Get inside your stronghold and make all your Django views default login_required

Related tags

Authentication django-stronghold
Overview

Build Status

Stronghold

Get inside your stronghold and make all your Django views default login_required

Stronghold is a very small and easy to use django app that makes all your Django project default to require login for all of your views.

WARNING: still in development, so some of the DEFAULTS and such will be changing without notice.

Installation

Install via pip.

pip install django-stronghold

Add stronghold to your INSTALLED_APPS in your Django settings file

INSTALLED_APPS = (
    #...
    'stronghold',
)

Then add the stronghold middleware to your MIDDLEWARE_CLASSES in your Django settings file

MIDDLEWARE_CLASSES = (
    #...
    'stronghold.middleware.LoginRequiredMiddleware',
)

Usage

If you followed the installation instructions now all your views are defaulting to require a login. To make a view public again you can use the public decorator provided in stronghold.decorators like so:

For function based views

from stronghold.decorators import public


@public
def someview(request):
	# do some work
	#...

For class based views (decorator)

from django.utils.decorators import method_decorator
from stronghold.decorators import public


class SomeView(View):
	def get(self, request, *args, **kwargs):
		# some view logic
		#...

	@method_decorator(public)
	def dispatch(self, *args, **kwargs):
    	        return super(SomeView, self).dispatch(*args, **kwargs)

For class based views (mixin)

from stronghold.views import StrongholdPublicMixin


class SomeView(StrongholdPublicMixin, View):
	pass

Configuration (optional)

STRONGHOLD_DEFAULTS

Use Strongholds defaults in addition to your own settings.

Default:

STRONGHOLD_DEFAULTS = True

You can add a tuple of url regexes in your settings file with the STRONGHOLD_PUBLIC_URLS setting. Any url that matches against these patterns will be made public without using the @public decorator.

STRONGHOLD_PUBLIC_URLS

Default:

STRONGHOLD_PUBLIC_URLS = ()

If STRONGHOLD_DEFAULTS is True STRONGHOLD_PUBLIC_URLS contains:

(
    r'^%s.+$' % settings.STATIC_URL,
    r'^%s.+$' % settings.MEDIA_URL,
)

When settings.DEBUG = True. This is additive to your settings to support serving Static files and media files from the development server. It does not replace any settings you may have in STRONGHOLD_PUBLIC_URLS.

Note: Public URL regexes are matched against HttpRequest.path_info.

STRONGHOLD_PUBLIC_NAMED_URLS

You can add a tuple of url names in your settings file with the STRONGHOLD_PUBLIC_NAMED_URLS setting. Names in this setting will be reversed using django.core.urlresolvers.reverse and any url matching the output of the reverse call will be made public without using the @public decorator:

Default:

STRONGHOLD_PUBLIC_NAMED_URLS = ()

If STRONGHOLD_DEFAULTS is True additionally we search for django.contrib.auth if it exists, we add the login and logout view names to STRONGHOLD_PUBLIC_NAMED_URLS

STRONGHOLD_USER_TEST_FUNC

Optionally, set STRONGHOLD_USER_TEST_FUNC to a callable to limit access to users that pass a custom test. The callback receives a User object and should return True if the user is authorized. This is equivalent to decorating a view with user_passes_test.

Example:

STRONGHOLD_USER_TEST_FUNC = lambda user: user.is_staff

Default:

STRONGHOLD_USER_TEST_FUNC = lambda user: user.is_authenticated

Compatiblity

Tested with:

  • Django 1.8.x
  • Django 1.9.x
  • Django 1.10.x
  • Django 1.11.x
  • Django 2.0.x
  • Django 2.1.x
  • Django 2.2.x

Contribute

See CONTRIBUTING.md

Comments
  • Add Django 2.1 compatibility

    Add Django 2.1 compatibility

    The test suite is failing with Django 2.1, as it seems that set_view_func_public may now receive the dispatch method itself in parameter. I tracked this issue to this Django commit: https://github.com/django/django/commit/fdc936c9130cf4fb5d59869674b9a31cc79a7999

    opened by claudep 12
  • Support Django 1.7 and Python 3

    Support Django 1.7 and Python 3

    • Add python3 testing to makefile.
    • Advertise python 3 and 3.4 in classifiers.
    • Advertise Django 1.7 support in README.
    • Rename test modules to start with 'test' for better consistency with unittest module and new Django test runner.
    • Explictly set TEST_RUNNER in test_project settings to avoid Django from throwing a warning.
    • Fix test_project/urls.py to work with absense of relative imports in python3.
    opened by SunilMohanAdapa 9
  • Support using Django 1.10 new style middleware

    Support using Django 1.10 new style middleware

    Add support for new style middleware introduced in Django 1.10. Support for old style middleware will be dropped from Django in the future. Any application using stronghold can't move using new style middleware until strong supports new style middleware.

    Altering existing code to support new style and old style middleware is quite simple as adding a mixin to the existing middleware class.

    opened by SunilMohanAdapa 8
  • Fix for Django 2.1 decorators

    Fix for Django 2.1 decorators

    This is a semi-hacky way to make django-stronghold work on Django 2.1

    Additionally, added a couple views to the test project to make it easier to test the different methods of declaring a public view.

    opened by cw0102 5
  • Python3 tag on PyPi

    Python3 tag on PyPi

    Would it be possible to add to PyPi entry that django-stronghold is Python 3 compatible? I am getting a false negative when I use the caniusepython3 (https://pypi.python.org/pypi/caniusepython3) program.

    Thanks.

    opened by aklaver 5
  • Please make a release with Django 2.0 support

    Please make a release with Django 2.0 support

    Although Django 2.0 support has been added, there is not release yet with this support. We wish to make a Debian package with Django 2.0 support as Django 2.0 is about to released soon into Debian. FreedomBox project especially needs this in time.

    Please consider making a new release of stronghold as soon as you can.

    opened by SunilMohanAdapa 4
  • 'LoginRequiredMiddleware' object is not callable

    'LoginRequiredMiddleware' object is not callable

    I keep getting error TypeError: 'LoginRequiredMiddleware' object is not callable. I'm using django 1.10 and using master branch.

    any reason why this is happening? thanks

    opened by whaleforever 4
  • ImproperlyConfigured: The included urlconf <app>.urls doesn't have any patterns in it

    ImproperlyConfigured: The included urlconf .urls doesn't have any patterns in it

    Hola, I'm getting the above as an error. I've fleshed out the relative conf and py files on SO: http://stackoverflow.com/questions/20963856/improperlyconfigured-the-included-urlconf-project-urls-doesnt-have-any-patte

    From the Apache2 error log, it looks like it's got something to do with Stronghold?

    I tried deleting /.virtualenvs/erp-dev/lib/python2.7/site-packages/stronghold/conf.pyc and then replaced reverse with reverse_lazy in conf.py but that didn't work.

    Any idea what might be going wrong?

     mod_wsgi (pid=25007): Exception occurred processing WSGI script '/home/erp/www/dev/erp/erp/erp/wsgi.py'.
 Traceback (most recent call last):
  File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 187, in __call__
     self.load_middleware()
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/handlers/base.py", line 47, in load_middleware
     mw_class = import_by_path(middleware_path)
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/utils/module_loading.py", line 21, in import_by_path
     module = import_module(module_path)
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/utils/importlib.py", line 40, in import_module
     __import__(name)
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/stronghold/middleware.py", line 2, in <module>
     from stronghold import conf, utils
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/stronghold/conf.py", line 33, in <module>
     url = reverse(named_url)
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 509, in reverse
     return iri_to_uri(resolver._reverse_with_prefix(view, prefix, *args, **kwargs))
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 387, in _reverse_with_prefix
     possibilities = self.reverse_dict.getlist(lookup_view)
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 296, in reverse_dict
     self._populate()
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 262, in _populate
     for pattern in reversed(self.url_patterns):
   File "/home/erp/.virtualenvs/erp-dev/lib/python2.7/site-packages/django/core/urlresolvers.py", line 350, in url_patterns
     raise ImproperlyConfigured("The included urlconf %s doesn't have any patterns in it" % self.urlconf_name)
ImproperlyConfigured: The included urlconf erp.urls doesn't have any patterns in it
    opened by datakid 4
  • Default install results in redirect loop on all pages

    Default install results in redirect loop on all pages

    I am using Django 1.7, and the latest stable install of django-blog-zinnia. Once I installed django-stronghold to its default settings via instructions on your readme, I get a redirect loop on all pages and it looks something like this:

    'hxxp://example.com/login/?next=/login/%3Fnext%3D/login/%253Fnext%253D/login/%25253Fnext%25253D/login/%2525253Fnext%2525253D/login/%252525253Fnext%252525253D/login/%25252525253Fnext%25252525253D/login/%2525252525253Fnext%2525252525253D/login/%252525252525253Fnext%2525252525252..................... '

    I am honestly not sure if this is something to do with stronghold but I would really like to be able to use this middleware either way!

    EDIT: Oh my god. I am sorry for even posting this but I think it's because I have my own custom login urls, so stronghold treats it like any other url on my site and hence the loop!

    opened by butstevetho 3
  • Can't make admin public in Django 1.7

    Can't make admin public in Django 1.7

    I have a Django 1.7 project where I want to use django admin as usual with it's authentication and the rest of the site with my login. No matter what I configure in my settings, "/admin" still redirects to "/accounts/login", and would like it to redirect to django's admin login.

    opened by alexarsh 3
  • Recursive login feedback

    Recursive login feedback

    When I enable Stronghold and then visit a page, I get what look like unescaped, recursive errors:

    20/Nov/2013 13:58:32] "GET /inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/accounts/login/%2525252525252525252525252525253Fnext%2525252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/accounts/login/%2525252525252525252525252525253Fnext%2525252525252525252525252525253D/accounts/login/%252525252525252525252525252525253Fnext%252525252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/accounts/login/%2525252525252525252525252525253Fnext%2525252525252525252525252525253D/accounts/login/%252525252525252525252525252525253Fnext%252525252525252525252525252525253D/accounts/login/%25252525252525252525252525252525253Fnext%25252525252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
[20/Nov/2013 13:58:32] "GET /accounts/login/?next=/accounts/login/%3Fnext%3D/accounts/login/%253Fnext%253D/accounts/login/%25253Fnext%25253D/accounts/login/%2525253Fnext%2525253D/accounts/login/%252525253Fnext%252525253D/accounts/login/%25252525253Fnext%25252525253D/accounts/login/%2525252525253Fnext%2525252525253D/accounts/login/%252525252525253Fnext%252525252525253D/accounts/login/%25252525252525253Fnext%25252525252525253D/accounts/login/%2525252525252525253Fnext%2525252525252525253D/accounts/login/%252525252525252525253Fnext%252525252525252525253D/accounts/login/%25252525252525252525253Fnext%25252525252525252525253D/accounts/login/%2525252525252525252525253Fnext%2525252525252525252525253D/accounts/login/%252525252525252525252525253Fnext%252525252525252525252525253D/accounts/login/%25252525252525252525252525253Fnext%25252525252525252525252525253D/accounts/login/%2525252525252525252525252525253Fnext%2525252525252525252525252525253D/accounts/login/%252525252525252525252525252525253Fnext%252525252525252525252525252525253D/accounts/login/%25252525252525252525252525252525253Fnext%25252525252525252525252525252525253D/accounts/login/%2525252525252525252525252525252525253Fnext%2525252525252525252525252525252525253D/inventory/ HTTP/1.1" 302 0
    opened by datakid 3
  • docs: Fix a few typos

    docs: Fix a few typos

    There are small typos in:

    • docs/conf.py
    • stronghold/decorators.py

    Fixes:

    • Should read that rather than shat.
    • Should read function rather than fuction.

    Semi-automated pull request generated by https://github.com/timgates42/meticulous/blob/master/docs/NOTE.md

    opened by timgates42 0
  • Bump pygments from 1.6 to 2.7.4

    Bump pygments from 1.6 to 2.7.4

    Bumps pygments from 1.6 to 2.7.4.

    Release notes

    Sourced from pygments's releases.

    2.7.4

    • Updated lexers:

      • Apache configurations: Improve handling of malformed tags (#1656)

      • CSS: Add support for variables (#1633, #1666)

      • Crystal (#1650, #1670)

      • Coq (#1648)

      • Fortran: Add missing keywords (#1635, #1665)

      • Ini (#1624)

      • JavaScript and variants (#1647 -- missing regex flags, #1651)

      • Markdown (#1623, #1617)

      • Shell

        • Lex trailing whitespace as part of the prompt (#1645)
        • Add missing in keyword (#1652)

      • SQL - Fix keywords (#1668)

      • Typescript: Fix incorrect punctuation handling (#1510, #1511)

    • Fix infinite loop in SML lexer (#1625)

    • Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

    • Limit recursion with nesting Ruby heredocs (#1638)

    • Fix a few inefficient regexes for guessing lexers

    • Fix the raw token lexer handling of Unicode (#1616)

    • Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

    • Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

    • Fix incorrect MATLAB example (#1582)

    Thanks to Google's OSS-Fuzz project for finding many of these bugs.

    2.7.3

    ... (truncated)

    Changelog

    Sourced from pygments's changelog.

    Version 2.7.4

    (released January 12, 2021)

    • Updated lexers:

      • Apache configurations: Improve handling of malformed tags (#1656)

      • CSS: Add support for variables (#1633, #1666)

      • Crystal (#1650, #1670)

      • Coq (#1648)

      • Fortran: Add missing keywords (#1635, #1665)

      • Ini (#1624)

      • JavaScript and variants (#1647 -- missing regex flags, #1651)

      • Markdown (#1623, #1617)

      • Shell

        • Lex trailing whitespace as part of the prompt (#1645)
        • Add missing in keyword (#1652)

      • SQL - Fix keywords (#1668)

      • Typescript: Fix incorrect punctuation handling (#1510, #1511)

    • Fix infinite loop in SML lexer (#1625)

    • Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

    • Limit recursion with nesting Ruby heredocs (#1638)

    • Fix a few inefficient regexes for guessing lexers

    • Fix the raw token lexer handling of Unicode (#1616)

    • Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

    • Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

    • Fix incorrect MATLAB example (#1582)

    Thanks to Google's OSS-Fuzz project for finding many of these bugs.

    Version 2.7.3

    (released December 6, 2020)

    ... (truncated)

    Commits
    • 4d555d0 Bump version to 2.7.4.
    • fc3b05d Update CHANGES.
    • ad21935 Revert "Added dracula theme style (#1636)"
    • e411506 Prepare for 2.7.4 release.
    • 275e34d doc: remove Perl 6 ref
    • 2e7e8c4 Fix several exponential/cubic complexity regexes found by Ben Caller/Doyensec
    • eb39c43 xquery: fix pop from empty stack
    • 2738778 fix coding style in test_analyzer_lexer
    • 02e0f09 Added 'ERROR STOP' to fortran.py keywords. (#1665)
    • c83fe48 support added for css variables (#1633)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump jinja2 from 2.10.3 to 2.11.3

    Bump jinja2 from 2.10.3 to 2.11.3

    Bumps jinja2 from 2.10.3 to 2.11.3.

    Release notes

    Sourced from jinja2's releases.

    2.11.3

    This contains a fix for a speed issue with the urlize filter. urlize is likely to be called on untrusted user input. For certain inputs some of the regular expressions used to parse the text could take a very long time due to backtracking. As part of the fix, the email matching became slightly stricter. The various speedups apply to urlize in general, not just the specific input cases.

    2.11.2

    2.11.1

    This fixes an issue in async environment when indexing the result of an attribute lookup, like {{ data.items[1:] }}.

    2.11.0

    This is the last version to support Python 2.7 and 3.5. The next version will be Jinja 3.0 and will support Python 3.6 and newer.

    Changelog

    Sourced from jinja2's changelog.

    Version 2.11.3

    Released 2021-01-31

    • Improve the speed of the urlize filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. :pr:1343

    Version 2.11.2

    Released 2020-04-13

    • Fix a bug that caused callable objects with __getattr__, like :class:~unittest.mock.Mock to be treated as a :func:contextfunction. :issue:1145
    • Update wordcount filter to trigger :class:Undefined methods by wrapping the input in :func:soft_str. :pr:1160
    • Fix a hang when displaying tracebacks on Python 32-bit. :issue:1162
    • Showing an undefined error for an object that raises AttributeError on access doesn't cause a recursion error. :issue:1177
    • Revert changes to :class:~loaders.PackageLoader from 2.10 which removed the dependency on setuptools and pkg_resources, and added limited support for namespace packages. The changes caused issues when using Pytest. Due to the difficulty in supporting Python 2 and :pep:451 simultaneously, the changes are reverted until 3.0. :pr:1182
    • Fix line numbers in error messages when newlines are stripped. :pr:1178
    • The special namespace() assignment object in templates works in async environments. :issue:1180
    • Fix whitespace being removed before tags in the middle of lines when lstrip_blocks is enabled. :issue:1138
    • :class:~nativetypes.NativeEnvironment doesn't evaluate intermediate strings during rendering. This prevents early evaluation which could change the value of an expression. :issue:1186

    Version 2.11.1

    Released 2020-01-30

    • Fix a bug that prevented looking up a key after an attribute ({{ data.items[1:] }}) in an async template. :issue:1141

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Password reset not public by default

    Password reset not public by default

    Urls for login and logout are public if django.contrib.auth is installed but not password_reset, password_reset_done, password_reset_confirm nor password_reset_complete. Could you add theses ? I can make a PR later if you prefer.

    opened by logut 6
Releases(v0.3.2)
Owner
Mike Grouchy
Chief Product Officer @pagecloud, Founder at Pycoders Weekly(acquired), Python Developer.
Mike Grouchy
GitHub http://mikegrouchy.com/django-stronghold
Django CAS 1.0/2.0/3.0 client authentication library, support Django 2.0, 2.1, 2.2, 3.0 and Python 3.5+

django-cas-ng django-cas-ng is Django CAS (Central Authentication Service) 1.0/2.0/3.0 client library to support SSO (Single Sign On) and Single Logou

django-cas-ng 347 Dec 18, 2022
Django-react-firebase-auth - A web app showcasing OAuth2.0 + OpenID Connect using Firebase, Django-Rest-Framework and React

Demo app to show Django Rest Framework working with Firebase for authentication

Teshank Raut 6 Oct 13, 2022
Django-registration (redux) provides user registration functionality for Django websites.

Description: Django-registration provides user registration functionality for Django websites. maintainers: Macropin, DiCato, and joshblum contributor

Andrew Cutler 920 Jan 8, 2023
Complete Two-Factor Authentication for Django providing the easiest integration into most Django projects.

Django Two-Factor Authentication Complete Two-Factor Authentication for Django. Built on top of the one-time password framework django-otp and Django'

Bouke Haarsma 1.3k Jan 4, 2023
Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator.

Django Admin Two-Factor Authentication Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator. Why Django

Iman Karimi 9 Dec 7, 2022
python-social-auth and oauth2 support for django-rest-framework

Django REST Framework Social OAuth2 This module provides OAuth2 social authentication support for applications in Django REST Framework. The aim of th

null 1k Dec 22, 2022
python-social-auth and oauth2 support for django-rest-framework

Django REST Framework Social OAuth2 This module provides OAuth2 social authentication support for applications in Django REST Framework. The aim of th

null 1k Dec 22, 2022
it's a Django application to register and authenticate users using phone number.

django-phone-auth It's a Django application to register and authenticate users using phone number. CustomUser model created using AbstractUser class.

MsudD 4 Nov 29, 2022
Django Rest Framework App wih JWT Authentication and other DRF stuff

Django Queries App with JWT authentication, Class Based Views, Serializers, Swagger UI, CI/CD and other cool DRF stuff API Documentaion /swagger - Swa

Rafael Salimov 4 Jan 29, 2022
CheckList-Api - Created with django rest framework and JWT(Json Web Tokens for Authentication)

CheckList Api created with django rest framework and JWT(Json Web Tokens for Aut

shantanu nimkar 1 Jan 24, 2022
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Welcome to django-allauth! Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (soc

Raymond Penners 7.7k Jan 1, 2023
Per object permissions for Django

django-guardian django-guardian is an implementation of per object permissions [1] on top of Django's authorization backend Documentation Online docum

null 3.3k Jan 1, 2023
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Simple JWT 3.3k Jan 1, 2023
REST implementation of Django authentication system.

djoser REST implementation of Django authentication system. djoser library provides a set of Django Rest Framework views to handle basic actions such

Sunscrapers 2.2k Jan 1, 2023
Authentication Module for django rest auth

django-rest-knox Authentication Module for django rest auth Knox provides easy to use authentication for Django REST Framework The aim is to allow for

James McMahon 878 Jan 4, 2023
Authentication for Django Rest Framework

Dj-Rest-Auth Drop-in API endpoints for handling authentication securely in Django Rest Framework. Works especially well with SPAs (e.g React, Vue, Ang

Michael 1.1k Jan 3, 2023
JSON Web Token Authentication support for Django REST Framework

REST framework JWT Auth Notice This project is currently unmaintained. Check #484 for more details and suggested alternatives. JSON Web Token Authenti

José Padilla 3.2k Dec 31, 2022
Awesome Django authorization, without the database

rules rules is a tiny but powerful app providing object-level permissions to Django, without requiring a database. At its core, it is a generic framew

null 1.6k Dec 30, 2022
An extension of django rest framework, providing a configurable password reset strategy

Django Rest Password Reset This python package provides a simple password reset strategy for django rest framework, where users can request password r

Anexia 363 Dec 24, 2022