An extension of django rest framework, providing a configurable password reset strategy

Overview

Django Rest Password Reset

PyPI version build-and-test actions status Codecov

This python package provides a simple password reset strategy for django rest framework, where users can request password reset tokens via their registered e-mail address.

The main idea behind this package is to not make any assumptions about how the token is delivered to the end-user (e-mail, text-message, etc...). Instead, this package provides a signal that can be reacted on (e.g., by sending an e-mail or a text message).

This package basically provides two REST endpoints:

  • Request a token
  • Verify (confirm) a token (and change the password)

Quickstart

  1. Install the package from pypi using pip:
pip install django-rest-passwordreset
  1. Add django_rest_passwordreset to your INSTALLED_APPS (after rest_framework) within your Django settings file:
INSTALLED_APPS = (
    ...
    'django.contrib.auth',
    ...
    'rest_framework',
    ...
    'django_rest_passwordreset',
    ...
)
  1. This package stores tokens in a separate database table (see django_rest_passwordreset/models.py). Therefore, you have to run django migrations:
python manage.py migrate
  1. This package provides three endpoints, which can be included by including django_rest_passwordreset.urls in your urls.py as follows:
from django.urls import path, include

urlpatterns = [
    ...
    path(r'^api/password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset')),
    ...
]

Note: You can adapt the URL to your needs.

Endpoints

The following endpoints are provided:

  • POST ${API_URL}/ - request a reset password token by using the email parameter
  • POST ${API_URL}/confirm/ - using a valid token, the users password is set to the provided password
  • POST ${API_URL}/validate_token/ - will return a 200 if a given token is valid

where ${API_URL}/ is the url specified in your urls.py (e.g., api/password_reset/ as in the example above)

Signals

  • reset_password_token_created(sender, instance, reset_password_token) Fired when a reset password token is generated
  • pre_password_reset(sender, user) - fired just before a password is being reset
  • post_password_reset(sender, user) - fired after a password has been reset

Example for sending an e-mail

  1. Create two new django templates: email/user_reset_password.html and email/user_reset_password.txt. Those templates will contain the e-mail message sent to the user, aswell as the password reset link (or token). Within the templates, you can access the following context variables: current_user, username, email, reset_password_url. Feel free to adapt this to your needs.

  2. Add the following code, which contains a Django Signal Receiver (@receiver(...)), to your application. Take care where to put this code, as it needs to be executed by the python interpreter (see the section The reset_password_token_created signal is not fired below, aswell as this part of the django documentation and How to Create Django Signals Tutorial for more information).

from django.core.mail import EmailMultiAlternatives
from django.dispatch import receiver
from django.template.loader import render_to_string
from django.urls import reverse

from django_rest_passwordreset.signals import reset_password_token_created


@receiver(reset_password_token_created)
def password_reset_token_created(sender, instance, reset_password_token, *args, **kwargs):
    """
    Handles password reset tokens
    When a token is created, an e-mail needs to be sent to the user
    :param sender: View Class that sent the signal
    :param instance: View Instance that sent the signal
    :param reset_password_token: Token Model Object
    :param args:
    :param kwargs:
    :return:
    """
    # send an e-mail to the user
    context = {
        'current_user': reset_password_token.user,
        'username': reset_password_token.user.username,
        'email': reset_password_token.user.email,
        'reset_password_url': "{}?token={}".format(
            instance.request.build_absolute_uri(reverse('password_reset:reset-password-confirm')),
            reset_password_token.key)
    }

    # render email text
    email_html_message = render_to_string('email/user_reset_password.html', context)
    email_plaintext_message = render_to_string('email/user_reset_password.txt', context)

    msg = EmailMultiAlternatives(
        # title:
        "Password Reset for {title}".format(title="Some website title"),
        # message:
        email_plaintext_message,
        # from:
        "[email protected]",
        # to:
        [reset_password_token.user.email]
    )
    msg.attach_alternative(email_html_message, "text/html")
    msg.send()
  1. You should now be able to use the endpoints to request a password reset token via your e-mail address. If you want to test this locally, I recommend using some kind of fake mailserver (such as maildump).

Configuration / Settings

The following settings can be set in Django settings.py file:

  • DJANGO_REST_MULTITOKENAUTH_RESET_TOKEN_EXPIRY_TIME - time in hours about how long the token is active (Default: 24)

    Please note: expired tokens are automatically cleared based on this setting in every call of ResetPasswordRequestToken.post.

  • DJANGO_REST_PASSWORDRESET_NO_INFORMATION_LEAKAGE - will cause a 200 to be returned on POST ${API_URL}/reset_password/ even if the user doesn't exist in the databse (Default: False)

  • DJANGO_REST_MULTITOKENAUTH_REQUIRE_USABLE_PASSWORD - allows password reset for a user that does not have a usable password (Default: True)

Custom Email Lookup

By default, email lookup is used to find the user instance. You can change that by adding

DJANGO_REST_LOOKUP_FIELD = 'custom_email_field'

into Django settings.py file.

Custom Remote IP Address and User Agent Header Lookup

If your setup demands that the IP adress of the user is in another header (e.g., 'X-Forwarded-For'), you can configure that (using Django Request Headers):

DJANGO_REST_PASSWORDRESET_IP_ADDRESS_HEADER = 'HTTP_X_FORWARDED_FOR'

The same is true for the user agent:

HTTP_USER_AGENT_HEADER = 'HTTP_USER_AGENT'

Custom Token Generator

By default, a random string token of length 10 to 50 is generated using the RandomStringTokenGenerator class. This library offers a possibility to configure the params of RandomStringTokenGenerator as well as switch to another token generator, e.g. RandomNumberTokenGenerator. You can also generate your own token generator class.

You can change that by adding

DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = {
    "CLASS": ...,
    "OPTIONS": {...}
}

into Django settings.py file.

RandomStringTokenGenerator

This is the default configuration.

DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = {
    "CLASS": "django_rest_passwordreset.tokens.RandomStringTokenGenerator"
}

You can configure the length as follows:

DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = {
    "CLASS": "django_rest_passwordreset.tokens.RandomStringTokenGenerator",
    "OPTIONS": {
        "min_length": 20,
        "max_length": 30
    }
}

It uses os.urandom() to generate a good random string.

RandomNumberTokenGenerator

DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = {
    "CLASS": "django_rest_passwordreset.tokens.RandomNumberTokenGenerator"
}

You can configure the minimum and maximum number as follows:

DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = {
    "CLASS": "django_rest_passwordreset.tokens.RandomNumberTokenGenerator",
    "OPTIONS": {
        "min_number": 1500,
        "max_number": 9999
    }
}

It uses random.SystemRandom().randint() to generate a good random number.

Write your own Token Generator

Please see token_configuration/django_rest_passwordreset/tokens.py for example implementation of number and string token generator.

The basic idea is to create a new class that inherits from BaseTokenGenerator, takes arbitrary arguments (args and kwargs) in the __init__ function as well as implementing a generate_token function.

from django_rest_passwordreset.tokens import BaseTokenGenerator


class RandomStringTokenGenerator(BaseTokenGenerator):
    """
    Generates a random string with min and max length using os.urandom and binascii.hexlify
    """

    def __init__(self, min_length=10, max_length=50, *args, **kwargs):
        self.min_length = min_length
        self.max_length = max_length

    def generate_token(self, *args, **kwargs):
        """ generates a pseudo random code using os.urandom and binascii.hexlify """
        # determine the length based on min_length and max_length
        length = random.randint(self.min_length, self.max_length)

        # generate the token using os.urandom and hexlify
        return binascii.hexlify(
            os.urandom(self.max_length)
        ).decode()[0:length]

Compatibility Matrix

This library should be compatible with the latest Django and Django Rest Framework Versions. For reference, here is a matrix showing the guaranteed and tested compatibility.

django-rest-passwordreset Version Django Versions Django Rest Framework Versions Python
0.9.7 1.8, 1.11, 2.0, 2.1 3.6 - 3.9 2.7
1.0 1.11, 2.0, 2.2 3.6 - 3.9 2.7
1.1 1.11, 2.2 3.6 - 3.9 2.7
1.2 2.2, 3.0, 3.1 3.10, 3.11 3.5 - 3.8

Documentation / Browsable API

This package supports the DRF auto-generated documentation (via coreapi) as well as the DRF browsable API.

drf_browsable_email_validation

drf_browsable_password_validation

coreapi_docs

Known Issues / FAQ

Django 2.1 Migrations - Multiple Primary keys for table ...

Django 2.1 introduced a breaking change for migrations (see Django Issue #29790). We therefore had to rewrite the migration 0002_pk_migration.py such that it covers Django versions before (<) 2.1 and later (>=) 2.1.

Some information is written down in Issue #8.

The reset_password_token_created signal is not fired

You need to make sure that the code with @receiver(reset_password_token_created) is executed by the python interpreter. To ensure this, you have two options:

  1. Put the code at a place that is automatically loaded by Django (e.g., models.py, views.py), or

  2. Import the file that contains the signal within your app.py ready function:

some_app/signals.py

from django.core.mail import EmailMultiAlternatives
from django.dispatch import receiver
from django.template.loader import render_to_string
from django.urls import reverse

from django_rest_passwordreset.signals import reset_password_token_created


@receiver(reset_password_token_created)
def password_reset_token_created(sender, instance, reset_password_token, *args, **kwargs):
    # ...

some_app/app.py

from django.apps import AppConfig

class SomeAppConfig(AppConfig):
    name = 'your_django_project.some_app'
    verbose_name = 'Some App'

    def ready(self):
        import your_django_project.some_app.signals  # noqa

some_app/init.py

default_app_config = 'your_django_project.some_app.SomeAppConfig'

MongoDB not working

Apparently, the following piece of code in the Django Model prevents MongodB from working:

 id = models.AutoField( 
     primary_key=True 
 ) 

See issue #49 for details.

Contributions

This library tries to follow the unix philosophy of "do one thing and do it well" (which is providing a basic password reset endpoint for Django Rest Framework). Contributions are welcome in the form of pull requests and issues! If you create a pull request, please make sure that you are not introducing breaking changes.

Tests

See folder tests/. Basically, all endpoints are covered with multiple unit tests.

Use this code snippet to run tests:

python setup.py install
cd tests
python manage.py test

Release on PyPi

To release this package on pypi, the following steps are used:

rm -rf dist/ build/
python setup.py sdist
twine upload dist/*
Comments
  • Unable to access verify_token and confirm endpoints

    Unable to access verify_token and confirm endpoints

    Hello,

    I am probably doing something silly wrong, but I've been unable to use the /reset_password/confirm/ and /reset_password/validate_token/ endpoints.

    I am able to post to /reset_password/, generate the token, receive the signal and send the email.

    path('api/password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset')),

    I have the above in my urls.py

    When I go to: http://127.0.0.1:8000/api/password_reset/reset_password/ I can post an email to request a token.

    When I go to: http://127.0.0.1:8000/api/password_reset/reset_password/validate_token/ or http://127.0.0.1:8000/api/password_reset/reset_password/confirm/ there is no change from http://127.0.0.1:8000/api/password_reset/reset_password/, this is what I see:

    image

    Any idea why this is the case?

    Thanks!

    opened by kashgo22 14
  • django.db.utils.ProgrammingError: Multiple primary keys for table «django_rest_passwordreset_resetpasswordtoken» are not allowed.

    django.db.utils.ProgrammingError: Multiple primary keys for table «django_rest_passwordreset_resetpasswordtoken» are not allowed.

    Hi, after updating from version 0.9.4 to 0.9.5 i am getting a django.db.utils.ProgrammingError: Multiple primary keys for table «django_rest_passwordreset_resetpasswordtoken» are not allowed. trying to do a manage.py migrate.

    I don't really know what information you would need to track this issue but i would love to collaborate with you to fix this issue so feel free to ask for whatever context information you would need.

      File "manage.py", line 31, in <module>
        execute_from_command_line(sys.argv)
      File "\venv\lib\site-packages\django\core\management\__init__.py", line 381, in execute_from_command_line
    
        utility.execute()
      File "\venv\lib\site-packages\django\core\management\__init__.py", line 375, in execute
        self.fetch_command(subcommand).run_from_argv(self.argv)
      File "\venv\lib\site-packages\django\core\management\base.py", line 316, in run_from_argv
        self.execute(*args, **cmd_options)
      File "\venv\lib\site-packages\django\core\management\base.py", line 353, in execute
        output = self.handle(*args, **options)
      File "\venv\lib\site-packages\django\core\management\base.py", line 83, in wrapped
        res = handle_func(*args, **kwargs)
      File "\venv\lib\site-packages\django\core\management\commands\migrate.py", line 203, in handle
        fake_initial=fake_initial,
      File "\venv\lib\site-packages\django\db\migrations\executor.py", line 117, in migrate
        state = self._migrate_all_forwards(state, plan, full_plan, fake=fake, fake_initial=fake_initial)
      File "\venv\lib\site-packages\django\db\migrations\executor.py", line 147, in _migrate_all_forwards
        state = self.apply_migration(state, migration, fake=fake, fake_initial=fake_initial)
      File "\venv\lib\site-packages\django\db\migrations\executor.py", line 244, in apply_migration
        state = migration.apply(state, schema_editor)
      File "\venv\lib\site-packages\django\db\migrations\migration.py", line 124, in apply
        operation.database_forwards(self.app_label, schema_editor, old_state, project_state)
      File "\venv\lib\site-packages\django\db\migrations\operations\fields.py", line 216, in database_forwards
        schema_editor.alter_field(from_model, from_field, to_field)
      File "\venv\lib\site-packages\django\db\backends\base\schema.py", line 523, in alter_field
        old_db_params, new_db_params, strict)
      File "\venv\lib\site-packages\django\db\backends\postgresql\schema.py", line 122, in _alter_field
        new_db_params, strict,
      File "\venv\lib\site-packages\django\db\backends\base\schema.py", line 719, in _alter_field
        "columns": self.quote_name(new_field.column),
      File "\venv\lib\site-packages\django\db\backends\base\schema.py", line 133, in execute
        cursor.execute(sql, params)
      File "\venv\lib\site-packages\django\db\backends\utils.py", line 100, in execute
        return super().execute(sql, params)
      File "\venv\lib\site-packages\django\db\backends\utils.py", line 68, in execute
        return self._execute_with_wrappers(sql, params, many=False, executor=self._execute)
      File "\venv\lib\site-packages\django\db\backends\utils.py", line 77, in _execute_with_wrappers
        return executor(sql, params, many, context)
      File "\venv\lib\site-packages\django\db\backends\utils.py", line 85, in _execute
        return self.cursor.execute(sql, params)
      File "\venv\lib\site-packages\django\db\utils.py", line 89, in __exit__
        raise dj_exc_value.with_traceback(traceback) from exc_value
      File "\venv\lib\site-packages\django\db\backends\utils.py", line 85, in _execute
        return self.cursor.execute(sql, params)
    django.db.utils.ProgrammingError: Multiple primary keys for table «django_rest_passwordreset_resetpasswordtoken» are not allowed.
    
    bug Django 
    opened by iagocanalejas 14
  • Django 3.0 is not compatible with extension

    Django 3.0 is not compatible with extension

    celery | File "/usr/local/lib/python3.8/site-packages/django_rest_passwordreset/models.py", line 3, in celery | from django.utils.encoding import python_2_unicode_compatible celery | ImportError: cannot import name 'python_2_unicode_compatible' from 'django.utils.encoding' (/usr/local/lib/python3.8/site-packages/django/utils/encoding.py)

    opened by MuslimBeibytuly 12
  • cannot import name 'message_from_file'

    cannot import name 'message_from_file'

    When I try adding 'django_rest_passwordreset' to django apps, I get this error:

    Traceback (most recent call last):
      File "manage.py", line 28, in <module>
        from django.core.management import execute_from_command_line
      File "/home/giovanni/git/ozzy-backend/venv/lib/python3.6/site-packages/django/__init__.py", line 1, in <module>
        from django.utils.version import get_version
      File "/home/giovanni/git/ozzy-backend/venv/lib/python3.6/site-packages/django/utils/version.py", line 6, in <module>
        from distutils.version import LooseVersion
      File "/home/giovanni/git/ozzy-backend/venv/lib/python3.6/distutils/__init__.py", line 25, in <module>
        from distutils import dist, sysconfig
      File "/usr/lib64/python3.6/distutils/dist.py", line 10, in <module>
        from email import message_from_file
    ImportError: cannot import name 'message_from_file'
    
    The above exception was the direct cause of the following exception:
    
    Traceback (most recent call last):
      File "manage.py", line 34, in <module>
        ) from exc
    ImportError: Couldn't import Django. Are you sure it's installed and available on your PYTHONPATH environment variable? Did you forget to activate a virtual environment?
    

    And removing it my app runs fine. Can you help me with this issue? This has something to do with the email package?

    Django: 2.1.2 Python: 3.6 Using virtualenv.

    bug 
    opened by giovannicimolin 12
  • Added reset by phone number functionality

    Added reset by phone number functionality

    Problem

    This package is limited to recovering passwords by email only leaving out use case for where we have users signup with phone number.

    solution

    Added functionality to recover passwords by phone number.

    opened by peterolayinka 9
  • unable to enter into function password_reset_token_created function by generating signal

    unable to enter into function password_reset_token_created function by generating signal

    from django.dispatch import receiver from django.template.loader import render_to_string from django.urls import reverse from django_rest_passwordreset.signals import reset_password_token_created, pre_password_reset,
    post_password_reset

    from sixwallz_app import config from sixwallz_app.send_invitaion_mail import * import logging

    log = logging.getLogger(name)

    @receiver(reset_password_token_created) def password_reset_token_created(sender, instance, reset_password_token, *args, **kwargs): """ Handles password reset tokens When a token is created, an e-mail needs to be sent to the user :param sender: View Class that sent the signal :param instance: View Instance that sent the signal :param reset_password_token: Token Model Object :param args: :param kwargs: :return: """ print("Write Something") # send an e-mail to the user context = { 'current_user': reset_password_token.user, 'username': reset_password_token.user.username, 'email': reset_password_token.user.email, 'reset_password_url': "{}?token={}".format(reverse('password_reset:reset-password-request'), reset_password_token.key) }

    opened by surajraktate 9
  • getting a 400 error saying email is a required field when hitting the confirm endpoint

    getting a 400 error saying email is a required field when hitting the confirm endpoint

    I followed the documentation to a T and have the token creation and the email sending, but when I attempt to hit the confirm endpoint locally using post man with the token I received in the last email, it appears that the request is being handled as if I am hitting password_reset.

    path('password_reset', include('django_rest_passwordreset.urls', namespace='password_reset')), This is my entry in URLs

    opened by otisscott 8
  • Strengthen the password validator by using it in the APIView

    Strengthen the password validator by using it in the APIView

    As per the the name of pull request, validating password in the APIView makes more sense as we are able to access the user. This allows us to validate password against UserAttributeSimilarityVlidator, MinimumLengthValidator, CommonPasswordValidator, NumericPasswordValidator or any other custom validators that have been defined in the project config under AUTH_PASSWORD_VALIDATORS.

    For ex:

        AUTH_PASSWORD_VALIDATORS = [
            {
                'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
            },
            {
                'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
                'OPTIONS': {
                    'min_length': 12,
                }
            },
            {
                'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
            },
            {
                'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
            },
        ]
    
    opened by thapabishwa 8
  • random numbers instead of token

    random numbers instead of token

    Hello sir, I am very impressed with this module and decided to use it. I would like to override the functionality where i can change the key def generate_key(): """ generates a pseudo random code using os.urandom and binascii.hexlify """ return binascii.hexlify(os.urandom(32)).decode()

    to randint. Please let me know if there is a way to override it?

    enhancement help wanted 
    opened by rtiwarihr 8
  • Email not sent

    Email not sent

    I am able to configure django-rest-passwordreset successfully and I receive the response: { "status": "OK" } However, i am not receiving in the email though.

    opened by rtiwarihr 8
  • Moved some validations to the serializer

    Moved some validations to the serializer

    @anx-cbenke I created a new pull request with the same changes from the old pull request. because some changes were not intended to merge on this request.

    These changes are only related to moving some of the validations to the serializer.

    opened by marianoeramirez 7
  • Improve feedback message for token not found

    Improve feedback message for token not found

    Description

    Describe your changes or fixes (please link to an issue if applicable) Added a feedback message when token not found in serializer

    Types of changes

    • [ ] Breaking change (fix or feature that would cause existing functionality to change)
    • [x] New feature (non-breaking change which adds functionality)
    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] Refactoring (improvements in base code)
    • [ ] Add test (adds test coverage to functionality)

    Checklist

    • [ ] Automated tests
    • [ ] Extends CHANGELOG.md
    • [ ] Requires migrations?
    • [ ] Requires dependency update?
    opened by felipesilvadv 0
  • [BUG] I can't get token

    [BUG] I can't get token

    Describe the bug I accessed to "api_url/reset_password/" and post email but I can't get token.

    How to reproduce Describe how to reproduce the behavior.

    Expected behavior A clear and concise description of what you expected to happen.

    Additional context Add any other context about the problem here.

    opened by toma1031 0
  • IntegrityError at /api/password_reset/  null value in column

    IntegrityError at /api/password_reset/ null value in column "id" of relation "django_rest_passwordreset_resetpasswordtoken" violates not-null constraint

    null value in column "id" of relation "django_rest_passwordreset_resetpasswordtoken" violates not-null constraint DETAIL: Failing row contains (2022-08-18 04:56:49.334713+00, 5e47cb425ce5db35388725370cb3dbf4e964245e, 49.204.165.2, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KH..., 11, null).

    opened by shubh010 23
  • [FEATURE] Limit request forgot password

    [FEATURE] Limit request forgot password

    I cannot block request when user use multiple feature forgot password I need some config in setting.py file. I can add number of limit use feature forgot

    opened by hongquanvn1998 1
  • [BUG] Unable to create or change a table without a primary key on migration

    [BUG] Unable to create or change a table without a primary key on migration

    After installing django-rest-passwordreset==1.2.0 with django version 3.2 I added the following to my installed apps:

     INSTALLED_APPS = [
        'corsheaders',
        'django.contrib.admin',
        'django.contrib.auth', <------
        'django.contrib.contenttypes',
        'django.contrib.sessions',
        'django.contrib.messages',
        'django.contrib.staticfiles',
        'rest_framework', <-----
        'rest_framework_simplejwt.token_blacklist',
        'django_elasticsearch_dsl',
        'django_rest_passwordreset' <---
    ]
    

    After this I ran python manage.py migrate and I get the following error:

    Running migrations:
      Applying django_rest_passwordreset.0001_initial... OK
      Applying django_rest_passwordreset.0002_pk_migration...Traceback (most recent call last):
      .
      .
      .
    pymysql.err.OperationalError: (3750, "Unable to create or change a table without a primary key, when the system variable 'sql_require_primary_key' is set. Add a primary key to the table or unset this variable to avoid this message.
    Note that tables without a primary key can cause performance problems in row-based replication, so please consult your DBA before changing this setting.")
    
    The above exception was the direct cause of the following exception:
    
    Traceback (most recent call last):
     .
     .
     .
    django.db.utils.OperationalError: (3750, "Unable to create or change a table without a primary key, when the system variable 'sql_require_primary_key' is set. Add a primary key to the table or unset this variable to avoid this message. Note that tables without a primary key can cause performance problems in row-based replication, so please consult your DBA before changing this setting.")
    
    

    Looking at the code makes me think the order is wrong in: django-rest-passwordreset/django_rest_passwordreset/migrations/0002_pk_migration.py

    First add Id field with primary key before removing the existing primary key

    opened by mathijsfr 1
Releases(1.3.0)
  • 1.3.0(Sep 15, 2022)

    What's Changed

    • Allow password reset without being authenticated by @nittolese in https://github.com/anexia-it/django-rest-passwordreset/pull/148
    • Update readme, compatibility matrix, prepare new release by @nezhar in https://github.com/anexia-it/django-rest-passwordreset/pull/167

    New Contributors

    • @nittolese made their first contribution in https://github.com/anexia-it/django-rest-passwordreset/pull/148

    Full Changelog: https://github.com/anexia-it/django-rest-passwordreset/compare/1.2.1...1.3.0

    Source code(tar.gz)
    Source code(zip)
  • 1.2.1(Oct 22, 2021)

  • 1.2.0(Jun 12, 2021)

  • 1.1.0rc3(Aug 9, 2019)

    • Added an endpoint to "just" validate a token (good for SPAs, see issue #45) - big thanks to @Hall-Erik for MR #60 (and #59)
    • Nullable fields for user agent and remote address are now a thing - see MR #58 and issue #34
    • Use urandom as a "better" random number generator for RandomNumbertokenGenerator - see commit https://github.com/anx-ckreuzberger/django-rest-passwordreset/commit/96e234114b494c40c375533bc8006961c2097c4f#diff-acc725a3d6fc8d27d175f0008640b15e
    • Several updates to the README
    Source code(tar.gz)
    Source code(zip)
  • 1.1.0rc2(Aug 1, 2019)

    • Added ability to always return 200: OK, even though the email address was not found #54 - thanks to @stan-sack
    • Added ability to toggle between "user requires to have a usable password" #55 - thanks to @stan-sack
    • A typo in README was fixed #51 - thanks to @wencakisa
    Source code(tar.gz)
    Source code(zip)
  • 1.1.0rc1(May 28, 2019)

    • Added dynamic lookup field for email - thanks to @iagocanalejas for PR #31
    • Safe .get() key function for request.META - thanks to @talbenbasat for PR #40
    • Docu updates
    Source code(tar.gz)
    Source code(zip)
  • 1.0.0(Apr 15, 2019)

    Integrated Pull Request #24 which adds:

    • Proper validation errors
    • Password validations (based on Djangos Built-in validate_password function)
    • Browsable API Support

    Thanks to @thapabishwa for PR #22 and PR 27 as well as @maljuboori91 for PR #21 which inspired those changes.

    Also integrated PR #20 which allows to customize Token Generation (e.g., RandomNumberTokenGenerator). Thanks for @rtiwarihr and @iagocanalejas for their proposals and help.

    Also integrated PR #18 by @iagocanalejas which adds a management command for clearing expired tokens as well as some refactoring work.

    Fixed some codestyle errors (using pycodestyle).

    Added basic Support Django 2.2

    Added instance to the password_reset_token_created signal (based on Django signals that have sender and instance).

    Thanks to all contributors.

    Source code(tar.gz)
    Source code(zip)
  • 1.0.0a3(Mar 28, 2019)

    Integrated Pull Request #24 which adds:

    • Proper validation errors
    • Password validations (based on Djangos Built-in validate_password function)
    • Browsable API Support

    Thanks to @thapabishwa for PR #22 and PR 27 as well as @maljuboori91 for PR #21 which inspired those changes.

    Also integrated PR #20 which allows to customize Token Generation (e.g., RandomNumberTokenGenerator). Thanks for @rtiwarihr and @iagocanalejas for their proposals and help.

    Also integrated PR #18 by @iagocanalejas which adds a management command for clearing expired tokens as well as some refactoring work.

    Fixed some codestyle errors (using pycodestyle).

    Added basic Support Django 2.2

    Added instance to the password_reset_token_created signal (based on Django signals that have sender and instance).

    Thanks to all contributors.

    Please note that this is a pre-release

    Source code(tar.gz)
    Source code(zip)
  • 1.0.0a2(Mar 25, 2019)

    Integrated Pull Request #24 which adds:

    • Proper validation errors
    • Password validations (based on Djangos Built-in validate_password function)
    • Browsable API Support

    Thanks to @thapabishwa for PR #22 and PR 27 as well as @maljuboori91 for PR #21 which inspired those changes.

    Also integrated PR #20 which allows to customize Token Generation (e.g., RandomNumberTokenGenerator). Thanks for @rtiwarihr and @iagocanalejas for their proposals and help.

    Also integrated PR #18 by @iagocanalejas which adds a management command for clearing expired tokens as well as some refactoring work.

    Fixed some codestyle errors (using pycodestyle).

    Added basic Support Django 2.2

    Thanks to all contributors.

    Please note that this is a pre-release

    Source code(tar.gz)
    Source code(zip)
  • 1.0.0a1(Feb 18, 2019)

    Integrated Pull Request #24 which adds:

    • Proper validation errors
    • Password validations (based on Djangos Built-in validate_password function)
    • Browsable API Support

    Thanks to @thapabishwa for PR #22 as well as @maljuboori91 for PR #21 which inspired those changes.

    Also integrated PR #20 which allows to customize Token Generation (e.g., RandomNumberTokenGenerator). Thanks for @rtiwarihr and @iagocanalejas for their proposals and help.

    Also integrated PR #18 by @iagocanalejas which adds a management command for clearing expired tokens as well as some refactoring work.

    Thanks to all contributors.

    Please note that this is a pre-release

    Source code(tar.gz)
    Source code(zip)
  • 0.9.7(Oct 17, 2018)

  • 0.9.6(Oct 16, 2018)

  • 0.9.5(Aug 27, 2018)

  • 0.9.4(Jun 8, 2018)

Owner
Anexia
Anexia
User-related REST API based on the awesome Django REST Framework

Django REST Registration User registration REST API, based on Django REST Framework. Documentation Full documentation for the project is available at

Andrzej Pragacz 399 Jan 3, 2023
Django Auth Protection This package logout users from the system by changing the password in Simple JWT REST API.

Django Auth Protection Django Auth Protection This package logout users from the system by changing the password in REST API. Why Django Auth Protecti

Iman Karimi 5 Oct 26, 2022
Complete Two-Factor Authentication for Django providing the easiest integration into most Django projects.

Django Two-Factor Authentication Complete Two-Factor Authentication for Django. Built on top of the one-time password framework django-otp and Django'

Bouke Haarsma 1.3k Jan 4, 2023
Django-react-firebase-auth - A web app showcasing OAuth2.0 + OpenID Connect using Firebase, Django-Rest-Framework and React

Demo app to show Django Rest Framework working with Firebase for authentication

Teshank Raut 6 Oct 13, 2022
Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.

Flask-User v1.0 Attention: Flask-User v1.0 is a Production/Stable version. The previous version is Flask-User v0.6. User Authentication and Management

Ling Thio 997 Jan 6, 2023
Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.

Flask-User v1.0 Attention: Flask-User v1.0 is a Production/Stable version. The previous version is Flask-User v0.6. User Authentication and Management

Ling Thio 916 Feb 15, 2021
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Simple JWT 3.3k Jan 1, 2023
Authentication for Django Rest Framework

Dj-Rest-Auth Drop-in API endpoints for handling authentication securely in Django Rest Framework. Works especially well with SPAs (e.g React, Vue, Ang

Michael 1.1k Jan 3, 2023
JSON Web Token Authentication support for Django REST Framework

REST framework JWT Auth Notice This project is currently unmaintained. Check #484 for more details and suggested alternatives. JSON Web Token Authenti

José Padilla 3.2k Dec 31, 2022
Authentication for Django Rest Framework

Dj-Rest-Auth Drop-in API endpoints for handling authentication securely in Django Rest Framework. Works especially well with SPAs (e.g React, Vue, Ang

Michael 1.1k Jan 3, 2023
JSON Web Token Authentication support for Django REST Framework

REST framework JWT Auth JSON Web Token Authentication support for Django REST Framework Overview This package provides JSON Web Token Authentication s

Styria Digital Development 178 Jan 2, 2023
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Jazzband 3.2k Dec 29, 2022
python-social-auth and oauth2 support for django-rest-framework

Django REST Framework Social OAuth2 This module provides OAuth2 social authentication support for applications in Django REST Framework. The aim of th

null 1k Dec 22, 2022
python-social-auth and oauth2 support for django-rest-framework

Django REST Framework Social OAuth2 This module provides OAuth2 social authentication support for applications in Django REST Framework. The aim of th

null 1k Dec 22, 2022
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Jazzband 3.2k Dec 28, 2022
Django Rest Framework App wih JWT Authentication and other DRF stuff

Django Queries App with JWT authentication, Class Based Views, Serializers, Swagger UI, CI/CD and other cool DRF stuff API Documentaion /swagger - Swa

Rafael Salimov 4 Jan 29, 2022
CheckList-Api - Created with django rest framework and JWT(Json Web Tokens for Authentication)

CheckList Api created with django rest framework and JWT(Json Web Tokens for Aut

shantanu nimkar 1 Jan 24, 2022
REST implementation of Django authentication system.

djoser REST implementation of Django authentication system. djoser library provides a set of Django Rest Framework views to handle basic actions such

Sunscrapers 2.2k Jan 1, 2023
Authentication Module for django rest auth

django-rest-knox Authentication Module for django rest auth Knox provides easy to use authentication for Django REST Framework The aim is to allow for

James McMahon 878 Jan 4, 2023