Get inside your stronghold and make all your Django views default login_required

Overview

Build Status

Stronghold

Get inside your stronghold and make all your Django views default login_required

Stronghold is a very small and easy to use django app that makes all your Django project default to require login for all of your views.

WARNING: still in development, so some of the DEFAULTS and such will be changing without notice.

Installation

Install via pip.

pip install django-stronghold

Add stronghold to your INSTALLED_APPS in your Django settings file

INSTALLED_APPS = (
    #...
    'stronghold',
)

Then add the stronghold middleware to your MIDDLEWARE_CLASSES in your Django settings file

MIDDLEWARE_CLASSES = (
    #...
    'stronghold.middleware.LoginRequiredMiddleware',
)

Usage

If you followed the installation instructions now all your views are defaulting to require a login. To make a view public again you can use the public decorator provided in stronghold.decorators like so:

For function based views

from stronghold.decorators import public


@public
def someview(request):
	# do some work
	#...

For class based views (decorator)

from django.utils.decorators import method_decorator
from stronghold.decorators import public


class SomeView(View):
	def get(self, request, *args, **kwargs):
		# some view logic
		#...

	@method_decorator(public)
	def dispatch(self, *args, **kwargs):
    	        return super(SomeView, self).dispatch(*args, **kwargs)

For class based views (mixin)

from stronghold.views import StrongholdPublicMixin


class SomeView(StrongholdPublicMixin, View):
	pass

Configuration (optional)

STRONGHOLD_DEFAULTS

Use Strongholds defaults in addition to your own settings.

Default:

STRONGHOLD_DEFAULTS = True

You can add a tuple of url regexes in your settings file with the STRONGHOLD_PUBLIC_URLS setting. Any url that matches against these patterns will be made public without using the @public decorator.

STRONGHOLD_PUBLIC_URLS

Default:

STRONGHOLD_PUBLIC_URLS = ()

If STRONGHOLD_DEFAULTS is True STRONGHOLD_PUBLIC_URLS contains:

(
    r'^%s.+$' % settings.STATIC_URL,
    r'^%s.+$' % settings.MEDIA_URL,
)

When settings.DEBUG = True. This is additive to your settings to support serving Static files and media files from the development server. It does not replace any settings you may have in STRONGHOLD_PUBLIC_URLS.

Note: Public URL regexes are matched against HttpRequest.path_info.

STRONGHOLD_PUBLIC_NAMED_URLS

You can add a tuple of url names in your settings file with the STRONGHOLD_PUBLIC_NAMED_URLS setting. Names in this setting will be reversed using django.core.urlresolvers.reverse and any url matching the output of the reverse call will be made public without using the @public decorator:

Default:

STRONGHOLD_PUBLIC_NAMED_URLS = ()

If STRONGHOLD_DEFAULTS is True additionally we search for django.contrib.auth if it exists, we add the login and logout view names to STRONGHOLD_PUBLIC_NAMED_URLS

STRONGHOLD_USER_TEST_FUNC

Optionally, set STRONGHOLD_USER_TEST_FUNC to a callable to limit access to users that pass a custom test. The callback receives a User object and should return True if the user is authorized. This is equivalent to decorating a view with user_passes_test.

Example:

STRONGHOLD_USER_TEST_FUNC = lambda user: user.is_staff

Default:

STRONGHOLD_USER_TEST_FUNC = lambda user: user.is_authenticated

Compatiblity

Tested with:

  • Django 1.8.x
  • Django 1.9.x
  • Django 1.10.x
  • Django 1.11.x
  • Django 2.0.x
  • Django 2.1.x
  • Django 2.2.x

Contribute

See CONTRIBUTING.md

Comments
  • Add Django 2.1 compatibility

    Add Django 2.1 compatibility

    The test suite is failing with Django 2.1, as it seems that set_view_func_public may now receive the dispatch method itself in parameter. I tracked this issue to this Django commit: https://github.com/django/django/commit/fdc936c9130cf4fb5d59869674b9a31cc79a7999

    opened by claudep 12
  • Support Django 1.7 and Python 3

    Support Django 1.7 and Python 3

    • Add python3 testing to makefile.
    • Advertise python 3 and 3.4 in classifiers.
    • Advertise Django 1.7 support in README.
    • Rename test modules to start with 'test' for better consistency with unittest module and new Django test runner.
    • Explictly set TEST_RUNNER in test_project settings to avoid Django from throwing a warning.
    • Fix test_project/urls.py to work with absense of relative imports in python3.
    opened by SunilMohanAdapa 9
  • Support using Django 1.10 new style middleware

    Support using Django 1.10 new style middleware

    Add support for new style middleware introduced in Django 1.10. Support for old style middleware will be dropped from Django in the future. Any application using stronghold can't move using new style middleware until strong supports new style middleware.

    Altering existing code to support new style and old style middleware is quite simple as adding a mixin to the existing middleware class.

    opened by SunilMohanAdapa 8
  • Fix for Django 2.1 decorators

    Fix for Django 2.1 decorators

    This is a semi-hacky way to make django-stronghold work on Django 2.1

    Additionally, added a couple views to the test project to make it easier to test the different methods of declaring a public view.

    opened by cw0102 5
  • Python3 tag on PyPi

    Python3 tag on PyPi

    Would it be possible to add to PyPi entry that django-stronghold is Python 3 compatible? I am getting a false negative when I use the caniusepython3 (https://pypi.python.org/pypi/caniusepython3) program.

    Thanks.

    opened by aklaver 5
  • Please make a release with Django 2.0 support

    Please make a release with Django 2.0 support

    Although Django 2.0 support has been added, there is not release yet with this support. We wish to make a Debian package with Django 2.0 support as Django 2.0 is about to released soon into Debian. FreedomBox project especially needs this in time.

    Please consider making a new release of stronghold as soon as you can.

    opened by SunilMohanAdapa 4
  • 'LoginRequiredMiddleware' object is not callable

    'LoginRequiredMiddleware' object is not callable

    I keep getting error TypeError: 'LoginRequiredMiddleware' object is not callable. I'm using django 1.10 and using master branch.

    any reason why this is happening? thanks

    opened by whaleforever 4
  • ImproperlyConfigured: The included urlconf <app>.urls doesn't have any patterns in it

    ImproperlyConfigured: The included urlconf .urls doesn't have any patterns in it

    Hola, I'm getting the above as an error. I've fleshed out the relative conf and py files on SO: http://stackoverflow.com/questions/20963856/improperlyconfigured-the-included-urlconf-project-urls-doesnt-have-any-patte

    From the Apache2 error log, it looks like it's got something to do with Stronghold?

    I tried deleting /.virtualenvs/erp-dev/lib/python2.7/site-packages/stronghold/conf.pyc and then replaced reverse with reverse_lazy in conf.py but that didn't work.

    Any idea what might be going wrong?

     mod_wsgi (pid=25007): Exception occurred processing WSGI script '/home/erp/www/dev/erp/erp/erp/wsgi.py'.
     Traceback (most recent call last):
      File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 187, in __call__
         self.load_middleware()
       File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/handlers/base.py", line 47, in load_middleware
         mw_class = import_by_path(middleware_path)
       File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/utils/module_loading.py", line 21, in import_by_path
         module = import_module(module_path)
       File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/utils/importlib.py", line 40, in import_module
         __import__(name)
       File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/stronghold/middleware.py", line 2, in <module>
         from stronghold import conf, utils
       File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/stronghold/conf.py", line 33, in <module>
         url = reverse(named_url)
       File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 509, in reverse
         return iri_to_uri(resolver._reverse_with_prefix(view, prefix, *args, **kwargs))
       File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 387, in _reverse_with_prefix
         possibilities = self.reverse_dict.getlist(lookup_view)
       File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 296, in reverse_dict
         self._populate()
       File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 262, in _populate
         for pattern in reversed(self.url_patterns):
       File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 350, in url_patterns
         raise ImproperlyConfigured("The included urlconf %s doesn't have any patterns in it" % self.urlconf_name)
    ImproperlyConfigured: The included urlconf erp.urls doesn't have any patterns in it
    
    opened by datakid 4
  • Default install results in redirect loop on all pages

    Default install results in redirect loop on all pages

    I am using Django 1.7, and the latest stable install of django-blog-zinnia. Once I installed django-stronghold to its default settings via instructions on your readme, I get a redirect loop on all pages and it looks something like this:

    'hxxp://example.com/login/?next=/login/%3Fnext%3D/login/%253Fnext%253D/login/%25253Fnext%25253D/login/%2525253Fnext%2525253D/login/%252525253Fnext%252525253D/login/%25252525253Fnext%25252525253D/login/%2525252525253Fnext%2525252525253D/login/%252525252525253Fnext%2525252525252..................... '

    I am honestly not sure if this is something to do with stronghold but I would really like to be able to use this middleware either way!

    EDIT: Oh my god. I am sorry for even posting this but I think it's because I have my own custom login urls, so stronghold treats it like any other url on my site and hence the loop!

    opened by butstevetho 3
  • Can't make admin public in Django 1.7

    Can't make admin public in Django 1.7

    I have a Django 1.7 project where I want to use django admin as usual with it's authentication and the rest of the site with my login. No matter what I configure in my settings, "/admin" still redirects to "/accounts/login", and would like it to redirect to django's admin login.

    opened by alexarsh 3
  • Recursive login feedback

    Recursive login feedback

    When I enable Stronghold and then visit a page, I get what look like unescaped, recursive errors:

    20/Nov/2013 13:58:32] "GET /inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/accounts/login/%2525252525252525252525252525253Fnext%2525252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/accounts/login/%2525252525252525252525252525253Fnext%2525252525252525252525252525253D/accounts/login/%252525252525252525252525252525253Fnext%252525252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/accounts/login/%2525252525252525252525252525253Fnext%2525252525252525252525252525253D/accounts/login/%252525252525252525252525252525253Fnext%252525252525252525252525252525253D/accounts/login/%25252525252525252525252525252525253Fnext%25252525252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
    [20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/accounts/login/%2525252525252525252525252525253Fnext%2525252525252525252525252525253D/accounts/login/%252525252525252525252525252525253Fnext%252525252525252525252525252525253D/accounts/login/%25252525252525252525252525252525253Fnext%25252525252525252525252525252525253D/accounts/login/%2525252525252525252525252525252525253Fnext%2525252525252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
    
    
    opened by datakid 3
  • docs: Fix a few typos

    docs: Fix a few typos

    There are small typos in:

    • docs/conf.py
    • stronghold/decorators.py

    Fixes:

    • Should read that rather than shat.
    • Should read function rather than fuction.

    Semi-automated pull request generated by https://github.com/timgates42/meticulous/blob/master/docs/NOTE.md

    opened by timgates42 0
  • Bump pygments from 1.6 to 2.7.4

    Bump pygments from 1.6 to 2.7.4

    Bumps pygments from 1.6 to 2.7.4.

    Release notes

    Sourced from pygments's releases.

    2.7.4

    • Updated lexers:

      • Apache configurations: Improve handling of malformed tags (#1656)

      • CSS: Add support for variables (#1633, #1666)

      • Crystal (#1650, #1670)

      • Coq (#1648)

      • Fortran: Add missing keywords (#1635, #1665)

      • Ini (#1624)

      • JavaScript and variants (#1647 -- missing regex flags, #1651)

      • Markdown (#1623, #1617)

      • Shell

        • Lex trailing whitespace as part of the prompt (#1645)
        • Add missing in keyword (#1652)
      • SQL - Fix keywords (#1668)

      • Typescript: Fix incorrect punctuation handling (#1510, #1511)

    • Fix infinite loop in SML lexer (#1625)

    • Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

    • Limit recursion with nesting Ruby heredocs (#1638)

    • Fix a few inefficient regexes for guessing lexers

    • Fix the raw token lexer handling of Unicode (#1616)

    • Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

    • Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

    • Fix incorrect MATLAB example (#1582)

    Thanks to Google's OSS-Fuzz project for finding many of these bugs.

    2.7.3

    ... (truncated)

    Changelog

    Sourced from pygments's changelog.

    Version 2.7.4

    (released January 12, 2021)

    • Updated lexers:

      • Apache configurations: Improve handling of malformed tags (#1656)

      • CSS: Add support for variables (#1633, #1666)

      • Crystal (#1650, #1670)

      • Coq (#1648)

      • Fortran: Add missing keywords (#1635, #1665)

      • Ini (#1624)

      • JavaScript and variants (#1647 -- missing regex flags, #1651)

      • Markdown (#1623, #1617)

      • Shell

        • Lex trailing whitespace as part of the prompt (#1645)
        • Add missing in keyword (#1652)
      • SQL - Fix keywords (#1668)

      • Typescript: Fix incorrect punctuation handling (#1510, #1511)

    • Fix infinite loop in SML lexer (#1625)

    • Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

    • Limit recursion with nesting Ruby heredocs (#1638)

    • Fix a few inefficient regexes for guessing lexers

    • Fix the raw token lexer handling of Unicode (#1616)

    • Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

    • Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

    • Fix incorrect MATLAB example (#1582)

    Thanks to Google's OSS-Fuzz project for finding many of these bugs.

    Version 2.7.3

    (released December 6, 2020)

    ... (truncated)

    Commits
    • 4d555d0 Bump version to 2.7.4.
    • fc3b05d Update CHANGES.
    • ad21935 Revert "Added dracula theme style (#1636)"
    • e411506 Prepare for 2.7.4 release.
    • 275e34d doc: remove Perl 6 ref
    • 2e7e8c4 Fix several exponential/cubic complexity regexes found by Ben Caller/Doyensec
    • eb39c43 xquery: fix pop from empty stack
    • 2738778 fix coding style in test_analyzer_lexer
    • 02e0f09 Added 'ERROR STOP' to fortran.py keywords. (#1665)
    • c83fe48 support added for css variables (#1633)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump jinja2 from 2.10.3 to 2.11.3

    Bump jinja2 from 2.10.3 to 2.11.3

    Bumps jinja2 from 2.10.3 to 2.11.3.

    Release notes

    Sourced from jinja2's releases.

    2.11.3

    This contains a fix for a speed issue with the urlize filter. urlize is likely to be called on untrusted user input. For certain inputs some of the regular expressions used to parse the text could take a very long time due to backtracking. As part of the fix, the email matching became slightly stricter. The various speedups apply to urlize in general, not just the specific input cases.

    2.11.2

    2.11.1

    This fixes an issue in async environment when indexing the result of an attribute lookup, like {{ data.items[1:] }}.

    2.11.0

    This is the last version to support Python 2.7 and 3.5. The next version will be Jinja 3.0 and will support Python 3.6 and newer.

    Changelog

    Sourced from jinja2's changelog.

    Version 2.11.3

    Released 2021-01-31

    • Improve the speed of the urlize filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. :pr:1343

    Version 2.11.2

    Released 2020-04-13

    • Fix a bug that caused callable objects with __getattr__, like :class:~unittest.mock.Mock to be treated as a :func:contextfunction. :issue:1145
    • Update wordcount filter to trigger :class:Undefined methods by wrapping the input in :func:soft_str. :pr:1160
    • Fix a hang when displaying tracebacks on Python 32-bit. :issue:1162
    • Showing an undefined error for an object that raises AttributeError on access doesn't cause a recursion error. :issue:1177
    • Revert changes to :class:~loaders.PackageLoader from 2.10 which removed the dependency on setuptools and pkg_resources, and added limited support for namespace packages. The changes caused issues when using Pytest. Due to the difficulty in supporting Python 2 and :pep:451 simultaneously, the changes are reverted until 3.0. :pr:1182
    • Fix line numbers in error messages when newlines are stripped. :pr:1178
    • The special namespace() assignment object in templates works in async environments. :issue:1180
    • Fix whitespace being removed before tags in the middle of lines when lstrip_blocks is enabled. :issue:1138
    • :class:~nativetypes.NativeEnvironment doesn't evaluate intermediate strings during rendering. This prevents early evaluation which could change the value of an expression. :issue:1186

    Version 2.11.1

    Released 2020-01-30

    • Fix a bug that prevented looking up a key after an attribute ({{ data.items[1:] }}) in an async template. :issue:1141

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Password reset not public by default

    Password reset not public by default

    Urls for login and logout are public if django.contrib.auth is installed but not password_reset, password_reset_done, password_reset_confirm nor password_reset_complete. Could you add theses ? I can make a PR later if you prefer.

    opened by logut 6
Releases(v0.3.2)
Owner
Mike Grouchy
Chief Product Officer @pagecloud, Founder at Pycoders Weekly(acquired), Python Developer.
Mike Grouchy
Displaying objects on maps in the Django views and administration site.

DjangoAdminGeomap library The free, open-source DjangoAdminGeomap library is designed to display objects on the map in the Django views and admin site

Vitaly Bogomolov 31 Dec 28, 2022
Django's class-based generic views are awesome, let's have more of them.

Django Extra Views - The missing class-based generic views for Django Django-extra-views is a Django package which introduces additional class-based v

Andy Ingram 1.3k Jan 4, 2023
Super simple bar charts for django admin list views visualizing the number of objects based on date_hierarchy using Chart.js.

Super simple bar charts for django admin list views visualizing the number of objects based on date_hierarchy using Chart.js.

foorilla LLC 4 May 18, 2022
Django URL Shortener is a Django app to to include URL Shortening feature in your Django Project

Django URL Shortener Django URL Shortener is a Django app to to include URL Shortening feature in your Django Project Install this package to your Dja

Rishav Sinha 4 Nov 18, 2021
It takes time to start a Django Project and make it almost production-ready.

It takes time to start a Django Project and make it almost production-ready. A developer needs to spend a lot of time installing required libraries, setup a database, setup cache as well as hiding secrets, configuring `settings` files. With the help of django-setup-cli a developer can start an `almost production ready` project in a minute.

Khan Asfi Reza 1 Jan 1, 2022
REST API con Python, Django y MySQL (GET, POST, PUT, DELETE)

django_api_mysql REST API con Python, Django y MySQL (GET, POST, PUT, DELETE) REST API con Python, Django y MySQL (GET, POST, PUT, DELETE)

Andrew 1 Dec 28, 2021
Django GUID attaches a unique correlation ID/request ID to all your log outputs for every request.

Django GUID Now with ASGI support! Django GUID attaches a unique correlation ID/request ID to all your log outputs for every request. In other words,

snok 300 Dec 29, 2022
Django-Audiofield is a simple app that allows Audio files upload, management and conversion to different audio format (mp3, wav & ogg), which also makes it easy to play audio files into your Django application.

Django-Audiofield Description: Django Audio Management Tools Maintainer: Areski Contributors: list of contributors Django-Audiofield is a simple app t

Areski Belaid 167 Nov 10, 2022
Django-environ allows you to utilize 12factor inspired environment variables to configure your Django application.

Django-environ django-environ allows you to use Twelve-factor methodology to configure your Django application with environment variables. import envi

Daniele Faraglia 2.7k Jan 7, 2023
Rosetta is a Django application that eases the translation process of your Django projects

Rosetta Rosetta is a Django application that facilitates the translation process of your Django projects. Because it doesn't export any models, Rosett

Marco Bonetti 909 Dec 26, 2022
pytest-django allows you to test your Django project/applications with the pytest testing tool.

pytest-django allows you to test your Django project/applications with the pytest testing tool.

pytest-dev 1.1k Dec 14, 2022
django-dashing is a customisable, modular dashboard application framework for Django to visualize interesting data about your project. Inspired in the dashboard framework Dashing

django-dashing django-dashing is a customisable, modular dashboard application framework for Django to visualize interesting data about your project.

talPor Solutions 703 Dec 22, 2022
A Django app to initialize Sentry client for your Django applications

Dj_sentry This Django application intialize Sentry SDK to your Django application. How to install You can install this packaging by using: pip install

Gandi 1 Dec 9, 2021
Django query profiler - one profiler to rule them all. Shows queries, detects N+1 and gives recommendations on how to resolve them

Django Query Profiler This is a query profiler for Django applications, for helping developers answer the question "My Django code/page/API is slow, H

Django Query Profiler 116 Dec 15, 2022
Django project starter on steroids: quickly create a Django app AND generate source code for data models + REST/GraphQL APIs (the generated code is auto-linted and has 100% test coverage).

Create Django App ?? We're a Django project starter on steroids! One-line command to create a Django app with all the dependencies auto-installed AND

imagine.ai 68 Oct 19, 2022
A Django chatbot that is capable of doing math and searching Chinese poet online. Developed with django, channels, celery and redis.

Django Channels Websocket Chatbot A Django chatbot that is capable of doing math and searching Chinese poet online. Developed with django, channels, c

Yunbo Shi 8 Oct 28, 2022
Blog focused on skills enhancement and knowledge sharing. Tech Stack's: Vue.js, Django and Django-Ninja

Blog focused on skills enhancement and knowledge sharing. Tech Stack's: Vue.js, Django and Django-Ninja

Wanderson Fontes 2 Sep 21, 2022
Meta package to combine turbo-django and stimulus-django

Hotwire + Django This repository aims to help you integrate Hotwire with Django ?? Inspiration might be taken from @hotwired/hotwire-rails. We are sti

Hotwire for Django 31 Aug 9, 2022
django-quill-editor makes Quill.js easy to use on Django Forms and admin sites

django-quill-editor django-quill-editor makes Quill.js easy to use on Django Forms and admin sites No configuration required for static files! The ent

lhy 139 Dec 5, 2022