0, see this issue and this stackoverflow question for more info) because django-graphql-auth requires django-graphql-jwt==0.3.0 as seen in the following error message when I try to run pip install -r requirements.txt:

    ERROR: Cannot install -r requirements.txt (line 11) and django-graphql-jwt==0.3.4 because these package versions have conflicting dependencies.
    
    The conflict is caused by:
        The user requested django-graphql-jwt==0.3.4
        django-graphql-auth 0.3.16 depends on django-graphql-jwt==0.3.0
    
    To fix this you could try to:
    1. loosen the range of package versions you've specified
    2. remove package versions to allow pip attempt to solve the dependency conflict
    
    

    Steps to Reproduce

    1. Start a Django project with Django 4.0 in requirements.txt
    2. Add django-graphql-jwt==0.3.4 to your requirements.txt
    3. Add the latest version of django-graphql-auth to your requirements.txt
    4. Run pip install -r requirements.txt

    Expected behavior

    Compatibility with Django 4.0 by requiring the latest version of django-graphql-jwt==0.3.4

    Actual behavior

    Pip install fails with the following error message:

    
    ERROR: Cannot install -r requirements.txt (line 11) and django-graphql-jwt==0.3.4 because these package versions have conflicting dependencies.
    
    The conflict is caused by:
        The user requested django-graphql-jwt==0.3.4
        django-graphql-auth 0.3.16 depends on django-graphql-jwt==0.3.0
    
    To fix this you could try to:
    1. loosen the range of package versions you've specified
    2. remove package versions to allow pip attempt to solve the dependency conflict
    
    

    Requirements

    aniso8601==7.0.0
    asgiref==3.5.1
    asn1crypto==1.5.1
    certifi==2021.10.8
    charset-normalizer==2.0.12
    dj-database-url==0.5.0
    Django==4.0.4
    django-cors-headers==3.11.0
    django-environ==0.8.1
    django-filter==21.1
    django-graphql-auth==0.3.16
    django-graphql-jwt==0.3.4
    django-picklefield==3.0.1
    graphene==3.0
    graphene-django==3.0.0b7
    graphql-core==3.1.7
    graphql-relay==3.1.5
    gunicorn==20.1.0
    idna==3.3
    oauthlib==3.2.0
    promise==2.3
    psycopg2-binary==2.9.3
    PyJWT==1.7.1
    pytz==2022.1
    pyuwsgi==2.0.20
    requests==2.27.1
    requests-oauthlib==1.3.1
    Rx==1.6.1
    singledispatch==3.7.0
    six==1.16.0
    sqlparse==0.4.2
    text-unidecode==1.3
    tzdata==2022.1
    urllib3==1.26.9
    whitenoise==6.1.0
    
    opened by MahmoudMousaHamad 5
Owner
pedrobern
Fullstack dev with React/RN, Expo, Hasura, Firebase, Typescript, PSQL, Relay, and GraphQL.
pedrobern
This is a minimal project using graphene with django and user authentication to expose a graphql endpoint.

Welcome This is a minimal project using graphene with django and user authentication to expose a graphql endpoint. Definitely checkout how I have mana

yosef salmalian 1 Nov 18, 2021
GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations

BatchQL BatchQL is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is not complex, and

Assetnote 267 Dec 24, 2022
This is a graphql api build using ariadne python that serves a graphql-endpoint at port 3002 to perform language translation and identification using deep learning in python pytorch.

Language Translation and Identification this machine/deep learning api that will be served as a graphql-api using ariadne, to perform the following ta

crispengari 2 Dec 30, 2021
MGE-GraphQL is a Python library for building GraphQL mutations fast and easily

MGE-GraphQL Introduction MGE-GraphQL is a Python library for building GraphQL mutations fast and easily. Data Validations: A similar data validation w

MGE Software 4 Apr 23, 2022
A Python 3.6+ port of the GraphQL.js reference implementation of GraphQL.

GraphQL-core 3 GraphQL-core 3 is a Python 3.6+ port of GraphQL.js, the JavaScript reference implementation for GraphQL, a query language for APIs crea

GraphQL Python 458 Dec 13, 2022
(Now finding maintainer) 🐍A Pythonic way to provide JWT authentication for Flask-GraphQL

Flask-GraphQL-Auth What is Flask-GraphQL-Auth? Flask-GraphQL-Auth is JWT decorator for flask-graphql inspired from Flask-JWT-Extended. all you have to

Seonghyeon Kim 64 Feb 19, 2022
Django Project with Rest and Graphql API's

Django-Rest-and-Graphql # 1. Django Project Setup With virtual environment: mkdir {project_name}. To install virtual Environment sudo apt-get install

Shubham Agrawal 5 Nov 22, 2022
Integrate GraphQL into your Django project.

Graphene-Django A Django integration for Graphene. ?? Join the community on Slack Documentation Visit the documentation to get started! Quickstart For

GraphQL Python 4k Dec 31, 2022
Django GraphQL To Do List Application

Django GraphQL Simple ToDo HOW TO RUN just run the following instructions: python -m venv venv pip install -r requirements.txt source venv/bin/activat

pedram shahsafi 1 Nov 13, 2021
Django GraphQL User Management

Django GraphQL User Management An app that explores User management with GraphQL using Graphene in Django. Topics covered: Login. Log Out. Authenticat

0101 Solutions 4 Feb 22, 2022
GraphQL is a query language and execution engine tied to any backend service.

GraphQL The GraphQL specification is edited in the markdown files found in /spec the latest release of which is published at https://graphql.github.io

GraphQL 14k Jan 1, 2023
Generate a FullStack Playground using GraphQL and FastAPI 🚀

FastQL - FastAPI GraphQL Playground Generate a FullStack playground using FastAPI and GraphQL and Ariadne ?? . This Repository is based on this Articl

OBytes 109 Dec 23, 2022
🔪 Facebook Messenger to email bridge based on reverse engineered auth and GraphQL APIs.

Unzuckify This repository has a small Python application which allows me to receive an email notification when somebody sends me a Facebook message. W

Radon Rosborough 33 Dec 18, 2022
Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce.

Graphinder Graphinder is a tool that extracts all GraphQL endpoints from a given domain. Run with docker docker run -it -v $(pwd):/usr/bin/graphinder

Escape 76 Dec 28, 2022
A plug and play GraphQL API for Wagtail, powered by Strawberry 🍓

Strawberry Wagtail ?? A plug and play GraphQL API for Wagtail, powered by Strawberry ?? ⚠️ Strawberry wagtail is currently experimental, please report

Patrick Arminio 27 Nov 27, 2022
GraphQL framework for Python

Graphene ?? Join the community on Slack We are looking for contributors! Please check the ROADMAP to see how you can help ❤️ The below readme is the d

GraphQL Python 7.5k Jan 1, 2023
tartiflette-aiohttp is a wrapper of aiohttp which includes the Tartiflette GraphQL Engine, do not hesitate to take a look of the Tartiflette project.

tartiflette-aiohttp is a wrapper of aiohttp which includes the Tartiflette GraphQL Engine. You can take a look at the Tartiflette API documentation. U

tartiflette 60 Nov 8, 2022
ASGI support for the Tartiflette GraphQL engine

tartiflette-asgi is a wrapper that provides ASGI support for the Tartiflette Python GraphQL engine. It is ideal for serving a GraphQL API over HTTP, o

tartiflette 99 Dec 27, 2022
GraphQL framework for Python

Graphene ?? Join the community on Slack We are looking for contributors! Please check the ROADMAP to see how you can help ❤️ The below readme is the d

GraphQL Python 7.5k Jan 1, 2023